| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
#1798.
|
|
fc942aacda07346fa9af04853659eaeac1e766d3.
Change some variable names, refactor out visibility checking code, actually
check visibility at generation time instead of just suppressing the UI,
update module.info
Fixes #1829.
|
|
|
|
|
|
|
|
|
|
Fixes ticket #1307.
|
|
makes more semantic sense.
|
|
|
|
items table so there's no need for a subquery. The subquery could
generate way too many ids since it didn't pay attention to
permissions. This isn't a security problem since we were restricting
the item ids according to permissions in the outer query, but it's
wasteful.
|
|
|
|
item. Using the left and right pointers find all the comments for the child items. Thanks to jankoprowski for the initial investigation.
|
|
|
|
mostly issues around uninitialized variables, calling non-static
functions in a static context, calling Session functions directly
instead of on its singleton, passing non-variables by reference, and
subclasses not using the same interface as the parent class.
|
|
Convert all open_paren() calls to and_open() or or_open() as appropriate.
|
|
|
|
|
|
pre-existing variable.
|
|
This reverts commit d85a8b20bbe0a5be0a03da70354169d41f418d41.
|
|
instead of SafeString directly.
|
|
Conflicts:
modules/akismet/views/admin_akismet.html.php
modules/comment/helpers/comment_rss.php
modules/gallery/helpers/gallery_rss.php
modules/gallery/libraries/I18n.php
modules/gallery/views/permissions_browse.html.php
modules/gallery/views/simple_uploader.html.php
modules/info/views/info_block.html.php
modules/organize/controllers/organize.php
modules/organize/views/organize.html.php
modules/organize/views/organize_album.html.php
themes/default/views/album.html.php
themes/default/views/movie.html.php
themes/default/views/photo.html.php
|
|
SafeString::purify().
Removing any p::clean() calls for arguments to t() and t2() since their args are wrapped in a SafeString anyway.
|
|
|
|
is not working.
|
|
item::description. In addition add p::clean or p::purify to places that
xss cleaning had missed (i.e. rss feeds)
|
|
approach using html::specialchars and purify uses HTMLPurifier to intelligently
cleanse the output fields. Use purifier for text and title fields where it is
likely that a user would enter html to format their data.
|
|
|
|
the url to dictate arbitrary static method calls.
* Each xxx_rss helper has a single feed() call which takes an id as the argument
* xxx_rss::available_feedS() only returns feeds when they're applicable (ie
if you're viewing a tag, it won't show you an item feed).
* Feed urls are now in the module/feed_id form so that we can bind a
feed id to a given module
* Tightened up the Rss_Controller by using url::merge and some other tricks.
* Made the slideshow module express its own feed.
|
|
max-pages calculation code. Move feed related data into the $feed
variable and only pass that to the view.
|
|
|
|
replace with a type field with one of two values (head and block). We need to
do this to determine what fields go in the rss block so we can ignore the
definitions that are related to the page head when creating the rss block that
goes into the sidebar.
|
|
modules that are supplying the feed. The rss controller becomes a router.
In this change the comment and updates fields are distributed.
|
|
api.
|
