diff --git a/README.txt b/README.txt index bf92b52e..b0b5e521 100644 --- a/README.txt +++ b/README.txt @@ -82,11 +82,20 @@ User classes can be added to or altered by placing them in default anonymous "allow nothing" permissions like so: new UserClass("anonymous", "base", array( + "create_comment" => True, "edit_image_tag" => True, "edit_image_source" => True, "create_image_report" => True, )); +For a moderator class, being a regular user who can delete images and +comments: + +new UserClass("moderator", "user", array( + "delete_image" => True, + "delete_comment" => True, +)); + For a list of permissions, see core/userclass.class.php diff --git a/core/config.class.php b/core/config.class.php index 7e76b66c..8fc7b4d9 100644 --- a/core/config.class.php +++ b/core/config.class.php @@ -103,7 +103,7 @@ abstract class BaseConfig implements Config { return $this->get($name, $default); } public function get_bool(/*string*/ $name, $default=null) { - return undb_bool($this->get($name, $default)); + return bool_escape($this->get($name, $default)); } public function get_array(/*string*/ $name, $default=array()) { return explode(",", $this->get($name, "")); diff --git a/core/database.class.php b/core/database.class.php index ecd617fd..9b254f31 100644 --- a/core/database.class.php +++ b/core/database.class.php @@ -412,12 +412,34 @@ class Database { } } - /** * Create a table from pseudo-SQL */ public function create_table($name, $data) { $this->execute($this->engine->create_table_sql($name, $data)); } + + /** + * Returns the number of tables present in the current database. + */ + public function count_tables() { + if($this->engine->name === "mysql") { + return count( + $this->get_all("SHOW TABLES") + ); + } else if ($this->engine->name === "pgsql") { + return count( + $this->get_all("SELECT table_name FROM information_schema.tables WHERE table_schema = 'public'") + ); + } else if ($this->engine->name === "sqlite") { + return count( + $this->get_all(".tables") + ); + } else { + // Hard to find a universal way to do this... + return NULL; + } + } + } ?> diff --git a/core/imageboard.pack.php b/core/imageboard.pack.php index 22885329..36e9d050 100644 --- a/core/imageboard.pack.php +++ b/core/imageboard.pack.php @@ -56,7 +56,7 @@ class Image { $this->$name = $value; // hax } $this->posted_timestamp = strtotime($this->posted); // pray - $this->locked = undb_bool($this->locked); + $this->locked = bool_escape($this->locked); assert(is_numeric($this->id)); assert(is_numeric($this->height)); @@ -385,14 +385,10 @@ class Image { /** * Get the image's mime type * - * FIXME: now we handle more than just images - * * @retval string */ public function get_mime_type() { - $type = strtolower($this->ext); - if($type === "jpg") $type = "jpeg"; - return 'image/'.$type; + return getMimeType($this->get_image_filename()); } /** @@ -439,7 +435,7 @@ class Image { $sln = $database->engine->scoreql_to_sql('SCORE_BOOL_'.$ln); $sln = str_replace("'", "", $sln); $sln = str_replace('"', "", $sln); - if(undb_bool($sln) !== $this->locked) { + if(bool_escape($sln) !== $this->locked) { $database->execute("UPDATE images SET locked=:yn WHERE id=:id", array("yn"=>$sln, "id"=>$this->id)); log_info("core-image", "Setting Image #{$this->id} lock to: $ln"); } diff --git a/core/util.inc.php b/core/util.inc.php index dd815671..b7b0baec 100644 --- a/core/util.inc.php +++ b/core/util.inc.php @@ -34,6 +34,24 @@ function int_escape($input) { * @retval string */ function url_escape($input) { + /* + Shish: I have a feeling that these three lines are important, possibly for searching for tags with slashes in them like fate/stay_night + green-ponies: indeed~ + + $input = str_replace('^', '^^', $input); + $input = str_replace('/', '^s', $input); + $input = str_replace('\\', '^b', $input); + + /* The function idn_to_ascii is used to support Unicode domains / URLs as well. + See here for more: http://php.net/manual/en/function.filter-var.php + However, it is only supported by PHP version 5.3 and up + + if (function_exists('idn_to_ascii')) { + return filter_var(idn_to_ascii($input), FILTER_SANITIZE_URL); + } else { + return filter_var($input, FILTER_SANITIZE_URL); + } + */ if(is_null($input)) { return ""; } @@ -61,16 +79,32 @@ function sql_escape($input) { * @retval boolean */ function bool_escape($input) { - $input = strtolower($input); - return ( - $input === "y" || - $input === "yes" || - $input === "t" || - $input === "true" || - $input === "on" || - $input === 1 || - $input === true - ); + /* + Sometimes, I don't like PHP -- this, is one of those times... + "a boolean FALSE is not considered a valid boolean value by this function." + Yay for Got'chas! + http://php.net/manual/en/filter.filters.validate.php + */ + if (is_bool($input)) { + return $input; + } else if (is_numeric($input)) { + return ($input === 1); + } else { + $value = filter_var($input, FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE); + if (!is_null($value)) { + return $value; + } else { + $input = strtolower( trim($input) ); + return ( + $input === "y" || + $input === "yes" || + $input === "t" || + $input === "true" || + $input === "on" || + $input === "1" + ); + } + } } /** @@ -205,15 +239,6 @@ function show_ip($ip, $ban_reason) { return $ip; } -/** - * Different databases have different ways to represent booleans; this - * will try and standardise them - */ -function undb_bool($val) { - if($val === true || $val == 'Y' || $val == 'y' || $val == 'T' || $val == 't' || $val === 1) return true; - if($val === false || $val == 'N' || $val == 'n' || $val == 'F' || $val == 'f' || $val === 0) return false; -} - /** * Checks if a given string contains another at the beginning. * @@ -432,6 +457,59 @@ function captcha_check() { * Misc * \* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */ +/** +* Get MIME type for file +* +* The contents of this function are taken from the __getMimeType() function +* from the "Amazon S3 PHP class" which is Copyright (c) 2008, Donovan Schönknecht +* and released under the 'Simplified BSD License'. +* +* @internal Used to get mime types +* @param string &$file File path +* @return string +*/ +function getMimeType($file) { + $type = false; + // Fileinfo documentation says fileinfo_open() will use the + // MAGIC env var for the magic file + if (extension_loaded('fileinfo') && isset($_ENV['MAGIC']) && + ($finfo = finfo_open(FILEINFO_MIME, $_ENV['MAGIC'])) !== false) + { + if (($type = finfo_file($finfo, $file)) !== false) + { + // Remove the charset and grab the last content-type + $type = explode(' ', str_replace('; charset=', ';charset=', $type)); + $type = array_pop($type); + $type = explode(';', $type); + $type = trim(array_shift($type)); + } + finfo_close($finfo); + + // If anyone is still using mime_content_type() + } elseif (function_exists('mime_content_type')) + $type = trim(mime_content_type($file)); + + if ($type !== false && strlen($type) > 0) return $type; + + // Otherwise do it the old fashioned way + static $exts = array( + 'jpg' => 'image/jpeg', 'gif' => 'image/gif', 'png' => 'image/png', + 'tif' => 'image/tiff', 'tiff' => 'image/tiff', 'ico' => 'image/x-icon', + 'swf' => 'application/x-shockwave-flash', 'pdf' => 'application/pdf', + 'zip' => 'application/zip', 'gz' => 'application/x-gzip', + 'tar' => 'application/x-tar', 'bz' => 'application/x-bzip', + 'bz2' => 'application/x-bzip2', 'txt' => 'text/plain', + 'asc' => 'text/plain', 'htm' => 'text/html', 'html' => 'text/html', + 'css' => 'text/css', 'js' => 'text/javascript', + 'xml' => 'text/xml', 'xsl' => 'application/xsl+xml', + 'ogg' => 'application/ogg', 'mp3' => 'audio/mpeg', 'wav' => 'audio/x-wav', + 'avi' => 'video/x-msvideo', 'mpg' => 'video/mpeg', 'mpeg' => 'video/mpeg', + 'mov' => 'video/quicktime', 'flv' => 'video/x-flv', 'php' => 'text/x-php' + ); + $ext = strtolower(pathInfo($file, PATHINFO_EXTENSION)); + return isset($exts[$ext]) ? $exts[$ext] : 'application/octet-stream'; +} + /** * @private */ diff --git a/ext/et/main.php b/ext/et/main.php index 44245c6a..6b087d57 100644 --- a/ext/et/main.php +++ b/ext/et/main.php @@ -49,6 +49,12 @@ class ET extends Extension { $info['sys_disk'] = to_shorthand_int(disk_total_space("./") - disk_free_space("./")) . " / " . to_shorthand_int(disk_total_space("./")); $info['sys_server'] = $_SERVER["SERVER_SOFTWARE"]; + + $info['thumb_engine'] = $config->get_string("thumb_engine"); + $info['thumb_quality'] = $config->get_int('thumb_quality'); + $info['thumb_width'] = $config->get_int('thumb_width'); + $info['thumb_height'] = $config->get_int('thumb_height'); + $info['thumb_mem'] = $config->get_int("thumb_max_memory"); $info['stat_images'] = $database->get_one("SELECT COUNT(*) FROM images"); $info['stat_comments'] = $database->get_one("SELECT COUNT(*) FROM comments"); diff --git a/ext/et/theme.php b/ext/et/theme.php index 1c5b00ae..265b019a 100644 --- a/ext/et/theme.php +++ b/ext/et/theme.php @@ -32,6 +32,13 @@ Database: {$info['sys_db']} Server: {$info['sys_server']} Disk use: {$info['sys_disk']} +Thumbnail Generation: +Engine: {$info['thumb_engine']} +Memory: {$info['thumb_mem']} +Quality: {$info['thumb_quality']} +Width: {$info['thumb_width']} +Height: {$info['thumb_height']} + Shimmie stats: Images: {$info['stat_images']} Comments: {$info['stat_comments']} diff --git a/ext/featured/main.php b/ext/featured/main.php index dda66100..57c9f4f8 100644 --- a/ext/featured/main.php +++ b/ext/featured/main.php @@ -42,7 +42,7 @@ class Featured extends Extension { $image = Image::by_id($config->get_int("featured_id")); if(!is_null($image)) { $page->set_mode("data"); - $page->set_type("image/jpeg"); + $page->set_type($image->get_mime_type()); $page->set_data(file_get_contents($image->get_image_filename())); } } diff --git a/ext/handle_archive/main.php b/ext/handle_archive/main.php index 2fb2498b..5f0ea3fa 100644 --- a/ext/handle_archive/main.php +++ b/ext/handle_archive/main.php @@ -35,6 +35,7 @@ class ArchiveFileHandler extends Extension { exec($cmd); $this->add_dir($tmpdir); deltree($tmpdir); + $event->image_id = -2; // default -1 = upload wasn't handled } } diff --git a/ext/index/script.js b/ext/index/script.js index cc6d38e5..6c3078c0 100644 --- a/ext/index/script.js +++ b/ext/index/script.js @@ -1,13 +1,15 @@ $(function() { var blocked_tags = ($.cookie("ui-blocked-tags") || $.cookie("blocked-tags") || "").split(" "); - var themecheck = $(".thumb[data-tags~='tagme']").parent().attr('class'); + var themecheck = $(".thumb[data-tags]").parent().attr('class'); var needs_refresh = false; for(i=0; isent_date = $a["sent_date"]; $this->subject = $a["subject"]; $this->message = $a["message"]; - $this->is_read = undb_bool($a["is_read"]); + $this->is_read = bool_escape($a["is_read"]); } else { $this->id = -1; diff --git a/ext/random_image/main.php b/ext/random_image/main.php index 5a77bb25..ced59d67 100644 --- a/ext/random_image/main.php +++ b/ext/random_image/main.php @@ -41,7 +41,7 @@ class RandomImage extends Extension { if($action === "download") { if(!is_null($image)) { $page->set_mode("data"); - $page->set_type("image/jpeg"); + $page->set_type($image->get_mime_type()); $page->set_data(file_get_contents($image->get_image_filename())); } } diff --git a/ext/setup/main.php b/ext/setup/main.php index 195c0904..83f7c235 100644 --- a/ext/setup/main.php +++ b/ext/setup/main.php @@ -291,6 +291,10 @@ class Setup extends Extension { } } log_warning("setup", "Configuration updated"); + foreach(glob("data/cache/*.css") as $css_cache) { + unlink($css_cache); + } + log_warning("setup", "Cache cleared"); } public function onUserBlockBuilding(UserBlockBuildingEvent $event) { diff --git a/install.php b/install.php index a08ac4d0..b177fd5d 100644 --- a/install.php +++ b/install.php @@ -300,6 +300,14 @@ function create_tables() { // {{{ try { $db = new Database(); + if ( $db->count_tables() > 0 ) { + echo " +

Warning: The Database schema is not empty!

+

Please ensure that the database you are installing Shimmie with is empty before continuing.

+

Once you have emptied the database of any tables, please hit 'refresh' to continue.

"; + exit; + } + $db->create_table("aliases", " oldtag VARCHAR(128) NOT NULL PRIMARY KEY, newtag VARCHAR(128) NOT NULL, diff --git a/themes/danbooru/view.theme.php b/themes/danbooru/view.theme.php index 718e95cd..c5823dbd 100644 --- a/themes/danbooru/view.theme.php +++ b/themes/danbooru/view.theme.php @@ -42,8 +42,10 @@ class CustomViewImageTheme extends ViewImageTheme { if($image->rating == null || $image->rating == "u"){ $image->rating = "u"; } + if(class_exists("Ratings")) { $h_rating = Ratings::rating_to_human($image->rating); $html .= "
Rating: $h_rating"; + } } return $html; diff --git a/themes/warm/setup.theme.php b/themes/warm/setup.theme.php deleted file mode 100644 index 3932ab6a..00000000 --- a/themes/warm/setup.theme.php +++ /dev/null @@ -1,10 +0,0 @@ -box(parent::sb_to_html($block)); - } -} -?> diff --git a/themes/warm/style.css b/themes/warm/style.css index 9a6b6be9..3bb5d01a 100644 --- a/themes/warm/style.css +++ b/themes/warm/style.css @@ -83,8 +83,8 @@ UL { text-align: left; } -SECTION>H3, SECTION>.blockbody, .comment {margin: 8px; padding: 8px; border: 1px solid #B89F7C;} -SECTION>.blockbody, .comment {background: #FCD9A9;} +SECTION>H3, SECTION>.blockbody, .comment, .setupblock {margin: 8px; padding: 8px; border: 1px solid #B89F7C;} +SECTION>.blockbody, .comment, .setupblock {background: #FCD9A9;} SECTION>H3 {background: #DABC92;}