stian/gallery3
1
0
Fork 0
mirror of https://github.com/Pathduck/gallery3.git synced 2026-05-25 13:59:11 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity
5,167 Commits 4 Branches 0 Tags
aa2e4de024a985f16beb8c1ad90daf0e668d2e28
Commit Graph

3176 Commits

Author SHA1 Message Date
Tim Almdal
aa2e4de024 Corrected copy paste errors in g2_import task. Fixes ticket #949. 2010-02-01 22:55:47 -08:00
Tim Almdal
43985ea2fb Update the description to reflect we are only removing "expired" files. 2010-02-01 08:35:23 -08:00
Tim Almdal
64e014203c Correct the internationalization of the status message. 2010-02-01 08:15:49 -08:00
Bharat Mediratta
e1bf010d89 Force all non-guest users to have an email address since that's 
required in model validation.  Without this, any save on a user
without email will fail which means that you can't log in.

Bump user module to version 3.
 2010-01-31 20:50:52 -08:00
Bharat Mediratta
f8db2a9f8c Update the install version to 2 to match module.info. 2010-01-31 20:47:25 -08:00
Tim Almdal
e98991b90f return a location method so the page reloads properly if the edit was successful. 2010-01-31 16:58:42 -08:00
Bharat Mediratta
c050acf30a Fix lots of warnings that pop up when we're in E_STRICT mode. They're 
mostly issues around uninitialized variables, calling non-static
functions in a static context, calling Session functions directly
instead of on its singleton, passing non-variables by reference, and
subclasses not using the same interface as the parent class.
 2010-01-31 16:07:41 -08:00
Bharat Mediratta
c6676dd455 Remove obsolete call to _force_block_adder() which has been broken for over a year. 2010-01-31 15:23:37 -08:00
Bharat Mediratta
2253596379 Remove debug code. 2010-01-31 15:03:53 -08:00
Bharat Mediratta
c5471a76a2 htaccess_works() can't use var/tmp anymore because that's locked down. 
So just create var/security_test and delete it when we're done.
 2010-01-31 13:27:05 -08:00
Bharat Mediratta
ee35b0a9fe Elide data that isn't useful from the REST array. 2010-01-31 13:10:34 -08:00
Bharat Mediratta
4cd5c4cebb Second attempt to fix the timezone issue. If the timezone is not set 
in phpinfo(), then force it to America/Los_Angeles for now.
 2010-01-31 11:27:54 -08:00
Bharat Mediratta
dad537effe Update the timezone field to match the setting in 
system/config/locale.php.  This fixes the "date_default_timezone_set()
[function.date-default-timezone-set]: Timezone ID '' is invalid" error.
 2010-01-31 11:24:00 -08:00
Bharat Mediratta
359f6108b9 Remove edit permissions across the board. 2010-01-30 23:42:32 -08:00
Bharat Mediratta
a79d20a361 Use Item_Model::as_restful_array() to simplify tests. 2010-01-30 23:36:41 -08:00
Bharat Mediratta
d29028c4ea Add Item_Model::as_restful_array() for convenience. 2010-01-30 23:36:11 -08:00
Bharat Mediratta
6963695569 Verified 2010-01-30 23:22:53 -08:00
Bharat Mediratta
d92ee7954e Refactory auth::too_many_failed_logins() out of 
auth::validate_too_many_failed_logins() to conceptually separate the
two.
 2010-01-30 23:15:18 -08:00
Andy Staudacher
1470b99d1f Protect REST login controller from brute force attacks too. 
And make the REST auth token less predictable by using a better source for randomness.
 2010-01-30 21:42:57 -08:00
Bharat Mediratta
cb92e58d40 Update install.sql -- gallery version jumps from 23 to 25 due to a mistake 
in the version 24 upgrade code.

Update packager to serialize files so that we can serialize the new
.htaccess files

Update init_var.php to include the newly serialized .htaccess files.

Fixes ticket #587.
 2010-01-30 21:16:47 -08:00
Bharat Mediratta
c2a7a6a4e7 Lock down web access to var/uploads, var/tmp and var/logs using .htaccess 
Fixes ticket #587.
 2010-01-30 21:07:03 -08:00
Bharat Mediratta
79a1365991 Don't override the password in the database if it's empty in the form. 
Fixes ticket #995.
 2010-01-30 20:43:53 -08:00
Bharat Mediratta
2bfcec9620 Prevent brute force login attacks by reducing login attempts to 1 per 
minute after there have been 5 consecutive failed login attempts.

Fix for ticket #589.
 2010-01-30 19:48:57 -08:00
Bharat Mediratta
86fd81ef26 Make url::merge() function use the same exact definition as url_Core::merge() 2010-01-30 17:41:48 -08:00
Bharat Mediratta
69897b4c66 Fix the valid_admin code -- it was considering all non-admins invalid. 
Fixes ticket #997 (highest prime under 1000!)
 2010-01-30 16:20:44 -08:00
Bharat Mediratta
dccb2b73ff Dump out validation errors so that we have some extra information in the logs. 2010-01-30 16:19:00 -08:00
Bharat Mediratta
10e208ea5c Fix #992: Digibug pops up a blank page and doesn't allow printing 
form::hidden() changed in K24 breaking this.  Also fixed the spelling
of "$order_params"
 2010-01-30 16:05:20 -08:00
Bharat Mediratta
a161436015 Remap parent_id and album_cover_item_id to and from RESTful urls. 2010-01-30 15:46:35 -08:00
Bharat Mediratta
923a515ffb The user must have some edit permission somewhere to create a tag 2010-01-30 11:48:43 -08:00
Bharat Mediratta
43cb6d9b56 Make the error page more robust in the case where there's a failure 
early on in the framework code before we can load Gallery_I18n.php
 2010-01-30 11:38:40 -08:00
Bharat Mediratta
dcba664f74 Use ? or & as appropriate when appending output=html. 2010-01-29 20:37:48 -08:00
Bharat Mediratta
a04d0d2789 Add missing permission checks. 
Make the tag relationship an associative array.
 2010-01-29 19:42:38 -08:00
Bharat Mediratta
a95609849e Use var_export instead of print_r for better clarity. 2010-01-29 14:53:40 -08:00
Bharat Mediratta
d4998e37d8 Don't forget to flush the relative_url_cache when updating the slug. 2010-01-29 14:25:57 -08:00
Bharat Mediratta
98bcb95b10 Go through all slugs and make them legal values. 
Upgrade gallery3 module to version 23
 2010-01-29 14:20:34 -08:00
Bharat Mediratta
844d40a759 Oops, forgot to bump the version to 2 in install(). 2010-01-29 14:12:07 -08:00
Bharat Mediratta
3e2adae953 Merge branch 'master' of git@github.com:gallery/gallery3 2010-01-29 14:07:15 -08:00
Bharat Mediratta
45cdac973d Oops, somebody (me?) forgot to update the gallery module version 
number in gallery_installer::install() so the install.sql was out of
sync.
 2010-01-29 14:06:36 -08:00
Tim Almdal
c4e3604315 Strongly type the argument list to the model::validate method. 2010-01-29 14:04:27 -08:00
Tim Almdal
e4d9ea3394 Merge branch 'master' of git@github.com:gallery/gallery3 
Conflicts:
	modules/gallery/views/in_place_edit.html.php
 2010-01-29 11:39:22 -08:00
Tim Almdal
1bc0d05760 Replace <?= form::close() ?> with </form>. Also add a call to access::csrf_form_field in the form template. Fixes ticket #996. 2010-01-29 11:36:35 -08:00
Bharat Mediratta
660130cf1a Work around a weirdness where empty() doesn't work on input values. 2010-01-29 11:23:28 -08:00
Bharat Mediratta
3f5ad7d77a Clean up form validation code. 2010-01-29 11:20:35 -08:00
Bharat Mediratta
c214dfd094 Clean up form validation code. 2010-01-29 10:54:59 -08:00
Bharat Mediratta
0d73738099 Stop using obsolete form::close() 
Update the way we include the hidden CSRF field for InPlaceEdit.
 2010-01-29 10:13:10 -08:00
Bharat Mediratta
743fbe7696 Add page_type to the rotate and delete context menu items so that the 
quick menu knows where to send you after the action is done.
 2010-01-28 23:22:38 -08:00
Bharat Mediratta
aacafaaf35 Add @todo. 2010-01-28 23:17:32 -08:00
Bharat Mediratta
9908f37eef Use identity::set_active_user() instead of auth::login() when we 
change providers otherwise the user_installer code is going to be
calling auth::login() which causes all kinds of unexpected weirdness,
like it triggers the handler in gallery_event which detects graphics
toolkits, and that's only supposed to run on the first admin login.
 2010-01-28 21:33:41 -08:00
Bharat Mediratta
70b235e13d In auth::login() make the user active before trying to save it, else 
the validation code fails because it expects there to be an active
user.
 2010-01-28 21:33:01 -08:00
Bharat Mediratta
3584856afc Use auth::login() when we initially log in the admin user. 2010-01-28 21:32:50 -08:00