public function change_photo_test() { $controller = new Photos_Controller(); $root = ORM::factory("item", 1); $photo = photo::create($root, MODPATH . "gallery/tests/test.jpg", "test.jpeg", "test", "test", identity::active_user()->id, "slug"); $orig_name = $photo->name; $_POST["filename"] = "test.jpeg"; $_POST["name"] = "new name"; $_POST["title"] = "new title"; $_POST["description"] = "new description"; $_POST["slug"] = "new-slug"; $_POST["csrf"] = access::csrf_token(); access::allow(identity::everybody(), "edit", $root); ob_start(); $controller->update($photo->id); $photo->reload(); $results = ob_get_contents(); ob_end_clean(); $this->assert_equal(json_encode(array("result" => "success", "location" => "HTTP_REFERER")), $results); $this->assert_equal("new-slug", $photo->slug); $this->assert_equal("new title", $photo->title); $this->assert_equal("new description", $photo->description); // We don't change the name, yet. $this->assert_equal($orig_name, $photo->name); }
public function change_album_test() { $controller = new Albums_Controller(); $root = ORM::factory("item", 1); $this->_album = album::create($root, "test", "test", "test"); $orig_name = $this->_album->name; $_POST["dirname"] = "test"; $_POST["name"] = "new name"; $_POST["title"] = "new title"; $_POST["description"] = "new description"; $_POST["column"] = "weight"; $_POST["direction"] = "ASC"; $_POST["csrf"] = access::csrf_token(); $_POST["_method"] = "put"; access::allow(group::everybody(), "edit", $root); ob_start(); $controller->_update($this->_album); $results = ob_get_contents(); ob_end_clean(); $this->assert_equal(json_encode(array("result" => "success")), $results); $this->assert_equal("new title", $this->_album->title); $this->assert_equal("new description", $this->_album->description); // We don't change the name, yet. $this->assert_equal($orig_name, $this->_album->name); }
static function context_menu($menu, $theme, $item, $thumb_css_selector) { if (hide::can_be_hidden($item) && hide::can_hide($item)) { $csrf = access::csrf_token(); $link = self::_get_hide_link_data($item); $menu->get("options_menu")->append(Menu::factory("ajax_link")->label($link["text"])->ajax_handler("function(data) { window.location.reload() }")->url(url::site("display/" . $link["action"] . "/{$item->id}?csrf={$csrf}"))); } }
function is_admin() { if (identity::active_user()->admin) { json::reply(array("result" => "success", "csrf" => access::csrf_token())); return; } json::reply(array("result" => "failure")); }
function two_hiddens_test() { $form = new Forge("test/controller", "", "post"); $form->hidden("HIDDEN_NAME")->value("HIDDEN_VALUE"); $csrf = access::csrf_token(); $expected = "<form action=\"http://./index.php/test/controller\" method=\"post\" class=\"form\">\n" . "<input type=\"hidden\" name=\"csrf\" value=\"{$csrf}\" />" . "<input type=\"hidden\" name=\"HIDDEN_NAME\" value=\"HIDDEN_VALUE\" />" . " <ul>\n" . " </ul>\n" . "</form>"; $this->assert_same($expected, (string) $form); }
function is_admin() { if (identity::active_user()->admin) { print json_encode(array("result" => "success", "csrf" => access::csrf_token())); return; } print json_encode(array("result" => "failure")); }
static function album($menu, $theme) { if (!user::active()->guest) { $item = $theme->item(); if ($item) { $watching = notification::is_watching($item); $menu->append(Menu::factory("link")->id("watch")->label(t("Enable notifications for this album"))->url(url::site("notification/watch/{$item->id}?csrf=" . access::csrf_token()))->css_id($watching ? "gRemoveWatchLink" : "gAddWatchLink")); } } }
static function context_menu($menu, $theme, $item, $thumb_css_selector) { $csrf = access::csrf_token(); $options_menu = $menu->get("options_menu"); $can_edit = $item && access::can("edit", $item); if ($can_edit && $options_menu != null) { $cover_title = t("Browse for an album to cover"); $options_menu->append(Menu::factory("dialog")->id("browse_album_cover")->label($cover_title)->css_class("ui-icon-folder-open")->url(url::site("browse/browse/{$item->id}?csrf={$csrf}"))); } }
public function index() { $view = new Admin_View("admin.html"); $view->content = new View("admin_sidebar.html"); $view->content->csrf = access::csrf_token(); $view->content->available = new View("admin_sidebar_blocks.html"); $view->content->active = new View("admin_sidebar_blocks.html"); list($view->content->available->blocks, $view->content->active->blocks) = $this->_get_blocks(); print $view; }
function group_test() { $form = new Forge("test/controller", "", "post", array("id" => "gTestGroupForm")); $group = $form->group("test_group")->label(t("Test Group")); $group->input("title")->label(t("Title")); $group->textarea("description")->label(t("Text Area")); $group->submit("")->value(t("Submit")); $rendered = $form->__toString(); $expected = "<form action=\"http://./index.php/test/controller\" method=\"post\" " . "id=\"gTestGroupForm\">\n" . "<input type=\"hidden\" name=\"csrf\" value=\"" . access::csrf_token() . "\" />\n" . " <fieldset>\n" . " <legend>Test Group</legend>\n" . " <ul>\n" . " <li>\n" . " <label for=\"title\" >Title</label>\n" . " <input type=\"text\" id=\"title\" name=\"title\" value=\"\" " . "class=\"textbox\" />\n" . " </li>\n" . " <li>\n" . " <label for=\"description\" >Text Area</label>\n" . " <textarea id=\"description\" name=\"description\" " . "class=\"textarea\" ></textarea>\n" . " </li>\n" . " <li>\n" . " <input type=\"submit\" value=\"Submit\" class=\"submit\" />\n" . " </li>\n" . " </ul>\n" . " </fieldset>\n" . "</form>\n"; $this->assert_same($expected, $rendered); }
static function site_menu($menu, $theme) { if (!user::active()->guest) { $item = $theme->item(); if ($item && $item->is_album() && access::can("view", $item)) { $watching = notification::is_watching($item); $label = $watching ? t("Remove notifications") : t("Enable notifications"); $menu->get("options_menu")->append(Menu::factory("link")->id("watch")->label($label)->css_id("gNotifyLink")->url(url::site("notification/watch/{$item->id}?csrf=" . access::csrf_token()))); } } }
/** * Get any pending messages. There are two types of messages, transient and permanent. * Permanent messages are used to let the admin know that there are pending administrative * issues that need to be resolved. Transient ones are only displayed once. * @return html text */ static function get() { $buf = array(); $messages = Session::instance()->get_once("messages", array()); foreach ($messages as $msg) { $msg[0] = str_replace("__CSRF__", access::csrf_token(), $msg[0]); $buf[] = "<li class=\"" . message::severity_class($msg[1]) . "\">{$msg['0']}</li>"; } if ($buf) { return "<ul id=\"g-action-status\" class=\"g-message-block\">" . implode("", $buf) . "</ul>"; } }
static function admin_head($theme) { $buf = ""; if (strpos(Router::$current_uri, "admin/server_add") !== false) { $buf .= $theme->css("server_add.css") . $theme->css("jquery.autocomplete.css"); $base = url::site("__ARGS__"); $csrf = access::csrf_token(); $buf .= "<script type=\"text/javascript\"> var base_url = \"{$base}\"; var csrf = \"{$csrf}\";</script>"; $buf .= $theme->script("jquery.autocomplete.js") . $theme->script("admin.js"); } return $buf; }
static function buttons($item, $page_type) { $elements = array("left" => array(), "center" => array(), "right" => array(), "additional" => array()); switch ($item->type) { case "movie": $edit_title = t("Edit this movie"); $move_title = t("Move this movie to another album"); $cover_title = t("Choose this movie as the album cover"); $delete_title = t("Delete this movie"); break; case "album": $edit_title = t("Edit this album"); $move_title = t("Move this album to another album"); $cover_title = t("Choose this album as the album cover"); $delete_title = t("Delete this album"); break; default: $edit_title = t("Edit this photo"); $move_title = t("Move this photo to another album"); $cover_title = t("Choose this photo as the album cover"); $delete_title = t("Delete this photo"); break; } $csrf = access::csrf_token(); $elements["left"][] = (object) array("title" => $edit_title, "class" => "gDialogLink gButtonLink", "icon" => "ui-icon-pencil", "href" => url::site("quick/form_edit/{$item->id}?page_type={$page_type}")); if ($item->is_photo() && graphics::can("rotate")) { $elements["left"][] = (object) array("title" => t("Rotate 90 degrees counter clockwise"), "class" => "gButtonLink", "icon" => "ui-icon-rotate-ccw", "href" => url::site("quick/rotate/{$item->id}/ccw?csrf={$csrf}&page_type={$page_type}")); $elements["left"][] = (object) array("title" => t("Rotate 90 degrees clockwise"), "class" => "gButtonLink", "icon" => "ui-icon-rotate-cw", "href" => url::site("quick/rotate/{$item->id}/cw?csrf={$csrf}&page_type={$page_type}")); } // Don't move photos from the photo page; we don't yet have a good way of redirecting after move if ($page_type == "album") { $elements["left"][] = (object) array("title" => $move_title, "class" => "gDialogLink gButtonLink", "icon" => "ui-icon-folder-open", "href" => url::site("move/browse/{$item->id}")); } $parent = $item->parent(); if (access::can("edit", $parent)) { // We can't make this item the highlight if it's an album with no album cover, or if it's // already the album cover. if ($item->type == "album" && empty($item->album_cover_item_id) || $item->type == "album" && $parent->album_cover_item_id == $item->album_cover_item_id || $parent->album_cover_item_id == $item->id) { $disabledState = " ui-state-disabled"; } else { $disabledState = " "; } $elements["right"][] = (object) array("title" => $cover_title, "class" => "gButtonLink{$disabledState}", "icon" => "ui-icon-star", "href" => url::site("quick/make_album_cover/{$item->id}?csrf={$csrf}&page_type={$page_type}")); $elements["right"][] = (object) array("title" => $delete_title, "class" => "gDialogLink gButtonLink", "icon" => "ui-icon-trash", "id" => "gQuickDelete", "href" => url::site("quick/form_delete/{$item->id}?csrf={$csrf}&page_type={$page_type}")); } if ($item->is_album()) { $elements["additional"][] = (object) array("title" => t("Add a photo"), "class" => "add_item gDialogLink", "href" => url::site("simple_uploader/app/{$item->id}")); $elements["additional"][] = (object) array("title" => t("Add an album"), "class" => "add_album gDialogLink", "href" => url::site("form/add/albums/{$item->id}?type=album")); $elements["additional"][] = (object) array("title" => t("Edit permissions"), "class" => "permissions gDialogLink", "href" => url::site("permissions/browse/{$item->id}")); } return $elements; }
static function admin_head($theme) { $head = array(); if (strpos(Router::$current_uri, "admin/server_add") !== false) { $head[] = "<link media=\"screen, projection\" rel=\"stylesheet\" type=\"text/css\" href=\"" . url::file("lib/jquery.autocomplete.css") . "\" />"; $base = url::site("__ARGS__"); $csrf = access::csrf_token(); $head[] = "<script> var base_url = \"{$base}\"; var csrf = \"{$csrf}\";</script>"; $head[] = html::script("lib/jquery.autocomplete.js"); $head[] = html::script("modules/server_add/js/admin.js"); } return implode("\n", $head); }
static function admin_head($theme) { $head = array(); if (strpos(Router::$current_uri, "admin/server_add") !== false) { $theme->css("lib/jquery.autocomplete.css"); $base = url::site("__ARGS__"); $csrf = access::csrf_token(); $head[] = "<script> var base_url = \"{$base}\"; var csrf = \"{$csrf}\";</script>"; $theme->script("lib/jquery.autocomplete.js"); $theme->script("modules/server_add/js/admin.js"); } return implode("\n", $head); }
private function _get_view() { $view = new Admin_View("admin.html"); $view->page_title = t("Manage module order"); $view->content = new View("admin_moduleorder.html"); $view->content->csrf = access::csrf_token(); $view->content->available = new View("admin_moduleorder_blocks.html"); $view->content->active = new View("admin_moduleorder_blocks.html"); if (module::get_version("gallery") > 31) { $view->content->available->modules = $this->_get_modules(); } return $view; }
/** * Begin the task of adding photos. */ public function start() { access::verify_csrf(); $item = ORM::factory("item", Input::instance()->get("item_id")); foreach (Input::instance()->post("paths") as $path) { if (server_add::is_valid_path($path)) { $paths[] = array($path, null); } } $task_def = Task_Definition::factory()->callback("Server_Add_Controller::add")->description(t("Add photos or movies from the local server"))->name(t("Add from server")); $task = task::create($task_def, array("item_id" => $item->id, "queue" => $paths)); print json_encode(array("result" => "started", "status" => $task->status, "url" => url::site("server_add/run/{$task->id}?csrf=" . access::csrf_token()))); }
function form_script_test() { $form = new Forge("test/controller", "", "post", array("id" => "g-test-group-form")); $group = $form->group("test_group")->label(t("Test Group")); $group->input("title")->label(t("Title")); $group->textarea("description")->label(t("Text Area")); $form->script("")->url(url::file("test.js"))->text("alert('Test Javascript');"); $group->submit("")->value(t("Submit")); $rendered = $form->__toString(); $csrf = access::csrf_token(); $expected = "<form action=\"http://./index.php/test/controller\" method=\"post\" " . "id=\"g-test-group-form\">\n" . "<input type=\"hidden\" name=\"csrf\" value=\"{$csrf}\" />" . " <fieldset>\n" . " <legend>Test Group</legend>\n" . " <ul>\n" . " <li>\n" . " <label for=\"title\" >Title</label>\n" . " <input type=\"text\" name=\"title\" value=\"\" " . "class=\"textbox\" />\n" . " </li>\n" . " <li>\n" . " <label for=\"description\" >Text Area</label>\n" . " <textarea name=\"description\" rows=\"\" cols=\"\" " . "class=\"textarea\" ></textarea>\n" . " </li>\n" . " <li>\n" . " <input type=\"submit\" value=\"Submit\" class=\"submit\" />\n" . " </li>\n" . " </ul>\n" . " </fieldset>\n" . "<script type=\"text/javascript\" src=\"http://./test.js\"></script>\n\n" . "<script type=\"text/javascript\">\n" . "alert('Test Javascript');\n" . "</script>\n" . "</form>"; $this->assert_same($expected, $rendered); }
static function admin_head($theme) { $head = array(); if (strpos(Router::$current_uri, "admin/videos") !== false) { $theme->css("videos.css"); $theme->css("jquery.autocomplete.css"); $base = url::site("__ARGS__"); $csrf = access::csrf_token(); $head[] = "<script type=\"text/javascript\"> var base_url = \"{$base}\"; var csrf = \"{$csrf}\";</script>"; $theme->script("jquery.autocomplete.js"); $theme->script("admin_videos.js"); } return implode("\n", $head); }
public function form_upload() { $v = new View("admin_themeroller_upload.html"); list($v->form, $v->errors) = $this->_get_upload_form(); $v->is_writable = is_writable(THEMEPATH); $v->action = "admin/themeroller/form_create"; $submit_class = "ui-state-default ui-corner-all submit g-left"; if ($v->not_writable = !is_writable(THEMEPATH)) { $submit_class .= " ui-state-disabled"; } $v->submit_class = $submit_class; $v->script_data = array("g3sid" => Session::instance()->id(), "user_agent" => Input::instance()->server("HTTP_USER_AGENT"), "csrf" => access::csrf_token()); json::reply(array("html" => (string) $v)); }
public function render() { $v = new View("in_place_edit.html"); $v->hidden = array("csrf" => access::csrf_token()); $v->action = url::site($this->action); $v->form = $this->form; $v->errors = $this->errors; foreach ($v->errors as $key => $error) { if (!empty($error)) { $v->errors[$key] = $this->messages[$error]; } } return $v->render(); }
static function admin_menu($menu, $theme) { $developer_menu = Menu::factory("submenu")->id("developer_menu")->label(t("Developer tools")); $menu->append($developer_menu); $developer_menu->append(Menu::factory("link")->id("generate_menu")->label(t("Generate module"))->url(url::site("admin/developer/module")))->append(Menu::factory("link")->id("generate_data")->label(t("Generate test data"))->url(url::site("admin/developer/test_data")))->append(Menu::factory("link")->id("mptt_tree_menu")->label(t("MPTT tree"))->url(url::site("admin/developer/mptt"))); $csrf = access::csrf_token(); if (Session::instance()->get("profiler", false)) { $developer_menu->append(Menu::factory("link")->id("scaffold_profiler")->label(t("Profiling off"))->url(url::site("admin/developer/session/profiler?value=0&csrf={$csrf}"))); } else { $developer_menu->append(Menu::factory("link")->id("scaffold_profiler")->label(t("Profiling on"))->url(url::site("admin/developer/session/profiler?value=1&csrf={$csrf}"))); } if (Session::instance()->get("debug", false)) { $developer_menu->append(Menu::factory("link")->id("scaffold_debugger")->label(t("Debugging off"))->url(url::site("admin/developer/session/debug?value=0&csrf={$csrf}"))); } else { $developer_menu->append(Menu::factory("link")->id("scaffold_debugger")->label(t("Debugging on"))->url(url::site("admin/developer/session/debug?value=1&csrf={$csrf}"))); } }
public function change_photo_test() { $controller = new Photos_Controller(); $photo = test::random_photo(); $_POST["name"] = "new name.jpg"; $_POST["title"] = "new title"; $_POST["description"] = "new description"; $_POST["slug"] = "new-slug"; $_POST["csrf"] = access::csrf_token(); access::allow(identity::everybody(), "edit", item::root()); ob_start(); $controller->update($photo->id); $photo->reload(); $results = ob_get_contents(); ob_end_clean(); $this->assert_equal(json_encode(array("result" => "success")), $results); $this->assert_equal("new-slug", $photo->slug); $this->assert_equal("new title", $photo->title); $this->assert_equal("new description", $photo->description); $this->assert_equal("new name.jpg", $photo->name); }
public function change_photo_test() { $controller = new Photos_Controller(); $root = ORM::factory("item", 1); $this->_photo = photo::create($root, MODPATH . "gallery/tests/test.jpg", "test.jpeg", "test", "test"); $orig_name = $this->_photo->name; $_POST["filename"] = "test.jpeg"; $_POST["name"] = "new name"; $_POST["title"] = "new title"; $_POST["description"] = "new description"; $_POST["csrf"] = access::csrf_token(); access::allow(group::everybody(), "edit", $root); ob_start(); $controller->_update($this->_photo); $results = ob_get_contents(); ob_end_clean(); $this->assert_equal(json_encode(array("result" => "success", "location" => "http://./index.php/test.jpeg")), $results); $this->assert_equal("new title", $this->_photo->title); $this->assert_equal("new description", $this->_photo->description); // We don't change the name, yet. $this->assert_equal($orig_name, $this->_photo->name); }
public function change_album_test() { $controller = new Albums_Controller(); $album = test::random_album(); // Randomize to avoid conflicts. $new_name = "new_name_" . test::random_string(6); $_POST["name"] = $new_name; $_POST["title"] = "new title"; $_POST["description"] = "new description"; $_POST["column"] = "weight"; $_POST["direction"] = "ASC"; $_POST["csrf"] = access::csrf_token(); $_POST["slug"] = "new-name"; access::allow(identity::everybody(), "edit", item::root()); ob_start(); $controller->update($album->id); $album->reload(); $results = ob_get_contents(); ob_end_clean(); $this->assert_equal(json_encode(array("result" => "success")), $results); $this->assert_equal($new_name, $album->name); $this->assert_equal("new title", $album->title); $this->assert_equal("new description", $album->description); }
/** * Override View_Core::__construct so that we can set the csrf value into all views. * * @see View_Core::__construct */ public function __construct($name = NULL, $data = NULL, $type = NULL) { parent::__construct($name, $data, $type); $this->set_global("csrf", access::csrf_token()); }
/** * Get any pending messages. There are two types of messages, transient and permanent. * Permanent messages are used to let the admin know that there are pending administrative * issues that need to be resolved. Transient ones are only displayed once. * @return html text */ static function get() { if (!identity::active_user()->admin) { return; } $buf = array(); foreach (ORM::factory("message")->find_all() as $msg) { $value = str_replace('__CSRF__', access::csrf_token(), $msg->value); $buf[] = "<li class=\"" . self::severity_class($msg->severity) . "\">{$value}</li>"; } if ($buf) { return "<ul id=\"g-site-status\">" . implode("", $buf) . "</ul>"; } }
static function admin_page_bottom($theme) { $session = Session::instance(); if ($session->get("profiler", false)) { Profiler::enable(); $profiler = new Profiler(); $profiler->render(); } // Redirect to the root album when the admin session expires. $content = '<script type="text/javascript"> var adminReauthCheck = function() { $.ajax({url: "' . url::site("admin?reauth_check=1") . '", dataType: "json", success: function(data){ if ("location" in data) { document.location = data.location; } }}); }; setInterval("adminReauthCheck();", 60 * 1000); </script>'; if (upgrade_checker::should_auto_check()) { $content .= '<script type="text/javascript"> $.ajax({url: "' . url::site("admin/upgrade_checker/check_now?csrf=" . access::csrf_token()) . '"}); </script>'; } if ($session->get("l10n_mode", false)) { $content .= "\n" . L10n_Client_Controller::l10n_form(); } return $content; }
/** * Use our own template */ public function render($template = "form.html", $custom = false) { $this->hidden["csrf"]->value(access::csrf_token()); return parent::render($template, $custom); }