summaryrefslogtreecommitdiff
path: root/modules
AgeCommit message (Collapse)Author
2010-02-16Fix for ticket #1020: Fix RSS feed validation of album / recent items feeds.Andy Staudacher
2010-02-15Put focus on password field in reauthenticate dialog.Andy Staudacher
2010-02-15Update of reviewed XSS audit data.Andy Staudacher
2010-02-15Input sanitizationAndy Staudacher
2010-02-15Never assign a SafeString instance to a Model member (or hell will break loose).Andy Staudacher
2010-02-15return the absolute url not the relative for the full size, resize and thumb ↵Tim Almdal
images.
2010-02-15Merge branch 'master' into talmdal_devTim Almdal
2010-02-14Fix for ticket #491: Make user and group names translatable.Andy Staudacher
Also fixed a UI bug: No longer showing the edit user buttons to admins in the profile view (to be consistent with the requirements in the controller).
2010-02-14Fix for ticket 901: Wrap Gallery version string into bdo tag to override the ↵Andy Staudacher
BiDi algorithm. Also, properly marking the "Powere by" string for translation. See: http://www.w3.org/International/tutorials/bidi-xhtml/#Slide0420
2010-02-14Need to allow access to ::change_provider for CLI, to make packager work.Andy Staudacher
2010-02-14Enable session expiration. Currently, it's set to expire sessions after 7 ↵Andy Staudacher
days of inactivity.
2010-02-14Minor security tightening of IdentityProvider::change_provider().Andy Staudacher
2010-02-14Create an items REST collection requests that accepts a list of resource ↵Tim Almdal
urls and returns the items associated with them.
2010-02-14Remove the dirty flags from the information returned from the rest request ↵Tim Almdal
for an item. In addition, add links to the images.
2010-02-14If the return object is empty still return the empty object in the json ↵Tim Almdal
response.
2010-02-14Change JavaScript reauthentication check to check via XHR.Andy Staudacher
Benefit: Getting the real deadline this way, not interfering with an ongoing maintenance task.
2010-02-14HTML validation, avoid empty <ul>Andy Staudacher
2010-02-14HTML validation fix (<script>)Andy Staudacher
2010-02-14Some HTML validation fixes (don't render empty <ul> lists, empty id ↵Andy Staudacher
attributes, use &amp; not &)
2010-02-14For consistency, use straight Kohana_404_Exception instead of the event system.Andy Staudacher
2010-02-14Merge branch 'master' into talmdal_devTim Almdal
2010-02-14Merge branch 'master' of git@github.com:gallery/gallery3Tim Almdal
2010-02-13Change JavaScript reauthentication check to check via XHR.Andy Staudacher
Benefit: Getting the real deadline this way, not interfering with an ongoing maintenance task.
2010-02-13HTML validation, avoid empty <ul>Andy Staudacher
2010-02-13If the return object is empty still return the empty object in the json ↵Tim Almdal
response.
2010-02-13Merge branch 'master' into talmdal_devTim Almdal
2010-02-13HTML validation fix (<script>)Andy Staudacher
2010-02-12Some HTML validation fixes (don't render empty <ul> lists, empty id ↵Andy Staudacher
attributes, use &amp; not &)
2010-02-12Merge commit 'upstream/master'Andy Staudacher
2010-02-12For consistency, use straight Kohana_404_Exception instead of the event system.Andy Staudacher
2010-02-12Fix for tickets 1009 and 603: Show a themed error page to guests / ↵Andy Staudacher
registered users (not to admins though). And show a login form to guests for 404 (incl. insufficient view permissions) errors.
2010-02-12Tighten up the text.Bharat Mediratta
2010-02-12Revert "1) Add a depth parameter to retrieving an item thru the rest api"Bharat Mediratta
This reverts commit 3439671bcfb99c1884285e4b4e53295f044e688f.
2010-02-121) Add a depth parameter to retrieving an item thru the rest apiTim Almdal
2) Standardize the structure of members so that client programs can consistently parse the return information. 3) Added a summary parameter so that client programs can easily determine if the information returned is summary (item type, item title) or the full meal deal
2010-02-11Merge branch 'master' into talmdal_devTim Almdal
2010-02-11Get rid of unnecessary view file.Andy Staudacher
2010-02-11Include user name in logging message for failed password reset. As Bharat ↵Andy Staudacher
points out, t() ensures that parameters are escaped for XSS.
2010-02-11Security: Fix leaking of album / photo names. Reject previous fix for ticket ↵Andy Staudacher
1009. Side effect: Renaming auth::required_login() to login_page().
2010-02-11Fix for ticket 1010: Don't leak valid user names in "forgot password" form.Andy Staudacher
Includes fixes for user forms as well (edit user / email / password).
2010-02-11Use the admin/users/edit_user_form version of the user editing formBharat Mediratta
right after initial install so that we're not requiring the user to re-enter the auto-generated password to change their password and email. Fixes ticket #1007
2010-02-10Merge branch 'master' into talmdal_devTim Almdal
2010-02-10Merge branch 'master' of github.com:gallery/gallery3Bharat Mediratta
2010-02-10Refactor the code to display the login page if the user does not have viewTim Almdal
permission into the common auth::require_login() method.
2010-02-10If the user does not have permission to view the album, photo or movie, redirectTim Almdal
to a logon page to allow the user to login. Pass the target url as a session variable to allow the user to be redirected where they want to go if the login was successful. Fixes ticket #1009.
2010-02-10Use the helper ulr:current instead of manually creating the continue url.Tim Almdal
2010-02-10Merge branch 'master' into talmdal_devTim Almdal
Conflicts: modules/organize/js/organize.js
2010-02-09Revise the "review your permission" text to my liking.Bharat Mediratta
2010-02-09Move diff::compare to be test::diffBharat Mediratta
2010-02-09Merge branch 'master' of github.com:gallery/gallery3Bharat Mediratta
2010-02-09Formated upgrader for RTL languages. Closes ticket #883Chad Kieffer