| Age | Commit message (Collapse) | Author |
|---|
|
item::move(source, target) helper when the parent member has changed.
Using the move method insures that names and slugs that could conflict
in the target album are resolved properly. Changed the item::move
method so it returns a message to be displayed if the caller chooses.
And changed the move controller to display the message returned by the
move if the item name was renamed as part of the move."
Rolling this back for a couple of reasons:
1) Bug in move.php ("message.info" is not a function name)
2) Having the message come back from the API call as a side-effect is
sloppy. We should find a cleaner way to do this checking.
3) having item::move() call save() on any changed values in the ORM
is counter-intuitive. Move should move, save should save.
I think the right approach here is to roll the move() code properly into
save().
This reverts commit 2492280cc0ec9eb64a8daeccc7b5698ece7fea66.
|
|
method, which encapsulates saving an item and handling name and slug
conflicts. Call this instead of doing a save directly."
Rolled this back because it fails KISS. We already have an API for
saving models with Item_Model::save() that's consistent with all of
our other model code. Adding a new way to save items is confusing and
inconsistent.
This reverts commit 9504f71efcadc7ed27f6f09e5d663e8025bf3b86.
|
|
|
|
Skip . and .. (PHP 5.3 iterators seem to include those now).
|
|
encapsulates saving an item and handling name and slug conflicts. Call this instead of doing a save directly.
|
|
target) helper when the parent member has changed. Using the move method insures that names and slugs that could conflict in the target album are resolved properly. Changed the item::move method so it returns a message to be displayed if the caller chooses. And changed the move controller to display the message returned by the move if the item name was renamed as part of the move.
|
|
admin site as a guest. Also, theme the login/html page.
|
|
we specify the continue_url in the session, but we store it in the
login form so that we can propagate it across the session creation
that happens at login time.
|
|
reauth code.
|
|
login/continue code.
|
|
it requires us to reproduce a bunch of complex routing logic.
Instead, just have the logout link generating code generate a link
that's visible to guests.
|
|
the full url in the continue parameter. In the logout controller, we tried to get the item from the url so we could check the permission of the item to insure that the guest user had access. But url::get_item_from_url expects a relative url.
|
|
ticket #1092. Thanks to shinta for pointing the way.
|
|
already.
|
|
|
|
"invalid_password" to remove ambiguity.
|
|
|
|
|
|
admin pages, just like in non-admin pages.
TODO: Set $view->page_title in the many admin controllers we have. I just set it for admin_maintenance.php to show how it's intended to be used. I copied the title from views/admin_maintenance.html.php to the controller.
|
|
them as untranslated.
|
|
outgoing_translations when the user submits a form with an empty translation.
|
|
(and fix the packager to truncate the cache table before packaging)
|
|
array from the Cache.
Until now, we loaded hundreds of translation messages row by row, and unserializing one by one at bootstrap time. That amounted to a significant percentage of the complete request time. This approach is more than 10x faster.
|
|
separator, such as German.
|
|
"display_all" is too coarse, and we should be letting event handlers
make the appropriate decision on what to display and when. This
duplicates some code, but it's now very clear in the event handlers
what's getting shown.
Throw a 404 if we try to view the user profile for a missing user.
The only feature change in this should be that we now display the
name, full name and website for a user to any other registered user,
which makes sense since these are typically public fields.
Don't show any of the edit buttons unless identity::is_writable()
|
|
Also fixed a UI bug: No longer showing the edit user buttons to admins in the profile view (to be consistent with the requirements in the controller).
|
|
Benefit: Getting the real deadline this way, not interfering with an ongoing maintenance task.
|
|
|
|
registered users (not to admins though). And show a login form to guests for 404 (incl. insufficient view permissions) errors.
|
|
1009.
Side effect: Renaming auth::required_login() to login_page().
|
|
permission into the common auth::require_login() method.
|
|
to a logon page to allow the user to login. Pass the target url as a session
variable to allow the user to be redirected where they want to go if the login
was successful. Fixes ticket #1009.
|
|
|
|
|
|
This reverts commit 48cb5021c6bd7e65a13a0ff50a9e76f72da7d3a1.
|
|
populate the action buttons and other content such as the list of scheduled
tasks."
Leaving this api out of RC1.
This reverts commit 19fee6b5e4ceb8a5f90cafe4ad770856ece108ef.
Conflicts:
modules/gallery/views/admin_maintenance.html.php
|
|
active authentication every 20 minutes to access the admin area.
Also renaming auth::validate_too_many_failed_password_changes to validate_too_many_failed_auth_attempts since it's used in this generalized way in 3 places now.
|
|
|
|
separate from a successful or failed login.
1) Rename user_login_failed event to user_authenticate_failed
2) Rename failed_logins table to failed_auth (bump Gallery module to
v27 to rename the table)
3) auth::too_many_failed_logins -> auth::too_many_failures
4) auth::record_failed_auth_attempts -> auth::record_failed_attempts
auth::clear_failed_auth_attempts -> auth::clear_failed_attempts
|
|
the action buttons and other content such as the list of scheduled tasks.
|
|
|
|
|
|
mostly issues around uninitialized variables, calling non-static
functions in a static context, calling Session functions directly
instead of on its singleton, passing non-variables by reference, and
subclasses not using the same interface as the parent class.
|
|
a year.
|
|
in the version 24 upgrade code.
Update packager to serialize files so that we can serialize the new
.htaccess files
Update init_var.php to include the newly serialized .htaccess files.
Fixes ticket #587.
|
|
minute after there have been 5 consecutive failed login attempts.
Fix for ticket #589.
|
|
|
|
down to the JS as an object.
|
|
Also clean the subject line and email message body of the contact user email.
|
|
Conflicts:
modules/gallery/libraries/MY_ORM.php
|
