diff options
Diffstat (limited to 'modules/organize/controllers/organize.php')
| -rw-r--r-- | modules/organize/controllers/organize.php | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/modules/organize/controllers/organize.php b/modules/organize/controllers/organize.php index 5a2c3e4f..b0c13e7d 100644 --- a/modules/organize/controllers/organize.php +++ b/modules/organize/controllers/organize.php @@ -56,7 +56,7 @@ class Organize_Controller extends Controller { "sort_column" => $album->sort_column, "sort_order" => $album->sort_order, "editable" => access::can("edit", $album), - "title" => $album->title, + "title" => (string)html::clean($album->title), "children" => array()); foreach ($album->viewable()->children() as $child) { @@ -67,7 +67,7 @@ class Organize_Controller extends Controller { "width" => $dims[1], "height" => $dims[0], "type" => $child->type, - "title" => $child->title); + "title" => (string)html::clean($child->title)); } json::reply($data); } @@ -81,6 +81,9 @@ class Organize_Controller extends Controller { foreach (explode(",", $input->post("source_ids")) as $source_id) { $source = ORM::factory("item", $source_id); + if (!$source->loaded()) { + continue; + } access::required("edit", $source->parent()); if ($source->contains($new_parent) || $source->id == $new_parent->id) { @@ -116,6 +119,11 @@ class Organize_Controller extends Controller { $input = Input::instance(); $target = ORM::factory("item", $input->post("target_id")); + if (!$target->loaded()) { + json::reply(null); + return; + } + $album = $target->parent(); access::required("edit", $album); @@ -187,7 +195,7 @@ class Organize_Controller extends Controller { "expandable" => false, "id" => $child->id, "leaf" => $child->children_count(array(array("type", "=", "album"))) == 0, - "text" => $child->title, + "text" => (string)html::clean($child->title), "nodeType" => "async"); // If the child is in the selected path, open it now. Else, mark it async. |