From c01ac42c4604b3b129e8089e0dc683ebd418b380 Mon Sep 17 00:00:00 2001 From: Andy Staudacher Date: Sat, 29 Aug 2009 12:48:40 -0700 Subject: Refactor all calls of p::clean() to SafeString::of() and p::purify() to SafeString::purify(). Removing any p::clean() calls for arguments to t() and t2() since their args are wrapped in a SafeString anyway. --- modules/comment/views/comment.mrss.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'modules/comment/views/comment.mrss.php') diff --git a/modules/comment/views/comment.mrss.php b/modules/comment/views/comment.mrss.php index 2b5b13c1..ae7762d9 100644 --- a/modules/comment/views/comment.mrss.php +++ b/modules/comment/views/comment.mrss.php @@ -6,9 +6,9 @@ xmlns:fh="http://purl.org/syndication/history/1.0"> Gallery 3 - <?= p::clean($feed->title) ?> + <?= SafeString::of($feed->title) ?> uri ?> - description) ?> + description) ?> en-us @@ -22,14 +22,14 @@ children as $child): ?> - <?= p::purify($child->title) ?> - item_uri) ?> - author) ?> + <?= SafeString::purify($child->title) ?> + item_uri) ?> + author) ?> item_uri ?> pub_date ?> text)) ?>

+

text)) ?>

-- cgit v1.2.3 From b9bd1681a3b1496c0f1bbe5e6254ab4fd0c9fe30 Mon Sep 17 00:00:00 2001 From: Andy Staudacher Date: Sat, 29 Aug 2009 22:54:20 -0700 Subject: Update all code to use helper method html::clean(), html::purify(), ... instead of SafeString directly. --- modules/comment/controllers/comments.php | 8 ++++---- modules/comment/helpers/comment_rss.php | 8 ++++---- modules/comment/views/admin_block_recent_comments.html.php | 6 +++--- modules/comment/views/admin_comments.html.php | 10 +++++----- modules/comment/views/comment.html.php | 6 +++--- modules/comment/views/comment.mrss.php | 12 ++++++------ modules/comment/views/comments.html.php | 6 +++--- modules/digibug/controllers/digibug.php | 2 +- modules/exif/views/exif_dialog.html.php | 4 ++-- modules/g2_import/helpers/g2_import.php | 2 +- modules/gallery/controllers/admin_advanced_settings.php | 2 +- modules/gallery/controllers/quick.php | 10 +++++----- modules/gallery/helpers/MY_html.php | 4 ++-- modules/gallery/helpers/gallery_rss.php | 4 ++-- modules/gallery/helpers/gallery_task.php | 4 ++-- modules/gallery/tests/Html_Helper_Test.php | 4 ++-- modules/gallery/tests/Xss_Security_Test.php | 4 ++-- modules/gallery/views/admin_advanced_settings.html.php | 6 +++--- modules/gallery/views/admin_block_log_entries.html.php | 2 +- modules/gallery/views/admin_block_photo_stream.html.php | 4 ++-- modules/gallery/views/admin_languages.html.php | 4 ++-- modules/gallery/views/admin_maintenance.html.php | 4 ++-- modules/gallery/views/admin_maintenance_show_log.html.php | 2 +- modules/gallery/views/move_tree.html.php | 8 ++++---- modules/gallery/views/permissions_browse.html.php | 4 ++-- modules/gallery/views/permissions_form.html.php | 2 +- modules/gallery/views/simple_uploader.html.php | 14 +++++++------- modules/info/views/info_block.html.php | 10 +++++----- modules/notification/views/comment_published.html.php | 12 ++++++------ modules/notification/views/item_added.html.php | 8 ++++---- modules/notification/views/item_deleted.html.php | 6 +++--- modules/notification/views/item_updated.html.php | 12 ++++++------ modules/organize/views/organize_dialog.html.php | 2 +- modules/organize/views/organize_tree.html.php | 6 +++--- modules/rss/views/feed.mrss.php | 14 +++++++------- modules/rss/views/rss_block.html.php | 2 +- modules/search/views/search.html.php | 6 +++--- modules/server_add/views/admin_server_add.html.php | 2 +- modules/server_add/views/server_add_tree.html.php | 4 ++-- modules/server_add/views/server_add_tree_dialog.html.php | 6 +++--- modules/tag/controllers/admin_tags.php | 2 +- modules/tag/views/admin_tags.html.php | 6 +++--- modules/tag/views/tag_cloud.html.php | 2 +- modules/user/controllers/logout.php | 2 +- modules/user/views/admin_users.html.php | 8 ++++---- modules/user/views/admin_users_group.html.php | 4 ++-- modules/user/views/login.html.php | 2 +- themes/default/views/album.html.php | 6 +++--- themes/default/views/dynamic.html.php | 4 ++-- themes/default/views/header.html.php | 4 ++-- themes/default/views/movie.html.php | 4 ++-- themes/default/views/photo.html.php | 6 +++--- 52 files changed, 143 insertions(+), 143 deletions(-) (limited to 'modules/comment/views/comment.mrss.php') diff --git a/modules/comment/controllers/comments.php b/modules/comment/controllers/comments.php index 87633f4c..82b12893 100644 --- a/modules/comment/controllers/comments.php +++ b/modules/comment/controllers/comments.php @@ -39,9 +39,9 @@ class Comments_Controller extends REST_Controller { foreach ($comments as $comment) { $data[] = array( "id" => $comment->id, - "author_name" => SafeString::of($comment->author_name()), + "author_name" => html::clean($comment->author_name()), "created" => $comment->created, - "text" => nl2br(SafeString::purify($comment->text))); + "text" => nl2br(html::purify($comment->text))); } print json_encode($data); break; @@ -126,9 +126,9 @@ class Comments_Controller extends REST_Controller { array("result" => "success", "data" => array( "id" => $comment->id, - "author_name" => SafeString::of($comment->author_name()), + "author_name" => html::clean($comment->author_name()), "created" => $comment->created, - "text" => nl2br(SafeString::purify($comment->text))))); + "text" => nl2br(html::purify($comment->text))))); } else { $view = new Theme_View("comment.html", "fragment"); $view->comment = $comment; diff --git a/modules/comment/helpers/comment_rss.php b/modules/comment/helpers/comment_rss.php index 4151dcd0..b539887b 100644 --- a/modules/comment/helpers/comment_rss.php +++ b/modules/comment/helpers/comment_rss.php @@ -23,7 +23,7 @@ class comment_rss_Core { $feeds["comment/newest"] = t("All new comments"); if ($item) { $feeds["comment/item/$item->id"] = - t("Comments on %title", array("title" => SafeString::purify($item->title))); + t("Comments on %title", array("title" => html::purify($item->title))); } return $feeds; } @@ -49,13 +49,13 @@ class comment_rss_Core { $item = $comment->item(); $feed->children[] = new ArrayObject( array("pub_date" => date("D, d M Y H:i:s T", $comment->created), - "text" => nl2br(SafeString::purify($comment->text)), + "text" => nl2br(html::purify($comment->text)), "thumb_url" => $item->thumb_url(), "thumb_height" => $item->thumb_height, "thumb_width" => $item->thumb_width, "item_uri" => url::abs_site("{$item->type}s/$item->id"), - "title" => SafeString::purify($item->title), - "author" => SafeString::of($comment->author_name())), + "title" => html::purify($item->title), + "author" => html::clean($comment->author_name())), ArrayObject::ARRAY_AS_PROPS); } diff --git a/modules/comment/views/admin_block_recent_comments.html.php b/modules/comment/views/admin_block_recent_comments.html.php index 2c7a5cf1..dc3975e0 100644 --- a/modules/comment/views/admin_block_recent_comments.html.php +++ b/modules/comment/views/admin_block_recent_comments.html.php @@ -4,13 +4,13 @@

  • "> " class="gAvatar" - alt="author_name()) ?>" + alt="author_name()) ?>" width="32" height="32" /> created) ?> %author_name said %comment_text', - array("author_name" => SafeString::of($comment->author_name()), - "comment_text" => text::limit_words(nl2br(SafeString::purify($comment->text)), 50))); ?> + array("author_name" => html::clean($comment->author_name()), + "comment_text" => text::limit_words(nl2br(html::purify($comment->text)), 50))); ?>
    • diff --git a/modules/comment/views/admin_comments.html.php b/modules/comment/views/admin_comments.html.php index 8b0b4c29..801ce2b3 100644 --- a/modules/comment/views/admin_comments.html.php +++ b/modules/comment/views/admin_comments.html.php @@ -108,12 +108,12 @@ " class="gAvatar" - alt="author_name()) ?>" + alt="author_name()) ?>" width="40" height="40" /> -

    author_name()) ?>

    +

    author_name()) ?>

    @@ -122,7 +122,7 @@ has_thumb()): ?> <?= SafeString::purify($item->title) ?>thumb_width, $item->thumb_height, 75) ?> /> @@ -132,7 +132,7 @@

    created) ?>

    - text)) ?> + text)) ?>
      diff --git a/modules/comment/views/comment.html.php b/modules/comment/views/comment.html.php index 31bb7f4d..1d0786cb 100644 --- a/modules/comment/views/comment.html.php +++ b/modules/comment/views/comment.html.php @@ -4,15 +4,15 @@ " class="gAvatar" - alt="author_name()) ?>" + alt="author_name()) ?>" width="40" height="40" /> gallery::date_time($comment->created), - "author_name" => SafeString::of($comment->author_name()))) ?> + "author_name" => html::clean($comment->author_name()))) ?>

      - text)) ?> + text)) ?>
      diff --git a/modules/comment/views/comment.mrss.php b/modules/comment/views/comment.mrss.php index ae7762d9..c2a4b538 100644 --- a/modules/comment/views/comment.mrss.php +++ b/modules/comment/views/comment.mrss.php @@ -6,9 +6,9 @@ xmlns:fh="http://purl.org/syndication/history/1.0"> Gallery 3 - <?= SafeString::of($feed->title) ?> + <?= html::clean($feed->title) ?> uri ?> - description) ?> + description) ?> en-us @@ -22,14 +22,14 @@ children as $child): ?> - <?= SafeString::purify($child->title) ?> - item_uri) ?> - author) ?> + <?= html::purify($child->title) ?> + item_uri) ?> + author) ?> item_uri ?> pub_date ?> text)) ?>

      +

      text)) ?>

      diff --git a/modules/comment/views/comments.html.php b/modules/comment/views/comments.html.php index 9eac0502..1e45c946 100644 --- a/modules/comment/views/comments.html.php +++ b/modules/comment/views/comments.html.php @@ -18,16 +18,16 @@ " class="gAvatar" - alt="author_name()) ?>" + alt="author_name()) ?>" width="40" height="40" /> %name said', array("date" => date("Y-M-d H:i:s", $comment->created), - "name" => SafeString::of($comment->author_name()))); ?> + "name" => html::clean($comment->author_name()))); ?>

      - text)) ?> + text)) ?>
      diff --git a/modules/digibug/controllers/digibug.php b/modules/digibug/controllers/digibug.php index 509a8b70..0939704b 100644 --- a/modules/digibug/controllers/digibug.php +++ b/modules/digibug/controllers/digibug.php @@ -50,7 +50,7 @@ class Digibug_Controller extends Controller { "image_width_1" => $item->width, "thumb_height_1" => $item->thumb_height, "thumb_width_1" => $item->thumb_width, - "title_1" => SafeString::purify($item->title)); + "title_1" => html::purify($item->title)); print $v; } diff --git a/modules/exif/views/exif_dialog.html.php b/modules/exif/views/exif_dialog.html.php index a981ca09..11d1e212 100644 --- a/modules/exif/views/exif_dialog.html.php +++ b/modules/exif/views/exif_dialog.html.php @@ -14,14 +14,14 @@ - + - + diff --git a/modules/g2_import/helpers/g2_import.php b/modules/g2_import/helpers/g2_import.php index a01ca1db..7e5c6f75 100644 --- a/modules/g2_import/helpers/g2_import.php +++ b/modules/g2_import/helpers/g2_import.php @@ -590,7 +590,7 @@ class g2_import_Core { self::map($g2_comment->getId(), $comment->id); return t("Imported comment '%comment' for item with id: %id", array("id" => $comment->item_id, - "comment" => text::limit_words(nl2br(SafeString::purify($comment->text)), 50))); + "comment" => text::limit_words(nl2br(html::purify($comment->text)), 50))); } /** diff --git a/modules/gallery/controllers/admin_advanced_settings.php b/modules/gallery/controllers/admin_advanced_settings.php index d727b654..43c77340 100644 --- a/modules/gallery/controllers/admin_advanced_settings.php +++ b/modules/gallery/controllers/admin_advanced_settings.php @@ -46,7 +46,7 @@ class Admin_Advanced_Settings_Controller extends Admin_Controller { module::set_var($module_name, $var_name, Input::instance()->post("value")); message::success( t("Saved value for %var (%module_name)", - array("var" => SafeString::of($var_name), "module_name" => $module_name))); + array("var" => html::clean($var_name), "module_name" => $module_name))); print json_encode(array("result" => "success")); } diff --git a/modules/gallery/controllers/quick.php b/modules/gallery/controllers/quick.php index 8fddb563..20731f9c 100644 --- a/modules/gallery/controllers/quick.php +++ b/modules/gallery/controllers/quick.php @@ -75,7 +75,7 @@ class Quick_Controller extends Controller { access::required("view", $item->parent()); access::required("edit", $item->parent()); - $msg = t("Made %title this album's cover", array("title" => SafeString::purify($item->title))); + $msg = t("Made %title this album's cover", array("title" => html::purify($item->title))); item::make_album_cover($item); message::success($msg); @@ -91,10 +91,10 @@ class Quick_Controller extends Controller { if ($item->is_album()) { print t( "Delete the album %title? All photos and movies in the album will also be deleted.", - array("title" => SafeString::purify($item->title))); + array("title" => html::purify($item->title))); } else { print t("Are you sure you want to delete %title?", - array("title" => SafeString::purify($item->title))); + array("title" => html::purify($item->title))); } $form = item::get_delete_form($item); @@ -108,9 +108,9 @@ class Quick_Controller extends Controller { access::required("edit", $item); if ($item->is_album()) { - $msg = t("Deleted album %title", array("title" => SafeString::purify($item->title))); + $msg = t("Deleted album %title", array("title" => html::purify($item->title))); } else { - $msg = t("Deleted photo %title", array("title" => SafeString::purify($item->title))); + $msg = t("Deleted photo %title", array("title" => html::purify($item->title))); } $parent = $item->parent(); diff --git a/modules/gallery/helpers/MY_html.php b/modules/gallery/helpers/MY_html.php index eb388811..75114898 100644 --- a/modules/gallery/helpers/MY_html.php +++ b/modules/gallery/helpers/MY_html.php @@ -65,11 +65,11 @@ class html extends html_Core { * * Example:
          *   
 
      
-  
       SafeString::purify($album->title))) ?>
      
+  
       html::purify($album->title))) ?>
      
   
      
     
      
       
      
diff --git a/modules/organize/views/organize_tree.html.php b/modules/organize/views/organize_tree.html.php
index 387d5977..5b676889 100644
--- a/modules/organize/views/organize_tree.html.php
+++ b/modules/organize/views/organize_tree.html.php
@@ -5,7 +5,7 @@
   
   
   
-    title) ?>
+    title) ?>
   
   
        
     
@@ -17,7 +17,7 @@
       
       "
             ref="id ?>">
-        title) ?>
+        title) ?>
       
 
       id == $album->id): ?>
@@ -29,7 +29,7 @@
           
           
-            title) ?>
+            title) ?>
           
         
         
diff --git a/modules/rss/views/feed.mrss.php b/modules/rss/views/feed.mrss.php
index 7298b7f4..731703c7 100644
--- a/modules/rss/views/feed.mrss.php
+++ b/modules/rss/views/feed.mrss.php
@@ -6,9 +6,9 @@
    xmlns:fh="http://purl.org/syndication/history/1.0">
   
     gallery3
-    <?= SafeString::of($feed->title) ?>
+    <?= html::clean($feed->title) ?>
     uri ?>
-    description) ?>
+    description) ?>
     en-us
     
     
@@ -22,25 +22,25 @@
     
     children as $child): ?>
     
-      <?= SafeString::of($child->title) ?>
+      <?= html::clean($child->title) ?>
       type}s/{$child->id}") ?>
       type}s/{$child->id}") ?>
       created); ?>
       
         description) ?>
+          description) ?>
           
        
           type == "photo" || $child->type == "album"): ?>
             
        
           
             type}s/{$child->id}") ?>">
             
        
           
-            description) ?>
+            description) ?>
           
        
         ]]>
               
diff --git a/modules/rss/views/rss_block.html.php b/modules/rss/views/rss_block.html.php
index cd8db89d..737731b6 100644
--- a/modules/rss/views/rss_block.html.php
+++ b/modules/rss/views/rss_block.html.php
@@ -5,7 +5,7 @@
     
     
       
-      
+      
     
     
   
diff --git a/modules/search/views/search.html.php b/modules/search/views/search.html.php
index e5c7b4a6..7963948d 100644
--- a/modules/search/views/search.html.php
+++ b/modules/search/views/search.html.php
@@ -8,7 +8,7 @@
     
          
       
        • 
         
-        
+        
       
          • 
       
        • 
         for_html_attr() ?>" />
@@ -31,10 +31,10 @@
       id") ?>">
         thumb_img() ?>
         
          
-    title) ?>
+    title) ?>
         
          
         
          
-    description)) ?>
+    description)) ?>
         
          
                 
     
          • 
diff --git a/modules/server_add/views/admin_server_add.html.php b/modules/server_add/views/admin_server_add.html.php
index c4439bda..b48a19da 100644
--- a/modules/server_add/views/admin_server_add.html.php
+++ b/modules/server_add/views/admin_server_add.html.php
@@ -16,7 +16,7 @@
            class="gRemoveDir ui-icon ui-icon-trash">
           X
         
-        
+        
       
       
     
        
diff --git a/modules/server_add/views/server_add_tree.html.php b/modules/server_add/views/server_add_tree.html.php
index 2f65a590..dbae42c5 100644
--- a/modules/server_add/views/server_add_tree.html.php
+++ b/modules/server_add/views/server_add_tree.html.php
@@ -10,7 +10,7 @@
     
      • 
       
       
-        
+        
       
       
          
         
@@ -24,7 +24,7 @@
                 
                 file=" '\\"')) ?>"
                 >
-            
+            
           
         
         
diff --git a/modules/server_add/views/server_add_tree_dialog.html.php b/modules/server_add/views/server_add_tree_dialog.html.php
index 912e69b6..8eb6e4df 100644
--- a/modules/server_add/views/server_add_tree_dialog.html.php
+++ b/modules/server_add/views/server_add_tree_dialog.html.php
@@ -5,17 +5,17 @@
 
 
 
          
-  
           SafeString::purify($item->title))) ?>
          
+  
           html::purify($item->title))) ?>
          
 
   
          
   
            
     parents() as $parent): ?>
     
          • 
-      title) ?>
+      title) ?>
     
            • 
     
     
          • 
-      title) ?>
+      title) ?>
     
            • 
   
          
 
diff --git a/modules/tag/controllers/admin_tags.php b/modules/tag/controllers/admin_tags.php
index f1b4ca3a..8b8dde21 100644
--- a/modules/tag/controllers/admin_tags.php
+++ b/modules/tag/controllers/admin_tags.php
@@ -106,7 +106,7 @@ class Admin_Tags_Controller extends Admin_Controller {
         array("result" => "success",
               "location" => url::site("admin/tags"),
               "tag_id" => $tag->id,
-              "new_tagname" => SafeString::of($tag->name)));
+              "new_tagname" => html::clean($tag->name)));
     } else {
       print json_encode(
         array("result" => "error",
diff --git a/modules/tag/views/admin_tags.html.php b/modules/tag/views/admin_tags.html.php
index 30dd0728..3d805c5e 100644
--- a/modules/tag/views/admin_tags.html.php
+++ b/modules/tag/views/admin_tags.html.php
@@ -32,7 +32,7 @@
           name, 0, 1)) ?>
 
           
-            
+            
             
            
           
              $tags_per_column): /* new column */ ?>
@@ -42,12 +42,12 @@
             
 
             
          
-            
+            
             
diff --git a/modules/user/controllers/logout.php b/modules/user/controllers/logout.php
index 4b141a1c..fc3ced56 100644
--- a/modules/user/controllers/logout.php
+++ b/modules/user/controllers/logout.php
@@ -24,7 +24,7 @@ class Logout_Controller extends Controller {
     $user = user::active();
     user::logout();
     log::info("user", t("User %name logged out", array("name" => $user->name)),
-              html::anchor("user/$user->id", SafeString::of($user->name)));
+              html::anchor("user/$user->id", html::clean($user->name)));
     if ($continue_url = $this->input->get("continue")) {
       $item = url::get_item_from_uri($continue_url);
       if (access::can("view", $item)) {
diff --git a/modules/user/views/admin_users.html.php b/modules/user/views/admin_users.html.php
index 36c4f4fd..9455f9d9 100644
--- a/modules/user/views/admin_users.html.php
+++ b/modules/user/views/admin_users.html.php
@@ -68,16 +68,16 @@
         
           "
                title=""
-               alt="name) ?>"
+               alt="name) ?>"
                width="20"
                height="20" />
-          name) ?>
+          name) ?>
         
         
-          full_name) ?>
+          full_name) ?>
         
         
-          email) ?>
+          email) ?>
         
         
           last_login == 0) ? "" : gallery::date($user->last_login) ?>
diff --git a/modules/user/views/admin_users_group.html.php b/modules/user/views/admin_users_group.html.php
index f89a4392..8418ebc9 100644
--- a/modules/user/views/admin_users_group.html.php
+++ b/modules/user/views/admin_users_group.html.php
@@ -1,6 +1,6 @@
 
 
          
-  name) ?>
+  name) ?>
   special): ?>
   id") ?>"
     title=" $group->name)) ?>"
@@ -17,7 +17,7 @@
 
          
 
 
            
@@ -16,7 +16,7 @@
            width="thumb_width ?>"
            height="thumb_height ?>" />
     
-    
            title) ?>
            
+    
            title) ?>
            
     thumb_bottom($child) ?>
     
              
       thumb_info($child) ?>
diff --git a/themes/default/views/header.html.php b/themes/default/views/header.html.php
index 9e34401d..dcfa6fd8 100644
--- a/themes/default/views/header.html.php
+++ b/themes/default/views/header.html.php
@@ -19,10 +19,10 @@
   
   
            • 
     id}?show=$item->id") ?>">
-      title) ?>
+      title) ?>
     
   
              • 
   
-  
            • title) ?>
              • 
+  
            • title) ?>
              • 
 
            
 
diff --git a/themes/default/views/movie.html.php b/themes/default/views/movie.html.php
index 237743b7..910814dd 100644
--- a/themes/default/views/movie.html.php
+++ b/themes/default/views/movie.html.php
@@ -28,8 +28,8 @@
   movie_img(array("class" => "gMovie", "id" => "gMovieId-{$item->id}")) ?>
 
   
            
-    
            title) ?>
            
-       
            description)) ?>
            
+    
            title) ?>
            
+       
            description)) ?>
            
   
            
 
   photo_bottom() ?>
diff --git a/themes/default/views/photo.html.php b/themes/default/views/photo.html.php
index 5b5cb12b..c601c4cc 100644
--- a/themes/default/views/photo.html.php
+++ b/themes/default/views/photo.html.php
@@ -5,7 +5,7 @@