3363 Commits

Author SHA1 Message Date
plegall 0329e6a91e fixes #2569 big warning when editing guest user permissions 2026-07-07 17:10:47 +02:00
HWFord 9822df60c8 issue #2516 update admin messages
adjust margin for messages with links
change display for edit album, change ".show" to change css display for flex instead of block
remove bullets for multiple messages displayed
2026-07-02 13:16:38 +02:00
RushLana 2357a86d51 Fixes #2552 - Implement SVG validation
Use https://github.com/darylldoyle/svg-sanitizer to check for malicious code inside svg, throw an error code 415 when triggered in the API.
2026-05-26 14:26:39 +02:00
David 1b1c89867e Fixes #2036 WebP support when using PHP GD 2026-05-14 15:01:15 +02:00
plegall 2cfa7a3d19 fixes GHSA-6wj3-7fhw-gfpm upgrade/install: make sure user input is sanitized 2026-05-03 12:03:43 +02:00
Linty 33024bcc8d fixes #2555 toggle password links by user status
Show copy/send password links by default but hide them for users with status 'generic'. Adds a change handler in fill_user_edit_properties to call toggle_send_copy_password when the status select changes, and implements toggle_send_copy_password(status) to show/hide #copy_password_link and #send_password_link accordingly.
2026-04-29 16:20:37 +02:00
plegall 54c812bf7d fixes #2553 force opcache to reload files extracted from zip during plugin update 2026-04-28 16:40:57 +02:00
plegall ba1f803f8c fixes GHSA-jhp4-7f82-8f6q check image_order against allowed values 2026-04-26 15:18:28 +02:00
plegall c7e30da5c1 fixes GHSA-7r67-9xhq-7p2c check get.filter inputs for dimensions and filesize 2026-04-26 13:06:52 +02:00
plegall 4a13ec9a8f fixes GHSA-7w97-5g4p-xqvv more robust check on logo file type 2026-04-26 11:42:20 +02:00
plegall 8cec3cc305 fixes #2550 checks MIME type against each uploaded file 2026-04-21 16:39:04 +02:00
plegall d21b530cb0 fixes #2369 avoid division by zero in case of STORAGE_TOTAL < 1kB 2026-04-15 16:15:36 +02:00
HWFord 03823bbff3 issue #2516 update admin messages
colours and padding mainly
2026-04-10 10:13:52 +02:00
Linty c9af737962 fixes #2544 improve AddUser UI layout
Hide AddUser error block on close and make the AddUser popin scrollable with layout fixes. Also refine two French translations (password and login key).
2026-03-26 10:10:20 +01:00
RushLana 001a21056c fixes #2540 only prompt to update container on version lower than the latest version 2026-03-16 13:03:45 +01:00
04cb 964a2d8ede Fix disk storage unit conversion from kB to GB/MB
Use binary (1024-based) prefixes instead of decimal (1000-based) for
storage unit conversion. Previously dividing by 1000000 and 1000,
now correctly dividing by 1048576 (1024*1024) and 1024.

Fixes #2502
2026-03-07 13:38:11 +01:00
HWFord 5cfabc12bf fixes #2531 remove use_standard_pages from config.php 2026-02-26 14:36:08 +01:00
RushLana bfbc8f68d9 Add docker updates support
Detect if running in a official container and replace updates buttons by links to the documentation
2026-02-24 15:16:56 +01:00
HWFord b0c6da3efd fixes #2525 add missing translation 2026-02-20 14:11:03 +01:00
HWFord 4b68edbd5c issue #2516 update message colors 2026-02-19 15:58:46 +01:00
HWFord 5a3f1a306d issue #2516 update message icons
change all message icons to circled versions
2026-02-19 11:19:23 +01:00
HWFord 3ac7b803e5 issue #2516 update fontello
Add warning circled
2026-02-18 11:13:55 +01:00
plegall 74edc39995 fixes #2519 prevent CSRF on album notification form 2026-02-04 15:49:47 +01:00
HWFord 3195a33b76 fixes #2516 update message colors and design 2026-01-27 16:02:46 +01:00
HWFord c186a5f7de fixes #2509 change button label in site_update.tpl 2026-01-15 10:08:29 +01:00
RushLana 5563ea98fd Add a more granular container detection (#2501)
Add a more granular container detection

Replace is_in_container by  get_container_info
Currently detect Official container (once they update a version with a tagfile) and LinuxServer container
All other container are marked as Unknown

Report two field :
- container_type ( none | Official | LinuxServer | Unknown
- container_version ( build Version number like 16.2.0a, only reported if Official container is detected )
2026-01-14 13:00:14 +01:00
HWFord 25068f308a fixes #2504 add missing @translate and missing keys 2026-01-08 16:09:51 +01:00
HWFord 074de993fe fixes #2503 revert moving update button 2026-01-07 16:45:54 +01:00
plegall e3c80efe63 fixes #2494 only picture_ext files can be resized after upload 2025-12-29 22:21:20 +01:00
RushLana ff633b7137 Change syntax order of all imagemagick to match IM7 syntax 2025-12-29 15:49:31 +01:00
Camille Huot 2583591a64 imagick7 expects input file before options 2025-12-29 15:49:31 +01:00
HWFord 27caef885e fixes #2486 add stdPgs config tab in admin
add skins and screenshots for skins
add admin tpl and css
update stdPgs tpl to have dynamic header section
2025-12-19 16:05:24 +01:00
HWFord 0c92a8ba33 fixes #2481 change hover scale 2025-12-08 14:24:26 +01:00
plegall 66f0ef574d fixes #2462 magick Vs convert: return only command name, not full path 2025-12-01 15:08:41 +01:00
HWFord fbaf2fdafb fixes #2467 change integer cast 2025-12-01 10:21:48 +01:00
HWFord e13a25ffce fixes #2464 don't activate smartpocket by default 2025-11-28 15:57:35 +01:00
plegall b1288115f5 fixes #2454 remove useless variables 2025-11-21 18:04:21 +01:00
Linty 31d8f4516c fixes #2450 add user agent in activities performed with api key
Updated user activity display to show when a user is connected via API key, including an icon and updated tooltip. Modified backend to set a 'connected_with' flag in activity details when API key authentication is used.
2025-11-18 15:48:42 +01:00
HWFord c04374928a issue #2439 update popin
Add translations
remove last major update conf when in piwigo Upgrade
don't send popin template if not needed
2025-11-17 10:00:53 +01:00
Linty c6e4a3f0a5 fixes #2441 add password fields for generic users in user creation
Introduces password and password confirmation fields when creating a user with 'generic' status. The password fields are shown or hidden based on the selected user status, and validation is added to ensure passwords are entered and match. Also adds a button to generate random passwords for new generic users.
2025-11-14 17:45:06 +01:00
Linty 0f494baa0c fixes #2440 enhance login security and user activity display
Improves login security by:
- implementing constant-time authentication to reduce timing attacks
- refactoring user lookup into find_user_by_username_or_email() for username or email login
- introducing a fake user to keep password verification time consistent
- adding a finalize_login hook so plugins can control the authentication flow (2FA, rate limiting, etc.)

Also updates user activity JS to:
- better display action details
- properly handle user lists (login/logout with multiple users)
2025-11-13 14:05:35 +01:00
HWFord 17829fdc52 fixes #2439 update whats new popup 2025-11-12 11:37:26 +01:00
plegall bc9526f323 fixes #2433 protect picture_modify.php from HTML just like pwg.images.setInfo
... and a extra check on input parameters
2025-11-10 16:04:51 +01:00
Ben Becker 1647147a9c Remove comment 2025-11-10 12:01:00 +01:00
Ben Becker 24c51f7225 Issue 2331 fix large file sync timeouts
Put `getimagesize` behind a mimetype check, so it doesn't waste processing
time on large files like videos that are incompatible.
2025-11-10 12:01:00 +01:00
plegall a04c93cf76 fixes #2092 redesigned handling of return to gallery after photo edit
* instead of using the provided cat_id in the URL parameters, registers the "context" of the last 10 photos viewed. Be it an album, a search, a tag...
* maybe not the cleanest way to do it (because we do not rebuild the url string) but simple and straightforward
2025-11-03 21:49:23 +01:00
Linty 8fb8f9f8f1 fixes #2430 use configurable user_fields in sql query
Replaced hardcoded 'username' and 'id' fields in the user query with configurable fields from $conf['user_fields'] to improve flexibility and compatibility with custom user schemas.
2025-11-02 13:48:40 +01:00
plegall b416bdb7c9 fixes #2417 ability to hide the new filter "expert mode"
... and removes 2 other duplicates of the filters_views configuration
2025-10-28 18:39:18 +01:00
plegall f0f4b30ce2 search filters: avoid to write 3 times the same default configuration 2025-10-28 16:35:05 +01:00
HWFord ac15835422 issue #2414 remove config and update css 2025-10-03 17:43:35 +02:00