stian/gallery3
1
0
Fork 0
mirror of https://github.com/Pathduck/gallery3.git synced 2026-04-10 16:05:21 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity
6,949 Commits 4 Branches 0 Tags
355679fa55bfa21e8475f52fb26efa0ff2a1bf0d
Commit Graph

18 Commits

Author SHA1 Message Date
Bharat Mediratta
355679fa55 Revert "Convert any UTF-7 to UTF-8 so that fragment pages (like AJAX replies)" 
This will break many legal UTF-8 strings.

This reverts commit 1c5c2e7de4.
 2012-05-16 12:01:41 -07:00
Bharat Mediratta
1c5c2e7de4 Convert any UTF-7 to UTF-8 so that fragment pages (like AJAX replies) 
won't be mistakenly interpreted as UTF-7.  Fixes #1869.
 2012-05-16 11:32:28 -07:00
Bharat Mediratta
bf2bb3e1ea Update copyright to 2012. #1822 2012-02-27 09:48:23 -08:00
Bharat Mediratta
423daa52d5 Update copyright to 2011. 2011-01-21 23:01:06 -08:00
Bharat Mediratta
c3c2b45280 Update the copyright to 2010. It's only 3 months into the year :-) 2010-03-03 10:15:34 -08:00
Bharat Mediratta
2e420522ec Preliminary work to cut over to Kohana 2.4 
- Kohana::log() -> Kohana_Log::add()
- Kohana::config_XXX -> Kohana_Config::instance()->XXX
- Implement View::set_global in MY_View
- Updated Cache_Database_Driver to latest APIs
- ORM::$loaded -> ORM::loaded()
- Updated item::viewable() to use K2.4 parenthesization
 2009-11-25 13:22:24 -08:00
Andy Staudacher
c453c0ef82 Simplifying SafeString a bit: From a XSS HTML security point of view, treat clean() and purify() the same. 
No longer run a safe HTML string through the HTML purifier (since it's already marked as safe).

This also addresses the issue of calling purify() when no purifier is installed. In that case, we'd run clean() on a clean string (double HTML encoding).

If this approach doesn't work out, we can still modify the fallback code of purify() to check if the string is already clean before calling clean() instead of purify().
 2009-09-04 10:11:42 -07:00
Bharat Mediratta
82dd468002 Refactor interaction with the purifier module so that the API is 
cleaner and we don't need to know about the module innards.  Move the
config file over there too.
 2009-09-03 11:25:02 -07:00
Andy Staudacher
e2d5944e56 Minor performance improvement: Reduce module var cache lookups in SafeString. 2009-09-03 08:49:14 -07:00
Andy Staudacher
8f6a120b52 Ensure that purify isn't applied twice for an already purified SafeString 2009-09-03 08:39:44 -07:00
Tim Almdal
f2bbb2963a Remove debugging statementes 2009-09-02 07:07:47 -07:00
Tim Almdal
7fbd012d71 Move HTMLPurifier from core to contrib and make it optional. Delete the modules/gallery/lib and HTMLPurifier.php 2009-09-02 07:06:28 -07:00
Andy Staudacher
df38a890a6 Tabs to spaces cleanup 2009-08-30 18:07:13 -07:00
Andy Staudacher
beb711d6a0 Rename clean_js to js_string and have it return a complete JS string (with delimiters) instead of just the string contents. 
Benefits: Using json_encode(), which is very robust. And as a user, it's clearer how to use this API compared to what it was before.
 2009-08-30 15:21:02 -07:00
Andy Staudacher
83344b9e7d Bugfix: Don't forget to copy the _is_purified_html flag when cloning a SafeString. 2009-08-29 12:50:20 -07:00
Andy Staudacher
a10063ff68 Add more factory methods for convenience: 
SafeString::purify() and SafeString::of_safe_html().

Removing SafeString::mark_html_safe() since it's no longer needed.
 2009-08-29 12:34:09 -07:00
Andy Staudacher
7adb9ea2e3 Adding SafeString::for_html_attr() 2009-08-29 11:48:55 -07:00
Andy Staudacher
020281d932 Adding SafeString which is going to replace p::clean() and p::purify(). 
Refactoring of Xss_Security_Test.
t() and t2() return a SafeString instance.

TODO:
 - Update all code to use SafeString where appropriate.
 - Update golden fole of Xss_Security_Test
 - Stop reporting CLEAN vars in Xss_Security_Test
 2009-08-29 10:45:47 -07:00