diff options
| -rw-r--r-- | modules/notification/views/item_deleted.html.php | 12 | ||||
| -rw-r--r-- | modules/notification/views/item_updated.html.php | 12 | ||||
| -rw-r--r-- | modules/organize/views/organize.html.php | 2 | ||||
| -rw-r--r-- | modules/organize/views/organize_album.html.php | 2 | ||||
| -rw-r--r-- | modules/rss/views/comment.mrss.php | 14 | ||||
| -rw-r--r-- | modules/rss/views/feed.mrss.php | 14 | ||||
| -rw-r--r-- | modules/server_add/views/server_add_tree.html.php | 2 | ||||
| -rw-r--r-- | modules/server_add/views/server_add_tree_dialog.html.php | 6 | ||||
| -rw-r--r-- | modules/tag/views/admin_tags.html.php | 2 | ||||
| -rw-r--r-- | modules/tag/views/tag_cloud.html.php | 2 | ||||
| -rw-r--r-- | modules/user/views/admin_users.html.php | 8 | ||||
| -rw-r--r-- | modules/user/views/admin_users_group.html.php | 12 | ||||
| -rw-r--r-- | modules/user/views/login.html.php | 2 | ||||
| -rw-r--r-- | modules/user/views/reset_password.html.php | 23 |
14 files changed, 61 insertions, 52 deletions
diff --git a/modules/notification/views/item_deleted.html.php b/modules/notification/views/item_deleted.html.php index ac9ab594..2d6d5738 100644 --- a/modules/notification/views/item_deleted.html.php +++ b/modules/notification/views/item_deleted.html.php @@ -1,20 +1,24 @@ <?php defined("SYSPATH") or die("No direct script access.") ?> <html> <head> - <title><?= $subject ?> </title> + <title><?= p::clean($subject) ?> </title> </head> <body> - <h2><?= $subject ?></h2> + <h2><?= p::clean($subject) ?></h2> <table> <tr> <td colspan="2"> <?= t("To view the changed album %title use the link below.", - array("title" => $item->parent()->title)) ?> + array("title" => p::clean($item->parent()->title))) ?> </td> </tr> <tr> <td><?= t("Url:") ?></td> - <td><a href="<?= $item->parent()->url(array(), true) ?>"><?= $item->parent()->url(array(), true) ?></a></td> + <td> + <a href="<?= $item->parent()->url(array(), true) ?>"> + <?= $item->parent()->url(array(), true) ?> + </a> + </td> </tr> </table> </body> diff --git a/modules/notification/views/item_updated.html.php b/modules/notification/views/item_updated.html.php index cba522e8..0620c50c 100644 --- a/modules/notification/views/item_updated.html.php +++ b/modules/notification/views/item_updated.html.php @@ -1,18 +1,18 @@ <?php defined("SYSPATH") or die("No direct script access.") ?> <html> <head> - <title><?= $subject ?> </title> + <title><?= p::clean($subject) ?> </title> </head> <body> - <h2> <?= $subject ?> </h2> + <h2> <?= p::clean($subject) ?> </h2> <table> <tr> <? if ($old->title != $new->title): ?> <td><?= t("New Title:") ?></td> - <td><?= $new->title ?></td> + <td><?= p::clean($new->title) ?></td> <? else: ?> <td><?= t("Title:") ?></td> - <td><?= $new->title ?></td> + <td><?= p::clean($new->title) ?></td> <? endif ?> </tr> <tr> @@ -22,12 +22,12 @@ <? if ($old->description != $new->description): ?> <tr> <td><?= t("New Description:") ?></td> - <td><?= $new->description ?></td> + <td><?= p::clean($new->description) ?></td> </tr> <? elseif (!empty($new->description)): ?> <tr> <td><?= t("Description:") ?></td> - <td><?= $new->description ?></td> + <td><?= p::clean($new->description) ?></td> </tr> <? endif ?> </table> diff --git a/modules/organize/views/organize.html.php b/modules/organize/views/organize.html.php index 2f2c3a62..6e5bfcea 100644 --- a/modules/organize/views/organize.html.php +++ b/modules/organize/views/organize.html.php @@ -16,7 +16,7 @@ var CONFIRM_DELETE = "<?= t("Do you really want to delete the selected albums an }); </script> <fieldset style="display: none"> - <legend><?= t("Organize %name", array("name" => $item->title)) ?></legend> + <legend><?= t("Organize %name", array("name" => p::clean($item->title))) ?></legend> </fieldset> <div id="doc3" class="yui-t7"> <div id="bd"> diff --git a/modules/organize/views/organize_album.html.php b/modules/organize/views/organize_album.html.php index 9c4d042a..ae2d5d51 100644 --- a/modules/organize/views/organize_album.html.php +++ b/modules/organize/views/organize_album.html.php @@ -7,7 +7,7 @@ <div id="gOrganizeBranch-<?= $album->id ?>" ref="<?= $album->id ?>" class="<?= $selected ? "gBranchSelected" : "" ?> gBranchText"> - <?= $album->title ?> + <?= p::clean($album->title) ?> </div> <div id="gOrganizeChildren-<?= $album->id ?>" class="<?= $album_icon == "ui-icon-plus" ? "gBranchCollapsed" : "" ?>"> diff --git a/modules/rss/views/comment.mrss.php b/modules/rss/views/comment.mrss.php index 8b7e4f70..d2177026 100644 --- a/modules/rss/views/comment.mrss.php +++ b/modules/rss/views/comment.mrss.php @@ -6,9 +6,9 @@ xmlns:fh="http://purl.org/syndication/history/1.0"> <channel> <generator>gallery3</generator> - <title><?= $title ?></title> + <title><?= p::clean($title) ?></title> <link><?= $link ?></link> - <description><?= htmlspecialchars($description) ?></description> + <description><?= p::clean($description) ?></description> <language>en-us</language> <atom:link rel="self" href="<?= $feed_link ?>" type="application/rss+xml" /> <fh:complete/> @@ -22,17 +22,17 @@ <lastBuildDate><?= $pub_date ?></lastBuildDate> <? foreach ($children as $child): ?> <item> - <title><?= $child["title"]?></title> - <link><?= $child["item_link"] ?></link> - <author><?= $child["author"] ?></author> + <title><?= p::clean($child["title"]) ?></title> + <link><?= p::clean($child["item_link"]) ?></link> + <author><?= p::clean($child["author"]) ?></author> <guid isPermaLink="true"><?= $child["item_link"] ?></guid> <pubDate><?= $child["pub_date"] ?></pubDate> <content:encoded> <![CDATA[ - <p><?= $child["text"] ?></p> + <p><?= p::clean($child["text"]) ?></p> <p> <img alt="" src="<?= $child["thumb_url"] ?>" - height="<?= $child["thumb_height"] ?>" width="<?= $child["thumb_width"] ?>" /> + height="<?= $child["thumb_height"] ?>" width="<?= $child["thumb_width"] ?>" /> <br /> </p> ]]> diff --git a/modules/rss/views/feed.mrss.php b/modules/rss/views/feed.mrss.php index c581e5e0..0beebbcf 100644 --- a/modules/rss/views/feed.mrss.php +++ b/modules/rss/views/feed.mrss.php @@ -6,9 +6,9 @@ xmlns:fh="http://purl.org/syndication/history/1.0"> <channel> <generator>gallery3</generator> - <title><?= htmlspecialchars($title) ?></title> + <title><?= p::clean($title) ?></title> <link><?= $link ?></link> - <description><?= htmlspecialchars($description) ?></description> + <description><?= p::clean($description) ?></description> <language>en-us</language> <atom:link rel="self" href="<?= $feed_link ?>" type="application/rss+xml" /> <fh:complete/> @@ -22,25 +22,25 @@ <lastBuildDate><?= $pub_date ?></lastBuildDate> <? foreach ($children as $child): ?> <item> - <title><?= htmlspecialchars($child->title) ?></title> + <title><?= p::clean($child->title) ?></title> <link><?= url::abs_site("{$child->type}s/{$child->id}") ?></link> <guid isPermaLink="true"><?= url::abs_site("{$child->type}s/{$child->id}") ?></guid> <pubDate><?= date("D, d M Y H:i:s T", $child->created); ?></pubDate> <content:encoded> <![CDATA[ - <span><?= $child->description ?></span> + <span><?= p::clean($child->description) ?></span> <p> <? if ($child->type == "photo" || $child->type == "album"): ?> <img alt="" src="<?= $child->resize_url(true) ?>" - title="<?= htmlspecialchars($child->title) ?>" + title="<?= p::clean($child->title) ?>" height="<?= $child->resize_height ?>" width="<?= $child->resize_width ?>" /><br /> <? else: ?> <a href="<?= url::abs_site("{$child->type}s/{$child->id}") ?>"> <img alt="" src="<?= $child->thumb_url(true) ?>" - title="<?= htmlspecialchars($child->title) ?>" + title="<?= p::clean($child->title) ?>" height="<?= $child->thumb_height ?>" width="<?= $child->thumb_width ?>" /></a><br /> <? endif ?> - <?= $child->description ?> + <?= p::clean($child->description) ?> </p> ]]> </content:encoded> diff --git a/modules/server_add/views/server_add_tree.html.php b/modules/server_add/views/server_add_tree.html.php index 69ff09a6..b7b494e4 100644 --- a/modules/server_add/views/server_add_tree.html.php +++ b/modules/server_add/views/server_add_tree.html.php @@ -16,7 +16,7 @@ $("#<?= $tree_id ?>").ready(function() { <? if (!empty($file_info["is_dir"])): ?> <span class="ui-icon ui-icon-plus"></span> <? endif ?> - <label> <?= form::checkbox("checkbox[]", $file_info["path"]) . " $file" ?> </label> + <label> <?= form::checkbox("checkbox[]", p::clean($file_info["path"])) . " " . p::clean($file) ?> </label> </li> <? endforeach ?> </ul> diff --git a/modules/server_add/views/server_add_tree_dialog.html.php b/modules/server_add/views/server_add_tree_dialog.html.php index c8eb6a1c..f600ce60 100644 --- a/modules/server_add/views/server_add_tree_dialog.html.php +++ b/modules/server_add/views/server_add_tree_dialog.html.php @@ -5,14 +5,14 @@ </script> <?= html::script("modules/server_add/js/server_add.js"); ?> <div id="gServerAdd"> - <h1 style="display: none;"><?= sprintf(t("Add Photos to '%s'"), $album_title) ?></h1> + <h1 style="display: none;"><?= t("Add Photos to '%title'", array("title" => p::clean($album_title))) ?></h1> <p id="gDescription"><?= t("Photos will be added to album:") ?></p> <ul class="gBreadcrumbs"> <? foreach ($parents as $parent): ?> - <li><?= $parent->title ?></li> + <li><?= p::clean($parent->title) ?></li> <? endforeach ?> - <li class="active"><?= $album_title ?></li> + <li class="active"><?= p::clean($album_title) ?></li> </ul> <?= form::open($action, array("method" => "post")) ?> diff --git a/modules/tag/views/admin_tags.html.php b/modules/tag/views/admin_tags.html.php index 133b452f..62e3a2a1 100644 --- a/modules/tag/views/admin_tags.html.php +++ b/modules/tag/views/admin_tags.html.php @@ -48,7 +48,7 @@ <? endif ?> <li> - <span id="gTag-<?= $tag->id ?>" class="gEditable tag-name"><?= $tag->name ?></span> + <span id="gTag-<?= $tag->id ?>" class="gEditable tag-name"><?= p::clean($tag->name) ?></span> <span class="understate">(<?= $tag->count ?>)</span> <a href="<?= url::site("admin/tags/form_delete/$tag->id") ?>" class="gDialogLink delete-link gButtonLink"> diff --git a/modules/tag/views/tag_cloud.html.php b/modules/tag/views/tag_cloud.html.php index 9deedb20..eba615fc 100644 --- a/modules/tag/views/tag_cloud.html.php +++ b/modules/tag/views/tag_cloud.html.php @@ -3,7 +3,7 @@ <? foreach ($tags as $tag): ?> <li class="size<?=(int)(($tag->count / $max_count) * 7) ?>"> <span><?= $tag->count ?> photos are tagged with </span> - <a href="<?=url::site("tags/$tag->id") ?>"><?= $tag->name ?></a> + <a href="<?= url::site("tags/$tag->id") ?>"><?= p::clean($tag->name) ?></a> </li> <? endforeach ?> </ul> diff --git a/modules/user/views/admin_users.html.php b/modules/user/views/admin_users.html.php index bec74d28..859f3c8e 100644 --- a/modules/user/views/admin_users.html.php +++ b/modules/user/views/admin_users.html.php @@ -68,16 +68,16 @@ <td id="user-<?= $user->id ?>" class="core-info gDraggable"> <img src="<?= $user->avatar_url(20, $theme->url("images/avatar.jpg", true)) ?>" title="<?= t("Drag user onto group below to add as a new member") ?>" - alt="<?= $user->name ?>" + alt="<?= p::clean($user->name) ?>" width="20" height="20" /> - <?= $user->name ?> + <?= p::clean($user->name) ?> </td> <td> - <?= $user->full_name ?> + <?= p::clean($user->full_name) ?> </td> <td> - <?= $user->email ?> + <?= p::clean($user->email) ?> </td> <td> <?= ($user->last_login == 0) ? "" : date("j-M-y", $user->last_login) ?> diff --git a/modules/user/views/admin_users_group.html.php b/modules/user/views/admin_users_group.html.php index a25e687a..820b3031 100644 --- a/modules/user/views/admin_users_group.html.php +++ b/modules/user/views/admin_users_group.html.php @@ -1,8 +1,8 @@ <?php defined("SYSPATH") or die("No direct script access.") ?> -<strong><?= $group->name ?></strong> +<strong><?= p::clean($group->name) ?></strong> <? if (!$group->special): ?> <a href="<?= url::site("admin/users/delete_group_form/$group->id") ?>" - title="<?= t("Delete " . $group->name) ?>" + title="<?= t("Delete %name", array("name" => p::clean($group->name))) ?>" class="gDialogLink gButtonLink ui-state-default ui-corner-all"> <span class="ui-icon ui-icon-trash"><?= t("delete") ?></span></a> <? else: ?> @@ -13,11 +13,15 @@ <ul> <? foreach ($group->users as $i => $user): ?> <li class="gUser"> - <?= $user->name ?> + <?= p::clean($user->name) ?> <? if (!$group->special): ?> <a href="javascript:remove_user(<?= $user->id ?>, <?= $group->id ?>)" class="gButtonLink ui-state-default ui-corner-all ui-icon-left"> - <span class="ui-icon ui-icon-closethick">Remove <?= $user->name ?> from <?= $group->name ?></span></a> + <span class="ui-icon ui-icon-closethick"> + <?= t("Remove %user from %group", + array("user" => p::clean($user->name), "group" => p::clean($group->name))) ?> + </span> + </a> <? endif ?> </li> <? endforeach ?> diff --git a/modules/user/views/login.html.php b/modules/user/views/login.html.php index d9a558b5..cce2fb54 100644 --- a/modules/user/views/login.html.php +++ b/modules/user/views/login.html.php @@ -11,7 +11,7 @@ '<a href="' . url::site("form/edit/users/{$user->id}") . '" title="' . t("Edit Your Profile") . '" id="gUserProfileLink" class="gDialogLink">' . - (empty($user->full_name) ? $user->name : $user->full_name) . '</a>')) ?></li> + p::clean(empty($user->full_name) ? $user->name : $user->full_name) . '</a>')) ?></li> <li><a href="<?= url::site("logout?continue=" . url::current(true)) ?>" id="gLogoutLink"><?= t("Logout") ?></a></li> <? endif; ?> diff --git a/modules/user/views/reset_password.html.php b/modules/user/views/reset_password.html.php index 39845d61..4c4672ee 100644 --- a/modules/user/views/reset_password.html.php +++ b/modules/user/views/reset_password.html.php @@ -1,14 +1,15 @@ <?php defined("SYSPATH") or die("No direct script access.") ?> <html> -<head> - <title><?= $title ?> </title> -</head> -<body> - <h2><?= t("Password Reset Request") ?> </h2> - <p> - <?= sprintf(t("A request to reset your password (user: %s) at %s."), $name, url::base(false, "http")) ?> - <?= sprintf(t("To confirm this request please click on the link below")) ?><br /> - <a href="<?= $url ?>"><?= t("Reset Password") ?></a> - </p> -</body> + <head> + <title><?= t("Password Reset Request") ?> </title> + </head> + <body> + <h2><?= t("Password Reset Request") ?> </h2> + <p> + <?= t("Hello, %name,", array("name" => p::clean($user->full_name ? $user->full_name : $user->name))) ?> + </p> + <p> + <?= t("We received a request to reset your password for <a href=\"%site_url\">%site_url</a>. If you made this request, you can confirm it by <a href=\"%confirm_url\">clicking this link</a>. If you didn't request this password reset, it's ok to ignore this mail.", array("site_url" => url::base(false, "http"), "confirm_url" => $confirm_url)) ?> + </p> + </body> </html> |