| Age | Commit message (Collapse) | Author |
|---|
|
reauth code.
|
|
it requires us to reproduce a bunch of complex routing logic.
Instead, just have the logout link generating code generate a link
that's visible to guests.
|
|
ticket #1157. Thanks to psvo.
|
|
- Pass the CSS selector of the active image in as an arg to site_menu
so that quick operations know what they're operating on.
- Change the ids from g-{photo,movie}-id to the generic g-item-id
- Initialize ajax handlers for site menu on the photo and movie page
- Drop the movie context menu, it's now in the site menu
|
|
|
|
the site_menu.
|
|
deleted. Fixes ticket #1083.
|
|
|
|
|
|
|
|
|
|
This reverts commit 5ddd7c9677b644396981de7df8176a3b168ffe21.
|
|
Adds a core.internal_cache_read_only config variable to Kohana's internals.
Kohana's internal_cache for find_file wasn't working in Gallery because the cache would be emptied on each request after reading it from disk and before most lookups would run.
1. Bootstrap sets initial core.modules (= include path): forge, kohana23_compat, gallery.
2. Kohana::setup() loads find_file cache from disk.
3. Gallery loads list of active modules and themes, and updates the core.modules value (=include path), which forces the internal find_file cache to be empties (which makes sense).
4. Request processing starts, and thus 80% of all Kohana::find_file() triggered is_file() invocations start off with an empty find_file cache.
In the case of my small Gallery installation, we're talking about 3100 is_file() invocations per request with or without internal_cache enabled. With this fix, this number is down to 800 invocations.
The basic idea is that we treat the cache as read only and don't write any (possibly dirty) values to it in memory until we're sure that the include path won't change later on in the request processing. Once we know the list of active modules and themes, we can update core.modules and finally flip the read-only state of the cache and start writing to it.
|
|
"display_all" is too coarse, and we should be letting event handlers
make the appropriate decision on what to display and when. This
duplicates some code, but it's now very clear in the event handlers
what's getting shown.
Throw a 404 if we try to view the user profile for a missing user.
The only feature change in this should be that we now display the
name, full name and website for a user to any other registered user,
which makes sense since these are typically public fields.
Don't show any of the edit buttons unless identity::is_writable()
|
|
This reverts commit 409121942590e12692eaf4e6e9e8b71bfe5ed60c.
|
|
Also fixed a UI bug: No longer showing the edit user buttons to admins in the profile view (to be consistent with the requirements in the controller).
|
|
attributes, use & not &)
|
|
active authentication every 20 minutes to access the admin area.
Also renaming auth::validate_too_many_failed_password_changes to validate_too_many_failed_auth_attempts since it's used in this generalized way in 3 places now.
|
|
|
|
separate from a successful or failed login.
1) Rename user_login_failed event to user_authenticate_failed
2) Rename failed_logins table to failed_auth (bump Gallery module to
v27 to rename the table)
3) auth::too_many_failed_logins -> auth::too_many_failures
4) auth::record_failed_auth_attempts -> auth::record_failed_attempts
auth::clear_failed_auth_attempts -> auth::clear_failed_attempts
|
|
|
|
minute after there have been 5 consecutive failed login attempts.
Fix for ticket #589.
|
|
quick menu knows where to send you after the action is done.
|
|
|
|
Also clean the subject line and email message body of the contact user email.
|
|
Conflicts:
modules/gallery/tests/Access_Helper_Test.php
|
|
of locale tags to be consistent with the user edit form.
|
|
Conflicts:
modules/gallery/libraries/MY_ORM.php
|
|
The show_user_profile is used to provide content to the user profile page. Add the list of the users comments to the profile page.
|
|
user in messages or pages.
Partial fix for ticket #889 and a fix for #931.
|
|
Conflicts:
modules/gallery/tests/xss_data.txt
|
|
user menu. Since the information displayed is identical in both admin and
theme views, it makes sense to combine the generation to it is done in a common
location.
|
|
|
|
providers are installed in the admin module screen.
|
|
install and switch to a different identity provider.
|
|
|
|
way and rejects submissions that change under the normalization step)
|
|
|
|
approach.
- Rearrange Simple_Uploader_Controller::add_photo() to validate
the form early in the process, and switch to using model based
validation.
- Move thumbnail generation into gallery_event::item_created() so
that it's decoupled from the model.
- Delete photo::create() and move all of its logic into
Item_Model::save().
- Add Item_Model::$data_file to track the data file associated
with new movies and photos.
- Do some cleanup on the validation callbacks -- it turns out the
2nd argument is the field name not the value.
|
|
approach depended on having an $item, which is not the case on all
pages (eg: tag pages). Also, check the CSRF in the logout controller,
else you can use the logout link as a blind forwarder.
|
|
guess how to send the user back. Instead, proxy the originating item
id through the edit forms so that we can tell exactly what page we
were on when we began editing. If we were viewing the item, then
redirect to its new url (in case it changed) to fix ticket #745. But
if we were viewing some other item, then just stay on the current page
to fix #940.
The page_type approach didn't work because you'd have the same
"collection" page_type when doing a context menu edit for an album.
|
|
was returning an empty string. This fixes ticket #955.
|
|
|
|
|
|
Convert all open_paren() calls to and_open() or or_open() as appropriate.
|
|
|
|
will provide the same values. This change corrects that assumption and moves the management of the theme options, including creating the form and updating the theme options into the theme."
This reverts commit 1692ee130887a6ad1ba68aa34a96ad36161600f9.
|
|
provide the same values. This change corrects that assumption and moves the management of the theme options, including creating the form and updating the theme options into the theme.
|
|
types, and a subtype for specifics. Currently the top level bucket
collection, item, other
Here are the core subtypes so far:
collection: album, search, tag
item: movie, photo
other: login, reset, comment-fragment, comment
It's legal to create new page_subtypes whenever you want. Use the
appropriate page_type to get the coarse grain behavior that you want.
|
|
|
