summaryrefslogtreecommitdiff
path: root/modules/user
diff options
context:
space:
mode:
Diffstat (limited to 'modules/user')
-rw-r--r--modules/user/controllers/admin_users.php19
-rw-r--r--modules/user/controllers/login.php6
-rw-r--r--modules/user/controllers/logout.php15
-rw-r--r--modules/user/controllers/password.php6
-rw-r--r--modules/user/controllers/users.php8
-rw-r--r--modules/user/helpers/group.php1
-rw-r--r--modules/user/helpers/user.php43
-rw-r--r--modules/user/helpers/user_event.php26
-rw-r--r--modules/user/helpers/user_installer.php6
-rw-r--r--modules/user/helpers/user_menu.php28
-rw-r--r--modules/user/helpers/user_theme.php33
-rw-r--r--modules/user/models/group.php15
-rw-r--r--modules/user/models/user.php25
-rw-r--r--modules/user/views/admin_users.html.php20
-rw-r--r--modules/user/views/admin_users_group.html.php10
-rw-r--r--modules/user/views/login.html.php12
-rw-r--r--modules/user/views/login_ajax.html.php4
-rw-r--r--modules/user/views/reset_password.html.php6
-rw-r--r--modules/user/views/user_languages_block.html.php19
19 files changed, 206 insertions, 96 deletions
diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php
index b5dc6cb5..521f82fa 100644
--- a/modules/user/controllers/admin_users.php
+++ b/modules/user/controllers/admin_users.php
@@ -48,9 +48,10 @@ class Admin_Users_Controller extends Controller {
$desired_locale = $form->add_user->locale->value;
$user->locale = $desired_locale == "none" ? null : $desired_locale;
}
-
$user->save();
- message::success(t("Created user %user_name", array("user_name" => p::clean($user->name))));
+ module::event("user_add_form_admin_completed", $user, $form);
+
+ message::success(t("Created user %user_name", array("user_name" => $user->name)));
print json_encode(array("result" => "success"));
} else {
print json_encode(array("result" => "error",
@@ -83,7 +84,7 @@ class Admin_Users_Controller extends Controller {
"form" => $form->__toString()));
}
- $message = t("Deleted user %user_name", array("user_name" => p::clean($name)));
+ $message = t("Deleted user %user_name", array("user_name" => $name));
log::success("user", $message);
message::success($message);
print json_encode(array("result" => "success"));
@@ -128,6 +129,7 @@ class Admin_Users_Controller extends Controller {
$user->password = $form->edit_user->password->value;
}
$user->email = $form->edit_user->email->value;
+ $user->url = $form->edit_user->url->value;
if ($form->edit_user->locale) {
$desired_locale = $form->edit_user->locale->value;
$user->locale = $desired_locale == "none" ? null : $desired_locale;
@@ -138,8 +140,9 @@ class Admin_Users_Controller extends Controller {
$user->admin = $form->edit_user->admin->checked;
}
$user->save();
+ module::event("user_edit_form_admin_completed", $user, $form);
- message::success(t("Changed user %user_name", array("user_name" => p::clean($user->name))));
+ message::success(t("Changed user %user_name", array("user_name" => $user->name)));
print json_encode(array("result" => "success"));
} else {
print json_encode(array("result" => "error",
@@ -201,7 +204,7 @@ class Admin_Users_Controller extends Controller {
$group = group::create($new_name);
$group->save();
message::success(
- t("Created group %group_name", array("group_name" => p::clean($group->name))));
+ t("Created group %group_name", array("group_name" => $group->name)));
print json_encode(array("result" => "success"));
} else {
print json_encode(array("result" => "error",
@@ -230,7 +233,7 @@ class Admin_Users_Controller extends Controller {
"form" => $form->__toString()));
}
- $message = t("Deleted group %group_name", array("group_name" => p::clean($name)));
+ $message = t("Deleted group %group_name", array("group_name" => $name));
log::success("group", $message);
message::success($message);
print json_encode(array("result" => "success"));
@@ -268,11 +271,11 @@ class Admin_Users_Controller extends Controller {
$group->name = $form->edit_group->inputs["name"]->value;
$group->save();
message::success(
- t("Changed group %group_name", array("group_name" => p::clean($group->name))));
+ t("Changed group %group_name", array("group_name" => $group->name)));
print json_encode(array("result" => "success"));
} else {
message::error(
- t("Failed to change group %group_name", array("group_name" => p::clean($group->name))));
+ t("Failed to change group %group_name", array("group_name" => $group->name)));
print json_encode(array("result" => "error",
"form" => $form->__toString()));
}
diff --git a/modules/user/controllers/login.php b/modules/user/controllers/login.php
index 4d901051..8bee7db5 100644
--- a/modules/user/controllers/login.php
+++ b/modules/user/controllers/login.php
@@ -48,7 +48,7 @@ class Login_Controller extends Controller {
list ($valid, $form) = $this->_auth("login/auth_html");
if ($valid) {
- url::redirect("albums/1");
+ url::redirect(item::root()->abs_url());
} else {
print $form;
}
@@ -63,7 +63,7 @@ class Login_Controller extends Controller {
log::warning(
"user",
t("Failed login for %name",
- array("name" => p::clean($form->login->inputs["name"]->value))));
+ array("name" => $form->login->inputs["name"]->value)));
$form->login->inputs["name"]->add_error("invalid_login", 1);
$valid = false;
}
@@ -71,7 +71,7 @@ class Login_Controller extends Controller {
if ($valid) {
user::login($user);
- log::info("user", t("User %name logged in", array("name" => p::clean($user->name))));
+ log::info("user", t("User %name logged in", array("name" => $user->name)));
}
// Either way, regenerate the session id to avoid session trapping
diff --git a/modules/user/controllers/logout.php b/modules/user/controllers/logout.php
index 63971789..45d397ad 100644
--- a/modules/user/controllers/logout.php
+++ b/modules/user/controllers/logout.php
@@ -19,18 +19,19 @@
*/
class Logout_Controller extends Controller {
public function index() {
- access::verify_csrf();
+ //access::verify_csrf();
$user = user::active();
user::logout();
- log::info("user", t("User %name logged out", array("name" => p::clean($user->name))),
- html::anchor("user/$user->id", p::clean($user->name)));
- if ($this->input->get("continue")) {
- $item = url::get_item_from_uri($this->input->get("continue"));
+ log::info("user", t("User %name logged out", array("name" => $user->name)),
+ html::anchor("user/$user->id", html::clean($user->name)));
+ if ($continue_url = $this->input->get("continue")) {
+ $item = url::get_item_from_uri($continue_url);
if (access::can("view", $item)) {
- url::redirect($this->input->get("continue"));
+ // Don't use url::redirect() because it'll call url::site() and munge the continue url.
+ header("Location: $continue_url");
} else {
- url::redirect("");
+ url::redirect(item::root()->abs_url());
}
}
}
diff --git a/modules/user/controllers/password.php b/modules/user/controllers/password.php
index ed3b9736..92608dcd 100644
--- a/modules/user/controllers/password.php
+++ b/modules/user/controllers/password.php
@@ -29,8 +29,6 @@ class Password_Controller extends Controller {
}
public function do_reset() {
- access::verify_csrf();
-
if (request::method() == "post") {
$this->_change_password();
} else {
@@ -74,7 +72,7 @@ class Password_Controller extends Controller {
log::success(
"user",
- t("Password reset email sent for user %name", array("name" => p::clean($user->name)));
+ t("Password reset email sent for user %name", array("name" => $user->name)));
} else {
// Don't include the username here until you're sure that it's XSS safe
log::warning(
@@ -132,7 +130,7 @@ class Password_Controller extends Controller {
$user->hash = null;
$user->save();
message::success(t("Password reset successfully"));
- url::redirect("albums/1");
+ url::redirect(item::root()->abs_url());
} else {
print $view;
}
diff --git a/modules/user/controllers/users.php b/modules/user/controllers/users.php
index 46f799c5..4ad704f0 100644
--- a/modules/user/controllers/users.php
+++ b/modules/user/controllers/users.php
@@ -36,9 +36,15 @@ class Users_Controller extends REST_Controller {
$user->url = $form->edit_user->url->value;
if ($form->edit_user->locale) {
$desired_locale = $form->edit_user->locale->value;
- $user->locale = $desired_locale == "none" ? null : $desired_locale;
+ $new_locale = $desired_locale == "none" ? null : $desired_locale;
+ if ($new_locale != $user->locale) {
+ // Delete the session based locale preference
+ setcookie("g_locale", "", time() - 24 * 3600, "/");
+ }
+ $user->locale = $new_locale;
}
$user->save();
+ module::event("user_edit_form_completed", $user, $form);
message::success(t("User information updated."));
print json_encode(
diff --git a/modules/user/helpers/group.php b/modules/user/helpers/group.php
index 1dace840..04e6efd6 100644
--- a/modules/user/helpers/group.php
+++ b/modules/user/helpers/group.php
@@ -39,7 +39,6 @@ class group_Core {
$group->name = $name;
$group->save();
- module::event("group_created", $group);
return $group;
}
diff --git a/modules/user/helpers/user.php b/modules/user/helpers/user.php
index a59588f8..b9162b92 100644
--- a/modules/user/helpers/user.php
+++ b/modules/user/helpers/user.php
@@ -34,13 +34,16 @@ class user_Core {
->matches($group->password);
$group->input("email")->label(t("Email"))->id("gEmail")->value($user->email);
$group->input("url")->label(t("URL"))->id("gUrl")->value($user->url);
- $group->submit("")->value(t("Save"));
$form->add_rules_from($user);
+
+ module::event("user_edit_form", $user, $form);
+ $group->submit("")->value(t("Save"));
return $form;
}
static function get_edit_form_admin($user) {
- $form = new Forge("admin/users/edit_user/$user->id", "", "post", array("id" => "gEditUserForm"));
+ $form = new Forge(
+ "admin/users/edit_user/$user->id", "", "post", array("id" => "gEditUserForm"));
$group = $form->group("edit_user")->label(t("Edit User"));
$group->input("name")->label(t("Username"))->id("gUsername")->value($user->name);
$group->inputs["name"]->error_messages(
@@ -53,9 +56,11 @@ class user_Core {
$group->input("email")->label(t("Email"))->id("gEmail")->value($user->email);
$group->input("url")->label(t("URL"))->id("gUrl")->value($user->url);
$group->checkbox("admin")->label(t("Admin"))->id("gAdmin")->checked($user->admin);
- $group->submit("")->value(t("Modify User"));
$form->add_rules_from($user);
$form->edit_user->password->rules("-required");
+
+ module::event("user_edit_form_admin", $user, $form);
+ $group->submit("")->value(t("Modify User"));
return $form;
}
@@ -72,14 +77,19 @@ class user_Core {
$group->input("url")->label(t("URL"))->id("gUrl");
self::_add_locale_dropdown($group);
$group->checkbox("admin")->label(t("Admin"))->id("gAdmin");
- $group->submit("")->value(t("Add User"));
$user = ORM::factory("user");
$form->add_rules_from($user);
+
+ module::event("user_add_form_admin", $user, $form);
+ $group->submit("")->value(t("Add User"));
return $form;
}
private static function _add_locale_dropdown(&$form, $user=null) {
- $locales = locale::installed();
+ $locales = locales::installed();
+ foreach ($locales as $locale => $display_name) {
+ $locales[$locale] = SafeString::of_safe_html($display_name);
+ }
if (count($locales) > 1) {
// Put "none" at the first position in the array
$locales = array_merge(array("" => t("« none »")), $locales);
@@ -152,7 +162,12 @@ class user_Core {
*/
static function active() {
// @todo (maybe) cache this object so we're not always doing session lookups.
- $user = Session::instance()->get("user", self::guest());
+ $user = Session::instance()->get("user", null);
+ if (!isset($user)) {
+ // Don't do this as a fallback in the Session::get() call because it can trigger unnecessary
+ // work.
+ $user = user::guest();
+ }
return $user;
}
@@ -202,7 +217,6 @@ class user_Core {
$user->add(group::registered_users());
$user->save();
- module::event("user_created", $user);
return $user;
}
@@ -325,4 +339,19 @@ class user_Core {
}
return $salt . md5($salt . $password);
}
+
+ static function cookie_locale() {
+ $cookie_data = Input::instance()->cookie("g_locale");
+ $locale = null;
+ if ($cookie_data) {
+ if (preg_match("/^([a-z]{2,3}(?:_[A-Z]{2})?)$/", trim($cookie_data), $matches)) {
+ $requested_locale = $matches[1];
+ $installed_locales = locales::installed();
+ if (isset($installed_locales[$requested_locale])) {
+ $locale = $requested_locale;
+ }
+ }
+ }
+ return $locale;
+ }
} \ No newline at end of file
diff --git a/modules/user/helpers/user_event.php b/modules/user/helpers/user_event.php
index 6515fbfb..ede4e515 100644
--- a/modules/user/helpers/user_event.php
+++ b/modules/user/helpers/user_event.php
@@ -23,10 +23,30 @@ class user_event_Core {
*/
static function gallery_ready() {
user::load_user();
+ self::set_request_locale();
+ }
+
+ static function admin_menu($menu, $theme) {
+ $menu->add_after("appearance_menu",
+ Menu::factory("link")
+ ->id("users_groups")
+ ->label(t("Users/Groups"))
+ ->url(url::site("admin/users")));
+ }
- $locale = user::active()->locale;
- if (!empty($locale)) {
- // TODO(andy_st): Check session data as well.
+ static function set_request_locale() {
+ // 1. Check the session specific preference (cookie)
+ $locale = user::cookie_locale();
+ // 2. Check the user's preference
+ if (!$locale) {
+ $locale = user::active()->locale;
+ }
+ // 3. Check the browser's / OS' preference
+ if (!$locale) {
+ $locale = locales::locale_from_http_request();
+ }
+ // If we have any preference, override the site's default locale
+ if ($locale) {
I18n::instance()->locale($locale);
}
}
diff --git a/modules/user/helpers/user_installer.php b/modules/user/helpers/user_installer.php
index 1959d038..8ef4f13d 100644
--- a/modules/user/helpers/user_installer.php
+++ b/modules/user/helpers/user_installer.php
@@ -36,7 +36,7 @@ class user_installer {
PRIMARY KEY (`id`),
UNIQUE KEY(`hash`),
UNIQUE KEY(`name`))
- ENGINE=InnoDB DEFAULT CHARSET=utf8;");
+ DEFAULT CHARSET=utf8;");
$db->query("CREATE TABLE IF NOT EXISTS {groups} (
`id` int(9) NOT NULL auto_increment,
@@ -44,14 +44,14 @@ class user_installer {
`special` BOOLEAN default 0,
PRIMARY KEY (`id`),
UNIQUE KEY(`name`))
- ENGINE=InnoDB DEFAULT CHARSET=utf8;");
+ DEFAULT CHARSET=utf8;");
$db->query("CREATE TABLE IF NOT EXISTS {groups_users} (
`group_id` int(9) NOT NULL,
`user_id` int(9) NOT NULL,
PRIMARY KEY (`group_id`, `user_id`),
UNIQUE KEY(`user_id`, `group_id`))
- ENGINE=InnoDB DEFAULT CHARSET=utf8;");
+ DEFAULT CHARSET=utf8;");
$everybody = group::create("Everybody");
$everybody->special = true;
diff --git a/modules/user/helpers/user_menu.php b/modules/user/helpers/user_menu.php
deleted file mode 100644
index 05e401f9..00000000
--- a/modules/user/helpers/user_menu.php
+++ /dev/null
@@ -1,28 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.");
-/**
- * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2009 Bharat Mediratta
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at
- * your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
- */
-class user_menu_Core {
- static function admin($menu, $theme) {
- $menu->add_after("appearance_menu",
- Menu::factory("link")
- ->id("users_groups")
- ->label(t("Users/Groups"))
- ->url(url::site("admin/users")));
- }
-}
diff --git a/modules/user/helpers/user_theme.php b/modules/user/helpers/user_theme.php
index ad9d4c63..098d87fd 100644
--- a/modules/user/helpers/user_theme.php
+++ b/modules/user/helpers/user_theme.php
@@ -18,15 +18,36 @@
* Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
*/
class user_theme_Core {
+ static function head($theme) {
+ if (count(locales::installed())) {
+ // Needed by the languages block
+ $theme->script("jquery.cookie.js");
+ }
+ return "";
+ }
+
static function header_top($theme) {
- $view = new View("login.html");
- $view->user = user::active();
- return $view->render();
+ if ($theme->page_type != "login") {
+ $view = new View("login.html");
+ $view->user = user::active();
+ return $view->render();
+ }
}
- static function admin_head($theme) {
- if (strpos(Router::$current_uri, "admin/users") !== false) {
- $theme->script("lib/gallery.panel.js");
+ static function sidebar_blocks($theme) {
+ $locales = locales::installed();
+ foreach ($locales as $locale => $display_name) {
+ $locales[$locale] = SafeString::of_safe_html($display_name);
+ }
+ if (count($locales) > 1) {
+ $block = new Block();
+ $block->css_id = "gUserLanguageBlock";
+ $block->title = t("Language Preference");
+ $block->content = new View("user_languages_block.html");
+ $block->content->installed_locales =
+ array_merge(array("" => t("« none »")), $locales);
+ $block->content->selected = (string) user::cookie_locale();
+ return $block;
}
}
}
diff --git a/modules/user/models/group.php b/modules/user/models/group.php
index 45948887..8af78012 100644
--- a/modules/user/models/group.php
+++ b/modules/user/models/group.php
@@ -27,7 +27,22 @@ class Group_Model extends ORM {
* @see ORM::delete()
*/
public function delete($id=null) {
+ $old = clone $this;
module::event("group_before_delete", $this);
parent::delete($id);
+ module::event("group_deleted", $old);
+ }
+
+ public function save() {
+ if (!$this->loaded) {
+ $created = 1;
+ }
+ parent::save();
+ if (isset($created)) {
+ module::event("group_created", $this);
+ } else {
+ module::event("group_updated", $this->original(), $this);
+ }
+ return $this;
}
} \ No newline at end of file
diff --git a/modules/user/models/user.php b/modules/user/models/user.php
index b447892e..55562f34 100644
--- a/modules/user/models/user.php
+++ b/modules/user/models/user.php
@@ -25,6 +25,7 @@ class User_Model extends ORM {
"full_name" => "length[0,255]",
"email" => "valid_email|length[1,255]",
"password" => "length[1,40]",
+ "url" => "valid_url",
"locale" => "length[2,10]");
public function __set($column, $value) {
@@ -44,8 +45,10 @@ class User_Model extends ORM {
* @see ORM::delete()
*/
public function delete($id=null) {
+ $old = clone $this;
module::event("user_before_delete", $this);
parent::delete($id);
+ module::event("user_deleted", $old);
}
/**
@@ -57,4 +60,26 @@ class User_Model extends ORM {
return sprintf("http://www.gravatar.com/avatar/%s.jpg?s=%d&r=pg%s",
md5($this->email), $size, $default ? "&d=" . urlencode($default) : "");
}
+
+ public function save() {
+ if (!$this->loaded) {
+ $created = 1;
+ }
+ parent::save();
+ if (isset($created)) {
+ module::event("user_created", $this);
+ } else {
+ module::event("user_updated", $this->original(), $this);
+ }
+ return $this;
+ }
+
+ /**
+ * Return the best version of the user's name. Either their specified full name, or fall back
+ * to the user name.
+ * @return string
+ */
+ public function display_name() {
+ return empty($this->full_name) ? $this->name : $this->full_name;
+ }
} \ No newline at end of file
diff --git a/modules/user/views/admin_users.html.php b/modules/user/views/admin_users.html.php
index b469f82d..c065e4b1 100644
--- a/modules/user/views/admin_users.html.php
+++ b/modules/user/views/admin_users.html.php
@@ -28,7 +28,7 @@
{},
function(data) {
$("#group-" + group_id).html(data);
- $("#group-" + group_id + " .gDialogLink").bind("click", handleDialogEvent);
+ $("#group-" + group_id + " .gDialogLink").gallery_dialog();
});
}
@@ -44,7 +44,7 @@
<div class="gBlock">
<a href="<?= url::site("admin/users/add_user_form") ?>"
class="gDialogLink gButtonLink right ui-icon-left ui-state-default ui-corner-all"
- title="<?= t("Create a new user") ?>">
+ title="<?= t("Create a new user")->for_html_attr() ?>">
<span class="ui-icon ui-icon-circle-plus"></span>
<?= t("Add a new user") ?>
</a>
@@ -66,18 +66,18 @@
<? foreach ($users as $i => $user): ?>
<tr id="gUser-<?= $user->id ?>" class="<?= text::alternate("gOddRow", "gEvenRow") ?> user <?= $user->admin ? "admin" : "" ?>">
<td id="user-<?= $user->id ?>" class="core-info gDraggable">
- <img src="<?= $user->avatar_url(20, $theme->theme_url("images/avatar.jpg", true)) ?>"
- title="<?= t("Drag user onto group below to add as a new member") ?>"
- alt="<?= p::clean($user->name) ?>"
+ <img src="<?= $user->avatar_url(20, $theme->url("images/avatar.jpg", true)) ?>"
+ title="<?= t("Drag user onto group below to add as a new member")->for_html_attr() ?>"
+ alt="<?= html::clean_attribute($user->name) ?>"
width="20"
height="20" />
- <?= p::clean($user->name) ?>
+ <?= html::clean($user->name) ?>
</td>
<td>
- <?= p::clean($user->full_name) ?>
+ <?= html::clean($user->full_name) ?>
</td>
<td>
- <?= p::clean($user->email) ?>
+ <?= html::clean($user->email) ?>
</td>
<td>
<?= ($user->last_login == 0) ? "" : gallery::date($user->last_login) ?>
@@ -92,7 +92,7 @@
class="gDialogLink gButtonLink ui-state-default ui-corner-all ui-icon-left">
<span class="ui-icon ui-icon-trash"></span><?= t("delete") ?></a>
<? else: ?>
- <span title="<?= t("This user cannot be deleted") ?>"
+ <span title="<?= t("This user cannot be deleted")->for_html_attr() ?>"
class="gButtonLink ui-state-disabled ui-corner-all ui-icon-left">
<span class="ui-icon ui-icon-trash"></span><?= t("delete") ?></span>
<? endif ?>
@@ -106,7 +106,7 @@
<div id="gGroupAdmin" class="gBlock">
<a href="<?= url::site("admin/users/add_group_form") ?>"
class="gDialogLink gButtonLink right ui-icon-left ui-state-default ui-corner-all"
- title="<?= t("Create a new group") ?>">
+ title="<?= t("Create a new group")->for_html_attr() ?>">
<span class="ui-icon ui-icon-circle-plus"></span>
<?= t("Add a new group") ?>
</a>
diff --git a/modules/user/views/admin_users_group.html.php b/modules/user/views/admin_users_group.html.php
index bfd79dba..476e0817 100644
--- a/modules/user/views/admin_users_group.html.php
+++ b/modules/user/views/admin_users_group.html.php
@@ -1,13 +1,13 @@
<?php defined("SYSPATH") or die("No direct script access.") ?>
<h4>
- <?= p::clean($group->name) ?>
+ <?= html::clean($group->name) ?>
<? if (!$group->special): ?>
<a href="<?= url::site("admin/users/delete_group_form/$group->id") ?>"
- title="<?= t("Delete the %name group", array("name" => p::clean($group->name))) ?>"
+ title="<?= t("Delete the %name group", array("name" => $group->name))->for_html_attr() ?>"
class="gDialogLink gButtonLink ui-state-default ui-corner-all">
<span class="ui-icon ui-icon-trash"><?= t("delete") ?></span></a>
<? else: ?>
- <a title="<?= t("This default group cannot be deleted") ?>"
+ <a title="<?= t("This default group cannot be deleted")->for_html_attr() ?>"
class="gDialogLink gButtonLink ui-state-disabled ui-corner-all ui-icon-left">
<span class="ui-icon ui-icon-trash"><?= t("delete") ?></span></a>
<? endif ?>
@@ -17,12 +17,12 @@
<ul>
<? foreach ($group->users as $i => $user): ?>
<li class="gUser">
- <?= p::clean($user->name) ?>
+ <?= html::clean($user->name) ?>
<? if (!$group->special): ?>
<a href="javascript:remove_user(<?= $user->id ?>, <?= $group->id ?>)"
class="gButtonLink ui-state-default ui-corner-all ui-icon-left"
title="<?= t("Remove %user from %group group",
- array("user" => p::clean($user->name), "group" => p::clean($group->name))) ?>">
+ array("user" => $user->name, "group" => $group->name))->for_html_attr() ?>">
<span class="ui-icon ui-icon-closethick"><?= t("remove") ?></span>
</a>
<? endif ?>
diff --git a/modules/user/views/login.html.php b/modules/user/views/login.html.php
index 7617d131..bb670d51 100644
--- a/modules/user/views/login.html.php
+++ b/modules/user/views/login.html.php
@@ -3,19 +3,19 @@
<? if ($user->guest): ?>
<li class="first">
<a href="<?= url::site("login/ajax") ?>"
- title="<?= t("Login to Gallery") ?>"
+ title="<?= t("Login to Gallery")->for_html_attr() ?>"
id="gLoginLink"><?= t("Login") ?></a>
</li>
<? else: ?>
<li class="first">
- <?= t('Logged in as %name', array('name' =>
- '<a href="' . url::site("form/edit/users/{$user->id}") .
- '" title="' . t("Edit Your Profile") .
+ <?= t('Logged in as %name', array('name' => html::mark_clean(
+ '<a href="' . url::site("form/edit/users/{$user->id}") .
+ '" title="' . t("Edit Your Profile")->for_html_attr() .
'" id="gUserProfileLink" class="gDialogLink">' .
- p::clean(empty($user->full_name) ? $user->name : $user->full_name) . '</a>')) ?>
+ html::clean($user->display_name()) . '</a>'))) ?>
</li>
<li>
- <a href="<?= url::site("logout?csrf=$csrf&continue=" . url::current(true)) ?>"
+ <a href="<?= url::site("logout?csrf=$csrf&amp;continue=" . urlencode(url::current(true))) ?>"
id="gLogoutLink"><?= t("Logout") ?></a>
</li>
<? endif ?>
diff --git a/modules/user/views/login_ajax.html.php b/modules/user/views/login_ajax.html.php
index 56a6f111..56bc1cbd 100644
--- a/modules/user/views/login_ajax.html.php
+++ b/modules/user/views/login_ajax.html.php
@@ -6,7 +6,7 @@
url: "<?= url::site("password/reset") ?>",
success: function(data) {
$("div#gLoginView").html(data);
- $("#ui-dialog-title-gDialog").text("<?= t("Reset Password") ?>");
+ $("#ui-dialog-title-gDialog").html(<?= t("Reset Password")->for_js() ?>);
ajaxify_login_reset_form();
}
});
@@ -38,7 +38,7 @@
</div>
</li>
<li>
- <a href="#" id="gForgotPasswordLink"><?= t("Forgot your Password?") ?></a>
+ <a href="#" id="gForgotPasswordLink"><?= t("Forgot Your Password?") ?></a>
</li>
</ul>
</div>
diff --git a/modules/user/views/reset_password.html.php b/modules/user/views/reset_password.html.php
index 4c4672ee..92ca4917 100644
--- a/modules/user/views/reset_password.html.php
+++ b/modules/user/views/reset_password.html.php
@@ -6,10 +6,12 @@
<body>
<h2><?= t("Password Reset Request") ?> </h2>
<p>
- <?= t("Hello, %name,", array("name" => p::clean($user->full_name ? $user->full_name : $user->name))) ?>
+ <?= t("Hello, %name,", array("name" => $user->full_name ? $user->full_name : $user->name)) ?>
</p>
<p>
- <?= t("We received a request to reset your password for <a href=\"%site_url\">%site_url</a>. If you made this request, you can confirm it by <a href=\"%confirm_url\">clicking this link</a>. If you didn't request this password reset, it's ok to ignore this mail.", array("site_url" => url::base(false, "http"), "confirm_url" => $confirm_url)) ?>
+ <?= t("We received a request to reset your password for <a href=\"%site_url\">%site_url</a>. If you made this request, you can confirm it by <a href=\"%confirm_url\">clicking this link</a>. If you didn't request this password reset, it's ok to ignore this mail.",
+ array("site_url" => html::mark_clean(url::base(false, "http")),
+ "confirm_url" => $confirm_url)) ?>
</p>
</body>
</html>
diff --git a/modules/user/views/user_languages_block.html.php b/modules/user/views/user_languages_block.html.php
new file mode 100644
index 00000000..b5ae674c
--- /dev/null
+++ b/modules/user/views/user_languages_block.html.php
@@ -0,0 +1,19 @@
+<?php defined("SYSPATH") or die("No direct script access.") ?>
+<?= form::dropdown("gSelectSessionLocale", $installed_locales, $selected) ?>
+<script type="text/javascript">
+ $("#gSelectSessionLocale").change(function() {
+ var old_locale_preference = <?= html::js_string($selected) ?>;
+ var locale = $(this).val();
+ if (old_locale_preference == locale) {
+ return;
+ }
+
+ var expires = -1;
+ if (locale) {
+ expires = 365;
+ }
+ $.cookie("g_locale", locale, {"expires": expires, "path": "/"});
+ window.location.reload(true);
+ });
+</script>
+
generated by cgit v1.2.3 (git 2.46.0) at 2025-10-14 13:42:14 +0000