diff options
| -rw-r--r-- | lib/json2-min.js | 39 | ||||
| -rw-r--r-- | modules/comment/controllers/admin_manage_comments.php | 2 | ||||
| -rw-r--r-- | modules/digibug/controllers/digibug.php | 2 | ||||
| -rw-r--r-- | modules/gallery/controllers/admin_maintenance.php | 2 | ||||
| -rw-r--r-- | modules/gallery/helpers/gallery_event.php | 2 | ||||
| -rw-r--r-- | modules/gallery/helpers/gallery_installer.php | 6 | ||||
| -rw-r--r-- | modules/gallery/helpers/gallery_task.php | 6 | ||||
| -rw-r--r-- | modules/gallery/helpers/module.php | 2 | ||||
| -rw-r--r-- | modules/gallery/libraries/Admin_View.php | 2 | ||||
| -rw-r--r-- | modules/gallery/libraries/Menu.php | 4 | ||||
| -rw-r--r-- | modules/gallery/libraries/ORM_MPTT.php | 22 | ||||
| -rw-r--r-- | modules/gallery/tests/Gallery_Installer_Test.php | 2 | ||||
| -rw-r--r-- | modules/gallery/tests/Item_Model_Test.php | 4 | ||||
| -rw-r--r-- | modules/gallery/tests/xss_data.txt | 24 | ||||
| -rw-r--r-- | modules/notification/helpers/notification.php | 2 | ||||
| -rw-r--r-- | modules/tag/helpers/tag.php | 2 | ||||
| -rw-r--r-- | modules/tag/views/tag_block.html.php | 2 | ||||
| -rw-r--r-- | themes/wind/views/page.html.php | 1 |
18 files changed, 86 insertions, 40 deletions
diff --git a/lib/json2-min.js b/lib/json2-min.js new file mode 100644 index 00000000..988ab6f2 --- /dev/null +++ b/lib/json2-min.js @@ -0,0 +1,39 @@ +/* + http://www.JSON.org/json2.js + 2010-11-17 + + Public Domain. + + NO WARRANTY EXPRESSED OR IMPLIED. USE AT YOUR OWN RISK. + + See http://www.JSON.org/js.html +*/ + +if(!this.JSON){this.JSON={};} +(function(){"use strict";function f(n){return n<10?'0'+n:n;} +if(typeof Date.prototype.toJSON!=='function'){Date.prototype.toJSON=function(key){return isFinite(this.valueOf())?this.getUTCFullYear()+'-'+ +f(this.getUTCMonth()+1)+'-'+ +f(this.getUTCDate())+'T'+ +f(this.getUTCHours())+':'+ +f(this.getUTCMinutes())+':'+ +f(this.getUTCSeconds())+'Z':null;};String.prototype.toJSON=Number.prototype.toJSON=Boolean.prototype.toJSON=function(key){return this.valueOf();};} +var cx=/[\u0000\u00ad\u0600-\u0604\u070f\u17b4\u17b5\u200c-\u200f\u2028-\u202f\u2060-\u206f\ufeff\ufff0-\uffff]/g,escapable=/[\\\"\x00-\x1f\x7f-\x9f\u00ad\u0600-\u0604\u070f\u17b4\u17b5\u200c-\u200f\u2028-\u202f\u2060-\u206f\ufeff\ufff0-\uffff]/g,gap,indent,meta={'\b':'\\b','\t':'\\t','\n':'\\n','\f':'\\f','\r':'\\r','"':'\\"','\\':'\\\\'},rep;function quote(string){escapable.lastIndex=0;return escapable.test(string)?'"'+string.replace(escapable,function(a){var c=meta[a];return typeof c==='string'?c:'\\u'+('0000'+a.charCodeAt(0).toString(16)).slice(-4);})+'"':'"'+string+'"';} +function str(key,holder){var i,k,v,length,mind=gap,partial,value=holder[key];if(value&&typeof value==='object'&&typeof value.toJSON==='function'){value=value.toJSON(key);} +if(typeof rep==='function'){value=rep.call(holder,key,value);} +switch(typeof value){case'string':return quote(value);case'number':return isFinite(value)?String(value):'null';case'boolean':case'null':return String(value);case'object':if(!value){return'null';} +gap+=indent;partial=[];if(Object.prototype.toString.apply(value)==='[object Array]'){length=value.length;for(i=0;i<length;i+=1){partial[i]=str(i,value)||'null';} +v=partial.length===0?'[]':gap?'[\n'+gap+ +partial.join(',\n'+gap)+'\n'+ +mind+']':'['+partial.join(',')+']';gap=mind;return v;} +if(rep&&typeof rep==='object'){length=rep.length;for(i=0;i<length;i+=1){k=rep[i];if(typeof k==='string'){v=str(k,value);if(v){partial.push(quote(k)+(gap?': ':':')+v);}}}}else{for(k in value){if(Object.hasOwnProperty.call(value,k)){v=str(k,value);if(v){partial.push(quote(k)+(gap?': ':':')+v);}}}} +v=partial.length===0?'{}':gap?'{\n'+gap+partial.join(',\n'+gap)+'\n'+ +mind+'}':'{'+partial.join(',')+'}';gap=mind;return v;}} +if(typeof JSON.stringify!=='function'){JSON.stringify=function(value,replacer,space){var i;gap='';indent='';if(typeof space==='number'){for(i=0;i<space;i+=1){indent+=' ';}}else if(typeof space==='string'){indent=space;} +rep=replacer;if(replacer&&typeof replacer!=='function'&&(typeof replacer!=='object'||typeof replacer.length!=='number')){throw new Error('JSON.stringify');} +return str('',{'':value});};} +if(typeof JSON.parse!=='function'){JSON.parse=function(text,reviver){var j;function walk(holder,key){var k,v,value=holder[key];if(value&&typeof value==='object'){for(k in value){if(Object.hasOwnProperty.call(value,k)){v=walk(value,k);if(v!==undefined){value[k]=v;}else{delete value[k];}}}} +return reviver.call(holder,key,value);} +text=String(text);cx.lastIndex=0;if(cx.test(text)){text=text.replace(cx,function(a){return'\\u'+ +('0000'+a.charCodeAt(0).toString(16)).slice(-4);});} +if(/^[\],:{}\s]*$/.test(text.replace(/\\(?:["\\\/bfnrt]|u[0-9a-fA-F]{4})/g,'@').replace(/"[^"\\\n\r]*"|true|false|null|-?\d+(?:\.\d*)?(?:[eE][+\-]?\d+)?/g,']').replace(/(?:^|:|,)(?:\s*\[)+/g,''))){j=eval('('+text+')');return typeof reviver==='function'?walk({'':j},''):j;} +throw new SyntaxError('JSON.parse');};}}());
\ No newline at end of file diff --git a/modules/comment/controllers/admin_manage_comments.php b/modules/comment/controllers/admin_manage_comments.php index 49bd85d5..ec876fc4 100644 --- a/modules/comment/controllers/admin_manage_comments.php +++ b/modules/comment/controllers/admin_manage_comments.php @@ -25,7 +25,7 @@ class Admin_Manage_Comments_Controller extends Admin_Controller { db::build() ->delete("comments") ->where("state", "IN", array("deleted", "spam")) - ->where("updated", "<", new Database_Expression("UNIX_TIMESTAMP() - 86400 * 7")) + ->where("updated", "<", db::expr("UNIX_TIMESTAMP() - 86400 * 7")) ->execute(); // Redirect to the appropriate queue diff --git a/modules/digibug/controllers/digibug.php b/modules/digibug/controllers/digibug.php index 22bbe1a6..c48e3e87 100644 --- a/modules/digibug/controllers/digibug.php +++ b/modules/digibug/controllers/digibug.php @@ -114,7 +114,7 @@ class Digibug_Controller extends Controller { private function _clean_expired() { db::build() ->delete("digibug_proxies") - ->where("request_date", "<=", new Database_Expression("(CURDATE() - INTERVAL 10 DAY)")) + ->where("request_date", "<=", db::expr("(CURDATE() - INTERVAL 10 DAY)")) ->limit(20) ->execute(); } diff --git a/modules/gallery/controllers/admin_maintenance.php b/modules/gallery/controllers/admin_maintenance.php index 7729d797..80247a0f 100644 --- a/modules/gallery/controllers/admin_maintenance.php +++ b/modules/gallery/controllers/admin_maintenance.php @@ -27,7 +27,7 @@ class Admin_Maintenance_Controller extends Admin_Controller { ->set("state", "stalled") ->where("done", "=", 0) ->where("state", "<>", "stalled") - ->where(new Database_Expression("UNIX_TIMESTAMP(NOW()) - `updated` > 15")) + ->where(db::expr("UNIX_TIMESTAMP(NOW()) - `updated` > 15")) ->execute(); $stalled_count = $query->count(); if ($stalled_count) { diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php index 5d3ee6ee..689e21d1 100644 --- a/modules/gallery/helpers/gallery_event.php +++ b/modules/gallery/helpers/gallery_event.php @@ -377,7 +377,7 @@ class gallery_event_Core { module::event("admin_menu", $admin_menu, $theme); $settings_menu = $admin_menu->get("settings_menu"); - sort($settings_menu->elements); + uasort($settings_menu->elements, array("Menu", "title_comparator")); } } } diff --git a/modules/gallery/helpers/gallery_installer.php b/modules/gallery/helpers/gallery_installer.php index 97a3fb83..cb314527 100644 --- a/modules/gallery/helpers/gallery_installer.php +++ b/modules/gallery/helpers/gallery_installer.php @@ -503,7 +503,7 @@ class gallery_installer { foreach (db::build() ->from("items") ->select("id", "slug") - ->where(new Database_Expression("`slug` REGEXP '[^_A-Za-z0-9-]'"), "=", 1) + ->where(db::expr("`slug` REGEXP '[^_A-Za-z0-9-]'"), "=", 1) ->execute() as $row) { $new_slug = item::convert_filename_to_slug($row->slug); if (empty($new_slug)) { @@ -540,7 +540,7 @@ class gallery_installer { if ($version == 25) { db::build() ->update("items") - ->set("title", new Database_Expression("`name`")) + ->set("title", db::expr("`name`")) ->and_open() ->where("title", "IS", null) ->or_where("title", "=", "") @@ -581,7 +581,7 @@ class gallery_installer { $db->query("ALTER TABLE {modules} ADD COLUMN `weight` int(9) DEFAULT NULL"); $db->query("ALTER TABLE {modules} ADD KEY (`weight`)"); db::update("modules") - ->set("weight", new Database_Expression("`id`")) + ->set("weight", db::expr("`id`")) ->execute(); module::set_version("gallery", $version = 32); } diff --git a/modules/gallery/helpers/gallery_task.php b/modules/gallery/helpers/gallery_task.php index e69ff91a..9ccff152 100644 --- a/modules/gallery/helpers/gallery_task.php +++ b/modules/gallery/helpers/gallery_task.php @@ -74,7 +74,7 @@ class gallery_task_Core { // Choose the dirty images in a random order so that if we run this task multiple times // concurrently each task is rebuilding different images simultaneously. $result = graphics::find_dirty_images_query()->select("id") - ->select(new Database_Expression("RAND() as r")) + ->select(db::expr("RAND() as r")) ->order_by("r", "ASC") ->execute(); $total_count = $task->get("total_count", $result->count()); @@ -608,7 +608,7 @@ class gallery_task_Core { static function find_dupe_slugs() { return db::build() ->select_distinct( - array("parent_slug" => new Database_Expression("CONCAT(`parent_id`, ':', LOWER(`slug`))"))) + array("parent_slug" => db::expr("CONCAT(`parent_id`, ':', LOWER(`slug`))"))) ->select("id") ->select(array("C" => "COUNT(\"*\")")) ->from("items") @@ -620,7 +620,7 @@ class gallery_task_Core { static function find_dupe_names() { return db::build() ->select_distinct( - array("parent_name" => new Database_Expression("CONCAT(`parent_id`, ':', LOWER(`name`))"))) + array("parent_name" => db::expr("CONCAT(`parent_id`, ':', LOWER(`name`))"))) ->select("id") ->select(array("C" => "COUNT(\"*\")")) ->from("items") diff --git a/modules/gallery/helpers/module.php b/modules/gallery/helpers/module.php index 2b446daa..7c5578af 100644 --- a/modules/gallery/helpers/module.php +++ b/modules/gallery/helpers/module.php @@ -488,7 +488,7 @@ class module_Core { static function incr_var($module_name, $name, $increment=1) { db::build() ->update("vars") - ->set("value", new Database_Expression("`value` + $increment")) + ->set("value", db::expr("`value` + $increment")) ->where("module_name", "=", $module_name) ->where("name", "=", $name) ->execute(); diff --git a/modules/gallery/libraries/Admin_View.php b/modules/gallery/libraries/Admin_View.php index 11f8ad14..bff13ace 100644 --- a/modules/gallery/libraries/Admin_View.php +++ b/modules/gallery/libraries/Admin_View.php @@ -46,7 +46,7 @@ class Admin_View_Core extends Gallery_View { module::event("admin_menu", $menu, $this); $settings_menu = $menu->get("settings_menu"); - sort($settings_menu->elements); + uasort($settings_menu->elements, array("Menu", "title_comparator")); return $menu->render(); } diff --git a/modules/gallery/libraries/Menu.php b/modules/gallery/libraries/Menu.php index 58852a72..78b60196 100644 --- a/modules/gallery/libraries/Menu.php +++ b/modules/gallery/libraries/Menu.php @@ -250,4 +250,8 @@ class Menu_Core extends Menu_Element { $view->menu = $this; return $view; } + + static function title_comparator($a, $b) { + return strnatcasecmp((string)$a->label, (string)$b->label); + } } diff --git a/modules/gallery/libraries/ORM_MPTT.php b/modules/gallery/libraries/ORM_MPTT.php index f20fafa0..4556273c 100644 --- a/modules/gallery/libraries/ORM_MPTT.php +++ b/modules/gallery/libraries/ORM_MPTT.php @@ -54,12 +54,12 @@ class ORM_MPTT_Core extends ORM { // Make a hole in the parent for this new item db::build() ->update($this->table_name) - ->set("left_ptr", new Database_Expression("`left_ptr` + 2")) + ->set("left_ptr", db::expr("`left_ptr` + 2")) ->where("left_ptr", ">=", $parent->right_ptr) ->execute(); db::build() ->update($this->table_name) - ->set("right_ptr", new Database_Expression("`right_ptr` + 2")) + ->set("right_ptr", db::expr("`right_ptr` + 2")) ->where("right_ptr", ">=", $parent->right_ptr) ->execute(); $parent->right_ptr += 2; @@ -109,12 +109,12 @@ class ORM_MPTT_Core extends ORM { try { db::build() ->update($this->table_name) - ->set("left_ptr", new Database_Expression("`left_ptr` - 2")) + ->set("left_ptr", db::expr("`left_ptr` - 2")) ->where("left_ptr", ">", $this->right_ptr) ->execute(); db::build() ->update($this->table_name) - ->set("right_ptr", new Database_Expression("`right_ptr` - 2")) + ->set("right_ptr", db::expr("`right_ptr` - 2")) ->where("right_ptr", ">", $this->right_ptr) ->execute(); } catch (Exception $e) { @@ -253,7 +253,7 @@ class ORM_MPTT_Core extends ORM { // Update the levels for the to-be-moved items db::build() ->update($this->table_name) - ->set("level", new Database_Expression("`level` + $level_delta")) + ->set("level", db::expr("`level` + $level_delta")) ->where("left_ptr", ">=", $original_left_ptr) ->where("right_ptr", "<=", $original_right_ptr) ->execute(); @@ -262,12 +262,12 @@ class ORM_MPTT_Core extends ORM { // Make a hole in the target for the move db::build() ->update($this->table_name) - ->set("left_ptr", new Database_Expression("`left_ptr` + $size_of_hole")) + ->set("left_ptr", db::expr("`left_ptr` + $size_of_hole")) ->where("left_ptr", ">=", $target_right_ptr) ->execute(); db::build() ->update($this->table_name) - ->set("right_ptr", new Database_Expression("`right_ptr` + $size_of_hole")) + ->set("right_ptr", db::expr("`right_ptr` + $size_of_hole")) ->where("right_ptr", ">=", $target_right_ptr) ->execute(); @@ -290,8 +290,8 @@ class ORM_MPTT_Core extends ORM { $new_offset = $target->right_ptr - $left_ptr; db::build() ->update($this->table_name) - ->set("left_ptr", new Database_Expression("`left_ptr` + $new_offset")) - ->set("right_ptr", new Database_Expression("`right_ptr` + $new_offset")) + ->set("left_ptr", db::expr("`left_ptr` + $new_offset")) + ->set("right_ptr", db::expr("`right_ptr` + $new_offset")) ->where("left_ptr", ">=", $left_ptr) ->where("right_ptr", "<=", $right_ptr) ->execute(); @@ -299,12 +299,12 @@ class ORM_MPTT_Core extends ORM { // Close the hole in the source's parent after the move db::build() ->update($this->table_name) - ->set("left_ptr", new Database_Expression("`left_ptr` - $size_of_hole")) + ->set("left_ptr", db::expr("`left_ptr` - $size_of_hole")) ->where("left_ptr", ">", $right_ptr) ->execute(); db::build() ->update($this->table_name) - ->set("right_ptr", new Database_Expression("`right_ptr` - $size_of_hole")) + ->set("right_ptr", db::expr("`right_ptr` - $size_of_hole")) ->where("right_ptr", ">", $right_ptr) ->execute(); } catch (Exception $e) { diff --git a/modules/gallery/tests/Gallery_Installer_Test.php b/modules/gallery/tests/Gallery_Installer_Test.php index 67e712de..d34c3b0e 100644 --- a/modules/gallery/tests/Gallery_Installer_Test.php +++ b/modules/gallery/tests/Gallery_Installer_Test.php @@ -35,7 +35,7 @@ class Gallery_Installer_Test extends Gallery_Unit_Test_Case { public function install_creates_root_item_test() { $max_right_ptr = ORM::factory("item") - ->select(new Database_Expression("MAX(`right_ptr`) AS `right_ptr`")) + ->select(db::expr("MAX(`right_ptr`) AS `right_ptr`")) ->find()->right_ptr; $root = ORM::factory('item')->find(1); $this->assert_equal("Gallery", $root->title); diff --git a/modules/gallery/tests/Item_Model_Test.php b/modules/gallery/tests/Item_Model_Test.php index 4987d2f9..0554c0e2 100644 --- a/modules/gallery/tests/Item_Model_Test.php +++ b/modules/gallery/tests/Item_Model_Test.php @@ -362,11 +362,11 @@ class Item_Model_Test extends Gallery_Unit_Test_Case { } public function as_restful_array_with_edit_bit_test() { - $response = item::root()->as_restful_array(true); + $response = item::root()->as_restful_array(); $this->assert_true($response["can_edit"]); identity::set_active_user(identity::guest()); - $response = item::root()->as_restful_array(true); + $response = item::root()->as_restful_array(); $this->assert_false($response["can_edit"]); } diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt index 7c5e803d..366391cf 100644 --- a/modules/gallery/tests/xss_data.txt +++ b/modules/gallery/tests/xss_data.txt @@ -399,17 +399,19 @@ themes/wind/views/dynamic.html.php 29 DIRTY $theme themes/wind/views/movie.html.php 5 DIRTY $theme->paginator() themes/wind/views/movie.html.php 9 DIRTY $item->movie_img(array("class"=>"g-movie","id"=>"g-item-id-{$item->id}")) themes/wind/views/page.html.php 9 DIRTY $page_title -themes/wind/views/page.html.php 32 DIRTY_JS $theme->url() -themes/wind/views/page.html.php 41 DIRTY $new_width -themes/wind/views/page.html.php 42 DIRTY $new_height -themes/wind/views/page.html.php 43 DIRTY $thumb_proportion -themes/wind/views/page.html.php 80 DIRTY $header_text -themes/wind/views/page.html.php 82 DIRTY_JS item::root()->url() -themes/wind/views/page.html.php 86 DIRTY $theme->user_menu() -themes/wind/views/page.html.php 107 DIRTY_JS $parent->url($parent->id==$theme->item()->parent_id?"show={$theme->item()->id}":null) -themes/wind/views/page.html.php 128 DIRTY $content -themes/wind/views/page.html.php 134 DIRTY newView("sidebar.html") -themes/wind/views/page.html.php 141 DIRTY $footer_text +themes/wind/views/page.html.php 12 DIRTY $theme->item()->title +themes/wind/views/page.html.php 16 DIRTY item::root()->title +themes/wind/views/page.html.php 26 DIRTY_JS $theme->url() +themes/wind/views/page.html.php 35 DIRTY $new_width +themes/wind/views/page.html.php 36 DIRTY $new_height +themes/wind/views/page.html.php 37 DIRTY $thumb_proportion +themes/wind/views/page.html.php 74 DIRTY $header_text +themes/wind/views/page.html.php 76 DIRTY_JS item::root()->url() +themes/wind/views/page.html.php 80 DIRTY $theme->user_menu() +themes/wind/views/page.html.php 101 DIRTY_JS $parent->url($parent->id==$theme->item()->parent_id?"show={$theme->item()->id}":null) +themes/wind/views/page.html.php 122 DIRTY $content +themes/wind/views/page.html.php 128 DIRTY newView("sidebar.html") +themes/wind/views/page.html.php 135 DIRTY $footer_text themes/wind/views/paginator.html.php 33 DIRTY_JS $first_page_url themes/wind/views/paginator.html.php 42 DIRTY_JS $previous_page_url themes/wind/views/paginator.html.php 70 DIRTY_JS $next_page_url diff --git a/modules/notification/helpers/notification.php b/modules/notification/helpers/notification.php index 0564d336..2ff8ff48 100644 --- a/modules/notification/helpers/notification.php +++ b/modules/notification/helpers/notification.php @@ -160,7 +160,7 @@ class notification { static function send_pending_notifications() { foreach (db::build() - ->select(new Database_Expression("DISTINCT `email`")) + ->select(db::expr("DISTINCT `email`")) ->from("pending_notifications") ->execute() as $row) { $email = $row->email; diff --git a/modules/tag/helpers/tag.php b/modules/tag/helpers/tag.php index 14d27c94..bcd3b0c0 100644 --- a/modules/tag/helpers/tag.php +++ b/modules/tag/helpers/tag.php @@ -118,7 +118,7 @@ class tag_Core { static function clear_all($item) { db::build() ->update("tags") - ->set("count", new Database_Expression("`count` - 1")) + ->set("count", db::expr("`count` - 1")) ->where("count", ">", 0) ->where("id", "IN", db::build()->select("tag_id")->from("items_tags")->where("item_id", "=", $item->id)) ->execute(); diff --git a/modules/tag/views/tag_block.html.php b/modules/tag/views/tag_block.html.php index cc204c72..813f24b5 100644 --- a/modules/tag/views/tag_block.html.php +++ b/modules/tag/views/tag_block.html.php @@ -8,7 +8,7 @@ multiple: true, multipleSeparator: ',', cacheLength: 1, - selectFirst: false, + selectFirst: false } ); $("#g-add-tag-form").ajaxForm({ diff --git a/themes/wind/views/page.html.php b/themes/wind/views/page.html.php index 5d0985e7..90f76bb5 100644 --- a/themes/wind/views/page.html.php +++ b/themes/wind/views/page.html.php @@ -39,6 +39,7 @@ </style> <? endif ?> <? endif ?> + <?= $theme->script("json2-min.js") ?> <?= $theme->script("jquery.js") ?> <?= $theme->script("jquery.form.js") ?> <?= $theme->script("jquery-ui.js") ?> |