stian/gallery3
1
0
Fork 0
mirror of https://github.com/Pathduck/gallery3.git synced 2026-04-18 03:29:19 -04:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
5,317 Commits 4 Branches 0 Tags
dcddc68f58dac2f0fe71f5a00ea4af32618efa13
Commit Graph

3310 Commits

Author SHA1 Message Date
Andy Staudacher
dcddc68f58 Never assign a SafeString instance to a Model member (or hell will break loose). 2010-02-15 13:12:38 -08:00
Tim Almdal
a597b57210 return the absolute url not the relative for the full size, resize and thumb images. 2010-02-15 12:29:49 -08:00
Andy Staudacher
4091219425 Fix for ticket #491: Make user and group names translatable. 
Also fixed a UI bug: No longer showing the edit user buttons to admins in the profile view (to be consistent with the requirements in the controller).
 2010-02-14 19:26:34 -08:00
Andy Staudacher
667d65aea4 Fix for ticket 901: Wrap Gallery version string into bdo tag to override the BiDi algorithm. Also, properly marking the "Powere by" string for translation. 
See: http://www.w3.org/International/tutorials/bidi-xhtml/#Slide0420
 2010-02-14 18:33:38 -08:00
Andy Staudacher
30dcaaa236 Need to allow access to ::change_provider for CLI, to make packager work. 2010-02-14 18:33:10 -08:00
Andy Staudacher
0eb9b43a33 Enable session expiration. Currently, it's set to expire sessions after 7 days of inactivity. 2010-02-14 17:26:57 -08:00
Andy Staudacher
74471df777 Minor security tightening of IdentityProvider::change_provider(). 2010-02-14 16:12:18 -08:00
Tim Almdal
141595e709 Create an items REST collection requests that accepts a list of resource urls and returns the items associated with them. 2010-02-14 07:35:03 -08:00
Tim Almdal
897215689c Remove the dirty flags from the information returned from the rest request for an item. In addition, add links to the images. 2010-02-14 07:32:35 -08:00
Tim Almdal
f37b93a7eb If the return object is empty still return the empty object in the json response. 2010-02-14 07:31:11 -08:00
Andy Staudacher
0f66db51ef Change JavaScript reauthentication check to check via XHR. 
Benefit: Getting the real deadline this way, not interfering with an ongoing maintenance task.
 2010-02-14 07:15:59 -08:00
Andy Staudacher
64e5d438c7 HTML validation, avoid empty <ul> 2010-02-14 07:15:58 -08:00
Andy Staudacher
1a951cb7f6 HTML validation fix (<script>) 2010-02-14 07:15:58 -08:00
Andy Staudacher
2dad1d7cd1 Some HTML validation fixes (don't render empty <ul> lists, empty id attributes, use &amp; not &) 2010-02-14 07:15:57 -08:00
Andy Staudacher
8412aeb133 For consistency, use straight Kohana_404_Exception instead of the event system. 2010-02-14 07:15:57 -08:00
Bharat Mediratta
e88e976fc4 Tighten up the text. 2010-02-12 13:49:14 -08:00
Andy Staudacher
d53f6d0e05 Fix for tickets 1009 and 603: Show a themed error page to guests / registered users (not to admins though). And show a login form to guests for 404 (incl. insufficient view permissions) errors. 2010-02-12 16:40:44 -08:00
Bharat Mediratta
ce71ea6aa7 Revert "1) Add a depth parameter to retrieving an item thru the rest api" 
This reverts commit 3439671bcf.
 2010-02-12 04:53:26 -08:00
Tim Almdal
3439671bcf 1) Add a depth parameter to retrieving an item thru the rest api 
2) Standardize the structure of members so that client programs can consistently
   parse the return information.
3) Added a summary parameter so that client programs can easily determine if the
   information returned is summary (item type, item title) or the full meal deal
 2010-02-12 09:52:57 -08:00
Andy Staudacher
cd45c94fe6 Get rid of unnecessary view file. 2010-02-11 15:59:17 -08:00
Andy Staudacher
dc94f6e45a Include user name in logging message for failed password reset. As Bharat points out, t() ensures that parameters are escaped for XSS. 2010-02-11 14:35:05 -08:00
Andy Staudacher
6353a7c2de Security: Fix leaking of album / photo names. Reject previous fix for ticket 1009. 
Side effect: Renaming auth::required_login() to login_page().
 2010-02-11 14:28:32 -08:00
Andy Staudacher
cd98f85260 Fix for ticket 1010: Don't leak valid user names in "forgot password" form. 
Includes fixes for user forms as well (edit user / email / password).
 2010-02-11 13:11:31 -08:00
Bharat Mediratta
1ada27916f Use the admin/users/edit_user_form version of the user editing form 
right after initial install so that we're not requiring the user to
re-enter the auto-generated password to change their password and
email.

Fixes ticket #1007
 2010-02-11 05:24:16 -08:00
Bharat Mediratta
592689a759 Merge branch 'master' of github.com:gallery/gallery3 2010-02-10 09:55:39 -08:00
Tim Almdal
8ef08d2088 Refactor the code to display the login page if the user does not have view 
permission into the common auth::require_login() method.
 2010-02-10 08:53:39 -08:00
Tim Almdal
17f0a1b10f If the user does not have permission to view the album, photo or movie, redirect 
to a logon page to allow the user to login.  Pass the target url as a session
variable to allow the user to be redirected where they want to go if the login
was successful.  Fixes ticket #1009.
 2010-02-10 08:45:14 -08:00
Tim Almdal
f6c615c379 Use the helper ulr:current instead of manually creating the continue url. 2010-02-10 08:32:30 -08:00
Bharat Mediratta
6a40e0a341 Revise the "review your permission" text to my liking. 2010-02-09 16:04:36 -08:00
Bharat Mediratta
8763e475ad Move diff::compare to be test::diff 2010-02-09 15:52:38 -08:00
Bharat Mediratta
09d3f48323 Merge branch 'master' of github.com:gallery/gallery3 2010-02-09 15:50:30 -08:00
Chad Kieffer
92c2dd61ff Formated upgrader for RTL languages. Closes ticket #883 2010-02-09 21:57:04 -07:00
Bharat Mediratta
8a8d8b4bc4 Rename item name and slug if necessary to avoid a conflict when we 
move photos.  Fixes ticket #957.
 2010-02-09 15:49:43 -08:00
Bharat Mediratta
86721ce280 Whitespace. 2010-02-09 15:21:40 -08:00
Bharat Mediratta
46744ef549 Merge branch 'master' of github.com:gallery/gallery3 2010-02-09 08:53:38 -08:00
Andy Staudacher
c0a598417c Change access::can to access::required in g2 redirect, to please the controller auth code audit test. 2010-02-09 13:54:14 -08:00
Andy Staudacher
157872434d Import hashed passwords from G2 (which will only work if they're PasswordHash passwords, not if they're G2 style md5 / salted md5). 2010-02-09 13:41:35 -08:00
Andy Staudacher
dcee225935 Better handling of G2's multi level sort order in g2_import 2010-02-09 10:17:48 -08:00
Bharat Mediratta
e1c0877646 Add unit tests for item::move() in preparation for renaming when there 
are conflicts (see ticket #957)
 2010-02-09 08:53:27 -08:00
Andy Staudacher
55d42ec9da Fix password reset confirmation 2010-02-09 02:16:49 -08:00
Andy Staudacher
55d1ce7fb7 More g2_import model validation fixes, and make import less noisy (don't copy each comment text to the import log). 2010-02-09 01:51:04 -08:00
Andy Staudacher
42bc127925 Fix g2_import bugs related to item and user model validation. 2010-02-09 00:46:09 -08:00
Andy Staudacher
992d305e19 Merge commit 'upstream/master' 2010-02-08 22:16:30 -08:00
Andy Staudacher
13cfe2d61d Change admin area timeout from 20 to 90 minutes 2010-02-08 22:15:38 -08:00
Bharat Mediratta
9ca521c710 Merge branch 'master' of github.com:gallery/gallery3 2010-02-08 15:38:59 -08:00
Bharat Mediratta
6dfab72922 Override Input::clean_input_keys() to sanitize malicious values out of 
strings instead of dying.  This at least gives us graceful degradation.

Fixes ticket #764, patch thanks to djnz.
 2010-02-08 15:37:11 -08:00
Andy Staudacher
008174859d Merge commit 'upstream/master' 2010-02-08 13:06:40 -08:00
Andy Staudacher
f9377bcbd3 Suppress errors when checking for readability of /proc/loadavg. Often this file will be protected by openbasedir, and is_readable will trigger an open basedir warning. 2010-02-08 13:05:18 -08:00
Tim Almdal
afdb98412e Fix the missing object problem in ie7. Fixes ticket: 1003. There is still issues with selectables and draggables working together in IEx 2010-02-08 11:26:40 -08:00
Tim Almdal
47293fcb03 Correct tree branch alignment in IE 2010-02-08 09:15:02 -08:00