diff options
| author | Tim Almdal <tnalmdal@shaw.ca> | 2010-02-17 06:46:48 -0800 |
|---|---|---|
| committer | Tim Almdal <tnalmdal@shaw.ca> | 2010-02-17 06:46:48 -0800 |
| commit | 74472dc83ca897423c630dce0d1d7e3b13bb0b5f (patch) | |
| tree | 4cac66304fcc8346ad238d2cda123160b65f3eb3 | |
| parent | eb1cdd037646b3697b64753652669fa9e25a5c8e (diff) | |
| parent | 4ca55a90ee2f8e1d8595b0ec53a601d6c65475f6 (diff) | |
Merge branch 'master' into talmdal_dev
| -rw-r--r-- | modules/gallery/helpers/gallery_installer.php | 2 | ||||
| -rw-r--r-- | modules/gallery/libraries/Gallery_I18n.php | 3 | ||||
| -rw-r--r-- | modules/gallery/models/item.php | 6 | ||||
| -rw-r--r-- | modules/gallery/tests/xss_data.txt | 56 | ||||
| -rw-r--r-- | modules/gallery/views/reauthenticate.html.php | 5 | ||||
| -rw-r--r-- | modules/organize/controllers/organize.php | 6 | ||||
| -rw-r--r-- | modules/rss/views/feed.mrss.php | 46 | ||||
| -rw-r--r-- | modules/user/helpers/user_installer.php | 8 | ||||
| -rw-r--r-- | themes/wind/css/fix-ie.css | 10 | ||||
| -rw-r--r-- | themes/wind/js/ui.init.js | 3 |
10 files changed, 79 insertions, 66 deletions
diff --git a/modules/gallery/helpers/gallery_installer.php b/modules/gallery/helpers/gallery_installer.php index 45d991af..b594ddcf 100644 --- a/modules/gallery/helpers/gallery_installer.php +++ b/modules/gallery/helpers/gallery_installer.php @@ -287,7 +287,7 @@ class gallery_installer { // Mark string for translation $powered_by_string = t("Powered by <a href=\"%url\">%gallery_version</a>", array("locale" => "root")); - module::set_var("gallery", "credits", $powered_by_string); + module::set_var("gallery", "credits", (string) $powered_by_string); module::set_var("gallery", "simultaneous_upload_limit", 5); module::set_var("gallery", "admin_area_timeout", 90 * 60); module::set_version("gallery", 29); diff --git a/modules/gallery/libraries/Gallery_I18n.php b/modules/gallery/libraries/Gallery_I18n.php index cfed046a..160543c9 100644 --- a/modules/gallery/libraries/Gallery_I18n.php +++ b/modules/gallery/libraries/Gallery_I18n.php @@ -117,6 +117,9 @@ class Gallery_I18n_Core { $count = isset($options['count']) ? $options['count'] : null; $values = $options; unset($values['locale']); + if ($message instanceof SafeString) { + $message = (string) $message; + } $this->log($message, $options); $entry = $this->lookup($locale, $message); diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php index 283654c7..a64bcb49 100644 --- a/modules/gallery/models/item.php +++ b/modules/gallery/models/item.php @@ -931,13 +931,13 @@ class Item_Model extends ORM_MPTT { unset($data["album_cover_item_id"]); if (access::can("view_fillsize", $this) && $this->is_photo()) { - $data["fullsize_url"] = $this->abs_url(); + $data["fullsize_url"] = $this->abs_url(true); } - if ($tmp = $this->resize_url() && $this->is_photo()) { + if ($tmp = $this->resize_url(true) && $this->is_photo()) { $data["resize_url"] = $tmp; } - $data["thumb_url"] = $this->thumb_url(); + $data["thumb_url"] = $this->thumb_url(true); // Elide some internal-only data that is going to cause confusion in the client. foreach (array("relative_path_cache", "relative_url_cache", "left_ptr", "right_ptr", diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt index e53502ee..44233459 100644 --- a/modules/gallery/tests/xss_data.txt +++ b/modules/gallery/tests/xss_data.txt @@ -32,8 +32,8 @@ modules/comment/views/comment.mrss.php 29 DIRTY $child modules/comment/views/comment.mrss.php 34 DIRTY_ATTR $child->thumb_url modules/comment/views/comment.mrss.php 35 DIRTY_ATTR $child->thumb_height modules/comment/views/comment.mrss.php 35 DIRTY_ATTR $child->thumb_width -modules/comment/views/comments.html.php 16 DIRTY_ATTR $comment->id -modules/comment/views/comments.html.php 19 DIRTY_ATTR $comment->author()->avatar_url(40,$theme->url(,true)) +modules/comment/views/comments.html.php 18 DIRTY_ATTR $comment->id +modules/comment/views/comments.html.php 21 DIRTY_ATTR $comment->author()->avatar_url(40,$theme->url(,true)) modules/comment/views/user_profile_comments.html.php 5 DIRTY_ATTR $comment->id modules/comment/views/user_profile_comments.html.php 10 DIRTY_JS $comment->item()->url() modules/comment/views/user_profile_comments.html.php 11 DIRTY $comment->item()->thumb_img(array(),50) @@ -81,19 +81,18 @@ modules/gallery/views/admin_maintenance.html.php 24 DIRTY_ATTR log: modules/gallery/views/admin_maintenance.html.php 25 DIRTY_ATTR log::severity_class($task->severity) modules/gallery/views/admin_maintenance.html.php 26 DIRTY $task->name modules/gallery/views/admin_maintenance.html.php 29 DIRTY $task->description -modules/gallery/views/admin_maintenance.html.php 33 DIRTY_JS "{$button->url}/$task->callback?csrf=$csrf" -modules/gallery/views/admin_maintenance.html.php 76 DIRTY_ATTR text::alternate("g-odd","g-even") -modules/gallery/views/admin_maintenance.html.php 76 DIRTY_ATTR $task->state=="stalled"?"g-warning":"" -modules/gallery/views/admin_maintenance.html.php 77 DIRTY_ATTR $task->state=="stalled"?"g-warning":"" -modules/gallery/views/admin_maintenance.html.php 78 DIRTY gallery::date_time($task->updated) -modules/gallery/views/admin_maintenance.html.php 81 DIRTY $task->name -modules/gallery/views/admin_maintenance.html.php 96 DIRTY $task->status -modules/gallery/views/admin_maintenance.html.php 147 DIRTY_ATTR text::alternate("g-odd","g-even") -modules/gallery/views/admin_maintenance.html.php 147 DIRTY_ATTR $task->state=="success"?"g-success":"g-error" -modules/gallery/views/admin_maintenance.html.php 148 DIRTY_ATTR $task->state=="success"?"g-success":"g-error" -modules/gallery/views/admin_maintenance.html.php 149 DIRTY gallery::date_time($task->updated) -modules/gallery/views/admin_maintenance.html.php 152 DIRTY $task->name -modules/gallery/views/admin_maintenance.html.php 164 DIRTY $task->status +modules/gallery/views/admin_maintenance.html.php 70 DIRTY_ATTR text::alternate("g-odd","g-even") +modules/gallery/views/admin_maintenance.html.php 70 DIRTY_ATTR $task->state=="stalled"?"g-warning":"" +modules/gallery/views/admin_maintenance.html.php 71 DIRTY_ATTR $task->state=="stalled"?"g-warning":"" +modules/gallery/views/admin_maintenance.html.php 72 DIRTY gallery::date_time($task->updated) +modules/gallery/views/admin_maintenance.html.php 75 DIRTY $task->name +modules/gallery/views/admin_maintenance.html.php 90 DIRTY $task->status +modules/gallery/views/admin_maintenance.html.php 141 DIRTY_ATTR text::alternate("g-odd","g-even") +modules/gallery/views/admin_maintenance.html.php 141 DIRTY_ATTR $task->state=="success"?"g-success":"g-error" +modules/gallery/views/admin_maintenance.html.php 142 DIRTY_ATTR $task->state=="success"?"g-success":"g-error" +modules/gallery/views/admin_maintenance.html.php 143 DIRTY gallery::date_time($task->updated) +modules/gallery/views/admin_maintenance.html.php 146 DIRTY $task->name +modules/gallery/views/admin_maintenance.html.php 158 DIRTY $task->status modules/gallery/views/admin_maintenance_show_log.html.php 8 DIRTY_JS url::site("admin/maintenance/save_log/$task->id?csrf=$csrf") modules/gallery/views/admin_maintenance_show_log.html.php 13 DIRTY $task->name modules/gallery/views/admin_maintenance_task.html.php 55 DIRTY $task->name @@ -121,6 +120,7 @@ modules/gallery/views/admin_themes.html.php 62 DIRTY $theme modules/gallery/views/admin_themes.html.php 76 DIRTY $info->name modules/gallery/views/admin_themes.html.php 78 DIRTY $info->description modules/gallery/views/admin_themes_preview.html.php 7 DIRTY_ATTR $url +modules/gallery/views/error_404.html.php 14 DIRTY $login_form modules/gallery/views/form_uploadify.html.php 30 DIRTY_JS url::file("lib/uploadify/uploadify.swf") modules/gallery/views/form_uploadify.html.php 31 DIRTY_JS url::site("simple_uploader/add_photo/{$album->id}") modules/gallery/views/form_uploadify.html.php 35 DIRTY_JS url::file("lib/uploadify/cancel.png") @@ -128,8 +128,7 @@ modules/gallery/views/form_uploadify.html.php 36 DIRTY_JS $simul modules/gallery/views/in_place_edit.html.php 2 DIRTY form::open($action,array("method"=>"post","id"=>"g-in-place-edit-form","class"=>"g-short-form")) modules/gallery/views/in_place_edit.html.php 3 DIRTY access::csrf_form_field() modules/gallery/views/in_place_edit.html.php 6 DIRTY form::input("input",$form["input"]," class=\"textbox\"") -modules/gallery/views/kohana_error_page.php 102 DIRTY $message -modules/gallery/views/kohana_error_page.php 116 DIRTY $trace +modules/gallery/views/in_place_edit.html.php 14 DIRTY $errors["input"] modules/gallery/views/kohana_profiler.php 32 DIRTY $profile->render(); modules/gallery/views/l10n_client.html.php 21 DIRTY_ATTR $string["translation"]===""?"untranslated":"translated" modules/gallery/views/l10n_client.html.php 23 DIRTY $string["source"]["one"] @@ -148,18 +147,18 @@ modules/gallery/views/l10n_client.html.php 67 DIRTY form:: modules/gallery/views/login_ajax.html.php 6 DIRTY_JS url::site("password/reset") modules/gallery/views/login_ajax.html.php 37 DIRTY $form modules/gallery/views/maintenance.html.php 46 DIRTY auth::get_login_form("login/auth_html") -modules/gallery/views/menu.html.php 4 DIRTY isset($menu->css_id)?"id='$menu->css_id'":"" +modules/gallery/views/menu.html.php 4 DIRTY $menu->css_id?"id='$menu->css_id'":"" modules/gallery/views/menu.html.php 4 DIRTY_ATTR $menu->css_class modules/gallery/views/menu.html.php 6 DIRTY $element->render() modules/gallery/views/menu.html.php 18 DIRTY $element->render() -modules/gallery/views/menu_ajax_link.html.php 3 DIRTY_ATTR $menu->css_id +modules/gallery/views/menu_ajax_link.html.php 3 DIRTY $menu->css_id?"id='{$menu->css_id}'":"" modules/gallery/views/menu_ajax_link.html.php 4 DIRTY_ATTR $menu->css_class modules/gallery/views/menu_ajax_link.html.php 5 DIRTY_JS $menu->url modules/gallery/views/menu_ajax_link.html.php 7 DIRTY $menu->ajax_handler -modules/gallery/views/menu_dialog.html.php 3 DIRTY_ATTR $menu->css_id +modules/gallery/views/menu_dialog.html.php 3 DIRTY $menu->css_id?"id='{$menu->css_id}'":"" modules/gallery/views/menu_dialog.html.php 4 DIRTY_ATTR $menu->css_class modules/gallery/views/menu_dialog.html.php 5 DIRTY_JS $menu->url -modules/gallery/views/menu_link.html.php 3 DIRTY_ATTR $menu->css_id +modules/gallery/views/menu_link.html.php 3 DIRTY $menu->css_id?"id='{$menu->css_id}'":"" modules/gallery/views/menu_link.html.php 4 DIRTY_ATTR $menu->css_class modules/gallery/views/menu_link.html.php 5 DIRTY_JS $menu->url modules/gallery/views/move_browse.html.php 4 DIRTY_JS url::site("move/show_sub_tree/{$source->id}/__TARGETID__") @@ -209,6 +208,7 @@ modules/gallery/views/permissions_form.html.php 75 DIRTY_JS $item- modules/gallery/views/permissions_form.html.php 80 DIRTY_JS $group->id modules/gallery/views/permissions_form.html.php 80 DIRTY_JS $permission->id modules/gallery/views/permissions_form.html.php 80 DIRTY_JS $item->id +modules/gallery/views/reauthenticate.html.php 9 DIRTY $form modules/gallery/views/upgrader.html.php 57 DIRTY_ATTR $done?"muted":"" modules/gallery/views/upgrader.html.php 61 DIRTY_ATTR $done?"muted":"" modules/gallery/views/upgrader.html.php 69 DIRTY_ATTR $module->version==$module->code_version?"current":"upgradeable" @@ -239,15 +239,13 @@ modules/organize/views/organize_dialog.html.php 4 DIRTY_JS url::s modules/organize/views/organize_dialog.html.php 5 DIRTY_JS url::site("organize/sort_order/__ALBUM_ID__/__COL__/__DIR__?csrf=$csrf") modules/organize/views/organize_dialog.html.php 6 DIRTY_JS url::site("organize/tree/__ALBUM_ID__") modules/organize/views/organize_dialog.html.php 14 DIRTY $album_tree -modules/organize/views/organize_dialog.html.php 24 DIRTY $micro_thumb_grid +modules/organize/views/organize_dialog.html.php 23 DIRTY $micro_thumb_grid modules/organize/views/organize_dialog.html.php 32 DIRTY form::dropdown(array("id"=>"g-organize-sort-column"),album::get_sort_order_options(),$album->sort_column) -modules/organize/views/organize_dialog.html.php 33 DIRTY form::dropdown(array("id"=>"g-organize-sort-order"),array("ASC"=>"Ascending","DESC"=>"Descending"),$album->sort_order) -modules/organize/views/organize_thumb_grid.html.php 3 DIRTY_ATTR $child->id +modules/organize/views/organize_thumb_grid.html.php 3 DIRTY_ATTR $child->is_album()?"g-album":"g-photo" modules/organize/views/organize_thumb_grid.html.php 4 DIRTY_ATTR $child->id -modules/organize/views/organize_thumb_grid.html.php 5 DIRTY_ATTR $child->is_album()?"g-album":"g-photo" -modules/organize/views/organize_thumb_grid.html.php 6 DIRTY $child->thumb_img(array("class"=>"g-thumbnail","ref"=>$child->id),90,true) -modules/organize/views/organize_thumb_grid.html.php 7 DIRTY $child->is_album()?" class=\"ui-icon ui-icon-note\"":"" -modules/organize/views/organize_thumb_grid.html.php 15 DIRTY_JS url::site("organize/album/$album->id/".($offset+25)) +modules/organize/views/organize_thumb_grid.html.php 5 DIRTY $child->thumb_img(array("class"=>"g-thumbnail","ref"=>$child->id),90,true) +modules/organize/views/organize_thumb_grid.html.php 6 DIRTY $child->is_album()?" class=\"ui-icon ui-icon-note\"":"" +modules/organize/views/organize_thumb_grid.html.php 13 DIRTY_JS url::site("organize/album/$album->id/".($offset+25)) modules/organize/views/organize_tree.html.php 2 DIRTY_ATTR access::can("edit",$album)?"":"g-view-only" modules/organize/views/organize_tree.html.php 3 DIRTY_ATTR $album->id modules/organize/views/organize_tree.html.php 6 DIRTY_ATTR $selected&&$album->id==$selected->id?"ui-state-focus":"" @@ -255,6 +253,7 @@ modules/organize/views/organize_tree.html.php 7 DIRTY_ATTR $alb modules/organize/views/organize_tree.html.php 13 DIRTY View::factory("organize_tree.html",array("selected"=>$selected,"album"=>$child)); modules/organize/views/organize_tree.html.php 15 DIRTY_ATTR access::can("edit",$child)?"":"g-view-only" modules/organize/views/organize_tree.html.php 16 DIRTY_ATTR $child->id +modules/organize/views/organize_tree.html.php 18 DIRTY_ATTR $selected&&$child->id==$selected->id?"ui-state-focus":"" modules/organize/views/organize_tree.html.php 18 DIRTY_ATTR $child->id modules/recaptcha/views/admin_recaptcha.html.php 11 DIRTY $form modules/recaptcha/views/admin_recaptcha.html.php 23 DIRTY_JS $public_key @@ -323,7 +322,6 @@ modules/user/views/admin_users.html.php 123 DIRTY_ATTR ($gr modules/user/views/admin_users.html.php 125 DIRTY $v modules/user/views/admin_users_group.html.php 22 DIRTY_JS $user->id modules/user/views/admin_users_group.html.php 22 DIRTY_JS $group->id -modules/user/views/user_form.html.php 7 DIRTY $form modules/watermark/views/admin_watermarks.html.php 20 DIRTY_ATTR $width modules/watermark/views/admin_watermarks.html.php 20 DIRTY_ATTR $height modules/watermark/views/admin_watermarks.html.php 20 DIRTY_ATTR $url diff --git a/modules/gallery/views/reauthenticate.html.php b/modules/gallery/views/reauthenticate.html.php index 8611d0f7..9a6696fb 100644 --- a/modules/gallery/views/reauthenticate.html.php +++ b/modules/gallery/views/reauthenticate.html.php @@ -7,4 +7,9 @@ <?= t("You are currently logged in as %user_name.", array("user_name" => $user_name)) ?> </p> <?= $form ?> + <script type="text/javascript"> + $("#g-reauthenticate-form").ready(function() { + $("#g-password").focus(); + }); + </script> </div>
\ No newline at end of file diff --git a/modules/organize/controllers/organize.php b/modules/organize/controllers/organize.php index 9d9da65e..c92d711f 100644 --- a/modules/organize/controllers/organize.php +++ b/modules/organize/controllers/organize.php @@ -127,7 +127,7 @@ class Organize_Controller extends Controller { "sort_order" => $album->sort_order)); } - function sort_order($album_id, $col, $dir) { + public function sort_order($album_id, $col, $dir) { access::verify_csrf(); $album = ORM::factory("item", $album_id); @@ -149,10 +149,10 @@ class Organize_Controller extends Controller { "sort_order" => $album->sort_order)); } - private static function _get_micro_thumb_grid($album, $offset) { + private static function _get_micro_thumb_grid(Item_Model $album, $offset) { $v = new View("organize_thumb_grid.html"); $v->album = $album; - $v->offset = $offset; + $v->offset = (int) $offset; return $v; } diff --git a/modules/rss/views/feed.mrss.php b/modules/rss/views/feed.mrss.php index cdb4f0f0..0fd8095d 100644 --- a/modules/rss/views/feed.mrss.php +++ b/modules/rss/views/feed.mrss.php @@ -49,32 +49,30 @@ height="<?= $child->thumb_height ?>" width="<?= $child->thumb_width ?>" /> + <? $view_full = access::can("view_full", $child); ?> + <? if ($child->type == "photo" && $view_full): ?> <media:group> - <? if ($child->type == "photo"): ?> - <media:content url="<?= $child->resize_url(true) ?>" - fileSize="<?= @filesize($child->resize_path()) ?>" - type="<?= $child->mime_type ?>" - height="<?= $child->resize_height ?>" - width="<?= $child->resize_width ?>" - /> - <? if (access::can("view_full", $child)): ?> - <media:content url="<?= $child->file_url(true) ?>" - fileSize="<?= @filesize($child->file_path()) ?>" - type="<?= $child->mime_type ?>" - height="<?= $child->height ?>" - width="<?= $child->width ?>" - isDefault="true" - /> - <? endif ?> - <? else: ?> - <media:content url="<?= $child->file_url(true) ?>" - fileSize="<?= @filesize($child->file_path()) ?>" - height="<?= $child->height ?>" - width="<?= $child->width ?>" - type="<?= $child->mime_type ?>" - /> - <? endif ?> + <? endif ?> + <? if ($child->type == "photo"): ?> + <media:content url="<?= $child->resize_url(true) ?>" + fileSize="<?= @filesize($child->resize_path()) ?>" + type="<?= $child->mime_type ?>" + height="<?= $child->resize_height ?>" + width="<?= $child->resize_width ?>" + /> + <? endif ?> + <? if ($view_full): ?> + <media:content url="<?= $child->file_url(true) ?>" + fileSize="<?= @filesize($child->file_path()) ?>" + type="<?= $child->mime_type ?>" + height="<?= $child->height ?>" + width="<?= $child->width ?>" + isDefault="true" + /> + <? endif ?> + <? if ($child->type == "photo" && $view_full): ?> </media:group> + <? endif ?> </item> <? endforeach ?> </channel> diff --git a/modules/user/helpers/user_installer.php b/modules/user/helpers/user_installer.php index c57ad010..9e757ecd 100644 --- a/modules/user/helpers/user_installer.php +++ b/modules/user/helpers/user_installer.php @@ -98,25 +98,25 @@ class user_installer { DEFAULT CHARSET=utf8;"); $everybody = ORM::factory("group"); - $everybody->name = t("Everybody", array("locale" => "root")); + $everybody->name = (string) t("Everybody", array("locale" => "root")); $everybody->special = true; $everybody->save(); $registered = ORM::factory("group"); - $registered->name = t("Registered Users", array("locale" => "root")); + $registered->name = (string) t("Registered Users", array("locale" => "root")); $registered->special = true; $registered->save(); $guest = ORM::factory("user"); $guest->name = "guest"; - $guest->full_name = t("Guest User", array("locale" => "root")); + $guest->full_name = (string) t("Guest User", array("locale" => "root")); $guest->password = ""; $guest->guest = true; $guest->save(); $admin = ORM::factory("user"); $admin->name = "admin"; - $admin->full_name = t("Gallery Administrator", array("locale" => "root")); + $admin->full_name = (string) t("Gallery Administrator", array("locale" => "root")); $admin->password = "admin"; $admin->email = "unknown@unknown.com"; $admin->admin = true; diff --git a/themes/wind/css/fix-ie.css b/themes/wind/css/fix-ie.css index 4f0d0888..f7f08486 100644 --- a/themes/wind/css/fix-ie.css +++ b/themes/wind/css/fix-ie.css @@ -7,6 +7,16 @@ zoom: 1; } +#g-photo, +#g-movie { + zoom: 1; +} + +#g-photo .g-context-menu, +#g-movie .g-context-menu { + width: 240px; +} + input.submit { clear: none !important; display: inline !important; diff --git a/themes/wind/js/ui.init.js b/themes/wind/js/ui.init.js index 64eb6bc3..6edf6be4 100644 --- a/themes/wind/js/ui.init.js +++ b/themes/wind/js/ui.init.js @@ -98,8 +98,7 @@ $(document).ready(function() { $("#g-photo,#g-movie").gallery_fit_photo(); // Initialize context menus - var resize = $("#g-photo,#g-movie").gallery_get_photo(); - $(resize).hover(function(){ + $("#g-photo,#g-movie").hover(function(){ $(this).gallery_context_menu(); }); |