| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2009-06-14 | Don't use stdClass to return the feed data. Just use an array. | Tim Almdal | |
| 2009-06-14 | Remove the sidebar flag from the feed definition returned by available_feeds and | Tim Almdal | |
| replace with a type field with one of two values (head and block). We need to do this to determine what fields go in the rss block so we can ignore the definitions that are related to the page head when creating the rss block that goes into the sidebar. | |||
| 2009-06-12 | Create gallery::date_time(), gallery::date() and gallery::time() | Bharat Mediratta | |
| functions that format a unix timestamp into a date+time/date/time string. Partial fix for ticket #347. | |||
| 2009-06-12 | Move the processing of rss feeds from the rss controller to callbacks in the | Tim Almdal | |
| modules that are supplying the feed. The rss controller becomes a router. In this change the comment and updates fields are distributed. | |||
| 2009-06-12 | Change from an event driven model to a call driven model similiar to the task | Tim Almdal | |
| api. | |||
| 2009-06-12 | Change the "request_feed_links" eventing handling so that individual modules | Tim Almdal | |
| provide the part of the url (the suffix) that they are interested in and the rss module will format the rest of the url. | |||
| 2009-06-11 | Changed rss_theme::sidebar_blocks to fire the event "request_feed_links" to | Tim Almdal | |
| allow modules to contribute rss feed links to the rss sidebar block. Ticket #388. | |||
| 2009-06-03 | Sanitize all data we return via json_encode() to guard against XSS and | Bharat Mediratta | |
| other data leaks. | |||
| 2009-06-01 | Security pass over all controller code. Mostly adding CSRF checking | Bharat Mediratta | |
| and verifying user permissions, but there are several above-the-bar changes: 1) Server add is now only available to admins. This is a hard requirement because we have to limit server access (eg: server_add::children) to a user subset and the current permission model doesn't include that. Easiest fix is to restrict to admins. Got rid of the server_add permission. 2) We now know check permissions at every level, which means in controllers AND in helpers. This "belt and suspenders" approach will give us defense in depth in case we overlook it in one area. 3) We now do CSRF checking in every controller method that changes the code, in addition to the Forge auto-check. Again, defense in depth and it makes scanning the code for security much simpler. 4) Moved Simple_Uploader_Controller::convert_filename_to_title to item:convert_filename_to_title 5) Fixed a bug in sending notification emails. 6) Fixed the Organize code to verify that you only have access to your own tasks. In general, added permission checks to organize which had pretty much no validation code. I did my best to verify every feature that I touched. | |||
| 2009-05-31 | Run p::clean() on any variables that contain data entered by users. | Bharat Mediratta | |
| 2009-05-26 | Restructure the module lifecycle. | Bharat Mediratta | |
| Install: <module>_installer::install() is called, any necessary tables are created. Activate: <module>_installer::activate() is called. Module controllers are routable, helpers are accessible, etc. The module is in use. Deactivate: <module>_installer::deactivate() is called. Module code is not accessible or routable. Module is *not* in use, but its tables are still around. Uninstall: <module>_installer::uninstall() is called. Module is completely removed from the database. Admin > Modules will install and activate modules, but will only deactivate (will NOT uninstall modules). | |||
| 2009-05-19 | Rolled back r20813 to restore jump to comments, at least for now | Chad Kieffer | |
| 2009-05-14 | Get rid of the 'View comments on this item' menu option for photos. | Bharat Mediratta | |
| It doesn't fit in with the others and as Jakob points out, the scroll wheel on the mouse is perfectly sufficient. I'll leave the icon around, though. | |||
| 2009-05-13 | Gee it's May already. Update copyright to 2009. | Bharat Mediratta | |
| 2009-05-11 | Refactor to support pagination and simplify the code. | Bharat Mediratta | |
| - Simplify the public controller methods - Fix a bug where missing thumbnails would cause a divide by zero error - actually pay attention to the page # for pagination and limit the query accordingly. | |||
| 2009-05-02 | Remove direct call to item_before_delete since r20647 moved it into Item_Model | Bharat Mediratta | |
| 2009-04-23 | Delete any comments associated with deleted items | Bharat Mediratta | |
| 2009-04-06 | Hide the "no comments yet" text after the first comment is posted. | Bharat Mediratta | |
| Fixes ticket #196. | |||
| 2009-04-05 | Remove extra blank line. | Bharat Mediratta | |
| 2009-04-03 | Concatenate chopped up internationalized string. | Bharat Mediratta | |
| 2009-03-27 | Put csrf token into Admin_View and Theme_View by default, then use it | Bharat Mediratta | |
| directly wherever possible instead of access::csrf_token(). | |||
| 2009-03-18 | Forgot to remove a back tick | Tim Almdal | |
| 2009-03-18 | Couple of sql statements that had incorrect prefix handling or no | Tim Almdal | |
| prefix handling. | |||
| 2009-02-28 | Change the pattern to identify tables that need prefix substitution to | Tim Almdal | |
| mirror the drupal pattern of using braces {}. | |||
| 2009-02-27 | This implements table prefix for all the queries in core, user, exif, | Tim Almdal | |
| tag, search, comment and notification modules (Ticket #68) | |||
| 2009-02-23 | Temp fix for photostreamin admin dashboard, other miscellaneous css fixes. ↵ | Chad Kieffer | |
| Apply jQuery UI button css to submit inputs in the admin theme. | |||
| 2009-02-23 | added additional comment link, if no comments have been made yet. | Jakob Hilden | |
| 2009-02-22 | Leave the comments title around, but add the "Be the first to comment" | Bharat Mediratta | |
| message below it. | |||
| 2009-02-22 | Adjust the title based on whether or not there are comments. | Bharat Mediratta | |
| 2009-02-22 | Standardize to uppercase DESC in the order by method calls | Tim Almdal | |
| 2009-02-20 | Fixes to comment admin buttons. | Chad Kieffer | |
| 2009-02-15 | Apply buttons to comment moderation and action buttons, beginnings of a ↵ | Chad Kieffer | |
| photo stream carousel block in admin dashboard. | |||
| 2009-02-12 | Added a show comment form button. Add comment form is revealed when the ↵ | Chad Kieffer | |
| button is clicked. Used jQuery UI Effect to .highlight() to bring attention to newly added comments. Also added a named anchor to our block library to allow direct linking/scrolling to those blocks on the page. | |||
| 2009-02-02 | Resolve Trac Ticket #32 | Tim Almdal | |
| 2009-02-02 | Fix trac issue: #31 | Tim Almdal | |
| 2009-01-27 | Make the comment -> recaptcha binding happen via an event dispatch as | Bharat Mediratta | |
| opposed to a direct call. | |||
| 2009-01-26 | Adding Recaptcha to the comment module. Recaptcha integration consists of a ↵ | Tim Almdal | |
| Form_Recaptcha class derived from Form_Input that can be added to any class that requires Recaptcha verfication. | |||
| 2009-01-25 | Undo the adding underscores to the id on forge generated forms | Tim Almdal | |
| 2009-01-24 | Admin theme style cleanup. Merged separate selected, available, unavailable ↵ | Chad Kieffer | |
| into a single set of reusable classes. Applied alternating row bg colors. Removed inline CSS from admin views. Moved user admin css into admin_default theme style sheet. | |||
| 2009-01-24 | Supply a form id on all forms. This id can be used by modules other | Tim Almdal | |
| than the originating module to provide additional functionality to the form. | |||
| 2009-01-18 | Don't force validation anymore; we're clearing the form properly in | Bharat Mediratta | |
| the controller on successful add. | |||
| 2009-01-18 | We don't need to reset the form anymore, since it's reset on the server side. | Bharat Mediratta | |
| 2009-01-18 | Reset the form before sending it back on success so that we clear the values. | Bharat Mediratta | |
| 2009-01-18 | Refactor dashboard -> block_manager since it'll manage blocks site | Bharat Mediratta | |
| wide, not just in the dashboard. | |||
| 2009-01-18 | Rename theme callback helpers from xxx_block to xxx_theme to make room | Bharat Mediratta | |
| for us to rename the dashboard helper to be a block helper since sidebar blocks are not just in the dashboard. | |||
| 2009-01-17 | Implement relevance ranked boolean searching on a full text index of | Bharat Mediratta | |
| item and comment data. Whew! It's not pretty yet. And you have to manually update the index currently in admin/maintenance. But it works. | |||
| 2009-01-16 | Fix validation when adding new comments. | Bharat Mediratta | |
| Fire off the appropriate item_related_update events as appropriate. | |||
| 2009-01-15 | Changing t() placeholder syntax from {{replace_me}} to %replace_me. | Andy Staudacher | |
| 2009-01-15 | Simplifying the way t() is called. Refactoring localization function ↵ | Andy Staudacher | |
| t($message, $options=array()) into 2 separate functions: - the new t($message, $options=array()) is for simple strings, optionally with placeholder interpolation. - t2($singular, $plural, $count, $options=array()) is for plurals. | |||
| 2009-01-15 | Rename 'xxx_changed' events to 'xxx_updated' | Bharat Mediratta | |
 |
index : gallery3.git | |
| A clone of the Gallery3 code for testing and development. | root |
| summaryrefslogtreecommitdiff |