stian/gallery3
1
0
Fork 0
mirror of https://github.com/Pathduck/gallery3.git synced 2026-06-05 11:19:07 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity
5,668 Commits 4 Branches 0 Tags
ec052d71301acbf519947897f8adda7fdcf7fefb
Commit Graph

3624 Commits

Author SHA1 Message Date
Andy Staudacher
d5660d2d3e Fixing all detected XSS vectors in PHP->JS code. 
Xss: Rename UNKNOWN back to DIRTY, JS_XSS to DIRTY_JS.
(using a different flag value to highlight potential XSS vectors in JS)
 2009-08-29 13:41:18 -07:00
Chad Kieffer
a9fcec755a Merge branch 'master' of git@github.com:gallery/gallery3 2009-08-29 14:02:29 -06:00
Chad Kieffer
5db0b68a70 Update status message styles. Lighten backgrounds, don't show background on Admin Maintenance rows, and added gModuleStatus class. 2009-08-29 14:01:04 -06:00
Andy Staudacher
83344b9e7d Bugfix: Don't forget to copy the _is_purified_html flag when cloning a SafeString. 2009-08-29 12:50:20 -07:00
Andy Staudacher
c01ac42c46 Refactor all calls of p::clean() to SafeString::of() and p::purify() to SafeString::purify(). 
Removing any p::clean() calls for arguments to t() and t2() since their args are wrapped in a SafeString anyway.
 2009-08-29 12:48:40 -07:00
Andy Staudacher
a10063ff68 Add more factory methods for convenience: 
SafeString::purify() and SafeString::of_safe_html().

Removing SafeString::mark_html_safe() since it's no longer needed.
 2009-08-29 12:34:09 -07:00
Bharat Mediratta
6b633e8748 Merge branch 'talmdal_branch' of git@github.com:gallery/gallery3 2009-08-29 12:24:44 -07:00
Bharat Mediratta
cd1fd4989f Add a test for Comment_Model::viewable(). 2009-08-29 12:22:00 -07:00
Bharat Mediratta
50c624ed1b Fix active() to not use user::guest() as the fallback for our Session::get() call. 2009-08-29 12:20:03 -07:00
Bharat Mediratta
0d16cc1c10 Clean up the test and get it working. 2009-08-29 12:12:53 -07:00
Andy Staudacher
7adb9ea2e3 Adding SafeString::for_html_attr() 2009-08-29 11:48:55 -07:00
Bharat Mediratta
d85a8b20bb Rename $comment_model to $comments. 2009-08-29 11:48:49 -07:00
Tim Almdal
38b2efc44c Fix for 641... extend viewable functionality to comments. Viewable unit test is not working. 2009-08-29 11:43:10 -07:00
Bharat Mediratta
35f83ff31d Merge branch 'master' of git@github.com:gallery/gallery3 2009-08-29 11:33:29 -07:00
Andy Staudacher
1d633457c4 Have url::site() and other methods return a SafeString, just as t() and t2(). 
Benefits:
 - url::site() is often used in views and we can ensure in the url class that returned strings are indeed safe for use in HTML. Makes the list of vars of unknown safety status shorter.
 - url::site() is often used as message parameter to t() and t2(). The parameter would be HTML-escaped if it wasn't marked as safe HTML already. Makes the usage simpler / shorter.
 2009-08-29 11:31:00 -07:00
jhilden
22c7f44d0b Merge branch 'master' of git@github.com:gallery/gallery3 2009-08-29 14:29:54 -04:00
Bharat Mediratta
775987dff9 Fix a bug where organize doesn't properly generate the tree at the root album. 2009-08-29 11:29:38 -07:00
jhilden
746609b967 * created new generic "Add" dropdown in the site menu. this should take care of ticket #537 
* removed start/stop translation menu items from the admin, since they are on the languags admin page now
 2009-08-29 14:27:08 -04:00
Tim Almdal
27b81257fa Standardize the access to the create_random_item method 2009-08-29 11:24:12 -07:00
Tim Almdal
08d7fda7f8 Merge branch 'master' of git://github.com/gallery/gallery3 2009-08-29 11:22:19 -07:00
jhilden
8d256898c7 improved translation interface so that it now can be closed without going to the admin 2009-08-29 14:21:53 -04:00
Tim Almdal
6de10a54dd Fix typo in the parameter list 2009-08-29 11:21:30 -07:00
Bharat Mediratta
4408ed0684 Remove stray blank line. 2009-08-29 10:56:35 -07:00
Bharat Mediratta
1527f149a9 Merge branch 'master' of git@github.com:gallery/gallery3 2009-08-29 10:49:25 -07:00
Bharat Mediratta
b833cb6073 Get rid of the task infrastructure. The multiple requests greatly 
slow down simple operations.  We may run into problems with more
complex operations, but let's only add tasks into the mix when it's
clear that we need them.
 2009-08-29 10:48:23 -07:00
Andy Staudacher
020281d932 Adding SafeString which is going to replace p::clean() and p::purify(). 
Refactoring of Xss_Security_Test.
t() and t2() return a SafeString instance.

TODO:
 - Update all code to use SafeString where appropriate.
 - Update golden fole of Xss_Security_Test
 - Stop reporting CLEAN vars in Xss_Security_Test
 2009-08-29 10:45:47 -07:00
Andy Staudacher
a2e2a2178b Using SafeString in album controller / view 2009-08-29 10:40:34 -07:00
Bharat Mediratta
f257cd3d69 Major refactor of organize: 
* Clean up naming conventions for variables in the controller
  so that we specifically refer to albums with $album_id, etc.

* Move complexity for drawing tree out of the controller and into
  the view.

* Simplify task definitions to get rid of extraneous text

* Change __PLACEHOLDERS__ to clearly define which is the album
  and which is the item that we're moving before/after

* Remove as many CSS ids as we can from the tree view to keep
  things simple
 2009-08-29 10:00:47 -07:00
Bharat Mediratta
acce8cbafd Log the actual exception details, before swallowing the exception. 2009-08-29 08:47:44 -07:00
jhilden
c234f9fd39 improved translations admin interface 2009-08-28 20:53:06 -04:00
Bharat Mediratta
cb2171d082 Display the sort order in the Organize dialog, and allow users to 
change the sort order on the fly.
 2009-08-28 14:27:37 -07:00
Tim Almdal
31d63a0d0a Merge branch 'master' of git://github.com/gallery/gallery3 2009-08-28 13:47:36 -07:00
Tim Almdal
1d5262f9c3 Fix ticket #591: reCaptcha always on the page. 
1) move creating the "Add a comment" button into the comments.html.php
2) use $.get() to retrieve the comment add form
 2009-08-28 13:44:01 -07:00
jhilden
1855642bd1 improved UI for the languages admin 
this should take care of bug #329
 2009-08-28 16:19:41 -04:00
Bharat Mediratta
6dcfdb6432 Fix a bug in notification where were using get() instead of current() 
to get the first item in an ORM result set.
 2009-08-28 12:42:37 -07:00
Bharat Mediratta
dcead39dfb Merge branch 'talmdal_branch' of git@github.com:gallery/gallery3 2009-08-28 12:37:01 -07:00
Bharat Mediratta
e24d23bf14 Merge branch 'master' of git@github.com:talmdal/gallery3 into talmdal_branch 2009-08-28 12:33:47 -07:00
Bharat Mediratta
36d1a8c4f2 Rename sort columns: 
* Order Added => Manual
  * Capture Date => Date captured
  * Creation Date => Date uploaded
  * Updated Date => Date modified

Set the default sort order to "created" which mimics what we had
before, expt that it is not manual.
 2009-08-28 12:08:21 -07:00
Bharat Mediratta
5133f93290 Don't record mail failures when we throw the exception, record them 
when we catch the exception instead.
 2009-08-28 11:51:41 -07:00
Bharat Mediratta
16fc4465d0 Merge branch 'master' of git@github.com:talmdal/gallery3 2009-08-28 11:42:54 -07:00
Bharat Mediratta
b9aca313fa Fix a couple of off-by-one errors. 2009-08-28 11:41:06 -07:00
Bharat Mediratta
48e84243d2 Update help text to eliminate 'edit' since we don't do that yet, and change "items" to "photos". 2009-08-28 11:21:19 -07:00
Bharat Mediratta
76e541745f Refactor rearrange_task_handler to have a more linear flow. 2009-08-28 11:13:04 -07:00
Bharat Mediratta
8ca573741e Indentation fixes. 2009-08-28 10:48:53 -07:00
Tim Almdal
430b57578b Wrap all the notification helpers call with a try catch that swallows the exceptions, so the exceptions don't interrupt the upstream processes 2009-08-28 10:27:02 -07:00
Tim Almdal
9c79afcff5 Add logging to sendmail library when exception encountered 2009-08-28 10:24:16 -07:00
Bharat Mediratta
47fd2dc65e Clean up in preparation for some refactoring. 2009-08-28 09:53:54 -07:00
Bharat Mediratta
98361e7613 Add a @todo to defer loading the script/css to the organize dialog. 2009-08-28 09:25:29 -07:00
Bharat Mediratta
83e850bc33 Minor style fixes. 2009-08-28 09:19:20 -07:00
Bharat Mediratta
e8a3fe97a4 Fix whitespace. 2009-08-28 09:09:33 -07:00