summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--modules/gallery/tests/Xss_Security_Test.php15
-rw-r--r--modules/gallery/views/l10n_client.html.php4
-rw-r--r--modules/gallery/views/simple_uploader.html.php61
-rw-r--r--modules/organize/views/organize.html.php16
-rw-r--r--themes/admin_default/views/admin.html.php2
-rw-r--r--themes/default/views/movie.html.php2
-rw-r--r--themes/default/views/page.html.php2
-rw-r--r--themes/default/views/photo.html.php4
8 files changed, 56 insertions, 50 deletions
diff --git a/modules/gallery/tests/Xss_Security_Test.php b/modules/gallery/tests/Xss_Security_Test.php
index fd596c69..690dc760 100644
--- a/modules/gallery/tests/Xss_Security_Test.php
+++ b/modules/gallery/tests/Xss_Security_Test.php
@@ -178,10 +178,10 @@ class Xss_Security_Test extends Unit_Test_Case {
* Generate the report
*
* States for uses of < ? = X ? >:
- * JS_XSS:
+ * DIRTY_JS:
* In <script> block
* X can be anything without calling ->for_js()
- * UNKNOWN:
+ * DIRTY:
* Outside <script> block:
* X can be anything without a call to ->for_html() or ->purified_html()
* CLEAN:
@@ -196,9 +196,9 @@ class Xss_Security_Test extends Unit_Test_Case {
ksort($found);
foreach ($found as $view => $frames) {
foreach ($frames as $frame) {
- $state = "UNKNOWN";
+ $state = "DIRTY";
if ($frame->in_script_block()) {
- $state = "JS_XSS";
+ $state = "DIRTY_JS";
if ($frame->for_js_called() || $frame->json_encode_called()) {
$state = "CLEAN";
}
@@ -207,6 +207,13 @@ class Xss_Security_Test extends Unit_Test_Case {
$state = "CLEAN";
}
}
+
+ if ("CLEAN" == $state) {
+ // Don't print CLEAN instances - No need to update the golden
+ // file when adding / moving clean instances.
+ continue;
+ }
+
fprintf($fd, "%-60s %-3s %-8s %s\n",
$view, $frame->line(), $state, $frame->expr());
}
diff --git a/modules/gallery/views/l10n_client.html.php b/modules/gallery/views/l10n_client.html.php
index c73719ca..523552c3 100644
--- a/modules/gallery/views/l10n_client.html.php
+++ b/modules/gallery/views/l10n_client.html.php
@@ -69,8 +69,8 @@
</div>
</div>
<script type="text/javascript">
- var MSG_TRANSLATE_TEXT = "<?= t("Translate Text") ?>";
- var MSG_CLOSE_X = "<?= t("X") ?>";
+ var MSG_TRANSLATE_TEXT = "<?= t("Translate Text")->for_js() ?>";
+ var MSG_CLOSE_X = "<?= t("X")->for_js() ?>";
var l10n_client_data = <?= json_encode($string_list) ?>;
var plural_forms = <?= json_encode($plural_forms) ?>;
</script>
diff --git a/modules/gallery/views/simple_uploader.html.php b/modules/gallery/views/simple_uploader.html.php
index 56e568f6..fc426e8f 100644
--- a/modules/gallery/views/simple_uploader.html.php
+++ b/modules/gallery/views/simple_uploader.html.php
@@ -82,27 +82,26 @@
<script type="text/javascript">
var swfu = new SWFUpload({
- flash_url: "<?= url::file("lib/swfupload/swfupload.swf") ?>",
- upload_url: "<?= url::site("simple_uploader/add_photo/$item->id") ?>",
- post_params: {
- "g3sid": "<?= Session::instance()->id() ?>",
- "user_agent": "<?= Input::instance()->server("HTTP_USER_AGENT") ?>",
- "csrf": "<?= $csrf ?>"
- },
- file_size_limit: "<?= ini_get("upload_max_filesize") ? num::convert_to_bytes(ini_get("upload_max_filesize"))."B" : "100MB" ?>",
+ flash_url: "<?= url::file("lib/swfupload/swfupload.swf")->for_js() ?>",
+ upload_url: "<?= url::site("simple_uploader/add_photo/$item->id")->for_js() ?>",
+ post_params: <?= json_encode(array(
+ "g3sid" => Session::instance()->id(),
+ "user_agent" => Input::instance()->server("HTTP_USER_AGENT"),
+ "csrf" => $csrf)) ?>,
+ file_size_limit: "<?= SafeString::of(ini_get("upload_max_filesize") ? num::convert_to_bytes(ini_get("upload_max_filesize"))."B" : "100MB")->for_js() ?>",
file_types: "*.gif;*.jpg;*.jpeg;*.png;*.flv;*.mp4;*.GIF;*.JPG;*.JPEG;*.PNG;*.FLV;*.MP4",
- file_types_description: "<?= t("Photos and Movies") ?>",
+ file_types_description: "<?= t("Photos and Movies")->for_js() ?>",
file_upload_limit: 1000,
file_queue_limit: 0,
custom_settings: { },
debug: false,
// Button settings
- button_image_url: "<?= url::file("themes/default/images/select-photos-backg.png") ?>",
+ button_image_url: "<?= url::file("themes/default/images/select-photos-backg.png")->for_js() ?>",
button_width: "202",
button_height: "45",
button_placeholder_id: "gChooseFilesButtonPlaceholder",
- button_text: '<span class="swfUploadFont"><?= t("Select photos...") ?></span>',
+ button_text: <?= json_encode('<span class="swfUploadFont">' . t("Select photos...") . '</span>') ?>,
button_text_style: ".swfUploadFont { color: #2E6E9E; font-size: 16px; font-family: Lucida Grande,Lucida Sans,Arial,sans-serif; font-weight: bold; }",
button_text_left_padding: 30,
button_text_top_padding: 10,
@@ -146,13 +145,13 @@
function file_queued(file) {
var fp = new File_Progress(file);
fp.title.html(file.name);
- fp.set_status("pending", "<?= t("Pending...") ?>");
+ fp.set_status("pending", "<?= t("Pending...")->for_js() ?>");
// @todo add cancel button to call this.cancelUpload(file.id)
}
function file_queue_error(file, error_code, message) {
if (error_code === SWFUpload.QUEUE_ERROR.QUEUE_LIMIT_EXCEEDED) {
- alert("<?= t("You have attempted to queue too many files.") ?>");
+ alert("<?= t("You have attempted to queue too many files.")->for_js() ?>");
return;
}
@@ -160,20 +159,20 @@
switch (error_code) {
case SWFUpload.QUEUE_ERROR.FILE_EXCEEDS_SIZE_LIMIT:
fp.title.html(file.name);
- fp.set_status("error", "<?= t("<strong>File is too big.</strong> A likely error source is a too low value for <em>upload_max_filesize</em> (%upload_max_filesize) in your <em>php.ini</em>.", array("upload_max_filesize" => ini_get("upload_max_filesize"))) ?>");
+ fp.set_status("error", "<?= t("<strong>File is too big.</strong> A likely error source is a too low value for <em>upload_max_filesize</em> (%upload_max_filesize) in your <em>php.ini</em>.", array("upload_max_filesize" => ini_get("upload_max_filesize")))->for_js() ?>");
break;
case SWFUpload.QUEUE_ERROR.ZERO_BYTE_FILE:
fp.title.html(file.name);
- fp.set_status("error", "<?= t("Cannot upload empty files.") ?>");
+ fp.set_status("error", "<?= t("Cannot upload empty files.")->for_js() ?>");
break;
case SWFUpload.QUEUE_ERROR.INVALID_FILETYPE:
fp.title.html(file.name);
- fp.set_status("error", "<?= t("Invalid file type.") ?>");
+ fp.set_status("error", "<?= t("Invalid file type.")->for_js() ?>");
break;
default:
if (file !== null) {
fp.title.html(file.name);
- fp.set_status("error", "<?= t("Unknown error") ?>");
+ fp.set_status("error", "<?= t("Unknown error")->for_js() ?>");
}
break;
}
@@ -194,7 +193,7 @@
// no uploadProgress events are called (limitation in the Linux Flash VM).
var fp = new File_Progress(file);
fp.title.html(file.name);
- fp.set_status("uploading", "<?= t("Uploading...") ?>");
+ fp.set_status("uploading", "<?= t("Uploading...")->for_js() ?>");
$("#gAddPhotosCanvas").scrollTo(fp.box, 1000);
return true;
// @todo add cancel button to call this.cancelUpload(file.id)
@@ -203,7 +202,7 @@
function upload_progress(file, bytes_loaded, bytes_total) {
var percent = Math.ceil((bytes_loaded / bytes_total) * 100);
var fp = new File_Progress(file);
- fp.set_status("uploading", "<?= t("Uploading...") ?>");
+ fp.set_status("uploading", "<?= t("Uploading...")->for_js() ?>");
fp.progress_bar.css("visibility", "visible");
fp.progress_bar.progressbar("value", percent);
}
@@ -211,42 +210,42 @@
function upload_success(file, serverData) {
var fp = new File_Progress(file);
fp.progress_bar.progressbar("value", 100);
- fp.set_status("complete", "<?= t("Complete.") ?>");
+ fp.set_status("complete", "<?= t("Complete.")->for_js() ?>");
}
function upload_error(file, error_code, message) {
var fp = new File_Progress(file);
switch (error_code) {
case SWFUpload.UPLOAD_ERROR.HTTP_ERROR:
- fp.set_status("error", "<?= t("Upload error: ") ?>" + message);
+ fp.set_status("error", "<?= t("Upload error: ")->for_js() ?>" + message);
break;
case SWFUpload.UPLOAD_ERROR.UPLOAD_FAILED:
- fp.set_status("error", "<?= t("Upload failed") ?>");
+ fp.set_status("error", "<?= t("Upload failed")->for_js() ?>");
break;
case SWFUpload.UPLOAD_ERROR.IO_ERROR:
- fp.set_status("error", "<?= t("Server error") ?>");
+ fp.set_status("error", "<?= t("Server error")->for_js() ?>");
break;
case SWFUpload.UPLOAD_ERROR.SECURITY_ERROR:
- fp.set_status("error", "<?= t("Security error") ?>");
+ fp.set_status("error", "<?= t("Security error")->for_js() ?>");
break;
case SWFUpload.UPLOAD_ERROR.UPLOAD_LIMIT_EXCEEDED:
- fp.set_status("error", "<?= t("Upload limit exceeded") ?>");
+ fp.set_status("error", "<?= t("Upload limit exceeded")->for_js() ?>");
break;
case SWFUpload.UPLOAD_ERROR.FILE_VALIDATION_FAILED:
- fp.set_status("error", "<?= t("Failed validation. File skipped") ?>");
+ fp.set_status("error", "<?= t("Failed validation. File skipped")->for_js() ?>");
break;
case SWFUpload.UPLOAD_ERROR.FILE_CANCELLED:
// If there aren't any files left (they were all cancelled) disable the cancel button
if (this.getStats().files_queued === 0) {
$("#gUploadCancel").hide();
}
- fp.set_status("error", "<?= t("Cancelled") ?>");
+ fp.set_status("error", "<?= t("Cancelled")->for_js() ?>");
break;
case SWFUpload.UPLOAD_ERROR.UPLOAD_STOPPED:
- fp.set_status("error", "<?= t("Stopped") ?>");
+ fp.set_status("error", "<?= t("Stopped")->for_js() ?>");
break;
default:
- fp.set_status("error", "<?= t("Unknown error: ") ?>" + error_code);
+ fp.set_status("error", "<?= t("Unknown error: ")->for_js() ?>" + error_code);
break;
}
}
@@ -260,7 +259,7 @@
}
function get_completed_status_msg(stats) {
- var msg = "<?= t("Upload Queue (completed %completed of %total)", array("completed" => "__COMPLETED__", "total" => "__TOTAL__")) ?>";
+ var msg = "<?= t("Upload Queue (completed %completed of %total)", array("completed" => "__COMPLETED__", "total" => "__TOTAL__"))->for_js() ?>";
msg = msg.replace("__COMPLETED__", stats.successful_uploads);
msg = msg.replace("__TOTAL__", stats.files_queued + stats.successful_uploads +
stats.upload_errors + stats.upload_cancelled + stats.queue_errors);
@@ -269,7 +268,7 @@
// This event comes from the Queue Plugin
function queue_complete(num_files_uploaded) {
- var status_msg = "<?= t("Uploaded: __COUNT__") ?>";
+ var status_msg = "<?= t("Uploaded: __COUNT__")->for_js() ?>";
$("#gUploadStatus").html(status_msg.replace("__COUNT__", num_files_uploaded));
}
</script>
diff --git a/modules/organize/views/organize.html.php b/modules/organize/views/organize.html.php
index 1182a887..d2f0aa8c 100644
--- a/modules/organize/views/organize.html.php
+++ b/modules/organize/views/organize.html.php
@@ -1,16 +1,16 @@
<?php defined("SYSPATH") or die("No direct script access.") ?>
<!-- ?= html::script("modules/organize/js/organize.js") ? -->
<script>
- var FATAL_ERROR = "<?= t("Fatal Error") ?>";
- var PAUSE_BUTTON = "<?= t("Pause") ?>";
- var RESUME_BUTTON = "<?= t("Resume") ?>";
- var CANCEL_BUTTON = "<?= t("Cancel") ?>";
- var INVALID_DROP_TARGET = "<div class=\"gError\"><?= t("Drop cancelled as it would result in a recursive move") ?></div>";
-var CONFIRM_DELETE = "<?= t("Do you really want to delete the selected albums and/or photos") ?>"
+ var FATAL_ERROR = "<?= t("Fatal Error")->for_js() ?>";
+ var PAUSE_BUTTON = "<?= t("Pause")->for_js() ?>";
+ var RESUME_BUTTON = "<?= t("Resume"->for_js()) ?>";
+ var CANCEL_BUTTON = "<?= t("Cancel")->for_js() ?>";
+ var INVALID_DROP_TARGET = "<div class=\"gError\"><?= t("Drop cancelled as it would result in a recursive move")->for_js() ?></div>";
+var CONFIRM_DELETE = "<?= t("Do you really want to delete the selected albums and/or photos")->for_js() ?>"
var item_id = <?= $item->id ?>;
- var csrf = "<?= $csrf ?>";
- var rearrangeUrl = "<?= url::site("__URI__/__ITEM_ID____TASK_ID__?csrf=$csrf") ?>";
+ var csrf = <?= json_encode($csrf) ?>;
+ var rearrangeUrl = "<?= url::site("__URI__/__ITEM_ID____TASK_ID__?csrf=$csrf")->for_js() ?>";
$("#doc3").ready(function() {
organize_dialog_init();
});
diff --git a/themes/admin_default/views/admin.html.php b/themes/admin_default/views/admin.html.php
index d27f9260..61821428 100644
--- a/themes/admin_default/views/admin.html.php
+++ b/themes/admin_default/views/admin.html.php
@@ -23,7 +23,7 @@
<?= $theme->script("gallery.common.js") ?>
<? /* MSG_CANCEL is required by gallery.dialog.js */ ?>
<script type="text/javascript">
- var MSG_CANCEL = "<?= t('Cancel') ?>";
+ var MSG_CANCEL = "<?= t('Cancel')->for_js() ?>";
</script>
<?= $theme->script("gallery.dialog.js") ?>
<?= $theme->script("superfish/js/superfish.js") ?>
diff --git a/themes/default/views/movie.html.php b/themes/default/views/movie.html.php
index 1f25a626..75d51eff 100644
--- a/themes/default/views/movie.html.php
+++ b/themes/default/views/movie.html.php
@@ -20,7 +20,7 @@
</div>
<script type="text/javascript">
- var ADD_A_COMMENT = "<?= t("Add a comment") ?>";
+ var ADD_A_COMMENT = "<?= t("Add a comment")->for_js() ?>";
</script>
<?= $theme->photo_bottom() ?>
</div>
diff --git a/themes/default/views/page.html.php b/themes/default/views/page.html.php
index ea2be37b..8d9f0caa 100644
--- a/themes/default/views/page.html.php
+++ b/themes/default/views/page.html.php
@@ -51,7 +51,7 @@
<?= $theme->script("gallery.common.js") ?>
<? /* MSG_CANCEL is required by gallery.dialog.js */ ?>
<script type="text/javascript">
- var MSG_CANCEL = "<?= t('Cancel') ?>";
+ var MSG_CANCEL = "<?= t('Cancel')->for_js() ?>";
</script>
<?= $theme->script("gallery.dialog.js") ?>
<?= $theme->script("gallery.form.js") ?>
diff --git a/themes/default/views/photo.html.php b/themes/default/views/photo.html.php
index 1f92e9ba..fcf597cf 100644
--- a/themes/default/views/photo.html.php
+++ b/themes/default/views/photo.html.php
@@ -5,7 +5,7 @@
<script>
$(document).ready(function() {
$(".gFullSizeLink").click(function() {
- show_full_size("<?= $theme->item()->file_url() ?>", "<?= $theme->item()->width ?>", "<?= $theme->item()->height ?>");
+ show_full_size("<?= $theme->item()->file_url()->for_js() ?>", "<?= $theme->item()->width ?>", "<?= $theme->item()->height ?>");
return false;
});
});
@@ -55,7 +55,7 @@
</div>
<script type="text/javascript">
- var ADD_A_COMMENT = "<?= t("Add a comment") ?>";
+ var ADD_A_COMMENT = "<?= t("Add a comment")->for_js() ?>";
</script>
<?= $theme->photo_bottom() ?>
</div>
generated by cgit v1.2.3 (git 2.46.0) at 2025-10-13 12:14:10 +0000