Commit Graph
18 Commits
Author SHA1 Message Date
Bharat Mediratta d45a737779 Update copyright to 2013. Fixes #1953. 2013-01-21 01:22:01 -05:00
Bharat Mediratta 8524fba15a Sanitize the module name and don't allow storing values for illegal
module names.  Fixes #1898.
2012-07-21 15:42:52 -07:00
Bharat Mediratta f06c227505 Oops dropped a semicolon in e3d50dd8be 2012-05-15 09:26:13 -07:00
Bharat Mediratta e3d50dd8be Simplify dialog title for editing advanced settings. Fixes #1864. 2012-05-14 20:52:01 -07:00
Bharat Mediratta bf2bb3e1ea Update copyright to 2012. #1822 2012-02-27 09:48:23 -08:00
Bharat Mediratta 423daa52d5 Update copyright to 2011. 2011-01-21 23:01:06 -08:00
Bharat Mediratta 7607e1f932 Full pass over all the JSON encoding and JS dialog code. We now abide
by the following rules:

1) An initial dialog or panel load can take either HTML or JSON, but
   the mime type must accurately reflect its payload.

2) dialog form submits can handle a pure HTML response, but the mime
   type must also be correct.  This properly resolves the problem
   where the reauth code gets a JSON response first from the reauth
   code, and then an HTML response when you reauth and continue on to
   a given form -- try it out with Admin > Settings > Advanced.

3) All JSON replies must set the mime type correctly.  The json::reply
   convenience function does this for us.

4) By default, any HTML content sent back in the JSON response should be
   in the "html" field, no longer the "form" field.

The combination of these allows us to stop doing boilerplate code like
this in our controllers:

  // Print our view, JSON encoded
  json::reply(array("form" => (string) $view));

instead, controllers can just return HTML, eg:

  // Print our view
  print $view;

That's much more intuitive for developers.
2010-07-31 21:16:17 -07:00
Tim AlmdalandBharat Mediratta 91a2c04a24 More patches as part of #1225. Change the 'core' modules to use the json::reply
method to set the content type header and encode the response as a json object
2010-07-31 15:44:55 -07:00
Tim Almdal dbf3199e46 Fix for ticket #1181. Use $.getJSON to retrieve the json contents of the dialog. Convert all the controllers
that create the data to go into a dialog to return the html as part of a json object.
2010-07-06 14:12:01 -07:00
ckieffer f1076590f1 Add page_title to admin views. Closes #1038. 2010-04-30 00:08:37 -06:00
Bharat Mediratta c3c2b45280 Update the copyright to 2010. It's only 3 months into the year :-) 2010-03-03 10:15:34 -08:00
Bharat Mediratta 53df0df0a4 Update a few more occurrences of ORM/Database -> Database_Builder 2009-11-29 02:48:42 -08:00
Bharat Mediratta 0121bfd585 ORM::orderby -> ORM::order_by 2009-11-25 19:26:52 -08:00
Andy Staudacher 8312eb116e XSS review fixes (mostly adding missing html::mark_clean()) calls. 2009-08-31 02:12:01 -07:00
Andy Staudacher b9bd1681a3 Update all code to use helper method html::clean(), html::purify(), ... instead of SafeString directly. 2009-08-29 22:54:20 -07:00
Andy Staudacher c01ac42c46 Refactor all calls of p::clean() to SafeString::of() and p::purify() to SafeString::purify().
Removing any p::clean() calls for arguments to t() and t2() since their args are wrapped in a SafeString anyway.
2009-08-29 12:48:40 -07:00
Bharat Mediratta 8f9a943f55 Fix a bunch of XSS vulnerabilities turned up by manual inspection
using the checklist in ticket #385.
2009-07-01 17:57:39 -07:00
Bharat Mediratta 28b41056e3 Restructure things so that the application is now just another module.
Kohana makes this type of transition fairly straightforward in that
all controllers/helpers/etc are still located in the cascading
filesystem without any extra effort, except that I've temporarily
added a hack to force modules/gallery into the module path.

Rename what's left of "core" to be "application" so that it conforms
more closely to the Kohana standard (basically, just
application/config/config.php which is the minimal thing that you need
in the application directory)

There's still considerable work left to be done here.
2009-05-27 15:07:27 -07:00