2605 Commits

Author SHA1 Message Date
Hans Lo
c5673a1300 Use WTForms data field in submit/views.py 2013-03-27 23:56:33 -04:00
Hans Lo
dc03850b7a Use WTForms data field in edit/views.py 2013-03-27 23:56:20 -04:00
Elrond
9924cd0fb6 piwigo: Fix pwg_getversion
This one needs to return just "2.5.0 (Mediagoblin)" instead
of "Piwigo 2...".
2013-03-26 19:23:22 +01:00
Elrond
79f87b975e piwigo: Start at pwg.images.addSimple.
Without a session and a logged in user, this can't go much
further.

Misses check for the file upload field.
Need refactored test tool for this.
2013-03-26 19:19:32 +01:00
Brett Smith
3843697c28 Call is_updated instead of testing it boolean. 2013-03-25 09:20:46 -04:00
Christopher Allan Webber
126c3503a0 Merge remote-tracking branch 'aeva/671_fix_stl' 2013-03-25 08:01:11 -05:00
Aeva Ntsc
50d123b4be Ascii stl files now should have their whitespace stripped when parsing. 2013-03-25 07:55:24 -05:00
Aeva Ntsc
eacb9c4886 Fixed a bug that had binary stls be handled by the ascii stl parser. 2013-03-24 16:12:55 -05:00
Brett Smith
09102e0767 Harden It's Dangerous key management.
The previous code was theoretically subject to timing attacks, where
an attacker could read the key in between the time it was saved to the
file and when the chmod happened.  This version prevents that by using
umasks to ensure the files always have the right permissions.

This version also avoids using a key that cannot be saved due to some
system setup bug.
2013-03-24 16:27:20 -04:00
Brett Smith
e84e1cdf12 First tests for the Session class. 2013-03-24 15:46:10 -04:00
Brett Smith
5d1a8815d1 Set a starting value for session.send_new_cookie.
This makes session.__init__ slightly more complicated but probably
simplifies everything else, especially if we make the class smarter
later by having it track changes itself.
2013-03-24 15:39:49 -04:00
Brett Smith
9e1fa2396f Remove beaker stuff from the code.
This is all obsoleted by It's Dangerous.
2013-03-24 15:10:08 -04:00
Brett Smith
627a721cf6 Delete the session cookie on an empty session. 2013-03-24 14:47:02 -04:00
Brett Smith
c7424612d7 Back sessions with It's Dangerous.
This is a contribution to #668.
2013-03-24 14:44:41 -04:00
Christopher Allan Webber
956a87322e Merge remote-tracking branch 'jdshu/649_use_form_data_field' 2013-03-24 13:25:01 -05:00
Hans Lo
2263a4cb5c Use WTForms data field in user_pages/views.py 2013-03-24 13:56:08 -04:00
Joar Wandborg
b06ea4ab46 Updated VideoThumbnailerMarkII, removed old
Removed the old VideoThumbnailer since it's not used anymore.

VideoThumbnailerMarkII:
Changed the state switching in on_thumbnail_message to only set the
state to "processing thumbnail" if the seek was succesful.

I'm not sure what I'm doing here, but I know at least some of it is
good, and as a whole, it seems to work, so far :)
2013-03-24 18:49:05 +01:00
Elrond
bb530c4445 Improve fs security for itsdangerous secret.
Set mode 700 on the directory, mode 600 on the file.
2013-03-22 19:12:55 +01:00
Elrond
5a8aae3aba Docs for get_timed_signer_url. 2013-03-22 19:09:19 +01:00
Elrond
5907154a59 Basic itsdangerous infrastructure.
Implement the basic infrastructure for using itsdangerous
in mediagoblin. Usage instructions will follow.
2013-03-22 18:46:47 +01:00
Elrond
398d384137 piwigo start at pwg.images.addChunk.
This function receives part of an upload. Does most
parameter validation, but does not safe the data anywhere
for now.

Also fake pwg.images.exist
2013-03-21 09:18:07 +01:00
Elrond
cf0816c182 piwigo: Add session.getStatus, improve categories.getList
- pwg.session.getStatus returns the current user as
  "fake_user".  When we have a session, we'll return
  something better.

- pwg.categories.getList add a name and the parent id for
  its one and only "collection".

- Improve logging a bit.
2013-03-21 09:18:07 +01:00
Elrond
dc7c26f355 piwigo: Sent a fake cookie.
shotwell needs a pwg_id cookie to continue.
And really, it's the only cookie it supports, so in the
long run, we need to send a proper session cookie as
pwg_id.
2013-03-21 09:04:37 +01:00
Elrond
1330abf722 Add warning README.rst and fix pep8. 2013-03-19 23:20:46 +01:00
Elrond
4234fffafa piwigo: Move tool functions into tools.py 2013-03-19 21:58:28 +01:00
Elrond
e4e5948c58 Start at pwg.categories.getList and improve xml output.
- The xml formatting is now in the main function.
- Add PwgNamedArray to have named lists in xml output.
- Remove gmg.test method
2013-03-19 21:58:06 +01:00
Elrond
bd3bc0446c piwigo: start xml response encoding, more (fake) methods. 2013-03-19 21:55:31 +01:00
Elrond
427beb08af Starting a piwigo api plugin.
This one just puts up the basic endpoint, some
infrastructure and a fake login method.

Lots more needed.
2013-03-19 21:55:31 +01:00
Christopher Allan Webber
8dad2978e7 A more realistic "con" explaination in the docstring of exif_fix_image_orientation
Thanks to dnet for catching this.

This commit sponsored by Chester Zeller.  Thanks!
2013-03-15 09:19:22 -05:00
Christopher Allan Webber
c56243f08c Changing "evil" submission test-script to be a bash script. 2013-03-12 21:36:12 -05:00
Christopher Allan Webber
80550e22c3 Now in 0.4.0 dev mode! 2013-03-12 12:11:55 -05:00
Christopher Allan Webber
b1f0b4b8f9 New version: 0.3.3 ! 2013-03-11 17:26:22 -05:00
Christopher Allan Webber
b0ed6def40 Committing extracted and compiled translations 2013-03-11 17:22:09 -05:00
Christopher Allan Webber
8aaf38b3a2 Committing present MediaGoblin translations before pushing extracted messages 2013-03-11 17:21:53 -05:00
Christopher Allan Webber
d0ceb506bd Fixing dates when uploaded in a video to a mediagoblin instance.
There were some "serializing to json strings" issues.  They should be
fixed now... much more careful whitelist and cleaning of the video
"tags" metadata out of gstreamer.

This commit sponsored by Aimee Sullivan.  Thanks!
2013-03-11 16:54:41 -05:00
Joar Wandborg
0151060a5b Added thingiview.js symlink, fixes webgl view 2013-03-10 23:09:52 +01:00
Elrond
e9330b9552 655: Fix collection fetching for media_collect()
The problem is:

    Collection.query.filter_by(id=X, ...)

1. X = form.collection.data
   This works nicely for the completely empty form (X = None).
   It does not work for a selected collection, because X
   will be the collection, not its id.

2. X = request.form.get('collection') (old code).
   This one works mostly, except for the completely empty
   form on postgres, because in this case X = u"__None" and
   postgres does not like comparing an integer column with
   a string.

Fix:
    collection = form.collection.data
    if collection and collection.creator != request.user.id:
        collection = None
2013-03-10 21:19:16 +01:00
Christopher Allan Webber
81f73707a6 Providing warning to users about instability of OAuth/API 2013-03-08 14:38:55 -06:00
Christopher Allan Webber
7bf229267d Making a fix so that video codec name switched from "vp8 video" to "vp8"
"vp8 video" is what vp8 is marked as in gstreamer's metadata.
However, the browser expects it just as the name "vp8".  So fixing
that.

This commit sponsored by Tyng-Ruey Chuang.  Thank you!
2013-03-06 12:05:40 -06:00
Christopher Allan Webber
a99321b9d9 Committing extracted and compiled translations 2013-03-04 18:05:54 -06:00
Christopher Allan Webber
f415c35b4e Merge branch 'master' into 419_cherrypick_large_uploads 2013-03-04 15:47:05 -06:00
Christopher Allan Webber
f51a416778 Removing an unnecessary video write
In the case of if we're skipping transcoding, we don't need to copy
this file at all!

This commit sponsored by Frank Zambrini III.  Thanks!
2013-03-04 11:53:04 -06:00
Christopher Allan Webber
55c7bf592c Merge branch 'joar-skip_transcoding' 2013-03-04 11:45:27 -06:00
Christopher Allan Webber
e9b69c7d0e Elrond points out that we should use form.collection.data
That's true; I'm not sure what it's fixing, but he thinks it's fixing
something.  Anyway, it's correct :)

This commit sponsored by Philippe Gauthier.  Thanks!
2013-03-04 11:45:14 -06:00
Christopher Allan Webber
7e4a87dca5 Give a more useful error if a table already exists and so we can't create it during migrations
This commit sponsored by Andrzej Prochyra.  Thanks!
2013-03-04 10:57:21 -06:00
Christopher Allan Webber
17e4679ddc Three fixes to collection adding view, one of them a serious security bug
- Don't let people who aren't the authors of a collection from adding
   things to it (handled by forcing the user check in the query)
 - request url in case invalid collection selected fixed
 - collection_item.author doesn't yet exist; removing the selection
   (we might want multiple people to be able to edit a collection in
   the future but that future does not yet exist; as Elrond said,
   remove this "false hope")

Thanks to Elrond to pointing out these issues.

And thanks to David Kindler for sponsoring this commit!
2013-03-04 10:12:48 -06:00
Christopher Allan Webber
5302477671 self.media_data->self.media_manager in the docstring. Thanks for catching, Elrond.
This commit sponsored by Sebastian Hugentobler.  Thank you!
2013-03-03 16:28:16 -06:00
Christopher Allan Webber
e77df64fd1 No reason really to pass in fetch_order anyway...
I think this is legacy code from get_display_media being a utility, or
something.  Removed!  (Thanks for pointing this out, Elrond!)

This commit sponsored by Tristan Chambers.  Thank you!
2013-03-03 15:40:49 -06:00
Sebastian Spaeth
99a54c0095 Make copying to/from storage systems memory efficient (#419)
The copy_locally and copy_local_to_storage (very inconsistent terms BTW)
were simply slurping in everything in RAM and writing it out at once.
(the copy_locally was actually memory efficient if the remote system was local)

Use shutil.copyfileobj which does chunked reads/writes on file objects.
The default buffer size is 16kb, and as each chunk means a separate HTTP
request for e.g. cloudfiles, we use a chunksize of 4MB here (which has
just been arbitrarily set by me without tests).

This should help with the failure to upload large files issue #419.
2013-03-03 14:40:06 -06:00
Christopher Allan Webber
4f239ff194 Another elrond suggestion: only init orig_metadata if there's anything in the dict.
This commit sponsored by Joshua Rosen.  Thank you!
2013-03-03 14:29:30 -06:00