- disallowed backslashes in item validation.
- refactored the validation logic in the item model a bit.
- added no_backslash error messages in edit album/photo/movie forms.
- fixed error messages in add album forum (some missing, some text different from edit)
- added unit tests
- updated to v58 to correct any existing backslashes in item names
Added admin/movies screen analogous to the admin/graphics screen so the user can:
- see how FFmpeg is configured (path and version, similar to toolkits in admin/graphics)
- get some instructions on how to install FFmpeg if not found
- change the movie_allow_uploads setting
- ask Gallery to rebuild their movie thumbs
Specifics:
- admin_movies, admin_movies.html (new) - new Movies admin screen
- ffmpeg.png (new) - logo for admin screen
- movie::get_ffmpeg_version (new) - return version number and date of FFmpeg
- form_uploadify.html - change admin message if movie uploads are disabled
- gallery_event::admin_menu - added Movies link to Settings
- xss_data.txt - updated golden file for unit tests
- photo & movie helpers: modified to throw exceptions when file is known to be unidentifiable/illegal.
- item model: revised to work with exceptions and be more explicit when the data file is invalid.
- item model: removed duplicate get_file_metadata call for updated items.
- admin_watermarks controller: revised to work with exceptions (really cleans up logic here).
- graphics helper: revised to handle invalid placeholders (a nearly-impossible corner case, but still...).
- photo & movie helper tests: revised to work with exceptions, added new tests for illegal files with valid extensions.
- item model tests: revised to work with exceptions, added new tests for illegal files with valid extensions.
- added photo_get_file_metadata and movie_get_file_metadata events
- modified photo::get_file_metadata and movie::get_file_metadata to use them
- ensure that non-readable files throw exceptions
- redirected other photo metadata calls in core to photo::get_file_metadata (the helper function already exists, but in many places getimagesize is still called directly)
- added some unit tests (neither of the functions above had one)
- Added no_extra_spaces_at_end_of_line_test to File_Structure_Test.
- Updated Gallery_Filters to exclude testing code that isn't ours.
- Removed existing extra spaces. New test now passes.
- graphics helper: add movie_extract_frame event to generate function
(allows modules to add to the options sent to movie::extract_frame or to
generate the thumbnail on their own without movie::extract_frame)
- movie helper: add extra optional argument to movie::extract_frame
(can add ffmpeg arguments and/or change the frame extract time)
- gallery_installer: add movie_extract_time module variable, update to v53
- module.info: update to v53
- install.sql: update to v53
bug fix: modify movie.php helper to take DAR (display aspect ratio) into account in get_file_metadata
bug fix / enhancement: add duration to get_file_metadata output
bug fix: modify movie.php helper to use correct resolution and duration from get_file_metadata in extract_frame
bug fix: modify movie.php helper to be more robust against ffmpeg failures and limitations, including adding "-threads 1" argument if needed
enhancement: modified to include ordered maps of extensions to MIME types (get_photo_types_by_extension and get_movie_types_by_extension functions), modified get_file_metadata in movie and photo helpers to use them
gallery_installer, module.info, install.sql: updated to v52 with m4v mime correction code (was video/mp4)
path so that if you change that value in Admin > Settings > Advanced
we prefer it over other paths (which may be restricted by
open_basedir). Fixes#1395.
Refactor the rotate code in Quick_Controller to replace the data file,
and then have gallery_event::item_updated_data_file() pick up after
the change is saved, rebuild the image and handle album covers. This
is much more portable than before and it will allow any mechanism (eg:
REST) to replace the source image.
guess how to send the user back. Instead, proxy the originating item
id through the edit forms so that we can tell exactly what page we
were on when we began editing. If we were viewing the item, then
redirect to its new url (in case it changed) to fix ticket #745. But
if we were viewing some other item, then just stay on the current page
to fix#940.
The page_type approach didn't work because you'd have the same
"collection" page_type when doing a context menu edit for an album.
If you can change the extension, then you can alter the way the server
handles the file, which is a security problem. So for example, you
can change a .JPG to a .PHP and then if you put some malicious PHP
code in the EXIF data, you can get the server to execute
it. Vulnerability is low because only users who have edit permissions
could do this.
Fixes ticket #846
component for that given item. Album hierarchies are represented by
nested slugs. By default, we convert the filename to a slug when you
create an album, photo or movie.
