stian/gallery3
1
0
Fork 0
mirror of https://github.com/Pathduck/gallery3.git synced 2026-05-04 20:19:09 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge branch 'master' into talmdal_dev

Browse Source 
Conflicts:
	modules/rest/controllers/rest.php
This commit is contained in:
Tim Almdal
2010-03-31 07:14:06 -07:00
parent e56473c5d7 ca977dce51
commit f2ed1eeab2
10 changed files with 106 additions and 78 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
modules/g2_import/helpers/g2_import.php
View File

@@ -265,7 +265,7 @@ class g2_import_Core {
$e);
}
}
break;
case GROUP_ALL_USERS:
@@ -1203,23 +1203,3 @@ function g2() {
return $args;
}
}
/**
* A wrapper for exceptions to report more details in case
* it's a ORM validation exception.
*/
class G2_Import_Exception extends Exception {
public function __construct($message, Exception $previous=null, $additional_messages=null) {
if ($additional_messages) {
$message .= "\n" . implode("\n", $additional_messages);
}
if ($previous && $previous instanceof ORM_Validation_Exception) {
$message .= "\nORM validation errors: " . print_r($previous->validation->errors(), true);
}
if ($previous) {
$message .= "\n" . (string) $previous;
}
// The $previous parameter is supported in PHP 5.3.0+.
parent::__construct($message);
}
}

39
modules/g2_import/libraries/G2_Import_Exception.php Normal file
View File

@@ -0,0 +1,39 @@
<?php defined("SYSPATH") or die("No direct script access.");
/**
* Gallery - a web based photo album viewer and editor
* Copyright (C) 2000-2010 Bharat Mediratta
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or (at
* your option) any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
*/
/**
* A wrapper for exceptions to report more details in case
* it's a ORM validation exception.
*/
class G2_Import_Exception extends Exception {
public function __construct($message, Exception $previous=null, $additional_messages=null) {
if ($additional_messages) {
$message .= "\n" . implode("\n", $additional_messages);
}
if ($previous && $previous instanceof ORM_Validation_Exception) {
$message .= "\nORM validation errors: " . print_r($previous->validation->errors(), true);
}
if ($previous) {
$message .= "\n" . (string) $previous;
}
// The $previous parameter is supported in PHP 5.3.0+.
parent::__construct($message);
}
}

47
modules/gallery/tests/xss_data.txt
View File

@@ -70,12 +70,12 @@ modules/gallery/views/admin_graphics_imagemagick.html.php 2 DIRTY_ATTR $is_
modules/gallery/views/admin_graphics_imagemagick.html.php 2 DIRTY_ATTR $tk->installed?" g-installed-toolkit":" g-unavailable"
modules/gallery/views/admin_graphics_imagemagick.html.php 18 DIRTY $tk->error
modules/gallery/views/admin_languages.html.php 43 DIRTY access::csrf_form_field()
modules/gallery/views/admin_languages.html.php 60 DIRTY_ATTR (isset($installed_locales[$code]))?"g-available":""
modules/gallery/views/admin_languages.html.php 60 DIRTY_ATTR ($default_locale==$code)?" g-selected":""
modules/gallery/views/admin_languages.html.php 61 DIRTY form::checkbox("installed_locales[]",$code,isset($installed_locales[$code]))
modules/gallery/views/admin_languages.html.php 62 DIRTY $display_name
modules/gallery/views/admin_languages.html.php 64 DIRTY form::radio("default_locale",$code,($default_locale==$code),((isset($installed_locales[$code]))?'':'disabled="disabled"'))
modules/gallery/views/admin_languages.html.php 109 DIRTY $share_translations_form
modules/gallery/views/admin_languages.html.php 61 DIRTY_ATTR (isset($installed_locales[$code]))?"g-available":""
modules/gallery/views/admin_languages.html.php 61 DIRTY_ATTR ($default_locale==$code)?" g-selected":""
modules/gallery/views/admin_languages.html.php 62 DIRTY form::checkbox("installed_locales[]",$code,isset($installed_locales[$code]))
modules/gallery/views/admin_languages.html.php 63 DIRTY $display_name
modules/gallery/views/admin_languages.html.php 65 DIRTY form::radio("default_locale",$code,($default_locale==$code),((isset($installed_locales[$code]))?'':'disabled="disabled"'))
modules/gallery/views/admin_languages.html.php 110 DIRTY $share_translations_form
modules/gallery/views/admin_maintenance.html.php 24 DIRTY_ATTR text::alternate("g-odd","g-even")
modules/gallery/views/admin_maintenance.html.php 24 DIRTY_ATTR log::severity_class($task->severity)
modules/gallery/views/admin_maintenance.html.php 25 DIRTY_ATTR log::severity_class($task->severity)
@@ -121,10 +121,10 @@ modules/gallery/views/admin_themes.html.php 76 DIRTY $info-
modules/gallery/views/admin_themes.html.php 78 DIRTY $info->description
modules/gallery/views/admin_themes_preview.html.php 7 DIRTY_ATTR $url
modules/gallery/views/error_404.html.php 14 DIRTY $login_form
modules/gallery/views/form_uploadify.html.php 30 DIRTY_JS url::file("lib/uploadify/uploadify.swf")
modules/gallery/views/form_uploadify.html.php 31 DIRTY_JS url::site("simple_uploader/add_photo/{$album->id}")
modules/gallery/views/form_uploadify.html.php 35 DIRTY_JS url::file("lib/uploadify/cancel.png")
modules/gallery/views/form_uploadify.html.php 36 DIRTY_JS $simultaneous_upload_limit
modules/gallery/views/form_uploadify.html.php 9 DIRTY_JS url::file("lib/uploadify/uploadify.swf")
modules/gallery/views/form_uploadify.html.php 10 DIRTY_JS url::site("simple_uploader/add_photo/{$album->id}")
modules/gallery/views/form_uploadify.html.php 14 DIRTY_JS url::file("lib/uploadify/cancel.png")
modules/gallery/views/form_uploadify.html.php 15 DIRTY_JS $simultaneous_upload_limit
modules/gallery/views/in_place_edit.html.php 2 DIRTY form::open($action,array("method"=>"post","id"=>"g-in-place-edit-form","class"=>"g-short-form"))
modules/gallery/views/in_place_edit.html.php 3 DIRTY access::csrf_form_field()
modules/gallery/views/in_place_edit.html.php 6 DIRTY form::input("input",$form["input"]," class=\"textbox\"")
@@ -320,19 +320,20 @@ modules/user/views/admin_users_group.html.php 24 DIRTY_JS $group
modules/watermark/views/admin_watermarks.html.php 20 DIRTY_ATTR $width
modules/watermark/views/admin_watermarks.html.php 20 DIRTY_ATTR $height
modules/watermark/views/admin_watermarks.html.php 20 DIRTY_ATTR $url
themes/admin_wind/views/admin.html.php 16 DIRTY_JS $theme->url()
themes/admin_wind/views/admin.html.php 33 DIRTY $theme->admin_head()
themes/admin_wind/views/admin.html.php 37 DIRTY $theme->admin_page_top()
themes/admin_wind/views/admin.html.php 45 DIRTY $theme->admin_header_top()
themes/admin_wind/views/admin.html.php 46 DIRTY_JS item::root()->url()
themes/admin_wind/views/admin.html.php 49 DIRTY $theme->user_menu()
themes/admin_wind/views/admin.html.php 51 DIRTY $theme->admin_menu()
themes/admin_wind/views/admin.html.php 53 DIRTY $theme->admin_header_bottom()
themes/admin_wind/views/admin.html.php 60 DIRTY $content
themes/admin_wind/views/admin.html.php 66 DIRTY $sidebar
themes/admin_wind/views/admin.html.php 71 DIRTY $theme->admin_footer()
themes/admin_wind/views/admin.html.php 73 DIRTY $theme->admin_credits()
themes/admin_wind/views/admin.html.php 77 DIRTY $theme->admin_page_bottom()
themes/admin_wind/views/admin.html.php 9 DIRTY $page_title
themes/admin_wind/views/admin.html.php 22 DIRTY_JS $theme->url()
themes/admin_wind/views/admin.html.php 39 DIRTY $theme->admin_head()
themes/admin_wind/views/admin.html.php 43 DIRTY $theme->admin_page_top()
themes/admin_wind/views/admin.html.php 51 DIRTY $theme->admin_header_top()
themes/admin_wind/views/admin.html.php 52 DIRTY_JS item::root()->url()
themes/admin_wind/views/admin.html.php 55 DIRTY $theme->user_menu()
themes/admin_wind/views/admin.html.php 57 DIRTY $theme->admin_menu()
themes/admin_wind/views/admin.html.php 59 DIRTY $theme->admin_header_bottom()
themes/admin_wind/views/admin.html.php 66 DIRTY $content
themes/admin_wind/views/admin.html.php 72 DIRTY $sidebar
themes/admin_wind/views/admin.html.php 77 DIRTY $theme->admin_footer()
themes/admin_wind/views/admin.html.php 79 DIRTY $theme->admin_credits()
themes/admin_wind/views/admin.html.php 83 DIRTY $theme->admin_page_bottom()
themes/admin_wind/views/block.html.php 3 DIRTY_ATTR $anchor
themes/admin_wind/views/block.html.php 5 DIRTY $id
themes/admin_wind/views/block.html.php 5 DIRTY_ATTR $css_id

10
modules/rest/controllers/rest.php
View File

@@ -34,7 +34,7 @@ class Rest_Controller extends Controller {
auth::login($user);
$key = rest::get_access_token($user->id);
$key = rest::get_access_key($user->id);
rest::reply($key->access_key);
}
@@ -56,15 +56,15 @@ class Rest_Controller extends Controller {
}
$request->method = strtolower($input->server("HTTP_X_GALLERY_REQUEST_METHOD", $method));
$request->access_token = $input->server("HTTP_X_GALLERY_REQUEST_KEY");
$request->access_key = $input->server("HTTP_X_GALLERY_REQUEST_KEY");
if (empty($request->access_token) && !empty($request->params->access_token)) {
$request->access_token = $request->params->access_token;
if (empty($request->access_key) && !empty($request->params->access_key)) {
$request->access_key = $request->params->access_key;
}
$request->url = url::abs_current(true);
rest::set_active_user($request->access_token);
rest::set_active_user($request->access_key);
$handler_class = "{$function}_rest";
$handler_method = $request->method;

12
modules/rest/helpers/rest.php
View File

@@ -37,13 +37,13 @@ class rest_Core {
}
}
static function set_active_user($access_token) {
if (empty($access_token)) {
static function set_active_user($access_key) {
if (empty($access_key)) {
throw new Rest_Exception("Forbidden", 403);
}
$key = ORM::factory("user_access_token")
->where("access_key", "=", $access_token)
$key = ORM::factory("user_access_key")
->where("access_key", "=", $access_key)
->find();
if (!$key->loaded()) {
@@ -58,8 +58,8 @@ class rest_Core {
identity::set_active_user($user);
}
static function get_access_token($user_id) {
$key = ORM::factory("user_access_token")
static function get_access_key($user_id) {
$key = ORM::factory("user_access_key")
->where("user_id", "=", $user_id)
->find();

14
modules/rest/helpers/rest_event.php
View File

@@ -24,7 +24,7 @@ class rest_event {
*/
static function user_before_delete($user) {
db::build()
->delete("user_access_tokens")
->delete("user_access_keys")
->where("id", "=", $user->id)
->execute();
}
@@ -34,7 +34,7 @@ class rest_event {
* on every add.
*/
static function user_add_form_admin_completed($user, $form) {
$key = ORM::factory("user_access_token");
$key = ORM::factory("user_access_key");
$key->user_id = $user->id;
$key->access_key = md5($user->name . rand());
$key->save();
@@ -58,7 +58,7 @@ class rest_event {
* Get the form fields for user edit
*/
static function _get_access_key_form($user, $form) {
$key = ORM::factory("user_access_token")
$key = ORM::factory("user_access_key")
->where("user_id", "=", $user->id)
->find();
@@ -68,7 +68,7 @@ class rest_event {
$key->save();
}
$form->edit_user->input("user_access_token")
$form->edit_user->input("user_access_key")
->value($key->access_key)
->readonly("readonly")
->class("g-form-static")
@@ -87,9 +87,9 @@ class rest_event {
}
$view = new View("user_profile_rest.html");
$key = ORM::factory("user_access_token")
->where("user_id", "=", $data->user->id)
->find();
$key = ORM::factory("user_access_key")
->where("user_id", "=", $data->user->id)
->find();
if (!$key->loaded()) {
$key->user_id = $data->user->id;

14
modules/rest/helpers/rest_installer.php
View File

@@ -20,7 +20,7 @@
class rest_installer {
static function install() {
Database::instance()
->query("CREATE TABLE {user_access_tokens} (
->query("CREATE TABLE {user_access_keys} (
`id` int(9) NOT NULL auto_increment,
`user_id` int(9) NOT NULL,
`access_key` char(32) NOT NULL,
@@ -28,10 +28,18 @@ class rest_installer {
UNIQUE KEY(`access_key`),
UNIQUE KEY(`user_id`))
DEFAULT CHARSET=utf8;");
module::set_version("rest", 1);
module::set_version("rest", 2);
}
static function upgrade($version) {
$db = Database::instance();
if ($version == 1) {
$db->query("RENAME TABLE {user_access_tokens} TO {user_access_keys}");
module::set_version("rest", $version = 2);
}
}
static function uninstall() {
Database::instance()->query("DROP TABLE IF EXISTS {user_access_tokens}");
Database::instance()->query("DROP TABLE IF EXISTS {user_access_keys}");
}
}

2
modules/rest/models/user_access_token.php → modules/rest/models/user_access_key.php
View File

@@ -17,5 +17,5 @@
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
*/
class User_Access_Token_Model extends ORM {
class User_Access_Key_Model extends ORM {
}

2
modules/rest/module.info
View File

@@ -1,4 +1,4 @@
name = "REST Access Module"
description = "The RESTful implementation/interface to Gallery3"
version = 1
version = 2

22
modules/rest/tests/Rest_Controller_Test.php
View File

@@ -21,7 +21,7 @@ class Rest_Controller_Test extends Gallery_Unit_Test_Case {
public function setup() {
$this->_save = array($_GET, $_POST, $_SERVER);
$key = rest::get_access_token(1); // admin user
$key = rest::get_access_key(1); // admin user
$_SERVER["HTTP_X_GALLERY_REQUEST_KEY"] = $key->access_key;
}
@@ -34,14 +34,14 @@ class Rest_Controller_Test extends Gallery_Unit_Test_Case {
// There's no access key at first
$this->assert_false(
ORM::factory("user_access_token")->where("user_id", "=", $user->id)->find()->loaded());
ORM::factory("user_access_key")->where("user_id", "=", $user->id)->find()->loaded());
$_POST["user"] = $user->name;
$_POST["password"] = "password";
$response = test::call_and_capture(array(new Rest_Controller(), "index"));
$expected =
ORM::factory("user_access_token")->where("user_id", "=", $user->id)->find()->access_key;
ORM::factory("user_access_key")->where("user_id", "=", $user->id)->find()->access_key;
// Now there is an access key, and it was returned
$this->assert_equal(json_encode($expected), $response);
@@ -82,11 +82,11 @@ class Rest_Controller_Test extends Gallery_Unit_Test_Case {
$_SERVER["REQUEST_METHOD"] = "GET";
$_GET["key"] = "value";
$key = rest::get_access_token(1); // admin user
$key = rest::get_access_key(1); // admin user
$this->assert_array_equal_to_json(
array("params" => array("key" => "value"),
"method" => "get",
"access_token" => $key->access_key,
"access_key" => $key->access_key,
"url" => "http://./index.php/gallery_unit_test"),
test::call_and_capture(array(new Rest_Controller(), "mock")));
}
@@ -95,11 +95,11 @@ class Rest_Controller_Test extends Gallery_Unit_Test_Case {
$_SERVER["REQUEST_METHOD"] = "POST";
$_POST["key"] = "value";
$key = rest::get_access_token(1); // admin user
$key = rest::get_access_key(1); // admin user
$this->assert_array_equal_to_json(
array("params" => array("key" => "value"),
"method" => "post",
"access_token" => $key->access_key,
"access_key" => $key->access_key,
"url" => "http://./index.php/gallery_unit_test"),
test::call_and_capture(array(new Rest_Controller(), "mock")));
}
@@ -109,11 +109,11 @@ class Rest_Controller_Test extends Gallery_Unit_Test_Case {
$_SERVER["HTTP_X_GALLERY_REQUEST_METHOD"] = "put";
$_POST["key"] = "value";
$key = rest::get_access_token(1); // admin user
$key = rest::get_access_key(1); // admin user
$this->assert_array_equal_to_json(
array("params" => array("key" => "value"),
"method" => "put",
"access_token" => $key->access_key,
"access_key" => $key->access_key,
"url" => "http://./index.php/gallery_unit_test"),
test::call_and_capture(array(new Rest_Controller(), "mock")));
}
@@ -123,11 +123,11 @@ class Rest_Controller_Test extends Gallery_Unit_Test_Case {
$_SERVER["HTTP_X_GALLERY_REQUEST_METHOD"] = "delete";
$_POST["key"] = "value";
$key = rest::get_access_token(1); // admin user
$key = rest::get_access_key(1); // admin user
$this->assert_array_equal_to_json(
array("params" => array("key" => "value"),
"method" => "delete",
"access_token" => $key->access_key,
"access_key" => $key->access_key,
"url" => "http://./index.php/gallery_unit_test"),
test::call_and_capture(array(new Rest_Controller(), "mock")));
}