stian/gallery3
1
0
Fork 0
mirror of https://github.com/Pathduck/gallery3.git synced 2026-06-22 01:19:54 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity
5,289 Commits 4 Branches 0 Tags
09739dfd2c52ebc1b898b6e3b3aabd8fe41f018e
Commit Graph

3295 Commits

Author SHA1 Message Date
Tim Almdal
09739dfd2c Merge branch 'master' into talmdal_dev 2010-02-11 21:27:16 -08:00
Andy Staudacher
cd45c94fe6 Get rid of unnecessary view file. 2010-02-11 15:59:17 -08:00
Andy Staudacher
dc94f6e45a Include user name in logging message for failed password reset. As Bharat points out, t() ensures that parameters are escaped for XSS. 2010-02-11 14:35:05 -08:00
Andy Staudacher
6353a7c2de Security: Fix leaking of album / photo names. Reject previous fix for ticket 1009. 
Side effect: Renaming auth::required_login() to login_page().
 2010-02-11 14:28:32 -08:00
Andy Staudacher
cd98f85260 Fix for ticket 1010: Don't leak valid user names in "forgot password" form. 
Includes fixes for user forms as well (edit user / email / password).
 2010-02-11 13:11:31 -08:00
Bharat Mediratta
1ada27916f Use the admin/users/edit_user_form version of the user editing form 
right after initial install so that we're not requiring the user to
re-enter the auto-generated password to change their password and
email.

Fixes ticket #1007
 2010-02-11 05:24:16 -08:00
Tim Almdal
a893b0317d Merge branch 'master' into talmdal_dev 2010-02-10 17:48:39 -08:00
Bharat Mediratta
592689a759 Merge branch 'master' of github.com:gallery/gallery3 2010-02-10 09:55:39 -08:00
Tim Almdal
8ef08d2088 Refactor the code to display the login page if the user does not have view 
permission into the common auth::require_login() method.
 2010-02-10 08:53:39 -08:00
Tim Almdal
17f0a1b10f If the user does not have permission to view the album, photo or movie, redirect 
to a logon page to allow the user to login.  Pass the target url as a session
variable to allow the user to be redirected where they want to go if the login
was successful.  Fixes ticket #1009.
 2010-02-10 08:45:14 -08:00
Tim Almdal
f6c615c379 Use the helper ulr:current instead of manually creating the continue url. 2010-02-10 08:32:30 -08:00
Tim Almdal
b42c736607 Merge branch 'master' into talmdal_dev 
Conflicts:
	modules/organize/js/organize.js
 2010-02-10 08:07:20 -08:00
Bharat Mediratta
6a40e0a341 Revise the "review your permission" text to my liking. 2010-02-09 16:04:36 -08:00
Bharat Mediratta
8763e475ad Move diff::compare to be test::diff 2010-02-09 15:52:38 -08:00
Bharat Mediratta
09d3f48323 Merge branch 'master' of github.com:gallery/gallery3 2010-02-09 15:50:30 -08:00
Chad Kieffer
92c2dd61ff Formated upgrader for RTL languages. Closes ticket #883 2010-02-09 21:57:04 -07:00
Bharat Mediratta
8a8d8b4bc4 Rename item name and slug if necessary to avoid a conflict when we 
move photos.  Fixes ticket #957.
 2010-02-09 15:49:43 -08:00
Bharat Mediratta
86721ce280 Whitespace. 2010-02-09 15:21:40 -08:00
Bharat Mediratta
46744ef549 Merge branch 'master' of github.com:gallery/gallery3 2010-02-09 08:53:38 -08:00
Andy Staudacher
c0a598417c Change access::can to access::required in g2 redirect, to please the controller auth code audit test. 2010-02-09 13:54:14 -08:00
Andy Staudacher
157872434d Import hashed passwords from G2 (which will only work if they're PasswordHash passwords, not if they're G2 style md5 / salted md5). 2010-02-09 13:41:35 -08:00
Andy Staudacher
dcee225935 Better handling of G2's multi level sort order in g2_import 2010-02-09 10:17:48 -08:00
Bharat Mediratta
e1c0877646 Add unit tests for item::move() in preparation for renaming when there 
are conflicts (see ticket #957)
 2010-02-09 08:53:27 -08:00
Tim Almdal
5e703186fb Current state of organize. works for all browsers except IE. IE no longer implodes, but dragging doesn't work. Selecting works fine, either by using the lasso or clicking. Ctrl-Click adds to the selection. The problem is that when a drag is attempted, the selection gets lost and things start falling apart. 2010-02-09 08:23:43 -08:00
Andy Staudacher
55d42ec9da Fix password reset confirmation 2010-02-09 02:16:49 -08:00
Andy Staudacher
55d1ce7fb7 More g2_import model validation fixes, and make import less noisy (don't copy each comment text to the import log). 2010-02-09 01:51:04 -08:00
Andy Staudacher
42bc127925 Fix g2_import bugs related to item and user model validation. 2010-02-09 00:46:09 -08:00
Andy Staudacher
992d305e19 Merge commit 'upstream/master' 2010-02-08 22:16:30 -08:00
Andy Staudacher
13cfe2d61d Change admin area timeout from 20 to 90 minutes 2010-02-08 22:15:38 -08:00
Bharat Mediratta
9ca521c710 Merge branch 'master' of github.com:gallery/gallery3 2010-02-08 15:38:59 -08:00
Bharat Mediratta
6dfab72922 Override Input::clean_input_keys() to sanitize malicious values out of 
strings instead of dying.  This at least gives us graceful degradation.

Fixes ticket #764, patch thanks to djnz.
 2010-02-08 15:37:11 -08:00
Andy Staudacher
008174859d Merge commit 'upstream/master' 2010-02-08 13:06:40 -08:00
Andy Staudacher
f9377bcbd3 Suppress errors when checking for readability of /proc/loadavg. Often this file will be protected by openbasedir, and is_readable will trigger an open basedir warning. 2010-02-08 13:05:18 -08:00
Tim Almdal
afdb98412e Fix the missing object problem in ie7. Fixes ticket: 1003. There is still issues with selectables and draggables working together in IEx 2010-02-08 11:26:40 -08:00
Tim Almdal
47293fcb03 Correct tree branch alignment in IE 2010-02-08 09:15:02 -08:00
Andy Staudacher
f9d00aa742 Fix for ticket 1008: Redirect to destination after re-auth. 2010-02-08 00:30:36 -08:00
Andy Staudacher
d0f6839c25 Fix Arabic language name. Thanks shaibn for reporting the issue. Verified with CLDR data. 2010-02-08 00:05:17 -08:00
Andy Staudacher
3012ca370e Merge commit 'upstream/master' 2010-02-07 22:31:17 -08:00
Andy Staudacher
0a6630af2d Improve likelihood that image block shows up for small photo collections by retrying the random query a few times. 2010-02-07 22:30:08 -08:00
Tim Almdal
c9fdc4bf03 Merge branch 'master' of git@github.com:gallery/gallery3 2010-02-07 21:45:49 -08:00
Tim Almdal
b8047db539 Revert "Add the scheduler component to the admin maintenance screen." 
This reverts commit 48cb5021c6.
 2010-02-07 21:40:34 -08:00
Andy Staudacher
bca3eeb923 Import G2 permissions in the import process. Ignores user and item specific permissions. 2010-02-07 21:39:26 -08:00
Tim Almdal
316b0583b3 Revert "Refactor the admin maintenance screen so that events are used to 
populate the action buttons and other content such as the list of scheduled
tasks."

Leaving this api out of RC1.

This reverts commit 19fee6b5e4.

Conflicts:

	modules/gallery/views/admin_maintenance.html.php
 2010-02-07 21:38:51 -08:00
Andy Staudacher
9695041a86 Change welcome message dialog to link to the user_profile page instead of the change user dialog. 
a) the edit user form doesn't include the password anymore
 b) the new admin would probably also like to change the email, so directing him to the profile page with options to change the pw / email.

Ideally, we'd have a special purpose edit profile page for the install experience, without prompting for the randomly generated password. But that's something for another task.
 2010-02-07 16:56:19 -08:00
Andy Staudacher
8fc346e9b6 Addendum for ticket 585: Handle case C), redirect the admin to a non-admin page when the admin area session expires, before the admin has a chance to send an XHR admin request, for which we wouldn't have a good answer. 2010-02-07 16:44:07 -08:00
Andy Staudacher
0c5402fe0a Merge commit 'upstream/master' 2010-02-07 15:40:47 -08:00
Andy Staudacher
f93528ffab Last partial fix for ticket 585: Compartmentalize the admin area and require active authentication every 20 minutes to access the admin area. 
Also renaming auth::validate_too_many_failed_password_changes to validate_too_many_failed_auth_attempts since it's used in this generalized way in 3 places now.
 2010-02-07 15:37:32 -08:00
Tim Almdal
2337fa93e6 remove debudding statement and if no target is found then assume the insert position is after the last element. 2010-02-07 15:13:13 -08:00
Andy Staudacher
18b0096751 Merge commit 'upstream/master' 2010-02-07 15:06:14 -08:00
Tim Almdal
d6beef8613 The drop target marker appears in the correct spot whether we are in ltr or rtl mode. 2010-02-07 15:05:39 -08:00