summaryrefslogtreecommitdiff
path: root/modules
AgeCommit message (Collapse)Author
2010-02-14Enable session expiration. Currently, it's set to expire sessions after 7 ↵Andy Staudacher
days of inactivity.
2010-02-14Minor security tightening of IdentityProvider::change_provider().Andy Staudacher
2010-02-14Create an items REST collection requests that accepts a list of resource ↵Tim Almdal
urls and returns the items associated with them.
2010-02-14Remove the dirty flags from the information returned from the rest request ↵Tim Almdal
for an item. In addition, add links to the images.
2010-02-14If the return object is empty still return the empty object in the json ↵Tim Almdal
response.
2010-02-14Change JavaScript reauthentication check to check via XHR.Andy Staudacher
Benefit: Getting the real deadline this way, not interfering with an ongoing maintenance task.
2010-02-14HTML validation, avoid empty <ul>Andy Staudacher
2010-02-14HTML validation fix (<script>)Andy Staudacher
2010-02-14Some HTML validation fixes (don't render empty <ul> lists, empty id ↵Andy Staudacher
attributes, use &amp; not &)
2010-02-14For consistency, use straight Kohana_404_Exception instead of the event system.Andy Staudacher
2010-02-12Tighten up the text.Bharat Mediratta
2010-02-12Fix for tickets 1009 and 603: Show a themed error page to guests / ↵Andy Staudacher
registered users (not to admins though). And show a login form to guests for 404 (incl. insufficient view permissions) errors.
2010-02-12Revert "1) Add a depth parameter to retrieving an item thru the rest api"Bharat Mediratta
This reverts commit 3439671bcfb99c1884285e4b4e53295f044e688f.
2010-02-121) Add a depth parameter to retrieving an item thru the rest apiTim Almdal
2) Standardize the structure of members so that client programs can consistently parse the return information. 3) Added a summary parameter so that client programs can easily determine if the information returned is summary (item type, item title) or the full meal deal
2010-02-11Get rid of unnecessary view file.Andy Staudacher
2010-02-11Include user name in logging message for failed password reset. As Bharat ↵Andy Staudacher
points out, t() ensures that parameters are escaped for XSS.
2010-02-11Security: Fix leaking of album / photo names. Reject previous fix for ticket ↵Andy Staudacher
1009. Side effect: Renaming auth::required_login() to login_page().
2010-02-11Fix for ticket 1010: Don't leak valid user names in "forgot password" form.Andy Staudacher
Includes fixes for user forms as well (edit user / email / password).
2010-02-11Use the admin/users/edit_user_form version of the user editing formBharat Mediratta
right after initial install so that we're not requiring the user to re-enter the auto-generated password to change their password and email. Fixes ticket #1007
2010-02-10Merge branch 'master' of github.com:gallery/gallery3Bharat Mediratta
2010-02-10Refactor the code to display the login page if the user does not have viewTim Almdal
permission into the common auth::require_login() method.
2010-02-10If the user does not have permission to view the album, photo or movie, redirectTim Almdal
to a logon page to allow the user to login. Pass the target url as a session variable to allow the user to be redirected where they want to go if the login was successful. Fixes ticket #1009.
2010-02-10Use the helper ulr:current instead of manually creating the continue url.Tim Almdal
2010-02-09Revise the "review your permission" text to my liking.Bharat Mediratta
2010-02-09Move diff::compare to be test::diffBharat Mediratta
2010-02-09Merge branch 'master' of github.com:gallery/gallery3Bharat Mediratta
2010-02-09Formated upgrader for RTL languages. Closes ticket #883Chad Kieffer
2010-02-09Rename item name and slug if necessary to avoid a conflict when weBharat Mediratta
move photos. Fixes ticket #957.
2010-02-09Whitespace.Bharat Mediratta
2010-02-09Merge branch 'master' of github.com:gallery/gallery3Bharat Mediratta
2010-02-09Change access::can to access::required in g2 redirect, to please the ↵Andy Staudacher
controller auth code audit test.
2010-02-09Import hashed passwords from G2 (which will only work if they're ↵Andy Staudacher
PasswordHash passwords, not if they're G2 style md5 / salted md5).
2010-02-09Better handling of G2's multi level sort order in g2_importAndy Staudacher
2010-02-09Add unit tests for item::move() in preparation for renaming when thereBharat Mediratta
are conflicts (see ticket #957)
2010-02-09Fix password reset confirmationAndy Staudacher
2010-02-09More g2_import model validation fixes, and make import less noisy (don't ↵Andy Staudacher
copy each comment text to the import log).
2010-02-09Fix g2_import bugs related to item and user model validation.Andy Staudacher
2010-02-08Merge commit 'upstream/master'Andy Staudacher
2010-02-08Change admin area timeout from 20 to 90 minutesAndy Staudacher
2010-02-08Merge branch 'master' of github.com:gallery/gallery3Bharat Mediratta
2010-02-08Override Input::clean_input_keys() to sanitize malicious values out ofBharat Mediratta
strings instead of dying. This at least gives us graceful degradation. Fixes ticket #764, patch thanks to djnz.
2010-02-08Merge commit 'upstream/master'Andy Staudacher
2010-02-08Suppress errors when checking for readability of /proc/loadavg. Often this ↵Andy Staudacher
file will be protected by openbasedir, and is_readable will trigger an open basedir warning.
2010-02-08Fix the missing object problem in ie7. Fixes ticket: 1003. There is still ↵Tim Almdal
issues with selectables and draggables working together in IEx
2010-02-08Correct tree branch alignment in IETim Almdal
2010-02-08Fix for ticket 1008: Redirect to destination after re-auth.Andy Staudacher
2010-02-08Fix Arabic language name. Thanks shaibn for reporting the issue. Verified ↵Andy Staudacher
with CLDR data.
2010-02-07Merge commit 'upstream/master'Andy Staudacher
2010-02-07Improve likelihood that image block shows up for small photo collections by ↵Andy Staudacher
retrying the random query a few times.
2010-02-07Merge branch 'master' of git@github.com:gallery/gallery3Tim Almdal