| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2010-02-19 | Refactor away the "display_all" construct in User_Profile_Controller. | Bharat Mediratta | |
| "display_all" is too coarse, and we should be letting event handlers make the appropriate decision on what to display and when. This duplicates some code, but it's now very clear in the event handlers what's getting shown. Throw a 404 if we try to view the user profile for a missing user. The only feature change in this should be that we now display the name, full name and website for a user to any other registered user, which makes sense since these are typically public fields. Don't show any of the edit buttons unless identity::is_writable() | |||
| 2010-02-18 | Restore the gallery_installer change from reverted ↵ | Bharat Mediratta | |
| dcddc68f58dac2f0fe71f5a00ea4af32618efa13 that casts $powered_by_string from SafeString to string. | |||
| 2010-02-18 | Revert "Fix for ticket #491: Make user and group names translatable." | Bharat Mediratta | |
| This reverts commit 409121942590e12692eaf4e6e9e8b71bfe5ed60c. | |||
| 2010-02-18 | Revert "Never assign a SafeString instance to a Model member (or hell will ↵ | Bharat Mediratta | |
| break loose)." This reverts commit dcddc68f58dac2f0fe71f5a00ea4af32618efa13. | |||
| 2010-02-15 | Never assign a SafeString instance to a Model member (or hell will break loose). | Andy Staudacher | |
| 2010-02-14 | Fix for ticket #491: Make user and group names translatable. | Andy Staudacher | |
| Also fixed a UI bug: No longer showing the edit user buttons to admins in the profile view (to be consistent with the requirements in the controller). | |||
| 2010-02-14 | Fix for ticket 901: Wrap Gallery version string into bdo tag to override the ↵ | Andy Staudacher | |
| BiDi algorithm. Also, properly marking the "Powere by" string for translation. See: http://www.w3.org/International/tutorials/bidi-xhtml/#Slide0420 | |||
| 2010-02-14 | Create an items REST collection requests that accepts a list of resource ↵ | Tim Almdal | |
| urls and returns the items associated with them. | |||
| 2010-02-14 | Change JavaScript reauthentication check to check via XHR. | Andy Staudacher | |
| Benefit: Getting the real deadline this way, not interfering with an ongoing maintenance task. | |||
| 2010-02-14 | Some HTML validation fixes (don't render empty <ul> lists, empty id ↵ | Andy Staudacher | |
| attributes, use & not &) | |||
| 2010-02-14 | For consistency, use straight Kohana_404_Exception instead of the event system. | Andy Staudacher | |
| 2010-02-12 | Fix for tickets 1009 and 603: Show a themed error page to guests / ↵ | Andy Staudacher | |
| registered users (not to admins though). And show a login form to guests for 404 (incl. insufficient view permissions) errors. | |||
| 2010-02-12 | Revert "1) Add a depth parameter to retrieving an item thru the rest api" | Bharat Mediratta | |
| This reverts commit 3439671bcfb99c1884285e4b4e53295f044e688f. | |||
| 2010-02-12 | 1) Add a depth parameter to retrieving an item thru the rest api | Tim Almdal | |
| 2) Standardize the structure of members so that client programs can consistently parse the return information. 3) Added a summary parameter so that client programs can easily determine if the information returned is summary (item type, item title) or the full meal deal | |||
| 2010-02-11 | Security: Fix leaking of album / photo names. Reject previous fix for ticket ↵ | Andy Staudacher | |
| 1009. Side effect: Renaming auth::required_login() to login_page(). | |||
| 2010-02-10 | Refactor the code to display the login page if the user does not have view | Tim Almdal | |
| permission into the common auth::require_login() method. | |||
| 2010-02-09 | Rename item name and slug if necessary to avoid a conflict when we | Bharat Mediratta | |
| move photos. Fixes ticket #957. | |||
| 2010-02-09 | Whitespace. | Bharat Mediratta | |
| 2010-02-08 | Change admin area timeout from 20 to 90 minutes | Andy Staudacher | |
| 2010-02-08 | Suppress errors when checking for readability of /proc/loadavg. Often this ↵ | Andy Staudacher | |
| file will be protected by openbasedir, and is_readable will trigger an open basedir warning. | |||
| 2010-02-08 | Fix Arabic language name. Thanks shaibn for reporting the issue. Verified ↵ | Andy Staudacher | |
| with CLDR data. | |||
| 2010-02-07 | Addendum for ticket 585: Handle case C), redirect the admin to a non-admin ↵ | Andy Staudacher | |
| page when the admin area session expires, before the admin has a chance to send an XHR admin request, for which we wouldn't have a good answer. | |||
| 2010-02-07 | Last partial fix for ticket 585: Compartmentalize the admin area and require ↵ | Andy Staudacher | |
| active authentication every 20 minutes to access the admin area. Also renaming auth::validate_too_many_failed_password_changes to validate_too_many_failed_auth_attempts since it's used in this generalized way in 3 places now. | |||
| 2010-02-07 | Fix installer code for version 27, and introduce new module variable in ↵ | Andy Staudacher | |
| version 28 as a preparation for admin area compartmentalization. | |||
| 2010-02-07 | Merge branch 'master' of git@github.com:gallery/gallery3 | Tim Almdal | |
| 2010-02-07 | Refactor the is_rtl() helper into the Gallery_I18n class. This allows checking | Tim Almdal | |
| for a config value "force_rtl" which will layout the gallery pages in rtl mode without having to change to an language that is no longer understandable to the developer. Adding the line "$config['force_rtl'] = true;" to the config/locales.php file will make it happen. | |||
| 2010-02-07 | Rename user_authenticate_xxx events to user_auth_xxx for brevity. | Bharat Mediratta | |
| 2010-02-07 | Create the concept of a "failed authentication" as semantically | Bharat Mediratta | |
| separate from a successful or failed login. 1) Rename user_login_failed event to user_authenticate_failed 2) Rename failed_logins table to failed_auth (bump Gallery module to v27 to rename the table) 3) auth::too_many_failed_logins -> auth::too_many_failures 4) auth::record_failed_auth_attempts -> auth::record_failed_attempts auth::clear_failed_auth_attempts -> auth::clear_failed_attempts | |||
| 2010-02-06 | Fix ticket 930: Use the first frame as video thumbnail if the video is ↵ | Andy Staudacher | |
| shorter than 3 seconds. And fall back to the default thumbnail if that operation fails. Thanks to lsowen for providing a patch! | |||
| 2010-02-06 | Fix for ticket 892: Avoid double escaping of HTML entities, instead use ↵ | Andy Staudacher | |
| Unicode in the source code for the locale names (as we do in other places already). Note: Also fixing the localized name of Ukrainian. For some reason it was garbled before. | |||
| 2010-02-03 | Correct missing function name. | Tim Almdal | |
| 2010-02-02 | Protect password changes against brute force attacks. | Bharat Mediratta | |
| 2010-02-02 | Add an upgrade path to prevent the item title field from being empty. | Bharat Mediratta | |
| 2010-02-02 | Merge branch 'master' of git@github.com:gallery/gallery3 | Bharat Mediratta | |
| 2010-02-01 | Merge branch 'master' of git@github.com:gallery/gallery3 | Bharat Mediratta | |
| 2010-02-01 | Localize the name "conflict" validation error when creating a new album. | Bharat Mediratta | |
| 2010-02-01 | Refactor starting a task into the task helper so we can call it multiple times. | Tim Almdal | |
| 2010-02-01 | Update the description to reflect we are only removing "expired" files. | Tim Almdal | |
| 2010-02-01 | Correct the internationalization of the status message. | Tim Almdal | |
| 2010-01-31 | Fix lots of warnings that pop up when we're in E_STRICT mode. They're | Bharat Mediratta | |
| mostly issues around uninitialized variables, calling non-static functions in a static context, calling Session functions directly instead of on its singleton, passing non-variables by reference, and subclasses not using the same interface as the parent class. | |||
| 2010-01-31 | htaccess_works() can't use var/tmp anymore because that's locked down. | Bharat Mediratta | |
| So just create var/security_test and delete it when we're done. | |||
| 2010-01-30 | Use Item_Model::as_restful_array() to simplify tests. | Bharat Mediratta | |
| 2010-01-30 | Refactory auth::too_many_failed_logins() out of | Bharat Mediratta | |
| auth::validate_too_many_failed_logins() to conceptually separate the two. | |||
| 2010-01-30 | Protect REST login controller from brute force attacks too. | Andy Staudacher | |
| And make the REST auth token less predictable by using a better source for randomness. | |||
| 2010-01-30 | Lock down web access to var/uploads, var/tmp and var/logs using .htaccess | Bharat Mediratta | |
| Fixes ticket #587. | |||
| 2010-01-30 | Prevent brute force login attacks by reducing login attempts to 1 per | Bharat Mediratta | |
| minute after there have been 5 consecutive failed login attempts. Fix for ticket #589. | |||
| 2010-01-30 | Make url::merge() function use the same exact definition as url_Core::merge() | Bharat Mediratta | |
| 2010-01-30 | Remap parent_id and album_cover_item_id to and from RESTful urls. | Bharat Mediratta | |
| 2010-01-29 | Don't forget to flush the relative_url_cache when updating the slug. | Bharat Mediratta | |
| 2010-01-29 | Go through all slugs and make them legal values. | Bharat Mediratta | |
| Upgrade gallery3 module to version 23 | |||
 |
index : gallery3.git | |
| A clone of the Gallery3 code for testing and development. | root |
| summaryrefslogtreecommitdiff |