stian/gallery3
1
0
Fork 0
mirror of https://github.com/Pathduck/gallery3.git synced 2026-05-21 11:59:13 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity
5,610 Commits 4 Branches 0 Tags
ae6af2f9b61d69a3adc36f52257cdbd9c4fedf4e
Commit Graph

322 Commits

Author SHA1 Message Date
Bharat Mediratta
ae6af2f9b6 Install the rest module by default. 2010-06-15 16:01:41 -07:00
Bharat Mediratta
4d40cf62e9 Sort files by path in _dump_var() for consistent output. 
Skip . and .. (PHP 5.3 iterators seem to include those now).
 2010-06-15 15:50:10 -07:00
Tim Almdal
9504f71efc Fix for ticket #1118. Create a item::save_with_retries helper method, which encapsulates saving an item and handling name and slug conflicts. Call this instead of doing a save directly. 2010-06-15 14:18:23 -07:00
Tim Almdal
2492280cc0 Change the item rest update processing to call the item::move(source, target) helper when the parent member has changed. Using the move method insures that names and slugs that could conflict in the target album are resolved properly. Changed the item::move method so it returns a message to be displayed if the caller chooses. And changed the move controller to display the message returned by the move if the item name was renamed as part of the move. 2010-06-15 12:52:28 -07:00
Bharat Mediratta
87f8b6ff0a Bounce the user to the login page if they try to get to part of the 
admin site as a guest.  Also, theme the login/html page.
 2010-06-12 15:28:03 -07:00
Bharat Mediratta
dceecabbf1 Make login/logout continuation url code consistent. Where necessary, 
we specify the continue_url in the session, but we store it in the
login form so that we can propagate it across the session creation
that happens at login time.
 2010-06-12 15:16:47 -07:00
Bharat Mediratta
c026da85cd Use "continue_url" instead of "continue" for consistency with the 
reauth code.
 2010-06-12 15:10:34 -07:00
Bharat Mediratta
b61b50604b Push the continue url into the form for consistency with other 
login/continue code.
 2010-06-12 15:09:16 -07:00
Bharat Mediratta
63d95087bf Stop trying to parse the continue url in the logout controller because 
it requires us to reproduce a bunch of complex routing logic.
Instead, just have the logout link generating code generate a link
that's visible to guests.
 2010-06-12 13:35:12 -07:00
Tim Almdal
bbbb35675a Fix for ticket #1039. The problem was, as Bryan76 pointed out, with passing the full url in the continue parameter. In the logout controller, we tried to get the item from the url so we could check the permission of the item to insure that the guest user had access. But url::get_item_from_url expects a relative url. 2010-06-11 15:40:54 -07:00
Tim Almdal
30f4e143e8 Actually execute the database query that updates the album view count. Fixes ticket #1092. Thanks to shinta for pointing the way. 2010-06-11 08:17:03 -07:00
Bharat Mediratta
3422185938 Remove "rnd=" param from quick changes since we have the m= cache-buster already. 2010-05-14 16:51:51 -07:00
ckieffer
f1076590f1 Add page_title to admin views. Closes #1038. 2010-04-30 00:08:37 -06:00
Bharat Mediratta
6d81feacae Change the key for invalid passwords from "invalid" to 
"invalid_password" to remove ambiguity.
 2010-04-17 12:28:46 -07:00
Bharat Mediratta
ca45341361 Trigger the album_add_form_completed event after creating a new album. 2010-04-17 12:10:01 -07:00
Bharat Mediratta
c3c2b45280 Update the copyright to 2010. It's only 3 months into the year :-) 2010-03-03 10:15:34 -08:00
Andy Staudacher
a19b97f8d6 First step towards fixing ticket #1038: Allowing for custom page <title> in admin pages, just like in non-admin pages. 
TODO: Set $view->page_title in the many admin controllers we have. I just set it for admin_maintenance.php to show how it's intended to be used. I copied the title from views/admin_maintenance.html.php to the controller.
 2010-02-28 13:35:58 -08:00
Andy Staudacher
dacb58ceed Additional fixes for plural handling when deleting translations / marking them as untranslated. 2010-02-27 20:06:37 -08:00
Andy Staudacher
48193371e4 Incremental fix for ticket #1042: Delete translation from outgoing_translations when the user submits a form with an empty translation. 2010-02-27 18:54:36 -08:00
Andy Staudacher
6ce0132842 Fix for ticket #1027: Add index on cache key column. 
(and fix the packager to truncate the cache table before packaging)
 2010-02-22 00:30:54 -08:00
Andy Staudacher
334cd2368d Performance improvement: Load all translations of a locale as one serialized array from the Cache. 
Until now, we loaded hundreds of translation messages row by row, and unserializing one by one at bootstrap time. That amounted to a significant percentage of the complete request time. This approach is more than 10x faster.
 2010-02-21 23:50:01 -08:00
Andy Staudacher
8e7eda9cc6 Fix progress bar / maintenance tasks for locales that use comma as decimal separator, such as German. 2010-02-21 23:23:48 -08:00
Bharat Mediratta
d388e4bb86 Refactor away the "display_all" construct in User_Profile_Controller. 
"display_all" is too coarse, and we should be letting event handlers
make the appropriate decision on what to display and when.  This
duplicates some code, but it's now very clear in the event handlers
what's getting shown.

Throw a 404 if we try to view the user profile for a missing user.

The only feature change in this should be that we now display the
name, full name and website for a user to any other registered user,
which makes sense since these are typically public fields.

Don't show any of the edit buttons unless identity::is_writable()
 2010-02-19 11:40:49 -08:00
Andy Staudacher
4091219425 Fix for ticket #491: Make user and group names translatable. 
Also fixed a UI bug: No longer showing the edit user buttons to admins in the profile view (to be consistent with the requirements in the controller).
 2010-02-14 19:26:34 -08:00
Andy Staudacher
0f66db51ef Change JavaScript reauthentication check to check via XHR. 
Benefit: Getting the real deadline this way, not interfering with an ongoing maintenance task.
 2010-02-14 07:15:59 -08:00
Andy Staudacher
8412aeb133 For consistency, use straight Kohana_404_Exception instead of the event system. 2010-02-14 07:15:57 -08:00
Andy Staudacher
d53f6d0e05 Fix for tickets 1009 and 603: Show a themed error page to guests / registered users (not to admins though). And show a login form to guests for 404 (incl. insufficient view permissions) errors. 2010-02-12 16:40:44 -08:00
Andy Staudacher
6353a7c2de Security: Fix leaking of album / photo names. Reject previous fix for ticket 1009. 
Side effect: Renaming auth::required_login() to login_page().
 2010-02-11 14:28:32 -08:00
Tim Almdal
8ef08d2088 Refactor the code to display the login page if the user does not have view 
permission into the common auth::require_login() method.
 2010-02-10 08:53:39 -08:00
Tim Almdal
17f0a1b10f If the user does not have permission to view the album, photo or movie, redirect 
to a logon page to allow the user to login.  Pass the target url as a session
variable to allow the user to be redirected where they want to go if the login
was successful.  Fixes ticket #1009.
 2010-02-10 08:45:14 -08:00
Tim Almdal
f6c615c379 Use the helper ulr:current instead of manually creating the continue url. 2010-02-10 08:32:30 -08:00
Andy Staudacher
f9d00aa742 Fix for ticket 1008: Redirect to destination after re-auth. 2010-02-08 00:30:36 -08:00
Tim Almdal
b8047db539 Revert "Add the scheduler component to the admin maintenance screen." 
This reverts commit 48cb5021c6.
 2010-02-07 21:40:34 -08:00
Tim Almdal
316b0583b3 Revert "Refactor the admin maintenance screen so that events are used to 
populate the action buttons and other content such as the list of scheduled
tasks."

Leaving this api out of RC1.

This reverts commit 19fee6b5e4.

Conflicts:

	modules/gallery/views/admin_maintenance.html.php
 2010-02-07 21:38:51 -08:00
Andy Staudacher
f93528ffab Last partial fix for ticket 585: Compartmentalize the admin area and require active authentication every 20 minutes to access the admin area. 
Also renaming auth::validate_too_many_failed_password_changes to validate_too_many_failed_auth_attempts since it's used in this generalized way in 3 places now.
 2010-02-07 15:37:32 -08:00
Bharat Mediratta
eda6e3af06 Rename user_authenticate_xxx events to user_auth_xxx for brevity. 2010-02-07 08:49:37 -08:00
Bharat Mediratta
aff5d1cef4 Create the concept of a "failed authentication" as semantically 
separate from a successful or failed login.

1) Rename user_login_failed event to user_authenticate_failed

2) Rename failed_logins table to failed_auth (bump Gallery module to
   v27 to rename the table)

3) auth::too_many_failed_logins -> auth::too_many_failures

4) auth::record_failed_auth_attempts -> auth::record_failed_attempts
   auth::clear_failed_auth_attempts  -> auth::clear_failed_attempts
 2010-02-07 08:45:10 -08:00
Tim Almdal
19fee6b5e4 Refactor the admin maintenance screen so that events are used to pupluate the action buttons and other content such as the list of scheduled tasks. 2010-02-02 14:34:50 -08:00
Tim Almdal
5ded9e8ac5 Refactor starting a task into the task helper so we can call it multiple times. 2010-02-01 16:31:24 -08:00
Tim Almdal
48cb5021c6 Add the scheduler component to the admin maintenance screen. 2010-02-01 16:28:52 -08:00
Bharat Mediratta
c050acf30a Fix lots of warnings that pop up when we're in E_STRICT mode. They're 
mostly issues around uninitialized variables, calling non-static
functions in a static context, calling Session functions directly
instead of on its singleton, passing non-variables by reference, and
subclasses not using the same interface as the parent class.
 2010-01-31 16:07:41 -08:00
Bharat Mediratta
c6676dd455 Remove obsolete call to _force_block_adder() which has been broken for over a year. 2010-01-31 15:23:37 -08:00
Bharat Mediratta
cb92e58d40 Update install.sql -- gallery version jumps from 23 to 25 due to a mistake 
in the version 24 upgrade code.

Update packager to serialize files so that we can serialize the new
.htaccess files

Update init_var.php to include the newly serialized .htaccess files.

Fixes ticket #587.
 2010-01-30 21:16:47 -08:00
Bharat Mediratta
2bfcec9620 Prevent brute force login attacks by reducing login attempts to 1 per 
minute after there have been 5 consecutive failed login attempts.

Fix for ticket #589.
 2010-01-30 19:48:57 -08:00
Bharat Mediratta
aacafaaf35 Add @todo. 2010-01-28 23:17:32 -08:00
Bharat Mediratta
3ed81869cb Cast the SafeString $task->status to (string) so that it doesn't come 
down to the JS as an object.
 2010-01-28 20:44:10 -08:00
Tim Almdal
cedbc82dcc Do all the html::clean|purify calls in the views and not the controller. Also clean the subject line and email message body of the contact user email. 2010-01-28 07:44:58 -08:00
Bharat Mediratta
1606961153 Merge branch 'master' of git@github.com:gallery/gallery3 into bharat_dev 
Conflicts:
	modules/gallery/libraries/MY_ORM.php
 2010-01-25 19:49:17 -08:00
Tim Almdal
6023f2bb46 Remove the return url and change the return button on the user profile page to use javascript to return to the previous page. 2010-01-25 08:10:28 -08:00
Tim Almdal
865995305c Add the active notifications and rest api key to user profile page. 2010-01-24 20:14:01 -08:00