access::verify_csrf PHP Code-Beispiele

Beispiel #1

0

Datei anzeigen

Datei: l10n_client.php Projekt: xafr/gallery3

 public function toggle_l10n_mode()
 {
     access::verify_csrf();
     $session = Session::instance();
     $session->set("l10n_mode", !$session->get("l10n_mode", false));
     url::redirect("albums/1");
 }

Beispiel #2

0

Datei anzeigen

Datei: admin.php Projekt: kandsten/gallery3

 public function __call($controller_name, $args)
 {
     if (Input::instance()->get("reauth_check")) {
         return self::_reauth_check();
     }
     if (auth::must_reauth_for_admin_area()) {
         return self::_prompt_for_reauth($controller_name, $args);
     }
     if (request::method() == "post") {
         access::verify_csrf();
     }
     if ($controller_name == "index") {
         $controller_name = "dashboard";
     }
     $controller_name = "Admin_{$controller_name}_Controller";
     if ($args) {
         $method = array_shift($args);
     } else {
         $method = "index";
     }
     if (!method_exists($controller_name, $method)) {
         throw new Kohana_404_Exception();
     }
     call_user_func_array(array(new $controller_name(), $method), $args);
 }

Beispiel #3

0

Datei anzeigen

Datei: admin_strip_exif.php Projekt: webmatter/gallery3-contrib

 public function index()
 {
     $form = $this->_get_form();
     if (request::method() == "post") {
         access::verify_csrf();
         if ($form->validate()) {
             module::set_var("strip_exif", "exiv_path", $_POST['exiv_path']);
             if ($_POST['exif_tags'] != "") {
                 module::set_var("strip_exif", "exif_remove", isset($_POST['exif_remove']) ? $_POST['exif_remove'] : false);
                 module::set_var("strip_exif", "exif_tags", $_POST['exif_tags']);
             } else {
                 module::set_var("strip_exif", "exif_remove", false);
                 module::set_var("strip_exif", "exif_tags", self::$defExifTags);
             }
             if ($_POST['iptc_tags'] != "") {
                 module::set_var("strip_exif", "iptc_remove", isset($_POST['iptc_remove']) ? $_POST['iptc_remove'] : false);
                 module::set_var("strip_exif", "iptc_tags", $_POST['iptc_tags']);
             } else {
                 module::set_var("strip_exif", "iptc_remove", false);
                 module::set_var("strip_exif", "iptc_tags", self::$defIptcTags);
             }
             if (isset($_POST['verbose'])) {
                 module::set_var("strip_exif", "verbose", $_POST['verbose']);
             }
             message::success(t("Settings have been saved"));
             url::redirect("admin/strip_exif");
         } else {
             message::error(t("There was a problem with the submitted form. Please check your values and try again."));
         }
     }
     print $this->_get_view();
 }

Beispiel #4

0

Datei anzeigen

Datei: admin_tag_albums.php Projekt: webmatter/gallery3-contrib

 public function saveprefs()
 {
     // Prevent Cross Site Request Forgery
     access::verify_csrf();
     $form = $this->_get_admin_form();
     if ($form->validate()) {
         Kohana_Log::add("error", print_r($form, 1));
         module::set_var("tag_albums", "tag_page_title", $form->Tag_Albums_Tag_Sort->tag_page_title->value);
         module::set_var("tag_albums", "tag_index", $form->Tag_Albums_Tag_Sort->tag_index->value);
         module::set_var("tag_albums", "tag_index_scope", count($form->Tag_Albums_Tag_Sort->tag_index_scope->value));
         module::set_var("tag_albums", "tag_index_filter_top", count($form->Tag_Albums_Tag_Sort->tag_index_filter_top->value));
         module::set_var("tag_albums", "tag_index_filter_bottom", count($form->Tag_Albums_Tag_Sort->tag_index_filter_bottom->value));
         module::set_var("tag_albums", "tag_sort_by", $form->Tag_Albums_Tag_Sort->tag_sort_by->value);
         module::set_var("tag_albums", "tag_sort_direction", $form->Tag_Albums_Tag_Sort->tag_sort_direction->value);
         module::set_var("tag_albums", "subalbum_sort_by", $form->Tag_Albums_Tag_Item_Sort->subalbum_sort_by->value);
         module::set_var("tag_albums", "subalbum_sort_direction", $form->Tag_Albums_Tag_Item_Sort->subalbum_sort_direction->value);
         message::success(t("Your settings have been saved."));
         url::redirect("admin/tag_albums");
     }
     // Else show the page with errors
     $view = new Admin_View("admin.html");
     $view->content = new View("admin_tag_albums.html");
     $view->content->tag_albums_form = $form;
     print $view;
 }

Beispiel #5

0

Datei anzeigen

Datei: admin_modules.php Projekt: xafr/gallery3

 public function save()
 {
     access::verify_csrf();
     $changes->activate = array();
     $changes->deactivate = array();
     $activated_names = array();
     $deactivated_names = array();
     foreach (module::available() as $module_name => $info) {
         if ($info->locked) {
             continue;
         }
         $desired = $this->input->post($module_name) == 1;
         if ($info->active && !$desired && module::is_active($module_name)) {
             $changes->deactivate[] = $module_name;
             $deactivated_names[] = $info->name;
             module::deactivate($module_name);
         } else {
             if (!$info->active && $desired && !module::is_active($module_name)) {
                 $changes->activate[] = $module_name;
                 $activated_names[] = $info->name;
                 module::install($module_name);
                 module::activate($module_name);
             }
         }
     }
     module::event("module_change", $changes);
     // @todo this type of collation is questionable from a i18n perspective
     if ($activated_names) {
         message::success(t("Activated: %names", array("names" => join(", ", $activated_names))));
     }
     if ($deactivated_names) {
         message::success(t("Deactivated: %names", array("names" => join(", ", $deactivated_names))));
     }
     url::redirect("admin/modules");
 }

Beispiel #6

0

Datei anzeigen

Datei: admin_theme_options.php Projekt: brocki/gallery3

 public function save()
 {
     access::verify_csrf();
     $form = theme::get_edit_form_admin();
     if ($form->validate()) {
         module::set_var("gallery", "page_size", $form->edit_theme->page_size->value);
         $thumb_size = $form->edit_theme->thumb_size->value;
         $thumb_dirty = false;
         if (module::get_var("gallery", "thumb_size") != $thumb_size) {
             graphics::remove_rule("gallery", "thumb", "gallery_graphics::resize");
             graphics::add_rule("gallery", "thumb", "gallery_graphics::resize", array("width" => $thumb_size, "height" => $thumb_size, "master" => Image::AUTO), 100);
             module::set_var("gallery", "thumb_size", $thumb_size);
         }
         $resize_size = $form->edit_theme->resize_size->value;
         $resize_dirty = false;
         if (module::get_var("gallery", "resize_size") != $resize_size) {
             graphics::remove_rule("gallery", "resize", "gallery_graphics::resize");
             graphics::add_rule("gallery", "resize", "gallery_graphics::resize", array("width" => $resize_size, "height" => $resize_size, "master" => Image::AUTO), 100);
             module::set_var("gallery", "resize_size", $resize_size);
         }
         module::set_var("gallery", "header_text", $form->edit_theme->header_text->value);
         module::set_var("gallery", "footer_text", $form->edit_theme->footer_text->value);
         module::set_var("gallery", "show_credits", $form->edit_theme->show_credits->value);
         message::success(t("Updated theme details"));
         url::redirect("admin/theme_options");
     } else {
         $view = new Admin_View("admin.html");
         $view->content = $form;
         print $view;
     }
 }

Beispiel #7

0

Datei anzeigen

Datei: admin_register.php Projekt: webmatter/gallery3-contrib

 public function activate()
 {
     access::verify_csrf();
     $post = new Validation($_POST);
     $post->add_rules("activate_users", "required");
     $post->add_rules("activate", "alpha_numeric");
     if ($post->validate()) {
         $names = array();
         if (!empty($post->activate)) {
             foreach ($post->activate as $id) {
                 $user = register::create_new_user($id);
                 $names[] = $user->name;
             }
             message::success(t("Activated %users.", array("users" => implode(", ", $names))));
         }
         $count = ORM::factory("pending_user")->where("state", "!=", 2)->count_all();
         if ($count == 0) {
             site_status::clear("pending_user_registrations");
         }
         url::redirect("admin/register");
     }
     list($form, $errors) = $this->_get_form();
     $form = array_merge($form, $post->as_array());
     $errors = array_merge($errors, $post->errors());
     print $this->_get_admin_view($form, $errors);
 }

Beispiel #8

0

Datei anzeigen

Datei: quick.php Projekt: kandsten/gallery3

 public function delete($id)
 {
     access::verify_csrf();
     $item = model_cache::get("item", $id);
     access::required("view", $item);
     access::required("edit", $item);
     if ($item->is_album()) {
         $msg = t("Deleted album <b>%title</b>", array("title" => html::purify($item->title)));
     } else {
         $msg = t("Deleted photo <b>%title</b>", array("title" => html::purify($item->title)));
     }
     $parent = $item->parent();
     if ($item->is_album()) {
         // Album delete will trigger deletes for all children.  Do this in a batch so that we can be
         // smart about notifications, album cover updates, etc.
         batch::start();
         $item->delete();
         batch::stop();
     } else {
         $item->delete();
     }
     message::success($msg);
     $from_id = Input::instance()->get("from_id");
     if (Input::instance()->get("page_type") == "collection" && $from_id != $id) {
         json::reply(array("result" => "success", "reload" => 1));
     } else {
         json::reply(array("result" => "success", "location" => $parent->url()));
     }
 }

Beispiel #9

0

Datei anzeigen

Datei: admin_phpmailer.php Projekt: webmatter/gallery3-contrib

 public function saveprefs()
 {
     // Prevent Cross Site Request Forgery
     access::verify_csrf();
     // Figure out the values of the text boxes
     $str_phpmailer_path = Input::instance()->post("phpmailer_path");
     $str_phpmailer_from_addr = Input::instance()->post("phpmailer_from_address");
     $str_phpmailer_from_name = Input::instance()->post("phpmailer_from_name");
     $str_smtp_server = Input::instance()->post("phpmailer_smtp_server");
     $str_use_ssl = Input::instance()->post("phpmailer_use_ssl");
     $str_smtp_login = Input::instance()->post("phpmailer_smtp_login");
     $str_smtp_pass = Input::instance()->post("phpmailer_smtp_password");
     $str_smtp_port = Input::instance()->post("phpmailer_smtp_port");
     if (count($str_use_ssl) > 0) {
         $str_use_ssl = true;
     } else {
         $str_use_ssl = false;
     }
     // Save Settings.
     module::set_var("phpmailer", "phpmailer_path", $str_phpmailer_path);
     module::set_var("phpmailer", "phpmailer_from_address", $str_phpmailer_from_addr);
     module::set_var("phpmailer", "phpmailer_from_name", $str_phpmailer_from_name);
     module::set_var("phpmailer", "smtp_server", $str_smtp_server);
     module::set_var("phpmailer", "use_ssl", $str_use_ssl);
     module::set_var("phpmailer", "smtp_login", $str_smtp_login);
     module::set_var("phpmailer", "smtp_password", $str_smtp_pass);
     module::set_var("phpmailer", "smtp_port", $str_smtp_port);
     message::success(t("Your Settings Have Been Saved."));
     // Load Admin page.
     $view = new Admin_View("admin.html");
     $view->content = new View("admin_phpmailer.html");
     $view->content->phpmailer_form = $this->_get_admin_form();
     print $view;
 }

Beispiel #10

0

Datei anzeigen

Datei: admin_sitemap_xtra.php Projekt: webmatter/gallery3-contrib

 public function handler()
 {
     access::verify_csrf();
     $form = $this->_get_form();
     if ($form->validate()) {
         module::set_var("sitemap_xtra", "path", $form->sitemap->sitemap_path->value);
         module::set_var("sitemap_xtra", "base_url", $form->sitemap->sitemap_base_url->value);
         module::set_var("sitemap_xtra", "zip", $form->sitemap->sitemap_zip->value);
         module::set_var("sitemap_xtra", "ping_yandex", $form->sitemap->sitemap_ping_yandex->value);
         module::set_var("sitemap_xtra", "ping_google", $form->sitemap->sitemap_ping_google->value);
         module::set_var("sitemap_xtra", "ping_bing", $form->sitemap->sitemap_ping_bing->value);
         module::set_var("sitemap_xtra", "ping_ask", $form->sitemap->sitemap_ping_ask->value);
         module::set_var("sitemap_xtra", "robots_txt", $form->sitemap->sitemap_robots_txt->value);
         module::set_var("sitemap_xtra", "albums", $form->albums->sitemap_albums->value);
         module::set_var("sitemap_xtra", "albums_freq", $form->albums->sitemap_albums_freq->value);
         module::set_var("sitemap_xtra", "albums_prio", $form->albums->sitemap_albums_prio->value);
         module::set_var("sitemap_xtra", "photos", $form->photos->sitemap_photos->value);
         module::set_var("sitemap_xtra", "photos_freq", $form->photos->sitemap_photos_freq->value);
         module::set_var("sitemap_xtra", "photos_prio", $form->photos->sitemap_photos_prio->value);
         module::set_var("sitemap_xtra", "movies", $form->movies->sitemap_movies->value);
         module::set_var("sitemap_xtra", "movies_freq", $form->movies->sitemap_movies_freq->value);
         module::set_var("sitemap_xtra", "movies_prio", $form->movies->sitemap_movies_prio->value);
         module::set_var("sitemap_xtra", "pages", $form->pages->sitemap_pages->value);
         module::set_var("sitemap_xtra", "pages_freq", $form->pages->sitemap_pages_freq->value);
         module::set_var("sitemap_xtra", "pages_prio", $form->pages->sitemap_pages_prio->value);
         if ($form->build_sitemap->sitemap_build->value) {
             if ($status = $this->_build_sitemap()) {
                 message::info($status);
             }
         }
         message::success(t("Settings have been saved"));
         url::redirect("admin/sitemap_xtra");
     }
     print $this->_get_view($form);
 }

Beispiel #11

0

Datei anzeigen

Datei: batchtag.php Projekt: kuranoglu/gallery3-contrib

 public function tagitems()
 {
     // Tag all non-album items in the current album with the specified tags.
     // Prevent Cross Site Request Forgery
     access::verify_csrf();
     // Generate an array of all non-album items in the current album.
     $children = ORM::factory("item")->where("parent_id", $this->input->post("item_id"))->where("type !=", "album")->find_all();
     // Loop through each item in the album and make sure the user has
     //   access to view and edit it.
     foreach ($children as $child) {
         if (access::can("view", $child) && access::can("edit", $child)) {
             // Assuming the user can view/edit the current item, loop
             //   through each tag that was submitted and apply it to
             //   the current item.
             foreach (split(",", $this->input->post("name")) as $tag_name) {
                 $tag_name = trim($tag_name);
                 if ($tag_name) {
                     tag::add($child, $tag_name);
                 }
             }
         }
     }
     // Redirect back to the album.
     $item = ORM::factory("item", $this->input->post("item_id"));
     url::redirect(url::abs_site("{$item->type}s/{$item->id}"));
 }

Beispiel #12

0

Datei anzeigen

Datei: admin_contactowner.php Projekt: webmatter/gallery3-contrib

 public function saveprefs()
 {
     // Prevent Cross Site Request Forgery
     access::verify_csrf();
     // Figure out which boxes where checked
     $linkOptions_array = Input::instance()->post("ContactOwnerLinkTypes");
     $ownerLink = false;
     $userLink = false;
     for ($i = 0; $i < count($linkOptions_array); $i++) {
         if ($linkOptions_array[$i] == "ContactOwner") {
             $ownerLink = true;
         }
         if ($linkOptions_array[$i] == "ContactUser") {
             $userLink = true;
         }
     }
     // Figure out the values of the text boxes
     $str_contactbutton = Input::instance()->post("owner_button_text");
     $str_contactemail = Input::instance()->post("owner_email");
     $str_contactname = Input::instance()->post("owner_name");
     $str_messageheader = Input::instance()->post("message_header");
     // Save Settings.
     module::set_var("contactowner", "contact_owner_link", $ownerLink);
     module::set_var("contactowner", "contact_user_link", $userLink);
     module::set_var("contactowner", "contact_button_text", $str_contactbutton);
     module::set_var("contactowner", "contact_owner_email", $str_contactemail);
     module::set_var("contactowner", "contact_owner_name", $str_contactname);
     module::set_var("contactowner", "contact_owner_header", $str_messageheader);
     message::success(t("Your Settings Have Been Saved."));
     // Load Admin page.
     $view = new Admin_View("admin.html");
     $view->content = new View("admin_contactowner.html");
     $view->content->contactowner_form = $this->_get_admin_form();
     print $view;
 }

Beispiel #13

0

Datei anzeigen

Datei: admin_ratings.php Projekt: webmatter/gallery3-contrib

 public function saveprefs()
 {
     // Prevent Cross Site Request Forgery
     access::verify_csrf();
     // Save Settings.
     module::set_var("ratings", "showunderphoto", Input::instance()->post("showunderphoto"));
     module::set_var("ratings", "showinsidebar", Input::instance()->post("showinsidebar"));
     module::set_var("ratings", "imageword", Input::instance()->post("imageword"));
     module::set_var("ratings", "votestring", Input::instance()->post("votestring"));
     module::set_var("ratings", "castyourvotestring", Input::instance()->post("castyourvotestring"));
     #    module::set_var("ratings", "bgcolor", Input::instance()->post("bgcolor"));
     module::set_var("ratings", "fillcolor", Input::instance()->post("fillcolor"));
     module::set_var("ratings", "votedcolor", Input::instance()->post("votedcolor"));
     module::set_var("ratings", "hovercolor", Input::instance()->post("hovercolor"));
     module::set_var("ratings", "textcolor", Input::instance()->post("textcolor"));
     module::set_var("ratings", "regonly", Input::instance()->post("regonly"));
     $iconset = Input::instance()->post("iconset");
     $iconset = preg_replace("/\\/index\\.php/", "", $iconset);
     module::set_var("ratings", "iconset", $iconset);
     message::success(t("Your Settings Have Been Saved."));
     site_status::clear("ratings_configuration");
     // Load Admin page.
     $view = new Admin_View("admin.html");
     $view->content = new View("admin_ratings.html");
     $view->content->ratings_form = $this->_get_admin_form();
     print $view;
 }

Beispiel #14

0

Datei anzeigen

Datei: reauthenticate.php Projekt: JasonWiki/docs

 public function auth()
 {
     if (!identity::active_user()->admin) {
         access::forbidden();
     }
     access::verify_csrf();
     $form = self::_form();
     $valid = $form->validate();
     $user = identity::active_user();
     if ($valid) {
         module::event("user_auth", $user);
         if (!request::is_ajax()) {
             message::success(t("Successfully re-authenticated!"));
         }
         url::redirect(Session::instance()->get_once("continue_url"));
     } else {
         $name = $user->name;
         log::warning("user", t("Failed re-authentication for %name", array("name" => $name)));
         module::event("user_auth_failed", $name);
         if (request::is_ajax()) {
             $v = new View("reauthenticate.html");
             $v->form = $form;
             $v->user_name = identity::active_user()->name;
             json::reply(array("html" => (string) $v));
         } else {
             self::_show_form($form);
         }
     }
 }

Beispiel #15

0

Datei anzeigen

Datei: captionator.php Projekt: webmatter/gallery3-contrib

 function save($album_id)
 {
     access::verify_csrf();
     $album = ORM::factory("item", $album_id);
     access::required("edit", $album);
     if (Input::instance()->post("save")) {
         $titles = Input::instance()->post("title");
         $descriptions = Input::instance()->post("description");
         $filenames = Input::instance()->post("filename");
         $internetaddresses = Input::instance()->post("internetaddress");
         $tags = Input::instance()->post("tags");
         $enable_tags = module::is_active("tag");
         foreach (array_keys($titles) as $id) {
             $item = ORM::factory("item", $id);
             if ($item->loaded() && access::can("edit", $item)) {
                 $item->title = $titles[$id];
                 $item->description = $descriptions[$id];
                 $item->name = $filenames[$id];
                 $item->slug = $internetaddresses[$id];
                 $item->save();
                 if ($enable_tags) {
                     tag::clear_all($item);
                     foreach (explode(",", $tags[$id]) as $tag_name) {
                         if ($tag_name) {
                             tag::add($item, trim($tag_name));
                         }
                     }
                     tag::compact();
                 }
             }
         }
         message::success(t("Captions saved"));
     }
     url::redirect($album->abs_url());
 }

Beispiel #16

0

Datei anzeigen

Datei: rest.php Projekt: kandsten/gallery3

 public function reset_api_key()
 {
     access::verify_csrf();
     rest::reset_access_key();
     message::success(t("Your REST API key has been reset."));
     json::reply(array("result" => "success"));
 }

Beispiel #17

0

Datei anzeigen

Datei: permissions.php Projekt: JasonWiki/docs

 function change($command, $group_id, $perm_id, $item_id)
 {
     access::verify_csrf();
     $group = identity::lookup_group($group_id);
     $perm = ORM::factory("permission", $perm_id);
     $item = ORM::factory("item", $item_id);
     access::required("view", $item);
     access::required("edit", $item);
     if (!empty($group) && $perm->loaded() && $item->loaded()) {
         switch ($command) {
             case "allow":
                 access::allow($group, $perm->name, $item);
                 break;
             case "deny":
                 access::deny($group, $perm->name, $item);
                 break;
             case "reset":
                 access::reset($group, $perm->name, $item);
                 break;
         }
         // If the active user just took away their own edit permissions, give it back.
         if ($perm->name == "edit") {
             if (!access::user_can(identity::active_user(), "edit", $item)) {
                 access::allow($group, $perm->name, $item);
             }
         }
     }
 }

Beispiel #18

0

Datei anzeigen

Datei: admin_sharephoto.php Projekt: Glooper/gallery3-contrib

 public function saveprefs()
 {
     // Prevent Cross Site Request Forgery
     access::verify_csrf();
     $form = $this->_get_admin_form();
     // Figure out which boxes where checked
     $shareOpts_array = Input::instance()->post("ShareOptions");
     $IconsButton = false;
     $HTMLLinksButton = false;
     for ($i = 0; $i < count($shareOpts_array); $i++) {
         if ($shareOpts_array[$i] == "Icons") {
             $IconsButton = true;
         }
         if ($shareOpts_array[$i] == "HTMLLinks") {
             $HTMLLinksButton = true;
         }
     }
     // Save Settings.
     module::set_var("sharephoto", "Icons", $IconsButton);
     module::set_var("sharephoto", "HTMLLinks", $HTMLLinksButton);
     message::success(t("Your Selection Has Been Saved."));
     // Load Admin page.
     $view = new Admin_View("admin.html");
     $view->content = new View("admin_sharephoto.html");
     $view->content->sharephoto_form = $form;
     print $view;
 }

Beispiel #19

0

Datei anzeigen

Datei: photos.php Projekt: hiwilson/gallery3

 /**
  * @see REST_Controller::_update($resource)
  */
 public function _update($photo)
 {
     access::verify_csrf();
     access::required("view", $photo);
     access::required("edit", $photo);
     $form = photo::get_edit_form($photo);
     if ($valid = $form->validate()) {
         if ($form->edit_photo->filename->value != $photo->name) {
             // Make sure that there's not a conflict
             if (Database::instance()->from("items")->where("parent_id", $photo->parent_id)->where("id <>", $photo->id)->where("name", $form->edit_photo->filename->value)->count_records()) {
                 $form->edit_photo->filename->add_error("conflict", 1);
                 $valid = false;
             }
         }
     }
     if ($valid) {
         $photo->title = $form->edit_photo->title->value;
         $photo->description = $form->edit_photo->description->value;
         $photo->rename($form->edit_photo->filename->value);
         $photo->save();
         module::event("photo_edit_form_completed", $photo, $form);
         log::success("content", "Updated photo", "<a href=\"photos/{$photo->id}\">view</a>");
         message::success(t("Saved photo %photo_title", array("photo_title" => p::clean($photo->title))));
         print json_encode(array("result" => "success", "location" => url::site("photos/{$photo->id}")));
     } else {
         print json_encode(array("result" => "error", "form" => $form->__toString()));
     }
 }

Beispiel #20

0

Datei anzeigen

Datei: photos.php Projekt: scarygary/gallery3

 /**
  * @see REST_Controller::_update($resource)
  */
 public function _update($photo)
 {
     access::verify_csrf();
     access::required("view", $photo);
     access::required("edit", $photo);
     $form = photo::get_edit_form($photo);
     $valid = $form->validate();
     if ($valid = $form->validate()) {
         if ($form->edit_item->filename->value != $photo->name || $form->edit_item->slug->value != $photo->slug) {
             // Make sure that there's not a name or slug conflict
             if ($row = Database::instance()->select(array("name", "slug"))->from("items")->where("parent_id", $photo->parent_id)->where("id <>", $photo->id)->open_paren()->where("name", $form->edit_item->filename->value)->orwhere("slug", $form->edit_item->slug->value)->close_paren()->get()->current()) {
                 if ($row->name == $form->edit_item->filename->value) {
                     $form->edit_item->filename->add_error("name_conflict", 1);
                 }
                 if ($row->slug == $form->edit_item->slug->value) {
                     $form->edit_item->slug->add_error("slug_conflict", 1);
                 }
                 $valid = false;
             }
         }
     }
     if ($valid) {
         $photo->title = $form->edit_item->title->value;
         $photo->description = $form->edit_item->description->value;
         $photo->slug = $form->edit_item->slug->value;
         $photo->rename($form->edit_item->filename->value);
         $photo->save();
         module::event("item_edit_form_completed", $photo, $form);
         log::success("content", "Updated photo", "<a href=\"{$photo->url()}\">view</a>");
         message::success(t("Saved photo %photo_title", array("photo_title" => html::purify($photo->title))));
         print json_encode(array("result" => "success"));
     } else {
         print json_encode(array("result" => "error", "form" => $form->__toString()));
     }
 }

Beispiel #21

0

Datei anzeigen

Datei: admin_advanced_settings.php Projekt: kandsten/gallery3

 public function save($module_name, $var_name)
 {
     access::verify_csrf();
     module::set_var($module_name, $var_name, Input::instance()->post("value"));
     message::success(t("Saved value for %var (%module_name)", array("var" => $var_name, "module_name" => $module_name)));
     json::reply(array("result" => "success"));
 }

Beispiel #22

0

Datei anzeigen

Datei: admin_iptc.php Projekt: Glooper/gallery3-contrib

 public function saveprefs()
 {
     // Save user preferences to the database.
     // Prevent Cross Site Request Forgery
     access::verify_csrf();
     // Make sure the user filled out the form properly.
     $form = $this->_get_admin_form();
     if ($form->validate()) {
         Kohana_Log::add("error", print_r($form, 1));
         // Save settings to Gallery's database.
         foreach (iptc::keys() as $keyword => $iptcvar) {
             $checkbox = false;
             for ($i = 0; $i < count($form->Global->{$keyword}); $i++) {
                 if ($form->Global->{$keyword}->value[$i] == $keyword) {
                     $checkbox = true;
                 }
             }
             module::set_var("iptc", "show_" . $keyword, $checkbox);
         }
         // Display a success message and redirect back to the TagsMap admin page.
         message::success(t("Your settings have been saved."));
         url::redirect("admin/iptc");
     }
     // Else show the page with errors
     $view = new Admin_View("admin.html");
     $view->content = new View("admin_iptc.html");
     $view->content->iptc_form = $form;
     print $view;
 }

Beispiel #23

0

Datei anzeigen

Datei: admin_tags.php Projekt: Okat/gallery3

 public function rename($id)
 {
     access::verify_csrf();
     $tag = ORM::factory("tag", $id);
     if (!$tag->loaded) {
         kohana::show_404();
     }
     $form = tag::get_rename_form($tag);
     $valid = $form->validate();
     if ($valid) {
         $new_name = $form->rename_tag->inputs["name"]->value;
         $new_tag = ORM::factory("tag")->where("name", $new_name)->find();
         if ($new_tag->loaded) {
             $form->rename_tag->inputs["name"]->add_error("in_use", 1);
             $valid = false;
         }
     }
     if ($valid) {
         $old_name = $tag->name;
         $tag->name = $new_name;
         $tag->save();
         $message = t("Renamed tag %old_name to %new_name", array("old_name" => $old_name, "new_name" => $tag->name));
         message::success($message);
         log::success("tags", $message);
         print json_encode(array("result" => "success", "location" => url::site("admin/tags"), "tag_id" => $tag->id, "new_tagname" => html::clean($tag->name)));
     } else {
         print json_encode(array("result" => "error", "form" => $form->__toString()));
     }
 }

Beispiel #24

0

Datei anzeigen

Datei: admin_tags.php Projekt: HarriLu/gallery3

 public function rename($id)
 {
     access::verify_csrf();
     $tag = ORM::factory("tag", $id);
     if (!$tag->loaded()) {
         throw new Kohana_404_Exception();
     }
     $in_place_edit = InPlaceEdit::factory($tag->name)->action("admin/tags/rename/{$tag->id}")->rules(array("required", "length[1,64]"));
     if ($in_place_edit->validate()) {
         $old_name = $tag->name;
         $new_name_or_list = $in_place_edit->value();
         $tag_list = explode(",", $new_name_or_list);
         $tag->name = array_shift($tag_list);
         $tag->save();
         if (!empty($tag_list)) {
             $this->_copy_items_for_tags($tag, $tag_list);
             $message = t("Split tag <i>%old_name</i> into <i>%tag_list</i>", array("old_name" => $old_name, "tag_list" => $new_name_or_list));
         } else {
             $message = t("Renamed tag <i>%old_name</i> to <i>%new_name</i>", array("old_name" => $old_name, "new_name" => $tag->name));
         }
         message::success($message);
         log::success("tags", $message);
         json::reply(array("result" => "success", "location" => url::site("admin/tags")));
     } else {
         json::reply(array("result" => "error", "form" => (string) $in_place_edit->render()));
     }
 }

Beispiel #25

0

Datei anzeigen

Datei: admin_downloadfullsize.php Projekt: webmatter/gallery3-contrib

 public function saveprefs()
 {
     // Prevent Cross Site Request Forgery
     access::verify_csrf();
     // Figure out which boxes where checked
     $dlLinks_array = Input::instance()->post("DownloadLinkOptions");
     $fButton = false;
     $download_original_button = false;
     for ($i = 0; $i < count($dlLinks_array); $i++) {
         if ($dlLinks_array[$i] == "fButton") {
             $fButton = true;
         }
     }
     if (module::is_active("keeporiginal")) {
         $keeporiginal_array = Input::instance()->post("DownloadOriginalOptions");
         for ($i = 0; $i < count($keeporiginal_array); $i++) {
             if ($keeporiginal_array[$i] == "DownloadOriginalImage") {
                 $download_original_button = true;
             }
         }
         module::set_var("downloadfullsize", "DownloadOriginalImage", $download_original_button);
     }
     // Save Settings.
     module::set_var("downloadfullsize", "fButton", $fButton);
     message::success(t("Your Selection Has Been Saved."));
     // Load Admin page.
     $view = new Admin_View("admin.html");
     $view->content = new View("admin_downloadfullsize.html");
     $view->content->downloadlinks_form = $this->_get_admin_form();
     print $view;
 }

Beispiel #26

0

Datei anzeigen

Datei: admin_tag_cloud.php Projekt: Glooper/gallery3-contrib

 public function edit()
 {
     access::verify_csrf();
     $form = $this->_get_admin_form();
     if ($form->validate()) {
         $options = $form->tag_cloud_options;
         $valid = true;
         if (preg_match("/^0x[0-9A-Fa-f]{6}\$/", $options->tagcolor->value) == 0) {
             $options->tagcolor->add_error("not_valid", 1);
             $valid = false;
         }
         if (preg_match("/^0x[0-9A-Fa-f]{6}\$/", $options->background_color->value) == 0) {
             $options->background_color->add_error("not_valid", 1);
             $valid = false;
         }
         if ($valid) {
             module::set_var("tag_cloud", "tagcolor", $options->tagcolor->value);
             module::set_var("tag_cloud", "mouseover", $options->mouseover->value);
             module::set_var("tag_cloud", "background_color", $options->background_color->value);
             module::set_var("tag_cloud", "transparent", $options->transparent->value);
             module::set_var("tag_cloud", "speed", $options->speed->value);
             module::set_var("tag_cloud", "distribution", $options->distribution->value);
             message::success(t("Tag cloud options updated successfully"));
             url::redirect("admin/tag_cloud");
         }
     }
     $view = new Admin_View("admin.html");
     $view->content = new View("admin_tag_cloud.html");
     $view->content->form = $form;
     print $view;
 }

Beispiel #27

0

Datei anzeigen

Datei: admin_social_share.php Projekt: webmatter/gallery3-contrib

 public function handler()
 {
     access::verify_csrf();
     $form = $this->_get_form();
     if ($form->validate()) {
         module::set_var("social_share", "general_impage_only", $form->general_settings->general_impage_only->value);
         module::set_var("social_share", "facebook_share_enabled", $form->facebook_share_settings->facebook_share_enabled->value);
         module::set_var("social_share", "facebook_share_layout", $form->facebook_share_settings->facebook_share_layout->value);
         module::set_var("social_share", "facebook_share_link_text", $form->facebook_share_settings->facebook_share_link_text->value);
         module::set_var("social_share", "facebook_like_enabled", $form->facebook_like_settings->facebook_like_enabled->value);
         module::set_var("social_share", "facebook_like_appId", $form->facebook_like_settings->facebook_like_appId->value);
         module::set_var("social_share", "facebook_like_adminId", $form->facebook_like_settings->facebook_like_adminId->value);
         module::set_var("social_share", "facebook_like_site_name", $form->facebook_like_settings->facebook_like_site_name->value);
         module::set_var("social_share", "facebook_like_code_type", $form->facebook_like_settings->facebook_like_code_type->value);
         module::set_var("social_share", "facebook_like_show_faces", $form->facebook_like_settings->facebook_like_show_faces->value, true);
         module::set_var("social_share", "facebook_like_send", $form->facebook_like_settings->facebook_like_send->value, true);
         module::set_var("social_share", "facebook_like_action", $form->facebook_like_settings->facebook_like_action->value);
         module::set_var("social_share", "facebook_like_layout", $form->facebook_like_settings->facebook_like_layout->value);
         module::set_var("social_share", "google_enabled", $form->google_settings->google_enabled->value);
         module::set_var("social_share", "google_size", $form->google_settings->google_size->value);
         module::set_var("social_share", "google_annotation", $form->google_settings->google_annotation->value);
         module::set_var("social_share", "pinterest_enabled", $form->pinterest_settings->pinterest_enabled->value);
         module::set_var("social_share", "pinterest_count_location", $form->pinterest_settings->pinterest_count_location->value);
         module::set_var("social_share", "twitter_enabled", $form->twitter_settings->twitter_enabled->value);
         module::set_var("social_share", "twitter_count_location", $form->twitter_settings->twitter_count_location->value);
         module::set_var("social_share", "twitter_size", $form->twitter_settings->twitter_size->value);
         message::success(t("Your settings have been saved."));
         url::redirect("admin/social_share");
     }
     print $this->_get_view($form);
 }

Beispiel #28

0

Datei anzeigen

Datei: admin_developer.php Projekt: sendyputra/gallery3-contrib

 public function session($key)
 {
     access::verify_csrf();
     $input = Input::instance();
     Session::instance()->set($key, $input->get("value"));
     url::redirect($input->server("HTTP_REFERER"));
 }

Beispiel #29

0

Datei anzeigen

Datei: admin_minislideshow.php Projekt: ChrisRut/gallery3-contrib

 public function saveprefs()
 {
     // Process the admin form.
     // Prevent Cross Site Request Forgery
     access::verify_csrf();
     // Save user specified settings to the database.
     $str_slideshow_url = Input::instance()->post("slideshow_url");
     module::set_var("minislideshow", "slideshow_url", $str_slideshow_url);
     $str_slideshow_shuffle = Input::instance()->post("shuffle");
     module::set_var("minislideshow", "shuffle", $str_slideshow_shuffle);
     $str_slideshow_dropshadow = Input::instance()->post("dropshadow");
     module::set_var("minislideshow", "dropshadow", $str_slideshow_dropshadow);
     $str_slideshow_show_title = Input::instance()->post("show_title");
     module::set_var("minislideshow", "show_title", $str_slideshow_show_title);
     $str_slideshow_trans_in_type = Input::instance()->post("trans_in_type");
     module::set_var("minislideshow", "trans_in_type", $str_slideshow_trans_in_type);
     $str_slideshow_trans_out_type = Input::instance()->post("trans_out_type");
     module::set_var("minislideshow", "trans_out_type", $str_slideshow_trans_out_type);
     $str_slideshow_mask = Input::instance()->post("mask");
     module::set_var("minislideshow", "mask", $str_slideshow_mask);
     $str_slideshow_use_full_image = Input::instance()->post("use_full_image");
     module::set_var("minislideshow", "use_full_image", $str_slideshow_use_full_image);
     $str_slideshow_delay = Input::instance()->post("delay");
     module::set_var("minislideshow", "delay", $str_slideshow_delay);
     // Display a success message and load the admin screen.
     message::success(t("Your Settings Have Been Saved."));
     $view = new Admin_View("admin.html");
     $view->content = new View("admin_minislideshow.html");
     $view->content->minislideshow_form = $this->_get_admin_form();
     print $view;
 }

Beispiel #30

0

Datei anzeigen

Datei: admin_theme_options.php Projekt: HarriLu/gallery3

 public function save()
 {
     access::verify_csrf();
     $form = $this->_get_edit_form_admin();
     if ($form->validate()) {
         module::set_var("gallery", "page_size", $form->edit_theme->page_size->value);
         $thumb_size = $form->edit_theme->thumb_size->value;
         if (module::get_var("gallery", "thumb_size") != $thumb_size) {
             graphics::remove_rule("gallery", "thumb", "gallery_graphics::resize");
             graphics::add_rule("gallery", "thumb", "gallery_graphics::resize", array("width" => $thumb_size, "height" => $thumb_size, "master" => Image::AUTO), 100);
             module::set_var("gallery", "thumb_size", $thumb_size);
         }
         $resize_size = $form->edit_theme->resize_size->value;
         if (module::get_var("gallery", "resize_size") != $resize_size) {
             graphics::remove_rule("gallery", "resize", "gallery_graphics::resize");
             graphics::add_rule("gallery", "resize", "gallery_graphics::resize", array("width" => $resize_size, "height" => $resize_size, "master" => Image::AUTO), 100);
             module::set_var("gallery", "resize_size", $resize_size);
         }
         module::set_var("gallery", "show_credits", $form->edit_theme->show_credits->value);
         // Sanitize values that get placed directly in HTML output by theme.
         module::set_var("gallery", "header_text", html::purify($form->edit_theme->header_text->value));
         module::set_var("gallery", "footer_text", html::purify($form->edit_theme->footer_text->value));
         module::set_var("gallery", "favicon_url", html::purify($form->edit_theme->favicon_url->value));
         module::set_var("gallery", "apple_touch_icon_url", html::purify($form->edit_theme->apple_touch_icon_url->value));
         module::event("theme_edit_form_completed", $form);
         message::success(t("Updated theme details"));
         url::redirect("admin/theme_options");
     } else {
         $view = new Admin_View("admin.html");
         $view->content = new View("admin_theme_options.html");
         $view->content->form = $form;
         print $view;
     }
 }

PHP access::verify_csrf Beispiele