diff options
Diffstat (limited to 'modules/organize')
| -rw-r--r-- | modules/organize/controllers/organize.php | 14 | ||||
| -rw-r--r-- | modules/organize/views/organize_dialog.html.php | 2 | ||||
| -rw-r--r-- | modules/organize/views/organize_frame.html.php | 2 |
3 files changed, 13 insertions, 5 deletions
diff --git a/modules/organize/controllers/organize.php b/modules/organize/controllers/organize.php index 5a2c3e4f..b0c13e7d 100644 --- a/modules/organize/controllers/organize.php +++ b/modules/organize/controllers/organize.php @@ -56,7 +56,7 @@ class Organize_Controller extends Controller { "sort_column" => $album->sort_column, "sort_order" => $album->sort_order, "editable" => access::can("edit", $album), - "title" => $album->title, + "title" => (string)html::clean($album->title), "children" => array()); foreach ($album->viewable()->children() as $child) { @@ -67,7 +67,7 @@ class Organize_Controller extends Controller { "width" => $dims[1], "height" => $dims[0], "type" => $child->type, - "title" => $child->title); + "title" => (string)html::clean($child->title)); } json::reply($data); } @@ -81,6 +81,9 @@ class Organize_Controller extends Controller { foreach (explode(",", $input->post("source_ids")) as $source_id) { $source = ORM::factory("item", $source_id); + if (!$source->loaded()) { + continue; + } access::required("edit", $source->parent()); if ($source->contains($new_parent) || $source->id == $new_parent->id) { @@ -116,6 +119,11 @@ class Organize_Controller extends Controller { $input = Input::instance(); $target = ORM::factory("item", $input->post("target_id")); + if (!$target->loaded()) { + json::reply(null); + return; + } + $album = $target->parent(); access::required("edit", $album); @@ -187,7 +195,7 @@ class Organize_Controller extends Controller { "expandable" => false, "id" => $child->id, "leaf" => $child->children_count(array(array("type", "=", "album"))) == 0, - "text" => $child->title, + "text" => (string)html::clean($child->title), "nodeType" => "async"); // If the child is in the selected path, open it now. Else, mark it async. diff --git a/modules/organize/views/organize_dialog.html.php b/modules/organize/views/organize_dialog.html.php index a386fa77..9ea4d923 100644 --- a/modules/organize/views/organize_dialog.html.php +++ b/modules/organize/views/organize_dialog.html.php @@ -11,7 +11,7 @@ var set_title = function(title) { $("#g-dialog").dialog("option", "title", ORGANIZE_TITLE.replace("__TITLE__", title)); } - set_title("<?= $album->title ?>"); + set_title("<?= html::clean($album->title) ?>"); var done_loading = function() { $("#g-organize-app-loading").hide(); diff --git a/modules/organize/views/organize_frame.html.php b/modules/organize/views/organize_frame.html.php index 20a1a6da..51d49104 100644 --- a/modules/organize/views/organize_frame.html.php +++ b/modules/organize/views/organize_frame.html.php @@ -506,7 +506,7 @@ root: { allowDrop: Boolean(<?= access::can("edit", item::root()) ?>), nodeType: "async", - text: "<?= item::root()->title ?>", + text: "<?= html::clean(item::root()->title) ?>", draggable: false, id: "<?= item::root()->id ?>", expanded: true |