| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2009-08-31 | Fix XSS vectors in HTML attributes (mostly t() calls) | Andy Staudacher | |
| 2009-08-29 | Update all code to use helper method html::clean(), html::purify(), ... ↵ | Andy Staudacher | |
| instead of SafeString directly. | |||
| 2009-08-29 | Refactor all calls of p::clean() to SafeString::of() and p::purify() to ↵ | Andy Staudacher | |
| SafeString::purify(). Removing any p::clean() calls for arguments to t() and t2() since their args are wrapped in a SafeString anyway. | |||
| 2009-07-07 | Revert "Forgot this when i was cleaning up for ticket #519" | Tim Almdal | |
| This reverts commit 31969a1d8211187e415eac51d155b4efded365f3. | |||
| 2009-07-07 | Forgot this when i was cleaning up for ticket #519 | Tim Almdal | |
| 2009-07-04 | Fix for ticket #477. Use nl2br method when rendering comment::text and | Tim Almdal | |
| item::description. In addition add p::clean or p::purify to places that xss cleaning had missed (i.e. rss feeds) | |||
| 2009-07-03 | Split the clean method into two clean and purify. clean is a light weight | Tim Almdal | |
| approach using html::specialchars and purify uses HTMLPurifier to intelligently cleanse the output fields. Use purifier for text and title fields where it is likely that a user would enter html to format their data. | |||
| 2009-06-02 | Fix for ticket #320 | Tim Almdal | |
| 2009-05-31 | Run p::clean() on any variables that contain data entered by users. | Bharat Mediratta | |
| 2009-02-13 | Ticket #2. Tighten up search results UI. | Chad Kieffer | |
| 2009-02-06 | jQuery-based buttons! Form updates, short form updates. Need to fix add ↵ | Chad Kieffer | |
| user/group buttons and search form on search results page. | |||
| 2009-01-17 | Implement relevance ranked boolean searching on a full text index of | Bharat Mediratta | |
| item and comment data. Whew! It's not pretty yet. And you have to manually update the index currently in admin/maintenance. But it works. | |||
| 2009-01-08 | i18n refactoring: Rename all _() (reserved by gettext) calls to t(). | Andy Staudacher | |
| - And refactor printf to our string interpolation / pluralization syntax - Also, a slight change to the translations_incomings table, using binary(16) instead of char(32) as message key. | |||
| 2009-01-01 | Change the preamble for views in two ways: | Bharat Mediratta | |
| 1) drop unnecessary semicolon 2) start with <?php for extra security in the case that the server itself doesn't have short_tags enabled (the app won't work, but we need to make sure that we're still secure) | |||
| 2008-12-17 | Added JS to set/reset simple forms' input values to their corresponding ↵ | Chad Kieffer | |
| labels' value. Labels should always be used with visible inputs. Use this to style and control short form input display and behavior. | |||
| 2008-11-23 | Move search out into its own module and have it display its link at | Bharat Mediratta | |
| the header_bottom() insertion point. | |||
 |
index : gallery3.git | |
| A clone of the Gallery3 code for testing and development. | root |
| summaryrefslogtreecommitdiff |