Squashed commit of the following:
commit 4c2b2ebd3f
Author: Chad Parry <github@chad.parry.org>
Date: Wed Apr 27 20:52:35 2011 -0600
Remove a newline at the end of the file that I accidentally introduced.
commit 6d564f185e
Merge: 7ff485f4060640
Author: Chad Parry <github@chad.parry.org>
Date: Wed Apr 27 20:35:58 2011 -0600
Merge branch 'master' of https://github.com/gallery/gallery3 into rawphoto
commit 7ff485fa48
Author: Chad Parry <github@chad.parry.org>
Date: Wed Apr 27 20:29:06 2011 -0600
Move the extensions helpers out of the Kohana system directory and into their own Gallery Extensions class.
commit 26585fed03
Merge: 809567fc8f90e8
Author: Chad Parry <github@chad.parry.org>
Date: Sun Apr 24 08:28:39 2011 -0600
Merge branch 'master' of https://github.com/gallery/gallery3 into rawphoto
commit 809567f128
Author: Chad Parry <github@chad.parry.org>
Date: Sun Apr 24 08:10:04 2011 -0600
Expose the data file field.
commit fcb06bf175
Author: Chad Parry <github@chad.parry.org>
Date: Sun Apr 24 00:45:12 2011 -0600
Don't assign to the item->name field if the name is unchanged, because the save method will crash.
commit c6ef706d70
Author: Chad Parry <github@chad.parry.org>
Date: Sat Apr 23 22:55:59 2011 -0600
Preserve old data files long enough for them to be available to event handlers.
commit 0d6a3a3cfc
Author: Chad Parry <github@chad.parry.org>
Date: Sat Apr 23 21:19:47 2011 -0600
Create a tempnam substitute that safely creates files with a given extension.
commit e149cf7238
Author: Chad Parry <github@chad.parry.org>
Date: Sat Apr 23 16:39:25 2011 -0600
Support data files that change their extension and MIME type.
commit 6702104f57
Author: Chad Parry <github@chad.parry.org>
Date: Sat Apr 23 16:35:00 2011 -0600
Resolve an infinite recursion that happens when the path caches are updated during saving.
commit 944cb72eea
Merge: 567522b5af74d4
Author: Chad Parry <github@chad.parry.org>
Date: Fri Apr 22 14:10:42 2011 -0600
Merge remote branch 'origin/master' into rawphoto
commit 567522bfa0
Author: Chad Parry <github@chad.parry.org>
Date: Thu Apr 21 20:12:32 2011 -0600
Add an event for when a new graphics toolkit is chosen.
commit 31ba081b79
Author: Chad Parry <github@chad.parry.org>
Date: Thu Apr 21 02:06:53 2011 -0600
Add an event that will collect all valid filename extensions.
identifies situations where its restricted by open_basedir.
We now track more informatoin about the toolkit including the version
and any errors we encountered while doing the detection so that we can
provide more info downstream. This makes graphics::detect_toolkits()
a little heavier, but that's ok because it should not be called very
often.
In the process, refactor the controller and view hierarchy so that
it's a little more straightforward in the code.
Fixes ticket #616.
and verifying user permissions, but there are several above-the-bar
changes:
1) Server add is now only available to admins. This is a hard
requirement because we have to limit server access (eg:
server_add::children) to a user subset and the current permission
model doesn't include that. Easiest fix is to restrict to admins.
Got rid of the server_add permission.
2) We now know check permissions at every level, which means in
controllers AND in helpers. This "belt and suspenders" approach will
give us defense in depth in case we overlook it in one area.
3) We now do CSRF checking in every controller method that changes the
code, in addition to the Forge auto-check. Again, defense in depth
and it makes scanning the code for security much simpler.
4) Moved Simple_Uploader_Controller::convert_filename_to_title to
item:convert_filename_to_title
5) Fixed a bug in sending notification emails.
6) Fixed the Organize code to verify that you only have access to your
own tasks. In general, added permission checks to organize which had
pretty much no validation code.
I did my best to verify every feature that I touched.
Kohana makes this type of transition fairly straightforward in that
all controllers/helpers/etc are still located in the cascading
filesystem without any extra effort, except that I've temporarily
added a hack to force modules/gallery into the module path.
Rename what's left of "core" to be "application" so that it conforms
more closely to the Kohana standard (basically, just
application/config/config.php which is the minimal thing that you need
in the application directory)
There's still considerable work left to be done here.
