summaryrefslogtreecommitdiff
path: root/modules/gallery
diff options
context:
space:
mode:
Diffstat (limited to 'modules/gallery')
-rw-r--r--modules/gallery/helpers/encoding.php17
-rw-r--r--modules/gallery/tests/System_Helper_Test.php2
-rw-r--r--modules/gallery/tests/xss_data.txt92
3 files changed, 57 insertions, 54 deletions
diff --git a/modules/gallery/helpers/encoding.php b/modules/gallery/helpers/encoding.php
index c5928634..7d5add34 100644
--- a/modules/gallery/helpers/encoding.php
+++ b/modules/gallery/helpers/encoding.php
@@ -19,13 +19,16 @@
*/
class encoding_Core {
static function convert_to_utf8($value) {
- if (function_exists("mb_detect_encoding") &&
- function_exists("mb_convert_encoding") &&
- mb_detect_encoding($value, "ISO-8859-1, UTF-8") != "UTF-8") {
- $value = mb_convert_encoding($value, "UTF-8", mb_detect_encoding($value));
- } else if (function_exists("mb_detect_encoding") &&
- mb_detect_encoding($value, "ISO-8859-1, UTF-8") != "UTF-8") {
- $value = utf8_encode($value);
+ if (function_exists("mb_detect_encoding")) {
+ // Rely on mb_detect_encoding()'s strict mode
+ $src_encoding = mb_detect_encoding($value, mb_detect_order(), true);
+ if ($src_encoding != "UTF-8") {
+ if (function_exists("mb_convert_encoding") && $src_encoding) {
+ $value = mb_convert_encoding($value, "UTF-8", $src_encoding);
+ } else {
+ $value = utf8_encode($value);
+ }
+ }
}
return $value;
}
diff --git a/modules/gallery/tests/System_Helper_Test.php b/modules/gallery/tests/System_Helper_Test.php
index 3d56c516..b6c00f4c 100644
--- a/modules/gallery/tests/System_Helper_Test.php
+++ b/modules/gallery/tests/System_Helper_Test.php
@@ -1,7 +1,7 @@
<?php defined("SYSPATH") or die("No direct script access.");
/**
* Gallery - a web based photo album viewer and editor
- * Copyright (C) 2011 Chad Parry
+ * Copyright (C) 2000-2011 Bharat Mediratta
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt
index 7da79b23..954caf54 100644
--- a/modules/gallery/tests/xss_data.txt
+++ b/modules/gallery/tests/xss_data.txt
@@ -5,21 +5,22 @@ modules/comment/views/admin_block_recent_comments.html.php 4 DIRTY_ATTR text
modules/comment/views/admin_block_recent_comments.html.php 5 DIRTY_ATTR $comment->author()->avatar_url(32,$theme->url(,true))
modules/comment/views/admin_block_recent_comments.html.php 10 DIRTY gallery::date_time($comment->created)
modules/comment/views/admin_comments.html.php 5 DIRTY $form
-modules/comment/views/admin_manage_comments.html.php 43 DIRTY $menu->render()
-modules/comment/views/admin_manage_comments.html.php 107 DIRTY_ATTR $comment->id
-modules/comment/views/admin_manage_comments.html.php 107 DIRTY_ATTR text::alternate("g-odd","g-even")
-modules/comment/views/admin_manage_comments.html.php 110 DIRTY_ATTR $comment->author()->avatar_url(40,$theme->url(,true))
-modules/comment/views/admin_manage_comments.html.php 123 DIRTY_JS $item->url()
-modules/comment/views/admin_manage_comments.html.php 125 DIRTY_ATTR $item->thumb_url()
-modules/comment/views/admin_manage_comments.html.php 127 DIRTY photo::img_dimensions($item->thumb_width,$item->thumb_height,75)
-modules/comment/views/admin_manage_comments.html.php 135 DIRTY gallery::date($comment->created)
-modules/comment/views/admin_manage_comments.html.php 142 DIRTY_JS $comment->id
-modules/comment/views/admin_manage_comments.html.php 151 DIRTY_JS $comment->id
-modules/comment/views/admin_manage_comments.html.php 160 DIRTY_JS $comment->id
-modules/comment/views/admin_manage_comments.html.php 169 DIRTY_JS $comment->id
-modules/comment/views/admin_manage_comments.html.php 176 DIRTY_JS $comment->id
-modules/comment/views/admin_manage_comments.html.php 184 DIRTY_JS $comment->id
-modules/comment/views/admin_manage_comments.html.php 197 DIRTY $pager
+modules/comment/views/admin_manage_comments.html.php 45 DIRTY $menu->render()
+modules/comment/views/admin_manage_comments_queue.html.php 40 DIRTY $theme->paginator()
+modules/comment/views/admin_manage_comments_queue.html.php 55 DIRTY_ATTR $comment->id
+modules/comment/views/admin_manage_comments_queue.html.php 55 DIRTY_ATTR text::alternate("g-odd","g-even")
+modules/comment/views/admin_manage_comments_queue.html.php 58 DIRTY_ATTR $comment->author()->avatar_url(40,$fallback_avatar_url)
+modules/comment/views/admin_manage_comments_queue.html.php 75 DIRTY_JS $item->url()
+modules/comment/views/admin_manage_comments_queue.html.php 77 DIRTY_ATTR $item->thumb_url()
+modules/comment/views/admin_manage_comments_queue.html.php 79 DIRTY photo::img_dimensions($item->thumb_width,$item->thumb_height,75)
+modules/comment/views/admin_manage_comments_queue.html.php 87 DIRTY gallery::date($comment->created)
+modules/comment/views/admin_manage_comments_queue.html.php 94 DIRTY_JS $comment->id
+modules/comment/views/admin_manage_comments_queue.html.php 103 DIRTY_JS $comment->id
+modules/comment/views/admin_manage_comments_queue.html.php 116 DIRTY_JS $comment->id
+modules/comment/views/admin_manage_comments_queue.html.php 125 DIRTY_JS $comment->id
+modules/comment/views/admin_manage_comments_queue.html.php 132 DIRTY_JS $comment->id
+modules/comment/views/admin_manage_comments_queue.html.php 141 DIRTY_JS $comment->id
+modules/comment/views/admin_manage_comments_queue.html.php 155 DIRTY $theme->paginator()
modules/comment/views/comment.html.php 2 DIRTY_ATTR $comment->id;
modules/comment/views/comment.html.php 5 DIRTY_ATTR $comment->author()->avatar_url(40,$theme->url(,true))
modules/comment/views/comment.mrss.php 10 DIRTY $feed->uri
@@ -367,7 +368,7 @@ modules/user/views/admin_users.html.php 73 DIRTY_ATTR $use
modules/user/views/admin_users.html.php 74 DIRTY_ATTR $user->avatar_url(20,$theme->url(,true))
modules/user/views/admin_users.html.php 88 DIRTY ($user->last_login==0)?"":gallery::date($user->last_login)
modules/user/views/admin_users.html.php 91 DIRTY db::build()->from("items")->where("owner_id","=",$user->id)->count_records()
-modules/user/views/admin_users.html.php 113 DIRTY $pager
+modules/user/views/admin_users.html.php 113 DIRTY $theme->paginator()
modules/user/views/admin_users.html.php 132 DIRTY_ATTR $group->id
modules/user/views/admin_users.html.php 132 DIRTY_ATTR ($group->special?"g-default-group":"")
modules/user/views/admin_users.html.php 134 DIRTY $v
@@ -378,31 +379,30 @@ modules/watermark/views/admin_watermarks.html.php 20 DIRTY_ATTR $wid
modules/watermark/views/admin_watermarks.html.php 20 DIRTY_ATTR $height
modules/watermark/views/admin_watermarks.html.php 20 DIRTY_ATTR $url
themes/admin_wind/views/admin.html.php 4 DIRTY $theme->html_attributes()
-themes/admin_wind/views/admin.html.php 33 DIRTY $theme->admin_head()
-themes/admin_wind/views/admin.html.php 42 DIRTY_JS $theme->url()
-themes/admin_wind/views/admin.html.php 47 DIRTY $theme->get_combined("css")
-themes/admin_wind/views/admin.html.php 50 DIRTY $theme->get_combined("script")
-themes/admin_wind/views/admin.html.php 54 DIRTY $theme->admin_page_top()
-themes/admin_wind/views/admin.html.php 62 DIRTY $theme->admin_header_top()
-themes/admin_wind/views/admin.html.php 63 DIRTY_JS item::root()->url()
-themes/admin_wind/views/admin.html.php 66 DIRTY $theme->user_menu()
-themes/admin_wind/views/admin.html.php 69 DIRTY $theme->admin_menu()
-themes/admin_wind/views/admin.html.php 72 DIRTY $theme->admin_header_bottom()
-themes/admin_wind/views/admin.html.php 79 DIRTY $content
-themes/admin_wind/views/admin.html.php 85 DIRTY $sidebar
-themes/admin_wind/views/admin.html.php 90 DIRTY $theme->admin_footer()
-themes/admin_wind/views/admin.html.php 93 DIRTY $theme->admin_credits()
-themes/admin_wind/views/admin.html.php 98 DIRTY $theme->admin_page_bottom()
+themes/admin_wind/views/admin.html.php 34 DIRTY $theme->admin_head()
+themes/admin_wind/views/admin.html.php 46 DIRTY_JS $theme->url()
+themes/admin_wind/views/admin.html.php 51 DIRTY $theme->get_combined("css")
+themes/admin_wind/views/admin.html.php 54 DIRTY $theme->get_combined("script")
+themes/admin_wind/views/admin.html.php 58 DIRTY $theme->admin_page_top()
+themes/admin_wind/views/admin.html.php 66 DIRTY $theme->admin_header_top()
+themes/admin_wind/views/admin.html.php 67 DIRTY_JS item::root()->url()
+themes/admin_wind/views/admin.html.php 70 DIRTY $theme->user_menu()
+themes/admin_wind/views/admin.html.php 73 DIRTY $theme->admin_menu()
+themes/admin_wind/views/admin.html.php 76 DIRTY $theme->admin_header_bottom()
+themes/admin_wind/views/admin.html.php 83 DIRTY $content
+themes/admin_wind/views/admin.html.php 89 DIRTY $sidebar
+themes/admin_wind/views/admin.html.php 94 DIRTY $theme->admin_footer()
+themes/admin_wind/views/admin.html.php 97 DIRTY $theme->admin_credits()
+themes/admin_wind/views/admin.html.php 102 DIRTY $theme->admin_page_bottom()
themes/admin_wind/views/block.html.php 3 DIRTY_ATTR $anchor
themes/admin_wind/views/block.html.php 5 DIRTY $id
themes/admin_wind/views/block.html.php 5 DIRTY_ATTR $css_id
themes/admin_wind/views/block.html.php 13 DIRTY $title
themes/admin_wind/views/block.html.php 16 DIRTY $content
-themes/admin_wind/views/pager.html.php 13 DIRTY_JS str_replace('{page}',1,$url)
-themes/admin_wind/views/pager.html.php 20 DIRTY_JS str_replace('{page}',$previous_page,$url)
-themes/admin_wind/views/pager.html.php 27 DIRTY $from_to_msg
-themes/admin_wind/views/pager.html.php 30 DIRTY_JS str_replace('{page}',$next_page,$url)
-themes/admin_wind/views/pager.html.php 37 DIRTY_JS str_replace('{page}',$last_page,$url)
+themes/admin_wind/views/paginator.html.php 35 DIRTY_JS $first_page_url
+themes/admin_wind/views/paginator.html.php 44 DIRTY_JS $previous_page_url
+themes/admin_wind/views/paginator.html.php 70 DIRTY_JS $next_page_url
+themes/admin_wind/views/paginator.html.php 79 DIRTY_JS $last_page_url
themes/wind/views/album.html.php 16 DIRTY_ATTR $child->id
themes/wind/views/album.html.php 16 DIRTY_ATTR $item_class
themes/wind/views/album.html.php 18 DIRTY_JS $child->url()
@@ -430,16 +430,16 @@ themes/wind/views/page.html.php 17 DIRTY item::
themes/wind/views/page.html.php 32 DIRTY $new_width
themes/wind/views/page.html.php 33 DIRTY $new_height
themes/wind/views/page.html.php 34 DIRTY $thumb_proportion
-themes/wind/views/page.html.php 71 DIRTY_JS $theme->url()
-themes/wind/views/page.html.php 76 DIRTY $theme->get_combined("css")
-themes/wind/views/page.html.php 79 DIRTY $theme->get_combined("script")
-themes/wind/views/page.html.php 89 DIRTY $header_text
-themes/wind/views/page.html.php 91 DIRTY_JS item::root()->url()
-themes/wind/views/page.html.php 95 DIRTY $theme->user_menu()
-themes/wind/views/page.html.php 116 DIRTY_JS $parent->url($parent->id==$theme->item()->parent_id?"show={$theme->item()->id}":null)
-themes/wind/views/page.html.php 137 DIRTY $content
-themes/wind/views/page.html.php 143 DIRTY newView("sidebar.html")
-themes/wind/views/page.html.php 150 DIRTY $footer_text
+themes/wind/views/page.html.php 74 DIRTY_JS $theme->url()
+themes/wind/views/page.html.php 79 DIRTY $theme->get_combined("css")
+themes/wind/views/page.html.php 82 DIRTY $theme->get_combined("script")
+themes/wind/views/page.html.php 92 DIRTY $header_text
+themes/wind/views/page.html.php 94 DIRTY_JS item::root()->url()
+themes/wind/views/page.html.php 98 DIRTY $theme->user_menu()
+themes/wind/views/page.html.php 119 DIRTY_JS $parent->url($parent->id==$theme->item()->parent_id?"show={$theme->item()->id}":null)
+themes/wind/views/page.html.php 140 DIRTY $content
+themes/wind/views/page.html.php 146 DIRTY newView("sidebar.html")
+themes/wind/views/page.html.php 153 DIRTY $footer_text
themes/wind/views/paginator.html.php 33 DIRTY_JS $first_page_url
themes/wind/views/paginator.html.php 42 DIRTY_JS $previous_page_url
themes/wind/views/paginator.html.php 70 DIRTY_JS $next_page_url
generated by cgit v1.2.3 (git 2.46.0) at 2025-10-13 17:04:46 +0000