| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2010-06-11 | Fix for ticket #1039. The problem was, as Bryan76 pointed out, with passing ↵ | Tim Almdal | |
| the full url in the continue parameter. In the logout controller, we tried to get the item from the url so we could check the permission of the item to insure that the guest user had access. But url::get_item_from_url expects a relative url. | |||
| 2010-06-11 | Actually execute the database query that updates the album view count. Fixes ↵ | Tim Almdal | |
| ticket #1092. Thanks to shinta for pointing the way. | |||
| 2010-05-14 | Remove "rnd=" param from quick changes since we have the m= cache-buster ↵ | Bharat Mediratta | |
| already. | |||
| 2010-04-30 | Add page_title to admin views. Closes #1038. | ckieffer | |
| 2010-04-17 | Change the key for invalid passwords from "invalid" to | Bharat Mediratta | |
| "invalid_password" to remove ambiguity. | |||
| 2010-04-17 | Trigger the album_add_form_completed event after creating a new album. | Bharat Mediratta | |
| 2010-03-03 | Update the copyright to 2010. It's only 3 months into the year :-) | Bharat Mediratta | |
| 2010-02-28 | First step towards fixing ticket #1038: Allowing for custom page <title> in ↵ | Andy Staudacher | |
| admin pages, just like in non-admin pages. TODO: Set $view->page_title in the many admin controllers we have. I just set it for admin_maintenance.php to show how it's intended to be used. I copied the title from views/admin_maintenance.html.php to the controller. | |||
| 2010-02-27 | Additional fixes for plural handling when deleting translations / marking ↵ | Andy Staudacher | |
| them as untranslated. | |||
| 2010-02-27 | Incremental fix for ticket #1042: Delete translation from ↵ | Andy Staudacher | |
| outgoing_translations when the user submits a form with an empty translation. | |||
| 2010-02-22 | Fix for ticket #1027: Add index on cache key column. | Andy Staudacher | |
| (and fix the packager to truncate the cache table before packaging) | |||
| 2010-02-21 | Performance improvement: Load all translations of a locale as one serialized ↵ | Andy Staudacher | |
| array from the Cache. Until now, we loaded hundreds of translation messages row by row, and unserializing one by one at bootstrap time. That amounted to a significant percentage of the complete request time. This approach is more than 10x faster. | |||
| 2010-02-21 | Fix progress bar / maintenance tasks for locales that use comma as decimal ↵ | Andy Staudacher | |
| separator, such as German. | |||
| 2010-02-19 | Refactor away the "display_all" construct in User_Profile_Controller. | Bharat Mediratta | |
| "display_all" is too coarse, and we should be letting event handlers make the appropriate decision on what to display and when. This duplicates some code, but it's now very clear in the event handlers what's getting shown. Throw a 404 if we try to view the user profile for a missing user. The only feature change in this should be that we now display the name, full name and website for a user to any other registered user, which makes sense since these are typically public fields. Don't show any of the edit buttons unless identity::is_writable() | |||
| 2010-02-14 | Fix for ticket #491: Make user and group names translatable. | Andy Staudacher | |
| Also fixed a UI bug: No longer showing the edit user buttons to admins in the profile view (to be consistent with the requirements in the controller). | |||
| 2010-02-14 | Change JavaScript reauthentication check to check via XHR. | Andy Staudacher | |
| Benefit: Getting the real deadline this way, not interfering with an ongoing maintenance task. | |||
| 2010-02-14 | For consistency, use straight Kohana_404_Exception instead of the event system. | Andy Staudacher | |
| 2010-02-12 | Fix for tickets 1009 and 603: Show a themed error page to guests / ↵ | Andy Staudacher | |
| registered users (not to admins though). And show a login form to guests for 404 (incl. insufficient view permissions) errors. | |||
| 2010-02-11 | Security: Fix leaking of album / photo names. Reject previous fix for ticket ↵ | Andy Staudacher | |
| 1009. Side effect: Renaming auth::required_login() to login_page(). | |||
| 2010-02-10 | Refactor the code to display the login page if the user does not have view | Tim Almdal | |
| permission into the common auth::require_login() method. | |||
| 2010-02-10 | If the user does not have permission to view the album, photo or movie, redirect | Tim Almdal | |
| to a logon page to allow the user to login. Pass the target url as a session variable to allow the user to be redirected where they want to go if the login was successful. Fixes ticket #1009. | |||
| 2010-02-10 | Use the helper ulr:current instead of manually creating the continue url. | Tim Almdal | |
| 2010-02-08 | Fix for ticket 1008: Redirect to destination after re-auth. | Andy Staudacher | |
| 2010-02-07 | Revert "Add the scheduler component to the admin maintenance screen." | Tim Almdal | |
| This reverts commit 48cb5021c6bd7e65a13a0ff50a9e76f72da7d3a1. | |||
| 2010-02-07 | Revert "Refactor the admin maintenance screen so that events are used to | Tim Almdal | |
| populate the action buttons and other content such as the list of scheduled tasks." Leaving this api out of RC1. This reverts commit 19fee6b5e4ceb8a5f90cafe4ad770856ece108ef. Conflicts: modules/gallery/views/admin_maintenance.html.php | |||
| 2010-02-07 | Last partial fix for ticket 585: Compartmentalize the admin area and require ↵ | Andy Staudacher | |
| active authentication every 20 minutes to access the admin area. Also renaming auth::validate_too_many_failed_password_changes to validate_too_many_failed_auth_attempts since it's used in this generalized way in 3 places now. | |||
| 2010-02-07 | Rename user_authenticate_xxx events to user_auth_xxx for brevity. | Bharat Mediratta | |
| 2010-02-07 | Create the concept of a "failed authentication" as semantically | Bharat Mediratta | |
| separate from a successful or failed login. 1) Rename user_login_failed event to user_authenticate_failed 2) Rename failed_logins table to failed_auth (bump Gallery module to v27 to rename the table) 3) auth::too_many_failed_logins -> auth::too_many_failures 4) auth::record_failed_auth_attempts -> auth::record_failed_attempts auth::clear_failed_auth_attempts -> auth::clear_failed_attempts | |||
| 2010-02-02 | Refactor the admin maintenance screen so that events are used to pupluate ↵ | Tim Almdal | |
| the action buttons and other content such as the list of scheduled tasks. | |||
| 2010-02-01 | Refactor starting a task into the task helper so we can call it multiple times. | Tim Almdal | |
| 2010-02-01 | Add the scheduler component to the admin maintenance screen. | Tim Almdal | |
| 2010-01-31 | Fix lots of warnings that pop up when we're in E_STRICT mode. They're | Bharat Mediratta | |
| mostly issues around uninitialized variables, calling non-static functions in a static context, calling Session functions directly instead of on its singleton, passing non-variables by reference, and subclasses not using the same interface as the parent class. | |||
| 2010-01-31 | Remove obsolete call to _force_block_adder() which has been broken for over ↵ | Bharat Mediratta | |
| a year. | |||
| 2010-01-30 | Update install.sql -- gallery version jumps from 23 to 25 due to a mistake | Bharat Mediratta | |
| in the version 24 upgrade code. Update packager to serialize files so that we can serialize the new .htaccess files Update init_var.php to include the newly serialized .htaccess files. Fixes ticket #587. | |||
| 2010-01-30 | Prevent brute force login attacks by reducing login attempts to 1 per | Bharat Mediratta | |
| minute after there have been 5 consecutive failed login attempts. Fix for ticket #589. | |||
| 2010-01-28 | Add @todo. | Bharat Mediratta | |
| 2010-01-28 | Cast the SafeString $task->status to (string) so that it doesn't come | Bharat Mediratta | |
| down to the JS as an object. | |||
| 2010-01-28 | Do all the html::clean|purify calls in the views and not the controller. ↵ | Tim Almdal | |
| Also clean the subject line and email message body of the contact user email. | |||
| 2010-01-25 | Merge branch 'master' of git@github.com:gallery/gallery3 into bharat_dev | Bharat Mediratta | |
| Conflicts: modules/gallery/libraries/MY_ORM.php | |||
| 2010-01-25 | Remove the return url and change the return button on the user profile page ↵ | Tim Almdal | |
| to use javascript to return to the previous page. | |||
| 2010-01-24 | Add the active notifications and rest api key to user profile page. | Tim Almdal | |
| 2010-01-24 | add CSRF protection to the user profile send method. | Tim Almdal | |
| 2010-01-24 | Refactor creating the user profile page content into the the event module. ↵ | Tim Almdal | |
| The show_user_profile is used to provide content to the user profile page. Add the list of the users comments to the profile page. | |||
| 2010-01-23 | Create a user profile page that is used as a landing page when referencing a ↵ | Tim Almdal | |
| user in messages or pages. Partial fix for ticket #889 and a fix for #931. | |||
| 2010-01-23 | Merge branch 'master' of git@github.com:gallery/gallery3 into bharat_dev | Bharat Mediratta | |
| Conflicts: modules/gallery/tests/xss_data.txt | |||
| 2010-01-22 | If the userid/password combination, render the full page instead of just ↵ | Tim Almdal | |
| printing the form. Fixes ticket #980. | |||
| 2010-01-22 | Trap any errors that may occur when trying to install a new identity ↵ | Tim Almdal | |
| provider and then reinstall the current one. | |||
| 2010-01-22 | Change the check_environment method in the module helper and the module ↵ | Tim Almdal | |
| installers to can_activate to reflect that it is doing more than just checking the environment. | |||
| 2010-01-22 | Remove the identity manager screens and controller as alterntive identity ↵ | Tim Almdal | |
| providers are installed in the admin module screen. | |||
| 2010-01-21 | Merge branch 'master' of git@github.com:gallery/gallery3 into bharat_dev | Bharat Mediratta | |
 |
index : gallery3.git | |
| A clone of the Gallery3 code for testing and development. | root |
| summaryrefslogtreecommitdiff |