gallery3.git - A clone of the Gallery3 code for testing and development.

Age	Commit message (Collapse)	Author
2009-06-09	Fix a bug in set_version() where we were always forcing the value to 1. Oops!	Bharat Mediratta

2009-06-09	Merge branch 'master' of git@github.com:gallery/gallery3	Bharat Mediratta

2009-06-09	Cache the available module list in module::$available.	Bharat Mediratta

2009-06-09	Use a reference in available() to avoid crappy looking dereferencing.	Bharat Mediratta

2009-06-09	Merge branch 'master' of git@github.com:gallery/gallery3	Andy Staudacher

2009-06-09	Fix for fetching l10n plural messages. Need to cast from stdclass to ↵	Andy Staudacher
	array(), as I18n expects all messages to be either string or array.
2009-06-09	Merge branch 'master' of git@github.com:gallery/gallery3	Bharat Mediratta

2009-06-09	Check in /usr/local/bin for ffmpeg, and create the setting even if its	Bharat Mediratta
	empty (to make it easier for folks to change it in Admin > Settings > Advanced)
2009-06-09	Removed extra whitespace	Tim Almdal
	Signed-off-by: Tim Almdal <tnalmdal@shaw.ca>
2009-06-09	Create a new method in MY_url.php "get_item_from_uri" which loads the item	Tim Almdal
	based on the uri. Then use this helper method in logout.php to insure that the guest user has access to the "continue" uri. If they don't redirect to the root album and let it deal with access issues. Signed-off-by: Tim Almdal <tnalmdal@shaw.ca>
2009-06-08	Merge branch 'master' of git@github.com:gallery/gallery3	Bharat Mediratta

2009-06-07	Improve error handling support for corrupt images and report them	Bharat Mediratta
	appropriately in g2_import.
2009-06-06	Merge branch 'master' of git@github.com:gallery/gallery3	Andy Staudacher

2009-06-06	Preliminary BiDi support (needs a lot of tweaking)	Andy Staudacher

2009-06-06	Merge branch 'master' of git@github.com:gallery/gallery3	Chad Kieffer

2009-06-06	Remove album view icon link, added album link to info module. This and ↵	Chad Kieffer
	breadcrumb should suffice.
2009-06-05	change the version to beta 1	Bharat Mediratta

2009-06-06	Add the exception message to the trace string when there's a graphics	Bharat Mediratta
	failure. Signed-off-by: Bharat Mediratta <bharat@menalto.com>
2009-06-06	Correct locale and local translation	unostar
	Signed-off-by: Bharat Mediratta <bharat@menalto.com>
2009-06-06	Add Belarusian to the language list.	Bharat Mediratta
	Signed-off-by: Bharat Mediratta <bharat@menalto.com>
2009-06-06	Localize the 'Advanced' menu item	Bharat Mediratta
	Signed-off-by: Bharat Mediratta <bharat@menalto.com>
2009-06-04	Skip over busted images when rebuilding. Change graphics::generate()	Bharat Mediratta
	to return true/false on whether or not it could rebuild the image properly, then track the broke images in the task and ignore them. Fixes ticket #344.
2009-06-04	Work around a problem with the CGI sapi on urls that don't contain	Bharat Mediratta
	index.php (ie, /gallery3 instead of /gallery3/index.php) that causes is to mis-route.
2009-06-04	Make sure the item is loaded in parse_url() before we use it.	Bharat Mediratta

2009-06-04	Add MY_num containing num::convert_to_bytes() which supports PHP's	Bharat Mediratta
	size shorthand, and convert the simple_uploader code to use it.
2009-06-04	Let the Akismet module create the statistics menu, since it's the only	Bharat Mediratta
	one that uses it. Perhaps this is not the best solution, but it's the pragmatic one.
2009-06-03	Sanitize all data we return via json_encode() to guard against XSS and	Bharat Mediratta
	other data leaks.
2009-06-02	made "Add photos" its own site menu item	jhilden
	* open for suggestions on the submenu item labels * @bharat: not sure about the add photos menu item id in the dropdown case
2009-06-02	make cleanm static	Tim Almdal

2009-06-02	Extend L10n client to provide UI for plural translation.	Andy Staudacher
	Ticket 148.
2009-06-01	Security pass over all controller code. Mostly adding CSRF checking	Bharat Mediratta
	and verifying user permissions, but there are several above-the-bar changes: 1) Server add is now only available to admins. This is a hard requirement because we have to limit server access (eg: server_add::children) to a user subset and the current permission model doesn't include that. Easiest fix is to restrict to admins. Got rid of the server_add permission. 2) We now know check permissions at every level, which means in controllers AND in helpers. This "belt and suspenders" approach will give us defense in depth in case we overlook it in one area. 3) We now do CSRF checking in every controller method that changes the code, in addition to the Forge auto-check. Again, defense in depth and it makes scanning the code for security much simpler. 4) Moved Simple_Uploader_Controller::convert_filename_to_title to item:convert_filename_to_title 5) Fixed a bug in sending notification emails. 6) Fixed the Organize code to verify that you only have access to your own tasks. In general, added permission checks to organize which had pretty much no validation code. I did my best to verify every feature that I touched.
2009-06-01	Fix a place where I shouldn't have renamed "core" to "gallery", breaking ↵	Bharat Mediratta
	maintenance mode.
2009-05-31	Relax the regex we use to extract the movie size so that it works with	Bharat Mediratta
	the new version of ffmpeg that I have on my dev box (ffmpeg 0.5-svn17737+3:0.svn20090303-1)
2009-05-31	Switch to using html::specialchars() for cleaning.	Bharat Mediratta

2009-05-31	First pass at an XSS security test, along with the "p" helper which	Bharat Mediratta
	can clean HTML output.
2009-05-30	gate $can_edit and $can_add on whether or not we have an $item at all	Bharat Mediratta
	(fixes a bug where search doesn't render because it has no item).
2009-05-29	remove scaffolding code	tim almdal

2009-05-29	Use the relative_path_cache to look up items which should be a faster	Bharat Mediratta
	query than using the level + the components.
2009-05-29	Don't show "edit permissions" for non-albums.	Bharat Mediratta

2009-05-29	Move credits message into a variable, which can be changed in Admin >	Bharat Mediratta
	Settings > Advanced. It's stored in the variable as an internationalized string and localized at output time.
2009-05-29	Don't show the add photo/album options to users who don't have the	Bharat Mediratta
	permission. This isn't a security hole, since they can't actually add stuff.. but they can try and fail which is a bad user experience. Also fix it up so that we show the option menu only if there's stuff to show, and cache some of the permissions for performance (which I'm guessing at-- didn't benchmark it).
2009-05-29	Remove a completed @todo	Bharat Mediratta

2009-05-28	Restore calls to module::load_modules() after ↵	Bharat Mediratta
	install/activate/deactivate/uninstall events.
2009-05-28	Load the gallery module in load_modules(), but put it at the end of	Bharat Mediratta
	the module list (to match its location in the cascading filesystem)
2009-05-28	Force modules/gallery to be at the end of the module load path, so	Bharat Mediratta
	that all other modules can override the core code.
2009-05-28	Fix broken html::script() and url::file() references to the newly	Bharat Mediratta
	moved gallery module.
2009-05-27	Fix up another place where we were incorrectly referencing the gallery module.	Bharat Mediratta

2009-05-27	Fix a typo in the class name	Bharat Mediratta

2009-05-27	Convert a few more references of APPPATH to MODPATH/gallery	Bharat Mediratta

2009-05-27	Show the scaffolding link if the controller is around.	Bharat Mediratta