gallery3.git - A clone of the Gallery3 code for testing and development.

Age	Commit message (Collapse)	Author
2009-10-23	move controllers and views to the user module to make the Identity Provider ↵	Tim Almdal
	refactor smaller
2009-10-18	Wrap all admin views in g-block and g-block content. This provides the means ↵	Chad Kieffer
	to visually separate the view's title and description from everything else. Primary admin view title should always be h1, and only one h1 per view. Removed some unused admin CSS id's.
2009-10-17	Drop our g-clearfix in favor of using jQuery UI's ui-helper-clearfix.	Chad Kieffer

2009-10-14	Move the ui for user adminsitration back to the user module.	Tim Almdal

2009-10-13	Refactor the ui component of the user module into the gallery core module.	Tim Almdal

2009-10-07	Replaced most clear fix hacks with generic class.	Chad Kieffer

2009-10-04	Renamed more CSS selectors from gName to g-name.	Chad Kieffer

2009-10-04	Renamed most, if not all css selectors from gName to g-name. Moved a few ↵	Chad Kieffer
	shared images from wind to lib. Deleted unused images in the admin_wind. This will likely break a few ajax features.
2009-10-03	Renamed and moved gOdd/gEven CSS classes.	Chad Kieffer

2009-09-30	Convert gDialog and gCancel over to g-dialog and g-cancel. Refactor CSS id's ↵	Chad Kieffer
	and classes in the login/reset password dialog.
2009-09-30	Apply button style and hover effect to password reset button.	Chad Kieffer

2009-09-30	Missed g-right application on add group	Chad Kieffer

2009-09-30	Removed blank line.	Chad Kieffer

2009-09-30	Replaced gButtonLink with g-button.	Chad Kieffer

2009-09-30	First round of CSS refactor updates. Added calls to gallery.common.css from ↵	Chad Kieffer
	wind and admin_wind. Replaced basic text align and block float classes. Removed section #2 from both themes screen styles.
2009-09-05	Change click() to change() so that we immediately update the UI when	Bharat Mediratta
	the user picks a new option.
2009-09-05	Add missing view for language selection	Andy Staudacher

2009-09-04	placeholder for a missing view	Bharat Mediratta

2009-09-01	XSS / style fixes for newly detected issues (after fixing XSS scanner)	Andy Staudacher

2009-08-31	Fix XSS vectors in HTML attributes (mostly t() calls)	Andy Staudacher

2009-08-31	Rename mark_safe() to mark_clean()	Andy Staudacher

2009-08-30	Change all instances of SafeString::of_safe_html() to html::mark_safe() in ↵	Andy Staudacher
	views.
2009-08-29	Update all code to use helper method html::clean(), html::purify(), ... ↵	Andy Staudacher
	instead of SafeString directly.
2009-08-29	Undo url helper changes - url methods no longer return a SafeString.	Andy Staudacher
	Adding SafeString::of_safe_html() calls where urls are passed as parameters to t() and t2().
2009-08-29	Merge commit 'upstream/master'	Andy Staudacher
	Conflicts: modules/akismet/views/admin_akismet.html.php modules/comment/helpers/comment_rss.php modules/gallery/helpers/gallery_rss.php modules/gallery/libraries/I18n.php modules/gallery/views/permissions_browse.html.php modules/gallery/views/simple_uploader.html.php modules/info/views/info_block.html.php modules/organize/controllers/organize.php modules/organize/views/organize.html.php modules/organize/views/organize_album.html.php themes/default/views/album.html.php themes/default/views/movie.html.php themes/default/views/photo.html.php
2009-08-29	Refactor all calls of p::clean() to SafeString::of() and p::purify() to ↵	Andy Staudacher
	SafeString::purify(). Removing any p::clean() calls for arguments to t() and t2() since their args are wrapped in a SafeString anyway.
2009-08-29	Adding SafeString which is going to replace p::clean() and p::purify().	Andy Staudacher
	Refactoring of Xss_Security_Test. t() and t2() return a SafeString instance. TODO: - Update all code to use SafeString where appropriate. - Update golden fole of Xss_Security_Test - Stop reporting CLEAN vars in Xss_Security_Test
2009-08-08	Change galleryPanel and galleryDialog widgets to gallery_panel and ↵	Tim Almdal
	gallery_dialog respectively Signed-off-by: Bharat Mediratta <bharat@menalto.com>
2009-08-08	Refactor the gallery dialog into a jQuery widget	Tim Almdal
	Signed-off-by: Bharat Mediratta <bharat@menalto.com>
2009-07-23	Convert instances of theme_url() to just url() to match the API change	Bharat Mediratta
	made in dbeadc1407293d0c7af36723db6fe5699890b845
2009-07-21	In the logout link, urlencode the continue url so that ampersands, etc	Bharat Mediratta
	don't break encapsulation. In the logout controller, don't run the url through url::redirect because that uses url::site(). Just set the Location header directly. This fixes ticket #483.
2009-07-21	Escape bare & symbols so that we use valid entities. Fixes ticket #577.	Bharat Mediratta

2009-07-19	More thorough fix for #421. Create User_Model::display_name() which	Bharat Mediratta
	uses the full name if there is one, or falls back to the name if that's all we have.
2009-07-21	Changed "Forgot Your Password" text to use capital 'Y' on the word Your	Shai Ben-Naphtali
	Signed-off-by: Bharat Mediratta <bharat@menalto.com>
2009-06-28	Rename $theme->url() to $theme->theme_url() for consistency wiht	Bharat Mediratta
	$theme->theme_script().
2009-06-15	Add string to localizer	unostar

2009-06-13	Create gallery::date_time(), gallery::date() and gallery::time()	Bharat Mediratta
	functions that format a unix timestamp into a date+time/date/time string. Partial fix for ticket #347. Signed-off-by: <unostar@danalan.info>
2009-06-06	Fix formatting.	Bharat Mediratta

2009-06-01	Security pass over all controller code. Mostly adding CSRF checking	Bharat Mediratta
	and verifying user permissions, but there are several above-the-bar changes: 1) Server add is now only available to admins. This is a hard requirement because we have to limit server access (eg: server_add::children) to a user subset and the current permission model doesn't include that. Easiest fix is to restrict to admins. Got rid of the server_add permission. 2) We now know check permissions at every level, which means in controllers AND in helpers. This "belt and suspenders" approach will give us defense in depth in case we overlook it in one area. 3) We now do CSRF checking in every controller method that changes the code, in addition to the Forge auto-check. Again, defense in depth and it makes scanning the code for security much simpler. 4) Moved Simple_Uploader_Controller::convert_filename_to_title to item:convert_filename_to_title 5) Fixed a bug in sending notification emails. 6) Fixed the Organize code to verify that you only have access to your own tasks. In general, added permission checks to organize which had pretty much no validation code. I did my best to verify every feature that I touched.
2009-05-31	Localize a string	Bharat Mediratta

2009-05-31	user admin facelift	jhilden
	* added drag & drop help message for empty groups * fixed overflow issue with more than ~10 members in one group * CSS improvements
2009-05-31	Run all variables that come from user-entered data through p::clean()	Bharat Mediratta

2009-05-26	Quick fix for ticket #144. Reapply event handler for delete link gDialog ↵	Chad Kieffer
	when group is refreshed.
2009-05-26	Link to gallery.panel.js from the head, not body.	Chad Kieffer

2009-05-26	Split out re-used JavaScript for common functions (messages, valign), panel ↵	Chad Kieffer
	toggle, and forms to external files.
2009-05-13	Make the 'this user cannot be deleted' link actually not clickable.	Bharat Mediratta

2009-05-13	Colorize admin user rows to make them stand out	Bharat Mediratta

2009-05-13	Use the name field if the full_name field is empty.	Bharat Mediratta

2009-04-17	Fix i18n for "Logged in as" string	Andy Staudacher

2009-04-05	Add a weight column to the items model. Change the album ordering to	Tim Almdal
	use this as the default instead of id. This prepares the way for manual reordering in the organize functionality.