stian/gallery3
1
0
Fork 0
mirror of https://github.com/Pathduck/gallery3.git synced 2026-05-10 23:19:06 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity
6,074 Commits 4 Branches 0 Tags
77ec06166320dee631bbffcf3d57b0e2debcb157
Commit Graph

199 Commits

Author SHA1 Message Date
Bharat Mediratta
90ba0f9237 Show the number of photos/albums the user owns in the Admin > Users 
page, and improve the message to explain what's going to happen to the
deleted user's items.  Partial fix for #1344, which I can't reproduce
now.
 2010-09-08 00:50:30 -07:00
Bharat Mediratta
ff1d8aea2f We use UTF-8 everywhere. Fixes ticket #1285. 2010-08-15 01:59:54 -07:00
Bharat Mediratta
c3ad4b5374 Whitespace fix 2010-08-08 17:14:09 -07:00
Bharat Mediratta
e5a1da71ed Convert tabs to spaces to fix File_Structure_Test. 2010-08-08 15:05:55 -07:00
Bharat Mediratta
3492f1712d Fix the i18n error message for missing/incorrect password. Fixes ticket #1265. 2010-08-01 22:18:22 -07:00
Tim Almdal
a453170727 Merge branch 'dialog' of github.com:gallery/gallery3 into dialog 2010-08-01 08:31:09 -07:00
Tim Almdal
fc580037e7 Merge branch 'master' into dialog 2010-08-01 08:26:39 -07:00
Bharat Mediratta
a5f701951e Add a localized error message for missing usernames. Fixes ticket #1266. 2010-08-01 01:33:59 -07:00
Bharat Mediratta
7607e1f932 Full pass over all the JSON encoding and JS dialog code. We now abide 
by the following rules:

1) An initial dialog or panel load can take either HTML or JSON, but
   the mime type must accurately reflect its payload.

2) dialog form submits can handle a pure HTML response, but the mime
   type must also be correct.  This properly resolves the problem
   where the reauth code gets a JSON response first from the reauth
   code, and then an HTML response when you reauth and continue on to
   a given form -- try it out with Admin > Settings > Advanced.

3) All JSON replies must set the mime type correctly.  The json::reply
   convenience function does this for us.

4) By default, any HTML content sent back in the JSON response should be
   in the "html" field, no longer the "form" field.

The combination of these allows us to stop doing boilerplate code like
this in our controllers:

  // Print our view, JSON encoded
  json::reply(array("form" => (string) $view));

instead, controllers can just return HTML, eg:

  // Print our view
  print $view;

That's much more intuitive for developers.
 2010-07-31 21:16:17 -07:00
Tim Almdal
91a2c04a24 More patches as part of #1225. Change the 'core' modules to use the json::reply 
method to set the content type header and encode the response as a json object
 2010-07-31 15:44:55 -07:00
Tim Almdal
89d18c0714 Partial fix for #1225 addresses the issues with the user edit forms. 2010-07-31 15:44:55 -07:00
Tim Almdal
48c2e73048 More patches as part of #1225. Change the 'core' modules to use the json::reply 
method to set the content type header and encode the response as a json object
 2010-07-23 23:05:39 -07:00
Tim Almdal
2cb87631b7 Partial fix for #1225 addresses the issues with the user edit forms. 2010-07-23 23:05:39 -07:00
Bharat Mediratta
af8bb05d5d Show the old group name in the error message when we fail to modify a group. Fixes ticket #1233. 2010-07-20 15:33:48 -07:00
Bharat Mediratta
e5b1a4fc23 Fix a bunch of missing or invalid error messages. Fixes ticket #1232. 2010-07-20 15:21:44 -07:00
Bharat Mediratta
112582daeb Add internationalized error messages for adding and editing groups. 2010-07-20 12:18:03 -07:00
Tim Almdal
dbf3199e46 Fix for ticket #1181. Use $.getJSON to retrieve the json contents of the dialog. Convert all the controllers 
that create the data to go into a dialog to return the html as part of a json object.
 2010-07-06 14:12:01 -07:00
ckieffer
f1076590f1 Add page_title to admin views. Closes #1038. 2010-04-30 00:08:37 -06:00
Bharat Mediratta
6d81feacae Change the key for invalid passwords from "invalid" to 
"invalid_password" to remove ambiguity.
 2010-04-17 12:28:46 -07:00
Bharat Mediratta
c3c2b45280 Update the copyright to 2010. It's only 3 months into the year :-) 2010-03-03 10:15:34 -08:00
Andy Staudacher
74113f869a Fix for ticket #1037: Only show language drop-down when there's actually a choice. 2010-02-27 20:21:22 -08:00
Andy Staudacher
a18ddd2fe9 Add more randomness to reset password mechanism. 2010-02-27 15:39:36 -08:00
Andy Staudacher
cd45c94fe6 Get rid of unnecessary view file. 2010-02-11 15:59:17 -08:00
Andy Staudacher
dc94f6e45a Include user name in logging message for failed password reset. As Bharat points out, t() ensures that parameters are escaped for XSS. 2010-02-11 14:35:05 -08:00
Andy Staudacher
cd98f85260 Fix for ticket 1010: Don't leak valid user names in "forgot password" form. 
Includes fixes for user forms as well (edit user / email / password).
 2010-02-11 13:11:31 -08:00
Andy Staudacher
55d42ec9da Fix password reset confirmation 2010-02-09 02:16:49 -08:00
Andy Staudacher
f93528ffab Last partial fix for ticket 585: Compartmentalize the admin area and require active authentication every 20 minutes to access the admin area. 
Also renaming auth::validate_too_many_failed_password_changes to validate_too_many_failed_auth_attempts since it's used in this generalized way in 3 places now.
 2010-02-07 15:37:32 -08:00
Bharat Mediratta
eda6e3af06 Rename user_authenticate_xxx events to user_auth_xxx for brevity. 2010-02-07 08:49:37 -08:00
Bharat Mediratta
aff5d1cef4 Create the concept of a "failed authentication" as semantically 
separate from a successful or failed login.

1) Rename user_login_failed event to user_authenticate_failed

2) Rename failed_logins table to failed_auth (bump Gallery module to
   v27 to rename the table)

3) auth::too_many_failed_logins -> auth::too_many_failures

4) auth::record_failed_auth_attempts -> auth::record_failed_attempts
   auth::clear_failed_auth_attempts  -> auth::clear_failed_attempts
 2010-02-07 08:45:10 -08:00
Andy Staudacher
163391ee39 Partial fix for ticket 585: Require current password when changing an account's email address. 
Still leaving the user/group admin page wide open though.
 2010-02-06 17:43:33 -08:00
Bharat Mediratta
f631c2a0e5 Fix up Admin_Users_Controller() form handling now that user_form.html 
is gone.  Fixes ticket #1005.
 2010-02-06 09:30:45 -08:00
Bharat Mediratta
99a7f470b9 Protect password changes against brute force attacks. 2010-02-02 21:48:01 -08:00
Bharat Mediratta
6e1b761b12 Require the current password to change your password. 
Fixes ticket #585.

Separate out the password change form from the regular edit user form.
Require the old password to enter a new one.  While I'm at it, roll
the password strength javascript into a Form_Script element so that we
can get rid of the old view (which incidentally fixes a bug where the
password strength meter would go away on form errors).
 2010-02-02 21:36:01 -08:00
Bharat Mediratta
22ea03847a Localize validation errors. 2010-02-01 21:27:15 -08:00
Bharat Mediratta
c050acf30a Fix lots of warnings that pop up when we're in E_STRICT mode. They're 
mostly issues around uninitialized variables, calling non-static
functions in a static context, calling Session functions directly
instead of on its singleton, passing non-variables by reference, and
subclasses not using the same interface as the parent class.
 2010-01-31 16:07:41 -08:00
Bharat Mediratta
79a1365991 Don't override the password in the database if it's empty in the form. 
Fixes ticket #995.
 2010-01-30 20:43:53 -08:00
Bharat Mediratta
f0ae2c8165 Localize edit form error messages. 2010-01-28 20:55:38 -08:00
Bharat Mediratta
e56318d07f Don't try to access ORM::$changed externally; it's protected. 2010-01-22 01:48:03 -08:00
Bharat Mediratta
f0780486ee Fix typo: edit_user -> add_user. 2010-01-20 22:53:51 -08:00
Bharat Mediratta
b23f62259d Stop using MY_ORM::original(). 2010-01-20 22:52:11 -08:00
Bharat Mediratta
9488684220 Move model rules down into their validate() function for consistency. 
Change "in_use" error to "conflict" for consistency.
 2010-01-17 12:30:24 -08:00
Bharat Mediratta
5c49c041e7 Use "(string) $form" instead of "$form->__toString()" 2010-01-16 22:42:02 -08:00
Bharat Mediratta
4a2d5bc9e2 Convert Users_Controller to model based validation. 2010-01-16 21:24:18 -08:00
Bharat Mediratta
6a4dda9bde Convert Admin_Users_Controller, User_Model and Group_Model to use 
model based validation.
 2010-01-16 21:15:12 -08:00
Bharat Mediratta
a691dcc63c Convert Admin_Users::add_user() to use model based validation. Get 
the rules and business logic out of the form and user::create(), and
move it into User_Model::save().
 2010-01-16 19:58:55 -08:00
Bharat Mediratta
ff728b3ccd Whitespace. 2010-01-16 17:51:57 -08:00
Bharat Mediratta
057e8d09af Convert a bunch of leftover kohana::show_404 calls to throw 
Kohana_404_Exception instead.  These are the ones where we used a
lower-case 'k' so my previous filter didn't catch it.
 2009-12-23 20:51:33 -08:00
Bharat Mediratta
0121bfd585 ORM::orderby -> ORM::order_by 2009-11-25 19:26:52 -08:00
Bharat Mediratta
2e420522ec Preliminary work to cut over to Kohana 2.4 
- Kohana::log() -> Kohana_Log::add()
- Kohana::config_XXX -> Kohana_Config::instance()->XXX
- Implement View::set_global in MY_View
- Updated Cache_Database_Driver to latest APIs
- ORM::$loaded -> ORM::loaded()
- Updated item::viewable() to use K2.4 parenthesization
 2009-11-25 13:22:24 -08:00
Tim Almdal
6bdb8c3d55 Correct inconsistent captialization. Fixes #906 2009-11-21 09:36:19 -08:00