| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2009-08-31 | Rename mark_safe() to mark_clean() | Andy Staudacher | |
| 2009-08-31 | Merge commit 'upstream/master' | Andy Staudacher | |
| 2009-08-30 | Updating golden XSS-test data file | Andy Staudacher | |
| 2009-08-30 | Check for href="<?= $foo ?>" (malicious "javascript:..." string) | Andy Staudacher | |
| 2009-08-30 | Updating XSS golden file | Andy Staudacher | |
| 2009-08-30 | Merge commit 'upstream/master' | Andy Staudacher | |
| Conflicts: modules/gallery/views/l10n_client.html.php modules/organize/views/organize_tree.html.php modules/server_add/helpers/server_add_event.php | |||
| 2009-08-30 | Tabs to spaces cleanup | Andy Staudacher | |
| 2009-08-30 | Finish this pass at the Admin Maintenance view. Re-introduce status icons, ↵ | Chad Kieffer | |
| put Cancel All, Delete All buttons in the action heading cell. | |||
| 2009-08-30 | Merge branch 'master' of git@github.com:gallery/gallery3 | Chad Kieffer | |
| 2009-08-30 | Apply hover effect to buttons in progress indicator dialog. | Chad Kieffer | |
| 2009-08-30 | Updating uses of html::js_string and SafeString::for_js (value now contains ↵ | Andy Staudacher | |
| string delimiters) | |||
| 2009-08-30 | Rename clean_js to js_string and have it return a complete JS string (with ↵ | Andy Staudacher | |
| delimiters) instead of just the string contents. Benefits: Using json_encode(), which is very robust. And as a user, it's clearer how to use this API compared to what it was before. | |||
| 2009-08-30 | Use is_descendant() API inside move_to() for clarity. | Bharat Mediratta | |
| 2009-08-30 | Improve no_tabs test to print out a complete list of files + line numbers + ↵ | Andy Staudacher | |
| line snippet. | |||
| 2009-08-30 | Add $theme-> methods to Xss whitelist for HTML safety. | Andy Staudacher | |
| Updating XSS golden file. | |||
| 2009-08-30 | Change all instances of SafeString::of_safe_html() to html::mark_safe() in ↵ | Andy Staudacher | |
| views. | |||
| 2009-08-30 | Fixing typo | Andy Staudacher | |
| 2009-08-29 | Minor cleanup | Andy Staudacher | |
| 2009-08-29 | Update all code to use helper method html::clean(), html::purify(), ... ↵ | Andy Staudacher | |
| instead of SafeString directly. | |||
| 2009-08-29 | Adding html::clean(), ::purify(), etc. | Andy Staudacher | |
| 2009-08-29 | Remove try/catch in resize() since that will swallow any exceptions | Bharat Mediratta | |
| that we generate when resizing. | |||
| 2009-08-29 | Undo url helper changes - url methods no longer return a SafeString. | Andy Staudacher | |
| Adding SafeString::of_safe_html() calls where urls are passed as parameters to t() and t2(). | |||
| 2009-08-29 | you can close the l10n client directly from its interface now, without going ↵ | jhilden | |
| back to the languages admin page | |||
| 2009-08-29 | XSS fixes | Andy Staudacher | |
| 2009-08-29 | Fix for ticket #628: | Tim Almdal | |
| 1) increased gallery module version to 11 2) added image_sharpened parameter to the gallery module 3) sharpen all resizes. | |||
| 2009-08-29 | Fix invalida syntax on trying to parse the progress bar percentage | Tim Almdal | |
| 2009-08-29 | L10n fixes for the admin_languages page, and JS/XSS cleanup of the organize ↵ | Andy Staudacher | |
| views. | |||
| 2009-08-29 | Fix link in l10n UI (for SafeString changes) | Andy Staudacher | |
| 2009-08-29 | Merge commit 'upstream/master' | Andy Staudacher | |
| Conflicts: modules/akismet/views/admin_akismet.html.php modules/comment/helpers/comment_rss.php modules/gallery/helpers/gallery_rss.php modules/gallery/libraries/I18n.php modules/gallery/views/permissions_browse.html.php modules/gallery/views/simple_uploader.html.php modules/info/views/info_block.html.php modules/organize/controllers/organize.php modules/organize/views/organize.html.php modules/organize/views/organize_album.html.php themes/default/views/album.html.php themes/default/views/movie.html.php themes/default/views/photo.html.php | |||
| 2009-08-29 | Fixing all detected XSS vectors in PHP->JS code. | Andy Staudacher | |
| Xss: Rename UNKNOWN back to DIRTY, JS_XSS to DIRTY_JS. (using a different flag value to highlight potential XSS vectors in JS) | |||
| 2009-08-29 | Merge branch 'master' of git@github.com:gallery/gallery3 | Chad Kieffer | |
| 2009-08-29 | Update status message styles. Lighten backgrounds, don't show background on ↵ | Chad Kieffer | |
| Admin Maintenance rows, and added gModuleStatus class. | |||
| 2009-08-29 | Bugfix: Don't forget to copy the _is_purified_html flag when cloning a ↵ | Andy Staudacher | |
| SafeString. | |||
| 2009-08-29 | Refactor all calls of p::clean() to SafeString::of() and p::purify() to ↵ | Andy Staudacher | |
| SafeString::purify(). Removing any p::clean() calls for arguments to t() and t2() since their args are wrapped in a SafeString anyway. | |||
| 2009-08-29 | Add more factory methods for convenience: | Andy Staudacher | |
| SafeString::purify() and SafeString::of_safe_html(). Removing SafeString::mark_html_safe() since it's no longer needed. | |||
| 2009-08-29 | Merge branch 'talmdal_branch' of git@github.com:gallery/gallery3 | Bharat Mediratta | |
| 2009-08-29 | Clean up the test and get it working. | Bharat Mediratta | |
| 2009-08-29 | Adding SafeString::for_html_attr() | Andy Staudacher | |
| 2009-08-29 | Fix for 641... extend viewable functionality to comments. Viewable unit test ↵ | Tim Almdal | |
| is not working. | |||
| 2009-08-29 | Have url::site() and other methods return a SafeString, just as t() and t2(). | Andy Staudacher | |
| Benefits: - url::site() is often used in views and we can ensure in the url class that returned strings are indeed safe for use in HTML. Makes the list of vars of unknown safety status shorter. - url::site() is often used as message parameter to t() and t2(). The parameter would be HTML-escaped if it wasn't marked as safe HTML already. Makes the usage simpler / shorter. | |||
| 2009-08-29 | Merge branch 'master' of git@github.com:gallery/gallery3 | jhilden | |
| 2009-08-29 | * created new generic "Add" dropdown in the site menu. this should take care ↵ | jhilden | |
| of ticket #537 * removed start/stop translation menu items from the admin, since they are on the languags admin page now | |||
| 2009-08-29 | Standardize the access to the create_random_item method | Tim Almdal | |
| 2009-08-29 | improved translation interface so that it now can be closed without going to ↵ | jhilden | |
| the admin | |||
| 2009-08-29 | Merge branch 'master' of git@github.com:gallery/gallery3 | Bharat Mediratta | |
| 2009-08-29 | Adding SafeString which is going to replace p::clean() and p::purify(). | Andy Staudacher | |
| Refactoring of Xss_Security_Test. t() and t2() return a SafeString instance. TODO: - Update all code to use SafeString where appropriate. - Update golden fole of Xss_Security_Test - Stop reporting CLEAN vars in Xss_Security_Test | |||
| 2009-08-29 | Using SafeString in album controller / view | Andy Staudacher | |
| 2009-08-28 | improved translations admin interface | jhilden | |
| 2009-08-28 | Display the sort order in the Organize dialog, and allow users to | Bharat Mediratta | |
| change the sort order on the fly. | |||
| 2009-08-28 | improved UI for the languages admin | jhilden | |
| this should take care of bug #329 | |||
 |
index : gallery3.git | |
| A clone of the Gallery3 code for testing and development. | root |
| summaryrefslogtreecommitdiff |