stian/gallery3
1
0
Fork 0
mirror of https://github.com/Pathduck/gallery3.git synced 2026-05-21 03:49:21 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity
3,995 Commits 4 Branches 0 Tags
b6c1ba7ea6416630b2a44b3df8400a2d48460b0a
Commit Graph

115 Commits

Author SHA1 Message Date
Chad Kieffer
121fcab5c8 Replaced most clear fix hacks with generic class. 2009-10-07 00:46:02 -06:00
Chad Kieffer
d581bbbd1e Renamed more CSS selectors from gName to g-name. 2009-10-04 15:53:00 -06:00
Chad Kieffer
3e6ba7acc3 Renamed most, if not all css selectors from gName to g-name. Moved a few shared images from wind to lib. Deleted unused images in the admin_wind. This will likely break a few ajax features. 2009-10-04 00:27:22 -06:00
Chad Kieffer
9145331fd4 Renamed and moved gOdd/gEven CSS classes. 2009-10-03 12:33:53 -06:00
Chad Kieffer
e1e8904e4a Convert gDialog and gCancel over to g-dialog and g-cancel. Refactor CSS id's and classes in the login/reset password dialog. 2009-09-30 22:49:36 -06:00
Chad Kieffer
8f3691d502 Apply button style and hover effect to password reset button. 2009-09-30 22:20:34 -06:00
Chad Kieffer
1f252f0609 Missed g-right application on add group 2009-09-30 21:52:51 -06:00
Chad Kieffer
0c3c13d27f Removed blank line. 2009-09-30 21:12:00 -06:00
Chad Kieffer
72672bda39 Replaced gButtonLink with g-button. 2009-09-30 08:04:49 -06:00
Chad Kieffer
daa3a2b43c First round of CSS refactor updates. Added calls to gallery.common.css from wind and admin_wind. Replaced basic text align and block float classes. Removed section #2 from both themes screen styles. 2009-09-30 00:32:52 -06:00
Bharat Mediratta
d8f5b0f5a3 Change click() to change() so that we immediately update the UI when 
the user picks a new option.
 2009-09-05 21:14:25 -07:00
Andy Staudacher
047196b23c Add missing view for language selection 2009-09-05 17:39:49 -07:00
Bharat Mediratta
add134cc75 placeholder for a missing view 2009-09-04 20:29:12 -07:00
Andy Staudacher
53711225ac XSS / style fixes for newly detected issues (after fixing XSS scanner) 2009-09-01 01:28:52 -07:00
Andy Staudacher
2bc73e2e36 Fix XSS vectors in HTML attributes (mostly t() calls) 2009-08-31 21:51:57 -07:00
Andy Staudacher
ddb84c84e1 Rename mark_safe() to mark_clean() 2009-08-31 00:42:18 -07:00
Andy Staudacher
effccfd41d Change all instances of SafeString::of_safe_html() to html::mark_safe() in views. 2009-08-30 07:00:56 -07:00
Andy Staudacher
b9bd1681a3 Update all code to use helper method html::clean(), html::purify(), ... instead of SafeString directly. 2009-08-29 22:54:20 -07:00
Andy Staudacher
b4b638be44 Undo url helper changes - url methods no longer return a SafeString. 
Adding SafeString::of_safe_html() calls where urls are passed as parameters to t() and t2().
 2009-08-29 16:28:30 -07:00
Andy Staudacher
a5dfc81a8f Merge commit 'upstream/master' 
Conflicts:

	modules/akismet/views/admin_akismet.html.php
	modules/comment/helpers/comment_rss.php
	modules/gallery/helpers/gallery_rss.php
	modules/gallery/libraries/I18n.php
	modules/gallery/views/permissions_browse.html.php
	modules/gallery/views/simple_uploader.html.php
	modules/info/views/info_block.html.php
	modules/organize/controllers/organize.php
	modules/organize/views/organize.html.php
	modules/organize/views/organize_album.html.php
	themes/default/views/album.html.php
	themes/default/views/movie.html.php
	themes/default/views/photo.html.php
 2009-08-29 14:17:48 -07:00
Andy Staudacher
c01ac42c46 Refactor all calls of p::clean() to SafeString::of() and p::purify() to SafeString::purify(). 
Removing any p::clean() calls for arguments to t() and t2() since their args are wrapped in a SafeString anyway.
 2009-08-29 12:48:40 -07:00
Andy Staudacher
020281d932 Adding SafeString which is going to replace p::clean() and p::purify(). 
Refactoring of Xss_Security_Test.
t() and t2() return a SafeString instance.

TODO:
 - Update all code to use SafeString where appropriate.
 - Update golden fole of Xss_Security_Test
 - Stop reporting CLEAN vars in Xss_Security_Test
 2009-08-29 10:45:47 -07:00
Tim Almdal
445a8fb1b6 Change galleryPanel and galleryDialog widgets to gallery_panel and gallery_dialog respectively 
Signed-off-by: Bharat Mediratta <bharat@menalto.com>
 2009-08-08 02:08:42 +08:00
Tim Almdal
a302a9c3fa Refactor the gallery dialog into a jQuery widget 
Signed-off-by: Bharat Mediratta <bharat@menalto.com>
 2009-08-08 02:08:28 +08:00
Bharat Mediratta
41b8f943a6 Convert instances of theme_url() to just url() to match the API change 
made in dbeadc1407
 2009-07-23 10:20:49 -07:00
Bharat Mediratta
80f48b084a In the logout link, urlencode the continue url so that ampersands, etc 
don't break encapsulation.  In the logout controller, don't run the
url through url::redirect because that uses url::site().  Just set the
Location header directly.

This fixes ticket #483.
 2009-07-21 13:02:20 -07:00
Bharat Mediratta
050c82cf80 Escape bare & symbols so that we use valid entities. Fixes ticket #577. 2009-07-21 11:09:23 -07:00
Bharat Mediratta
51dca582cd More thorough fix for #421. Create User_Model::display_name() which 
uses the full name if there is one, or falls back to the name if
that's all we have.
 2009-07-19 16:50:35 -07:00
Shai Ben-Naphtali
fb7d99740d Changed "Forgot Your Password" text to use capital 'Y' on the word Your 
Signed-off-by: Bharat Mediratta <bharat@menalto.com>
 2009-07-21 00:09:06 +08:00
Bharat Mediratta
6e8a8c53e6 Rename $theme->url() to $theme->theme_url() for consistency wiht 
$theme->theme_script().
 2009-06-28 19:49:48 -07:00
unostar
08a5b75345 Add string to localizer 2009-06-15 02:02:25 -07:00
Bharat Mediratta
3d89951c77 Create gallery::date_time(), gallery::date() and gallery::time() 
functions that format a unix timestamp into a date+time/date/time
string.

Partial fix for ticket #347.

Signed-off-by:  <unostar@danalan.info>
 2009-06-13 20:10:24 +08:00
Bharat Mediratta
277d72d9fa Fix formatting. 2009-06-06 12:50:38 -07:00
Bharat Mediratta
43abcd9386 Security pass over all controller code. Mostly adding CSRF checking 
and verifying user permissions, but there are several above-the-bar
changes:

1) Server add is now only available to admins.  This is a hard
   requirement because we have to limit server access (eg:
   server_add::children) to a user subset and the current permission
   model doesn't include that.  Easiest fix is to restrict to admins.
   Got rid of the server_add permission.

2) We now know check permissions at every level, which means in
   controllers AND in helpers.  This "belt and suspenders" approach will
   give us defense in depth in case we overlook it in one area.

3) We now do CSRF checking in every controller method that changes the
   code, in addition to the Forge auto-check.  Again, defense in depth
   and it makes scanning the code for security much simpler.

4) Moved Simple_Uploader_Controller::convert_filename_to_title to
   item:convert_filename_to_title

5) Fixed a bug in sending notification emails.

6) Fixed the Organize code to verify that you only have access to your
   own tasks.  In general, added permission checks to organize which had
   pretty much no validation code.

I did my best to verify every feature that I touched.
 2009-06-01 22:40:22 -07:00
Bharat Mediratta
9322f51e23 Localize a string 2009-05-31 19:31:55 -07:00
jhilden
277c96c2f6 user admin facelift 
* added drag & drop help message for empty groups
* fixed overflow issue with more than ~10 members in one group
* CSS improvements
 2009-05-31 18:25:43 -04:00
Bharat Mediratta
9369ccab7f Run all variables that come from user-entered data through p::clean() 2009-05-31 01:02:51 -07:00
Chad Kieffer
2966289b14 Quick fix for ticket #144. Reapply event handler for delete link gDialog when group is refreshed. 2009-05-26 05:05:04 +00:00
Chad Kieffer
94e36344b2 Link to gallery.panel.js from the head, not body. 2009-05-26 05:00:19 +00:00
Chad Kieffer
88e1f02c1a Split out re-used JavaScript for common functions (messages, valign), panel toggle, and forms to external files. 2009-05-26 03:59:35 +00:00
Bharat Mediratta
7abe611a62 Make the 'this user cannot be deleted' link actually not clickable. 2009-05-13 03:59:42 +00:00
Bharat Mediratta
b9aeec634d Colorize admin user rows to make them stand out 2009-05-13 03:44:55 +00:00
Bharat Mediratta
1344bd7009 Use the name field if the full_name field is empty. 2009-05-13 03:36:06 +00:00
Andy Staudacher
6fae077b52 Fix i18n for "Logged in as" string 2009-04-17 02:04:25 +00:00
Tim Almdal
f1eec57221 Add a weight column to the items model. Change the album ordering to 
use this as the default instead of id.  This prepares the way for
manual reordering in the organize functionality.
 2009-04-05 16:57:51 +00:00
Bharat Mediratta
921f3a2eee Put csrf token into Admin_View and Theme_View by default, then use it 
directly wherever possible instead of access::csrf_token().
 2009-03-27 03:43:21 +00:00
Bharat Mediratta
6aadb0bc77 Fix indentation 2009-03-16 09:01:50 +00:00
Chad Kieffer
542ab6db1f Combined "Logged in as..." and "Modify Profile" to by just "Logged in as FullName" 2009-03-16 04:54:00 +00:00
Bharat Mediratta
83912bce20 Missed this in the last commit 2009-03-16 04:42:39 +00:00
Bharat Mediratta
736d74d05f Clean up the login, maintenance login and required-top-level-login code. 
We now have two clear and separate login approaches:
  login/ajax
  login/html

Choose the one that's appropriate.  Totally simplified the maintenance
page to be separate from the theme and dead simple, and use login/html
approach there.  Totally simplified the top level login
(login_page.html.php) to just be a login page, not the rest of the
chrome on the page and use the login/ajax approach there.

Don't use access::required in albums and then catch the exception,
instead use access::can and check the return code.

Improve the text for maintenance mode.
 2009-03-16 04:33:45 +00:00