7 files changed, 38 insertions, 20 deletions

diff --git a/modules/gallery/controllers/albums.php b/modules/gallery/controllers/albums.php
index 56b74cb1..4fefd3a1 100644
--- a/modules/gallery/controllers/albums.php
+++ b/modules/gallery/controllers/albums.php
@@ -166,7 +166,8 @@ class Albums_Controller extends Items_Controller {
     access::required("view", $album);
     access::required("edit", $album);
 
-    $form = album::get_edit_form($album);
+    $view = album::get_edit_form($album);
+    $form = $view->form;
     if ($valid = $form->validate()) {
       // Make sure that there's not a conflict
       if ($album->id != 1 &&
@@ -202,7 +203,7 @@ class Albums_Controller extends Items_Controller {
     } else {
       print json_encode(
         array("result" => "error",
-              "form" => $form->__toString()));
+              "form" => $view->__toString()));
     }
   }
 
diff --git a/modules/gallery/controllers/movies.php b/modules/gallery/controllers/movies.php
index c8227d74..1391c4b4 100644
--- a/modules/gallery/controllers/movies.php
+++ b/modules/gallery/controllers/movies.php
@@ -70,7 +70,8 @@ class Movies_Controller extends Items_Controller {
     access::required("view", $photo);
     access::required("edit", $photo);
 
-    $form = photo::get_edit_form($photo);
+    $view = photo::get_edit_form($photo);
+    $form = $view->form;
     if ($valid = $form->validate()) {
       // Make sure that there's not a conflict
       if (Database::instance()
@@ -101,7 +102,7 @@ class Movies_Controller extends Items_Controller {
     } else {
       print json_encode(
         array("result" => "error",
-              "form" => $form->__toString()));
+              "form" => $view->__toString()));
     }
   }
 
diff --git a/modules/gallery/controllers/photos.php b/modules/gallery/controllers/photos.php
index 8ee24da8..9d9b25a1 100644
--- a/modules/gallery/controllers/photos.php
+++ b/modules/gallery/controllers/photos.php
@@ -61,7 +61,8 @@ class Photos_Controller extends Items_Controller {
     access::required("view", $photo);
     access::required("edit", $photo);
 
-    $form = photo::get_edit_form($photo);
+    $view = photo::get_edit_form($photo);
+    $form = $view->form;
     if ($valid = $form->validate()) {
       if ($form->edit_item->filename->value != $photo->name) {
         // Make sure that there's not a conflict
@@ -94,7 +95,7 @@ class Photos_Controller extends Items_Controller {
     } else {
       print json_encode(
         array("result" => "error",
-              "form" => $form->__toString()));
+              "form" => $view->__toString()));
     }
   }
 
diff --git a/modules/gallery/helpers/album.php b/modules/gallery/helpers/album.php
index 5f10bd02..0263e0e1 100644
--- a/modules/gallery/helpers/album.php
+++ b/modules/gallery/helpers/album.php
@@ -94,9 +94,11 @@ class album_Core {
   }
 
   static function get_edit_form($parent) {
-    $form = new Forge("albums/{$parent->id}", "", "post", array("id" => "gEditAlbumForm"));
-    $form->hidden("_method")->value("put");
-    $group = $form->group("edit_item")->label(t("Edit Album"));
+    $view = new View("item_edit.html");
+    $view->script = array();
+    $view->form = new Forge("albums/{$parent->id}", "", "post", array("id" => "gEditAlbumForm"));
+    $view->form->hidden("_method")->value("put");
+    $group = $view->form->group("edit_item")->label(t("Edit Album"));
 
     $group->input("title")->label(t("Title"))->value($parent->title);
     $group->textarea("description")->label(t("Description"))->value($parent->description);
@@ -127,11 +129,11 @@ class album_Core {
                       "DESC" => t("Descending")))
       ->selected($parent->sort_order);
 
-    module::event("item_edit_form", $parent, $form);
+    module::event("item_edit_form", $parent, $view);
 
     $group->hidden("type")->value("album");
     $group->submit("")->value(t("Modify"));
-    $form->add_rules_from(ORM::factory("item"));
-    return $form;
+    $view->form->add_rules_from(ORM::factory("item"));
+    return $view;
   }
 }
diff --git a/modules/gallery/helpers/photo.php b/modules/gallery/helpers/photo.php
index 5cf37de1..299195e9 100644
--- a/modules/gallery/helpers/photo.php
+++ b/modules/gallery/helpers/photo.php
@@ -135,9 +135,11 @@ class photo_Core {
   }
 
   static function get_edit_form($photo) {
-    $form = new Forge("photos/$photo->id", "", "post", array("id" => "gEditPhotoForm"));
-    $form->hidden("_method")->value("put");
-    $group = $form->group("edit_item")->label(t("Edit Photo"));
+    $view = new View("item_edit.html");
+    $view->script = array();
+    $view->form = new Forge("photos/$photo->id", "", "post", array("id" => "gEditPhotoForm"));
+    $view->form->hidden("_method")->value("put");
+    $group = $view->form->group("edit_item")->label(t("Edit Photo"));
     $group->input("title")->label(t("Title"))->value($photo->title);
     $group->textarea("description")->label(t("Description"))->value($photo->description);
     $group->input("filename")->label(t("Filename"))->value($photo->name)
@@ -147,11 +149,11 @@ class photo_Core {
       ->callback("item::validate_no_trailing_period")
       ->error_messages("no_trailing_period", t("The photo name can't end in \".\""));
 
-    module::event("item_edit_form", $photo, $form);
+    module::event("item_edit_form", $photo, $view);
 
     $group->submit("")->value(t("Modify"));
-    $form->add_rules_from(ORM::factory("item"));
-    return $form;
+    $view->form->add_rules_from(ORM::factory("item"));
+    return $view;
   }
 
   /**
diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt
index 5a05d4ef..2940a8df 100644
--- a/modules/gallery/tests/xss_data.txt
+++ b/modules/gallery/tests/xss_data.txt
@@ -207,6 +207,8 @@ modules/gallery/views/admin_themes_preview.html.php          4   DIRTY $info->na
 modules/gallery/views/admin_themes_preview.html.php          7   DIRTY $url
 modules/gallery/views/after_install.html.php                 11        $user->name
 modules/gallery/views/after_install.html.php                 15  DIRTY $user->id
+modules/gallery/views/item_edit.html.php                     4   DIRTY $script
+modules/gallery/views/item_edit.html.php                     8   DIRTY $form
 modules/gallery/views/kohana_error_page.php                  102 DIRTY $message
 modules/gallery/views/kohana_error_page.php                  104 DIRTY $file
 modules/gallery/views/kohana_error_page.php                  104 DIRTY $line
@@ -442,8 +444,8 @@ modules/tag/views/admin_tags.html.php                        50  DIRTY $tag->id
 modules/tag/views/admin_tags.html.php                        50        $tag->name
 modules/tag/views/admin_tags.html.php                        51  DIRTY $tag->count
 modules/tag/views/admin_tags.html.php                        52  DIRTY $tag->id
-modules/tag/views/tag_block.html.php                         3   DIRTY $cloud
-modules/tag/views/tag_block.html.php                         5   DIRTY $form
+modules/tag/views/tag_block.html.php                         13  DIRTY $cloud
+modules/tag/views/tag_block.html.php                         15  DIRTY $form
 modules/tag/views/tag_cloud.html.php                         4   DIRTY $tag->count
 modules/tag/views/tag_cloud.html.php                         4   DIRTY $max_count
 modules/tag/views/tag_cloud.html.php                         5   DIRTY $tag->count
diff --git a/modules/gallery/views/item_edit.html.php b/modules/gallery/views/item_edit.html.php
new file mode 100644
index 00000000..9aa2fb64
--- /dev/null
+++ b/modules/gallery/views/item_edit.html.php
@@ -0,0 +1,9 @@
+<?php defined("SYSPATH") or die("No direct script access.") ?>
+<? if (!empty($script)): ?>
+<script>
+  <?= implode("\n", $script) ?>
+</script>
+<? endif ?>
+<div id="gEditFormContainer">
+  <?= $form ?>
+</div>
\ No newline at end of file