summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2009-08-29Fixing all detected XSS vectors in PHP->JS code.Andy Staudacher
Xss: Rename UNKNOWN back to DIRTY, JS_XSS to DIRTY_JS. (using a different flag value to highlight potential XSS vectors in JS)
2009-08-29Bugfix: Don't forget to copy the _is_purified_html flag when cloning a ↵Andy Staudacher
SafeString.
2009-08-29Refactor all calls of p::clean() to SafeString::of() and p::purify() to ↵Andy Staudacher
SafeString::purify(). Removing any p::clean() calls for arguments to t() and t2() since their args are wrapped in a SafeString anyway.
2009-08-29Add more factory methods for convenience:Andy Staudacher
SafeString::purify() and SafeString::of_safe_html(). Removing SafeString::mark_html_safe() since it's no longer needed.
2009-08-29Adding SafeString::for_html_attr()Andy Staudacher
2009-08-29Have url::site() and other methods return a SafeString, just as t() and t2().Andy Staudacher
Benefits: - url::site() is often used in views and we can ensure in the url class that returned strings are indeed safe for use in HTML. Makes the list of vars of unknown safety status shorter. - url::site() is often used as message parameter to t() and t2(). The parameter would be HTML-escaped if it wasn't marked as safe HTML already. Makes the usage simpler / shorter.
2009-08-29Adding SafeString which is going to replace p::clean() and p::purify().Andy Staudacher
Refactoring of Xss_Security_Test. t() and t2() return a SafeString instance. TODO: - Update all code to use SafeString where appropriate. - Update golden fole of Xss_Security_Test - Stop reporting CLEAN vars in Xss_Security_Test
2009-08-29Using SafeString in album controller / viewAndy Staudacher
2009-08-04Fix l10n message for akismet, extracting URLs from the messageAndy Staudacher
2009-08-02Change the API for getting to the original state of an ORM.Bharat Mediratta
Old API: $obj->original("field_name") New API: $obj->original()->field_name This allows us to revert the varous xxx_updated events back to passing an original ORM as well as the the updated one. This makes for a cleaner event API. Old API: comment_updated($comment) { $comment->original("field_name") } Old API: comment_updated($old, $new) { $old->field_name }
2009-07-31Add new events:Bharat Mediratta
graphics_resize graphics_resize_completed graphics_rotate graphics_rotate_completed graphics_composite graphics_composite_completed
2009-07-31Simplify getViewportSize function to use the jQuery height and width functionsTim Almdal
Signed-off-by: Tim Almdal <tnalmdal@shaw.ca>
2009-07-31Move the getViewportSize method to gallery.common.jsTim Almdal
Signed-off-by: Tim Almdal <tnalmdal@shaw.ca>
2009-07-30Remove debug statementsBharat Mediratta
2009-07-30Update golden fileBharat Mediratta
2009-07-30Fix a static function declaration.Bharat Mediratta
2009-07-30Add some code to guard the weight calculation against zero rows whenBharat Mediratta
we're doing an initial install.
2009-07-29Clean up user form events. Thanks to Ben Smith (glooper).Bharat Mediratta
2009-07-29Show the author's username if the author has no fullname. Fixes ticket #601.Bharat Mediratta
2009-07-29Make body_attributes() a theme callback instead of a method on theBharat Mediratta
View. This allows modules to piggyback on it.
2009-07-29Oops, I removed too much in my last change. Put talmdal's query back,Bharat Mediratta
but change it to use Database instead of ORM for a little more efficiency.
2009-07-29Updated for gallery v10Bharat Mediratta
2009-07-29Bump the gallery version to 10 in install()Bharat Mediratta
2009-07-29Remove some scary debug code.Bharat Mediratta
2009-07-30Fix for ticket #576Tim Almdal
Add a weight index to the item table and changed the retrieval of the maximum weight to select weight from items order by weight desc limit 1. Upgrades the gallery module to version 10 Signed-off-by: Tim Almdal <tnalmdal@shaw.ca>
2009-07-30Remove debugging print statement in search.phpTim Almdal
Signed-off-by: Tim Almdal <tnalmdal@shaw.ca>
2009-07-28Adjust the velocity based on whether or not we're waiting for moreBharat Mediratta
updates to get smoother scrolling.
2009-07-28Make sure the thumb_menu has the gThumbMenu CSS class.Bharat Mediratta
2009-07-28Move site_menu and admin_menu into gallery helper so that site_menuBharat Mediratta
can call admin_menu.
2009-07-28Disable smooth progressbar scrolling when we're at 100% (else theBharat Mediratta
progressbar trucks along slowly even though the task is done).
2009-07-28Change search callbacks to use the event system, so move them out ofBharat Mediratta
xxx_search helpers and into xxx_event helpers.
2009-07-28Use events to generate menus, instead of having xxx_menu helpers.Bharat Mediratta
This is the first step towards having a simple, lightweight and unified API for module interaction.
2009-07-28Convert the album add dialog to use the new Form_Script libraryTim Almdal
Signed-off-by: Tim Almdal <tnalmdal@shaw.ca>
2009-07-28Revert commit 078c77a62b623322956457bfd7bfbdaf56203b00 and change theTim Almdal
tag_event:item_edit_form to use the new Form_Script library to inject script into a form. Signed-off-by: Tim Almdal <tnalmdal@shaw.ca>
2009-07-28Create A Forge Script element. Form_Script allows the specificationTim Almdal
of either a url to a script file or in line text which will be included in a script block. Signed-off-by: Tim Almdal <tnalmdal@shaw.ca>
2009-07-28Clean up amd simplify the tag processing: Only allow comma separators betweenTim Almdal
phrases. Using only 1 separator cleans up the javascript as well, as we can use some of the jquery autocomplete to set the tag separator. Signed-off-by: Tim Almdal <tnalmdal@shaw.ca>
2009-07-28Standardize the specification of tags.Tim Almdal
With this patch a comma(,) is the only valid tag separator. Spaces are allowed in tags and phrases no longer need to be specified with a dot. Signed-off-by: Tim Almdal <tnalmdal@shaw.ca>
2009-07-27Remove the unnecessary ORDER BY on $this->sort_column inBharat Mediratta
get_position(), and instead apply an ORDER BY on `id` in the 2nd query so that we have stability among the equal elements. This should result in cheaper (and more sensible) queries.
2009-07-27Updated.Bharat Mediratta
2009-07-27Merge branch 'master' of git@github.com:gallery/gallery3Andy Staudacher
2009-07-27Revert "Remove an useless ORDER BY."... the order by wasn't all that useless.Andy Staudacher
This reverts commit c80d2da0a95a63b76f5a4c835f1a0e1022ec2f53. Conflicts: modules/gallery/models/item.php
2009-07-27Revert "Fix for ticket #452"Tim Almdal
This reverts commit 809e52d80cbf3beb75b238fddb0da3951fb9a8e7.
2009-07-27Back out the fix for ticket #452Tim Almdal
Revert "Changed access::user_can to force the owner of an item to have" This reverts commit 0b97cfd6f098be08be5f3cf1dbca1cce580ae330.
2009-07-27Back out fixes for ticket #452Tim Almdal
Revert "It helps to save before committing :-)" This reverts commit 0d76d6fd77f53e9e92a9a013cd112c69217f3ceb.
2009-07-26Updating install.sql with the packaging script, basically re-adding the ↵Andy Staudacher
charset (utf8) expressions that were removed by merging in rledisez's left/right -> left_ptr/right_ptr changes.
2009-07-26Merge branch 'master' of git://github.com/rledisez/gallery3 into rledisez/masterAndy Staudacher
2009-07-26Missed committing the gBanner addition to the view template.Chad Kieffer
2009-07-26Updated wording of tag separator tipChad Kieffer
2009-07-26Merge branch 'master' of git@github.com:gallery/gallery3Chad Kieffer
2009-07-26Update to how gSiteMenu is positioned. Required addition of a new container, ↵Chad Kieffer
gBanner. This will ensure proper positioning across most browsers and simplifies gBreadcrumbs styles. Removed inaffective IE opacity style.
generated by cgit v1.2.3 (git 2.46.0) at 2025-10-15 07:19:24 +0000