iarv/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2026-05-01 19:12:47 +02:00
Code Issues Packages Projects Releases Wiki Activity
10,196 Commits 33 Branches 208 Tags
86c34737ba2ec2e212a0dcf61ef2edbfb4a20d98
Commit Graph

2224 Commits

Author SHA1 Message Date
plegall
69345c06e2 fixes #847, CVE-2018-5692 protect a few user input variables 2018-07-11 11:22:31 +02:00
plegall
bef09018fb fixes #872, CVE-2018-7724, protect photo admin page from CSRF 2018-07-06 14:38:39 +02:00
plegall
06f4252312 fixes #258, batch manager, check the session category still exists 2018-07-06 11:52:04 +02:00
Daniel Dadap
65ac272179 Include pwg_token in user list POST request (Fixes #748) (#866) 
* user list: set pwg_token in POST data to user_list_backend.php

The POST data for the user data table request was empty, which could
cause user data retrieval to error out with HTTP 403 due to missing
the authentication token.

* user_list_backend: fix uninitialized variables

If iSortCol_0, sEcho, or sSearch are unset in the HTTP request, it
could cause variables to be uninitialized, potentially causing error
messages to be included in the HTTP response. These error messages,
if present, can prevent the JSON response from being parsed.

* user list: delete unnecessary quotes

Javascript object key names don't generally need to be quoted.
Remove some quotes that were introduced by a recent change that added
a body to the AJAX POST request to retrieve the user list.
 2018-07-06 10:51:04 +02:00
plegall
75118816b5 fixes #887, $selection is never set on PHP side, no need to use it in template 
... and it makes the template compatible with PHP 7.2
 2018-07-04 17:10:00 +02:00
plegall
b9336d7117 fixes #853, less strict check on user input "selectAction" for tag manager 
... for compatibility with plugin Colored Tags (typetags) and maybe other in the future.
 2018-03-23 10:03:47 +01:00
plegall
02275fe275 fixes #839, check input parameters on admin/tags.php 2018-02-21 17:34:56 +01:00
plegall
b6d61a78bb fixes #838, tells PHP how many photos were deleted in Batch Manager 2018-02-08 13:03:26 +01:00
plegall
9671454e75 fixes #826, check input parameter order_by in configuration 2017-12-18 17:06:37 +01:00
plegall
9028c75c1f fixes #825, check user input on Batch Manager, unit mode, to prevent SQL injection 2017-12-18 16:44:42 +01:00
plegall
77f02bfd76 fixes #822, add token on configuration page to prevent CSRF 2017-12-18 15:13:49 +01:00
plegall
1da9d6afc4 fixes #823 add input user check to avoid SQLi on users list 2017-12-18 14:02:52 +01:00
MaximeBOURMAUD
c9ab538319 Fixs issue #760 date_creation not refreshed when changing it from picture_modify (#763) 2017-09-18 17:48:42 +02:00
flop25
06952b2d5a Merge branch 'master' of https://github.com/Piwigo/Piwigo 2017-09-04 18:57:26 +02:00
flop25
08cce48d4b Fixes #755 Never thow '0000-00-00 00:00:00' as value but Null instead 
only for exif ; iptc is ok
 2017-09-04 18:57:22 +02:00
MaximeBOURMAUD
2c07301467 Fixing issue #731 (#754) 
* Fixing issue #731, if NB_PHOTOS is upper than 1000 display it

* Fixs issue #731 now number of picture between 1000 and 1999 are displayed

* Fixs formatting
 2017-09-04 14:23:50 +02:00
plegall
f520f82736 fixes #726, add trigger in create_virtual_category 2017-07-03 15:56:21 +02:00
plegall
b5fc14700a give error details on permalink creation 2017-07-03 13:56:10 +02:00
flop25
a4982978c0 now "Apply to sub-albums" can be applied to set all children album as public ones 
https://github.com/Piwigo/Piwigo/issues/697
technically it's like going to page=cat_options&section=status but
that's more userfriendly to get that feature on permission page of an
album too
 2017-07-02 23:29:07 +02:00
flop25
30e8babd6d pwg_token left for cat_options pages 
solving https://github.com/Piwigo/Piwigo/issues/721
 2017-06-29 16:25:26 +02:00
flop25
3dd6812412 check input parameter for cat_options pages 
solving https://github.com/Piwigo/Piwigo/issues/724
 2017-06-29 16:24:15 +02:00
flop25
03a8329b89 adding pwg_token on permalink & cat_options 
and therefor solving issue:721
 2017-06-28 23:44:26 +02:00
plegall
d542de77c3 fixes #713, use the default language to send email 
and not only to build the email body message
 2017-06-21 11:44:12 +02:00
plegall
346f5c3849 fixes #707, hide decimal for "158.0 pages seen" 2017-06-14 19:42:21 +02:00
plegall
6ce14fc958 fixes #705, check user_list_backend.php input params 2017-06-13 12:27:37 +02:00
plegall
e0b7c1d157 fixes #701, use the appropriate site_id instead of 1 
When coming from the album edit page with the action link to synchronization
 2017-06-12 14:30:30 +02:00
plegall
4581f3e2ba fixes #693, pclzip compatibility with PHP 7.1 2017-06-12 13:50:28 +02:00
plegall
11c07ea530 fixes #685, syntax error in jQuery selector prevents delete photos from working on Safari 2017-05-22 11:31:21 +02:00
plegall
8b4e2ffffb fixes #683, hide decimals when disk usage is bigger than 100GB 2017-05-18 15:06:52 +02:00
plegall
686c2f7bdf fix #663, batch manager, avoid SQL error with duplicates 
* when searching duplicates on md5sum, only consider md5sum not null
* in case the GROUP_CONCAT returns on truncated string, remove the trailing ","
* add a TODO to find a better algorithm, avoiding the GROUP_CONCAT limit to 1024 chars
 2017-05-15 11:25:17 +02:00
plegall
7056f33d62 fix #679, add trigger in admin/intro to let plugins modify dashboard items 2017-05-12 15:22:44 +02:00
plegall
f4a6f9ce84 fixes #657, set the CACHE_KEYS for categories 2017-04-24 14:32:15 +02:00
plegall
1a348ab30b fixes #224, batch manager, ability to configure default number of images per page 2017-04-10 13:38:47 +02:00
plegall
f7aadd8e29 fixes #279, show error message from pwg.images.upload 2017-04-09 17:28:51 +02:00
plegall
30bedcb7d8 Merge branch 'feature/302-file_ext-case-insensitive' 2017-04-07 15:45:26 +02:00
plegall
6b88073449 function get_fs is no longer used (since 2.4) 2017-04-07 15:28:17 +02:00
plegall
d58a24c882 fixes #302, file extension case insensitive for sync 
if $conf['picture_ext'] contains "jpg", Piwigo sync will accept {jpg,JPG,Jpg,jPg,jpG,...}
 2017-04-07 15:25:10 +02:00
plegall
1c5b36f734 fixes #235, show/hide edit/caddie/representative icons on index.php or picture.php 2017-04-07 14:20:19 +02:00
plegall
03c2d12991 add icon on "save settings" button for configuration tabs 2017-04-06 16:01:41 +02:00
plegall
b0ae23e34d fixes #428, ability to hide "sizes" icon on index.php or picture.php 2017-04-06 15:55:23 +02:00
plegall
2ea5a359fe fixes #506, additional checks before deleting files 
During upgrade of theme/plugin/language, we add some more test to prevent
transversal path
 2017-03-31 14:45:30 +02:00
plegall
9783a61490 fixes #571, album deletion, do not alert about deleting 0 (zero) orphan photos 2017-03-30 15:49:05 +02:00
plegall
d50aa7476c fixes #191, auto reset $_SESSION['need_update'] on new version 
To avoid saying the user a new version is available after a manual upgrade
(which didn't reset the $_SESSION['need_update'] variable)
 2017-03-30 11:41:01 +02:00
plegall
0a85001ae8 feature #471, bug fixed (wrong variable in condition) 2017-03-29 18:55:14 +02:00
plegall
3371ef1734 only versions x.y.z can be checked against new version, not x.y.zbetaN 2017-03-29 18:54:08 +02:00
plegall
ae34f3859a feature #471, new method notify_piwigo_new_versions 
to detect if there are new versions to notify (and if notification should be done at all)
 2017-03-29 15:41:42 +02:00
plegall
609a3f1c1a feature #471, move check new versions in updates class 2017-03-27 12:17:50 +02:00
plegall
48c4b88fec fixes #638, improve speed on finding sub-categories 2017-03-20 11:58:52 +01:00
plegall
5a80c0a604 user manager, ability to open the user add form with url parameter 
to prepare the Tour of 2.9 new features
 2017-03-16 15:42:58 +01:00
plegall
a51fdb3cfd batch manager: ability to filter on a specific duplicates option 
example : admin.php?page=batch_manager&filter=prefilter-duplicates-checksum

this is to prepare Tour of 2.9 new features
 2017-03-16 15:33:38 +01:00