stian/gallery3
1
0
Fork 0
mirror of https://github.com/Pathduck/gallery3.git synced 2026-06-03 10:19:47 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity
7,522 Commits 4 Branches 0 Tags
a5700a2f3cee5ef02ae1bba97bf8b2cdac8fa4a2
Commit Graph

4686 Commits

Author SHA1 Message Date
Andy Staudacher
001623c755 Add new locale preferences: Adding per session (cookie) locale preferences and check the browser's / OS' locale preferences. 
Ticket 582.
 2009-09-04 11:06:20 -07:00
Andy Staudacher
c453c0ef82 Simplifying SafeString a bit: From a XSS HTML security point of view, treat clean() and purify() the same. 
No longer run a safe HTML string through the HTML purifier (since it's already marked as safe).

This also addresses the issue of calling purify() when no purifier is installed. In that case, we'd run clean() on a clean string (double HTML encoding).

If this approach doesn't work out, we can still modify the fallback code of purify() to check if the string is already clean before calling clean() instead of purify().
 2009-09-04 10:11:42 -07:00
Bharat Mediratta
1ffb5b24df Checkpoint. 2009-09-03 11:34:02 -07:00
Bharat Mediratta
1405e8ed9e Fix tests for new purifier API. 2009-09-03 11:29:57 -07:00
Bharat Mediratta
1dca0b9d6b Fix test for new purifier API. 2009-09-03 11:28:42 -07:00
Bharat Mediratta
82dd468002 Refactor interaction with the purifier module so that the API is 
cleaner and we don't need to know about the module innards.  Move the
config file over there too.
 2009-09-03 11:25:02 -07:00
Andy Staudacher
e2d5944e56 Minor performance improvement: Reduce module var cache lookups in SafeString. 2009-09-03 08:49:14 -07:00
Andy Staudacher
8f6a120b52 Ensure that purify isn't applied twice for an already purified SafeString 2009-09-03 08:39:44 -07:00
Tim Almdal
c4b449add1 Merge branch 'master' into talmdal 2009-09-03 01:11:52 -07:00
Tim Almdal
dcdd44109b fix the expected return value of photos controller 2009-09-03 01:11:28 -07:00
Tim Almdal
41e3773417 fix the expected return value of album controller 2009-09-03 01:07:02 -07:00
Tim Almdal
33bcf11e27 Change the Html_Helper and SafeString tests to change the expeced results based on whether HtmlPurifier module is installed or not 2009-09-03 01:05:03 -07:00
Tim Almdal
3dc7e2e78c Merge branch 'master' into talmdal 2009-09-02 23:53:35 -07:00
Chad Kieffer
6feab02c86 Merge branch 'master' of git@github.com:gallery/gallery3 2009-09-02 22:36:19 -06:00
Chad Kieffer
02409d3b99 Fix bg images in tables bug in webkit and ie. #718 2009-09-02 22:35:54 -06:00
Bharat Mediratta
d007f31686 Undo rest of the indentation issue accidentally created in 8312eb and 
partially fixed in 2c30dc
 2009-09-02 21:29:22 -07:00
Bharat Mediratta
9237ab9bc1 Change graphics::generate() API so that it doesn't return a boolean, 
instead it throws an exception if there's a problem.  The normal case
for graphics::generate is that it's going to succeed.  It'll only fail
if something un-handleable went wrong, so just use the resulting
exception.
 2009-09-02 15:29:00 -07:00
Tim Almdal
de61da5bfc Merge branch 'master' into talmdal 2009-09-02 14:29:00 -07:00
Tim Almdal
2c30dc2d5b fix a leading space that was causing the file_structure_test to fail 2009-09-02 14:28:00 -07:00
Tim Almdal
aea34882b4 Merge branch 'master' into talmdal 2009-09-02 13:44:37 -07:00
Bharat Mediratta
b842a9d9ca Fix formatting, and use a properly named file in 
change_photo_no_csrf_fails_test() so that GD doesn't bomb.
 2009-09-02 11:58:04 -07:00
Bharat Mediratta
b9293755c0 Deal with the aftermath of adding sharpen() calls. Since GD does not 
support it, this causes crashes as soon as you try to use it, which
breaks a bunch of our tests.  Also, give the user some idea that
sharpen() is missing in the UI.  Fixes #689.
 2009-09-02 11:57:20 -07:00
Bharat Mediratta
79754c2ef4 Run 'graphics::choose_default_toolkit();' to pick a toolkit, which we 
normally do as part of a regular install.
 2009-09-02 11:53:10 -07:00
Bharat Mediratta
a09a6a06be Refactor how we use $this->relative_path() so that we're not calling 
it twice on both sides of a ternary operator.
 2009-09-02 11:28:41 -07:00
Tim Almdal
f2bbb2963a Remove debugging statementes 2009-09-02 07:07:47 -07:00
Tim Almdal
7fbd012d71 Move HTMLPurifier from core to contrib and make it optional. Delete the modules/gallery/lib and HTMLPurifier.php 2009-09-02 07:06:28 -07:00
Bharat Mediratta
d5cd6a92e7 Rename $comment_model to $comments, this time without stomping on the 
pre-existing variable.
 2009-09-01 20:40:18 -07:00
Bharat Mediratta
eab5d71d06 Revert "Rename $comment_model to $comments." 
This reverts commit d85a8b20bb.
 2009-09-01 20:39:08 -07:00
Bharat Mediratta
ecc0d89cd4 Fix up incorrectly applied html::mark_clean(). Resolves #698, thanks fperwth! 2009-09-01 20:34:19 -07:00
Bharat Mediratta
b14b9e0d7b Allow anything to be made an album cover, except for direct children 
of the root album (which has no visible album cover, so no point in
offering that option).  This fully resolves #705.
 2009-09-01 20:23:44 -07:00
Bharat Mediratta
2ec11c5c4d Merge branch 'master' of git@github.com:gallery/gallery3 2009-09-01 20:17:57 -07:00
Bharat Mediratta
03c5c11775 Allow the RSS feed page size to be customizeable, up to 100 items (to 
mitigate DoS attacks).

Have PicLens request a 100-item page to mitigate the bug where it
refuses to load the 2nd page.

Mitigates #23.
 2009-09-01 20:13:23 -07:00
Andy Staudacher
95ea310aff Remove unused l10n message 2009-09-01 14:39:08 -07:00
Andy Staudacher
1d30691452 Add missing mark_clean() for t() calls with %attr parameter. 2009-09-01 12:14:23 -07:00
Andy Staudacher
b50d7f0d69 Fix bug #522 - Handle "save settings" correctly in the "share translations" form. 2009-09-01 11:11:22 -07:00
Andy Staudacher
295fc0c14c Merge commit 'upstream/master' 2009-09-01 01:30:45 -07:00
Andy Staudacher
fe37483aca Update XSS scanner golden file 2009-09-01 01:29:42 -07:00
Andy Staudacher
53711225ac XSS / style fixes for newly detected issues (after fixing XSS scanner) 2009-09-01 01:28:52 -07:00
Andy Staudacher
94c201f265 XSS escape in form helper and forge where missing. 2009-09-01 01:17:39 -07:00
Andy Staudacher
ff1979e12e Fix XSS in tags JS 2009-09-01 01:12:02 -07:00
Andy Staudacher
d2cea7905e Remove debugging code 2009-09-01 00:53:17 -07:00
Andy Staudacher
c0d4937e43 Fix bug in XSS scanner for <script> block @ position 0 of inline_html 2009-09-01 00:52:21 -07:00
Bharat Mediratta
dfb2e3dd02 Add an icon to the context menu option. 2009-08-31 23:27:46 -07:00
Chad Kieffer
39ca803af7 Set CSS cursor to hand for jQuery UI ui-state-hover elements. Fixes all but progress bar cursor. #669 2009-08-31 23:51:27 -06:00
Chad Kieffer
7331e2e77c Merge branch 'master' of git@github.com:gallery/gallery3 2009-08-31 23:16:35 -06:00
Chad Kieffer
19e49bea06 Don't include Make this the album's cover in context menu's for albums. #705 2009-08-31 23:07:17 -06:00
Andy Staudacher
285e2b9cbe Update XSS test golden file 2009-08-31 21:57:15 -07:00
Chad Kieffer
7b2c03c2b9 Merge branch 'master' of git@github.com:gallery/gallery3 2009-08-31 22:56:11 -06:00
Andy Staudacher
5ca13fe5e8 Merge commit 'upstream/master' 2009-08-31 21:53:17 -07:00
Andy Staudacher
2bc73e2e36 Fix XSS vectors in HTML attributes (mostly t() calls) 2009-08-31 21:51:57 -07:00