stian/gallery3
1
0
Fork 0
mirror of https://github.com/Pathduck/gallery3.git synced 2026-05-20 19:39:16 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity
4,349 Commits 4 Branches 0 Tags
87f00a5ec5e072f98f5ed6fcd559ef249da57b36
Commit Graph

37 Commits

Author SHA1 Message Date
Tim Almdal
7ea13b3869 Normalize capitalization ticket #596 2009-10-28 12:15:52 -07:00
Chad Kieffer
4241e03d75 Breadcrumb updates. Apply g-first and g-active consistently, use ems instead of px for nicer proportions, make font-size the same whether on the page or in a dialog. 2009-10-27 23:03:43 -06:00
Chad Kieffer
859f8dc558 Consolidated the rest of the base message styles into lib/gallery.common.css and applied updates to views. Moved over draggable/droppable styles. Use g-target consistently for drag/drop interactions. Minor re-ordering of selectors in gallery.common.css. Updates to css comments. 2009-10-07 00:21:23 -06:00
Chad Kieffer
3e6ba7acc3 Renamed most, if not all css selectors from gName to g-name. Moved a few shared images from wind to lib. Deleted unused images in the admin_wind. This will likely break a few ajax features. 2009-10-04 00:27:22 -06:00
Bharat Mediratta
0ab73cd1ad Fix some whitespace issues. 2009-09-27 11:35:03 -07:00
jhilden
f5094ede3c minor improvements to simple uploader 
* removed CSS from the view to wind/css/screen.css
* started changing CSS classes/IDs to new prefix "g-"
* and more
 2009-09-26 13:28:10 -04:00
jhilden
21341d552f Merge branch 'master' of git@github.com:gallery/gallery3 2009-09-26 11:27:45 -04:00
jhilden
4345e96d1d first try at improving the upload user experience with the file selection button 2009-09-26 11:27:07 -04:00
Tim Almdal
d727716af7 Change the simple uploader dialog to use the new gallery::find_file api method. 2009-09-23 19:51:46 -07:00
Andy Staudacher
2bc73e2e36 Fix XSS vectors in HTML attributes (mostly t() calls) 2009-08-31 21:51:57 -07:00
Andy Staudacher
00c73ec852 Updating uses of html::js_string and SafeString::for_js (value now contains string delimiters) 2009-08-30 15:34:46 -07:00
Andy Staudacher
52b542b253 Fixing typo 2009-08-30 06:55:24 -07:00
Andy Staudacher
d3b0302690 Minor cleanup 2009-08-29 23:15:28 -07:00
Andy Staudacher
b9bd1681a3 Update all code to use helper method html::clean(), html::purify(), ... instead of SafeString directly. 2009-08-29 22:54:20 -07:00
Andy Staudacher
a5dfc81a8f Merge commit 'upstream/master' 
Conflicts:

	modules/akismet/views/admin_akismet.html.php
	modules/comment/helpers/comment_rss.php
	modules/gallery/helpers/gallery_rss.php
	modules/gallery/libraries/I18n.php
	modules/gallery/views/permissions_browse.html.php
	modules/gallery/views/simple_uploader.html.php
	modules/info/views/info_block.html.php
	modules/organize/controllers/organize.php
	modules/organize/views/organize.html.php
	modules/organize/views/organize_album.html.php
	themes/default/views/album.html.php
	themes/default/views/movie.html.php
	themes/default/views/photo.html.php
 2009-08-29 14:17:48 -07:00
Andy Staudacher
d5660d2d3e Fixing all detected XSS vectors in PHP->JS code. 
Xss: Rename UNKNOWN back to DIRTY, JS_XSS to DIRTY_JS.
(using a different flag value to highlight potential XSS vectors in JS)
 2009-08-29 13:41:18 -07:00
Andy Staudacher
c01ac42c46 Refactor all calls of p::clean() to SafeString::of() and p::purify() to SafeString::purify(). 
Removing any p::clean() calls for arguments to t() and t2() since their args are wrapped in a SafeString anyway.
 2009-08-29 12:48:40 -07:00
Bharat Mediratta
a28dd09c4e Properly deal with invalid images. This fixes ticket #611 which shows 
a BMP masquerading as a .jpg causing us to be unable to rebuild
resizes and thumbnails.  Now if that happens, we discard the file, log
it and move on.
 2009-08-27 17:04:48 -07:00
Bharat Mediratta
c4a3093011 3rd attempt to fix localization messages. Last time around I didn't 
dig deep enough, but now we form the complete message using t() style
semantics to replace % placeholders with __ style JS placeholders.
Also, stop appending the (completed) text to existing messages.. roll
it together.
 2009-07-14 12:36:57 -07:00
Bharat Mediratta
8c6c3801bb Fix a typo in the last commit. I left off a closing paren. 2009-07-11 07:12:29 -07:00
Bharat Mediratta
f2a3fa46f5 Change 'completed' status message to be a full sentence with javascript placeholders. 2009-07-11 07:10:05 -07:00
Shai Ben-Naphtali
30346ec842 Fixed indentation of commit 2760e119bbfc3e2d436c404de194dbeea738a735 
Signed-off-by: Tim Almdal <tnalmdal@shaw.ca>
 2009-07-12 14:11:15 +08:00
Shai Ben-Naphtali
245f4d39a7 This fixes ticket #513 
Signed-off-by: Tim Almdal <tnalmdal@shaw.ca>
 2009-07-12 14:11:14 +08:00
Tim Almdal
15bb52a776 Change the word "Done" to "Close" to make translations easier 2009-07-10 14:12:13 -07:00
Tim Almdal
54ffea2419 Split the clean method into two clean and purify. clean is a light weight 
approach using html::specialchars and purify uses HTMLPurifier to intelligently
cleanse the output fields. Use purifier for text and title fields where it is
likely that a user would enter html to format their data.
 2009-07-03 21:44:10 -07:00
jhilden
b31b3bd5bf Merge branch 'master' of git@github.com:gallery/gallery3 2009-06-29 16:03:45 -04:00
jhilden
eb82f6a64a added textual description of upload progress 
moved the cancel link to above the upload queue (where the textual upload progress also is)
 2009-06-29 16:02:11 -04:00
Bharat Mediratta
9bdc84733d use jquery.scrollTo to scroll the active upload into view. 2009-06-28 17:07:41 -07:00
unostar
e6768a4e97 Add string to localizer 
Signed-off-by: Bharat Mediratta <bharat@menalto.com>
 2009-06-09 14:11:32 +08:00
Bharat Mediratta
ac70a1b77a Fix internationalization to use one long string and placeholders. 
Removed the <br/> though since we're trying to avoid structural HTML
in internationalized strings.
 2009-06-04 18:49:45 -07:00
jhilden
81d20c79b6 fixed another bug with the filesize unit and added a better error message 
Merge branch 'master' of git@github.com:gallery/gallery3

Conflicts:
	modules/gallery/views/simple_uploader.html.php
 2009-06-04 21:32:45 -04:00
jhilden
8933a19f1f fixed stuff 2009-06-04 21:05:33 -04:00
Bharat Mediratta
5158a6f433 Add MY_num containing num::convert_to_bytes() which supports PHP's 
size shorthand, and convert the simple_uploader code to use it.
 2009-06-04 17:53:40 -07:00
jhilden
9306c178a8 set filesize limit of swfupload to the same value as upload_max_filesize 
* now users get an error when they try to upload too big files
* this should fix bug #337
* maybe it also needs to check for max_post_size
 2009-06-04 18:29:31 -04:00
Bharat Mediratta
43abcd9386 Security pass over all controller code. Mostly adding CSRF checking 
and verifying user permissions, but there are several above-the-bar
changes:

1) Server add is now only available to admins.  This is a hard
   requirement because we have to limit server access (eg:
   server_add::children) to a user subset and the current permission
   model doesn't include that.  Easiest fix is to restrict to admins.
   Got rid of the server_add permission.

2) We now know check permissions at every level, which means in
   controllers AND in helpers.  This "belt and suspenders" approach will
   give us defense in depth in case we overlook it in one area.

3) We now do CSRF checking in every controller method that changes the
   code, in addition to the Forge auto-check.  Again, defense in depth
   and it makes scanning the code for security much simpler.

4) Moved Simple_Uploader_Controller::convert_filename_to_title to
   item:convert_filename_to_title

5) Fixed a bug in sending notification emails.

6) Fixed the Organize code to verify that you only have access to your
   own tasks.  In general, added permission checks to organize which had
   pretty much no validation code.

I did my best to verify every feature that I touched.
 2009-06-01 22:40:22 -07:00
Bharat Mediratta
708f27f483 Run p::clean() on any variables that contain data entered by users. 2009-05-31 00:11:48 -07:00
Bharat Mediratta
28b41056e3 Restructure things so that the application is now just another module. 
Kohana makes this type of transition fairly straightforward in that
all controllers/helpers/etc are still located in the cascading
filesystem without any extra effort, except that I've temporarily
added a hack to force modules/gallery into the module path.

Rename what's left of "core" to be "application" so that it conforms
more closely to the Kohana standard (basically, just
application/config/config.php which is the minimal thing that you need
in the application directory)

There's still considerable work left to be done here.
 2009-05-27 15:07:27 -07:00