Tim Almdal
f062cc5e1a
Merge branch 'master' of git@github.com:gallery/gallery3
2010-02-19 11:49:01 -08:00
Tim Almdal
10c0698949
Correct the view_fillsize permission to view_full. In addition, change the name of the field containing the url to the fullsize image to file_url instead of fullzie_url
2010-02-19 11:48:54 -08:00
Bharat Mediratta
d388e4bb86
Refactor away the "display_all" construct in User_Profile_Controller.
...
"display_all" is too coarse, and we should be letting event handlers
make the appropriate decision on what to display and when. This
duplicates some code, but it's now very clear in the event handlers
what's getting shown.
Throw a 404 if we try to view the user profile for a missing user.
The only feature change in this should be that we now display the
name, full name and website for a user to any other registered user,
which makes sense since these are typically public fields.
Don't show any of the edit buttons unless identity::is_writable()
2010-02-19 11:40:49 -08:00
Bharat Mediratta
643fffdba0
Add spaces around %name in the "create a file" text so that
...
double-clicking the token only selects that one word, not the word on
the line before (which happens on Chrome/Linux)
2010-02-19 09:49:05 -08:00
Chad Kieffer
3f021d3610
Merge branch 'master' of github.com:gallery/gallery3
2010-02-18 23:01:15 -07:00
Chad Kieffer
2846d81171
First pass at user profile formatting updates. Moved buttons to the top, simplified HTML and CSS.
2010-02-18 23:00:58 -07:00
Chad Kieffer
934cc8d7ee
Merge branch 'master' of github.com:gallery/gallery3
2010-02-18 19:32:57 -07:00
Chad Kieffer
b103306f3d
Don't need 'right' class here. Positioning is absolute to the right.
2010-02-18 19:26:07 -07:00
Andy Staudacher
f116af5287
Fix for tickets #1024 and #1025 : Fix formatting of album tree list in the organize dialog, and (magically) drag and drop move to another album works as well again. Tested in FF3.5, Chrome5 on Ubuntu Linux.
2010-02-18 17:54:29 -08:00
Bharat Mediratta
4c63753044
Restore the user_profile.php change from reverted
...
4091219425 that had this comment in the
change: "Also fixed a UI bug: No longer showing the edit user buttons
to admins in the profile view (to be consistent with the requirements
in the controller)."
2010-02-18 16:33:57 -08:00
Bharat Mediratta
0d72daf3d2
Restore the gallery_installer change from reverted dcddc68f58
...
that casts $powered_by_string from SafeString to string.
2010-02-18 16:33:17 -08:00
Bharat Mediratta
7d98d4b7b9
Revert "Fix for ticket #491 : Make user and group names translatable."
...
This reverts commit 4091219425 .
2010-02-18 16:20:59 -08:00
Bharat Mediratta
99c131e845
Revert "Never assign a SafeString instance to a Model member (or hell will break loose)."
...
This reverts commit dcddc68f58 .
2010-02-18 16:20:23 -08:00
Bharat Mediratta
d3e07f8a97
Revert "Fix for ticket #1017 : Handle the common case of t(html::clean($var)) by casting SafeString instances to string in translate()."
...
This reverts commit 4ca55a90ee .
2010-02-18 16:19:41 -08:00
Andy Staudacher and Bharat Mediratta
22bc871e2b
Fix for tickets #1024 and #1025 : Fix formatting of album tree list in the organize dialog, and (magically) drag and drop move to another album works as well again. Tested in FF3.5, Chrome5 on Ubuntu Linux.
2010-02-18 16:19:17 -08:00
Andy Staudacher and Bharat Mediratta
45910ffdc0
Improve setlocale() call, using some of G2's locale fallback code to match the platform's locale names.
2010-02-18 16:19:17 -08:00
Andy Staudacher
8f39e68449
Improve setlocale() call, using some of G2's locale fallback code to match the platform's locale names.
2010-02-18 14:43:18 -08:00
Andy Staudacher
4ca55a90ee
Fix for ticket #1017 : Handle the common case of t(html::clean($var)) by casting SafeString instances to string in translate().
2010-02-16 23:54:39 -08:00
Andy Staudacher
61f8af6e4c
Fix for ticket #1020 : Fix RSS feed validation of album / recent items feeds.
2010-02-16 21:56:56 -08:00
Andy Staudacher
5e25d2f7f1
Put focus on password field in reauthenticate dialog.
2010-02-15 14:27:48 -08:00
Andy Staudacher
6c89bb8878
Update of reviewed XSS audit data.
2010-02-15 13:51:32 -08:00
Andy Staudacher
e754bc18ea
Input sanitization
2010-02-15 13:44:37 -08:00
Andy Staudacher
dcddc68f58
Never assign a SafeString instance to a Model member (or hell will break loose).
2010-02-15 13:12:38 -08:00
Tim Almdal
a597b57210
return the absolute url not the relative for the full size, resize and thumb images.
2010-02-15 12:29:49 -08:00
Andy Staudacher
4091219425
Fix for ticket #491 : Make user and group names translatable.
...
Also fixed a UI bug: No longer showing the edit user buttons to admins in the profile view (to be consistent with the requirements in the controller).
2010-02-14 19:26:34 -08:00
Andy Staudacher
667d65aea4
Fix for ticket 901: Wrap Gallery version string into bdo tag to override the BiDi algorithm. Also, properly marking the "Powere by" string for translation.
...
See: http://www.w3.org/International/tutorials/bidi-xhtml/#Slide0420
2010-02-14 18:33:38 -08:00
Andy Staudacher
30dcaaa236
Need to allow access to ::change_provider for CLI, to make packager work.
2010-02-14 18:33:10 -08:00
Andy Staudacher
0eb9b43a33
Enable session expiration. Currently, it's set to expire sessions after 7 days of inactivity.
2010-02-14 17:26:57 -08:00
Andy Staudacher
74471df777
Minor security tightening of IdentityProvider::change_provider().
2010-02-14 16:12:18 -08:00
Tim Almdal
141595e709
Create an items REST collection requests that accepts a list of resource urls and returns the items associated with them.
2010-02-14 07:35:03 -08:00
Tim Almdal
897215689c
Remove the dirty flags from the information returned from the rest request for an item. In addition, add links to the images.
2010-02-14 07:32:35 -08:00
Tim Almdal
f37b93a7eb
If the return object is empty still return the empty object in the json response.
2010-02-14 07:31:11 -08:00
Andy Staudacher and Tim Almdal
0f66db51ef
Change JavaScript reauthentication check to check via XHR.
...
Benefit: Getting the real deadline this way, not interfering with an ongoing maintenance task.
2010-02-14 07:15:59 -08:00
Andy Staudacher and Tim Almdal
64e5d438c7
HTML validation, avoid empty <ul>
2010-02-14 07:15:58 -08:00
Andy Staudacher and Tim Almdal
1a951cb7f6
HTML validation fix (<script>)
2010-02-14 07:15:58 -08:00
Andy Staudacher and Tim Almdal
2dad1d7cd1
Some HTML validation fixes (don't render empty <ul> lists, empty id attributes, use & not &)
2010-02-14 07:15:57 -08:00
Andy Staudacher and Tim Almdal
8412aeb133
For consistency, use straight Kohana_404_Exception instead of the event system.
2010-02-14 07:15:57 -08:00
Bharat Mediratta
e88e976fc4
Tighten up the text.
2010-02-12 13:49:14 -08:00
Andy Staudacher
d53f6d0e05
Fix for tickets 1009 and 603: Show a themed error page to guests / registered users (not to admins though). And show a login form to guests for 404 (incl. insufficient view permissions) errors.
2010-02-12 16:40:44 -08:00
Bharat Mediratta
ce71ea6aa7
Revert "1) Add a depth parameter to retrieving an item thru the rest api"
...
This reverts commit 3439671bcf .
2010-02-12 04:53:26 -08:00
Tim Almdal
3439671bcf
1) Add a depth parameter to retrieving an item thru the rest api
...
2) Standardize the structure of members so that client programs can consistently
parse the return information.
3) Added a summary parameter so that client programs can easily determine if the
information returned is summary (item type, item title) or the full meal deal
2010-02-12 09:52:57 -08:00
Andy Staudacher
cd45c94fe6
Get rid of unnecessary view file.
2010-02-11 15:59:17 -08:00
Andy Staudacher
dc94f6e45a
Include user name in logging message for failed password reset. As Bharat points out, t() ensures that parameters are escaped for XSS.
2010-02-11 14:35:05 -08:00
Andy Staudacher
6353a7c2de
Security: Fix leaking of album / photo names. Reject previous fix for ticket 1009.
...
Side effect: Renaming auth::required_login() to login_page().
2010-02-11 14:28:32 -08:00
Andy Staudacher
cd98f85260
Fix for ticket 1010: Don't leak valid user names in "forgot password" form.
...
Includes fixes for user forms as well (edit user / email / password).
2010-02-11 13:11:31 -08:00
Bharat Mediratta
1ada27916f
Use the admin/users/edit_user_form version of the user editing form
...
right after initial install so that we're not requiring the user to
re-enter the auto-generated password to change their password and
email.
Fixes ticket #1007
2010-02-11 05:24:16 -08:00
Bharat Mediratta
592689a759
Merge branch 'master' of github.com:gallery/gallery3
2010-02-10 09:55:39 -08:00
Tim Almdal
8ef08d2088
Refactor the code to display the login page if the user does not have view
...
permission into the common auth::require_login() method.
2010-02-10 08:53:39 -08:00
Tim Almdal
17f0a1b10f
If the user does not have permission to view the album, photo or movie, redirect
...
to a logon page to allow the user to login. Pass the target url as a session
variable to allow the user to be redirected where they want to go if the login
was successful. Fixes ticket #1009 .
2010-02-10 08:45:14 -08:00
Tim Almdal
f6c615c379
Use the helper ulr:current instead of manually creating the continue url.
2010-02-10 08:32:30 -08:00