Commit Graph
3332 Commits
Author SHA1 Message Date
Tim Almdal f062cc5e1a Merge branch 'master' of git@github.com:gallery/gallery3 2010-02-19 11:49:01 -08:00
Tim Almdal 10c0698949 Correct the view_fillsize permission to view_full. In addition, change the name of the field containing the url to the fullsize image to file_url instead of fullzie_url 2010-02-19 11:48:54 -08:00
Bharat Mediratta d388e4bb86 Refactor away the "display_all" construct in User_Profile_Controller.
"display_all" is too coarse, and we should be letting event handlers
make the appropriate decision on what to display and when.  This
duplicates some code, but it's now very clear in the event handlers
what's getting shown.

Throw a 404 if we try to view the user profile for a missing user.

The only feature change in this should be that we now display the
name, full name and website for a user to any other registered user,
which makes sense since these are typically public fields.

Don't show any of the edit buttons unless identity::is_writable()
2010-02-19 11:40:49 -08:00
Bharat Mediratta 643fffdba0 Add spaces around %name in the "create a file" text so that
double-clicking the token only selects that one word, not the word on
the line before (which happens on Chrome/Linux)
2010-02-19 09:49:05 -08:00
Chad Kieffer 3f021d3610 Merge branch 'master' of github.com:gallery/gallery3 2010-02-18 23:01:15 -07:00
Chad Kieffer 2846d81171 First pass at user profile formatting updates. Moved buttons to the top, simplified HTML and CSS. 2010-02-18 23:00:58 -07:00
Chad Kieffer 934cc8d7ee Merge branch 'master' of github.com:gallery/gallery3 2010-02-18 19:32:57 -07:00
Chad Kieffer b103306f3d Don't need 'right' class here. Positioning is absolute to the right. 2010-02-18 19:26:07 -07:00
Andy Staudacher f116af5287 Fix for tickets #1024 and #1025: Fix formatting of album tree list in the organize dialog, and (magically) drag and drop move to another album works as well again. Tested in FF3.5, Chrome5 on Ubuntu Linux. 2010-02-18 17:54:29 -08:00
Bharat Mediratta 4c63753044 Restore the user_profile.php change from reverted
4091219425 that had this comment in the
change: "Also fixed a UI bug: No longer showing the edit user buttons
to admins in the profile view (to be consistent with the requirements
in the controller)."
2010-02-18 16:33:57 -08:00
Bharat Mediratta 0d72daf3d2 Restore the gallery_installer change from reverted dcddc68f58
that casts $powered_by_string from SafeString to string.
2010-02-18 16:33:17 -08:00
Bharat Mediratta 7d98d4b7b9 Revert "Fix for ticket #491: Make user and group names translatable."
This reverts commit 4091219425.
2010-02-18 16:20:59 -08:00
Bharat Mediratta 99c131e845 Revert "Never assign a SafeString instance to a Model member (or hell will break loose)."
This reverts commit dcddc68f58.
2010-02-18 16:20:23 -08:00
Bharat Mediratta d3e07f8a97 Revert "Fix for ticket #1017: Handle the common case of t(html::clean($var)) by casting SafeString instances to string in translate()."
This reverts commit 4ca55a90ee.
2010-02-18 16:19:41 -08:00
Andy StaudacherandBharat Mediratta 22bc871e2b Fix for tickets #1024 and #1025: Fix formatting of album tree list in the organize dialog, and (magically) drag and drop move to another album works as well again. Tested in FF3.5, Chrome5 on Ubuntu Linux. 2010-02-18 16:19:17 -08:00
Andy StaudacherandBharat Mediratta 45910ffdc0 Improve setlocale() call, using some of G2's locale fallback code to match the platform's locale names. 2010-02-18 16:19:17 -08:00
Andy Staudacher 8f39e68449 Improve setlocale() call, using some of G2's locale fallback code to match the platform's locale names. 2010-02-18 14:43:18 -08:00
Andy Staudacher 4ca55a90ee Fix for ticket #1017: Handle the common case of t(html::clean($var)) by casting SafeString instances to string in translate(). 2010-02-16 23:54:39 -08:00
Andy Staudacher 61f8af6e4c Fix for ticket #1020: Fix RSS feed validation of album / recent items feeds. 2010-02-16 21:56:56 -08:00
Andy Staudacher 5e25d2f7f1 Put focus on password field in reauthenticate dialog. 2010-02-15 14:27:48 -08:00
Andy Staudacher 6c89bb8878 Update of reviewed XSS audit data. 2010-02-15 13:51:32 -08:00
Andy Staudacher e754bc18ea Input sanitization 2010-02-15 13:44:37 -08:00
Andy Staudacher dcddc68f58 Never assign a SafeString instance to a Model member (or hell will break loose). 2010-02-15 13:12:38 -08:00
Tim Almdal a597b57210 return the absolute url not the relative for the full size, resize and thumb images. 2010-02-15 12:29:49 -08:00
Andy Staudacher 4091219425 Fix for ticket #491: Make user and group names translatable.
Also fixed a UI bug: No longer showing the edit user buttons to admins in the profile view (to be consistent with the requirements in the controller).
2010-02-14 19:26:34 -08:00
Andy Staudacher 667d65aea4 Fix for ticket 901: Wrap Gallery version string into bdo tag to override the BiDi algorithm. Also, properly marking the "Powere by" string for translation.
See: http://www.w3.org/International/tutorials/bidi-xhtml/#Slide0420
2010-02-14 18:33:38 -08:00
Andy Staudacher 30dcaaa236 Need to allow access to ::change_provider for CLI, to make packager work. 2010-02-14 18:33:10 -08:00
Andy Staudacher 0eb9b43a33 Enable session expiration. Currently, it's set to expire sessions after 7 days of inactivity. 2010-02-14 17:26:57 -08:00
Andy Staudacher 74471df777 Minor security tightening of IdentityProvider::change_provider(). 2010-02-14 16:12:18 -08:00
Tim Almdal 141595e709 Create an items REST collection requests that accepts a list of resource urls and returns the items associated with them. 2010-02-14 07:35:03 -08:00
Tim Almdal 897215689c Remove the dirty flags from the information returned from the rest request for an item. In addition, add links to the images. 2010-02-14 07:32:35 -08:00
Tim Almdal f37b93a7eb If the return object is empty still return the empty object in the json response. 2010-02-14 07:31:11 -08:00
Andy StaudacherandTim Almdal 0f66db51ef Change JavaScript reauthentication check to check via XHR.
Benefit: Getting the real deadline this way, not interfering with an ongoing maintenance task.
2010-02-14 07:15:59 -08:00
Andy StaudacherandTim Almdal 64e5d438c7 HTML validation, avoid empty <ul> 2010-02-14 07:15:58 -08:00
Andy StaudacherandTim Almdal 1a951cb7f6 HTML validation fix (<script>) 2010-02-14 07:15:58 -08:00
Andy StaudacherandTim Almdal 2dad1d7cd1 Some HTML validation fixes (don't render empty <ul> lists, empty id attributes, use &amp; not &) 2010-02-14 07:15:57 -08:00
Andy StaudacherandTim Almdal 8412aeb133 For consistency, use straight Kohana_404_Exception instead of the event system. 2010-02-14 07:15:57 -08:00
Bharat Mediratta e88e976fc4 Tighten up the text. 2010-02-12 13:49:14 -08:00
Andy Staudacher d53f6d0e05 Fix for tickets 1009 and 603: Show a themed error page to guests / registered users (not to admins though). And show a login form to guests for 404 (incl. insufficient view permissions) errors. 2010-02-12 16:40:44 -08:00
Bharat Mediratta ce71ea6aa7 Revert "1) Add a depth parameter to retrieving an item thru the rest api"
This reverts commit 3439671bcf.
2010-02-12 04:53:26 -08:00
Tim Almdal 3439671bcf 1) Add a depth parameter to retrieving an item thru the rest api
2) Standardize the structure of members so that client programs can consistently
   parse the return information.
3) Added a summary parameter so that client programs can easily determine if the
   information returned is summary (item type, item title) or the full meal deal
2010-02-12 09:52:57 -08:00
Andy Staudacher cd45c94fe6 Get rid of unnecessary view file. 2010-02-11 15:59:17 -08:00
Andy Staudacher dc94f6e45a Include user name in logging message for failed password reset. As Bharat points out, t() ensures that parameters are escaped for XSS. 2010-02-11 14:35:05 -08:00
Andy Staudacher 6353a7c2de Security: Fix leaking of album / photo names. Reject previous fix for ticket 1009.
Side effect: Renaming auth::required_login() to login_page().
2010-02-11 14:28:32 -08:00
Andy Staudacher cd98f85260 Fix for ticket 1010: Don't leak valid user names in "forgot password" form.
Includes fixes for user forms as well (edit user / email / password).
2010-02-11 13:11:31 -08:00
Bharat Mediratta 1ada27916f Use the admin/users/edit_user_form version of the user editing form
right after initial install so that we're not requiring the user to
re-enter the auto-generated password to change their password and
email.

Fixes ticket #1007
2010-02-11 05:24:16 -08:00
Bharat Mediratta 592689a759 Merge branch 'master' of github.com:gallery/gallery3 2010-02-10 09:55:39 -08:00
Tim Almdal 8ef08d2088 Refactor the code to display the login page if the user does not have view
permission into the common auth::require_login() method.
2010-02-10 08:53:39 -08:00
Tim Almdal 17f0a1b10f If the user does not have permission to view the album, photo or movie, redirect
to a logon page to allow the user to login.  Pass the target url as a session
variable to allow the user to be redirected where they want to go if the login
was successful.  Fixes ticket #1009.
2010-02-10 08:45:14 -08:00
Tim Almdal f6c615c379 Use the helper ulr:current instead of manually creating the continue url. 2010-02-10 08:32:30 -08:00