| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
The previous code was theoretically subject to timing attacks, where
an attacker could read the key in between the time it was saved to the
file and when the chmod happened. This version prevents that by using
umasks to ensure the files always have the right permissions.
This version also avoids using a key that cannot be saved due to some
system setup bug.
|
| | |
|
| |
|
|
|
|
| |
This makes session.__init__ slightly more complicated but probably
simplifies everything else, especially if we make the class smarter
later by having it track changes itself.
|
| |
|
|
| |
This is all obsoleted by It's Dangerous.
|
| | |
|
| |
|
|
| |
This is a contribution to #668.
|
| |
|
|
| |
Set mode 700 on the directory, mode 600 on the file.
|
| | |
|
| |
|
|
|
| |
Implement the basic infrastructure for using itsdangerous
in mediagoblin. Usage instructions will follow.
|
| |
|
|
|
|
|
|
| |
This function receives part of an upload. Does most
parameter validation, but does not safe the data anywhere
for now.
Also fake pwg.images.exist
|
| |
|
|
|
|
|
|
|
|
|
| |
- pwg.session.getStatus returns the current user as
"fake_user". When we have a session, we'll return
something better.
- pwg.categories.getList add a name and the parent id for
its one and only "collection".
- Improve logging a bit.
|
| |
|
|
|
|
|
| |
shotwell needs a pwg_id cookie to continue.
And really, it's the only cookie it supports, so in the
long run, we need to send a proper session cookie as
pwg_id.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
- The xml formatting is now in the main function.
- Add PwgNamedArray to have named lists in xml output.
- Remove gmg.test method
|
| | |
|
| |
|
|
|
|
|
| |
This one just puts up the basic endpoint, some
infrastructure and a fake login method.
Lots more needed.
|
| |
|
|
|
|
|
|
| |
exif_fix_image_orientation
Thanks to dnet for catching this.
This commit sponsored by Chester Zeller. Thanks!
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
There were some "serializing to json strings" issues. They should be
fixed now... much more careful whitelist and cleaning of the video
"tags" metadata out of gstreamer.
This commit sponsored by Aimee Sullivan. Thanks!
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The problem is:
Collection.query.filter_by(id=X, ...)
1. X = form.collection.data
This works nicely for the completely empty form (X = None).
It does not work for a selected collection, because X
will be the collection, not its id.
2. X = request.form.get('collection') (old code).
This one works mostly, except for the completely empty
form on postgres, because in this case X = u"__None" and
postgres does not like comparing an integer column with
a string.
Fix:
collection = form.collection.data
if collection and collection.creator != request.user.id:
collection = None
|
| | |
|
| |
|
|
|
|
|
|
| |
"vp8 video" is what vp8 is marked as in gstreamer's metadata.
However, the browser expects it just as the name "vp8". So fixing
that.
This commit sponsored by Tyng-Ruey Chuang. Thank you!
|
| | |
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| | |
In the case of if we're skipping transcoding, we don't need to copy
this file at all!
This commit sponsored by Frank Zambrini III. Thanks!
|
| | |\ |
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Elrond.
This commit sponsored by Sebastian Hugentobler. Thank you!
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
I think this is legacy code from get_display_media being a utility, or
something. Removed! (Thanks for pointing this out, Elrond!)
This commit sponsored by Tristan Chambers. Thank you!
|
| | | |
| | |
| | |
| | |
| | |
| | | |
the dict.
This commit sponsored by Joshua Rosen. Thank you!
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
The reason for this is to avoid defining this twice as we were
previously (once in the template, once in video/models.py)
This commit sponsored by Roland McIntosh. Thank you!
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
It's kind of awkward because it relies on there being a entry.media_data,
but that's not guaranteed... (see http://issues.mediagoblin.org/ticket/650)
so we use a dopey fallback in the template in that case (kind of
annoying info duplication).
This commit sponsored by Piotr Wieczorek. Thank you!
|
| | | |
| | |
| | |
| | | |
This commit sponsored by Jukka Hellen. Thanks!
|
| | | |
| | |
| | |
| | |
| | |
| | | |
This will make some stuff a bit cleaner that's coming up...
This commit sponsored by J B Nicholson-Owens. Thanks!
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Of course, the version that appears here is not really dangerous
because it's for the "call the file individually" form of debugging,
but it isn't allowed anyway.
This commit sponsored by Michael Faryniarz. Thanks!
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This comes in several parts:
- Store the metadata from gstreamer during processing
- Add a new JSONEncoded field to the VideoData table
- And, of course, add a migration for that field!
This commit sponsored by Julius Tuomisto. Thank you, Julius!
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
transcode
- Update get_display_media in several ways:
- now uses the media type's own declaration of the order of things
- returns both the media_size and the media_path, as per the docstring
- implicitly uses self.media_files as opposed to forcing you to pass it in
- update videos to use get_display_media
- update images to declare media_fetch_order in the media manager (videos also)
- update stl to use media.media_files['original'] instead of weird
use of get_display_media
- update sidebar to only conditionally show webm_640
TODO still: identify video type information *during* processing, show
that in the <video><source /></video> element.
This commit sponsored by Nathan Yergler. Thanks, nyergler!
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
There's no reason to copy it over to 'webm_640' in such a case,
clearly.
Added logic so we don't do it twice either.
Haven't tested this yet though ;)
This commit sponsored by Algot Runeman. Thank you!
|
| | | |\
| | | |
| | | |
| | | |
| | | | |
Conflicts:
mediagoblin/config_spec.ini
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
- If the video input matches the configurable rules, just copy it to the
output without transcoding it.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
That's true; I'm not sure what it's fixing, but he thinks it's fixing
something. Anyway, it's correct :)
This commit sponsored by Philippe Gauthier. Thanks!
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
during migrations
This commit sponsored by Andrzej Prochyra. Thanks!
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
- Don't let people who aren't the authors of a collection from adding
things to it (handled by forcing the user check in the query)
- request url in case invalid collection selected fixed
- collection_item.author doesn't yet exist; removing the selection
(we might want multiple people to be able to edit a collection in
the future but that future does not yet exist; as Elrond said,
remove this "false hope")
Thanks to Elrond to pointing out these issues.
And thanks to David Kindler for sponsoring this commit!
|
| |/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The copy_locally and copy_local_to_storage (very inconsistent terms BTW)
were simply slurping in everything in RAM and writing it out at once.
(the copy_locally was actually memory efficient if the remote system was local)
Use shutil.copyfileobj which does chunked reads/writes on file objects.
The default buffer size is 16kb, and as each chunk means a separate HTTP
request for e.g. cloudfiles, we use a chunksize of 4MB here (which has
just been arbitrarily set by me without tests).
This should help with the failure to upload large files issue #419.
|
