diff options
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/comment/views/admin_block_recent_comments.html.php | 3 | ||||
| -rw-r--r-- | modules/comment/views/comment.html.php | 3 | ||||
| -rw-r--r-- | modules/comment/views/comments.html.php | 3 | ||||
| -rw-r--r-- | modules/gallery/controllers/user_profile.php | 80 | ||||
| -rw-r--r-- | modules/gallery/helpers/gallery_event.php | 4 | ||||
| -rw-r--r-- | modules/gallery/helpers/user_profile.php | 55 | ||||
| -rw-r--r-- | modules/gallery/tests/controller_auth_data.txt | 3 | ||||
| -rw-r--r-- | modules/gallery/tests/xss_data.txt | 51 | ||||
| -rw-r--r-- | modules/gallery/views/admin_block_log_entries.html.php | 2 | ||||
| -rw-r--r-- | modules/gallery/views/login_current_user.html.php | 8 | ||||
| -rw-r--r-- | modules/gallery/views/user_profile.html.php | 69 | ||||
| -rw-r--r-- | modules/recaptcha/helpers/recaptcha_event.php | 6 |
12 files changed, 253 insertions, 34 deletions
diff --git a/modules/comment/views/admin_block_recent_comments.html.php b/modules/comment/views/admin_block_recent_comments.html.php index d9776def..99f72a30 100644 --- a/modules/comment/views/admin_block_recent_comments.html.php +++ b/modules/comment/views/admin_block_recent_comments.html.php @@ -8,8 +8,9 @@ width="32" height="32" /> <?= gallery::date_time($comment->created) ?> - <?= t('<a href="#">%author_name</a> said <em>%comment_text</em>', + <?= t('<a href="%url">%author_name</a> said <em>%comment_text</em>', array("author_name" => html::clean($comment->author_name()), + "url" => user_profile::url($comment->author_id), "comment_text" => text::limit_words(nl2br(html::purify($comment->text)), 50))); ?> </li> <? endforeach ?> diff --git a/modules/comment/views/comment.html.php b/modules/comment/views/comment.html.php index 2c485b53..c4cf1ce0 100644 --- a/modules/comment/views/comment.html.php +++ b/modules/comment/views/comment.html.php @@ -8,8 +8,9 @@ width="40" height="40" /> </a> - <?= t("on %date_time, <a href=\"#\">%name</a> said", + <?= t("on %date_time, <a href=\"%url\">%name</a> said", array("date_time" => gallery::date_time($comment->created), + "url" => user_profile::url($comment->author_id), "name" => html::clean($comment->author_name()))) ?> </p> <div> diff --git a/modules/comment/views/comments.html.php b/modules/comment/views/comments.html.php index fc54e3d2..c8236997 100644 --- a/modules/comment/views/comments.html.php +++ b/modules/comment/views/comments.html.php @@ -22,8 +22,9 @@ width="40" height="40" /> </a> - <?= t('on %date <a href="#">%name</a> said', + <?= t('on %date <a href="%url">%name</a> said', array("date" => date("Y-M-d H:i:s", $comment->created), + "url" => user_profile::url($comment->author_id), "name" => html::clean($comment->author_name()))); ?> </p> <div> diff --git a/modules/gallery/controllers/user_profile.php b/modules/gallery/controllers/user_profile.php new file mode 100644 index 00000000..808531da --- /dev/null +++ b/modules/gallery/controllers/user_profile.php @@ -0,0 +1,80 @@ +<?php defined("SYSPATH") or die("No direct script access."); +/** + * Gallery - a web based photo album viewer and editor + * Copyright (C) 2000-2009 Bharat Mediratta + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or (at + * your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. + */ +class User_Profile_Controller extends Controller { + public function show($id) { + // If we get here, then we should have a user id other than guest. + $user = identity::lookup_user($id); + $active_user = identity::active_user(); + $is_current_active = $active_user->id == $id; + $display_all = $active_user->admin || ($is_current_active && !$active_user->guest); + + $v = new Theme_View("page.html", "other", "profile"); + $v->page_title = t("%name Profile", array("name" => $user->display_name())); + $v->content = new View("user_profile.html"); + + // @todo modify user_home to supply a link to their album, + // @todo add list of watches + // @todo add all comments + // @todo add rest api key + $v->content->user = $user; + $v->content->height = 250; + $v->content->not_current = !$is_current_active; + $v->content->editable = identity::is_writable() && $display_all; + $v->content->return = SafeString::of(Input::instance()->get("return")); + + $fields = array("name" => t("Name"), "locale" => t("Locale"), "email" => t("Email"), + "full_name" => t("Full name"), "url" => "Web site"); + if (!$display_all) { + $fields = array("name" => t("Name"), "full_name" => t("Full name"), "url" => "Web site"); + } + $v->content->fields = array(); + foreach ($fields as $field => $label) { + if (!empty($user->$field)) { + $v->content->fields[(string)$label->for_html()] = $user->$field; + } + } + + print $v; + } + + public function contact($id) { + $user = identity::lookup_user($id); + print user_profile::get_contact_form($user); + } + + public function send($id) { + $user = identity::lookup_user($id); + $form = user_profile::get_contact_form($user); + if ($form->validate()) { + Sendmail::factory() + ->to($user->email) + ->subject($form->message->subject->value) + ->header("Mime-Version", "1.0") + ->header("Content-type", "text/html; charset=iso-8859-1") + ->reply_to($form->message->reply_to->value) + ->message($form->message->message->value) + ->send(); + message::success(t("Sent message to %user_name", array("user_name" => $user->display_name()))); + print json_encode(array("result" => "success")); + } else { + print json_encode(array("result" => "error", "form" => (string)$form)); + } + } +} diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php index 6175e049..29940ac6 100644 --- a/modules/gallery/helpers/gallery_event.php +++ b/modules/gallery/helpers/gallery_event.php @@ -111,11 +111,11 @@ class gallery_event_Core { ->label(t("Login"))); } else { $csrf = access::csrf_token(); - $menu->append(Menu::factory("dialog") + $menu->append(Menu::factory("link") ->id("user_menu_edit_profile") ->css_id("g-user-profile-link") ->view("login_current_user.html") - ->url(url::site("form/edit/user/{$user->id}")) + ->url(user_profile::url($user->id)) ->label($user->display_name())); $menu->append(Menu::factory("link") ->id("user_menu_logout") diff --git a/modules/gallery/helpers/user_profile.php b/modules/gallery/helpers/user_profile.php new file mode 100644 index 00000000..018e1bd1 --- /dev/null +++ b/modules/gallery/helpers/user_profile.php @@ -0,0 +1,55 @@ +<?php defined("SYSPATH") or die("No direct script access."); +/** + * Gallery - a web based photo album viewer and editor + * Copyright (C) 2000-2009 Bharat Mediratta + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or (at + * your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. + */ + +class user_profile_Core { + /** + * Generate the url to display the profile + * @return url for the profile display + */ + static function url($user_id) { + $return_url = urlencode(url::abs_current()); + return url::site("user_profile/show/{$user_id}?return=$return_url"); + } + + static function get_contact_form($user) { + $form = new Forge("user_profile/send/{$user->id}", "", "post", + array("id" => "g-user-profile-contact-form")); + $group = $form->group("message") + ->label(t("Compose message to %name", array("name" => $user->display_name()))); + $group->input("reply_to") + ->label(t("From:")) + ->rules("required|length[1, 256]|valid_email") + ->error_messages("required", t("Field is required")) + ->error_messages("max_length", t("Field exceeds 256 bytes")) + ->error_messages("valid_email", t("Field is not a valid email address")); + $group->input("subject") + ->label(t("Subject:")) + ->rules("required|length[1, 256]") + ->error_messages("required", t("Field is required")) + ->error_messages("max_length", t("Field exceeds 256 bytes")); + $group->textarea("message") + ->label(t("Message:")) + ->rules("required") + ->error_messages("required", t("Field is required")); + module::event("user_profile_contact_form", $form); + $group->submit("")->value(t("Send")); + return $form; + } +} diff --git a/modules/gallery/tests/controller_auth_data.txt b/modules/gallery/tests/controller_auth_data.txt index beabee49..da7108d8 100644 --- a/modules/gallery/tests/controller_auth_data.txt +++ b/modules/gallery/tests/controller_auth_data.txt @@ -19,6 +19,9 @@ modules/gallery/controllers/quick.php form_edit modules/gallery/controllers/simple_uploader.php start DIRTY_AUTH modules/gallery/controllers/simple_uploader.php finish DIRTY_AUTH modules/gallery/controllers/upgrader.php index DIRTY_AUTH +modules/gallery/controllers/user_profile.php show DIRTY_CSRF|DIRTY_AUTH +modules/gallery/controllers/user_profile.php contact DIRTY_AUTH +modules/gallery/controllers/user_profile.php send DIRTY_AUTH modules/gallery/controllers/welcome_message.php index DIRTY_AUTH modules/rest/controllers/rest.php access_key DIRTY_CSRF|DIRTY_AUTH modules/rest/controllers/rest.php __call DIRTY_AUTH diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt index 1530c73e..a89725c0 100644 --- a/modules/gallery/tests/xss_data.txt +++ b/modules/gallery/tests/xss_data.txt @@ -43,6 +43,7 @@ modules/g2_import/views/admin_g2_import.html.php 30 DIRTY $form modules/gallery/views/admin_advanced_settings.html.php 21 DIRTY_ATTR text::alternate("g-odd","g-even") modules/gallery/views/admin_advanced_settings.html.php 22 DIRTY $var->module_name modules/gallery/views/admin_block_log_entries.html.php 4 DIRTY_ATTR log::severity_class($entry->severity) +modules/gallery/views/admin_block_log_entries.html.php 5 DIRTY_JS user_profile::url($entryr->id) modules/gallery/views/admin_block_log_entries.html.php 6 DIRTY gallery::date_time($entry->timestamp) modules/gallery/views/admin_block_log_entries.html.php 7 DIRTY $entry->message modules/gallery/views/admin_block_log_entries.html.php 8 DIRTY $entry->html @@ -66,11 +67,6 @@ modules/gallery/views/admin_graphics_graphicsmagick.html.php 18 DIRTY $tk->e modules/gallery/views/admin_graphics_imagemagick.html.php 2 DIRTY_ATTR $is_active?" g-selected":"" modules/gallery/views/admin_graphics_imagemagick.html.php 2 DIRTY_ATTR $tk->installed?" g-installed-toolkit":" g-unavailable" modules/gallery/views/admin_graphics_imagemagick.html.php 18 DIRTY $tk->error -modules/gallery/views/admin_identity.html.php 43 DIRTY access::csrf_form_field() -modules/gallery/views/admin_identity.html.php 50 DIRTY_ATTR text::alternate("g-odd","g-even") -modules/gallery/views/admin_identity.html.php 52 DIRTY form::radio($data,$module_name,$module_name==$active) -modules/gallery/views/admin_identity_confirm.html.php 3 DIRTY access::csrf_form_field() -modules/gallery/views/admin_identity_confirm.html.php 4 DIRTY form::hidden("provider",$new_provider) modules/gallery/views/admin_languages.html.php 43 DIRTY access::csrf_form_field() modules/gallery/views/admin_languages.html.php 60 DIRTY_ATTR (isset($installed_locales[$code]))?"g-available":"" modules/gallery/views/admin_languages.html.php 60 DIRTY_ATTR ($default_locale==$code)?" g-selected":"" @@ -98,10 +94,16 @@ modules/gallery/views/admin_maintenance.html.php 158 DIRTY $task- modules/gallery/views/admin_maintenance_show_log.html.php 8 DIRTY_JS url::site("admin/maintenance/save_log/$task->id?csrf=$csrf") modules/gallery/views/admin_maintenance_show_log.html.php 13 DIRTY $task->name modules/gallery/views/admin_maintenance_task.html.php 55 DIRTY $task->name -modules/gallery/views/admin_modules.html.php 10 DIRTY access::csrf_form_field() -modules/gallery/views/admin_modules.html.php 19 DIRTY_ATTR text::alternate("g-odd","g-even") -modules/gallery/views/admin_modules.html.php 22 DIRTY form::checkbox($data,'1',module::is_active($module_name)) -modules/gallery/views/admin_modules.html.php 24 DIRTY $module_info->version +modules/gallery/views/admin_modules.html.php 25 DIRTY_JS t("Continue") +modules/gallery/views/admin_modules.html.php 35 DIRTY_JS t("Continue") +modules/gallery/views/admin_modules.html.php 51 DIRTY access::csrf_form_field() +modules/gallery/views/admin_modules.html.php 60 DIRTY_ATTR text::alternate("g-odd","g-even") +modules/gallery/views/admin_modules.html.php 63 DIRTY form::checkbox($data,'1',module::is_active($module_name)) +modules/gallery/views/admin_modules.html.php 65 DIRTY $module_info->version +modules/gallery/views/admin_modules_confirm.html.php 11 DIRTY_ATTR $class +modules/gallery/views/admin_modules_confirm.html.php 11 DIRTY $message +modules/gallery/views/admin_modules_confirm.html.php 16 DIRTY access::csrf_form_field() +modules/gallery/views/admin_modules_confirm.html.php 18 DIRTY form::hidden($module,1) modules/gallery/views/admin_sidebar.html.php 50 DIRTY $available modules/gallery/views/admin_sidebar.html.php 58 DIRTY $active modules/gallery/views/admin_sidebar_blocks.html.php 4 DIRTY_ATTR $ref @@ -118,11 +120,11 @@ modules/gallery/views/admin_themes.html.php 62 DIRTY $theme modules/gallery/views/admin_themes.html.php 76 DIRTY $info->name modules/gallery/views/admin_themes.html.php 78 DIRTY $info->description modules/gallery/views/admin_themes_preview.html.php 7 DIRTY_ATTR $url -modules/gallery/views/form_uploadify.html.php 24 DIRTY_JS url::file("lib/uploadify/uploadify.swf") -modules/gallery/views/form_uploadify.html.php 25 DIRTY_JS url::site("simple_uploader/add_photo/{$album->id}") -modules/gallery/views/form_uploadify.html.php 29 DIRTY_JS url::file("lib/uploadify/cancel.png") -modules/gallery/views/form_uploadify.html.php 30 DIRTY_JS $simultaneous_upload_limit -modules/gallery/views/form_uploadify.html.php 55 DIRTY_JS t("Completed") +modules/gallery/views/form_uploadify.html.php 30 DIRTY_JS url::file("lib/uploadify/uploadify.swf") +modules/gallery/views/form_uploadify.html.php 31 DIRTY_JS url::site("simple_uploader/add_photo/{$album->id}") +modules/gallery/views/form_uploadify.html.php 35 DIRTY_JS url::file("lib/uploadify/cancel.png") +modules/gallery/views/form_uploadify.html.php 36 DIRTY_JS $simultaneous_upload_limit +modules/gallery/views/form_uploadify.html.php 61 DIRTY_JS t("Completed") modules/gallery/views/in_place_edit.html.php 2 DIRTY form::open($action,array("method"=>"post","id"=>"g-in-place-edit-form","class"=>"g-short-form"),$hidden) modules/gallery/views/in_place_edit.html.php 5 DIRTY form::input("input",$form["input"]," class=\"textbox\"") modules/gallery/views/in_place_edit.html.php 12 DIRTY form::close() @@ -217,6 +219,10 @@ modules/gallery/views/upgrader.html.php 77 DIRTY $modul modules/gallery/views/upgrader.html.php 99 DIRTY_ATTR $done?"muted":"" modules/gallery/views/upgrader.html.php 102 DIRTY_ATTR $done?"muted":"" modules/gallery/views/user_languages_block.html.php 2 DIRTY form::dropdown("g-select-session-locale",$installed_locales,$selected) +modules/gallery/views/user_profile.html.php 35 DIRTY_ATTR $height +modules/gallery/views/user_profile.html.php 44 DIRTY $field +modules/gallery/views/user_profile.html.php 45 DIRTY $value +modules/gallery/views/user_profile.html.php 65 DIRTY_JS $return->for_html_attr() modules/image_block/views/image_block_block.html.php 3 DIRTY_JS $item->url() modules/image_block/views/image_block_block.html.php 4 DIRTY $item->thumb_img(array("class"=>"g-thumbnail")) modules/info/views/info_block.html.php 22 DIRTY date("M j, Y H:i:s",$item->captured) @@ -326,14 +332,15 @@ themes/admin_wind/views/admin.html.php 16 DIRTY_JS $theme themes/admin_wind/views/admin.html.php 33 DIRTY $theme->admin_head() themes/admin_wind/views/admin.html.php 37 DIRTY $theme->admin_page_top() themes/admin_wind/views/admin.html.php 45 DIRTY $theme->admin_header_top() -themes/admin_wind/views/admin.html.php 60 DIRTY_JS item::root()->url() -themes/admin_wind/views/admin.html.php 64 DIRTY $theme->admin_menu() -themes/admin_wind/views/admin.html.php 66 DIRTY $theme->admin_header_bottom() -themes/admin_wind/views/admin.html.php 73 DIRTY $content -themes/admin_wind/views/admin.html.php 79 DIRTY $sidebar -themes/admin_wind/views/admin.html.php 84 DIRTY $theme->admin_footer() -themes/admin_wind/views/admin.html.php 86 DIRTY $theme->admin_credits() -themes/admin_wind/views/admin.html.php 90 DIRTY $theme->admin_page_bottom() +themes/admin_wind/views/admin.html.php 46 DIRTY_JS item::root()->url() +themes/admin_wind/views/admin.html.php 49 DIRTY $theme->user_menu() +themes/admin_wind/views/admin.html.php 51 DIRTY $theme->admin_menu() +themes/admin_wind/views/admin.html.php 53 DIRTY $theme->admin_header_bottom() +themes/admin_wind/views/admin.html.php 60 DIRTY $content +themes/admin_wind/views/admin.html.php 66 DIRTY $sidebar +themes/admin_wind/views/admin.html.php 71 DIRTY $theme->admin_footer() +themes/admin_wind/views/admin.html.php 73 DIRTY $theme->admin_credits() +themes/admin_wind/views/admin.html.php 77 DIRTY $theme->admin_page_bottom() themes/admin_wind/views/block.html.php 3 DIRTY_ATTR $anchor themes/admin_wind/views/block.html.php 5 DIRTY $id themes/admin_wind/views/block.html.php 5 DIRTY_ATTR $css_id diff --git a/modules/gallery/views/admin_block_log_entries.html.php b/modules/gallery/views/admin_block_log_entries.html.php index 780ff2d0..90ce88a7 100644 --- a/modules/gallery/views/admin_block_log_entries.html.php +++ b/modules/gallery/views/admin_block_log_entries.html.php @@ -2,7 +2,7 @@ <ul> <? foreach ($entries as $entry): ?> <li class="<?= log::severity_class($entry->severity) ?>" style="direction: ltr"> - <a href="<?= url::site("user/$entry->user_id") ?>"><?= html::clean($entry->user->name) ?></a> + <a href="<?= user_profile::url($entryr->id) ?>"><?= html::clean($entry->user->name) ?></a> <?= gallery::date_time($entry->timestamp) ?> <?= $entry->message ?> <?= $entry->html ?> diff --git a/modules/gallery/views/login_current_user.html.php b/modules/gallery/views/login_current_user.html.php index e3b3688f..94525576 100644 --- a/modules/gallery/views/login_current_user.html.php +++ b/modules/gallery/views/login_current_user.html.php @@ -1,11 +1,7 @@ <?php defined("SYSPATH") or die("No direct script access.") ?> <li> <? $name = $menu->label->for_html() ?> - <? if (identity::is_writable()): ?> + <? $hover_text = t("Your profile")->for_html_attr() ?> <?= t("Logged in as %name", array("name" => html::mark_clean( - "<a href='$menu->url' title='" . t("Edit your profile")->for_html_attr() . - "' id='$menu->id' class='g-dialog-link'>{$name}</a>"))) ?> - <? else: ?> - <?= t("Logged in as %name", array("name" => $name)) ?> - <? endif ?> + "<a href='$menu->url' title='$hover_text' id='$menu->id'>{$name}</a>"))) ?> </li> diff --git a/modules/gallery/views/user_profile.html.php b/modules/gallery/views/user_profile.html.php new file mode 100644 index 00000000..e7ce56b3 --- /dev/null +++ b/modules/gallery/views/user_profile.html.php @@ -0,0 +1,69 @@ +<?php defined("SYSPATH") or die("No direct script access.") ?> +<style> + #g-user-profile #g-profile-buttons { + bottom: 0; + position: absolute; + right: 0; + } + + #g-user-profile fieldset { + border: 1px solid #CCCCCC; + padding: 0 1em 0.8em; + } + + #g-user-profile fieldset label { + font-weight: bold; + } + + #g-user-profile fieldset div { + padding-left: 1em; + } + + #g-user-profile td { + border: none; + padding: 0; + } + +</style> +<script> + $("#g-user-profile").ready(function() { + //$("#g-profile-return").click(function(event) { + // window.location = <?= $return->for_js() ?>; + //}); + }); +</script> +<div id="g-user-profile" style="height: <?= $height ?>px"> + <h1 style="display: none"><?= t("%name Profile", array("name" => $user->display_name())) ?></h1> + <div> + <fieldset> + <label><?= t("User information") ?></label> + <div> + <table> + <? foreach ($fields as $field => $value): ?> + <tr> + <td><?= $field ?></td> + <td><?= $value ?></td> + </tr> + <? endforeach ?> + </table> + </div> + </fieldset> + </div> + <div id="g-profile-buttons" class="ui-helper-clearfix g-right"> + <? if (!$user->guest && $not_current && !empty($user->email)): ?> + <a class="g-button ui-icon-right ui-state-default ui-corner-all g-dialog-link" + href="<?= url::site("user_profile/contact/{$user->id}") ?>"> + <?= t("Contact") ?> + </a> + <? endif ?> + <? if ($editable): ?> + <a class="g-button ui-icon-right ui-state-default ui-corner-all g-dialog-link" href="<?= url::site("form/edit/users/{$user->id}") ?>"> + <?= t("Edit") ?> + </a> + <? endif ?> + + <a class="g-button ui-icon-right ui-state-default ui-corner-all" href="<?= $return->for_html_attr() ?>"> + <?= t("Return") ?> + </a> + </div> +</div>
\ No newline at end of file diff --git a/modules/recaptcha/helpers/recaptcha_event.php b/modules/recaptcha/helpers/recaptcha_event.php index e7ded3ab..a7f64bdd 100644 --- a/modules/recaptcha/helpers/recaptcha_event.php +++ b/modules/recaptcha/helpers/recaptcha_event.php @@ -18,6 +18,12 @@ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. */ class recaptcha_event_Core { + static function user_profile_contact_form($form) { + if (module::get_var("recaptcha", "public_key")) { + $form->message->recaptcha("recaptcha")->label("")->id("g-recaptcha"); + } + } + static function comment_add_form($form) { if (module::get_var("recaptcha", "public_key")) { $form->add_comment->recaptcha("recaptcha")->label("")->id("g-recaptcha"); |