against UTF-7, and create a $.gallery_autocomplete variant of jQuery's
autocomplete that expects the first line to be a <meta> tag and
discards it. More complete fix for #1871.
Akismet marks them as spam, we don't immediately flush them out of the
database on the next visit to Admin > Content > Comments.
Also warn the user about Akismet, and fix up the G2 import code to
reimport deleted comments.
mostly issues around uninitialized variables, calling non-static
functions in a static context, calling Session functions directly
instead of on its singleton, passing non-variables by reference, and
subclasses not using the same interface as the parent class.
This reverts commit 75cc4962a2.
Revert "Make sure that calls to the theme::get_var() have sane defaults in the event that the theme does not supply them."
This reverts commit 51f2b54767.
Revert "Update the installer to reflect the new location of the theme related options."
This reverts commit 678e22996d.
Revert "Create theme::get_var(), theme::set_var() methods to set the options of the active site theme. Change all refrences to theme options to use these methods. Update the version number of Gallery to 20 and move any them related options to the be stored under the active theme."
This reverts commit 26114972c3.
Revert "Currently Admin_Theme_Options controller assumes that all the themes will provide the same values. This change corrects that assumption and moves the management of the theme options, including creating the form and updating the theme options into the theme."
This reverts commit 1692ee1308.
and verifying user permissions, but there are several above-the-bar
changes:
1) Server add is now only available to admins. This is a hard
requirement because we have to limit server access (eg:
server_add::children) to a user subset and the current permission
model doesn't include that. Easiest fix is to restrict to admins.
Got rid of the server_add permission.
2) We now know check permissions at every level, which means in
controllers AND in helpers. This "belt and suspenders" approach will
give us defense in depth in case we overlook it in one area.
3) We now do CSRF checking in every controller method that changes the
code, in addition to the Forge auto-check. Again, defense in depth
and it makes scanning the code for security much simpler.
4) Moved Simple_Uploader_Controller::convert_filename_to_title to
item:convert_filename_to_title
5) Fixed a bug in sending notification emails.
6) Fixed the Organize code to verify that you only have access to your
own tasks. In general, added permission checks to organize which had
pretty much no validation code.
I did my best to verify every feature that I touched.
Significantly speed up the process by copying Gallery2 thumbnails and
resizes wherever possible instead of regenerating them. This requires
us to figure out the dimensions of the original G2 derivative and make
sure that it matches in some reasonable way.
To allow users to take advantage of this, calculate the optimal thumb
and resize size to set in G3 to match what was used in G2. While
we're at it, give the user some idea of how much data is available in
G2 to import.
