summaryrefslogtreecommitdiff
path: root/modules/comment
AgeCommit message (Collapse)Author
2009-07-04Forgot this file when i was fixing #477Tim Almdal
2009-07-04Fix for ticket #477. Use nl2br method when rendering comment::text andTim Almdal
item::description. In addition add p::clean or p::purify to places that xss cleaning had missed (i.e. rss feeds)
2009-07-03Split the clean method into two clean and purify. clean is a light weightTim Almdal
approach using html::specialchars and purify uses HTMLPurifier to intelligently cleanse the output fields. Use purifier for text and title fields where it is likely that a user would enter html to format their data.
2009-07-01Fix for ticket #357.Tim Almdal
Changed the set the created date as part of the import and change models/comment::save() to not set the creation date if it is already set.
2009-06-28Rename $theme->url() to $theme->theme_url() for consistency wihtBharat Mediratta
$theme->theme_script().
2009-06-26Create a theme_view function script which allows modules in the head or ↵Tim Almdal
admin_head functions to specify javascript files that are required for this page. In this commit, these script files are expressed at the end of the head or admin_head calls and appended to the beginning of the block stack. In a future commit these will be combined and gzipped for download.
2009-06-24Comment out [reply] and [edit] links because they're not implementedBharat Mediratta
yet. This closes ticket #416, and I'll open a new ticket to implement these functions.
2009-06-23Replay change from Romain DE LISEZ to change the state column to be a varcharBharat Mediratta
2009-06-23Upgrade to version 2 and change the state column to a varchar forBharat Mediratta
Postgres compatibility.
2009-06-23Refactor the install/upgrade code to be more flexible.Bharat Mediratta
Add xxx_installer::upgrade($version) method so that upgrade stanzas are separate from install stanzas. In the old code, to do an upgrade meant that you had to re-evolve everything from the initial install because we'd step through each version's changes. But what we really want is for the initial install to start off in the perfect initial state, and the upgrades to do the work behind the scenes. So now the install() function gets things set up properly the first time, and the upgrade() function does any work to catch you up to the latest code. See gallery_installer.php for a good example.
2009-06-18Fix l10n messages (malformed html)Andy Staudacher
2009-06-16Fix html bug in l10n messageAndy Staudacher
2009-06-15Refactor the comment_rss::feed() method to eliminate code duplication.Bharat Mediratta
2009-06-14Refactor the way that the rss module works so that we're not allowingBharat Mediratta
the url to dictate arbitrary static method calls. * Each xxx_rss helper has a single feed() call which takes an id as the argument * xxx_rss::available_feedS() only returns feeds when they're applicable (ie if you're viewing a tag, it won't show you an item feed). * Feed urls are now in the module/feed_id form so that we can bind a feed id to a given module * Tightened up the Rss_Controller by using url::merge and some other tricks. * Made the slideshow module express its own feed.
2009-06-14Refactor feed code to use stdClass everywhere. Fix bugs in theBharat Mediratta
max-pages calculation code. Move feed related data into the $feed variable and only pass that to the view.
2009-06-14Don't use stdClass to return the feed data. Just use an array.Tim Almdal
2009-06-14Remove the sidebar flag from the feed definition returned by available_feeds andTim Almdal
replace with a type field with one of two values (head and block). We need to do this to determine what fields go in the rss block so we can ignore the definitions that are related to the page head when creating the rss block that goes into the sidebar.
2009-06-12Create gallery::date_time(), gallery::date() and gallery::time()Bharat Mediratta
functions that format a unix timestamp into a date+time/date/time string. Partial fix for ticket #347.
2009-06-12Move the processing of rss feeds from the rss controller to callbacks in theTim Almdal
modules that are supplying the feed. The rss controller becomes a router. In this change the comment and updates fields are distributed.
2009-06-12Change from an event driven model to a call driven model similiar to the taskTim Almdal
api.
2009-06-12Change the "request_feed_links" eventing handling so that individual modulesTim Almdal
provide the part of the url (the suffix) that they are interested in and the rss module will format the rest of the url.
2009-06-11Changed rss_theme::sidebar_blocks to fire the event "request_feed_links" toTim Almdal
allow modules to contribute rss feed links to the rss sidebar block. Ticket #388.
2009-06-03Sanitize all data we return via json_encode() to guard against XSS andBharat Mediratta
other data leaks.
2009-06-01Security pass over all controller code. Mostly adding CSRF checkingBharat Mediratta
and verifying user permissions, but there are several above-the-bar changes: 1) Server add is now only available to admins. This is a hard requirement because we have to limit server access (eg: server_add::children) to a user subset and the current permission model doesn't include that. Easiest fix is to restrict to admins. Got rid of the server_add permission. 2) We now know check permissions at every level, which means in controllers AND in helpers. This "belt and suspenders" approach will give us defense in depth in case we overlook it in one area. 3) We now do CSRF checking in every controller method that changes the code, in addition to the Forge auto-check. Again, defense in depth and it makes scanning the code for security much simpler. 4) Moved Simple_Uploader_Controller::convert_filename_to_title to item:convert_filename_to_title 5) Fixed a bug in sending notification emails. 6) Fixed the Organize code to verify that you only have access to your own tasks. In general, added permission checks to organize which had pretty much no validation code. I did my best to verify every feature that I touched.
2009-05-31Run p::clean() on any variables that contain data entered by users.Bharat Mediratta
2009-05-26Restructure the module lifecycle.Bharat Mediratta
Install: <module>_installer::install() is called, any necessary tables are created. Activate: <module>_installer::activate() is called. Module controllers are routable, helpers are accessible, etc. The module is in use. Deactivate: <module>_installer::deactivate() is called. Module code is not accessible or routable. Module is *not* in use, but its tables are still around. Uninstall: <module>_installer::uninstall() is called. Module is completely removed from the database. Admin > Modules will install and activate modules, but will only deactivate (will NOT uninstall modules).
2009-05-19Rolled back r20813 to restore jump to comments, at least for nowChad Kieffer
2009-05-14Get rid of the 'View comments on this item' menu option for photos.Bharat Mediratta
It doesn't fit in with the others and as Jakob points out, the scroll wheel on the mouse is perfectly sufficient. I'll leave the icon around, though.
2009-05-13Gee it's May already. Update copyright to 2009.Bharat Mediratta
2009-05-11Refactor to support pagination and simplify the code.Bharat Mediratta
- Simplify the public controller methods - Fix a bug where missing thumbnails would cause a divide by zero error - actually pay attention to the page # for pagination and limit the query accordingly.
2009-05-02Remove direct call to item_before_delete since r20647 moved it into Item_ModelBharat Mediratta
2009-04-23Delete any comments associated with deleted itemsBharat Mediratta
2009-04-06Hide the "no comments yet" text after the first comment is posted.Bharat Mediratta
Fixes ticket #196.
2009-04-05Remove extra blank line.Bharat Mediratta
2009-04-03Concatenate chopped up internationalized string.Bharat Mediratta
2009-03-27Put csrf token into Admin_View and Theme_View by default, then use itBharat Mediratta
directly wherever possible instead of access::csrf_token().
2009-03-18Forgot to remove a back tickTim Almdal
2009-03-18Couple of sql statements that had incorrect prefix handling or noTim Almdal
prefix handling.
2009-02-28Change the pattern to identify tables that need prefix substitution toTim Almdal
mirror the drupal pattern of using braces {}.
2009-02-27This implements table prefix for all the queries in core, user, exif,Tim Almdal
tag, search, comment and notification modules (Ticket #68)
2009-02-23Temp fix for photostreamin admin dashboard, other miscellaneous css fixes. ↵Chad Kieffer
Apply jQuery UI button css to submit inputs in the admin theme.
2009-02-23added additional comment link, if no comments have been made yet.Jakob Hilden
2009-02-22Leave the comments title around, but add the "Be the first to comment"Bharat Mediratta
message below it.
2009-02-22Adjust the title based on whether or not there are comments.Bharat Mediratta
2009-02-22Standardize to uppercase DESC in the order by method callsTim Almdal
2009-02-20Fixes to comment admin buttons.Chad Kieffer
2009-02-15Apply buttons to comment moderation and action buttons, beginnings of a ↵Chad Kieffer
photo stream carousel block in admin dashboard.
2009-02-12Added a show comment form button. Add comment form is revealed when the ↵Chad Kieffer
button is clicked. Used jQuery UI Effect to .highlight() to bring attention to newly added comments. Also added a named anchor to our block library to allow direct linking/scrolling to those blocks on the page.
2009-02-02Resolve Trac Ticket #32Tim Almdal
2009-02-02Fix trac issue: #31Tim Almdal