From 2f969c80eb2e228f2c5729c6f4660c99555f9c9f Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Tue, 28 Jul 2009 11:59:58 +0800
Subject: Create A Forge Script element. Form_Script allows the specification
 of either a url to a script file or in line text which will be included in a
 script block.

Signed-off-by: Tim Almdal <tnalmdal@shaw.ca>
---
 modules/gallery/libraries/Form_Script.php | 66 +++++++++++++++++++++++++++++++
 modules/gallery/tests/DrawForm_Test.php   | 39 ++++++++++++++++++
 modules/gallery/tests/xss_data.txt        |  4 +-
 modules/gallery/views/form.html.php       |  2 +
 4 files changed, 109 insertions(+), 2 deletions(-)
 create mode 100644 modules/gallery/libraries/Form_Script.php

diff --git a/modules/gallery/libraries/Form_Script.php b/modules/gallery/libraries/Form_Script.php
new file mode 100644
index 00000000..e841408d
--- /dev/null
+++ b/modules/gallery/libraries/Form_Script.php
@@ -0,0 +1,66 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2009 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+class Form_Script_Core extends Forge {
+  protected $data = array(
+    "name" => false,
+    "type"  => "script",
+    "url" => "",
+    "text" => "");
+
+  public function __construct($name) {
+    // Set dummy data so we don"t get errors
+    $this->attr["action"] = "";
+    $this->attr["method"] = "post";
+    $this->data["name"] = $name;
+  }
+
+  public function __get($key) {
+    return isset($this->data[$key]) ? $this->data[$key] : null;
+  }
+
+  /**
+   * Sets url attribute
+   */
+  public function url($url) {
+    $this->data["url"] = $url;
+
+    return $this;
+  }
+
+  public function text($script_text) {
+    $this->data["text"] = $script_text;
+
+    return $this;
+  }
+
+  public function render() {
+    $script = array();
+    if (!empty($this->data["url"])) {
+      $script[] = html::script($this->data["url"]);
+    }
+
+    if (!empty($this->data["text"])) {
+      $script[] = "<script type=\"text/javascript\">\n{$this->data['text']}\n</script>\n";
+    }
+
+    return implode("\n", $script);
+  }
+
+} // End Form Script
\ No newline at end of file
diff --git a/modules/gallery/tests/DrawForm_Test.php b/modules/gallery/tests/DrawForm_Test.php
index 2c5aaba4..dde54257 100644
--- a/modules/gallery/tests/DrawForm_Test.php
+++ b/modules/gallery/tests/DrawForm_Test.php
@@ -80,5 +80,44 @@ class DrawForm_Test extends Unit_Test_Case {
     $this->assert_same($expected, $rendered);
   }
 
+  function form_script_test() {
+    $form = new Forge("test/controller", "", "post", array("id" => "gTestGroupForm"));
+    $group = $form->group("test_group")->label(t("Test Group"));
+    $group->input("title")->label(t("Title"));
+    $group->textarea("description")->label(t("Text Area"));
+    $form->script("")
+      ->url(url::file("test.js"))
+      ->text("alert('Test Javascript');");
+    $group->submit("")->value(t("Submit"));
+    $rendered = $form->__toString();
+
+    $expected = "<form action=\"http://./index.php/test/controller\" method=\"post\" " .
+                      "id=\"gTestGroupForm\">\n" .
+                "<input type=\"hidden\" name=\"csrf\" value=\"" . access::csrf_token() . "\"  />\n" .
+                "  <fieldset>\n" .
+                "    <legend>Test Group</legend>\n" .
+                "    <ul>\n" .
+                "      <li>\n" .
+                "        <label for=\"title\" >Title</label>\n" .
+                "        <input type=\"text\" id=\"title\" name=\"title\" value=\"\" " .
+                            "class=\"textbox\"  />\n" .
+                "      </li>\n" .
+                "      <li>\n" .
+                "        <label for=\"description\" >Text Area</label>\n" .
+                "        <textarea id=\"description\" name=\"description\" " .
+                              "class=\"textarea\" ></textarea>\n" .
+                "      </li>\n" .
+                "      <li>\n" .
+                "        <input type=\"submit\" value=\"Submit\" class=\"submit\"  />\n" .
+                "      </li>\n" .
+                "    </ul>\n" .
+                "  </fieldset>\n" .
+                "<script type=\"text/javascript\" src=\"http://./test.js\"></script>\n\n" .
+                "<script type=\"text/javascript\">\n" .
+                "alert('Test Javascript');\n" .
+                "</script>\n" .
+                "</form>\n";
+    $this->assert_same($expected, $rendered);
+  }
 }
 
diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt
index 45f7c7ec..cc9261e5 100644
--- a/modules/gallery/tests/xss_data.txt
+++ b/modules/gallery/tests/xss_data.txt
@@ -444,8 +444,8 @@ modules/tag/views/admin_tags.html.php                        50  DIRTY $tag->id
 modules/tag/views/admin_tags.html.php                        50        $tag->name
 modules/tag/views/admin_tags.html.php                        51  DIRTY $tag->count
 modules/tag/views/admin_tags.html.php                        52  DIRTY $tag->id
-modules/tag/views/tag_block.html.php                         13  DIRTY $cloud
-modules/tag/views/tag_block.html.php                         15  DIRTY $form
+modules/tag/views/tag_block.html.php                         15  DIRTY $cloud
+modules/tag/views/tag_block.html.php                         17  DIRTY $form
 modules/tag/views/tag_cloud.html.php                         4   DIRTY $tag->count
 modules/tag/views/tag_cloud.html.php                         4   DIRTY $max_count
 modules/tag/views/tag_cloud.html.php                         5   DIRTY $tag->count
diff --git a/modules/gallery/views/form.html.php b/modules/gallery/views/form.html.php
index ec2a56a9..730d77cb 100644
--- a/modules/gallery/views/form.html.php
+++ b/modules/gallery/views/form.html.php
@@ -40,6 +40,8 @@ if (!function_exists("DrawForm")) {
           print "$prefix  {$hidden->render()}\n";
         }
         print "$prefix</fieldset>\n";
+      } else if ($input->type == 'script') {
+        print $input->render();
       } else {
         if ($input->error_messages()) {
           print "$prefix<li class=\"gError\">\n";
-- 
cgit v1.2.3