stian/gallery3
1
0
Fork 0
mirror of https://github.com/Pathduck/gallery3.git synced 2026-06-19 08:09:54 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity
2,625 Commits 4 Branches 0 Tags
abd933d9bec63efebb2af5e3df2b714bef496397
Commit Graph

153 Commits

Author SHA1 Message Date
Tim Almdal
8b7f7a2fbe Don't use stdClass to return the feed data. Just use an array. 2009-06-14 12:38:57 -07:00
Tim Almdal
76b89556fc Remove the sidebar flag from the feed definition returned by available_feeds and 
replace with a type field with one of two values (head and block).  We need to
do this to determine what fields go in the rss block so we can ignore the
definitions that are related to the page head when creating the rss block that
goes into the sidebar.
 2009-06-14 12:09:47 -07:00
Bharat Mediratta
26314d0ef8 Create gallery::date_time(), gallery::date() and gallery::time() 
functions that format a unix timestamp into a date+time/date/time
string.

Partial fix for ticket #347.
 2009-06-12 22:44:51 -07:00
Tim Almdal
dc6c75cd05 Move the processing of rss feeds from the rss controller to callbacks in the 
modules that are supplying the feed. The rss controller becomes a router.
In this change the comment and updates fields are distributed.
 2009-06-12 08:52:03 -07:00
Tim Almdal
d4d145a443 Change from an event driven model to a call driven model similiar to the task 
api.
 2009-06-12 07:46:42 -07:00
Tim Almdal
e5793b5b26 Change the "request_feed_links" eventing handling so that individual modules 
provide the part of the url (the suffix) that they are interested in and the
rss module will format the rest of the url.
 2009-06-12 06:58:53 -07:00
Tim Almdal
1272d0837e Changed rss_theme::sidebar_blocks to fire the event "request_feed_links" to 
allow modules to contribute rss feed links to the rss sidebar block.
Ticket #388.
 2009-06-11 00:44:34 -07:00
Bharat Mediratta
dd854379c2 Sanitize all data we return via json_encode() to guard against XSS and 
other data leaks.
 2009-06-03 17:08:23 -07:00
Bharat Mediratta
43abcd9386 Security pass over all controller code. Mostly adding CSRF checking 
and verifying user permissions, but there are several above-the-bar
changes:

1) Server add is now only available to admins.  This is a hard
   requirement because we have to limit server access (eg:
   server_add::children) to a user subset and the current permission
   model doesn't include that.  Easiest fix is to restrict to admins.
   Got rid of the server_add permission.

2) We now know check permissions at every level, which means in
   controllers AND in helpers.  This "belt and suspenders" approach will
   give us defense in depth in case we overlook it in one area.

3) We now do CSRF checking in every controller method that changes the
   code, in addition to the Forge auto-check.  Again, defense in depth
   and it makes scanning the code for security much simpler.

4) Moved Simple_Uploader_Controller::convert_filename_to_title to
   item:convert_filename_to_title

5) Fixed a bug in sending notification emails.

6) Fixed the Organize code to verify that you only have access to your
   own tasks.  In general, added permission checks to organize which had
   pretty much no validation code.

I did my best to verify every feature that I touched.
 2009-06-01 22:40:22 -07:00
Bharat Mediratta
708f27f483 Run p::clean() on any variables that contain data entered by users. 2009-05-31 00:11:48 -07:00
Bharat Mediratta
7aed923908 Restructure the module lifecycle. 
Install: <module>_installer::install() is called, any necessary tables
are created.

Activate: <module>_installer::activate() is called.  Module
controllers are routable, helpers are accessible, etc.  The module is
in use.

Deactivate: <module>_installer::deactivate() is called.  Module code
is not accessible or routable.  Module is *not* in use, but its tables
are still around.

Uninstall: <module>_installer::uninstall() is called.  Module is
completely removed from the database.

Admin > Modules will install and activate modules, but will only
deactivate (will NOT uninstall modules).
 2009-05-26 05:28:59 +00:00
Chad Kieffer
730cc7aabb Rolled back r20813 to restore jump to comments, at least for now 2009-05-19 04:20:52 +00:00
Bharat Mediratta
7f77c676fe Get rid of the 'View comments on this item' menu option for photos. 
It doesn't fit in with the others and as Jakob points out, the scroll
wheel on the mouse is perfectly sufficient.  I'll leave the icon around, though.
 2009-05-14 23:41:49 +00:00
Bharat Mediratta
5495037a3d Gee it's May already. Update copyright to 2009. 2009-05-13 20:04:58 +00:00
Bharat Mediratta
de812e1e82 Refactor to support pagination and simplify the code. 
- Simplify the public controller methods
- Fix a bug where missing thumbnails would cause a divide by zero error
- actually pay attention to the page # for pagination and limit the query accordingly.
 2009-05-11 20:15:24 +00:00
Bharat Mediratta
977963444a Remove direct call to item_before_delete since r20647 moved it into Item_Model 2009-05-02 19:28:05 +00:00
Bharat Mediratta
dd0e69ba3a Delete any comments associated with deleted items 2009-04-23 01:32:35 +00:00
Bharat Mediratta
8ae2305289 Hide the "no comments yet" text after the first comment is posted. 
Fixes ticket #196.
 2009-04-06 00:27:24 +00:00
Bharat Mediratta
cdf873f1b3 Remove extra blank line. 2009-04-05 17:50:57 +00:00
Bharat Mediratta
802f2431c7 Concatenate chopped up internationalized string. 2009-04-03 23:12:52 +00:00
Bharat Mediratta
921f3a2eee Put csrf token into Admin_View and Theme_View by default, then use it 
directly wherever possible instead of access::csrf_token().
 2009-03-27 03:43:21 +00:00
Tim Almdal
8082060434 Forgot to remove a back tick 2009-03-18 01:24:54 +00:00
Tim Almdal
8e1817d4e4 Couple of sql statements that had incorrect prefix handling or no 
prefix handling.
 2009-03-18 01:20:30 +00:00
Tim Almdal
c04ff8e02f Change the pattern to identify tables that need prefix substitution to 
mirror the drupal pattern of using braces {}.
 2009-02-28 06:37:28 +00:00
Tim Almdal
bd15853708 This implements table prefix for all the queries in core, user, exif, 
tag, search, comment and notification modules (Ticket #68)
 2009-02-27 21:07:18 +00:00
Chad Kieffer
cd8d1c6582 Temp fix for photostreamin admin dashboard, other miscellaneous css fixes. Apply jQuery UI button css to submit inputs in the admin theme. 2009-02-23 05:14:05 +00:00
Jakob Hilden
7d96448ecb added additional comment link, if no comments have been made yet. 2009-02-23 00:46:25 +00:00
Bharat Mediratta
f5169dd451 Leave the comments title around, but add the "Be the first to comment" 
message below it.
 2009-02-22 20:16:56 +00:00
Bharat Mediratta
a83b6e9180 Adjust the title based on whether or not there are comments. 2009-02-22 20:09:17 +00:00
Tim Almdal
95fc61c9a8 Standardize to uppercase DESC in the order by method calls 2009-02-22 17:36:58 +00:00
Chad Kieffer
5dcf2794c5 Fixes to comment admin buttons. 2009-02-20 07:10:20 +00:00
Chad Kieffer
d04dbadfa1 Apply buttons to comment moderation and action buttons, beginnings of a photo stream carousel block in admin dashboard. 2009-02-15 22:36:51 +00:00
Chad Kieffer
9bbe8053c7 Added a show comment form button. Add comment form is revealed when the button is clicked. Used jQuery UI Effect to .highlight() to bring attention to newly added comments. Also added a named anchor to our block library to allow direct linking/scrolling to those blocks on the page. 2009-02-12 07:07:11 +00:00
Tim Almdal
421129d7a8 Resolve Trac Ticket #32 2009-02-02 19:18:43 +00:00
Tim Almdal
89edd4d3ff Fix trac issue: #31 2009-02-02 15:36:43 +00:00
Bharat Mediratta
a30c28b5fc Make the comment -> recaptcha binding happen via an event dispatch as 
opposed to a direct call.
 2009-01-27 08:21:54 +00:00
Tim Almdal
bfb5c42124 Adding Recaptcha to the comment module. Recaptcha integration consists of a Form_Recaptcha class derived from Form_Input that can be added to any class that requires Recaptcha verfication. 2009-01-26 16:12:57 +00:00
Tim Almdal
a8233ed979 Undo the adding underscores to the id on forge generated forms 2009-01-25 06:28:04 +00:00
Chad Kieffer
55cd2afde5 Admin theme style cleanup. Merged separate selected, available, unavailable into a single set of reusable classes. Applied alternating row bg colors. Removed inline CSS from admin views. Moved user admin css into admin_default theme style sheet. 2009-01-24 20:06:13 +00:00
Tim Almdal
cbff78daa8 Supply a form id on all forms. This id can be used by modules other 
than the originating module to provide additional functionality to the form.
 2009-01-24 17:26:47 +00:00
Bharat Mediratta
1cc7b3f4be Don't force validation anymore; we're clearing the form properly in 
the controller on successful add.
 2009-01-18 23:27:26 +00:00
Bharat Mediratta
b39be71a4e We don't need to reset the form anymore, since it's reset on the server side. 2009-01-18 23:26:53 +00:00
Bharat Mediratta
f0eb8cb641 Reset the form before sending it back on success so that we clear the values. 2009-01-18 23:25:42 +00:00
Bharat Mediratta
7b68ca9946 Refactor dashboard -> block_manager since it'll manage blocks site 
wide, not just in the dashboard.
 2009-01-18 06:55:04 +00:00
Bharat Mediratta
3d1ea2904d Rename theme callback helpers from xxx_block to xxx_theme to make room 
for us to rename the dashboard helper to be a block helper since
sidebar blocks are not just in the dashboard.
 2009-01-18 05:01:00 +00:00
Bharat Mediratta
d568a1e9fd Implement relevance ranked boolean searching on a full text index of 
item and comment data.  Whew!

It's not pretty yet.  And you have to manually update the index
currently in admin/maintenance.  But it works.
 2009-01-17 00:52:50 +00:00
Bharat Mediratta
2920640c2b Fix validation when adding new comments. 
Fire off the appropriate item_related_update events as appropriate.
 2009-01-16 04:06:03 +00:00
Andy Staudacher
e4a9b19bf9 Changing t() placeholder syntax from {{replace_me}} to %replace_me. 2009-01-15 10:02:41 +00:00
Andy Staudacher
e53916dd06 Simplifying the way t() is called. Refactoring localization function t($message, $options=array()) into 2 separate functions: 
- the new t($message, $options=array()) is for simple strings, optionally with placeholder interpolation.
- t2($singular, $plural, $count, $options=array()) is for plurals.
 2009-01-15 09:30:15 +00:00
Bharat Mediratta
5bfde5ceb8 Rename 'xxx_changed' events to 'xxx_updated' 2009-01-15 02:53:13 +00:00