adam/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2026-06-10 00:05:07 +02:00
Code Issues Packages Projects Releases Wiki Activity
10,196 Commits 34 Branches 209 Tags
86c34737ba2ec2e212a0dcf61ef2edbfb4a20d98
Commit Graph

2224 Commits

Author SHA1 Message Date
plegall 69345c06e2 fixes #847, CVE-2018-5692 protect a few user input variables 2018-07-11 11:22:31 +02:00
plegall bef09018fb fixes #872, CVE-2018-7724, protect photo admin page from CSRF 2018-07-06 14:38:39 +02:00
plegall 06f4252312 fixes #258, batch manager, check the session category still exists 2018-07-06 11:52:04 +02:00
Daniel Dadap 65ac272179 Include pwg_token in user list POST request (Fixes #748) (#866) 
* user list: set pwg_token in POST data to user_list_backend.php

The POST data for the user data table request was empty, which could
cause user data retrieval to error out with HTTP 403 due to missing
the authentication token.

* user_list_backend: fix uninitialized variables

If iSortCol_0, sEcho, or sSearch are unset in the HTTP request, it
could cause variables to be uninitialized, potentially causing error
messages to be included in the HTTP response. These error messages,
if present, can prevent the JSON response from being parsed.

* user list: delete unnecessary quotes

Javascript object key names don't generally need to be quoted.
Remove some quotes that were introduced by a recent change that added
a body to the AJAX POST request to retrieve the user list.
 2018-07-06 10:51:04 +02:00
plegall 75118816b5 fixes #887, $selection is never set on PHP side, no need to use it in template 
... and it makes the template compatible with PHP 7.2
 2018-07-04 17:10:00 +02:00
plegall b9336d7117 fixes #853, less strict check on user input "selectAction" for tag manager 
... for compatibility with plugin Colored Tags (typetags) and maybe other in the future.
 2018-03-23 10:03:47 +01:00
plegall 02275fe275 fixes #839, check input parameters on admin/tags.php 2018-02-21 17:34:56 +01:00
plegall b6d61a78bb fixes #838, tells PHP how many photos were deleted in Batch Manager 2018-02-08 13:03:26 +01:00
plegall 9671454e75 fixes #826, check input parameter order_by in configuration 2017-12-18 17:06:37 +01:00
plegall 9028c75c1f fixes #825, check user input on Batch Manager, unit mode, to prevent SQL injection 2017-12-18 16:44:42 +01:00
plegall 77f02bfd76 fixes #822, add token on configuration page to prevent CSRF 2017-12-18 15:13:49 +01:00
plegall 1da9d6afc4 fixes #823 add input user check to avoid SQLi on users list 2017-12-18 14:02:52 +01:00
MaximeBOURMAUD c9ab538319 Fixs issue #760 date_creation not refreshed when changing it from picture_modify (#763) 2017-09-18 17:48:42 +02:00
flop25 06952b2d5a Merge branch 'master' of https://github.com/Piwigo/Piwigo 2017-09-04 18:57:26 +02:00
flop25 08cce48d4b Fixes #755 Never thow '0000-00-00 00:00:00' as value but Null instead 
only for exif ; iptc is ok
 2017-09-04 18:57:22 +02:00
MaximeBOURMAUD 2c07301467 Fixing issue #731 (#754) 
* Fixing issue #731, if NB_PHOTOS is upper than 1000 display it

* Fixs issue #731 now number of picture between 1000 and 1999 are displayed

* Fixs formatting
 2017-09-04 14:23:50 +02:00
plegall f520f82736 fixes #726, add trigger in create_virtual_category 2017-07-03 15:56:21 +02:00
plegall b5fc14700a give error details on permalink creation 2017-07-03 13:56:10 +02:00
flop25 a4982978c0 now "Apply to sub-albums" can be applied to set all children album as public ones 
https://github.com/Piwigo/Piwigo/issues/697
technically it's like going to page=cat_options&section=status but
that's more userfriendly to get that feature on permission page of an
album too
 2017-07-02 23:29:07 +02:00
flop25 30e8babd6d pwg_token left for cat_options pages 
solving https://github.com/Piwigo/Piwigo/issues/721
 2017-06-29 16:25:26 +02:00
flop25 3dd6812412 check input parameter for cat_options pages 
solving https://github.com/Piwigo/Piwigo/issues/724
 2017-06-29 16:24:15 +02:00
flop25 03a8329b89 adding pwg_token on permalink & cat_options 
and therefor solving issue:721
 2017-06-28 23:44:26 +02:00
plegall d542de77c3 fixes #713, use the default language to send email 
and not only to build the email body message
 2017-06-21 11:44:12 +02:00
plegall 346f5c3849 fixes #707, hide decimal for "158.0 pages seen" 2017-06-14 19:42:21 +02:00
plegall 6ce14fc958 fixes #705, check user_list_backend.php input params 2017-06-13 12:27:37 +02:00
plegall e0b7c1d157 fixes #701, use the appropriate site_id instead of 1 
When coming from the album edit page with the action link to synchronization
 2017-06-12 14:30:30 +02:00
plegall 4581f3e2ba fixes #693, pclzip compatibility with PHP 7.1 2017-06-12 13:50:28 +02:00
plegall 11c07ea530 fixes #685, syntax error in jQuery selector prevents delete photos from working on Safari 2017-05-22 11:31:21 +02:00
plegall 8b4e2ffffb fixes #683, hide decimals when disk usage is bigger than 100GB 2017-05-18 15:06:52 +02:00
plegall 686c2f7bdf fix #663, batch manager, avoid SQL error with duplicates 
* when searching duplicates on md5sum, only consider md5sum not null
* in case the GROUP_CONCAT returns on truncated string, remove the trailing ","
* add a TODO to find a better algorithm, avoiding the GROUP_CONCAT limit to 1024 chars
 2017-05-15 11:25:17 +02:00
plegall 7056f33d62 fix #679, add trigger in admin/intro to let plugins modify dashboard items 2017-05-12 15:22:44 +02:00
plegall f4a6f9ce84 fixes #657, set the CACHE_KEYS for categories 2017-04-24 14:32:15 +02:00
plegall 1a348ab30b fixes #224, batch manager, ability to configure default number of images per page 2017-04-10 13:38:47 +02:00
plegall f7aadd8e29 fixes #279, show error message from pwg.images.upload 2017-04-09 17:28:51 +02:00
plegall 30bedcb7d8 Merge branch 'feature/302-file_ext-case-insensitive' 2017-04-07 15:45:26 +02:00
plegall 6b88073449 function get_fs is no longer used (since 2.4) 2017-04-07 15:28:17 +02:00
plegall d58a24c882 fixes #302, file extension case insensitive for sync 
if $conf['picture_ext'] contains "jpg", Piwigo sync will accept {jpg,JPG,Jpg,jPg,jpG,...}
 2017-04-07 15:25:10 +02:00
plegall 1c5b36f734 fixes #235, show/hide edit/caddie/representative icons on index.php or picture.php 2017-04-07 14:20:19 +02:00
plegall 03c2d12991 add icon on "save settings" button for configuration tabs 2017-04-06 16:01:41 +02:00
plegall b0ae23e34d fixes #428, ability to hide "sizes" icon on index.php or picture.php 2017-04-06 15:55:23 +02:00
plegall 2ea5a359fe fixes #506, additional checks before deleting files 
During upgrade of theme/plugin/language, we add some more test to prevent
transversal path
 2017-03-31 14:45:30 +02:00
plegall 9783a61490 fixes #571, album deletion, do not alert about deleting 0 (zero) orphan photos 2017-03-30 15:49:05 +02:00
plegall d50aa7476c fixes #191, auto reset $_SESSION['need_update'] on new version 
To avoid saying the user a new version is available after a manual upgrade
(which didn't reset the $_SESSION['need_update'] variable)
 2017-03-30 11:41:01 +02:00
plegall 0a85001ae8 feature #471, bug fixed (wrong variable in condition) 2017-03-29 18:55:14 +02:00
plegall 3371ef1734 only versions x.y.z can be checked against new version, not x.y.zbetaN 2017-03-29 18:54:08 +02:00
plegall ae34f3859a feature #471, new method notify_piwigo_new_versions 
to detect if there are new versions to notify (and if notification should be done at all)
 2017-03-29 15:41:42 +02:00
plegall 609a3f1c1a feature #471, move check new versions in updates class 2017-03-27 12:17:50 +02:00
plegall 48c4b88fec fixes #638, improve speed on finding sub-categories 2017-03-20 11:58:52 +01:00
plegall 5a80c0a604 user manager, ability to open the user add form with url parameter 
to prepare the Tour of 2.9 new features
 2017-03-16 15:42:58 +01:00
plegall a51fdb3cfd batch manager: ability to filter on a specific duplicates option 
example : admin.php?page=batch_manager&filter=prefilter-duplicates-checksum

this is to prepare Tour of 2.9 new features
 2017-03-16 15:33:38 +01:00