From 5b3b675b6d8a1cd9a5f2b9455c551791e18d88ff Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Thu, 16 Jul 2009 11:19:34 -0700 Subject: Non-trivial changes to the event handling code: 1) The item_updated event no longer takes the old and new items. Instead we overload ORM to track the original data and make that available via the item. This will allow us to move event publishing down into the API methods which in turn will give us more stability since we won't require each controller to remember to do it. 2) ORM class now tracks the original values. It doesn't track the original relationships (no need for that, yet) 3) Added new events: item_deleted group_deleted user_deleted --- modules/comment/controllers/admin_comments.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'modules/comment/controllers') diff --git a/modules/comment/controllers/admin_comments.php b/modules/comment/controllers/admin_comments.php index 3e8d3c46..ea76b188 100644 --- a/modules/comment/controllers/admin_comments.php +++ b/modules/comment/controllers/admin_comments.php @@ -113,8 +113,8 @@ class Admin_Comments_Controller extends Admin_Controller { if ($comment->loaded) { $comment->state = $state; $comment->save(); - module::event("comment_updated", $orig, $comment); - if ($orig->state == "published" || $comment->state == "published") { + module::event("comment_updated", $comment); + if ($comment->original("state") == "published" || $comment->state == "published") { module::event("item_related_update", $comment->item()); } } -- cgit v1.2.3 From 0f766b149d0cee7af664f2321fddc6f04cda70ac Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Thu, 16 Jul 2009 12:29:16 -0700 Subject: Second non-trivial change to the event code. We now publish model related events from within the model handling code. The only exception to this currently is item_created which is challenging because we have to save the item using ORM_MPTT::add_to_parent() before the object itself is fully set up. When we get that down to one call to save() we can publish that event from within the model also. --- modules/comment/controllers/admin_comments.php | 4 ---- modules/comment/controllers/comments.php | 1 - modules/comment/helpers/comment.php | 5 ----- modules/comment/models/comment.php | 17 ++++++++++++++++- modules/exif/helpers/exif_event.php | 4 +++- modules/gallery/controllers/albums.php | 3 --- modules/gallery/controllers/movies.php | 3 --- modules/gallery/controllers/photos.php | 3 --- modules/gallery/helpers/album.php | 2 ++ modules/gallery/helpers/movie.php | 2 ++ modules/gallery/helpers/photo.php | 2 ++ modules/gallery/models/item.php | 7 ++++++- modules/organize/controllers/organize.php | 4 ---- modules/user/helpers/group.php | 1 - modules/user/helpers/user.php | 1 - modules/user/models/group.php | 13 +++++++++++++ modules/user/models/user.php | 13 +++++++++++++ 17 files changed, 57 insertions(+), 28 deletions(-) (limited to 'modules/comment/controllers') diff --git a/modules/comment/controllers/admin_comments.php b/modules/comment/controllers/admin_comments.php index ea76b188..a164f79f 100644 --- a/modules/comment/controllers/admin_comments.php +++ b/modules/comment/controllers/admin_comments.php @@ -113,10 +113,6 @@ class Admin_Comments_Controller extends Admin_Controller { if ($comment->loaded) { $comment->state = $state; $comment->save(); - module::event("comment_updated", $comment); - if ($comment->original("state") == "published" || $comment->state == "published") { - module::event("item_related_update", $comment->item()); - } } } diff --git a/modules/comment/controllers/comments.php b/modules/comment/controllers/comments.php index 02c38491..9fb4796e 100644 --- a/modules/comment/controllers/comments.php +++ b/modules/comment/controllers/comments.php @@ -152,7 +152,6 @@ class Comments_Controller extends REST_Controller { $comment->url = $form->edit_comment->url->value; $comment->text = $form->edit_comment->text->value; $comment->save(); - module::event("comment_updated", $comment); print json_encode( array("result" => "success", diff --git a/modules/comment/helpers/comment.php b/modules/comment/helpers/comment.php index 08cba096..3d743325 100644 --- a/modules/comment/helpers/comment.php +++ b/modules/comment/helpers/comment.php @@ -61,11 +61,6 @@ class comment_Core { $comment->server_remote_port = substr($input->server("REMOTE_PORT"), 0, 16); $comment->save(); - module::event("comment_created", $comment); - if ($comment->state == "published") { - module::event("item_related_update", $comment->item()); - } - return $comment; } diff --git a/modules/comment/models/comment.php b/modules/comment/models/comment.php index 22c465df..551fb245 100644 --- a/modules/comment/models/comment.php +++ b/modules/comment/models/comment.php @@ -61,8 +61,23 @@ class Comment_Model extends ORM { $this->updated = time(); if (!$this->loaded && empty($this->created)) { $this->created = $this->updated; + $created = true; } } - return parent::save(); + parent::save(); + + if (isset($created)) { + module::event("comment_created", $this); + } else { + module::event("comment_updated", $this); + } + + // We only notify on the related items if we're making a visible change, which means moving in + // or out of a published state + if ($this->original("state") == "published" || $this->state == "published") { + module::event("item_related_update", $this->item()); + } + + return $this; } } diff --git a/modules/exif/helpers/exif_event.php b/modules/exif/helpers/exif_event.php index 24243f4d..826ec959 100644 --- a/modules/exif/helpers/exif_event.php +++ b/modules/exif/helpers/exif_event.php @@ -19,7 +19,9 @@ */ class exif_event_Core { static function item_created($item) { - exif::extract($item); + if (!$item->is_album()) { + exif::extract($item); + } } static function item_deleted($item) { diff --git a/modules/gallery/controllers/albums.php b/modules/gallery/controllers/albums.php index c378e3ce..9980b676 100644 --- a/modules/gallery/controllers/albums.php +++ b/modules/gallery/controllers/albums.php @@ -182,7 +182,6 @@ class Albums_Controller extends Items_Controller { } if ($valid) { - $orig = clone $album; $album->title = $form->edit_album->title->value; $album->description = $form->edit_album->description->value; $album->sort_column = $form->edit_album->sort_order->column->value; @@ -192,8 +191,6 @@ class Albums_Controller extends Items_Controller { } $album->save(); - module::event("item_updated", $album); - log::success("content", "Updated album", "id\">view"); message::success( t("Saved album %album_title", array("album_title" => p::clean($album->title)))); diff --git a/modules/gallery/controllers/movies.php b/modules/gallery/controllers/movies.php index fc511082..d954ad8d 100644 --- a/modules/gallery/controllers/movies.php +++ b/modules/gallery/controllers/movies.php @@ -85,14 +85,11 @@ class Movies_Controller extends Items_Controller { } if ($valid) { - $orig = clone $photo; $photo->title = $form->edit_photo->title->value; $photo->description = $form->edit_photo->description->value; $photo->rename($form->edit_photo->filename->value); $photo->save(); - module::event("item_updated", $photo); - log::success("content", "Updated photo", "id\">view"); message::success( t("Saved photo %photo_title", array("photo_title" => p::clean($photo->title)))); diff --git a/modules/gallery/controllers/photos.php b/modules/gallery/controllers/photos.php index 77627009..9ce6ed23 100644 --- a/modules/gallery/controllers/photos.php +++ b/modules/gallery/controllers/photos.php @@ -78,14 +78,11 @@ class Photos_Controller extends Items_Controller { } if ($valid) { - $orig = clone $photo; $photo->title = $form->edit_photo->title->value; $photo->description = $form->edit_photo->description->value; $photo->rename($form->edit_photo->filename->value); $photo->save(); - module::event("item_updated", $photo); - log::success("content", "Updated photo", "id\">view"); message::success( t("Saved photo %photo_title", array("photo_title" => p::clean($photo->title)))); diff --git a/modules/gallery/helpers/album.php b/modules/gallery/helpers/album.php index 1197f243..f1a6c060 100644 --- a/modules/gallery/helpers/album.php +++ b/modules/gallery/helpers/album.php @@ -71,6 +71,8 @@ class album_Core { mkdir(dirname($album->thumb_path())); mkdir(dirname($album->resize_path())); + // @todo: publish this from inside Item_Model::save() when we refactor to the point where + // there's only one save() happening here. module::event("item_created", $album); return $album; diff --git a/modules/gallery/helpers/movie.php b/modules/gallery/helpers/movie.php index d62ead76..4f4169d5 100644 --- a/modules/gallery/helpers/movie.php +++ b/modules/gallery/helpers/movie.php @@ -102,6 +102,8 @@ class movie_Core { copy($filename, $movie->file_path()); + // @todo: publish this from inside Item_Model::save() when we refactor to the point where + // there's only one save() happening here. module::event("item_created", $movie); // Build our thumbnail diff --git a/modules/gallery/helpers/photo.php b/modules/gallery/helpers/photo.php index e8a4f357..ce964c14 100644 --- a/modules/gallery/helpers/photo.php +++ b/modules/gallery/helpers/photo.php @@ -105,6 +105,8 @@ class photo_Core { copy($filename, $photo->file_path()); + // @todo: publish this from inside Item_Model::save() when we refactor to the point where + // there's only one save() happening here. module::event("item_created", $photo); // Build our thumbnail/resizes diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php index 80f19d26..94e2fcf7 100644 --- a/modules/gallery/models/item.php +++ b/modules/gallery/models/item.php @@ -350,9 +350,14 @@ class Item_Model extends ORM_MPTT { $this->created = $this->updated; $r = ORM::factory("item")->select("MAX(weight) as max_weight")->find(); $this->weight = $r->max_weight + 1; + $created = 1; } } - return parent::save(); + parent::save(); + if (!isset($created)) { + module::event("item_updated", $this); + } + return $this; } /** diff --git a/modules/organize/controllers/organize.php b/modules/organize/controllers/organize.php index 54e04071..27852904 100644 --- a/modules/organize/controllers/organize.php +++ b/modules/organize/controllers/organize.php @@ -279,8 +279,6 @@ class Organize_Controller extends Controller { $item->rename($form->dirname->value); $item->save(); - module::event("item_updated", $item); - if ($item->is_album()) { log::success("content", "Updated album", "id\">view"); $message = t("Saved album %album_title", array("album_title" => p::purify($item->title))); @@ -322,8 +320,6 @@ class Organize_Controller extends Controller { $item->sort_order = $form->direction->value; $item->save(); - module::event("item_updated", $item); - log::success("content", "Updated album", "id\">view"); $message = t("Saved album %album_title", array("album_title" => p::purify($item->title))); print json_encode(array("form" => $form->__toString(), "message" => $message)); diff --git a/modules/user/helpers/group.php b/modules/user/helpers/group.php index 1dace840..04e6efd6 100644 --- a/modules/user/helpers/group.php +++ b/modules/user/helpers/group.php @@ -39,7 +39,6 @@ class group_Core { $group->name = $name; $group->save(); - module::event("group_created", $group); return $group; } diff --git a/modules/user/helpers/user.php b/modules/user/helpers/user.php index a59588f8..4105d745 100644 --- a/modules/user/helpers/user.php +++ b/modules/user/helpers/user.php @@ -202,7 +202,6 @@ class user_Core { $user->add(group::registered_users()); $user->save(); - module::event("user_created", $user); return $user; } diff --git a/modules/user/models/group.php b/modules/user/models/group.php index e0724e30..bb3fb58b 100644 --- a/modules/user/models/group.php +++ b/modules/user/models/group.php @@ -32,4 +32,17 @@ class Group_Model extends ORM { parent::delete($id); module::event("group_deleted", $old); } + + public function save() { + if (!$this->loaded) { + $created = 1; + } + parent::save(); + if (isset($created)) { + module::event("group_created", $this); + } else { + module::event("group_updated", $this); + } + return $this; + } } \ No newline at end of file diff --git a/modules/user/models/user.php b/modules/user/models/user.php index e3260270..0234f186 100644 --- a/modules/user/models/user.php +++ b/modules/user/models/user.php @@ -59,4 +59,17 @@ class User_Model extends ORM { return sprintf("http://www.gravatar.com/avatar/%s.jpg?s=%d&r=pg%s", md5($this->email), $size, $default ? "&d=" . urlencode($default) : ""); } + + public function save() { + if (!$this->loaded) { + $created = 1; + } + parent::save(); + if (isset($created)) { + module::event("user_created", $this); + } else { + module::event("user_updated", $this); + } + return $this; + } } \ No newline at end of file -- cgit v1.2.3 From c01ac42c4604b3b129e8089e0dc683ebd418b380 Mon Sep 17 00:00:00 2001 From: Andy Staudacher Date: Sat, 29 Aug 2009 12:48:40 -0700 Subject: Refactor all calls of p::clean() to SafeString::of() and p::purify() to SafeString::purify(). Removing any p::clean() calls for arguments to t() and t2() since their args are wrapped in a SafeString anyway. --- modules/comment/controllers/comments.php | 8 +++--- modules/comment/helpers/comment_rss.php | 8 +++--- .../views/admin_block_recent_comments.html.php | 6 ++--- modules/comment/views/admin_comments.html.php | 10 ++++---- modules/comment/views/comment.html.php | 6 ++--- modules/comment/views/comment.mrss.php | 12 ++++----- modules/comment/views/comments.html.php | 6 ++--- modules/digibug/controllers/digibug.php | 2 +- modules/exif/views/exif_dialog.html.php | 4 +-- modules/g2_import/helpers/g2_import.php | 2 +- .../controllers/admin_advanced_settings.php | 2 +- modules/gallery/controllers/movies.php | 2 +- modules/gallery/controllers/photos.php | 2 +- modules/gallery/controllers/quick.php | 10 ++++---- modules/gallery/helpers/gallery_rss.php | 4 +-- modules/gallery/helpers/gallery_task.php | 4 +-- modules/gallery/helpers/p.php | 29 ---------------------- .../gallery/views/admin_advanced_settings.html.php | 8 +++--- .../gallery/views/admin_block_log_entries.html.php | 2 +- .../views/admin_block_photo_stream.html.php | 4 +-- modules/gallery/views/admin_maintenance.html.php | 2 +- .../views/admin_maintenance_show_log.html.php | 2 +- modules/gallery/views/after_install.html.php | 2 +- modules/gallery/views/move_tree.html.php | 8 +++--- modules/gallery/views/permissions_browse.html.php | 4 +-- modules/gallery/views/permissions_form.html.php | 2 +- modules/gallery/views/simple_uploader.html.php | 6 ++--- modules/info/views/info_block.html.php | 10 ++++---- .../notification/views/comment_published.html.php | 12 ++++----- modules/notification/views/item_added.html.php | 8 +++--- modules/notification/views/item_deleted.html.php | 6 ++--- modules/notification/views/item_updated.html.php | 12 ++++----- modules/organize/controllers/organize.php | 10 ++++---- modules/organize/views/organize.html.php | 2 +- modules/organize/views/organize_album.html.php | 2 +- modules/rss/views/feed.mrss.php | 14 +++++------ modules/search/views/search.html.php | 10 ++++---- .../server_add/controllers/admin_server_add.php | 4 +-- modules/server_add/views/server_add_tree.html.php | 2 +- .../views/server_add_tree_dialog.html.php | 6 ++--- modules/tag/controllers/admin_tags.php | 8 +++--- modules/tag/helpers/tag_rss.php | 2 +- modules/tag/views/admin_tags.html.php | 2 +- modules/tag/views/tag_cloud.html.php | 2 +- modules/user/controllers/admin_users.php | 14 +++++------ modules/user/controllers/login.php | 4 +-- modules/user/controllers/logout.php | 4 +-- modules/user/controllers/password.php | 2 +- modules/user/views/admin_users.html.php | 8 +++--- modules/user/views/admin_users_group.html.php | 8 +++--- modules/user/views/login.html.php | 6 ++--- modules/user/views/reset_password.html.php | 2 +- system/helpers/request.php | 2 +- themes/default/views/album.html.php | 4 +-- themes/default/views/dynamic.html.php | 4 +-- themes/default/views/header.html.php | 4 +-- themes/default/views/movie.html.php | 4 +-- themes/default/views/page.html.php | 8 +++--- themes/default/views/photo.html.php | 4 +-- 59 files changed, 159 insertions(+), 188 deletions(-) delete mode 100644 modules/gallery/helpers/p.php (limited to 'modules/comment/controllers') diff --git a/modules/comment/controllers/comments.php b/modules/comment/controllers/comments.php index 9fb4796e..87633f4c 100644 --- a/modules/comment/controllers/comments.php +++ b/modules/comment/controllers/comments.php @@ -39,9 +39,9 @@ class Comments_Controller extends REST_Controller { foreach ($comments as $comment) { $data[] = array( "id" => $comment->id, - "author_name" => p::clean($comment->author_name()), + "author_name" => SafeString::of($comment->author_name()), "created" => $comment->created, - "text" => nl2br(p::purify($comment->text))); + "text" => nl2br(SafeString::purify($comment->text))); } print json_encode($data); break; @@ -126,9 +126,9 @@ class Comments_Controller extends REST_Controller { array("result" => "success", "data" => array( "id" => $comment->id, - "author_name" => p::clean($comment->author_name()), + "author_name" => SafeString::of($comment->author_name()), "created" => $comment->created, - "text" => nl2br(p::purify($comment->text))))); + "text" => nl2br(SafeString::purify($comment->text))))); } else { $view = new Theme_View("comment.html", "fragment"); $view->comment = $comment; diff --git a/modules/comment/helpers/comment_rss.php b/modules/comment/helpers/comment_rss.php index ab3d2283..d0f15010 100644 --- a/modules/comment/helpers/comment_rss.php +++ b/modules/comment/helpers/comment_rss.php @@ -23,7 +23,7 @@ class comment_rss_Core { $feeds["comment/newest"] = t("All new comments"); if ($item) { $feeds["comment/item/$item->id"] = - t("Comments on %title", array("title" => p::purify($item->title))); + t("Comments on %title", array("title" => SafeString::purify($item->title))); } return $feeds; } @@ -53,13 +53,13 @@ class comment_rss_Core { $item = $comment->item(); $feed->children[] = new ArrayObject( array("pub_date" => date("D, d M Y H:i:s T", $comment->created), - "text" => nl2br(p::purify($comment->text)), + "text" => nl2br(SafeString::purify($comment->text)), "thumb_url" => $item->thumb_url(), "thumb_height" => $item->thumb_height, "thumb_width" => $item->thumb_width, "item_uri" => url::abs_site("{$item->type}s/$item->id"), - "title" => p::purify($item->title), - "author" => p::clean($comment->author_name())), + "title" => SafeString::purify($item->title), + "author" => SafeString::of($comment->author_name())), ArrayObject::ARRAY_AS_PROPS); } diff --git a/modules/comment/views/admin_block_recent_comments.html.php b/modules/comment/views/admin_block_recent_comments.html.php index 516a8181..2c7a5cf1 100644 --- a/modules/comment/views/admin_block_recent_comments.html.php +++ b/modules/comment/views/admin_block_recent_comments.html.php @@ -4,13 +4,13 @@
  • "> " class="gAvatar" - alt="author_name()) ?>" + alt="author_name()) ?>" width="32" height="32" /> created) ?> %author_name said %comment_text', - array("author_name" => p::clean($comment->author_name()), - "comment_text" => text::limit_words(nl2br(p::purify($comment->text)), 50))); ?> + array("author_name" => SafeString::of($comment->author_name()), + "comment_text" => text::limit_words(nl2br(SafeString::purify($comment->text)), 50))); ?>
    • diff --git a/modules/comment/views/admin_comments.html.php b/modules/comment/views/admin_comments.html.php index 9fe7164b..b27e3166 100644 --- a/modules/comment/views/admin_comments.html.php +++ b/modules/comment/views/admin_comments.html.php @@ -108,12 +108,12 @@ " class="gAvatar" - alt="author_name()) ?>" + alt="author_name()) ?>" width="40" height="40" /> -

    author_name()) ?>

    +

    author_name()) ?>

    @@ -122,7 +122,7 @@ has_thumb()): ?> <?= p::purify($item->title) ?>thumb_width, $item->thumb_height, 75) ?> /> @@ -132,7 +132,7 @@

    created) ?>

    - text)) ?> + text)) ?>
      diff --git a/modules/comment/views/comment.html.php b/modules/comment/views/comment.html.php index 3d17411c..31bb7f4d 100644 --- a/modules/comment/views/comment.html.php +++ b/modules/comment/views/comment.html.php @@ -4,15 +4,15 @@ " class="gAvatar" - alt="author_name()) ?>" + alt="author_name()) ?>" width="40" height="40" /> gallery::date_time($comment->created), - "author_name" => p::clean($comment->author_name()))) ?> + "author_name" => SafeString::of($comment->author_name()))) ?>

      - text)) ?> + text)) ?>
      diff --git a/modules/comment/views/comment.mrss.php b/modules/comment/views/comment.mrss.php index 2b5b13c1..ae7762d9 100644 --- a/modules/comment/views/comment.mrss.php +++ b/modules/comment/views/comment.mrss.php @@ -6,9 +6,9 @@ xmlns:fh="http://purl.org/syndication/history/1.0"> Gallery 3 - <?= p::clean($feed->title) ?> + <?= SafeString::of($feed->title) ?> uri ?> - description) ?> + description) ?> en-us @@ -22,14 +22,14 @@ children as $child): ?> - <?= p::purify($child->title) ?> - item_uri) ?> - author) ?> + <?= SafeString::purify($child->title) ?> + item_uri) ?> + author) ?> item_uri ?> pub_date ?> text)) ?>

      +

      text)) ?>

      diff --git a/modules/comment/views/comments.html.php b/modules/comment/views/comments.html.php index f7251389..7941b7da 100644 --- a/modules/comment/views/comments.html.php +++ b/modules/comment/views/comments.html.php @@ -12,16 +12,16 @@ " class="gAvatar" - alt="author_name()) ?>" + alt="author_name()) ?>" width="40" height="40" /> %name said', array("date" => date("Y-M-d H:i:s", $comment->created), - "name" => p::clean($comment->author_name()))); ?> + "name" => SafeString::of($comment->author_name()))); ?>

      - text)) ?> + text)) ?>
      diff --git a/modules/digibug/controllers/digibug.php b/modules/digibug/controllers/digibug.php index e0f4b6bf..509a8b70 100644 --- a/modules/digibug/controllers/digibug.php +++ b/modules/digibug/controllers/digibug.php @@ -50,7 +50,7 @@ class Digibug_Controller extends Controller { "image_width_1" => $item->width, "thumb_height_1" => $item->thumb_height, "thumb_width_1" => $item->thumb_width, - "title_1" => p::purify($item->title)); + "title_1" => SafeString::purify($item->title)); print $v; } diff --git a/modules/exif/views/exif_dialog.html.php b/modules/exif/views/exif_dialog.html.php index 6494b2b0..a981ca09 100644 --- a/modules/exif/views/exif_dialog.html.php +++ b/modules/exif/views/exif_dialog.html.php @@ -14,14 +14,14 @@ - + - + diff --git a/modules/g2_import/helpers/g2_import.php b/modules/g2_import/helpers/g2_import.php index 436cef52..a01ca1db 100644 --- a/modules/g2_import/helpers/g2_import.php +++ b/modules/g2_import/helpers/g2_import.php @@ -590,7 +590,7 @@ class g2_import_Core { self::map($g2_comment->getId(), $comment->id); return t("Imported comment '%comment' for item with id: %id", array("id" => $comment->item_id, - "comment" => text::limit_words(nl2br(p::purify($comment->text)), 50))); + "comment" => text::limit_words(nl2br(SafeString::purify($comment->text)), 50))); } /** diff --git a/modules/gallery/controllers/admin_advanced_settings.php b/modules/gallery/controllers/admin_advanced_settings.php index 64007fdb..d727b654 100644 --- a/modules/gallery/controllers/admin_advanced_settings.php +++ b/modules/gallery/controllers/admin_advanced_settings.php @@ -46,7 +46,7 @@ class Admin_Advanced_Settings_Controller extends Admin_Controller { module::set_var($module_name, $var_name, Input::instance()->post("value")); message::success( t("Saved value for %var (%module_name)", - array("var" => p::clean($var_name), "module_name" => $module_name))); + array("var" => SafeString::of($var_name), "module_name" => $module_name))); print json_encode(array("result" => "success")); } diff --git a/modules/gallery/controllers/movies.php b/modules/gallery/controllers/movies.php index c8227d74..09b16759 100644 --- a/modules/gallery/controllers/movies.php +++ b/modules/gallery/controllers/movies.php @@ -93,7 +93,7 @@ class Movies_Controller extends Items_Controller { log::success("content", "Updated photo", "id\">view"); message::success( - t("Saved photo %photo_title", array("photo_title" => p::clean($photo->title)))); + t("Saved photo %photo_title", array("photo_title" => $photo->title))); print json_encode( array("result" => "success", diff --git a/modules/gallery/controllers/photos.php b/modules/gallery/controllers/photos.php index 8ee24da8..3447b4c6 100644 --- a/modules/gallery/controllers/photos.php +++ b/modules/gallery/controllers/photos.php @@ -86,7 +86,7 @@ class Photos_Controller extends Items_Controller { log::success("content", "Updated photo", "id\">view"); message::success( - t("Saved photo %photo_title", array("photo_title" => p::clean($photo->title)))); + t("Saved photo %photo_title", array("photo_title" => $photo->title))); print json_encode( array("result" => "success", diff --git a/modules/gallery/controllers/quick.php b/modules/gallery/controllers/quick.php index de027c1b..98a5bf9f 100644 --- a/modules/gallery/controllers/quick.php +++ b/modules/gallery/controllers/quick.php @@ -89,7 +89,7 @@ class Quick_Controller extends Controller { access::required("view", $item->parent()); access::required("edit", $item->parent()); - $msg = t("Made %title this album's cover", array("title" => p::purify($item->title))); + $msg = t("Made %title this album's cover", array("title" => SafeString::purify($item->title))); item::make_album_cover($item); message::success($msg); @@ -105,10 +105,10 @@ class Quick_Controller extends Controller { if ($item->is_album()) { print t( "Delete the album %title? All photos and movies in the album will also be deleted.", - array("title" => p::purify($item->title))); + array("title" => SafeString::purify($item->title))); } else { print t("Are you sure you want to delete %title?", - array("title" => p::purify($item->title))); + array("title" => SafeString::purify($item->title))); } $form = item::get_delete_form($item); @@ -122,9 +122,9 @@ class Quick_Controller extends Controller { access::required("edit", $item); if ($item->is_album()) { - $msg = t("Deleted album %title", array("title" => p::purify($item->title))); + $msg = t("Deleted album %title", array("title" => SafeString::purify($item->title))); } else { - $msg = t("Deleted photo %title", array("title" => p::purify($item->title))); + $msg = t("Deleted photo %title", array("title" => SafeString::purify($item->title))); } $parent = $item->parent(); diff --git a/modules/gallery/helpers/gallery_rss.php b/modules/gallery/helpers/gallery_rss.php index 7daf6170..be555296 100644 --- a/modules/gallery/helpers/gallery_rss.php +++ b/modules/gallery/helpers/gallery_rss.php @@ -52,9 +52,9 @@ class gallery_rss_Core { ->viewable() ->descendants($limit, $offset, "photo"); $feed->max_pages = ceil($item->viewable()->descendants_count("photo") / $limit); - $feed->title = p::purify($item->title); + $feed->title = SafeString::purify($item->title); $feed->link = url::abs_site("albums/{$item->id}"); - $feed->description = nl2br(p::purify($item->description)); + $feed->description = nl2br(SafeString::purify($item->description)); return $feed; } diff --git a/modules/gallery/helpers/gallery_task.php b/modules/gallery/helpers/gallery_task.php index 9edc3acd..8c0e8aa8 100644 --- a/modules/gallery/helpers/gallery_task.php +++ b/modules/gallery/helpers/gallery_task.php @@ -64,10 +64,10 @@ class gallery_task_Core { if (!$success) { $ignored[$item->id] = 1; $errors[] = t("Unable to rebuild images for '%title'", - array("title" => p::purify($item->title))); + array("title" => SafeString::purify($item->title))); } else { $errors[] = t("Successfully rebuilt images for '%title'", - array("title" => p::purify($item->title))); + array("title" => SafeString::purify($item->title))); } } diff --git a/modules/gallery/helpers/p.php b/modules/gallery/helpers/p.php deleted file mode 100644 index e852c086..00000000 --- a/modules/gallery/helpers/p.php +++ /dev/null @@ -1,29 +0,0 @@ -purified_html(); - } -} diff --git a/modules/gallery/views/admin_advanced_settings.html.php b/modules/gallery/views/admin_advanced_settings.html.php index b37c1c73..adc15b91 100644 --- a/modules/gallery/views/admin_advanced_settings.html.php +++ b/modules/gallery/views/admin_advanced_settings.html.php @@ -20,13 +20,13 @@ module_name == "gallery" && $var->name == "_cache") continue ?> module_name ?> - name) ?> + name) ?> - module_name/" . p::clean($var->name)) ?>" + module_name/" . SafeString::of($var->name)) ?>" class="gDialogLink" - title=" p::clean($var->name), "module_name" => $var->module_name)) ?>"> + title=" $var->name, "module_name" => $var->module_name)) ?>"> value): ?> - value) ?> + value) ?> diff --git a/modules/gallery/views/admin_block_log_entries.html.php b/modules/gallery/views/admin_block_log_entries.html.php index 44c1657f..b7afb22d 100644 --- a/modules/gallery/views/admin_block_log_entries.html.php +++ b/modules/gallery/views/admin_block_log_entries.html.php @@ -2,7 +2,7 @@
      • - user_id") ?>">user->name) ?> + user_id") ?>">user->name) ?> timestamp) ?> message ?> html ?> diff --git a/modules/gallery/views/admin_block_photo_stream.html.php b/modules/gallery/views/admin_block_photo_stream.html.php index 1e1329d1..732bdc38 100644 --- a/modules/gallery/views/admin_block_photo_stream.html.php +++ b/modules/gallery/views/admin_block_photo_stream.html.php @@ -2,9 +2,9 @@
        • - id") ?>" title="title) ?>"> + id") ?>" title="title) ?>"> width, $photo->height, 72) ?> - src="thumb_url() ?>" alt="title) ?>" /> + src="thumb_url() ?>" alt="title) ?>" />
          • diff --git a/modules/gallery/views/admin_maintenance.html.php b/modules/gallery/views/admin_maintenance.html.php index 450eb754..a4db38ce 100644 --- a/modules/gallery/views/admin_maintenance.html.php +++ b/modules/gallery/views/admin_maintenance.html.php @@ -90,7 +90,7 @@ status ?> - owner()->name) ?> + owner()->name) ?> state == "stalled"): ?> diff --git a/modules/gallery/views/admin_maintenance_show_log.html.php b/modules/gallery/views/admin_maintenance_show_log.html.php index 9d850986..209aef03 100644 --- a/modules/gallery/views/admin_maintenance_show_log.html.php +++ b/modules/gallery/views/admin_maintenance_show_log.html.php @@ -12,7 +12,7 @@ appendTo('body').submit().remove();

          name ?>

          - 
          get_log()) ?>
          + 
          get_log()) ?>
          diff --git a/modules/gallery/views/after_install.html.php b/modules/gallery/views/after_install.html.php index e4842163..2cf8ec8f 100644 --- a/modules/gallery/views/after_install.html.php +++ b/modules/gallery/views/after_install.html.php @@ -8,7 +8,7 @@

          - %user_name account. The very first thing you should do is to change your password to something that you'll remember.", array("user_name" => p::clean($user->name))) ?> + %user_name account. The very first thing you should do is to change your password to something that you'll remember.", array("user_name" => $user->name)) ?>

          diff --git a/modules/gallery/views/move_tree.html.php b/modules/gallery/views/move_tree.html.php index 5f70cf67..7818a42a 100644 --- a/modules/gallery/views/move_tree.html.php +++ b/modules/gallery/views/move_tree.html.php @@ -1,18 +1,18 @@ thumb_img(array(), 25); ?> is_descendant($parent)): ?> - title) ?> + title) ?> - title) ?> + title) ?>

          • thumb_img(array(), 25); ?> is_descendant($child)): ?> - title) ?> + title) ?> - title) ?> + title) ?>
            • diff --git a/modules/gallery/views/permissions_browse.html.php b/modules/gallery/views/permissions_browse.html.php index 888a27f7..9ea0da25 100644 --- a/modules/gallery/views/permissions_browse.html.php +++ b/modules/gallery/views/permissions_browse.html.php @@ -35,14 +35,14 @@
          • - title) ?> + title) ?>
            • - title) ?> + title) ?>
              diff --git a/modules/gallery/views/permissions_form.html.php b/modules/gallery/views/permissions_form.html.php index ee5e3a24..adc0496f 100644 --- a/modules/gallery/views/permissions_form.html.php +++ b/modules/gallery/views/permissions_form.html.php @@ -6,7 +6,7 @@ - name) ?> + name) ?> diff --git a/modules/gallery/views/simple_uploader.html.php b/modules/gallery/views/simple_uploader.html.php index 38ac518c..56e568f6 100644 --- a/modules/gallery/views/simple_uploader.html.php +++ b/modules/gallery/views/simple_uploader.html.php @@ -6,7 +6,7 @@
              ">
              - p::purify($item->title))) ?> + SafeString::purify($item->title))) ?>
              @@ -26,9 +26,9 @@

                parents() as $parent): ?> -
              • title) ?>
                • +
              • title) ?>
                • -
              • title) ?>
                • +
              • title) ?>

              diff --git a/modules/info/views/info_block.html.php b/modules/info/views/info_block.html.php index f86ae39d..365a1021 100644 --- a/modules/info/views/info_block.html.php +++ b/modules/info/views/info_block.html.php @@ -2,18 +2,18 @@

              • - title) ?> + title) ?>
                • description): ?>
              • - description)) ?> + description)) ?>
                • id != 1): ?>
              • - name) ?> + name) ?>
                • captured): ?> @@ -26,9 +26,9 @@
              • owner->url): ?> - owner->display_name()) ?> + owner->display_name()) ?> - owner->display_name()) ?> + owner->display_name()) ?>
                • diff --git a/modules/notification/views/comment_published.html.php b/modules/notification/views/comment_published.html.php index 4a56cdad..02daf921 100644 --- a/modules/notification/views/comment_published.html.php +++ b/modules/notification/views/comment_published.html.php @@ -1,26 +1,26 @@ - <?= p::clean($subject) ?> + <?= SafeString::of($subject) ?> -

                +

                - + - + - + - + diff --git a/modules/notification/views/item_added.html.php b/modules/notification/views/item_added.html.php index 86724927..70b8fca4 100644 --- a/modules/notification/views/item_added.html.php +++ b/modules/notification/views/item_added.html.php @@ -1,14 +1,14 @@ - <?= p::clean($subject) ?> + <?= SafeString::of($subject) ?> -

                +

                text)) ?>text)) ?>
                author_name()) ?>author_name()) ?>
                author_email()) ?>author_email()) ?>
                author_url()) ?>author_url()) ?>
                - + @@ -21,7 +21,7 @@ description): ?> - +
                title) ?>title) ?>
                description)) ?>description)) ?>
                diff --git a/modules/notification/views/item_deleted.html.php b/modules/notification/views/item_deleted.html.php index 92215211..e04fc71b 100644 --- a/modules/notification/views/item_deleted.html.php +++ b/modules/notification/views/item_deleted.html.php @@ -1,15 +1,15 @@ - <?= p::clean($subject) ?> + <?= SafeString::of($subject) ?> -

                +

                diff --git a/modules/notification/views/item_updated.html.php b/modules/notification/views/item_updated.html.php index 39f9113b..c3a4f795 100644 --- a/modules/notification/views/item_updated.html.php +++ b/modules/notification/views/item_updated.html.php @@ -1,18 +1,18 @@ - <?= p::clean($subject) ?> + <?= SafeString::of($subject) ?> -

                +

                p::purify($item->parent()->title))) ?> + array("title" => SafeString::purify($item->parent()->title))) ?>
                original("title") != $item->title): ?> - + - + @@ -22,12 +22,12 @@ original("description") != $item->description): ?> - + description)): ?> - +
                title) ?>title) ?> title) ?>title) ?>
                description) ?>description) ?>
                description) ?>description) ?>
                diff --git a/modules/organize/controllers/organize.php b/modules/organize/controllers/organize.php index 898be509..d60aa838 100644 --- a/modules/organize/controllers/organize.php +++ b/modules/organize/controllers/organize.php @@ -62,8 +62,8 @@ class Organize_Controller extends Controller { access::required("edit", $item); print json_encode( - array("title" => p::purify($item->title), - "description" => empty($item->description) ? "" : p::purify($item->description))); + array("title" => SafeString::purify($item->title), + "description" => empty($item->description) ? "" : SafeString::purify($item->description))); } function tree($item, $parent) { @@ -281,10 +281,10 @@ class Organize_Controller extends Controller { if ($item->is_album()) { log::success("content", "Updated album", "id\">view"); - $message = t("Saved album %album_title", array("album_title" => p::purify($item->title))); + $message = t("Saved album %album_title", array("album_title" => SafeString::purify($item->title))); } else { log::success("content", "Updated photo", "id\">view"); - $message = t("Saved photo %photo_title", array("photo_title" => p::purify($item->title))); + $message = t("Saved photo %photo_title", array("photo_title" => SafeString::purify($item->title))); } print json_encode(array("form" => $form->__toString(), "message" => $message)); } else { @@ -321,7 +321,7 @@ class Organize_Controller extends Controller { $item->save(); log::success("content", "Updated album", "id\">view"); - $message = t("Saved album %album_title", array("album_title" => p::purify($item->title))); + $message = t("Saved album %album_title", array("album_title" => SafeString::purify($item->title))); print json_encode(array("form" => $form->__toString(), "message" => $message)); } else { print json_encode(array("form" => $form->__toString())); diff --git a/modules/organize/views/organize.html.php b/modules/organize/views/organize.html.php index 1686d255..1182a887 100644 --- a/modules/organize/views/organize.html.php +++ b/modules/organize/views/organize.html.php @@ -16,7 +16,7 @@ var CONFIRM_DELETE = "
                - p::purify($item->title))) ?> + SafeString::purify($item->title))) ?>
                diff --git a/modules/organize/views/organize_album.html.php b/modules/organize/views/organize_album.html.php index ae2d5d51..4933ed32 100644 --- a/modules/organize/views/organize_album.html.php +++ b/modules/organize/views/organize_album.html.php @@ -7,7 +7,7 @@
                gBranchText"> - title) ?> + title) ?>
                "> diff --git a/modules/rss/views/feed.mrss.php b/modules/rss/views/feed.mrss.php index 447179a5..7298b7f4 100644 --- a/modules/rss/views/feed.mrss.php +++ b/modules/rss/views/feed.mrss.php @@ -6,9 +6,9 @@ xmlns:fh="http://purl.org/syndication/history/1.0"> gallery3 - <?= p::clean($feed->title) ?> + <?= SafeString::of($feed->title) ?> uri ?> - description) ?> + description) ?> en-us @@ -22,25 +22,25 @@ children as $child): ?> - <?= p::clean($child->title) ?> + <?= SafeString::of($child->title) ?> type}s/{$child->id}") ?> type}s/{$child->id}") ?> created); ?> description) ?> + description) ?>

                type == "photo" || $child->type == "album"): ?>
                type}s/{$child->id}") ?>">
                - description) ?> + description) ?>

                ]]>                 diff --git a/modules/search/views/search.html.php b/modules/search/views/search.html.php index 6a222ef1..e5c7b4a6 100644 --- a/modules/search/views/search.html.php +++ b/modules/search/views/search.html.php @@ -8,10 +8,10 @@
                • - +
                • - " /> + for_html_attr() ?>" />
                @@ -31,10 +31,10 @@ id") ?>"> thumb_img() ?>

                - title) ?> + title) ?>

                - description)) ?> + description)) ?>
                @@ -44,7 +44,7 @@

                - %term", array("term" => p::clean($q))) ?> + %term", array("term" => $q)) ?>

                diff --git a/modules/server_add/controllers/admin_server_add.php b/modules/server_add/controllers/admin_server_add.php index 30109f42..fac2aa44 100644 --- a/modules/server_add/controllers/admin_server_add.php +++ b/modules/server_add/controllers/admin_server_add.php @@ -38,7 +38,7 @@ class Admin_Server_Add_Controller extends Admin_Controller { $path = $form->add_path->path->value; $paths[$path] = 1; module::set_var("server_add", "authorized_paths", serialize($paths)); - message::success(t("Added path %path", array("path" => p::clean($path)))); + message::success(t("Added path %path", array("path" => $path))); server_add::check_config($paths); url::redirect("admin/server_add"); } else { @@ -60,7 +60,7 @@ class Admin_Server_Add_Controller extends Admin_Controller { $paths = unserialize(module::get_var("server_add", "authorized_paths")); if (isset($paths[$path])) { unset($paths[$path]); - message::success(t("Removed path %path", array("path" => p::clean($path)))); + message::success(t("Removed path %path", array("path" => $path))); module::set_var("server_add", "authorized_paths", serialize($paths)); server_add::check_config($paths); } diff --git a/modules/server_add/views/server_add_tree.html.php b/modules/server_add/views/server_add_tree.html.php index 254a9da0..b68544ec 100644 --- a/modules/server_add/views/server_add_tree.html.php +++ b/modules/server_add/views/server_add_tree.html.php @@ -24,7 +24,7 @@ file="" > - + diff --git a/modules/server_add/views/server_add_tree_dialog.html.php b/modules/server_add/views/server_add_tree_dialog.html.php index 21952849..533cad04 100644 --- a/modules/server_add/views/server_add_tree_dialog.html.php +++ b/modules/server_add/views/server_add_tree_dialog.html.php @@ -5,17 +5,17 @@
                -

                p::purify($item->title))) ?>

                +

                SafeString::purify($item->title))) ?>

                  parents() as $parent): ?>
                • - title) ?> + title) ?>
                • - title) ?> + title) ?>
                diff --git a/modules/tag/controllers/admin_tags.php b/modules/tag/controllers/admin_tags.php index dcdc16b9..f1b4ca3a 100644 --- a/modules/tag/controllers/admin_tags.php +++ b/modules/tag/controllers/admin_tags.php @@ -53,8 +53,8 @@ class Admin_Tags_Controller extends Admin_Controller { $name = $tag->name; Database::instance()->delete("items_tags", array("tag_id" => "$tag->id")); $tag->delete(); - message::success(t("Deleted tag %tag_name", array("tag_name" => p::clean($name)))); - log::success("tags", t("Deleted tag %tag_name", array("tag_name" => p::clean($name)))); + message::success(t("Deleted tag %tag_name", array("tag_name" => $name))); + log::success("tags", t("Deleted tag %tag_name", array("tag_name" => $name))); print json_encode( array("result" => "success", @@ -98,7 +98,7 @@ class Admin_Tags_Controller extends Admin_Controller { $tag->save(); $message = t("Renamed tag %old_name to %new_name", - array("old_name" => p::clean($old_name), "new_name" => p::clean($tag->name))); + array("old_name" => $old_name, "new_name" => $tag->name)); message::success($message); log::success("tags", $message); @@ -106,7 +106,7 @@ class Admin_Tags_Controller extends Admin_Controller { array("result" => "success", "location" => url::site("admin/tags"), "tag_id" => $tag->id, - "new_tagname" => p::clean($tag->name))); + "new_tagname" => SafeString::of($tag->name))); } else { print json_encode( array("result" => "error", diff --git a/modules/tag/helpers/tag_rss.php b/modules/tag/helpers/tag_rss.php index f94508cf..7194586d 100644 --- a/modules/tag/helpers/tag_rss.php +++ b/modules/tag/helpers/tag_rss.php @@ -22,7 +22,7 @@ class tag_rss_Core { static function available_feeds($item, $tag) { if ($tag) { $feeds["tag/tag/{$tag->id}"] = - t("Tag feed for %tag_name", array("tag_name" => p::clean($tag->name))); + t("Tag feed for %tag_name", array("tag_name" => $tag->name)); return $feeds; } return array(); diff --git a/modules/tag/views/admin_tags.html.php b/modules/tag/views/admin_tags.html.php index 7d201da7..5bd23112 100644 --- a/modules/tag/views/admin_tags.html.php +++ b/modules/tag/views/admin_tags.html.php @@ -47,7 +47,7 @@
              • - name) ?> + name) ?> (count ?>) id") ?>" class="gDialogLink delete-link gButtonLink"> diff --git a/modules/tag/views/tag_cloud.html.php b/modules/tag/views/tag_cloud.html.php index eba615fc..b4c6ae34 100644 --- a/modules/tag/views/tag_cloud.html.php +++ b/modules/tag/views/tag_cloud.html.php @@ -3,7 +3,7 @@
              • count ?> photos are tagged with - id") ?>">name) ?> + id") ?>">name) ?>
              diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php index f87602b8..521f82fa 100644 --- a/modules/user/controllers/admin_users.php +++ b/modules/user/controllers/admin_users.php @@ -51,7 +51,7 @@ class Admin_Users_Controller extends Controller { $user->save(); module::event("user_add_form_admin_completed", $user, $form); - message::success(t("Created user %user_name", array("user_name" => p::clean($user->name)))); + message::success(t("Created user %user_name", array("user_name" => $user->name))); print json_encode(array("result" => "success")); } else { print json_encode(array("result" => "error", @@ -84,7 +84,7 @@ class Admin_Users_Controller extends Controller { "form" => $form->__toString())); } - $message = t("Deleted user %user_name", array("user_name" => p::clean($name))); + $message = t("Deleted user %user_name", array("user_name" => $name)); log::success("user", $message); message::success($message); print json_encode(array("result" => "success")); @@ -142,7 +142,7 @@ class Admin_Users_Controller extends Controller { $user->save(); module::event("user_edit_form_admin_completed", $user, $form); - message::success(t("Changed user %user_name", array("user_name" => p::clean($user->name)))); + message::success(t("Changed user %user_name", array("user_name" => $user->name))); print json_encode(array("result" => "success")); } else { print json_encode(array("result" => "error", @@ -204,7 +204,7 @@ class Admin_Users_Controller extends Controller { $group = group::create($new_name); $group->save(); message::success( - t("Created group %group_name", array("group_name" => p::clean($group->name)))); + t("Created group %group_name", array("group_name" => $group->name))); print json_encode(array("result" => "success")); } else { print json_encode(array("result" => "error", @@ -233,7 +233,7 @@ class Admin_Users_Controller extends Controller { "form" => $form->__toString())); } - $message = t("Deleted group %group_name", array("group_name" => p::clean($name))); + $message = t("Deleted group %group_name", array("group_name" => $name)); log::success("group", $message); message::success($message); print json_encode(array("result" => "success")); @@ -271,11 +271,11 @@ class Admin_Users_Controller extends Controller { $group->name = $form->edit_group->inputs["name"]->value; $group->save(); message::success( - t("Changed group %group_name", array("group_name" => p::clean($group->name)))); + t("Changed group %group_name", array("group_name" => $group->name))); print json_encode(array("result" => "success")); } else { message::error( - t("Failed to change group %group_name", array("group_name" => p::clean($group->name)))); + t("Failed to change group %group_name", array("group_name" => $group->name))); print json_encode(array("result" => "error", "form" => $form->__toString())); } diff --git a/modules/user/controllers/login.php b/modules/user/controllers/login.php index 4d901051..b81b17b2 100644 --- a/modules/user/controllers/login.php +++ b/modules/user/controllers/login.php @@ -63,7 +63,7 @@ class Login_Controller extends Controller { log::warning( "user", t("Failed login for %name", - array("name" => p::clean($form->login->inputs["name"]->value)))); + array("name" => $form->login->inputs["name"]->value))); $form->login->inputs["name"]->add_error("invalid_login", 1); $valid = false; } @@ -71,7 +71,7 @@ class Login_Controller extends Controller { if ($valid) { user::login($user); - log::info("user", t("User %name logged in", array("name" => p::clean($user->name)))); + log::info("user", t("User %name logged in", array("name" => $user->name))); } // Either way, regenerate the session id to avoid session trapping diff --git a/modules/user/controllers/logout.php b/modules/user/controllers/logout.php index 099b1952..4b141a1c 100644 --- a/modules/user/controllers/logout.php +++ b/modules/user/controllers/logout.php @@ -23,8 +23,8 @@ class Logout_Controller extends Controller { $user = user::active(); user::logout(); - log::info("user", t("User %name logged out", array("name" => p::clean($user->name))), - html::anchor("user/$user->id", p::clean($user->name))); + log::info("user", t("User %name logged out", array("name" => $user->name)), + html::anchor("user/$user->id", SafeString::of($user->name))); if ($continue_url = $this->input->get("continue")) { $item = url::get_item_from_uri($continue_url); if (access::can("view", $item)) { diff --git a/modules/user/controllers/password.php b/modules/user/controllers/password.php index 2af1b879..066efbba 100644 --- a/modules/user/controllers/password.php +++ b/modules/user/controllers/password.php @@ -74,7 +74,7 @@ class Password_Controller extends Controller { log::success( "user", - t("Password reset email sent for user %name", array("name" => p::clean($user->name)))); + t("Password reset email sent for user %name", array("name" => $user->name))); } else { // Don't include the username here until you're sure that it's XSS safe log::warning( diff --git a/modules/user/views/admin_users.html.php b/modules/user/views/admin_users.html.php index 542b8b8b..54c4847d 100644 --- a/modules/user/views/admin_users.html.php +++ b/modules/user/views/admin_users.html.php @@ -68,16 +68,16 @@ " title="" - alt="name) ?>" + alt="name) ?>" width="20" height="20" /> - name) ?> + name) ?> - full_name) ?> + full_name) ?> - email) ?> + email) ?> last_login == 0) ? "" : gallery::date($user->last_login) ?> diff --git a/modules/user/views/admin_users_group.html.php b/modules/user/views/admin_users_group.html.php index bfd79dba..f89a4392 100644 --- a/modules/user/views/admin_users_group.html.php +++ b/modules/user/views/admin_users_group.html.php @@ -1,9 +1,9 @@

              - name) ?> + name) ?> special): ?> id") ?>" - title=" p::clean($group->name))) ?>" + title=" $group->name)) ?>" class="gDialogLink gButtonLink ui-state-default ui-corner-all"> @@ -17,12 +17,12 @@

                @@ -16,7 +16,7 @@ width="thumb_width ?>" height="thumb_height ?>" /> -

                title) ?>

                +

                title) ?>

                thumb_bottom($child) ?>
                  thumb_info($child) ?> diff --git a/themes/default/views/header.html.php b/themes/default/views/header.html.php index 2ba1e923..9e34401d 100644 --- a/themes/default/views/header.html.php +++ b/themes/default/views/header.html.php @@ -19,10 +19,10 @@
                • id}?show=$item->id") ?>"> - title) ?> + title) ?>
                  • -
                • title) ?>
                  • +
                • title) ?>
                diff --git a/themes/default/views/movie.html.php b/themes/default/views/movie.html.php index 66c80ded..1f25a626 100644 --- a/themes/default/views/movie.html.php +++ b/themes/default/views/movie.html.php @@ -15,8 +15,8 @@ movie_img(array("class" => "gMovie", "id" => "gMovieId-{$item->id}")) ?>
                -

                title) ?>

                -
                description)) ?>
                +

                title) ?>

                +
                description)) ?>
                * */ - static function escape_for_js($string) { + static function clean_js($string) { return SafeString::of($string)->for_js(); } diff --git a/modules/gallery/helpers/gallery_rss.php b/modules/gallery/helpers/gallery_rss.php index affb3101..dee6ae40 100644 --- a/modules/gallery/helpers/gallery_rss.php +++ b/modules/gallery/helpers/gallery_rss.php @@ -53,9 +53,9 @@ class gallery_rss_Core { ->descendants($limit, $offset, array("type" => "photo")); $feed->max_pages = ceil( $item->viewable()->descendants_count(array("type" => "photo")) / $limit); - $feed->title = SafeString::purify($item->title); + $feed->title = html::purify($item->title); $feed->link = url::abs_site("albums/{$item->id}"); - $feed->description = nl2br(SafeString::purify($item->description)); + $feed->description = nl2br(html::purify($item->description)); return $feed; } diff --git a/modules/gallery/helpers/gallery_task.php b/modules/gallery/helpers/gallery_task.php index 8c0e8aa8..c9557324 100644 --- a/modules/gallery/helpers/gallery_task.php +++ b/modules/gallery/helpers/gallery_task.php @@ -64,10 +64,10 @@ class gallery_task_Core { if (!$success) { $ignored[$item->id] = 1; $errors[] = t("Unable to rebuild images for '%title'", - array("title" => SafeString::purify($item->title))); + array("title" => html::purify($item->title))); } else { $errors[] = t("Successfully rebuilt images for '%title'", - array("title" => SafeString::purify($item->title))); + array("title" => html::purify($item->title))); } } diff --git a/modules/gallery/tests/Html_Helper_Test.php b/modules/gallery/tests/Html_Helper_Test.php index 4d934ad5..a9903256 100644 --- a/modules/gallery/tests/Html_Helper_Test.php +++ b/modules/gallery/tests/Html_Helper_Test.php @@ -40,8 +40,8 @@ class Html_Helper_Test extends Unit_Test_Case { $safe_string_2); } - public function escape_for_js_test() { - $string = html::escape_for_js("hello's

                world

                "); + public function clean_js_test() { + $string = html::clean_js("hello's

                world

                "); $this->assert_equal("hello\\'s

                world<\\/p>", $string); } diff --git a/modules/gallery/tests/Xss_Security_Test.php b/modules/gallery/tests/Xss_Security_Test.php index 8e5f8354..16e5a856 100644 --- a/modules/gallery/tests/Xss_Security_Test.php +++ b/modules/gallery/tests/Xss_Security_Test.php @@ -151,7 +151,7 @@ class Xss_Security_Test extends Unit_Test_Case { if (self::_token_matches(array(T_DOUBLE_COLON, "::"), $tokens, $token_number + 1) && self::_token_matches(array(T_STRING), $tokens, $token_number + 2) && in_array($tokens[$token_number + 2][1], - array("clean", "purify", "escape_for_js", "clean_attribute_test")) && + array("clean", "purify", "clean_js", "clean_attribute")) && self::_token_matches("(", $tokens, $token_number + 3)) { // Not checking for mark_safe(). We want such calls to be marked dirty (thus reviewed). @@ -161,7 +161,7 @@ class Xss_Security_Test extends Unit_Test_Case { $token_number += 3; $token = $tokens[$token_number]; - if ("escape_for_js" == $method) { + if ("clean_js" == $method) { $frame->is_safe_js(true); } else { $frame->is_safe_html(true); diff --git a/modules/gallery/views/admin_advanced_settings.html.php b/modules/gallery/views/admin_advanced_settings.html.php index adc15b91..4235e8f8 100644 --- a/modules/gallery/views/admin_advanced_settings.html.php +++ b/modules/gallery/views/admin_advanced_settings.html.php @@ -20,13 +20,13 @@ module_name == "gallery" && $var->name == "_cache") continue ?> module_name ?> - name) ?> + name) ?> - module_name/" . SafeString::of($var->name)) ?>" + module_name/" . html::clean($var->name)) ?>" class="gDialogLink" title=" $var->name, "module_name" => $var->module_name)) ?>"> value): ?> - value) ?> + value) ?> diff --git a/modules/gallery/views/admin_block_log_entries.html.php b/modules/gallery/views/admin_block_log_entries.html.php index b7afb22d..780ff2d0 100644 --- a/modules/gallery/views/admin_block_log_entries.html.php +++ b/modules/gallery/views/admin_block_log_entries.html.php @@ -2,7 +2,7 @@

                • - user_id") ?>">user->name) ?> + user_id") ?>">user->name) ?> timestamp) ?> message ?> html ?> diff --git a/modules/gallery/views/admin_block_photo_stream.html.php b/modules/gallery/views/admin_block_photo_stream.html.php index 732bdc38..a50836ad 100644 --- a/modules/gallery/views/admin_block_photo_stream.html.php +++ b/modules/gallery/views/admin_block_photo_stream.html.php @@ -2,9 +2,9 @@
                  • - id") ?>" title="title) ?>"> + id") ?>" title="title) ?>"> width, $photo->height, 72) ?> - src="thumb_url() ?>" alt="title) ?>" /> + src="thumb_url() ?>" alt="title) ?>" />
                    • diff --git a/modules/gallery/views/admin_languages.html.php b/modules/gallery/views/admin_languages.html.php index 4bee9bb1..052d749b 100644 --- a/modules/gallery/views/admin_languages.html.php +++ b/modules/gallery/views/admin_languages.html.php @@ -40,7 +40,7 @@
                    -

                    SafeString::purify($album->title))) ?>

                    +

                    html::purify($album->title))) ?>

                    diff --git a/modules/organize/views/organize_tree.html.php b/modules/organize/views/organize_tree.html.php index 387d5977..5b676889 100644 --- a/modules/organize/views/organize_tree.html.php +++ b/modules/organize/views/organize_tree.html.php @@ -5,7 +5,7 @@ - title) ?> + title) ?>
                      @@ -17,7 +17,7 @@ " ref="id ?>"> - title) ?> + title) ?> id == $album->id): ?> @@ -29,7 +29,7 @@ - title) ?> + title) ?> diff --git a/modules/rss/views/feed.mrss.php b/modules/rss/views/feed.mrss.php index 7298b7f4..731703c7 100644 --- a/modules/rss/views/feed.mrss.php +++ b/modules/rss/views/feed.mrss.php @@ -6,9 +6,9 @@ xmlns:fh="http://purl.org/syndication/history/1.0"> gallery3 - <?= SafeString::of($feed->title) ?> + <?= html::clean($feed->title) ?> uri ?> - description) ?> + description) ?> en-us @@ -22,25 +22,25 @@ children as $child): ?> - <?= SafeString::of($child->title) ?> + <?= html::clean($child->title) ?> type}s/{$child->id}") ?> type}s/{$child->id}") ?> created); ?> description) ?> + description) ?>

                      type == "photo" || $child->type == "album"): ?>
                      type}s/{$child->id}") ?>">
                      - description) ?> + description) ?>

                      ]]>                       diff --git a/modules/rss/views/rss_block.html.php b/modules/rss/views/rss_block.html.php index cd8db89d..737731b6 100644 --- a/modules/rss/views/rss_block.html.php +++ b/modules/rss/views/rss_block.html.php @@ -5,7 +5,7 @@ - + diff --git a/modules/search/views/search.html.php b/modules/search/views/search.html.php index e5c7b4a6..7963948d 100644 --- a/modules/search/views/search.html.php +++ b/modules/search/views/search.html.php @@ -8,7 +8,7 @@
                      • - +
                      • for_html_attr() ?>" /> @@ -31,10 +31,10 @@ id") ?>"> thumb_img() ?>

                        - title) ?> + title) ?>

                        - description)) ?> + description)) ?>
                        • diff --git a/modules/server_add/views/admin_server_add.html.php b/modules/server_add/views/admin_server_add.html.php index c4439bda..b48a19da 100644 --- a/modules/server_add/views/admin_server_add.html.php +++ b/modules/server_add/views/admin_server_add.html.php @@ -16,7 +16,7 @@ class="gRemoveDir ui-icon ui-icon-trash"> X - +
                      diff --git a/modules/server_add/views/server_add_tree.html.php b/modules/server_add/views/server_add_tree.html.php index 2f65a590..dbae42c5 100644 --- a/modules/server_add/views/server_add_tree.html.php +++ b/modules/server_add/views/server_add_tree.html.php @@ -10,7 +10,7 @@
                    • - +
                        @@ -24,7 +24,7 @@ file=" '\\"')) ?>" > - + diff --git a/modules/server_add/views/server_add_tree_dialog.html.php b/modules/server_add/views/server_add_tree_dialog.html.php index 912e69b6..8eb6e4df 100644 --- a/modules/server_add/views/server_add_tree_dialog.html.php +++ b/modules/server_add/views/server_add_tree_dialog.html.php @@ -5,17 +5,17 @@
                        -

                        SafeString::purify($item->title))) ?>

                        +

                        html::purify($item->title))) ?>

                          parents() as $parent): ?>
                        • - title) ?> + title) ?>
                        • - title) ?> + title) ?>
                        diff --git a/modules/tag/controllers/admin_tags.php b/modules/tag/controllers/admin_tags.php index f1b4ca3a..8b8dde21 100644 --- a/modules/tag/controllers/admin_tags.php +++ b/modules/tag/controllers/admin_tags.php @@ -106,7 +106,7 @@ class Admin_Tags_Controller extends Admin_Controller { array("result" => "success", "location" => url::site("admin/tags"), "tag_id" => $tag->id, - "new_tagname" => SafeString::of($tag->name))); + "new_tagname" => html::clean($tag->name))); } else { print json_encode( array("result" => "error", diff --git a/modules/tag/views/admin_tags.html.php b/modules/tag/views/admin_tags.html.php index 30dd0728..3d805c5e 100644 --- a/modules/tag/views/admin_tags.html.php +++ b/modules/tag/views/admin_tags.html.php @@ -32,7 +32,7 @@ name, 0, 1)) ?> - +
                          $tags_per_column): /* new column */ ?> @@ -42,12 +42,12 @@
                        - + diff --git a/modules/user/controllers/logout.php b/modules/user/controllers/logout.php index 4b141a1c..fc3ced56 100644 --- a/modules/user/controllers/logout.php +++ b/modules/user/controllers/logout.php @@ -24,7 +24,7 @@ class Logout_Controller extends Controller { $user = user::active(); user::logout(); log::info("user", t("User %name logged out", array("name" => $user->name)), - html::anchor("user/$user->id", SafeString::of($user->name))); + html::anchor("user/$user->id", html::clean($user->name))); if ($continue_url = $this->input->get("continue")) { $item = url::get_item_from_uri($continue_url); if (access::can("view", $item)) { diff --git a/modules/user/views/admin_users.html.php b/modules/user/views/admin_users.html.php index 36c4f4fd..9455f9d9 100644 --- a/modules/user/views/admin_users.html.php +++ b/modules/user/views/admin_users.html.php @@ -68,16 +68,16 @@ " title="" - alt="name) ?>" + alt="name) ?>" width="20" height="20" /> - name) ?> + name) ?> - full_name) ?> + full_name) ?> - email) ?> + email) ?> last_login == 0) ? "" : gallery::date($user->last_login) ?> diff --git a/modules/user/views/admin_users_group.html.php b/modules/user/views/admin_users_group.html.php index f89a4392..8418ebc9 100644 --- a/modules/user/views/admin_users_group.html.php +++ b/modules/user/views/admin_users_group.html.php @@ -1,6 +1,6 @@

                        - name) ?> + name) ?> special): ?> id") ?>" title=" $group->name)) ?>" @@ -17,7 +17,7 @@

                          @@ -16,7 +16,7 @@ width="thumb_width ?>" height="thumb_height ?>" /> -

                          title) ?>

                          +

                          title) ?>

                          thumb_bottom($child) ?>
                            thumb_info($child) ?> diff --git a/themes/default/views/header.html.php b/themes/default/views/header.html.php index 9e34401d..dcfa6fd8 100644 --- a/themes/default/views/header.html.php +++ b/themes/default/views/header.html.php @@ -19,10 +19,10 @@
                          • id}?show=$item->id") ?>"> - title) ?> + title) ?>
                            • -
                          • title) ?>
                            • +
                          • title) ?>
                          diff --git a/themes/default/views/movie.html.php b/themes/default/views/movie.html.php index 237743b7..910814dd 100644 --- a/themes/default/views/movie.html.php +++ b/themes/default/views/movie.html.php @@ -28,8 +28,8 @@ movie_img(array("class" => "gMovie", "id" => "gMovieId-{$item->id}")) ?>
                          -

                          title) ?>

                          -
                          description)) ?>
                          +

                          title) ?>

                          +
                          description)) ?>
                          photo_bottom() ?> diff --git a/themes/default/views/photo.html.php b/themes/default/views/photo.html.php index 5b5cb12b..c601c4cc 100644 --- a/themes/default/views/photo.html.php +++ b/themes/default/views/photo.html.php @@ -5,7 +5,7 @@