| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2009-08-30 | (mostly harmless) XSS fix in server add | Andy Staudacher | |
| 2009-08-30 | XSS fixes in admin_comments.html.php | Andy Staudacher | |
| 2009-08-30 | Check for href="<?= $foo ?>" (malicious "javascript:..." string) | Andy Staudacher | |
| 2009-08-30 | Updating XSS golden file | Andy Staudacher | |
| 2009-08-30 | Merge commit 'upstream/master' | Andy Staudacher | |
| Conflicts: modules/gallery/views/l10n_client.html.php modules/organize/views/organize_tree.html.php modules/server_add/helpers/server_add_event.php | |||
| 2009-08-30 | Tabs to spaces cleanup | Andy Staudacher | |
| 2009-08-30 | Updating uses of html::js_string and SafeString::for_js (value now contains ↵ | Andy Staudacher | |
| string delimiters) | |||
| 2009-08-30 | Rename clean_js to js_string and have it return a complete JS string (with ↵ | Andy Staudacher | |
| delimiters) instead of just the string contents. Benefits: Using json_encode(), which is very robust. And as a user, it's clearer how to use this API compared to what it was before. | |||
| 2009-08-30 | Don't try to move an item into its own descendant hierarchy. Just leave it ↵ | Bharat Mediratta | |
| out of the move for now. | |||
| 2009-08-30 | Use is_descendant() API inside move_to() for clarity. | Bharat Mediratta | |
| 2009-08-30 | CSS rename: gMicroThumbXxx -> gOrganizeMicroThumbXxx to make it clear | Bharat Mediratta | |
| that this is organize only. | |||
| 2009-08-30 | Rename gAlbumText to gOrganizeAlbumText for consistency since this is | Bharat Mediratta | |
| an organize-only construct. | |||
| 2009-08-30 | remove unused #gOrganizeDialog | Bharat Mediratta | |
| 2009-08-30 | Manage the selection so we don't automatically select an album | Bharat Mediratta | |
| whenever we expand a tree. | |||
| 2009-08-30 | Precalculate the organize tree based on the selected album and render | Bharat Mediratta | |
| it right away while still allowing incremental tree loading. | |||
| 2009-08-30 | Change the processing time for search_task and exif_task to start the | Bharat Mediratta | |
| 1.5 second counter only after we've done any expensive queries. This guarantees at least some time to do work. Fixes ticket #693. | |||
| 2009-08-30 | Improve no_tabs test to print out a complete list of files + line numbers + ↵ | Andy Staudacher | |
| line snippet. | |||
| 2009-08-30 | Add $theme-> methods to Xss whitelist for HTML safety. | Andy Staudacher | |
| Updating XSS golden file. | |||
| 2009-08-30 | Change all instances of SafeString::of_safe_html() to html::mark_safe() in ↵ | Andy Staudacher | |
| views. | |||
| 2009-08-30 | Fixing typo | Andy Staudacher | |
| 2009-08-29 | Minor cleanup | Andy Staudacher | |
| 2009-08-29 | Update all code to use helper method html::clean(), html::purify(), ... ↵ | Andy Staudacher | |
| instead of SafeString directly. | |||
| 2009-08-29 | Adding html::clean(), ::purify(), etc. | Andy Staudacher | |
| 2009-08-29 | Delete obsolete comment and tighten the code in site_menu(). | Bharat Mediratta | |
| 2009-08-29 | Remove try/catch in resize() since that will swallow any exceptions | Bharat Mediratta | |
| that we generate when resizing. | |||
| 2009-08-29 | Merge branch 'master' of git@github.com:gallery/gallery3 | Bharat Mediratta | |
| 2009-08-29 | Change the organize tree to expand/collapse. It doesn't properly open | Bharat Mediratta | |
| up to the album that you're viewing, and if you move a photo to a different album it'll reload the entire album tree. | |||
| 2009-08-29 | Undo url helper changes - url methods no longer return a SafeString. | Andy Staudacher | |
| Adding SafeString::of_safe_html() calls where urls are passed as parameters to t() and t2(). | |||
| 2009-08-29 | you can close the l10n client directly from its interface now, without going ↵ | jhilden | |
| back to the languages admin page | |||
| 2009-08-29 | XSS fixes | Andy Staudacher | |
| 2009-08-29 | Fix for ticket #628: | Tim Almdal | |
| 1) increased gallery module version to 11 2) added image_sharpened parameter to the gallery module 3) sharpen all resizes. | |||
| 2009-08-29 | Fix invalida syntax on trying to parse the progress bar percentage | Tim Almdal | |
| 2009-08-29 | L10n fixes for the admin_languages page, and JS/XSS cleanup of the organize ↵ | Andy Staudacher | |
| views. | |||
| 2009-08-29 | Fix link in l10n UI (for SafeString changes) | Andy Staudacher | |
| 2009-08-29 | Merge commit 'upstream/master' | Andy Staudacher | |
| Conflicts: modules/akismet/views/admin_akismet.html.php modules/comment/helpers/comment_rss.php modules/gallery/helpers/gallery_rss.php modules/gallery/libraries/I18n.php modules/gallery/views/permissions_browse.html.php modules/gallery/views/simple_uploader.html.php modules/info/views/info_block.html.php modules/organize/controllers/organize.php modules/organize/views/organize.html.php modules/organize/views/organize_album.html.php themes/default/views/album.html.php themes/default/views/movie.html.php themes/default/views/photo.html.php | |||
| 2009-08-29 | Fixing all detected XSS vectors in PHP->JS code. | Andy Staudacher | |
| Xss: Rename UNKNOWN back to DIRTY, JS_XSS to DIRTY_JS. (using a different flag value to highlight potential XSS vectors in JS) | |||
| 2009-08-29 | Merge branch 'master' of git@github.com:gallery/gallery3 | Chad Kieffer | |
| 2009-08-29 | Update status message styles. Lighten backgrounds, don't show background on ↵ | Chad Kieffer | |
| Admin Maintenance rows, and added gModuleStatus class. | |||
| 2009-08-29 | Bugfix: Don't forget to copy the _is_purified_html flag when cloning a ↵ | Andy Staudacher | |
| SafeString. | |||
| 2009-08-29 | Refactor all calls of p::clean() to SafeString::of() and p::purify() to ↵ | Andy Staudacher | |
| SafeString::purify(). Removing any p::clean() calls for arguments to t() and t2() since their args are wrapped in a SafeString anyway. | |||
| 2009-08-29 | Add more factory methods for convenience: | Andy Staudacher | |
| SafeString::purify() and SafeString::of_safe_html(). Removing SafeString::mark_html_safe() since it's no longer needed. | |||
| 2009-08-29 | Merge branch 'talmdal_branch' of git@github.com:gallery/gallery3 | Bharat Mediratta | |
| 2009-08-29 | Add a test for Comment_Model::viewable(). | Bharat Mediratta | |
| 2009-08-29 | Fix active() to not use user::guest() as the fallback for our Session::get() ↵ | Bharat Mediratta | |
| call. | |||
| 2009-08-29 | Clean up the test and get it working. | Bharat Mediratta | |
| 2009-08-29 | Adding SafeString::for_html_attr() | Andy Staudacher | |
| 2009-08-29 | Rename $comment_model to $comments. | Bharat Mediratta | |
| 2009-08-29 | Fix for 641... extend viewable functionality to comments. Viewable unit test ↵ | Tim Almdal | |
| is not working. | |||
| 2009-08-29 | Merge branch 'master' of git@github.com:gallery/gallery3 | Bharat Mediratta | |
| 2009-08-29 | Have url::site() and other methods return a SafeString, just as t() and t2(). | Andy Staudacher | |
| Benefits: - url::site() is often used in views and we can ensure in the url class that returned strings are indeed safe for use in HTML. Makes the list of vars of unknown safety status shorter. - url::site() is often used as message parameter to t() and t2(). The parameter would be HTML-escaped if it wasn't marked as safe HTML already. Makes the usage simpler / shorter. | |||
 |
index : gallery3.git | |
| A clone of the Gallery3 code for testing and development. | root |
| summaryrefslogtreecommitdiff |