3 files changed, 23 insertions, 11 deletions

diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt
index 8c71740e..193d2ca1 100644
--- a/modules/gallery/tests/xss_data.txt
+++ b/modules/gallery/tests/xss_data.txt
@@ -48,6 +48,7 @@ modules/gallery/views/admin_block_log_entries.html.php       8   DIRTY    $entry
 modules/gallery/views/admin_block_news.html.php              5   DIRTY_JS $entry["link"]
 modules/gallery/views/admin_block_news.html.php              5   DIRTY    $entry["title"]
 modules/gallery/views/admin_block_news.html.php              7   DIRTY    text::limit_words(strip_tags($entry["description"]),25);
+modules/gallery/views/admin_block_photo_stream.html.php      5   DIRTY_JS $photo->url()
 modules/gallery/views/admin_block_photo_stream.html.php      6   DIRTY    photo::img_dimensions($photo->width,$photo->height,72)
 modules/gallery/views/admin_block_photo_stream.html.php      7   DIRTY_ATTR $photo->thumb_url()
 modules/gallery/views/admin_dashboard.html.php               5   DIRTY_JS $csrf
@@ -180,14 +181,14 @@ modules/image_block/views/image_block_block.html.php         3   DIRTY_JS $item-
 modules/image_block/views/image_block_block.html.php         4   DIRTY    $item->thumb_img(array("class"=>"gThumbnail"))
 modules/info/views/info_block.html.php                       22  DIRTY    date("M j, Y H:i:s",$item->captured)
 modules/info/views/info_block.html.php                       29  DIRTY_JS $item->owner->url
-modules/notification/views/comment_published.html.php        28  DIRTY_JS $comment->item()->url(array(),true)
-modules/notification/views/comment_published.html.php        29  DIRTY    $comment->item()->url(array(),true)
-modules/notification/views/item_added.html.php               16  DIRTY_JS $item->url(array(),true)
-modules/notification/views/item_added.html.php               17  DIRTY    $item->url(array(),true)
-modules/notification/views/item_deleted.html.php             18  DIRTY_JS $item->parent()->url(array(),true)
-modules/notification/views/item_deleted.html.php             19  DIRTY    $item->parent()->url(array(),true)
-modules/notification/views/item_updated.html.php             20  DIRTY_JS $item->url(array(),true)
-modules/notification/views/item_updated.html.php             20  DIRTY    $item->url(array(),true)
+modules/notification/views/comment_published.html.php        28  DIRTY_JS $comment->item()->abs_url()
+modules/notification/views/comment_published.html.php        29  DIRTY    $comment->item()->abs_url()
+modules/notification/views/item_added.html.php               16  DIRTY_JS $item->abs_url()
+modules/notification/views/item_added.html.php               17  DIRTY    $item->abs_url()
+modules/notification/views/item_deleted.html.php             18  DIRTY_JS $item->parent()->abs_url()
+modules/notification/views/item_deleted.html.php             19  DIRTY    $item->parent()->abs_url()
+modules/notification/views/item_updated.html.php             20  DIRTY_JS $item->abs_url()
+modules/notification/views/item_updated.html.php             20  DIRTY    $item->abs_url()
 modules/organize/views/organize_dialog.html.php              3   DIRTY_JS url::site("organize/move_to/__ALBUM_ID__?csrf=$csrf")
 modules/organize/views/organize_dialog.html.php              4   DIRTY_JS url::site("organize/rearrange/__TARGET_ID__/__BEFORE__?csrf=$csrf")
 modules/organize/views/organize_dialog.html.php              5   DIRTY_JS url::site("organize/sort_order/__ALBUM_ID__/__COL__/__DIR__?csrf=$csrf")
@@ -246,6 +247,7 @@ modules/rss/views/feed.mrss.php                              73  DIRTY_ATTR $chi
 modules/rss/views/feed.mrss.php                              74  DIRTY_ATTR $child->mime_type
 modules/rss/views/rss_block.html.php                         6   DIRTY_JS rss::url($url)
 modules/search/views/search.html.php                         30  DIRTY_ATTR $item_class
+modules/search/views/search.html.php                         31  DIRTY_JS $item->url()
 modules/search/views/search.html.php                         32  DIRTY    $item->thumb_img()
 modules/server_add/views/admin_server_add.html.php           15  DIRTY_ATTR $id
 modules/server_add/views/admin_server_add.html.php           24  DIRTY    $form
@@ -285,6 +287,7 @@ themes/admin_default/views/admin.html.php                    15  DIRTY_JS $theme
 themes/admin_default/views/admin.html.php                    32  DIRTY    $theme->admin_head()
 themes/admin_default/views/admin.html.php                    36  DIRTY    $theme->admin_page_top()
 themes/admin_default/views/admin.html.php                    44  DIRTY    $theme->admin_header_top()
+themes/admin_default/views/admin.html.php                    49  DIRTY_JS item::root()->url()
 themes/admin_default/views/admin.html.php                    53  DIRTY    $theme->admin_menu()
 themes/admin_default/views/admin.html.php                    55  DIRTY    $theme->admin_header_bottom()
 themes/admin_default/views/admin.html.php                    62  DIRTY    $content
@@ -325,6 +328,8 @@ themes/default/views/page.html.php                           41  DIRTY    $new_w
 themes/default/views/page.html.php                           42  DIRTY    $new_height
 themes/default/views/page.html.php                           43  DIRTY    $thumb_proportion
 themes/default/views/page.html.php                           82  DIRTY    $header_text
+themes/default/views/page.html.php                           84  DIRTY_JS item::root()->url()
+themes/default/views/page.html.php                           98  DIRTY_JS $parent->url("show={$theme->item()->id}")
 themes/default/views/page.html.php                           112 DIRTY    $content
 themes/default/views/page.html.php                           118 DIRTY    newView("sidebar.html")
 themes/default/views/page.html.php                           125 DIRTY    $footer_text
diff --git a/modules/info/helpers/info_theme.php b/modules/info/helpers/info_theme.php
index 51378e54..4bf894ad 100644
--- a/modules/info/helpers/info_theme.php
+++ b/modules/info/helpers/info_theme.php
@@ -38,9 +38,11 @@ class info_theme_Core {
     if ($item->owner) {
       $results .= "<li>";
       if ($item->owner->url) {
-        $results .= t("By: %owner_name", array("owner_name" => "<a href=\"{$item->owner->url}\">{$item->owner->full_name}</a>"));
+        $results .= t("By: <a href=\"%owner_url\">%owner_name</a>",
+                      array("owner_name" => $item->owner->display_name(),
+                            "owner_url" => $item->owner->url));
       } else {
-        $results .= t("By: %owner_name", array("owner_name" => "{$item->owner->full_name}"));
+        $results .= t("By: %owner_name", array("owner_name" => $item->owner->display_name()));
       }
       $results .= "</li>";
     }
diff --git a/themes/default/views/page.html.php b/themes/default/views/page.html.php
index 733534ea..19d8cc00 100644
--- a/themes/default/views/page.html.php
+++ b/themes/default/views/page.html.php
@@ -95,7 +95,12 @@
         <ul class="gBreadcrumbs">
           <? foreach ($parents as $parent): ?>
           <li>
-            <a href="<?= $parent->url("show={$theme->item()->id}") ?>">
+            <!-- Adding ?show=<id> causes Gallery3 to display the page
+                 containing that photo.  For now, we just do it for
+                 the immediate parent so that when you go back up a
+                 level you're on the right page. -->
+            <a href="<?= $parent->url($parent == $theme->item()->parent() ?
+                     "show={$theme->item()->id}" : null) ?>">
               <?= html::purify($parent->title) ?>
             </a>
           </li>