diff options
| author | Bharat Mediratta <bharat@menalto.com> | 2009-05-31 00:11:48 -0700 |
|---|---|---|
| committer | Bharat Mediratta <bharat@menalto.com> | 2009-05-31 00:11:48 -0700 |
| commit | 708f27f483d70660446ea2132b02cb7b39225f98 (patch) | |
| tree | c1f6231ea024565be6c2a41ad092eea05b30d7fc /modules/gallery | |
| parent | ad81861c331f60ec8c19ea11e47e2826660fa142 (diff) | |
Run p::clean() on any variables that contain data entered by users.
Diffstat (limited to 'modules/gallery')
9 files changed, 19 insertions, 19 deletions
diff --git a/modules/gallery/views/admin_advanced_settings.html.php b/modules/gallery/views/admin_advanced_settings.html.php index 9f90d671..77aff050 100644 --- a/modules/gallery/views/admin_advanced_settings.html.php +++ b/modules/gallery/views/admin_advanced_settings.html.php @@ -20,12 +20,12 @@ <? if ($var->module_name == "gallery" && $var->name == "_cache") continue ?> <tr class="setting"> <td> <?= $var->module_name ?> </td> - <td> <?= $var->name ?> </td> + <td> <?= p::clean($var->name) ?> </td> <td> - <a href="<?= url::site("admin/advanced_settings/edit/$var->module_name/$var->name") ?>" + <a href="<?= url::site("admin/advanced_settings/edit/$var->module_name/" . p::clean($var->name)) ?>" class="gDialogLink" - title="<?= t("Edit %var (%module_name)", array("var" => $var->name, "module_name" => $var->module_name)) ?>"> - <?= $var->value ?> + title="<?= t("Edit %var (%module_name)", array("var" => p::clean($var->name), "module_name" => $var->module_name)) ?>"> + <?= p::clean($var->value) ?> </a> </td> </tr> diff --git a/modules/gallery/views/admin_block_log_entries.html.php b/modules/gallery/views/admin_block_log_entries.html.php index db6313e1..5d8f3084 100644 --- a/modules/gallery/views/admin_block_log_entries.html.php +++ b/modules/gallery/views/admin_block_log_entries.html.php @@ -2,7 +2,7 @@ <ul> <? foreach ($entries as $entry): ?> <li class="<?= log::severity_class($entry->severity) ?>"> - <a href="<?= url::site("user/$entry->user_id") ?>"><?= $entry->user->name ?></a> + <a href="<?= url::site("user/$entry->user_id") ?>"><?= p::clean($entry->user->name) ?></a> <?= date("Y-M-d H:i:s", $entry->timestamp) ?> <?= $entry->message ?> <?= $entry->html ?> diff --git a/modules/gallery/views/admin_block_photo_stream.html.php b/modules/gallery/views/admin_block_photo_stream.html.php index e8a4d933..1e1329d1 100644 --- a/modules/gallery/views/admin_block_photo_stream.html.php +++ b/modules/gallery/views/admin_block_photo_stream.html.php @@ -2,9 +2,9 @@ <ul> <? foreach ($photos as $photo): ?> <li class="gItem gPhoto"> - <a href="<?= url::site("photos/$photo->id") ?>" title="<?= $photo->title ?>"> + <a href="<?= url::site("photos/$photo->id") ?>" title="<?= p::clean($photo->title) ?>"> <img <?= photo::img_dimensions($photo->width, $photo->height, 72) ?> - src="<?= $photo->thumb_url() ?>" alt="<?= $photo->title ?>" /> + src="<?= $photo->thumb_url() ?>" alt="<?= p::clean($photo->title) ?>" /> </a> </li> <? endforeach ?> diff --git a/modules/gallery/views/admin_maintenance.html.php b/modules/gallery/views/admin_maintenance.html.php index bc060a7b..66c4eea0 100644 --- a/modules/gallery/views/admin_maintenance.html.php +++ b/modules/gallery/views/admin_maintenance.html.php @@ -90,7 +90,7 @@ <?= $task->status ?> </td> <td> - <?= $task->owner()->name ?> + <?= p::clean($task->owner()->name) ?> </td> <td> <? if ($task->state == "stalled"): ?> diff --git a/modules/gallery/views/after_install.html.php b/modules/gallery/views/after_install.html.php index aa26858a..d6ba8e7c 100644 --- a/modules/gallery/views/after_install.html.php +++ b/modules/gallery/views/after_install.html.php @@ -8,7 +8,7 @@ </p> <p> - <?= t("You're logged in to the <b>%user_name</b> account. The very first thing you should do is to change your password to something that you'll remember.", array("user_name" => $user->name)) ?> + <?= t("You're logged in to the <b>%user_name</b> account. The very first thing you should do is to change your password to something that you'll remember.", array("user_name" => p::clean($user->name))) ?> </p> <p> diff --git a/modules/gallery/views/move_tree.html.php b/modules/gallery/views/move_tree.html.php index a3a4bc8f..91a2f9da 100644 --- a/modules/gallery/views/move_tree.html.php +++ b/modules/gallery/views/move_tree.html.php @@ -1,18 +1,18 @@ <?php defined("SYSPATH") or die("No direct script access.") ?> <?= $parent->thumb_tag(array(), 25); ?> <? if (!access::can("edit", $parent) || $source->is_descendant($parent)): ?> -<a href="javascript:load_tree('<?= $parent->id ?>',1)"> <?= $parent->title ?> <?= t("(locked)") ?> </a> +<a href="javascript:load_tree('<?= $parent->id ?>',1)"> <?= p::clean($parent->title) ?> <?= t("(locked)") ?> </a> <? else: ?> -<a href="javascript:load_tree('<?= $parent->id ?>',0)"> <?= $parent->title ?></a> +<a href="javascript:load_tree('<?= $parent->id ?>',0)"> <?= p::clean($parent->title) ?></a> <? endif ?> <ul id="tree_<?= $parent->id ?>"> <? foreach ($children as $child): ?> <li id="node_<?= $child->id ?>" class="node"> <?= $child->thumb_tag(array(), 25); ?> <? if (!access::can("edit", $child) || $source->is_descendant($child)): ?> - <a href="javascript:load_tree('<?= $child->id ?>',1)"> <?= $child->title ?> <?= t("(locked)") ?></a> + <a href="javascript:load_tree('<?= $child->id ?>',1)"> <?= p::clean($child->title) ?> <?= t("(locked)") ?></a> <? else: ?> - <a href="javascript:load_tree('<?= $child->id ?>',0)"> <?= $child->title ?> </a> + <a href="javascript:load_tree('<?= $child->id ?>',0)"> <?= p::clean($child->title) ?> </a> <? endif ?> </li> <? endforeach ?> diff --git a/modules/gallery/views/permissions_browse.html.php b/modules/gallery/views/permissions_browse.html.php index 749bee4f..5cd9cf82 100644 --- a/modules/gallery/views/permissions_browse.html.php +++ b/modules/gallery/views/permissions_browse.html.php @@ -35,14 +35,14 @@ <? foreach ($parents as $parent): ?> <li> <a href="javascript:show(<?= $parent->id ?>)"> - <?= $parent->title ?> + <?= p::clean($parent->title) ?> </a> <div class="form" id="edit-<?= $parent->id ?>"></div> <ul> <? endforeach ?> <li> <a href="javascript:show(<?= $item->id ?>)"> - <?= $item->title ?> + <?= p::clean($item->title) ?> </a> <div class="form" id="edit-<?= $item->id ?>"> <?= $form ?> diff --git a/modules/gallery/views/permissions_form.html.php b/modules/gallery/views/permissions_form.html.php index 94103705..adf2bd94 100644 --- a/modules/gallery/views/permissions_form.html.php +++ b/modules/gallery/views/permissions_form.html.php @@ -6,7 +6,7 @@ <tr> <th> </th> <? foreach ($groups as $group): ?> - <th> <?= $group->name ?> </th> + <th> <?= p::clean($group->name) ?> </th> <? endforeach ?> </tr> diff --git a/modules/gallery/views/simple_uploader.html.php b/modules/gallery/views/simple_uploader.html.php index b6725c31..abda6d26 100644 --- a/modules/gallery/views/simple_uploader.html.php +++ b/modules/gallery/views/simple_uploader.html.php @@ -5,7 +5,7 @@ <!-- hack to set the title for the dialog --> <form id="gAddPhotosForm" action="<?= url::site("simple_uploader/finish") ?>"> <fieldset> - <legend> <?= t("Add photos to %album_title", array("album_title" => $item->title)) ?> </legend> + <legend> <?= t("Add photos to %album_title", array("album_title" => p::clean($item->title))) ?> </legend> </fieldset> </form> @@ -25,9 +25,9 @@ </p> <ul class="gBreadcrumbs"> <? foreach ($item->parents() as $parent): ?> - <li> <?= $parent->title ?> </li> + <li> <?= p::clean($parent->title) ?> </li> <? endforeach ?> - <li class="active"> <?= $item->title ?> </li> + <li class="active"> <?= p::clean($item->title) ?> </li> </ul> <p><?= t("Upload Queue") ?></p> |