Tim Almdal
1f51d663a0
Correct missing function name.
2010-02-03 08:18:53 -08:00
Bharat Mediratta
99a7f470b9
Protect password changes against brute force attacks.
2010-02-02 21:48:01 -08:00
Bharat Mediratta
6e1b761b12
Require the current password to change your password.
...
Fixes ticket #585 .
Separate out the password change form from the regular edit user form.
Require the old password to enter a new one. While I'm at it, roll
the password strength javascript into a Form_Script element so that we
can get rid of the old view (which incidentally fixes a bug where the
password strength meter would go away on form errors).
2010-02-02 21:36:01 -08:00
Bharat Mediratta
225fe81ce0
Add an upgrade path to prevent the item title field from being empty.
2010-02-02 20:50:34 -08:00
Bharat Mediratta
08f3f71ad9
Merge branch 'master' of git@github.com:gallery/gallery3
2010-02-02 19:04:20 -08:00
Tim Almdal
9ac3eca477
Merge branch 'master' into talmdal_dev
2010-02-02 15:01:13 -08:00
Tim Almdal
1c0e5eaa0d
use html::purify to cleans the additional content on the admin maintence page.
2010-02-02 15:00:05 -08:00
Tim Almdal
f69493d138
Update the xss golden file to reflect the changes to the admin screen.
2010-02-02 14:51:06 -08:00
Tim Almdal
19fee6b5e4
Refactor the admin maintenance screen so that events are used to pupluate the action buttons and other content such as the list of scheduled tasks.
2010-02-02 14:34:50 -08:00
Bharat Mediratta
aa65bb0048
Merge branch 'master' of git@github.com:gallery/gallery3
2010-02-02 13:08:27 -08:00
Tim Almdal
3c3671cff2
Remove the test-transform:uppercase from the l10n css as it was causing problems with other text fields in IE and it violates our case standards. Fixes ticket #912
2010-02-02 12:30:23 -08:00
Tim Almdal
fe11e34cea
Change the view to display 'empty' when the variable value is a null string(""). Fixes ticket #987 .
2010-02-02 11:42:13 -08:00
Tim Almdal
370faf5f26
Display the error message for the in place edit. Also improve the double click guard. Fixes ticket #1000 .
2010-02-02 10:55:22 -08:00
Bharat Mediratta
469111d36a
Merge branch 'master' of git@github.com:gallery/gallery3
2010-02-01 21:44:58 -08:00
Bharat Mediratta
81a1df4a50
Localize the name "conflict" validation error when creating a new album.
2010-02-01 21:41:16 -08:00
Tim Almdal
5ded9e8ac5
Refactor starting a task into the task helper so we can call it multiple times.
2010-02-01 16:31:24 -08:00
Tim Almdal
48cb5021c6
Add the scheduler component to the admin maintenance screen.
2010-02-01 16:28:52 -08:00
Tim Almdal
43985ea2fb
Update the description to reflect we are only removing "expired" files.
2010-02-01 08:35:23 -08:00
Tim Almdal
64e014203c
Correct the internationalization of the status message.
2010-02-01 08:15:49 -08:00
Bharat Mediratta
c050acf30a
Fix lots of warnings that pop up when we're in E_STRICT mode. They're
...
mostly issues around uninitialized variables, calling non-static
functions in a static context, calling Session functions directly
instead of on its singleton, passing non-variables by reference, and
subclasses not using the same interface as the parent class.
2010-01-31 16:07:41 -08:00
Bharat Mediratta
c6676dd455
Remove obsolete call to _force_block_adder() which has been broken for over a year.
2010-01-31 15:23:37 -08:00
Bharat Mediratta
c5471a76a2
htaccess_works() can't use var/tmp anymore because that's locked down.
...
So just create var/security_test and delete it when we're done.
2010-01-31 13:27:05 -08:00
Bharat Mediratta
ee35b0a9fe
Elide data that isn't useful from the REST array.
2010-01-31 13:10:34 -08:00
Bharat Mediratta
4cd5c4cebb
Second attempt to fix the timezone issue. If the timezone is not set
...
in phpinfo(), then force it to America/Los_Angeles for now.
2010-01-31 11:27:54 -08:00
Bharat Mediratta
dad537effe
Update the timezone field to match the setting in
...
system/config/locale.php. This fixes the "date_default_timezone_set()
[function.date-default-timezone-set]: Timezone ID '' is invalid" error.
2010-01-31 11:24:00 -08:00
Bharat Mediratta
a79d20a361
Use Item_Model::as_restful_array() to simplify tests.
2010-01-30 23:36:41 -08:00
Bharat Mediratta
d29028c4ea
Add Item_Model::as_restful_array() for convenience.
2010-01-30 23:36:11 -08:00
Bharat Mediratta
6963695569
Verified
2010-01-30 23:22:53 -08:00
Bharat Mediratta
d92ee7954e
Refactory auth::too_many_failed_logins() out of
...
auth::validate_too_many_failed_logins() to conceptually separate the
two.
2010-01-30 23:15:18 -08:00
Andy Staudacher
1470b99d1f
Protect REST login controller from brute force attacks too.
...
And make the REST auth token less predictable by using a better source for randomness.
2010-01-30 21:42:57 -08:00
Bharat Mediratta
cb92e58d40
Update install.sql -- gallery version jumps from 23 to 25 due to a mistake
...
in the version 24 upgrade code.
Update packager to serialize files so that we can serialize the new
.htaccess files
Update init_var.php to include the newly serialized .htaccess files.
Fixes ticket #587 .
2010-01-30 21:16:47 -08:00
Bharat Mediratta
c2a7a6a4e7
Lock down web access to var/uploads, var/tmp and var/logs using .htaccess
...
Fixes ticket #587 .
2010-01-30 21:07:03 -08:00
Bharat Mediratta
2bfcec9620
Prevent brute force login attacks by reducing login attempts to 1 per
...
minute after there have been 5 consecutive failed login attempts.
Fix for ticket #589 .
2010-01-30 19:48:57 -08:00
Bharat Mediratta
86fd81ef26
Make url::merge() function use the same exact definition as url_Core::merge()
2010-01-30 17:41:48 -08:00
Bharat Mediratta
dccb2b73ff
Dump out validation errors so that we have some extra information in the logs.
2010-01-30 16:19:00 -08:00
Bharat Mediratta
a161436015
Remap parent_id and album_cover_item_id to and from RESTful urls.
2010-01-30 15:46:35 -08:00
Bharat Mediratta
43cb6d9b56
Make the error page more robust in the case where there's a failure
...
early on in the framework code before we can load Gallery_I18n.php
2010-01-30 11:38:40 -08:00
Bharat Mediratta
d4998e37d8
Don't forget to flush the relative_url_cache when updating the slug.
2010-01-29 14:25:57 -08:00
Bharat Mediratta
98bcb95b10
Go through all slugs and make them legal values.
...
Upgrade gallery3 module to version 23
2010-01-29 14:20:34 -08:00
Bharat Mediratta
3e2adae953
Merge branch 'master' of git@github.com:gallery/gallery3
2010-01-29 14:07:15 -08:00
Bharat Mediratta
45cdac973d
Oops, somebody (me?) forgot to update the gallery module version
...
number in gallery_installer::install() so the install.sql was out of
sync.
2010-01-29 14:06:36 -08:00
Tim Almdal
c4e3604315
Strongly type the argument list to the model::validate method.
2010-01-29 14:04:27 -08:00
Tim Almdal
e4d9ea3394
Merge branch 'master' of git@github.com:gallery/gallery3
...
Conflicts:
modules/gallery/views/in_place_edit.html.php
2010-01-29 11:39:22 -08:00
Tim Almdal
1bc0d05760
Replace <?= form::close() ?> with </form>. Also add a call to access::csrf_form_field in the form template. Fixes ticket #996 .
2010-01-29 11:36:35 -08:00
Bharat Mediratta
0d73738099
Stop using obsolete form::close()
...
Update the way we include the hidden CSRF field for InPlaceEdit.
2010-01-29 10:13:10 -08:00
Bharat Mediratta
743fbe7696
Add page_type to the rotate and delete context menu items so that the
...
quick menu knows where to send you after the action is done.
2010-01-28 23:22:38 -08:00
Bharat Mediratta
aacafaaf35
Add @todo.
2010-01-28 23:17:32 -08:00
Bharat Mediratta
9908f37eef
Use identity::set_active_user() instead of auth::login() when we
...
change providers otherwise the user_installer code is going to be
calling auth::login() which causes all kinds of unexpected weirdness,
like it triggers the handler in gallery_event which detects graphics
toolkits, and that's only supposed to run on the first admin login.
2010-01-28 21:33:41 -08:00
Bharat Mediratta
70b235e13d
In auth::login() make the user active before trying to save it, else
...
the validation code fails because it expects there to be an active
user.
2010-01-28 21:33:01 -08:00
Bharat Mediratta
3584856afc
Use auth::login() when we initially log in the admin user.
2010-01-28 21:32:50 -08:00