diff options
85 files changed, 1404 insertions, 1056 deletions
diff --git a/modules/akismet/helpers/akismet.php b/modules/akismet/helpers/akismet.php index db45a6ab..7cd598cd 100644 --- a/modules/akismet/helpers/akismet.php +++ b/modules/akismet/helpers/akismet.php @@ -94,7 +94,7 @@ class akismet_Core { if (empty($api_key)) { site_status::warning( t("Akismet is not quite ready! Please provide an <a href=\"%url\">API Key</a>", - array("url" => url::site("admin/akismet"))), + array("url" => html::mark_safe(url::site("admin/akismet")))), "akismet_config"); } else { site_status::clear("akismet_config"); diff --git a/modules/comment/controllers/comments.php b/modules/comment/controllers/comments.php index 9fb4796e..82b12893 100644 --- a/modules/comment/controllers/comments.php +++ b/modules/comment/controllers/comments.php @@ -39,9 +39,9 @@ class Comments_Controller extends REST_Controller { foreach ($comments as $comment) { $data[] = array( "id" => $comment->id, - "author_name" => p::clean($comment->author_name()), + "author_name" => html::clean($comment->author_name()), "created" => $comment->created, - "text" => nl2br(p::purify($comment->text))); + "text" => nl2br(html::purify($comment->text))); } print json_encode($data); break; @@ -126,9 +126,9 @@ class Comments_Controller extends REST_Controller { array("result" => "success", "data" => array( "id" => $comment->id, - "author_name" => p::clean($comment->author_name()), + "author_name" => html::clean($comment->author_name()), "created" => $comment->created, - "text" => nl2br(p::purify($comment->text))))); + "text" => nl2br(html::purify($comment->text))))); } else { $view = new Theme_View("comment.html", "fragment"); $view->comment = $comment; diff --git a/modules/comment/helpers/comment_rss.php b/modules/comment/helpers/comment_rss.php index e233de59..b539887b 100644 --- a/modules/comment/helpers/comment_rss.php +++ b/modules/comment/helpers/comment_rss.php @@ -23,7 +23,7 @@ class comment_rss_Core { $feeds["comment/newest"] = t("All new comments"); if ($item) { $feeds["comment/item/$item->id"] = - t("Comments on %title", array("title" => p::purify($item->title))); + t("Comments on %title", array("title" => html::purify($item->title))); } return $feeds; } @@ -49,13 +49,13 @@ class comment_rss_Core { $item = $comment->item(); $feed->children[] = new ArrayObject( array("pub_date" => date("D, d M Y H:i:s T", $comment->created), - "text" => nl2br(p::purify($comment->text)), + "text" => nl2br(html::purify($comment->text)), "thumb_url" => $item->thumb_url(), "thumb_height" => $item->thumb_height, "thumb_width" => $item->thumb_width, "item_uri" => url::abs_site("{$item->type}s/$item->id"), - "title" => p::purify($item->title), - "author" => p::clean($comment->author_name())), + "title" => html::purify($item->title), + "author" => html::clean($comment->author_name())), ArrayObject::ARRAY_AS_PROPS); } diff --git a/modules/comment/views/admin_block_recent_comments.html.php b/modules/comment/views/admin_block_recent_comments.html.php index 516a8181..dc3975e0 100644 --- a/modules/comment/views/admin_block_recent_comments.html.php +++ b/modules/comment/views/admin_block_recent_comments.html.php @@ -4,13 +4,13 @@ <li class="<?= ($i % 2 == 0) ? "gEvenRow" : "gOddRow" ?>"> <img src="<?= $comment->author()->avatar_url(32, $theme->url("images/avatar.jpg", true)) ?>" class="gAvatar" - alt="<?= p::clean($comment->author_name()) ?>" + alt="<?= html::clean($comment->author_name()) ?>" width="32" height="32" /> <?= gallery::date_time($comment->created) ?> <?= t('<a href="#">%author_name</a> said <em>%comment_text</em>', - array("author_name" => p::clean($comment->author_name()), - "comment_text" => text::limit_words(nl2br(p::purify($comment->text)), 50))); ?> + array("author_name" => html::clean($comment->author_name()), + "comment_text" => text::limit_words(nl2br(html::purify($comment->text)), 50))); ?> </li> <? endforeach ?> </ul> diff --git a/modules/comment/views/admin_comments.html.php b/modules/comment/views/admin_comments.html.php index 03511d91..801ce2b3 100644 --- a/modules/comment/views/admin_comments.html.php +++ b/modules/comment/views/admin_comments.html.php @@ -108,12 +108,12 @@ <a href="#"> <img src="<?= $comment->author()->avatar_url(40, $theme->url("images/avatar.jpg", true)) ?>" class="gAvatar" - alt="<?= p::clean($comment->author_name()) ?>" + alt="<?= html::clean($comment->author_name()) ?>" width="40" height="40" /> </a> - <p><a href="mailto:<?= p::clean($comment->author_email()) ?>" - title="<?= p::clean($comment->author_email()) ?>"> <?= p::clean($comment->author_name()) ?> </a></p> + <p><a href="mailto:<?= html::clean($comment->author_email()) ?>" + title="<?= html::clean($comment->author_email()) ?>"> <?= html::clean($comment->author_name()) ?> </a></p> </td> <td> <div class="right"> @@ -122,7 +122,7 @@ <a href="<?= $item->url() ?>"> <? if ($item->has_thumb()): ?> <img src="<?= $item->thumb_url() ?>" - alt="<?= p::purify($item->title) ?>" + alt="<?= html::purify($item->title) ?>" <?= photo::img_dimensions($item->thumb_width, $item->thumb_height, 75) ?> /> <? else: ?> @@ -132,7 +132,7 @@ </div> </div> <p><?= gallery::date($comment->created) ?></p> - <?= nl2br(p::purify($comment->text)) ?> + <?= nl2br(html::purify($comment->text)) ?> </td> <td> <ul class="gButtonSetVertical"> diff --git a/modules/comment/views/comment.html.php b/modules/comment/views/comment.html.php index 3d17411c..1d0786cb 100644 --- a/modules/comment/views/comment.html.php +++ b/modules/comment/views/comment.html.php @@ -4,15 +4,15 @@ <a href="#"> <img src="<?= $comment->author()->avatar_url(40, $theme->url("images/avatar.jpg", true)) ?>" class="gAvatar" - alt="<?= p::clean($comment->author_name()) ?>" + alt="<?= html::clean($comment->author_name()) ?>" width="40" height="40" /> </a> <?= t("on %date_time, %author_name said", array("date_time" => gallery::date_time($comment->created), - "author_name" => p::clean($comment->author_name()))) ?> + "author_name" => html::clean($comment->author_name()))) ?> </p> <div> - <?= nl2br(p::purify($comment->text)) ?> + <?= nl2br(html::purify($comment->text)) ?> </div> </li> diff --git a/modules/comment/views/comment.mrss.php b/modules/comment/views/comment.mrss.php index 2b5b13c1..c2a4b538 100644 --- a/modules/comment/views/comment.mrss.php +++ b/modules/comment/views/comment.mrss.php @@ -6,9 +6,9 @@ xmlns:fh="http://purl.org/syndication/history/1.0"> <channel> <generator>Gallery 3</generator> - <title><?= p::clean($feed->title) ?></title> + <title><?= html::clean($feed->title) ?></title> <link><?= $feed->uri ?></link> - <description><?= p::clean($feed->description) ?></description> + <description><?= html::clean($feed->description) ?></description> <language>en-us</language> <atom:link rel="self" href="<?= $feed->uri ?>" type="application/rss+xml" /> <fh:complete/> @@ -22,14 +22,14 @@ <lastBuildDate><?= $pub_date ?></lastBuildDate> <? foreach ($feed->children as $child): ?> <item> - <title><?= p::purify($child->title) ?></title> - <link><?= p::clean($child->item_uri) ?></link> - <author><?= p::clean($child->author) ?></author> + <title><?= html::purify($child->title) ?></title> + <link><?= html::clean($child->item_uri) ?></link> + <author><?= html::clean($child->author) ?></author> <guid isPermaLink="true"><?= $child->item_uri ?></guid> <pubDate><?= $child->pub_date ?></pubDate> <content:encoded> <![CDATA[ - <p><?= nl2br(p::purify($child->text)) ?></p> + <p><?= nl2br(html::purify($child->text)) ?></p> <p> <img alt="" src="<?= $child->thumb_url ?>" height="<?= $child->thumb_height ?>" width="<?= $child->thumb_width ?>" /> diff --git a/modules/comment/views/comments.html.php b/modules/comment/views/comments.html.php index 6dce9971..1e45c946 100644 --- a/modules/comment/views/comments.html.php +++ b/modules/comment/views/comments.html.php @@ -18,16 +18,16 @@ <a href="#"> <img src="<?= $comment->author()->avatar_url(40, $theme->url("images/avatar.jpg", true)) ?>" class="gAvatar" - alt="<?= p::clean($comment->author_name()) ?>" + alt="<?= html::clean($comment->author_name()) ?>" width="40" height="40" /> </a> <?= t('on %date <a href="#">%name</a> said', array("date" => date("Y-M-d H:i:s", $comment->created), - "name" => p::clean($comment->author_name()))); ?> + "name" => html::clean($comment->author_name()))); ?> </p> <div> - <?= nl2br(p::purify($comment->text)) ?> + <?= nl2br(html::purify($comment->text)) ?> </div> </li> <? endforeach ?> diff --git a/modules/digibug/controllers/digibug.php b/modules/digibug/controllers/digibug.php index e0f4b6bf..0939704b 100644 --- a/modules/digibug/controllers/digibug.php +++ b/modules/digibug/controllers/digibug.php @@ -50,7 +50,7 @@ class Digibug_Controller extends Controller { "image_width_1" => $item->width, "thumb_height_1" => $item->thumb_height, "thumb_width_1" => $item->thumb_width, - "title_1" => p::purify($item->title)); + "title_1" => html::purify($item->title)); print $v; } diff --git a/modules/digibug/views/admin_digibug.html.php b/modules/digibug/views/admin_digibug.html.php index 7e4436ff..c4956591 100644 --- a/modules/digibug/views/admin_digibug.html.php +++ b/modules/digibug/views/admin_digibug.html.php @@ -16,7 +16,7 @@ <p> <?= t("You don't need an account with Digibug, but if you <a href=\"%signup_url\">register with Digibug</a> and enter your Digibug id in the <a href=\"%advanced_settings_url\">Advanced Settings</a> page you can make money off of your photos!", array("signup_url" => "http://www.digibug.com/signup.php", - "advanced_settings_url" => url::site("admin/advanced_settings"))) ?> + "advanced_settings_url" => html::mark_safe(url::site("admin/advanced_settings")))) ?> </p> </div> </div> diff --git a/modules/exif/helpers/exif.php b/modules/exif/helpers/exif.php index 20ecd0cb..9a4dbeec 100644 --- a/modules/exif/helpers/exif.php +++ b/modules/exif/helpers/exif.php @@ -164,7 +164,7 @@ class exif_Core { if ($remaining) { site_status::warning( t('Your Exif index needs to be updated. <a href="%url" class="gDialogLink">Fix this now</a>', - array("url" => url::site("admin/maintenance/start/exif_task::update_index?csrf=__CSRF__"))), + array("url" => html::mark_safe(url::site("admin/maintenance/start/exif_task::update_index?csrf=__CSRF__")))), "exif_index_out_of_date"); } } diff --git a/modules/exif/views/exif_dialog.html.php b/modules/exif/views/exif_dialog.html.php index 6494b2b0..11d1e212 100644 --- a/modules/exif/views/exif_dialog.html.php +++ b/modules/exif/views/exif_dialog.html.php @@ -14,14 +14,14 @@ <?= $details[$i]["caption"] ?> </td> <td class="gOdd"> - <?= p::clean($details[$i]["value"]) ?> + <?= html::clean($details[$i]["value"]) ?> </td> <? if (!empty($details[++$i])): ?> <td class="gEven"> <?= $details[$i]["caption"] ?> </td> <td class="gOdd"> - <?= p::clean($details[$i]["value"]) ?> + <?= html::clean($details[$i]["value"]) ?> </td> <? else: ?> <td class="gEven"></td><td class="gOdd"></td> diff --git a/modules/g2_import/helpers/g2_import.php b/modules/g2_import/helpers/g2_import.php index 436cef52..7e5c6f75 100644 --- a/modules/g2_import/helpers/g2_import.php +++ b/modules/g2_import/helpers/g2_import.php @@ -590,7 +590,7 @@ class g2_import_Core { self::map($g2_comment->getId(), $comment->id); return t("Imported comment '%comment' for item with id: %id", array("id" => $comment->item_id, - "comment" => text::limit_words(nl2br(p::purify($comment->text)), 50))); + "comment" => text::limit_words(nl2br(html::purify($comment->text)), 50))); } /** diff --git a/modules/g2_import/views/admin_g2_import.html.php b/modules/g2_import/views/admin_g2_import.html.php index da2bb5d1..fde3464b 100644 --- a/modules/g2_import/views/admin_g2_import.html.php +++ b/modules/g2_import/views/admin_g2_import.html.php @@ -37,9 +37,9 @@ <? if ($g2_sizes["thumb"]["size"] && $thumb_size != $g2_sizes["thumb"]["size"]): ?> <li class="gWarning"> <?= t("Your most common thumbnail size in Gallery 2 is %g2_pixels pixels, but your Gallery 3 thumbnail size is set to %g3_pixels pixels. <a href=\"%url\">Using the same value</a> will speed up your import.", - array("g2_pixels" => $g2_sizes["thumb"]["size"], - "g3_pixels" => $thumb_size, - "url" => url::site("admin/theme_options"))) ?> + array("g2_pixels" => $g2_sizes["thumb"]["size"], + "g3_pixels" => $thumb_size, + "url" => html::mark_safe(url::site("admin/theme_options")))) ?> </li> <? endif ?> @@ -47,8 +47,8 @@ <li class="gWarning"> <?= t("Your most common intermediate size in Gallery 2 is %g2_pixels pixels, but your Gallery 3 thumbnail size is set to %g3_pixels pixels. <a href=\"%url\">Using the same value</a> will speed up your import.", array("g2_pixels" => $g2_sizes["resize"]["size"], - "g3_pixels" => $resize_size, - "url" => url::site("admin/theme_options"))) ?> + "g3_pixels" => $resize_size, + "url" => html::mark_safe(url::site("admin/theme_options")))) ?> </li> <? endif ?> </ul> diff --git a/modules/gallery/controllers/admin_advanced_settings.php b/modules/gallery/controllers/admin_advanced_settings.php index 64007fdb..43c77340 100644 --- a/modules/gallery/controllers/admin_advanced_settings.php +++ b/modules/gallery/controllers/admin_advanced_settings.php @@ -46,7 +46,7 @@ class Admin_Advanced_Settings_Controller extends Admin_Controller { module::set_var($module_name, $var_name, Input::instance()->post("value")); message::success( t("Saved value for %var (%module_name)", - array("var" => p::clean($var_name), "module_name" => $module_name))); + array("var" => html::clean($var_name), "module_name" => $module_name))); print json_encode(array("result" => "success")); } diff --git a/modules/gallery/controllers/admin_languages.php b/modules/gallery/controllers/admin_languages.php index 6dc242c6..d85c47f9 100644 --- a/modules/gallery/controllers/admin_languages.php +++ b/modules/gallery/controllers/admin_languages.php @@ -21,10 +21,10 @@ class Admin_Languages_Controller extends Admin_Controller { public function index($share_translations_form=null) { $v = new Admin_View("admin.html"); $v->content = new View("admin_languages.html"); - $v->content->available_locales = locales::available(); + $v->content->available_locales = locales::available(); $v->content->installed_locales = locales::installed(); $v->content->default_locale = module::get_var("gallery", "default_locale"); - + if (empty($share_translations_form)) { $share_translations_form = $this->_share_translations_form(); } @@ -35,21 +35,21 @@ class Admin_Languages_Controller extends Admin_Controller { public function save() { access::verify_csrf(); - - locales::update_installed($this->input->post("installed_locales")); - - $installed_locales = array_keys(locales::installed()); + + locales::update_installed($this->input->post("installed_locales")); + + $installed_locales = array_keys(locales::installed()); $new_default_locale = $this->input->post("default_locale"); - if (!in_array($new_default_locale, $installed_locales)) { - if (!empty($installed_locales)) { - $new_default_locale = $installed_locales[0]; - } else { - $new_default_locale = "en_US"; - } - } - module::set_var("gallery", "default_locale", $new_default_locale); - - print json_encode(array("result" => "success")); + if (!in_array($new_default_locale, $installed_locales)) { + if (!empty($installed_locales)) { + $new_default_locale = $installed_locales[0]; + } else { + $new_default_locale = "en_US"; + } + } + module::set_var("gallery", "default_locale", $new_default_locale); + + print json_encode(array("result" => "success")); } public function share() { @@ -111,7 +111,7 @@ class Admin_Languages_Controller extends Admin_Controller { $group->input("api_key") ->label(empty($api_key) ? t("This is a unique key that will allow you to send translations to the remote server. To get your API key go to %server-link.", - array("server-link" => html::anchor($server_link))) + array("server-link" => html::mark_safe(html::anchor($server_link)))) : t("API Key")) ->value($api_key) ->error_messages("invalid", t("The API key you provided is invalid.")); diff --git a/modules/gallery/controllers/albums.php b/modules/gallery/controllers/albums.php index cdfa823d..ec3eb426 100644 --- a/modules/gallery/controllers/albums.php +++ b/modules/gallery/controllers/albums.php @@ -112,7 +112,7 @@ class Albums_Controller extends Items_Controller { log::success("content", "Created an album", html::anchor("albums/$new_album->id", "view album")); message::success( - t("Created album %album_title", array("album_title" => p::clean($new_album->title)))); + t("Created album %album_title", array("album_title" => $new_album->title))); print json_encode( array("result" => "success", @@ -145,7 +145,7 @@ class Albums_Controller extends Items_Controller { log::success("content", "Added a photo", html::anchor("photos/$photo->id", "view photo")); message::success( - t("Added photo %photo_title", array("photo_title" => p::clean($photo->title)))); + t("Added photo %photo_title", array("photo_title" => $photo->title))); print json_encode( array("result" => "success", @@ -194,7 +194,7 @@ class Albums_Controller extends Items_Controller { log::success("content", "Updated album", "<a href=\"albums/$album->id\">view</a>"); message::success( - t("Saved album %album_title", array("album_title" => p::clean($album->title)))); + t("Saved album %album_title", array("album_title" => $album->title))); print json_encode( array("result" => "success", diff --git a/modules/gallery/controllers/l10n_client.php b/modules/gallery/controllers/l10n_client.php index 0775791e..16d39024 100644 --- a/modules/gallery/controllers/l10n_client.php +++ b/modules/gallery/controllers/l10n_client.php @@ -90,13 +90,13 @@ class L10n_Client_Controller extends Controller { } $session = Session::instance(); - $l10n_mode = $session->get("l10n_mode", false); + $l10n_mode = $session->get("l10n_mode", false); $session->set("l10n_mode", !$l10n_mode); $redirect_url = "admin/languages"; - if (!$l10n_mode) { - $redirect_url .= "#l10n-client"; - } + if (!$l10n_mode) { + $redirect_url .= "#l10n-client"; + } url::redirect($redirect_url); } diff --git a/modules/gallery/controllers/movies.php b/modules/gallery/controllers/movies.php index c8227d74..09b16759 100644 --- a/modules/gallery/controllers/movies.php +++ b/modules/gallery/controllers/movies.php @@ -93,7 +93,7 @@ class Movies_Controller extends Items_Controller { log::success("content", "Updated photo", "<a href=\"photos/$photo->id\">view</a>"); message::success( - t("Saved photo %photo_title", array("photo_title" => p::clean($photo->title)))); + t("Saved photo %photo_title", array("photo_title" => $photo->title))); print json_encode( array("result" => "success", diff --git a/modules/gallery/controllers/photos.php b/modules/gallery/controllers/photos.php index 8ee24da8..3447b4c6 100644 --- a/modules/gallery/controllers/photos.php +++ b/modules/gallery/controllers/photos.php @@ -86,7 +86,7 @@ class Photos_Controller extends Items_Controller { log::success("content", "Updated photo", "<a href=\"photos/$photo->id\">view</a>"); message::success( - t("Saved photo %photo_title", array("photo_title" => p::clean($photo->title)))); + t("Saved photo %photo_title", array("photo_title" => $photo->title))); print json_encode( array("result" => "success", diff --git a/modules/gallery/controllers/quick.php b/modules/gallery/controllers/quick.php index 82176e02..20731f9c 100644 --- a/modules/gallery/controllers/quick.php +++ b/modules/gallery/controllers/quick.php @@ -75,7 +75,7 @@ class Quick_Controller extends Controller { access::required("view", $item->parent()); access::required("edit", $item->parent()); - $msg = t("Made <b>%title</b> this album's cover", array("title" => p::purify($item->title))); + $msg = t("Made <b>%title</b> this album's cover", array("title" => html::purify($item->title))); item::make_album_cover($item); message::success($msg); @@ -91,10 +91,10 @@ class Quick_Controller extends Controller { if ($item->is_album()) { print t( "Delete the album <b>%title</b>? All photos and movies in the album will also be deleted.", - array("title" => p::purify($item->title))); + array("title" => html::purify($item->title))); } else { print t("Are you sure you want to delete <b>%title</b>?", - array("title" => p::purify($item->title))); + array("title" => html::purify($item->title))); } $form = item::get_delete_form($item); @@ -108,9 +108,9 @@ class Quick_Controller extends Controller { access::required("edit", $item); if ($item->is_album()) { - $msg = t("Deleted album <b>%title</b>", array("title" => p::purify($item->title))); + $msg = t("Deleted album <b>%title</b>", array("title" => html::purify($item->title))); } else { - $msg = t("Deleted photo <b>%title</b>", array("title" => p::purify($item->title))); + $msg = t("Deleted photo <b>%title</b>", array("title" => html::purify($item->title))); } $parent = $item->parent(); diff --git a/modules/gallery/helpers/MY_html.php b/modules/gallery/helpers/MY_html.php new file mode 100644 index 00000000..4522d01c --- /dev/null +++ b/modules/gallery/helpers/MY_html.php @@ -0,0 +1,91 @@ +<?php defined("SYSPATH") or die("No direct script access."); +/** + * Gallery - a web based photo album viewer and editor + * Copyright (C) 2000-2009 Bharat Mediratta + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or (at + * your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. + */ +class html extends html_Core { + /** + * Returns a string that is safe to be used in HTML (XSS protection). + * + * If $html is a string, the returned string will be HTML escaped. + * If $html is a SafeString instance, the returned string may contain + * unescaped HTML which is assumed to be safe. + * + * Example:<pre> + * <div><?= html::clean($php_var) ?> + * </pre> + */ + static function clean($html) { + return new SafeString($html); + } + + /** + * Returns a string that is safe to be used in HTML (XSS protection), + * purifying (filtering) the given HTML to ensure that the result contains + * only non-malicious HTML. + * + * Example:<pre> + * <div><?= html::purify($item->title) ?> + * </pre> + */ + static function purify($html) { + return SafeString::purify($html); + } + + /** + * Flags the given string as safe to be used in HTML (free of malicious HTML/JS). + * + * Example:<pre> + * // Parameters to t() are automatically escaped by default. + * // If the parameter is marked as safe, it won't get escaped. + * t('Go <a href="%url">there</a>', + * array("url" => html::mark_safe(url::current()))) + * </pre> + */ + static function mark_safe($html) { + return SafeString::of_safe_html($html); + } + + /** + * Escapes the given string for use in JavaScript. + * + * Example:<pre> + * <script type="text/javascript>" + * var some_js_string = <?= html::js_string($php_string) ?>; + * </script> + * </pre> + */ + static function js_string($string) { + return SafeString::of($string)->for_js(); + } + + /** + * Returns a string safe for use in HTML element attributes. + * + * Assumes that the HTML element attribute is already + * delimited by single or double quotes + * + * Example:<pre> + * <a title="<?= html::clean_for_attribute($php_var) ?>">; + * </script> + * </pre> + * @return the string escaped for use in HTML attributes. + */ + static function clean_attribute($string) { + return self::clean($string)->for_html_attr(); + } +} diff --git a/modules/gallery/helpers/gallery.php b/modules/gallery/helpers/gallery.php index 122227fc..035ed1da 100644 --- a/modules/gallery/helpers/gallery.php +++ b/modules/gallery/helpers/gallery.php @@ -92,7 +92,7 @@ class gallery_Core { $can_add = $item && access::can("add", $item); if ($can_add) { - $menu->append($add_menu = Menu::factory("submenu") + $menu->append($add_menu = Menu::factory("submenu") ->id("add_menu") ->label(t("Add"))); $add_menu->append(Menu::factory("dialog") @@ -100,11 +100,11 @@ class gallery_Core { ->label(t("Add photos")) ->url(url::site("simple_uploader/app/$item->id"))); if ($item->is_album()) { - $add_menu->append(Menu::factory("dialog") + $add_menu->append(Menu::factory("dialog") ->id("add_album_item") ->label(t("Add an album")) ->url(url::site("form/add/albums/$item->id?type=album"))); - } + } } $menu->append($options_menu = Menu::factory("submenu") diff --git a/modules/gallery/helpers/gallery_rss.php b/modules/gallery/helpers/gallery_rss.php index 8e887368..dee6ae40 100644 --- a/modules/gallery/helpers/gallery_rss.php +++ b/modules/gallery/helpers/gallery_rss.php @@ -53,9 +53,9 @@ class gallery_rss_Core { ->descendants($limit, $offset, array("type" => "photo")); $feed->max_pages = ceil( $item->viewable()->descendants_count(array("type" => "photo")) / $limit); - $feed->title = p::purify($item->title); + $feed->title = html::purify($item->title); $feed->link = url::abs_site("albums/{$item->id}"); - $feed->description = nl2br(p::purify($item->description)); + $feed->description = nl2br(html::purify($item->description)); return $feed; } diff --git a/modules/gallery/helpers/gallery_task.php b/modules/gallery/helpers/gallery_task.php index 9edc3acd..c9557324 100644 --- a/modules/gallery/helpers/gallery_task.php +++ b/modules/gallery/helpers/gallery_task.php @@ -64,10 +64,10 @@ class gallery_task_Core { if (!$success) { $ignored[$item->id] = 1; $errors[] = t("Unable to rebuild images for '%title'", - array("title" => p::purify($item->title))); + array("title" => html::purify($item->title))); } else { $errors[] = t("Successfully rebuilt images for '%title'", - array("title" => p::purify($item->title))); + array("title" => html::purify($item->title))); } } diff --git a/modules/gallery/helpers/graphics.php b/modules/gallery/helpers/graphics.php index a20c58dd..787f8dc3 100644 --- a/modules/gallery/helpers/graphics.php +++ b/modules/gallery/helpers/graphics.php @@ -443,7 +443,7 @@ class graphics_Core { if (!module::get_var("gallery", "graphics_toolkit")) { site_status::warning( t("Graphics toolkit missing! Please <a href=\"%url\">choose a toolkit</a>", - array("url" => url::site("admin/graphics"))), + array("url" => html::mark_safe(url::site("admin/graphics")))), "missing_graphics_toolkit"); } } diff --git a/modules/gallery/helpers/p.php b/modules/gallery/helpers/p.php deleted file mode 100644 index 862c769b..00000000 --- a/modules/gallery/helpers/p.php +++ /dev/null @@ -1,39 +0,0 @@ -<?php defined("SYSPATH") or die("No direct script access."); -/** - * Gallery - a web based photo album viewer and editor - * Copyright (C) 2000-2009 Bharat Mediratta - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or (at - * your option) any later version. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. - */ -class p_Core { - private static $_purifier = null; - static function clean($dirty_html) { - return html::specialchars($dirty_html); - } - - static function purify($dirty_html) { - if (empty(self::$_purifier)) { - require_once(dirname(__file__) . "/../lib/HTMLPurifier/HTMLPurifier.auto.php"); - $config = HTMLPurifier_Config::createDefault(); - foreach (Kohana::config('purifier') as $category => $key_value) { - foreach ($key_value as $key => $value) { - $config->set("$category.$key", $value); - } - } - self::$_purifier = new HTMLPurifier($config); - } - return self::$_purifier->purify($dirty_html); - } -} diff --git a/modules/gallery/libraries/I18n.php b/modules/gallery/libraries/I18n.php index d0531b9a..c3336052 100644 --- a/modules/gallery/libraries/I18n.php +++ b/modules/gallery/libraries/I18n.php @@ -89,6 +89,12 @@ class I18n_Core { /** * Translates a localizable message. + * + * Security: + * The returned string is safe for use in HTML (it contains a safe subset of HTML and + * interpolation parameters are converted to HTML entities). + * For use in JavaScript, please call ->for_js() on it. + * * @param $message String|array The message to be translated. E.g. "Hello world" * or array("one" => "One album", "other" => "%count albums") * @param $options array (optional) Options array for key value pairs which are used @@ -115,7 +121,7 @@ class I18n_Core { $entry = $this->interpolate($locale, $entry, $values); - return $entry; + return SafeString::of_safe_html($entry); } private function lookup($locale, $message) { @@ -184,17 +190,19 @@ class I18n_Core { return is_array($message); } - private function interpolate($locale, $string, $values) { + private function interpolate($locale, $string, $key_values) { // TODO: Handle locale specific number formatting. // Replace x_y before replacing x. - krsort($values, SORT_STRING); + krsort($key_values, SORT_STRING); $keys = array(); - foreach (array_keys($values) as $key) { + $values = array(); + foreach ($key_values as $key => $value) { $keys[] = "%$key"; + $values[] = new SafeString($value); } - return str_replace($keys, array_values($values), $string); + return str_replace($keys, $values, $string); } private function pluralize($locale, $entry, $count) { @@ -419,4 +427,4 @@ class I18n_Core { return $count == 1 ? 'one' : 'other'; } } -}
\ No newline at end of file +} diff --git a/modules/gallery/libraries/MY_ORM.php b/modules/gallery/libraries/MY_ORM.php index de8adc1d..2c9ad1d7 100644 --- a/modules/gallery/libraries/MY_ORM.php +++ b/modules/gallery/libraries/MY_ORM.php @@ -43,6 +43,10 @@ class ORM extends ORM_Core { $this->original = clone $this; } + if ($value instanceof SafeString) { + $value = $value->unescaped(); + } + return parent::__set($column, $value); } diff --git a/modules/gallery/libraries/SafeString.php b/modules/gallery/libraries/SafeString.php new file mode 100644 index 00000000..cc542e01 --- /dev/null +++ b/modules/gallery/libraries/SafeString.php @@ -0,0 +1,169 @@ +<?php defined("SYSPATH") or die("No direct script access."); +/** + * Gallery - a web based photo album viewer and editor + * Copyright (C) 2000-2009 Bharat Mediratta + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or (at + * your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. + */ + +/** + * Safe string representation (regarding security - cross site scripting). + */ +class SafeString_Core { + private $_raw_string; + protected $_is_safe_html = false; + protected $_is_purified_html = false; + + private static $_purifier = null; + + /** Constructor */ + function __construct($string) { + if ($string instanceof SafeString) { + $this->_is_safe_html = $string->_is_safe_html; + $this->_is_purified_html = $string->_is_purified_html; + $string = $string->unescaped(); + } + $this->_raw_string = (string) $string; + } + + /** + * Factory method returning a new SafeString instance for the given string. + */ + static function of($string) { + return new SafeString($string); + } + + /** + * Factory method returning a new SafeString instance after HTML purifying + * the given string. + */ + static function purify($string) { + if ($string instanceof SafeString) { + $string = $string->unescaped(); + } + $safe_string = self::of_safe_html(self::_purify_for_html($string)); + $safe_string->_is_purified_html = true; + return $safe_string; + } + + /** + * Factory method returning a new SafeString instance which won't HTML escape. + */ + static function of_safe_html($string) { + $safe_string = new SafeString($string); + $safe_string->_is_safe_html = true; + return $safe_string; + } + + /** + * Safe for use in HTML. + * @see #for_html() + */ + function __toString() { + if ($this->_is_safe_html) { + return $this->_raw_string; + } else { + return self::_escape_for_html($this->_raw_string); + } + } + + /** + * Safe for use in HTML. + * + * Example:<pre> + * <div><?= $php_var ?> + * </pre> + * @return the string escaped for use in HTML. + */ + function for_html() { + return $this; + } + + /** + * Safe for use as JavaScript string. + * + * Example:<pre> + * <script type="text/javascript>" + * var some_js_var = <?= $php_var->for_js() ?>; + * </script> + * </pre> + * @return the string escaped for use in JavaScript. + */ + function for_js() { + return json_encode((string) $this->_raw_string); + } + + /** + * Safe for use in HTML element attributes. + * + * Assumes that the HTML element attribute is already + * delimited by single or double quotes + * + * Example:<pre> + * <a title="<?= $php_var->for_html_attr() ?>">; + * </script> + * </pre> + * @return the string escaped for use in HTML attributes. + */ + function for_html_attr() { + $string = (string) $this->for_html(); + return strtr($string, + array("'"=>"'", + '"'=>'"')); + } + + /** + * Safe for use HTML (purified HTML) + * + * Example:<pre> + * <div><?= $php_var->purified_html() ?> + * </pre> + * @return the string escaped for use in HTML. + */ + function purified_html() { + if ($this->_is_purified_html) { + return $this; + } else { + return self::purify($this); + } + } + + /** + * Returns the raw, unsafe string. Do not use lightly. + */ + function unescaped() { + return $this->_raw_string; + } + + // Escapes special HTML chars ("<", ">", "&", etc.) to HTML entities. + private static function _escape_for_html($dirty_html) { + return html::specialchars($dirty_html); + } + + // Purifies the string, removing any potentially malicious or unsafe HTML / JavaScript. + private static function _purify_for_html($dirty_html) { + if (empty(self::$_purifier)) { + require_once(dirname(__file__) . "/../lib/HTMLPurifier/HTMLPurifier.auto.php"); + $config = HTMLPurifier_Config::createDefault(); + foreach (Kohana::config('purifier') as $category => $key_value) { + foreach ($key_value as $key => $value) { + $config->set("$category.$key", $value); + } + } + self::$_purifier = new HTMLPurifier($config); + } + return self::$_purifier->purify($dirty_html); + } +} diff --git a/modules/gallery/tests/File_Structure_Test.php b/modules/gallery/tests/File_Structure_Test.php index 8a97e00b..9018f4c6 100644 --- a/modules/gallery/tests/File_Structure_Test.php +++ b/modules/gallery/tests/File_Structure_Test.php @@ -177,10 +177,20 @@ class File_Structure_Test extends Unit_Test_Case { new GalleryCodeFilterIterator( new RecursiveIteratorIterator( new RecursiveDirectoryIterator(DOCROOT)))); + $errors = array(); foreach ($dir as $file) { - $this->assert_false( - preg_match('/\t/', file_get_contents($file)), - "{$file->getPathname()} has tabs in it"); + $file_as_string = file_get_contents($file); + if (preg_match('/\t/', $file_as_string)) { + foreach (split("\n", $file_as_string) as $l => $line) { + if (preg_match('/\t/', $line)) { + $errors[] = "$file:$l has tab(s) ($line)"; + } + } + } + $file_as_string = null; + } + if ($errors) { + $this->assert_false(true, "tab(s) found:\n" . join("\n", $errors)); } } diff --git a/modules/gallery/tests/Html_Helper_Test.php b/modules/gallery/tests/Html_Helper_Test.php new file mode 100644 index 00000000..3623705e --- /dev/null +++ b/modules/gallery/tests/Html_Helper_Test.php @@ -0,0 +1,55 @@ +<?php defined("SYSPATH") or die("No direct script access."); +/** + * Gallery - a web based photo album viewer and editor + * Copyright (C) 2000-2009 Bharat Mediratta + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or (at + * your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. + */ +class Html_Helper_Test extends Unit_Test_Case { + public function clean_test() { + $safe_string = html::clean("hello <p >world</p>"); + $this->assert_equal("hello <p >world</p>", + $safe_string); + $this->assert_true($safe_string instanceof SafeString); + } + + public function purify_test() { + $safe_string = html::purify("hello <p >world</p>"); + $this->assert_equal("hello <p>world</p>", + $safe_string); + $this->assert_true($safe_string instanceof SafeString); + } + + public function mark_safe_test() { + $safe_string = html::mark_safe("hello <p >world</p>"); + $this->assert_true($safe_string instanceof SafeString); + $safe_string_2 = html::clean($safe_string); + $this->assert_equal("hello <p >world</p>", + $safe_string_2); + } + + public function js_string_test() { + $string = html::js_string("hello's <p >world</p>"); + $this->assert_equal('"hello\'s <p >world<\\/p>"', + $string); + } + + public function clean_attribute_test() { + $safe_string = SafeString::of_safe_html("hello's <p >world</p>"); + $safe_string = html::clean_attribute($safe_string); + $this->assert_equal("hello's <p >world</p>", + $safe_string); + } +}
\ No newline at end of file diff --git a/modules/gallery/tests/SafeString_Test.php b/modules/gallery/tests/SafeString_Test.php new file mode 100644 index 00000000..0895b7dd --- /dev/null +++ b/modules/gallery/tests/SafeString_Test.php @@ -0,0 +1,121 @@ +<?php defined("SYSPATH") or die("No direct script access."); +/** + * Gallery - a web based photo album viewer and editor + * Copyright (C) 2000-2009 Bharat Mediratta + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or (at + * your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. + */ +class SafeString_Test extends Unit_Test_Case { + public function toString_escapes_for_html_test() { + $safe_string = new SafeString("hello <p>world</p>"); + $this->assert_equal("hello <p>world</p>", + $safe_string); + } + + public function toString_for_safe_string_test() { + $safe_string = SafeString::of_safe_html("hello <p>world</p>"); + $this->assert_equal("hello <p>world</p>", + $safe_string); + } + + public function for_html_test() { + $safe_string = new SafeString("hello <p>world</p>"); + $this->assert_equal("hello <p>world</p>", + $safe_string->for_html()); + } + + public function safestring_of_safestring_test() { + $safe_string = new SafeString("hello <p>world</p>"); + $safe_string_2 = new SafeString($safe_string); + $this->assert_true($safe_string_2 instanceof SafeString); + $raw_string = $safe_string_2->unescaped(); + $this->assert_false(is_object($raw_string)); + $this->assert_equal("hello <p>world</p>", $raw_string); + $this->assert_equal("hello <p>world</p>", $safe_string_2); + } + + public function for_js_test() { + $safe_string = new SafeString('"<em>Foo</em>\'s bar"'); + $js_string = $safe_string->for_js(); + $this->assert_equal('"\\"<em>Foo<\\/em>\'s bar\\""', + $js_string); + } + + public function for_html_attr_test() { + $safe_string = new SafeString('"<em>Foo</em>\'s bar"'); + $attr_string = $safe_string->for_html_attr(); + $this->assert_equal('"<em>Foo</em>'s bar"', + $attr_string); + } + + public function for_html_attr_with_safe_html_test() { + $safe_string = SafeString::of_safe_html('"<em>Foo</em>\'s bar"'); + $attr_string = $safe_string->for_html_attr(); + $this->assert_equal('"<em>Foo</em>'s bar"', + $attr_string); + } + + public function string_safestring_equality_test() { + $safe_string = new SafeString("hello <p>world</p>"); + $this->assert_equal("hello <p>world</p>", + $safe_string->unescaped()); + $escaped_string = "hello <p>world</p>"; + $this->assert_equal($escaped_string, $safe_string); + + $this->assert_true($escaped_string == $safe_string); + $this->assert_false($escaped_string === $safe_string); + $this->assert_false("meow" == $safe_string); + } + + public function of_test() { + $safe_string = SafeString::of("hello <p>world</p>"); + $this->assert_equal("hello <p>world</p>", $safe_string->unescaped()); + } + + public function of_safe_html_test() { + $safe_string = SafeString::of_safe_html("hello <p>world</p>"); + $this->assert_equal("hello <p>world</p>", $safe_string->for_html()); + } + + public function purify_test() { + $safe_string = SafeString::purify("hello <p >world</p>"); + $this->assert_equal("hello <p>world</p>", $safe_string); + } + + public function of_fluid_api_test() { + $escaped_string = SafeString::of("Foo's bar")->for_js(); + $this->assert_equal('"Foo\'s bar"', $escaped_string); + } + + public function safestring_of_safestring_preserves_safe_status_test() { + $safe_string = SafeString::of_safe_html("hello's <p>world</p>"); + $safe_string_2 = new SafeString($safe_string); + $this->assert_equal("hello's <p>world</p>", $safe_string_2); + $this->assert_equal('"hello\'s <p>world<\\/p>"', $safe_string_2->for_js()); + } + + public function safestring_of_safestring_preserves_html_safe_status_test() { + $safe_string = SafeString::of_safe_html("hello's <p>world</p>"); + $safe_string_2 = new SafeString($safe_string); + $this->assert_equal("hello's <p>world</p>", $safe_string_2); + $this->assert_equal('"hello\'s <p>world<\\/p>"', $safe_string_2->for_js()); + } + + public function safestring_of_safestring_safe_status_override_test() { + $safe_string = new SafeString("hello <p>world</p>"); + $safe_string_2 = SafeString::of_safe_html($safe_string); + $this->assert_equal("hello <p>world</p>", $safe_string_2); + } +} diff --git a/modules/gallery/tests/Xss_Security_Test.php b/modules/gallery/tests/Xss_Security_Test.php index 9bde11dc..6c141c52 100644 --- a/modules/gallery/tests/Xss_Security_Test.php +++ b/modules/gallery/tests/Xss_Security_Test.php @@ -19,87 +19,336 @@ */ class Xss_Security_Test extends Unit_Test_Case { public function find_unescaped_variables_in_views_test() { + $found = array(); foreach (glob("*/*/views/*.php") as $view) { - $expr = null; - $level = 0; - $php = 0; - $str = null; - $in_p_clean = 0; + // List of all tokens without whitespace, simplifying parsing. + $tokens = array(); foreach (token_get_all(file_get_contents($view)) as $token) { - if (false /* useful for debugging */) { - if (is_array($token)) { - printf("[$str] [$in_p_clean] %-15s %s\n", token_name($token[0]), $token[1]); - } else { - printf("[$str] [$in_p_clean] %-15s %s\n", "<char>", $token); - } + if (!is_array($token) || ($token[0] != T_WHITESPACE)) { + $tokens[] = $token; } + } - // If we find a "(" after a "p::clean" then start counting levels of parens and assume - // that we're inside a p::clean() call until we find the matching close paren. - if ($token[0] == "(" && ($str == "p::clean" || $str == "p::purify")) { - $in_p_clean = 1; - } else if ($token[0] == "(" && $in_p_clean) { - $in_p_clean++; - } else if ($token[0] == ")" && $in_p_clean) { - $in_p_clean--; - } + $frame = null; + $script_block = 0; + $in_script_block = false; - // Concatenate runs of strings for convenience, which we use above to figure out if we're - // inside a p::clean() call or not - if ($token[0] == T_STRING || $token[0] == T_DOUBLE_COLON) { - $str .= $token[1]; - } else { - $str = null; + for ($token_number = 0; $token_number < count($tokens); $token_number++) { + $token = $tokens[$token_number]; + + // Are we in a <script> ... </script> block? + if (is_array($token) && $token[0] == T_INLINE_HTML) { + $inline_html = $token[1]; + // T_INLINE_HTML blocks can be split. Need to handle the case + // where one token has "<scr" and the next has "ipt" + while (self::_token_matches(array(T_INLINE_HTML), $tokens, $token_number + 1)) { + $token_number++; + $token = $tokens[$token_number]; + $inline_html .= $token[1]; + } + + if ($frame) { + $frame->expr_append($inline_html); + } + + // Note: This approach won't catch <script src="..."> blocks if the src + // URL is generated via < ? = url::site() ? > or some other PHP. + // Assume that all such script blocks with a src URL have an + // empty element body. + // But we'll catch closing tags for such blocks, so don't keep track + // of opening / closing tag count since it would be meaningless. + + // Handle multiple start / end blocks on the same line? + $opening_script_pos = $closing_script_pos = 0; + if (preg_match_all('{</script>}i', $inline_html, $matches, PREG_OFFSET_CAPTURE)) { + $last_match = array_pop($matches[0]); + if (is_array($last_match)) { + $closing_script_pos = $last_match[1]; + } else { + $closing_script_pos = $last_match; + } + } + if (preg_match('{<script\b[^>]*>}i', $inline_html, $matches, PREG_OFFSET_CAPTURE)) { + $last_match = array_pop($matches[0]); + if (is_array($last_match)) { + $opening_script_pos = $last_match[1]; + } else { + $opening_script_pos = $last_match; + } + } + if ($opening_script_pos != $closing_script_pos) { + $in_script_block = $opening_script_pos > $closing_script_pos; + } } - // Scan for any occurrences of < ? = $variable ? > and store it in $expr - if ($token[0] == T_OPEN_TAG_WITH_ECHO) { - $php++; - } else if ($php && $token[0] == T_CLOSE_TAG) { - $php--; - } else if ($php && $token[0] == T_VARIABLE) { - if (!$expr) { - $entry = array($token[2], $in_p_clean); + // Look and report each instance of < ? = ... ? > + if (!is_array($token)) { + // A single char token, e.g: ; ( ) + if ($frame) { + $frame->expr_append($token); + } + } else if ($token[0] == T_OPEN_TAG_WITH_ECHO) { + // No need for a stack here - assume < ? = cannot be nested. + $frame = self::_create_frame($token, $in_script_block); + } else if ($frame && $token[0] == T_CLOSE_TAG) { + // Store the < ? = ... ? > block that just ended here. + $found[$view][] = $frame; + $frame = null; + } else if ($frame && $token[0] == T_VARIABLE) { + $frame->expr_append($token[1]); + if ($token[1] == '$theme') { + if (self::_token_matches(array(T_OBJECT_OPERATOR, "->"), $tokens, $token_number + 1) && + self::_token_matches(array(T_STRING), $tokens, $token_number + 2) && + in_array($tokens[$token_number + 2][1], + array("thumb_proportion", "site_menu", "album_menu", "tag_menu", "photo_menu", + "context_menu", "pager", "site_status", "messages", "album_blocks", + "album_bottom", "album_top", "body_attributes", "credits", + "dynamic_bottom", "dynamic_top", "footer", "head", "header_bottom", + "header_top", "page_bottom", "page_top", "photo_blocks", "photo_bottom", + "photo_top", "resize_bottom", "resize_top", "sidebar_blocks", "sidebar_bottom", + "sidebar_top", "thumb_bottom", "thumb_info", "thumb_top")) && + self::_token_matches("(", $tokens, $token_number + 3)) { + + $method = $tokens[$token_number + 2][1]; + $frame->expr_append("->$method("); + + $token_number += 3; + $token = $tokens[$token_number]; + + $frame->is_safe_html(true); + } else if (self::_token_matches(array(T_OBJECT_OPERATOR, "->"), $tokens, $token_number + 1) && + self::_token_matches(array(T_STRING), $tokens, $token_number + 2) && + in_array($tokens[$token_number + 2][1], + array("css", "script", "url")) && + self::_token_matches("(", $tokens, $token_number + 3) && + // Only allow constant strings here + self::_token_matches(array(T_CONSTANT_ENCAPSED_STRING), $tokens, $token_number + 4)) { + + $method = $tokens[$token_number + 2][1]; + $frame->expr_append("->$method("); + + $token_number += 4; + $token = $tokens[$token_number]; + + $frame->is_safe_html(true); + } } - $expr .= $token[1]; - } else if ($expr) { - if ($token[0] == T_OBJECT_OPERATOR) { - $expr .= $token[1]; - } else if ($token[0] == T_STRING) { - $expr .= $token[1]; - } else if ($token == "(") { - $expr .= $token; - $level++; - } else if ($level > 0 && $token == ")") { - $expr .= $token; - $level--; - } else if ($level > 0) { - $expr .= is_array($token) ? $token[1] : $token; - } else { - $entry[] = $expr; - $found[$view][] = $entry; - $expr = null; - $entry = null; + } else if ($frame && $token[0] == T_STRING) { + $frame->expr_append($token[1]); + // t() and t2() are special in that they're guaranteed to return a SafeString(). + if (in_array($token[1], array("t", "t2"))) { + if (self::_token_matches("(", $tokens, $token_number + 1)) { + $frame->is_safe_html(true); + $frame->expr_append("("); + + $token_number++; + $token = $tokens[$token_number]; + } + } else if ($token[1] == "SafeString") { + // Looking for SafeString::of(... + if (self::_token_matches(array(T_DOUBLE_COLON, "::"), $tokens, $token_number + 1) && + self::_token_matches(array(T_STRING), $tokens, $token_number + 2) && + in_array($tokens[$token_number + 2][1], array("of", "purify")) && + self::_token_matches("(", $tokens, $token_number + 3)) { + // Not checking for of_safe_html(). We want such calls to be marked dirty (thus reviewed). + + $frame->is_safe_html(true); + + $method = $tokens[$token_number + 2][1]; + $frame->expr_append("::$method("); + + $token_number += 3; + $token = $tokens[$token_number]; + } + } else if ($token[1] == "json_encode") { + if (self::_token_matches("(", $tokens, $token_number + 1)) { + $frame->is_safe_js(true); + $frame->expr_append("("); + + $token_number++; + $token = $tokens[$token_number]; + } + } else if ($token[1] == "url") { + // url methods return safe HTML + if (self::_token_matches(array(T_DOUBLE_COLON, "::"), $tokens, $token_number + 1) && + self::_token_matches(array(T_STRING), $tokens, $token_number + 2) && + in_array($tokens[$token_number + 2][1], + array("site", "current", "base", "file", "abs_site", "abs_current", + "abs_file", "merge")) && + self::_token_matches("(", $tokens, $token_number + 3)) { + $frame->is_safe_html(true); + + $method = $tokens[$token_number + 2][1]; + $frame->expr_append("::$method("); + + $token_number += 3; + $token = $tokens[$token_number]; + } + } else if ($token[1] == "html") { + if (self::_token_matches(array(T_DOUBLE_COLON, "::"), $tokens, $token_number + 1) && + self::_token_matches(array(T_STRING), $tokens, $token_number + 2) && + in_array($tokens[$token_number + 2][1], + array("clean", "purify", "js_string", "clean_attribute")) && + self::_token_matches("(", $tokens, $token_number + 3)) { + // Not checking for mark_safe(). We want such calls to be marked dirty (thus reviewed). + + $method = $tokens[$token_number + 2][1]; + $frame->expr_append("::$method("); + + $token_number += 3; + $token = $tokens[$token_number]; + + if ("js_string" == $method) { + $frame->is_safe_js(true); + } else { + $frame->is_safe_html(true); + } + } + } + } else if ($frame && $token[0] == T_OBJECT_OPERATOR) { + $frame->expr_append($token[1]); + + if (self::_token_matches(array(T_STRING), $tokens, $token_number + 1) && + in_array($tokens[$token_number + 1][1], + array("for_js", "for_html", "purified_html", "for_html_attr")) && + self::_token_matches("(", $tokens, $token_number + 2)) { + $method = $tokens[$token_number + 1][1]; + $frame->expr_append("$method("); + + $token_number += 2; + $token = $tokens[$token_number]; + + if ("for_js" == $method) { + $frame->is_safe_js(true); + } else { + $frame->is_safe_html(true); + } } + } else if ($frame) { + $frame->expr_append($token[1]); } } } - $canonical = MODPATH . "gallery/tests/xss_data.txt"; + /* + * Generate the report + * + * States for uses of < ? = X ? >: + * DIRTY_JS: + * In <script> block + * X can be anything without calling ->for_js() + * DIRTY: + * Outside <script> block: + * X can be anything without a call to ->for_html() or ->purified_html() + * CLEAN: + * Outside <script> block: + * X = is SafeString (t(), t2(), url::site()) + * X = * and for_html() or purified_html() is called + * Inside <script> block: + * X = * with ->for_js() or json_encode(...) + */ $new = TMPPATH . "xss_data.txt"; $fd = fopen($new, "wb"); ksort($found); - foreach ($found as $view => $entries) { - foreach ($entries as $entry) { - fwrite($fd, - sprintf("%-60s %-3s %-5s %s\n", - $view, $entry[0], $entry[1] ? "" : "DIRTY", $entry[2])); + foreach ($found as $view => $frames) { + foreach ($frames as $frame) { + $state = "DIRTY"; + if ($frame->in_script_block()) { + $state = "DIRTY_JS"; + if ($frame->is_safe_js()) { + $state = "CLEAN"; + } + } else { + if ($frame->is_safe_html()) { + $state = "CLEAN"; + } + } + + if ("CLEAN" == $state) { + // Don't print CLEAN instances - No need to update the golden + // file when adding / moving clean instances. + continue; + } + + fprintf($fd, "%-60s %-3s %-8s %s\n", + $view, $frame->line(), $state, $frame->expr()); } } fclose($fd); + // Compare with the expected report from our golden file. + $canonical = MODPATH . "gallery/tests/xss_data.txt"; exec("diff $canonical $new", $output, $return_value); $this->assert_false( - $return_value, "XSS golden file mismatch. Output:\n" . implode("\n", $output) ); + $return_value, "XSS golden file mismatch. Output:\n" . implode("\n", $output) ); + } + + private static function _create_frame($token, $in_script_block) { + return new Xss_Security_Test_Frame($token[2], $in_script_block); + } + + private static function _token_matches($expected_token, &$tokens, $token_number) { + if (!isset($tokens[$token_number])) { + return false; + } + + $token = $tokens[$token_number]; + + if (is_array($expected_token)) { + for ($i = 0; $i < count($expected_token); $i++) { + if ($expected_token[$i] != $token[$i]) { + return false; + } + } + return true; + } else { + return $expected_token == $token; + } + } +} + +class Xss_Security_Test_Frame { + private $_expr = ""; + private $_in_script_block = false; + private $_is_safe_html = false; + private $_is_safe_js = false; + private $_line; + + function __construct($line_number, $in_script_block) { + $this->_line = $line_number; + $this->in_script_block($in_script_block); + } + + function expr() { + return $this->_expr; + } + + function expr_append($append_value) { + return $this->_expr .= $append_value; + } + + function in_script_block($new_val=NULL) { + if ($new_val !== NULL) { + $this->_in_script_block = (bool) $new_val; + } + return $this->_in_script_block; + } + + function is_safe_html($new_val=NULL) { + if ($new_val !== NULL) { + $this->_is_safe_html = (bool) $new_val; + } + return $this->_is_safe_html; + } + + function is_safe_js($new_val=NULL) { + if ($new_val !== NULL) { + $this->_is_safe_js = (bool) $new_val; + } + return $this->_is_safe_js; + } + + function line() { + return $this->_line; } } diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt index 0e118ce7..de37d11e 100644 --- a/modules/gallery/tests/xss_data.txt +++ b/modules/gallery/tests/xss_data.txt @@ -1,647 +1,322 @@ -modules/akismet/views/admin_akismet.html.php 14 DIRTY $form -modules/akismet/views/admin_akismet_stats.html.php 9 DIRTY $api_key -modules/akismet/views/admin_akismet_stats.html.php 9 DIRTY $blog_url -modules/comment/views/admin_block_recent_comments.html.php 4 DIRTY $i -modules/comment/views/admin_block_recent_comments.html.php 5 DIRTY $comment->author()->avatar_url(32, $theme->url("images/avatar.jpg", true)) -modules/comment/views/admin_block_recent_comments.html.php 7 $comment->author_name() -modules/comment/views/admin_block_recent_comments.html.php 10 DIRTY $comment->created -modules/comment/views/admin_block_recent_comments.html.php 12 $comment->author_name() -modules/comment/views/admin_block_recent_comments.html.php 13 $comment->text -modules/comment/views/admin_comments.html.php 4 DIRTY $csrf -modules/comment/views/admin_comments.html.php 15 DIRTY $csrf -modules/comment/views/admin_comments.html.php 42 DIRTY $menu -modules/comment/views/admin_comments.html.php 65 DIRTY $spam_caught -modules/comment/views/admin_comments.html.php 72 DIRTY $counts->spam -modules/comment/views/admin_comments.html.php 75 DIRTY $csrf -modules/comment/views/admin_comments.html.php 106 DIRTY $comment->id -modules/comment/views/admin_comments.html.php 106 DIRTY $i -modules/comment/views/admin_comments.html.php 109 DIRTY $comment->author()->avatar_url(40, $theme->url("images/avatar.jpg", true)) -modules/comment/views/admin_comments.html.php 111 $comment->author_name() -modules/comment/views/admin_comments.html.php 115 $comment->author_email() -modules/comment/views/admin_comments.html.php 116 $comment->author_email() -modules/comment/views/admin_comments.html.php 116 $comment->author_name() -modules/comment/views/admin_comments.html.php 122 DIRTY $item->url() -modules/comment/views/admin_comments.html.php 124 DIRTY $item->thumb_url() -modules/comment/views/admin_comments.html.php 125 $item->title -modules/comment/views/admin_comments.html.php 126 DIRTY $item->thumb_width -modules/comment/views/admin_comments.html.php 126 DIRTY $item->thumb_height -modules/comment/views/admin_comments.html.php 134 DIRTY $comment->created -modules/comment/views/admin_comments.html.php 135 $comment->text -modules/comment/views/admin_comments.html.php 141 DIRTY $comment->id -modules/comment/views/admin_comments.html.php 150 DIRTY $comment->id -modules/comment/views/admin_comments.html.php 159 DIRTY $comment->id -modules/comment/views/admin_comments.html.php 168 DIRTY $comment->id -modules/comment/views/admin_comments.html.php 175 DIRTY $comment->id -modules/comment/views/admin_comments.html.php 183 DIRTY $comment->id -modules/comment/views/admin_comments.html.php 196 DIRTY $pager -modules/comment/views/comment.html.php 2 DIRTY $comment->id -modules/comment/views/comment.html.php 5 DIRTY $comment->author()->avatar_url(40, $theme->url("images/avatar.jpg", true)) -modules/comment/views/comment.html.php 7 $comment->author_name() -modules/comment/views/comment.html.php 12 DIRTY $comment->created -modules/comment/views/comment.html.php 13 $comment->author_name() -modules/comment/views/comment.html.php 16 $comment->text -modules/comment/views/comment.mrss.php 9 $feed->title -modules/comment/views/comment.mrss.php 10 DIRTY $feed->uri -modules/comment/views/comment.mrss.php 11 $feed->description -modules/comment/views/comment.mrss.php 13 DIRTY $feed->uri -modules/comment/views/comment.mrss.php 16 DIRTY $feed->previous_page_uri -modules/comment/views/comment.mrss.php 19 DIRTY $feed->next_page_uri -modules/comment/views/comment.mrss.php 21 DIRTY $pub_date -modules/comment/views/comment.mrss.php 22 DIRTY $pub_date -modules/comment/views/comment.mrss.php 25 $child->title -modules/comment/views/comment.mrss.php 26 $child->item_uri -modules/comment/views/comment.mrss.php 27 $child->author -modules/comment/views/comment.mrss.php 28 DIRTY $child->item_uri -modules/comment/views/comment.mrss.php 29 DIRTY $child->pub_date -modules/comment/views/comment.mrss.php 32 $child->text -modules/comment/views/comment.mrss.php 34 DIRTY $child->thumb_url -modules/comment/views/comment.mrss.php 35 DIRTY $child->thumb_height -modules/comment/views/comment.mrss.php 35 DIRTY $child->thumb_width -modules/comment/views/comments.html.php 10 DIRTY $comment->id -modules/comment/views/comments.html.php 13 DIRTY $comment->author()->avatar_url(40, $theme->url("images/avatar.jpg", true)) -modules/comment/views/comments.html.php 15 $comment->author_name() -modules/comment/views/comments.html.php 20 DIRTY $comment->created -modules/comment/views/comments.html.php 21 $comment->author_name() -modules/comment/views/comments.html.php 24 $comment->text -modules/digibug/views/digibug_form.html.php 5 DIRTY $order_parms -modules/exif/views/exif_dialog.html.php 14 DIRTY $details -modules/exif/views/exif_dialog.html.php 14 DIRTY $i -modules/exif/views/exif_dialog.html.php 17 $details -modules/exif/views/exif_dialog.html.php 17 $i -modules/exif/views/exif_dialog.html.php 21 DIRTY $details -modules/exif/views/exif_dialog.html.php 21 DIRTY $i -modules/exif/views/exif_dialog.html.php 24 $details -modules/exif/views/exif_dialog.html.php 24 $i -modules/exif/views/exif_sidebar.html.php 2 DIRTY $item->id -modules/g2_import/views/admin_g2_import.html.php 28 DIRTY $form -modules/g2_import/views/admin_g2_import.html.php 40 DIRTY $g2_sizes -modules/g2_import/views/admin_g2_import.html.php 41 DIRTY $thumb_size -modules/g2_import/views/admin_g2_import.html.php 49 DIRTY $g2_sizes -modules/g2_import/views/admin_g2_import.html.php 50 DIRTY $resize_size -modules/g2_import/views/admin_g2_import.html.php 62 DIRTY $g2_stats -modules/g2_import/views/admin_g2_import.html.php 65 DIRTY $g2_stats -modules/g2_import/views/admin_g2_import.html.php 68 DIRTY $g2_stats -modules/g2_import/views/admin_g2_import.html.php 71 DIRTY $g2_stats -modules/g2_import/views/admin_g2_import.html.php 74 DIRTY $g2_stats -modules/g2_import/views/admin_g2_import.html.php 77 DIRTY $g2_stats -modules/g2_import/views/admin_g2_import.html.php 81 DIRTY $g2_stats -modules/g2_import/views/admin_g2_import.html.php 88 DIRTY $csrf -modules/gallery/views/admin_advanced_settings.html.php 22 DIRTY $var->module_name -modules/gallery/views/admin_advanced_settings.html.php 23 $var->name -modules/gallery/views/admin_advanced_settings.html.php 25 DIRTY $var->module_name -modules/gallery/views/admin_advanced_settings.html.php 25 $var->name -modules/gallery/views/admin_advanced_settings.html.php 27 $var->name -modules/gallery/views/admin_advanced_settings.html.php 27 DIRTY $var->module_name -modules/gallery/views/admin_advanced_settings.html.php 29 $var->value -modules/gallery/views/admin_block_log_entries.html.php 4 DIRTY $entry->severity -modules/gallery/views/admin_block_log_entries.html.php 5 DIRTY $entry->user_id -modules/gallery/views/admin_block_log_entries.html.php 5 $entry->user->name -modules/gallery/views/admin_block_log_entries.html.php 6 DIRTY $entry->timestamp -modules/gallery/views/admin_block_log_entries.html.php 7 DIRTY $entry->message -modules/gallery/views/admin_block_log_entries.html.php 8 DIRTY $entry->html -modules/gallery/views/admin_block_news.html.php 5 DIRTY $entry -modules/gallery/views/admin_block_news.html.php 5 DIRTY $entry -modules/gallery/views/admin_block_news.html.php 7 DIRTY $entry -modules/gallery/views/admin_block_photo_stream.html.php 5 DIRTY $photo->id -modules/gallery/views/admin_block_photo_stream.html.php 5 $photo->title -modules/gallery/views/admin_block_photo_stream.html.php 6 DIRTY $photo->width -modules/gallery/views/admin_block_photo_stream.html.php 6 DIRTY $photo->height -modules/gallery/views/admin_block_photo_stream.html.php 7 DIRTY $photo->thumb_url() -modules/gallery/views/admin_block_photo_stream.html.php 7 $photo->title -modules/gallery/views/admin_block_platform.html.php 19 DIRTY $load_average -modules/gallery/views/admin_block_stats.html.php 7 DIRTY $album_count -modules/gallery/views/admin_block_stats.html.php 10 DIRTY $photo_count -modules/gallery/views/admin_dashboard.html.php 5 DIRTY $csrf -modules/gallery/views/admin_dashboard.html.php 35 DIRTY $blocks -modules/gallery/views/admin_graphics.html.php 6 DIRTY $csrf -modules/gallery/views/admin_graphics.html.php 21 DIRTY $active -modules/gallery/views/admin_graphics.html.php 25 DIRTY $available -modules/gallery/views/admin_graphics_gd.html.php 2 DIRTY $is_active -modules/gallery/views/admin_graphics_gd.html.php 2 DIRTY $tk->gd -modules/gallery/views/admin_graphics_gd.html.php 11 DIRTY $tk->gd -modules/gallery/views/admin_graphics_gd.html.php 19 DIRTY $tk->gd -modules/gallery/views/admin_graphics_graphicsmagick.html.php 2 DIRTY $is_active -modules/gallery/views/admin_graphics_graphicsmagick.html.php 2 DIRTY $tk->graphicsmagick -modules/gallery/views/admin_graphics_graphicsmagick.html.php 11 DIRTY $tk->graphicsmagick -modules/gallery/views/admin_graphics_imagemagick.html.php 2 DIRTY $is_active -modules/gallery/views/admin_graphics_imagemagick.html.php 2 DIRTY $tk->imagemagick -modules/gallery/views/admin_graphics_imagemagick.html.php 11 DIRTY $tk->imagemagick -modules/gallery/views/admin_languages.html.php 5 DIRTY $settings_form -modules/gallery/views/admin_languages.html.php 8 DIRTY $csrf -modules/gallery/views/admin_languages.html.php 14 DIRTY $share_translations_form -modules/gallery/views/admin_maintenance.html.php 23 DIRTY $task->severity -modules/gallery/views/admin_maintenance.html.php 25 DIRTY $task->name -modules/gallery/views/admin_maintenance.html.php 28 DIRTY $task->description -modules/gallery/views/admin_maintenance.html.php 31 DIRTY $task->callback -modules/gallery/views/admin_maintenance.html.php 31 DIRTY $csrf -modules/gallery/views/admin_maintenance.html.php 44 DIRTY $csrf -modules/gallery/views/admin_maintenance.html.php 70 DIRTY $task->state -modules/gallery/views/admin_maintenance.html.php 72 DIRTY $task->updated -modules/gallery/views/admin_maintenance.html.php 75 DIRTY $task->name -modules/gallery/views/admin_maintenance.html.php 86 DIRTY $task->percent_complete -modules/gallery/views/admin_maintenance.html.php 90 DIRTY $task->status -modules/gallery/views/admin_maintenance.html.php 93 $task->owner()->name -modules/gallery/views/admin_maintenance.html.php 98 DIRTY $task->id -modules/gallery/views/admin_maintenance.html.php 98 DIRTY $csrf -modules/gallery/views/admin_maintenance.html.php 102 DIRTY $task->id -modules/gallery/views/admin_maintenance.html.php 102 DIRTY $csrf -modules/gallery/views/admin_maintenance.html.php 115 DIRTY $csrf -modules/gallery/views/admin_maintenance.html.php 142 DIRTY $task->state -modules/gallery/views/admin_maintenance.html.php 144 DIRTY $task->updated -modules/gallery/views/admin_maintenance.html.php 147 DIRTY $task->name -modules/gallery/views/admin_maintenance.html.php 159 DIRTY $task->status -modules/gallery/views/admin_maintenance.html.php 162 DIRTY $task->owner()->name -modules/gallery/views/admin_maintenance.html.php 166 DIRTY $task->id -modules/gallery/views/admin_maintenance.html.php 166 DIRTY $csrf -modules/gallery/views/admin_maintenance.html.php 170 DIRTY $task->id -modules/gallery/views/admin_maintenance.html.php 170 DIRTY $csrf -modules/gallery/views/admin_maintenance.html.php 175 DIRTY $task->id -modules/gallery/views/admin_maintenance.html.php 175 DIRTY $csrf -modules/gallery/views/admin_maintenance.html.php 178 DIRTY $task->id -modules/gallery/views/admin_maintenance.html.php 178 DIRTY $csrf -modules/gallery/views/admin_maintenance_show_log.html.php 8 DIRTY $task->id -modules/gallery/views/admin_maintenance_show_log.html.php 8 DIRTY $csrf -modules/gallery/views/admin_maintenance_show_log.html.php 13 DIRTY $task->name -modules/gallery/views/admin_maintenance_show_log.html.php 15 $task->get_log() -modules/gallery/views/admin_maintenance_task.html.php 30 DIRTY $task->id -modules/gallery/views/admin_maintenance_task.html.php 30 DIRTY $csrf -modules/gallery/views/admin_maintenance_task.html.php 54 DIRTY $task->name -modules/gallery/views/admin_modules.html.php 19 DIRTY $i -modules/gallery/views/admin_modules.html.php 22 DIRTY $data -modules/gallery/views/admin_modules.html.php 22 DIRTY $module_name -modules/gallery/views/admin_modules.html.php 23 DIRTY $module_info->name -modules/gallery/views/admin_modules.html.php 24 DIRTY $module_info->version -modules/gallery/views/admin_modules.html.php 25 DIRTY $module_info->description -modules/gallery/views/admin_theme_options.html.php 5 DIRTY $form -modules/gallery/views/admin_themes.html.php 5 DIRTY $csrf -modules/gallery/views/admin_themes.html.php 18 DIRTY $site -modules/gallery/views/admin_themes.html.php 19 DIRTY $themes -modules/gallery/views/admin_themes.html.php 19 DIRTY $site -modules/gallery/views/admin_themes.html.php 20 DIRTY $themes -modules/gallery/views/admin_themes.html.php 20 DIRTY $site -modules/gallery/views/admin_themes.html.php 22 DIRTY $themes -modules/gallery/views/admin_themes.html.php 22 DIRTY $site -modules/gallery/views/admin_themes.html.php 33 DIRTY $id -modules/gallery/views/admin_themes.html.php 33 DIRTY $info->name -modules/gallery/views/admin_themes.html.php 34 DIRTY $id -modules/gallery/views/admin_themes.html.php 35 DIRTY $info->name -modules/gallery/views/admin_themes.html.php 36 DIRTY $info->name -modules/gallery/views/admin_themes.html.php 38 DIRTY $info->description -modules/gallery/views/admin_themes.html.php 56 DIRTY $admin -modules/gallery/views/admin_themes.html.php 57 DIRTY $themes -modules/gallery/views/admin_themes.html.php 57 DIRTY $admin -modules/gallery/views/admin_themes.html.php 58 DIRTY $themes -modules/gallery/views/admin_themes.html.php 58 DIRTY $admin -modules/gallery/views/admin_themes.html.php 60 DIRTY $themes -modules/gallery/views/admin_themes.html.php 60 DIRTY $admin -modules/gallery/views/admin_themes.html.php 71 DIRTY $id -modules/gallery/views/admin_themes.html.php 71 DIRTY $info->name -modules/gallery/views/admin_themes.html.php 72 DIRTY $id -modules/gallery/views/admin_themes.html.php 73 DIRTY $info->name -modules/gallery/views/admin_themes.html.php 74 DIRTY $info->name -modules/gallery/views/admin_themes.html.php 76 DIRTY $info->description -modules/gallery/views/admin_themes_preview.html.php 3 DIRTY $type -modules/gallery/views/admin_themes_preview.html.php 3 DIRTY $theme_name -modules/gallery/views/admin_themes_preview.html.php 3 DIRTY $csrf -modules/gallery/views/admin_themes_preview.html.php 4 DIRTY $info->name -modules/gallery/views/admin_themes_preview.html.php 7 DIRTY $url -modules/gallery/views/after_install.html.php 11 $user->name -modules/gallery/views/after_install.html.php 15 DIRTY $user->id -modules/gallery/views/kohana_error_page.php 102 DIRTY $message -modules/gallery/views/kohana_error_page.php 104 DIRTY $file -modules/gallery/views/kohana_error_page.php 104 DIRTY $line -modules/gallery/views/kohana_error_page.php 116 DIRTY $trace -modules/gallery/views/kohana_profiler.php 32 DIRTY $profile->render() -modules/gallery/views/kohana_profiler.php 34 DIRTY $execution_time -modules/gallery/views/l10n_client.html.php 17 DIRTY $string -modules/gallery/views/l10n_client.html.php 19 DIRTY $string -modules/gallery/views/l10n_client.html.php 20 DIRTY $string -modules/gallery/views/l10n_client.html.php 22 DIRTY $string -modules/gallery/views/l10n_client.html.php 28 DIRTY $l10n_search_form -modules/gallery/views/l10n_client.html.php 74 DIRTY $string_list -modules/gallery/views/l10n_client.html.php 75 DIRTY $plural_forms -modules/gallery/views/move_browse.html.php 4 DIRTY $source->id -modules/gallery/views/move_browse.html.php 39 DIRTY $tree -modules/gallery/views/move_browse.html.php 42 DIRTY $source->id -modules/gallery/views/move_tree.html.php 2 DIRTY $parent->thumb_img(array(), 25) -modules/gallery/views/move_tree.html.php 4 DIRTY $parent->id -modules/gallery/views/move_tree.html.php 4 $parent->title -modules/gallery/views/move_tree.html.php 6 DIRTY $parent->id -modules/gallery/views/move_tree.html.php 6 $parent->title -modules/gallery/views/move_tree.html.php 8 DIRTY $parent->id -modules/gallery/views/move_tree.html.php 10 DIRTY $child->id -modules/gallery/views/move_tree.html.php 11 DIRTY $child->thumb_img(array(), 25) -modules/gallery/views/move_tree.html.php 13 DIRTY $child->id -modules/gallery/views/move_tree.html.php 13 $child->title -modules/gallery/views/move_tree.html.php 15 DIRTY $child->id -modules/gallery/views/move_tree.html.php 15 $child->title -modules/gallery/views/movieplayer.html.php 2 DIRTY $item->file_url(true) -modules/gallery/views/movieplayer.html.php 2 DIRTY $attrs -modules/gallery/views/movieplayer.html.php 5 DIRTY $attrs -modules/gallery/views/permissions_browse.html.php 15 DIRTY $csrf -modules/gallery/views/permissions_browse.html.php 37 DIRTY $parent->id -modules/gallery/views/permissions_browse.html.php 38 $parent->title -modules/gallery/views/permissions_browse.html.php 40 DIRTY $parent->id -modules/gallery/views/permissions_browse.html.php 44 DIRTY $item->id -modules/gallery/views/permissions_browse.html.php 45 $item->title -modules/gallery/views/permissions_browse.html.php 47 DIRTY $item->id -modules/gallery/views/permissions_browse.html.php 48 DIRTY $form -modules/gallery/views/permissions_form.html.php 9 $group->name -modules/gallery/views/permissions_form.html.php 15 DIRTY $permission->display_name -modules/gallery/views/permissions_form.html.php 24 DIRTY $lock->id -modules/gallery/views/permissions_form.html.php 32 DIRTY $group->id -modules/gallery/views/permissions_form.html.php 32 DIRTY $permission->id -modules/gallery/views/permissions_form.html.php 32 DIRTY $item->id -modules/gallery/views/permissions_form.html.php 36 DIRTY $group->id -modules/gallery/views/permissions_form.html.php 36 DIRTY $permission->id -modules/gallery/views/permissions_form.html.php 36 DIRTY $item->id -modules/gallery/views/permissions_form.html.php 43 DIRTY $group->id -modules/gallery/views/permissions_form.html.php 43 DIRTY $permission->id -modules/gallery/views/permissions_form.html.php 43 DIRTY $item->id -modules/gallery/views/permissions_form.html.php 47 DIRTY $group->id -modules/gallery/views/permissions_form.html.php 47 DIRTY $permission->id -modules/gallery/views/permissions_form.html.php 47 DIRTY $item->id -modules/gallery/views/permissions_form.html.php 56 DIRTY $group->id -modules/gallery/views/permissions_form.html.php 56 DIRTY $permission->id -modules/gallery/views/permissions_form.html.php 56 DIRTY $item->id -modules/gallery/views/permissions_form.html.php 63 DIRTY $group->id -modules/gallery/views/permissions_form.html.php 63 DIRTY $permission->id -modules/gallery/views/permissions_form.html.php 63 DIRTY $item->id -modules/gallery/views/permissions_form.html.php 74 DIRTY $group->id -modules/gallery/views/permissions_form.html.php 74 DIRTY $permission->id -modules/gallery/views/permissions_form.html.php 74 DIRTY $item->id -modules/gallery/views/permissions_form.html.php 79 DIRTY $group->id -modules/gallery/views/permissions_form.html.php 79 DIRTY $permission->id -modules/gallery/views/permissions_form.html.php 79 DIRTY $item->id -modules/gallery/views/quick_pane.html.php 3 DIRTY $button->class -modules/gallery/views/quick_pane.html.php 3 DIRTY $button->href -modules/gallery/views/quick_pane.html.php 4 DIRTY $button->title -modules/gallery/views/quick_pane.html.php 5 DIRTY $button->icon -modules/gallery/views/quick_pane.html.php 6 DIRTY $button->title -modules/gallery/views/quick_pane.html.php 20 DIRTY $button->class -modules/gallery/views/quick_pane.html.php 20 DIRTY $button->href -modules/gallery/views/quick_pane.html.php 21 DIRTY $button->title -modules/gallery/views/quick_pane.html.php 22 DIRTY $button->title -modules/gallery/views/simple_uploader.html.php 7 DIRTY $csrf -modules/gallery/views/simple_uploader.html.php 9 $item->title -modules/gallery/views/simple_uploader.html.php 29 $parent->title -modules/gallery/views/simple_uploader.html.php 31 $item->title -modules/gallery/views/simple_uploader.html.php 86 DIRTY $item->id -modules/gallery/views/simple_uploader.html.php 90 DIRTY $csrf -modules/gallery/views/upgrader.html.php 44 DIRTY $module->version -modules/gallery/views/upgrader.html.php 44 DIRTY $module->code_version -modules/gallery/views/upgrader.html.php 45 DIRTY $id -modules/gallery/views/upgrader.html.php 46 DIRTY $module->name -modules/gallery/views/upgrader.html.php 49 DIRTY $module->version -modules/gallery/views/upgrader.html.php 52 DIRTY $module->code_version -modules/gallery/views/upgrader.html.php 75 DIRTY $module->name -modules/gallery/views/upgrader.html.php 84 DIRTY $upgrade_token -modules/image_block/views/image_block_block.html.php 3 DIRTY $item->url() -modules/image_block/views/image_block_block.html.php 4 DIRTY $item->thumb_img(array("class" => "gThumbnail")) -modules/info/views/info_block.html.php 5 $item->title -modules/info/views/info_block.html.php 10 $item->description -modules/info/views/info_block.html.php 16 $item->name -modules/info/views/info_block.html.php 22 DIRTY $item->captured -modules/info/views/info_block.html.php 29 DIRTY $item->owner->url -modules/info/views/info_block.html.php 29 $item->owner->display_name() -modules/info/views/info_block.html.php 31 $item->owner->display_name() -modules/notification/views/comment_published.html.php 4 $subject -modules/notification/views/comment_published.html.php 7 $subject -modules/notification/views/comment_published.html.php 11 $comment->text -modules/notification/views/comment_published.html.php 15 $comment->author_name() -modules/notification/views/comment_published.html.php 19 $comment->author_email() -modules/notification/views/comment_published.html.php 23 $comment->author_url() -modules/notification/views/comment_published.html.php 28 DIRTY $comment->item()->url(array(), true) -modules/notification/views/comment_published.html.php 29 DIRTY $comment->item()->url(array(), true) -modules/notification/views/item_added.html.php 4 $subject -modules/notification/views/item_added.html.php 7 $subject -modules/notification/views/item_added.html.php 11 $item->title -modules/notification/views/item_added.html.php 16 DIRTY $item->url(array(), true) -modules/notification/views/item_added.html.php 17 DIRTY $item->url(array(), true) -modules/notification/views/item_added.html.php 24 $item->description -modules/notification/views/item_deleted.html.php 4 $subject -modules/notification/views/item_deleted.html.php 7 $subject -modules/notification/views/item_deleted.html.php 12 $item->parent()->title -modules/notification/views/item_deleted.html.php 18 DIRTY $item->parent()->url(array(), true) -modules/notification/views/item_deleted.html.php 19 DIRTY $item->parent()->url(array(), true) -modules/notification/views/item_updated.html.php 4 $subject -modules/notification/views/item_updated.html.php 7 $subject -modules/notification/views/item_updated.html.php 12 $item->title -modules/notification/views/item_updated.html.php 15 $item->title -modules/notification/views/item_updated.html.php 20 DIRTY $item->url(array(), true) -modules/notification/views/item_updated.html.php 20 DIRTY $item->url(array(), true) -modules/notification/views/item_updated.html.php 25 $item->description -modules/notification/views/item_updated.html.php 30 $item->description -modules/organize/views/organize.html.php 10 DIRTY $item->id -modules/organize/views/organize.html.php 12 DIRTY $csrf -modules/organize/views/organize.html.php 13 DIRTY $csrf -modules/organize/views/organize.html.php 19 $item->title -modules/organize/views/organize.html.php 33 DIRTY $album_tree -modules/organize/views/organize.html.php 48 DIRTY $button_pane -modules/organize/views/organize_album.html.php 3 DIRTY $album->id -modules/organize/views/organize_album.html.php 4 DIRTY $album->id -modules/organize/views/organize_album.html.php 4 DIRTY $album->id -modules/organize/views/organize_album.html.php 5 DIRTY $album_icon -modules/organize/views/organize_album.html.php 5 DIRTY $album_icon -modules/organize/views/organize_album.html.php 8 DIRTY $album->id -modules/organize/views/organize_album.html.php 8 DIRTY $album->id -modules/organize/views/organize_album.html.php 9 DIRTY $selected -modules/organize/views/organize_album.html.php 10 $album->title -modules/organize/views/organize_album.html.php 12 DIRTY $album->id -modules/organize/views/organize_album.html.php 13 DIRTY $album_icon -modules/organize/views/organize_album.html.php 14 DIRTY $children -modules/organize/views/organize_edit.html.php 4 DIRTY $idx -modules/organize/views/organize_edit.html.php 4 DIRTY $pane -modules/organize/views/organize_edit.html.php 10 DIRTY $idx -modules/organize/views/organize_edit.html.php 10 DIRTY $pane -modules/organize/views/organize_thumb_grid.html.php 7 DIRTY $child->id -modules/organize/views/organize_thumb_grid.html.php 7 DIRTY $child->id -modules/organize/views/organize_thumb_grid.html.php 8 DIRTY $child->id -modules/organize/views/organize_thumb_grid.html.php 8 DIRTY $item_class -modules/organize/views/organize_thumb_grid.html.php 9 DIRTY $child->thumb_img(array("class" => "gThumbnail"), $thumbsize, true) -modules/recaptcha/views/admin_recaptcha.html.php 6 DIRTY $form->get_key_url -modules/recaptcha/views/admin_recaptcha.html.php 10 DIRTY $form -modules/recaptcha/views/admin_recaptcha.html.php 23 DIRTY $public_key -modules/recaptcha/views/form_recaptcha.html.php 7 DIRTY $public_key -modules/rss/views/feed.mrss.php 9 $feed->title -modules/rss/views/feed.mrss.php 10 DIRTY $feed->uri -modules/rss/views/feed.mrss.php 11 $feed->description -modules/rss/views/feed.mrss.php 13 DIRTY $feed->uri -modules/rss/views/feed.mrss.php 16 DIRTY $feed->previous_page_uri -modules/rss/views/feed.mrss.php 19 DIRTY $feed->next_page_uri -modules/rss/views/feed.mrss.php 21 DIRTY $pub_date -modules/rss/views/feed.mrss.php 22 DIRTY $pub_date -modules/rss/views/feed.mrss.php 25 $child->title -modules/rss/views/feed.mrss.php 26 DIRTY $child->type -modules/rss/views/feed.mrss.php 26 DIRTY $child->id -modules/rss/views/feed.mrss.php 27 DIRTY $child->type -modules/rss/views/feed.mrss.php 27 DIRTY $child->id -modules/rss/views/feed.mrss.php 28 DIRTY $child->created -modules/rss/views/feed.mrss.php 31 $child->description -modules/rss/views/feed.mrss.php 34 DIRTY $child->resize_url(true) -modules/rss/views/feed.mrss.php 35 $child->title -modules/rss/views/feed.mrss.php 36 DIRTY $child->resize_height -modules/rss/views/feed.mrss.php 36 DIRTY $child->resize_width -modules/rss/views/feed.mrss.php 38 DIRTY $child->type -modules/rss/views/feed.mrss.php 38 DIRTY $child->id -modules/rss/views/feed.mrss.php 39 DIRTY $child->thumb_url(true) -modules/rss/views/feed.mrss.php 40 $child->title -modules/rss/views/feed.mrss.php 41 DIRTY $child->thumb_height -modules/rss/views/feed.mrss.php 41 DIRTY $child->thumb_width -modules/rss/views/feed.mrss.php 43 $child->description -modules/rss/views/feed.mrss.php 47 DIRTY $child->thumb_url(true) -modules/rss/views/feed.mrss.php 48 DIRTY $child->thumb_path() -modules/rss/views/feed.mrss.php 49 DIRTY $child->thumb_height -modules/rss/views/feed.mrss.php 50 DIRTY $child->thumb_width -modules/rss/views/feed.mrss.php 54 DIRTY $child->resize_url(true) -modules/rss/views/feed.mrss.php 55 DIRTY $child->resize_path() -modules/rss/views/feed.mrss.php 56 DIRTY $child->mime_type -modules/rss/views/feed.mrss.php 57 DIRTY $child->resize_height -modules/rss/views/feed.mrss.php 58 DIRTY $child->resize_width -modules/rss/views/feed.mrss.php 62 DIRTY $child->file_url(true) -modules/rss/views/feed.mrss.php 63 DIRTY $child->file_path() -modules/rss/views/feed.mrss.php 64 DIRTY $child->mime_type -modules/rss/views/feed.mrss.php 65 DIRTY $child->height -modules/rss/views/feed.mrss.php 66 DIRTY $child->width -modules/rss/views/feed.mrss.php 70 DIRTY $child->file_url(true) -modules/rss/views/feed.mrss.php 71 DIRTY $child->file_path() -modules/rss/views/feed.mrss.php 72 DIRTY $child->height -modules/rss/views/feed.mrss.php 73 DIRTY $child->width -modules/rss/views/feed.mrss.php 74 DIRTY $child->mime_type -modules/rss/views/rss_block.html.php 6 DIRTY $url -modules/rss/views/rss_block.html.php 8 DIRTY $title -modules/search/views/search.html.php 11 $q -modules/search/views/search.html.php 30 DIRTY $item_class -modules/search/views/search.html.php 31 DIRTY $item->id -modules/search/views/search.html.php 32 DIRTY $item->thumb_img() -modules/search/views/search.html.php 34 $item->title -modules/search/views/search.html.php 37 $item->description -modules/search/views/search.html.php 43 DIRTY $theme->pager() -modules/search/views/search.html.php 47 $q -modules/server_add/views/admin_server_add.html.php 14 DIRTY $path -modules/server_add/views/admin_server_add.html.php 14 DIRTY $csrf -modules/server_add/views/admin_server_add.html.php 15 DIRTY $id -modules/server_add/views/admin_server_add.html.php 19 DIRTY $path -modules/server_add/views/admin_server_add.html.php 24 DIRTY $form -modules/server_add/views/server_add_tree.html.php 12 DIRTY $dir -modules/server_add/views/server_add_tree.html.php 13 DIRTY $dir -modules/server_add/views/server_add_tree.html.php 20 DIRTY $file -modules/server_add/views/server_add_tree.html.php 25 DIRTY $file -modules/server_add/views/server_add_tree.html.php 27 $file -modules/server_add/views/server_add_tree_dialog.html.php 4 DIRTY $item->id -modules/server_add/views/server_add_tree_dialog.html.php 4 DIRTY $csrf -modules/server_add/views/server_add_tree_dialog.html.php 8 $item->title -modules/server_add/views/server_add_tree_dialog.html.php 14 $parent->title -modules/server_add/views/server_add_tree_dialog.html.php 18 $item->title -modules/server_add/views/server_add_tree_dialog.html.php 23 DIRTY $tree -modules/tag/views/admin_tags.html.php 13 DIRTY $csrf -modules/tag/views/admin_tags.html.php 27 DIRTY $tags->count() -modules/tag/views/admin_tags.html.php 35 DIRTY $current_letter -modules/tag/views/admin_tags.html.php 45 DIRTY $current_letter -modules/tag/views/admin_tags.html.php 50 DIRTY $tag->id -modules/tag/views/admin_tags.html.php 50 $tag->name -modules/tag/views/admin_tags.html.php 51 DIRTY $tag->count -modules/tag/views/admin_tags.html.php 52 DIRTY $tag->id -modules/tag/views/tag_block.html.php 15 DIRTY $cloud -modules/tag/views/tag_block.html.php 17 DIRTY $form -modules/tag/views/tag_cloud.html.php 4 DIRTY $tag->count -modules/tag/views/tag_cloud.html.php 4 DIRTY $max_count -modules/tag/views/tag_cloud.html.php 5 DIRTY $tag->count -modules/tag/views/tag_cloud.html.php 6 DIRTY $tag->id -modules/tag/views/tag_cloud.html.php 6 $tag->name -modules/user/views/admin_users.html.php 3 DIRTY $csrf -modules/user/views/admin_users.html.php 36 DIRTY $csrf -modules/user/views/admin_users.html.php 67 DIRTY $user->id -modules/user/views/admin_users.html.php 67 DIRTY $user->admin -modules/user/views/admin_users.html.php 68 DIRTY $user->id -modules/user/views/admin_users.html.php 69 DIRTY $user->avatar_url(20, $theme->url("images/avatar.jpg", true)) -modules/user/views/admin_users.html.php 71 $user->name -modules/user/views/admin_users.html.php 74 $user->name -modules/user/views/admin_users.html.php 77 $user->full_name -modules/user/views/admin_users.html.php 80 $user->email -modules/user/views/admin_users.html.php 83 DIRTY $user->last_login -modules/user/views/admin_users.html.php 83 DIRTY $user->last_login -modules/user/views/admin_users.html.php 86 DIRTY $user->id -modules/user/views/admin_users.html.php 91 DIRTY $user->id -modules/user/views/admin_users.html.php 121 DIRTY $group->id -modules/user/views/admin_users.html.php 121 DIRTY $group->special -modules/user/views/admin_users.html.php 123 DIRTY $v -modules/user/views/admin_users_group.html.php 3 $group->name -modules/user/views/admin_users_group.html.php 5 DIRTY $group->id -modules/user/views/admin_users_group.html.php 6 $group->name -modules/user/views/admin_users_group.html.php 20 $user->name -modules/user/views/admin_users_group.html.php 22 DIRTY $user->id -modules/user/views/admin_users_group.html.php 22 DIRTY $group->id -modules/user/views/admin_users_group.html.php 25 $user->name -modules/user/views/admin_users_group.html.php 25 $group->name -modules/user/views/login.html.php 12 DIRTY $user->id -modules/user/views/login.html.php 15 $user->display_name() -modules/user/views/login.html.php 18 DIRTY $csrf -modules/user/views/login_ajax.html.php 37 DIRTY $form -modules/user/views/reset_password.html.php 9 $user->full_name -modules/user/views/reset_password.html.php 9 $user->full_name -modules/user/views/reset_password.html.php 9 $user->name -modules/user/views/reset_password.html.php 12 DIRTY $confirm_url -modules/watermark/views/admin_watermarks.html.php 19 DIRTY $width -modules/watermark/views/admin_watermarks.html.php 19 DIRTY $height -modules/watermark/views/admin_watermarks.html.php 19 DIRTY $url -modules/watermark/views/admin_watermarks.html.php 21 DIRTY $position -themes/admin_default/views/admin.html.php 10 DIRTY $theme->css("yui/reset-fonts-grids.css") -themes/admin_default/views/admin.html.php 11 DIRTY $theme->css("themeroller/ui.base.css") -themes/admin_default/views/admin.html.php 12 DIRTY $theme->css("superfish/css/superfish.css") -themes/admin_default/views/admin.html.php 13 DIRTY $theme->css("screen.css") -themes/admin_default/views/admin.html.php 14 DIRTY $theme->css("admin_screen.css") -themes/admin_default/views/admin.html.php 16 DIRTY $theme->url("fix-ie.css") -themes/admin_default/views/admin.html.php 20 DIRTY $theme->script("jquery.js") -themes/admin_default/views/admin.html.php 21 DIRTY $theme->script("jquery.form.js") -themes/admin_default/views/admin.html.php 22 DIRTY $theme->script("jquery-ui.js") -themes/admin_default/views/admin.html.php 23 DIRTY $theme->script("gallery.common.js") -themes/admin_default/views/admin.html.php 28 DIRTY $theme->script("gallery.dialog.js") -themes/admin_default/views/admin.html.php 29 DIRTY $theme->script("superfish/js/superfish.js") -themes/admin_default/views/admin.html.php 30 DIRTY $theme->script("jquery.dropshadow.js") -themes/admin_default/views/admin.html.php 31 DIRTY $theme->script("ui.init.js") -themes/admin_default/views/admin.html.php 33 DIRTY $theme->admin_head() -themes/admin_default/views/admin.html.php 36 DIRTY $theme->body_attributes() -themes/admin_default/views/admin.html.php 37 DIRTY $theme->admin_page_top() -themes/admin_default/views/admin.html.php 43 DIRTY $theme->site_status() -themes/admin_default/views/admin.html.php 45 DIRTY $theme->admin_header_top() -themes/admin_default/views/admin.html.php 48 DIRTY $csrf -themes/admin_default/views/admin.html.php 54 DIRTY $theme->admin_menu() -themes/admin_default/views/admin.html.php 56 DIRTY $theme->admin_header_bottom() -themes/admin_default/views/admin.html.php 62 DIRTY $theme->messages() -themes/admin_default/views/admin.html.php 63 DIRTY $content -themes/admin_default/views/admin.html.php 69 DIRTY $sidebar -themes/admin_default/views/admin.html.php 74 DIRTY $theme->admin_footer() -themes/admin_default/views/admin.html.php 76 DIRTY $theme->admin_credits() -themes/admin_default/views/admin.html.php 80 DIRTY $theme->admin_page_bottom() -themes/admin_default/views/block.html.php 2 DIRTY $id -themes/admin_default/views/block.html.php 2 DIRTY $css_id -themes/admin_default/views/block.html.php 5 DIRTY $id -themes/admin_default/views/block.html.php 5 DIRTY $csrf -themes/admin_default/views/block.html.php 10 DIRTY $title -themes/admin_default/views/block.html.php 13 DIRTY $content -themes/admin_default/views/pager.html.php 13 DIRTY $url -themes/admin_default/views/pager.html.php 20 DIRTY $previous_page -themes/admin_default/views/pager.html.php 20 DIRTY $url -themes/admin_default/views/pager.html.php 27 DIRTY $from_to_msg -themes/admin_default/views/pager.html.php 30 DIRTY $next_page -themes/admin_default/views/pager.html.php 30 DIRTY $url -themes/admin_default/views/pager.html.php 37 DIRTY $last_page -themes/admin_default/views/pager.html.php 37 DIRTY $url -themes/default/views/album.html.php 4 DIRTY $theme->album_top() -themes/default/views/album.html.php 5 $item->title -themes/default/views/album.html.php 6 $item->description -themes/default/views/album.html.php 16 DIRTY $child->id -themes/default/views/album.html.php 16 DIRTY $item_class -themes/default/views/album.html.php 17 DIRTY $theme->thumb_top($child) -themes/default/views/album.html.php 18 DIRTY $child->url() -themes/default/views/album.html.php 19 DIRTY $child->thumb_img(array("class" => "gThumbnail")) -themes/default/views/album.html.php 21 DIRTY $theme->thumb_bottom($child) -themes/default/views/album.html.php 22 DIRTY $theme->thumb_menu($child) -themes/default/views/album.html.php 23 DIRTY $child->url() -themes/default/views/album.html.php 23 $child->title -themes/default/views/album.html.php 25 DIRTY $theme->thumb_info($child) -themes/default/views/album.html.php 33 DIRTY $addurl -themes/default/views/album.html.php 39 DIRTY $theme->album_bottom() -themes/default/views/album.html.php 41 DIRTY $theme->pager() -themes/default/views/block.html.php 2 DIRTY $anchor -themes/default/views/block.html.php 3 DIRTY $css_id -themes/default/views/block.html.php 4 DIRTY $title -themes/default/views/block.html.php 6 DIRTY $content -themes/default/views/dynamic.html.php 4 DIRTY $theme->dynamic_top() -themes/default/views/dynamic.html.php 6 $title -themes/default/views/dynamic.html.php 11 DIRTY $child->is_album() -themes/default/views/dynamic.html.php 12 DIRTY $theme->thumb_top($child) -themes/default/views/dynamic.html.php 13 DIRTY $child->url() -themes/default/views/dynamic.html.php 14 DIRTY $child->id -themes/default/views/dynamic.html.php 15 DIRTY $child->thumb_url() -themes/default/views/dynamic.html.php 16 DIRTY $child->thumb_width -themes/default/views/dynamic.html.php 17 DIRTY $child->thumb_height -themes/default/views/dynamic.html.php 19 $child->title -themes/default/views/dynamic.html.php 20 DIRTY $theme->thumb_bottom($child) -themes/default/views/dynamic.html.php 22 DIRTY $theme->thumb_info($child) -themes/default/views/dynamic.html.php 27 DIRTY $theme->dynamic_bottom() -themes/default/views/dynamic.html.php 29 DIRTY $theme->pager() -themes/default/views/footer.html.php 2 DIRTY $theme->footer() -themes/default/views/footer.html.php 4 DIRTY $footer_text -themes/default/views/footer.html.php 9 DIRTY $theme->credits() -themes/default/views/header.html.php 3 DIRTY $theme->header_top() -themes/default/views/header.html.php 5 DIRTY $header_text -themes/default/views/header.html.php 8 DIRTY $theme->url("images/logo.png") -themes/default/views/header.html.php 12 DIRTY $theme->site_menu() -themes/default/views/header.html.php 14 DIRTY $theme->header_bottom() -themes/default/views/header.html.php 21 DIRTY $parent->id -themes/default/views/header.html.php 21 DIRTY $item->id -themes/default/views/header.html.php 22 $parent->title -themes/default/views/header.html.php 26 $item->title -themes/default/views/movie.html.php 3 DIRTY $theme->photo_top() -themes/default/views/movie.html.php 6 DIRTY $position -themes/default/views/movie.html.php 6 DIRTY $sibling_count -themes/default/views/movie.html.php 8 DIRTY $previous_item->url() -themes/default/views/movie.html.php 11 DIRTY $next_item->url() -themes/default/views/movie.html.php 15 DIRTY $item->movie_img(array("class" => "gMovie", "id" => "gMovieId-{$item->id}")) -themes/default/views/movie.html.php 18 $item->title -themes/default/views/movie.html.php 19 $item->description -themes/default/views/movie.html.php 25 DIRTY $theme->photo_bottom() -themes/default/views/page.html.php 9 DIRTY $page_title -themes/default/views/page.html.php 13 $theme->item()->title -themes/default/views/page.html.php 15 $theme->item()->title -themes/default/views/page.html.php 17 $theme->item()->title -themes/default/views/page.html.php 20 $theme->tag()->name -themes/default/views/page.html.php 26 DIRTY $theme->url("images/favicon.ico") -themes/default/views/page.html.php 27 DIRTY $theme->css("yui/reset-fonts-grids.css") -themes/default/views/page.html.php 28 DIRTY $theme->css("superfish/css/superfish.css") -themes/default/views/page.html.php 29 DIRTY $theme->css("themeroller/ui.base.css") -themes/default/views/page.html.php 30 DIRTY $theme->css("screen.css") -themes/default/views/page.html.php 32 DIRTY $theme->url("css/fix-ie.css") -themes/default/views/page.html.php 41 DIRTY $new_width -themes/default/views/page.html.php 42 DIRTY $new_height -themes/default/views/page.html.php 43 DIRTY $thumb_proportion -themes/default/views/page.html.php 48 DIRTY $theme->script("jquery.js") -themes/default/views/page.html.php 49 DIRTY $theme->script("jquery.form.js") -themes/default/views/page.html.php 50 DIRTY $theme->script("jquery-ui.js") -themes/default/views/page.html.php 51 DIRTY $theme->script("gallery.common.js") -themes/default/views/page.html.php 56 DIRTY $theme->script("gallery.dialog.js") -themes/default/views/page.html.php 57 DIRTY $theme->script("gallery.form.js") -themes/default/views/page.html.php 58 DIRTY $theme->script("superfish/js/superfish.js") -themes/default/views/page.html.php 59 DIRTY $theme->script("jquery.localscroll.js") -themes/default/views/page.html.php 60 DIRTY $theme->script("ui.init.js") -themes/default/views/page.html.php 64 DIRTY $theme->script("jquery.scrollTo.js") -themes/default/views/page.html.php 65 DIRTY $theme->script("gallery.show_full_size.js") -themes/default/views/page.html.php 67 DIRTY $theme->script("flowplayer.js") -themes/default/views/page.html.php 70 DIRTY $theme->head() -themes/default/views/page.html.php 73 DIRTY $theme->body_attributes() -themes/default/views/page.html.php 74 DIRTY $theme->page_top() -themes/default/views/page.html.php 76 DIRTY $theme->site_status() -themes/default/views/page.html.php 84 DIRTY $theme->messages() -themes/default/views/page.html.php 85 DIRTY $content -themes/default/views/page.html.php 99 DIRTY $theme->page_bottom() -themes/default/views/pager.html.php 13 DIRTY $url -themes/default/views/pager.html.php 20 DIRTY $previous_page -themes/default/views/pager.html.php 20 DIRTY $url -themes/default/views/pager.html.php 27 DIRTY $from_to_msg -themes/default/views/pager.html.php 30 DIRTY $next_page -themes/default/views/pager.html.php 30 DIRTY $url -themes/default/views/pager.html.php 37 DIRTY $last_page -themes/default/views/pager.html.php 37 DIRTY $url -themes/default/views/photo.html.php 8 DIRTY $theme->item()->file_url() -themes/default/views/photo.html.php 8 DIRTY $theme->item()->width -themes/default/views/photo.html.php 8 DIRTY $theme->item()->height -themes/default/views/photo.html.php 16 DIRTY $theme->photo_top() -themes/default/views/photo.html.php 21 DIRTY $previous_item->url() -themes/default/views/photo.html.php 28 DIRTY $position -themes/default/views/photo.html.php 28 DIRTY $sibling_count -themes/default/views/photo.html.php 31 DIRTY $next_item->url() -themes/default/views/photo.html.php 41 DIRTY $theme->resize_top($item) -themes/default/views/photo.html.php 43 DIRTY $item->file_url() -themes/default/views/photo.html.php 45 DIRTY $item->resize_img(array("id" => "gPhotoId-{$item->id}", "class" => "gResize")) -themes/default/views/photo.html.php 49 DIRTY $theme->resize_bottom($item) -themes/default/views/photo.html.php 53 $item->title -themes/default/views/photo.html.php 54 $item->description -themes/default/views/photo.html.php 60 DIRTY $theme->photo_bottom() -themes/default/views/sidebar.html.php 2 DIRTY $theme->sidebar_top() -themes/default/views/sidebar.html.php 6 DIRTY $theme->album_menu() -themes/default/views/sidebar.html.php 8 DIRTY $theme->photo_menu() -themes/default/views/sidebar.html.php 10 DIRTY $theme->tag_menu() -themes/default/views/sidebar.html.php 15 DIRTY $theme->sidebar_blocks() -themes/default/views/sidebar.html.php 16 DIRTY $theme->sidebar_bottom() +modules/akismet/views/admin_akismet.html.php 16 DIRTY $form +modules/akismet/views/admin_akismet_stats.html.php 9 DIRTY $api_key +modules/akismet/views/admin_akismet_stats.html.php 9 DIRTY urlencode($blog_url) +modules/comment/views/admin_block_recent_comments.html.php 4 DIRTY ($i%2==0)?"gEvenRow":"gOddRow" +modules/comment/views/admin_block_recent_comments.html.php 10 DIRTY gallery::date_time($comment->created) +modules/comment/views/admin_comments.html.php 42 DIRTY $menu +modules/comment/views/admin_comments.html.php 106 DIRTY $comment->id +modules/comment/views/admin_comments.html.php 106 DIRTY ($i%2==0)?"gOddRow":"gEvenRow" +modules/comment/views/admin_comments.html.php 122 DIRTY $item->url() +modules/comment/views/admin_comments.html.php 124 DIRTY $item->thumb_url() +modules/comment/views/admin_comments.html.php 126 DIRTY photo::img_dimensions($item->thumb_width,$item->thumb_height,75) +modules/comment/views/admin_comments.html.php 134 DIRTY gallery::date($comment->created) +modules/comment/views/admin_comments.html.php 141 DIRTY $comment->id +modules/comment/views/admin_comments.html.php 150 DIRTY $comment->id +modules/comment/views/admin_comments.html.php 159 DIRTY $comment->id +modules/comment/views/admin_comments.html.php 168 DIRTY $comment->id +modules/comment/views/admin_comments.html.php 175 DIRTY $comment->id +modules/comment/views/admin_comments.html.php 183 DIRTY $comment->id +modules/comment/views/admin_comments.html.php 196 DIRTY $pager +modules/comment/views/comment.html.php 2 DIRTY $comment->id; +modules/comment/views/comment.mrss.php 10 DIRTY $feed->uri +modules/comment/views/comment.mrss.php 13 DIRTY $feed->uri +modules/comment/views/comment.mrss.php 16 DIRTY $feed->previous_page_uri +modules/comment/views/comment.mrss.php 19 DIRTY $feed->next_page_uri +modules/comment/views/comment.mrss.php 21 DIRTY $pub_date +modules/comment/views/comment.mrss.php 22 DIRTY $pub_date +modules/comment/views/comment.mrss.php 28 DIRTY $child->item_uri +modules/comment/views/comment.mrss.php 29 DIRTY $child->pub_date +modules/comment/views/comment.mrss.php 34 DIRTY $child->thumb_url +modules/comment/views/comment.mrss.php 35 DIRTY $child->thumb_height +modules/comment/views/comment.mrss.php 35 DIRTY $child->thumb_width +modules/comment/views/comments.html.php 16 DIRTY $comment->id +modules/digibug/views/digibug_form.html.php 4 DIRTY form::open("http://www.digibug.com/dapi/order.php") +modules/digibug/views/digibug_form.html.php 5 DIRTY form::hidden($order_parms) +modules/digibug/views/digibug_form.html.php 6 DIRTY form::close() +modules/exif/views/exif_dialog.html.php 14 DIRTY $details[$i]["caption"] +modules/exif/views/exif_dialog.html.php 21 DIRTY $details[$i]["caption"] +modules/g2_import/views/admin_g2_import.html.php 28 DIRTY $form +modules/gallery/views/admin_advanced_settings.html.php 22 DIRTY $var->module_name +modules/gallery/views/admin_block_log_entries.html.php 4 DIRTY log::severity_class($entry->severity) +modules/gallery/views/admin_block_log_entries.html.php 6 DIRTY gallery::date_time($entry->timestamp) +modules/gallery/views/admin_block_log_entries.html.php 7 DIRTY $entry->message +modules/gallery/views/admin_block_log_entries.html.php 8 DIRTY $entry->html +modules/gallery/views/admin_block_news.html.php 5 DIRTY $entry["link"] +modules/gallery/views/admin_block_news.html.php 5 DIRTY $entry["title"] +modules/gallery/views/admin_block_news.html.php 7 DIRTY text::limit_words(strip_tags($entry["description"]),25); +modules/gallery/views/admin_block_photo_stream.html.php 6 DIRTY photo::img_dimensions($photo->width,$photo->height,72) +modules/gallery/views/admin_block_photo_stream.html.php 7 DIRTY $photo->thumb_url() +modules/gallery/views/admin_dashboard.html.php 5 DIRTY $csrf +modules/gallery/views/admin_dashboard.html.php 35 DIRTY $blocks +modules/gallery/views/admin_graphics.html.php 22 DIRTY newView("admin_graphics_none.html") +modules/gallery/views/admin_graphics.html.php 24 DIRTY newView("admin_graphics_$active.html",array("tk"=>$tk->$active,"is_active"=>true)) +modules/gallery/views/admin_graphics.html.php 31 DIRTY newView("admin_graphics_$id.html",array("tk"=>$tk->$id,"is_active"=>false)) +modules/gallery/views/admin_graphics_gd.html.php 2 DIRTY $is_active?" gSelected":"" +modules/gallery/views/admin_graphics_gd.html.php 2 DIRTY $tk->installed?" gInstalledToolkit":" gUnavailable" +modules/gallery/views/admin_graphics_gd.html.php 19 DIRTY $tk->error +modules/gallery/views/admin_graphics_graphicsmagick.html.php 2 DIRTY $is_active?" gSelected":"" +modules/gallery/views/admin_graphics_graphicsmagick.html.php 2 DIRTY $tk->installed?" gInstalledToolkit":" gUnavailable" +modules/gallery/views/admin_graphics_graphicsmagick.html.php 18 DIRTY $tk->error +modules/gallery/views/admin_graphics_imagemagick.html.php 2 DIRTY $is_active?" gSelected":"" +modules/gallery/views/admin_graphics_imagemagick.html.php 2 DIRTY $tk->installed?" gInstalledToolkit":" gUnavailable" +modules/gallery/views/admin_graphics_imagemagick.html.php 18 DIRTY $tk->error +modules/gallery/views/admin_languages.html.php 9 DIRTY access::csrf_form_field() +modules/gallery/views/admin_languages.html.php 28 DIRTY (isset($installed_locales[$code]))?"installed":"" +modules/gallery/views/admin_languages.html.php 28 DIRTY ($default_locale==$code)?" default":"" +modules/gallery/views/admin_languages.html.php 29 DIRTY form::checkbox("installed_locales[]",$code,isset($installed_locales[$code])) +modules/gallery/views/admin_languages.html.php 30 DIRTY $display_name +modules/gallery/views/admin_languages.html.php 32 DIRTY form::radio("default_locale",$code,($default_locale==$code),((isset($installed_locales[$code]))?'':'disabled="disabled"')) +modules/gallery/views/admin_languages.html.php 104 DIRTY $share_translations_form +modules/gallery/views/admin_maintenance.html.php 24 DIRTY log::severity_class($task->severity) +modules/gallery/views/admin_maintenance.html.php 24 DIRTY ($i%2==0)?"gOddRow":"gEvenRow" +modules/gallery/views/admin_maintenance.html.php 26 DIRTY $task->name +modules/gallery/views/admin_maintenance.html.php 29 DIRTY $task->description +modules/gallery/views/admin_maintenance.html.php 73 DIRTY $task->state=="stalled"?"gWarning":"" +modules/gallery/views/admin_maintenance.html.php 73 DIRTY ($i%2==0)?"gOddRow":"gEvenRow" +modules/gallery/views/admin_maintenance.html.php 75 DIRTY gallery::date_time($task->updated) +modules/gallery/views/admin_maintenance.html.php 78 DIRTY $task->name +modules/gallery/views/admin_maintenance.html.php 93 DIRTY $task->status +modules/gallery/views/admin_maintenance.html.php 147 DIRTY $task->state=="success"?"gSuccess":"gError" +modules/gallery/views/admin_maintenance.html.php 147 DIRTY ($i%2==0)?"gOddRow":"gEvenRow" +modules/gallery/views/admin_maintenance.html.php 149 DIRTY gallery::date_time($task->updated) +modules/gallery/views/admin_maintenance.html.php 152 DIRTY $task->name +modules/gallery/views/admin_maintenance.html.php 164 DIRTY $task->status +modules/gallery/views/admin_maintenance_show_log.html.php 13 DIRTY $task->name +modules/gallery/views/admin_maintenance_task.html.php 54 DIRTY $task->name +modules/gallery/views/admin_modules.html.php 9 DIRTY access::csrf_form_field() +modules/gallery/views/admin_modules.html.php 19 DIRTY ($i%2==0)?"gOddRow":"gEvenRow" +modules/gallery/views/admin_modules.html.php 22 DIRTY form::checkbox($data,'1',module::is_active($module_name)) +modules/gallery/views/admin_modules.html.php 24 DIRTY $module_info->version +modules/gallery/views/admin_theme_options.html.php 5 DIRTY $form +modules/gallery/views/admin_themes.html.php 5 DIRTY $csrf +modules/gallery/views/admin_themes.html.php 19 DIRTY $themes[$site]->name +modules/gallery/views/admin_themes.html.php 20 DIRTY $themes[$site]->name +modules/gallery/views/admin_themes.html.php 22 DIRTY $themes[$site]->description +modules/gallery/views/admin_themes.html.php 35 DIRTY $info->name +modules/gallery/views/admin_themes.html.php 36 DIRTY $info->name +modules/gallery/views/admin_themes.html.php 38 DIRTY $info->description +modules/gallery/views/admin_themes.html.php 57 DIRTY $themes[$admin]->name +modules/gallery/views/admin_themes.html.php 58 DIRTY $themes[$admin]->name +modules/gallery/views/admin_themes.html.php 60 DIRTY $themes[$admin]->description +modules/gallery/views/admin_themes.html.php 73 DIRTY $info->name +modules/gallery/views/admin_themes.html.php 74 DIRTY $info->name +modules/gallery/views/admin_themes.html.php 76 DIRTY $info->description +modules/gallery/views/admin_themes_preview.html.php 7 DIRTY $url +modules/gallery/views/kohana_error_page.php 102 DIRTY $message +modules/gallery/views/kohana_error_page.php 116 DIRTY $trace +modules/gallery/views/kohana_profiler.php 32 DIRTY $profile->render(); +modules/gallery/views/l10n_client.html.php 20 DIRTY $string["translation"]===""?"untranslated":"translated" +modules/gallery/views/l10n_client.html.php 22 DIRTY $string["source"]["one"] +modules/gallery/views/l10n_client.html.php 23 DIRTY $string["source"]["other"] +modules/gallery/views/l10n_client.html.php 25 DIRTY $string["source"] +modules/gallery/views/l10n_client.html.php 31 DIRTY $l10n_search_form +modules/gallery/views/l10n_client.html.php 40 DIRTY access::csrf_form_field() +modules/gallery/views/l10n_client.html.php 41 DIRTY form::hidden("l10n-message-key") +modules/gallery/views/l10n_client.html.php 42 DIRTY form::textarea("l10n-edit-translation","",' rows="5" class="translationField"') +modules/gallery/views/l10n_client.html.php 45 DIRTY form::textarea("l10n-edit-plural-translation-zero","",' rows="2"') +modules/gallery/views/l10n_client.html.php 49 DIRTY form::textarea("l10n-edit-plural-translation-one","",' rows="2"') +modules/gallery/views/l10n_client.html.php 53 DIRTY form::textarea("l10n-edit-plural-translation-two","",' rows="2"') +modules/gallery/views/l10n_client.html.php 57 DIRTY form::textarea("l10n-edit-plural-translation-few","",' rows="2"') +modules/gallery/views/l10n_client.html.php 61 DIRTY form::textarea("l10n-edit-plural-translation-many","",' rows="2"') +modules/gallery/views/l10n_client.html.php 66 DIRTY form::textarea("l10n-edit-plural-translation-other","",' rows="2"') +modules/gallery/views/maintenance.html.php 46 DIRTY user::get_login_form("login/auth_html") +modules/gallery/views/move_browse.html.php 39 DIRTY $tree +modules/gallery/views/move_browse.html.php 43 DIRTY access::csrf_form_field() +modules/gallery/views/move_tree.html.php 2 DIRTY $parent->thumb_img(array(),25); +modules/gallery/views/move_tree.html.php 4 DIRTY $parent->id +modules/gallery/views/move_tree.html.php 6 DIRTY $parent->id +modules/gallery/views/move_tree.html.php 8 DIRTY $parent->id +modules/gallery/views/move_tree.html.php 10 DIRTY $child->id +modules/gallery/views/move_tree.html.php 11 DIRTY $child->thumb_img(array(),25); +modules/gallery/views/move_tree.html.php 13 DIRTY $child->id +modules/gallery/views/move_tree.html.php 15 DIRTY $child->id +modules/gallery/views/movieplayer.html.php 2 DIRTY html::anchor($item->file_url(true),"",$attrs) +modules/gallery/views/movieplayer.html.php 5 DIRTY $attrs["id"] +modules/gallery/views/permissions_browse.html.php 40 DIRTY $parent->id +modules/gallery/views/permissions_browse.html.php 41 DIRTY $parent->id +modules/gallery/views/permissions_browse.html.php 46 DIRTY $item->id +modules/gallery/views/permissions_browse.html.php 47 DIRTY $item->id +modules/gallery/views/permissions_browse.html.php 54 DIRTY $form +modules/gallery/views/permissions_form.html.php 24 DIRTY $lock->id +modules/gallery/views/permissions_form.html.php 32 DIRTY $group->id +modules/gallery/views/permissions_form.html.php 32 DIRTY $permission->id +modules/gallery/views/permissions_form.html.php 32 DIRTY $item->id +modules/gallery/views/permissions_form.html.php 36 DIRTY $group->id +modules/gallery/views/permissions_form.html.php 36 DIRTY $permission->id +modules/gallery/views/permissions_form.html.php 36 DIRTY $item->id +modules/gallery/views/permissions_form.html.php 43 DIRTY $group->id +modules/gallery/views/permissions_form.html.php 43 DIRTY $permission->id +modules/gallery/views/permissions_form.html.php 43 DIRTY $item->id +modules/gallery/views/permissions_form.html.php 47 DIRTY $group->id +modules/gallery/views/permissions_form.html.php 47 DIRTY $permission->id +modules/gallery/views/permissions_form.html.php 47 DIRTY $item->id +modules/gallery/views/permissions_form.html.php 56 DIRTY $group->id +modules/gallery/views/permissions_form.html.php 56 DIRTY $permission->id +modules/gallery/views/permissions_form.html.php 56 DIRTY $item->id +modules/gallery/views/permissions_form.html.php 63 DIRTY $group->id +modules/gallery/views/permissions_form.html.php 63 DIRTY $permission->id +modules/gallery/views/permissions_form.html.php 63 DIRTY $item->id +modules/gallery/views/permissions_form.html.php 74 DIRTY $group->id +modules/gallery/views/permissions_form.html.php 74 DIRTY $permission->id +modules/gallery/views/permissions_form.html.php 74 DIRTY $item->id +modules/gallery/views/permissions_form.html.php 79 DIRTY $group->id +modules/gallery/views/permissions_form.html.php 79 DIRTY $permission->id +modules/gallery/views/permissions_form.html.php 79 DIRTY $item->id +modules/gallery/views/upgrader.html.php 44 DIRTY $module->version==$module->code_version?"current":"upgradeable" +modules/gallery/views/upgrader.html.php 45 DIRTY $id +modules/gallery/views/upgrader.html.php 49 DIRTY $module->version +modules/gallery/views/upgrader.html.php 52 DIRTY $module->code_version +modules/image_block/views/image_block_block.html.php 3 DIRTY $item->url() +modules/image_block/views/image_block_block.html.php 4 DIRTY $item->thumb_img(array("class"=>"gThumbnail")) +modules/info/views/info_block.html.php 22 DIRTY date("M j, Y H:i:s",$item->captured) +modules/info/views/info_block.html.php 29 DIRTY $item->owner->url +modules/notification/views/comment_published.html.php 28 DIRTY $comment->item()->url(array(),true) +modules/notification/views/comment_published.html.php 29 DIRTY $comment->item()->url(array(),true) +modules/notification/views/item_added.html.php 16 DIRTY $item->url(array(),true) +modules/notification/views/item_added.html.php 17 DIRTY $item->url(array(),true) +modules/notification/views/item_deleted.html.php 18 DIRTY $item->parent()->url(array(),true) +modules/notification/views/item_deleted.html.php 19 DIRTY $item->parent()->url(array(),true) +modules/notification/views/item_updated.html.php 20 DIRTY $item->url(array(),true) +modules/notification/views/item_updated.html.php 20 DIRTY $item->url(array(),true) +modules/organize/views/organize_dialog.html.php 21 DIRTY $album_tree +modules/organize/views/organize_dialog.html.php 28 DIRTY $micro_thumb_grid +modules/organize/views/organize_dialog.html.php 36 DIRTY form::dropdown(array("id"=>"gOrganizeSortColumn"),album::get_sort_order_options(),$album->sort_column) +modules/organize/views/organize_dialog.html.php 37 DIRTY form::dropdown(array("id"=>"gOrganizeSortOrder"),array("ASC"=>"Ascending","DESC"=>"Descending"),$album->sort_order) +modules/organize/views/organize_thumb_grid.html.php 3 DIRTY $child->id +modules/organize/views/organize_thumb_grid.html.php 4 DIRTY $child->id +modules/organize/views/organize_thumb_grid.html.php 5 DIRTY $child->is_album()?"gAlbum":"gPhoto" +modules/organize/views/organize_thumb_grid.html.php 6 DIRTY $child->thumb_img(array("class"=>"gThumbnail","ref"=>$child->id),90,true) +modules/organize/views/organize_tree.html.php 3 DIRTY access::can("edit",$parent)?"":"gViewOnly" +modules/organize/views/organize_tree.html.php 4 DIRTY $parent->id +modules/organize/views/organize_tree.html.php 7 DIRTY $parent->id +modules/organize/views/organize_tree.html.php 14 DIRTY access::can("edit",$peer)?"":"gViewOnly" +modules/organize/views/organize_tree.html.php 15 DIRTY $peer->id +modules/organize/views/organize_tree.html.php 16 DIRTY $peer->id==$album->id?"ui-icon-minus":"ui-icon-plus" +modules/organize/views/organize_tree.html.php 18 DIRTY $peer->id==$album->id?"selected":"" +modules/organize/views/organize_tree.html.php 19 DIRTY $peer->id +modules/organize/views/organize_tree.html.php 26 DIRTY access::can("edit",$child)?"":"gViewOnly" +modules/organize/views/organize_tree.html.php 27 DIRTY $child->id +modules/organize/views/organize_tree.html.php 31 DIRTY $child->id +modules/recaptcha/views/admin_recaptcha.html.php 10 DIRTY $form +modules/recaptcha/views/admin_recaptcha.html.php 23 DIRTY $public_key +modules/recaptcha/views/form_recaptcha.html.php 7 DIRTY $public_key +modules/rss/views/feed.mrss.php 10 DIRTY $feed->uri +modules/rss/views/feed.mrss.php 13 DIRTY $feed->uri +modules/rss/views/feed.mrss.php 16 DIRTY $feed->previous_page_uri +modules/rss/views/feed.mrss.php 19 DIRTY $feed->next_page_uri +modules/rss/views/feed.mrss.php 21 DIRTY $pub_date +modules/rss/views/feed.mrss.php 22 DIRTY $pub_date +modules/rss/views/feed.mrss.php 28 DIRTY date("D, d M Y H:i:s T",$child->created); +modules/rss/views/feed.mrss.php 34 DIRTY $child->resize_url(true) +modules/rss/views/feed.mrss.php 36 DIRTY $child->resize_height +modules/rss/views/feed.mrss.php 36 DIRTY $child->resize_width +modules/rss/views/feed.mrss.php 39 DIRTY $child->thumb_url(true) +modules/rss/views/feed.mrss.php 41 DIRTY $child->thumb_height +modules/rss/views/feed.mrss.php 41 DIRTY $child->thumb_width +modules/rss/views/feed.mrss.php 47 DIRTY $child->thumb_url(true) +modules/rss/views/feed.mrss.php 48 DIRTY @filesize($child->thumb_path()) +modules/rss/views/feed.mrss.php 49 DIRTY $child->thumb_height +modules/rss/views/feed.mrss.php 50 DIRTY $child->thumb_width +modules/rss/views/feed.mrss.php 54 DIRTY $child->resize_url(true) +modules/rss/views/feed.mrss.php 55 DIRTY @filesize($child->resize_path()) +modules/rss/views/feed.mrss.php 56 DIRTY $child->mime_type +modules/rss/views/feed.mrss.php 57 DIRTY $child->resize_height +modules/rss/views/feed.mrss.php 58 DIRTY $child->resize_width +modules/rss/views/feed.mrss.php 62 DIRTY $child->file_url(true) +modules/rss/views/feed.mrss.php 63 DIRTY @filesize($child->file_path()) +modules/rss/views/feed.mrss.php 64 DIRTY $child->mime_type +modules/rss/views/feed.mrss.php 65 DIRTY $child->height +modules/rss/views/feed.mrss.php 66 DIRTY $child->width +modules/rss/views/feed.mrss.php 70 DIRTY $child->file_url(true) +modules/rss/views/feed.mrss.php 71 DIRTY @filesize($child->file_path()) +modules/rss/views/feed.mrss.php 72 DIRTY $child->height +modules/rss/views/feed.mrss.php 73 DIRTY $child->width +modules/rss/views/feed.mrss.php 74 DIRTY $child->mime_type +modules/rss/views/rss_block.html.php 6 DIRTY rss::url($url) +modules/search/views/search.html.php 30 DIRTY $item_class +modules/search/views/search.html.php 32 DIRTY $item->thumb_img() +modules/server_add/views/admin_server_add.html.php 15 DIRTY $id +modules/server_add/views/admin_server_add.html.php 24 DIRTY $form +modules/server_add/views/server_add_tree.html.php 12 DIRTY $dir +modules/server_add/views/server_add_tree.html.php 20 DIRTY is_dir($file)?"ui-icon-folder-collapsed":"ui-icon-document" +modules/server_add/views/server_add_tree.html.php 25 DIRTY strtr($file,array('"'=>'\\"')) +modules/server_add/views/server_add_tree_dialog.html.php 23 DIRTY $tree +modules/tag/views/admin_tags.html.php 13 DIRTY $csrf +modules/tag/views/admin_tags.html.php 50 DIRTY $tag->id +modules/tag/views/admin_tags.html.php 51 DIRTY $tag->count +modules/tag/views/tag_block.html.php 15 DIRTY $cloud +modules/tag/views/tag_block.html.php 17 DIRTY $form +modules/tag/views/tag_cloud.html.php 4 DIRTY (int)(($tag->count/$max_count)*7) +modules/tag/views/tag_cloud.html.php 5 DIRTY $tag->count +modules/user/views/admin_users.html.php 67 DIRTY $user->id +modules/user/views/admin_users.html.php 67 DIRTY text::alternate("gOddRow","gEvenRow") +modules/user/views/admin_users.html.php 67 DIRTY $user->admin?"admin":"" +modules/user/views/admin_users.html.php 68 DIRTY $user->id +modules/user/views/admin_users.html.php 83 DIRTY ($user->last_login==0)?"":gallery::date($user->last_login) +modules/user/views/admin_users.html.php 121 DIRTY $group->id +modules/user/views/admin_users.html.php 121 DIRTY ($group->special?"gDefaultGroup":"") +modules/user/views/admin_users.html.php 123 DIRTY $v +modules/user/views/admin_users_group.html.php 22 DIRTY $user->id +modules/user/views/admin_users_group.html.php 22 DIRTY $group->id +modules/user/views/login_ajax.html.php 37 DIRTY $form +modules/watermark/views/admin_watermarks.html.php 19 DIRTY $width +modules/watermark/views/admin_watermarks.html.php 19 DIRTY $height +modules/watermark/views/admin_watermarks.html.php 19 DIRTY $url +themes/admin_default/views/admin.html.php 34 DIRTY $theme->admin_head() +themes/admin_default/views/admin.html.php 38 DIRTY $theme->admin_page_top() +themes/admin_default/views/admin.html.php 46 DIRTY $theme->admin_header_top() +themes/admin_default/views/admin.html.php 55 DIRTY $theme->admin_menu() +themes/admin_default/views/admin.html.php 57 DIRTY $theme->admin_header_bottom() +themes/admin_default/views/admin.html.php 64 DIRTY $content +themes/admin_default/views/admin.html.php 70 DIRTY $sidebar +themes/admin_default/views/admin.html.php 75 DIRTY $theme->admin_footer() +themes/admin_default/views/admin.html.php 77 DIRTY $theme->admin_credits() +themes/admin_default/views/admin.html.php 81 DIRTY $theme->admin_page_bottom() +themes/admin_default/views/block.html.php 2 DIRTY $id +themes/admin_default/views/block.html.php 2 DIRTY $css_id +themes/admin_default/views/block.html.php 10 DIRTY $title +themes/admin_default/views/block.html.php 13 DIRTY $content +themes/admin_default/views/pager.html.php 13 DIRTY str_replace('{page}',1,$url) +themes/admin_default/views/pager.html.php 20 DIRTY str_replace('{page}',$previous_page,$url) +themes/admin_default/views/pager.html.php 27 DIRTY $from_to_msg +themes/admin_default/views/pager.html.php 30 DIRTY str_replace('{page}',$next_page,$url) +themes/admin_default/views/pager.html.php 37 DIRTY str_replace('{page}',$last_page,$url) +themes/default/views/album.html.php 16 DIRTY $child->id +themes/default/views/album.html.php 16 DIRTY $item_class +themes/default/views/album.html.php 18 DIRTY $child->url() +themes/default/views/album.html.php 19 DIRTY $child->thumb_img(array("class"=>"gThumbnail")) +themes/default/views/album.html.php 23 DIRTY $child->url() +themes/default/views/block.html.php 2 DIRTY $anchor +themes/default/views/block.html.php 3 DIRTY $css_id +themes/default/views/block.html.php 4 DIRTY $title +themes/default/views/block.html.php 6 DIRTY $content +themes/default/views/dynamic.html.php 11 DIRTY $child->is_album()?"gAlbum":"" +themes/default/views/dynamic.html.php 13 DIRTY $child->url() +themes/default/views/dynamic.html.php 14 DIRTY $child->id +themes/default/views/dynamic.html.php 15 DIRTY $child->thumb_url() +themes/default/views/dynamic.html.php 16 DIRTY $child->thumb_width +themes/default/views/dynamic.html.php 17 DIRTY $child->thumb_height +themes/default/views/footer.html.php 4 DIRTY $footer_text +themes/default/views/header.html.php 5 DIRTY $header_text +themes/default/views/movie.html.php 8 DIRTY $previous_item->url() +themes/default/views/movie.html.php 18 DIRTY $next_item->url() +themes/default/views/movie.html.php 28 DIRTY $item->movie_img(array("class"=>"gMovie","id"=>"gMovieId-{$item->id}")) +themes/default/views/page.html.php 9 DIRTY $page_title +themes/default/views/page.html.php 41 DIRTY $new_width +themes/default/views/page.html.php 42 DIRTY $new_height +themes/default/views/page.html.php 43 DIRTY $thumb_proportion +themes/default/views/page.html.php 79 DIRTY newView("header.html") +themes/default/views/page.html.php 86 DIRTY $content +themes/default/views/page.html.php 92 DIRTY newView("sidebar.html") +themes/default/views/page.html.php 97 DIRTY newView("footer.html") +themes/default/views/pager.html.php 13 DIRTY str_replace('{page}',1,$url) +themes/default/views/pager.html.php 20 DIRTY str_replace('{page}',$previous_page,$url) +themes/default/views/pager.html.php 27 DIRTY $from_to_msg +themes/default/views/pager.html.php 30 DIRTY str_replace('{page}',$next_page,$url) +themes/default/views/pager.html.php 37 DIRTY str_replace('{page}',$last_page,$url) +themes/default/views/photo.html.php 8 DIRTY_JS $theme->item()->width +themes/default/views/photo.html.php 8 DIRTY_JS $theme->item()->height +themes/default/views/photo.html.php 21 DIRTY $previous_item->url() +themes/default/views/photo.html.php 31 DIRTY $next_item->url() +themes/default/views/photo.html.php 43 DIRTY $item->file_url() +themes/default/views/photo.html.php 45 DIRTY $item->resize_img(array("id"=>"gPhotoId-{$item->id}","class"=>"gResize")) diff --git a/modules/gallery/views/admin_advanced_settings.html.php b/modules/gallery/views/admin_advanced_settings.html.php index b37c1c73..4235e8f8 100644 --- a/modules/gallery/views/admin_advanced_settings.html.php +++ b/modules/gallery/views/admin_advanced_settings.html.php @@ -20,13 +20,13 @@ <? if ($var->module_name == "gallery" && $var->name == "_cache") continue ?> <tr class="setting"> <td> <?= $var->module_name ?> </td> - <td> <?= p::clean($var->name) ?> </td> + <td> <?= html::clean($var->name) ?> </td> <td> - <a href="<?= url::site("admin/advanced_settings/edit/$var->module_name/" . p::clean($var->name)) ?>" + <a href="<?= url::site("admin/advanced_settings/edit/$var->module_name/" . html::clean($var->name)) ?>" class="gDialogLink" - title="<?= t("Edit %var (%module_name)", array("var" => p::clean($var->name), "module_name" => $var->module_name)) ?>"> + title="<?= t("Edit %var (%module_name)", array("var" => $var->name, "module_name" => $var->module_name)) ?>"> <? if ($var->value): ?> - <?= p::clean($var->value) ?> + <?= html::clean($var->value) ?> <? else: ?> <i> <?= t("empty") ?> </i> <? endif ?> diff --git a/modules/gallery/views/admin_block_log_entries.html.php b/modules/gallery/views/admin_block_log_entries.html.php index 44c1657f..780ff2d0 100644 --- a/modules/gallery/views/admin_block_log_entries.html.php +++ b/modules/gallery/views/admin_block_log_entries.html.php @@ -2,7 +2,7 @@ <ul> <? foreach ($entries as $entry): ?> <li class="<?= log::severity_class($entry->severity) ?>" style="direction: ltr"> - <a href="<?= url::site("user/$entry->user_id") ?>"><?= p::clean($entry->user->name) ?></a> + <a href="<?= url::site("user/$entry->user_id") ?>"><?= html::clean($entry->user->name) ?></a> <?= gallery::date_time($entry->timestamp) ?> <?= $entry->message ?> <?= $entry->html ?> diff --git a/modules/gallery/views/admin_block_photo_stream.html.php b/modules/gallery/views/admin_block_photo_stream.html.php index 1e1329d1..a50836ad 100644 --- a/modules/gallery/views/admin_block_photo_stream.html.php +++ b/modules/gallery/views/admin_block_photo_stream.html.php @@ -2,9 +2,9 @@ <ul> <? foreach ($photos as $photo): ?> <li class="gItem gPhoto"> - <a href="<?= url::site("photos/$photo->id") ?>" title="<?= p::clean($photo->title) ?>"> + <a href="<?= url::site("photos/$photo->id") ?>" title="<?= html::clean($photo->title) ?>"> <img <?= photo::img_dimensions($photo->width, $photo->height, 72) ?> - src="<?= $photo->thumb_url() ?>" alt="<?= p::clean($photo->title) ?>" /> + src="<?= $photo->thumb_url() ?>" alt="<?= html::clean($photo->title) ?>" /> </a> </li> <? endforeach ?> diff --git a/modules/gallery/views/admin_block_welcome.html.php b/modules/gallery/views/admin_block_welcome.html.php index 38d2bd56..71ef4368 100644 --- a/modules/gallery/views/admin_block_welcome.html.php +++ b/modules/gallery/views/admin_block_welcome.html.php @@ -5,16 +5,16 @@ <ul> <li> <?= t("General Settings - choose your <a href=\"%graphics_url\">graphics</a> and <a href=\"%language_url\">language</a> settings.", - array("graphics_url" => url::site("admin/graphics"), - "language_url" => url::site("admin/languages"))) ?> + array("graphics_url" => html::mark_safe(url::site("admin/graphics")), + "language_url" => html::mark_safe(url::site("admin/languages")))) ?> </li> <li> <?= t("Appearance - <a href=\"%theme_url\">choose a theme</a>, or <a href=\"%theme_options_url\">customize the way it looks</a>.", - array("theme_url" => url::site("admin/themes"), - "theme_options_url" => url::site("admin/theme_options"))) ?> + array("theme_url" => html::mark_safe(url::site("admin/themes")), + "theme_options_url" => html::mark_safe(url::site("admin/theme_options")))) ?> </li> <li> <?= t("Customize - <a href=\"%modules_url\">install modules</a> to add cool features!", - array("modules_url" => url::site("admin/modules"))) ?> + array("modules_url" => html::mark_safe(url::site("admin/modules")))) ?> </li> </ul> diff --git a/modules/gallery/views/admin_languages.html.php b/modules/gallery/views/admin_languages.html.php index 4025437a..fa97d299 100644 --- a/modules/gallery/views/admin_languages.html.php +++ b/modules/gallery/views/admin_languages.html.php @@ -11,12 +11,11 @@ <tr> <th> <?= t("Installed") ?> </th> <th> <?= t("Language") ?> </th> - <th> <?= t("Default language") ?> </th> + <th> <?= t("Default language") ?> </th> </tr> <? $i = 0 ?> <? foreach ($available_locales as $code => $display_name): ?> - - <? if ($i == (count($available_locales)/2)): ?> + <? if ($i == (count($available_locales)/2)): ?> <table> <tr> <th> <?= t("Installed") ?> </th> @@ -24,24 +23,24 @@ <th> <?= t("Default language") ?> </th> </tr> <? endif ?> - + <tr class="<?= (isset($installed_locales[$code])) ? "installed" : "" ?><?= ($default_locale == $code) ? " default" : "" ?>"> <td> <?= form::checkbox("installed_locales[]", $code, isset($installed_locales[$code])) ?> </td> - <td> <?= $display_name ?> </td> - <td> - <?= form::radio("default_locale", $code, ($default_locale == $code), ((isset($installed_locales[$code]))?'':'disabled="disabled"') ) ?> - </td> + <td> <?= $display_name ?> </td> + <td> + <?= form::radio("default_locale", $code, ($default_locale == $code), ((isset($installed_locales[$code]))?'':'disabled="disabled"') ) ?> + </td> </tr> <? $i++ ?> - + <? endforeach ?> </table> - <input type="submit" value="<?= t("Update languages") ?>" /> + <input type="submit" value="<?= t("Update languages")->for_html_attr() ?>" /> </form> - - <script type="text/javascript"> - var old_default_locale = "<?= $default_locale ?>"; - + + <script type="text/javascript"> + var old_default_locale = <?= html::js_string($default_locale) ?>; + $("input[name='installed_locales[]']").change(function (event) { if (this.checked) { $("input[type='radio'][value='" + this.value + "']").enable(); @@ -57,7 +56,7 @@ dataType: "json", success: function(data) { if (data.result == "success") { - el = $('<a href="<?= url::site("admin/maintenance/start/gallery_task::update_l10n?csrf=$csrf") ?>"></a>'); // this is a little hack to trigger the update_l10n task in a dialog + el = $('<a href="' + <?= html::js_string(url::site("admin/maintenance/start/gallery_task::update_l10n?csrf=$csrf")) ?> + '"></a>'); // this is a little hack to trigger the update_l10n task in a dialog el.gallery_dialog(); el.trigger('click'); } @@ -68,33 +67,37 @@ <div id="gTranslations"> <h1> <?= t("Translations") ?> </h1> - <p> + <p> <?= t("Create your own translations and share them with the rest of the Gallery community.") ?> </p> - - <h3><?= t("Translating Gallery") ?></h3> - - <div class="gBlock"> - <a href="http://codex.gallery2.org/Gallery3:Localization" target="_blank" - class="gDocLink ui-state-default ui-corner-all ui-icon ui-icon-help" - title="<?= t("Localization documentation") ?>"> + + <h3><?= t("Translating Gallery") ?></h3> + + <div class="gBlock"> + <a href="http://codex.gallery2.org/Gallery3:Localization" target="_blank" + class="gDocLink ui-state-default ui-corner-all ui-icon ui-icon-help" + title="<?= t("Localization documentation")->for_html_attr() ?>"> <?= t("Localization documentation") ?> </a> - - <p><strong><?= t("Step 1") ?>:</strong> <?= t("Make sure the target language is installed and updated (check above).") ?></p> - - <p><strong><?= t("Step 2") ?>:</strong> <?= t("Make sure the target language is the active one (currently '").locales::display_name()."')." ?></p> - - <p><strong><?= t("Step 3") ?>:</strong> <?= t("Start the translation mode and the translation interface will appear at the bottom of each Gallery page.") ?></p> - - <a href="<?= url::site("l10n_client/toggle_l10n_mode?csrf=".access::csrf_token()) ?>" - class="gButtonLink ui-state-default ui-corner-all ui-icon-left"> - <span class="ui-icon ui-icon-power"></span> - <?= t((Session::instance()->get("l10n_mode", false)) ? "Stop translation mode" : "Start translation mode") ?> - </a> - </div> - - <h3>Sharing your translations</h3> - + + <p><?= t("<strong>Step 1:</strong> Make sure the target language is installed and up to date (check above).") ?></p> + + <p><?= t("<strong>Step 2:</strong> Make sure you have selected the right target language (currently %default_locale).", + array("default_locale" => locales::display_name())) ?></p> + + <p><?= t("<strong>Step 3:</strong> Start the translation mode and the translation interface will appear at the bottom of each Gallery page.") ?></p> + + <a href="<?= url::site("l10n_client/toggle_l10n_mode?csrf=".access::csrf_token()) ?>" + class="gButtonLink ui-state-default ui-corner-all ui-icon-left"> + <span class="ui-icon ui-icon-power"></span> + <? if (Session::instance()->get("l10n_mode", false)): ?> + <?= t("Stop translation mode") ?> + <? else: ?> + <?= t("Start translation mode") ?> + <? endif ?> + </a> +</div> + +<h3>Sharing your translations</h3> <?= $share_translations_form ?> </div> diff --git a/modules/gallery/views/admin_maintenance.html.php b/modules/gallery/views/admin_maintenance.html.php index 3649ea58..05bc0923 100644 --- a/modules/gallery/views/admin_maintenance.html.php +++ b/modules/gallery/views/admin_maintenance.html.php @@ -93,7 +93,7 @@ <?= $task->status ?> </td> <td> - <?= p::clean($task->owner()->name) ?> + <?= html::clean($task->owner()->name) ?> </td> <td> <? if ($task->state == "stalled"): ?> @@ -164,7 +164,7 @@ <?= $task->status ?> </td> <td> - <?= $task->owner()->name ?> + <?= html::clean($task->owner()->name) ?> </td> <td> <? if ($task->done): ?> diff --git a/modules/gallery/views/admin_maintenance_show_log.html.php b/modules/gallery/views/admin_maintenance_show_log.html.php index 9d850986..8ea1beb6 100644 --- a/modules/gallery/views/admin_maintenance_show_log.html.php +++ b/modules/gallery/views/admin_maintenance_show_log.html.php @@ -12,7 +12,7 @@ appendTo('body').submit().remove(); <div id="gTaskLogDialog"> <h1> <?= $task->name ?> </h1> <div class="gTaskLog"> - <pre><?= p::purify($task->get_log()) ?></pre> + <pre><?= html::purify($task->get_log()) ?></pre> </div> <button id="gCloseButton" class="ui-state-default ui-corner-all" onclick="dismiss()"><?= t("Close") ?></button> <button id="gSaveButton" class="ui-state-default ui-corner-all" onclick="download()"><?= t("Save") ?></button> diff --git a/modules/gallery/views/after_install.html.php b/modules/gallery/views/after_install.html.php index bfce46f0..b77a1707 100644 --- a/modules/gallery/views/after_install.html.php +++ b/modules/gallery/views/after_install.html.php @@ -8,7 +8,7 @@ </p> <p> - <?= t("You're logged in to the <b>%user_name</b> account. The very first thing you should do is to change your password to something that you'll remember.", array("user_name" => p::clean($user->name))) ?> + <?= t("You're logged in to the <b>%user_name</b> account. The very first thing you should do is to change your password to something that you'll remember.", array("user_name" => $user->name)) ?> </p> <p> diff --git a/modules/gallery/views/l10n_client.html.php b/modules/gallery/views/l10n_client.html.php index 6c440b68..c68a63c8 100644 --- a/modules/gallery/views/l10n_client.html.php +++ b/modules/gallery/views/l10n_client.html.php @@ -2,10 +2,10 @@ <div id="l10n-client" class="hidden"> <div class="labels"> <span id="l10n-client-toggler"> - <a id="gMinimizeL10n">_</a> - <a id="gCloseL10n" title="<?= t("Stop the translation mode") ?>" - href="<?= url::site("l10n_client/toggle_l10n_mode?csrf=".access::csrf_token()) ?>">X</a> - </span> + <a id="gMinimizeL10n">_</a> + <a id="gCloseL10n" title="<?= t("Stop the translation mode")->for_html_attr() ?>" + href="<?= html::clean_attribute(url::site("l10n_client/toggle_l10n_mode?csrf=".access::csrf_token())) ?>">X</a> + </span> <div class="label strings"><h2><?= t("Page Text") ?> <? if (!Input::instance()->get('show_all_l10n_messages')): ?> <a style="background-color:#fff" href="<?= url::site("admin/languages?show_all_l10n_messages=1") ?>"><?= t("(Show All)") ?></a> @@ -73,11 +73,11 @@ </div> </div> <script type="text/javascript"> - var MSG_TRANSLATE_TEXT = "<?= t("Translate Text") ?>"; - var MSG_CLOSE_X = "<?= t("X") ?>"; + var MSG_TRANSLATE_TEXT = <?= t("Translate Text")->for_js() ?>; + var MSG_CLOSE_X = <?= t("X")->for_js() ?>; var l10n_client_data = <?= json_encode($string_list) ?>; var plural_forms = <?= json_encode($plural_forms) ?>; - var toggle_l10n_mode_url = "<?= url::site("l10n_client/toggle_l10n_mode") ?>"; - var csrf = "<?= access::csrf_token() ?>"; + var toggle_l10n_mode_url = <?= html::js_string(url::site("l10n_client/toggle_l10n_mode")) ?>; + var csrf = <?= html::js_string(access::csrf_token()) ?>; </script> </div> diff --git a/modules/gallery/views/move_tree.html.php b/modules/gallery/views/move_tree.html.php index 5f70cf67..623f80ee 100644 --- a/modules/gallery/views/move_tree.html.php +++ b/modules/gallery/views/move_tree.html.php @@ -1,18 +1,18 @@ <?php defined("SYSPATH") or die("No direct script access.") ?> <?= $parent->thumb_img(array(), 25); ?> <? if (!access::can("edit", $parent) || $source->is_descendant($parent)): ?> -<a href="javascript:load_tree('<?= $parent->id ?>',1)"> <?= p::clean($parent->title) ?> <?= t("(locked)") ?> </a> +<a href="javascript:load_tree('<?= $parent->id ?>',1)"> <?= html::clean($parent->title) ?> <?= t("(locked)") ?> </a> <? else: ?> -<a href="javascript:load_tree('<?= $parent->id ?>',0)"> <?= p::clean($parent->title) ?></a> +<a href="javascript:load_tree('<?= $parent->id ?>',0)"> <?= html::clean($parent->title) ?></a> <? endif ?> <ul id="tree_<?= $parent->id ?>"> <? foreach ($children as $child): ?> <li id="node_<?= $child->id ?>" class="node"> <?= $child->thumb_img(array(), 25); ?> <? if (!access::can("edit", $child) || $source->is_descendant($child)): ?> - <a href="javascript:load_tree('<?= $child->id ?>',1)"> <?= p::clean($child->title) ?> <?= t("(locked)") ?></a> + <a href="javascript:load_tree('<?= $child->id ?>',1)"> <?= html::clean($child->title) ?> <?= t("(locked)") ?></a> <? else: ?> - <a href="javascript:load_tree('<?= $child->id ?>',0)"> <?= p::clean($child->title) ?> </a> + <a href="javascript:load_tree('<?= $child->id ?>',0)"> <?= html::clean($child->title) ?> </a> <? endif ?> </li> <? endforeach ?> diff --git a/modules/gallery/views/permissions_browse.html.php b/modules/gallery/views/permissions_browse.html.php index f990896c..231daa04 100644 --- a/modules/gallery/views/permissions_browse.html.php +++ b/modules/gallery/views/permissions_browse.html.php @@ -5,9 +5,9 @@ $.ajax({ url: form_url.replace("__ITEM__", id), success: function(data) { - $("#gEditPermissionForm").html(data); - $(".active").removeClass("active"); - $("#item-" + id).addClass("active"); + $("#gEditPermissionForm").html(data); + $(".active").removeClass("active"); + $("#item-" + id).addClass("active"); } }); } @@ -28,28 +28,29 @@ <? if (!$htaccess_works): ?> <ul id="gMessage"> <li class="gError"> - <?= t("Oh no! Your server needs a configuration change in order for you to hide photos! Ask your server administrator to enable <a %mod_rewrite_attrs>mod_rewrite</a> and set <a %apache_attrs><i>AllowOverride FileInfo Options</i></a> to fix this.", array("mod_rewrite_attrs" => "href=\"http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html\" target=\"_blank\"", "apache_attrs" => "href=\"http://httpd.apache.org/docs/2.0/mod/core.html#allowoverride\" target=\"_blank\"")) ?> + <?= t("Oh no! Your server needs a configuration change in order for you to hide photos! Ask your server administrator to enable <a %mod_rewrite_attrs>mod_rewrite</a> and set <a %apache_attrs><i>AllowOverride FileInfo Options</i></a> to fix this.", + array("mod_rewrite_attrs" => html::mark_safe("href=\"http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html\" target=\"_blank\"", "apache_attrs" => "href=\"http://httpd.apache.org/docs/2.0/mod/core.html#allowoverride\" target=\"_blank\""))) ?> </li> </ul> <? endif ?> - - <p>Edit permissions for album:</p> - + + <p><?= t("Edit permissions for album:") ?></p> + <ul class="gBreadcrumbs"> <? foreach ($parents as $parent): ?> <li id="item-<?= $parent->id ?>"> <a href="javascript:show(<?= $parent->id ?>)"> - <?= p::purify($parent->title) ?> + <?= html::purify($parent->title) ?> </a> </li> <? endforeach ?> <li class="active" id="item-<?= $item->id ?>"> <a href="javascript:show(<?= $item->id ?>)"> - <?= p::purify($item->title) ?></li> - </a> - </li> + <?= html::purify($item->title) ?> + </a> + </li> </ul> - + <div id="gEditPermissionForm"> <?= $form ?> </div> diff --git a/modules/gallery/views/permissions_form.html.php b/modules/gallery/views/permissions_form.html.php index ee5e3a24..e6b217c5 100644 --- a/modules/gallery/views/permissions_form.html.php +++ b/modules/gallery/views/permissions_form.html.php @@ -6,7 +6,7 @@ <tr> <th> </th> <? foreach ($groups as $group): ?> - <th> <?= p::clean($group->name) ?> </th> + <th> <?= html::clean($group->name) ?> </th> <? endforeach ?> </tr> diff --git a/modules/gallery/views/simple_uploader.html.php b/modules/gallery/views/simple_uploader.html.php index 29a0dfe8..9cf554ec 100644 --- a/modules/gallery/views/simple_uploader.html.php +++ b/modules/gallery/views/simple_uploader.html.php @@ -6,7 +6,7 @@ <!-- hack to set the title for the dialog --> <form id="gAddPhotosForm" action="<?= url::site("simple_uploader/finish?csrf=$csrf") ?>"> <fieldset> - <legend> <?= t("Add photos to %album_title", array("album_title" => p::purify($item->title))) ?> </legend> + <legend> <?= t("Add photos to %album_title", array("album_title" => html::purify($item->title))) ?> </legend> </fieldset> </form> @@ -26,9 +26,9 @@ </p> <ul class="gBreadcrumbs"> <? foreach ($item->parents() as $parent): ?> - <li> <?= p::clean($parent->title) ?> </li> + <li> <?= html::clean($parent->title) ?> </li> <? endforeach ?> - <li class="active"> <?= p::purify($item->title) ?> </li> + <li class="active"> <?= html::purify($item->title) ?> </li> </ul> <p> @@ -82,27 +82,26 @@ <script type="text/javascript"> var swfu = new SWFUpload({ - flash_url: "<?= url::file("lib/swfupload/swfupload.swf") ?>", - upload_url: "<?= url::site("simple_uploader/add_photo/$item->id") ?>", - post_params: { - "g3sid": "<?= Session::instance()->id() ?>", - "user_agent": "<?= Input::instance()->server("HTTP_USER_AGENT") ?>", - "csrf": "<?= $csrf ?>" - }, - file_size_limit: "<?= ini_get("upload_max_filesize") ? num::convert_to_bytes(ini_get("upload_max_filesize"))."B" : "100MB" ?>", + flash_url: <?= html::js_string(url::file("lib/swfupload/swfupload.swf")) ?>, + upload_url: <?= html::js_string(url::site("simple_uploader/add_photo/$item->id")) ?>, + post_params: <?= json_encode(array( + "g3sid" => Session::instance()->id(), + "user_agent" => Input::instance()->server("HTTP_USER_AGENT"), + "csrf" => $csrf)) ?>, + file_size_limit: <?= html::js_string(ini_get("upload_max_filesize") ? num::convert_to_bytes(ini_get("upload_max_filesize"))."B" : "100MB") ?>, file_types: "*.gif;*.jpg;*.jpeg;*.png;*.flv;*.mp4;*.GIF;*.JPG;*.JPEG;*.PNG;*.FLV;*.MP4", - file_types_description: "<?= t("Photos and Movies") ?>", + file_types_description: <?= t("Photos and Movies")->for_js() ?>, file_upload_limit: 1000, file_queue_limit: 0, custom_settings: { }, debug: false, // Button settings - button_image_url: "<?= url::file("themes/default/images/select-photos-backg.png") ?>", + button_image_url: <?= html::js_string(url::file("themes/default/images/select-photos-backg.png")) ?>, button_width: "202", button_height: "45", button_placeholder_id: "gChooseFilesButtonPlaceholder", - button_text: '<span class="swfUploadFont"><?= t("Select photos...") ?></span>', + button_text: <?= json_encode('<span class="swfUploadFont">' . t("Select photos...") . '</span>') ?>, button_text_style: ".swfUploadFont { color: #2E6E9E; font-size: 16px; font-family: Lucida Grande,Lucida Sans,Arial,sans-serif; font-weight: bold; }", button_text_left_padding: 30, button_text_top_padding: 10, @@ -146,13 +145,13 @@ function file_queued(file) { var fp = new File_Progress(file); fp.title.html(file.name); - fp.set_status("pending", "<?= t("Pending...") ?>"); + fp.set_status("pending", <?= t("Pending...")->for_js() ?>); // @todo add cancel button to call this.cancelUpload(file.id) } function file_queue_error(file, error_code, message) { if (error_code === SWFUpload.QUEUE_ERROR.QUEUE_LIMIT_EXCEEDED) { - alert("<?= t("You have attempted to queue too many files.") ?>"); + alert(<?= t("You have attempted to queue too many files.")->for_js() ?>); return; } @@ -160,20 +159,20 @@ switch (error_code) { case SWFUpload.QUEUE_ERROR.FILE_EXCEEDS_SIZE_LIMIT: fp.title.html(file.name); - fp.set_status("error", "<?= t("<strong>File is too big.</strong> A likely error source is a too low value for <em>upload_max_filesize</em> (%upload_max_filesize) in your <em>php.ini</em>.", array("upload_max_filesize" => ini_get("upload_max_filesize"))) ?>"); + fp.set_status("error", <?= t("<strong>File is too big.</strong> A likely error source is a too low value for <em>upload_max_filesize</em> (%upload_max_filesize) in your <em>php.ini</em>.", array("upload_max_filesize" => ini_get("upload_max_filesize")))->for_js() ?>); break; case SWFUpload.QUEUE_ERROR.ZERO_BYTE_FILE: fp.title.html(file.name); - fp.set_status("error", "<?= t("Cannot upload empty files.") ?>"); + fp.set_status("error", <?= t("Cannot upload empty files.")->for_js() ?>); break; case SWFUpload.QUEUE_ERROR.INVALID_FILETYPE: fp.title.html(file.name); - fp.set_status("error", "<?= t("Invalid file type.") ?>"); + fp.set_status("error", <?= t("Invalid file type.")->for_js() ?>); break; default: if (file !== null) { fp.title.html(file.name); - fp.set_status("error", "<?= t("Unknown error") ?>"); + fp.set_status("error", <?= t("Unknown error")->for_js() ?>); } break; } @@ -194,7 +193,7 @@ // no uploadProgress events are called (limitation in the Linux Flash VM). var fp = new File_Progress(file); fp.title.html(file.name); - fp.set_status("uploading", "<?= t("Uploading...") ?>"); + fp.set_status("uploading", <?= t("Uploading...")->for_js() ?>); $("#gAddPhotosCanvas").scrollTo(fp.box, 1000); return true; // @todo add cancel button to call this.cancelUpload(file.id) @@ -203,7 +202,7 @@ function upload_progress(file, bytes_loaded, bytes_total) { var percent = Math.ceil((bytes_loaded / bytes_total) * 100); var fp = new File_Progress(file); - fp.set_status("uploading", "<?= t("Uploading...") ?>"); + fp.set_status("uploading", <?= t("Uploading...")->for_js() ?>); fp.progress_bar.css("visibility", "visible"); fp.progress_bar.progressbar("value", percent); } @@ -211,42 +210,42 @@ function upload_success(file, serverData) { var fp = new File_Progress(file); fp.progress_bar.progressbar("value", 100); - fp.set_status("complete", "<?= t("Complete.") ?>"); + fp.set_status("complete", <?= t("Complete.")->for_js() ?>); } function upload_error(file, error_code, message) { var fp = new File_Progress(file); switch (error_code) { case SWFUpload.UPLOAD_ERROR.HTTP_ERROR: - fp.set_status("error", "<?= t("Upload error: bad image file") ?>"); + fp.set_status("error", <?= t("Upload error: bad image file")->for_js() ?>); break; case SWFUpload.UPLOAD_ERROR.UPLOAD_FAILED: - fp.set_status("error", "<?= t("Upload failed") ?>"); + fp.set_status("error", <?= t("Upload failed")->for_js() ?>); break; case SWFUpload.UPLOAD_ERROR.IO_ERROR: - fp.set_status("error", "<?= t("Server error") ?>"); + fp.set_status("error", <?= t("Server error")->for_js() ?>); break; case SWFUpload.UPLOAD_ERROR.SECURITY_ERROR: - fp.set_status("error", "<?= t("Security error") ?>"); + fp.set_status("error", <?= t("Security error")->for_js() ?>); break; case SWFUpload.UPLOAD_ERROR.UPLOAD_LIMIT_EXCEEDED: - fp.set_status("error", "<?= t("Upload limit exceeded") ?>"); + fp.set_status("error", <?= t("Upload limit exceeded")->for_js() ?>); break; case SWFUpload.UPLOAD_ERROR.FILE_VALIDATION_FAILED: - fp.set_status("error", "<?= t("Failed validation. File skipped") ?>"); + fp.set_status("error", <?= t("Failed validation. File skipped")->for_js() ?>); break; case SWFUpload.UPLOAD_ERROR.FILE_CANCELLED: // If there aren't any files left (they were all cancelled) disable the cancel button if (this.getStats().files_queued === 0) { $("#gUploadCancel").hide(); } - fp.set_status("error", "<?= t("Cancelled") ?>"); + fp.set_status("error", <?= t("Cancelled")->for_js() ?>); break; case SWFUpload.UPLOAD_ERROR.UPLOAD_STOPPED: - fp.set_status("error", "<?= t("Stopped") ?>"); + fp.set_status("error", <?= t("Stopped")->for_js() ?>); break; default: - fp.set_status("error", "<?= t("Unknown error: ") ?>" + error_code); + fp.set_status("error", <?= t("Unknown error: ")->for_js() ?> + error_code); break; } } @@ -260,7 +259,7 @@ } function get_completed_status_msg(stats) { - var msg = "<?= t("Upload Queue (completed %completed of %total)", array("completed" => "__COMPLETED__", "total" => "__TOTAL__")) ?>"; + var msg = <?= t("Upload Queue (completed %completed of %total)", array("completed" => "__COMPLETED__", "total" => "__TOTAL__"))->for_js() ?>; msg = msg.replace("__COMPLETED__", stats.successful_uploads); msg = msg.replace("__TOTAL__", stats.files_queued + stats.successful_uploads + stats.upload_errors + stats.upload_cancelled + stats.queue_errors); @@ -269,7 +268,7 @@ // This event comes from the Queue Plugin function queue_complete(num_files_uploaded) { - var status_msg = "<?= t("Uploaded: __COUNT__") ?>"; + var status_msg = <?= t("Uploaded: __COUNT__")->for_js() ?>; $("#gUploadStatus").html(status_msg.replace("__COUNT__", num_files_uploaded)); } </script> diff --git a/modules/gallery/views/upgrader.html.php b/modules/gallery/views/upgrader.html.php index 37578855..de6ce0e7 100644 --- a/modules/gallery/views/upgrader.html.php +++ b/modules/gallery/views/upgrader.html.php @@ -18,7 +18,7 @@ <h1> <?= t("That's it!") ?> </h1> <p> <?= t("Your <a href=\"%url\">Gallery</a> is up to date.", - array("url" => url::site("albums/1"))) ?> + array("url" => html::mark_safe(url::site("albums/1")))) ?> </p> </div> </div> diff --git a/modules/info/views/info_block.html.php b/modules/info/views/info_block.html.php index 3c668168..d8f36984 100644 --- a/modules/info/views/info_block.html.php +++ b/modules/info/views/info_block.html.php @@ -2,18 +2,18 @@ <ul class="gMetadata"> <li> <strong class="caption"><?= t("Title:") ?></strong> - <?= p::purify($item->title) ?> + <?= html::purify($item->title) ?> </li> <? if ($item->description): ?> <li> <strong class="caption"><?= t("Description:") ?></strong> - <?= nl2br(p::purify($item->description)) ?> + <?= nl2br(html::purify($item->description)) ?> </li> <? endif ?> <? if (!$item->is_album()): ?> <li> <strong class="caption"><?= t("File name:") ?></strong> - <?= p::clean($item->name) ?> + <?= html::clean($item->name) ?> </li> <? endif ?> <? if ($item->captured): ?> @@ -26,9 +26,9 @@ <li> <strong class="caption"><?= t("Owner:") ?></strong> <? if ($item->owner->url): ?> - <a href="<?= $item->owner->url ?>"><?= p::clean($item->owner->display_name()) ?></a> + <a href="<?= $item->owner->url ?>"><?= html::clean($item->owner->display_name()) ?></a> <? else: ?> - <?= p::clean($item->owner->display_name()) ?> + <?= html::clean($item->owner->display_name()) ?> <? endif ?> </li> <? endif ?> diff --git a/modules/notification/views/comment_published.html.php b/modules/notification/views/comment_published.html.php index 4a56cdad..e39e39c6 100644 --- a/modules/notification/views/comment_published.html.php +++ b/modules/notification/views/comment_published.html.php @@ -1,26 +1,26 @@ <?php defined("SYSPATH") or die("No direct script access.") ?> <html> <head> - <title><?= p::clean($subject) ?> </title> + <title><?= html::clean($subject) ?> </title> </head> <body> - <h2><?= p::clean($subject) ?></h2> + <h2><?= html::clean($subject) ?></h2> <table> <tr> <td><?= t("Comment:") ?></td> - <td><?= nl2br(p::purify($comment->text)) ?></td> + <td><?= nl2br(html::purify($comment->text)) ?></td> </tr> <tr> <td><?= t("Author Name:") ?></td> - <td><?= p::clean($comment->author_name()) ?></td> + <td><?= html::clean($comment->author_name()) ?></td> </tr> <tr> <td><?= t("Author Email:") ?></td> - <td><?= p::clean($comment->author_email()) ?></td> + <td><?= html::clean($comment->author_email()) ?></td> </tr> <tr> <td><?= t("Author URL:") ?></td> - <td><?= p::clean($comment->author_url()) ?></td> + <td><?= html::clean($comment->author_url()) ?></td> </tr> <tr> <td><?= t("Url:") ?></td> diff --git a/modules/notification/views/item_added.html.php b/modules/notification/views/item_added.html.php index 86724927..f697fea6 100644 --- a/modules/notification/views/item_added.html.php +++ b/modules/notification/views/item_added.html.php @@ -1,14 +1,14 @@ <?php defined("SYSPATH") or die("No direct script access.") ?> <html> <head> - <title><?= p::clean($subject) ?> </title> + <title><?= html::clean($subject) ?> </title> </head> <body> - <h2><?= p::clean($subject) ?></h2> + <h2><?= html::clean($subject) ?></h2> <table> <tr> <td><?= t("Title:") ?></td> - <td><?= p::purify($item->title) ?></td> + <td><?= html::purify($item->title) ?></td> </tr> <tr> <td><?= t("Url:") ?></td> @@ -21,7 +21,7 @@ <? if ($item->description): ?> <tr> <td><?= t("Description:") ?></td> - <td><?= nl2br(p::purify($item->description)) ?></td> + <td><?= nl2br(html::purify($item->description)) ?></td> </tr> <? endif ?> </table> diff --git a/modules/notification/views/item_deleted.html.php b/modules/notification/views/item_deleted.html.php index 92215211..a51782ff 100644 --- a/modules/notification/views/item_deleted.html.php +++ b/modules/notification/views/item_deleted.html.php @@ -1,15 +1,15 @@ <?php defined("SYSPATH") or die("No direct script access.") ?> <html> <head> - <title><?= p::clean($subject) ?> </title> + <title><?= html::clean($subject) ?> </title> </head> <body> - <h2><?= p::clean($subject) ?></h2> + <h2><?= html::clean($subject) ?></h2> <table> <tr> <td colspan="2"> <?= t("To view the changed album %title use the link below.", - array("title" => p::purify($item->parent()->title))) ?> + array("title" => html::purify($item->parent()->title))) ?> </td> </tr> <tr> diff --git a/modules/notification/views/item_updated.html.php b/modules/notification/views/item_updated.html.php index 39f9113b..ba03540a 100644 --- a/modules/notification/views/item_updated.html.php +++ b/modules/notification/views/item_updated.html.php @@ -1,18 +1,18 @@ <?php defined("SYSPATH") or die("No direct script access.") ?> <html> <head> - <title><?= p::clean($subject) ?> </title> + <title><?= html::clean($subject) ?> </title> </head> <body> - <h2> <?= p::clean($subject) ?> </h2> + <h2> <?= html::clean($subject) ?> </h2> <table> <tr> <? if ($item->original("title") != $item->title): ?> <td><?= t("New Title:") ?></td> - <td><?= p::clean($item->title) ?></td> + <td><?= html::clean($item->title) ?></td> <? else: ?> <td><?= t("Title:") ?></td> - <td><?= p::clean($item->title) ?></td> + <td><?= html::clean($item->title) ?></td> <? endif ?> </tr> <tr> @@ -22,12 +22,12 @@ <? if ($item->original("description") != $item->description): ?> <tr> <td><?= t("New Description:") ?></td> - <td><?= p::clean($item->description) ?></td> + <td><?= html::clean($item->description) ?></td> </tr> <? elseif (!empty($item->description)): ?> <tr> <td><?= t("Description:") ?></td> - <td><?= p::clean($item->description) ?></td> + <td><?= html::clean($item->description) ?></td> </tr> <? endif ?> </table> diff --git a/modules/organize/views/organize_dialog.html.php b/modules/organize/views/organize_dialog.html.php index 54f21178..cbc2e4f9 100644 --- a/modules/organize/views/organize_dialog.html.php +++ b/modules/organize/views/organize_dialog.html.php @@ -6,7 +6,7 @@ var tree_url = "<?= url::site("organize/tree/__ALBUM_ID__") ?>"; </script> <div id="gOrganize" class="gDialogPanel"> - <h1 style="display:none"><?= t("Organize %name", array("name" => p::purify($album->title))) ?></h1> + <h1 style="display:none"><?= t("Organize %name", array("name" => html::purify($album->title))) ?></h1> <div id="bd"> <div class="yui-gf"> <div class="yui-u first"> diff --git a/modules/organize/views/organize_tree.html.php b/modules/organize/views/organize_tree.html.php index 58621c3c..50c202b0 100644 --- a/modules/organize/views/organize_tree.html.php +++ b/modules/organize/views/organize_tree.html.php @@ -7,7 +7,7 @@ <?= $selected && $album->id == $selected->id ? "selected" : "" ?> " ref="<?= $album->id ?>"> - <?= p::clean($album->title) ?> + <?= html::clean($album->title) ?> </span> <ul> <? foreach ($album->children(null, 0, array("type" => "album")) as $child): ?> @@ -19,7 +19,7 @@ <span class="ui-icon ui-icon-plus"> </span> <span class="gOrganizeAlbumText" ref="<?= $child->id ?>"> - <?= p::clean($child->title) ?> + <?= html::clean($child->title) ?> </span> </li> <? endif ?> diff --git a/modules/recaptcha/helpers/recaptcha.php b/modules/recaptcha/helpers/recaptcha.php index 501dd972..5ac65661 100644 --- a/modules/recaptcha/helpers/recaptcha.php +++ b/modules/recaptcha/helpers/recaptcha.php @@ -43,7 +43,7 @@ class recaptcha_Core { if (empty($public_key) || empty($private_key)) { site_status::warning( t("reCAPTCHA is not quite ready! Please configure the <a href=\"%url\">reCAPTCHA Keys</a>", - array("url" => url::site("admin/recaptcha"))), + array("url" => html::mark_safe(url::site("admin/recaptcha")))), "recaptcha_config"); } else { site_status::clear("recaptcha_config"); diff --git a/modules/rss/views/feed.mrss.php b/modules/rss/views/feed.mrss.php index 447179a5..731703c7 100644 --- a/modules/rss/views/feed.mrss.php +++ b/modules/rss/views/feed.mrss.php @@ -6,9 +6,9 @@ xmlns:fh="http://purl.org/syndication/history/1.0"> <channel> <generator>gallery3</generator> - <title><?= p::clean($feed->title) ?></title> + <title><?= html::clean($feed->title) ?></title> <link><?= $feed->uri ?></link> - <description><?= p::clean($feed->description) ?></description> + <description><?= html::clean($feed->description) ?></description> <language>en-us</language> <atom:link rel="self" href="<?= $feed->uri ?>" type="application/rss+xml" /> <fh:complete/> @@ -22,25 +22,25 @@ <lastBuildDate><?= $pub_date ?></lastBuildDate> <? foreach ($feed->children as $child): ?> <item> - <title><?= p::clean($child->title) ?></title> + <title><?= html::clean($child->title) ?></title> <link><?= url::abs_site("{$child->type}s/{$child->id}") ?></link> <guid isPermaLink="true"><?= url::abs_site("{$child->type}s/{$child->id}") ?></guid> <pubDate><?= date("D, d M Y H:i:s T", $child->created); ?></pubDate> <content:encoded> <![CDATA[ - <span><?= p::clean($child->description) ?></span> + <span><?= html::clean($child->description) ?></span> <p> <? if ($child->type == "photo" || $child->type == "album"): ?> <img alt="" src="<?= $child->resize_url(true) ?>" - title="<?= p::clean($child->title) ?>" + title="<?= html::clean($child->title) ?>" height="<?= $child->resize_height ?>" width="<?= $child->resize_width ?>" /><br /> <? else: ?> <a href="<?= url::abs_site("{$child->type}s/{$child->id}") ?>"> <img alt="" src="<?= $child->thumb_url(true) ?>" - title="<?= p::clean($child->title) ?>" + title="<?= html::clean($child->title) ?>" height="<?= $child->thumb_height ?>" width="<?= $child->thumb_width ?>" /></a><br /> <? endif ?> - <?= p::clean($child->description) ?> + <?= html::clean($child->description) ?> </p> ]]> </content:encoded> diff --git a/modules/rss/views/rss_block.html.php b/modules/rss/views/rss_block.html.php index 39921d7d..737731b6 100644 --- a/modules/rss/views/rss_block.html.php +++ b/modules/rss/views/rss_block.html.php @@ -5,7 +5,7 @@ <span class="ui-icon-left"> <a href="<?= rss::url($url) ?>"> <span class="ui-icon ui-icon-signal-diag"></span> - <?= $title ?> + <?= html::purify($title) ?> </a> </span> </li> diff --git a/modules/search/helpers/search.php b/modules/search/helpers/search.php index 355c4493..5e23a04b 100644 --- a/modules/search/helpers/search.php +++ b/modules/search/helpers/search.php @@ -58,7 +58,7 @@ class search_Core { if ($remaining) { site_status::warning( t('Your search index needs to be updated. <a href="%url" class="gDialogLink">Fix this now</a>', - array("url" => url::site("admin/maintenance/start/search_task::update_index?csrf=__CSRF__"))), + array("url" => html::mark_safe(url::site("admin/maintenance/start/search_task::update_index?csrf=__CSRF__")))), "search_index_out_of_date"); } } diff --git a/modules/search/views/search.html.php b/modules/search/views/search.html.php index 6a222ef1..7963948d 100644 --- a/modules/search/views/search.html.php +++ b/modules/search/views/search.html.php @@ -8,10 +8,10 @@ <ul> <li> <label for="q"><?= t("Search the gallery") ?></label> - <input name="q" id="q" type="text" value="<?= p::clean($q) ?>"/> + <input name="q" id="q" type="text" value="<?= html::clean_attribute($q) ?>"/> </li> <li> - <input type="submit" value="<?= t("Search") ?>" /> + <input type="submit" value="<?= t("Search")->for_html_attr() ?>" /> </li> </ul> </fieldset> @@ -31,10 +31,10 @@ <a href="<?= url::site("items/$item->id") ?>"> <?= $item->thumb_img() ?> <p> - <?= p::purify($item->title) ?> + <?= html::purify($item->title) ?> </p> <div> - <?= nl2br(p::purify($item->description)) ?> + <?= nl2br(html::purify($item->description)) ?> </div> </a> </li> @@ -44,7 +44,7 @@ <? else: ?> <p> - <?= t("No results found for <b>%term</b>", array("term" => p::clean($q))) ?> + <?= t("No results found for <b>%term</b>", array("term" => $q)) ?> </p> <? endif; ?> diff --git a/modules/server_add/controllers/admin_server_add.php b/modules/server_add/controllers/admin_server_add.php index 30109f42..fac2aa44 100644 --- a/modules/server_add/controllers/admin_server_add.php +++ b/modules/server_add/controllers/admin_server_add.php @@ -38,7 +38,7 @@ class Admin_Server_Add_Controller extends Admin_Controller { $path = $form->add_path->path->value; $paths[$path] = 1; module::set_var("server_add", "authorized_paths", serialize($paths)); - message::success(t("Added path %path", array("path" => p::clean($path)))); + message::success(t("Added path %path", array("path" => $path))); server_add::check_config($paths); url::redirect("admin/server_add"); } else { @@ -60,7 +60,7 @@ class Admin_Server_Add_Controller extends Admin_Controller { $paths = unserialize(module::get_var("server_add", "authorized_paths")); if (isset($paths[$path])) { unset($paths[$path]); - message::success(t("Removed path %path", array("path" => p::clean($path)))); + message::success(t("Removed path %path", array("path" => $path))); module::set_var("server_add", "authorized_paths", serialize($paths)); server_add::check_config($paths); } diff --git a/modules/server_add/helpers/server_add.php b/modules/server_add/helpers/server_add.php index 74f51ad9..a84e1afd 100644 --- a/modules/server_add/helpers/server_add.php +++ b/modules/server_add/helpers/server_add.php @@ -25,7 +25,7 @@ class server_add_Core { if (empty($paths)) { site_status::warning( t("Server Add needs configuration. <a href=\"%url\">Configure it now!</a>", - array("url" => url::site("admin/server_add"))), + array("url" => html::mark_safe(url::site("admin/server_add")))), "server_add_configuration"); } else { site_status::clear("server_add_configuration"); diff --git a/modules/server_add/views/admin_server_add.html.php b/modules/server_add/views/admin_server_add.html.php index 30ab3536..b48a19da 100644 --- a/modules/server_add/views/admin_server_add.html.php +++ b/modules/server_add/views/admin_server_add.html.php @@ -11,12 +11,12 @@ <ul id="gPathList"> <? foreach ($paths as $id => $path): ?> <li class="ui-icon-left"> - <a href="<?= url::site("admin/server_add/remove_path?path=$path&csrf=$csrf") ?>" + <a href="<?= url::site("admin/server_add/remove_path?path=" . urlencode($path) . "&csrf=$csrf") ?>" id="icon_<?= $id?>" class="gRemoveDir ui-icon ui-icon-trash"> X </a> - <?= $path ?> + <?= html::clean($path) ?> </li> <? endforeach ?> </ul> diff --git a/modules/server_add/views/server_add_tree.html.php b/modules/server_add/views/server_add_tree.html.php index 254a9da0..dbae42c5 100644 --- a/modules/server_add/views/server_add_tree.html.php +++ b/modules/server_add/views/server_add_tree.html.php @@ -10,7 +10,7 @@ <li class="ui-icon-left"> <span class="ui-icon ui-icon-folder-open"></span> <span ondblclick="open_dir('<?= $dir ?>')"> - <?= basename($dir) ?> + <?= html::clean(basename($dir)) ?> </span> <ul> <? endforeach ?> @@ -22,9 +22,9 @@ <? if (is_dir($file)): ?> ondblclick="open_dir($(this).attr('file'))" <? endif ?> - file="<?= $file ?>" + file="<?= strtr($file, array('"' => '\\"')) ?>" > - <?= p::clean(basename($file)) ?> + <?= html::clean(basename($file)) ?> </span> </li> <? endforeach ?> diff --git a/modules/server_add/views/server_add_tree_dialog.html.php b/modules/server_add/views/server_add_tree_dialog.html.php index 431635f8..8eb6e4df 100644 --- a/modules/server_add/views/server_add_tree_dialog.html.php +++ b/modules/server_add/views/server_add_tree_dialog.html.php @@ -5,17 +5,17 @@ </script> <div id="gServerAdd"> - <h1 style="display: none;"><?= t("Add Photos to '%title'", array("title" => p::purify($item->title))) ?></h1> + <h1 style="display: none;"><?= t("Add Photos to '%title'", array("title" => html::purify($item->title))) ?></h1> <p id="gDescription"><?= t("Photos will be added to album:") ?></p> <ul class="gBreadcrumbs"> <? foreach ($item->parents() as $parent): ?> <li> - <?= p::purify($parent->title) ?> + <?= html::purify($parent->title) ?> </li> <? endforeach ?> <li class="active"> - <?= p::purify($item->title) ?> + <?= html::purify($item->title) ?> </li> </ul> diff --git a/modules/tag/controllers/admin_tags.php b/modules/tag/controllers/admin_tags.php index dcdc16b9..8b8dde21 100644 --- a/modules/tag/controllers/admin_tags.php +++ b/modules/tag/controllers/admin_tags.php @@ -53,8 +53,8 @@ class Admin_Tags_Controller extends Admin_Controller { $name = $tag->name; Database::instance()->delete("items_tags", array("tag_id" => "$tag->id")); $tag->delete(); - message::success(t("Deleted tag %tag_name", array("tag_name" => p::clean($name)))); - log::success("tags", t("Deleted tag %tag_name", array("tag_name" => p::clean($name)))); + message::success(t("Deleted tag %tag_name", array("tag_name" => $name))); + log::success("tags", t("Deleted tag %tag_name", array("tag_name" => $name))); print json_encode( array("result" => "success", @@ -98,7 +98,7 @@ class Admin_Tags_Controller extends Admin_Controller { $tag->save(); $message = t("Renamed tag %old_name to %new_name", - array("old_name" => p::clean($old_name), "new_name" => p::clean($tag->name))); + array("old_name" => $old_name, "new_name" => $tag->name)); message::success($message); log::success("tags", $message); @@ -106,7 +106,7 @@ class Admin_Tags_Controller extends Admin_Controller { array("result" => "success", "location" => url::site("admin/tags"), "tag_id" => $tag->id, - "new_tagname" => p::clean($tag->name))); + "new_tagname" => html::clean($tag->name))); } else { print json_encode( array("result" => "error", diff --git a/modules/tag/helpers/tag_rss.php b/modules/tag/helpers/tag_rss.php index f94508cf..7194586d 100644 --- a/modules/tag/helpers/tag_rss.php +++ b/modules/tag/helpers/tag_rss.php @@ -22,7 +22,7 @@ class tag_rss_Core { static function available_feeds($item, $tag) { if ($tag) { $feeds["tag/tag/{$tag->id}"] = - t("Tag feed for %tag_name", array("tag_name" => p::clean($tag->name))); + t("Tag feed for %tag_name", array("tag_name" => $tag->name)); return $feeds; } return array(); diff --git a/modules/tag/views/admin_tags.html.php b/modules/tag/views/admin_tags.html.php index 7d201da7..3d805c5e 100644 --- a/modules/tag/views/admin_tags.html.php +++ b/modules/tag/views/admin_tags.html.php @@ -32,7 +32,7 @@ <? $current_letter = strtoupper(mb_substr($tag->name, 0, 1)) ?> <? if ($i == 0): /* first letter */ ?> - <strong><?= $current_letter ?></strong> + <strong><?= html::clean($current_letter) ?></strong> <ul> <? elseif ($last_letter != $current_letter): /* new letter */ ?> <? if ($column_tag_count > $tags_per_column): /* new column */ ?> @@ -42,12 +42,12 @@ <? endif ?> </ul> - <strong><?= $current_letter ?></strong> + <strong><?= html::clean($current_letter) ?></strong> <ul> <? endif ?> <li> - <span id="gTag-<?= $tag->id ?>" class="gEditable tag-name"><?= p::clean($tag->name) ?></span> + <span id="gTag-<?= $tag->id ?>" class="gEditable tag-name"><?= html::clean($tag->name) ?></span> <span class="understate">(<?= $tag->count ?>)</span> <a href="<?= url::site("admin/tags/form_delete/$tag->id") ?>" class="gDialogLink delete-link gButtonLink"> diff --git a/modules/tag/views/tag_cloud.html.php b/modules/tag/views/tag_cloud.html.php index eba615fc..d6a0b5f8 100644 --- a/modules/tag/views/tag_cloud.html.php +++ b/modules/tag/views/tag_cloud.html.php @@ -3,7 +3,7 @@ <? foreach ($tags as $tag): ?> <li class="size<?=(int)(($tag->count / $max_count) * 7) ?>"> <span><?= $tag->count ?> photos are tagged with </span> - <a href="<?= url::site("tags/$tag->id") ?>"><?= p::clean($tag->name) ?></a> + <a href="<?= url::site("tags/$tag->id") ?>"><?= html::clean($tag->name) ?></a> </li> <? endforeach ?> </ul> diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php index f87602b8..521f82fa 100644 --- a/modules/user/controllers/admin_users.php +++ b/modules/user/controllers/admin_users.php @@ -51,7 +51,7 @@ class Admin_Users_Controller extends Controller { $user->save(); module::event("user_add_form_admin_completed", $user, $form); - message::success(t("Created user %user_name", array("user_name" => p::clean($user->name)))); + message::success(t("Created user %user_name", array("user_name" => $user->name))); print json_encode(array("result" => "success")); } else { print json_encode(array("result" => "error", @@ -84,7 +84,7 @@ class Admin_Users_Controller extends Controller { "form" => $form->__toString())); } - $message = t("Deleted user %user_name", array("user_name" => p::clean($name))); + $message = t("Deleted user %user_name", array("user_name" => $name)); log::success("user", $message); message::success($message); print json_encode(array("result" => "success")); @@ -142,7 +142,7 @@ class Admin_Users_Controller extends Controller { $user->save(); module::event("user_edit_form_admin_completed", $user, $form); - message::success(t("Changed user %user_name", array("user_name" => p::clean($user->name)))); + message::success(t("Changed user %user_name", array("user_name" => $user->name))); print json_encode(array("result" => "success")); } else { print json_encode(array("result" => "error", @@ -204,7 +204,7 @@ class Admin_Users_Controller extends Controller { $group = group::create($new_name); $group->save(); message::success( - t("Created group %group_name", array("group_name" => p::clean($group->name)))); + t("Created group %group_name", array("group_name" => $group->name))); print json_encode(array("result" => "success")); } else { print json_encode(array("result" => "error", @@ -233,7 +233,7 @@ class Admin_Users_Controller extends Controller { "form" => $form->__toString())); } - $message = t("Deleted group %group_name", array("group_name" => p::clean($name))); + $message = t("Deleted group %group_name", array("group_name" => $name)); log::success("group", $message); message::success($message); print json_encode(array("result" => "success")); @@ -271,11 +271,11 @@ class Admin_Users_Controller extends Controller { $group->name = $form->edit_group->inputs["name"]->value; $group->save(); message::success( - t("Changed group %group_name", array("group_name" => p::clean($group->name)))); + t("Changed group %group_name", array("group_name" => $group->name))); print json_encode(array("result" => "success")); } else { message::error( - t("Failed to change group %group_name", array("group_name" => p::clean($group->name)))); + t("Failed to change group %group_name", array("group_name" => $group->name))); print json_encode(array("result" => "error", "form" => $form->__toString())); } diff --git a/modules/user/controllers/login.php b/modules/user/controllers/login.php index 4d901051..b81b17b2 100644 --- a/modules/user/controllers/login.php +++ b/modules/user/controllers/login.php @@ -63,7 +63,7 @@ class Login_Controller extends Controller { log::warning( "user", t("Failed login for %name", - array("name" => p::clean($form->login->inputs["name"]->value)))); + array("name" => $form->login->inputs["name"]->value))); $form->login->inputs["name"]->add_error("invalid_login", 1); $valid = false; } @@ -71,7 +71,7 @@ class Login_Controller extends Controller { if ($valid) { user::login($user); - log::info("user", t("User %name logged in", array("name" => p::clean($user->name)))); + log::info("user", t("User %name logged in", array("name" => $user->name))); } // Either way, regenerate the session id to avoid session trapping diff --git a/modules/user/controllers/logout.php b/modules/user/controllers/logout.php index 099b1952..fc3ced56 100644 --- a/modules/user/controllers/logout.php +++ b/modules/user/controllers/logout.php @@ -23,8 +23,8 @@ class Logout_Controller extends Controller { $user = user::active(); user::logout(); - log::info("user", t("User %name logged out", array("name" => p::clean($user->name))), - html::anchor("user/$user->id", p::clean($user->name))); + log::info("user", t("User %name logged out", array("name" => $user->name)), + html::anchor("user/$user->id", html::clean($user->name))); if ($continue_url = $this->input->get("continue")) { $item = url::get_item_from_uri($continue_url); if (access::can("view", $item)) { diff --git a/modules/user/controllers/password.php b/modules/user/controllers/password.php index 7c432701..a6522369 100644 --- a/modules/user/controllers/password.php +++ b/modules/user/controllers/password.php @@ -72,7 +72,7 @@ class Password_Controller extends Controller { log::success( "user", - t("Password reset email sent for user %name", array("name" => p::clean($user->name)))); + t("Password reset email sent for user %name", array("name" => $user->name))); } else { // Don't include the username here until you're sure that it's XSS safe log::warning( diff --git a/modules/user/views/admin_users.html.php b/modules/user/views/admin_users.html.php index 9bd4c068..9455f9d9 100644 --- a/modules/user/views/admin_users.html.php +++ b/modules/user/views/admin_users.html.php @@ -68,16 +68,16 @@ <td id="user-<?= $user->id ?>" class="core-info gDraggable"> <img src="<?= $user->avatar_url(20, $theme->url("images/avatar.jpg", true)) ?>" title="<?= t("Drag user onto group below to add as a new member") ?>" - alt="<?= p::clean($user->name) ?>" + alt="<?= html::clean($user->name) ?>" width="20" height="20" /> - <?= p::clean($user->name) ?> + <?= html::clean($user->name) ?> </td> <td> - <?= p::clean($user->full_name) ?> + <?= html::clean($user->full_name) ?> </td> <td> - <?= p::clean($user->email) ?> + <?= html::clean($user->email) ?> </td> <td> <?= ($user->last_login == 0) ? "" : gallery::date($user->last_login) ?> diff --git a/modules/user/views/admin_users_group.html.php b/modules/user/views/admin_users_group.html.php index bfd79dba..8418ebc9 100644 --- a/modules/user/views/admin_users_group.html.php +++ b/modules/user/views/admin_users_group.html.php @@ -1,9 +1,9 @@ <?php defined("SYSPATH") or die("No direct script access.") ?> <h4> - <?= p::clean($group->name) ?> + <?= html::clean($group->name) ?> <? if (!$group->special): ?> <a href="<?= url::site("admin/users/delete_group_form/$group->id") ?>" - title="<?= t("Delete the %name group", array("name" => p::clean($group->name))) ?>" + title="<?= t("Delete the %name group", array("name" => $group->name)) ?>" class="gDialogLink gButtonLink ui-state-default ui-corner-all"> <span class="ui-icon ui-icon-trash"><?= t("delete") ?></span></a> <? else: ?> @@ -17,12 +17,12 @@ <ul> <? foreach ($group->users as $i => $user): ?> <li class="gUser"> - <?= p::clean($user->name) ?> + <?= html::clean($user->name) ?> <? if (!$group->special): ?> <a href="javascript:remove_user(<?= $user->id ?>, <?= $group->id ?>)" class="gButtonLink ui-state-default ui-corner-all ui-icon-left" title="<?= t("Remove %user from %group group", - array("user" => p::clean($user->name), "group" => p::clean($group->name))) ?>"> + array("user" => $user->name, "group" => $group->name)) ?>"> <span class="ui-icon ui-icon-closethick"><?= t("remove") ?></span> </a> <? endif ?> diff --git a/modules/user/views/login.html.php b/modules/user/views/login.html.php index 10ed31b2..dfd09661 100644 --- a/modules/user/views/login.html.php +++ b/modules/user/views/login.html.php @@ -8,11 +8,11 @@ </li> <? else: ?> <li class="first"> - <?= t('Logged in as %name', array('name' => - '<a href="' . url::site("form/edit/users/{$user->id}") . - '" title="' . t("Edit Your Profile") . + <?= t('Logged in as %name', array('name' => html::mark_safe( + '<a href="' . url::site("form/edit/users/{$user->id}") . + '" title="' . t("Edit Your Profile")->for_html_attr() . '" id="gUserProfileLink" class="gDialogLink">' . - p::clean($user->display_name()) . '</a>')) ?> + html::clean($user->display_name()) . '</a>'))) ?> </li> <li> <a href="<?= url::site("logout?csrf=$csrf&continue=" . urlencode(url::current(true))) ?>" diff --git a/modules/user/views/reset_password.html.php b/modules/user/views/reset_password.html.php index 4c4672ee..4097bb82 100644 --- a/modules/user/views/reset_password.html.php +++ b/modules/user/views/reset_password.html.php @@ -6,10 +6,12 @@ <body> <h2><?= t("Password Reset Request") ?> </h2> <p> - <?= t("Hello, %name,", array("name" => p::clean($user->full_name ? $user->full_name : $user->name))) ?> + <?= t("Hello, %name,", array("name" => $user->full_name ? $user->full_name : $user->name)) ?> </p> <p> - <?= t("We received a request to reset your password for <a href=\"%site_url\">%site_url</a>. If you made this request, you can confirm it by <a href=\"%confirm_url\">clicking this link</a>. If you didn't request this password reset, it's ok to ignore this mail.", array("site_url" => url::base(false, "http"), "confirm_url" => $confirm_url)) ?> + <?= t("We received a request to reset your password for <a href=\"%site_url\">%site_url</a>. If you made this request, you can confirm it by <a href=\"%confirm_url\">clicking this link</a>. If you didn't request this password reset, it's ok to ignore this mail.", + array("site_url" => html::mark_safe(url::base(false, "http")), + "confirm_url" => $confirm_url)) ?> </p> </body> </html> diff --git a/themes/admin_default/views/admin.html.php b/themes/admin_default/views/admin.html.php index 3f4128cb..3b1ff92c 100644 --- a/themes/admin_default/views/admin.html.php +++ b/themes/admin_default/views/admin.html.php @@ -23,7 +23,7 @@ <?= $theme->script("gallery.common.js") ?> <? /* MSG_CANCEL is required by gallery.dialog.js */ ?> <script type="text/javascript"> - var MSG_CANCEL = "<?= t('Cancel') ?>"; + var MSG_CANCEL = <?= t('Cancel')->for_js() ?>; </script> <?= $theme->script("gallery.ajax.js") ?> <?= $theme->script("gallery.dialog.js") ?> diff --git a/themes/default/views/album.html.php b/themes/default/views/album.html.php index e2890482..caabeee3 100644 --- a/themes/default/views/album.html.php +++ b/themes/default/views/album.html.php @@ -2,8 +2,8 @@ <? // @todo Set hover on AlbumGrid list items for guest users ?> <div id="gInfo"> <?= $theme->album_top() ?> - <h1><?= p::purify($item->title) ?></h1> - <div class="gDescription"><?= nl2br(p::purify($item->description)) ?></div> + <h1><?= html::purify($item->title) ?></h1> + <div class="gDescription"><?= nl2br(html::purify($item->description)) ?></div> </div> <ul id="gAlbumGrid"> @@ -20,7 +20,7 @@ </a> <?= $theme->thumb_bottom($child) ?> <?= $theme->context_menu($child, "#gItemId-{$child->id} .gThumbnail") ?> - <h2><span></span><a href="<?= $child->url() ?>"><?= p::clean($child->title) ?></a></h2> + <h2><span></span><a href="<?= $child->url() ?>"><?= html::clean($child->title) ?></a></h2> <ul class="gMetadata"> <?= $theme->thumb_info($child) ?> </ul> diff --git a/themes/default/views/dynamic.html.php b/themes/default/views/dynamic.html.php index 2d122e69..9ed9d69b 100644 --- a/themes/default/views/dynamic.html.php +++ b/themes/default/views/dynamic.html.php @@ -3,7 +3,7 @@ <div id="gAlbumHeaderButtons"> <?= $theme->dynamic_top() ?> </div> - <h1><?= p::clean($title) ?></h1> + <h1><?= html::clean($title) ?></h1> </div> <ul id="gAlbumGrid"> @@ -16,7 +16,7 @@ width="<?= $child->thumb_width ?>" height="<?= $child->thumb_height ?>" /> </a> - <h2><?= p::purify($child->title) ?></h2> + <h2><?= html::purify($child->title) ?></h2> <?= $theme->thumb_bottom($child) ?> <ul class="gMetadata"> <?= $theme->thumb_info($child) ?> diff --git a/themes/default/views/header.html.php b/themes/default/views/header.html.php index 2ba1e923..dcfa6fd8 100644 --- a/themes/default/views/header.html.php +++ b/themes/default/views/header.html.php @@ -19,10 +19,10 @@ <? foreach ($parents as $parent): ?> <li> <a href="<?= url::site("albums/{$parent->id}?show=$item->id") ?>"> - <?= p::purify($parent->title) ?> + <?= html::purify($parent->title) ?> </a> </li> <? endforeach ?> - <li class="active"><?= p::purify($item->title) ?></li> + <li class="active"><?= html::purify($item->title) ?></li> </ul> <? endif ?> diff --git a/themes/default/views/movie.html.php b/themes/default/views/movie.html.php index 29789f8e..910814dd 100644 --- a/themes/default/views/movie.html.php +++ b/themes/default/views/movie.html.php @@ -28,8 +28,8 @@ <?= $item->movie_img(array("class" => "gMovie", "id" => "gMovieId-{$item->id}")) ?> <div id="gInfo"> - <h1><?= p::purify($item->title) ?></h1> - <div><?= nl2br(p::purify($item->description)) ?></div> + <h1><?= html::purify($item->title) ?></h1> + <div><?= nl2br(html::purify($item->description)) ?></div> </div> <?= $theme->photo_bottom() ?> diff --git a/themes/default/views/page.html.php b/themes/default/views/page.html.php index 2cb71b9e..2696442b 100644 --- a/themes/default/views/page.html.php +++ b/themes/default/views/page.html.php @@ -10,14 +10,14 @@ <? else: ?> <? if ($theme->item()): ?> <? if ($theme->item()->is_album()): ?> - <?= t("Browse Album :: %album_title", array("album_title" => p::clean($theme->item()->title))) ?> + <?= t("Browse Album :: %album_title", array("album_title" => $theme->item()->title)) ?> <? elseif ($theme->item()->is_photo()): ?> - <?= t("Photo :: %photo_title", array("photo_title" => p::clean($theme->item()->title))) ?> + <?= t("Photo :: %photo_title", array("photo_title" => $theme->item()->title)) ?> <? else: ?> - <?= t("Movie :: %movie_title", array("movie_title" => p::clean($theme->item()->title))) ?> + <?= t("Movie :: %movie_title", array("movie_title" => $theme->item()->title)) ?> <? endif ?> <? elseif ($theme->tag()): ?> - <?= t("Browse Tag :: %tag_title", array("tag_title" => p::clean($theme->tag()->name))) ?> + <?= t("Browse Tag :: %tag_title", array("tag_title" => $theme->tag()->name)) ?> <? else: /* Not an item, not a tag, no page_title specified. Help! */ ?> <?= t("Gallery") ?> <? endif ?> @@ -51,7 +51,7 @@ <?= $theme->script("gallery.common.js") ?> <? /* MSG_CANCEL is required by gallery.dialog.js */ ?> <script type="text/javascript"> - var MSG_CANCEL = "<?= t('Cancel') ?>"; + var MSG_CANCEL = <?= t('Cancel')->for_js() ?>; </script> <?= $theme->script("gallery.ajax.js") ?> <?= $theme->script("gallery.dialog.js") ?> diff --git a/themes/default/views/photo.html.php b/themes/default/views/photo.html.php index 39e61ef6..5289b467 100644 --- a/themes/default/views/photo.html.php +++ b/themes/default/views/photo.html.php @@ -5,7 +5,7 @@ <script> $(document).ready(function() { $(".gFullSizeLink").click(function() { - $.gallery_show_full_size("<?= $theme->item()->file_url() ?>", "<?= $theme->item()->width ?>", "<?= $theme->item()->height ?>"); + $.gallery_show_full_size(<?= html::js_string($theme->item()->file_url()) ?>, "<?= $theme->item()->width ?>", "<?= $theme->item()->height ?>"); return false; }); }); @@ -51,8 +51,8 @@ </div> <div id="gInfo"> - <h1><?= p::purify($item->title) ?></h1> - <div><?= nl2br(p::purify($item->description)) ?></div> + <h1><?= html::purify($item->title) ?></h1> + <div><?= nl2br(html::purify($item->description)) ?></div> </div> <?= $theme->photo_bottom() ?> |