| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2010-07-31 | Full pass over all the JSON encoding and JS dialog code. We now abide | Bharat Mediratta | |
| by the following rules: 1) An initial dialog or panel load can take either HTML or JSON, but the mime type must accurately reflect its payload. 2) dialog form submits can handle a pure HTML response, but the mime type must also be correct. This properly resolves the problem where the reauth code gets a JSON response first from the reauth code, and then an HTML response when you reauth and continue on to a given form -- try it out with Admin > Settings > Advanced. 3) All JSON replies must set the mime type correctly. The json::reply convenience function does this for us. 4) By default, any HTML content sent back in the JSON response should be in the "html" field, no longer the "form" field. The combination of these allows us to stop doing boilerplate code like this in our controllers: // Print our view, JSON encoded json::reply(array("form" => (string) $view)); instead, controllers can just return HTML, eg: // Print our view print $view; That's much more intuitive for developers. | |||
| 2010-07-31 | More patches as part of #1225. Change the 'core' modules to use the json::reply | Tim Almdal | |
| method to set the content type header and encode the response as a json object | |||
| 2010-07-31 | Partial fix for #1225 addresses the issues with the user edit forms. | Tim Almdal | |
| 2010-07-20 | Show the old group name in the error message when we fail to modify a group. ↵ | Bharat Mediratta | |
| Fixes ticket #1233. | |||
| 2010-07-20 | Fix a bunch of missing or invalid error messages. Fixes ticket #1232. | Bharat Mediratta | |
| 2010-07-20 | Add internationalized error messages for adding and editing groups. | Bharat Mediratta | |
| 2010-07-06 | Fix for ticket #1181. Use $.getJSON to retrieve the json contents of the ↵ | Tim Almdal | |
| dialog. Convert all the controllers that create the data to go into a dialog to return the html as part of a json object. | |||
| 2010-04-30 | Add page_title to admin views. Closes #1038. | ckieffer | |
| 2010-04-17 | Change the key for invalid passwords from "invalid" to | Bharat Mediratta | |
| "invalid_password" to remove ambiguity. | |||
| 2010-03-03 | Update the copyright to 2010. It's only 3 months into the year :-) | Bharat Mediratta | |
| 2010-02-27 | Fix for ticket #1037: Only show language drop-down when there's actually a ↵ | Andy Staudacher | |
| choice. | |||
| 2010-02-27 | Add more randomness to reset password mechanism. | Andy Staudacher | |
| 2010-02-11 | Get rid of unnecessary view file. | Andy Staudacher | |
| 2010-02-11 | Include user name in logging message for failed password reset. As Bharat ↵ | Andy Staudacher | |
| points out, t() ensures that parameters are escaped for XSS. | |||
| 2010-02-11 | Fix for ticket 1010: Don't leak valid user names in "forgot password" form. | Andy Staudacher | |
| Includes fixes for user forms as well (edit user / email / password). | |||
| 2010-02-09 | Fix password reset confirmation | Andy Staudacher | |
| 2010-02-07 | Last partial fix for ticket 585: Compartmentalize the admin area and require ↵ | Andy Staudacher | |
| active authentication every 20 minutes to access the admin area. Also renaming auth::validate_too_many_failed_password_changes to validate_too_many_failed_auth_attempts since it's used in this generalized way in 3 places now. | |||
| 2010-02-07 | Rename user_authenticate_xxx events to user_auth_xxx for brevity. | Bharat Mediratta | |
| 2010-02-07 | Create the concept of a "failed authentication" as semantically | Bharat Mediratta | |
| separate from a successful or failed login. 1) Rename user_login_failed event to user_authenticate_failed 2) Rename failed_logins table to failed_auth (bump Gallery module to v27 to rename the table) 3) auth::too_many_failed_logins -> auth::too_many_failures 4) auth::record_failed_auth_attempts -> auth::record_failed_attempts auth::clear_failed_auth_attempts -> auth::clear_failed_attempts | |||
| 2010-02-06 | Partial fix for ticket 585: Require current password when changing an ↵ | Andy Staudacher | |
| account's email address. Still leaving the user/group admin page wide open though. | |||
| 2010-02-06 | Fix up Admin_Users_Controller() form handling now that user_form.html | Bharat Mediratta | |
| is gone. Fixes ticket #1005. | |||
| 2010-02-02 | Protect password changes against brute force attacks. | Bharat Mediratta | |
| 2010-02-02 | Require the current password to change your password. | Bharat Mediratta | |
| Fixes ticket #585. Separate out the password change form from the regular edit user form. Require the old password to enter a new one. While I'm at it, roll the password strength javascript into a Form_Script element so that we can get rid of the old view (which incidentally fixes a bug where the password strength meter would go away on form errors). | |||
| 2010-02-01 | Localize validation errors. | Bharat Mediratta | |
| 2010-01-31 | Fix lots of warnings that pop up when we're in E_STRICT mode. They're | Bharat Mediratta | |
| mostly issues around uninitialized variables, calling non-static functions in a static context, calling Session functions directly instead of on its singleton, passing non-variables by reference, and subclasses not using the same interface as the parent class. | |||
| 2010-01-30 | Don't override the password in the database if it's empty in the form. | Bharat Mediratta | |
| Fixes ticket #995. | |||
| 2010-01-28 | Localize edit form error messages. | Bharat Mediratta | |
| 2010-01-22 | Don't try to access ORM::$changed externally; it's protected. | Bharat Mediratta | |
| 2010-01-20 | Fix typo: edit_user -> add_user. | Bharat Mediratta | |
| 2010-01-20 | Stop using MY_ORM::original(). | Bharat Mediratta | |
| 2010-01-17 | Move model rules down into their validate() function for consistency. | Bharat Mediratta | |
| Change "in_use" error to "conflict" for consistency. | |||
| 2010-01-16 | Use "(string) $form" instead of "$form->__toString()" | Bharat Mediratta | |
| 2010-01-16 | Convert Users_Controller to model based validation. | Bharat Mediratta | |
| 2010-01-16 | Convert Admin_Users_Controller, User_Model and Group_Model to use | Bharat Mediratta | |
| model based validation. | |||
| 2010-01-16 | Convert Admin_Users::add_user() to use model based validation. Get | Bharat Mediratta | |
| the rules and business logic out of the form and user::create(), and move it into User_Model::save(). | |||
| 2010-01-16 | Whitespace. | Bharat Mediratta | |
| 2009-12-23 | Convert a bunch of leftover kohana::show_404 calls to throw | Bharat Mediratta | |
| Kohana_404_Exception instead. These are the ones where we used a lower-case 'k' so my previous filter didn't catch it. | |||
| 2009-11-25 | ORM::orderby -> ORM::order_by | Bharat Mediratta | |
| 2009-11-25 | Preliminary work to cut over to Kohana 2.4 | Bharat Mediratta | |
| - Kohana::log() -> Kohana_Log::add() - Kohana::config_XXX -> Kohana_Config::instance()->XXX - Implement View::set_global in MY_View - Updated Cache_Database_Driver to latest APIs - ORM::$loaded -> ORM::loaded() - Updated item::viewable() to use K2.4 parenthesization | |||
| 2009-11-21 | Correct inconsistent captialization. Fixes #906 | Tim Almdal | |
| 2009-11-17 | Redesign the way that we consider page types to create buckets of page | Bharat Mediratta | |
| types, and a subtype for specifics. Currently the top level bucket collection, item, other Here are the core subtypes so far: collection: album, search, tag item: movie, photo other: login, reset, comment-fragment, comment It's legal to create new page_subtypes whenever you want. Use the appropriate page_type to get the coarse grain behavior that you want. | |||
| 2009-11-06 | Remove width class from add group form, it sizes the form's elements, not ↵ | Chad Kieffer | |
| the form itself. | |||
| 2009-10-31 | Revert "Use an event 'check_user_name_exists' to validate the input name is ↵ | Tim Almdal | |
| already in use. The parameter is a standard class with the name and an exists flag. Any event handler should or their result with the exists flag." This reverts commit 04bf50bfb4241f7c814782c516732d927ff1f457. | |||
| 2009-10-30 | Caught a few more incorrect capitalizations. | Tim Almdal | |
| 2009-10-29 | Use an event 'check_user_name_exists' to validate the input name is already ↵ | Tim Almdal | |
| in use. The parameter is a standard class with the name and an exists flag. Any event handler should or their result with the exists flag. | |||
| 2009-10-27 | Check the minimum length when adding or modifying users via the admin screen. | Tim Almdal | |
| 2009-10-27 | Add a password strength meter. | Tim Almdal | |
| 2009-10-27 | Set the minimum password length to 5. The gallery owner can change this in ↵ | Tim Almdal | |
| the advance settings. | |||
| 2009-10-27 | When we are changing the password using the change password from as part of ↵ | Tim Almdal | |
| the password reset, the input value is in the post[hash] variable as opposed to the get(key) value. This should fix ticket #850. | |||
| 2009-10-24 | Merge branch 'master' into talmdal_dev | Tim Almdal | |
| Conflicts: modules/server_add/helpers/server_add_theme.php | |||
 |
index : gallery3.git | |
| A clone of the Gallery3 code for testing and development. | root |
| summaryrefslogtreecommitdiff |