| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2013-01-21 | Update copyright to 2013. Fixes #1953. | Bharat Mediratta | |
| 2012-02-27 | Update copyright to 2012. #1822 | Bharat Mediratta | |
| 2011-01-21 | Update copyright to 2011. | Bharat Mediratta | |
| 2010-12-16 | Follow on to 16555935ee45a09b8d5b5b351222631ba2ce2132 to clean up the | Bharat Mediratta | |
| style a bit. Tracked in #1539. | |||
| 2010-12-17 | Fetch permissions for non-albumbs by parent rather than by item, allowing ↵ | Kriss Andsten | |
| the result to be cached. | |||
| 2010-12-15 | Consolidate all the random code into a random helper that offers: | Bharat Mediratta | |
| random::hash() random::string() random::percent() random::int() So that we don't have lots of different ways to get random values all over the code. Follow-on to #1527. | |||
| 2010-12-15 | Use mt_rand() instead of rand() since it provides better portability. | Bharat Mediratta | |
| Fixes #1527. | |||
| 2010-11-28 | Replace self::func() with <helper_name>::func() for all public APIs | Bharat Mediratta | |
| and constants to make overloading easier. Fixes #1510. | |||
| 2010-10-02 | Proxy the BasicAuth authentication header in htaccess_works() so that | Bharat Mediratta | |
| if the entire Gallery is behind BasicAuth we share the same credentials as the browser. Fixes #1413. | |||
| 2010-09-13 | When moving a single item, just copy its permissions from its parent | Bharat Mediratta | |
| album. This is totally legal since an items permissions must be the same as its parent's, and it's much faster for large installs where a complete recalculation can be very costly. Should fix #1360. | |||
| 2010-09-05 | Force "Options +FollowSymLinks" since that's a requirement for | Bharat Mediratta | |
| mod_rewrite to work. This is surprisingly obscure in the docs. Thanks to bromide for turning this up in http://gallery.menalto.com/node/97791! | |||
| 2010-07-27 | "public static" ==> "static" to match code conventions. | Bharat Mediratta | |
| 2010-07-25 | Add a new maintenance task that resyncs album .htaccess files with | Bharat Mediratta | |
| database access intents. Use this to fix up .htaccess files after you relocate your Gallery. Fixes ticket #1252. | |||
| 2010-07-25 | Don't use hardcoded id 1 as the everybody group; it won't work with ↵ | Bharat Mediratta | |
| alternative auth schemes. | |||
| 2010-03-03 | Update the copyright to 2010. It's only 3 months into the year :-) | Bharat Mediratta | |
| 2010-02-27 | Fix for ticket #1035: Make .htaccess access rules work for the case when ↵ | Andy Staudacher | |
| index.php isn't part of generated URLs. | |||
| 2010-02-14 | For consistency, use straight Kohana_404_Exception instead of the event system. | Andy Staudacher | |
| 2010-02-12 | Fix for tickets 1009 and 603: Show a themed error page to guests / ↵ | Andy Staudacher | |
| registered users (not to admins though). And show a login form to guests for 404 (incl. insufficient view permissions) errors. | |||
| 2010-02-11 | Security: Fix leaking of album / photo names. Reject previous fix for ticket ↵ | Andy Staudacher | |
| 1009. Side effect: Renaming auth::required_login() to login_page(). | |||
| 2010-01-31 | htaccess_works() can't use var/tmp anymore because that's locked down. | Bharat Mediratta | |
| So just create var/security_test and delete it when we're done. | |||
| 2010-01-20 | Throw Kohana_Exception instead of Exception on access denied, since that may ↵ | Bharat Mediratta | |
| bubble all the way up | |||
| 2010-01-20 | Forbidden is a 403, not a 503. | Bharat Mediratta | |
| 2010-01-18 | Change DENY and ALLOW to "0" and "1" to match the fact that ORM no | Bharat Mediratta | |
| longer typecasts values as of http://dev.kohanaphp.com/issues/2459 | |||
| 2009-12-17 | In Kohana 2.4, ORM no longer does the find_all() call for us when we | Bharat Mediratta | |
| retrieve related ORMs. If we tack a find_all() on the end, it breaks the User_Definition interface so create User_Model::groups() and Groups_Model::users() as glue. | |||
| 2009-12-17 | Update all database queries such that we can run "php index.php | Bharat Mediratta | |
| package" and generate the same SQL as before. | |||
| 2009-12-01 | Merge branch 'master' of git@github.com:gallery/gallery3 into bharat_dev | Bharat Mediratta | |
| 2009-11-30 | Don't allow the extra "/?" sequence (ie: "/index.php/?kohana_uri=...") in ↵ | Bharat Mediratta | |
| the generated .htaccess files. | |||
| 2009-11-29 | Don't use PathInfo based urls to reroute access protection. Fixes | Bharat Mediratta | |
| ticket #922. | |||
| 2009-11-26 | Convert all DB where() calls to take 3 arguments. | Bharat Mediratta | |
| Convert all open_paren() calls to and_open() or or_open() as appropriate. | |||
| 2009-11-25 | ORM::orderby -> ORM::order_by | Bharat Mediratta | |
| 2009-11-25 | Preliminary work to cut over to Kohana 2.4 | Bharat Mediratta | |
| - Kohana::log() -> Kohana_Log::add() - Kohana::config_XXX -> Kohana_Config::instance()->XXX - Implement View::set_global in MY_View - Updated Cache_Database_Driver to latest APIs - ORM::$loaded -> ORM::loaded() - Updated item::viewable() to use K2.4 parenthesization | |||
| 2009-10-26 | Upgrade the gallery module to version 16 to reflect the refactoring of the ↵ | Tim Almdal | |
| user module into an identity provider. Change how we determine if there are available groups that we need to export | |||
| 2009-10-22 | Change the name of identity library from Identity to IdentityProvider. ↵ | Tim Almdal | |
| Create a helper class called identity to simplify call the Identity Provider. Move the contents of MY_Session.php to the new helper class and remove the MY_Session class | |||
| 2009-10-20 | Add a groups api method on the Identity provider and change ↵ | Tim Almdal | |
| access_Core::_get_all_groups() to use this to get the defined groups. | |||
| 2009-10-19 | Simplify the user interface by moving the password reset functionality into ↵ | Tim Almdal | |
| the user module Bagging the User_Definition and Group_Definition abstract classes and replacing them with interfaces with the same names. Make sure all the unit tests work. | |||
| 2009-10-16 | Remove all non Identity API methods from Identity.php. Created an ↵ | Tim Almdal | |
| MY_Session class to provide the user state changes in the session and a login.php helper that has the login form. | |||
| 2009-10-16 | Start simplifying the interface by moving the static methods from user.php ↵ | Tim Almdal | |
| and group.php. Tried creating a identity helper, but the helper identity.php was confused with the library Identity.php. So got around this by making the methods on Identity static and calling the instance within the static methods. Also temporarily moved the user.php and group.php back into the user module. | |||
| 2009-07-27 | Revert "Fix for ticket #452" | Tim Almdal | |
| This reverts commit 809e52d80cbf3beb75b238fddb0da3951fb9a8e7. | |||
| 2009-07-27 | Back out the fix for ticket #452 | Tim Almdal | |
| Revert "Changed access::user_can to force the owner of an item to have" This reverts commit 0b97cfd6f098be08be5f3cf1dbca1cce580ae330. | |||
| 2009-07-27 | Back out fixes for ticket #452 | Tim Almdal | |
| Revert "It helps to save before committing :-)" This reverts commit 0d76d6fd77f53e9e92a9a013cd112c69217f3ceb. | |||
| 2009-07-26 | Merge branch 'master' of git://github.com/rledisez/gallery3 into rledisez/master | Andy Staudacher | |
| 2009-07-26 | It helps to save before committing :-) | Tim Almdal | |
| 2009-07-26 | Changed access::user_can to force the owner of an item to have | Tim Almdal | |
| view permission on the parent. Added a whitelist of allowable owner permissions. If the requested permission is view and the user requesting access is the owner, check that they have view permission to the parent. | |||
| 2009-07-25 | Fix for ticket #452 | Tim Almdal | |
| 1) Change access_Core::user_can to return true for all permissions if the owner is the specified user. 2) Change Item_Model::viewable to set the owner_id is the first view_restriction This allowed simplification of the generating the where clause to a single $this->orwhere instead of a where and an orwhere. | |||
| 2009-07-25 | Rename columns that use reserved SQL words : items.left and items.right | Romain LE DISEZ | |
| 2009-07-23 | Fix a typo in a comment | Bharat Mediratta | |
| 2009-07-23 | Consistency : always use self::XXX | Romain LE DISEZ | |
| (cherry picked from commit c9017ae2f21ff8f5d745f296a636b80a30add6a1) | |||
| 2009-07-23 | Use BOOLEAN instead of integer to describe the permissions : | Romain LE DISEZ | |
| - DENY = false - ALLOW = true - UNKNOW = null (for intent only) - INHERIT = null (for cache) Upgrade is not included for now. (cherry picked from commit 719c59e0402464a0e2b14915f6d10218ff5d4729) | |||
| 2009-07-22 | remove an extra ->reload() that was there for testing | Tim Almdal | |
| 2009-07-22 | Add explicit unit tests for access::user_can | Tim Almdal | |
 |
index : gallery3.git | |
| A clone of the Gallery3 code for testing and development. | root |
| summaryrefslogtreecommitdiff |