gallery3

mirror of https://github.com/Pathduck/gallery3.git synced 2026-05-30 16:29:10 -04:00

Author	SHA1	Message	Date
Chad Kieffer	daa3a2b43c	First round of CSS refactor updates. Added calls to gallery.common.css from wind and admin_wind. Replaced basic text align and block float classes. Removed section #2 from both themes screen styles.	2009-09-30 00:32:52 -06:00
Bharat Mediratta	d8f5b0f5a3	Change click() to change() so that we immediately update the UI when the user picks a new option.	2009-09-05 21:14:25 -07:00
Andy Staudacher	047196b23c	Add missing view for language selection	2009-09-05 17:39:49 -07:00
Bharat Mediratta	add134cc75	placeholder for a missing view	2009-09-04 20:29:12 -07:00
Andy Staudacher	53711225ac	XSS / style fixes for newly detected issues (after fixing XSS scanner)	2009-09-01 01:28:52 -07:00
Andy Staudacher	2bc73e2e36	Fix XSS vectors in HTML attributes (mostly t() calls)	2009-08-31 21:51:57 -07:00
Andy Staudacher	ddb84c84e1	Rename mark_safe() to mark_clean()	2009-08-31 00:42:18 -07:00
Andy Staudacher	effccfd41d	Change all instances of SafeString::of_safe_html() to html::mark_safe() in views.	2009-08-30 07:00:56 -07:00
Andy Staudacher	b9bd1681a3	Update all code to use helper method html::clean(), html::purify(), ... instead of SafeString directly.	2009-08-29 22:54:20 -07:00
Andy Staudacher	b4b638be44	Undo url helper changes - url methods no longer return a SafeString. Adding SafeString::of_safe_html() calls where urls are passed as parameters to t() and t2().	2009-08-29 16:28:30 -07:00
Andy Staudacher	a5dfc81a8f	Merge commit 'upstream/master' Conflicts: modules/akismet/views/admin_akismet.html.php modules/comment/helpers/comment_rss.php modules/gallery/helpers/gallery_rss.php modules/gallery/libraries/I18n.php modules/gallery/views/permissions_browse.html.php modules/gallery/views/simple_uploader.html.php modules/info/views/info_block.html.php modules/organize/controllers/organize.php modules/organize/views/organize.html.php modules/organize/views/organize_album.html.php themes/default/views/album.html.php themes/default/views/movie.html.php themes/default/views/photo.html.php	2009-08-29 14:17:48 -07:00
Andy Staudacher	c01ac42c46	Refactor all calls of p::clean() to SafeString::of() and p::purify() to SafeString::purify(). Removing any p::clean() calls for arguments to t() and t2() since their args are wrapped in a SafeString anyway.	2009-08-29 12:48:40 -07:00
Andy Staudacher	020281d932	Adding SafeString which is going to replace p::clean() and p::purify(). Refactoring of Xss_Security_Test. t() and t2() return a SafeString instance. TODO: - Update all code to use SafeString where appropriate. - Update golden fole of Xss_Security_Test - Stop reporting CLEAN vars in Xss_Security_Test	2009-08-29 10:45:47 -07:00
Tim Almdal	445a8fb1b6	Change galleryPanel and galleryDialog widgets to gallery_panel and gallery_dialog respectively Signed-off-by: Bharat Mediratta <bharat@menalto.com>	2009-08-08 02:08:42 +08:00
Tim Almdal	a302a9c3fa	Refactor the gallery dialog into a jQuery widget Signed-off-by: Bharat Mediratta <bharat@menalto.com>	2009-08-08 02:08:28 +08:00
Bharat Mediratta	41b8f943a6	Convert instances of theme_url() to just url() to match the API change made in `dbeadc1407`	2009-07-23 10:20:49 -07:00
Bharat Mediratta	80f48b084a	In the logout link, urlencode the continue url so that ampersands, etc don't break encapsulation. In the logout controller, don't run the url through url::redirect because that uses url::site(). Just set the Location header directly. This fixes ticket #483.	2009-07-21 13:02:20 -07:00
Bharat Mediratta	050c82cf80	Escape bare & symbols so that we use valid entities. Fixes ticket #577 .	2009-07-21 11:09:23 -07:00
Bharat Mediratta	51dca582cd	More thorough fix for #421 . Create User_Model::display_name() which uses the full name if there is one, or falls back to the name if that's all we have.	2009-07-19 16:50:35 -07:00
Shai Ben-Naphtali	fb7d99740d	Changed "Forgot Your Password" text to use capital 'Y' on the word Your Signed-off-by: Bharat Mediratta <bharat@menalto.com>	2009-07-21 00:09:06 +08:00
Bharat Mediratta	6e8a8c53e6	Rename $theme->url() to $theme->theme_url() for consistency wiht $theme->theme_script().	2009-06-28 19:49:48 -07:00
unostar	08a5b75345	Add string to localizer	2009-06-15 02:02:25 -07:00
Bharat Mediratta	3d89951c77	Create gallery::date_time(), gallery::date() and gallery::time() functions that format a unix timestamp into a date+time/date/time string. Partial fix for ticket #347. Signed-off-by: <unostar@danalan.info>	2009-06-13 20:10:24 +08:00
Bharat Mediratta	277d72d9fa	Fix formatting.	2009-06-06 12:50:38 -07:00
Bharat Mediratta	43abcd9386	Security pass over all controller code. Mostly adding CSRF checking and verifying user permissions, but there are several above-the-bar changes: 1) Server add is now only available to admins. This is a hard requirement because we have to limit server access (eg: server_add::children) to a user subset and the current permission model doesn't include that. Easiest fix is to restrict to admins. Got rid of the server_add permission. 2) We now know check permissions at every level, which means in controllers AND in helpers. This "belt and suspenders" approach will give us defense in depth in case we overlook it in one area. 3) We now do CSRF checking in every controller method that changes the code, in addition to the Forge auto-check. Again, defense in depth and it makes scanning the code for security much simpler. 4) Moved Simple_Uploader_Controller::convert_filename_to_title to item:convert_filename_to_title 5) Fixed a bug in sending notification emails. 6) Fixed the Organize code to verify that you only have access to your own tasks. In general, added permission checks to organize which had pretty much no validation code. I did my best to verify every feature that I touched.	2009-06-01 22:40:22 -07:00
Bharat Mediratta	9322f51e23	Localize a string	2009-05-31 19:31:55 -07:00
jhilden	277c96c2f6	user admin facelift * added drag & drop help message for empty groups * fixed overflow issue with more than ~10 members in one group * CSS improvements	2009-05-31 18:25:43 -04:00
Bharat Mediratta	9369ccab7f	Run all variables that come from user-entered data through p::clean()	2009-05-31 01:02:51 -07:00
Chad Kieffer	2966289b14	Quick fix for ticket #144 . Reapply event handler for delete link gDialog when group is refreshed.	2009-05-26 05:05:04 +00:00
Chad Kieffer	94e36344b2	Link to gallery.panel.js from the head, not body.	2009-05-26 05:00:19 +00:00
Chad Kieffer	88e1f02c1a	Split out re-used JavaScript for common functions (messages, valign), panel toggle, and forms to external files.	2009-05-26 03:59:35 +00:00
Bharat Mediratta	7abe611a62	Make the 'this user cannot be deleted' link actually not clickable.	2009-05-13 03:59:42 +00:00
Bharat Mediratta	b9aeec634d	Colorize admin user rows to make them stand out	2009-05-13 03:44:55 +00:00
Bharat Mediratta	1344bd7009	Use the name field if the full_name field is empty.	2009-05-13 03:36:06 +00:00
Andy Staudacher	6fae077b52	Fix i18n for "Logged in as" string	2009-04-17 02:04:25 +00:00
Tim Almdal	f1eec57221	Add a weight column to the items model. Change the album ordering to use this as the default instead of id. This prepares the way for manual reordering in the organize functionality.	2009-04-05 16:57:51 +00:00
Bharat Mediratta	921f3a2eee	Put csrf token into Admin_View and Theme_View by default, then use it directly wherever possible instead of access::csrf_token().	2009-03-27 03:43:21 +00:00
Bharat Mediratta	6aadb0bc77	Fix indentation	2009-03-16 09:01:50 +00:00
Chad Kieffer	542ab6db1f	Combined "Logged in as..." and "Modify Profile" to by just "Logged in as FullName"	2009-03-16 04:54:00 +00:00
Bharat Mediratta	83912bce20	Missed this in the last commit	2009-03-16 04:42:39 +00:00
Bharat Mediratta	736d74d05f	Clean up the login, maintenance login and required-top-level-login code. We now have two clear and separate login approaches: login/ajax login/html Choose the one that's appropriate. Totally simplified the maintenance page to be separate from the theme and dead simple, and use login/html approach there. Totally simplified the top level login (login_page.html.php) to just be a login page, not the rest of the chrome on the page and use the login/ajax approach there. Don't use access::required in albums and then catch the exception, instead use access::can and check the return code. Improve the text for maintenance mode.	2009-03-16 04:33:45 +00:00
Tim Almdal	4d5679b749	Fix ticket #119 . Display the full name of the user in the same block as the Modify profile and logout links.	2009-03-11 15:00:57 +00:00
Bharat Mediratta	07310c8499	Add slightly more visual feedback when you're hovering over a draggable user. Also, drag the icon and name not just the icon.	2009-02-26 03:05:29 +00:00
Chad Kieffer	1ef090cd15	Remove second Add User button, don't need it, at least not now.	2009-02-23 01:51:18 +00:00
Chad Kieffer	d739d1ea46	Button mania continues. Make edit and delete user/group links buttons, buttons, buttons!	2009-02-11 05:35:11 +00:00
Chad Kieffer	ad80e86208	Indent fixes.	2009-02-09 02:11:59 +00:00
Chad Kieffer	cdae043999	Clean up add user and group buttons to move the + icon to the left. The + icon doesn't appear within the button outline with buttons that aren't floated. Will have to debug later.	2009-02-08 20:45:09 +00:00
Chad Kieffer	67d551d5e3	jQuery-based buttons! Form updates, short form updates. Need to fix add user/group buttons and search form on search results page.	2009-02-06 06:34:47 +00:00
Tim Almdal	2f5344c1da	A preview of the password reset functionality. What's working... you can start to logon, request the password to be reset, and an email is sent to the users email address. If you click on the link you get an unformatted form. But its a start :-)	2009-02-04 05:49:29 +00:00
Chad Kieffer	d656b6a3e6	Beginning of edit user panel fix. Form is displayed again. Added display of user email address to list.	2009-02-03 06:45:43 +00:00

1 2 3 4

156 Commits