iarv/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2026-03-28 17:42:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
0f494baa0c193a992a1712ad4d141c92155e0a4a
Piwigo/include
History
Linty 0f494baa0c fixes #2440 enhance login security and user activity display 
Improves login security by:
- implementing constant-time authentication to reduce timing attacks
- refactoring user lookup into find_user_by_username_or_email() for username or email login
- introducing a fake user to keep password verification time consistent
- adding a finalize_login hook so plugins can control the authentication flow (2FA, rate limiting, etc.)

Also updates user activity JS to:
- better display action details
- properly handle user lists (login/logout with multiple users)
2025-11-13 14:05:35 +01:00
..
dblayer
fixes #2322 set to 0 if null
2025-02-18 10:24:33 +01:00
inflectors
fixes #2213 compatibility PHP 8
2024-09-23 15:05:39 +02:00
minify
fixes #1948 replace cssmin by minify
2025-09-23 16:28:29 +02:00
php_compat
issue #830 simplify PHP files header, remove copyright/license info
2019-06-04 17:13:51 +02:00
phpmailer
fixes #1939 update phpmailer from 6.5.1 to 6.8.0 (PHP 8.2 compatibility)
2023-08-02 12:46:34 +02:00
smarty
issue #2405 update smarty
2025-09-17 12:05:48 +02:00
ws_functions
fixes #2423, fixes #1949, fixes #2401 render title/description and keep HTML in descriptions
2025-11-10 17:00:58 +01:00
ws_protocols
Issue #2001 Compatibility PHP 8.2
2023-11-06 11:37:34 +01:00
base32.class.php
fixes GHSA-9986-w7jf-33f6 and fixes GHSA-9986-w7jf-33f6
2025-10-17 15:38:21 +02:00
block.class.php
fixes #2140 PHP 8 issues
2024-03-27 15:00:21 +01:00
cache.class.php
issue #830 simplify PHP files header, remove copyright/license info
2019-06-04 17:13:51 +02:00
calendar_base.class.php
fixes #1730 replace Smarty getVariable by getTemplateVars
2022-09-16 10:04:02 +02:00
calendar_monthly.class.php
fixes #1222 define calendar constants in calendar_base.class
2020-09-11 10:34:06 +02:00
calendar_weekly.class.php
fixes #1222 define calendar constants in calendar_base.class
2020-09-11 10:34:06 +02:00
category_cats.inc.php
fixes #1982 only fetch the list of albums we want to display
2023-11-24 18:08:52 +01:00
category_default.inc.php
fixes #1657 SVG support (both gallery and admin sides)
2022-09-01 15:20:55 +02:00
common.inc.php
fixes #2404 notify users of impending API key expiration
2025-09-04 17:21:53 +02:00
config_default.inc.php
fixes #2417 ability to hide the new filter "expert mode"
2025-10-28 18:39:18 +01:00
constants.php
next release will be 16.0.0RC2
2025-11-10 17:42:30 +01:00
derivative_params.inc.php
issue #830 simplify PHP files header, remove copyright/license info
2019-06-04 17:13:51 +02:00
derivative_std_params.inc.php
fixes #2411 disable 3xl and 4xl by default
2025-09-19 18:49:05 +02:00
derivative.inc.php
fixes #1657 SVG support (both gallery and admin sides)
2022-09-01 15:20:55 +02:00
emogrifier.class.php
Squashed commit of the following:
2018-07-12 10:52:55 +02:00
feedcreator.class.php
Squashed commit of the following:
2018-07-12 10:52:55 +02:00
filter.inc.php
issue #830 simplify PHP files header, remove copyright/license info
2019-06-04 17:13:51 +02:00
functions_calendar.inc.php
issue #830 simplify PHP files header, remove copyright/license info
2019-06-04 17:13:51 +02:00
functions_category.inc.php
fixes #1371 filter related albums with filter "Display only recently posted photos"
2022-09-12 15:19:26 +02:00
functions_comment.inc.php
fixed #1802 fixed double escape for user creation, album creation and comments
2022-11-22 16:01:43 +01:00
functions_cookie.inc.php
include/functions_cookie: use proper brackets for offset access
2019-12-04 10:40:47 +01:00
functions_filter.inc.php
issue #830 simplify PHP files header, remove copyright/license info
2019-06-04 17:13:51 +02:00
functions_html.inc.php
fixes #2434 always redirect server-side, not browser-side"
2025-11-11 18:51:32 +01:00
functions_mail.inc.php
fixes GHSA-9986-w7jf-33f6 and fixes GHSA-9986-w7jf-33f6
2025-10-17 15:38:21 +02:00
functions_metadata.inc.php
issue #1760 add infos in logger with wrong GPS coordinates
2024-06-19 15:36:04 +02:00
functions_notification.inc.php
fixes #1897 use preg_match instead of deprecated strptime
2023-10-05 15:37:48 +02:00
functions_picture.inc.php
issue #2170 update picture tpl to embed pdf reader
2024-06-20 11:56:19 +02:00
functions_plugins.inc.php
fixes #1841 register system activities
2022-12-24 17:36:35 +01:00
functions_rate.inc.php
issue #830 simplify PHP files header, remove copyright/license info
2019-06-04 17:13:51 +02:00
functions_search.inc.php
fixes #2417 ability to hide the new filter "expert mode"
2025-10-28 18:39:18 +01:00
functions_session.inc.php
fixes #2328 Piwigo 16 requires PHP 7.4, thus random_bytes is available
2025-09-22 15:36:27 +02:00
functions_tag.inc.php
fixes #2423, fixes #1949, fixes #2401 render title/description and keep HTML in descriptions
2025-11-10 17:00:58 +01:00
functions_url.inc.php
fixes #1964 make sure token exists before using it
2023-08-21 15:43:50 +02:00
functions_user.inc.php
fixes #2440 enhance login security and user activity display
2025-11-13 14:05:35 +01:00
functions.inc.php
Detect if piwigo is running in a container
2025-09-05 13:32:34 +02:00
index.php
issue #830 simplify PHP files header, remove copyright/license info
2019-06-04 17:13:51 +02:00
jshrink.class.php
fixes #951 update JShrink to version 1.4.0
2021-08-02 19:16:50 +02:00
Logger.class.php
fixes #2336 more details in Logger (execution_uuid)
2025-03-01 14:20:11 +01:00
mdetect.php
fixes #424, update mdetect.php to version 2015.05.13
2017-03-02 11:15:52 +01:00
menubar.inc.php
fixes #2414 change related tags display
2025-10-03 15:43:29 +02:00
no_photo_yet.inc.php
fixes #1241 do not use no_photo_yet for normal users
2021-05-12 15:42:00 +02:00
page_header.php
Issue #1625 add array key for dataset
2022-04-08 09:14:18 +02:00
page_tail.php
fixes #2166 add feature to send anonymous stats to piwigo.org
2024-06-10 21:32:04 +02:00
passwordhash.class.php
PHP7 compatibility, use PasswordHash from Wordpress 4.4 (PHP5+ constructor)
2015-12-20 21:36:42 +01:00
phpqrcode.php
fixes GHSA-9986-w7jf-33f6 and fixes GHSA-9986-w7jf-33f6
2025-10-17 15:38:21 +02:00
picture_comment.inc.php
fixes #1970 Undefined array key comments
2023-12-04 19:14:59 +01:00
picture_metadata.inc.php
fixes #2145 deal with array value in exif
2024-04-10 12:24:32 +02:00
picture_rate.inc.php
issue #830 simplify PHP files header, remove copyright/license info
2019-06-04 17:13:51 +02:00
pwgsession_php7.class.php
fixes #2296 include the correct class file depending on the version of php
2024-12-20 10:45:36 +01:00
pwgsession.class.php
fixes #2296 include the correct class file depending on the version of php
2024-12-20 10:45:36 +01:00
search_filters.inc.php
fixes #2417 ability to hide the new filter "expert mode"
2025-10-28 18:39:18 +01:00
section_init.inc.php
fixes #2092 redesigned handling of return to gallery after photo edit
2025-11-03 21:49:23 +01:00
selected_tags.inc.php
issue #2414 change single tag display
2025-10-07 16:47:11 +02:00
template.class.php
fixes #1948 replace cssmin by minify
2025-09-23 16:28:29 +02:00
totp.class.php
enable qrcode generation for totp secrets
2025-10-29 12:23:54 +01:00
user.inc.php
fixes #2436 refactor async upload authentication
2025-11-13 13:04:22 +01:00
ws_core.inc.php
fixes #2355 implement API key management system
2025-06-09 20:35:57 +02:00
ws_functions.inc.php
issue #1917 provide download_url to pwg.images.getInfo
2023-07-17 18:05:29 +02:00
ws_init.inc.php
fixes #1356 pwg.images.uploadAsync, move auth code to inc/user.inc.php
2021-10-07 14:53:27 +02:00