From 7ec490b6009965920fea35e971b29f11df6e6bff Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Fri, 11 Sep 2009 11:04:35 -0700 Subject: rawurlencode() path components in relative_path_cache and relative_url_cache so that they're safe for browser use. --- modules/gallery/models/item.php | 4 ++-- modules/gallery/tests/Item_Model_Test.php | 10 ++++++++++ 2 files changed, 12 insertions(+), 2 deletions(-) (limited to 'modules') diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php index da1f6959..a87997c6 100644 --- a/modules/gallery/models/item.php +++ b/modules/gallery/models/item.php @@ -284,8 +284,8 @@ class Item_Model extends ORM_MPTT { ->where("id <>", 1) ->orderby("left_ptr", "ASC") ->get() as $row) { - $names[] = urlencode($row->name); - $slugs[] = urlencode($row->slug); + $names[] = rawurlencode($row->name); + $slugs[] = rawurlencode($row->slug); } $this->relative_path_cache = implode($names, "/"); $this->relative_url_cache = implode($slugs, "/"); diff --git a/modules/gallery/tests/Item_Model_Test.php b/modules/gallery/tests/Item_Model_Test.php index 585e247c..84210e4c 100644 --- a/modules/gallery/tests/Item_Model_Test.php +++ b/modules/gallery/tests/Item_Model_Test.php @@ -150,4 +150,14 @@ class Item_Model_Test extends Unit_Test_Case { $this->assert_same("ORIGINAL_VALUE", $item->original()->title); $this->assert_same("NEW_VALUE", $item->title); } + + public function urls_are_rawurlencoded_test() { + $item = self::_create_random_item(); + $item->slug = "foo bar"; + $item->name = "foo bar.jpg"; + $item->save(); + + $this->assert_equal("foo%20bar", $item->relative_url()); + $this->assert_equal("foo%20bar.jpg", $item->relative_path()); + } } -- cgit v1.2.3 From 1d40c77c4c05a85fbf6bbb96820fb98cbaa989eb Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Sat, 12 Sep 2009 08:53:24 -0700 Subject: Update the organize module to use the release version of jquery Selectable. Unfortunately this does not have the functionality to select additional thumbnails using the ctrl or alt-keys, it is preferable to forking the Selectable component. This functionality should arrive with ui.jquery 1.8.x --- modules/organize/css/organize.css | 5 +++-- modules/organize/js/organize.js | 8 ++++---- 2 files changed, 7 insertions(+), 6 deletions(-) (limited to 'modules') diff --git a/modules/organize/css/organize.css b/modules/organize/css/organize.css index 15b5538d..b1cef33c 100644 --- a/modules/organize/css/organize.css +++ b/modules/organize/css/organize.css @@ -102,12 +102,13 @@ width: 9em; } -.gOrganizeMicroThumbGridCell.ui-state-selected { +.gOrganizeMicroThumbGridCell.ui-selecting, +.gOrganizeMicroThumbGridCell.ui-selected { margin: 2px; border: 2px solid #13A; } -.ui-selectable-lasso { +.ui-selectable-helper { z-index: 2000 !important; border: 1px dashed #00F; opacity: 0.25; diff --git a/modules/organize/js/organize.js b/modules/organize/js/organize.js index c30f89e0..7d204708 100644 --- a/modules/organize/js/organize.js +++ b/modules/organize/js/organize.js @@ -1,12 +1,12 @@ (function($) { $.organize = { micro_thumb_draggable: { - handle: ".ui-state-selected", + handle: ".ui-selected", distance: 10, cursorAt: { left: -10, top: -10}, appendTo: "#gOrganizeMicroThumbPanel", helper: function(event, ui) { - var selected = $(".ui-draggable.ui-state-selected img"); + var selected = $(".ui-draggable.ui-selected img"); if (selected.length) { var set = $('
') .css({ @@ -37,7 +37,7 @@ }, start: function(event, ui) { - $("#gOrganizeMicroThumbPanel .ui-state-selected").hide(); + $("#gOrganizeMicroThumbPanel .ui-selected").hide(); }, drag: function(event, ui) { @@ -80,7 +80,7 @@ greedy: true, drop: function(event, ui) { if ($(event.target).hasClass("gViewOnly")) { - $(".ui-state-selected").show(); + $(".ui-selected").show(); $(".gOrganizeMicroThumbGridCell").css("borderStyle", "none"); } else { $.organize.do_drop({ -- cgit v1.2.3 From 0bb489b69438266359bfd22955f4d5c8f9d6ade3 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 12 Sep 2009 10:02:27 -0700 Subject: Properly internationalize the text for the By: line. This gets rid of the escaping problem. --- modules/info/helpers/info_theme.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/info/helpers/info_theme.php b/modules/info/helpers/info_theme.php index 51378e54..e5f9c909 100644 --- a/modules/info/helpers/info_theme.php +++ b/modules/info/helpers/info_theme.php @@ -38,7 +38,9 @@ class info_theme_Core { if ($item->owner) { $results .= "
  • "; if ($item->owner->url) { - $results .= t("By: %owner_name", array("owner_name" => "owner->url}\">{$item->owner->full_name}")); + $results .= t("By: %owner_name", + array("owner_name" => $item->owner->display_name(), + "owner_url" => $item->owner->url)); } else { $results .= t("By: %owner_name", array("owner_name" => "{$item->owner->full_name}")); } -- cgit v1.2.3 From 961bc3b18571b5f3ad2a355b71d40c4830dd44ba Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 12 Sep 2009 10:06:24 -0700 Subject: Use user::display_name() in another case where it was missing. --- modules/info/helpers/info_theme.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/info/helpers/info_theme.php b/modules/info/helpers/info_theme.php index e5f9c909..4bf894ad 100644 --- a/modules/info/helpers/info_theme.php +++ b/modules/info/helpers/info_theme.php @@ -42,7 +42,7 @@ class info_theme_Core { array("owner_name" => $item->owner->display_name(), "owner_url" => $item->owner->url)); } else { - $results .= t("By: %owner_name", array("owner_name" => "{$item->owner->full_name}")); + $results .= t("By: %owner_name", array("owner_name" => $item->owner->display_name())); } $results .= "
    • "; } -- cgit v1.2.3 From 823fa2fc8339a6638ef4f0fcdae7f96e99a4f0bd Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 12 Sep 2009 10:33:46 -0700 Subject: Updated for url format changes applied in 2aad580f53dbc06bb170c710467b47a5a532c6c8. --- modules/gallery/tests/xss_data.txt | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) (limited to 'modules') diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt index 8c71740e..193d2ca1 100644 --- a/modules/gallery/tests/xss_data.txt +++ b/modules/gallery/tests/xss_data.txt @@ -48,6 +48,7 @@ modules/gallery/views/admin_block_log_entries.html.php 8 DIRTY $entry modules/gallery/views/admin_block_news.html.php 5 DIRTY_JS $entry["link"] modules/gallery/views/admin_block_news.html.php 5 DIRTY $entry["title"] modules/gallery/views/admin_block_news.html.php 7 DIRTY text::limit_words(strip_tags($entry["description"]),25); +modules/gallery/views/admin_block_photo_stream.html.php 5 DIRTY_JS $photo->url() modules/gallery/views/admin_block_photo_stream.html.php 6 DIRTY photo::img_dimensions($photo->width,$photo->height,72) modules/gallery/views/admin_block_photo_stream.html.php 7 DIRTY_ATTR $photo->thumb_url() modules/gallery/views/admin_dashboard.html.php 5 DIRTY_JS $csrf @@ -180,14 +181,14 @@ modules/image_block/views/image_block_block.html.php 3 DIRTY_JS $item- modules/image_block/views/image_block_block.html.php 4 DIRTY $item->thumb_img(array("class"=>"gThumbnail")) modules/info/views/info_block.html.php 22 DIRTY date("M j, Y H:i:s",$item->captured) modules/info/views/info_block.html.php 29 DIRTY_JS $item->owner->url -modules/notification/views/comment_published.html.php 28 DIRTY_JS $comment->item()->url(array(),true) -modules/notification/views/comment_published.html.php 29 DIRTY $comment->item()->url(array(),true) -modules/notification/views/item_added.html.php 16 DIRTY_JS $item->url(array(),true) -modules/notification/views/item_added.html.php 17 DIRTY $item->url(array(),true) -modules/notification/views/item_deleted.html.php 18 DIRTY_JS $item->parent()->url(array(),true) -modules/notification/views/item_deleted.html.php 19 DIRTY $item->parent()->url(array(),true) -modules/notification/views/item_updated.html.php 20 DIRTY_JS $item->url(array(),true) -modules/notification/views/item_updated.html.php 20 DIRTY $item->url(array(),true) +modules/notification/views/comment_published.html.php 28 DIRTY_JS $comment->item()->abs_url() +modules/notification/views/comment_published.html.php 29 DIRTY $comment->item()->abs_url() +modules/notification/views/item_added.html.php 16 DIRTY_JS $item->abs_url() +modules/notification/views/item_added.html.php 17 DIRTY $item->abs_url() +modules/notification/views/item_deleted.html.php 18 DIRTY_JS $item->parent()->abs_url() +modules/notification/views/item_deleted.html.php 19 DIRTY $item->parent()->abs_url() +modules/notification/views/item_updated.html.php 20 DIRTY_JS $item->abs_url() +modules/notification/views/item_updated.html.php 20 DIRTY $item->abs_url() modules/organize/views/organize_dialog.html.php 3 DIRTY_JS url::site("organize/move_to/__ALBUM_ID__?csrf=$csrf") modules/organize/views/organize_dialog.html.php 4 DIRTY_JS url::site("organize/rearrange/__TARGET_ID__/__BEFORE__?csrf=$csrf") modules/organize/views/organize_dialog.html.php 5 DIRTY_JS url::site("organize/sort_order/__ALBUM_ID__/__COL__/__DIR__?csrf=$csrf") @@ -246,6 +247,7 @@ modules/rss/views/feed.mrss.php 73 DIRTY_ATTR $chi modules/rss/views/feed.mrss.php 74 DIRTY_ATTR $child->mime_type modules/rss/views/rss_block.html.php 6 DIRTY_JS rss::url($url) modules/search/views/search.html.php 30 DIRTY_ATTR $item_class +modules/search/views/search.html.php 31 DIRTY_JS $item->url() modules/search/views/search.html.php 32 DIRTY $item->thumb_img() modules/server_add/views/admin_server_add.html.php 15 DIRTY_ATTR $id modules/server_add/views/admin_server_add.html.php 24 DIRTY $form @@ -285,6 +287,7 @@ themes/admin_default/views/admin.html.php 15 DIRTY_JS $theme themes/admin_default/views/admin.html.php 32 DIRTY $theme->admin_head() themes/admin_default/views/admin.html.php 36 DIRTY $theme->admin_page_top() themes/admin_default/views/admin.html.php 44 DIRTY $theme->admin_header_top() +themes/admin_default/views/admin.html.php 49 DIRTY_JS item::root()->url() themes/admin_default/views/admin.html.php 53 DIRTY $theme->admin_menu() themes/admin_default/views/admin.html.php 55 DIRTY $theme->admin_header_bottom() themes/admin_default/views/admin.html.php 62 DIRTY $content @@ -325,6 +328,8 @@ themes/default/views/page.html.php 41 DIRTY $new_w themes/default/views/page.html.php 42 DIRTY $new_height themes/default/views/page.html.php 43 DIRTY $thumb_proportion themes/default/views/page.html.php 82 DIRTY $header_text +themes/default/views/page.html.php 84 DIRTY_JS item::root()->url() +themes/default/views/page.html.php 98 DIRTY_JS $parent->url("show={$theme->item()->id}") themes/default/views/page.html.php 112 DIRTY $content themes/default/views/page.html.php 118 DIRTY newView("sidebar.html") themes/default/views/page.html.php 125 DIRTY $footer_text -- cgit v1.2.3 From 51f6329a89be3382b7319b0add30283e9c9bce6a Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 12 Sep 2009 17:11:10 -0700 Subject: Update version to "3.0 beta 3" --- modules/gallery/helpers/gallery.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/gallery/helpers/gallery.php b/modules/gallery/helpers/gallery.php index 813134eb..a892287f 100644 --- a/modules/gallery/helpers/gallery.php +++ b/modules/gallery/helpers/gallery.php @@ -18,7 +18,7 @@ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. */ class gallery_Core { - const VERSION = "3.0 git (pre-beta3)"; + const VERSION = "3.0 beta 3"; /** * If Gallery is in maintenance mode, then force all non-admins to get routed to a "This site is -- cgit v1.2.3 From caa2002d7777e0ceb884d4c628650804620ca2b6 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sun, 13 Sep 2009 01:04:16 -0700 Subject: If there's a show= param and we can't find the given id in the current album, just ignore the parameter. --- modules/gallery/controllers/albums.php | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) (limited to 'modules') diff --git a/modules/gallery/controllers/albums.php b/modules/gallery/controllers/albums.php index 183c26d0..08a60132 100644 --- a/modules/gallery/controllers/albums.php +++ b/modules/gallery/controllers/albums.php @@ -40,11 +40,13 @@ class Albums_Controller extends Items_Controller { if ($show) { $index = $album->get_position($show); - $page = ceil($index / $page_size); - if ($page == 1) { - url::redirect($album->abs_url()); - } else { - url::redirect($album->abs_url("page=$page")); + if ($index) { + $page = ceil($index / $page_size); + if ($page == 1) { + url::redirect($album->abs_url()); + } else { + url::redirect($album->abs_url("page=$page")); + } } } -- cgit v1.2.3 From 1499778b4aaf010cbb766d83770284a54044a836 Mon Sep 17 00:00:00 2001 From: Kevin Nehls Date: Sun, 13 Sep 2009 09:26:30 -0700 Subject: Remove raw HTML that's wrapped around the name of the file to create if not logged in as admin --- modules/gallery/views/upgrader.html.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/gallery/views/upgrader.html.php b/modules/gallery/views/upgrader.html.php index 5f93c2d5..8a01cd29 100644 --- a/modules/gallery/views/upgrader.html.php +++ b/modules/gallery/views/upgrader.html.php @@ -81,7 +81,7 @@

    - gallery3/var/tmp directory.", array("name" => "
    $upgrade_token")) ?> + %name in your gallery3/var/tmp directory.", array("name" => "$upgrade_token")) ?>

    "> -- cgit v1.2.3 From 21d6e17efafbbb249f13c0344abf2dad9a812103 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sun, 13 Sep 2009 14:19:04 -0700 Subject: Don't add another comment form every time you click the [Add a comment] button. --- modules/comment/js/comment.js | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) (limited to 'modules') diff --git a/modules/comment/js/comment.js b/modules/comment/js/comment.js index 9fd63c1a..bff83770 100644 --- a/modules/comment/js/comment.js +++ b/modules/comment/js/comment.js @@ -1,13 +1,15 @@ $("document").ready(function() { $("#gAddCommentButton").click(function(event) { event.preventDefault(); - $.get($(this).attr("href"), - {}, - function(data) { - $("#gCommentDetail").append(data); - ajaxify_comment_form(); - }); - }); + if (!$("#gAddCommentForm").length) { + $.get($(this).attr("href"), + {}, + function(data) { + $("#gCommentDetail").append(data); + ajaxify_comment_form(); + }); + } + }); }); function ajaxify_comment_form() { @@ -22,7 +24,7 @@ function ajaxify_comment_form() { $.get(data.resource, function(data, textStatus) { $("#gComments .gBlockContent ul:first").append("
  • "+data+"
    • "); $("#gComments .gBlockContent ul:first li:last").effect("highlight", {color: "#cfc"}, 8000); - $("#gAddCommentForm").hide(2000); + $("#gAddCommentForm").hide(2000).remove(); $("#gNoCommentsYet").hide(2000); }); } -- cgit v1.2.3 From aed7ce916138ec31798bec9cbee66a8742670633 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sun, 13 Sep 2009 14:25:17 -0700 Subject: Specify a page anchor for the comments block. --- modules/comment/helpers/comment_theme.php | 1 + 1 file changed, 1 insertion(+) (limited to 'modules') diff --git a/modules/comment/helpers/comment_theme.php b/modules/comment/helpers/comment_theme.php index 38a00b5c..e9b402f6 100644 --- a/modules/comment/helpers/comment_theme.php +++ b/modules/comment/helpers/comment_theme.php @@ -27,6 +27,7 @@ class comment_theme_Core { $block = new Block; $block->css_id = "gComments"; $block->title = t("Comments"); + $block->anchor = "comments"; $view = new View("comments.html"); $view->comments = ORM::factory("comment") -- cgit v1.2.3 From 6c0732e16fa904125d9d437f8f3e96d377c448d9 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Sun, 13 Sep 2009 16:24:03 -0700 Subject: Set the AlbumTreeContainer instead of the height. This fixes ticket #755 --- modules/organize/js/organize.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/organize/js/organize.js b/modules/organize/js/organize.js index 7d204708..cfaff01c 100644 --- a/modules/organize/js/organize.js +++ b/modules/organize/js/organize.js @@ -142,7 +142,7 @@ $("#gDialog").bind("dialogopen", function(event, ui) { $("#gOrganize").height($("#gDialog").innerHeight() - 20); $("#gOrganizeMicroThumbPanel").height($("#gDialog").innerHeight() - 90); - $("#gOrganizeAlbumTree").height($("#gDialog").innerHeight() - 59); + $("#gOrganizeTreeContainer").height($("#gDialog").innerHeight() - 59); }); $("#gDialog").bind("dialogclose", function(event, ui) { -- cgit v1.2.3 From 8fa370c49fa28741d6ff1bd9ca4ccc1f70dc37af Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sun, 13 Sep 2009 22:59:58 -0700 Subject: Set the version to "3.0 git (pre-RC1)" --- modules/gallery/helpers/gallery.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/gallery/helpers/gallery.php b/modules/gallery/helpers/gallery.php index a892287f..40e188e2 100644 --- a/modules/gallery/helpers/gallery.php +++ b/modules/gallery/helpers/gallery.php @@ -18,7 +18,7 @@ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. */ class gallery_Core { - const VERSION = "3.0 beta 3"; + const VERSION = "3.0 git (pre-RC1)"; /** * If Gallery is in maintenance mode, then force all non-admins to get routed to a "This site is -- cgit v1.2.3 From 5f343ab8a0538d68b905e86968cfd80902512d8a Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Mon, 14 Sep 2009 08:11:12 -0700 Subject: Change the variable to to resolve ticket #769 --- modules/organize/controllers/organize.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'modules') diff --git a/modules/organize/controllers/organize.php b/modules/organize/controllers/organize.php index 4639777c..259c94e7 100644 --- a/modules/organize/controllers/organize.php +++ b/modules/organize/controllers/organize.php @@ -53,8 +53,8 @@ class Organize_Controller extends Controller { } print json_encode( - array("tree" => self::_expanded_tree(ORM::factory("item", 1), $album)->__toString(), - "grid" => self::_get_micro_thumb_grid($album, 0)->__toString())); + array("tree" => self::_expanded_tree(ORM::factory("item", 1), $target_album)->__toString(), + "grid" => self::_get_micro_thumb_grid($target_album, 0)->__toString())); } function rearrange($target_id, $before_or_after) { -- cgit v1.2.3 From 59eadacc67acb10d803ca7ef1bdc0635041a1d41 Mon Sep 17 00:00:00 2001 From: Andy Staudacher Date: Tue, 15 Sep 2009 11:19:32 -0700 Subject: Improve language preference (Acccept-Language header matching): Boost same-language match over exact locale match for lower qvalue. --- modules/gallery/helpers/locales.php | 56 +++++++++++++++------------ modules/gallery/tests/Locales_Helper_Test.php | 10 ++++- 2 files changed, 41 insertions(+), 25 deletions(-) (limited to 'modules') diff --git a/modules/gallery/helpers/locales.php b/modules/gallery/helpers/locales.php index 16dda2d7..ab7f7526 100644 --- a/modules/gallery/helpers/locales.php +++ b/modules/gallery/helpers/locales.php @@ -165,50 +165,58 @@ class locales_Core { list ($ignored, $qvalue) = explode("=", $qvalue . "=="); $qvalue = floatval($qvalue); } - $locale_preferences[] = array($requested_locale, $qvalue); + // Group by language to boost inexact same-language matches + list ($language) = explode("_", $requested_locale . "_"); + if (!isset($locale_preferences[$language])) { + $locale_preferences[$language] = array(); + } + $locale_preferences[$language][$requested_locale] = $qvalue; } } // Compare and score requested locales with installed ones $scored_locales = array(); - foreach ($locale_preferences as $requested_value) { - $scored_locale_match = self::_locale_match_score($requested_value); - if ($scored_locale_match) { - $scored_locales[] = $scored_locale_match; + foreach ($locale_preferences as $language => $requested_locales) { + // Inexact match adjustment (same language, different region) + $fallback_adjustment_factor = 0.95; + if (count($requested_locales) > 1) { + // Sort by qvalue, descending + $qvalues = array_values($requested_locales); + rsort($qvalues); + // Ensure inexact match scores worse than 2nd preference in same language. + $fallback_adjustment_factor *= $qvalues[1]; + } + foreach ($requested_locales as $requested_locale => $qvalue) { + list ($matched_locale, $match_score) = + self::_locale_match_score($requested_locale, $qvalue, $fallback_adjustment_factor); + if ($matched_locale && + (!isset($scored_locales[$matched_locale]) || + $match_score > $scored_locales[$matched_locale])) { + $scored_locales[$matched_locale] = $match_score; + } } } - usort($scored_locales, array("locales", "_compare_locale_by_qvalue")); + arsort($scored_locales); - $best_match = array_shift($scored_locales); - if ($best_match) { - return $best_match[0]; - } + list ($locale) = each($scored_locales); + return $locale; } return null; } - static function _compare_locale_by_qvalue($a, $b) { - $a = $a[1]; - $b = $b[1]; - if ($a == $b) { - return 0; - } - return $a < $b ? 1 : -1; - } - - private static function _locale_match_score($requested_locale_and_qvalue) { - list ($requested_locale, $qvalue) = $requested_locale_and_qvalue; + private static function _locale_match_score($requested_locale, $qvalue, $adjustment_factor) { $installed = self::installed(); if (isset($installed[$requested_locale])) { - return $requested_locale_and_qvalue; + return array($requested_locale, $qvalue); } list ($language) = explode("_", $requested_locale . "_"); if (isset(self::$language_subtag_to_locale[$language]) && isset($installed[self::$language_subtag_to_locale[$language]])) { - return array(self::$language_subtag_to_locale[$language], $qvalue * 0.66); + $score = $adjustment_factor * $qvalue; + return array(self::$language_subtag_to_locale[$language], $score); } - return null; + return array(null, 0); } } \ No newline at end of file diff --git a/modules/gallery/tests/Locales_Helper_Test.php b/modules/gallery/tests/Locales_Helper_Test.php index 85b8e206..4c03d8d4 100644 --- a/modules/gallery/tests/Locales_Helper_Test.php +++ b/modules/gallery/tests/Locales_Helper_Test.php @@ -67,7 +67,7 @@ class Locales_Helper_Test extends Unit_Test_Case { locales::update_installed(array("no_NO", "pt_PT", "ja_JP")); $_SERVER["HTTP_ACCEPT_LANGUAGE"] = "en,en-us,ja_JP;q=0.7,no-fr;q=0.9"; $locale = locales::locale_from_http_request(); - $this->assert_equal("ja_JP", $locale); + $this->assert_equal("no_NO", $locale); } public function locale_from_http_request_best_match_vs_installed_2_test() { @@ -83,4 +83,12 @@ class Locales_Helper_Test extends Unit_Test_Case { $locale = locales::locale_from_http_request(); $this->assert_equal(null, $locale); } + + public function locale_from_http_request_prefer_inexact_same_language_match_over_exact_other_language_match_test() { + locales::update_installed(array("de_DE", "ar_AR", "fa_IR", "he_IL", "en_US")); + // Accept-Language header from Firefox 3.5/Ubuntu + $_SERVER["HTTP_ACCEPT_LANGUAGE"] = "he,en-us;q=0.9,de-ch;q=0.5,en;q=0.3"; + $locale = locales::locale_from_http_request(); + $this->assert_equal("he_IL", $locale); + } } \ No newline at end of file -- cgit v1.2.3 From 7cc37451f4b7f7fe833fd5d355dab0f2a904d35e Mon Sep 17 00:00:00 2001 From: Jan Koprowski Date: Sat, 12 Sep 2009 20:36:02 +0200 Subject: Forbid from add symbolink link in admin server add. Read ticket #744 for more details. --- modules/server_add/controllers/admin_server_add.php | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) (limited to 'modules') diff --git a/modules/server_add/controllers/admin_server_add.php b/modules/server_add/controllers/admin_server_add.php index fac2aa44..af9c5b22 100644 --- a/modules/server_add/controllers/admin_server_add.php +++ b/modules/server_add/controllers/admin_server_add.php @@ -34,15 +34,17 @@ class Admin_Server_Add_Controller extends Admin_Controller { $form = $this->_get_admin_form(); $paths = unserialize(module::get_var("server_add", "authorized_paths", "a:0:{}")); if ($form->validate()) { - if (is_readable($form->add_path->path->value)) { + if (is_link($form->add_path->path->value)) { + $form->add_path->path->add_error("is_symlink", 1); + } else if (! is_readable($form->add_path->path->value)) { + $form->add_path->path->add_error("not_readable", 1); + } else { $path = $form->add_path->path->value; $paths[$path] = 1; module::set_var("server_add", "authorized_paths", serialize($paths)); message::success(t("Added path %path", array("path" => $path))); server_add::check_config($paths); url::redirect("admin/server_add"); - } else { - $form->add_path->path->add_error("not_readable", 1); } } @@ -84,9 +86,10 @@ class Admin_Server_Add_Controller extends Admin_Controller { array("id" => "gServerAddAdminForm")); $add_path = $form->group("add_path"); $add_path->input("path")->label(t("Path"))->rules("required") - ->error_messages("not_readable", t("This directory is not readable by the webserver")); + ->error_messages("not_readable", t("This directory is not readable by the webserver")) + ->error_messages("is_symlink", t("Path can not be symbolic link")); $add_path->submit("add")->value(t("Add Path")); return $form; } -} \ No newline at end of file +} -- cgit v1.2.3 From c3f8b623766fe20768fb86c21e8455785b8e9928 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Tue, 15 Sep 2009 19:57:12 -0700 Subject: Adjust the text of the symlink error message. --- modules/server_add/controllers/admin_server_add.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/server_add/controllers/admin_server_add.php b/modules/server_add/controllers/admin_server_add.php index af9c5b22..7cd82d60 100644 --- a/modules/server_add/controllers/admin_server_add.php +++ b/modules/server_add/controllers/admin_server_add.php @@ -87,7 +87,7 @@ class Admin_Server_Add_Controller extends Admin_Controller { $add_path = $form->group("add_path"); $add_path->input("path")->label(t("Path"))->rules("required") ->error_messages("not_readable", t("This directory is not readable by the webserver")) - ->error_messages("is_symlink", t("Path can not be symbolic link")); + ->error_messages("is_symlink", t("Symbolic links are not allowed")); $add_path->submit("add")->value(t("Add Path")); return $form; -- cgit v1.2.3 From 17254799d1069e9f67de14460264cda76395746f Mon Sep 17 00:00:00 2001 From: Andy Staudacher Date: Tue, 15 Sep 2009 20:27:04 -0700 Subject: Initial skeleton of Controller_Auth code audit test (non functional). --- modules/gallery/tests/Controller_Auth_Test.php | 211 +++++++++++++++++++++++++ modules/gallery/tests/controller_auth_data.txt | 0 2 files changed, 211 insertions(+) create mode 100644 modules/gallery/tests/Controller_Auth_Test.php create mode 100644 modules/gallery/tests/controller_auth_data.txt (limited to 'modules') diff --git a/modules/gallery/tests/Controller_Auth_Test.php b/modules/gallery/tests/Controller_Auth_Test.php new file mode 100644 index 00000000..9927859b --- /dev/null +++ b/modules/gallery/tests/Controller_Auth_Test.php @@ -0,0 +1,211 @@ +input, Forge] + // Require: ->validate() or access::verify_csrf\( + if ($function && $open_braces >= 2) { + if ($token[0] == T_STRING) { + if ($token[1] == "access" && + self::_token_matches(array(T_DOUBLE_COLON, "::"), $tokens, $token_number + 1) && + self::_token_matches(array(T_STRING, "require"), $tokens, $token_number + 2) && + self::_token_matches("(", $tokens, $token_number + 3)) { + $token_number += 3; + $function->checks_authorization(true); + } else if ($token[1] == "access" && + self::_token_matches(array(T_DOUBLE_COLON, "::"), $tokens, $token_number + 1) && + self::_token_matches(array(T_STRING, "verify_csrf"), $tokens, $token_number + 2) && + self::_token_matches("(", $tokens, $token_number + 3)) { + $token_number += 3; + $function->checks_csrf(true); + } else if (in_array($token[1], array("Input", "Forge")) && + self::_token_matches(array(T_DOUBLE_COLON, "::"), $tokens, $token_number + 1)) { + $token_number++; + $function->uses_input(true); + } + } else if ($token == T_VARIABLE) { + if ($token[1] == '$this' && + self::_token_matches(array(T_OBJECT_OPERATOR), $tokens, $token_number + 1) && + self::_token_matches(array(T_STRING, "input"), $tokens, $token_number + 2)) { + $token_number += 2; + $function->uses_input(true); + } + } else if ($token[0] == T_OBJECT_OPERATOR) { + if (self::_token_matches(array(T_STRING), "validate", $token_number + 1) && + self::_token_matches("(", $tokens, $token_number + 2)) { + $token_number += 2; + $function->checks_csrf(true); + } + } + } + } + } + } + + // Generate the report + $new = TMPPATH . "controller_auth_data.txt"; + $fd = fopen($new, "wb"); + ksort($found); + foreach ($found as $controller => $frames) { + foreach ($functions as $function) { + $flags = array(); + if ($function->uses_input() && !$function->checks_csrf()) { + $flags[] = "DIRTY_CSRF"; + } + if ($function->checks_authorization()) { + $flags[] = "DIRTY_AUTH"; + } + + if (!$flags) { + // Don't print CLEAN instances + continue; + } + + fprintf($fd, "%-60s %-20s %-21s\n", + $controller, $function->name, implode("|", $flags)); + } + } + fclose($fd); + + // Compare with the expected report from our golden file. + $canonical = MODPATH . "gallery/tests/controller_auth_data.txt"; + exec("diff $canonical $new", $output, $return_value); + $this->assert_false( + $return_value, "Controller auth golden file mismatch. Output:\n" . implode("\n", $output) ); + } + + private static function _token_matches($expected_token, &$tokens, $token_number) { + if (!isset($tokens[$token_number])) { + return false; + } + + $token = $tokens[$token_number]; + + if (is_array($expected_token)) { + for ($i = 0; $i < count($expected_token); $i++) { + if ($expected_token[$i] != $token[$i]) { + return false; + } + } + return true; + } else { + return $expected_token == $token; + } + } + + static function _function($name, $line) { + return new Controller_Auth_Test_Function($name, $line); + } +} + +class Controller_Auth_Test_Function { + public $name; + public $line; + private $_uses_input = false; + private $_checks_authorization = false; + private $_checks_csrf = false; + + function __construct($name, $line) { + $this->name = $name; + $this->line = $line; + } + + function uses_input($val=null) { + if ($val !== null) { + $this->_uses_input = $val; + } + return $this->_uses_input; + } + + function checks_authorization($val) { + if ($val !== null) { + $this->_checks_authorization = $val; + } + return $this->_checks_authorization; + } + + function checks_csrf($val) { + if ($val !== null) { + $this->_checks_csrf = $val; + } + return $this->_checks_csrf; + } +} \ No newline at end of file diff --git a/modules/gallery/tests/controller_auth_data.txt b/modules/gallery/tests/controller_auth_data.txt new file mode 100644 index 00000000..e69de29b -- cgit v1.2.3 From 61bbe1d78c409dbc2d4af771146878f8f720959a Mon Sep 17 00:00:00 2001 From: Andy Staudacher Date: Tue, 15 Sep 2009 21:03:23 -0700 Subject: First functional version of Controller_Auth_Test --- modules/gallery/tests/Controller_Auth_Test.php | 48 ++++++++++++++++++-------- 1 file changed, 33 insertions(+), 15 deletions(-) (limited to 'modules') diff --git a/modules/gallery/tests/Controller_Auth_Test.php b/modules/gallery/tests/Controller_Auth_Test.php index 9927859b..e3eb4eaf 100644 --- a/modules/gallery/tests/Controller_Auth_Test.php +++ b/modules/gallery/tests/Controller_Auth_Test.php @@ -29,6 +29,8 @@ class Controller_Auth_Test extends Unit_Test_Case { } } + $is_admin_controller = false; + $open_braces = 0; $function = null; for ($token_number = 0; $token_number < count($tokens); $token_number++) { @@ -38,10 +40,12 @@ class Controller_Auth_Test extends Unit_Test_Case { // 1 open brace = in class context. // 2 open braces = in function. if (!is_array($token)) { - if ($token == "{") { + if ($token == "}") { $open_braces--; - if ($function) { + if ($open_braces == 1 && $function) { $found[$controller][] = $function; + } else if ($open_braces == 0) { + $is_admin_controller = false; } $function = null; } else if ($token == "{") { @@ -50,7 +54,11 @@ class Controller_Auth_Test extends Unit_Test_Case { } else { // An array token - if ($open_braces == 1 && $token[0] == T_FUNCTION) { + if ($open_braces == 0 && $token[0] == T_EXTENDS) { + if (self::_token_matches(array(T_STRING, "Admin_Controller"), $tokens, $token_number + 1)) { + $is_admin_controller = true; + } + } else if ($open_braces == 1 && $token[0] == T_FUNCTION) { $line = $token[2]; $name = ""; // Search backwards to check visibility, @@ -63,15 +71,15 @@ class Controller_Auth_Test extends Unit_Test_Case { // Search forward to get function name do { $token_number++; - if (self_::token_matches(array(T_STRING), $tokens, $token_number)) { + if (self::_token_matches(array(T_STRING), $tokens, $token_number)) { $token = $tokens[$token_number]; - $name = $tokens[1]; + $name = $token[1]; break; } } while ($token_number < count($tokens)); if (!$is_private) { - $function = self::_function($name, $line); + $function = self::_function($name, $line, $is_admin_controller); } } @@ -86,7 +94,7 @@ class Controller_Auth_Test extends Unit_Test_Case { if ($token[0] == T_STRING) { if ($token[1] == "access" && self::_token_matches(array(T_DOUBLE_COLON, "::"), $tokens, $token_number + 1) && - self::_token_matches(array(T_STRING, "require"), $tokens, $token_number + 2) && + self::_token_matches(array(T_STRING, "required"), $tokens, $token_number + 2) && self::_token_matches("(", $tokens, $token_number + 3)) { $token_number += 3; $function->checks_authorization(true); @@ -109,7 +117,7 @@ class Controller_Auth_Test extends Unit_Test_Case { $function->uses_input(true); } } else if ($token[0] == T_OBJECT_OPERATOR) { - if (self::_token_matches(array(T_STRING), "validate", $token_number + 1) && + if (self::_token_matches(array(T_STRING, "validate"), $tokens, $token_number + 1) && self::_token_matches("(", $tokens, $token_number + 2)) { $token_number += 2; $function->checks_csrf(true); @@ -124,13 +132,16 @@ class Controller_Auth_Test extends Unit_Test_Case { $new = TMPPATH . "controller_auth_data.txt"; $fd = fopen($new, "wb"); ksort($found); - foreach ($found as $controller => $frames) { + foreach ($found as $controller => $functions) { + $is_admin_controller = true; foreach ($functions as $function) { + $is_admin_controller &= $function->is_admin_controller; + $flags = array(); if ($function->uses_input() && !$function->checks_csrf()) { $flags[] = "DIRTY_CSRF"; } - if ($function->checks_authorization()) { + if (!$function->is_admin_controller && !$function->checks_authorization()) { $flags[] = "DIRTY_AUTH"; } @@ -142,6 +153,11 @@ class Controller_Auth_Test extends Unit_Test_Case { fprintf($fd, "%-60s %-20s %-21s\n", $controller, $function->name, implode("|", $flags)); } + + if (strpos(basename($controller), "admin_") === 0 && !$is_admin_controller) { + fprintf($fd, "%-60s %-20s %-21s\n", + $controller, basename($controller), "NO_ADMIN_CONTROLLER"); + } } fclose($fd); @@ -171,21 +187,23 @@ class Controller_Auth_Test extends Unit_Test_Case { } } - static function _function($name, $line) { - return new Controller_Auth_Test_Function($name, $line); + static function _function($name, $line, $is_admin_controller) { + return new Controller_Auth_Test_Function($name, $line, $is_admin_controller); } } class Controller_Auth_Test_Function { public $name; public $line; + public $is_admin_controller = false; private $_uses_input = false; private $_checks_authorization = false; private $_checks_csrf = false; - function __construct($name, $line) { + function __construct($name, $line, $is_admin_controller) { $this->name = $name; $this->line = $line; + $this->is_admin_controller = $is_admin_controller; } function uses_input($val=null) { @@ -195,14 +213,14 @@ class Controller_Auth_Test_Function { return $this->_uses_input; } - function checks_authorization($val) { + function checks_authorization($val=null) { if ($val !== null) { $this->_checks_authorization = $val; } return $this->_checks_authorization; } - function checks_csrf($val) { + function checks_csrf($val=null) { if ($val !== null) { $this->_checks_csrf = $val; } -- cgit v1.2.3 From e168e0dfae28bb56289b4debae8825c104ee69f9 Mon Sep 17 00:00:00 2001 From: Andy Staudacher Date: Tue, 15 Sep 2009 21:50:48 -0700 Subject: CSRF / auth fixes, golden data file checkpoint --- modules/gallery/controllers/permissions.php | 2 +- modules/gallery/controllers/simple_uploader.php | 1 + modules/gallery/tests/Controller_Auth_Test.php | 8 ++++++-- modules/gallery/tests/controller_auth_data.txt | 17 +++++++++++++++++ modules/tag/controllers/tags.php | 2 ++ modules/user/controllers/admin_users.php | 2 +- 6 files changed, 28 insertions(+), 4 deletions(-) (limited to 'modules') diff --git a/modules/gallery/controllers/permissions.php b/modules/gallery/controllers/permissions.php index 5f4620b2..8d75862e 100644 --- a/modules/gallery/controllers/permissions.php +++ b/modules/gallery/controllers/permissions.php @@ -81,7 +81,7 @@ class Permissions_Controller extends Controller { } } - function _get_form($item) { + private function _get_form($item) { $view = new View("permissions_form.html"); $view->item = $item; $view->groups = ORM::factory("group")->find_all(); diff --git a/modules/gallery/controllers/simple_uploader.php b/modules/gallery/controllers/simple_uploader.php index 156d18ac..bc508319 100644 --- a/modules/gallery/controllers/simple_uploader.php +++ b/modules/gallery/controllers/simple_uploader.php @@ -32,6 +32,7 @@ class Simple_Uploader_Controller extends Controller { } public function start() { + access::verify_csrf(); batch::start(); } diff --git a/modules/gallery/tests/Controller_Auth_Test.php b/modules/gallery/tests/Controller_Auth_Test.php index e3eb4eaf..50afae8f 100644 --- a/modules/gallery/tests/Controller_Auth_Test.php +++ b/modules/gallery/tests/Controller_Auth_Test.php @@ -21,6 +21,10 @@ class Controller_Auth_Test extends Unit_Test_Case { public function find_missing_auth_test() { $found = array(); foreach (glob("*/*/controllers/*.php") as $controller) { + if (strpos($controller, "modules/unit_test/") !== false) { + continue; + } + // List of all tokens without whitespace, simplifying parsing. $tokens = array(); foreach (token_get_all(file_get_contents($controller)) as $token) { @@ -150,12 +154,12 @@ class Controller_Auth_Test extends Unit_Test_Case { continue; } - fprintf($fd, "%-60s %-20s %-21s\n", + fprintf($fd, "%-60s %-20s %s\n", $controller, $function->name, implode("|", $flags)); } if (strpos(basename($controller), "admin_") === 0 && !$is_admin_controller) { - fprintf($fd, "%-60s %-20s %-21s\n", + fprintf($fd, "%-60s %-20s %s\n", $controller, basename($controller), "NO_ADMIN_CONTROLLER"); } } diff --git a/modules/gallery/tests/controller_auth_data.txt b/modules/gallery/tests/controller_auth_data.txt index e69de29b..aabd2863 100644 --- a/modules/gallery/tests/controller_auth_data.txt +++ b/modules/gallery/tests/controller_auth_data.txt @@ -0,0 +1,17 @@ +modules/comment/controllers/admin_comments.php queue DIRTY_CSRF +modules/digibug/controllers/digibug.php close_window DIRTY_AUTH +modules/gallery/controllers/combined.php javascript DIRTY_AUTH +modules/gallery/controllers/combined.php css DIRTY_AUTH +modules/gallery/controllers/maintenance.php index DIRTY_AUTH +modules/gallery/controllers/rest.php form_add DIRTY_AUTH +modules/gallery/controllers/rest.php _index DIRTY_AUTH +modules/gallery/controllers/rest.php _create DIRTY_AUTH +modules/gallery/controllers/rest.php _show DIRTY_AUTH +modules/gallery/controllers/rest.php _update DIRTY_AUTH +modules/gallery/controllers/rest.php _delete DIRTY_AUTH +modules/gallery/controllers/rest.php _form_add DIRTY_AUTH +modules/gallery/controllers/rest.php _form_edit DIRTY_AUTH +modules/gallery/controllers/simple_uploader.php start DIRTY_AUTH +modules/gallery/controllers/simple_uploader.php finish DIRTY_AUTH +modules/user/controllers/login.php ajax DIRTY_AUTH +modules/user/controllers/login.php html DIRTY_AUTH diff --git a/modules/tag/controllers/tags.php b/modules/tag/controllers/tags.php index c993e374..f4f98090 100644 --- a/modules/tag/controllers/tags.php +++ b/modules/tag/controllers/tags.php @@ -43,6 +43,8 @@ class Tags_Controller extends REST_Controller { } public function _index() { + // Far from perfection, but at least require view permission for the root album + access::required("view", 1); print tag::cloud(30); } diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php index 521f82fa..0b748955 100644 --- a/modules/user/controllers/admin_users.php +++ b/modules/user/controllers/admin_users.php @@ -17,7 +17,7 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. */ -class Admin_Users_Controller extends Controller { +class Admin_Users_Controller extends Admin_Controller { public function index() { $view = new Admin_View("admin.html"); $view->content = new View("admin_users.html"); -- cgit v1.2.3 From dc3d45e7607acce91253e44c29998b8797131f93 Mon Sep 17 00:00:00 2001 From: Andy Staudacher Date: Tue, 15 Sep 2009 22:01:59 -0700 Subject: Add exception for REST controllers (no fixes necessary). --- modules/gallery/tests/Controller_Auth_Test.php | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/gallery/tests/Controller_Auth_Test.php b/modules/gallery/tests/Controller_Auth_Test.php index 50afae8f..c4dc915b 100644 --- a/modules/gallery/tests/Controller_Auth_Test.php +++ b/modules/gallery/tests/Controller_Auth_Test.php @@ -18,6 +18,11 @@ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. */ class Controller_Auth_Test extends Unit_Test_Case { + static $rest_methods = array("_index", "_show", "_form_edit", "_form_add", "_create", + "_update", "_delete"); + + static $rest_methods_with_csrf_check = array("_update", "_delete", "_create"); + public function find_missing_auth_test() { $found = array(); foreach (glob("*/*/controllers/*.php") as $controller) { @@ -34,6 +39,7 @@ class Controller_Auth_Test extends Unit_Test_Case { } $is_admin_controller = false; + $is_rest_controller = false; $open_braces = 0; $function = null; @@ -50,6 +56,7 @@ class Controller_Auth_Test extends Unit_Test_Case { $found[$controller][] = $function; } else if ($open_braces == 0) { $is_admin_controller = false; + $is_rest_controller = false; } $function = null; } else if ($token == "{") { @@ -61,6 +68,8 @@ class Controller_Auth_Test extends Unit_Test_Case { if ($open_braces == 0 && $token[0] == T_EXTENDS) { if (self::_token_matches(array(T_STRING, "Admin_Controller"), $tokens, $token_number + 1)) { $is_admin_controller = true; + } else if (self::_token_matches(array(T_STRING, "REST_Controller"), $tokens, $token_number + 1)) { + $is_rest_controller = true; } } else if ($open_braces == 1 && $token[0] == T_FUNCTION) { $line = $token[2]; @@ -82,8 +91,11 @@ class Controller_Auth_Test extends Unit_Test_Case { } } while ($token_number < count($tokens)); - if (!$is_private) { + if (!$is_private || ($is_rest_controller && in_array($name, self::$rest_methods))) { $function = self::_function($name, $line, $is_admin_controller); + if ($is_rest_controller && in_array($name, self::$rest_methods_with_csrf_check)) { + $function->checks_csrf(true); + } } } -- cgit v1.2.3 From 7608870537503ec571f45a175c8486d7945e7c63 Mon Sep 17 00:00:00 2001 From: Andy Staudacher Date: Tue, 15 Sep 2009 22:51:49 -0700 Subject: Controller auth / CSRF fixes --- modules/gallery/tests/Controller_Auth_Test.php | 19 +++++++++++-------- modules/gallery/tests/controller_auth_data.txt | 22 ++++++++++++++++++++++ modules/organize/controllers/organize.php | 4 ++++ modules/rss/controllers/rss.php | 4 ++-- modules/tag/controllers/tags.php | 3 ++- 5 files changed, 41 insertions(+), 11 deletions(-) (limited to 'modules') diff --git a/modules/gallery/tests/Controller_Auth_Test.php b/modules/gallery/tests/Controller_Auth_Test.php index c4dc915b..cd4abe07 100644 --- a/modules/gallery/tests/Controller_Auth_Test.php +++ b/modules/gallery/tests/Controller_Auth_Test.php @@ -26,7 +26,7 @@ class Controller_Auth_Test extends Unit_Test_Case { public function find_missing_auth_test() { $found = array(); foreach (glob("*/*/controllers/*.php") as $controller) { - if (strpos($controller, "modules/unit_test/") !== false) { + if (preg_match("{modules/(gallery_)?unit_test/}", $controller)) { continue; } @@ -54,11 +54,11 @@ class Controller_Auth_Test extends Unit_Test_Case { $open_braces--; if ($open_braces == 1 && $function) { $found[$controller][] = $function; + $function = null; } else if ($open_braces == 0) { $is_admin_controller = false; $is_rest_controller = false; } - $function = null; } else if ($token == "{") { $open_braces++; } @@ -80,6 +80,7 @@ class Controller_Auth_Test extends Unit_Test_Case { $previous_2 = $tokens[$token_number - 2][0]; $is_private = in_array($previous, array(T_PRIVATE, T_PROTECTED)) || in_array($previous_2, array(T_PRIVATE, T_PROTECTED)); + $is_static = $previous == T_STATIC || $previous_2 == T_STATIC; // Search forward to get function name do { @@ -91,7 +92,9 @@ class Controller_Auth_Test extends Unit_Test_Case { } } while ($token_number < count($tokens)); - if (!$is_private || ($is_rest_controller && in_array($name, self::$rest_methods))) { + if (!$is_static && + (!$is_private || + ($is_rest_controller && in_array($name, self::$rest_methods)))) { $function = self::_function($name, $line, $is_admin_controller); if ($is_rest_controller && in_array($name, self::$rest_methods_with_csrf_check)) { $function->checks_csrf(true); @@ -110,7 +113,8 @@ class Controller_Auth_Test extends Unit_Test_Case { if ($token[0] == T_STRING) { if ($token[1] == "access" && self::_token_matches(array(T_DOUBLE_COLON, "::"), $tokens, $token_number + 1) && - self::_token_matches(array(T_STRING, "required"), $tokens, $token_number + 2) && + self::_token_matches(array(T_STRING), $tokens, $token_number + 2) && + in_array($tokens[$token_number + 2][1], array("forbidden", "required")) && self::_token_matches("(", $tokens, $token_number + 3)) { $token_number += 3; $function->checks_authorization(true); @@ -125,7 +129,7 @@ class Controller_Auth_Test extends Unit_Test_Case { $token_number++; $function->uses_input(true); } - } else if ($token == T_VARIABLE) { + } else if ($token[0] == T_VARIABLE) { if ($token[1] == '$this' && self::_token_matches(array(T_OBJECT_OPERATOR), $tokens, $token_number + 1) && self::_token_matches(array(T_STRING, "input"), $tokens, $token_number + 2)) { @@ -152,7 +156,6 @@ class Controller_Auth_Test extends Unit_Test_Case { $is_admin_controller = true; foreach ($functions as $function) { $is_admin_controller &= $function->is_admin_controller; - $flags = array(); if ($function->uses_input() && !$function->checks_csrf()) { $flags[] = "DIRTY_CSRF"; @@ -224,14 +227,14 @@ class Controller_Auth_Test_Function { function uses_input($val=null) { if ($val !== null) { - $this->_uses_input = $val; + $this->_uses_input = (bool) $val; } return $this->_uses_input; } function checks_authorization($val=null) { if ($val !== null) { - $this->_checks_authorization = $val; + $this->_checks_authorization = (bool) $val; } return $this->_checks_authorization; } diff --git a/modules/gallery/tests/controller_auth_data.txt b/modules/gallery/tests/controller_auth_data.txt index aabd2863..fcb977e4 100644 --- a/modules/gallery/tests/controller_auth_data.txt +++ b/modules/gallery/tests/controller_auth_data.txt @@ -1,8 +1,17 @@ modules/comment/controllers/admin_comments.php queue DIRTY_CSRF +modules/comment/controllers/comments.php _index DIRTY_CSRF +modules/digibug/controllers/digibug.php print_proxy DIRTY_CSRF|DIRTY_AUTH modules/digibug/controllers/digibug.php close_window DIRTY_AUTH +modules/gallery/controllers/admin.php __call DIRTY_AUTH +modules/gallery/controllers/albums.php _show DIRTY_CSRF +modules/gallery/controllers/albums.php _form_add DIRTY_CSRF modules/gallery/controllers/combined.php javascript DIRTY_AUTH modules/gallery/controllers/combined.php css DIRTY_AUTH +modules/gallery/controllers/file_proxy.php __call DIRTY_CSRF|DIRTY_AUTH modules/gallery/controllers/maintenance.php index DIRTY_AUTH +modules/gallery/controllers/rest.php __construct DIRTY_AUTH +modules/gallery/controllers/rest.php __call DIRTY_AUTH +modules/gallery/controllers/rest.php form_edit DIRTY_AUTH modules/gallery/controllers/rest.php form_add DIRTY_AUTH modules/gallery/controllers/rest.php _index DIRTY_AUTH modules/gallery/controllers/rest.php _create DIRTY_AUTH @@ -13,5 +22,18 @@ modules/gallery/controllers/rest.php _form_add modules/gallery/controllers/rest.php _form_edit DIRTY_AUTH modules/gallery/controllers/simple_uploader.php start DIRTY_AUTH modules/gallery/controllers/simple_uploader.php finish DIRTY_AUTH +modules/gallery/controllers/upgrader.php index DIRTY_AUTH +modules/gallery/controllers/welcome_message.php index DIRTY_AUTH +modules/rss/controllers/rss.php feed DIRTY_CSRF|DIRTY_AUTH +modules/search/controllers/search.php index DIRTY_CSRF|DIRTY_AUTH +modules/server_add/controllers/admin_server_add.php autocomplete DIRTY_CSRF +modules/server_add/controllers/server_add.php children DIRTY_CSRF +modules/tag/controllers/admin_tags.php index DIRTY_CSRF +modules/tag/controllers/tags.php _show DIRTY_CSRF|DIRTY_AUTH modules/user/controllers/login.php ajax DIRTY_AUTH +modules/user/controllers/login.php auth_ajax DIRTY_AUTH modules/user/controllers/login.php html DIRTY_AUTH +modules/user/controllers/login.php auth_html DIRTY_AUTH +modules/user/controllers/logout.php index DIRTY_CSRF|DIRTY_AUTH +modules/user/controllers/password.php reset DIRTY_AUTH +modules/user/controllers/password.php do_reset DIRTY_CSRF|DIRTY_AUTH diff --git a/modules/organize/controllers/organize.php b/modules/organize/controllers/organize.php index 259c94e7..08c80de3 100644 --- a/modules/organize/controllers/organize.php +++ b/modules/organize/controllers/organize.php @@ -45,9 +45,13 @@ class Organize_Controller extends Controller { access::verify_csrf(); $target_album = ORM::factory("item", $target_album_id); + access::required("view", $target_album); + access::required("add", $target_album); + foreach ($this->input->post("source_ids") as $source_id) { $source = ORM::factory("item", $source_id); if (!$source->contains($target_album)) { + access::required("edit", $source); item::move($source, $target_album); } } diff --git a/modules/rss/controllers/rss.php b/modules/rss/controllers/rss.php index b89bed40..015d6032 100644 --- a/modules/rss/controllers/rss.php +++ b/modules/rss/controllers/rss.php @@ -21,13 +21,13 @@ class Rss_Controller extends Controller { public static $page_size = 20; public function feed($module_id, $feed_id, $id=null) { - $page = $this->input->get("page", 1); + $page = (int) $this->input->get("page", 1); if ($page < 1) { url::redirect(url::merge(array("page" => 1))); } // Configurable page size between 1 and 100, default 20 - $page_size = max(1, min(100, $this->input->get("page_size", self::$page_size))); + $page_size = max(1, min(100, (int) $this->input->get("page_size", self::$page_size))); // Run the appropriate feed callback if (module::is_active($module_id)) { diff --git a/modules/tag/controllers/tags.php b/modules/tag/controllers/tags.php index f4f98090..b9f2c61c 100644 --- a/modules/tag/controllers/tags.php +++ b/modules/tag/controllers/tags.php @@ -44,7 +44,8 @@ class Tags_Controller extends REST_Controller { public function _index() { // Far from perfection, but at least require view permission for the root album - access::required("view", 1); + $album = ORM::factory("item", 1); + access::required("view", $album); print tag::cloud(30); } -- cgit v1.2.3 From 39632c4689842b3e3bb0715c0e9be757149c257d Mon Sep 17 00:00:00 2001 From: Andy Staudacher Date: Tue, 15 Sep 2009 23:01:26 -0700 Subject: Also check for rss feeds in controller auth check --- modules/gallery/tests/Controller_Auth_Test.php | 8 ++++++-- modules/gallery/tests/controller_auth_data.txt | 1 + 2 files changed, 7 insertions(+), 2 deletions(-) (limited to 'modules') diff --git a/modules/gallery/tests/Controller_Auth_Test.php b/modules/gallery/tests/Controller_Auth_Test.php index cd4abe07..caf6d8f2 100644 --- a/modules/gallery/tests/Controller_Auth_Test.php +++ b/modules/gallery/tests/Controller_Auth_Test.php @@ -25,7 +25,9 @@ class Controller_Auth_Test extends Unit_Test_Case { public function find_missing_auth_test() { $found = array(); - foreach (glob("*/*/controllers/*.php") as $controller) { + $controllers = glob("*/*/controllers/*.php"); + $feeds = glob("*/*/helpers/*_rss.php"); + foreach (array_merge($controllers, $feeds) as $controller) { if (preg_match("{modules/(gallery_)?unit_test/}", $controller)) { continue; } @@ -92,7 +94,9 @@ class Controller_Auth_Test extends Unit_Test_Case { } } while ($token_number < count($tokens)); - if (!$is_static && + $is_rss_feed = $name == "feed" && strpos(basename($controller), "_rss.php"); + + if ((!$is_static || $is_rss_feed) && (!$is_private || ($is_rest_controller && in_array($name, self::$rest_methods)))) { $function = self::_function($name, $line, $is_admin_controller); diff --git a/modules/gallery/tests/controller_auth_data.txt b/modules/gallery/tests/controller_auth_data.txt index fcb977e4..fdf00c5e 100644 --- a/modules/gallery/tests/controller_auth_data.txt +++ b/modules/gallery/tests/controller_auth_data.txt @@ -1,5 +1,6 @@ modules/comment/controllers/admin_comments.php queue DIRTY_CSRF modules/comment/controllers/comments.php _index DIRTY_CSRF +modules/comment/helpers/comment_rss.php feed DIRTY_AUTH modules/digibug/controllers/digibug.php print_proxy DIRTY_CSRF|DIRTY_AUTH modules/digibug/controllers/digibug.php close_window DIRTY_AUTH modules/gallery/controllers/admin.php __call DIRTY_AUTH -- cgit v1.2.3 From f1887422f8b4ba68dc273fe6f7d3f1123681e89a Mon Sep 17 00:00:00 2001 From: Andy Staudacher Date: Tue, 15 Sep 2009 23:07:41 -0700 Subject: Stricter input handling (cast to int) --- modules/tag/controllers/tags.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/tag/controllers/tags.php b/modules/tag/controllers/tags.php index b9f2c61c..1bd6b3cc 100644 --- a/modules/tag/controllers/tags.php +++ b/modules/tag/controllers/tags.php @@ -22,7 +22,7 @@ class Tags_Controller extends REST_Controller { public function _show($tag) { $page_size = module::get_var("gallery", "page_size", 9); - $page = $this->input->get("page", "1"); + $page = (int) $this->input->get("page", "1"); $children_count = $tag->items_count(); $offset = ($page-1) * $page_size; -- cgit v1.2.3 From 5490057480f17e5810cf8b9e558769ebd74d4b27 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Wed, 16 Sep 2009 12:27:13 -0700 Subject: When editing tags in place, and there is a validation error, highlight the tag with a red border and show a statust message. This fixes ticket: #779 --- modules/tag/controllers/admin_tags.php | 15 ++++++++++----- modules/tag/js/tag.js | 6 ++++++ 2 files changed, 16 insertions(+), 5 deletions(-) (limited to 'modules') diff --git a/modules/tag/controllers/admin_tags.php b/modules/tag/controllers/admin_tags.php index 8b8dde21..3301566b 100644 --- a/modules/tag/controllers/admin_tags.php +++ b/modules/tag/controllers/admin_tags.php @@ -81,15 +81,20 @@ class Admin_Tags_Controller extends Admin_Controller { kohana::show_404(); } - $form = tag::get_rename_form($tag); - $valid = $form->validate(); + //Don't use a form as the form is dynamically created in the js + $post = new Validation($_POST); + $post->add_rules("name", "required", "length[1,64]"); + $valid = $post->validate(); if ($valid) { - $new_name = $form->rename_tag->inputs["name"]->value; + $new_name = $this->input->post("name"); $new_tag = ORM::factory("tag")->where("name", $new_name)->find(); if ($new_tag->loaded) { - $form->rename_tag->inputs["name"]->add_error("in_use", 1); + $error_msg = "There is already a tag with that name"; $valid = false; } + } else { + $error_msg = $post->errors(); + $error_msg = $error_msg[0]; } if ($valid) { @@ -110,7 +115,7 @@ class Admin_Tags_Controller extends Admin_Controller { } else { print json_encode( array("result" => "error", - "form" => $form->__toString())); + "message" => $error_msg)); } } } diff --git a/modules/tag/js/tag.js b/modules/tag/js/tag.js index aaae9e72..d656da36 100644 --- a/modules/tag/js/tag.js +++ b/modules/tag/js/tag.js @@ -19,6 +19,7 @@ function ajaxify_tag_form() { function closeEditInPlaceForms() { // closes currently open inplace edit forms if ($("#gRenameTagForm").length) { + $("#gEditErrorMessage").remove(); var li = $("#gRenameTagForm").parent(); $("#gRenameTagForm").parent().html($("#gRenameTagForm").parent().data("revert")); li.height(""); @@ -66,6 +67,11 @@ function editInPlace(element) { $("#gTag-" + data.tag_id).text(data.new_tagname); // update tagname console.log(data); window.location.reload(); + } else if (data.result == "error") { + $("#gRenameTagForm #name") + .css("border", "2px solid red") + .focus(); + $("#gTagAdmin").before("

    " + data.message + "

    "); } } }); -- cgit v1.2.3 From 4e1e24ba1a976cd0bb7ca7dd03c6001f906a25dd Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Wed, 16 Sep 2009 20:34:42 -0700 Subject: Add a movie_menu() theme callback, and have the default theme call it in the sidebar on movie page types. --- modules/gallery/libraries/Theme_View.php | 6 ++++++ themes/default/views/sidebar.html.php | 2 ++ 2 files changed, 8 insertions(+) (limited to 'modules') diff --git a/modules/gallery/libraries/Theme_View.php b/modules/gallery/libraries/Theme_View.php index 541bce88..130e2dce 100644 --- a/modules/gallery/libraries/Theme_View.php +++ b/modules/gallery/libraries/Theme_View.php @@ -111,6 +111,12 @@ class Theme_View_Core extends Gallery_View { return $menu->compact(); } + public function movie_menu() { + $menu = Menu::factory("root"); + module::event("movie_menu", $menu, $this); + return $menu->compact(); + } + public function context_menu($item, $thumbnail_css_selector) { $menu = Menu::factory("root") ->append(Menu::factory("submenu") diff --git a/themes/default/views/sidebar.html.php b/themes/default/views/sidebar.html.php index 928ecb93..04379eb6 100644 --- a/themes/default/views/sidebar.html.php +++ b/themes/default/views/sidebar.html.php @@ -6,6 +6,8 @@ album_menu() ?> photo_menu() ?> + + movie_menu() ?> tag_menu() ?> -- cgit v1.2.3 From 9d76797b17d65540a903ef37eee6edca3e83108b Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Wed, 16 Sep 2009 22:23:32 -0700 Subject: Changed the search module installer to explicitly specify MyISAM as the database type. Changed the packager to not remove the engine specification if the table is search_records. Fixes Ticket #774 --- installer/install.sql | 2 +- modules/gallery/controllers/packager.php | 10 ++++++++-- modules/search/helpers/search_installer.php | 10 ++++++++++ modules/search/module.info | 2 +- 4 files changed, 20 insertions(+), 4 deletions(-) (limited to 'modules') diff --git a/installer/install.sql b/installer/install.sql index ca0ecadf..e8aaa681 100755 --- a/installer/install.sql +++ b/installer/install.sql @@ -278,7 +278,7 @@ CREATE TABLE {search_records} ( PRIMARY KEY (`id`), KEY `item_id` (`item_id`), FULLTEXT KEY `data` (`data`) -) AUTO_INCREMENT=2 DEFAULT CHARSET=utf8; +) ENGINE=MyISAM AUTO_INCREMENT=2 DEFAULT CHARSET=utf8; SET character_set_client = @saved_cs_client; INSERT INTO {search_records} VALUES (1,1,0,' Gallery'); DROP TABLE IF EXISTS {sessions}; diff --git a/modules/gallery/controllers/packager.php b/modules/gallery/controllers/packager.php index fbb1d07d..ae87d74b 100644 --- a/modules/gallery/controllers/packager.php +++ b/modules/gallery/controllers/packager.php @@ -114,18 +114,24 @@ class Packager_Controller extends Controller { $root = ORM::factory("item", 1); $root_created_timestamp = $root->created; $root_updated_timestamp = $root->updated; + $table_name = ""; foreach (file($sql_file) as $line) { // Prefix tables $line = preg_replace( "/(CREATE TABLE|IF EXISTS|INSERT INTO) `{$dbconfig['table_prefix']}(\w+)`/", "\\1 {\\2}", $line); + if (preg_match("/CREATE TABLE {(\w+)}/", $line, $matches)) { + $table_name = $matches[1]; + } // Normalize dates $line = preg_replace("/,$root_created_timestamp,/", ",UNIX_TIMESTAMP(),", $line); $line = preg_replace("/,$root_updated_timestamp,/", ",UNIX_TIMESTAMP(),", $line); - // Remove ENGINE= specifications - $line = preg_replace("/ENGINE=\S+ /", "", $line); + // Remove ENGINE= specifications execpt for search records, it always needs to be MyISAM + if ($table_name != "search_records") { + $line = preg_replace("/ENGINE=\S+ /", "", $line); + } $buf .= $line; } diff --git a/modules/search/helpers/search_installer.php b/modules/search/helpers/search_installer.php index 10d8211f..096f46c7 100644 --- a/modules/search/helpers/search_installer.php +++ b/modules/search/helpers/search_installer.php @@ -28,6 +28,7 @@ class search_installer { PRIMARY KEY (`id`), KEY(`item_id`), FULLTEXT INDEX (`data`)) + ENGINE=MYISAM DEFAULT CHARSET=utf8;"); module::set_version("search", 1); } @@ -47,4 +48,13 @@ class search_installer { static function uninstall() { Database::instance()->query("DROP TABLE {search_records}"); } + + static function upgrade($version) { + $db = Database::instance(); + if ($version == 1) { + $db->query("ALTER TABLE {search_records} ENGINE=MYISAM"); + module::set_version("search", 2); + } + } + } diff --git a/modules/search/module.info b/modules/search/module.info index f417c4fa..2f2ebdf1 100644 --- a/modules/search/module.info +++ b/modules/search/module.info @@ -1,3 +1,3 @@ name = "Search" description = "Allows users to search their Gallery" -version = 1 +version = 2 -- cgit v1.2.3 From 86996dcac7ca07e789df6ce1d5b13867d8aa57f6 Mon Sep 17 00:00:00 2001 From: Andy Staudacher Date: Thu, 17 Sep 2009 01:17:30 -0700 Subject: Mark permission's display name for translation --- modules/gallery/helpers/gallery_installer.php | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'modules') diff --git a/modules/gallery/helpers/gallery_installer.php b/modules/gallery/helpers/gallery_installer.php index a1856424..6500482b 100644 --- a/modules/gallery/helpers/gallery_installer.php +++ b/modules/gallery/helpers/gallery_installer.php @@ -203,6 +203,12 @@ class gallery_installer { access::register_permission("edit", "Edit"); access::register_permission("add", "Add"); + // Mark for translation (must be the same strings as used above) + t("View Full Size"); + t("View"); + t("Edit"); + t("Add"); + $root = ORM::factory("item"); $root->type = "album"; $root->title = "Gallery"; -- cgit v1.2.3 From 30b5c389e6baae397d6c5c9fe9c7ed91a5296568 Mon Sep 17 00:00:00 2001 From: Andy Staudacher Date: Thu, 17 Sep 2009 01:21:06 -0700 Subject: Fix: Make "Sharing your translations" a localizable string --- modules/gallery/views/admin_languages.html.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/gallery/views/admin_languages.html.php b/modules/gallery/views/admin_languages.html.php index fa97d299..ab370f88 100644 --- a/modules/gallery/views/admin_languages.html.php +++ b/modules/gallery/views/admin_languages.html.php @@ -98,6 +98,6 @@ -

    Sharing your translations

    +

    t("Sharing your translations")

    -- cgit v1.2.3 From a5af531fbee1db0c3a0ae0d23388245b2d2ec2de Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Thu, 17 Sep 2009 07:04:11 -0700 Subject: Don't show links as part of the auto complete list --- modules/server_add/controllers/admin_server_add.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'modules') diff --git a/modules/server_add/controllers/admin_server_add.php b/modules/server_add/controllers/admin_server_add.php index 7cd82d60..38190fee 100644 --- a/modules/server_add/controllers/admin_server_add.php +++ b/modules/server_add/controllers/admin_server_add.php @@ -36,7 +36,7 @@ class Admin_Server_Add_Controller extends Admin_Controller { if ($form->validate()) { if (is_link($form->add_path->path->value)) { $form->add_path->path->add_error("is_symlink", 1); - } else if (! is_readable($form->add_path->path->value)) { + } else if (!is_readable($form->add_path->path->value)) { $form->add_path->path->add_error("not_readable", 1); } else { $path = $form->add_path->path->value; @@ -73,7 +73,7 @@ class Admin_Server_Add_Controller extends Admin_Controller { $directories = array(); $path_prefix = $this->input->get("q"); foreach (glob("{$path_prefix}*") as $file) { - if (is_dir($file)) { + if (is_dir($file) && !is_link($file)) { $directories[] = $file; } } -- cgit v1.2.3 From 88c374dee8b63957b7523850508c9bd7b8c4f100 Mon Sep 17 00:00:00 2001 From: Andy Staudacher Date: Thu, 17 Sep 2009 10:01:15 -0700 Subject: Arg, fixing the "Sharing your Translations" text, thanks engineer@gmc --- modules/gallery/views/admin_languages.html.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/gallery/views/admin_languages.html.php b/modules/gallery/views/admin_languages.html.php index ab370f88..fb30c7ba 100644 --- a/modules/gallery/views/admin_languages.html.php +++ b/modules/gallery/views/admin_languages.html.php @@ -98,6 +98,6 @@ -

    t("Sharing your translations")

    +

    -- cgit v1.2.3 From be1d49d017a71ee0967c47325986f482532a4f16 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Thu, 17 Sep 2009 10:55:50 -0700 Subject: Change the timeout on resubmitting the next task iteration to 25ms instead of. This allows the jQuery.ajax method to complete its processing. Otherwise, the browser can spend time thrashing around trying to send the next request. --- modules/server_add/js/server_add.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'modules') diff --git a/modules/server_add/js/server_add.js b/modules/server_add/js/server_add.js index 51ef41a7..4c411715 100644 --- a/modules/server_add/js/server_add.js +++ b/modules/server_add/js/server_add.js @@ -39,7 +39,7 @@ function start_add() { success: function(data, textStatus) { $("#gStatus").html(data.status); $("#gServerAdd .gProgressBar").progressbar("value", data.percent_complete); - setTimeout(function() { run_add(data.url); }, 0); + setTimeout(function() { run_add(data.url); }, 25); } }); return false; @@ -56,7 +56,7 @@ function run_add(url) { if (data.done) { $("#gServerAddProgress").slideUp(); } else { - setTimeout(function() { run_add(url); }, 0); + setTimeout(function() { run_add(url); }, 25); } } }); -- cgit v1.2.3 From c7f8d8be6fe9e15b11ef781bdd6ed279fcb5f1a4 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Thu, 17 Sep 2009 10:57:22 -0700 Subject: Don't try to creat an album that corresponds to the staging directory. Just add the contents of the staging directlyinto the album that server_add was invoked from. Fixes ticket #785 --- modules/server_add/controllers/server_add.php | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) (limited to 'modules') diff --git a/modules/server_add/controllers/server_add.php b/modules/server_add/controllers/server_add.php index 26b3bd08..9769cd6f 100644 --- a/modules/server_add/controllers/server_add.php +++ b/modules/server_add/controllers/server_add.php @@ -137,17 +137,25 @@ class Server_Add_Controller extends Admin_Controller { // form [path, parent_id] where the parent_id refers to another Server_Add_File_Model. We // have this extra level of abstraction because we don't know its Item_Model id yet. $queue = $task->get("queue"); + $paths = unserialize(module::get_var("server_add", "authorized_paths")); + while ($queue && microtime(true) - $start < 0.5) { list($file, $parent_entry_id) = array_shift($queue); - $entry = ORM::factory("server_add_file"); - $entry->task_id = $task->id; - $entry->file = $file; - $entry->parent_id = $parent_entry_id; - $entry->save(); + // Ignore the staging directories as directories to be imported. + if (empty($paths[$file])) { + $entry = ORM::factory("server_add_file"); + $entry->task_id = $task->id; + $entry->file = $file; + $entry->parent_id = $parent_entry_id; + $entry->save(); + $entry_id = $entry->id; + } else { + $entry_id = null; + } foreach (glob("$file/*") as $child) { if (is_dir($child)) { - $queue[] = array($child, $entry->id); + $queue[] = array($child, $entry_id); } else { $ext = strtolower(pathinfo($child, PATHINFO_EXTENSION)); if (in_array($ext, array("gif", "jpeg", "jpg", "png", "flv", "mp4")) && @@ -155,7 +163,7 @@ class Server_Add_Controller extends Admin_Controller { $child_entry = ORM::factory("server_add_file"); $child_entry->task_id = $task->id; $child_entry->file = $child; - $child_entry->parent_id = $entry->id; + $child_entry->parent_id = $entry_id; $child_entry->save(); } } -- cgit v1.2.3 From 6469763225b1f74bc5391f09446bcf280bea389e Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Thu, 17 Sep 2009 11:10:15 -0700 Subject: Reload the album when server_add dialog is closed --- modules/server_add/views/server_add_tree_dialog.html.php | 1 + 1 file changed, 1 insertion(+) (limited to 'modules') diff --git a/modules/server_add/views/server_add_tree_dialog.html.php b/modules/server_add/views/server_add_tree_dialog.html.php index 8eb6e4df..dd4efd06 100644 --- a/modules/server_add/views/server_add_tree_dialog.html.php +++ b/modules/server_add/views/server_add_tree_dialog.html.php @@ -50,6 +50,7 @@ }); $("#gServerCloseButton").click(function(event) { $("#gDialog").dialog("close"); + window.location.reload(); }); }); -- cgit v1.2.3 From 48326ad01708fcfa020283e2ad8b2cae4ede1600 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Thu, 17 Sep 2009 12:11:00 -0700 Subject: Cleanup issues with the original fix for #779 --- modules/tag/controllers/admin_tags.php | 4 ++-- modules/tag/js/tag.js | 2 +- themes/admin_default/css/screen.css | 5 +++++ 3 files changed, 8 insertions(+), 3 deletions(-) (limited to 'modules') diff --git a/modules/tag/controllers/admin_tags.php b/modules/tag/controllers/admin_tags.php index 3301566b..ced73d65 100644 --- a/modules/tag/controllers/admin_tags.php +++ b/modules/tag/controllers/admin_tags.php @@ -81,7 +81,7 @@ class Admin_Tags_Controller extends Admin_Controller { kohana::show_404(); } - //Don't use a form as the form is dynamically created in the js + // Don't use a form as the form is dynamically created in the js $post = new Validation($_POST); $post->add_rules("name", "required", "length[1,64]"); $valid = $post->validate(); @@ -89,7 +89,7 @@ class Admin_Tags_Controller extends Admin_Controller { $new_name = $this->input->post("name"); $new_tag = ORM::factory("tag")->where("name", $new_name)->find(); if ($new_tag->loaded) { - $error_msg = "There is already a tag with that name"; + $error_msg = t("There is already a tag with that name")->__toString(); $valid = false; } } else { diff --git a/modules/tag/js/tag.js b/modules/tag/js/tag.js index d656da36..52c695c6 100644 --- a/modules/tag/js/tag.js +++ b/modules/tag/js/tag.js @@ -69,7 +69,7 @@ function editInPlace(element) { window.location.reload(); } else if (data.result == "error") { $("#gRenameTagForm #name") - .css("border", "2px solid red") + .addClass("gError") .focus(); $("#gTagAdmin").before("

    " + data.message + "

    "); } diff --git a/themes/admin_default/css/screen.css b/themes/admin_default/css/screen.css index 33cc6733..de6d436e 100644 --- a/themes/admin_default/css/screen.css +++ b/themes/admin_default/css/screen.css @@ -1034,6 +1034,11 @@ li.gDefaultGroup h4, li.gDefaultGroup .gUser { float: right; } +#gRenameTagForm input[type="text"].gError { + border: 2px solid red; + background: none; +} + #gRenameTagForm input[type="submit"] { height: 25px; } -- cgit v1.2.3 From 6458b47e3ed3ef31d08080a66781ee53bf0f25ed Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Thu, 17 Sep 2009 12:38:59 -0700 Subject: Remove the update code introduced with 9d7d79. In addition, captialize MyISAM correctly. --- modules/search/helpers/search_installer.php | 11 +---------- modules/search/module.info | 2 +- 2 files changed, 2 insertions(+), 11 deletions(-) (limited to 'modules') diff --git a/modules/search/helpers/search_installer.php b/modules/search/helpers/search_installer.php index 096f46c7..f3225b4e 100644 --- a/modules/search/helpers/search_installer.php +++ b/modules/search/helpers/search_installer.php @@ -28,7 +28,7 @@ class search_installer { PRIMARY KEY (`id`), KEY(`item_id`), FULLTEXT INDEX (`data`)) - ENGINE=MYISAM + ENGINE=MyISAM DEFAULT CHARSET=utf8;"); module::set_version("search", 1); } @@ -48,13 +48,4 @@ class search_installer { static function uninstall() { Database::instance()->query("DROP TABLE {search_records}"); } - - static function upgrade($version) { - $db = Database::instance(); - if ($version == 1) { - $db->query("ALTER TABLE {search_records} ENGINE=MYISAM"); - module::set_version("search", 2); - } - } - } diff --git a/modules/search/module.info b/modules/search/module.info index 2f2ebdf1..f417c4fa 100644 --- a/modules/search/module.info +++ b/modules/search/module.info @@ -1,3 +1,3 @@ name = "Search" description = "Allows users to search their Gallery" -version = 2 +version = 1 -- cgit v1.2.3 From 2eeacd2656083739a588738b28d578e616d46c9c Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Thu, 17 Sep 2009 13:55:11 -0700 Subject: use an implicit cast to convert the translated error message to a string as it is encoded by the json routines and will be treated as an object otherwise --- modules/tag/controllers/admin_tags.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/tag/controllers/admin_tags.php b/modules/tag/controllers/admin_tags.php index ced73d65..b42e3748 100644 --- a/modules/tag/controllers/admin_tags.php +++ b/modules/tag/controllers/admin_tags.php @@ -89,7 +89,7 @@ class Admin_Tags_Controller extends Admin_Controller { $new_name = $this->input->post("name"); $new_tag = ORM::factory("tag")->where("name", $new_name)->find(); if ($new_tag->loaded) { - $error_msg = t("There is already a tag with that name")->__toString(); + $error_msg = (string)t("There is already a tag with that name"); $valid = false; } } else { -- cgit v1.2.3 From d050f0a2466fedfe96c3bbc072374d01b17951c5 Mon Sep 17 00:00:00 2001 From: Andy Staudacher Date: Thu, 17 Sep 2009 14:04:13 -0700 Subject: Minor style fix: (string) $var, not (string)$var, and move the explicit cast down where it's needed. --- modules/tag/controllers/admin_tags.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'modules') diff --git a/modules/tag/controllers/admin_tags.php b/modules/tag/controllers/admin_tags.php index b42e3748..63f7957c 100644 --- a/modules/tag/controllers/admin_tags.php +++ b/modules/tag/controllers/admin_tags.php @@ -89,7 +89,7 @@ class Admin_Tags_Controller extends Admin_Controller { $new_name = $this->input->post("name"); $new_tag = ORM::factory("tag")->where("name", $new_name)->find(); if ($new_tag->loaded) { - $error_msg = (string)t("There is already a tag with that name"); + $error_msg = t("There is already a tag with that name"); $valid = false; } } else { @@ -115,7 +115,7 @@ class Admin_Tags_Controller extends Admin_Controller { } else { print json_encode( array("result" => "error", - "message" => $error_msg)); + "message" => (string) $error_msg)); } } } -- cgit v1.2.3 From 2e23ae98c43ae099a0b7b18f3c65fae21401aa43 Mon Sep 17 00:00:00 2001 From: Andy Staudacher Date: Thu, 17 Sep 2009 14:12:43 -0700 Subject: - Add theme->movie_menu() to whitelisted methods. - xss_data checkpoint --- modules/gallery/tests/Xss_Security_Test.php | 3 ++- modules/gallery/tests/xss_data.txt | 25 +++++++++++++------------ 2 files changed, 15 insertions(+), 13 deletions(-) (limited to 'modules') diff --git a/modules/gallery/tests/Xss_Security_Test.php b/modules/gallery/tests/Xss_Security_Test.php index 85624517..16541017 100644 --- a/modules/gallery/tests/Xss_Security_Test.php +++ b/modules/gallery/tests/Xss_Security_Test.php @@ -144,7 +144,8 @@ class Xss_Security_Test extends Unit_Test_Case { "dynamic_bottom", "dynamic_top", "footer", "head", "header_bottom", "header_top", "page_bottom", "page_top", "photo_blocks", "photo_bottom", "photo_top", "resize_bottom", "resize_top", "sidebar_blocks", "sidebar_bottom", - "sidebar_top", "thumb_bottom", "thumb_info", "thumb_top")) && + "sidebar_top", "thumb_bottom", "thumb_info", "thumb_top", + "movie_menu")) && self::_token_matches("(", $tokens, $token_number + 3)) { $method = $tokens[$token_number + 2][1]; diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt index 193d2ca1..57da8730 100644 --- a/modules/gallery/tests/xss_data.txt +++ b/modules/gallery/tests/xss_data.txt @@ -295,10 +295,11 @@ themes/admin_default/views/admin.html.php 68 DIRTY $sideb themes/admin_default/views/admin.html.php 73 DIRTY $theme->admin_footer() themes/admin_default/views/admin.html.php 75 DIRTY $theme->admin_credits() themes/admin_default/views/admin.html.php 79 DIRTY $theme->admin_page_bottom() -themes/admin_default/views/block.html.php 2 DIRTY $id -themes/admin_default/views/block.html.php 2 DIRTY_ATTR $css_id -themes/admin_default/views/block.html.php 10 DIRTY $title -themes/admin_default/views/block.html.php 13 DIRTY $content +themes/admin_default/views/block.html.php 3 DIRTY_ATTR $anchor +themes/admin_default/views/block.html.php 5 DIRTY $id +themes/admin_default/views/block.html.php 5 DIRTY_ATTR $css_id +themes/admin_default/views/block.html.php 13 DIRTY $title +themes/admin_default/views/block.html.php 16 DIRTY $content themes/admin_default/views/pager.html.php 13 DIRTY_JS str_replace('{page}',1,$url) themes/admin_default/views/pager.html.php 20 DIRTY_JS str_replace('{page}',$previous_page,$url) themes/admin_default/views/pager.html.php 27 DIRTY $from_to_msg @@ -309,10 +310,10 @@ themes/default/views/album.html.php 16 DIRTY_ATTR $ite themes/default/views/album.html.php 18 DIRTY_JS $child->url() themes/default/views/album.html.php 19 DIRTY $child->thumb_img(array("class"=>"gThumbnail")) themes/default/views/album.html.php 23 DIRTY_JS $child->url() -themes/default/views/block.html.php 2 DIRTY_ATTR $anchor -themes/default/views/block.html.php 3 DIRTY_ATTR $css_id -themes/default/views/block.html.php 4 DIRTY $title -themes/default/views/block.html.php 6 DIRTY $content +themes/default/views/block.html.php 3 DIRTY_ATTR $anchor +themes/default/views/block.html.php 5 DIRTY_ATTR $css_id +themes/default/views/block.html.php 6 DIRTY $title +themes/default/views/block.html.php 8 DIRTY $content themes/default/views/dynamic.html.php 11 DIRTY_ATTR $child->is_album()?"gAlbum":"" themes/default/views/dynamic.html.php 13 DIRTY_JS $child->url() themes/default/views/dynamic.html.php 14 DIRTY_ATTR $child->id @@ -329,10 +330,10 @@ themes/default/views/page.html.php 42 DIRTY $new_h themes/default/views/page.html.php 43 DIRTY $thumb_proportion themes/default/views/page.html.php 82 DIRTY $header_text themes/default/views/page.html.php 84 DIRTY_JS item::root()->url() -themes/default/views/page.html.php 98 DIRTY_JS $parent->url("show={$theme->item()->id}") -themes/default/views/page.html.php 112 DIRTY $content -themes/default/views/page.html.php 118 DIRTY newView("sidebar.html") -themes/default/views/page.html.php 125 DIRTY $footer_text +themes/default/views/page.html.php 102 DIRTY_JS $parent->url($parent==$theme->item()->parent()?"show={$theme->item()->id}":null) +themes/default/views/page.html.php 117 DIRTY $content +themes/default/views/page.html.php 123 DIRTY newView("sidebar.html") +themes/default/views/page.html.php 130 DIRTY $footer_text themes/default/views/pager.html.php 13 DIRTY_JS str_replace('{page}',1,$url) themes/default/views/pager.html.php 20 DIRTY_JS str_replace('{page}',$previous_page,$url) themes/default/views/pager.html.php 27 DIRTY $from_to_msg -- cgit v1.2.3 From 15c3f0b1aaf43a1b627266d569971b08c11d5835 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Thu, 17 Sep 2009 21:26:55 -0700 Subject: Refactor the server add javascript into a ui.gallery_server_add widget. --- modules/server_add/js/server_add.js | 151 +++++++++++++-------- modules/server_add/views/server_add_tree.html.php | 12 +- .../views/server_add_tree_dialog.html.php | 14 +- 3 files changed, 98 insertions(+), 79 deletions(-) (limited to 'modules') diff --git a/modules/server_add/js/server_add.js b/modules/server_add/js/server_add.js index 4c411715..7daa0adc 100644 --- a/modules/server_add/js/server_add.js +++ b/modules/server_add/js/server_add.js @@ -1,64 +1,97 @@ -/** - * Manage file selection state. - */ -function select_file(li) { - $(li).toggleClass("selected"); - if ($("#gServerAdd span.selected").length) { - $("#gServerAddAddButton").enable(true).removeClass("ui-state-disabled"); - } else { - $("#gServerAddAddButton").enable(false).addClass("ui-state-disabled"); - } -} +(function($) { + $.widget("ui.gallery_server_add", { + _init: function() { + var self = this; + $("#gServerAddAddButton", this.element).click(function(event) { + event.preventDefault(); + $(".gProgressBar", this.element). + progressbar(). + progressbar("value", 0); + $("#gServerAddProgress", this.element).slideDown("fast", function() { self.start_add(); }); + }); + $("#gServerCloseButton", this.element).click(function(event) { + $("#gDialog").dialog("close"); + window.location.reload(); + }); + $("#gServerAddTree span.gDirectory", this.element).dblclick(function(event) { + self.open_dir(event); + }); + $("#gServerAddTree span.gFile, #gServerAddTree span.gDirectory", this.element).click(function(event) { + self.select_file(event); + }); + }, -/** - * Load a new directory - */ -function open_dir(path) { - $.ajax({ - url: GET_CHILDREN_URL.replace("__PATH__", path), - success: function(data, textStatus) { - $("#gServerAddTree").html(data); - } - }); -} + start_add: function() { + var self = this; + var paths = []; + $.each($("span.selected", self.element), function () { + paths.push($(this).attr("ref")); + }); -function start_add() { - var paths = []; - $.each($("#gServerAdd span.selected"), - function () { - paths.push($(this).attr("file")); - } - ); + $.ajax({ + url: START_URL, + type: "POST", + async: false, + data: { "paths[]": paths }, + dataType: "json", + success: function(data, textStatus) { + $("#gStatus").html(data.status); + $(".gProgressBar", self.element).progressbar("value", data.percent_complete); + setTimeout(function() { self.run_add(data.url); }, 25); + } + }); + return false; + }, - $.ajax({ - url: START_URL, - type: "POST", - async: false, - data: { "paths[]": paths }, - dataType: "json", - success: function(data, textStatus) { - $("#gStatus").html(data.status); - $("#gServerAdd .gProgressBar").progressbar("value", data.percent_complete); - setTimeout(function() { run_add(data.url); }, 25); - } - }); - return false; -} + run_add: function (url) { + var self = this; + $.ajax({ + url: url, + async: false, + dataType: "json", + success: function(data, textStatus) { + $("#gStatus").html(data.status); + $(".gProgressBar", self.element).progressbar("value", data.percent_complete); + if (data.done) { + $("#gServerAddProgress", this.element).slideUp(); + } else { + setTimeout(function() { self.run_add(url); }, 25); + } -function run_add(url) { - $.ajax({ - url: url, - async: false, - dataType: "json", - success: function(data, textStatus) { - $("#gStatus").html(data.status); - $("#gServerAdd .gProgressBar").progressbar("value", data.percent_complete); - if (data.done) { - $("#gServerAddProgress").slideUp(); - } else { - setTimeout(function() { run_add(url); }, 25); - } - } - }); -} + } + }); + }, + /** + * Load a new directory + */ + open_dir: function(event) { + var self = this; + var path = $(event.target).attr("ref"); + $.ajax({ + url: GET_CHILDREN_URL.replace("__PATH__", path), + success: function(data, textStatus) { + $("#gServerAddTree", self.element).html(data); + $("#gServerAddTree span.gDirectory", self.element).dblclick(function(event) { + self.open_dir(event); + }); + $("#gServerAddTree span.gFile, #gServerAddTree span.gDirectory", this.element).click(function(event) { + self.select_file(event); + }); + } + }); + }, + + /** + * Manage file selection state. + */ + select_file: function (event) { + $(event.target).toggleClass("selected"); + if ($("#gServerAdd span.selected").length) { + $("#gServerAddAddButton").enable(true).removeClass("ui-state-disabled"); + } else { + $("#gServerAddAddButton").enable(false).addClass("ui-state-disabled"); + } + } + }); +})(jQuery); diff --git a/modules/server_add/views/server_add_tree.html.php b/modules/server_add/views/server_add_tree.html.php index 918fbdc7..4e5bf601 100644 --- a/modules/server_add/views/server_add_tree.html.php +++ b/modules/server_add/views/server_add_tree.html.php @@ -1,7 +1,7 @@
  • - +
      @@ -9,7 +9,7 @@
    • - +
        @@ -18,12 +18,8 @@
      • "> - - ondblclick="open_dir($(this).attr('file'))" - - file="" - > + " + ref="" >
        • diff --git a/modules/server_add/views/server_add_tree_dialog.html.php b/modules/server_add/views/server_add_tree_dialog.html.php index dd4efd06..354659bc 100644 --- a/modules/server_add/views/server_add_tree_dialog.html.php +++ b/modules/server_add/views/server_add_tree_dialog.html.php @@ -40,18 +40,8 @@ -- cgit v1.2.3 From be84c7be2557dae92426e64ab44170e8999cfc44 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Fri, 18 Sep 2009 12:17:58 -0700 Subject: * Changed the close functionality so the page is reloaded when the dialog is closed. * Renamed the ServerAddCloseButton. * Added Pause and Continue buttons. Now when add is clicked, A Pause button is shown, once the adding is complete, the add button is reshown andpause button is hidden. Clicking the pause button will hide it and show a continue button. --- modules/server_add/js/server_add.js | 40 ++++++++++++++++++---- .../views/server_add_tree_dialog.html.php | 8 ++++- 2 files changed, 41 insertions(+), 7 deletions(-) (limited to 'modules') diff --git a/modules/server_add/js/server_add.js b/modules/server_add/js/server_add.js index 7daa0adc..50a8c36b 100644 --- a/modules/server_add/js/server_add.js +++ b/modules/server_add/js/server_add.js @@ -9,7 +9,18 @@ progressbar("value", 0); $("#gServerAddProgress", this.element).slideDown("fast", function() { self.start_add(); }); }); - $("#gServerCloseButton", this.element).click(function(event) { + $("#gServerAddPauseButton", this.element).click(function(event) { + self.pause = true; + $("#gServerAddPauseButton", this.element).hide(); + $("#gServerAddContinueButton", this.element).show(); + }); + $("#gServerAddContinueButton", this.element).click(function(event) { + self.pause = false; + $("#gServerAddPauseButton", this.element).show(); + $("#gServerAddContinueButton", this.element).hide(); + self.run_add(); + }); + $("#gServerAddCloseButton", this.element).click(function(event) { $("#gDialog").dialog("close"); window.location.reload(); }); @@ -19,8 +30,17 @@ $("#gServerAddTree span.gFile, #gServerAddTree span.gDirectory", this.element).click(function(event) { self.select_file(event); }); + $("#gServerAddTree span.gDirectory", this.element).dblclick(function(event) { + self.open_dir(event); + }); + $("#gDialog").bind("dialogclose", function(event, ui) { + window.location.reload(); + }); }, + taskURL: null, + pause: false, + start_add: function() { var self = this; var paths = []; @@ -28,6 +48,9 @@ paths.push($(this).attr("ref")); }); + $("#gServerAddAddButton", this.element).hide(); + $("#gServerAddPauseButton", this.element).show(); + $.ajax({ url: START_URL, type: "POST", @@ -37,16 +60,17 @@ success: function(data, textStatus) { $("#gStatus").html(data.status); $(".gProgressBar", self.element).progressbar("value", data.percent_complete); - setTimeout(function() { self.run_add(data.url); }, 25); + self.taskURL = data.url; + setTimeout(function() { self.run_add(); }, 25); } }); return false; }, - run_add: function (url) { + run_add: function () { var self = this; $.ajax({ - url: url, + url: self.taskURL, async: false, dataType: "json", success: function(data, textStatus) { @@ -54,10 +78,14 @@ $(".gProgressBar", self.element).progressbar("value", data.percent_complete); if (data.done) { $("#gServerAddProgress", this.element).slideUp(); + $("#gServerAddAddButton", this.element).show(); + $("#gServerAddPauseButton", this.element).hide(); + $("#gServerAddContinueButton", this.element).hide(); } else { - setTimeout(function() { self.run_add(url); }, 25); + if (!self.pause) { + setTimeout(function() { self.run_add(); }, 25); + } } - } }); }, diff --git a/modules/server_add/views/server_add_tree_dialog.html.php b/modules/server_add/views/server_add_tree_dialog.html.php index 354659bc..fdb66d1c 100644 --- a/modules/server_add/views/server_add_tree_dialog.html.php +++ b/modules/server_add/views/server_add_tree_dialog.html.php @@ -33,8 +33,14 @@ disabled="disabled"> + + - -- cgit v1.2.3 From 4e6f2f1b4c489c21546c2ae685b814c42e689d71 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Fri, 18 Sep 2009 23:53:48 -0700 Subject: Don't display the add menu if the underlying operating system directory is not writable. THis should fix ticket #775 --- modules/gallery/helpers/gallery.php | 7 ++++++- modules/server_add/helpers/server_add_event.php | 13 ++++++++----- 2 files changed, 14 insertions(+), 6 deletions(-) (limited to 'modules') diff --git a/modules/gallery/helpers/gallery.php b/modules/gallery/helpers/gallery.php index 40e188e2..d5b2fed9 100644 --- a/modules/gallery/helpers/gallery.php +++ b/modules/gallery/helpers/gallery.php @@ -89,9 +89,11 @@ class gallery_Core { $item = $theme->item(); $can_edit = $item && access::can("edit", $item); + $is_album_writable = + is_writable($item->is_album() ? $item->file_path() : $item->parent()->file_path()); $can_add = $item && access::can("add", $item); - if ($can_add) { + if ($can_add && $is_album_writable) { $menu->append($add_menu = Menu::factory("submenu") ->id("add_menu") ->label(t("Add"))); @@ -105,6 +107,9 @@ class gallery_Core { ->label(t("Add an album")) ->url(url::site("form/add/albums/$item->id?type=album"))); } + } else if (!$is_album_writable) { + message::warning(t("The album '%album_name' is not writable.", + array("album_name" => $item->title))); } $menu->append($options_menu = Menu::factory("submenu") diff --git a/modules/server_add/helpers/server_add_event.php b/modules/server_add/helpers/server_add_event.php index b9dd8c28..28996ee2 100644 --- a/modules/server_add/helpers/server_add_event.php +++ b/modules/server_add/helpers/server_add_event.php @@ -31,11 +31,14 @@ class server_add_event_Core { $paths = unserialize(module::get_var("server_add", "authorized_paths")); if ($item && user::active()->admin && $item->is_album() && !empty($paths)) { - $menu->get("add_menu") - ->append(Menu::factory("dialog") - ->id("server_add") - ->label(t("Server add")) - ->url(url::site("server_add/browse/$item->id"))); + $add_menu = $menu->get("add_menu"); + if ($add_menu) { + $add_menu + ->append(Menu::factory("dialog") + ->id("server_add") + ->label(t("Server add")) + ->url(url::site("server_add/browse/$item->id"))); + } } } } -- cgit v1.2.3 From cf89015a29f41321e49ea8024cc33bb0d6c68df1 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Sat, 19 Sep 2009 09:34:27 -0700 Subject: Change the fix for ticket #775 to always add the Add menu, but not add any items if the album directory is not writable. --- modules/gallery/helpers/gallery.php | 30 +++++++++++++------------ modules/server_add/helpers/server_add_event.php | 16 ++++++------- 2 files changed, 23 insertions(+), 23 deletions(-) (limited to 'modules') diff --git a/modules/gallery/helpers/gallery.php b/modules/gallery/helpers/gallery.php index d5b2fed9..80ae65bd 100644 --- a/modules/gallery/helpers/gallery.php +++ b/modules/gallery/helpers/gallery.php @@ -89,27 +89,29 @@ class gallery_Core { $item = $theme->item(); $can_edit = $item && access::can("edit", $item); - $is_album_writable = - is_writable($item->is_album() ? $item->file_path() : $item->parent()->file_path()); $can_add = $item && access::can("add", $item); - if ($can_add && $is_album_writable) { + if ($can_add) { $menu->append($add_menu = Menu::factory("submenu") ->id("add_menu") ->label(t("Add"))); - $add_menu->append(Menu::factory("dialog") - ->id("add_photos_item") - ->label(t("Add photos")) - ->url(url::site("simple_uploader/app/$item->id"))); - if ($item->is_album()) { + $is_album_writable = + is_writable($item->is_album() ? $item->file_path() : $item->parent()->file_path()); + if ($is_album_writable) { $add_menu->append(Menu::factory("dialog") - ->id("add_album_item") - ->label(t("Add an album")) - ->url(url::site("form/add/albums/$item->id?type=album"))); + ->id("add_photos_item") + ->label(t("Add photos")) + ->url(url::site("simple_uploader/app/$item->id"))); + if ($item->is_album()) { + $add_menu->append(Menu::factory("dialog") + ->id("add_album_item") + ->label(t("Add an album")) + ->url(url::site("form/add/albums/$item->id?type=album"))); + } + } else { + message::warning(t("The album '%album_name' is not writable.", + array("album_name" => $item->title))); } - } else if (!$is_album_writable) { - message::warning(t("The album '%album_name' is not writable.", - array("album_name" => $item->title))); } $menu->append($options_menu = Menu::factory("submenu") diff --git a/modules/server_add/helpers/server_add_event.php b/modules/server_add/helpers/server_add_event.php index 28996ee2..4db83f74 100644 --- a/modules/server_add/helpers/server_add_event.php +++ b/modules/server_add/helpers/server_add_event.php @@ -30,15 +30,13 @@ class server_add_event_Core { $item = $theme->item(); $paths = unserialize(module::get_var("server_add", "authorized_paths")); - if ($item && user::active()->admin && $item->is_album() && !empty($paths)) { - $add_menu = $menu->get("add_menu"); - if ($add_menu) { - $add_menu - ->append(Menu::factory("dialog") - ->id("server_add") - ->label(t("Server add")) - ->url(url::site("server_add/browse/$item->id"))); - } + if ($item && user::active()->admin && $item->is_album() && !empty($paths) && + is_writable($item->is_album() ? $item->file_path() : $item->parent()->file_path())) { + $menu->get("add_menu") + ->append(Menu::factory("dialog") + ->id("server_add") + ->label(t("Server add")) + ->url(url::site("server_add/browse/$item->id"))); } } } -- cgit v1.2.3 From 09f998e7a5a58720636c7b1140279b5efbdb33c6 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Sat, 19 Sep 2009 10:51:27 -0700 Subject: On the edit album form, add dirname and slug asa hidden fields, so that when the edits are being validated on input, the fields are found and can be referenced --- modules/gallery/helpers/album.php | 3 +++ 1 file changed, 3 insertions(+) (limited to 'modules') diff --git a/modules/gallery/helpers/album.php b/modules/gallery/helpers/album.php index dfb1e66d..9cd746d7 100644 --- a/modules/gallery/helpers/album.php +++ b/modules/gallery/helpers/album.php @@ -135,6 +135,9 @@ class album_Core { ->error_messages( "not_url_safe", t("The internet address should contain only letters, numbers, hyphens and underscores")); + } else { + $group->hidden("dirname")->value($parent->name); + $group->hidden("slug")->value($parent->slug); } $sort_order = $group->group("sort_order", array("id" => "gAlbumSortOrder")) -- cgit v1.2.3 From 33690a32bcf132e5ab470ff77ba23c073ac26271 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Mon, 21 Sep 2009 13:33:45 -0700 Subject: Change the exif module to respond to the gallery_ready event and check to see if gettext is installed. The 3rd party library used in the exif module expects gettext to be available. Rather than doing all the time use the gallery ready event to only do it when it might be needed. Fixes ticket #672 --- modules/exif/helpers/exif_event.php | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'modules') diff --git a/modules/exif/helpers/exif_event.php b/modules/exif/helpers/exif_event.php index 826ec959..81ac5f44 100644 --- a/modules/exif/helpers/exif_event.php +++ b/modules/exif/helpers/exif_event.php @@ -18,6 +18,14 @@ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. */ class exif_event_Core { + static function gallery_ready() { + if (!function_exists("gettext")) { + function gettext($message) { + return (string) t($message); + } + } + } + static function item_created($item) { if (!$item->is_album()) { exif::extract($item); -- cgit v1.2.3