From b0cb3c74025dd601dcf0ffbc33493c03b7bd1824 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Fri, 29 May 2009 12:00:49 -0700 Subject: Update Kohana to r4374 --- modules/unit_test/libraries/Unit_Test.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'modules') diff --git a/modules/unit_test/libraries/Unit_Test.php b/modules/unit_test/libraries/Unit_Test.php index 7e3d2a4b..7558759c 100644 --- a/modules/unit_test/libraries/Unit_Test.php +++ b/modules/unit_test/libraries/Unit_Test.php @@ -2,7 +2,7 @@ /** * Unit_Test library. * - * $Id: Unit_Test.php 4158 2009-04-07 20:40:44Z zombor $ + * $Id: Unit_Test.php 4367 2009-05-27 21:23:57Z samsoir $ * * @package Unit_Test * @author Kohana Team @@ -66,7 +66,7 @@ class Unit_Test_Core { $class = substr($path, strrpos($path, '/') + 1, -(strlen(EXT))); // Skip hidden files - if (substr($class, 0, 1) === '.') + if ($class[0] === '.') continue; // Check for duplicate test class name -- cgit v1.2.3 From 34da188e81c39b472081417b96e75b1102e01707 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Fri, 29 May 2009 17:40:23 -0700 Subject: Revert test code inserted in 88a3d43ba9b9377ba6bbe21a4547220ae3a37276 which showed stack traces to non-admins. --- modules/gallery/views/kohana_error_page.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'modules') diff --git a/modules/gallery/views/kohana_error_page.php b/modules/gallery/views/kohana_error_page.php index a091bca3..d9bf9698 100644 --- a/modules/gallery/views/kohana_error_page.php +++ b/modules/gallery/views/kohana_error_page.php @@ -58,9 +58,8 @@ <?= t("Something went wrong!") ?> - -admin ?> - + + admin ?>

-- cgit v1.2.3 From 055e0a7dc5d4fe65f92c5621a26432cda206f07f Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Fri, 29 May 2009 17:42:31 -0700 Subject: Remove a completed @todo --- modules/gallery/helpers/gallery_menu.php | 1 - 1 file changed, 1 deletion(-) (limited to 'modules') diff --git a/modules/gallery/helpers/gallery_menu.php b/modules/gallery/helpers/gallery_menu.php index 1dc9cb41..ccbc681c 100644 --- a/modules/gallery/helpers/gallery_menu.php +++ b/modules/gallery/helpers/gallery_menu.php @@ -49,7 +49,6 @@ class gallery_menu_Core { ->url(url::site("form/edit/{$item->type}s/$item->id"))); // @todo Move album options menu to the album quick edit pane - // @todo Create resized item quick edit pane menu if ($item->is_album()) { $options_menu ->append(Menu::factory("dialog") -- cgit v1.2.3 From 381dd0574a9d83ceed1dbf6bcb1f7e158d46c85c Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Fri, 29 May 2009 17:53:33 -0700 Subject: Don't show the add photo/album options to users who don't have the permission. This isn't a security hole, since they can't actually add stuff.. but they can try and fail which is a bad user experience. Also fix it up so that we show the option menu only if there's stuff to show, and cache some of the permissions for performance (which I'm guessing at-- didn't benchmark it). --- modules/gallery/helpers/gallery_menu.php | 48 +++++++++++++++++++------------- 1 file changed, 28 insertions(+), 20 deletions(-) (limited to 'modules') diff --git a/modules/gallery/helpers/gallery_menu.php b/modules/gallery/helpers/gallery_menu.php index ccbc681c..7377bc9d 100644 --- a/modules/gallery/helpers/gallery_menu.php +++ b/modules/gallery/helpers/gallery_menu.php @@ -19,7 +19,8 @@ */ class gallery_menu_Core { static function site($menu, $theme) { - if (file_exists(MODPATH . "gallery/controllers/scaffold.php") && user::active()->admin) { + $is_admin = user::active()->admin; + if (file_exists(MODPATH . "gallery/controllers/scaffold.php") && $is_admin) { $menu->append($scaffold_menu = Menu::factory("submenu") ->id("scaffold") ->label("Scaffold")); @@ -36,38 +37,45 @@ class gallery_menu_Core { $item = $theme->item(); - if (user::active()->admin || ($item && access::can("edit", $item))) { + $can_edit = access::can("edit", $item) || $is_admin; + $can_add = access::can("add", $item) || $is_admin; + + if ($item && $can_edit || $can_add) { $menu->append($options_menu = Menu::factory("submenu") ->id("options_menu") ->label(t("Options"))); - if ($item && access::can("edit", $item)) { + if ($can_edit) { $options_menu ->append(Menu::factory("dialog") ->id("edit_item") ->label($item->is_album() ? t("Edit album") : t("Edit photo")) ->url(url::site("form/edit/{$item->type}s/$item->id"))); + } - // @todo Move album options menu to the album quick edit pane - if ($item->is_album()) { - $options_menu - ->append(Menu::factory("dialog") - ->id("add_item") - ->label(t("Add a photo")) - ->url(url::site("simple_uploader/app/$item->id"))) - ->append(Menu::factory("dialog") - ->id("add_album") - ->label(t("Add an album")) - ->url(url::site("form/add/albums/$item->id?type=album"))) - ->append(Menu::factory("dialog") - ->id("edit_permissions") - ->label(t("Edit permissions")) - ->url(url::site("permissions/browse/$item->id"))); - } + // @todo Move album options menu to the album quick edit pane + if ($item->is_album() && $can_add) { + $options_menu + ->append(Menu::factory("dialog") + ->id("add_item") + ->label(t("Add a photo")) + ->url(url::site("simple_uploader/app/$item->id"))) + ->append(Menu::factory("dialog") + ->id("add_album") + ->label(t("Add an album")) + ->url(url::site("form/add/albums/$item->id?type=album"))); + } + + if ($can_edit) { + $options_menu + ->append(Menu::factory("dialog") + ->id("edit_permissions") + ->label(t("Edit permissions")) + ->url(url::site("permissions/browse/$item->id"))); } } - if (user::active()->admin) { + if ($is_admin) { $menu->append($admin_menu = Menu::factory("submenu") ->id("admin_menu") ->label(t("Admin"))); -- cgit v1.2.3 From 2925a1c7978c436c11c0a6c4dac9fa3ddc0a2396 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Fri, 29 May 2009 17:54:20 -0700 Subject: Require "add" permission to show the add form. --- modules/gallery/controllers/simple_uploader.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules') diff --git a/modules/gallery/controllers/simple_uploader.php b/modules/gallery/controllers/simple_uploader.php index bdf9582f..ec2a5ab9 100644 --- a/modules/gallery/controllers/simple_uploader.php +++ b/modules/gallery/controllers/simple_uploader.php @@ -20,7 +20,7 @@ class Simple_Uploader_Controller extends Controller { public function app($id) { $item = ORM::factory("item", $id); - access::required("edit", $item); + access::required("add", $item); $v = new View("simple_uploader.html"); $v->item = $item; -- cgit v1.2.3 From 60d1bbc2d68f86b7ed4632cab03f61ee458d0751 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Fri, 29 May 2009 20:24:42 -0700 Subject: Move credits message into a variable, which can be changed in Admin > Settings > Advanced. It's stored in the variable as an internationalized string and localized at output time. --- installer/install.sql | 6 +++--- modules/gallery/helpers/gallery_installer.php | 3 +++ modules/gallery/helpers/gallery_theme.php | 4 ++-- 3 files changed, 8 insertions(+), 5 deletions(-) (limited to 'modules') diff --git a/installer/install.sql b/installer/install.sql index b021250a..860d552c 100755 --- a/installer/install.sql +++ b/installer/install.sql @@ -249,7 +249,7 @@ CREATE TABLE {search_records} ( FULLTEXT KEY `data` (`data`) ) ENGINE=MyISAM AUTO_INCREMENT=2 DEFAULT CHARSET=utf8; SET character_set_client = @saved_cs_client; -INSERT INTO {search_records} VALUES (1,1,0,' Gallery '); +INSERT INTO {search_records} VALUES (1,1,0,' Gallery'); DROP TABLE IF EXISTS {sessions}; SET @saved_cs_client = @@character_set_client; SET character_set_client = utf8; @@ -333,6 +333,6 @@ CREATE TABLE {vars} ( `value` text, PRIMARY KEY (`id`), UNIQUE KEY `module_name` (`module_name`,`name`) -) ENGINE=InnoDB AUTO_INCREMENT=22 DEFAULT CHARSET=utf8; +) ENGINE=InnoDB AUTO_INCREMENT=24 DEFAULT CHARSET=utf8; SET character_set_client = @saved_cs_client; -INSERT INTO {vars} VALUES (1,'gallery','active_site_theme','default'),(2,'gallery','active_admin_theme','admin_default'),(3,'gallery','page_size','9'),(4,'gallery','thumb_size','200'),(5,'gallery','resize_size','640'),(6,'gallery','default_locale','en_US'),(7,'gallery','image_quality','75'),(9,'gallery','blocks_dashboard_sidebar','a:4:{i:809046100;a:2:{i:0;s:7:\"gallery\";i:1;s:11:\"block_adder\";}i:517357050;a:2:{i:0;s:7:\"gallery\";i:1;s:5:\"stats\";}i:864881363;a:2:{i:0;s:7:\"gallery\";i:1;s:13:\"platform_info\";}i:375523668;a:2:{i:0;s:7:\"gallery\";i:1;s:12:\"project_news\";}}'),(14,'gallery','blocks_dashboard_center','a:4:{i:306281171;a:2:{i:0;s:7:\"gallery\";i:1;s:7:\"welcome\";}i:636407494;a:2:{i:0;s:7:\"gallery\";i:1;s:12:\"photo_stream\";}i:1735763319;a:2:{i:0;s:7:\"gallery\";i:1;s:11:\"log_entries\";}i:1348141451;a:2:{i:0;s:7:\"comment\";i:1;s:15:\"recent_comments\";}}'),(17,'gallery','version','3.0 pre-beta git'),(18,'gallery','choose_default_tookit','1'),(20,'comment','spam_caught','0'); +INSERT INTO {vars} VALUES (1,'gallery','active_site_theme','default'),(2,'gallery','active_admin_theme','admin_default'),(3,'gallery','page_size','9'),(4,'gallery','thumb_size','200'),(5,'gallery','resize_size','640'),(6,'gallery','default_locale','en_US'),(7,'gallery','image_quality','75'),(9,'gallery','blocks_dashboard_sidebar','a:4:{i:1021536970;a:2:{i:0;s:7:\"gallery\";i:1;s:11:\"block_adder\";}i:62586177;a:2:{i:0;s:7:\"gallery\";i:1;s:5:\"stats\";}i:1314474428;a:2:{i:0;s:7:\"gallery\";i:1;s:13:\"platform_info\";}i:2072050158;a:2:{i:0;s:7:\"gallery\";i:1;s:12:\"project_news\";}}'),(14,'gallery','blocks_dashboard_center','a:4:{i:2103644216;a:2:{i:0;s:7:\"gallery\";i:1;s:7:\"welcome\";}i:1234407127;a:2:{i:0;s:7:\"gallery\";i:1;s:12:\"photo_stream\";}i:1844887955;a:2:{i:0;s:7:\"gallery\";i:1;s:11:\"log_entries\";}i:1497904257;a:2:{i:0;s:7:\"comment\";i:1;s:15:\"recent_comments\";}}'),(17,'gallery','version','3.0 pre-beta git'),(18,'gallery','choose_default_tookit','1'),(19,'gallery','credits','Powered by Gallery %version'),(21,'comment','spam_caught','0'); diff --git a/modules/gallery/helpers/gallery_installer.php b/modules/gallery/helpers/gallery_installer.php index fbbee194..b97adcd0 100644 --- a/modules/gallery/helpers/gallery_installer.php +++ b/modules/gallery/helpers/gallery_installer.php @@ -251,6 +251,9 @@ class gallery_installer { module::set_version("gallery", 1); module::set_var("gallery", "version", "3.0 pre-beta git"); module::set_var("gallery", "choose_default_tookit", 1); + + // @todo this string needs to be picked up by l10n_scanner + module::set_var("gallery", "credits", "Powered by Gallery %version"); } } diff --git a/modules/gallery/helpers/gallery_theme.php b/modules/gallery/helpers/gallery_theme.php index d45e1b98..f955e8f7 100644 --- a/modules/gallery/helpers/gallery_theme.php +++ b/modules/gallery/helpers/gallery_theme.php @@ -124,8 +124,8 @@ class gallery_theme_Core { } static function credits() { - return "
  • " . - t("Powered by Gallery %version", + return "
  • " . + t(module::get_var("gallery", "credits"), array("url" => "http://gallery.menalto.com", "version" => module::get_var("gallery", "version"))) . "
    • "; -- cgit v1.2.3 From cbec883d8a572fd8b94c9db78b652caf1a22de23 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Fri, 29 May 2009 20:59:34 -0700 Subject: Don't show "edit permissions" for non-albums. --- modules/gallery/helpers/gallery_menu.php | 36 +++++++++++++++++--------------- 1 file changed, 19 insertions(+), 17 deletions(-) (limited to 'modules') diff --git a/modules/gallery/helpers/gallery_menu.php b/modules/gallery/helpers/gallery_menu.php index 7377bc9d..1f5151a3 100644 --- a/modules/gallery/helpers/gallery_menu.php +++ b/modules/gallery/helpers/gallery_menu.php @@ -54,24 +54,26 @@ class gallery_menu_Core { } // @todo Move album options menu to the album quick edit pane - if ($item->is_album() && $can_add) { - $options_menu - ->append(Menu::factory("dialog") - ->id("add_item") - ->label(t("Add a photo")) - ->url(url::site("simple_uploader/app/$item->id"))) - ->append(Menu::factory("dialog") - ->id("add_album") - ->label(t("Add an album")) - ->url(url::site("form/add/albums/$item->id?type=album"))); - } + if ($item->is_album()) { + if ($can_add) { + $options_menu + ->append(Menu::factory("dialog") + ->id("add_item") + ->label(t("Add a photo")) + ->url(url::site("simple_uploader/app/$item->id"))) + ->append(Menu::factory("dialog") + ->id("add_album") + ->label(t("Add an album")) + ->url(url::site("form/add/albums/$item->id?type=album"))); + } - if ($can_edit) { - $options_menu - ->append(Menu::factory("dialog") - ->id("edit_permissions") - ->label(t("Edit permissions")) - ->url(url::site("permissions/browse/$item->id"))); + if ($can_edit) { + $options_menu + ->append(Menu::factory("dialog") + ->id("edit_permissions") + ->label(t("Edit permissions")) + ->url(url::site("permissions/browse/$item->id"))); + } } } -- cgit v1.2.3 From ce285b8feba2f9c495fb153517c2a582421f50e0 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Fri, 29 May 2009 21:23:08 -0700 Subject: Use the relative_path_cache to look up items which should be a faster query than using the level + the components. --- modules/gallery/controllers/file_proxy.php | 69 +++++++++++++++--------------- modules/gallery/helpers/MY_url.php | 20 ++++++--- 2 files changed, 47 insertions(+), 42 deletions(-) (limited to 'modules') diff --git a/modules/gallery/controllers/file_proxy.php b/modules/gallery/controllers/file_proxy.php index f3c5f109..2037ad98 100644 --- a/modules/gallery/controllers/file_proxy.php +++ b/modules/gallery/controllers/file_proxy.php @@ -41,56 +41,55 @@ class File_Proxy_Controller extends Controller { kohana::show_404(); } - $file = substr($request_uri, strlen($var_uri)); + $file_uri = substr($request_uri, strlen($var_uri)); // Make sure that we don't leave the var dir - if (strpos($file, "..") !== false) { + if (strpos($file_uri, "..") !== false) { kohana::show_404(); } - // We only handle var/resizes and var/albums - $paths = explode("/", $file); - $type = $paths[0]; + list ($type, $path) = explode("/", $file_uri, 2); if ($type != "resizes" && $type != "albums" && $type != "thumbs") { kohana::show_404(); } // If the last element is .album.jpg, pop that off since it's not a real item - if ($paths[count($paths)-1] == ".album.jpg") { - array_pop($paths); - } - if ($paths[count($paths)-1] == "") { - array_pop($paths); - } + $path = preg_replace("|/.album.jpg$|", "", $path); - // Find all items that match the level and name, then iterate over those to find a match. - // In most cases we'll get it in one. Note that for the level calculation, we just count the - // size of $paths. $paths includes the type ("thumbs", etc) but it doesn't include the root, - // so it's a wash. - $count = count($paths); - $compare_file = VARPATH . $file; - $item = null; - foreach (ORM::factory("item") - ->where("name", $paths[$count - 1]) - ->where("level", $count) - ->find_all() as $match) { - if ($type == "albums") { - $match_file = $match->file_path(); - } else if ($type == "resizes") { - $match_file = $match->resize_path(); - } else { - $match_file = $match->thumb_path(); - } - if ($match_file == $compare_file) { - $item = $match; - break; + // We now have the relative path to the item. Search for it in the path cache + $item = ORM::factory("item")->where("relative_path_cache", $path)->find(); + if (!$item->loaded) { + // We didn't turn it up. This may mean that the path cache is out of date, so look it up + // the hard way. + // + // Find all items that match the level and name, then iterate over those to find a match. + // In most cases we'll get it in one. Note that for the level calculation, we just count the + // size of $paths. + $paths = explode("/", $path); + $count = count($paths); + foreach (ORM::factory("item") + ->where("name", $paths[$count - 1]) + ->where("level", $count + 1) + ->find_all() as $match) { + if ($match->relative_path() == $path) { + $item = $match; + break; + } } } - if (!$item) { + if (!$item->loaded) { kohana::show_404(); } + if ($type == "albums") { + $file = $item->file_path(); + } else if ($type == "resizes") { + $file = $item->resize_path(); + } else { + $file = $item->thumb_path(); + } + // Make sure we have access to the item if (!access::can("view", $item)) { kohana::show_404(); @@ -106,14 +105,14 @@ class File_Proxy_Controller extends Controller { kohana::show_404(); } - if (!file_exists($match_file)) { + if (!file_exists($file)) { kohana::show_404(); } // Dump out the image header("Content-Type: $item->mime_type"); Kohana::close_buffers(false); - $fd = fopen($match_file, "rb"); + $fd = fopen($file, "rb"); fpassthru($fd); fclose($fd); } diff --git a/modules/gallery/helpers/MY_url.php b/modules/gallery/helpers/MY_url.php index 5e8bfc9e..019e416f 100644 --- a/modules/gallery/helpers/MY_url.php +++ b/modules/gallery/helpers/MY_url.php @@ -38,13 +38,19 @@ class url extends url_Core { return; } - $count = count(Router::$segments); - foreach (ORM::factory("item") - ->where("name", html_entity_decode(Router::$segments[$count - 1], ENT_QUOTES)) - ->where("level", $count + 1) - ->find_all() as $match) { - if ($match->relative_path() == html_entity_decode(Router::$current_uri, ENT_QUOTES)) { - $item = $match; + $current_uri = html_entity_decode(Router::$current_uri, ENT_QUOTES); + $item = ORM::factory("item")->where("relative_path_cache", $current_uri)->find(); + if (!$item->loaded) { + // It's possible that the relative path cache for the item we're looking for is out of date, + // so find it the hard way. + $count = count(Router::$segments); + foreach (ORM::factory("item") + ->where("name", html_entity_decode(Router::$segments[$count - 1], ENT_QUOTES)) + ->where("level", $count + 1) + ->find_all() as $match) { + if ($match->relative_path() == $current_uri) { + $item = $match; + } } } -- cgit v1.2.3