8 files changed, 31 insertions, 18 deletions

diff --git a/modules/gallery/controllers/admin_advanced_settings.php b/modules/gallery/controllers/admin_advanced_settings.php
index 79bc1183..64007fdb 100644
--- a/modules/gallery/controllers/admin_advanced_settings.php
+++ b/modules/gallery/controllers/admin_advanced_settings.php
@@ -46,7 +46,7 @@ class Admin_Advanced_Settings_Controller extends Admin_Controller {
     module::set_var($module_name, $var_name, Input::instance()->post("value"));
     message::success(
       t("Saved value for %var (%module_name)",
-        array("var" => $var_name, "module_name" => $module_name)));
+        array("var" => p::clean($var_name), "module_name" => $module_name)));
 
     print json_encode(array("result" => "success"));
   }
diff --git a/modules/gallery/controllers/admin_modules.php b/modules/gallery/controllers/admin_modules.php
index ed1f7665..af6dbbdc 100644
--- a/modules/gallery/controllers/admin_modules.php
+++ b/modules/gallery/controllers/admin_modules.php
@@ -40,11 +40,11 @@ class Admin_Modules_Controller extends Admin_Controller {
       $desired = $this->input->post($module_name) == 1;
       if ($info->active && !$desired && module::is_active($module_name)) {
         $changes->deactivate[] = $module_name;
-        $deactivated_names[] = $info->name;
+        $deactivated_names[] = t($info->name);
         module::deactivate($module_name);
       } else if (!$info->active && $desired && !module::is_active($module_name)) {
         $changes->activate[] = $module_name;
-        $activated_names[] = $info->name;
+        $activated_names[] = t($info->name);
         if (module::is_installed($module_name)) {
           module::upgrade($module_name);
         } else {
@@ -56,7 +56,7 @@ class Admin_Modules_Controller extends Admin_Controller {
 
     module::event("module_change", $changes);
 
-    // @todo this type of collation is questionable from a i18n perspective
+    // @todo this type of collation is questionable from an i18n perspective
     if ($activated_names) {
       message::success(t("Activated: %names", array("names" => join(", ", $activated_names))));
     }
diff --git a/modules/gallery/controllers/admin_themes.php b/modules/gallery/controllers/admin_themes.php
index 538e5c8d..da001c55 100644
--- a/modules/gallery/controllers/admin_themes.php
+++ b/modules/gallery/controllers/admin_themes.php
@@ -69,11 +69,11 @@ class Admin_Themes_Controller extends Admin_Controller {
     if ($type == "admin" && $info->admin) {
       module::set_var("gallery", "active_admin_theme", $theme_name);
       message::success(t("Successfully changed your admin theme to <b>%theme_name</b>",
-                         array("theme_name" => $info->name)));
+                         array("theme_name" => t($info->name))));
     } else if ($type == "site" && $info->site) {
       module::set_var("gallery", "active_site_theme", $theme_name);
       message::success(t("Successfully changed your Gallery theme to <b>%theme_name</b>",
-                         array("theme_name" => $info->name)));
+                         array("theme_name" => t($info->name))));
     }
 
     url::redirect("admin/themes");
diff --git a/modules/gallery/controllers/albums.php b/modules/gallery/controllers/albums.php
index 22f50fb8..d141d157 100644
--- a/modules/gallery/controllers/albums.php
+++ b/modules/gallery/controllers/albums.php
@@ -111,7 +111,8 @@ class Albums_Controller extends Items_Controller {
 
       log::success("content", "Created an album",
                html::anchor("albums/$new_album->id", "view album"));
-      message::success(t("Created album %album_title", array("album_title" => $new_album->title)));
+      message::success(
+        t("Created album %album_title", array("album_title" => p::clean($new_album->title))));
 
       print json_encode(
         array("result" => "success",
@@ -143,7 +144,8 @@ class Albums_Controller extends Items_Controller {
         user::active()->id);
 
       log::success("content", "Added a photo", html::anchor("photos/$photo->id", "view photo"));
-      message::success(t("Added photo %photo_title", array("photo_title" => $photo->title)));
+      message::success(
+        t("Added photo %photo_title", array("photo_title" => p::clean($photo->title))));
 
       print json_encode(
         array("result" => "success",
@@ -197,7 +199,8 @@ class Albums_Controller extends Items_Controller {
       module::event("item_updated", $orig, $album);
 
       log::success("content", "Updated album", "<a href=\"albums/$album->id\">view</a>");
-      message::success(t("Saved album %album_title", array("album_title" => $album->title)));
+      message::success(
+        t("Saved album %album_title", array("album_title" => p::clean($album->title))));
 
       print json_encode(
         array("result" => "success",
diff --git a/modules/gallery/controllers/movies.php b/modules/gallery/controllers/movies.php
index d8cca825..30a5d78c 100644
--- a/modules/gallery/controllers/movies.php
+++ b/modules/gallery/controllers/movies.php
@@ -94,7 +94,8 @@ class Movies_Controller extends Items_Controller {
       module::event("item_updated", $orig, $photo);
 
       log::success("content", "Updated photo", "<a href=\"photos/$photo->id\">view</a>");
-      message::success(t("Saved photo %photo_title", array("photo_title" => $photo->title)));
+      message::success(
+        t("Saved photo %photo_title", array("photo_title" => p::clean($photo->title))));
 
       print json_encode(
         array("result" => "success",
diff --git a/modules/gallery/controllers/photos.php b/modules/gallery/controllers/photos.php
index f5be5d59..6a62e859 100644
--- a/modules/gallery/controllers/photos.php
+++ b/modules/gallery/controllers/photos.php
@@ -87,7 +87,8 @@ class Photos_Controller extends Items_Controller {
       module::event("item_updated", $orig, $photo);
 
       log::success("content", "Updated photo", "<a href=\"photos/$photo->id\">view</a>");
-      message::success(t("Saved photo %photo_title", array("photo_title" => $photo->title)));
+      message::success(
+        t("Saved photo %photo_title", array("photo_title" => p::clean($photo->title))));
 
       print json_encode(
         array("result" => "success",
diff --git a/modules/gallery/controllers/quick.php b/modules/gallery/controllers/quick.php
index e89d9701..5d3d8885 100644
--- a/modules/gallery/controllers/quick.php
+++ b/modules/gallery/controllers/quick.php
@@ -89,7 +89,7 @@ class Quick_Controller extends Controller {
     access::required("view", $item->parent());
     access::required("edit", $item->parent());
 
-    $msg = t("Made <b>%title</b> this album's cover", array("title" => $item->title));
+    $msg = t("Made <b>%title</b> this album's cover", array("title" => p::clean($item->title)));
 
     item::make_album_cover($item);
     message::success($msg);
@@ -105,9 +105,10 @@ class Quick_Controller extends Controller {
     if ($item->is_album()) {
       print t(
         "Delete the album <b>%title</b>? All photos and movies in the album will also be deleted.",
-        array("title" => $item->title));
+        array("title" => p::clean($item->title)));
     } else {
-      print t("Are you sure you want to delete <b>%title</b>?", array("title" => $item->title));
+      print t("Are you sure you want to delete <b>%title</b>?",
+              array("title" => p::clean($item->title)));
     }
 
     $form = item::get_delete_form($item);
@@ -121,9 +122,9 @@ class Quick_Controller extends Controller {
     access::required("edit", $item);
 
     if ($item->is_album()) {
-      $msg = t("Deleted album <b>%title</b>", array("title" => $item->title));
+      $msg = t("Deleted album <b>%title</b>", array("title" => p::clean($item->title)));
     } else {
-      $msg = t("Deleted photo <b>%title</b>", array("title" => $item->title));
+      $msg = t("Deleted photo <b>%title</b>", array("title" => p::clean($item->title)));
     }
 
     $item->delete();
diff --git a/modules/gallery/controllers/upgrader.php b/modules/gallery/controllers/upgrader.php
index 91952fa9..0f6cbc2c 100644
--- a/modules/gallery/controllers/upgrader.php
+++ b/modules/gallery/controllers/upgrader.php
@@ -32,11 +32,18 @@ class Upgrader_Controller extends Controller {
       @unlink(TMPPATH . $upgrade_token);
     }
 
+    $available_upgrades = 0;
+    foreach (module::available() as $module) {
+      if ($module->version && $module->version != $module->code_version) {
+        $available_upgrades++;
+      }
+    }
+
     $view = new View("upgrader.html");
     $view->can_upgrade = user::active()->admin || $session->get("can_upgrade");
     $view->upgrade_token = $upgrade_token;
     $view->available = module::available();
-    $view->done = Input::instance()->get("done");
+    $view->done = ($available_upgrades == 0);
     print $view;
   }
 
@@ -67,7 +74,7 @@ class Upgrader_Controller extends Controller {
     if (php_sapi_name() == "cli") {
       print "Upgrade complete\n";
     } else {
-      url::redirect("upgrader?done=1");
+      url::redirect("upgrader");
     }
   }
 }