Escape titles and dates on their way out of the HTML. It _shouldn't_ be
[pr0n] / perl / Sesse / pr0n / Index.pm
1 package Sesse::pr0n::Index;
2 use strict;
3 use warnings;
4
5 use Sesse::pr0n::Common qw(error dberror);
6 use Apache2::Request;
7 use POSIX;
8
9 sub handler {
10         my $r = shift;
11         my $apr = Apache2::Request->new($r);
12         my $dbh = Sesse::pr0n::Common::get_dbh();
13
14         # Find the event
15         $r->uri =~ m#^/([a-zA-Z0-9-]+)/?$#
16                 or error($r, "Could not extract event");
17         my $event = $1;
18
19         # Fix common error: pr0n.sesse.net/event -> pr0n.sesse.net/event/
20         if ($r->uri !~ m#/$#) {
21                 $r->headers_out->{'location'} = "/$event/";
22                 return Apache2::Const::REDIRECT;
23         }
24
25         # Internal? (Ugly?) 
26         if ($r->get_server_name =~ /internal/ || $r->get_server_name =~ /skoyen\.bilder\.knatten\.com/) {
27                 my $user = Sesse::pr0n::Common::check_access($r);
28                 if (!defined($user)) {
29                         return Apache2::Const::OK;
30                 }
31         }
32
33         # Read the appropriate settings from the query string into the settings hash
34         my %defsettings = (
35                 thumbxres => 80,
36                 thumbyres => 64,
37                 xres => -1,
38                 yres => -1,
39                 start => 1,
40                 num => -1,
41                 all => 1,
42                 infobox => 1,
43                 rot => 0,
44                 sel => 0,
45                 fullscreen => 0,
46         );
47         
48         # Any NEF files => default to processing
49         my $ref = $dbh->selectrow_hashref('SELECT * FROM images WHERE event=? AND LOWER(filename) LIKE \'%.nef\' LIMIT 1',
50                 undef, $event)
51                 and $defsettings{'xres'} = $defsettings{'yres'} = undef;
52         
53         # Reduce the front page load when in overload mode.
54         if (Sesse::pr0n::Overload::is_in_overload($r)) {
55                 $defsettings{'num'} = 100;
56         }
57                 
58         my %settings = %defsettings;
59
60         for my $s qw(thumbxres thumbyres xres yres start num all infobox rot sel fullscreen) {
61                 my $val = $apr->param($s);
62                 if (defined($val) && $val =~ /^(\d+)$/) {
63                         $settings{$s} = $val;
64                 }
65                 if (($s eq "num" || $s eq "xres" || $s eq "yres") && defined($val) && $val == -1) {
66                         $settings{$s} = $val;
67                 }
68         }
69
70         my $thumbxres = $settings{'thumbxres'};
71         my $thumbyres = $settings{'thumbyres'};
72         my $xres = $settings{'xres'};
73         my $yres = $settings{'yres'};
74         my $start = $settings{'start'};
75         my $num = $settings{'num'};
76         my $all = $settings{'all'};
77         my $infobox = $settings{'infobox'} ? '' : 'nobox/';
78         my $rot = $settings{'rot'};
79         my $sel = $settings{'sel'};
80
81         if (defined($num) && $num == -1) {
82                 $num = undef;
83         }
84
85         $ref = $dbh->selectrow_hashref('SELECT name,date,EXTRACT(EPOCH FROM last_update) AS last_update FROM events WHERE id=? AND vhost=?',
86                 undef, $event, $r->get_server_name)
87                 or error($r, "Could not find event $event", 404, "File not found");
88
89         my $date = HTML::Entities::encode_entities(Encode::decode_utf8($ref->{'date'}));
90         my $name = HTML::Entities::encode_entities(Encode::decode_utf8($ref->{'name'}));
91         $r->set_last_modified($ref->{'last_update'});
92                                 
93         # If the client can use cache, do so
94         if ((my $rc = $r->meets_conditions) != Apache2::Const::OK) {
95                 return $rc;
96         }
97         
98         # Count the number of selected images.
99         $ref = $dbh->selectrow_hashref("SELECT COUNT(*) AS num_selected FROM images WHERE event=? AND selected=\'t\'", undef, $event);
100         my $num_selected = $ref->{'num_selected'};
101
102         # Find all images related to this event.
103         my $q;
104         my $where = ($all == 0) ? ' AND selected=\'t\'' : '';
105
106         if (defined($start) && defined($num) && !$settings{'fullscreen'}) {
107                 $q = $dbh->prepare("SELECT *, (date - INTERVAL '6 hours')::date AS day FROM images WHERE event=? $where ORDER BY (date - INTERVAL '6 hours')::date,takenby,date,filename LIMIT $num OFFSET " . ($start-1))
108                         or dberror($r, "prepare()");
109         } else {
110                 $q = $dbh->prepare("SELECT *, (date - INTERVAL '6 hours')::date AS day FROM images WHERE event=? $where ORDER BY (date - INTERVAL '6 hours')::date,takenby,date,filename")
111                         or dberror($r, "prepare()");
112         }
113         $q->execute($event)
114                 or dberror($r, "image enumeration");
115
116         # Print the page itself
117         if ($settings{'fullscreen'}) {
118                 $r->content_type("text/html; charset=utf-8");
119                 Sesse::pr0n::Templates::print_template($r, "fullscreen-header", { title => "$name [$event]" });
120                 while (my $ref = $q->fetchrow_hashref()) {
121                         $r->print("        \"" . $infobox . $ref->{'filename'} . "\",\n");
122                 }
123
124                 my %settings_no_fullscreen = %settings;
125                 $settings_no_fullscreen{'fullscreen'} = 0;
126
127                 my $returnurl = "http://" . $r->get_server_name . "/" . $event . "/" .
128                         Sesse::pr0n::Common::get_query_string(\%settings_no_fullscreen, \%defsettings);
129
130                 # *whistle*
131                 $returnurl =~ s/&/&/g;
132
133                 Sesse::pr0n::Templates::print_template($r, "fullscreen-footer", {
134                         vhost => $r->get_server_name,
135                         event => $event,
136                         start => $settings{'start'} - 1,
137                         returnurl => $returnurl,
138                         sel => $settings{'sel'},
139                 });
140         } else {
141                 Sesse::pr0n::Common::header($r, "$name [$event]");
142                 Sesse::pr0n::Templates::print_template($r, "date", { date => $date });
143
144                 if (Sesse::pr0n::Overload::is_in_overload($r)) {
145                         Sesse::pr0n::Templates::print_template($r, "overloadmode");
146                 }
147
148                 print_thumbsize($r, $event, \%settings, \%defsettings);
149                 print_viewres($r, $event, \%settings, \%defsettings);
150                 print_pagelimit($r, $event, \%settings, \%defsettings);
151                 print_infobox($r, $event, \%settings, \%defsettings);
152                 print_nextprev($r, $event, \%settings, \%defsettings);
153                 print_selected($r, $event, \%settings, \%defsettings) if ($num_selected > 0);
154                 print_fullscreen($r, $event, \%settings, \%defsettings);
155
156                 my $toclose = 0;
157                 my $lastupl = "";
158                 
159                 # Print out all thumbnails
160                 if ($rot == 1) {
161                         $r->print("    <form method=\"post\" action=\"/rotate\">\n");
162                         $r->print("      <input type=\"hidden\" name=\"event\" value=\"$event\" />\n");
163                 
164                         while (my $ref = $q->fetchrow_hashref()) {
165                                 my $imgsz = "";
166                                 my $takenby = $ref->{'takenby'};
167                                 if (defined($ref->{'day'})) {
168                                          $takenby .= ", " . $ref->{'day'};
169                                 }
170
171                                 if ($takenby ne $lastupl) {
172                                         $lastupl = $takenby;
173                                         Sesse::pr0n::Templates::print_template($r, "submittedby", { author => $lastupl });
174                                 }
175                                 if ($ref->{'width'} != -1 && $ref->{'height'} != -1) {
176                                         my $width = $ref->{'width'};
177                                         my $height = $ref->{'height'};
178                                                 
179                                         ($width, $height) = Sesse::pr0n::Common::scale_aspect($width, $height, $thumbxres, $thumbyres);
180                                         $imgsz = " width=\"$width\" height=\"$height\"";
181                                 }
182
183                                 my $filename = $ref->{'filename'};
184                                 my $uri = $infobox . $filename;
185                                 if (defined($xres) && defined($yres) && $xres != -1) {
186                                         $uri = "${xres}x$yres/$infobox$filename";
187                                 } elsif (defined($xres) && $xres == -1) {
188                                         $uri = "original/$infobox$filename";
189                                 }
190
191                                 $r->print("    <p><a href=\"$uri\"><img src=\"${thumbxres}x${thumbyres}/$filename\" alt=\"\"$imgsz /></a>\n");
192                                 $r->print("      90 <input type=\"checkbox\" name=\"rot-" .
193                                         $ref->{'id'} . "-90\" />\n");
194                                 $r->print("      180 <input type=\"checkbox\" name=\"rot-" .
195                                         $ref->{'id'} . "-180\" />\n");
196                                 $r->print("      270 <input type=\"checkbox\" name=\"rot-" .
197                                         $ref->{'id'} . "-270\" />\n");
198                                 $r->print("      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;" .
199                                         "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Del <input type=\"checkbox\" name=\"del-" . $ref->{'id'} . "\" /></p>\n");
200                         }
201                         $r->print("      <input type=\"submit\" value=\"Rotate\" />\n");
202                         $r->print("    </form>\n");
203                 } elsif ($sel == 1) {
204                         $r->print("    <form method=\"post\" action=\"/select\">\n");
205                         $r->print("      <input type=\"hidden\" name=\"event\" value=\"$event\" />\n");
206                 
207                         while (my $ref = $q->fetchrow_hashref()) {
208                                 my $imgsz = "";
209                                 my $takenby = $ref->{'takenby'};
210                                 if (defined($ref->{'day'})) {
211                                          $takenby .= ", " . $ref->{'day'};
212                                 }
213
214                                 if ($takenby ne $lastupl) {
215                                         $lastupl = $takenby;
216                                         Sesse::pr0n::Templates::print_template($r, "submittedby", { author => $lastupl });
217                                 }
218                                 if ($ref->{'width'} != -1 && $ref->{'height'} != -1) {
219                                         my $width = $ref->{'width'};
220                                         my $height = $ref->{'height'};
221                                                 
222                                         ($width, $height) = Sesse::pr0n::Common::scale_aspect($width, $height, $thumbxres, $thumbyres);
223                                         $imgsz = " width=\"$width\" height=\"$height\"";
224                                 }
225
226                                 my $filename = $ref->{'filename'};
227                                 my $uri = $infobox . $filename;
228                                 if (defined($xres) && defined($yres) && $xres != -1) {
229                                         $uri = "${xres}x$yres/$infobox$filename";
230                                 } elsif (defined($xres) && $xres == -1) {
231                                         $uri = "original/$infobox$filename";
232                                 }
233
234                                 my $selected = $ref->{'selected'} ? ' checked="checked"' : '';
235
236                                 $r->print("    <p><a href=\"$uri\"><img src=\"${thumbxres}x${thumbyres}/$filename\" alt=\"\"$imgsz /></a>\n");
237                                 $r->print("      <input type=\"checkbox\" name=\"sel-" .
238                                         $ref->{'id'} . "\"$selected /></p>\n");
239                         }
240                         $r->print("      <input type=\"submit\" value=\"Select\" />\n");
241                         $r->print("    </form>\n");
242                 } else {
243                         while (my $ref = $q->fetchrow_hashref()) {
244                                 my $imgsz = "";
245                                 my $takenby = $ref->{'takenby'};
246                                 if (defined($ref->{'day'})) {
247                                          $takenby .= ", " . $ref->{'day'};
248                                 }
249
250                                 if ($takenby ne $lastupl) {
251                                         $r->print("    </p>\n\n") if ($lastupl ne "");
252                                         $lastupl = $takenby;
253                                         Sesse::pr0n::Templates::print_template($r, "submittedby", { author => $lastupl });
254                                         $r->print("    <p>\n");
255                                 }
256                                 if ($ref->{'width'} != -1 && $ref->{'height'} != -1) {
257                                         my $width = $ref->{'width'};
258                                         my $height = $ref->{'height'};
259                                                 
260                                         ($width, $height) = Sesse::pr0n::Common::scale_aspect($width, $height, $thumbxres, $thumbyres);
261                                         $imgsz = " width=\"$width\" height=\"$height\"";
262                                 }
263
264                                 my $filename = $ref->{'filename'};
265                                 my $uri = $infobox . $filename;
266                                 if (defined($xres) && defined($yres) && $xres != -1) {
267                                         $uri = "${xres}x$yres/$infobox$filename";
268                                 } elsif (defined($xres) && $xres == -1) {
269                                         $uri = "original/$infobox$filename";
270                                 }
271                                 
272                                 $r->print("      <a href=\"$uri\"><img src=\"${thumbxres}x${thumbyres}/$filename\" alt=\"\"$imgsz /></a>\n");
273                         }
274                         $r->print("    </p>\n");
275                 }
276
277                 print_nextprev($r, $event, \%settings, \%defsettings);
278                 Sesse::pr0n::Common::footer($r);
279         }
280
281         return Apache2::Const::OK;
282 }
283
284 sub eq_with_undef {
285         my ($a, $b) = @_;
286         
287         return 1 if (!defined($a) && !defined($b));
288         return 0 unless (defined($a) && defined($b));
289         return ($a eq $b);
290 }
291
292 sub print_changes {
293         my ($r, $event, $template, $settings, $defsettings, $var1, $var2, $alternatives) = @_;
294
295         my $title = Sesse::pr0n::Templates::fetch_template($r, $template);
296         chomp $title;
297         $r->print("    <p>$title:\n");
298
299         for my $a (@$alternatives) {
300                 my $text;
301                 my %newsettings = %$settings;
302
303                 if (ref $a) {
304                         my ($v1, $v2);
305                         ($text, $v1, $v2) = @$a;
306                         
307                         $newsettings{$var1} = $v1;
308                         $newsettings{$var2} = $v2;
309                 } else {
310                         $text = $a;
311
312                         # Parse the current alternative
313                         my ($v1, $v2) = split /x/, $a;
314
315                         $newsettings{$var1} = $v1;
316                         $newsettings{$var2} = $v2;
317                 }
318
319                 $r->print("      ");
320
321                 # Check if these settings are current (print only label)
322                 if (eq_with_undef($settings->{$var1}, $newsettings{$var1}) &&
323                     eq_with_undef($settings->{$var2}, $newsettings{$var2})) {
324                         $r->print($text);
325                 } else {
326                         Sesse::pr0n::Common::print_link($r, $text, "/$event/", \%newsettings, $defsettings);
327                 }
328                 $r->print("\n");
329         }
330         $r->print("    </p>\n");
331 }
332
333 sub print_thumbsize {
334         my ($r, $event, $settings, $defsettings) = @_;
335         my @alternatives = qw(80x64 120x96 160x128 240x192 320x256);
336
337         print_changes($r, $event, 'thumbsize', $settings, $defsettings,
338                       'thumbxres', 'thumbyres', \@alternatives);
339 }
340 sub print_viewres {
341         my ($r, $event, $settings, $defsettings) = @_;
342         my @alternatives = qw(320x256 512x384 640x480 800x600 1024x768 1280x960);
343         chomp (my $unlimited = Sesse::pr0n::Templates::fetch_template($r, 'viewres-unlimited'));
344         chomp (my $original = Sesse::pr0n::Templates::fetch_template($r, 'viewres-original'));
345         push @alternatives, [ $unlimited, undef, undef ];
346         push @alternatives, [ $original, -1, -1 ];
347
348         print_changes($r, $event, 'viewres', $settings, $defsettings,
349                       'xres', 'yres', \@alternatives);
350 }
351
352 sub print_pagelimit {
353         my ($r, $event, $settings, $defsettings) = @_;
354         
355         my $title = Sesse::pr0n::Templates::fetch_template($r, 'imgsperpage');
356         chomp $title;
357         $r->print("    <p>$title:\n");
358         
359         # Get choices
360         chomp (my $unlimited = Sesse::pr0n::Templates::fetch_template($r, 'imgsperpage-unlimited'));
361         my @alternatives = qw(10 50 100 500);
362         push @alternatives, $unlimited;
363         
364         for my $num (@alternatives) {
365                 my %newsettings = %$settings;
366
367                 if ($num !~ /^\d+$/) { # unlimited
368                         $newsettings{'num'} = -1;
369                 } else {
370                         $newsettings{'num'} = $num;
371                 }
372
373                 $r->print("      ");
374                 if (eq_with_undef($settings->{'num'}, $newsettings{'num'})) {
375                         $r->print($num);
376                 } else {
377                         Sesse::pr0n::Common::print_link($r, $num, "/$event/", \%newsettings, $defsettings);
378                 }
379                 $r->print("\n");
380         }
381         $r->print("    </p>\n");
382 }
383
384 sub print_infobox {
385         my ($r, $event, $settings, $defsettings) = @_;
386
387         chomp (my $title = Sesse::pr0n::Templates::fetch_template($r, 'infobox'));
388         chomp (my $on = Sesse::pr0n::Templates::fetch_template($r, 'infobox-on'));
389         chomp (my $off = Sesse::pr0n::Templates::fetch_template($r, 'infobox-off'));
390
391         $r->print("    <p>$title:\n");
392
393         my %newsettings = %$settings;
394
395         if ($settings->{'infobox'} == 1) {
396                 $r->print($on);
397         } else {
398                 $newsettings{'infobox'} = 1;
399                 Sesse::pr0n::Common::print_link($r, $on, "/$event/", \%newsettings, $defsettings);
400         }
401
402         $r->print(' ');
403
404         if ($settings->{'infobox'} == 0) {
405                 $r->print($off);
406         } else {
407                 $newsettings{'infobox'} = 0;
408                 Sesse::pr0n::Common::print_link($r, $off, "/$event/", \%newsettings, $defsettings);
409         }
410         
411         $r->print('</p>');
412 }
413
414 sub print_nextprev {
415         my ($r, $event, $settings, $defsettings) = @_;
416         my $start = $settings->{'start'};
417         my $num = $settings->{'num'};
418         my $dbh = Sesse::pr0n::Common::get_dbh();
419
420         $num = undef if (defined($num) && $num == -1);
421         return unless (defined($start) && defined($num));
422
423         # determine total number
424         my $ref = $dbh->selectrow_hashref('SELECT count(*) AS num_images FROM images WHERE event=?',
425                 undef, $event)
426                 or dberror($r, "image enumeration");
427         my $num_images = $ref->{'num_images'};
428
429         return if ($start == 1 && $start + $num >= $num_images);
430
431         my $end = $start + $num - 1;
432         if ($end > $num_images) {
433                 $end = $num_images;
434         }
435
436         $r->print("    <p>\n");
437
438         # Previous
439         if ($start > 1) {
440                 my $newstart = $start - $num;
441                 if ($newstart < 1) {
442                         $newstart = 1;
443                 }
444                 my $newend = $newstart + $num - 1;
445                 if ($newend > $num_images) {
446                         $newend = $num_images;
447                 }
448
449                 my %newsettings = %$settings;
450                 $newsettings{'start'} = $newstart;
451                 chomp (my $title = Sesse::pr0n::Templates::fetch_template($r, 'prevpage'));
452                 chomp (my $accesskey = Sesse::pr0n::Templates::fetch_template($r, 'prevaccesskey'));
453                 Sesse::pr0n::Common::print_link($r, "$title ($newstart-$newend)\n", "/$event/", \%newsettings, $defsettings, $accesskey);
454         }
455
456         # This
457         chomp (my $title = Sesse::pr0n::Templates::fetch_template($r, 'thispage'));
458         $r->print("    $title ($start-$end)\n");
459
460         # Next
461         if ($end < $num_images) {
462                 my $newstart = $start + $num;
463                 my $newend = $newstart + $num - 1;
464                 if ($newend > $num_images) {
465                         $newend = $num_images;
466                 }
467                 
468                 my %newsettings = %$settings;
469                 $newsettings{'start'} = $newstart;
470                 chomp (my $title = Sesse::pr0n::Templates::fetch_template($r, 'nextpage'));
471                 chomp (my $accesskey = Sesse::pr0n::Templates::fetch_template($r, 'nextaccesskey'));
472                 Sesse::pr0n::Common::print_link($r, "$title ($newstart-$newend)", "/$event/", \%newsettings, $defsettings, $accesskey);
473         }
474
475         $r->print("    </p>\n");
476 }
477
478 sub print_selected {
479         my ($r, $event, $settings, $defsettings) = @_;
480
481         chomp (my $title = Sesse::pr0n::Templates::fetch_template($r, 'show'));
482         chomp (my $all = Sesse::pr0n::Templates::fetch_template($r, 'show-all'));
483         chomp (my $sel = Sesse::pr0n::Templates::fetch_template($r, 'show-selected'));
484
485         $r->print("    <p>$title:\n");
486
487         my %newsettings = %$settings;
488
489         if ($settings->{'all'} == 0) {
490                 $r->print($sel);
491         } else {
492                 $newsettings{'all'} = 0;
493                 Sesse::pr0n::Common::print_link($r, $sel, "/$event/", \%newsettings, $defsettings);
494         }
495
496         $r->print(' ');
497
498         if ($settings->{'all'} == 1) {
499                 $r->print($all);
500         } else {
501                 $newsettings{'all'} = 1;
502                 Sesse::pr0n::Common::print_link($r, $all, "/$event/", \%newsettings, $defsettings);
503         }
504         
505         $r->print('</p>');
506 }
507
508 sub print_fullscreen {
509         my ($r, $event, $settings, $defsettings) = @_;
510
511         chomp (my $title = Sesse::pr0n::Templates::fetch_template($r, 'fullscreen'));
512
513         my %newsettings = %$settings;
514         $newsettings{'fullscreen'} = 1;
515
516         $r->print("    <p>");
517         Sesse::pr0n::Common::print_link($r, $title, "/$event/", \%newsettings, $defsettings);
518         $r->print("</p>\n");
519 }
520         
521 1;
522
523