stian/gallery3
1
0
Fork 0
mirror of https://github.com/Pathduck/gallery3.git synced 2026-05-20 11:29:24 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity
4,221 Commits 4 Branches 0 Tags
2dcd8f8a25fc698f2279a09752cc7bb9dfe1d7ec
Commit Graph

129 Commits

Author SHA1 Message Date
Tim Almdal
e3d6920cd9 synchronize with the master branch 2009-10-23 08:36:49 -07:00
Tim Almdal
3c936d661a Change the name of identity library from Identity to IdentityProvider. Create a helper class called identity to simplify call the Identity Provider. Move the contents of MY_Session.php to the new helper class and remove the MY_Session class 2009-10-22 13:11:03 -07:00
Tim Almdal
098b57bf18 Simplify the user interface by moving the password reset functionality into the user module 
Bagging the User_Definition and Group_Definition abstract classes and replacing them with interfaces with the same names.
Make sure all the unit tests work.
 2009-10-19 12:53:44 -07:00
Tim Almdal
1b530e4680 Merge branch 'master' into talmdal_dev 
Conflicts:
	modules/user/views/admin_users.html.php
 2009-10-19 06:27:18 -07:00
Chad Kieffer
5f56cbf997 Wrap all admin views in g-block and g-block content. This provides the means to visually separate the view's title and description from everything else. Primary admin view title should always be h1, and only one h1 per view. Removed some unused admin CSS id's. 2009-10-18 20:22:10 -06:00
Tim Almdal
090c4d016b Merge branch 'master' into talmdal_dev 
Conflicts:
	lib/gallery.common.css
	themes/admin_wind/views/admin.html.php
	themes/night_wind/views/sidebar.html.php
	themes/wind/views/sidebar.html.php
 2009-10-18 09:28:48 -07:00
Chad Kieffer
ad0497a8d2 Drop our g-clearfix in favor of using jQuery UI's ui-helper-clearfix. 2009-10-17 12:58:31 -06:00
Tim Almdal
78ee4193b7 Remove all non Identity API methods from Identity.php. Created an MY_Session class to provide the user state changes in the session and a login.php helper that has the login form. 2009-10-16 10:06:58 -07:00
Tim Almdal
00eacd659f Start simplifying the interface by moving the static methods from user.php and group.php. Tried creating a identity helper, but the helper identity.php was confused with the library Identity.php. So got around this by making the methods on Identity static and calling the instance within the static methods. Also temporarily moved the user.php and group.php back into the user module. 2009-10-16 08:53:31 -07:00
Tim Almdal
be6765336e Finish integrating the move of the user edit/update functions into the user module. The premise is that the plugable user module will provide the update screens if the user backend supports updates. 2009-10-16 08:53:30 -07:00
Tim Almdal
1ca835cea7 Merge branch 'master' into talmdal_dev 2009-10-15 07:58:46 -07:00
Tim Almdal
0d5d4c81bc Move the ui for user adminsitration back to the user module. 2009-10-14 21:20:30 -07:00
Tim Almdal
2af4806011 Refactor the ui component of the user module into the gallery core module. 2009-10-13 13:19:17 -07:00
Chad Kieffer
121fcab5c8 Replaced most clear fix hacks with generic class. 2009-10-07 00:46:02 -06:00
Tim Almdal
7f38d6ff29 Change the focus of the user module from providing user/group management to providing the default Identity implementation. 
* Remove the user_event callbacks and move them to the gallery_event callbacks. This will insure that the active user is always loaded (because the gallery callbacks are always called first) to its available to other gallery_ready handlers.  Moved the method set_request_locale to the locales helper as it is more related to locales.
* Move the user controllers and views into the gallery module.
* Move the theme and block processing out of the user module and into core.
 2009-10-06 18:30:12 -07:00
Chad Kieffer
d581bbbd1e Renamed more CSS selectors from gName to g-name. 2009-10-04 15:53:00 -06:00
Chad Kieffer
3e6ba7acc3 Renamed most, if not all css selectors from gName to g-name. Moved a few shared images from wind to lib. Deleted unused images in the admin_wind. This will likely break a few ajax features. 2009-10-04 00:27:22 -06:00
Chad Kieffer
9145331fd4 Renamed and moved gOdd/gEven CSS classes. 2009-10-03 12:33:53 -06:00
Chad Kieffer
e1e8904e4a Convert gDialog and gCancel over to g-dialog and g-cancel. Refactor CSS id's and classes in the login/reset password dialog. 2009-09-30 22:49:36 -06:00
Chad Kieffer
8f3691d502 Apply button style and hover effect to password reset button. 2009-09-30 22:20:34 -06:00
Chad Kieffer
1f252f0609 Missed g-right application on add group 2009-09-30 21:52:51 -06:00
Chad Kieffer
0c3c13d27f Removed blank line. 2009-09-30 21:12:00 -06:00
Chad Kieffer
72672bda39 Replaced gButtonLink with g-button. 2009-09-30 08:04:49 -06:00
Chad Kieffer
daa3a2b43c First round of CSS refactor updates. Added calls to gallery.common.css from wind and admin_wind. Replaced basic text align and block float classes. Removed section #2 from both themes screen styles. 2009-09-30 00:32:52 -06:00
Bharat Mediratta
d8f5b0f5a3 Change click() to change() so that we immediately update the UI when 
the user picks a new option.
 2009-09-05 21:14:25 -07:00
Andy Staudacher
047196b23c Add missing view for language selection 2009-09-05 17:39:49 -07:00
Bharat Mediratta
add134cc75 placeholder for a missing view 2009-09-04 20:29:12 -07:00
Andy Staudacher
53711225ac XSS / style fixes for newly detected issues (after fixing XSS scanner) 2009-09-01 01:28:52 -07:00
Andy Staudacher
2bc73e2e36 Fix XSS vectors in HTML attributes (mostly t() calls) 2009-08-31 21:51:57 -07:00
Andy Staudacher
ddb84c84e1 Rename mark_safe() to mark_clean() 2009-08-31 00:42:18 -07:00
Andy Staudacher
effccfd41d Change all instances of SafeString::of_safe_html() to html::mark_safe() in views. 2009-08-30 07:00:56 -07:00
Andy Staudacher
b9bd1681a3 Update all code to use helper method html::clean(), html::purify(), ... instead of SafeString directly. 2009-08-29 22:54:20 -07:00
Andy Staudacher
b4b638be44 Undo url helper changes - url methods no longer return a SafeString. 
Adding SafeString::of_safe_html() calls where urls are passed as parameters to t() and t2().
 2009-08-29 16:28:30 -07:00
Andy Staudacher
a5dfc81a8f Merge commit 'upstream/master' 
Conflicts:

	modules/akismet/views/admin_akismet.html.php
	modules/comment/helpers/comment_rss.php
	modules/gallery/helpers/gallery_rss.php
	modules/gallery/libraries/I18n.php
	modules/gallery/views/permissions_browse.html.php
	modules/gallery/views/simple_uploader.html.php
	modules/info/views/info_block.html.php
	modules/organize/controllers/organize.php
	modules/organize/views/organize.html.php
	modules/organize/views/organize_album.html.php
	themes/default/views/album.html.php
	themes/default/views/movie.html.php
	themes/default/views/photo.html.php
 2009-08-29 14:17:48 -07:00
Andy Staudacher
c01ac42c46 Refactor all calls of p::clean() to SafeString::of() and p::purify() to SafeString::purify(). 
Removing any p::clean() calls for arguments to t() and t2() since their args are wrapped in a SafeString anyway.
 2009-08-29 12:48:40 -07:00
Andy Staudacher
020281d932 Adding SafeString which is going to replace p::clean() and p::purify(). 
Refactoring of Xss_Security_Test.
t() and t2() return a SafeString instance.

TODO:
 - Update all code to use SafeString where appropriate.
 - Update golden fole of Xss_Security_Test
 - Stop reporting CLEAN vars in Xss_Security_Test
 2009-08-29 10:45:47 -07:00
Tim Almdal
445a8fb1b6 Change galleryPanel and galleryDialog widgets to gallery_panel and gallery_dialog respectively 
Signed-off-by: Bharat Mediratta <bharat@menalto.com>
 2009-08-08 02:08:42 +08:00
Tim Almdal
a302a9c3fa Refactor the gallery dialog into a jQuery widget 
Signed-off-by: Bharat Mediratta <bharat@menalto.com>
 2009-08-08 02:08:28 +08:00
Bharat Mediratta
41b8f943a6 Convert instances of theme_url() to just url() to match the API change 
made in dbeadc1407
 2009-07-23 10:20:49 -07:00
Bharat Mediratta
80f48b084a In the logout link, urlencode the continue url so that ampersands, etc 
don't break encapsulation.  In the logout controller, don't run the
url through url::redirect because that uses url::site().  Just set the
Location header directly.

This fixes ticket #483.
 2009-07-21 13:02:20 -07:00
Bharat Mediratta
050c82cf80 Escape bare & symbols so that we use valid entities. Fixes ticket #577. 2009-07-21 11:09:23 -07:00
Bharat Mediratta
51dca582cd More thorough fix for #421. Create User_Model::display_name() which 
uses the full name if there is one, or falls back to the name if
that's all we have.
 2009-07-19 16:50:35 -07:00
Shai Ben-Naphtali
fb7d99740d Changed "Forgot Your Password" text to use capital 'Y' on the word Your 
Signed-off-by: Bharat Mediratta <bharat@menalto.com>
 2009-07-21 00:09:06 +08:00
Bharat Mediratta
6e8a8c53e6 Rename $theme->url() to $theme->theme_url() for consistency wiht 
$theme->theme_script().
 2009-06-28 19:49:48 -07:00
unostar
08a5b75345 Add string to localizer 2009-06-15 02:02:25 -07:00
Bharat Mediratta
3d89951c77 Create gallery::date_time(), gallery::date() and gallery::time() 
functions that format a unix timestamp into a date+time/date/time
string.

Partial fix for ticket #347.

Signed-off-by:  <unostar@danalan.info>
 2009-06-13 20:10:24 +08:00
Bharat Mediratta
277d72d9fa Fix formatting. 2009-06-06 12:50:38 -07:00
Bharat Mediratta
43abcd9386 Security pass over all controller code. Mostly adding CSRF checking 
and verifying user permissions, but there are several above-the-bar
changes:

1) Server add is now only available to admins.  This is a hard
   requirement because we have to limit server access (eg:
   server_add::children) to a user subset and the current permission
   model doesn't include that.  Easiest fix is to restrict to admins.
   Got rid of the server_add permission.

2) We now know check permissions at every level, which means in
   controllers AND in helpers.  This "belt and suspenders" approach will
   give us defense in depth in case we overlook it in one area.

3) We now do CSRF checking in every controller method that changes the
   code, in addition to the Forge auto-check.  Again, defense in depth
   and it makes scanning the code for security much simpler.

4) Moved Simple_Uploader_Controller::convert_filename_to_title to
   item:convert_filename_to_title

5) Fixed a bug in sending notification emails.

6) Fixed the Organize code to verify that you only have access to your
   own tasks.  In general, added permission checks to organize which had
   pretty much no validation code.

I did my best to verify every feature that I touched.
 2009-06-01 22:40:22 -07:00
Bharat Mediratta
9322f51e23 Localize a string 2009-05-31 19:31:55 -07:00
jhilden
277c96c2f6 user admin facelift 
* added drag & drop help message for empty groups
* fixed overflow issue with more than ~10 members in one group
* CSS improvements
 2009-05-31 18:25:43 -04:00