stian/gallery3
1
0
Fork 0
mirror of https://github.com/Pathduck/gallery3.git synced 2026-05-20 19:39:16 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity
5,871 Commits 4 Branches 0 Tags
4e95ec843a2bef45e044e2aa3a36fcb590d85464
Commit Graph

485 Commits

Author SHA1 Message Date
Bharat Mediratta
3492f1712d Fix the i18n error message for missing/incorrect password. Fixes ticket #1265. 2010-08-01 22:18:22 -07:00
Tim Almdal
a453170727 Merge branch 'dialog' of github.com:gallery/gallery3 into dialog 2010-08-01 08:31:09 -07:00
Tim Almdal
fc580037e7 Merge branch 'master' into dialog 2010-08-01 08:26:39 -07:00
Bharat Mediratta
a5f701951e Add a localized error message for missing usernames. Fixes ticket #1266. 2010-08-01 01:33:59 -07:00
Bharat Mediratta
7607e1f932 Full pass over all the JSON encoding and JS dialog code. We now abide 
by the following rules:

1) An initial dialog or panel load can take either HTML or JSON, but
   the mime type must accurately reflect its payload.

2) dialog form submits can handle a pure HTML response, but the mime
   type must also be correct.  This properly resolves the problem
   where the reauth code gets a JSON response first from the reauth
   code, and then an HTML response when you reauth and continue on to
   a given form -- try it out with Admin > Settings > Advanced.

3) All JSON replies must set the mime type correctly.  The json::reply
   convenience function does this for us.

4) By default, any HTML content sent back in the JSON response should be
   in the "html" field, no longer the "form" field.

The combination of these allows us to stop doing boilerplate code like
this in our controllers:

  // Print our view, JSON encoded
  json::reply(array("form" => (string) $view));

instead, controllers can just return HTML, eg:

  // Print our view
  print $view;

That's much more intuitive for developers.
 2010-07-31 21:16:17 -07:00
Tim Almdal
91a2c04a24 More patches as part of #1225. Change the 'core' modules to use the json::reply 
method to set the content type header and encode the response as a json object
 2010-07-31 15:44:55 -07:00
Tim Almdal
89d18c0714 Partial fix for #1225 addresses the issues with the user edit forms. 2010-07-31 15:44:55 -07:00
Tim Almdal
48c2e73048 More patches as part of #1225. Change the 'core' modules to use the json::reply 
method to set the content type header and encode the response as a json object
 2010-07-23 23:05:39 -07:00
Tim Almdal
2cb87631b7 Partial fix for #1225 addresses the issues with the user edit forms. 2010-07-23 23:05:39 -07:00
Bharat Mediratta
af8bb05d5d Show the old group name in the error message when we fail to modify a group. Fixes ticket #1233. 2010-07-20 15:33:48 -07:00
Bharat Mediratta
e5b1a4fc23 Fix a bunch of missing or invalid error messages. Fixes ticket #1232. 2010-07-20 15:21:44 -07:00
Bharat Mediratta
112582daeb Add internationalized error messages for adding and editing groups. 2010-07-20 12:18:03 -07:00
Tim Almdal
dbf3199e46 Fix for ticket #1181. Use $.getJSON to retrieve the json contents of the dialog. Convert all the controllers 
that create the data to go into a dialog to return the html as part of a json object.
 2010-07-06 14:12:01 -07:00
ckieffer
9911372d58 Removed self-closing slash from opening <li> tag. 2010-06-15 09:14:09 -07:00
ckieffer
f1076590f1 Add page_title to admin views. Closes #1038. 2010-04-30 00:08:37 -06:00
Bharat Mediratta
6d81feacae Change the key for invalid passwords from "invalid" to 
"invalid_password" to remove ambiguity.
 2010-04-17 12:28:46 -07:00
Bharat Mediratta
27b29afd7c Add user::valid_username() as a validation helper. 2010-04-17 12:26:52 -07:00
Bharat Mediratta
c3c2b45280 Update the copyright to 2010. It's only 3 months into the year :-) 2010-03-03 10:15:34 -08:00
Andy Staudacher
74113f869a Fix for ticket #1037: Only show language drop-down when there's actually a choice. 2010-02-27 20:21:22 -08:00
Andy Staudacher
a18ddd2fe9 Add more randomness to reset password mechanism. 2010-02-27 15:39:36 -08:00
Chad Kieffer
f4fc245603 Add link to edit user group names. Closes ticket #1028. 2010-02-20 10:48:27 -07:00
Bharat Mediratta
7d98d4b7b9 Revert "Fix for ticket #491: Make user and group names translatable." 
This reverts commit 4091219425.
 2010-02-18 16:20:59 -08:00
Bharat Mediratta
99c131e845 Revert "Never assign a SafeString instance to a Model member (or hell will break loose)." 
This reverts commit dcddc68f58.
 2010-02-18 16:20:23 -08:00
Andy Staudacher
dcddc68f58 Never assign a SafeString instance to a Model member (or hell will break loose). 2010-02-15 13:12:38 -08:00
Andy Staudacher
4091219425 Fix for ticket #491: Make user and group names translatable. 
Also fixed a UI bug: No longer showing the edit user buttons to admins in the profile view (to be consistent with the requirements in the controller).
 2010-02-14 19:26:34 -08:00
Andy Staudacher
cd45c94fe6 Get rid of unnecessary view file. 2010-02-11 15:59:17 -08:00
Andy Staudacher
dc94f6e45a Include user name in logging message for failed password reset. As Bharat points out, t() ensures that parameters are escaped for XSS. 2010-02-11 14:35:05 -08:00
Andy Staudacher
cd98f85260 Fix for ticket 1010: Don't leak valid user names in "forgot password" form. 
Includes fixes for user forms as well (edit user / email / password).
 2010-02-11 13:11:31 -08:00
Andy Staudacher
55d42ec9da Fix password reset confirmation 2010-02-09 02:16:49 -08:00
Andy Staudacher
f93528ffab Last partial fix for ticket 585: Compartmentalize the admin area and require active authentication every 20 minutes to access the admin area. 
Also renaming auth::validate_too_many_failed_password_changes to validate_too_many_failed_auth_attempts since it's used in this generalized way in 3 places now.
 2010-02-07 15:37:32 -08:00
Bharat Mediratta
eda6e3af06 Rename user_authenticate_xxx events to user_auth_xxx for brevity. 2010-02-07 08:49:37 -08:00
Bharat Mediratta
aff5d1cef4 Create the concept of a "failed authentication" as semantically 
separate from a successful or failed login.

1) Rename user_login_failed event to user_authenticate_failed

2) Rename failed_logins table to failed_auth (bump Gallery module to
   v27 to rename the table)

3) auth::too_many_failed_logins -> auth::too_many_failures

4) auth::record_failed_auth_attempts -> auth::record_failed_attempts
   auth::clear_failed_auth_attempts  -> auth::clear_failed_attempts
 2010-02-07 08:45:10 -08:00
Andy Staudacher
163391ee39 Partial fix for ticket 585: Require current password when changing an account's email address. 
Still leaving the user/group admin page wide open though.
 2010-02-06 17:43:33 -08:00
Andy Staudacher
7099fc71f1 Fix for ticket 1004: Replace all uses of split with explode (none actually required regular expressions). Thanks to Brian Hartsock for providing a patch! 2010-02-06 13:05:44 -08:00
Bharat Mediratta
f631c2a0e5 Fix up Admin_Users_Controller() form handling now that user_form.html 
is gone.  Fixes ticket #1005.
 2010-02-06 09:30:45 -08:00
Bharat Mediratta
99a7f470b9 Protect password changes against brute force attacks. 2010-02-02 21:48:01 -08:00
Bharat Mediratta
6e1b761b12 Require the current password to change your password. 
Fixes ticket #585.

Separate out the password change form from the regular edit user form.
Require the old password to enter a new one.  While I'm at it, roll
the password strength javascript into a Form_Script element so that we
can get rid of the old view (which incidentally fixes a bug where the
password strength meter would go away on form errors).
 2010-02-02 21:36:01 -08:00
Bharat Mediratta
b351ee48fe Fix a bug in valid_password() where an empty password was considered valid. 2010-02-02 21:34:20 -08:00
Bharat Mediratta
22ea03847a Localize validation errors. 2010-02-01 21:27:15 -08:00
Bharat Mediratta
6030d4eb65 Fix a bug in valid_name where it wasn't checking for name collisions on new users. 2010-02-01 21:20:05 -08:00
Bharat Mediratta
e1bf010d89 Force all non-guest users to have an email address since that's 
required in model validation.  Without this, any save on a user
without email will fail which means that you can't log in.

Bump user module to version 3.
 2010-01-31 20:50:52 -08:00
Bharat Mediratta
c050acf30a Fix lots of warnings that pop up when we're in E_STRICT mode. They're 
mostly issues around uninitialized variables, calling non-static
functions in a static context, calling Session functions directly
instead of on its singleton, passing non-variables by reference, and
subclasses not using the same interface as the parent class.
 2010-01-31 16:07:41 -08:00
Bharat Mediratta
79a1365991 Don't override the password in the database if it's empty in the form. 
Fixes ticket #995.
 2010-01-30 20:43:53 -08:00
Bharat Mediratta
69897b4c66 Fix the valid_admin code -- it was considering all non-admins invalid. 
Fixes ticket #997 (highest prime under 1000!)
 2010-01-30 16:20:44 -08:00
Tim Almdal
c4e3604315 Strongly type the argument list to the model::validate method. 2010-01-29 14:04:27 -08:00
Bharat Mediratta
f0ae2c8165 Localize edit form error messages. 2010-01-28 20:55:38 -08:00
Bharat Mediratta
4b32a71afc Convert back to using ORM::factory(..., $id) instead of calling where(). 2010-01-27 22:34:11 -08:00
Bharat Mediratta
b6dab323ac Use ORM to create the users since now our validation can handle doing 
it the right way.  Set a default email address for admins.
 2010-01-25 20:42:48 -08:00
Bharat Mediratta
01dfa29888 Make some exceptions for guests: 
1) They don't require email
2) Guest users aren't in the everybody group.
 2010-01-25 20:40:44 -08:00
Bharat Mediratta
fecac4a859 Merge branch 'master' of git@github.com:gallery/gallery3 into bharat_dev 
Conflicts:
	modules/gallery/tests/xss_data.txt
 2010-01-23 16:29:10 -08:00