summaryrefslogtreecommitdiff
path: root/modules/user
diff options
context:
space:
mode:
Diffstat (limited to 'modules/user')
-rw-r--r--modules/user/controllers/admin_users.php14
-rw-r--r--modules/user/controllers/login.php4
-rw-r--r--modules/user/controllers/logout.php4
-rw-r--r--modules/user/controllers/password.php2
-rw-r--r--modules/user/views/admin_users.html.php8
-rw-r--r--modules/user/views/admin_users_group.html.php8
-rw-r--r--modules/user/views/login.html.php8
-rw-r--r--modules/user/views/reset_password.html.php6
8 files changed, 28 insertions, 26 deletions
diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php
index f87602b8..521f82fa 100644
--- a/modules/user/controllers/admin_users.php
+++ b/modules/user/controllers/admin_users.php
@@ -51,7 +51,7 @@ class Admin_Users_Controller extends Controller {
$user->save();
module::event("user_add_form_admin_completed", $user, $form);
- message::success(t("Created user %user_name", array("user_name" => p::clean($user->name))));
+ message::success(t("Created user %user_name", array("user_name" => $user->name)));
print json_encode(array("result" => "success"));
} else {
print json_encode(array("result" => "error",
@@ -84,7 +84,7 @@ class Admin_Users_Controller extends Controller {
"form" => $form->__toString()));
}
- $message = t("Deleted user %user_name", array("user_name" => p::clean($name)));
+ $message = t("Deleted user %user_name", array("user_name" => $name));
log::success("user", $message);
message::success($message);
print json_encode(array("result" => "success"));
@@ -142,7 +142,7 @@ class Admin_Users_Controller extends Controller {
$user->save();
module::event("user_edit_form_admin_completed", $user, $form);
- message::success(t("Changed user %user_name", array("user_name" => p::clean($user->name))));
+ message::success(t("Changed user %user_name", array("user_name" => $user->name)));
print json_encode(array("result" => "success"));
} else {
print json_encode(array("result" => "error",
@@ -204,7 +204,7 @@ class Admin_Users_Controller extends Controller {
$group = group::create($new_name);
$group->save();
message::success(
- t("Created group %group_name", array("group_name" => p::clean($group->name))));
+ t("Created group %group_name", array("group_name" => $group->name)));
print json_encode(array("result" => "success"));
} else {
print json_encode(array("result" => "error",
@@ -233,7 +233,7 @@ class Admin_Users_Controller extends Controller {
"form" => $form->__toString()));
}
- $message = t("Deleted group %group_name", array("group_name" => p::clean($name)));
+ $message = t("Deleted group %group_name", array("group_name" => $name));
log::success("group", $message);
message::success($message);
print json_encode(array("result" => "success"));
@@ -271,11 +271,11 @@ class Admin_Users_Controller extends Controller {
$group->name = $form->edit_group->inputs["name"]->value;
$group->save();
message::success(
- t("Changed group %group_name", array("group_name" => p::clean($group->name))));
+ t("Changed group %group_name", array("group_name" => $group->name)));
print json_encode(array("result" => "success"));
} else {
message::error(
- t("Failed to change group %group_name", array("group_name" => p::clean($group->name))));
+ t("Failed to change group %group_name", array("group_name" => $group->name)));
print json_encode(array("result" => "error",
"form" => $form->__toString()));
}
diff --git a/modules/user/controllers/login.php b/modules/user/controllers/login.php
index 4d901051..b81b17b2 100644
--- a/modules/user/controllers/login.php
+++ b/modules/user/controllers/login.php
@@ -63,7 +63,7 @@ class Login_Controller extends Controller {
log::warning(
"user",
t("Failed login for %name",
- array("name" => p::clean($form->login->inputs["name"]->value))));
+ array("name" => $form->login->inputs["name"]->value)));
$form->login->inputs["name"]->add_error("invalid_login", 1);
$valid = false;
}
@@ -71,7 +71,7 @@ class Login_Controller extends Controller {
if ($valid) {
user::login($user);
- log::info("user", t("User %name logged in", array("name" => p::clean($user->name))));
+ log::info("user", t("User %name logged in", array("name" => $user->name)));
}
// Either way, regenerate the session id to avoid session trapping
diff --git a/modules/user/controllers/logout.php b/modules/user/controllers/logout.php
index 099b1952..fc3ced56 100644
--- a/modules/user/controllers/logout.php
+++ b/modules/user/controllers/logout.php
@@ -23,8 +23,8 @@ class Logout_Controller extends Controller {
$user = user::active();
user::logout();
- log::info("user", t("User %name logged out", array("name" => p::clean($user->name))),
- html::anchor("user/$user->id", p::clean($user->name)));
+ log::info("user", t("User %name logged out", array("name" => $user->name)),
+ html::anchor("user/$user->id", html::clean($user->name)));
if ($continue_url = $this->input->get("continue")) {
$item = url::get_item_from_uri($continue_url);
if (access::can("view", $item)) {
diff --git a/modules/user/controllers/password.php b/modules/user/controllers/password.php
index 7c432701..a6522369 100644
--- a/modules/user/controllers/password.php
+++ b/modules/user/controllers/password.php
@@ -72,7 +72,7 @@ class Password_Controller extends Controller {
log::success(
"user",
- t("Password reset email sent for user %name", array("name" => p::clean($user->name))));
+ t("Password reset email sent for user %name", array("name" => $user->name)));
} else {
// Don't include the username here until you're sure that it's XSS safe
log::warning(
diff --git a/modules/user/views/admin_users.html.php b/modules/user/views/admin_users.html.php
index 9bd4c068..9455f9d9 100644
--- a/modules/user/views/admin_users.html.php
+++ b/modules/user/views/admin_users.html.php
@@ -68,16 +68,16 @@
<td id="user-<?= $user->id ?>" class="core-info gDraggable">
<img src="<?= $user->avatar_url(20, $theme->url("images/avatar.jpg", true)) ?>"
title="<?= t("Drag user onto group below to add as a new member") ?>"
- alt="<?= p::clean($user->name) ?>"
+ alt="<?= html::clean($user->name) ?>"
width="20"
height="20" />
- <?= p::clean($user->name) ?>
+ <?= html::clean($user->name) ?>
</td>
<td>
- <?= p::clean($user->full_name) ?>
+ <?= html::clean($user->full_name) ?>
</td>
<td>
- <?= p::clean($user->email) ?>
+ <?= html::clean($user->email) ?>
</td>
<td>
<?= ($user->last_login == 0) ? "" : gallery::date($user->last_login) ?>
diff --git a/modules/user/views/admin_users_group.html.php b/modules/user/views/admin_users_group.html.php
index bfd79dba..8418ebc9 100644
--- a/modules/user/views/admin_users_group.html.php
+++ b/modules/user/views/admin_users_group.html.php
@@ -1,9 +1,9 @@
<?php defined("SYSPATH") or die("No direct script access.") ?>
<h4>
- <?= p::clean($group->name) ?>
+ <?= html::clean($group->name) ?>
<? if (!$group->special): ?>
<a href="<?= url::site("admin/users/delete_group_form/$group->id") ?>"
- title="<?= t("Delete the %name group", array("name" => p::clean($group->name))) ?>"
+ title="<?= t("Delete the %name group", array("name" => $group->name)) ?>"
class="gDialogLink gButtonLink ui-state-default ui-corner-all">
<span class="ui-icon ui-icon-trash"><?= t("delete") ?></span></a>
<? else: ?>
@@ -17,12 +17,12 @@
<ul>
<? foreach ($group->users as $i => $user): ?>
<li class="gUser">
- <?= p::clean($user->name) ?>
+ <?= html::clean($user->name) ?>
<? if (!$group->special): ?>
<a href="javascript:remove_user(<?= $user->id ?>, <?= $group->id ?>)"
class="gButtonLink ui-state-default ui-corner-all ui-icon-left"
title="<?= t("Remove %user from %group group",
- array("user" => p::clean($user->name), "group" => p::clean($group->name))) ?>">
+ array("user" => $user->name, "group" => $group->name)) ?>">
<span class="ui-icon ui-icon-closethick"><?= t("remove") ?></span>
</a>
<? endif ?>
diff --git a/modules/user/views/login.html.php b/modules/user/views/login.html.php
index 10ed31b2..dfd09661 100644
--- a/modules/user/views/login.html.php
+++ b/modules/user/views/login.html.php
@@ -8,11 +8,11 @@
</li>
<? else: ?>
<li class="first">
- <?= t('Logged in as %name', array('name' =>
- '<a href="' . url::site("form/edit/users/{$user->id}") .
- '" title="' . t("Edit Your Profile") .
+ <?= t('Logged in as %name', array('name' => html::mark_safe(
+ '<a href="' . url::site("form/edit/users/{$user->id}") .
+ '" title="' . t("Edit Your Profile")->for_html_attr() .
'" id="gUserProfileLink" class="gDialogLink">' .
- p::clean($user->display_name()) . '</a>')) ?>
+ html::clean($user->display_name()) . '</a>'))) ?>
</li>
<li>
<a href="<?= url::site("logout?csrf=$csrf&amp;continue=" . urlencode(url::current(true))) ?>"
diff --git a/modules/user/views/reset_password.html.php b/modules/user/views/reset_password.html.php
index 4c4672ee..4097bb82 100644
--- a/modules/user/views/reset_password.html.php
+++ b/modules/user/views/reset_password.html.php
@@ -6,10 +6,12 @@
<body>
<h2><?= t("Password Reset Request") ?> </h2>
<p>
- <?= t("Hello, %name,", array("name" => p::clean($user->full_name ? $user->full_name : $user->name))) ?>
+ <?= t("Hello, %name,", array("name" => $user->full_name ? $user->full_name : $user->name)) ?>
</p>
<p>
- <?= t("We received a request to reset your password for <a href=\"%site_url\">%site_url</a>. If you made this request, you can confirm it by <a href=\"%confirm_url\">clicking this link</a>. If you didn't request this password reset, it's ok to ignore this mail.", array("site_url" => url::base(false, "http"), "confirm_url" => $confirm_url)) ?>
+ <?= t("We received a request to reset your password for <a href=\"%site_url\">%site_url</a>. If you made this request, you can confirm it by <a href=\"%confirm_url\">clicking this link</a>. If you didn't request this password reset, it's ok to ignore this mail.",
+ array("site_url" => html::mark_safe(url::base(false, "http")),
+ "confirm_url" => $confirm_url)) ?>
</p>
</body>
</html>
generated by cgit v1.2.3 (git 2.46.0) at 2025-10-13 19:17:21 +0000