summaryrefslogtreecommitdiff
path: root/modules/akismet/controllers
AgeCommit message (Collapse)Author
2013-01-21Update copyright to 2013. Fixes #1953.Bharat Mediratta
2012-02-27Update copyright to 2012. #1822Bharat Mediratta
2011-01-21Update copyright to 2011.Bharat Mediratta
2010-04-30Add page_title to admin views. Closes #1038.ckieffer
2010-03-03Update the copyright to 2010. It's only 3 months into the year :-)Bharat Mediratta
2010-01-29Clean up form validation code.Bharat Mediratta
2009-08-31XSS review fixes (mostly adding missing html::mark_clean()) calls.Andy Staudacher
2009-06-01Security pass over all controller code. Mostly adding CSRF checkingBharat Mediratta
and verifying user permissions, but there are several above-the-bar changes: 1) Server add is now only available to admins. This is a hard requirement because we have to limit server access (eg: server_add::children) to a user subset and the current permission model doesn't include that. Easiest fix is to restrict to admins. Got rid of the server_add permission. 2) We now know check permissions at every level, which means in controllers AND in helpers. This "belt and suspenders" approach will give us defense in depth in case we overlook it in one area. 3) We now do CSRF checking in every controller method that changes the code, in addition to the Forge auto-check. Again, defense in depth and it makes scanning the code for security much simpler. 4) Moved Simple_Uploader_Controller::convert_filename_to_title to item:convert_filename_to_title 5) Fixed a bug in sending notification emails. 6) Fixed the Organize code to verify that you only have access to your own tasks. In general, added permission checks to organize which had pretty much no validation code. I did my best to verify every feature that I touched.
2009-05-13Gee it's May already. Update copyright to 2009.Bharat Mediratta
2009-01-10Big set of changes to comments, with related changes to akismet andBharat Mediratta
user modules. * Don't delete vars when we delete a module. This makes reinstalling a module a lot easier. * Add user::lookup() as the preferred way to load a user, so that other modules don't delve into the user module (that'd be a problem when we swap out user modules) * Notify site admins if Akismet is not fully configured * Bundle all server variables into the comment so that if/when we re-check the comment, we are not using the server info from the site admin's request. * Update Akismet to grab request context data from the comment * Pre-seed comment fields if we have a logged in user. Update comment::create() API to clarify it for this. * Delete comment::update(), that's a controller function. * Add url to User_Model * Add author_name() author_email() and author_url() to Comment_Model. It'll return the appropriate values depending on whether the comment was left by a logged in user or a guest. * Use resetForm() instead of clearForm() when we reload the comment form after ajax submit, this way we preserve the pre-seeded values. * In the user profile page, ignore blank passwords.
2009-01-08i18n refactoring: Rename all _() (reserved by gettext) calls to t().Andy Staudacher
- And refactor printf to our string interpolation / pluralization syntax - Also, a slight change to the translations_incomings table, using binary(16) instead of char(32) as message key.
2009-01-07Extract the Akismet driver from the Spam_Filter module into a moduleBharat Mediratta
in its own right. Clean up the tests, streamline the code and improve the admin interaction. Add a working stats page.
generated by cgit v1.2.3 (git 2.46.0) at 2025-10-13 09:05:23 +0000