stian/gallery3
1
0
Fork 0
mirror of https://github.com/Pathduck/gallery3.git synced 2026-05-31 08:49:16 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity
7,522 Commits 4 Branches 0 Tags
a5700a2f3cee5ef02ae1bba97bf8b2cdac8fa4a2
Commit Graph

4686 Commits

Author SHA1 Message Date
Bharat Mediratta
99c131e845 Revert "Never assign a SafeString instance to a Model member (or hell will break loose)." 
This reverts commit dcddc68f58.
 2010-02-18 16:20:23 -08:00
Bharat Mediratta
d3e07f8a97 Revert "Fix for ticket #1017: Handle the common case of t(html::clean($var)) by casting SafeString instances to string in translate()." 
This reverts commit 4ca55a90ee.
 2010-02-18 16:19:41 -08:00
Andy Staudacher
22bc871e2b Fix for tickets #1024 and #1025: Fix formatting of album tree list in the organize dialog, and (magically) drag and drop move to another album works as well again. Tested in FF3.5, Chrome5 on Ubuntu Linux. 2010-02-18 16:19:17 -08:00
Andy Staudacher
45910ffdc0 Improve setlocale() call, using some of G2's locale fallback code to match the platform's locale names. 2010-02-18 16:19:17 -08:00
Andy Staudacher
8f39e68449 Improve setlocale() call, using some of G2's locale fallback code to match the platform's locale names. 2010-02-18 14:43:18 -08:00
Tim Almdal
74472dc83c Merge branch 'master' into talmdal_dev 2010-02-17 06:46:48 -08:00
Andy Staudacher
4ca55a90ee Fix for ticket #1017: Handle the common case of t(html::clean($var)) by casting SafeString instances to string in translate(). 2010-02-16 23:54:39 -08:00
Andy Staudacher
61f8af6e4c Fix for ticket #1020: Fix RSS feed validation of album / recent items feeds. 2010-02-16 21:56:56 -08:00
Andy Staudacher
5e25d2f7f1 Put focus on password field in reauthenticate dialog. 2010-02-15 14:27:48 -08:00
Andy Staudacher
6c89bb8878 Update of reviewed XSS audit data. 2010-02-15 13:51:32 -08:00
Andy Staudacher
e754bc18ea Input sanitization 2010-02-15 13:44:37 -08:00
Andy Staudacher
dcddc68f58 Never assign a SafeString instance to a Model member (or hell will break loose). 2010-02-15 13:12:38 -08:00
Tim Almdal
a597b57210 return the absolute url not the relative for the full size, resize and thumb images. 2010-02-15 12:29:49 -08:00
Tim Almdal
eb1cdd0376 Merge branch 'master' into talmdal_dev 2010-02-15 06:27:17 -08:00
Andy Staudacher
4091219425 Fix for ticket #491: Make user and group names translatable. 
Also fixed a UI bug: No longer showing the edit user buttons to admins in the profile view (to be consistent with the requirements in the controller).
 2010-02-14 19:26:34 -08:00
Andy Staudacher
667d65aea4 Fix for ticket 901: Wrap Gallery version string into bdo tag to override the BiDi algorithm. Also, properly marking the "Powere by" string for translation. 
See: http://www.w3.org/International/tutorials/bidi-xhtml/#Slide0420
 2010-02-14 18:33:38 -08:00
Andy Staudacher
30dcaaa236 Need to allow access to ::change_provider for CLI, to make packager work. 2010-02-14 18:33:10 -08:00
Andy Staudacher
0eb9b43a33 Enable session expiration. Currently, it's set to expire sessions after 7 days of inactivity. 2010-02-14 17:26:57 -08:00
Andy Staudacher
74471df777 Minor security tightening of IdentityProvider::change_provider(). 2010-02-14 16:12:18 -08:00
Tim Almdal
141595e709 Create an items REST collection requests that accepts a list of resource urls and returns the items associated with them. 2010-02-14 07:35:03 -08:00
Tim Almdal
897215689c Remove the dirty flags from the information returned from the rest request for an item. In addition, add links to the images. 2010-02-14 07:32:35 -08:00
Tim Almdal
f37b93a7eb If the return object is empty still return the empty object in the json response. 2010-02-14 07:31:11 -08:00
Andy Staudacher
0f66db51ef Change JavaScript reauthentication check to check via XHR. 
Benefit: Getting the real deadline this way, not interfering with an ongoing maintenance task.
 2010-02-14 07:15:59 -08:00
Andy Staudacher
64e5d438c7 HTML validation, avoid empty <ul> 2010-02-14 07:15:58 -08:00
Andy Staudacher
1a951cb7f6 HTML validation fix (<script>) 2010-02-14 07:15:58 -08:00
Andy Staudacher
2dad1d7cd1 Some HTML validation fixes (don't render empty <ul> lists, empty id attributes, use &amp; not &) 2010-02-14 07:15:57 -08:00
Andy Staudacher
8412aeb133 For consistency, use straight Kohana_404_Exception instead of the event system. 2010-02-14 07:15:57 -08:00
Tim Almdal
e41a2d4e52 Merge branch 'master' into talmdal_dev 2010-02-14 07:11:14 -08:00
Tim Almdal
df8273e3f2 Merge branch 'master' of git@github.com:gallery/gallery3 2010-02-14 07:11:11 -08:00
Andy Staudacher
995e592a3d Change JavaScript reauthentication check to check via XHR. 
Benefit: Getting the real deadline this way, not interfering with an ongoing maintenance task.
 2010-02-13 18:03:46 -08:00
Andy Staudacher
293fa80941 HTML validation, avoid empty <ul> 2010-02-13 13:57:02 -08:00
Tim Almdal
da251228cb If the return object is empty still return the empty object in the json response. 2010-02-13 13:44:09 -08:00
Tim Almdal
dcd7a8fbb8 Merge branch 'master' into talmdal_dev 2010-02-13 13:00:41 -08:00
Andy Staudacher
f0949b8adb HTML validation fix (<script>) 2010-02-13 12:35:39 -08:00
Andy Staudacher
36702b1397 Some HTML validation fixes (don't render empty <ul> lists, empty id attributes, use &amp; not &) 2010-02-12 20:59:26 -08:00
Andy Staudacher
f5d00863b8 Merge commit 'upstream/master' 2010-02-12 19:06:28 -08:00
Andy Staudacher
7e47c3b19f For consistency, use straight Kohana_404_Exception instead of the event system. 2010-02-12 19:05:44 -08:00
Andy Staudacher
d53f6d0e05 Fix for tickets 1009 and 603: Show a themed error page to guests / registered users (not to admins though). And show a login form to guests for 404 (incl. insufficient view permissions) errors. 2010-02-12 16:40:44 -08:00
Bharat Mediratta
e88e976fc4 Tighten up the text. 2010-02-12 13:49:14 -08:00
Bharat Mediratta
ce71ea6aa7 Revert "1) Add a depth parameter to retrieving an item thru the rest api" 
This reverts commit 3439671bcf.
 2010-02-12 04:53:26 -08:00
Tim Almdal
3439671bcf 1) Add a depth parameter to retrieving an item thru the rest api 
2) Standardize the structure of members so that client programs can consistently
   parse the return information.
3) Added a summary parameter so that client programs can easily determine if the
   information returned is summary (item type, item title) or the full meal deal
 2010-02-12 09:52:57 -08:00
Tim Almdal
09739dfd2c Merge branch 'master' into talmdal_dev 2010-02-11 21:27:16 -08:00
Andy Staudacher
cd45c94fe6 Get rid of unnecessary view file. 2010-02-11 15:59:17 -08:00
Andy Staudacher
dc94f6e45a Include user name in logging message for failed password reset. As Bharat points out, t() ensures that parameters are escaped for XSS. 2010-02-11 14:35:05 -08:00
Andy Staudacher
6353a7c2de Security: Fix leaking of album / photo names. Reject previous fix for ticket 1009. 
Side effect: Renaming auth::required_login() to login_page().
 2010-02-11 14:28:32 -08:00
Andy Staudacher
cd98f85260 Fix for ticket 1010: Don't leak valid user names in "forgot password" form. 
Includes fixes for user forms as well (edit user / email / password).
 2010-02-11 13:11:31 -08:00
Bharat Mediratta
1ada27916f Use the admin/users/edit_user_form version of the user editing form 
right after initial install so that we're not requiring the user to
re-enter the auto-generated password to change their password and
email.

Fixes ticket #1007
 2010-02-11 05:24:16 -08:00
Tim Almdal
a893b0317d Merge branch 'master' into talmdal_dev 2010-02-10 17:48:39 -08:00
Bharat Mediratta
592689a759 Merge branch 'master' of github.com:gallery/gallery3 2010-02-10 09:55:39 -08:00
Tim Almdal
8ef08d2088 Refactor the code to display the login page if the user does not have view 
permission into the common auth::require_login() method.
 2010-02-10 08:53:39 -08:00