| Commit message (Collapse) | Author | Files | Lines |
|
git-svn-id: http://piwigo.org/svn/trunk@3049 68402e56-0260-453c-a942-63ccdbb3a9ee
|
|
- 2755 fix vulnerability http://www.milw0rm.com/exploits/6755
- 2756 security paranoia: protect session/remember me cookies from XSS attacks (works only if php>=5.2 and with IE/FF maybe others)
git-svn-id: http://piwigo.org/svn/trunk@2757 68402e56-0260-453c-a942-63ccdbb3a9ee
|
|
in admin and mails to admin in user browser language)
git-svn-id: http://piwigo.org/svn/trunk@2425 68402e56-0260-453c-a942-63ccdbb3a9ee
|
|
language as language for guest, generic members, registering process). If the language is not available PHPWG_DEFAULT_LANGUAGE is used as previously.
git-svn-id: http://piwigo.org/svn/trunk@2371 68402e56-0260-453c-a942-63ccdbb3a9ee
|
|
bugged (r2297 was repeating new and old header).
By the way, I've also removed the replacement keywords. We were using them
because it was a common usage with CVS but it is advised not to use them with
Subversion. Personnaly, it is a problem when I search differences between 2
Piwigo installations outside Subversion.
git-svn-id: http://piwigo.org/svn/trunk@2299 68402e56-0260-453c-a942-63ccdbb3a9ee
|
|
git-svn-id: http://piwigo.org/svn/trunk@2297 68402e56-0260-453c-a942-63ccdbb3a9ee
|
|
Merge branch-1_7 2176:2177 into BSF
git-svn-id: http://piwigo.org/svn/trunk@2178 68402e56-0260-453c-a942-63ccdbb3a9ee
|
|
- Copyrights 2003-2007
- help
- Some HTML comform requests
git-svn-id: http://piwigo.org/svn/trunk@1903 68402e56-0260-453c-a942-63ccdbb3a9ee
|
|
- put in a new admin_multi_view:allows admins to change on the fly language/theme and view gallery as guest (useful for developers and just to show a 'new' way of using plugins)
- removed some warnings from history.php and increased table width to 99%
- remove unused admin language strings
git-svn-id: http://piwigo.org/svn/trunk@1821 68402e56-0260-453c-a942-63ccdbb3a9ee
|
|
It's a finalized version.
Obsolete code of draft are removed.
You can filter categories and images with recent date period on your screen selection.
In the future, filter could be easy done on other type data (plugin?)
You can flat categories and sub-categories with a recent date period of your choice.
Next, perhaps, a panel to choice recent date for the 2 features.
On draft, there have problem with MySql 5, be careful!
Css problem not resolved:
- Menu "Categories" is bad centered
- Icon on dark too on the top
git-svn-id: http://piwigo.org/svn/trunk@1677 68402e56-0260-453c-a942-63ccdbb3a9ee
|
|
Last draft before final development.
There a icon for global mode and one other for local mode.
Counters are not good, filter on images are not everywhere applied, moment to update cache are not optimized, ...
Go to http://forum.phpwebgallery.net/viewtopic.php?id=9490
git-svn-id: http://piwigo.org/svn/trunk@1651 68402e56-0260-453c-a942-63ccdbb3a9ee
|
|
- thumbnail order saved in the session instead of cookie
git-svn-id: http://piwigo.org/svn/trunk@1623 68402e56-0260-453c-a942-63ccdbb3a9ee
|
|
used in the code (generates mysql errors on session garbage collector)
- fix auto_login (die mysql when session timed out, but user has remember)
- when a user reconnects from identification.php, the remember cookie was not
deleted
- fix all redirect warnings/errors (many changes - mainly in common.inc.php
and user.inc.php)
- reduced $conf['remember_me_length'] to 60 days, because now at each auto
login the 60 days countdown restarts
git-svn-id: http://piwigo.org/svn/trunk@1568 68402e56-0260-453c-a942-63ccdbb3a9ee
|
|
password.php and register.php must be accessible when user is guest
even if guest user is not allowed.
git-svn-id: http://piwigo.org/svn/trunk@1524 68402e56-0260-453c-a942-63ccdbb3a9ee
|
|
when guest access in not allowed identification.php script try
to redirect to himself ad infinitum.
git-svn-id: http://piwigo.org/svn/trunk@1522 68402e56-0260-453c-a942-63ccdbb3a9ee
|
|
small problem with reconnexion after session timeout
add auto-login function
all staff for session (connexion, auto-login and logout)
is now in include/user.inc.php
git-svn-id: http://piwigo.org/svn/trunk@1511 68402e56-0260-453c-a942-63ccdbb3a9ee
|
|
bugs 344 and 308: broken user id in $_SESSION due to php.ini register_globals
git-svn-id: http://piwigo.org/svn/trunk@1231 68402e56-0260-453c-a942-63ccdbb3a9ee
|
|
o Fix Missing Adviser tests
o Improve pwg_high , set to is_the_guest default value for enabled_high
git-svn-id: http://piwigo.org/svn/trunk@1106 68402e56-0260-453c-a942-63ccdbb3a9ee
|
|
fix: locked gallery cannot be unlocked (impossible to login)
improvement: nicer display in redirect.tpl
improvement: when a page is not accessible because of permissions (accessed
through bookmark or email), redirect to identification.php and after
identification to the initially requested page
git-svn-id: http://piwigo.org/svn/trunk@1052 68402e56-0260-453c-a942-63ccdbb3a9ee
|
|
$page['where'] was an SQL clause used to retrieve pictures in #images
table. $page['items'] is the list of picture ids of the current section.
improvement: function initialize_category replaced by dedicated included PHP
script include/section_init.inc.php. Code was refactored to improve
readibility and maintenability. $page['navigation_bar'] is now build in
category.php instead of initialize_category function. Function check_cat_id
was also replaced by a piece of code in the new file. The file to include to
display thumbnails from category.php is now set in section_init.inc.php
instead of calculated in category.php.
bug fix: the test for rel="up" link for standard HTML navigation links in
category menu was not working with non numeric categories, such as
"favorites".
improvement: function check_login_authorization removed because useless but
in profile.php.
git-svn-id: http://piwigo.org/svn/trunk@1036 68402e56-0260-453c-a942-63ccdbb3a9ee
|
|
fixed problem of undefined variable conf in upgrade_feed.php
fixed problem of undefined index is_the_guest of tab variable user
git-svn-id: http://piwigo.org/svn/trunk@1023 68402e56-0260-453c-a942-63ccdbb3a9ee
|
|
- use only cookies to store session id on client side
- use default php session system with database handler to store sessions on server side
git-svn-id: http://piwigo.org/svn/trunk@1004 68402e56-0260-453c-a942-63ccdbb3a9ee
|
|
included page, localized items are managed directly in the template.
- new : sub template admin/double_select is included in templates
admin/cat_options, admin/user_perm and admin/group_perm. I haven't been
able to use it in admin/picture_modify because it seems impossible to have
two instance of the same sub-template without interfering.
- modification : bug 99, in profile manager, no auto submit when changing
language (useless and generate accessibility problem).
- improvement : HTML semantically correct for administration menu, simpler
syntax, less tags, correct tags (dl/dt/dd instead of div/div).
- modification : number of waiting elements and unvalidated comments are
displayed in admin/intro instead of administration menu (with a link to
the dedicated pages).
- deletion : no link to profile from admin/user_list anymore (no need).
git-svn-id: http://piwigo.org/svn/trunk@817 68402e56-0260-453c-a942-63ccdbb3a9ee
|
|
is divided between users (common properties with any web application) and
user_infos (phpwebgallery specific informations). External table and
fields can be configured.
- modification : profile.php is not reachable through administration anymore
(not useful).
- modification : in profile.php, current password is mandatory only if user
tries to change his password. Username can't be changed.
- deletion : of obsolete functions get_user_restrictions,
update_user_restrictions, get_user_all_restrictions, is_user_allowed,
update_user
- modification : $user['forbidden_categories'] equals at least "-1" so that
category_id NOT IN ($user['forbidden_categories']) can always be used.
- modification : user_forbidden table becomes user_cache so that not only
restriction informations can be stored in this table.
git-svn-id: http://piwigo.org/svn/trunk@808 68402e56-0260-453c-a942-63ccdbb3a9ee
|
|
is set true : if no user matches $_SERVER['REMOTE_USER'] in "users" table,
PWG automatically creates one. This way, users can customize the behaviour
of the application.
- template : new organisation of identification menu
(category.php). Simplification is required for Apache authentication (no
logout link even if user is externally logged in)
- new : usernames can contain quotes (required because Apache authentication
authorized quotes in usernames)
git-svn-id: http://piwigo.org/svn/trunk@804 68402e56-0260-453c-a942-63ccdbb3a9ee
|
|
icons (more compact)
- user list : ability to associate to a group or to dissociate from a group
a list of selected users
- user list : ability to set user properties in "batch" mode (a selection of
users at once)
- user list : alternate background color for each line
- (not in ChangeLog) temporary commented code to update current user
language if $_POST['language'] is set (see include/user.inc.php for
details)
git-svn-id: http://piwigo.org/svn/trunk@787 68402e56-0260-453c-a942-63ccdbb3a9ee
|
|
Enhancement of the radio class under IE
git-svn-id: http://piwigo.org/svn/trunk@772 68402e56-0260-453c-a942-63ccdbb3a9ee
|
|
- taking into account locked categories during permissions calculation
git-svn-id: http://piwigo.org/svn/trunk@680 68402e56-0260-453c-a942-63ccdbb3a9ee
|
|
git-svn-id: http://piwigo.org/svn/trunk@675 68402e56-0260-453c-a942-63ccdbb3a9ee
|
|
user_forbidden must be updated only if current user is not in
administrative section
- bug fixed : category.php, error on page title when non category selected
- admin/search : bug on variable $PHP_SELF, replaced by $_SERVER['PHP_SELF']
- admin/user_perm : inheritence management. When a category become
authorized, all parent categories become authorized, when a category
become forbidden, all child category become forbidden
- no more recursivity in delete_categories function
- new function get_fs_directories for future new method of synchronization
- new function get_uppercat_ids replacing several pieces of code doing the
same
- new function get_fulldirs used for metadata function get_filelist and
future new method of synchronization
- new function get_fs for future new method of synchronization
- typo correction on lang item "about_message"
- no link to category privacy status management on user permission anymore
(giving the menu item instead)
git-svn-id: http://piwigo.org/svn/trunk@657 68402e56-0260-453c-a942-63ccdbb3a9ee
|
|
- $user keys for guest user are initialized with default values of $conf
git-svn-id: http://piwigo.org/svn/trunk@653 68402e56-0260-453c-a942-63ccdbb3a9ee
|
|
- deletion of $isadmin variable, replaced by constant IN_ADMIN
- small refactoring
- in include/common.inc.php, deletion of useless part "Obtain and encode
users IP" and corresponding functions encode_ip and decode_ip
- definition of $conf['default_language'] deleted from
include/config.inc.php : it is already present in database table config
- function init_userprefs deleted (useless), all its content moved to
include/user.inc.php
- admin.lang.php and faq.lang.php are loaded only if current user is in
administrative section
git-svn-id: http://piwigo.org/svn/trunk@650 68402e56-0260-453c-a942-63ccdbb3a9ee
|
|
NULL in database
- new table user_forbidden {user_id,need_update,forbidden_categories} and
deletion of field users.forbidden_categories
- new function calculate_permissions to update table user_forbidden when
needed
- simplification of include/user.inc.php
- in footer of each page, use "-" instead of "::" to separate page
information
git-svn-id: http://piwigo.org/svn/trunk@648 68402e56-0260-453c-a942-63ccdbb3a9ee
|
|
count sub-categories per sub-categories became false if no sub-categories
- virtual association come back in admin/infos_images (not only in
admin/picture_modify)
- check_favorites function in admin section becomes check_user_favorites in
public section : favorites are checked when user tries to display his
favorites. Function was optimized.
- in function update_category, wrap of long queries due to many categories
to update at the same time
- typo fixed in description of paginate_pages_around configuration parameter
- bug fixed in new navigation bar : no separation pipe was displayed between
next and last when the page displayed was the last
- sessions.expiration changed of type from int to datetime (a lot easier to
read)
- sessions.ip removed : IP address is no longer used to verify session
- $lang['cat_options'] was missing in en_UK.iso-8859-1
- typo fixed in language/en_UK.iso-8859-1/admin.lang.php on
editcat_lock_info language item
git-svn-id: http://piwigo.org/svn/trunk@647 68402e56-0260-453c-a942-63ccdbb3a9ee
|
|
git-svn-id: http://piwigo.org/svn/trunk@593 68402e56-0260-453c-a942-63ccdbb3a9ee
|
|
features
- by default, DEBUG is set to 0 (off)
git-svn-id: http://piwigo.org/svn/trunk@587 68402e56-0260-453c-a942-63ccdbb3a9ee
|
|
- simplification : each session is created with a cookie and if
PhpWebGallery can't read the cookie, it uses the URI id and it will be
used in the add_session_id function.
- configuration parameter "auth_method" disappeared (didn't lived much...)
- only one session id size possible. More comments for configuration in
include/config.inc.php
git-svn-id: http://piwigo.org/svn/trunk@555 68402e56-0260-453c-a942-63ccdbb3a9ee
|
|
- new feature : "remember me" creates a long time cookie
- possibility to set the default authentication method to URI or cookie
- really technical parameters (session identifier size, session duration)
are set in the config file and not in database + configuration.php
git-svn-id: http://piwigo.org/svn/trunk@541 68402e56-0260-453c-a942-63ccdbb3a9ee
|
|
- Deletion of collapsed & expanded gifs (obsoletes)
- Creation of faq language file for further writing of a end user-oriented FAQ
git-svn-id: http://piwigo.org/svn/trunk@532 68402e56-0260-453c-a942-63ccdbb3a9ee
|
|
git-svn-id: http://piwigo.org/svn/trunk@463 68402e56-0260-453c-a942-63ccdbb3a9ee
|
|
git-svn-id: http://piwigo.org/svn/trunk@452 68402e56-0260-453c-a942-63ccdbb3a9ee
|
|
function. The purpose is to avoid redirections failure when extra characters
are found in included PHP files.
git-svn-id: http://piwigo.org/svn/trunk@405 68402e56-0260-453c-a942-63ccdbb3a9ee
|
|
git-svn-id: http://piwigo.org/svn/trunk@397 68402e56-0260-453c-a942-63ccdbb3a9ee
|
|
git-svn-id: http://piwigo.org/svn/trunk@375 68402e56-0260-453c-a942-63ccdbb3a9ee
|
|
git-svn-id: http://piwigo.org/svn/trunk@367 68402e56-0260-453c-a942-63ccdbb3a9ee
|
|
git-svn-id: http://piwigo.org/svn/trunk@362 68402e56-0260-453c-a942-63ccdbb3a9ee
|
|
Split of the french language file
git-svn-id: http://piwigo.org/svn/trunk@351 68402e56-0260-453c-a942-63ccdbb3a9ee
|
|
Creation of an unique include file (common.php)
Creation of an unique define file (include/constants.php)
Modification of the installation procedure
git-svn-id: http://piwigo.org/svn/trunk@345 68402e56-0260-453c-a942-63ccdbb3a9ee
|
|
database, the first page works -> corrected.
git-svn-id: http://piwigo.org/svn/trunk@90 68402e56-0260-453c-a942-63ccdbb3a9ee
|
|
git-svn-id: http://piwigo.org/svn/trunk@57 68402e56-0260-453c-a942-63ccdbb3a9ee
|