summaryrefslogtreecommitdiff
path: root/modules/gallery
AgeCommit message (Collapse)Author
2009-09-01Update XSS scanner golden fileAndy Staudacher
2009-09-01XSS / style fixes for newly detected issues (after fixing XSS scanner)Andy Staudacher
2009-09-01Remove debugging codeAndy Staudacher
2009-09-01Fix bug in XSS scanner for <script> block @ position 0 of inline_htmlAndy Staudacher
2009-08-31Set CSS cursor to hand for jQuery UI ui-state-hover elements. Fixes all but ↵Chad Kieffer
progress bar cursor. #669
2009-08-31Merge branch 'master' of git@github.com:gallery/gallery3Chad Kieffer
2009-08-31Don't include Make this the album's cover in context menu's for albums. #705Chad Kieffer
2009-08-31Update XSS test golden fileAndy Staudacher
2009-08-31Merge branch 'master' of git@github.com:gallery/gallery3Chad Kieffer
2009-08-31Merge commit 'upstream/master'Andy Staudacher
2009-08-31Fix XSS vectors in HTML attributes (mostly t() calls)Andy Staudacher
2009-08-31Add icons to context menu for albums. I'm open to other options, if folks ↵Chad Kieffer
think there's something better in the jQuery UI themeroller set.
2009-08-31Add XSS check for HTML attributesAndy Staudacher
2009-08-31Merge branch 'master' of git@github.com:gallery/gallery3Bharat Mediratta
2009-08-31Stay on the same page when editing albums/movies/photos. Fixes ticketBharat Mediratta
2009-08-31Add XSS check to ensure that html::js_string() is not preceded by a quote.Andy Staudacher
2009-08-31XSS review fixes (mostly adding missing html::mark_clean()) calls.Andy Staudacher
2009-08-31Adding XSS test for href="javascript: and onclick="..."Andy Staudacher
2009-08-31Rename mark_safe() to mark_clean()Andy Staudacher
2009-08-31Merge commit 'upstream/master'Andy Staudacher
2009-08-30Updating golden XSS-test data fileAndy Staudacher
2009-08-30Check for href="<?= $foo ?>" (malicious "javascript:..." string)Andy Staudacher
2009-08-30Updating XSS golden fileAndy Staudacher
2009-08-30Merge commit 'upstream/master'Andy Staudacher
Conflicts: modules/gallery/views/l10n_client.html.php modules/organize/views/organize_tree.html.php modules/server_add/helpers/server_add_event.php
2009-08-30Tabs to spaces cleanupAndy Staudacher
2009-08-30Finish this pass at the Admin Maintenance view. Re-introduce status icons, ↵Chad Kieffer
put Cancel All, Delete All buttons in the action heading cell.
2009-08-30Merge branch 'master' of git@github.com:gallery/gallery3Chad Kieffer
2009-08-30Apply hover effect to buttons in progress indicator dialog.Chad Kieffer
2009-08-30Updating uses of html::js_string and SafeString::for_js (value now contains ↵Andy Staudacher
string delimiters)
2009-08-30Rename clean_js to js_string and have it return a complete JS string (with ↵Andy Staudacher
delimiters) instead of just the string contents. Benefits: Using json_encode(), which is very robust. And as a user, it's clearer how to use this API compared to what it was before.
2009-08-30Use is_descendant() API inside move_to() for clarity.Bharat Mediratta
2009-08-30Improve no_tabs test to print out a complete list of files + line numbers + ↵Andy Staudacher
line snippet.
2009-08-30Add $theme-> methods to Xss whitelist for HTML safety.Andy Staudacher
Updating XSS golden file.
2009-08-30Change all instances of SafeString::of_safe_html() to html::mark_safe() in ↵Andy Staudacher
views.
2009-08-30Fixing typoAndy Staudacher
2009-08-29Minor cleanupAndy Staudacher
2009-08-29Update all code to use helper method html::clean(), html::purify(), ... ↵Andy Staudacher
instead of SafeString directly.
2009-08-29Adding html::clean(), ::purify(), etc.Andy Staudacher
2009-08-29Remove try/catch in resize() since that will swallow any exceptionsBharat Mediratta
that we generate when resizing.
2009-08-29Undo url helper changes - url methods no longer return a SafeString.Andy Staudacher
Adding SafeString::of_safe_html() calls where urls are passed as parameters to t() and t2().
2009-08-29you can close the l10n client directly from its interface now, without going ↵jhilden
back to the languages admin page
2009-08-29XSS fixesAndy Staudacher
2009-08-29Fix for ticket #628:Tim Almdal
1) increased gallery module version to 11 2) added image_sharpened parameter to the gallery module 3) sharpen all resizes.
2009-08-29Fix invalida syntax on trying to parse the progress bar percentageTim Almdal
2009-08-29L10n fixes for the admin_languages page, and JS/XSS cleanup of the organize ↵Andy Staudacher
views.
2009-08-29Fix link in l10n UI (for SafeString changes)Andy Staudacher
2009-08-29Merge commit 'upstream/master'Andy Staudacher
Conflicts: modules/akismet/views/admin_akismet.html.php modules/comment/helpers/comment_rss.php modules/gallery/helpers/gallery_rss.php modules/gallery/libraries/I18n.php modules/gallery/views/permissions_browse.html.php modules/gallery/views/simple_uploader.html.php modules/info/views/info_block.html.php modules/organize/controllers/organize.php modules/organize/views/organize.html.php modules/organize/views/organize_album.html.php themes/default/views/album.html.php themes/default/views/movie.html.php themes/default/views/photo.html.php
2009-08-29Fixing all detected XSS vectors in PHP->JS code.Andy Staudacher
Xss: Rename UNKNOWN back to DIRTY, JS_XSS to DIRTY_JS. (using a different flag value to highlight potential XSS vectors in JS)
2009-08-29Merge branch 'master' of git@github.com:gallery/gallery3Chad Kieffer
2009-08-29Update status message styles. Lighten backgrounds, don't show background on ↵Chad Kieffer
Admin Maintenance rows, and added gModuleStatus class.
generated by cgit v1.2.3 (git 2.51.0) at 2025-11-03 22:33:39 +0000