- legal_file - added sanitize_filname() to sanitize photo/movie filenames.
- admin_watermarks - revised add() to use new function.
- item model - added _process_data_file_info() to validate the data file, get its metadata, and sanitize the item name.
- item model - revised save() for new items to use _process_data_file_info *before* the slug is checked.
- item model - revised save() for updated items to use _process_data_file_info.
- item model - revised save() for updated items to sanitize name if changed.
- uploader - removed call to smash_extensions (item model does this when it calls sanitize_filename).
- Legal_File_Helper_Test - added unit tests for sanitize_filename.
- Item_Model_Test - revised existing unit tests based on changes.
- Item_Model_Test - added new unit tests for names with legal but incorrect extensions.
- Averted take over by HAL with fix #2001...
- Added code to check/correct movie width, height, and mime in graphics::generate.
As the comment says in the commit, this isn't ideal, but doing it in an upgrade
script wouldn't be very ideal either.
Adding a blacklist to legal_file could prevent possible security holes arising
from a contributed module that adds file types by user input (e.g. an admin screen).
- photo & movie helpers: modified to throw exceptions when file is known to be unidentifiable/illegal.
- item model: revised to work with exceptions and be more explicit when the data file is invalid.
- item model: removed duplicate get_file_metadata call for updated items.
- admin_watermarks controller: revised to work with exceptions (really cleans up logic here).
- graphics helper: revised to handle invalid placeholders (a nearly-impossible corner case, but still...).
- photo & movie helper tests: revised to work with exceptions, added new tests for illegal files with valid extensions.
- item model tests: revised to work with exceptions, added new tests for illegal files with valid extensions.
- Changed redirect if it finished without failures.
- No change to Upgrader_Controller::index(), since its behavior with an empty vs. undefined failed query is identical.
- Add extra condition to Item_Model_Test::urls_test to test cache busters of missing files.
- Previous commit fixes unit test for empty album url, but now no test checks missing files.
There's no need to run through all of the item save/validation logic for these
entries, which are changed frequently during the course of thumb/resize generation.
- Added missing_album_cover.jpg placeholder image.
- Modified the graphics helper to use it. Calling graphics::generate will copy it.
- Modified item::remove_album_cover and gallery_event::item_created to run graphics::generate.
- Added unit test to Graphics_Helper_Test.
Previously skipped admin_watermarks mods to use new functionality of #1945
since there was concurrent work on it with #1970.
Now that both are done, we can wrap this up.
Restrict which album cover ids we swap over to the hierarchy of the
current album, otherwise we can wind up in sticky situations with
hierarchical album cover chains.
Eg, you have a hierarchy like this:
root -> A1 -> A2 --> A3 -> P1
A4 -> P2
P1 is the album cover for its entire hierarchy. But then you
swap A2's album cover for A3 making this:
root -> A1 -> A2 + A3 -> P1
\-> A4 -> P2
Since A1, A2 and A3 all had P1 as their album cover item id. Now
we're swapping it over to P2 but we want to leave P1 as A3's album
cover item id. So only look at A4's hierarchy and ignore its peers.
