From cbf9754922f9b5accf0542921f80b571ae36f373 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Mon, 4 Jan 2010 09:10:12 -0800 Subject: Send an empty Pragma header and use the item-updated time in the last-modified header --- modules/gallery/controllers/file_proxy.php | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) (limited to 'modules') diff --git a/modules/gallery/controllers/file_proxy.php b/modules/gallery/controllers/file_proxy.php index 72c4e104..f0a38fbe 100644 --- a/modules/gallery/controllers/file_proxy.php +++ b/modules/gallery/controllers/file_proxy.php @@ -99,12 +99,6 @@ class File_Proxy_Controller extends Controller { throw new Kohana_404_Exception(); } - // Check that the content hasn't expired or it wasn't changed since cached - if (($last_modified = expires::get()) !== false && - $item->updated < $last_modified) { - expires::check(2592000); - } - // Don't try to load a directory if ($type == "albums" && $item->is_album()) { throw new Kohana_404_Exception(); @@ -114,10 +108,15 @@ class File_Proxy_Controller extends Controller { throw new Kohana_404_Exception(); } + header('Last-Modified: '.gmdate('D, d M Y H:i:s T', $item->updated)); + header("Pragma:"); + // Check that the content hasn't expired or it wasn't changed since cached + expires::check(2592000, $item->updated); + // We don't need to save the session for this request Session::abort_save(); - expires::set(2592000); // 30 days + expires::set(2592000, $item->updated); // 30 days // Dump out the image. If the item is a movie, then its thumbnail will be a JPG. if ($item->is_movie() && $type != "albums") { -- cgit v1.2.3 From bfcd4efe9282bc7cbaea13dd68b507c2f142f18f Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Mon, 4 Jan 2010 12:39:48 -0800 Subject: Another K2.4 holder over... We had, when checking for position, ->where(, "=", NULL) which would never find any. It should have been ->where(, "is", NULL) --- modules/gallery/models/item.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php index 414181d9..dac939de 100644 --- a/modules/gallery/models/item.php +++ b/modules/gallery/models/item.php @@ -460,7 +460,7 @@ class Item_Model extends ORM_MPTT { // deal with it the hard way. $count = $db->from("items") ->where("parent_id", "=", $this->id) - ->where($this->sort_column, "=", NULL) + ->where($this->sort_column, "IS", NULL) ->merge_where($where) ->count_records(); -- cgit v1.2.3 From 8ae0d4c196c6dbd8877f4f8c6523ee854f877669 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Mon, 4 Jan 2010 13:00:15 -0800 Subject: Change uppercase NULL to lowercase null to match the gallery3 style guide --- modules/gallery/models/item.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php index dac939de..4a3d26e9 100644 --- a/modules/gallery/models/item.php +++ b/modules/gallery/models/item.php @@ -460,7 +460,7 @@ class Item_Model extends ORM_MPTT { // deal with it the hard way. $count = $db->from("items") ->where("parent_id", "=", $this->id) - ->where($this->sort_column, "IS", NULL) + ->where($this->sort_column, "IS", null) ->merge_where($where) ->count_records(); -- cgit v1.2.3 From 6b8a52d3287a8ead8be26070b354e672e9e1c0fd Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Mon, 4 Jan 2010 21:37:51 -0800 Subject: Fix the logout link to send you back to the current url. The old approach depended on having an $item, which is not the case on all pages (eg: tag pages). Also, check the CSRF in the logout controller, else you can use the logout link as a blind forwarder. --- modules/gallery/controllers/logout.php | 1 + modules/gallery/helpers/gallery_event.php | 10 +++++----- 2 files changed, 6 insertions(+), 5 deletions(-) (limited to 'modules') diff --git a/modules/gallery/controllers/logout.php b/modules/gallery/controllers/logout.php index fe9c48ba..bfcf0f9e 100644 --- a/modules/gallery/controllers/logout.php +++ b/modules/gallery/controllers/logout.php @@ -19,6 +19,7 @@ */ class Logout_Controller extends Controller { public function index() { + access::verify_csrf(); auth::logout(); if ($continue_url = Input::instance()->get("continue")) { $item = url::get_item_from_uri($continue_url); diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php index 5565850d..679d65c2 100644 --- a/modules/gallery/helpers/gallery_event.php +++ b/modules/gallery/helpers/gallery_event.php @@ -117,11 +117,11 @@ class gallery_event_Core { ->url(url::site("form/edit/users/{$user->id}")) ->label($user->display_name())); $menu->append(Menu::factory("link") - ->id("user_menu_logout") - ->css_id("g-logout-link") - ->url(url::site("logout?csrf=$csrf&continue=" . - urlencode($item->url()))) - ->label(t("Logout"))); + ->id("user_menu_logout") + ->css_id("g-logout-link") + ->url(url::site("logout?csrf=$csrf&continue=" . + urlencode(url::abs_current()))) + ->label(t("Logout"))); } } } -- cgit v1.2.3 From c5d14438959346551765757a506689a7d8b13665 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Tue, 5 Jan 2010 12:05:22 -0800 Subject: $offset should be null by default, not 0. Hold over bug from the K24 migration. --- modules/tag/models/tag.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/tag/models/tag.php b/modules/tag/models/tag.php index d0d2117c..2b33c30d 100644 --- a/modules/tag/models/tag.php +++ b/modules/tag/models/tag.php @@ -27,7 +27,7 @@ class Tag_Model extends ORM { * @param string $type the type of item (album, photo) * @return ORM_Iterator */ - public function items($limit=null, $offset=0, $type=null) { + public function items($limit=null, $offset=null, $type=null) { $model = ORM::factory("item") ->viewable() ->join("items_tags", "items.id", "items_tags.item_id") -- cgit v1.2.3 From 188f418a54efe2681166dde33a59dead2e87a4bb Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Wed, 6 Jan 2010 11:42:44 -0800 Subject: Correct the controller_auth_data golden file to reflect that the csrf is not longer considered dirty in the logout controller. --- modules/gallery/tests/controller_auth_data.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/gallery/tests/controller_auth_data.txt b/modules/gallery/tests/controller_auth_data.txt index c1fffe6a..beabee49 100644 --- a/modules/gallery/tests/controller_auth_data.txt +++ b/modules/gallery/tests/controller_auth_data.txt @@ -13,7 +13,7 @@ modules/gallery/controllers/login.php ajax modules/gallery/controllers/login.php auth_ajax DIRTY_AUTH modules/gallery/controllers/login.php html DIRTY_AUTH modules/gallery/controllers/login.php auth_html DIRTY_AUTH -modules/gallery/controllers/logout.php index DIRTY_CSRF|DIRTY_AUTH +modules/gallery/controllers/logout.php index DIRTY_AUTH modules/gallery/controllers/maintenance.php index DIRTY_AUTH modules/gallery/controllers/quick.php form_edit DIRTY_CSRF modules/gallery/controllers/simple_uploader.php start DIRTY_AUTH -- cgit v1.2.3 From 058a84ed76df96aeb6ec082d16fe0d8f317faac2 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Wed, 6 Jan 2010 17:04:44 -0800 Subject: Convert ORM::in() to ORM::where(.., "IN", ..) for K24 compatibility. --- modules/user/libraries/drivers/IdentityProvider/Gallery.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'modules') diff --git a/modules/user/libraries/drivers/IdentityProvider/Gallery.php b/modules/user/libraries/drivers/IdentityProvider/Gallery.php index 50064287..d874512c 100644 --- a/modules/user/libraries/drivers/IdentityProvider/Gallery.php +++ b/modules/user/libraries/drivers/IdentityProvider/Gallery.php @@ -127,9 +127,8 @@ class IdentityProvider_Gallery_Driver implements IdentityProvider_Driver { */ public function get_user_list($ids) { return ORM::factory("user") - ->in("id", $ids) - ->find_all() - ->as_array(); + ->where("id", "IN", $ids) + ->find_all(); } /** -- cgit v1.2.3