diff options
| author | Bharat Mediratta <bharat@menalto.com> | 2009-05-31 00:11:48 -0700 |
|---|---|---|
| committer | Bharat Mediratta <bharat@menalto.com> | 2009-05-31 00:11:48 -0700 |
| commit | 708f27f483d70660446ea2132b02cb7b39225f98 (patch) | |
| tree | c1f6231ea024565be6c2a41ad092eea05b30d7fc /modules | |
| parent | ad81861c331f60ec8c19ea11e47e2826660fa142 (diff) | |
Run p::clean() on any variables that contain data entered by users.
Diffstat (limited to 'modules')
18 files changed, 65 insertions, 55 deletions
diff --git a/modules/comment/views/admin_block_recent_comments.html.php b/modules/comment/views/admin_block_recent_comments.html.php index d7b8d2b0..d5aab84c 100644 --- a/modules/comment/views/admin_block_recent_comments.html.php +++ b/modules/comment/views/admin_block_recent_comments.html.php @@ -4,13 +4,13 @@ <li class="<?= ($i % 2 == 0) ? "gEvenRow" : "gOddRow" ?>"> <img src="<?= $comment->author()->avatar_url(32, $theme->url("images/avatar.jpg", true)) ?>" class="gAvatar" - alt="<?= $comment->author_name() ?>" + alt="<?= p::clean($comment->author_name()) ?>" width="32" height="32" /> <?= date("Y-M-d H:i:s", $comment->created) ?> <?= t("<a href=#>%author_name</a> said <em>%comment_text</em>", - array("author_name" => $comment->author_name(), - "comment_text" => text::limit_words($comment->text, 50))); ?> + array("author_name" => p::clean($comment->author_name()), + "comment_text" => text::limit_words(p::clean($comment->text), 50))); ?> </li> <? endforeach ?> </ul> diff --git a/modules/comment/views/admin_comments.html.php b/modules/comment/views/admin_comments.html.php index 16816636..79bdb1f3 100644 --- a/modules/comment/views/admin_comments.html.php +++ b/modules/comment/views/admin_comments.html.php @@ -108,12 +108,12 @@ <a href="#"> <img src="<?= $comment->author()->avatar_url(40, $theme->url("images/avatar.jpg", true)) ?>" class="gAvatar" - alt="<?= $comment->author_name() ?>" + alt="<?= p::clean($comment->author_name()) ?>" width="40" height="40" /> </a> - <p><a href="mailto:<?= $comment->author_email() ?>" - title="<?= $comment->author_email() ?>"> <?= $comment->author_name() ?> </a></p> + <p><a href="mailto:<?= p::clean($comment->author_email()) ?>" + title="<?= p::clean($comment->author_email()) ?>"> <?= p::clean($comment->author_name()) ?> </a></p> </td> <td> <div class="right"> @@ -122,7 +122,7 @@ <a href="<?= $item->url() ?>"> <? if ($item->has_thumb()): ?> <img src="<?= $item->thumb_url() ?>" - alt="<?= $item->title ?>" + alt="<?= p::clean($item->title) ?>" <?= photo::img_dimensions($item->thumb_width, $item->thumb_height, 75) ?> /> <? else: ?> @@ -132,7 +132,7 @@ </div> </div> <p><?= date("Y-M-d", $comment->created); ?></p> - <?= $comment->text ?> + <?= p::clean($comment->text) ?> </td> <td> <ul class="gButtonSetVertical"> diff --git a/modules/comment/views/comment.html.php b/modules/comment/views/comment.html.php index 1a674142..0337173b 100644 --- a/modules/comment/views/comment.html.php +++ b/modules/comment/views/comment.html.php @@ -4,14 +4,14 @@ <a href="#"> <img src="<?= $comment->author()->avatar_url(40, $theme->url("images/avatar.jpg", true)) ?>" class="gAvatar" - alt="<?= $comment->author_name() ?>" + alt="<?= p::clean($comment->author_name()) ?>" width="40" height="40" /> </a> <?= t("on ") . date("Y-M-d H:i:s", $comment->created) ?> - <a href="#"><?= $comment->author_name() ?></a> <?= t("said") ?> + <a href="#"><?= p::clean($comment->author_name()) ?></a> <?= t("said") ?> </p> <div> - <?= $comment->text ?> + <?= p::clean($comment->text) ?> </div> </li> diff --git a/modules/comment/views/comments.html.php b/modules/comment/views/comments.html.php index 25928ab5..95f07baf 100644 --- a/modules/comment/views/comments.html.php +++ b/modules/comment/views/comments.html.php @@ -12,16 +12,16 @@ <a href="#"> <img src="<?= $comment->author()->avatar_url(40, $theme->url("images/avatar.jpg", true)) ?>" class="gAvatar" - alt="<?= $comment->author_name() ?>" + alt="<?= p::clean($comment->author_name()) ?>" width="40" height="40" /> </a> <?= t("on %date <a href=#>%name</a> said", array("date" => date("Y-M-d H:i:s", $comment->created), - "name" => $comment->author_name())); ?> + "name" => p::clean($comment->author_name()))); ?> </p> <div> - <?= $comment->text ?> + <?= p::clean($comment->text) ?> </div> </li> <? endforeach ?> diff --git a/modules/exif/views/exif_dialog.html.php b/modules/exif/views/exif_dialog.html.php index d7985a30..6494b2b0 100644 --- a/modules/exif/views/exif_dialog.html.php +++ b/modules/exif/views/exif_dialog.html.php @@ -14,14 +14,14 @@ <?= $details[$i]["caption"] ?> </td> <td class="gOdd"> - <?= $details[$i]["value"] ?> + <?= p::clean($details[$i]["value"]) ?> </td> <? if (!empty($details[++$i])): ?> <td class="gEven"> <?= $details[$i]["caption"] ?> </td> <td class="gOdd"> - <?= $details[$i]["value"] ?> + <?= p::clean($details[$i]["value"]) ?> </td> <? else: ?> <td class="gEven"></td><td class="gOdd"></td> diff --git a/modules/gallery/views/admin_advanced_settings.html.php b/modules/gallery/views/admin_advanced_settings.html.php index 9f90d671..77aff050 100644 --- a/modules/gallery/views/admin_advanced_settings.html.php +++ b/modules/gallery/views/admin_advanced_settings.html.php @@ -20,12 +20,12 @@ <? if ($var->module_name == "gallery" && $var->name == "_cache") continue ?> <tr class="setting"> <td> <?= $var->module_name ?> </td> - <td> <?= $var->name ?> </td> + <td> <?= p::clean($var->name) ?> </td> <td> - <a href="<?= url::site("admin/advanced_settings/edit/$var->module_name/$var->name") ?>" + <a href="<?= url::site("admin/advanced_settings/edit/$var->module_name/" . p::clean($var->name)) ?>" class="gDialogLink" - title="<?= t("Edit %var (%module_name)", array("var" => $var->name, "module_name" => $var->module_name)) ?>"> - <?= $var->value ?> + title="<?= t("Edit %var (%module_name)", array("var" => p::clean($var->name), "module_name" => $var->module_name)) ?>"> + <?= p::clean($var->value) ?> </a> </td> </tr> diff --git a/modules/gallery/views/admin_block_log_entries.html.php b/modules/gallery/views/admin_block_log_entries.html.php index db6313e1..5d8f3084 100644 --- a/modules/gallery/views/admin_block_log_entries.html.php +++ b/modules/gallery/views/admin_block_log_entries.html.php @@ -2,7 +2,7 @@ <ul> <? foreach ($entries as $entry): ?> <li class="<?= log::severity_class($entry->severity) ?>"> - <a href="<?= url::site("user/$entry->user_id") ?>"><?= $entry->user->name ?></a> + <a href="<?= url::site("user/$entry->user_id") ?>"><?= p::clean($entry->user->name) ?></a> <?= date("Y-M-d H:i:s", $entry->timestamp) ?> <?= $entry->message ?> <?= $entry->html ?> diff --git a/modules/gallery/views/admin_block_photo_stream.html.php b/modules/gallery/views/admin_block_photo_stream.html.php index e8a4d933..1e1329d1 100644 --- a/modules/gallery/views/admin_block_photo_stream.html.php +++ b/modules/gallery/views/admin_block_photo_stream.html.php @@ -2,9 +2,9 @@ <ul> <? foreach ($photos as $photo): ?> <li class="gItem gPhoto"> - <a href="<?= url::site("photos/$photo->id") ?>" title="<?= $photo->title ?>"> + <a href="<?= url::site("photos/$photo->id") ?>" title="<?= p::clean($photo->title) ?>"> <img <?= photo::img_dimensions($photo->width, $photo->height, 72) ?> - src="<?= $photo->thumb_url() ?>" alt="<?= $photo->title ?>" /> + src="<?= $photo->thumb_url() ?>" alt="<?= p::clean($photo->title) ?>" /> </a> </li> <? endforeach ?> diff --git a/modules/gallery/views/admin_maintenance.html.php b/modules/gallery/views/admin_maintenance.html.php index bc060a7b..66c4eea0 100644 --- a/modules/gallery/views/admin_maintenance.html.php +++ b/modules/gallery/views/admin_maintenance.html.php @@ -90,7 +90,7 @@ <?= $task->status ?> </td> <td> - <?= $task->owner()->name ?> + <?= p::clean($task->owner()->name) ?> </td> <td> <? if ($task->state == "stalled"): ?> diff --git a/modules/gallery/views/after_install.html.php b/modules/gallery/views/after_install.html.php index aa26858a..d6ba8e7c 100644 --- a/modules/gallery/views/after_install.html.php +++ b/modules/gallery/views/after_install.html.php @@ -8,7 +8,7 @@ </p> <p> - <?= t("You're logged in to the <b>%user_name</b> account. The very first thing you should do is to change your password to something that you'll remember.", array("user_name" => $user->name)) ?> + <?= t("You're logged in to the <b>%user_name</b> account. The very first thing you should do is to change your password to something that you'll remember.", array("user_name" => p::clean($user->name))) ?> </p> <p> diff --git a/modules/gallery/views/move_tree.html.php b/modules/gallery/views/move_tree.html.php index a3a4bc8f..91a2f9da 100644 --- a/modules/gallery/views/move_tree.html.php +++ b/modules/gallery/views/move_tree.html.php @@ -1,18 +1,18 @@ <?php defined("SYSPATH") or die("No direct script access.") ?> <?= $parent->thumb_tag(array(), 25); ?> <? if (!access::can("edit", $parent) || $source->is_descendant($parent)): ?> -<a href="javascript:load_tree('<?= $parent->id ?>',1)"> <?= $parent->title ?> <?= t("(locked)") ?> </a> +<a href="javascript:load_tree('<?= $parent->id ?>',1)"> <?= p::clean($parent->title) ?> <?= t("(locked)") ?> </a> <? else: ?> -<a href="javascript:load_tree('<?= $parent->id ?>',0)"> <?= $parent->title ?></a> +<a href="javascript:load_tree('<?= $parent->id ?>',0)"> <?= p::clean($parent->title) ?></a> <? endif ?> <ul id="tree_<?= $parent->id ?>"> <? foreach ($children as $child): ?> <li id="node_<?= $child->id ?>" class="node"> <?= $child->thumb_tag(array(), 25); ?> <? if (!access::can("edit", $child) || $source->is_descendant($child)): ?> - <a href="javascript:load_tree('<?= $child->id ?>',1)"> <?= $child->title ?> <?= t("(locked)") ?></a> + <a href="javascript:load_tree('<?= $child->id ?>',1)"> <?= p::clean($child->title) ?> <?= t("(locked)") ?></a> <? else: ?> - <a href="javascript:load_tree('<?= $child->id ?>',0)"> <?= $child->title ?> </a> + <a href="javascript:load_tree('<?= $child->id ?>',0)"> <?= p::clean($child->title) ?> </a> <? endif ?> </li> <? endforeach ?> diff --git a/modules/gallery/views/permissions_browse.html.php b/modules/gallery/views/permissions_browse.html.php index 749bee4f..5cd9cf82 100644 --- a/modules/gallery/views/permissions_browse.html.php +++ b/modules/gallery/views/permissions_browse.html.php @@ -35,14 +35,14 @@ <? foreach ($parents as $parent): ?> <li> <a href="javascript:show(<?= $parent->id ?>)"> - <?= $parent->title ?> + <?= p::clean($parent->title) ?> </a> <div class="form" id="edit-<?= $parent->id ?>"></div> <ul> <? endforeach ?> <li> <a href="javascript:show(<?= $item->id ?>)"> - <?= $item->title ?> + <?= p::clean($item->title) ?> </a> <div class="form" id="edit-<?= $item->id ?>"> <?= $form ?> diff --git a/modules/gallery/views/permissions_form.html.php b/modules/gallery/views/permissions_form.html.php index 94103705..adf2bd94 100644 --- a/modules/gallery/views/permissions_form.html.php +++ b/modules/gallery/views/permissions_form.html.php @@ -6,7 +6,7 @@ <tr> <th> </th> <? foreach ($groups as $group): ?> - <th> <?= $group->name ?> </th> + <th> <?= p::clean($group->name) ?> </th> <? endforeach ?> </tr> diff --git a/modules/gallery/views/simple_uploader.html.php b/modules/gallery/views/simple_uploader.html.php index b6725c31..abda6d26 100644 --- a/modules/gallery/views/simple_uploader.html.php +++ b/modules/gallery/views/simple_uploader.html.php @@ -5,7 +5,7 @@ <!-- hack to set the title for the dialog --> <form id="gAddPhotosForm" action="<?= url::site("simple_uploader/finish") ?>"> <fieldset> - <legend> <?= t("Add photos to %album_title", array("album_title" => $item->title)) ?> </legend> + <legend> <?= t("Add photos to %album_title", array("album_title" => p::clean($item->title))) ?> </legend> </fieldset> </form> @@ -25,9 +25,9 @@ </p> <ul class="gBreadcrumbs"> <? foreach ($item->parents() as $parent): ?> - <li> <?= $parent->title ?> </li> + <li> <?= p::clean($parent->title) ?> </li> <? endforeach ?> - <li class="active"> <?= $item->title ?> </li> + <li class="active"> <?= p::clean($item->title) ?> </li> </ul> <p><?= t("Upload Queue") ?></p> diff --git a/modules/info/views/info_block.html.php b/modules/info/views/info_block.html.php index 880d5d3e..db664894 100644 --- a/modules/info/views/info_block.html.php +++ b/modules/info/views/info_block.html.php @@ -3,18 +3,18 @@ <tbody> <tr> <th><?= t("Title:") ?></th> - <td><?= $item->title; ?></td> + <td><?= p::clean($item->title) ?></td> </tr> <? if ($item->description): ?> <tr> <th><?= t("Description:") ?></th> - <td><?= $item->description; ?></td> + <td><?= p::clean($item->description) ?></td> </tr> <? endif ?> <? if ($item->id != 1): ?> <tr> <th><?= t("Name:") ?></th> - <td><?= $item->name; ?></td> + <td><?= p::clean($item->name) ?></td> </tr> <? endif ?> <? if ($item->captured): ?> @@ -26,7 +26,7 @@ <? if ($item->owner): ?> <tr> <th><?= t("Owner:") ?></th> - <td><a href="#"><?= $item->owner->name ?></a></td> + <td><a href="#"><?= p::clean($item->owner->name) ?></a></td> </tr> <? endif ?> </tbody> diff --git a/modules/notification/views/comment_published.html.php b/modules/notification/views/comment_published.html.php index 23588c72..ff2ba0bc 100644 --- a/modules/notification/views/comment_published.html.php +++ b/modules/notification/views/comment_published.html.php @@ -1,30 +1,34 @@ <?php defined("SYSPATH") or die("No direct script access.") ?> <html> <head> - <title><?= $subject ?> </title> + <title><?= p::clean($subject) ?> </title> </head> <body> - <h2><?= $subject ?></h2> + <h2><?= p::clean($subject) ?></h2> <table> <tr> <td><?= t("Comment:") ?></td> - <td><?= $comment->text ?></td> + <td><?= p::clean($comment->text) ?></td> </tr> <tr> <td><?= t("Author Name:") ?></td> - <td><?= $comment->author_name() ?></td> + <td><?= p::clean($comment->author_name()) ?></td> </tr> <tr> <td><?= t("Author Email:") ?></td> - <td><?= $comment->author_email() ?></td> + <td><?= p::clean($comment->author_email()) ?></td> </tr> <tr> <td><?= t("Author URL:") ?></td> - <td><?= $comment->author_url() ?></td> + <td><?= p::clean($comment->author_url()) ?></td> </tr> <tr> <td><?= t("Url:") ?></td> - <td><a href="<?= $comment->item()->url(array(), true) ?>#comments"><?= $comment->item()->url(array(), true) ?>#comments</a></td> + <td> + <a href="<?= $comment->item()->url(array(), true) ?>#comments"> + <?= $comment->item()->url(array(), true) ?>#comments + </a> + </td> </tr> </table> </body> diff --git a/modules/notification/views/item_added.html.php b/modules/notification/views/item_added.html.php index b67b9f38..32857c08 100644 --- a/modules/notification/views/item_added.html.php +++ b/modules/notification/views/item_added.html.php @@ -1,23 +1,27 @@ <?php defined("SYSPATH") or die("No direct script access.") ?> <html> <head> - <title><?= $subject ?> </title> + <title><?= p::clean($subject) ?> </title> </head> <body> - <h2><?= $subject ?></h2> + <h2><?= p::clean($subject) ?></h2> <table> <tr> <td><?= t("Title:") ?></td> - <td><?= $item->title ?></td> + <td><?= p::clean($item->title) ?></td> </tr> <tr> <td><?= t("Url:") ?></td> - <td><a href="<?= $item->url(array(), true) ?>"><?= $item->url(array(), true) ?></a></td> + <td> + <a href="<?= $item->url(array(), true) ?>"> + <?= $item->url(array(), true) ?> + </a> + </td> </tr> <? if ($item->description): ?> <tr> <td><?= t("Description:") ?></td> - <td><?= $item->description ?></td> + <td><?= p::clean($item->description) ?></td> </tr> <? endif ?> </table> diff --git a/modules/search/views/search.html.php b/modules/search/views/search.html.php index fb1fd8a9..de4343ae 100644 --- a/modules/search/views/search.html.php +++ b/modules/search/views/search.html.php @@ -8,7 +8,7 @@ <ul> <li> <label for="q"><?= t("Search the gallery") ?></label> - <input name="q" id="q" type="text" value="<?= $q ?>"/> + <input name="q" id="q" type="text" value="<?= p::clean($q) ?>"/> </li> <li> <input type="submit" value="<?= t("Search") ?>" /> @@ -31,10 +31,10 @@ <a href="<?= url::site("items/$item->id") ?>"> <?= $item->thumb_tag() ?> <p> - <?= $item->title ?> + <?= p::clean($item->title) ?> </p> <div> - <?= $item->description ?> + <?= p::clean($item->description) ?> </div> </a> </li> @@ -43,7 +43,9 @@ <?= $theme->pager() ?> <? else: ?> - <p><?= t("No results found for '") . $q . "'" ?></p> + <p> + <?= t("No results found for <b>%term</b>", array("term" => p::clean($q))) ?> + </p> <? endif; ?> </div> |