| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
|
|
1) Trap all exceptions, eg dns or connectivity issues and
report back in the form (but put the stack trace in the logs)
2) Rename "noconn" to "no_connection"
|
|
connection was built up properly (just a boolean, not distuingishing between reasons in case of a failure), the other to reflect API validating success status.
Using this presenting a slightly more meaningfull error msg to user in case the connection would fail.
Fixes Ticket #1504
|
|
method to set the content type header and encode the response as a json object
|
|
Hide the fieldset and legend in the theme, since they don't add any value.
Change l10n_client::_server_url() to use the short style GMC urls and make the
API a little tighter.
|
|
|
|
|
|
1) Controller::$input is gone -- use Input::instance() now
2) Handle new 'database.<default>.connection.params' parameter
3) Handle new 'cache.<default>.prefix' parameter
|
|
|
|
to visually separate the view's title and description from everything else. Primary admin view title should always be h1, and only one h1 per view. Removed some unused admin CSS id's.
|
|
shared images from wind to lib. Deleted unused images in the admin_wind. This will likely break a few ajax features.
|
|
|
|
that the key was not changed as it as identical. This addresses the obscure issue raised in ticket #756
|
|
form.
|
|
|
|
|
|
views.
|
|
|
|
this should take care of bug #329
|
|
Fixes ticket #194
|
|
Signed-off-by: Tim Almdal <tnalmdal@shaw.ca>
|
|
and verifying user permissions, but there are several above-the-bar
changes:
1) Server add is now only available to admins. This is a hard
requirement because we have to limit server access (eg:
server_add::children) to a user subset and the current permission
model doesn't include that. Easiest fix is to restrict to admins.
Got rid of the server_add permission.
2) We now know check permissions at every level, which means in
controllers AND in helpers. This "belt and suspenders" approach will
give us defense in depth in case we overlook it in one area.
3) We now do CSRF checking in every controller method that changes the
code, in addition to the Forge auto-check. Again, defense in depth
and it makes scanning the code for security much simpler.
4) Moved Simple_Uploader_Controller::convert_filename_to_title to
item:convert_filename_to_title
5) Fixed a bug in sending notification emails.
6) Fixed the Organize code to verify that you only have access to your
own tasks. In general, added permission checks to organize which had
pretty much no validation code.
I did my best to verify every feature that I touched.
|
|
gallery module. This type of mass update is prone to some small bugs.
|
|
Kohana makes this type of transition fairly straightforward in that
all controllers/helpers/etc are still located in the cascading
filesystem without any extra effort, except that I've temporarily
added a hack to force modules/gallery into the module path.
Rename what's left of "core" to be "application" so that it conforms
more closely to the Kohana standard (basically, just
application/config/config.php which is the minimal thing that you need
in the application directory)
There's still considerable work left to be done here.
|
