oqapi/webgui
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
12459 commits 2 branches 2 tags 120 MiB
Commit graph

314 commits

Author SHA1 Message Date
Graham Knop
b28452bb63 change CSRF token messages from warn to debug 2009-09-07 00:34:06 -05:00
Colin Kuskie
084da8e159 fix #10891: Change session->output->print to skip macros based on detecting the mime-type. 2009-09-04 09:06:23 -07:00
Colin Kuskie
48be049930 Update POD to show new default mime type. 2009-09-04 09:06:16 -07:00
Graham Knop
743e615fd8 improve handling of proxied SSL connections 2009-08-19 19:08:56 +00:00
Colin Kuskie
1c9908f490 Encapsulate logic for determining if an SSL request has been made. 
Refactor core modules to use that.
 2009-08-19 18:25:00 +00:00
Colin Kuskie
9259e1db23 And restore the original method, and add tests to catch the approximation in Session/DateTime.t instead 
of relying on Asset/Story.t
 2009-07-24 00:12:56 +00:00
Colin Kuskie
3c4ae9aa82 Refactor exact duration intervals into a separate method. 2009-07-23 23:47:45 +00:00
Graham Knop
56773eefc1 fixed #10590: Session::DateTime->secondsToInterval doesn't allow 7 weeks 2009-07-23 22:04:27 +00:00
Colin Kuskie
5e4db3adb4 Provide a framework for CSRF protection, with tests. 
Add CSRF protection to Asset editSave, AssetManager, VersionTags and Group operations.
 2009-07-06 16:58:57 +00:00
Colin Kuskie
91029e8140 Remove inline JS from the Date and DateTime forms by putting the user's firstDayOfWeek preference 
into the getWebuiProps.
 2009-06-23 19:25:50 +00:00
Colin Kuskie
1441fe2e88 Forward port urlize changes, and tests. 2009-06-10 03:34:09 +00:00
Graham Knop
4636041f5e fixed: assets can have urls with /./ or /../ in them, making them inaccessible 2009-06-10 00:42:37 +00:00
Doug Bell
25ff0dae0e Added: Google map asset. 
Added a way for authors to prevent debugging output on page requests
 2009-05-17 22:44:27 +00:00
Graham Knop
1f3ab6a419 export cleanups and mobile style 2009-05-15 09:30:20 +00:00
Randall Schwartz
2fc4f3b54d CDN: perltidy on new/changed code 2009-05-14 00:35:41 +00:00
Randall Schwartz
acd3fded45 Content Delivery Network (CDN) - optional, for either uploads only or both uploads & extras (rfe 9134) 2009-05-13 21:12:05 +00:00
Colin Kuskie
b19279a13d Add a has method to Session/Setting, so that it's easy to check if a setting 
already exists.  Very handy for upgrade scripts.
 2009-05-13 17:32:49 +00:00
Paul Driver
f4df3b1280 template attachments (scripts and stylesheets) 2009-05-01 23:03:36 +00:00
Doug Bell
faca68256c Added: Packing of templates, snippets, and head tags. 2009-04-30 17:57:26 +00:00
Doug Bell
026f7ff47e Added #10145: Global Head Tags in Settings 2009-04-29 21:51:22 +00:00
JT Smith
1b32ab4846 rfe: Extend DateTime for Week-Nrs (#9151) 2009-04-16 17:06:50 +00:00
David Delikat
9d0f7869b3 comment out the ip filter from clientCheck (in Session::Env) 
added form validation to AdSku ( with internationalized messages )
 2009-04-06 04:34:32 +00:00
Colin Kuskie
05d62c92b7 Have Setting's get work like other gets by returning a hashref when 
no param is requested.
 2009-03-30 19:46:16 +00:00
Graham Knop
ddf3a9ed74 test fix 2009-02-25 21:15:34 +00:00
David Delikat
af5ad84fc8 added code and test suite for a series of functions that 
identify non-human web clients so that advertising can
eliminate ghost impressions and ghost clicks
 2009-02-23 00:20:46 +00:00
Graham Knop
24da723629 updating copyright year 2009-02-20 23:47:30 +00:00
Colin Kuskie
c90fa56507 Make WebGUI::PseudoRequest work with fatals. Cookies are now mocked and 
tied off inside that package.  ErrorHandler uses the session request object,
instead of RequestUtil.
 2009-02-18 02:46:59 +00:00
Graham Knop
e7e46ed865 cache canShowDebug a little differently to allow for mime type changes 2009-02-17 17:29:00 +00:00
Colin Kuskie
96c15c56b2 Optimize canShowDebug for speed by caching the calculated check. 2009-02-16 21:03:31 +00:00
Colin Kuskie
47889613b9 Document why a check exists in canShowDebug. 2009-02-13 19:23:04 +00:00
Kaleb Murphy
1c8ee0b954 Removed explict utf8 decode from paramHashRef 2009-01-27 03:32:29 +00:00
Kaleb Murphy
8214390407 Form::paramHashRef now does explicit utf8 decoding 2009-01-27 03:19:55 +00:00
Colin Kuskie
41da738e0e Fix handling of multi-form and multiple select form elements by emitting 
a hidden form variable to make sure the form element was in the generated form.
Changes in User and ProfileField to support this.
 2009-01-26 21:03:23 +00:00
Colin Kuskie
118399c1db Refactor out the check for the session-request outside of the nested 
conditionals.
Use the hashref out of the request object to speed up param name lookups.
 2009-01-23 16:44:29 +00:00
Colin Kuskie
310d454162 Forward porting bug fixes for billing address and asset with uncommitted parent. 2009-01-23 15:33:30 +00:00
Colin Kuskie
81c9d117e5 Fixed a bug where the Interval Form would not work well with non-English languages. 
Fixed display of the Interval Form field in Thingy and User Profile by adding a getValueAsHtml method.
 2008-12-29 16:54:47 +00:00
Graham Knop
83a3ed6983 Make sure SQL parameters are stringified (for overloaded entries) before converting to json for debug output 2008-12-03 00:32:25 +00:00
Graham Knop
48d7ff6e34 speed up scratch and settings, since they don't need to be ordered 2008-11-24 04:02:58 +00:00
Graham Knop
d9c1f88eab cleaning up some imports 2008-11-24 04:00:46 +00:00
Graham Knop
8fb275850c small speed improvements to WebGUI::Session::DateTime 2008-11-24 04:00:38 +00:00
Graham Knop
8e81a01ba1 make stow return false values correctly 2008-11-24 02:57:11 +00:00
Colin Kuskie
47419b9602 fixing date duration i18n 2008-11-14 23:54:15 +00:00
Doug Bell
0d9dcbfb12 merge 8376 2008-11-14 23:08:10 +00:00
Graham Knop
149337d77d encode html entities when used in a setLink or setScript attribute value 2008-11-12 21:28:18 +00:00
Graham Knop
d6e00cab05 improved performance of file uploads and changed format of created uploads locations, avoiding case sensitivity problems 2008-11-12 01:17:33 +00:00
Kaleb Murphy
70a0a422b7 Removed all instances of srand. This is called implicitily by rand and be dangerous if called mulitple times by the same process. 2008-11-10 21:53:30 +00:00
Graham Knop
5b1eb1c095 only escape dangerous characters 2008-10-21 18:11:32 +00:00
Colin Kuskie
334ce4791f Update test to work with XSS fix. 2008-10-07 21:30:27 +00:00
Graham Knop
d37ded3ddc fixed: Cross site scripting issue on operation pages 2008-10-06 15:49:30 +00:00
JT Smith
ef120fb06b Added isVisitor, isAdmin, and isRegistered methods to User object instead 
of hard coding checks everywhere with group ids. And updated the code base 
   to match.
 2008-09-16 22:32:36 +00:00