diff options
45 files changed, 960 insertions, 150 deletions
diff --git a/application/config/config.php b/application/config/config.php index d6da2ad1..6a30d91c 100644 --- a/application/config/config.php +++ b/application/config/config.php @@ -23,34 +23,34 @@ * then a full URL will be used, eg: http://localhost/kohana/. If it only includes * the path, and a site_protocol is specified, the domain will be auto-detected. */ -$config['site_domain'] = dirname($_SERVER['SCRIPT_NAME']); +$config["site_domain"] = dirname($_SERVER["SCRIPT_NAME"]); /** * Force a default protocol to be used by the site. If no site_protocol is * specified, then the current protocol is used, or when possible, only an * absolute path (with no protocol/domain) is used. */ -$config['site_protocol'] = ''; +$config["site_protocol"] = ""; /** * Name of the front controller for this application. Default: index.php * * This can be removed by using URL rewriting. */ -$config['index_page'] = 'index.php'; +$config["index_page"] = "index.php"; /** * Fake file extension that will be added to all generated URLs. Example: .html */ -$config['url_suffix'] = ''; +$config["url_suffix"] = ""; /** * Length of time of the internal cache in seconds. 0 or FALSE means no caching. * The internal cache stores file paths and config entries across requests and * can give significant speed improvements at the expense of delayed updating. */ -$config['internal_cache'] = FALSE; -$config['internal_cache_path'] = VARPATH . "tmp/"; +$config["internal_cache"] = FALSE; +$config["internal_cache_path"] = VARPATH . "tmp/"; /** * Enable or disable gzip output compression. This can dramatically decrease @@ -59,20 +59,20 @@ $config['internal_cache_path'] = VARPATH . "tmp/"; * * Do not enable this option if you are using output compression in php.ini! */ -$config['output_compression'] = FALSE; +$config["output_compression"] = FALSE; /** * Enable or disable global XSS filtering of GET, POST, and SERVER data. This * option also accepts a string to specify a specific XSS filtering tool. */ -$config['global_xss_filtering'] = TRUE; +$config["global_xss_filtering"] = TRUE; /** * Enable or disable hooks. Setting this option to TRUE will enable * all hooks. By using an array of hook filenames, you can control * which hooks are enabled. Setting this option to FALSE disables hooks. */ -$config['enable_hooks'] = TRUE; +$config["enable_hooks"] = TRUE; /** * Log thresholds: @@ -82,21 +82,21 @@ $config['enable_hooks'] = TRUE; * 3 - Notices * 4 - Debugging */ -$config['log_threshold'] = 3; +$config["log_threshold"] = 3; /** * Message logging directory. */ -$config['log_directory'] = VARPATH . "logs"; -if (@!is_writable($config['log_directory'])) { - $config['log_threshold'] = 0; +$config["log_directory"] = VARPATH . "logs"; +if (@!is_writable($config["log_directory"])) { + $config["log_threshold"] = 0; } /** * Enable or disable displaying of Kohana error pages. This will not affect * logging. Turning this off will disable ALL error pages. */ -$config['display_errors'] = TRUE; +$config["display_errors"] = TRUE; /** * Enable or disable statistics in the final output. Stats are replaced via @@ -104,33 +104,33 @@ $config['display_errors'] = TRUE; * * @see http://docs.kohanaphp.com/general/configuration */ -$config['render_stats'] = TRUE; +$config["render_stats"] = TRUE; /** * Filename prefixed used to determine extensions. For example, an * extension to the Controller class would be named MY_Controller.php. */ -$config['extension_prefix'] = 'MY_'; +$config["extension_prefix"] = "MY_"; /** * Additional resource paths, or "modules". Each path can either be absolute * or relative to the docroot. Modules can include any resource that can exist * in your application directory, configuration files, controllers, views, etc. */ -$config['modules'] = array( - MODPATH . 'forge', - MODPATH . 'gallery', // gallery must be *last* in the order +$config["modules"] = array( + MODPATH . "forge", + MODPATH . "gallery", // gallery must be *last* in the order ); if (TEST_MODE) { - array_splice($config['modules'], 0, 0, - array(MODPATH . 'gallery_unit_test', - MODPATH . 'unit_test')); + array_splice($config["modules"], 0, 0, + array(MODPATH . "gallery_unit_test", + MODPATH . "unit_test")); } /** * Setting the maintenance_mode to block all non administrative access. In * this mode a user can attempt to logon, but will be unable to access anything. - * The application will be have normally if an adminstrator logs on. + * The application will behave normally if an adminstrator logs on. */ //$config["maintenance_mode"] = true; diff --git a/modules/comment/views/admin_block_recent_comments.html.php b/modules/comment/views/admin_block_recent_comments.html.php index d7b8d2b0..d5aab84c 100644 --- a/modules/comment/views/admin_block_recent_comments.html.php +++ b/modules/comment/views/admin_block_recent_comments.html.php @@ -4,13 +4,13 @@ <li class="<?= ($i % 2 == 0) ? "gEvenRow" : "gOddRow" ?>"> <img src="<?= $comment->author()->avatar_url(32, $theme->url("images/avatar.jpg", true)) ?>" class="gAvatar" - alt="<?= $comment->author_name() ?>" + alt="<?= p::clean($comment->author_name()) ?>" width="32" height="32" /> <?= date("Y-M-d H:i:s", $comment->created) ?> <?= t("<a href=#>%author_name</a> said <em>%comment_text</em>", - array("author_name" => $comment->author_name(), - "comment_text" => text::limit_words($comment->text, 50))); ?> + array("author_name" => p::clean($comment->author_name()), + "comment_text" => text::limit_words(p::clean($comment->text), 50))); ?> </li> <? endforeach ?> </ul> diff --git a/modules/comment/views/admin_comments.html.php b/modules/comment/views/admin_comments.html.php index 16816636..79bdb1f3 100644 --- a/modules/comment/views/admin_comments.html.php +++ b/modules/comment/views/admin_comments.html.php @@ -108,12 +108,12 @@ <a href="#"> <img src="<?= $comment->author()->avatar_url(40, $theme->url("images/avatar.jpg", true)) ?>" class="gAvatar" - alt="<?= $comment->author_name() ?>" + alt="<?= p::clean($comment->author_name()) ?>" width="40" height="40" /> </a> - <p><a href="mailto:<?= $comment->author_email() ?>" - title="<?= $comment->author_email() ?>"> <?= $comment->author_name() ?> </a></p> + <p><a href="mailto:<?= p::clean($comment->author_email()) ?>" + title="<?= p::clean($comment->author_email()) ?>"> <?= p::clean($comment->author_name()) ?> </a></p> </td> <td> <div class="right"> @@ -122,7 +122,7 @@ <a href="<?= $item->url() ?>"> <? if ($item->has_thumb()): ?> <img src="<?= $item->thumb_url() ?>" - alt="<?= $item->title ?>" + alt="<?= p::clean($item->title) ?>" <?= photo::img_dimensions($item->thumb_width, $item->thumb_height, 75) ?> /> <? else: ?> @@ -132,7 +132,7 @@ </div> </div> <p><?= date("Y-M-d", $comment->created); ?></p> - <?= $comment->text ?> + <?= p::clean($comment->text) ?> </td> <td> <ul class="gButtonSetVertical"> diff --git a/modules/comment/views/comment.html.php b/modules/comment/views/comment.html.php index 1a674142..0337173b 100644 --- a/modules/comment/views/comment.html.php +++ b/modules/comment/views/comment.html.php @@ -4,14 +4,14 @@ <a href="#"> <img src="<?= $comment->author()->avatar_url(40, $theme->url("images/avatar.jpg", true)) ?>" class="gAvatar" - alt="<?= $comment->author_name() ?>" + alt="<?= p::clean($comment->author_name()) ?>" width="40" height="40" /> </a> <?= t("on ") . date("Y-M-d H:i:s", $comment->created) ?> - <a href="#"><?= $comment->author_name() ?></a> <?= t("said") ?> + <a href="#"><?= p::clean($comment->author_name()) ?></a> <?= t("said") ?> </p> <div> - <?= $comment->text ?> + <?= p::clean($comment->text) ?> </div> </li> diff --git a/modules/comment/views/comments.html.php b/modules/comment/views/comments.html.php index 25928ab5..95f07baf 100644 --- a/modules/comment/views/comments.html.php +++ b/modules/comment/views/comments.html.php @@ -12,16 +12,16 @@ <a href="#"> <img src="<?= $comment->author()->avatar_url(40, $theme->url("images/avatar.jpg", true)) ?>" class="gAvatar" - alt="<?= $comment->author_name() ?>" + alt="<?= p::clean($comment->author_name()) ?>" width="40" height="40" /> </a> <?= t("on %date <a href=#>%name</a> said", array("date" => date("Y-M-d H:i:s", $comment->created), - "name" => $comment->author_name())); ?> + "name" => p::clean($comment->author_name()))); ?> </p> <div> - <?= $comment->text ?> + <?= p::clean($comment->text) ?> </div> </li> <? endforeach ?> diff --git a/modules/exif/views/exif_dialog.html.php b/modules/exif/views/exif_dialog.html.php index d7985a30..6494b2b0 100644 --- a/modules/exif/views/exif_dialog.html.php +++ b/modules/exif/views/exif_dialog.html.php @@ -14,14 +14,14 @@ <?= $details[$i]["caption"] ?> </td> <td class="gOdd"> - <?= $details[$i]["value"] ?> + <?= p::clean($details[$i]["value"]) ?> </td> <? if (!empty($details[++$i])): ?> <td class="gEven"> <?= $details[$i]["caption"] ?> </td> <td class="gOdd"> - <?= $details[$i]["value"] ?> + <?= p::clean($details[$i]["value"]) ?> </td> <? else: ?> <td class="gEven"></td><td class="gOdd"></td> diff --git a/modules/gallery/helpers/gallery_menu.php b/modules/gallery/helpers/gallery_menu.php index 0f0e676d..09c2d91a 100644 --- a/modules/gallery/helpers/gallery_menu.php +++ b/modules/gallery/helpers/gallery_menu.php @@ -28,8 +28,8 @@ class gallery_menu_Core { $item = $theme->item(); - $can_edit = access::can("edit", $item) || $is_admin; - $can_add = access::can("add", $item) || $is_admin; + $can_edit = $item && access::can("edit", $item) || $is_admin; + $can_add = $item && (access::can("add", $item) || $is_admin); if ($item && $can_edit || $can_add) { $menu->append($options_menu = Menu::factory("submenu") diff --git a/modules/gallery/helpers/p.php b/modules/gallery/helpers/p.php new file mode 100644 index 00000000..69032840 --- /dev/null +++ b/modules/gallery/helpers/p.php @@ -0,0 +1,33 @@ +<?php defined("SYSPATH") or die("No direct script access."); +/** + * Gallery - a web based photo album viewer and editor + * Copyright (C) 2000-2009 Bharat Mediratta + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or (at + * your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. + */ +class p_Core { + static function attr($dirty_html) { + // return $dirty_html; + return htmlentities($dirty_html, ENT_QUOTES); + // return str_replace('"', '"', $dirty_html); + // return str_replace('"', '"', Purify::instance()->purify($dirty_html)); + } + + function clean($dirty_html) { + // return $dirty_html; + return htmlentities($dirty_html, ENT_QUOTES); + // return Purify::instance()->purify($dirty_html); + } +} diff --git a/modules/gallery/tests/Xss_Security_Test.php b/modules/gallery/tests/Xss_Security_Test.php new file mode 100644 index 00000000..8bee8c42 --- /dev/null +++ b/modules/gallery/tests/Xss_Security_Test.php @@ -0,0 +1,137 @@ +<?php defined("SYSPATH") or die("No direct script access."); +/** + * Gallery - a web based photo album viewer and editor + * Copyright (C) 2000-2009 Bharat Mediratta + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or (at + * your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. + */ +class Xss_Security_Test extends Unit_Test_Case { + + static function scan_php_file($file, &$cache) { + $code = file_get_contents($file); + $raw_tokens = token_get_all($code); + unset($code); + + $tokens = array(); + $func_token_list = array("t" => array(), "t2" => array()); + $token_number = 0; + // Filter out HTML / whitespace, and build a lookup for global function calls. + foreach ($raw_tokens as $token) { + if ((!is_array($token)) || (($token[0] != T_WHITESPACE) && ($token[0] != T_INLINE_HTML))) { + if (is_array($token)) { + if ($token[0] == T_STRING && in_array($token[1], array("t", "t2"))) { + $func_token_list[$token[1]][] = $token_number; + } + } + $tokens[] = $token; + $token_number++; + } + } + unset($raw_tokens); + + if (!empty($func_token_list["t"])) { + l10n_scanner::_parse_t_calls($tokens, $func_token_list["t"], $cache); + } + if (!empty($func_token_list["t2"])) { + l10n_scanner::_parse_plural_calls($tokens, $func_token_list["t2"], $cache); + } + } + + public function find_unescaped_variables_in_views_test() { + foreach (glob("*/*/views/*.php") as $view) { + $expr = null; + $line = null; + $level = 0; + $php = 0; + $str = null; + $in_p_clean = 0; + foreach (token_get_all(file_get_contents($view)) as $token) { + if (false /* useful for debugging */) { + if (is_array($token)) { + printf("[$str] [$in_p_clean] %-15s %s\n", token_name($token[0]), $token[1]); + } else { + printf("[$str] [$in_p_clean] %-15s %s\n", "<char>", $token); + } + } + + // If we find a "(" after a "p::clean" then start counting levels of parens and assume + // that we're inside a p::clean() call until we find the matching close paren. + if ($token[0] == "(" && $str == "p::clean") { + $in_p_clean = 1; + } else if ($token[0] == "(" && $in_p_clean) { + $in_p_clean++; + } else if ($token[0] == ")" && $in_p_clean) { + $in_p_clean--; + } + + // Concatenate runs of strings for convenience, which we use above to figure out if we're + // inside a p::clean() call or not + if ($token[0] == T_STRING || $token[0] == T_DOUBLE_COLON) { + $str .= $token[1]; + } else { + $str = null; + } + + // Scan for any occurrences of < ? = $variable ? > and store it in $expr + if ($token[0] == T_OPEN_TAG_WITH_ECHO) { + $php++; + } else if ($php && $token[0] == T_CLOSE_TAG) { + $php--; + } else if ($php && $token[0] == T_VARIABLE) { + if (!$expr) { + $entry = array($token[2], $in_p_clean); + } + $expr .= $token[1]; + } else if ($expr) { + if ($token[0] == T_OBJECT_OPERATOR) { + $expr .= $token[1]; + } else if ($token[0] == T_STRING) { + $expr .= $token[1]; + } else if ($token == "(") { + $expr .= $token; + $level++; + } else if ($level > 0 && $token == ")") { + $expr .= $token; + $level--; + } else if ($level > 0) { + $expr .= is_array($token) ? $token[1] : $token; + } else { + $entry[] = $expr; + $found[$view][] = $entry; + $expr = null; + $entry = null; + } + } + } + } + + $canonical = MODPATH . "gallery/tests/xss_data.txt"; + $new = TMPPATH . "xss_data.txt"; + $fd = fopen($new, "wb"); + ksort($found); + foreach ($found as $view => $entries) { + foreach ($entries as $entry) { + fwrite($fd, + sprintf("%-60s %-3s %-5s %s\n", + $view, $entry[0], $entry[1] ? "CLEAN" : "DIRTY", $entry[2])); + } + } + fclose($fd); + + exec("diff $canonical $new", $output, $return_value); + $this->assert_false( + $return_value, "XSS golden file mismatch. Output:\n" . implode("\n", $output) ); + } +} diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt new file mode 100644 index 00000000..68bf2302 --- /dev/null +++ b/modules/gallery/tests/xss_data.txt @@ -0,0 +1,618 @@ +modules/akismet/views/admin_akismet.html.php 14 DIRTY $form +modules/akismet/views/admin_akismet_stats.html.php 9 DIRTY $api_key +modules/akismet/views/admin_akismet_stats.html.php 9 DIRTY $blog_url +modules/comment/views/admin_block_recent_comments.html.php 4 DIRTY $i +modules/comment/views/admin_block_recent_comments.html.php 5 DIRTY $comment->author()->avatar_url(32, $theme->url("images/avatar.jpg", true)) +modules/comment/views/admin_block_recent_comments.html.php 7 CLEAN $comment->author_name() +modules/comment/views/admin_block_recent_comments.html.php 10 DIRTY $comment->created +modules/comment/views/admin_block_recent_comments.html.php 12 CLEAN $comment->author_name() +modules/comment/views/admin_block_recent_comments.html.php 13 CLEAN $comment->text +modules/comment/views/admin_comments.html.php 4 DIRTY $csrf +modules/comment/views/admin_comments.html.php 15 DIRTY $csrf +modules/comment/views/admin_comments.html.php 42 DIRTY $menu +modules/comment/views/admin_comments.html.php 65 DIRTY $spam_caught +modules/comment/views/admin_comments.html.php 72 DIRTY $counts->spam +modules/comment/views/admin_comments.html.php 75 DIRTY $csrf +modules/comment/views/admin_comments.html.php 106 DIRTY $comment->id +modules/comment/views/admin_comments.html.php 106 DIRTY $i +modules/comment/views/admin_comments.html.php 109 DIRTY $comment->author()->avatar_url(40, $theme->url("images/avatar.jpg", true)) +modules/comment/views/admin_comments.html.php 111 CLEAN $comment->author_name() +modules/comment/views/admin_comments.html.php 115 CLEAN $comment->author_email() +modules/comment/views/admin_comments.html.php 116 CLEAN $comment->author_email() +modules/comment/views/admin_comments.html.php 116 CLEAN $comment->author_name() +modules/comment/views/admin_comments.html.php 122 DIRTY $item->url() +modules/comment/views/admin_comments.html.php 124 DIRTY $item->thumb_url() +modules/comment/views/admin_comments.html.php 125 CLEAN $item->title +modules/comment/views/admin_comments.html.php 126 DIRTY $item->thumb_width +modules/comment/views/admin_comments.html.php 126 DIRTY $item->thumb_height +modules/comment/views/admin_comments.html.php 134 DIRTY $comment->created +modules/comment/views/admin_comments.html.php 135 CLEAN $comment->text +modules/comment/views/admin_comments.html.php 141 DIRTY $comment->id +modules/comment/views/admin_comments.html.php 150 DIRTY $comment->id +modules/comment/views/admin_comments.html.php 159 DIRTY $comment->id +modules/comment/views/admin_comments.html.php 167 DIRTY $comment->id +modules/comment/views/admin_comments.html.php 174 DIRTY $comment->id +modules/comment/views/admin_comments.html.php 181 DIRTY $comment->id +modules/comment/views/admin_comments.html.php 194 DIRTY $pager +modules/comment/views/comment.html.php 2 DIRTY $comment->id +modules/comment/views/comment.html.php 5 DIRTY $comment->author()->avatar_url(40, $theme->url("images/avatar.jpg", true)) +modules/comment/views/comment.html.php 7 CLEAN $comment->author_name() +modules/comment/views/comment.html.php 11 DIRTY $comment->created +modules/comment/views/comment.html.php 12 CLEAN $comment->author_name() +modules/comment/views/comment.html.php 15 CLEAN $comment->text +modules/comment/views/comments.html.php 10 DIRTY $comment->id +modules/comment/views/comments.html.php 13 DIRTY $comment->author()->avatar_url(40, $theme->url("images/avatar.jpg", true)) +modules/comment/views/comments.html.php 15 CLEAN $comment->author_name() +modules/comment/views/comments.html.php 20 DIRTY $comment->created +modules/comment/views/comments.html.php 21 CLEAN $comment->author_name() +modules/comment/views/comments.html.php 24 CLEAN $comment->text +modules/exif/views/exif_dialog.html.php 14 DIRTY $details +modules/exif/views/exif_dialog.html.php 14 DIRTY $i +modules/exif/views/exif_dialog.html.php 17 CLEAN $details +modules/exif/views/exif_dialog.html.php 17 CLEAN $i +modules/exif/views/exif_dialog.html.php 21 DIRTY $details +modules/exif/views/exif_dialog.html.php 21 DIRTY $i +modules/exif/views/exif_dialog.html.php 24 CLEAN $details +modules/exif/views/exif_dialog.html.php 24 CLEAN $i +modules/exif/views/exif_sidebar.html.php 2 DIRTY $item->id +modules/g2_import/views/admin_g2_import.html.php 8 DIRTY $form +modules/g2_import/views/admin_g2_import.html.php 26 DIRTY $g2_stats +modules/g2_import/views/admin_g2_import.html.php 29 DIRTY $g2_stats +modules/g2_import/views/admin_g2_import.html.php 32 DIRTY $g2_stats +modules/g2_import/views/admin_g2_import.html.php 35 DIRTY $g2_stats +modules/g2_import/views/admin_g2_import.html.php 38 DIRTY $g2_stats +modules/g2_import/views/admin_g2_import.html.php 41 DIRTY $g2_stats +modules/g2_import/views/admin_g2_import.html.php 45 DIRTY $g2_stats +modules/g2_import/views/admin_g2_import.html.php 53 DIRTY $g2_sizes +modules/g2_import/views/admin_g2_import.html.php 54 DIRTY $thumb_size +modules/g2_import/views/admin_g2_import.html.php 62 DIRTY $g2_sizes +modules/g2_import/views/admin_g2_import.html.php 63 DIRTY $resize_size +modules/gallery/views/admin_advanced_settings.html.php 22 DIRTY $var->module_name +modules/gallery/views/admin_advanced_settings.html.php 23 CLEAN $var->name +modules/gallery/views/admin_advanced_settings.html.php 25 DIRTY $var->module_name +modules/gallery/views/admin_advanced_settings.html.php 25 CLEAN $var->name +modules/gallery/views/admin_advanced_settings.html.php 27 CLEAN $var->name +modules/gallery/views/admin_advanced_settings.html.php 27 DIRTY $var->module_name +modules/gallery/views/admin_advanced_settings.html.php 28 CLEAN $var->value +modules/gallery/views/admin_block_log_entries.html.php 4 DIRTY $entry->severity +modules/gallery/views/admin_block_log_entries.html.php 5 DIRTY $entry->user_id +modules/gallery/views/admin_block_log_entries.html.php 5 CLEAN $entry->user->name +modules/gallery/views/admin_block_log_entries.html.php 6 DIRTY $entry->timestamp +modules/gallery/views/admin_block_log_entries.html.php 7 DIRTY $entry->message +modules/gallery/views/admin_block_log_entries.html.php 8 DIRTY $entry->html +modules/gallery/views/admin_block_news.html.php 5 DIRTY $entry +modules/gallery/views/admin_block_news.html.php 5 DIRTY $entry +modules/gallery/views/admin_block_news.html.php 7 DIRTY $entry +modules/gallery/views/admin_block_photo_stream.html.php 5 DIRTY $photo->id +modules/gallery/views/admin_block_photo_stream.html.php 5 CLEAN $photo->title +modules/gallery/views/admin_block_photo_stream.html.php 6 DIRTY $photo->width +modules/gallery/views/admin_block_photo_stream.html.php 6 DIRTY $photo->height +modules/gallery/views/admin_block_photo_stream.html.php 7 DIRTY $photo->thumb_url() +modules/gallery/views/admin_block_photo_stream.html.php 7 CLEAN $photo->title +modules/gallery/views/admin_block_platform.html.php 16 DIRTY $load_average +modules/gallery/views/admin_block_stats.html.php 7 DIRTY $album_count +modules/gallery/views/admin_block_stats.html.php 10 DIRTY $photo_count +modules/gallery/views/admin_dashboard.html.php 5 DIRTY $csrf +modules/gallery/views/admin_dashboard.html.php 37 DIRTY $blocks +modules/gallery/views/admin_graphics.html.php 6 DIRTY $csrf +modules/gallery/views/admin_graphics.html.php 21 DIRTY $active +modules/gallery/views/admin_graphics.html.php 25 DIRTY $available +modules/gallery/views/admin_graphics_gd.html.php 2 DIRTY $is_active +modules/gallery/views/admin_graphics_gd.html.php 2 DIRTY $tk->gd +modules/gallery/views/admin_graphics_gd.html.php 11 DIRTY $tk->gd +modules/gallery/views/admin_graphics_gd.html.php 19 DIRTY $tk->gd +modules/gallery/views/admin_graphics_graphicsmagick.html.php 2 DIRTY $is_active +modules/gallery/views/admin_graphics_graphicsmagick.html.php 2 DIRTY $tk->graphicsmagick +modules/gallery/views/admin_graphics_graphicsmagick.html.php 11 DIRTY $tk->graphicsmagick +modules/gallery/views/admin_graphics_imagemagick.html.php 2 DIRTY $is_active +modules/gallery/views/admin_graphics_imagemagick.html.php 2 DIRTY $tk->imagemagick +modules/gallery/views/admin_graphics_imagemagick.html.php 11 DIRTY $tk->imagemagick +modules/gallery/views/admin_languages.html.php 5 DIRTY $settings_form +modules/gallery/views/admin_languages.html.php 8 DIRTY $csrf +modules/gallery/views/admin_languages.html.php 14 DIRTY $share_translations_form +modules/gallery/views/admin_maintenance.html.php 23 DIRTY $task->severity +modules/gallery/views/admin_maintenance.html.php 25 DIRTY $task->name +modules/gallery/views/admin_maintenance.html.php 28 DIRTY $task->description +modules/gallery/views/admin_maintenance.html.php 31 DIRTY $task->callback +modules/gallery/views/admin_maintenance.html.php 31 DIRTY $csrf +modules/gallery/views/admin_maintenance.html.php 44 DIRTY $csrf +modules/gallery/views/admin_maintenance.html.php 70 DIRTY $task->state +modules/gallery/views/admin_maintenance.html.php 72 DIRTY $task->updated +modules/gallery/views/admin_maintenance.html.php 75 DIRTY $task->name +modules/gallery/views/admin_maintenance.html.php 86 DIRTY $task->percent_complete +modules/gallery/views/admin_maintenance.html.php 90 DIRTY $task->status +modules/gallery/views/admin_maintenance.html.php 93 CLEAN $task->owner()->name +modules/gallery/views/admin_maintenance.html.php 97 DIRTY $task->id +modules/gallery/views/admin_maintenance.html.php 97 DIRTY $csrf +modules/gallery/views/admin_maintenance.html.php 101 DIRTY $task->id +modules/gallery/views/admin_maintenance.html.php 101 DIRTY $csrf +modules/gallery/views/admin_maintenance.html.php 113 DIRTY $csrf +modules/gallery/views/admin_maintenance.html.php 140 DIRTY $task->state +modules/gallery/views/admin_maintenance.html.php 142 DIRTY $task->updated +modules/gallery/views/admin_maintenance.html.php 145 DIRTY $task->name +modules/gallery/views/admin_maintenance.html.php 157 DIRTY $task->status +modules/gallery/views/admin_maintenance.html.php 160 DIRTY $task->owner()->name +modules/gallery/views/admin_maintenance.html.php 164 DIRTY $task->id +modules/gallery/views/admin_maintenance.html.php 164 DIRTY $csrf +modules/gallery/views/admin_maintenance.html.php 168 DIRTY $task->id +modules/gallery/views/admin_maintenance.html.php 168 DIRTY $csrf +modules/gallery/views/admin_maintenance.html.php 171 DIRTY $task->id +modules/gallery/views/admin_maintenance.html.php 171 DIRTY $csrf +modules/gallery/views/admin_maintenance_task.html.php 5 DIRTY $task->id +modules/gallery/views/admin_maintenance_task.html.php 5 DIRTY $csrf +modules/gallery/views/admin_modules.html.php 19 DIRTY $i +modules/gallery/views/admin_modules.html.php 22 DIRTY $data +modules/gallery/views/admin_modules.html.php 22 DIRTY $module_name +modules/gallery/views/admin_modules.html.php 23 DIRTY $module_info->name +modules/gallery/views/admin_modules.html.php 24 DIRTY $module_info->version +modules/gallery/views/admin_modules.html.php 25 DIRTY $module_info->description +modules/gallery/views/admin_theme_details.html.php 5 DIRTY $form +modules/gallery/views/admin_themes.html.php 5 DIRTY $csrf +modules/gallery/views/admin_themes.html.php 18 DIRTY $site +modules/gallery/views/admin_themes.html.php 19 DIRTY $themes +modules/gallery/views/admin_themes.html.php 19 DIRTY $site +modules/gallery/views/admin_themes.html.php 20 DIRTY $themes +modules/gallery/views/admin_themes.html.php 20 DIRTY $site +modules/gallery/views/admin_themes.html.php 22 DIRTY $themes +modules/gallery/views/admin_themes.html.php 22 DIRTY $site +modules/gallery/views/admin_themes.html.php 33 DIRTY $id +modules/gallery/views/admin_themes.html.php 33 DIRTY $info->name +modules/gallery/views/admin_themes.html.php 34 DIRTY $id +modules/gallery/views/admin_themes.html.php 35 DIRTY $info->name +modules/gallery/views/admin_themes.html.php 36 DIRTY $info->name +modules/gallery/views/admin_themes.html.php 38 DIRTY $info->description +modules/gallery/views/admin_themes.html.php 56 DIRTY $admin +modules/gallery/views/admin_themes.html.php 57 DIRTY $themes +modules/gallery/views/admin_themes.html.php 57 DIRTY $admin +modules/gallery/views/admin_themes.html.php 58 DIRTY $themes +modules/gallery/views/admin_themes.html.php 58 DIRTY $admin +modules/gallery/views/admin_themes.html.php 60 DIRTY $themes +modules/gallery/views/admin_themes.html.php 60 DIRTY $admin +modules/gallery/views/admin_themes.html.php 71 DIRTY $id +modules/gallery/views/admin_themes.html.php 71 DIRTY $info->name +modules/gallery/views/admin_themes.html.php 72 DIRTY $id +modules/gallery/views/admin_themes.html.php 73 DIRTY $info->name +modules/gallery/views/admin_themes.html.php 74 DIRTY $info->name +modules/gallery/views/admin_themes.html.php 76 DIRTY $info->description +modules/gallery/views/admin_themes_preview.html.php 3 DIRTY $type +modules/gallery/views/admin_themes_preview.html.php 3 DIRTY $theme_name +modules/gallery/views/admin_themes_preview.html.php 3 DIRTY $csrf +modules/gallery/views/admin_themes_preview.html.php 4 DIRTY $info->name +modules/gallery/views/admin_themes_preview.html.php 7 DIRTY $url +modules/gallery/views/after_install.html.php 11 CLEAN $user->name +modules/gallery/views/after_install.html.php 15 DIRTY $user->id +modules/gallery/views/kohana_error_page.php 98 DIRTY $message +modules/gallery/views/kohana_error_page.php 100 DIRTY $file +modules/gallery/views/kohana_error_page.php 100 DIRTY $line +modules/gallery/views/kohana_error_page.php 112 DIRTY $trace +modules/gallery/views/kohana_profiler.php 32 DIRTY $profile->render() +modules/gallery/views/kohana_profiler.php 34 DIRTY $execution_time +modules/gallery/views/l10n_client.html.php 13 DIRTY $string +modules/gallery/views/l10n_client.html.php 14 DIRTY $string +modules/gallery/views/l10n_client.html.php 18 DIRTY $l10n_search_form +modules/gallery/views/l10n_client.html.php 25 DIRTY $l10n_form +modules/gallery/views/l10n_client.html.php 29 DIRTY $string_list +modules/gallery/views/move_browse.html.php 4 DIRTY $source->id +modules/gallery/views/move_browse.html.php 39 DIRTY $tree +modules/gallery/views/move_browse.html.php 42 DIRTY $source->id +modules/gallery/views/move_tree.html.php 2 DIRTY $parent->thumb_tag(array(), 25) +modules/gallery/views/move_tree.html.php 4 DIRTY $parent->id +modules/gallery/views/move_tree.html.php 4 CLEAN $parent->title +modules/gallery/views/move_tree.html.php 6 DIRTY $parent->id +modules/gallery/views/move_tree.html.php 6 CLEAN $parent->title +modules/gallery/views/move_tree.html.php 8 DIRTY $parent->id +modules/gallery/views/move_tree.html.php 10 DIRTY $child->id +modules/gallery/views/move_tree.html.php 11 DIRTY $child->thumb_tag(array(), 25) +modules/gallery/views/move_tree.html.php 13 DIRTY $child->id +modules/gallery/views/move_tree.html.php 13 CLEAN $child->title +modules/gallery/views/move_tree.html.php 15 DIRTY $child->id +modules/gallery/views/move_tree.html.php 15 CLEAN $child->title +modules/gallery/views/permissions_browse.html.php 15 DIRTY $csrf +modules/gallery/views/permissions_browse.html.php 37 DIRTY $parent->id +modules/gallery/views/permissions_browse.html.php 38 CLEAN $parent->title +modules/gallery/views/permissions_browse.html.php 40 DIRTY $parent->id +modules/gallery/views/permissions_browse.html.php 44 DIRTY $item->id +modules/gallery/views/permissions_browse.html.php 45 CLEAN $item->title +modules/gallery/views/permissions_browse.html.php 47 DIRTY $item->id +modules/gallery/views/permissions_browse.html.php 48 DIRTY $form +modules/gallery/views/permissions_form.html.php 9 CLEAN $group->name +modules/gallery/views/permissions_form.html.php 15 DIRTY $permission->display_name +modules/gallery/views/permissions_form.html.php 24 DIRTY $lock->id +modules/gallery/views/permissions_form.html.php 32 DIRTY $group->id +modules/gallery/views/permissions_form.html.php 32 DIRTY $permission->id +modules/gallery/views/permissions_form.html.php 32 DIRTY $item->id +modules/gallery/views/permissions_form.html.php 36 DIRTY $group->id +modules/gallery/views/permissions_form.html.php 36 DIRTY $permission->id +modules/gallery/views/permissions_form.html.php 36 DIRTY $item->id +modules/gallery/views/permissions_form.html.php 43 DIRTY $group->id +modules/gallery/views/permissions_form.html.php 43 DIRTY $permission->id +modules/gallery/views/permissions_form.html.php 43 DIRTY $item->id +modules/gallery/views/permissions_form.html.php 47 DIRTY $group->id +modules/gallery/views/permissions_form.html.php 47 DIRTY $permission->id +modules/gallery/views/permissions_form.html.php 47 DIRTY $item->id +modules/gallery/views/permissions_form.html.php 56 DIRTY $group->id +modules/gallery/views/permissions_form.html.php 56 DIRTY $permission->id +modules/gallery/views/permissions_form.html.php 56 DIRTY $item->id +modules/gallery/views/permissions_form.html.php 63 DIRTY $group->id +modules/gallery/views/permissions_form.html.php 63 DIRTY $permission->id +modules/gallery/views/permissions_form.html.php 63 DIRTY $item->id +modules/gallery/views/permissions_form.html.php 74 DIRTY $group->id +modules/gallery/views/permissions_form.html.php 74 DIRTY $permission->id +modules/gallery/views/permissions_form.html.php 74 DIRTY $item->id +modules/gallery/views/permissions_form.html.php 79 DIRTY $group->id +modules/gallery/views/permissions_form.html.php 79 DIRTY $permission->id +modules/gallery/views/permissions_form.html.php 79 DIRTY $item->id +modules/gallery/views/quick_pane.html.php 9 DIRTY $item->id +modules/gallery/views/quick_pane.html.php 9 DIRTY $page_type +modules/gallery/views/quick_pane.html.php 10 DIRTY $title +modules/gallery/views/quick_pane.html.php 12 DIRTY $title +modules/gallery/views/quick_pane.html.php 17 DIRTY $item->id +modules/gallery/views/quick_pane.html.php 17 DIRTY $csrf +modules/gallery/views/quick_pane.html.php 17 DIRTY $page_type +modules/gallery/views/quick_pane.html.php 24 DIRTY $item->id +modules/gallery/views/quick_pane.html.php 24 DIRTY $csrf +modules/gallery/views/quick_pane.html.php 24 DIRTY $page_type +modules/gallery/views/quick_pane.html.php 41 DIRTY $item->id +modules/gallery/views/quick_pane.html.php 42 DIRTY $title +modules/gallery/views/quick_pane.html.php 44 DIRTY $title +modules/gallery/views/quick_pane.html.php 61 DIRTY $disabledState +modules/gallery/views/quick_pane.html.php 61 DIRTY $item->id +modules/gallery/views/quick_pane.html.php 61 DIRTY $csrf +modules/gallery/views/quick_pane.html.php 61 DIRTY $page_type +modules/gallery/views/quick_pane.html.php 62 DIRTY $title +modules/gallery/views/quick_pane.html.php 64 DIRTY $title +modules/gallery/views/quick_pane.html.php 78 DIRTY $item->id +modules/gallery/views/quick_pane.html.php 78 DIRTY $csrf +modules/gallery/views/quick_pane.html.php 78 DIRTY $page_type +modules/gallery/views/quick_pane.html.php 78 DIRTY $message +modules/gallery/views/quick_pane.html.php 78 DIRTY $title +modules/gallery/views/quick_pane.html.php 80 DIRTY $title +modules/gallery/views/quick_pane.html.php 93 DIRTY $item->id +modules/gallery/views/quick_pane.html.php 98 DIRTY $item->id +modules/gallery/views/quick_pane.html.php 103 DIRTY $item->id +modules/gallery/views/simple_uploader.html.php 8 CLEAN $item->title +modules/gallery/views/simple_uploader.html.php 28 CLEAN $parent->title +modules/gallery/views/simple_uploader.html.php 30 CLEAN $item->title +modules/gallery/views/simple_uploader.html.php 77 DIRTY $item->id +modules/gallery/views/simple_uploader.html.php 81 DIRTY $csrf +modules/image_block/views/image_block_block.html.php 3 DIRTY $item->url() +modules/image_block/views/image_block_block.html.php 4 DIRTY $item->thumb_tag(array("class" => "gThumbnail")) +modules/info/views/info_block.html.php 6 CLEAN $item->title +modules/info/views/info_block.html.php 11 CLEAN $item->description +modules/info/views/info_block.html.php 17 CLEAN $item->name +modules/info/views/info_block.html.php 23 DIRTY $item->captured +modules/info/views/info_block.html.php 29 CLEAN $item->owner->name +modules/notification/views/comment_published.html.php 4 CLEAN $subject +modules/notification/views/comment_published.html.php 7 CLEAN $subject +modules/notification/views/comment_published.html.php 11 CLEAN $comment->text +modules/notification/views/comment_published.html.php 15 CLEAN $comment->author_name() +modules/notification/views/comment_published.html.php 19 CLEAN $comment->author_email() +modules/notification/views/comment_published.html.php 23 CLEAN $comment->author_url() +modules/notification/views/comment_published.html.php 28 DIRTY $comment->item()->url(array(), true) +modules/notification/views/comment_published.html.php 29 DIRTY $comment->item()->url(array(), true) +modules/notification/views/item_added.html.php 4 CLEAN $subject +modules/notification/views/item_added.html.php 7 CLEAN $subject +modules/notification/views/item_added.html.php 11 CLEAN $item->title +modules/notification/views/item_added.html.php 16 DIRTY $item->url(array(), true) +modules/notification/views/item_added.html.php 17 DIRTY $item->url(array(), true) +modules/notification/views/item_added.html.php 24 CLEAN $item->description +modules/notification/views/item_deleted.html.php 4 CLEAN $subject +modules/notification/views/item_deleted.html.php 7 CLEAN $subject +modules/notification/views/item_deleted.html.php 12 CLEAN $item->parent()->title +modules/notification/views/item_deleted.html.php 18 DIRTY $item->parent()->url(array(), true) +modules/notification/views/item_deleted.html.php 19 DIRTY $item->parent()->url(array(), true) +modules/notification/views/item_updated.html.php 4 CLEAN $subject +modules/notification/views/item_updated.html.php 7 CLEAN $subject +modules/notification/views/item_updated.html.php 12 CLEAN $new->title +modules/notification/views/item_updated.html.php 15 CLEAN $new->title +modules/notification/views/item_updated.html.php 20 DIRTY $new->url(array(), true) +modules/notification/views/item_updated.html.php 20 DIRTY $new->url(array(), true) +modules/notification/views/item_updated.html.php 25 CLEAN $new->description +modules/notification/views/item_updated.html.php 30 CLEAN $new->description +modules/organize/views/organize.html.php 10 DIRTY $item->id +modules/organize/views/organize.html.php 12 DIRTY $csrf +modules/organize/views/organize.html.php 13 DIRTY $csrf +modules/organize/views/organize.html.php 19 CLEAN $item->title +modules/organize/views/organize.html.php 33 DIRTY $album_tree +modules/organize/views/organize.html.php 48 DIRTY $button_pane +modules/organize/views/organize_album.html.php 3 DIRTY $album->id +modules/organize/views/organize_album.html.php 4 DIRTY $album->id +modules/organize/views/organize_album.html.php 4 DIRTY $album->id +modules/organize/views/organize_album.html.php 5 DIRTY $album_icon +modules/organize/views/organize_album.html.php 5 DIRTY $album_icon +modules/organize/views/organize_album.html.php 8 DIRTY $album->id +modules/organize/views/organize_album.html.php 8 DIRTY $album->id +modules/organize/views/organize_album.html.php 9 DIRTY $selected +modules/organize/views/organize_album.html.php 10 CLEAN $album->title +modules/organize/views/organize_album.html.php 12 DIRTY $album->id +modules/organize/views/organize_album.html.php 13 DIRTY $album_icon +modules/organize/views/organize_album.html.php 14 DIRTY $children +modules/organize/views/organize_edit.html.php 4 DIRTY $idx +modules/organize/views/organize_edit.html.php 4 DIRTY $pane +modules/organize/views/organize_edit.html.php 10 DIRTY $idx +modules/organize/views/organize_edit.html.php 10 DIRTY $pane +modules/organize/views/organize_thumb_grid.html.php 7 DIRTY $child->id +modules/organize/views/organize_thumb_grid.html.php 7 DIRTY $child->id +modules/organize/views/organize_thumb_grid.html.php 8 DIRTY $child->id +modules/organize/views/organize_thumb_grid.html.php 8 DIRTY $item_class +modules/organize/views/organize_thumb_grid.html.php 9 DIRTY $child->thumb_tag(array("class" => "gThumbnail"), $thumbsize, true) +modules/recaptcha/views/admin_recaptcha.html.php 5 DIRTY $form->get_key_url +modules/recaptcha/views/admin_recaptcha.html.php 8 DIRTY $form +modules/recaptcha/views/admin_recaptcha.html.php 21 DIRTY $public_key +modules/rss/views/comment.mrss.php 9 CLEAN $title +modules/rss/views/comment.mrss.php 10 DIRTY $link +modules/rss/views/comment.mrss.php 11 CLEAN $description +modules/rss/views/comment.mrss.php 13 DIRTY $feed_link +modules/rss/views/comment.mrss.php 16 DIRTY $previous_page_link +modules/rss/views/comment.mrss.php 19 DIRTY $next_page_link +modules/rss/views/comment.mrss.php 21 DIRTY $pub_date +modules/rss/views/comment.mrss.php 22 DIRTY $pub_date +modules/rss/views/comment.mrss.php 25 CLEAN $child +modules/rss/views/comment.mrss.php 26 CLEAN $child +modules/rss/views/comment.mrss.php 27 CLEAN $child +modules/rss/views/comment.mrss.php 28 DIRTY $child +modules/rss/views/comment.mrss.php 29 DIRTY $child +modules/rss/views/comment.mrss.php 32 CLEAN $child +modules/rss/views/comment.mrss.php 34 DIRTY $child +modules/rss/views/comment.mrss.php 35 DIRTY $child +modules/rss/views/comment.mrss.php 35 DIRTY $child +modules/rss/views/feed.mrss.php 9 CLEAN $title +modules/rss/views/feed.mrss.php 10 DIRTY $link +modules/rss/views/feed.mrss.php 11 CLEAN $description +modules/rss/views/feed.mrss.php 13 DIRTY $feed_link +modules/rss/views/feed.mrss.php 16 DIRTY $previous_page_link +modules/rss/views/feed.mrss.php 19 DIRTY $next_page_link +modules/rss/views/feed.mrss.php 21 DIRTY $pub_date +modules/rss/views/feed.mrss.php 22 DIRTY $pub_date +modules/rss/views/feed.mrss.php 25 CLEAN $child->title +modules/rss/views/feed.mrss.php 26 DIRTY $child->type +modules/rss/views/feed.mrss.php 26 DIRTY $child->id +modules/rss/views/feed.mrss.php 27 DIRTY $child->type +modules/rss/views/feed.mrss.php 27 DIRTY $child->id +modules/rss/views/feed.mrss.php 28 DIRTY $child->created +modules/rss/views/feed.mrss.php 31 CLEAN $child->description +modules/rss/views/feed.mrss.php 34 DIRTY $child->resize_url(true) +modules/rss/views/feed.mrss.php 35 CLEAN $child->title +modules/rss/views/feed.mrss.php 36 DIRTY $child->resize_height +modules/rss/views/feed.mrss.php 36 DIRTY $child->resize_width +modules/rss/views/feed.mrss.php 38 DIRTY $child->type +modules/rss/views/feed.mrss.php 38 DIRTY $child->id +modules/rss/views/feed.mrss.php 39 DIRTY $child->thumb_url(true) +modules/rss/views/feed.mrss.php 40 CLEAN $child->title +modules/rss/views/feed.mrss.php 41 DIRTY $child->thumb_height +modules/rss/views/feed.mrss.php 41 DIRTY $child->thumb_width +modules/rss/views/feed.mrss.php 43 CLEAN $child->description +modules/rss/views/feed.mrss.php 47 DIRTY $child->thumb_url(true) +modules/rss/views/feed.mrss.php 48 DIRTY $child->thumb_path() +modules/rss/views/feed.mrss.php 49 DIRTY $child->thumb_height +modules/rss/views/feed.mrss.php 50 DIRTY $child->thumb_width +modules/rss/views/feed.mrss.php 54 DIRTY $child->resize_url(true) +modules/rss/views/feed.mrss.php 55 DIRTY $child->resize_path() +modules/rss/views/feed.mrss.php 56 DIRTY $child->mime_type +modules/rss/views/feed.mrss.php 57 DIRTY $child->resize_height +modules/rss/views/feed.mrss.php 58 DIRTY $child->resize_width +modules/rss/views/feed.mrss.php 62 DIRTY $child->file_url(true) +modules/rss/views/feed.mrss.php 63 DIRTY $child->file_path() +modules/rss/views/feed.mrss.php 64 DIRTY $child->mime_type +modules/rss/views/feed.mrss.php 65 DIRTY $child->height +modules/rss/views/feed.mrss.php 66 DIRTY $child->width +modules/rss/views/feed.mrss.php 70 DIRTY $child->file_url(true) +modules/rss/views/feed.mrss.php 71 DIRTY $child->file_path() +modules/rss/views/feed.mrss.php 72 DIRTY $child->height +modules/rss/views/feed.mrss.php 73 DIRTY $child->width +modules/rss/views/feed.mrss.php 74 DIRTY $child->mime_type +modules/rss/views/rss_block.html.php 6 DIRTY $url +modules/rss/views/rss_block.html.php 8 DIRTY $text +modules/search/views/search.html.php 11 CLEAN $q +modules/search/views/search.html.php 30 DIRTY $item_class +modules/search/views/search.html.php 31 DIRTY $item->id +modules/search/views/search.html.php 32 DIRTY $item->thumb_tag() +modules/search/views/search.html.php 34 CLEAN $item->title +modules/search/views/search.html.php 37 CLEAN $item->description +modules/search/views/search.html.php 43 DIRTY $theme->pager() +modules/search/views/search.html.php 47 CLEAN $q +modules/server_add/views/admin_server_add.html.php 11 DIRTY $path +modules/server_add/views/admin_server_add.html.php 11 DIRTY $csrf +modules/server_add/views/admin_server_add.html.php 12 DIRTY $id +modules/server_add/views/admin_server_add.html.php 16 DIRTY $path +modules/server_add/views/admin_server_add.html.php 24 DIRTY $form +modules/server_add/views/server_add_tree.html.php 3 DIRTY $tree_id +modules/server_add/views/server_add_tree.html.php 4 DIRTY $tree_id +modules/server_add/views/server_add_tree.html.php 8 DIRTY $tree_id +modules/server_add/views/server_add_tree.html.php 13 DIRTY $tree_id +modules/server_add/views/server_add_tree.html.php 15 DIRTY $file_info +modules/server_add/views/server_add_tree.html.php 19 CLEAN $file_info +modules/server_add/views/server_add_tree.html.php 19 CLEAN $file +modules/server_add/views/server_add_tree_dialog.html.php 8 CLEAN $album_title +modules/server_add/views/server_add_tree_dialog.html.php 13 CLEAN $parent->title +modules/server_add/views/server_add_tree_dialog.html.php 15 CLEAN $album_title +modules/server_add/views/server_add_tree_dialog.html.php 18 DIRTY $action +modules/server_add/views/server_add_tree_dialog.html.php 20 DIRTY $tree +modules/tag/views/admin_tags.html.php 14 DIRTY $csrf +modules/tag/views/admin_tags.html.php 28 DIRTY $tags->count() +modules/tag/views/admin_tags.html.php 36 DIRTY $current_letter +modules/tag/views/admin_tags.html.php 46 DIRTY $current_letter +modules/tag/views/admin_tags.html.php 51 DIRTY $tag->id +modules/tag/views/admin_tags.html.php 51 CLEAN $tag->name +modules/tag/views/admin_tags.html.php 52 DIRTY $tag->count +modules/tag/views/admin_tags.html.php 53 DIRTY $tag->id +modules/tag/views/tag_block.html.php 3 DIRTY $cloud +modules/tag/views/tag_block.html.php 5 DIRTY $form +modules/tag/views/tag_cloud.html.php 4 DIRTY $tag->count +modules/tag/views/tag_cloud.html.php 4 DIRTY $max_count +modules/tag/views/tag_cloud.html.php 5 DIRTY $tag->count +modules/tag/views/tag_cloud.html.php 6 DIRTY $tag->id +modules/tag/views/tag_cloud.html.php 6 CLEAN $tag->name +modules/user/views/admin_users.html.php 3 DIRTY $csrf +modules/user/views/admin_users.html.php 36 DIRTY $csrf +modules/user/views/admin_users.html.php 67 DIRTY $user->id +modules/user/views/admin_users.html.php 67 DIRTY $user->admin +modules/user/views/admin_users.html.php 68 DIRTY $user->id +modules/user/views/admin_users.html.php 69 DIRTY $user->avatar_url(20, $theme->url("images/avatar.jpg", true)) +modules/user/views/admin_users.html.php 71 CLEAN $user->name +modules/user/views/admin_users.html.php 74 CLEAN $user->name +modules/user/views/admin_users.html.php 77 CLEAN $user->full_name +modules/user/views/admin_users.html.php 80 CLEAN $user->email +modules/user/views/admin_users.html.php 83 DIRTY $user->last_login +modules/user/views/admin_users.html.php 83 DIRTY $user->last_login +modules/user/views/admin_users.html.php 86 DIRTY $user->id +modules/user/views/admin_users.html.php 91 DIRTY $user->id +modules/user/views/admin_users.html.php 121 DIRTY $group->id +modules/user/views/admin_users.html.php 123 DIRTY $v +modules/user/views/admin_users_group.html.php 2 CLEAN $group->name +modules/user/views/admin_users_group.html.php 4 DIRTY $group->id +modules/user/views/admin_users_group.html.php 5 CLEAN $group->name +modules/user/views/admin_users_group.html.php 16 CLEAN $user->name +modules/user/views/admin_users_group.html.php 18 DIRTY $user->id +modules/user/views/admin_users_group.html.php 18 DIRTY $group->id +modules/user/views/admin_users_group.html.php 22 CLEAN $user->name +modules/user/views/admin_users_group.html.php 22 CLEAN $group->name +modules/user/views/login.html.php 11 DIRTY $user->id +modules/user/views/login.html.php 14 CLEAN $user->full_name +modules/user/views/login.html.php 14 CLEAN $user->name +modules/user/views/login.html.php 14 CLEAN $user->full_name +modules/user/views/login_ajax.html.php 37 DIRTY $form +modules/user/views/reset_password.html.php 9 CLEAN $user->full_name +modules/user/views/reset_password.html.php 9 CLEAN $user->full_name +modules/user/views/reset_password.html.php 9 CLEAN $user->name +modules/user/views/reset_password.html.php 12 DIRTY $confirm_url +modules/watermark/views/admin_watermarks.html.php 19 DIRTY $width +modules/watermark/views/admin_watermarks.html.php 19 DIRTY $height +modules/watermark/views/admin_watermarks.html.php 19 DIRTY $url +modules/watermark/views/admin_watermarks.html.php 21 DIRTY $position +themes/admin_default/views/admin.html.php 17 DIRTY $theme->url("css/screen.css") +themes/admin_default/views/admin.html.php 20 DIRTY $theme->url("css/fix-ie.css") +themes/admin_default/views/admin.html.php 29 DIRTY $theme->url("js/jquery.dropshadow.js") +themes/admin_default/views/admin.html.php 30 DIRTY $theme->url("js/ui.init.js") +themes/admin_default/views/admin.html.php 31 DIRTY $theme->admin_head() +themes/admin_default/views/admin.html.php 35 DIRTY $theme->admin_page_top() +themes/admin_default/views/admin.html.php 41 DIRTY $theme->site_status() +themes/admin_default/views/admin.html.php 43 DIRTY $theme->admin_header_top() +themes/admin_default/views/admin.html.php 50 DIRTY $theme->admin_menu() +themes/admin_default/views/admin.html.php 52 DIRTY $theme->admin_header_bottom() +themes/admin_default/views/admin.html.php 58 DIRTY $theme->messages() +themes/admin_default/views/admin.html.php 59 DIRTY $content +themes/admin_default/views/admin.html.php 65 DIRTY $sidebar +themes/admin_default/views/admin.html.php 70 DIRTY $theme->admin_footer() +themes/admin_default/views/admin.html.php 72 DIRTY $theme->admin_credits() +themes/admin_default/views/admin.html.php 76 DIRTY $theme->admin_page_bottom() +themes/admin_default/views/block.html.php 2 DIRTY $id +themes/admin_default/views/block.html.php 2 DIRTY $css_id +themes/admin_default/views/block.html.php 5 DIRTY $id +themes/admin_default/views/block.html.php 5 DIRTY $csrf +themes/admin_default/views/block.html.php 10 DIRTY $title +themes/admin_default/views/block.html.php 13 DIRTY $content +themes/admin_default/views/pager.html.php 9 DIRTY $from_to_msg +themes/admin_default/views/pager.html.php 11 DIRTY $url +themes/admin_default/views/pager.html.php 16 DIRTY $previous_page +themes/admin_default/views/pager.html.php 16 DIRTY $url +themes/admin_default/views/pager.html.php 21 DIRTY $next_page +themes/admin_default/views/pager.html.php 21 DIRTY $url +themes/admin_default/views/pager.html.php 26 DIRTY $last_page +themes/admin_default/views/pager.html.php 26 DIRTY $url +themes/default/views/album.html.php 4 DIRTY $theme->album_top() +themes/default/views/album.html.php 5 CLEAN $item->title +themes/default/views/album.html.php 6 CLEAN $item->description +themes/default/views/album.html.php 15 DIRTY $child->id +themes/default/views/album.html.php 15 DIRTY $item_class +themes/default/views/album.html.php 16 DIRTY $theme->thumb_top($child) +themes/default/views/album.html.php 17 DIRTY $child->url() +themes/default/views/album.html.php 18 DIRTY $child->thumb_tag(array("class" => "gThumbnail")) +themes/default/views/album.html.php 20 DIRTY $theme->thumb_bottom($child) +themes/default/views/album.html.php 21 DIRTY $child->url() +themes/default/views/album.html.php 21 CLEAN $child->title +themes/default/views/album.html.php 23 DIRTY $theme->thumb_info($child) +themes/default/views/album.html.php 28 DIRTY $theme->album_bottom() +themes/default/views/album.html.php 30 DIRTY $theme->pager() +themes/default/views/block.html.php 2 DIRTY $anchor +themes/default/views/block.html.php 3 DIRTY $css_id +themes/default/views/block.html.php 4 DIRTY $title +themes/default/views/block.html.php 6 DIRTY $content +themes/default/views/dynamic.html.php 4 DIRTY $theme->dynamic_top() +themes/default/views/dynamic.html.php 6 CLEAN $tag->name +themes/default/views/dynamic.html.php 11 DIRTY $child->is_album() +themes/default/views/dynamic.html.php 12 DIRTY $theme->thumb_top($child) +themes/default/views/dynamic.html.php 13 DIRTY $child->url() +themes/default/views/dynamic.html.php 14 DIRTY $child->id +themes/default/views/dynamic.html.php 15 DIRTY $child->thumb_url() +themes/default/views/dynamic.html.php 16 DIRTY $child->thumb_width +themes/default/views/dynamic.html.php 17 DIRTY $child->thumb_height +themes/default/views/dynamic.html.php 19 CLEAN $child->title +themes/default/views/dynamic.html.php 20 DIRTY $theme->thumb_bottom($child) +themes/default/views/dynamic.html.php 22 DIRTY $theme->thumb_info($child) +themes/default/views/dynamic.html.php 27 DIRTY $theme->dynamic_bottom() +themes/default/views/dynamic.html.php 29 DIRTY $theme->pager() +themes/default/views/footer.html.php 2 DIRTY $theme->footer() +themes/default/views/footer.html.php 4 DIRTY $footer_text +themes/default/views/footer.html.php 7 DIRTY $theme->credits() +themes/default/views/header.html.php 2 DIRTY $theme->header_top() +themes/default/views/header.html.php 4 DIRTY $header_text +themes/default/views/header.html.php 7 DIRTY $theme->url("images/logo.png") +themes/default/views/header.html.php 12 DIRTY $theme->site_menu() +themes/default/views/header.html.php 15 DIRTY $theme->header_bottom() +themes/default/views/header.html.php 21 DIRTY $parent->id +themes/default/views/header.html.php 21 DIRTY $item->id +themes/default/views/header.html.php 22 CLEAN $parent->title +themes/default/views/header.html.php 26 CLEAN $item->title +themes/default/views/login_page.html.php 10 DIRTY $theme->url("images/favicon.ico") +themes/default/views/login_page.html.php 17 DIRTY $theme->url("css/screen.css") +themes/default/views/login_page.html.php 20 DIRTY $theme->url("css/fix-ie.css") +themes/default/views/login_page.html.php 28 DIRTY $theme->url("js/ui.init.js") +themes/default/views/movie.html.php 4 DIRTY $theme->photo_top() +themes/default/views/movie.html.php 7 DIRTY $position +themes/default/views/movie.html.php 7 DIRTY $sibling_count +themes/default/views/movie.html.php 9 DIRTY $previous_item->url() +themes/default/views/movie.html.php 12 DIRTY $next_item->url() +themes/default/views/movie.html.php 16 DIRTY $item->id +themes/default/views/movie.html.php 17 DIRTY $item->file_url(true) +themes/default/views/movie.html.php 18 DIRTY $item->width +themes/default/views/movie.html.php 18 DIRTY $item->height +themes/default/views/movie.html.php 21 DIRTY $item->id +themes/default/views/movie.html.php 35 CLEAN $item->title +themes/default/views/movie.html.php 36 CLEAN $item->description +themes/default/views/movie.html.php 39 DIRTY $theme->photo_bottom() +themes/default/views/page.html.php 11 CLEAN $item->title +themes/default/views/page.html.php 14 DIRTY $page_title +themes/default/views/page.html.php 16 DIRTY $theme->page_type +themes/default/views/page.html.php 18 DIRTY $theme->url("images/favicon.ico") +themes/default/views/page.html.php 25 DIRTY $theme->url("css/screen.css") +themes/default/views/page.html.php 28 DIRTY $theme->url("css/fix-ie.css") +themes/default/views/page.html.php 37 DIRTY $new_width +themes/default/views/page.html.php 38 DIRTY $new_height +themes/default/views/page.html.php 39 DIRTY $thumb_proportion +themes/default/views/page.html.php 51 DIRTY $theme->url("js/jquery.scrollTo.js") +themes/default/views/page.html.php 52 DIRTY $theme->url("js/jquery.localscroll.js") +themes/default/views/page.html.php 53 DIRTY $theme->url("js/ui.init.js") +themes/default/views/page.html.php 54 DIRTY $theme->head() +themes/default/views/page.html.php 58 DIRTY $theme->page_top() +themes/default/views/page.html.php 60 DIRTY $theme->site_status() +themes/default/views/page.html.php 62 DIRTY $theme->display("header.html") +themes/default/views/page.html.php 68 DIRTY $theme->messages() +themes/default/views/page.html.php 69 DIRTY $content +themes/default/views/page.html.php 74 DIRTY $theme->display("sidebar.html") +themes/default/views/page.html.php 78 DIRTY $theme->display("footer.html") +themes/default/views/page.html.php 81 DIRTY $theme->page_bottom() +themes/default/views/pager.html.php 11 DIRTY $url +themes/default/views/pager.html.php 18 DIRTY $previous_page +themes/default/views/pager.html.php 18 DIRTY $url +themes/default/views/pager.html.php 25 DIRTY $from_to_msg +themes/default/views/pager.html.php 28 DIRTY $next_page +themes/default/views/pager.html.php 28 DIRTY $url +themes/default/views/pager.html.php 35 DIRTY $last_page +themes/default/views/pager.html.php 35 DIRTY $url +themes/default/views/photo.html.php 3 DIRTY $theme->photo_top() +themes/default/views/photo.html.php 8 DIRTY $previous_item->url() +themes/default/views/photo.html.php 15 DIRTY $position +themes/default/views/photo.html.php 15 DIRTY $sibling_count +themes/default/views/photo.html.php 18 DIRTY $next_item->url() +themes/default/views/photo.html.php 28 DIRTY $theme->resize_top($item) +themes/default/views/photo.html.php 32 DIRTY $item->resize_tag(array("id" => "gPhotoId-{$item->id}", "class" => "gResize")) +themes/default/views/photo.html.php 36 DIRTY $theme->resize_bottom($item) +themes/default/views/photo.html.php 40 CLEAN $item->title +themes/default/views/photo.html.php 41 CLEAN $item->description +themes/default/views/photo.html.php 44 DIRTY $theme->photo_bottom() +themes/default/views/sidebar.html.php 2 DIRTY $theme->sidebar_top() +themes/default/views/sidebar.html.php 6 DIRTY $theme->album_menu() +themes/default/views/sidebar.html.php 8 DIRTY $theme->photo_menu() +themes/default/views/sidebar.html.php 13 DIRTY $theme->sidebar_blocks() +themes/default/views/sidebar.html.php 14 DIRTY $theme->sidebar_bottom() diff --git a/modules/gallery/views/admin_advanced_settings.html.php b/modules/gallery/views/admin_advanced_settings.html.php index 9f90d671..77aff050 100644 --- a/modules/gallery/views/admin_advanced_settings.html.php +++ b/modules/gallery/views/admin_advanced_settings.html.php @@ -20,12 +20,12 @@ <? if ($var->module_name == "gallery" && $var->name == "_cache") continue ?> <tr class="setting"> <td> <?= $var->module_name ?> </td> - <td> <?= $var->name ?> </td> + <td> <?= p::clean($var->name) ?> </td> <td> - <a href="<?= url::site("admin/advanced_settings/edit/$var->module_name/$var->name") ?>" + <a href="<?= url::site("admin/advanced_settings/edit/$var->module_name/" . p::clean($var->name)) ?>" class="gDialogLink" - title="<?= t("Edit %var (%module_name)", array("var" => $var->name, "module_name" => $var->module_name)) ?>"> - <?= $var->value ?> + title="<?= t("Edit %var (%module_name)", array("var" => p::clean($var->name), "module_name" => $var->module_name)) ?>"> + <?= p::clean($var->value) ?> </a> </td> </tr> diff --git a/modules/gallery/views/admin_block_log_entries.html.php b/modules/gallery/views/admin_block_log_entries.html.php index db6313e1..5d8f3084 100644 --- a/modules/gallery/views/admin_block_log_entries.html.php +++ b/modules/gallery/views/admin_block_log_entries.html.php @@ -2,7 +2,7 @@ <ul> <? foreach ($entries as $entry): ?> <li class="<?= log::severity_class($entry->severity) ?>"> - <a href="<?= url::site("user/$entry->user_id") ?>"><?= $entry->user->name ?></a> + <a href="<?= url::site("user/$entry->user_id") ?>"><?= p::clean($entry->user->name) ?></a> <?= date("Y-M-d H:i:s", $entry->timestamp) ?> <?= $entry->message ?> <?= $entry->html ?> diff --git a/modules/gallery/views/admin_block_photo_stream.html.php b/modules/gallery/views/admin_block_photo_stream.html.php index e8a4d933..1e1329d1 100644 --- a/modules/gallery/views/admin_block_photo_stream.html.php +++ b/modules/gallery/views/admin_block_photo_stream.html.php @@ -2,9 +2,9 @@ <ul> <? foreach ($photos as $photo): ?> <li class="gItem gPhoto"> - <a href="<?= url::site("photos/$photo->id") ?>" title="<?= $photo->title ?>"> + <a href="<?= url::site("photos/$photo->id") ?>" title="<?= p::clean($photo->title) ?>"> <img <?= photo::img_dimensions($photo->width, $photo->height, 72) ?> - src="<?= $photo->thumb_url() ?>" alt="<?= $photo->title ?>" /> + src="<?= $photo->thumb_url() ?>" alt="<?= p::clean($photo->title) ?>" /> </a> </li> <? endforeach ?> diff --git a/modules/gallery/views/admin_maintenance.html.php b/modules/gallery/views/admin_maintenance.html.php index bc060a7b..66c4eea0 100644 --- a/modules/gallery/views/admin_maintenance.html.php +++ b/modules/gallery/views/admin_maintenance.html.php @@ -90,7 +90,7 @@ <?= $task->status ?> </td> <td> - <?= $task->owner()->name ?> + <?= p::clean($task->owner()->name) ?> </td> <td> <? if ($task->state == "stalled"): ?> diff --git a/modules/gallery/views/after_install.html.php b/modules/gallery/views/after_install.html.php index aa26858a..d6ba8e7c 100644 --- a/modules/gallery/views/after_install.html.php +++ b/modules/gallery/views/after_install.html.php @@ -8,7 +8,7 @@ </p> <p> - <?= t("You're logged in to the <b>%user_name</b> account. The very first thing you should do is to change your password to something that you'll remember.", array("user_name" => $user->name)) ?> + <?= t("You're logged in to the <b>%user_name</b> account. The very first thing you should do is to change your password to something that you'll remember.", array("user_name" => p::clean($user->name))) ?> </p> <p> diff --git a/modules/gallery/views/move_tree.html.php b/modules/gallery/views/move_tree.html.php index a3a4bc8f..91a2f9da 100644 --- a/modules/gallery/views/move_tree.html.php +++ b/modules/gallery/views/move_tree.html.php @@ -1,18 +1,18 @@ <?php defined("SYSPATH") or die("No direct script access.") ?> <?= $parent->thumb_tag(array(), 25); ?> <? if (!access::can("edit", $parent) || $source->is_descendant($parent)): ?> -<a href="javascript:load_tree('<?= $parent->id ?>',1)"> <?= $parent->title ?> <?= t("(locked)") ?> </a> +<a href="javascript:load_tree('<?= $parent->id ?>',1)"> <?= p::clean($parent->title) ?> <?= t("(locked)") ?> </a> <? else: ?> -<a href="javascript:load_tree('<?= $parent->id ?>',0)"> <?= $parent->title ?></a> +<a href="javascript:load_tree('<?= $parent->id ?>',0)"> <?= p::clean($parent->title) ?></a> <? endif ?> <ul id="tree_<?= $parent->id ?>"> <? foreach ($children as $child): ?> <li id="node_<?= $child->id ?>" class="node"> <?= $child->thumb_tag(array(), 25); ?> <? if (!access::can("edit", $child) || $source->is_descendant($child)): ?> - <a href="javascript:load_tree('<?= $child->id ?>',1)"> <?= $child->title ?> <?= t("(locked)") ?></a> + <a href="javascript:load_tree('<?= $child->id ?>',1)"> <?= p::clean($child->title) ?> <?= t("(locked)") ?></a> <? else: ?> - <a href="javascript:load_tree('<?= $child->id ?>',0)"> <?= $child->title ?> </a> + <a href="javascript:load_tree('<?= $child->id ?>',0)"> <?= p::clean($child->title) ?> </a> <? endif ?> </li> <? endforeach ?> diff --git a/modules/gallery/views/permissions_browse.html.php b/modules/gallery/views/permissions_browse.html.php index 749bee4f..5cd9cf82 100644 --- a/modules/gallery/views/permissions_browse.html.php +++ b/modules/gallery/views/permissions_browse.html.php @@ -35,14 +35,14 @@ <? foreach ($parents as $parent): ?> <li> <a href="javascript:show(<?= $parent->id ?>)"> - <?= $parent->title ?> + <?= p::clean($parent->title) ?> </a> <div class="form" id="edit-<?= $parent->id ?>"></div> <ul> <? endforeach ?> <li> <a href="javascript:show(<?= $item->id ?>)"> - <?= $item->title ?> + <?= p::clean($item->title) ?> </a> <div class="form" id="edit-<?= $item->id ?>"> <?= $form ?> diff --git a/modules/gallery/views/permissions_form.html.php b/modules/gallery/views/permissions_form.html.php index 94103705..adf2bd94 100644 --- a/modules/gallery/views/permissions_form.html.php +++ b/modules/gallery/views/permissions_form.html.php @@ -6,7 +6,7 @@ <tr> <th> </th> <? foreach ($groups as $group): ?> - <th> <?= $group->name ?> </th> + <th> <?= p::clean($group->name) ?> </th> <? endforeach ?> </tr> diff --git a/modules/gallery/views/simple_uploader.html.php b/modules/gallery/views/simple_uploader.html.php index b6725c31..abda6d26 100644 --- a/modules/gallery/views/simple_uploader.html.php +++ b/modules/gallery/views/simple_uploader.html.php @@ -5,7 +5,7 @@ <!-- hack to set the title for the dialog --> <form id="gAddPhotosForm" action="<?= url::site("simple_uploader/finish") ?>"> <fieldset> - <legend> <?= t("Add photos to %album_title", array("album_title" => $item->title)) ?> </legend> + <legend> <?= t("Add photos to %album_title", array("album_title" => p::clean($item->title))) ?> </legend> </fieldset> </form> @@ -25,9 +25,9 @@ </p> <ul class="gBreadcrumbs"> <? foreach ($item->parents() as $parent): ?> - <li> <?= $parent->title ?> </li> + <li> <?= p::clean($parent->title) ?> </li> <? endforeach ?> - <li class="active"> <?= $item->title ?> </li> + <li class="active"> <?= p::clean($item->title) ?> </li> </ul> <p><?= t("Upload Queue") ?></p> diff --git a/modules/info/views/info_block.html.php b/modules/info/views/info_block.html.php index 880d5d3e..db664894 100644 --- a/modules/info/views/info_block.html.php +++ b/modules/info/views/info_block.html.php @@ -3,18 +3,18 @@ <tbody> <tr> <th><?= t("Title:") ?></th> - <td><?= $item->title; ?></td> + <td><?= p::clean($item->title) ?></td> </tr> <? if ($item->description): ?> <tr> <th><?= t("Description:") ?></th> - <td><?= $item->description; ?></td> + <td><?= p::clean($item->description) ?></td> </tr> <? endif ?> <? if ($item->id != 1): ?> <tr> <th><?= t("Name:") ?></th> - <td><?= $item->name; ?></td> + <td><?= p::clean($item->name) ?></td> </tr> <? endif ?> <? if ($item->captured): ?> @@ -26,7 +26,7 @@ <? if ($item->owner): ?> <tr> <th><?= t("Owner:") ?></th> - <td><a href="#"><?= $item->owner->name ?></a></td> + <td><a href="#"><?= p::clean($item->owner->name) ?></a></td> </tr> <? endif ?> </tbody> diff --git a/modules/notification/views/comment_published.html.php b/modules/notification/views/comment_published.html.php index 23588c72..ff2ba0bc 100644 --- a/modules/notification/views/comment_published.html.php +++ b/modules/notification/views/comment_published.html.php @@ -1,30 +1,34 @@ <?php defined("SYSPATH") or die("No direct script access.") ?> <html> <head> - <title><?= $subject ?> </title> + <title><?= p::clean($subject) ?> </title> </head> <body> - <h2><?= $subject ?></h2> + <h2><?= p::clean($subject) ?></h2> <table> <tr> <td><?= t("Comment:") ?></td> - <td><?= $comment->text ?></td> + <td><?= p::clean($comment->text) ?></td> </tr> <tr> <td><?= t("Author Name:") ?></td> - <td><?= $comment->author_name() ?></td> + <td><?= p::clean($comment->author_name()) ?></td> </tr> <tr> <td><?= t("Author Email:") ?></td> - <td><?= $comment->author_email() ?></td> + <td><?= p::clean($comment->author_email()) ?></td> </tr> <tr> <td><?= t("Author URL:") ?></td> - <td><?= $comment->author_url() ?></td> + <td><?= p::clean($comment->author_url()) ?></td> </tr> <tr> <td><?= t("Url:") ?></td> - <td><a href="<?= $comment->item()->url(array(), true) ?>#comments"><?= $comment->item()->url(array(), true) ?>#comments</a></td> + <td> + <a href="<?= $comment->item()->url(array(), true) ?>#comments"> + <?= $comment->item()->url(array(), true) ?>#comments + </a> + </td> </tr> </table> </body> diff --git a/modules/notification/views/item_added.html.php b/modules/notification/views/item_added.html.php index b67b9f38..32857c08 100644 --- a/modules/notification/views/item_added.html.php +++ b/modules/notification/views/item_added.html.php @@ -1,23 +1,27 @@ <?php defined("SYSPATH") or die("No direct script access.") ?> <html> <head> - <title><?= $subject ?> </title> + <title><?= p::clean($subject) ?> </title> </head> <body> - <h2><?= $subject ?></h2> + <h2><?= p::clean($subject) ?></h2> <table> <tr> <td><?= t("Title:") ?></td> - <td><?= $item->title ?></td> + <td><?= p::clean($item->title) ?></td> </tr> <tr> <td><?= t("Url:") ?></td> - <td><a href="<?= $item->url(array(), true) ?>"><?= $item->url(array(), true) ?></a></td> + <td> + <a href="<?= $item->url(array(), true) ?>"> + <?= $item->url(array(), true) ?> + </a> + </td> </tr> <? if ($item->description): ?> <tr> <td><?= t("Description:") ?></td> - <td><?= $item->description ?></td> + <td><?= p::clean($item->description) ?></td> </tr> <? endif ?> </table> diff --git a/modules/notification/views/item_deleted.html.php b/modules/notification/views/item_deleted.html.php index ac9ab594..2d6d5738 100644 --- a/modules/notification/views/item_deleted.html.php +++ b/modules/notification/views/item_deleted.html.php @@ -1,20 +1,24 @@ <?php defined("SYSPATH") or die("No direct script access.") ?> <html> <head> - <title><?= $subject ?> </title> + <title><?= p::clean($subject) ?> </title> </head> <body> - <h2><?= $subject ?></h2> + <h2><?= p::clean($subject) ?></h2> <table> <tr> <td colspan="2"> <?= t("To view the changed album %title use the link below.", - array("title" => $item->parent()->title)) ?> + array("title" => p::clean($item->parent()->title))) ?> </td> </tr> <tr> <td><?= t("Url:") ?></td> - <td><a href="<?= $item->parent()->url(array(), true) ?>"><?= $item->parent()->url(array(), true) ?></a></td> + <td> + <a href="<?= $item->parent()->url(array(), true) ?>"> + <?= $item->parent()->url(array(), true) ?> + </a> + </td> </tr> </table> </body> diff --git a/modules/notification/views/item_updated.html.php b/modules/notification/views/item_updated.html.php index cba522e8..0620c50c 100644 --- a/modules/notification/views/item_updated.html.php +++ b/modules/notification/views/item_updated.html.php @@ -1,18 +1,18 @@ <?php defined("SYSPATH") or die("No direct script access.") ?> <html> <head> - <title><?= $subject ?> </title> + <title><?= p::clean($subject) ?> </title> </head> <body> - <h2> <?= $subject ?> </h2> + <h2> <?= p::clean($subject) ?> </h2> <table> <tr> <? if ($old->title != $new->title): ?> <td><?= t("New Title:") ?></td> - <td><?= $new->title ?></td> + <td><?= p::clean($new->title) ?></td> <? else: ?> <td><?= t("Title:") ?></td> - <td><?= $new->title ?></td> + <td><?= p::clean($new->title) ?></td> <? endif ?> </tr> <tr> @@ -22,12 +22,12 @@ <? if ($old->description != $new->description): ?> <tr> <td><?= t("New Description:") ?></td> - <td><?= $new->description ?></td> + <td><?= p::clean($new->description) ?></td> </tr> <? elseif (!empty($new->description)): ?> <tr> <td><?= t("Description:") ?></td> - <td><?= $new->description ?></td> + <td><?= p::clean($new->description) ?></td> </tr> <? endif ?> </table> diff --git a/modules/organize/views/organize.html.php b/modules/organize/views/organize.html.php index 2f2c3a62..6e5bfcea 100644 --- a/modules/organize/views/organize.html.php +++ b/modules/organize/views/organize.html.php @@ -16,7 +16,7 @@ var CONFIRM_DELETE = "<?= t("Do you really want to delete the selected albums an }); </script> <fieldset style="display: none"> - <legend><?= t("Organize %name", array("name" => $item->title)) ?></legend> + <legend><?= t("Organize %name", array("name" => p::clean($item->title))) ?></legend> </fieldset> <div id="doc3" class="yui-t7"> <div id="bd"> diff --git a/modules/organize/views/organize_album.html.php b/modules/organize/views/organize_album.html.php index 9c4d042a..ae2d5d51 100644 --- a/modules/organize/views/organize_album.html.php +++ b/modules/organize/views/organize_album.html.php @@ -7,7 +7,7 @@ <div id="gOrganizeBranch-<?= $album->id ?>" ref="<?= $album->id ?>" class="<?= $selected ? "gBranchSelected" : "" ?> gBranchText"> - <?= $album->title ?> + <?= p::clean($album->title) ?> </div> <div id="gOrganizeChildren-<?= $album->id ?>" class="<?= $album_icon == "ui-icon-plus" ? "gBranchCollapsed" : "" ?>"> diff --git a/modules/rss/views/comment.mrss.php b/modules/rss/views/comment.mrss.php index 8b7e4f70..d2177026 100644 --- a/modules/rss/views/comment.mrss.php +++ b/modules/rss/views/comment.mrss.php @@ -6,9 +6,9 @@ xmlns:fh="http://purl.org/syndication/history/1.0"> <channel> <generator>gallery3</generator> - <title><?= $title ?></title> + <title><?= p::clean($title) ?></title> <link><?= $link ?></link> - <description><?= htmlspecialchars($description) ?></description> + <description><?= p::clean($description) ?></description> <language>en-us</language> <atom:link rel="self" href="<?= $feed_link ?>" type="application/rss+xml" /> <fh:complete/> @@ -22,17 +22,17 @@ <lastBuildDate><?= $pub_date ?></lastBuildDate> <? foreach ($children as $child): ?> <item> - <title><?= $child["title"]?></title> - <link><?= $child["item_link"] ?></link> - <author><?= $child["author"] ?></author> + <title><?= p::clean($child["title"]) ?></title> + <link><?= p::clean($child["item_link"]) ?></link> + <author><?= p::clean($child["author"]) ?></author> <guid isPermaLink="true"><?= $child["item_link"] ?></guid> <pubDate><?= $child["pub_date"] ?></pubDate> <content:encoded> <![CDATA[ - <p><?= $child["text"] ?></p> + <p><?= p::clean($child["text"]) ?></p> <p> <img alt="" src="<?= $child["thumb_url"] ?>" - height="<?= $child["thumb_height"] ?>" width="<?= $child["thumb_width"] ?>" /> + height="<?= $child["thumb_height"] ?>" width="<?= $child["thumb_width"] ?>" /> <br /> </p> ]]> diff --git a/modules/rss/views/feed.mrss.php b/modules/rss/views/feed.mrss.php index c581e5e0..0beebbcf 100644 --- a/modules/rss/views/feed.mrss.php +++ b/modules/rss/views/feed.mrss.php @@ -6,9 +6,9 @@ xmlns:fh="http://purl.org/syndication/history/1.0"> <channel> <generator>gallery3</generator> - <title><?= htmlspecialchars($title) ?></title> + <title><?= p::clean($title) ?></title> <link><?= $link ?></link> - <description><?= htmlspecialchars($description) ?></description> + <description><?= p::clean($description) ?></description> <language>en-us</language> <atom:link rel="self" href="<?= $feed_link ?>" type="application/rss+xml" /> <fh:complete/> @@ -22,25 +22,25 @@ <lastBuildDate><?= $pub_date ?></lastBuildDate> <? foreach ($children as $child): ?> <item> - <title><?= htmlspecialchars($child->title) ?></title> + <title><?= p::clean($child->title) ?></title> <link><?= url::abs_site("{$child->type}s/{$child->id}") ?></link> <guid isPermaLink="true"><?= url::abs_site("{$child->type}s/{$child->id}") ?></guid> <pubDate><?= date("D, d M Y H:i:s T", $child->created); ?></pubDate> <content:encoded> <![CDATA[ - <span><?= $child->description ?></span> + <span><?= p::clean($child->description) ?></span> <p> <? if ($child->type == "photo" || $child->type == "album"): ?> <img alt="" src="<?= $child->resize_url(true) ?>" - title="<?= htmlspecialchars($child->title) ?>" + title="<?= p::clean($child->title) ?>" height="<?= $child->resize_height ?>" width="<?= $child->resize_width ?>" /><br /> <? else: ?> <a href="<?= url::abs_site("{$child->type}s/{$child->id}") ?>"> <img alt="" src="<?= $child->thumb_url(true) ?>" - title="<?= htmlspecialchars($child->title) ?>" + title="<?= p::clean($child->title) ?>" height="<?= $child->thumb_height ?>" width="<?= $child->thumb_width ?>" /></a><br /> <? endif ?> - <?= $child->description ?> + <?= p::clean($child->description) ?> </p> ]]> </content:encoded> diff --git a/modules/rss/views/rss_block.html.php b/modules/rss/views/rss_block.html.php index 10106af9..f964329c 100644 --- a/modules/rss/views/rss_block.html.php +++ b/modules/rss/views/rss_block.html.php @@ -1,13 +1,13 @@ <?php defined("SYSPATH") or die("No direct script access.") ?> <ul id="gFeeds"> -<? foreach($feeds as $text => $url): ?> +<? foreach($feeds as $title => $url): ?> <li style="clear: both;"> <span class="ui-icon-left"> <a href="<?= $url ?>"> <span class="ui-icon ui-icon-signal-diag"></span> - <?= $text ?> + <?= $title ?> </a> </span> </li> <? endforeach ?> -</ul>
\ No newline at end of file +</ul> diff --git a/modules/search/views/search.html.php b/modules/search/views/search.html.php index fb1fd8a9..de4343ae 100644 --- a/modules/search/views/search.html.php +++ b/modules/search/views/search.html.php @@ -8,7 +8,7 @@ <ul> <li> <label for="q"><?= t("Search the gallery") ?></label> - <input name="q" id="q" type="text" value="<?= $q ?>"/> + <input name="q" id="q" type="text" value="<?= p::clean($q) ?>"/> </li> <li> <input type="submit" value="<?= t("Search") ?>" /> @@ -31,10 +31,10 @@ <a href="<?= url::site("items/$item->id") ?>"> <?= $item->thumb_tag() ?> <p> - <?= $item->title ?> + <?= p::clean($item->title) ?> </p> <div> - <?= $item->description ?> + <?= p::clean($item->description) ?> </div> </a> </li> @@ -43,7 +43,9 @@ <?= $theme->pager() ?> <? else: ?> - <p><?= t("No results found for '") . $q . "'" ?></p> + <p> + <?= t("No results found for <b>%term</b>", array("term" => p::clean($q))) ?> + </p> <? endif; ?> </div> diff --git a/modules/server_add/views/server_add_tree.html.php b/modules/server_add/views/server_add_tree.html.php index 69ff09a6..b7b494e4 100644 --- a/modules/server_add/views/server_add_tree.html.php +++ b/modules/server_add/views/server_add_tree.html.php @@ -16,7 +16,7 @@ $("#<?= $tree_id ?>").ready(function() { <? if (!empty($file_info["is_dir"])): ?> <span class="ui-icon ui-icon-plus"></span> <? endif ?> - <label> <?= form::checkbox("checkbox[]", $file_info["path"]) . " $file" ?> </label> + <label> <?= form::checkbox("checkbox[]", p::clean($file_info["path"])) . " " . p::clean($file) ?> </label> </li> <? endforeach ?> </ul> diff --git a/modules/server_add/views/server_add_tree_dialog.html.php b/modules/server_add/views/server_add_tree_dialog.html.php index c8eb6a1c..f600ce60 100644 --- a/modules/server_add/views/server_add_tree_dialog.html.php +++ b/modules/server_add/views/server_add_tree_dialog.html.php @@ -5,14 +5,14 @@ </script> <?= html::script("modules/server_add/js/server_add.js"); ?> <div id="gServerAdd"> - <h1 style="display: none;"><?= sprintf(t("Add Photos to '%s'"), $album_title) ?></h1> + <h1 style="display: none;"><?= t("Add Photos to '%title'", array("title" => p::clean($album_title))) ?></h1> <p id="gDescription"><?= t("Photos will be added to album:") ?></p> <ul class="gBreadcrumbs"> <? foreach ($parents as $parent): ?> - <li><?= $parent->title ?></li> + <li><?= p::clean($parent->title) ?></li> <? endforeach ?> - <li class="active"><?= $album_title ?></li> + <li class="active"><?= p::clean($album_title) ?></li> </ul> <?= form::open($action, array("method" => "post")) ?> diff --git a/modules/tag/views/admin_tags.html.php b/modules/tag/views/admin_tags.html.php index 133b452f..62e3a2a1 100644 --- a/modules/tag/views/admin_tags.html.php +++ b/modules/tag/views/admin_tags.html.php @@ -48,7 +48,7 @@ <? endif ?> <li> - <span id="gTag-<?= $tag->id ?>" class="gEditable tag-name"><?= $tag->name ?></span> + <span id="gTag-<?= $tag->id ?>" class="gEditable tag-name"><?= p::clean($tag->name) ?></span> <span class="understate">(<?= $tag->count ?>)</span> <a href="<?= url::site("admin/tags/form_delete/$tag->id") ?>" class="gDialogLink delete-link gButtonLink"> diff --git a/modules/tag/views/tag_cloud.html.php b/modules/tag/views/tag_cloud.html.php index 9deedb20..eba615fc 100644 --- a/modules/tag/views/tag_cloud.html.php +++ b/modules/tag/views/tag_cloud.html.php @@ -3,7 +3,7 @@ <? foreach ($tags as $tag): ?> <li class="size<?=(int)(($tag->count / $max_count) * 7) ?>"> <span><?= $tag->count ?> photos are tagged with </span> - <a href="<?=url::site("tags/$tag->id") ?>"><?= $tag->name ?></a> + <a href="<?= url::site("tags/$tag->id") ?>"><?= p::clean($tag->name) ?></a> </li> <? endforeach ?> </ul> diff --git a/modules/user/controllers/password.php b/modules/user/controllers/password.php index 8604b7c4..c3e66634 100644 --- a/modules/user/controllers/password.php +++ b/modules/user/controllers/password.php @@ -57,9 +57,8 @@ class Password_Controller extends Controller { $user->hash = md5(rand()); $user->save(); $message = new View("reset_password.html"); - $message->url = url::abs_site("password/do_reset?key=$user->hash"); - $message->name = $user->full_name; - $message->title = t("Password Reset Request"); + $message->confirm_url = url::abs_site("password/do_reset?key=$user->hash"); + $message->user = $user; Sendmail::factory() ->to($user->email) diff --git a/modules/user/views/admin_users.html.php b/modules/user/views/admin_users.html.php index bec74d28..859f3c8e 100644 --- a/modules/user/views/admin_users.html.php +++ b/modules/user/views/admin_users.html.php @@ -68,16 +68,16 @@ <td id="user-<?= $user->id ?>" class="core-info gDraggable"> <img src="<?= $user->avatar_url(20, $theme->url("images/avatar.jpg", true)) ?>" title="<?= t("Drag user onto group below to add as a new member") ?>" - alt="<?= $user->name ?>" + alt="<?= p::clean($user->name) ?>" width="20" height="20" /> - <?= $user->name ?> + <?= p::clean($user->name) ?> </td> <td> - <?= $user->full_name ?> + <?= p::clean($user->full_name) ?> </td> <td> - <?= $user->email ?> + <?= p::clean($user->email) ?> </td> <td> <?= ($user->last_login == 0) ? "" : date("j-M-y", $user->last_login) ?> diff --git a/modules/user/views/admin_users_group.html.php b/modules/user/views/admin_users_group.html.php index a25e687a..820b3031 100644 --- a/modules/user/views/admin_users_group.html.php +++ b/modules/user/views/admin_users_group.html.php @@ -1,8 +1,8 @@ <?php defined("SYSPATH") or die("No direct script access.") ?> -<strong><?= $group->name ?></strong> +<strong><?= p::clean($group->name) ?></strong> <? if (!$group->special): ?> <a href="<?= url::site("admin/users/delete_group_form/$group->id") ?>" - title="<?= t("Delete " . $group->name) ?>" + title="<?= t("Delete %name", array("name" => p::clean($group->name))) ?>" class="gDialogLink gButtonLink ui-state-default ui-corner-all"> <span class="ui-icon ui-icon-trash"><?= t("delete") ?></span></a> <? else: ?> @@ -13,11 +13,15 @@ <ul> <? foreach ($group->users as $i => $user): ?> <li class="gUser"> - <?= $user->name ?> + <?= p::clean($user->name) ?> <? if (!$group->special): ?> <a href="javascript:remove_user(<?= $user->id ?>, <?= $group->id ?>)" class="gButtonLink ui-state-default ui-corner-all ui-icon-left"> - <span class="ui-icon ui-icon-closethick">Remove <?= $user->name ?> from <?= $group->name ?></span></a> + <span class="ui-icon ui-icon-closethick"> + <?= t("Remove %user from %group", + array("user" => p::clean($user->name), "group" => p::clean($group->name))) ?> + </span> + </a> <? endif ?> </li> <? endforeach ?> diff --git a/modules/user/views/login.html.php b/modules/user/views/login.html.php index d9a558b5..cce2fb54 100644 --- a/modules/user/views/login.html.php +++ b/modules/user/views/login.html.php @@ -11,7 +11,7 @@ '<a href="' . url::site("form/edit/users/{$user->id}") . '" title="' . t("Edit Your Profile") . '" id="gUserProfileLink" class="gDialogLink">' . - (empty($user->full_name) ? $user->name : $user->full_name) . '</a>')) ?></li> + p::clean(empty($user->full_name) ? $user->name : $user->full_name) . '</a>')) ?></li> <li><a href="<?= url::site("logout?continue=" . url::current(true)) ?>" id="gLogoutLink"><?= t("Logout") ?></a></li> <? endif; ?> diff --git a/modules/user/views/reset_password.html.php b/modules/user/views/reset_password.html.php index 39845d61..4c4672ee 100644 --- a/modules/user/views/reset_password.html.php +++ b/modules/user/views/reset_password.html.php @@ -1,14 +1,15 @@ <?php defined("SYSPATH") or die("No direct script access.") ?> <html> -<head> - <title><?= $title ?> </title> -</head> -<body> - <h2><?= t("Password Reset Request") ?> </h2> - <p> - <?= sprintf(t("A request to reset your password (user: %s) at %s."), $name, url::base(false, "http")) ?> - <?= sprintf(t("To confirm this request please click on the link below")) ?><br /> - <a href="<?= $url ?>"><?= t("Reset Password") ?></a> - </p> -</body> + <head> + <title><?= t("Password Reset Request") ?> </title> + </head> + <body> + <h2><?= t("Password Reset Request") ?> </h2> + <p> + <?= t("Hello, %name,", array("name" => p::clean($user->full_name ? $user->full_name : $user->name))) ?> + </p> + <p> + <?= t("We received a request to reset your password for <a href=\"%site_url\">%site_url</a>. If you made this request, you can confirm it by <a href=\"%confirm_url\">clicking this link</a>. If you didn't request this password reset, it's ok to ignore this mail.", array("site_url" => url::base(false, "http"), "confirm_url" => $confirm_url)) ?> + </p> + </body> </html> diff --git a/themes/default/views/album.html.php b/themes/default/views/album.html.php index f4baa210..6e17696d 100644 --- a/themes/default/views/album.html.php +++ b/themes/default/views/album.html.php @@ -2,8 +2,8 @@ <? // @todo Set hover on AlbumGrid list items for guest users ?> <div id="gInfo"> <?= $theme->album_top() ?> - <h1><?= $item->title ?></h1> - <div class="gDescription"><?= $item->description ?></div> + <h1><?= p::clean($item->title) ?></h1> + <div class="gDescription"><?= p::clean($item->description) ?></div> </div> <ul id="gAlbumGrid"> @@ -18,7 +18,7 @@ <?= $child->thumb_tag(array("class" => "gThumbnail")) ?> </a> <?= $theme->thumb_bottom($child) ?> - <h2><span></span><a href="<?= $child->url() ?>"><?= $child->title ?></a></h2> + <h2><span></span><a href="<?= $child->url() ?>"><?= p::clean($child->title) ?></a></h2> <ul class="gMetadata"> <?= $theme->thumb_info($child) ?> </ul> diff --git a/themes/default/views/dynamic.html.php b/themes/default/views/dynamic.html.php index 8d2d2123..12b5192c 100644 --- a/themes/default/views/dynamic.html.php +++ b/themes/default/views/dynamic.html.php @@ -3,7 +3,7 @@ <div id="gAlbumHeaderButtons"> <?= $theme->dynamic_top() ?> </div> - <h1><?= $tag->name ?></h1> + <h1><?= p::clean($tag->name) ?></h1> </div> <ul id="gAlbumGrid"> @@ -16,7 +16,7 @@ width="<?= $child->thumb_width ?>" height="<?= $child->thumb_height ?>" /> </a> - <h2><?= $child->title ?></h2> + <h2><?= p::clean($child->title) ?></h2> <?= $theme->thumb_bottom($child) ?> <ul class="gMetadata"> <?= $theme->thumb_info($child) ?> diff --git a/themes/default/views/header.html.php b/themes/default/views/header.html.php index 9d058e35..1e70b7ac 100644 --- a/themes/default/views/header.html.php +++ b/themes/default/views/header.html.php @@ -17,8 +17,12 @@ <? if (!empty($parents)): ?> <ul class="gBreadcrumbs"> <? foreach ($parents as $parent): ?> - <li><a href="<?= url::site("albums/{$parent->id}?show=$item->id") ?>"><?= $parent->title ?></a></li> + <li> + <a href="<?= url::site("albums/{$parent->id}?show=$item->id") ?>"> + <?= p::clean($parent->title) ?> + </a> + </li> <? endforeach ?> - <li class="active"><?= $item->title ?></li> + <li class="active"><?= p::clean($item->title) ?></li> </ul> <? endif ?> diff --git a/themes/default/views/movie.html.php b/themes/default/views/movie.html.php index bde147ad..0cdf63fa 100644 --- a/themes/default/views/movie.html.php +++ b/themes/default/views/movie.html.php @@ -32,8 +32,8 @@ </script> <div id="gInfo"> - <h1><?= $item->title ?></h1> - <div><?= $item->description ?></div> + <h1><?= p::clean($item->title) ?></h1> + <div><?= p::clean($item->description) ?></div> </div> <?= $theme->photo_bottom() ?> diff --git a/themes/default/views/page.html.php b/themes/default/views/page.html.php index e2c03664..5e7101e1 100644 --- a/themes/default/views/page.html.php +++ b/themes/default/views/page.html.php @@ -8,7 +8,7 @@ <? if (empty($page_title)): ?> <?= t("Browse Photos") ?> <? if (!empty($item)): ?> - :: <?= $item->title ?> + :: <?= p::clean($item->title) ?> <? endif ?> <? else: ?> <?= $page_title ?> diff --git a/themes/default/views/photo.html.php b/themes/default/views/photo.html.php index 63846bc1..cc069158 100644 --- a/themes/default/views/photo.html.php +++ b/themes/default/views/photo.html.php @@ -37,8 +37,8 @@ </div> <div id="gInfo"> - <h1><?= $item->title ?></h1> - <div><?= $item->description ?></div> + <h1><?= p::clean($item->title) ?></h1> + <div><?= p::clean($item->description) ?></div> </div> <?= $theme->photo_bottom() ?> |