diff options
Diffstat (limited to 'modules/gallery')
| -rw-r--r-- | modules/gallery/controllers/admin_advanced_settings.php | 2 | ||||
| -rw-r--r-- | modules/gallery/controllers/quick.php | 10 | ||||
| -rw-r--r-- | modules/gallery/helpers/MY_html.php | 4 | ||||
| -rw-r--r-- | modules/gallery/helpers/gallery_rss.php | 4 | ||||
| -rw-r--r-- | modules/gallery/helpers/gallery_task.php | 4 | ||||
| -rw-r--r-- | modules/gallery/tests/Html_Helper_Test.php | 4 | ||||
| -rw-r--r-- | modules/gallery/tests/Xss_Security_Test.php | 4 | ||||
| -rw-r--r-- | modules/gallery/views/admin_advanced_settings.html.php | 6 | ||||
| -rw-r--r-- | modules/gallery/views/admin_block_log_entries.html.php | 2 | ||||
| -rw-r--r-- | modules/gallery/views/admin_block_photo_stream.html.php | 4 | ||||
| -rw-r--r-- | modules/gallery/views/admin_languages.html.php | 4 | ||||
| -rw-r--r-- | modules/gallery/views/admin_maintenance.html.php | 4 | ||||
| -rw-r--r-- | modules/gallery/views/admin_maintenance_show_log.html.php | 2 | ||||
| -rw-r--r-- | modules/gallery/views/move_tree.html.php | 8 | ||||
| -rw-r--r-- | modules/gallery/views/permissions_browse.html.php | 4 | ||||
| -rw-r--r-- | modules/gallery/views/permissions_form.html.php | 2 | ||||
| -rw-r--r-- | modules/gallery/views/simple_uploader.html.php | 14 |
17 files changed, 41 insertions, 41 deletions
diff --git a/modules/gallery/controllers/admin_advanced_settings.php b/modules/gallery/controllers/admin_advanced_settings.php index d727b654..43c77340 100644 --- a/modules/gallery/controllers/admin_advanced_settings.php +++ b/modules/gallery/controllers/admin_advanced_settings.php @@ -46,7 +46,7 @@ class Admin_Advanced_Settings_Controller extends Admin_Controller { module::set_var($module_name, $var_name, Input::instance()->post("value")); message::success( t("Saved value for %var (%module_name)", - array("var" => SafeString::of($var_name), "module_name" => $module_name))); + array("var" => html::clean($var_name), "module_name" => $module_name))); print json_encode(array("result" => "success")); } diff --git a/modules/gallery/controllers/quick.php b/modules/gallery/controllers/quick.php index 8fddb563..20731f9c 100644 --- a/modules/gallery/controllers/quick.php +++ b/modules/gallery/controllers/quick.php @@ -75,7 +75,7 @@ class Quick_Controller extends Controller { access::required("view", $item->parent()); access::required("edit", $item->parent()); - $msg = t("Made <b>%title</b> this album's cover", array("title" => SafeString::purify($item->title))); + $msg = t("Made <b>%title</b> this album's cover", array("title" => html::purify($item->title))); item::make_album_cover($item); message::success($msg); @@ -91,10 +91,10 @@ class Quick_Controller extends Controller { if ($item->is_album()) { print t( "Delete the album <b>%title</b>? All photos and movies in the album will also be deleted.", - array("title" => SafeString::purify($item->title))); + array("title" => html::purify($item->title))); } else { print t("Are you sure you want to delete <b>%title</b>?", - array("title" => SafeString::purify($item->title))); + array("title" => html::purify($item->title))); } $form = item::get_delete_form($item); @@ -108,9 +108,9 @@ class Quick_Controller extends Controller { access::required("edit", $item); if ($item->is_album()) { - $msg = t("Deleted album <b>%title</b>", array("title" => SafeString::purify($item->title))); + $msg = t("Deleted album <b>%title</b>", array("title" => html::purify($item->title))); } else { - $msg = t("Deleted photo <b>%title</b>", array("title" => SafeString::purify($item->title))); + $msg = t("Deleted photo <b>%title</b>", array("title" => html::purify($item->title))); } $parent = $item->parent(); diff --git a/modules/gallery/helpers/MY_html.php b/modules/gallery/helpers/MY_html.php index eb388811..75114898 100644 --- a/modules/gallery/helpers/MY_html.php +++ b/modules/gallery/helpers/MY_html.php @@ -65,11 +65,11 @@ class html extends html_Core { * * Example:<pre> * <script type="text/javascript>" - * var some_js_var = "<?= html::escape_for_js($php_var) ?>"; + * var some_js_var = "<?= html::clean_js($php_var) ?>"; * </script> * </pre> */ - static function escape_for_js($string) { + static function clean_js($string) { return SafeString::of($string)->for_js(); } diff --git a/modules/gallery/helpers/gallery_rss.php b/modules/gallery/helpers/gallery_rss.php index affb3101..dee6ae40 100644 --- a/modules/gallery/helpers/gallery_rss.php +++ b/modules/gallery/helpers/gallery_rss.php @@ -53,9 +53,9 @@ class gallery_rss_Core { ->descendants($limit, $offset, array("type" => "photo")); $feed->max_pages = ceil( $item->viewable()->descendants_count(array("type" => "photo")) / $limit); - $feed->title = SafeString::purify($item->title); + $feed->title = html::purify($item->title); $feed->link = url::abs_site("albums/{$item->id}"); - $feed->description = nl2br(SafeString::purify($item->description)); + $feed->description = nl2br(html::purify($item->description)); return $feed; } diff --git a/modules/gallery/helpers/gallery_task.php b/modules/gallery/helpers/gallery_task.php index 8c0e8aa8..c9557324 100644 --- a/modules/gallery/helpers/gallery_task.php +++ b/modules/gallery/helpers/gallery_task.php @@ -64,10 +64,10 @@ class gallery_task_Core { if (!$success) { $ignored[$item->id] = 1; $errors[] = t("Unable to rebuild images for '%title'", - array("title" => SafeString::purify($item->title))); + array("title" => html::purify($item->title))); } else { $errors[] = t("Successfully rebuilt images for '%title'", - array("title" => SafeString::purify($item->title))); + array("title" => html::purify($item->title))); } } diff --git a/modules/gallery/tests/Html_Helper_Test.php b/modules/gallery/tests/Html_Helper_Test.php index 4d934ad5..a9903256 100644 --- a/modules/gallery/tests/Html_Helper_Test.php +++ b/modules/gallery/tests/Html_Helper_Test.php @@ -40,8 +40,8 @@ class Html_Helper_Test extends Unit_Test_Case { $safe_string_2); } - public function escape_for_js_test() { - $string = html::escape_for_js("hello's <p >world</p>"); + public function clean_js_test() { + $string = html::clean_js("hello's <p >world</p>"); $this->assert_equal("hello\\'s <p >world<\\/p>", $string); } diff --git a/modules/gallery/tests/Xss_Security_Test.php b/modules/gallery/tests/Xss_Security_Test.php index 8e5f8354..16e5a856 100644 --- a/modules/gallery/tests/Xss_Security_Test.php +++ b/modules/gallery/tests/Xss_Security_Test.php @@ -151,7 +151,7 @@ class Xss_Security_Test extends Unit_Test_Case { if (self::_token_matches(array(T_DOUBLE_COLON, "::"), $tokens, $token_number + 1) && self::_token_matches(array(T_STRING), $tokens, $token_number + 2) && in_array($tokens[$token_number + 2][1], - array("clean", "purify", "escape_for_js", "clean_attribute_test")) && + array("clean", "purify", "clean_js", "clean_attribute")) && self::_token_matches("(", $tokens, $token_number + 3)) { // Not checking for mark_safe(). We want such calls to be marked dirty (thus reviewed). @@ -161,7 +161,7 @@ class Xss_Security_Test extends Unit_Test_Case { $token_number += 3; $token = $tokens[$token_number]; - if ("escape_for_js" == $method) { + if ("clean_js" == $method) { $frame->is_safe_js(true); } else { $frame->is_safe_html(true); diff --git a/modules/gallery/views/admin_advanced_settings.html.php b/modules/gallery/views/admin_advanced_settings.html.php index adc15b91..4235e8f8 100644 --- a/modules/gallery/views/admin_advanced_settings.html.php +++ b/modules/gallery/views/admin_advanced_settings.html.php @@ -20,13 +20,13 @@ <? if ($var->module_name == "gallery" && $var->name == "_cache") continue ?> <tr class="setting"> <td> <?= $var->module_name ?> </td> - <td> <?= SafeString::of($var->name) ?> </td> + <td> <?= html::clean($var->name) ?> </td> <td> - <a href="<?= url::site("admin/advanced_settings/edit/$var->module_name/" . SafeString::of($var->name)) ?>" + <a href="<?= url::site("admin/advanced_settings/edit/$var->module_name/" . html::clean($var->name)) ?>" class="gDialogLink" title="<?= t("Edit %var (%module_name)", array("var" => $var->name, "module_name" => $var->module_name)) ?>"> <? if ($var->value): ?> - <?= SafeString::of($var->value) ?> + <?= html::clean($var->value) ?> <? else: ?> <i> <?= t("empty") ?> </i> <? endif ?> diff --git a/modules/gallery/views/admin_block_log_entries.html.php b/modules/gallery/views/admin_block_log_entries.html.php index b7afb22d..780ff2d0 100644 --- a/modules/gallery/views/admin_block_log_entries.html.php +++ b/modules/gallery/views/admin_block_log_entries.html.php @@ -2,7 +2,7 @@ <ul> <? foreach ($entries as $entry): ?> <li class="<?= log::severity_class($entry->severity) ?>" style="direction: ltr"> - <a href="<?= url::site("user/$entry->user_id") ?>"><?= SafeString::of($entry->user->name) ?></a> + <a href="<?= url::site("user/$entry->user_id") ?>"><?= html::clean($entry->user->name) ?></a> <?= gallery::date_time($entry->timestamp) ?> <?= $entry->message ?> <?= $entry->html ?> diff --git a/modules/gallery/views/admin_block_photo_stream.html.php b/modules/gallery/views/admin_block_photo_stream.html.php index 732bdc38..a50836ad 100644 --- a/modules/gallery/views/admin_block_photo_stream.html.php +++ b/modules/gallery/views/admin_block_photo_stream.html.php @@ -2,9 +2,9 @@ <ul> <? foreach ($photos as $photo): ?> <li class="gItem gPhoto"> - <a href="<?= url::site("photos/$photo->id") ?>" title="<?= SafeString::of($photo->title) ?>"> + <a href="<?= url::site("photos/$photo->id") ?>" title="<?= html::clean($photo->title) ?>"> <img <?= photo::img_dimensions($photo->width, $photo->height, 72) ?> - src="<?= $photo->thumb_url() ?>" alt="<?= SafeString::of($photo->title) ?>" /> + src="<?= $photo->thumb_url() ?>" alt="<?= html::clean($photo->title) ?>" /> </a> </li> <? endforeach ?> diff --git a/modules/gallery/views/admin_languages.html.php b/modules/gallery/views/admin_languages.html.php index 4bee9bb1..052d749b 100644 --- a/modules/gallery/views/admin_languages.html.php +++ b/modules/gallery/views/admin_languages.html.php @@ -40,7 +40,7 @@ </form> <script type="text/javascript"> - var old_default_locale = "<?= SafeString::of($default_locale)->for_js() ?>"; + var old_default_locale = "<?= html::escape_for_js($default_locale) ?>"; $("input[name='installed_locales[]']").change(function (event) { if (this.checked) { @@ -57,7 +57,7 @@ dataType: "json", success: function(data) { if (data.result == "success") { - el = $('<a href="<?= url::site("admin/maintenance/start/gallery_task::update_l10n?csrf=$csrf")->for_js() ?>"></a>'); // this is a little hack to trigger the update_l10n task in a dialog + el = $('<a href="<?= html::escape_for_js(url::site("admin/maintenance/start/gallery_task::update_l10n?csrf=$csrf")) ?>"></a>'); // this is a little hack to trigger the update_l10n task in a dialog el.gallery_dialog(); el.trigger('click'); } diff --git a/modules/gallery/views/admin_maintenance.html.php b/modules/gallery/views/admin_maintenance.html.php index a1f7b126..05bc0923 100644 --- a/modules/gallery/views/admin_maintenance.html.php +++ b/modules/gallery/views/admin_maintenance.html.php @@ -93,7 +93,7 @@ <?= $task->status ?> </td> <td> - <?= SafeString::of($task->owner()->name) ?> + <?= html::clean($task->owner()->name) ?> </td> <td> <? if ($task->state == "stalled"): ?> @@ -164,7 +164,7 @@ <?= $task->status ?> </td> <td> - <?= SafeString::of($task->owner()->name) ?> + <?= html::clean($task->owner()->name) ?> </td> <td> <? if ($task->done): ?> diff --git a/modules/gallery/views/admin_maintenance_show_log.html.php b/modules/gallery/views/admin_maintenance_show_log.html.php index 209aef03..8ea1beb6 100644 --- a/modules/gallery/views/admin_maintenance_show_log.html.php +++ b/modules/gallery/views/admin_maintenance_show_log.html.php @@ -12,7 +12,7 @@ appendTo('body').submit().remove(); <div id="gTaskLogDialog"> <h1> <?= $task->name ?> </h1> <div class="gTaskLog"> - <pre><?= SafeString::purify($task->get_log()) ?></pre> + <pre><?= html::purify($task->get_log()) ?></pre> </div> <button id="gCloseButton" class="ui-state-default ui-corner-all" onclick="dismiss()"><?= t("Close") ?></button> <button id="gSaveButton" class="ui-state-default ui-corner-all" onclick="download()"><?= t("Save") ?></button> diff --git a/modules/gallery/views/move_tree.html.php b/modules/gallery/views/move_tree.html.php index 7818a42a..623f80ee 100644 --- a/modules/gallery/views/move_tree.html.php +++ b/modules/gallery/views/move_tree.html.php @@ -1,18 +1,18 @@ <?php defined("SYSPATH") or die("No direct script access.") ?> <?= $parent->thumb_img(array(), 25); ?> <? if (!access::can("edit", $parent) || $source->is_descendant($parent)): ?> -<a href="javascript:load_tree('<?= $parent->id ?>',1)"> <?= SafeString::of($parent->title) ?> <?= t("(locked)") ?> </a> +<a href="javascript:load_tree('<?= $parent->id ?>',1)"> <?= html::clean($parent->title) ?> <?= t("(locked)") ?> </a> <? else: ?> -<a href="javascript:load_tree('<?= $parent->id ?>',0)"> <?= SafeString::of($parent->title) ?></a> +<a href="javascript:load_tree('<?= $parent->id ?>',0)"> <?= html::clean($parent->title) ?></a> <? endif ?> <ul id="tree_<?= $parent->id ?>"> <? foreach ($children as $child): ?> <li id="node_<?= $child->id ?>" class="node"> <?= $child->thumb_img(array(), 25); ?> <? if (!access::can("edit", $child) || $source->is_descendant($child)): ?> - <a href="javascript:load_tree('<?= $child->id ?>',1)"> <?= SafeString::of($child->title) ?> <?= t("(locked)") ?></a> + <a href="javascript:load_tree('<?= $child->id ?>',1)"> <?= html::clean($child->title) ?> <?= t("(locked)") ?></a> <? else: ?> - <a href="javascript:load_tree('<?= $child->id ?>',0)"> <?= SafeString::of($child->title) ?> </a> + <a href="javascript:load_tree('<?= $child->id ?>',0)"> <?= html::clean($child->title) ?> </a> <? endif ?> </li> <? endforeach ?> diff --git a/modules/gallery/views/permissions_browse.html.php b/modules/gallery/views/permissions_browse.html.php index 90970112..d9395b3f 100644 --- a/modules/gallery/views/permissions_browse.html.php +++ b/modules/gallery/views/permissions_browse.html.php @@ -39,13 +39,13 @@ <? foreach ($parents as $parent): ?> <li id="item-<?= $parent->id ?>"> <a href="javascript:show(<?= $parent->id ?>)"> - <?= SafeString::purify($parent->title) ?> + <?= html::purify($parent->title) ?> </a> </li> <? endforeach ?> <li class="active" id="item-<?= $item->id ?>"> <a href="javascript:show(<?= $item->id ?>)"> - <?= SafeString::purify($item->title) ?> + <?= html::purify($item->title) ?> </a> </li> </ul> diff --git a/modules/gallery/views/permissions_form.html.php b/modules/gallery/views/permissions_form.html.php index adc0496f..e6b217c5 100644 --- a/modules/gallery/views/permissions_form.html.php +++ b/modules/gallery/views/permissions_form.html.php @@ -6,7 +6,7 @@ <tr> <th> </th> <? foreach ($groups as $group): ?> - <th> <?= SafeString::of($group->name) ?> </th> + <th> <?= html::clean($group->name) ?> </th> <? endforeach ?> </tr> diff --git a/modules/gallery/views/simple_uploader.html.php b/modules/gallery/views/simple_uploader.html.php index 1f185780..b136972a 100644 --- a/modules/gallery/views/simple_uploader.html.php +++ b/modules/gallery/views/simple_uploader.html.php @@ -6,7 +6,7 @@ <!-- hack to set the title for the dialog --> <form id="gAddPhotosForm" action="<?= url::site("simple_uploader/finish?csrf=$csrf") ?>"> <fieldset> - <legend> <?= t("Add photos to %album_title", array("album_title" => SafeString::purify($item->title))) ?> </legend> + <legend> <?= t("Add photos to %album_title", array("album_title" => html::purify($item->title))) ?> </legend> </fieldset> </form> @@ -26,9 +26,9 @@ </p> <ul class="gBreadcrumbs"> <? foreach ($item->parents() as $parent): ?> - <li> <?= SafeString::of($parent->title) ?> </li> + <li> <?= html::clean($parent->title) ?> </li> <? endforeach ?> - <li class="active"> <?= SafeString::purify($item->title) ?> </li> + <li class="active"> <?= html::purify($item->title) ?> </li> </ul> <p> @@ -82,13 +82,13 @@ <script type="text/javascript"> var swfu = new SWFUpload({ - flash_url: "<?= url::file("lib/swfupload/swfupload.swf")->for_js() ?>", - upload_url: "<?= url::site("simple_uploader/add_photo/$item->id")->for_js() ?>", + flash_url: "<?= html::escape_for_js(url::file("lib/swfupload/swfupload.swf")) ?>", + upload_url: "<?= html::escape_for_js(url::site("simple_uploader/add_photo/$item->id")) ?>", post_params: <?= json_encode(array( "g3sid" => Session::instance()->id(), "user_agent" => Input::instance()->server("HTTP_USER_AGENT"), "csrf" => $csrf)) ?>, - file_size_limit: "<?= SafeString::of(ini_get("upload_max_filesize") ? num::convert_to_bytes(ini_get("upload_max_filesize"))."B" : "100MB")->for_js() ?>", + file_size_limit: "<?= html::escape_for_js(ini_get("upload_max_filesize") ? num::convert_to_bytes(ini_get("upload_max_filesize"))."B" : "100MB")) ?>", file_types: "*.gif;*.jpg;*.jpeg;*.png;*.flv;*.mp4;*.GIF;*.JPG;*.JPEG;*.PNG;*.FLV;*.MP4", file_types_description: "<?= t("Photos and Movies")->for_js() ?>", file_upload_limit: 1000, @@ -97,7 +97,7 @@ debug: false, // Button settings - button_image_url: "<?= url::file("themes/default/images/select-photos-backg.png")->for_js() ?>", + button_image_url: "<?= html::escape_for_js(url::file("themes/default/images/select-photos-backg.png")) ?>", button_width: "202", button_height: "45", button_placeholder_id: "gChooseFilesButtonPlaceholder", |