From f488384a7b56b1e9511fa23d3ac359de64901213 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Mon, 30 Apr 2012 15:04:45 -0700 Subject: Guard reparent/rearrange against bad values in source_id. Fixes #1843. --- modules/organize/controllers/organize.php | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'modules') diff --git a/modules/organize/controllers/organize.php b/modules/organize/controllers/organize.php index 5a2c3e4f..048f6fc3 100644 --- a/modules/organize/controllers/organize.php +++ b/modules/organize/controllers/organize.php @@ -81,6 +81,9 @@ class Organize_Controller extends Controller { foreach (explode(",", $input->post("source_ids")) as $source_id) { $source = ORM::factory("item", $source_id); + if (!$source->loaded()) { + continue; + } access::required("edit", $source->parent()); if ($source->contains($new_parent) || $source->id == $new_parent->id) { @@ -116,6 +119,11 @@ class Organize_Controller extends Controller { $input = Input::instance(); $target = ORM::factory("item", $input->post("target_id")); + if (!$target->loaded()) { + json::reply(null); + return; + } + $album = $target->parent(); access::required("edit", $album); -- cgit v1.2.3 From 608d8f663672f7b273177efb49844df532f43408 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Mon, 30 Apr 2012 15:20:40 -0700 Subject: Fix #1843. --- modules/tag/helpers/tag_event.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/tag/helpers/tag_event.php b/modules/tag/helpers/tag_event.php index 26876d83..d4f1c757 100644 --- a/modules/tag/helpers/tag_event.php +++ b/modules/tag/helpers/tag_event.php @@ -149,7 +149,8 @@ class tag_event_Core { static function info_block_get_metadata($block, $item) { $tags = array(); foreach (tag::item_tags($item) as $tag) { - $tags[] = "url()}\">{$tag->name}"; + $tags[] = "url()}\">" . + html::clean($tag->name) . ""; } if ($tags) { $info = $block->content->metadata; -- cgit v1.2.3 From 801c9a98e438a9c6a072630c3a051435986f6cf0 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 5 May 2012 18:52:44 -0700 Subject: Fix #1846. --- modules/gallery/models/item.php | 20 ++++++++----- modules/gallery/tests/Item_Model_Test.php | 50 +++++++++++++++++++++++++++++-- 2 files changed, 60 insertions(+), 10 deletions(-) (limited to 'modules') diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php index e90e0fcb..0e3f0fb8 100644 --- a/modules/gallery/models/item.php +++ b/modules/gallery/models/item.php @@ -803,18 +803,22 @@ class Item_Model_Core extends ORM_MPTT { } if ($this->is_movie() || $this->is_photo()) { - if (!$this->loaded()) { + $ext = pathinfo($this->name, PATHINFO_EXTENSION); + + if (!$this->loaded() && !$ext) { // New items must have an extension - $ext = pathinfo($this->name, PATHINFO_EXTENSION); - if (!$ext) { + $v->add_error("name", "illegal_data_file_extension"); + return; + } + + if ($this->is_photo()) { + if (!in_array(strtolower($ext), legal_file::get_photo_extensions())) { $v->add_error("name", "illegal_data_file_extension"); - return; } + } - if ($this->is_photo() && - !in_array(strtolower($ext), array_map("strtolower", legal_file::get_photo_extensions())) || - $this->is_movie() && - !in_array(strtolower($ext), array_map("strtolower", legal_file::get_movie_extensions()))) { + if ($this->is_movie()) { + if (!in_array(strtolower($ext), legal_file::get_movie_extensions())) { $v->add_error("name", "illegal_data_file_extension"); } } diff --git a/modules/gallery/tests/Item_Model_Test.php b/modules/gallery/tests/Item_Model_Test.php index 205d0a08..6d40230f 100644 --- a/modules/gallery/tests/Item_Model_Test.php +++ b/modules/gallery/tests/Item_Model_Test.php @@ -333,7 +333,36 @@ class Item_Model_Test extends Gallery_Unit_Test_Case { $photo->mime_type = "video/x-flv"; $photo->save(); } catch (ORM_Validation_Exception $e) { - $this->assert_same(array("type" => "read_only"), $e->validation->errors()); + $this->assert_same( + array("name" => "illegal_data_file_extension", "type" => "read_only"), + $e->validation->errors()); + return; // pass + } + $this->assert_true(false, "Shouldn't get here"); + } + + public function photo_files_must_have_an_extension_test() { + try { + $photo = test::random_photo_unsaved(); + $photo->mime_type = "image/jpeg"; + $photo->name = "no_extension"; + $photo->save(); + } catch (ORM_Validation_Exception $e) { + $this->assert_same(array("name" => "illegal_data_file_extension"), $e->validation->errors()); + return; // pass + } + $this->assert_true(false, "Shouldn't get here"); + } + + public function movie_files_must_have_an_extension_test() { + try { + $movie = test::random_photo_unsaved(); + $movie->type = "movie"; + $movie->mime_type = "video/x-flv"; + $movie->name = "no_extension"; + $movie->save(); + } catch (ORM_Validation_Exception $e) { + $this->assert_same(array("name" => "illegal_data_file_extension"), $e->validation->errors()); return; // pass } $this->assert_true(false, "Shouldn't get here"); @@ -421,7 +450,8 @@ class Item_Model_Test extends Gallery_Unit_Test_Case { $photo->set_data_file(MODPATH . "gallery/tests/Item_Model_Test.php"); $photo->save(); } catch (ORM_Validation_Exception $e) { - $this->assert_same(array("mime_type" => "invalid"), $e->validation->errors()); + $this->assert_same(array("mime_type" => "invalid", "name" => "illegal_data_file_extension"), + $e->validation->errors()); return; // pass } $this->assert_true(false, "Shouldn't get here"); @@ -473,4 +503,20 @@ class Item_Model_Test extends Gallery_Unit_Test_Case { $this->assert_true(false, "Shouldn't get here"); } } + + public function cant_rename_to_illegal_extension_test() { + foreach (array("test.php.test", "test.php", "test.PHP", + "test.php5", "test.php4", "test.pl") as $name) { + try { + $photo = test::random_photo(item::root()); + $photo->name = $name; + $photo->save(); + } catch (ORM_Validation_Exception $e) { + $this->assert_equal(array("name" => "illegal_data_file_extension"), + $e->validation->errors()); + continue; + } + $this->assert_true(false, "Shouldn't get here"); + } + } } -- cgit v1.2.3 From d5a445b7797a8f46a171bb94f3fd9d48d95494e1 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 5 May 2012 19:19:04 -0700 Subject: Improve the dimensions-detecting regex, thanks to cchiappa. Fixes #1844. --- modules/gallery/helpers/movie.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/gallery/helpers/movie.php b/modules/gallery/helpers/movie.php index 79b5a7c2..b54811df 100644 --- a/modules/gallery/helpers/movie.php +++ b/modules/gallery/helpers/movie.php @@ -106,7 +106,7 @@ class movie_Core { $cmd = escapeshellcmd($ffmpeg) . " -i " . escapeshellarg($file_path) . " 2>&1"; $result = `$cmd`; - if (preg_match("/Stream.*?Video:.*?(\d+)x(\d+)/", $result, $regs)) { + if (preg_match("/Stream.*?Video:.*?, (\d+)x(\d+)/", $result, $regs)) { list ($width, $height) = array($regs[1], $regs[2]); } else { list ($width, $height) = array(0, 0); -- cgit v1.2.3 From ef4dbd18af218a3c68a776122108af4b0d0191a4 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 5 May 2012 19:34:01 -0700 Subject: Fix extension-swapping code for files that have extensions that are not 3 characters long. Fixes #1845. --- modules/gallery/helpers/graphics.php | 2 +- modules/gallery/helpers/legal_file.php | 12 +++++++++ modules/gallery/models/item.php | 4 +-- modules/gallery/tests/Legal_File_Helper_Test.php | 32 ++++++++++++++++++++++++ 4 files changed, 47 insertions(+), 3 deletions(-) create mode 100644 modules/gallery/tests/Legal_File_Helper_Test.php (limited to 'modules') diff --git a/modules/gallery/helpers/graphics.php b/modules/gallery/helpers/graphics.php index 7e0bbbea..27ee124a 100644 --- a/modules/gallery/helpers/graphics.php +++ b/modules/gallery/helpers/graphics.php @@ -156,7 +156,7 @@ class graphics_Core { foreach ($ops as $target => $output_file) { if ($input_item->is_movie()) { // Convert the movie to a JPG first - $output_file = preg_replace("/...$/", "jpg", $output_file); + $output_file = legal_file::change_extension($output_file, "jpg"); try { movie::extract_frame($input_file, $output_file); } catch (Exception $e) { diff --git a/modules/gallery/helpers/legal_file.php b/modules/gallery/helpers/legal_file.php index 6ec65e97..af6472ca 100644 --- a/modules/gallery/helpers/legal_file.php +++ b/modules/gallery/helpers/legal_file.php @@ -80,4 +80,16 @@ class legal_file_Core { module::event("legal_movie_types", $types_wrapper); return $types_wrapper->types; } + + /** + * Convert the extension of a filename. If the original filename has no + * extension, add the new one to the end. + */ + static function change_extension($filename, $new_ext) { + if (strpos($filename, ".") === false) { + return "{$filename}.{$new_ext}"; + } else { + return preg_replace("/\..*?$/", ".{$new_ext}", $filename); + } + } } diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php index 0e3f0fb8..98a2c4df 100644 --- a/modules/gallery/models/item.php +++ b/modules/gallery/models/item.php @@ -188,7 +188,7 @@ class Item_Model_Core extends ORM_MPTT { return $base . "/.album.jpg"; } else if ($this->is_movie()) { // Replace the extension with jpg - return preg_replace("/...$/", "jpg", $base); + return legal_file::change_extension($base, "jpg"); } } @@ -213,7 +213,7 @@ class Item_Model_Core extends ORM_MPTT { return $base . "/.album.jpg" . $cache_buster; } else if ($this->is_movie()) { // Replace the extension with jpg - $base = preg_replace("/...$/", "jpg", $base); + $base = legal_file::change_extension($base, "jpg"); return $base . $cache_buster; } } diff --git a/modules/gallery/tests/Legal_File_Helper_Test.php b/modules/gallery/tests/Legal_File_Helper_Test.php new file mode 100644 index 00000000..c101de10 --- /dev/null +++ b/modules/gallery/tests/Legal_File_Helper_Test.php @@ -0,0 +1,32 @@ +assert_equal("foo.jpg", legal_file::change_extension("foo.png", "jpg")); + } + + public function change_four_letter_extension_test() { + $this->assert_equal("foo.flv", legal_file::change_extension("foo.mpeg", "flv")); + } + + public function change_extension_with_no_extension_test() { + $this->assert_equal("foo.flv", legal_file::change_extension("foo", "flv")); + } +} \ No newline at end of file -- cgit v1.2.3 From 581d9a58db6a18a2597ee5487e57716f367c884b Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 5 May 2012 19:38:31 -0700 Subject: Clean up title handling code in organize and wind theme for consistency. Fixes #1847. --- modules/organize/controllers/organize.php | 5 +++-- modules/organize/views/organize_dialog.html.php | 2 +- modules/organize/views/organize_frame.html.php | 2 +- themes/wind/views/dynamic.html.php | 2 +- themes/wind/views/page.html.php | 4 ++-- 5 files changed, 8 insertions(+), 7 deletions(-) (limited to 'modules') diff --git a/modules/organize/controllers/organize.php b/modules/organize/controllers/organize.php index 048f6fc3..3f04e56d 100644 --- a/modules/organize/controllers/organize.php +++ b/modules/organize/controllers/organize.php @@ -56,7 +56,7 @@ class Organize_Controller extends Controller { "sort_column" => $album->sort_column, "sort_order" => $album->sort_order, "editable" => access::can("edit", $album), - "title" => $album->title, + "title" => (string)html::clean($album->title), "children" => array()); foreach ($album->viewable()->children() as $child) { @@ -67,8 +67,9 @@ class Organize_Controller extends Controller { "width" => $dims[1], "height" => $dims[0], "type" => $child->type, - "title" => $child->title); + "title" => (string)html::clean($child->title)); } + Kohana_Log::add("error","".print_r($data,1)); json::reply($data); } diff --git a/modules/organize/views/organize_dialog.html.php b/modules/organize/views/organize_dialog.html.php index a386fa77..9ea4d923 100644 --- a/modules/organize/views/organize_dialog.html.php +++ b/modules/organize/views/organize_dialog.html.php @@ -11,7 +11,7 @@ var set_title = function(title) { $("#g-dialog").dialog("option", "title", ORGANIZE_TITLE.replace("__TITLE__", title)); } - set_title("title ?>"); + set_title("title) ?>"); var done_loading = function() { $("#g-organize-app-loading").hide(); diff --git a/modules/organize/views/organize_frame.html.php b/modules/organize/views/organize_frame.html.php index 20a1a6da..51d49104 100644 --- a/modules/organize/views/organize_frame.html.php +++ b/modules/organize/views/organize_frame.html.php @@ -506,7 +506,7 @@ root: { allowDrop: Boolean(), nodeType: "async", - text: "title ?>", + text: "title) ?>", draggable: false, id: "id ?>", expanded: true diff --git a/themes/wind/views/dynamic.html.php b/themes/wind/views/dynamic.html.php index a8a4d362..c8b2fcaf 100644 --- a/themes/wind/views/dynamic.html.php +++ b/themes/wind/views/dynamic.html.php @@ -3,7 +3,7 @@
dynamic_top() ?>
-

+

    diff --git a/themes/wind/views/page.html.php b/themes/wind/views/page.html.php index 24d3347e..18ade97f 100644 --- a/themes/wind/views/page.html.php +++ b/themes/wind/views/page.html.php @@ -10,11 +10,11 @@ item()): ?> - item()->title ?> + item()->title) ?> tag()): ?> $theme->tag()->name)) ?> - title ?> + title) ?> -- cgit v1.2.3 From a16b46545115b1b5fd963282c487e078f7eb5eb0 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 5 May 2012 19:44:11 -0700 Subject: Remove debug line added in 581d9a58db6a18a2597ee5487e57716f367c884b --- modules/organize/controllers/organize.php | 1 - 1 file changed, 1 deletion(-) (limited to 'modules') diff --git a/modules/organize/controllers/organize.php b/modules/organize/controllers/organize.php index 3f04e56d..145c3283 100644 --- a/modules/organize/controllers/organize.php +++ b/modules/organize/controllers/organize.php @@ -69,7 +69,6 @@ class Organize_Controller extends Controller { "type" => $child->type, "title" => (string)html::clean($child->title)); } - Kohana_Log::add("error","".print_r($data,1)); json::reply($data); } -- cgit v1.2.3 From 916f5c7d3b6d3b57255e760949c78f0dbc2abf92 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 5 May 2012 19:55:29 -0700 Subject: Clean up message to preserve page formatting. Fixes #1848. --- modules/gallery/views/error_admin.html.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/gallery/views/error_admin.html.php b/modules/gallery/views/error_admin.html.php index af78c59c..a391746e 100644 --- a/modules/gallery/views/error_admin.html.php +++ b/modules/gallery/views/error_admin.html.php @@ -184,7 +184,7 @@ [ ]: - +
    -- cgit v1.2.3 From fd152956426f93c4b5231f89f9c6375a2d4dda4a Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 5 May 2012 21:09:30 -0700 Subject: Clean up comments. --- modules/gallery/controllers/items.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'modules') diff --git a/modules/gallery/controllers/items.php b/modules/gallery/controllers/items.php index 0c20803c..318fb431 100644 --- a/modules/gallery/controllers/items.php +++ b/modules/gallery/controllers/items.php @@ -24,15 +24,15 @@ class Items_Controller extends Controller { throw new Kohana_404_Exception(); } - // Redirect to the more specific resource type, since it will render - // differently. We can't delegate here because we may have gotten to this - // page via /items/ which means that we don't have a type-specific controller. Also, we - // want to drive a single canonical resource mapping where possible. + // Redirect to the more specific resource type, since it will render differently. We can't + // delegate here because we may have gotten to this page via /items/ which means that we + // don't have a type-specific controller. Also, we want to drive a single canonical resource + // mapping where possible. access::required("view", $item); url::redirect($item->abs_url()); } - // Return the width/height dimensinons for the given item + // Return the width/height dimensions for the given item public function dimensions($id) { $item = ORM::factory("item", $id); access::required("view", $item); -- cgit v1.2.3 From 3fe3c09ec31b46b1ed57f4d92074dbf3caa4b294 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sun, 6 May 2012 09:44:12 -0700 Subject: Use html::anchor consistently. Fixes #1851. --- modules/gallery/helpers/gallery_event.php | 4 ++-- modules/info/helpers/info_block.php | 5 +++-- 2 files changed, 5 insertions(+), 4 deletions(-) (limited to 'modules') diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php index db087588..781775b0 100644 --- a/modules/gallery/helpers/gallery_event.php +++ b/modules/gallery/helpers/gallery_event.php @@ -549,8 +549,8 @@ class gallery_event_Core { $value = $data->user->$field; if ($field == "locale") { $value = locales::display_name($value); - } elseif ($field == "url") { - $value = html::mark_clean(html::anchor($data->user->$field)); + } else if ($field == "url") { + $value = html::mark_clean(html::anchor(html::clean($data->user->$field))); } $v->user_profile_data[(string) $label] = $value; } diff --git a/modules/info/helpers/info_block.php b/modules/info/helpers/info_block.php index c4470dbe..3dcfa338 100644 --- a/modules/info/helpers/info_block.php +++ b/modules/info/helpers/info_block.php @@ -60,8 +60,9 @@ class info_block_Core { if ($theme->item->owner->url) { $info["owner"] = array( "label" => t("Owner:"), - "value" => "item->owner->url}\">" . - html::clean($display_name) . "" + "value" => html::anchor( + html::clean($theme->item->owner->url), + html::clean($display_name)) ); } else { $info["owner"] = array( -- cgit v1.2.3 From e722e5d5d4fbd8a70cc67c4d545390120ed00608 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Mon, 7 May 2012 11:38:51 -0700 Subject: Fix missing date.timezone which results in a crash on startup in I18n code. Fill in missing field and log it 25% of the time. Fixes #1853. --- index.php | 6 ++++++ modules/gallery/helpers/gallery_event.php | 8 ++++++++ 2 files changed, 14 insertions(+) (limited to 'modules') diff --git a/index.php b/index.php index 6e3ee4d4..689c0770 100644 --- a/index.php +++ b/index.php @@ -24,6 +24,12 @@ define("IN_PRODUCTION", true); version_compare(PHP_VERSION, "5.2.3", "<") and exit("Gallery requires PHP 5.2.3 or newer (you're using " . PHP_VERSION . ")"); +// PHP 5.4 requires a timezone - if one isn't set date functions aren't going to work properly. +// We'll log this once the logging system is initialized (in the gallery_event::gallery_ready). +if (!ini_get("date.timezone")) { + ini_set("date.timezone", "UTC"); +} + // Gallery requires short_tags to be on !ini_get("short_open_tag") and exit("Gallery requires short_open_tag to be on."); diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php index 781775b0..6225633f 100644 --- a/modules/gallery/helpers/gallery_event.php +++ b/modules/gallery/helpers/gallery_event.php @@ -23,6 +23,14 @@ class gallery_event_Core { * Initialization. */ static function gallery_ready() { + if (!get_cfg_var("date.timezone")) { + if (!(rand() % 4)) { + Kohana_Log::add("error", "date.timezone setting not detected in " . + get_cfg_var("cfg_file_path") . " falling back to UTC. " . + "Consult http://php.net/manual/function.get-cfg-var.php for help."); + } + } + identity::load_user(); theme::load_themes(); locales::set_request_locale(); -- cgit v1.2.3 From 11ee6d50acf8849347c2c37dc15697830ff854d0 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Mon, 7 May 2012 11:47:19 -0700 Subject: Fix a database error caused by trying to view a non-search-result in a search context. Patch thanks to sermoro. Fixes #1837. --- modules/image_block/views/image_block_block.html.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/image_block/views/image_block_block.html.php b/modules/image_block/views/image_block_block.html.php index 2a57c395..6f68e5b8 100644 --- a/modules/image_block/views/image_block_block.html.php +++ b/modules/image_block/views/image_block_block.html.php @@ -1,7 +1,7 @@
    - + id); ?>"> thumb_img(array("class" => "g-thumbnail")) ?>
    -- cgit v1.2.3 From 447e76f6f35919f5402566674795f2fa5b387b9b Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Mon, 7 May 2012 11:55:23 -0700 Subject: Improve IdentityProvider switching code, patch thanks to Reklov Nesalk. Fixes #1834. --- modules/user/helpers/user_installer.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/user/helpers/user_installer.php b/modules/user/helpers/user_installer.php index c07b624f..1ba1aeaf 100644 --- a/modules/user/helpers/user_installer.php +++ b/modules/user/helpers/user_installer.php @@ -22,7 +22,7 @@ class user_installer { return array("warn" => array(IdentityProvider::confirmation_message())); } - static function install() { + static function activate() { IdentityProvider::change_provider("user"); // Set the latest version in initialize() below } -- cgit v1.2.3 From a23fed4ce1331ebd15530a66b51933eec8edb6a8 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Mon, 7 May 2012 11:55:23 -0700 Subject: Improve IdentityProvider switching code, patch thanks to Reklov Nesalk. Fixes #1834. --- modules/gallery/libraries/IdentityProvider.php | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'modules') diff --git a/modules/gallery/libraries/IdentityProvider.php b/modules/gallery/libraries/IdentityProvider.php index 66c68dad..c9e8688f 100644 --- a/modules/gallery/libraries/IdentityProvider.php +++ b/modules/gallery/libraries/IdentityProvider.php @@ -85,6 +85,10 @@ class IdentityProvider_Core { call_user_func("{$new_provider}_installer::initialize"); } + if (!$provider->admin_user()) { + throw new Exception("IdentityProvider $new_provider: Couldn't find the admin user!"); + } + module::event("identity_provider_changed", $current_provider, $new_provider); identity::set_active_user($provider->admin_user()); @@ -100,7 +104,12 @@ class IdentityProvider_Core { // Make sure new provider is not in the database try { module::uninstall($new_provider); + } catch (Exception $e2) { + Kohana_Log::add("error", "Error uninstalling failed new provider\n" . + $e2->getMessage() . "\n" . $e2->getTraceAsString()); + } + try { // Lets reset to the current provider so that the gallery installation is still // working. module::set_var("gallery", "identity_provider", null); -- cgit v1.2.3 From 834fb3db10abbf5fcaf0c53b5055ec5bfe5bd7e7 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Mon, 7 May 2012 12:09:00 -0700 Subject: Oops, add in a file missed in 11ee6d50acf8849347c2c37dc15697830ff854d0 --- modules/image_block/controllers/image_block.php | 26 +++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 modules/image_block/controllers/image_block.php (limited to 'modules') diff --git a/modules/image_block/controllers/image_block.php b/modules/image_block/controllers/image_block.php new file mode 100644 index 00000000..94024b3b --- /dev/null +++ b/modules/image_block/controllers/image_block.php @@ -0,0 +1,26 @@ +abs_url()); + } +} -- cgit v1.2.3 From 6effd5f75ee6a0972b0fbad5a15c6b7e8bf5ce8e Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Mon, 7 May 2012 13:29:52 -0700 Subject: Update date format to make it RFC822 compliant. Thanks to moullas. Fixes #1798. --- modules/comment/helpers/comment_rss.php | 2 +- modules/rss/controllers/rss.php | 2 +- modules/rss/views/feed.mrss.php | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) (limited to 'modules') diff --git a/modules/comment/helpers/comment_rss.php b/modules/comment/helpers/comment_rss.php index cfee4727..be1968dc 100644 --- a/modules/comment/helpers/comment_rss.php +++ b/modules/comment/helpers/comment_rss.php @@ -65,7 +65,7 @@ class comment_rss_Core { foreach ($comments->find_all($limit, $offset) as $comment) { $item = $comment->item(); $feed->comments[] = new ArrayObject( - array("pub_date" => date("D, d M Y H:i:s T", $comment->created), + array("pub_date" => date("D, d M Y H:i:s O", $comment->created), "text" => nl2br(html::purify($comment->text)), "thumb_url" => $item->thumb_url(), "thumb_height" => $item->thumb_height, diff --git a/modules/rss/controllers/rss.php b/modules/rss/controllers/rss.php index 799ba989..288bf635 100644 --- a/modules/rss/controllers/rss.php +++ b/modules/rss/controllers/rss.php @@ -50,7 +50,7 @@ class Rss_Controller extends Controller { unset($feed->view); $view->feed = $feed; - $view->pub_date = date("D, d M Y H:i:s T"); + $view->pub_date = date("D, d M Y H:i:s O"); $feed->uri = url::abs_site(url::merge($_GET)); if ($page > 1) { diff --git a/modules/rss/views/feed.mrss.php b/modules/rss/views/feed.mrss.php index 3f0010bb..b609a541 100644 --- a/modules/rss/views/feed.mrss.php +++ b/modules/rss/views/feed.mrss.php @@ -25,7 +25,7 @@ <?= html::purify($item->title) ?> type}s/{$item->id}") ?> type}s/{$item->id}") ?> - created); ?> + created); ?> description) ?> Date: Mon, 7 May 2012 13:45:13 -0700 Subject: Oops, fix up a bug originally added in 7d66ab2e949bc915f108737f08cac2f9057ef729 when I tweaked the name of the rss_available variable to be rss_visible, but got it wrong. Bump the comment module to 6 so that we run the installer and clean up old vars. Fixes #1854. --- installer/install.sql | 4 ++-- modules/comment/controllers/admin_comments.php | 4 ++-- modules/comment/helpers/comment_installer.php | 14 ++++++++++++-- modules/comment/module.info | 2 +- 4 files changed, 17 insertions(+), 7 deletions(-) (limited to 'modules') diff --git a/installer/install.sql b/installer/install.sql index 17f40cab..2ba168d2 100644 --- a/installer/install.sql +++ b/installer/install.sql @@ -246,7 +246,7 @@ CREATE TABLE {modules} ( /*!40101 SET character_set_client = @saved_cs_client */; INSERT INTO {modules} VALUES (1,1,'gallery',49,1); INSERT INTO {modules} VALUES (2,1,'user',4,2); -INSERT INTO {modules} VALUES (3,1,'comment',5,3); +INSERT INTO {modules} VALUES (3,1,'comment',6,3); INSERT INTO {modules} VALUES (4,1,'organize',4,4); INSERT INTO {modules} VALUES (5,1,'info',2,5); INSERT INTO {modules} VALUES (6,1,'rss',1,6); @@ -419,7 +419,7 @@ INSERT INTO {vars} VALUES (NULL,'gallery','identity_provider','user'); INSERT INTO {vars} VALUES (NULL,'user','minimum_password_length','5'); INSERT INTO {vars} VALUES (NULL,'comment','spam_caught','0'); INSERT INTO {vars} VALUES (NULL,'comment','access_permissions','everybody'); -INSERT INTO {vars} VALUES (NULL,'comment','rss_available','both'); +INSERT INTO {vars} VALUES (NULL,'comment','rss_visible','both'); INSERT INTO {vars} VALUES (NULL,'info','show_title','1'); INSERT INTO {vars} VALUES (NULL,'info','show_description','1'); INSERT INTO {vars} VALUES (NULL,'info','show_owner','1'); diff --git a/modules/comment/controllers/admin_comments.php b/modules/comment/controllers/admin_comments.php index bcd6a939..00a7a608 100644 --- a/modules/comment/controllers/admin_comments.php +++ b/modules/comment/controllers/admin_comments.php @@ -32,8 +32,8 @@ class Admin_Comments_Controller extends Admin_Controller { $form->validate(); module::set_var("comment", "access_permissions", $form->comment_settings->access_permissions->value); - module::set_var("comment", "rss_available", - $form->comment_settings->rss_available->value); + module::set_var("comment", "rss_visible", + $form->comment_settings->rss_visible->value); message::success(t("Comment settings updated")); url::redirect("admin/comments"); } diff --git a/modules/comment/helpers/comment_installer.php b/modules/comment/helpers/comment_installer.php index a64064f6..cbb8c783 100644 --- a/modules/comment/helpers/comment_installer.php +++ b/modules/comment/helpers/comment_installer.php @@ -48,8 +48,8 @@ class comment_installer { module::set_var("comment", "spam_caught", 0); module::set_var("comment", "access_permissions", "everybody"); - module::set_var("comment", "rss_available", "both"); - module::set_version("comment", 5); + module::set_var("comment", "rss_visible", "both"); + module::set_version("comment", 6); } static function upgrade($version) { @@ -81,6 +81,16 @@ class comment_installer { module::set_var("comment", "rss_visible", "all"); module::set_version("comment", $version = 5); } + + // In version 5 we accidentally set the installer variable to rss_available when it should + // have been rss_visible. Migrate it over now, if necessary. + if ($version == 5) { + if (!module::get_var("comment", "rss_visible")) { + module::set_var("comment", "rss_visible", module::get_var("comment", "rss_available")); + } + module::clear_var("comment", "rss_available"); + module::set_version("comment", $version = 6); + } } static function uninstall() { diff --git a/modules/comment/module.info b/modules/comment/module.info index ecbf8885..bd4abe9f 100644 --- a/modules/comment/module.info +++ b/modules/comment/module.info @@ -1,6 +1,6 @@ name = "Comments" description = "Allows users and guests to leave comments on photos and albums." -version = 5 +version = 6 author_name = "Gallery Team" author_url = "http://codex.gallery2.org/Gallery:Team" info_url = "http://codex.gallery2.org/Gallery3:Modules:comment" -- cgit v1.2.3 From 2a4903c0e724adadf0a7f1cf97c147595914bf51 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Mon, 7 May 2012 21:17:51 -0700 Subject: Fix typo in call to Kohana_Exception::getMessage, thanks to Serge. Fixes #1780. --- modules/gallery/helpers/gallery_graphics.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/gallery/helpers/gallery_graphics.php b/modules/gallery/helpers/gallery_graphics.php index 02f628a1..d2b92c87 100644 --- a/modules/gallery/helpers/gallery_graphics.php +++ b/modules/gallery/helpers/gallery_graphics.php @@ -126,7 +126,7 @@ class gallery_graphics_Core { module::event("graphics_composite_completed", $input_file, $output_file, $options, $item); } catch (ErrorException $e) { - Kohana_Log::add("error", $e->get_message()); + Kohana_Log::add("error", $e->getMessage()); } } } -- cgit v1.2.3 From 1ea6210303357b6c50379d2b929853a3c6a0566c Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Mon, 7 May 2012 21:26:38 -0700 Subject: Use legal_file::get_extensions() and variants where appropriate. Fixes #1815. --- modules/server_add/controllers/server_add.php | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) (limited to 'modules') diff --git a/modules/server_add/controllers/server_add.php b/modules/server_add/controllers/server_add.php index a3333ae2..c6d36a11 100644 --- a/modules/server_add/controllers/server_add.php +++ b/modules/server_add/controllers/server_add.php @@ -61,7 +61,7 @@ class Server_Add_Controller extends Admin_Controller { } if (!is_dir($file)) { $ext = strtolower(pathinfo($file, PATHINFO_EXTENSION)); - if (!in_array($ext, array("gif", "jpeg", "jpg", "png", "flv", "mp4", "m4v"))) { + if (!in_array($ext, legal_file::get_extensions())) { continue; } } @@ -169,8 +169,7 @@ class Server_Add_Controller extends Admin_Controller { foreach ($child_paths as $child_path) { if (!is_dir($child_path)) { $ext = strtolower(pathinfo($child_path, PATHINFO_EXTENSION)); - if (!in_array($ext, array("gif", "jpeg", "jpg", "png", "flv", "mp4", "m4v")) || - !filesize($child_path)) { + if (!in_array($ext, legal_file::get_extensions()) || !filesize($child_path)) { // Not importable, skip it. continue; } @@ -256,7 +255,7 @@ class Server_Add_Controller extends Admin_Controller { } else { try { $extension = strtolower(pathinfo($name, PATHINFO_EXTENSION)); - if (in_array($extension, array("gif", "png", "jpg", "jpeg"))) { + if (in_array($extension, legal_file::get_photo_extensions())) { $photo = ORM::factory("item"); $photo->type = "photo"; $photo->parent_id = $parent->id; @@ -266,7 +265,7 @@ class Server_Add_Controller extends Admin_Controller { $photo->owner_id = $owner_id; $photo->save(); $entry->item_id = $photo->id; - } else if (in_array($extension, array("flv", "mp4", "m4v"))) { + } else if (in_array($extension, legal_file::get_movie_extensions())) { $movie = ORM::factory("item"); $movie->type = "movie"; $movie->parent_id = $parent->id; -- cgit v1.2.3 From a563dcdfb32d34d4cd22c5c75fa7f02f7b7b08d9 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Mon, 7 May 2012 21:40:43 -0700 Subject: Convert the missing movie placeholder over to a JPG for consistency. Fixes #1828. --- modules/gallery/helpers/graphics.php | 2 +- modules/gallery/images/missing_movie.jpg | Bin 0 -> 3428 bytes modules/gallery/images/missing_movie.png | Bin 8474 -> 0 bytes 3 files changed, 1 insertion(+), 1 deletion(-) create mode 100644 modules/gallery/images/missing_movie.jpg delete mode 100644 modules/gallery/images/missing_movie.png (limited to 'modules') diff --git a/modules/gallery/helpers/graphics.php b/modules/gallery/helpers/graphics.php index 27ee124a..c19fbe6d 100644 --- a/modules/gallery/helpers/graphics.php +++ b/modules/gallery/helpers/graphics.php @@ -161,7 +161,7 @@ class graphics_Core { movie::extract_frame($input_file, $output_file); } catch (Exception $e) { // Assuming this is MISSING_FFMPEG for now - copy(MODPATH . "gallery/images/missing_movie.png", $output_file); + copy(MODPATH . "gallery/images/missing_movie.jpg", $output_file); } $working_file = $output_file; } else { diff --git a/modules/gallery/images/missing_movie.jpg b/modules/gallery/images/missing_movie.jpg new file mode 100644 index 00000000..452db225 Binary files /dev/null and b/modules/gallery/images/missing_movie.jpg differ diff --git a/modules/gallery/images/missing_movie.png b/modules/gallery/images/missing_movie.png deleted file mode 100644 index fdc97779..00000000 Binary files a/modules/gallery/images/missing_movie.png and /dev/null differ -- cgit v1.2.3 From b512734b9d202807eb7fbc2830f37a1c867c790a Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Tue, 8 May 2012 18:23:09 -0700 Subject: Close all buffers, not just the ones that Kohana opened. Fixes #1821, thanks to pvalsecc. --- modules/gallery/controllers/file_proxy.php | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/gallery/controllers/file_proxy.php b/modules/gallery/controllers/file_proxy.php index 5c958a8d..36c6bc2a 100644 --- a/modules/gallery/controllers/file_proxy.php +++ b/modules/gallery/controllers/file_proxy.php @@ -122,7 +122,15 @@ class File_Proxy_Controller extends Controller { } else { header("Content-Type: $item->mime_type"); } - Kohana::close_buffers(false); + + // Don't use Kohana::close_buffers(false) here because that only closes all the buffers + // that Kohana started. We want to close *all* buffers at this point because otherwise we're + // going to buffer up whatever file we're proxying (and it may be very large). This may + // affect embedding or systems with PHP's output_buffering enabled. + while (ob_get_level()) { + ob_end_clean(); + } + readfile($file); } } -- cgit v1.2.3 From 3191f0f18b606a93bb6ae9e05a95cc505660ba96 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Tue, 8 May 2012 19:02:58 -0700 Subject: Fix up a title that I overlooked in 581d9a58db6a18a2597ee5487e57716f367c884b --- modules/organize/controllers/organize.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/organize/controllers/organize.php b/modules/organize/controllers/organize.php index 145c3283..b0c13e7d 100644 --- a/modules/organize/controllers/organize.php +++ b/modules/organize/controllers/organize.php @@ -195,7 +195,7 @@ class Organize_Controller extends Controller { "expandable" => false, "id" => $child->id, "leaf" => $child->children_count(array(array("type", "=", "album"))) == 0, - "text" => $child->title, + "text" => (string)html::clean($child->title), "nodeType" => "async"); // If the child is in the selected path, open it now. Else, mark it async. -- cgit v1.2.3 From fd4296c70ffe9c274a1e4215191955a41c4e98e2 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Fri, 11 May 2012 14:34:27 -0700 Subject: Inject some sanity into watermark file extensions. --- modules/watermark/controllers/admin_watermarks.php | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'modules') diff --git a/modules/watermark/controllers/admin_watermarks.php b/modules/watermark/controllers/admin_watermarks.php index 2c4c602d..92a44a86 100644 --- a/modules/watermark/controllers/admin_watermarks.php +++ b/modules/watermark/controllers/admin_watermarks.php @@ -106,6 +106,20 @@ class Admin_Watermarks_Controller extends Admin_Controller { return; } + if (!in_array($pathinfo["extension"], legal_file::get_photo_extensions())) { + switch ($image_info[2]) { + case IMAGETYPE_GIF: + $name = legal_file::change_extension($name, "gif"); + break; + case IMAGETYPE_JPEG: + $name = legal_file::change_extension($name, "jpg"); + break; + case IMAGETYPE_PNG: + $name = legal_file::change_extension($name, "png"); + break; + } + } + rename($file, VARPATH . "modules/watermark/$name"); module::set_var("watermark", "name", $name); module::set_var("watermark", "width", $image_info[0]); -- cgit v1.2.3 From 34ac1a466d1ad9e1ba23bf9b7265c6b2b2376ad9 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Fri, 11 May 2012 15:12:30 -0700 Subject: Verify that theme names are well formed. Fixes #1856. --- modules/gallery/libraries/Admin_View.php | 7 ++++++- modules/gallery/libraries/Theme_View.php | 7 ++++++- 2 files changed, 12 insertions(+), 2 deletions(-) (limited to 'modules') diff --git a/modules/gallery/libraries/Admin_View.php b/modules/gallery/libraries/Admin_View.php index fcfe7aa2..66b8c20c 100644 --- a/modules/gallery/libraries/Admin_View.php +++ b/modules/gallery/libraries/Admin_View.php @@ -31,7 +31,12 @@ class Admin_View_Core extends Gallery_View { $this->theme_name = module::get_var("gallery", "active_admin_theme"); if (identity::active_user()->admin) { - $this->theme_name = Input::instance()->get("theme", $this->theme_name); + $theme_name = Input::instance()->get("theme"); + if ($theme_name && + file_exists(THEMEPATH . $theme_name) && + strpos(realpath(THEMEPATH . $theme_name), THEMEPATH) == 0) { + $this->theme_name = $theme_name; + } } $this->sidebar = ""; $this->set_global(array("theme" => $this, diff --git a/modules/gallery/libraries/Theme_View.php b/modules/gallery/libraries/Theme_View.php index 031da6de..78b74cde 100644 --- a/modules/gallery/libraries/Theme_View.php +++ b/modules/gallery/libraries/Theme_View.php @@ -33,7 +33,12 @@ class Theme_View_Core extends Gallery_View { $this->theme_name = module::get_var("gallery", "active_site_theme"); if (identity::active_user()->admin) { - $this->theme_name = Input::instance()->get("theme", $this->theme_name); + $theme_name = Input::instance()->get("theme"); + if ($theme_name && + file_exists(THEMEPATH . $theme_name) && + strpos(realpath(THEMEPATH . $theme_name), THEMEPATH) == 0) { + $this->theme_name = $theme_name; + } } $this->item = null; $this->tag = null; -- cgit v1.2.3 From ca037dc9550590d19a2d25d23391c6ddf48203cd Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Fri, 11 May 2012 15:58:33 -0700 Subject: Improve the way server add deals with wacky directory names. Fixes #1857. --- modules/server_add/controllers/admin_server_add.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'modules') diff --git a/modules/server_add/controllers/admin_server_add.php b/modules/server_add/controllers/admin_server_add.php index 0c741513..954c9ef6 100644 --- a/modules/server_add/controllers/admin_server_add.php +++ b/modules/server_add/controllers/admin_server_add.php @@ -35,12 +35,12 @@ class Admin_Server_Add_Controller extends Admin_Controller { $form = $this->_get_admin_form(); $paths = unserialize(module::get_var("server_add", "authorized_paths", "a:0:{}")); if ($form->validate()) { - if (is_link($form->add_path->path->value)) { + $path = html_entity_decode($form->add_path->path->value); + if (is_link($path)) { $form->add_path->path->add_error("is_symlink", 1); - } else if (!is_readable($form->add_path->path->value)) { + } else if (!is_readable($path)) { $form->add_path->path->add_error("not_readable", 1); } else { - $path = $form->add_path->path->value; $paths[$path] = 1; module::set_var("server_add", "authorized_paths", serialize($paths)); message::success(t("Added path %path", array("path" => $path))); @@ -75,7 +75,7 @@ class Admin_Server_Add_Controller extends Admin_Controller { $path_prefix = Input::instance()->get("q"); foreach (glob("{$path_prefix}*") as $file) { if (is_dir($file) && !is_link($file)) { - $directories[] = $file; + $directories[] = html::clean($file); } } -- cgit v1.2.3 From 6aebc2598e0b76e560a68d6ea78bd59012ae0805 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Fri, 11 May 2012 17:11:52 -0700 Subject: Fix canonical name for this module. Fixes #1858. --- modules/g2_import/module.info | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/g2_import/module.info b/modules/g2_import/module.info index 30fb46d4..6b03d097 100644 --- a/modules/g2_import/module.info +++ b/modules/g2_import/module.info @@ -1,4 +1,4 @@ -name = "Gallery2 Import" +name = "Gallery 2 Import" description = "Import your Gallery 2 content into Gallery 3" version = 2 author_name = "Gallery Team" -- cgit v1.2.3 From 5d9e71741754809ebe5f543eb874634e6fc8cc9d Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Fri, 11 May 2012 17:14:41 -0700 Subject: Sort modules by visible name, not id. Fixes #1859. --- modules/gallery/helpers/module.php | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/gallery/helpers/module.php b/modules/gallery/helpers/module.php index 3368e39b..7292b106 100644 --- a/modules/gallery/helpers/module.php +++ b/modules/gallery/helpers/module.php @@ -109,7 +109,11 @@ class module_Core { $modules->gallery->locked = true; $identity_module = module::get_var("gallery", "identity_provider", "user"); $modules->$identity_module->locked = true; - $modules->ksort(); + + function natural_name_sort($a, $b) { + return strnatcasecmp($a->name, $b->name); + } + $modules->uasort('natural_name_sort'); self::$available = $modules; } -- cgit v1.2.3