From 7a53cebd29c00afbc53ab5c60f8980d8b6d204a0 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Thu, 1 Nov 2012 09:51:35 -0700 Subject: Don't show the sidebar on error pages - it just increases the chances that we'll compound the error. Instead, focus on the error or the login form. Fixes #1921. --- themes/wind/views/page.html.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/themes/wind/views/page.html.php b/themes/wind/views/page.html.php index c3e212c5..5bbbb509 100644 --- a/themes/wind/views/page.html.php +++ b/themes/wind/views/page.html.php @@ -131,7 +131,7 @@
- page_subtype != "login"): ?> + page_subtype, array("login", "error"))): ?>
-- cgit v1.2.3 From fd3a67199bcb0a18f69c98f4e93f46292790fe3a Mon Sep 17 00:00:00 2001 From: Automatic Build Number Updater Date: Thu, 1 Nov 2012 09:53:01 -0700 Subject: Automated update of .build_number to 256 for branch master Last update: 31681bf834d5dc560b9898d9c30903f08ecb1966 (1 commits ago) --- .build_number | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.build_number b/.build_number index 83ac23ec..2841d78d 100644 --- a/.build_number +++ b/.build_number @@ -3,4 +3,4 @@ ; process. You don't need to edit it. In fact.. ; ; DO NOT EDIT THIS FILE BY HAND! -build_number=255 +build_number=256 -- cgit v1.2.3 From 50f5286ffbc6a675f97faf629893d2e248382396 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Tue, 6 Nov 2012 11:51:44 -0800 Subject: Elevate X-Frame-Options from all admin and user pages to all PHP responses. Fixes #1922. --- index.php | 3 +++ themes/admin_wind/views/admin.html.php | 1 - themes/wind/views/page.html.php | 1 - 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/index.php b/index.php index 9a6cc2ea..e6540791 100644 --- a/index.php +++ b/index.php @@ -51,6 +51,9 @@ ini_set("display_errors", false); // Ajax code. ini_set("session.use_trans_sid", false); +// Restrict all response frames to the same origin for security +header("X-Frame-Options: SAMEORIGIN"); + define("EXT", ".php"); define("DOCROOT", getcwd() . "/"); define("KOHANA", "index.php"); diff --git a/themes/admin_wind/views/admin.html.php b/themes/admin_wind/views/admin.html.php index 0300f7af..9a149149 100644 --- a/themes/admin_wind/views/admin.html.php +++ b/themes/admin_wind/views/admin.html.php @@ -1,5 +1,4 @@ - html_attributes() ?> xml:lang="en" lang="en"> diff --git a/themes/wind/views/page.html.php b/themes/wind/views/page.html.php index 5bbbb509..23021e4d 100644 --- a/themes/wind/views/page.html.php +++ b/themes/wind/views/page.html.php @@ -1,5 +1,4 @@ - html_attributes() ?> xml:lang="en" lang="en"> -- cgit v1.2.3 From 1ac8c883ab0db973659228f351d5b608200e6a56 Mon Sep 17 00:00:00 2001 From: Automatic Build Number Updater Date: Tue, 6 Nov 2012 12:55:21 -0700 Subject: Automated update of .build_number to 257 for branch master Last update: 31681bf834d5dc560b9898d9c30903f08ecb1966 (3 commits ago) --- .build_number | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.build_number b/.build_number index 2841d78d..d6de6fd9 100644 --- a/.build_number +++ b/.build_number @@ -3,4 +3,4 @@ ; process. You don't need to edit it. In fact.. ; ; DO NOT EDIT THIS FILE BY HAND! -build_number=256 +build_number=257 -- cgit v1.2.3 From b50768142745dc4bfd8a9460c7490ddd00e3b06a Mon Sep 17 00:00:00 2001 From: chalbertgit Date: Tue, 13 Nov 2012 11:51:03 -0500 Subject: [#1907] Added administrative variable to set lock timeout. --- installer/install.sql | 1 + modules/gallery/libraries/ORM_MPTT.php | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/installer/install.sql b/installer/install.sql index aee0900c..0156b9db 100644 --- a/installer/install.sql +++ b/installer/install.sql @@ -411,6 +411,7 @@ INSERT INTO {vars} VALUES (NULL,'gallery','email_from','unknown@unknown.com'); INSERT INTO {vars} VALUES (NULL,'gallery','email_reply_to','unknown@unknown.com'); INSERT INTO {vars} VALUES (NULL,'gallery','email_line_length','70'); INSERT INTO {vars} VALUES (NULL,'gallery','email_header_separator','s:1:\"\n\";'); +INSERT INTO {vars} VALUES (NULL,'gallery','lock_timeout','1'); INSERT INTO {vars} VALUES (NULL,'gallery','show_user_profiles_to','registered_users'); INSERT INTO {vars} VALUES (NULL,'gallery','extra_binary_paths','/usr/local/bin:/opt/local/bin:/opt/bin'); INSERT INTO {vars} VALUES (NULL,'gallery','timezone',NULL); diff --git a/modules/gallery/libraries/ORM_MPTT.php b/modules/gallery/libraries/ORM_MPTT.php index 534dd13b..ce0b102c 100644 --- a/modules/gallery/libraries/ORM_MPTT.php +++ b/modules/gallery/libraries/ORM_MPTT.php @@ -324,7 +324,8 @@ class ORM_MPTT_Core extends ORM { * Lock the tree to prevent concurrent modification. */ protected function lock() { - $result = $this->db->query("SELECT GET_LOCK('{$this->table_name}', 1) AS l")->current(); + $timeout = module::get_var("gallery", "lock_timeout"); + $result = $this->db->query("SELECT GET_LOCK('{$this->table_name}', $timeout) AS l")->current(); if (empty($result->l)) { throw new Exception("@todo UNABLE_TO_LOCK_EXCEPTION"); } -- cgit v1.2.3 From ce9199a955c6f3446de6892f5dfed0035d326123 Mon Sep 17 00:00:00 2001 From: chalbertgit Date: Tue, 13 Nov 2012 13:17:45 -0500 Subject: [#1907] Added code needed for the case when a user upgrades. --- modules/gallery/helpers/gallery_installer.php | 11 ++++++++++- modules/gallery/module.info | 2 +- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/modules/gallery/helpers/gallery_installer.php b/modules/gallery/helpers/gallery_installer.php index e556b49a..99bc3726 100644 --- a/modules/gallery/helpers/gallery_installer.php +++ b/modules/gallery/helpers/gallery_installer.php @@ -312,8 +312,9 @@ class gallery_installer { module::set_var("gallery", "show_user_profiles_to", "registered_users"); module::set_var("gallery", "extra_binary_paths", "/usr/local/bin:/opt/local/bin:/opt/bin"); module::set_var("gallery", "timezone", null); + module::set_var("gallery", "lock_timeout", 1); - module::set_version("gallery", 50); + module::set_version("gallery", 51); } static function upgrade($version) { @@ -713,6 +714,14 @@ class gallery_installer { } module::set_version("gallery", $version = 50); } + + if ($version == 50) { + // In v50, a lock_timeout variable was added so that administrators could edit the time out + // from 1 second to a higher variable if their system runs concurrent parallel uploads for + // instance. + module::set_var("gallery", "lock_timeout", 1); + module::set_version("gallery", $version = 51); + } } static function uninstall() { diff --git a/modules/gallery/module.info b/modules/gallery/module.info index a905a241..424c0c2d 100644 --- a/modules/gallery/module.info +++ b/modules/gallery/module.info @@ -1,6 +1,6 @@ name = "Gallery 3" description = "Gallery core application" -version = 50 +version = 51 author_name = "Gallery Team" author_url = "http://codex.gallery2.org/Gallery:Team" info_url = "http://codex.gallery2.org/Gallery3:Modules:gallery" -- cgit v1.2.3 From f457cd283cdfd9011d76ae96872e1f08bb219baf Mon Sep 17 00:00:00 2001 From: Automatic Build Number Updater Date: Thu, 15 Nov 2012 02:41:12 -0700 Subject: Automated update of .build_number to 258 for branch master Last update: 1ac8c883ab0db973659228f351d5b608200e6a56 (1 commits ago) --- .build_number | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.build_number b/.build_number index d6de6fd9..8c992dcc 100644 --- a/.build_number +++ b/.build_number @@ -3,4 +3,4 @@ ; process. You don't need to edit it. In fact.. ; ; DO NOT EDIT THIS FILE BY HAND! -build_number=257 +build_number=258 -- cgit v1.2.3