iarv/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2026-05-08 06:14:54 +02:00
Code Issues Packages Projects Releases Wiki Activity
10,196 Commits 33 Branches 209 Tags
86c34737ba2ec2e212a0dcf61ef2edbfb4a20d98
Commit Graph

10196 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
plegall 86c34737ba fixes #877, avoid conflict with custom user table 2018-07-11 11:48:20 +02:00
plegall 69345c06e2 fixes #847, CVE-2018-5692 protect a few user input variables 2018-07-11 11:22:31 +02:00
plegall 23fa4c1a73 fixes #871, CVE-2018-7722 strip tags on methods pwg.categories.add, pwg.categories.setInfo, pwg.images.setInfo 
Adding pwg_token would be a better solution but would break remote applications (like the iOS app)
 2018-07-06 18:29:41 +02:00
plegall bef09018fb fixes #872, CVE-2018-7724, protect photo admin page from CSRF 2018-07-06 14:38:39 +02:00
plegall 06f4252312 fixes #258, batch manager, check the session category still exists 2018-07-06 11:52:04 +02:00
Daniel Dadap 65ac272179 Include pwg_token in user list POST request (Fixes #748) (#866) 
* user list: set pwg_token in POST data to user_list_backend.php

The POST data for the user data table request was empty, which could
cause user data retrieval to error out with HTTP 403 due to missing
the authentication token.

* user_list_backend: fix uninitialized variables

If iSortCol_0, sEcho, or sSearch are unset in the HTTP request, it
could cause variables to be uninitialized, potentially causing error
messages to be included in the HTTP response. These error messages,
if present, can prevent the JSON response from being parsed.

* user list: delete unnecessary quotes

Javascript object key names don't generally need to be quoted.
Remove some quotes that were introduced by a recent change that added
a body to the AJAX POST request to retrieve the user list.
 2018-07-06 10:51:04 +02:00
Bartosz Korczak 7e41e21af4 Fix issue #844 2018-07-05 15:50:38 +02:00
plegall 75118816b5 fixes #887, $selection is never set on PHP side, no need to use it in template 
... and it makes the template compatible with PHP 7.2
 2018-07-04 17:10:00 +02:00
Sam Wilson 31664352f5 Add missing i18n message 2018-07-03 09:59:07 +02:00
plegall b9336d7117 fixes #853, less strict check on user input "selectAction" for tag manager 
... for compatibility with plugin Colored Tags (typetags) and maybe other in the future.
 2018-03-23 10:03:47 +01:00
plegall 8a57d777aa fixes #596, compatibility with PHP 7.1 2018-02-27 12:01:45 +01:00
plegall 63932b9390 fixes #735, add API method pwg.users.getAuthKey 2018-02-22 13:26:31 +01:00
plegall 02275fe275 fixes #839, check input parameters on admin/tags.php 2018-02-21 17:34:56 +01:00
plegall b6d61a78bb fixes #838, tells PHP how many photos were deleted in Batch Manager 2018-02-08 13:03:26 +01:00
plegall 9671454e75 fixes #826, check input parameter order_by in configuration 2017-12-18 17:06:37 +01:00
plegall 9028c75c1f fixes #825, check user input on Batch Manager, unit mode, to prevent SQL injection 2017-12-18 16:44:42 +01:00
plegall 77f02bfd76 fixes #822, add token on configuration page to prevent CSRF 2017-12-18 15:13:49 +01:00
plegall 9e29db0481 fixes #824 more generic code to get current script directory (working both on Linux and MacOSX) 2017-12-18 14:29:32 +01:00
plegall 1da9d6afc4 fixes #823 add input user check to avoid SQLi on users list 2017-12-18 14:02:52 +01:00
MaximeBOURMAUD 8d25fa6e23 Add script testing Piwigo install, add album + add picture (#820) 2017-12-15 11:21:40 +01:00
plegall 98ee7c1e5c fixes #818, add remote_sync.pl script from piwigo.org forum (script written back in 2009) 2017-12-15 10:49:46 +01:00
modus75 b9f0f22395 Merge branch 'master' of https://github.com/Piwigo/Piwigo 2017-11-12 10:31:46 +01:00
modus75 1e87cc8596 fixes #777 WS categories getImages, TotalCount for correct pagination builder (fix #2) 2017-11-12 10:30:56 +01:00
Cosmin Stroe ee4aae7e74 Fixes #767 - Return a 500 HTTP status when a file upload error occurs. (#768) 
* Return a 500 HTTP status when a file upload error occurs.
 2017-10-05 15:35:24 +02:00
plegall 977588999a fixes #789, add url param hide_redirect_error 2017-10-04 10:35:33 +02:00
modus75 164b59588c fixes #777 WS categories getImages, TotalCount for correct pagination builder 2017-09-30 16:19:35 +02:00
plegall a335d70418 fixes 787, check URL parameter "action" to avoid error messages 2017-09-28 15:02:41 +02:00
modus75 46ddfabc38 Merge branch 'master' of https://github.com/Piwigo/Piwigo 2017-09-25 21:44:13 +02:00
modus75 98a39fee72 better check on input parameters (got some odd hack attempts) 2017-09-25 21:43:31 +02:00
MaximeBOURMAUD c4af38fe48 Fixes issue 723 now when requesting an private id, permalink isn't re… (#771) 
* Fixes issue 723 now when requesting an private id, permalink isn't revealed

* remove newline at end of files and one useless line

* remove newline at end of files and one useless line

* Fixes if condition
 2017-09-19 11:31:17 +02:00
MaximeBOURMAUD 943ab9d189 Issue/747 php notice when changing admin page theme (#774) 
* Fixes#747 Only variables should be passed by reference

* Fixes syntax
 2017-09-19 11:25:00 +02:00
MaximeBOURMAUD c9ab538319 Fixs issue #760 date_creation not refreshed when changing it from picture_modify (#763) 2017-09-18 17:48:42 +02:00
MaximeBOURMAUD b585f5bcc3 Removing Deprecated error message for PHP 7 (#764) 2017-09-18 17:20:45 +02:00
flop25 83dac227cf cleaning code and wrong EOL 
additional semicolon, uses of === instead of ==
 2017-09-05 18:52:15 +02:00
flop25 a29c967d34 Merge branch 'master' of https://github.com/Piwigo/Piwigo 2017-09-05 14:47:32 +02:00
flop25 06a50ca8b0 Feature #759, choose to display all Tags and/or current ones 
This commit introduces a new config var and a minor change in a tpl
(language key switch)
It also change the default behaviour; can be set back to the previous
one with $conf['menubar_tag_cloud_content'] = 'current_only'
Potential Performance issue; test needed
 2017-09-05 14:47:27 +02:00
MaximeBOURMAUD a1fc05c586 Fixes #714 - doesn't exist (#758) 2017-09-05 11:20:26 +02:00
flop25 06952b2d5a Merge branch 'master' of https://github.com/Piwigo/Piwigo 2017-09-04 18:57:26 +02:00
flop25 08cce48d4b Fixes #755 Never thow '0000-00-00 00:00:00' as value but Null instead 
only for exif ; iptc is ok
 2017-09-04 18:57:22 +02:00
MaximeBOURMAUD 2c07301467 Fixing issue #731 (#754) 
* Fixing issue #731, if NB_PHOTOS is upper than 1000 display it

* Fixs issue #731 now number of picture between 1000 and 1999 are displayed

* Fixs formatting
 2017-09-04 14:23:50 +02:00
flop25 d4487be684 Merge branch 'master' of https://github.com/Piwigo/Piwigo 2017-09-01 17:39:32 +02:00
flop25 47164bc737 fixes #603 no more use of include in tpl for comment_list 
so comment_list can be replaced via template extension or extensions
No HTML changes just tpl and php
 2017-09-01 17:39:26 +02:00
flop25 011b12cfaa fixes #751, missing DROP statements at install 2017-09-01 15:29:51 +02:00
plegall 028c4ee2d5 fixes #739, make sure keys are reset in the "uniquified" array 
... for a regular search, when different set of photos matches the search.
 2017-07-25 18:25:36 +02:00
plegall a3cf80c77c fixes #732, avoid conflict with PHP function "transliterate" 2017-07-13 11:29:27 +02:00
plegall f520f82736 fixes #726, add trigger in create_virtual_category 2017-07-03 15:56:21 +02:00
plegall 6126a09604 fixes #725, protect pwg.images.setInfo from HTML 2017-07-03 13:56:10 +02:00
plegall b5fc14700a give error details on permalink creation 2017-07-03 13:56:10 +02:00
flop25 a4982978c0 now "Apply to sub-albums" can be applied to set all children album as public ones 
https://github.com/Piwigo/Piwigo/issues/697
technically it's like going to page=cat_options&section=status but
that's more userfriendly to get that feature on permission page of an
album too
 2017-07-02 23:29:07 +02:00
flop25 30e8babd6d pwg_token left for cat_options pages 
solving https://github.com/Piwigo/Piwigo/issues/721
 2017-06-29 16:25:26 +02:00