Changeset 16658


Ignore:
Timestamp:
Jul 12, 2012, 8:28:27 PM (8 years ago)
Author:
plg
Message:

(by mistic100, but svn commit crashes for him)

-use random public_id, preventing to access other public collections
-use colorbox to browse inside a collection
-small css fixes

Location:
extensions/UserCollections
Files:
1 added
8 edited

Legend:

Unmodified
Added
Removed
  • extensions/UserCollections/include/UserCollection.class.php

    r16625 r16658  
    2424      'active' => false,
    2525      'public' => false,
     26      'public_id' => null,
    2627      );
    2728    $this->images = array();
     29   
     30    // access from public id
     31    if ( strlen($col_id) == 10 and strpos($col_id, 'uc') === 0 )
     32    {
     33      $query = '
     34SELECT id
     35  FROM '.COLLECTIONS_TABLE.'
     36  WHERE public_id = "'.$col_id.'"
     37;';
     38      $result = pwg_query($query);
     39     
     40      if (!pwg_db_num_rows($result))
     41      {
     42        $col_id = 0;
     43      }
     44      else
     45      {
     46        list($col_id) = pwg_db_fetch_row($result);
     47      }
     48    }
    2849   
    2950    // load specific collection
     
    3758    nb_images,
    3859    active,
    39     public
     60    public,
     61    public_id
    4062  FROM '.COLLECTIONS_TABLE.'
    4163  WHERE
     
    4870      {
    4971        $this->data['col_id'] = $col_id;
    50         list(
    51           $this->data['user_id'],
    52           $this->data['name'],
    53           $this->data['date_creation'],
    54           $this->data['nb_images'],
    55           $this->data['active'],
    56           $this->data['public']
    57           ) = pwg_db_fetch_row($result);
     72        $this->data = array_merge(
     73          $this->data,
     74          pwg_db_fetch_assoc($result)
     75          );
    5876       
    5977        // make sur all pictures of the collection exist
     
    89107      $this->data['active'] = $active;
    90108      $this->data['public'] = $public;
     109      $this->data['public_id'] = 'uc'.hash('crc32', uniqid(serialize($this->data, true)));
    91110     
    92111      $query = '
     
    96115    date_creation,
    97116    active,
    98     public
     117    public,
     118    public_id
    99119  )
    100120  VALUES(
     
    103123    NOW(),
    104124    '.(int)$this->data['active'].',
    105     '.(int)$this->data['public'].'
     125    '.(int)$this->data['public'].',
     126    "'.$this->data['public_id'].'"
    106127  )
    107128;';
     
    271292      'PUBLIC' => (bool)$this->data['public'],
    272293      'DATE_CREATION' => format_date($this->data['date_creation'], true),
    273       'U_PUBLIC' => get_absolute_root_url().USER_COLLEC_PUBLIC . 'view/'.$this->data['col_id'],
     294      'U_PUBLIC' => get_absolute_root_url().USER_COLLEC_PUBLIC . 'view/'.$this->data['public_id'],
    274295      'IS_TEMP' =>  $this->data['name'] == 'temp',
    275296      );
  • extensions/UserCollections/include/collections.inc.php

    r16625 r16658  
    1111  case 'list':
    1212  {
     13    // security
    1314    if (is_a_guest()) access_denied();
    1415   
    1516    $template->set_filename('index', dirname(__FILE__) . '/../template/list.tpl');
    1617   
     18    // actions
    1719    if ( isset($_GET['action']) and filter_var($_GET['col_id'], FILTER_VALIDATE_INT) !== false )
    1820    {
     
    115117      }
    116118    }
    117      
     119   
     120   
    118121    // get collections
    119122    $query = '
     
    134137      if (isset($pwg_loaded_plugins['BatchDownloader']))
    135138      {
    136         $col['U_DOWNLOAD'] = USER_COLLEC_PUBLIC.'view/'.$col['id'].'&action=advdown_set';
    137       }
    138      
     139        $col['U_DOWNLOAD'] = USER_COLLEC_PUBLIC.'view/'.$col['public_id'].'&action=advdown_set';
     140      }
     141     
     142      // temporary collections are above save collections
    139143      if ($col['name'] == 'temp')
    140144      {
     
    156160  case 'edit':
    157161  {
     162    // security
    158163    if (empty($page['col_id']))
    159164    {
     
    162167    }
    163168   
     169    $template->set_filename('index', dirname(__FILE__).'/../template/edit.tpl');
     170   
    164171    $self_url = USER_COLLEC_PUBLIC . 'edit/'.$page['col_id'];
    165    
    166     $template->set_filename('index', dirname(__FILE__).'/../template/edit.tpl');
    167172    $template->assign(array(
    168173      'USER_COLLEC_PATH' => USER_COLLEC_PATH,
    169       'U_VIEW' => $self_url,
     174      'F_ACTION' => $self_url,
    170175      'collection_toggle_url' => $self_url,
    171176      'U_LIST' => USER_COLLEC_PUBLIC,
     
    176181      $UserCollection = new UserCollection($page['col_id']);
    177182     
    178       if (!is_admin() and $UserCollection->getParam('user_id') != $user['id'])
     183      // security
     184      if ( !is_admin() and $UserCollection->getParam('user_id') != $user['id'] )
    179185      {
    180186        access_denied();
     
    194200      }
    195201     
     202      // special template
     203      add_event_handler('loc_end_index_thumbnails', 'user_collections_thumbnails_in_collection', EVENT_HANDLER_PRIORITY_NEUTRAL+10, 2); // +10 to overload GThumb+
     204      $template->set_prefilter('index_thumbnails', 'user_collections_thumbnails_list_prefilter');
     205     
     206      // collection content
    196207      $template->assign('collection', $UserCollection->getCollectionInfo());
    197      
    198       // add_event_handler('loc_end_index_thumbnails', 'user_collections_thumbnails_in_collection', EVENT_HANDLER_PRIORITY_NEUTRAL, 2);
    199       $template->set_prefilter('index_thumbnails', 'user_collections_thumbnails_list_prefilter');
    200      
     208      $page['items'] = $UserCollection->getImages();
     209     
     210      // navigation bar
    201211      $page['start'] = isset($_GET['start']) ? $_GET['start'] : 0;
    202       $page['items'] = $UserCollection->getImages();
    203      
    204212      if (count($page['items']) > $page['nb_image_page'])
    205213      {
     
    214222      }
    215223     
     224      // display
    216225      include(PHPWG_ROOT_PATH . 'include/category_default.inc.php');
    217226     
     
    229238  case 'view':
    230239  {
    231     if (empty($page['col_id']))
     240    // security
     241    if ( empty($page['col_id']) or strlen($page['col_id']) != 10 or strpos($page['col_id'], 'uc') === false )
    232242    {
    233243      $_SESSION['page_errors'][] = l10n('Invalid collection');
    234       redirect(get_home_url());
    235     }
     244      redirect('index.php');
     245    }
     246   
     247    $template->set_filename('index', dirname(__FILE__).'/../template/view.tpl');
    236248   
    237249    $self_url = USER_COLLEC_PUBLIC . 'view/'.$page['col_id'];
    238250   
    239     $template->set_filename('index', dirname(__FILE__).'/../template/view.tpl');
    240     $template->assign(array(
    241       'USER_COLLEC_PATH' => USER_COLLEC_PATH,
    242       'U_VIEW' => $self_url,
    243       ));
    244    
    245     try
    246     {
     251    try {
    247252      $UserCollection = new UserCollection($page['col_id']);
    248253     
     254      // backlink for owner
    249255      if ($UserCollection->getParam('user_id') == $user['id'])
    250256      {
     
    252258      }
    253259     
     260      // special template
     261      add_event_handler('loc_end_index_thumbnails', 'user_collections_thumbnails_in_collection', EVENT_HANDLER_PRIORITY_NEUTRAL+10, 2); // +10 to overload GThumb+
     262     
     263      // collection content
    254264      $template->assign('collection', $UserCollection->getCollectionInfo());
    255      
     265      $page['items'] = $UserCollection->getImages();
     266     
     267      // navigation bar
    256268      $page['start'] = isset($_GET['start']) ? $_GET['start'] : 0;
    257       $page['items'] = $UserCollection->getImages();
    258      
    259269      if (count($page['items']) > $page['nb_image_page'])
    260270      {
     
    269279      }
    270280     
     281      // display
    271282      include(PHPWG_ROOT_PATH . 'include/category_default.inc.php');
    272283     
     
    289300
    290301
    291 // function user_collections_thumbnails_in_collection($tpl_thumbnails_var, $pictures)
    292 // {
    293   // global $page;
    294  
    295   // foreach ($tpl_thumbnails_var as &$thumbnail)
    296   // {
    297     // $thumbnail['URL'] = duplicate_picture_url(
    298         // array(
    299           // 'image_id' => $thumbnail['id'],
    300           // 'image_file' => $thumbnail['file'],
    301           // 'section' => 'collections',
    302         // ),
    303         // array('start')
    304       // ).'/'.$page['col_id'];
    305   // }
    306  
    307   // return $tpl_thumbnails_var;
    308 // }
     302function user_collections_thumbnails_in_collection($tpl_thumbnails_var, $pictures)
     303{
     304  global $template, $page;
     305 
     306  $template->set_filename('index_thumbnails', dirname(__FILE__).'/../template/thumbnails.tpl');
     307 
     308  foreach ($tpl_thumbnails_var as &$thumbnail)
     309  {
     310    $src_image = new SrcImage($thumbnail);
     311   
     312    $thumbnail['FILE_SRC'] = DerivativeImage::url(IMG_LARGE, $src_image);
     313    $thumbnail['URL'] = duplicate_picture_url(
     314        array(
     315          'image_id' => $thumbnail['id'],
     316          'image_file' => $thumbnail['file'],
     317          'section' => 'none',
     318        ),
     319        array('start')
     320      );
     321  }
     322 
     323  return $tpl_thumbnails_var;
     324}
    309325
    310326?>
  • extensions/UserCollections/maintain.inc.php

    r16591 r16658  
    1515  `active` tinyint(1) DEFAULT 0,
    1616  `public` tinyint(1) DEFAULT 0,
     17  `public_id` varchar(10) NULL,
    1718  PRIMARY KEY (`id`)
    1819) DEFAULT CHARSET=utf8 AUTO_INCREMENT=1
     
    3132
    3233function plugin_activate()
    33 {}
     34{
     35  global $prefixeTable;
     36 
     37  // new collumn in beta2
     38  $query = 'SHOW COLUMNS FROM `'.$prefixeTable.'collections`;';
     39  $columns = array_from_query($query, 'Field');
     40  if (!in_array('public_id', $columns))
     41  {
     42    pwg_query('ALTER TABLE `'.$prefixeTable.'collections` ADD `public_id` varchar(10) NULL;');
     43  }
     44}
    3445
    3546function plugin_uninstall()
  • extensions/UserCollections/template/edit.tpl

    r16625 r16658  
    2727{/footer_script}
    2828
     29
    2930{if $themeconf.name != "stripped" and $themeconf.parent != "stripped" and $themeconf.name != "simple-grey" and $themeconf.parent != "simple"}
    3031  {$MENUBAR}
     
    3435<div id="content" class="content{if isset($MENUBAR)} contentWithMenu{/if}">
    3536{if $intern_menu}{$MENUBAR}{/if}
     37
    3638
    3739<div class="titrePage">
     
    4648{/if}
    4749
     50
    4851{if $collection and not $collection.IS_TEMP}
    49 <form action="{$U_VIEW}" method="post">
     52<form action="{$F_ACTION}" method="post">
    5053<fieldset id="colProperties">
    5154  <legend>{'Properties'|@translate}</legend>
     
    6770{/if}
    6871
    69  
    7072
    7173{if !empty($THUMBNAILS)}
     
    7981{if !empty($navbar)}{include file='navigation_bar.tpl'|@get_extent:'navbar'}{/if}
    8082
     83
    8184<p style="text-align:center;font-weight:bold;margin:20px;"><a href="{$U_LIST}" rel="nofollow">{'Return to collections list'|@translate}</a></p>
    8285
  • extensions/UserCollections/template/list.tpl

    r16625 r16658  
    1313{/footer_script}
    1414
     15{if $themeconf.name == "clear"}
     16{html_head}{literal}
     17<style type="text/css">.collecList a { color:#eee; }</style>
     18{/literal}{/html_head}
     19{/if}
     20
    1521{if $themeconf.name != "stripped" and $themeconf.parent != "stripped" and $themeconf.name != "simple-grey" and $themeconf.parent != "simple"}
    1622  {$MENUBAR}
     
    2026<div id="content" class="content{if isset($MENUBAR)} contentWithMenu{/if}">
    2127{if $intern_menu}{$MENUBAR}{/if}
     28
    2229
    2330<div class="titrePage">
     
    3037{/if}
    3138
     39
    3240<p style="text-align:left;font-weight:bold;margin:20px;"><a href="{$U_CREATE}" class="save_col">{'Create a new collection'|@translate}</a></p>
     41
    3342
    3443{if $temp_col}
     
    5564</fieldset>
    5665{/if}
     66
    5767
    5868{if $collections}
     
    8292{/if}
    8393
     94
    8495</div>{* <!-- content --> *}
  • extensions/UserCollections/template/style.css

    r16591 r16658  
    1111  }
    1212 
    13 #publicURL {}
     13#publicURL {
     14  display:inline-block;
     15  height:22px;
     16}
    1417  #publicURL .url {
    1518    display:inline-block;
    16     position:relative;
     19    height:14px;
     20    vertical-align:bottom;
     21    padding:3px 10px;
     22    background:#fff;
    1723    font-family:monospace;
    1824    font-size:12px;
    19     background:#fff;
    2025    color:#666;
    21     padding:3px 10px;
    2226    border:1px solid #999;
    2327    border-radius:0 3px 3px 0;
     
    2832    width:25px;
    2933    height:20px;
    30     color:#666;
     34    vertical-align:bottom;
    3135    border:1px solid #999;
    3236    border-right:none;
  • extensions/UserCollections/template/thumbnails_css_js.tpl

    r16625 r16658  
    11{html_style}
    22.thumbnails .wrap1 {ldelim} position:relative !important; }
    3 .addCollection {ldelim} width:100%;height:16px;display:none;position:absolute;top:0;background:rgba(0,0,0,0.8);padding:2px;border-radius:2px;font-size:0.8em;z-index:100;color:#eee;white-space:nowrap; }
     3.addCollection {ldelim} width:100%;height:16px;display:none;position:absolute;top:0;background:rgba(0,0,0,0.8);padding:2px;border-radius:2px;font-size:10px;z-index:100;color:#eee;white-space:nowrap; }
    44.wrap1:hover .addCollection {ldelim} display:block; }
    55{/html_style}
  • extensions/UserCollections/template/view.tpl

    r16625 r16658  
    11{combine_css path=$USER_COLLEC_PATH|@cat:"template/style.css"}
     2
    23
    34{if $themeconf.name != "stripped" and $themeconf.parent != "stripped" and $themeconf.name != "simple-grey" and $themeconf.parent != "simple"}
     
    89<div id="content" class="content{if isset($MENUBAR)} contentWithMenu{/if}">
    910{if $intern_menu}{$MENUBAR}{/if}
     11
    1012
    1113<div class="titrePage">
     
    2022{/if}
    2123
     24
    2225{if !empty($THUMBNAILS)}
    2326<ul class="thumbnails" id="thumbnails">
     
    2831{if !empty($navbar)}{include file='navigation_bar.tpl'|@get_extent:'navbar'}{/if}
    2932
     33
    3034{if $U_LIST}<p style="text-align:center;font-weight:bold;margin:20px;"><a href="{$U_LIST}" rel="nofollow">{'Return to collections list'|@translate}</a></p>{/if}
    3135
Note: See TracChangeset for help on using the changeset viewer.