From 52147cf6f857c4c54a2f3d753e72b27b5141d028 Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Mon, 3 Aug 2009 21:45:54 -0700
Subject: Combine the quick menu and the thumb menu into a single menu called
 the "context" menu.

This new context menu is generated using the typical event processing
system, like our other menus.  The specialized quick CSS and JS is now
gone, replaced by our generic menu handling code.  It's all rolled
together currently using the thumb_menu UI for easy packaging.  All
the CSS and JS is updated.

NOTE: the non-dialog links (rotate, album_cover) have a broken UI
because they return JSON which the quick.js code handled specially,
but we don't handle properly now.  I need to fix this.
---
 modules/gallery/controllers/quick.php | 14 --------------
 1 file changed, 14 deletions(-)

(limited to 'modules/gallery/controllers/quick.php')

diff --git a/modules/gallery/controllers/quick.php b/modules/gallery/controllers/quick.php
index de027c1b..82176e02 100644
--- a/modules/gallery/controllers/quick.php
+++ b/modules/gallery/controllers/quick.php
@@ -18,20 +18,6 @@
  * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
  */
 class Quick_Controller extends Controller {
-  public function pane($id) {
-    $item = model_cache::get("item", $id);
-    if (!access::can("view", $item) || !access::can("edit", $item)) {
-      return "";
-    }
-
-    $view = new View("quick_pane.html");
-    $page_type = Input::instance()->get("page_type");
-    $view->button_list = gallery_quick::get_quick_buttons($item, $page_type);
-    $view->item = $item;
-    $view->page_type = $page_type;
-    print $view;
-  }
-
   public function rotate($id, $dir) {
     access::verify_csrf();
     $item = model_cache::get("item", $id);
-- 
cgit v1.2.3


From c01ac42c4604b3b129e8089e0dc683ebd418b380 Mon Sep 17 00:00:00 2001
From: Andy Staudacher <andy.st@gmail.com>
Date: Sat, 29 Aug 2009 12:48:40 -0700
Subject: Refactor all calls of p::clean() to SafeString::of() and p::purify()
 to SafeString::purify().

Removing any p::clean() calls for arguments to t() and t2() since their args are wrapped in a SafeString anyway.
---
 modules/comment/controllers/comments.php           |  8 +++---
 modules/comment/helpers/comment_rss.php            |  8 +++---
 .../views/admin_block_recent_comments.html.php     |  6 ++---
 modules/comment/views/admin_comments.html.php      | 10 ++++----
 modules/comment/views/comment.html.php             |  6 ++---
 modules/comment/views/comment.mrss.php             | 12 ++++-----
 modules/comment/views/comments.html.php            |  6 ++---
 modules/digibug/controllers/digibug.php            |  2 +-
 modules/exif/views/exif_dialog.html.php            |  4 +--
 modules/g2_import/helpers/g2_import.php            |  2 +-
 .../controllers/admin_advanced_settings.php        |  2 +-
 modules/gallery/controllers/movies.php             |  2 +-
 modules/gallery/controllers/photos.php             |  2 +-
 modules/gallery/controllers/quick.php              | 10 ++++----
 modules/gallery/helpers/gallery_rss.php            |  4 +--
 modules/gallery/helpers/gallery_task.php           |  4 +--
 modules/gallery/helpers/p.php                      | 29 ----------------------
 .../gallery/views/admin_advanced_settings.html.php |  8 +++---
 .../gallery/views/admin_block_log_entries.html.php |  2 +-
 .../views/admin_block_photo_stream.html.php        |  4 +--
 modules/gallery/views/admin_maintenance.html.php   |  2 +-
 .../views/admin_maintenance_show_log.html.php      |  2 +-
 modules/gallery/views/after_install.html.php       |  2 +-
 modules/gallery/views/move_tree.html.php           |  8 +++---
 modules/gallery/views/permissions_browse.html.php  |  4 +--
 modules/gallery/views/permissions_form.html.php    |  2 +-
 modules/gallery/views/simple_uploader.html.php     |  6 ++---
 modules/info/views/info_block.html.php             | 10 ++++----
 .../notification/views/comment_published.html.php  | 12 ++++-----
 modules/notification/views/item_added.html.php     |  8 +++---
 modules/notification/views/item_deleted.html.php   |  6 ++---
 modules/notification/views/item_updated.html.php   | 12 ++++-----
 modules/organize/controllers/organize.php          | 10 ++++----
 modules/organize/views/organize.html.php           |  2 +-
 modules/organize/views/organize_album.html.php     |  2 +-
 modules/rss/views/feed.mrss.php                    | 14 +++++------
 modules/search/views/search.html.php               | 10 ++++----
 .../server_add/controllers/admin_server_add.php    |  4 +--
 modules/server_add/views/server_add_tree.html.php  |  2 +-
 .../views/server_add_tree_dialog.html.php          |  6 ++---
 modules/tag/controllers/admin_tags.php             |  8 +++---
 modules/tag/helpers/tag_rss.php                    |  2 +-
 modules/tag/views/admin_tags.html.php              |  2 +-
 modules/tag/views/tag_cloud.html.php               |  2 +-
 modules/user/controllers/admin_users.php           | 14 +++++------
 modules/user/controllers/login.php                 |  4 +--
 modules/user/controllers/logout.php                |  4 +--
 modules/user/controllers/password.php              |  2 +-
 modules/user/views/admin_users.html.php            |  8 +++---
 modules/user/views/admin_users_group.html.php      |  8 +++---
 modules/user/views/login.html.php                  |  6 ++---
 modules/user/views/reset_password.html.php         |  2 +-
 system/helpers/request.php                         |  2 +-
 themes/default/views/album.html.php                |  4 +--
 themes/default/views/dynamic.html.php              |  4 +--
 themes/default/views/header.html.php               |  4 +--
 themes/default/views/movie.html.php                |  4 +--
 themes/default/views/page.html.php                 |  8 +++---
 themes/default/views/photo.html.php                |  4 +--
 59 files changed, 159 insertions(+), 188 deletions(-)
 delete mode 100644 modules/gallery/helpers/p.php

(limited to 'modules/gallery/controllers/quick.php')

diff --git a/modules/comment/controllers/comments.php b/modules/comment/controllers/comments.php
index 9fb4796e..87633f4c 100644
--- a/modules/comment/controllers/comments.php
+++ b/modules/comment/controllers/comments.php
@@ -39,9 +39,9 @@ class Comments_Controller extends REST_Controller {
       foreach ($comments as $comment) {
         $data[] = array(
           "id" => $comment->id,
-          "author_name" => p::clean($comment->author_name()),
+          "author_name" => SafeString::of($comment->author_name()),
           "created" => $comment->created,
-          "text" => nl2br(p::purify($comment->text)));
+          "text" => nl2br(SafeString::purify($comment->text)));
       }
       print json_encode($data);
       break;
@@ -126,9 +126,9 @@ class Comments_Controller extends REST_Controller {
         array("result" => "success",
               "data" => array(
                 "id" => $comment->id,
-                "author_name" => p::clean($comment->author_name()),
+                "author_name" => SafeString::of($comment->author_name()),
                 "created" => $comment->created,
-                "text" => nl2br(p::purify($comment->text)))));
+                "text" => nl2br(SafeString::purify($comment->text)))));
     } else {
       $view = new Theme_View("comment.html", "fragment");
       $view->comment = $comment;
diff --git a/modules/comment/helpers/comment_rss.php b/modules/comment/helpers/comment_rss.php
index ab3d2283..d0f15010 100644
--- a/modules/comment/helpers/comment_rss.php
+++ b/modules/comment/helpers/comment_rss.php
@@ -23,7 +23,7 @@ class comment_rss_Core {
     $feeds["comment/newest"] = t("All new comments");
     if ($item) {
       $feeds["comment/item/$item->id"] =
-        t("Comments on %title", array("title" => p::purify($item->title)));
+        t("Comments on %title", array("title" => SafeString::purify($item->title)));
     }
     return $feeds;
   }
@@ -53,13 +53,13 @@ class comment_rss_Core {
         $item = $comment->item();
         $feed->children[] = new ArrayObject(
           array("pub_date" => date("D, d M Y H:i:s T", $comment->created),
-                "text" => nl2br(p::purify($comment->text)),
+                "text" => nl2br(SafeString::purify($comment->text)),
                 "thumb_url" => $item->thumb_url(),
                 "thumb_height" => $item->thumb_height,
                 "thumb_width" => $item->thumb_width,
                 "item_uri" => url::abs_site("{$item->type}s/$item->id"),
-                "title" => p::purify($item->title),
-                "author" => p::clean($comment->author_name())),
+                "title" => SafeString::purify($item->title),
+                "author" => SafeString::of($comment->author_name())),
           ArrayObject::ARRAY_AS_PROPS);
       }
 
diff --git a/modules/comment/views/admin_block_recent_comments.html.php b/modules/comment/views/admin_block_recent_comments.html.php
index 516a8181..2c7a5cf1 100644
--- a/modules/comment/views/admin_block_recent_comments.html.php
+++ b/modules/comment/views/admin_block_recent_comments.html.php
@@ -4,13 +4,13 @@
   <li class="<?= ($i % 2 == 0) ? "gEvenRow" : "gOddRow" ?>">
     <img src="<?= $comment->author()->avatar_url(32, $theme->url("images/avatar.jpg", true)) ?>"
          class="gAvatar"
-         alt="<?= p::clean($comment->author_name()) ?>"
+         alt="<?= SafeString::of($comment->author_name()) ?>"
          width="32"
          height="32" />
     <?= gallery::date_time($comment->created) ?>
     <?= t('<a href="#">%author_name</a> said <em>%comment_text</em>',
-          array("author_name" => p::clean($comment->author_name()),
-                "comment_text" => text::limit_words(nl2br(p::purify($comment->text)), 50))); ?>
+          array("author_name" => SafeString::of($comment->author_name()),
+                "comment_text" => text::limit_words(nl2br(SafeString::purify($comment->text)), 50))); ?>
   </li>
   <? endforeach ?>
 </ul>
diff --git a/modules/comment/views/admin_comments.html.php b/modules/comment/views/admin_comments.html.php
index 9fe7164b..b27e3166 100644
--- a/modules/comment/views/admin_comments.html.php
+++ b/modules/comment/views/admin_comments.html.php
@@ -108,12 +108,12 @@
         <a href="#">
           <img src="<?= $comment->author()->avatar_url(40, $theme->url("images/avatar.jpg", true)) ?>"
                class="gAvatar"
-               alt="<?= p::clean($comment->author_name()) ?>"
+               alt="<?= SafeString::of($comment->author_name()) ?>"
                width="40"
                height="40" />
         </a>
-        <p><a href="mailto:<?= p::clean($comment->author_email()) ?>"
-              title="<?= p::clean($comment->author_email()) ?>"> <?= p::clean($comment->author_name()) ?> </a></p>
+        <p><a href="mailto:<?= SafeString::of($comment->author_email()) ?>"
+              title="<?= SafeString::of($comment->author_email()) ?>"> <?= SafeString::of($comment->author_name()) ?> </a></p>
       </td>
       <td>
         <div class="right">
@@ -122,7 +122,7 @@
             <a href="<?= $item->url() ?>">
               <? if ($item->has_thumb()): ?>
               <img src="<?= $item->thumb_url() ?>"
-                 alt="<?= p::purify($item->title) ?>"
+                 alt="<?= SafeString::purify($item->title) ?>"
                  <?= photo::img_dimensions($item->thumb_width, $item->thumb_height, 75) ?>
               />
               <? else: ?>
@@ -132,7 +132,7 @@
           </div>
         </div>
         <p><?= gallery::date($comment->created) ?></p>
-           <?= nl2br(p::purify($comment->text)) ?>
+           <?= nl2br(SafeString::purify($comment->text)) ?>
       </td>
       <td>
         <ul class="gButtonSetVertical">
diff --git a/modules/comment/views/comment.html.php b/modules/comment/views/comment.html.php
index 3d17411c..31bb7f4d 100644
--- a/modules/comment/views/comment.html.php
+++ b/modules/comment/views/comment.html.php
@@ -4,15 +4,15 @@
     <a href="#">
       <img src="<?= $comment->author()->avatar_url(40, $theme->url("images/avatar.jpg", true)) ?>"
            class="gAvatar"
-           alt="<?= p::clean($comment->author_name()) ?>"
+           alt="<?= SafeString::of($comment->author_name()) ?>"
            width="40"
            height="40" />
     </a>
     <?= t("on %date_time, %author_name said",
           array("date_time" => gallery::date_time($comment->created),
-                "author_name" => p::clean($comment->author_name()))) ?>
+                "author_name" => SafeString::of($comment->author_name()))) ?>
   </p>
   <div>
-  <?= nl2br(p::purify($comment->text)) ?>
+  <?= nl2br(SafeString::purify($comment->text)) ?>
   </div>
 </li>
diff --git a/modules/comment/views/comment.mrss.php b/modules/comment/views/comment.mrss.php
index 2b5b13c1..ae7762d9 100644
--- a/modules/comment/views/comment.mrss.php
+++ b/modules/comment/views/comment.mrss.php
@@ -6,9 +6,9 @@
    xmlns:fh="http://purl.org/syndication/history/1.0">
   <channel>
     <generator>Gallery 3</generator>
-    <title><?= p::clean($feed->title) ?></title>
+    <title><?= SafeString::of($feed->title) ?></title>
     <link><?= $feed->uri ?></link>
-    <description><?= p::clean($feed->description) ?></description>
+    <description><?= SafeString::of($feed->description) ?></description>
     <language>en-us</language>
     <atom:link rel="self" href="<?= $feed->uri ?>" type="application/rss+xml" />
     <fh:complete/>
@@ -22,14 +22,14 @@
     <lastBuildDate><?= $pub_date ?></lastBuildDate>
     <? foreach ($feed->children as $child): ?>
     <item>
-      <title><?= p::purify($child->title) ?></title>
-      <link><?= p::clean($child->item_uri) ?></link>
-      <author><?= p::clean($child->author) ?></author>
+      <title><?= SafeString::purify($child->title) ?></title>
+      <link><?= SafeString::of($child->item_uri) ?></link>
+      <author><?= SafeString::of($child->author) ?></author>
       <guid isPermaLink="true"><?= $child->item_uri ?></guid>
       <pubDate><?= $child->pub_date ?></pubDate>
       <content:encoded>
         <![CDATA[
-          <p><?= nl2br(p::purify($child->text)) ?></p>
+          <p><?= nl2br(SafeString::purify($child->text)) ?></p>
           <p>
             <img alt="" src="<?= $child->thumb_url ?>"
                  height="<?= $child->thumb_height ?>" width="<?= $child->thumb_width ?>" />
diff --git a/modules/comment/views/comments.html.php b/modules/comment/views/comments.html.php
index f7251389..7941b7da 100644
--- a/modules/comment/views/comments.html.php
+++ b/modules/comment/views/comments.html.php
@@ -12,16 +12,16 @@
       <a href="#">
         <img src="<?= $comment->author()->avatar_url(40, $theme->url("images/avatar.jpg", true)) ?>"
              class="gAvatar"
-             alt="<?= p::clean($comment->author_name()) ?>"
+             alt="<?= SafeString::of($comment->author_name()) ?>"
              width="40"
              height="40" />
       </a>
       <?= t('on %date <a href="#">%name</a> said',
             array("date" => date("Y-M-d H:i:s", $comment->created),
-                  "name" => p::clean($comment->author_name()))); ?>
+                  "name" => SafeString::of($comment->author_name()))); ?>
     </p>
     <div>
-      <?= nl2br(p::purify($comment->text)) ?>
+      <?= nl2br(SafeString::purify($comment->text)) ?>
     </div>
   </li>
   <? endforeach ?>
diff --git a/modules/digibug/controllers/digibug.php b/modules/digibug/controllers/digibug.php
index e0f4b6bf..509a8b70 100644
--- a/modules/digibug/controllers/digibug.php
+++ b/modules/digibug/controllers/digibug.php
@@ -50,7 +50,7 @@ class Digibug_Controller extends Controller {
       "image_width_1" => $item->width,
       "thumb_height_1" => $item->thumb_height,
       "thumb_width_1" => $item->thumb_width,
-      "title_1" => p::purify($item->title));
+      "title_1" => SafeString::purify($item->title));
 
     print $v;
   }
diff --git a/modules/exif/views/exif_dialog.html.php b/modules/exif/views/exif_dialog.html.php
index 6494b2b0..a981ca09 100644
--- a/modules/exif/views/exif_dialog.html.php
+++ b/modules/exif/views/exif_dialog.html.php
@@ -14,14 +14,14 @@
          <?= $details[$i]["caption"] ?>
          </td>
          <td class="gOdd">
-         <?= p::clean($details[$i]["value"]) ?>
+         <?= SafeString::of($details[$i]["value"]) ?>
          </td>
          <? if (!empty($details[++$i])): ?>
            <td class="gEven">
            <?= $details[$i]["caption"] ?>
            </td>
            <td class="gOdd">
-           <?= p::clean($details[$i]["value"]) ?>
+           <?= SafeString::of($details[$i]["value"]) ?>
            </td>
          <? else: ?>
            <td class="gEven"></td><td class="gOdd"></td>
diff --git a/modules/g2_import/helpers/g2_import.php b/modules/g2_import/helpers/g2_import.php
index 436cef52..a01ca1db 100644
--- a/modules/g2_import/helpers/g2_import.php
+++ b/modules/g2_import/helpers/g2_import.php
@@ -590,7 +590,7 @@ class g2_import_Core {
     self::map($g2_comment->getId(), $comment->id);
     return t("Imported comment '%comment' for item with id: %id",
              array("id" => $comment->item_id,
-                   "comment" => text::limit_words(nl2br(p::purify($comment->text)), 50)));
+                   "comment" => text::limit_words(nl2br(SafeString::purify($comment->text)), 50)));
   }
 
   /**
diff --git a/modules/gallery/controllers/admin_advanced_settings.php b/modules/gallery/controllers/admin_advanced_settings.php
index 64007fdb..d727b654 100644
--- a/modules/gallery/controllers/admin_advanced_settings.php
+++ b/modules/gallery/controllers/admin_advanced_settings.php
@@ -46,7 +46,7 @@ class Admin_Advanced_Settings_Controller extends Admin_Controller {
     module::set_var($module_name, $var_name, Input::instance()->post("value"));
     message::success(
       t("Saved value for %var (%module_name)",
-        array("var" => p::clean($var_name), "module_name" => $module_name)));
+        array("var" => SafeString::of($var_name), "module_name" => $module_name)));
 
     print json_encode(array("result" => "success"));
   }
diff --git a/modules/gallery/controllers/movies.php b/modules/gallery/controllers/movies.php
index c8227d74..09b16759 100644
--- a/modules/gallery/controllers/movies.php
+++ b/modules/gallery/controllers/movies.php
@@ -93,7 +93,7 @@ class Movies_Controller extends Items_Controller {
 
       log::success("content", "Updated photo", "<a href=\"photos/$photo->id\">view</a>");
       message::success(
-        t("Saved photo %photo_title", array("photo_title" => p::clean($photo->title))));
+        t("Saved photo %photo_title", array("photo_title" => $photo->title)));
 
       print json_encode(
         array("result" => "success",
diff --git a/modules/gallery/controllers/photos.php b/modules/gallery/controllers/photos.php
index 8ee24da8..3447b4c6 100644
--- a/modules/gallery/controllers/photos.php
+++ b/modules/gallery/controllers/photos.php
@@ -86,7 +86,7 @@ class Photos_Controller extends Items_Controller {
 
       log::success("content", "Updated photo", "<a href=\"photos/$photo->id\">view</a>");
       message::success(
-        t("Saved photo %photo_title", array("photo_title" => p::clean($photo->title))));
+        t("Saved photo %photo_title", array("photo_title" => $photo->title)));
 
       print json_encode(
         array("result" => "success",
diff --git a/modules/gallery/controllers/quick.php b/modules/gallery/controllers/quick.php
index de027c1b..98a5bf9f 100644
--- a/modules/gallery/controllers/quick.php
+++ b/modules/gallery/controllers/quick.php
@@ -89,7 +89,7 @@ class Quick_Controller extends Controller {
     access::required("view", $item->parent());
     access::required("edit", $item->parent());
 
-    $msg = t("Made <b>%title</b> this album's cover", array("title" => p::purify($item->title)));
+    $msg = t("Made <b>%title</b> this album's cover", array("title" => SafeString::purify($item->title)));
 
     item::make_album_cover($item);
     message::success($msg);
@@ -105,10 +105,10 @@ class Quick_Controller extends Controller {
     if ($item->is_album()) {
       print t(
         "Delete the album <b>%title</b>? All photos and movies in the album will also be deleted.",
-        array("title" => p::purify($item->title)));
+        array("title" => SafeString::purify($item->title)));
     } else {
       print t("Are you sure you want to delete <b>%title</b>?",
-              array("title" => p::purify($item->title)));
+              array("title" => SafeString::purify($item->title)));
     }
 
     $form = item::get_delete_form($item);
@@ -122,9 +122,9 @@ class Quick_Controller extends Controller {
     access::required("edit", $item);
 
     if ($item->is_album()) {
-      $msg = t("Deleted album <b>%title</b>", array("title" => p::purify($item->title)));
+      $msg = t("Deleted album <b>%title</b>", array("title" => SafeString::purify($item->title)));
     } else {
-      $msg = t("Deleted photo <b>%title</b>", array("title" => p::purify($item->title)));
+      $msg = t("Deleted photo <b>%title</b>", array("title" => SafeString::purify($item->title)));
     }
 
     $parent = $item->parent();
diff --git a/modules/gallery/helpers/gallery_rss.php b/modules/gallery/helpers/gallery_rss.php
index 7daf6170..be555296 100644
--- a/modules/gallery/helpers/gallery_rss.php
+++ b/modules/gallery/helpers/gallery_rss.php
@@ -52,9 +52,9 @@ class gallery_rss_Core {
         ->viewable()
         ->descendants($limit, $offset, "photo");
       $feed->max_pages = ceil($item->viewable()->descendants_count("photo") / $limit);
-      $feed->title = p::purify($item->title);
+      $feed->title = SafeString::purify($item->title);
       $feed->link = url::abs_site("albums/{$item->id}");
-      $feed->description = nl2br(p::purify($item->description));
+      $feed->description = nl2br(SafeString::purify($item->description));
 
       return $feed;
     }
diff --git a/modules/gallery/helpers/gallery_task.php b/modules/gallery/helpers/gallery_task.php
index 9edc3acd..8c0e8aa8 100644
--- a/modules/gallery/helpers/gallery_task.php
+++ b/modules/gallery/helpers/gallery_task.php
@@ -64,10 +64,10 @@ class gallery_task_Core {
           if (!$success) {
             $ignored[$item->id] = 1;
             $errors[] = t("Unable to rebuild images for '%title'",
-                          array("title" => p::purify($item->title)));
+                          array("title" => SafeString::purify($item->title)));
           } else {
             $errors[] = t("Successfully rebuilt images for '%title'",
-                          array("title" => p::purify($item->title)));
+                          array("title" => SafeString::purify($item->title)));
           }
         }
 
diff --git a/modules/gallery/helpers/p.php b/modules/gallery/helpers/p.php
deleted file mode 100644
index e852c086..00000000
--- a/modules/gallery/helpers/p.php
+++ /dev/null
@@ -1,29 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.");
-/**
- * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2009 Bharat Mediratta
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at
- * your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
- */
-class p_Core {
-  static function clean($dirty_html) {
-    return new SafeString($dirty_html);
-  }
-
-  // Deprecated: Please use p::clean($var).purified_html()
-  static function purify($dirty_html) {
-    return SafeString::of($dirty_html)->purified_html();
-  }
-}
diff --git a/modules/gallery/views/admin_advanced_settings.html.php b/modules/gallery/views/admin_advanced_settings.html.php
index b37c1c73..adc15b91 100644
--- a/modules/gallery/views/admin_advanced_settings.html.php
+++ b/modules/gallery/views/admin_advanced_settings.html.php
@@ -20,13 +20,13 @@
     <? if ($var->module_name == "gallery" && $var->name == "_cache") continue ?>
     <tr class="setting">
       <td> <?= $var->module_name ?> </td>
-      <td> <?= p::clean($var->name) ?> </td>
+      <td> <?= SafeString::of($var->name) ?> </td>
       <td>
-        <a href="<?= url::site("admin/advanced_settings/edit/$var->module_name/" . p::clean($var->name)) ?>"
+        <a href="<?= url::site("admin/advanced_settings/edit/$var->module_name/" . SafeString::of($var->name)) ?>"
           class="gDialogLink"
-          title="<?= t("Edit %var (%module_name)", array("var" => p::clean($var->name), "module_name" => $var->module_name)) ?>">
+          title="<?= t("Edit %var (%module_name)", array("var" => $var->name, "module_name" => $var->module_name)) ?>">
           <? if ($var->value): ?>
-          <?= p::clean($var->value) ?>
+          <?= SafeString::of($var->value) ?>
           <? else: ?>
           <i> <?= t("empty") ?> </i>
           <? endif ?>
diff --git a/modules/gallery/views/admin_block_log_entries.html.php b/modules/gallery/views/admin_block_log_entries.html.php
index 44c1657f..b7afb22d 100644
--- a/modules/gallery/views/admin_block_log_entries.html.php
+++ b/modules/gallery/views/admin_block_log_entries.html.php
@@ -2,7 +2,7 @@
 <ul>
   <? foreach ($entries as $entry): ?>
   <li class="<?= log::severity_class($entry->severity) ?>" style="direction: ltr">
-    <a href="<?= url::site("user/$entry->user_id") ?>"><?= p::clean($entry->user->name) ?></a>
+    <a href="<?= url::site("user/$entry->user_id") ?>"><?= SafeString::of($entry->user->name) ?></a>
     <?= gallery::date_time($entry->timestamp) ?>
     <?= $entry->message ?>
     <?= $entry->html ?>
diff --git a/modules/gallery/views/admin_block_photo_stream.html.php b/modules/gallery/views/admin_block_photo_stream.html.php
index 1e1329d1..732bdc38 100644
--- a/modules/gallery/views/admin_block_photo_stream.html.php
+++ b/modules/gallery/views/admin_block_photo_stream.html.php
@@ -2,9 +2,9 @@
 <ul>
 <? foreach ($photos as $photo): ?>
   <li class="gItem gPhoto">
-    <a href="<?= url::site("photos/$photo->id") ?>" title="<?= p::clean($photo->title) ?>">
+    <a href="<?= url::site("photos/$photo->id") ?>" title="<?= SafeString::of($photo->title) ?>">
       <img <?= photo::img_dimensions($photo->width, $photo->height, 72) ?>
-        src="<?= $photo->thumb_url() ?>" alt="<?= p::clean($photo->title) ?>" />
+        src="<?= $photo->thumb_url() ?>" alt="<?= SafeString::of($photo->title) ?>" />
     </a>
   </li>
 <? endforeach ?>
diff --git a/modules/gallery/views/admin_maintenance.html.php b/modules/gallery/views/admin_maintenance.html.php
index 450eb754..a4db38ce 100644
--- a/modules/gallery/views/admin_maintenance.html.php
+++ b/modules/gallery/views/admin_maintenance.html.php
@@ -90,7 +90,7 @@
           <?= $task->status ?>
         </td>
         <td>
-          <?= p::clean($task->owner()->name) ?>
+          <?= SafeString::of($task->owner()->name) ?>
         </td>
         <td>
           <? if ($task->state == "stalled"): ?>
diff --git a/modules/gallery/views/admin_maintenance_show_log.html.php b/modules/gallery/views/admin_maintenance_show_log.html.php
index 9d850986..209aef03 100644
--- a/modules/gallery/views/admin_maintenance_show_log.html.php
+++ b/modules/gallery/views/admin_maintenance_show_log.html.php
@@ -12,7 +12,7 @@ appendTo('body').submit().remove();
 <div id="gTaskLogDialog">
   <h1> <?= $task->name ?> </h1>
   <div class="gTaskLog">
-    <pre><?= p::purify($task->get_log()) ?></pre>
+    <pre><?= SafeString::purify($task->get_log()) ?></pre>
   </div>
   <button id="gCloseButton" class="ui-state-default ui-corner-all" onclick="dismiss()"><?= t("Close") ?></button>
   <button id="gSaveButton" class="ui-state-default ui-corner-all" onclick="download()"><?= t("Save") ?></button>
diff --git a/modules/gallery/views/after_install.html.php b/modules/gallery/views/after_install.html.php
index e4842163..2cf8ec8f 100644
--- a/modules/gallery/views/after_install.html.php
+++ b/modules/gallery/views/after_install.html.php
@@ -8,7 +8,7 @@
 </p>
 
 <p>
-  <?= t("You're logged in to the <b>%user_name</b> account.  The very first thing you should do is to change your password to something that you'll remember.", array("user_name" => p::clean($user->name))) ?>
+  <?= t("You're logged in to the <b>%user_name</b> account.  The very first thing you should do is to change your password to something that you'll remember.", array("user_name" => $user->name)) ?>
 </p>
 
 <p>
diff --git a/modules/gallery/views/move_tree.html.php b/modules/gallery/views/move_tree.html.php
index 5f70cf67..7818a42a 100644
--- a/modules/gallery/views/move_tree.html.php
+++ b/modules/gallery/views/move_tree.html.php
@@ -1,18 +1,18 @@
 <?php defined("SYSPATH") or die("No direct script access.") ?>
 <?= $parent->thumb_img(array(), 25); ?>
 <? if (!access::can("edit", $parent) || $source->is_descendant($parent)): ?>
-<a href="javascript:load_tree('<?= $parent->id ?>',1)"> <?= p::clean($parent->title) ?> <?= t("(locked)") ?> </a>
+<a href="javascript:load_tree('<?= $parent->id ?>',1)"> <?= SafeString::of($parent->title) ?> <?= t("(locked)") ?> </a>
 <? else: ?>
-<a href="javascript:load_tree('<?= $parent->id ?>',0)"> <?= p::clean($parent->title) ?></a>
+<a href="javascript:load_tree('<?= $parent->id ?>',0)"> <?= SafeString::of($parent->title) ?></a>
 <? endif ?>
 <ul id="tree_<?= $parent->id ?>">
   <? foreach ($children as $child): ?>
   <li id="node_<?= $child->id ?>" class="node">
     <?= $child->thumb_img(array(), 25); ?>
     <? if (!access::can("edit", $child) || $source->is_descendant($child)): ?>
-    <a href="javascript:load_tree('<?= $child->id ?>',1)"> <?= p::clean($child->title) ?> <?= t("(locked)") ?></a>
+    <a href="javascript:load_tree('<?= $child->id ?>',1)"> <?= SafeString::of($child->title) ?> <?= t("(locked)") ?></a>
     <? else: ?>
-    <a href="javascript:load_tree('<?= $child->id ?>',0)"> <?= p::clean($child->title) ?> </a>
+    <a href="javascript:load_tree('<?= $child->id ?>',0)"> <?= SafeString::of($child->title) ?> </a>
     <? endif ?>
   </li>
   <? endforeach ?>
diff --git a/modules/gallery/views/permissions_browse.html.php b/modules/gallery/views/permissions_browse.html.php
index 888a27f7..9ea0da25 100644
--- a/modules/gallery/views/permissions_browse.html.php
+++ b/modules/gallery/views/permissions_browse.html.php
@@ -35,14 +35,14 @@
     <? foreach ($parents as $parent): ?>
     <li>
       <a href="javascript:show(<?= $parent->id ?>)">
-        <?= p::clean($parent->title) ?>
+        <?= SafeString::of($parent->title) ?>
       </a>
       <div class="form" id="edit-<?= $parent->id ?>"></div>
       <ul>
         <? endforeach ?>
         <li>
           <a href="javascript:show(<?= $item->id ?>)">
-            <?= p::purify($item->title) ?>
+            <?= SafeString::purify($item->title) ?>
           </a>
           <div class="form" id="edit-<?= $item->id ?>">
             <?= $form ?>
diff --git a/modules/gallery/views/permissions_form.html.php b/modules/gallery/views/permissions_form.html.php
index ee5e3a24..adc0496f 100644
--- a/modules/gallery/views/permissions_form.html.php
+++ b/modules/gallery/views/permissions_form.html.php
@@ -6,7 +6,7 @@
     <tr>
       <th> </th>
       <? foreach ($groups as $group): ?>
-      <th> <?= p::clean($group->name) ?> </th>
+      <th> <?= SafeString::of($group->name) ?> </th>
       <? endforeach ?>
     </tr>
 
diff --git a/modules/gallery/views/simple_uploader.html.php b/modules/gallery/views/simple_uploader.html.php
index 38ac518c..56e568f6 100644
--- a/modules/gallery/views/simple_uploader.html.php
+++ b/modules/gallery/views/simple_uploader.html.php
@@ -6,7 +6,7 @@
 <!-- hack to set the title for the dialog -->
 <form id="gAddPhotosForm" action="<?= url::site("simple_uploader/finish?csrf=$csrf") ?>">
   <fieldset>
-    <legend> <?= t("Add photos to %album_title", array("album_title" => p::purify($item->title))) ?> </legend>
+    <legend> <?= t("Add photos to %album_title", array("album_title" => SafeString::purify($item->title))) ?> </legend>
   </fieldset>
 </form>
 
@@ -26,9 +26,9 @@
   </p>
   <ul class="gBreadcrumbs">
     <? foreach ($item->parents() as $parent): ?>
-    <li> <?= p::clean($parent->title) ?> </li>
+    <li> <?= SafeString::of($parent->title) ?> </li>
     <? endforeach ?>
-    <li class="active"> <?= p::purify($item->title) ?> </li>
+    <li class="active"> <?= SafeString::purify($item->title) ?> </li>
   </ul>
 
   <p>
diff --git a/modules/info/views/info_block.html.php b/modules/info/views/info_block.html.php
index f86ae39d..365a1021 100644
--- a/modules/info/views/info_block.html.php
+++ b/modules/info/views/info_block.html.php
@@ -2,18 +2,18 @@
 <ul class="gMetadata">
   <li>
     <strong class="caption"><?= t("Title:") ?></strong>
-    <?= p::purify($item->title) ?>
+    <?= SafeString::purify($item->title) ?>
   </li>
   <? if ($item->description): ?>
   <li>
     <strong class="caption"><?= t("Description:") ?></strong>
-     <?= nl2br(p::purify($item->description)) ?>
+     <?= nl2br(SafeString::purify($item->description)) ?>
   </li>
   <? endif ?>
   <? if ($item->id != 1): ?>
   <li>
     <strong class="caption"><?= t("Folder name:") ?></strong>
-    <?= p::clean($item->name) ?>
+    <?= SafeString::of($item->name) ?>
   </li>
   <? endif ?>
   <? if ($item->captured): ?>
@@ -26,9 +26,9 @@
   <li>
     <strong class="caption"><?= t("Owner:") ?></strong>
     <? if ($item->owner->url): ?>
-    <a href="<?= $item->owner->url ?>"><?= p::clean($item->owner->display_name()) ?></a>
+    <a href="<?= $item->owner->url ?>"><?= SafeString::of($item->owner->display_name()) ?></a>
     <? else: ?>
-    <?= p::clean($item->owner->display_name()) ?>
+    <?= SafeString::of($item->owner->display_name()) ?>
     <? endif ?>
   </li>
   <? endif ?>
diff --git a/modules/notification/views/comment_published.html.php b/modules/notification/views/comment_published.html.php
index 4a56cdad..02daf921 100644
--- a/modules/notification/views/comment_published.html.php
+++ b/modules/notification/views/comment_published.html.php
@@ -1,26 +1,26 @@
 <?php defined("SYSPATH") or die("No direct script access.") ?>
 <html>
   <head>
-    <title><?= p::clean($subject) ?> </title>
+    <title><?= SafeString::of($subject) ?> </title>
   </head>
   <body>
-    <h2><?= p::clean($subject) ?></h2>
+    <h2><?= SafeString::of($subject) ?></h2>
     <table>
       <tr>
         <td><?= t("Comment:") ?></td>
-  <td><?= nl2br(p::purify($comment->text)) ?></td>
+  <td><?= nl2br(SafeString::purify($comment->text)) ?></td>
       </tr>
       <tr>
         <td><?= t("Author Name:") ?></td>
-        <td><?= p::clean($comment->author_name()) ?></td>
+        <td><?= SafeString::of($comment->author_name()) ?></td>
       </tr>
       <tr>
         <td><?= t("Author Email:") ?></td>
-        <td><?= p::clean($comment->author_email()) ?></td>
+        <td><?= SafeString::of($comment->author_email()) ?></td>
       </tr>
       <tr>
         <td><?= t("Author URL:") ?></td>
-        <td><?= p::clean($comment->author_url()) ?></td>
+        <td><?= SafeString::of($comment->author_url()) ?></td>
       </tr>
       <tr>
         <td><?= t("Url:") ?></td>
diff --git a/modules/notification/views/item_added.html.php b/modules/notification/views/item_added.html.php
index 86724927..70b8fca4 100644
--- a/modules/notification/views/item_added.html.php
+++ b/modules/notification/views/item_added.html.php
@@ -1,14 +1,14 @@
 <?php defined("SYSPATH") or die("No direct script access.") ?>
 <html>
   <head>
-    <title><?= p::clean($subject) ?> </title>
+    <title><?= SafeString::of($subject) ?> </title>
   </head>
   <body>
-    <h2><?= p::clean($subject) ?></h2>
+    <h2><?= SafeString::of($subject) ?></h2>
     <table>
       <tr>
         <td><?= t("Title:") ?></td>
-        <td><?= p::purify($item->title) ?></td>
+        <td><?= SafeString::purify($item->title) ?></td>
       </tr>
       <tr>
         <td><?= t("Url:") ?></td>
@@ -21,7 +21,7 @@
       <? if ($item->description): ?>
       <tr>
         <td><?= t("Description:") ?></td>
-         <td><?= nl2br(p::purify($item->description)) ?></td>
+         <td><?= nl2br(SafeString::purify($item->description)) ?></td>
       </tr>
       <? endif ?>
     </table>
diff --git a/modules/notification/views/item_deleted.html.php b/modules/notification/views/item_deleted.html.php
index 92215211..e04fc71b 100644
--- a/modules/notification/views/item_deleted.html.php
+++ b/modules/notification/views/item_deleted.html.php
@@ -1,15 +1,15 @@
 <?php defined("SYSPATH") or die("No direct script access.") ?>
 <html>
   <head>
-    <title><?= p::clean($subject) ?> </title>
+    <title><?= SafeString::of($subject) ?> </title>
   </head>
   <body>
-    <h2><?= p::clean($subject) ?></h2>
+    <h2><?= SafeString::of($subject) ?></h2>
     <table>
       <tr>
         <td colspan="2">
           <?= t("To view the changed album %title use the link below.",
-              array("title" => p::purify($item->parent()->title))) ?>
+              array("title" => SafeString::purify($item->parent()->title))) ?>
         </td>
       </tr>
       <tr>
diff --git a/modules/notification/views/item_updated.html.php b/modules/notification/views/item_updated.html.php
index 39f9113b..c3a4f795 100644
--- a/modules/notification/views/item_updated.html.php
+++ b/modules/notification/views/item_updated.html.php
@@ -1,18 +1,18 @@
 <?php defined("SYSPATH") or die("No direct script access.") ?>
 <html>
   <head>
-    <title><?= p::clean($subject) ?> </title>
+    <title><?= SafeString::of($subject) ?> </title>
   </head>
   <body>
-    <h2> <?= p::clean($subject) ?> </h2>
+    <h2> <?= SafeString::of($subject) ?> </h2>
     <table>
       <tr>
         <? if ($item->original("title") != $item->title): ?>
         <td><?= t("New Title:") ?></td>
-        <td><?= p::clean($item->title) ?></td>
+        <td><?= SafeString::of($item->title) ?></td>
         <? else: ?>
         <td><?= t("Title:") ?></td>
-        <td><?= p::clean($item->title) ?></td>
+        <td><?= SafeString::of($item->title) ?></td>
         <? endif ?>
       </tr>
       <tr>
@@ -22,12 +22,12 @@
       <? if ($item->original("description") != $item->description): ?>
       <tr>
         <td><?= t("New Description:") ?></td>
-        <td><?= p::clean($item->description) ?></td>
+        <td><?= SafeString::of($item->description) ?></td>
       </tr>
       <? elseif (!empty($item->description)): ?>
       <tr>
         <td><?= t("Description:") ?></td>
-        <td><?= p::clean($item->description) ?></td>
+        <td><?= SafeString::of($item->description) ?></td>
       </tr>
       <? endif ?>
     </table>
diff --git a/modules/organize/controllers/organize.php b/modules/organize/controllers/organize.php
index 898be509..d60aa838 100644
--- a/modules/organize/controllers/organize.php
+++ b/modules/organize/controllers/organize.php
@@ -62,8 +62,8 @@ class Organize_Controller extends Controller {
     access::required("edit", $item);
 
     print json_encode(
-      array("title" => p::purify($item->title),
-            "description" => empty($item->description) ? "" : p::purify($item->description)));
+      array("title" => SafeString::purify($item->title),
+            "description" => empty($item->description) ? "" : SafeString::purify($item->description)));
   }
 
   function tree($item, $parent) {
@@ -281,10 +281,10 @@ class Organize_Controller extends Controller {
 
       if ($item->is_album()) {
         log::success("content", "Updated album", "<a href=\"albums/$item->id\">view</a>");
-        $message = t("Saved album %album_title", array("album_title" => p::purify($item->title)));
+        $message = t("Saved album %album_title", array("album_title" => SafeString::purify($item->title)));
       } else {
         log::success("content", "Updated photo", "<a href=\"photos/$item->id\">view</a>");
-        $message = t("Saved photo %photo_title", array("photo_title" => p::purify($item->title)));
+        $message = t("Saved photo %photo_title", array("photo_title" => SafeString::purify($item->title)));
       }
       print json_encode(array("form" => $form->__toString(), "message" => $message));
     } else {
@@ -321,7 +321,7 @@ class Organize_Controller extends Controller {
       $item->save();
 
       log::success("content", "Updated album", "<a href=\"albums/$item->id\">view</a>");
-      $message = t("Saved album %album_title", array("album_title" => p::purify($item->title)));
+      $message = t("Saved album %album_title", array("album_title" => SafeString::purify($item->title)));
       print json_encode(array("form" => $form->__toString(), "message" => $message));
     } else {
       print json_encode(array("form" => $form->__toString()));
diff --git a/modules/organize/views/organize.html.php b/modules/organize/views/organize.html.php
index 1686d255..1182a887 100644
--- a/modules/organize/views/organize.html.php
+++ b/modules/organize/views/organize.html.php
@@ -16,7 +16,7 @@ var CONFIRM_DELETE = "<?= t("Do you really want to delete the selected albums an
   });
 </script>
 <fieldset style="display: none">
-  <legend><?= t("Organize %name", array("name" => p::purify($item->title))) ?></legend>
+  <legend><?= t("Organize %name", array("name" => SafeString::purify($item->title))) ?></legend>
 </fieldset>
 <div id="doc3" class="yui-t7">
   <div id="bd">
diff --git a/modules/organize/views/organize_album.html.php b/modules/organize/views/organize_album.html.php
index ae2d5d51..4933ed32 100644
--- a/modules/organize/views/organize_album.html.php
+++ b/modules/organize/views/organize_album.html.php
@@ -7,7 +7,7 @@
 
     <div id="gOrganizeBranch-<?= $album->id ?>" ref="<?= $album->id ?>"
           class="<?= $selected ? "gBranchSelected" : "" ?> gBranchText">
-      <?= p::clean($album->title) ?>
+      <?= SafeString::of($album->title) ?>
     </div>
     <div id="gOrganizeChildren-<?= $album->id ?>"
           class="<?= $album_icon == "ui-icon-plus" ? "gBranchCollapsed" : "" ?>">
diff --git a/modules/rss/views/feed.mrss.php b/modules/rss/views/feed.mrss.php
index 447179a5..7298b7f4 100644
--- a/modules/rss/views/feed.mrss.php
+++ b/modules/rss/views/feed.mrss.php
@@ -6,9 +6,9 @@
    xmlns:fh="http://purl.org/syndication/history/1.0">
   <channel>
     <generator>gallery3</generator>
-    <title><?= p::clean($feed->title) ?></title>
+    <title><?= SafeString::of($feed->title) ?></title>
     <link><?= $feed->uri ?></link>
-    <description><?= p::clean($feed->description) ?></description>
+    <description><?= SafeString::of($feed->description) ?></description>
     <language>en-us</language>
     <atom:link rel="self" href="<?= $feed->uri ?>" type="application/rss+xml" />
     <fh:complete/>
@@ -22,25 +22,25 @@
     <lastBuildDate><?= $pub_date ?></lastBuildDate>
     <? foreach ($feed->children as $child): ?>
     <item>
-      <title><?= p::clean($child->title) ?></title>
+      <title><?= SafeString::of($child->title) ?></title>
       <link><?= url::abs_site("{$child->type}s/{$child->id}") ?></link>
       <guid isPermaLink="true"><?= url::abs_site("{$child->type}s/{$child->id}") ?></guid>
       <pubDate><?= date("D, d M Y H:i:s T", $child->created); ?></pubDate>
       <content:encoded>
         <![CDATA[
-          <span><?= p::clean($child->description) ?></span>
+          <span><?= SafeString::of($child->description) ?></span>
           <p>
           <? if ($child->type == "photo" || $child->type == "album"): ?>
             <img alt="" src="<?= $child->resize_url(true) ?>"
-                 title="<?= p::clean($child->title) ?>"
+                 title="<?= SafeString::of($child->title) ?>"
                  height="<?= $child->resize_height ?>" width="<?= $child->resize_width ?>" /><br />
           <? else: ?>
             <a href="<?= url::abs_site("{$child->type}s/{$child->id}") ?>">
             <img alt="" src="<?= $child->thumb_url(true) ?>"
-                 title="<?= p::clean($child->title) ?>"
+                 title="<?= SafeString::of($child->title) ?>"
                  height="<?= $child->thumb_height ?>" width="<?= $child->thumb_width ?>" /></a><br />
           <? endif ?>
-            <?= p::clean($child->description) ?>
+            <?= SafeString::of($child->description) ?>
           </p>
         ]]>
       </content:encoded>
diff --git a/modules/search/views/search.html.php b/modules/search/views/search.html.php
index 6a222ef1..e5c7b4a6 100644
--- a/modules/search/views/search.html.php
+++ b/modules/search/views/search.html.php
@@ -8,10 +8,10 @@
     <ul>
       <li>
         <label for="q"><?= t("Search the gallery") ?></label>
-        <input name="q" id="q" type="text" value="<?= p::clean($q) ?>"/>
+        <input name="q" id="q" type="text" value="<?= SafeString::of($q)->for_html_attr() ?>"/>
       </li>
       <li>
-        <input type="submit" value="<?= t("Search") ?>" />
+        <input type="submit" value="<?= t("Search")->for_html_attr() ?>" />
       </li>
     </ul>
   </fieldset>
@@ -31,10 +31,10 @@
       <a href="<?= url::site("items/$item->id") ?>">
         <?= $item->thumb_img() ?>
         <p>
-          <?= p::purify($item->title) ?>
+    <?= SafeString::purify($item->title) ?>
         </p>
         <div>
-    <?= nl2br(p::purify($item->description)) ?>
+    <?= nl2br(SafeString::purify($item->description)) ?>
         </div>
       </a>
     </li>
@@ -44,7 +44,7 @@
 
   <? else: ?>
   <p>
-    <?= t("No results found for <b>%term</b>", array("term" => p::clean($q))) ?>
+    <?= t("No results found for <b>%term</b>", array("term" => $q)) ?>
   </p>
 
   <? endif; ?>
diff --git a/modules/server_add/controllers/admin_server_add.php b/modules/server_add/controllers/admin_server_add.php
index 30109f42..fac2aa44 100644
--- a/modules/server_add/controllers/admin_server_add.php
+++ b/modules/server_add/controllers/admin_server_add.php
@@ -38,7 +38,7 @@ class Admin_Server_Add_Controller extends Admin_Controller {
         $path = $form->add_path->path->value;
         $paths[$path] = 1;
         module::set_var("server_add", "authorized_paths", serialize($paths));
-        message::success(t("Added path %path", array("path" => p::clean($path))));
+        message::success(t("Added path %path", array("path" => $path)));
         server_add::check_config($paths);
         url::redirect("admin/server_add");
       } else {
@@ -60,7 +60,7 @@ class Admin_Server_Add_Controller extends Admin_Controller {
     $paths = unserialize(module::get_var("server_add", "authorized_paths"));
     if (isset($paths[$path])) {
       unset($paths[$path]);
-      message::success(t("Removed path %path", array("path" => p::clean($path))));
+      message::success(t("Removed path %path", array("path" => $path)));
       module::set_var("server_add", "authorized_paths", serialize($paths));
       server_add::check_config($paths);
     }
diff --git a/modules/server_add/views/server_add_tree.html.php b/modules/server_add/views/server_add_tree.html.php
index 254a9da0..b68544ec 100644
--- a/modules/server_add/views/server_add_tree.html.php
+++ b/modules/server_add/views/server_add_tree.html.php
@@ -24,7 +24,7 @@
                 <? endif ?>
                 file="<?= $file ?>"
                 >
-            <?= p::clean(basename($file)) ?>
+            <?= SafeString::of(basename($file)) ?>
           </span>
         </li>
         <? endforeach ?>
diff --git a/modules/server_add/views/server_add_tree_dialog.html.php b/modules/server_add/views/server_add_tree_dialog.html.php
index 21952849..533cad04 100644
--- a/modules/server_add/views/server_add_tree_dialog.html.php
+++ b/modules/server_add/views/server_add_tree_dialog.html.php
@@ -5,17 +5,17 @@
 </script>
 
 <div id="gServerAdd">
-  <h1 style="display: none;"><?= t("Add Photos to '%title'", array("title" => p::purify($item->title))) ?></h1>
+  <h1 style="display: none;"><?= t("Add Photos to '%title'", array("title" => SafeString::purify($item->title))) ?></h1>
 
   <p id="gDescription"><?= t("Photos will be added to album:") ?></p>
   <ul class="gBreadcrumbs">
     <? foreach ($item->parents() as $parent): ?>
     <li>
-      <?= p::purify($parent->title) ?>
+      <?= SafeString::purify($parent->title) ?>
     </li>
     <? endforeach ?>
     <li class="active">
-      <?= p::purify($item->title) ?>
+      <?= SafeString::purify($item->title) ?>
     </li>
   </ul>
 
diff --git a/modules/tag/controllers/admin_tags.php b/modules/tag/controllers/admin_tags.php
index dcdc16b9..f1b4ca3a 100644
--- a/modules/tag/controllers/admin_tags.php
+++ b/modules/tag/controllers/admin_tags.php
@@ -53,8 +53,8 @@ class Admin_Tags_Controller extends Admin_Controller {
       $name = $tag->name;
       Database::instance()->delete("items_tags", array("tag_id" => "$tag->id"));
       $tag->delete();
-      message::success(t("Deleted tag %tag_name", array("tag_name" => p::clean($name))));
-      log::success("tags", t("Deleted tag %tag_name", array("tag_name" => p::clean($name))));
+      message::success(t("Deleted tag %tag_name", array("tag_name" => $name)));
+      log::success("tags", t("Deleted tag %tag_name", array("tag_name" => $name)));
 
       print json_encode(
         array("result" => "success",
@@ -98,7 +98,7 @@ class Admin_Tags_Controller extends Admin_Controller {
       $tag->save();
 
       $message = t("Renamed tag %old_name to %new_name",
-                   array("old_name" => p::clean($old_name), "new_name" => p::clean($tag->name)));
+                   array("old_name" => $old_name, "new_name" => $tag->name));
       message::success($message);
       log::success("tags", $message);
 
@@ -106,7 +106,7 @@ class Admin_Tags_Controller extends Admin_Controller {
         array("result" => "success",
               "location" => url::site("admin/tags"),
               "tag_id" => $tag->id,
-              "new_tagname" => p::clean($tag->name)));
+              "new_tagname" => SafeString::of($tag->name)));
     } else {
       print json_encode(
         array("result" => "error",
diff --git a/modules/tag/helpers/tag_rss.php b/modules/tag/helpers/tag_rss.php
index f94508cf..7194586d 100644
--- a/modules/tag/helpers/tag_rss.php
+++ b/modules/tag/helpers/tag_rss.php
@@ -22,7 +22,7 @@ class tag_rss_Core {
   static function available_feeds($item, $tag) {
     if ($tag) {
       $feeds["tag/tag/{$tag->id}"] =
-        t("Tag feed for %tag_name", array("tag_name" => p::clean($tag->name)));
+        t("Tag feed for %tag_name", array("tag_name" => $tag->name));
       return $feeds;
     }
     return array();
diff --git a/modules/tag/views/admin_tags.html.php b/modules/tag/views/admin_tags.html.php
index 7d201da7..5bd23112 100644
--- a/modules/tag/views/admin_tags.html.php
+++ b/modules/tag/views/admin_tags.html.php
@@ -47,7 +47,7 @@
           <? endif ?>
 
           <li>
-            <span id="gTag-<?= $tag->id ?>" class="gEditable tag-name"><?= p::clean($tag->name) ?></span>
+            <span id="gTag-<?= $tag->id ?>" class="gEditable tag-name"><?= SafeString::of($tag->name) ?></span>
             <span class="understate">(<?= $tag->count ?>)</span>
             <a href="<?= url::site("admin/tags/form_delete/$tag->id") ?>"
                class="gDialogLink delete-link gButtonLink">
diff --git a/modules/tag/views/tag_cloud.html.php b/modules/tag/views/tag_cloud.html.php
index eba615fc..b4c6ae34 100644
--- a/modules/tag/views/tag_cloud.html.php
+++ b/modules/tag/views/tag_cloud.html.php
@@ -3,7 +3,7 @@
   <? foreach ($tags as $tag): ?>
   <li class="size<?=(int)(($tag->count / $max_count) * 7) ?>">
     <span><?= $tag->count ?> photos are tagged with </span>
-    <a href="<?= url::site("tags/$tag->id") ?>"><?= p::clean($tag->name) ?></a>
+    <a href="<?= url::site("tags/$tag->id") ?>"><?= SafeString::of($tag->name) ?></a>
   </li>
   <? endforeach ?>
 </ul>
diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php
index f87602b8..521f82fa 100644
--- a/modules/user/controllers/admin_users.php
+++ b/modules/user/controllers/admin_users.php
@@ -51,7 +51,7 @@ class Admin_Users_Controller extends Controller {
       $user->save();
       module::event("user_add_form_admin_completed", $user, $form);
 
-      message::success(t("Created user %user_name", array("user_name" => p::clean($user->name))));
+      message::success(t("Created user %user_name", array("user_name" => $user->name)));
       print json_encode(array("result" => "success"));
     } else {
       print json_encode(array("result" => "error",
@@ -84,7 +84,7 @@ class Admin_Users_Controller extends Controller {
                               "form" => $form->__toString()));
     }
 
-    $message = t("Deleted user %user_name", array("user_name" => p::clean($name)));
+    $message = t("Deleted user %user_name", array("user_name" => $name));
     log::success("user", $message);
     message::success($message);
     print json_encode(array("result" => "success"));
@@ -142,7 +142,7 @@ class Admin_Users_Controller extends Controller {
       $user->save();
       module::event("user_edit_form_admin_completed", $user, $form);
 
-      message::success(t("Changed user %user_name", array("user_name" => p::clean($user->name))));
+      message::success(t("Changed user %user_name", array("user_name" => $user->name)));
       print json_encode(array("result" => "success"));
     } else {
       print json_encode(array("result" => "error",
@@ -204,7 +204,7 @@ class Admin_Users_Controller extends Controller {
       $group = group::create($new_name);
       $group->save();
       message::success(
-        t("Created group %group_name", array("group_name" => p::clean($group->name))));
+        t("Created group %group_name", array("group_name" => $group->name)));
       print json_encode(array("result" => "success"));
     } else {
       print json_encode(array("result" => "error",
@@ -233,7 +233,7 @@ class Admin_Users_Controller extends Controller {
                               "form" => $form->__toString()));
     }
 
-    $message = t("Deleted group %group_name", array("group_name" => p::clean($name)));
+    $message = t("Deleted group %group_name", array("group_name" => $name));
     log::success("group", $message);
     message::success($message);
     print json_encode(array("result" => "success"));
@@ -271,11 +271,11 @@ class Admin_Users_Controller extends Controller {
       $group->name = $form->edit_group->inputs["name"]->value;
       $group->save();
       message::success(
-        t("Changed group %group_name", array("group_name" => p::clean($group->name))));
+        t("Changed group %group_name", array("group_name" => $group->name)));
       print json_encode(array("result" => "success"));
     } else {
       message::error(
-        t("Failed to change group %group_name", array("group_name" => p::clean($group->name))));
+        t("Failed to change group %group_name", array("group_name" => $group->name)));
       print json_encode(array("result" => "error",
                               "form" => $form->__toString()));
     }
diff --git a/modules/user/controllers/login.php b/modules/user/controllers/login.php
index 4d901051..b81b17b2 100644
--- a/modules/user/controllers/login.php
+++ b/modules/user/controllers/login.php
@@ -63,7 +63,7 @@ class Login_Controller extends Controller {
         log::warning(
           "user",
           t("Failed login for %name",
-            array("name" => p::clean($form->login->inputs["name"]->value))));
+            array("name" => $form->login->inputs["name"]->value)));
         $form->login->inputs["name"]->add_error("invalid_login", 1);
         $valid = false;
       }
@@ -71,7 +71,7 @@ class Login_Controller extends Controller {
 
     if ($valid) {
       user::login($user);
-      log::info("user", t("User %name logged in", array("name" => p::clean($user->name))));
+      log::info("user", t("User %name logged in", array("name" => $user->name)));
     }
 
     // Either way, regenerate the session id to avoid session trapping
diff --git a/modules/user/controllers/logout.php b/modules/user/controllers/logout.php
index 099b1952..4b141a1c 100644
--- a/modules/user/controllers/logout.php
+++ b/modules/user/controllers/logout.php
@@ -23,8 +23,8 @@ class Logout_Controller extends Controller {
 
     $user = user::active();
     user::logout();
-    log::info("user", t("User %name logged out", array("name" => p::clean($user->name))),
-              html::anchor("user/$user->id", p::clean($user->name)));
+    log::info("user", t("User %name logged out", array("name" => $user->name)),
+              html::anchor("user/$user->id", SafeString::of($user->name)));
     if ($continue_url = $this->input->get("continue")) {
       $item = url::get_item_from_uri($continue_url);
       if (access::can("view", $item)) {
diff --git a/modules/user/controllers/password.php b/modules/user/controllers/password.php
index 2af1b879..066efbba 100644
--- a/modules/user/controllers/password.php
+++ b/modules/user/controllers/password.php
@@ -74,7 +74,7 @@ class Password_Controller extends Controller {
 
       log::success(
         "user",
-        t("Password reset email sent for user %name", array("name" => p::clean($user->name))));
+        t("Password reset email sent for user %name", array("name" => $user->name)));
     } else {
       // Don't include the username here until you're sure that it's XSS safe
       log::warning(
diff --git a/modules/user/views/admin_users.html.php b/modules/user/views/admin_users.html.php
index 542b8b8b..54c4847d 100644
--- a/modules/user/views/admin_users.html.php
+++ b/modules/user/views/admin_users.html.php
@@ -68,16 +68,16 @@
         <td id="user-<?= $user->id ?>" class="core-info gDraggable">
           <img src="<?= $user->avatar_url(20, $theme->url("images/avatar.jpg", true)) ?>"
                title="<?= t("Drag user onto group below to add as a new member") ?>"
-               alt="<?= p::clean($user->name) ?>"
+               alt="<?= SafeString::of($user->name) ?>"
                width="20"
                height="20" />
-          <?= p::clean($user->name) ?>
+          <?= SafeString::of($user->name) ?>
         </td>
         <td>
-          <?= p::clean($user->full_name) ?>
+          <?= SafeString::of($user->full_name) ?>
         </td>
         <td>
-          <?= p::clean($user->email) ?>
+          <?= SafeString::of($user->email) ?>
         </td>
         <td>
           <?= ($user->last_login == 0) ? "" : gallery::date($user->last_login) ?>
diff --git a/modules/user/views/admin_users_group.html.php b/modules/user/views/admin_users_group.html.php
index bfd79dba..f89a4392 100644
--- a/modules/user/views/admin_users_group.html.php
+++ b/modules/user/views/admin_users_group.html.php
@@ -1,9 +1,9 @@
 <?php defined("SYSPATH") or die("No direct script access.") ?>
 <h4>
-  <?= p::clean($group->name) ?>
+  <?= SafeString::of($group->name) ?>
   <? if (!$group->special): ?>
   <a href="<?= url::site("admin/users/delete_group_form/$group->id") ?>"
-    title="<?= t("Delete the %name group", array("name" => p::clean($group->name))) ?>"
+    title="<?= t("Delete the %name group", array("name" => $group->name)) ?>"
     class="gDialogLink gButtonLink ui-state-default ui-corner-all">
     <span class="ui-icon ui-icon-trash"><?= t("delete") ?></span></a>
   <? else: ?>
@@ -17,12 +17,12 @@
 <ul>
   <? foreach ($group->users as $i => $user): ?>
   <li class="gUser">
-    <?= p::clean($user->name) ?>
+    <?= SafeString::of($user->name) ?>
     <? if (!$group->special): ?>
     <a href="javascript:remove_user(<?= $user->id ?>, <?= $group->id ?>)"
        class="gButtonLink ui-state-default ui-corner-all ui-icon-left"
        title="<?= t("Remove %user from %group group",
-              array("user" => p::clean($user->name), "group" => p::clean($group->name))) ?>">
+              array("user" => $user->name, "group" => $group->name)) ?>">
       <span class="ui-icon ui-icon-closethick"><?= t("remove") ?></span>
     </a>
     <? endif ?>
diff --git a/modules/user/views/login.html.php b/modules/user/views/login.html.php
index 97341762..e92513e7 100644
--- a/modules/user/views/login.html.php
+++ b/modules/user/views/login.html.php
@@ -8,11 +8,11 @@
   </li>
   <? else: ?>
   <li class="first">
-    <?= t('Logged in as %name', array('name' => SafeString::of(
+    <?= t('Logged in as %name', array('name' => SafeString::of_safe_html(
       '<a href="' . url::site("form/edit/users/{$user->id}") .
-      '" title="' . t("Edit Your Profile") .
+      '" title="' . t("Edit Your Profile")->for_html_attr() .
       '" id="gUserProfileLink" class="gDialogLink">' .
-      p::clean($user->display_name()) . '</a>')->mark_html_safe())) ?>
+      SafeString::of($user->display_name()) . '</a>'))) ?>
   </li>
   <li>
     <a href="<?= url::site("logout?csrf=$csrf&amp;continue=" . urlencode(url::current(true))) ?>"
diff --git a/modules/user/views/reset_password.html.php b/modules/user/views/reset_password.html.php
index 4c4672ee..3dc7aebf 100644
--- a/modules/user/views/reset_password.html.php
+++ b/modules/user/views/reset_password.html.php
@@ -6,7 +6,7 @@
   <body>
     <h2><?= t("Password Reset Request") ?> </h2>
     <p>
-      <?= t("Hello, %name,", array("name" => p::clean($user->full_name ? $user->full_name : $user->name))) ?>
+      <?= t("Hello, %name,", array("name" => $user->full_name ? $user->full_name : $user->name)) ?>
     </p>
     <p>
       <?= t("We received a request to reset your password for <a href=\"%site_url\">%site_url</a>.  If you made this request, you can confirm it by <a href=\"%confirm_url\">clicking this link</a>.  If you didn't request this password reset, it's ok to ignore this mail.", array("site_url" => url::base(false, "http"), "confirm_url" => $confirm_url)) ?>
diff --git a/system/helpers/request.php b/system/helpers/request.php
index 4203d0e5..15b8edfa 100644
--- a/system/helpers/request.php
+++ b/system/helpers/request.php
@@ -30,7 +30,7 @@ class request_Core {
 			// Set referrer
 			$ref = $_SERVER['HTTP_REFERER'];
 
-			if (strpos($ref, url::base(FALSE)) === 0)
+			if (strpos($ref, (string) url::base(FALSE)) === 0)
 			{
 				// Remove the base URL from the referrer
 				$ref = substr($ref, strlen(url::base(FALSE)));
diff --git a/themes/default/views/album.html.php b/themes/default/views/album.html.php
index c2f95731..ffb4b913 100644
--- a/themes/default/views/album.html.php
+++ b/themes/default/views/album.html.php
@@ -2,8 +2,8 @@
 <? // @todo Set hover on AlbumGrid list items for guest users ?>
 <div id="gInfo">
   <?= $theme->album_top() ?>
-  <h1><?= SafeString::of($item->title)->purified_html() ?></h1>
-  <div class="gDescription"><?= nl2br(SafeString::of($item->description)->purified_html()) ?></div>
+  <h1><?= SafeString::purify($item->title) ?></h1>
+  <div class="gDescription"><?= nl2br(SafeString::purify($item->description)) ?></div>
 </div>
 
 <ul id="gAlbumGrid">
diff --git a/themes/default/views/dynamic.html.php b/themes/default/views/dynamic.html.php
index 2d122e69..2d8e04a2 100644
--- a/themes/default/views/dynamic.html.php
+++ b/themes/default/views/dynamic.html.php
@@ -3,7 +3,7 @@
   <div id="gAlbumHeaderButtons">
     <?= $theme->dynamic_top() ?>
   </div>
-  <h1><?= p::clean($title) ?></h1>
+  <h1><?= SafeString::of($title) ?></h1>
 </div>
 
 <ul id="gAlbumGrid">
@@ -16,7 +16,7 @@
            width="<?= $child->thumb_width ?>"
            height="<?= $child->thumb_height ?>" />
     </a>
-    <h2><?= p::purify($child->title) ?></h2>
+    <h2><?= SafeString::purify($child->title) ?></h2>
     <?= $theme->thumb_bottom($child) ?>
     <ul class="gMetadata">
       <?= $theme->thumb_info($child) ?>
diff --git a/themes/default/views/header.html.php b/themes/default/views/header.html.php
index 2ba1e923..9e34401d 100644
--- a/themes/default/views/header.html.php
+++ b/themes/default/views/header.html.php
@@ -19,10 +19,10 @@
   <? foreach ($parents as $parent): ?>
   <li>
     <a href="<?= url::site("albums/{$parent->id}?show=$item->id") ?>">
-      <?= p::purify($parent->title) ?>
+      <?= SafeString::purify($parent->title) ?>
     </a>
   </li>
   <? endforeach ?>
-  <li class="active"><?= p::purify($item->title) ?></li>
+  <li class="active"><?= SafeString::purify($item->title) ?></li>
 </ul>
 <? endif ?>
diff --git a/themes/default/views/movie.html.php b/themes/default/views/movie.html.php
index 66c80ded..1f25a626 100644
--- a/themes/default/views/movie.html.php
+++ b/themes/default/views/movie.html.php
@@ -15,8 +15,8 @@
   <?= $item->movie_img(array("class" => "gMovie", "id" => "gMovieId-{$item->id}")) ?>
 
   <div id="gInfo">
-    <h1><?= p::purify($item->title) ?></h1>
-       <div><?= nl2br(p::purify($item->description)) ?></div>
+    <h1><?= SafeString::purify($item->title) ?></h1>
+       <div><?= nl2br(SafeString::purify($item->description)) ?></div>
   </div>
 
   <script type="text/javascript">
diff --git a/themes/default/views/page.html.php b/themes/default/views/page.html.php
index 66282bae..ea2be37b 100644
--- a/themes/default/views/page.html.php
+++ b/themes/default/views/page.html.php
@@ -10,14 +10,14 @@
       <? else: ?>
         <? if ($theme->item()): ?>
           <? if ($theme->item()->is_album()): ?>
-          <?= t("Browse Album :: %album_title", array("album_title" => p::clean($theme->item()->title))) ?>
+          <?= t("Browse Album :: %album_title", array("album_title" => $theme->item()->title)) ?>
           <? elseif ($theme->item()->is_photo()): ?>
-          <?= t("Photo :: %photo_title", array("photo_title" => p::clean($theme->item()->title))) ?>
+	  <?= t("Photo :: %photo_title", array("photo_title" => $theme->item()->title)) ?>
           <? else: ?>
-          <?= t("Movie :: %movie_title", array("movie_title" => p::clean($theme->item()->title))) ?>
+          <?= t("Movie :: %movie_title", array("movie_title" => $theme->item()->title)) ?>
           <? endif ?>
         <? elseif ($theme->tag()): ?>
-          <?= t("Browse Tag :: %tag_title", array("tag_title" => p::clean($theme->tag()->name))) ?>
+          <?= t("Browse Tag :: %tag_title", array("tag_title" => $theme->tag()->name)) ?>
         <? else: /* Not an item, not a tag, no page_title specified.  Help! */ ?>
           <?= t("Gallery") ?>
         <? endif ?>
diff --git a/themes/default/views/photo.html.php b/themes/default/views/photo.html.php
index bf4d9da3..1f92e9ba 100644
--- a/themes/default/views/photo.html.php
+++ b/themes/default/views/photo.html.php
@@ -50,8 +50,8 @@
   </div>
 
   <div id="gInfo">
-    <h1><?= p::purify($item->title) ?></h1>
-    <div><?= nl2br(p::purify($item->description)) ?></div>
+    <h1><?= SafeString::purify($item->title) ?></h1>
+    <div><?= nl2br(SafeString::purify($item->description)) ?></div>
   </div>
 
   <script type="text/javascript">
-- 
cgit v1.2.3


From b9bd1681a3b1496c0f1bbe5e6254ab4fd0c9fe30 Mon Sep 17 00:00:00 2001
From: Andy Staudacher <andy.st@gmail.com>
Date: Sat, 29 Aug 2009 22:54:20 -0700
Subject: Update all code to use helper method html::clean(), html::purify(),
 ... instead of SafeString directly.

---
 modules/comment/controllers/comments.php                   |  8 ++++----
 modules/comment/helpers/comment_rss.php                    |  8 ++++----
 modules/comment/views/admin_block_recent_comments.html.php |  6 +++---
 modules/comment/views/admin_comments.html.php              | 10 +++++-----
 modules/comment/views/comment.html.php                     |  6 +++---
 modules/comment/views/comment.mrss.php                     | 12 ++++++------
 modules/comment/views/comments.html.php                    |  6 +++---
 modules/digibug/controllers/digibug.php                    |  2 +-
 modules/exif/views/exif_dialog.html.php                    |  4 ++--
 modules/g2_import/helpers/g2_import.php                    |  2 +-
 modules/gallery/controllers/admin_advanced_settings.php    |  2 +-
 modules/gallery/controllers/quick.php                      | 10 +++++-----
 modules/gallery/helpers/MY_html.php                        |  4 ++--
 modules/gallery/helpers/gallery_rss.php                    |  4 ++--
 modules/gallery/helpers/gallery_task.php                   |  4 ++--
 modules/gallery/tests/Html_Helper_Test.php                 |  4 ++--
 modules/gallery/tests/Xss_Security_Test.php                |  4 ++--
 modules/gallery/views/admin_advanced_settings.html.php     |  6 +++---
 modules/gallery/views/admin_block_log_entries.html.php     |  2 +-
 modules/gallery/views/admin_block_photo_stream.html.php    |  4 ++--
 modules/gallery/views/admin_languages.html.php             |  4 ++--
 modules/gallery/views/admin_maintenance.html.php           |  4 ++--
 modules/gallery/views/admin_maintenance_show_log.html.php  |  2 +-
 modules/gallery/views/move_tree.html.php                   |  8 ++++----
 modules/gallery/views/permissions_browse.html.php          |  4 ++--
 modules/gallery/views/permissions_form.html.php            |  2 +-
 modules/gallery/views/simple_uploader.html.php             | 14 +++++++-------
 modules/info/views/info_block.html.php                     | 10 +++++-----
 modules/notification/views/comment_published.html.php      | 12 ++++++------
 modules/notification/views/item_added.html.php             |  8 ++++----
 modules/notification/views/item_deleted.html.php           |  6 +++---
 modules/notification/views/item_updated.html.php           | 12 ++++++------
 modules/organize/views/organize_dialog.html.php            |  2 +-
 modules/organize/views/organize_tree.html.php              |  6 +++---
 modules/rss/views/feed.mrss.php                            | 14 +++++++-------
 modules/rss/views/rss_block.html.php                       |  2 +-
 modules/search/views/search.html.php                       |  6 +++---
 modules/server_add/views/admin_server_add.html.php         |  2 +-
 modules/server_add/views/server_add_tree.html.php          |  4 ++--
 modules/server_add/views/server_add_tree_dialog.html.php   |  6 +++---
 modules/tag/controllers/admin_tags.php                     |  2 +-
 modules/tag/views/admin_tags.html.php                      |  6 +++---
 modules/tag/views/tag_cloud.html.php                       |  2 +-
 modules/user/controllers/logout.php                        |  2 +-
 modules/user/views/admin_users.html.php                    |  8 ++++----
 modules/user/views/admin_users_group.html.php              |  4 ++--
 modules/user/views/login.html.php                          |  2 +-
 themes/default/views/album.html.php                        |  6 +++---
 themes/default/views/dynamic.html.php                      |  4 ++--
 themes/default/views/header.html.php                       |  4 ++--
 themes/default/views/movie.html.php                        |  4 ++--
 themes/default/views/photo.html.php                        |  6 +++---
 52 files changed, 143 insertions(+), 143 deletions(-)

(limited to 'modules/gallery/controllers/quick.php')

diff --git a/modules/comment/controllers/comments.php b/modules/comment/controllers/comments.php
index 87633f4c..82b12893 100644
--- a/modules/comment/controllers/comments.php
+++ b/modules/comment/controllers/comments.php
@@ -39,9 +39,9 @@ class Comments_Controller extends REST_Controller {
       foreach ($comments as $comment) {
         $data[] = array(
           "id" => $comment->id,
-          "author_name" => SafeString::of($comment->author_name()),
+          "author_name" => html::clean($comment->author_name()),
           "created" => $comment->created,
-          "text" => nl2br(SafeString::purify($comment->text)));
+          "text" => nl2br(html::purify($comment->text)));
       }
       print json_encode($data);
       break;
@@ -126,9 +126,9 @@ class Comments_Controller extends REST_Controller {
         array("result" => "success",
               "data" => array(
                 "id" => $comment->id,
-                "author_name" => SafeString::of($comment->author_name()),
+                "author_name" => html::clean($comment->author_name()),
                 "created" => $comment->created,
-                "text" => nl2br(SafeString::purify($comment->text)))));
+                "text" => nl2br(html::purify($comment->text)))));
     } else {
       $view = new Theme_View("comment.html", "fragment");
       $view->comment = $comment;
diff --git a/modules/comment/helpers/comment_rss.php b/modules/comment/helpers/comment_rss.php
index 4151dcd0..b539887b 100644
--- a/modules/comment/helpers/comment_rss.php
+++ b/modules/comment/helpers/comment_rss.php
@@ -23,7 +23,7 @@ class comment_rss_Core {
     $feeds["comment/newest"] = t("All new comments");
     if ($item) {
       $feeds["comment/item/$item->id"] =
-        t("Comments on %title", array("title" => SafeString::purify($item->title)));
+        t("Comments on %title", array("title" => html::purify($item->title)));
     }
     return $feeds;
   }
@@ -49,13 +49,13 @@ class comment_rss_Core {
       $item = $comment->item();
       $feed->children[] = new ArrayObject(
         array("pub_date" => date("D, d M Y H:i:s T", $comment->created),
-              "text" => nl2br(SafeString::purify($comment->text)),
+              "text" => nl2br(html::purify($comment->text)),
               "thumb_url" => $item->thumb_url(),
               "thumb_height" => $item->thumb_height,
               "thumb_width" => $item->thumb_width,
               "item_uri" => url::abs_site("{$item->type}s/$item->id"),
-              "title" => SafeString::purify($item->title),
-              "author" => SafeString::of($comment->author_name())),
+              "title" => html::purify($item->title),
+              "author" => html::clean($comment->author_name())),
         ArrayObject::ARRAY_AS_PROPS);
     }
 
diff --git a/modules/comment/views/admin_block_recent_comments.html.php b/modules/comment/views/admin_block_recent_comments.html.php
index 2c7a5cf1..dc3975e0 100644
--- a/modules/comment/views/admin_block_recent_comments.html.php
+++ b/modules/comment/views/admin_block_recent_comments.html.php
@@ -4,13 +4,13 @@
   <li class="<?= ($i % 2 == 0) ? "gEvenRow" : "gOddRow" ?>">
     <img src="<?= $comment->author()->avatar_url(32, $theme->url("images/avatar.jpg", true)) ?>"
          class="gAvatar"
-         alt="<?= SafeString::of($comment->author_name()) ?>"
+         alt="<?= html::clean($comment->author_name()) ?>"
          width="32"
          height="32" />
     <?= gallery::date_time($comment->created) ?>
     <?= t('<a href="#">%author_name</a> said <em>%comment_text</em>',
-          array("author_name" => SafeString::of($comment->author_name()),
-                "comment_text" => text::limit_words(nl2br(SafeString::purify($comment->text)), 50))); ?>
+          array("author_name" => html::clean($comment->author_name()),
+                "comment_text" => text::limit_words(nl2br(html::purify($comment->text)), 50))); ?>
   </li>
   <? endforeach ?>
 </ul>
diff --git a/modules/comment/views/admin_comments.html.php b/modules/comment/views/admin_comments.html.php
index 8b0b4c29..801ce2b3 100644
--- a/modules/comment/views/admin_comments.html.php
+++ b/modules/comment/views/admin_comments.html.php
@@ -108,12 +108,12 @@
         <a href="#">
           <img src="<?= $comment->author()->avatar_url(40, $theme->url("images/avatar.jpg", true)) ?>"
                class="gAvatar"
-               alt="<?= SafeString::of($comment->author_name()) ?>"
+               alt="<?= html::clean($comment->author_name()) ?>"
                width="40"
                height="40" />
         </a>
-        <p><a href="mailto:<?= SafeString::of($comment->author_email()) ?>"
-              title="<?= SafeString::of($comment->author_email()) ?>"> <?= SafeString::of($comment->author_name()) ?> </a></p>
+        <p><a href="mailto:<?= html::clean($comment->author_email()) ?>"
+              title="<?= html::clean($comment->author_email()) ?>"> <?= html::clean($comment->author_name()) ?> </a></p>
       </td>
       <td>
         <div class="right">
@@ -122,7 +122,7 @@
             <a href="<?= $item->url() ?>">
               <? if ($item->has_thumb()): ?>
               <img src="<?= $item->thumb_url() ?>"
-                 alt="<?= SafeString::purify($item->title) ?>"
+                 alt="<?= html::purify($item->title) ?>"
                  <?= photo::img_dimensions($item->thumb_width, $item->thumb_height, 75) ?>
               />
               <? else: ?>
@@ -132,7 +132,7 @@
           </div>
         </div>
         <p><?= gallery::date($comment->created) ?></p>
-           <?= nl2br(SafeString::purify($comment->text)) ?>
+           <?= nl2br(html::purify($comment->text)) ?>
       </td>
       <td>
         <ul class="gButtonSetVertical">
diff --git a/modules/comment/views/comment.html.php b/modules/comment/views/comment.html.php
index 31bb7f4d..1d0786cb 100644
--- a/modules/comment/views/comment.html.php
+++ b/modules/comment/views/comment.html.php
@@ -4,15 +4,15 @@
     <a href="#">
       <img src="<?= $comment->author()->avatar_url(40, $theme->url("images/avatar.jpg", true)) ?>"
            class="gAvatar"
-           alt="<?= SafeString::of($comment->author_name()) ?>"
+           alt="<?= html::clean($comment->author_name()) ?>"
            width="40"
            height="40" />
     </a>
     <?= t("on %date_time, %author_name said",
           array("date_time" => gallery::date_time($comment->created),
-                "author_name" => SafeString::of($comment->author_name()))) ?>
+                "author_name" => html::clean($comment->author_name()))) ?>
   </p>
   <div>
-  <?= nl2br(SafeString::purify($comment->text)) ?>
+  <?= nl2br(html::purify($comment->text)) ?>
   </div>
 </li>
diff --git a/modules/comment/views/comment.mrss.php b/modules/comment/views/comment.mrss.php
index ae7762d9..c2a4b538 100644
--- a/modules/comment/views/comment.mrss.php
+++ b/modules/comment/views/comment.mrss.php
@@ -6,9 +6,9 @@
    xmlns:fh="http://purl.org/syndication/history/1.0">
   <channel>
     <generator>Gallery 3</generator>
-    <title><?= SafeString::of($feed->title) ?></title>
+    <title><?= html::clean($feed->title) ?></title>
     <link><?= $feed->uri ?></link>
-    <description><?= SafeString::of($feed->description) ?></description>
+    <description><?= html::clean($feed->description) ?></description>
     <language>en-us</language>
     <atom:link rel="self" href="<?= $feed->uri ?>" type="application/rss+xml" />
     <fh:complete/>
@@ -22,14 +22,14 @@
     <lastBuildDate><?= $pub_date ?></lastBuildDate>
     <? foreach ($feed->children as $child): ?>
     <item>
-      <title><?= SafeString::purify($child->title) ?></title>
-      <link><?= SafeString::of($child->item_uri) ?></link>
-      <author><?= SafeString::of($child->author) ?></author>
+      <title><?= html::purify($child->title) ?></title>
+      <link><?= html::clean($child->item_uri) ?></link>
+      <author><?= html::clean($child->author) ?></author>
       <guid isPermaLink="true"><?= $child->item_uri ?></guid>
       <pubDate><?= $child->pub_date ?></pubDate>
       <content:encoded>
         <![CDATA[
-          <p><?= nl2br(SafeString::purify($child->text)) ?></p>
+          <p><?= nl2br(html::purify($child->text)) ?></p>
           <p>
             <img alt="" src="<?= $child->thumb_url ?>"
                  height="<?= $child->thumb_height ?>" width="<?= $child->thumb_width ?>" />
diff --git a/modules/comment/views/comments.html.php b/modules/comment/views/comments.html.php
index 9eac0502..1e45c946 100644
--- a/modules/comment/views/comments.html.php
+++ b/modules/comment/views/comments.html.php
@@ -18,16 +18,16 @@
       <a href="#">
         <img src="<?= $comment->author()->avatar_url(40, $theme->url("images/avatar.jpg", true)) ?>"
              class="gAvatar"
-             alt="<?= SafeString::of($comment->author_name()) ?>"
+             alt="<?= html::clean($comment->author_name()) ?>"
              width="40"
              height="40" />
       </a>
       <?= t('on %date <a href="#">%name</a> said',
             array("date" => date("Y-M-d H:i:s", $comment->created),
-                  "name" => SafeString::of($comment->author_name()))); ?>
+                  "name" => html::clean($comment->author_name()))); ?>
     </p>
     <div>
-      <?= nl2br(SafeString::purify($comment->text)) ?>
+      <?= nl2br(html::purify($comment->text)) ?>
     </div>
   </li>
   <? endforeach ?>
diff --git a/modules/digibug/controllers/digibug.php b/modules/digibug/controllers/digibug.php
index 509a8b70..0939704b 100644
--- a/modules/digibug/controllers/digibug.php
+++ b/modules/digibug/controllers/digibug.php
@@ -50,7 +50,7 @@ class Digibug_Controller extends Controller {
       "image_width_1" => $item->width,
       "thumb_height_1" => $item->thumb_height,
       "thumb_width_1" => $item->thumb_width,
-      "title_1" => SafeString::purify($item->title));
+      "title_1" => html::purify($item->title));
 
     print $v;
   }
diff --git a/modules/exif/views/exif_dialog.html.php b/modules/exif/views/exif_dialog.html.php
index a981ca09..11d1e212 100644
--- a/modules/exif/views/exif_dialog.html.php
+++ b/modules/exif/views/exif_dialog.html.php
@@ -14,14 +14,14 @@
          <?= $details[$i]["caption"] ?>
          </td>
          <td class="gOdd">
-         <?= SafeString::of($details[$i]["value"]) ?>
+         <?= html::clean($details[$i]["value"]) ?>
          </td>
          <? if (!empty($details[++$i])): ?>
            <td class="gEven">
            <?= $details[$i]["caption"] ?>
            </td>
            <td class="gOdd">
-           <?= SafeString::of($details[$i]["value"]) ?>
+           <?= html::clean($details[$i]["value"]) ?>
            </td>
          <? else: ?>
            <td class="gEven"></td><td class="gOdd"></td>
diff --git a/modules/g2_import/helpers/g2_import.php b/modules/g2_import/helpers/g2_import.php
index a01ca1db..7e5c6f75 100644
--- a/modules/g2_import/helpers/g2_import.php
+++ b/modules/g2_import/helpers/g2_import.php
@@ -590,7 +590,7 @@ class g2_import_Core {
     self::map($g2_comment->getId(), $comment->id);
     return t("Imported comment '%comment' for item with id: %id",
              array("id" => $comment->item_id,
-                   "comment" => text::limit_words(nl2br(SafeString::purify($comment->text)), 50)));
+                   "comment" => text::limit_words(nl2br(html::purify($comment->text)), 50)));
   }
 
   /**
diff --git a/modules/gallery/controllers/admin_advanced_settings.php b/modules/gallery/controllers/admin_advanced_settings.php
index d727b654..43c77340 100644
--- a/modules/gallery/controllers/admin_advanced_settings.php
+++ b/modules/gallery/controllers/admin_advanced_settings.php
@@ -46,7 +46,7 @@ class Admin_Advanced_Settings_Controller extends Admin_Controller {
     module::set_var($module_name, $var_name, Input::instance()->post("value"));
     message::success(
       t("Saved value for %var (%module_name)",
-        array("var" => SafeString::of($var_name), "module_name" => $module_name)));
+        array("var" => html::clean($var_name), "module_name" => $module_name)));
 
     print json_encode(array("result" => "success"));
   }
diff --git a/modules/gallery/controllers/quick.php b/modules/gallery/controllers/quick.php
index 8fddb563..20731f9c 100644
--- a/modules/gallery/controllers/quick.php
+++ b/modules/gallery/controllers/quick.php
@@ -75,7 +75,7 @@ class Quick_Controller extends Controller {
     access::required("view", $item->parent());
     access::required("edit", $item->parent());
 
-    $msg = t("Made <b>%title</b> this album's cover", array("title" => SafeString::purify($item->title)));
+    $msg = t("Made <b>%title</b> this album's cover", array("title" => html::purify($item->title)));
 
     item::make_album_cover($item);
     message::success($msg);
@@ -91,10 +91,10 @@ class Quick_Controller extends Controller {
     if ($item->is_album()) {
       print t(
         "Delete the album <b>%title</b>? All photos and movies in the album will also be deleted.",
-        array("title" => SafeString::purify($item->title)));
+        array("title" => html::purify($item->title)));
     } else {
       print t("Are you sure you want to delete <b>%title</b>?",
-              array("title" => SafeString::purify($item->title)));
+              array("title" => html::purify($item->title)));
     }
 
     $form = item::get_delete_form($item);
@@ -108,9 +108,9 @@ class Quick_Controller extends Controller {
     access::required("edit", $item);
 
     if ($item->is_album()) {
-      $msg = t("Deleted album <b>%title</b>", array("title" => SafeString::purify($item->title)));
+      $msg = t("Deleted album <b>%title</b>", array("title" => html::purify($item->title)));
     } else {
-      $msg = t("Deleted photo <b>%title</b>", array("title" => SafeString::purify($item->title)));
+      $msg = t("Deleted photo <b>%title</b>", array("title" => html::purify($item->title)));
     }
 
     $parent = $item->parent();
diff --git a/modules/gallery/helpers/MY_html.php b/modules/gallery/helpers/MY_html.php
index eb388811..75114898 100644
--- a/modules/gallery/helpers/MY_html.php
+++ b/modules/gallery/helpers/MY_html.php
@@ -65,11 +65,11 @@ class html extends html_Core {
    *
    * Example:<pre>
    *   <script type="text/javascript>"
-   *     var some_js_var = "<?= html::escape_for_js($php_var) ?>";
+   *     var some_js_var = "<?= html::clean_js($php_var) ?>";
    *   </script>
    * </pre>
    */
-  static function escape_for_js($string) {
+  static function clean_js($string) {
     return SafeString::of($string)->for_js();
   }
 
diff --git a/modules/gallery/helpers/gallery_rss.php b/modules/gallery/helpers/gallery_rss.php
index affb3101..dee6ae40 100644
--- a/modules/gallery/helpers/gallery_rss.php
+++ b/modules/gallery/helpers/gallery_rss.php
@@ -53,9 +53,9 @@ class gallery_rss_Core {
         ->descendants($limit, $offset, array("type" => "photo"));
       $feed->max_pages = ceil(
         $item->viewable()->descendants_count(array("type" => "photo")) / $limit);
-      $feed->title = SafeString::purify($item->title);
+      $feed->title = html::purify($item->title);
       $feed->link = url::abs_site("albums/{$item->id}");
-      $feed->description = nl2br(SafeString::purify($item->description));
+      $feed->description = nl2br(html::purify($item->description));
 
       return $feed;
     }
diff --git a/modules/gallery/helpers/gallery_task.php b/modules/gallery/helpers/gallery_task.php
index 8c0e8aa8..c9557324 100644
--- a/modules/gallery/helpers/gallery_task.php
+++ b/modules/gallery/helpers/gallery_task.php
@@ -64,10 +64,10 @@ class gallery_task_Core {
           if (!$success) {
             $ignored[$item->id] = 1;
             $errors[] = t("Unable to rebuild images for '%title'",
-                          array("title" => SafeString::purify($item->title)));
+                          array("title" => html::purify($item->title)));
           } else {
             $errors[] = t("Successfully rebuilt images for '%title'",
-                          array("title" => SafeString::purify($item->title)));
+                          array("title" => html::purify($item->title)));
           }
         }
 
diff --git a/modules/gallery/tests/Html_Helper_Test.php b/modules/gallery/tests/Html_Helper_Test.php
index 4d934ad5..a9903256 100644
--- a/modules/gallery/tests/Html_Helper_Test.php
+++ b/modules/gallery/tests/Html_Helper_Test.php
@@ -40,8 +40,8 @@ class Html_Helper_Test extends Unit_Test_Case {
 			$safe_string_2);
   }
 
-  public function escape_for_js_test() {
-    $string = html::escape_for_js("hello's <p  >world</p>");
+  public function clean_js_test() {
+    $string = html::clean_js("hello's <p  >world</p>");
     $this->assert_equal("hello\\'s <p  >world<\\/p>",
 			$string);
   }
diff --git a/modules/gallery/tests/Xss_Security_Test.php b/modules/gallery/tests/Xss_Security_Test.php
index 8e5f8354..16e5a856 100644
--- a/modules/gallery/tests/Xss_Security_Test.php
+++ b/modules/gallery/tests/Xss_Security_Test.php
@@ -151,7 +151,7 @@ class Xss_Security_Test extends Unit_Test_Case {
 	    if (self::_token_matches(array(T_DOUBLE_COLON, "::"), $tokens, $token_number + 1) &&
 		self::_token_matches(array(T_STRING), $tokens, $token_number + 2) &&
 		in_array($tokens[$token_number + 2][1],
-			 array("clean", "purify", "escape_for_js", "clean_attribute_test")) &&
+			 array("clean", "purify", "clean_js", "clean_attribute")) &&
 		self::_token_matches("(", $tokens, $token_number + 3)) {
               // Not checking for mark_safe(). We want such calls to be marked dirty (thus reviewed).
 
@@ -161,7 +161,7 @@ class Xss_Security_Test extends Unit_Test_Case {
 	      $token_number += 3;
 	      $token = $tokens[$token_number];
 
-              if ("escape_for_js" == $method) {
+              if ("clean_js" == $method) {
                 $frame->is_safe_js(true);
               } else {
                 $frame->is_safe_html(true);
diff --git a/modules/gallery/views/admin_advanced_settings.html.php b/modules/gallery/views/admin_advanced_settings.html.php
index adc15b91..4235e8f8 100644
--- a/modules/gallery/views/admin_advanced_settings.html.php
+++ b/modules/gallery/views/admin_advanced_settings.html.php
@@ -20,13 +20,13 @@
     <? if ($var->module_name == "gallery" && $var->name == "_cache") continue ?>
     <tr class="setting">
       <td> <?= $var->module_name ?> </td>
-      <td> <?= SafeString::of($var->name) ?> </td>
+      <td> <?= html::clean($var->name) ?> </td>
       <td>
-        <a href="<?= url::site("admin/advanced_settings/edit/$var->module_name/" . SafeString::of($var->name)) ?>"
+        <a href="<?= url::site("admin/advanced_settings/edit/$var->module_name/" . html::clean($var->name)) ?>"
           class="gDialogLink"
           title="<?= t("Edit %var (%module_name)", array("var" => $var->name, "module_name" => $var->module_name)) ?>">
           <? if ($var->value): ?>
-          <?= SafeString::of($var->value) ?>
+          <?= html::clean($var->value) ?>
           <? else: ?>
           <i> <?= t("empty") ?> </i>
           <? endif ?>
diff --git a/modules/gallery/views/admin_block_log_entries.html.php b/modules/gallery/views/admin_block_log_entries.html.php
index b7afb22d..780ff2d0 100644
--- a/modules/gallery/views/admin_block_log_entries.html.php
+++ b/modules/gallery/views/admin_block_log_entries.html.php
@@ -2,7 +2,7 @@
 <ul>
   <? foreach ($entries as $entry): ?>
   <li class="<?= log::severity_class($entry->severity) ?>" style="direction: ltr">
-    <a href="<?= url::site("user/$entry->user_id") ?>"><?= SafeString::of($entry->user->name) ?></a>
+    <a href="<?= url::site("user/$entry->user_id") ?>"><?= html::clean($entry->user->name) ?></a>
     <?= gallery::date_time($entry->timestamp) ?>
     <?= $entry->message ?>
     <?= $entry->html ?>
diff --git a/modules/gallery/views/admin_block_photo_stream.html.php b/modules/gallery/views/admin_block_photo_stream.html.php
index 732bdc38..a50836ad 100644
--- a/modules/gallery/views/admin_block_photo_stream.html.php
+++ b/modules/gallery/views/admin_block_photo_stream.html.php
@@ -2,9 +2,9 @@
 <ul>
 <? foreach ($photos as $photo): ?>
   <li class="gItem gPhoto">
-    <a href="<?= url::site("photos/$photo->id") ?>" title="<?= SafeString::of($photo->title) ?>">
+    <a href="<?= url::site("photos/$photo->id") ?>" title="<?= html::clean($photo->title) ?>">
       <img <?= photo::img_dimensions($photo->width, $photo->height, 72) ?>
-        src="<?= $photo->thumb_url() ?>" alt="<?= SafeString::of($photo->title) ?>" />
+        src="<?= $photo->thumb_url() ?>" alt="<?= html::clean($photo->title) ?>" />
     </a>
   </li>
 <? endforeach ?>
diff --git a/modules/gallery/views/admin_languages.html.php b/modules/gallery/views/admin_languages.html.php
index 4bee9bb1..052d749b 100644
--- a/modules/gallery/views/admin_languages.html.php
+++ b/modules/gallery/views/admin_languages.html.php
@@ -40,7 +40,7 @@
   </form>
 	
 	<script type="text/javascript">
-    var old_default_locale = "<?= SafeString::of($default_locale)->for_js() ?>";
+    var old_default_locale = "<?= html::escape_for_js($default_locale) ?>";
     
     $("input[name='installed_locales[]']").change(function (event) {
       if (this.checked) {
@@ -57,7 +57,7 @@
       dataType: "json",
       success: function(data) {
         if (data.result == "success") {
-          el = $('<a href="<?= url::site("admin/maintenance/start/gallery_task::update_l10n?csrf=$csrf")->for_js() ?>"></a>'); // this is a little hack to trigger the update_l10n task in a dialog
+          el = $('<a href="<?= html::escape_for_js(url::site("admin/maintenance/start/gallery_task::update_l10n?csrf=$csrf")) ?>"></a>'); // this is a little hack to trigger the update_l10n task in a dialog
           el.gallery_dialog();
           el.trigger('click');
         }
diff --git a/modules/gallery/views/admin_maintenance.html.php b/modules/gallery/views/admin_maintenance.html.php
index a1f7b126..05bc0923 100644
--- a/modules/gallery/views/admin_maintenance.html.php
+++ b/modules/gallery/views/admin_maintenance.html.php
@@ -93,7 +93,7 @@
           <?= $task->status ?>
         </td>
         <td>
-          <?= SafeString::of($task->owner()->name) ?>
+          <?= html::clean($task->owner()->name) ?>
         </td>
         <td>
           <? if ($task->state == "stalled"): ?>
@@ -164,7 +164,7 @@
           <?= $task->status ?>
         </td>
         <td>
-          <?= SafeString::of($task->owner()->name) ?>
+          <?= html::clean($task->owner()->name) ?>
         </td>
         <td>
           <? if ($task->done): ?>
diff --git a/modules/gallery/views/admin_maintenance_show_log.html.php b/modules/gallery/views/admin_maintenance_show_log.html.php
index 209aef03..8ea1beb6 100644
--- a/modules/gallery/views/admin_maintenance_show_log.html.php
+++ b/modules/gallery/views/admin_maintenance_show_log.html.php
@@ -12,7 +12,7 @@ appendTo('body').submit().remove();
 <div id="gTaskLogDialog">
   <h1> <?= $task->name ?> </h1>
   <div class="gTaskLog">
-    <pre><?= SafeString::purify($task->get_log()) ?></pre>
+    <pre><?= html::purify($task->get_log()) ?></pre>
   </div>
   <button id="gCloseButton" class="ui-state-default ui-corner-all" onclick="dismiss()"><?= t("Close") ?></button>
   <button id="gSaveButton" class="ui-state-default ui-corner-all" onclick="download()"><?= t("Save") ?></button>
diff --git a/modules/gallery/views/move_tree.html.php b/modules/gallery/views/move_tree.html.php
index 7818a42a..623f80ee 100644
--- a/modules/gallery/views/move_tree.html.php
+++ b/modules/gallery/views/move_tree.html.php
@@ -1,18 +1,18 @@
 <?php defined("SYSPATH") or die("No direct script access.") ?>
 <?= $parent->thumb_img(array(), 25); ?>
 <? if (!access::can("edit", $parent) || $source->is_descendant($parent)): ?>
-<a href="javascript:load_tree('<?= $parent->id ?>',1)"> <?= SafeString::of($parent->title) ?> <?= t("(locked)") ?> </a>
+<a href="javascript:load_tree('<?= $parent->id ?>',1)"> <?= html::clean($parent->title) ?> <?= t("(locked)") ?> </a>
 <? else: ?>
-<a href="javascript:load_tree('<?= $parent->id ?>',0)"> <?= SafeString::of($parent->title) ?></a>
+<a href="javascript:load_tree('<?= $parent->id ?>',0)"> <?= html::clean($parent->title) ?></a>
 <? endif ?>
 <ul id="tree_<?= $parent->id ?>">
   <? foreach ($children as $child): ?>
   <li id="node_<?= $child->id ?>" class="node">
     <?= $child->thumb_img(array(), 25); ?>
     <? if (!access::can("edit", $child) || $source->is_descendant($child)): ?>
-    <a href="javascript:load_tree('<?= $child->id ?>',1)"> <?= SafeString::of($child->title) ?> <?= t("(locked)") ?></a>
+    <a href="javascript:load_tree('<?= $child->id ?>',1)"> <?= html::clean($child->title) ?> <?= t("(locked)") ?></a>
     <? else: ?>
-    <a href="javascript:load_tree('<?= $child->id ?>',0)"> <?= SafeString::of($child->title) ?> </a>
+    <a href="javascript:load_tree('<?= $child->id ?>',0)"> <?= html::clean($child->title) ?> </a>
     <? endif ?>
   </li>
   <? endforeach ?>
diff --git a/modules/gallery/views/permissions_browse.html.php b/modules/gallery/views/permissions_browse.html.php
index 90970112..d9395b3f 100644
--- a/modules/gallery/views/permissions_browse.html.php
+++ b/modules/gallery/views/permissions_browse.html.php
@@ -39,13 +39,13 @@
     <? foreach ($parents as $parent): ?>
     <li id="item-<?= $parent->id ?>">
       <a href="javascript:show(<?= $parent->id ?>)">
-        <?= SafeString::purify($parent->title) ?>
+        <?= html::purify($parent->title) ?>
       </a>
     </li>
     <? endforeach ?>
     <li class="active" id="item-<?= $item->id ?>">
       <a href="javascript:show(<?= $item->id ?>)">
-    	<?= SafeString::purify($item->title) ?>
+    	<?= html::purify($item->title) ?>
       </a>
     </li>
   </ul>
diff --git a/modules/gallery/views/permissions_form.html.php b/modules/gallery/views/permissions_form.html.php
index adc0496f..e6b217c5 100644
--- a/modules/gallery/views/permissions_form.html.php
+++ b/modules/gallery/views/permissions_form.html.php
@@ -6,7 +6,7 @@
     <tr>
       <th> </th>
       <? foreach ($groups as $group): ?>
-      <th> <?= SafeString::of($group->name) ?> </th>
+      <th> <?= html::clean($group->name) ?> </th>
       <? endforeach ?>
     </tr>
 
diff --git a/modules/gallery/views/simple_uploader.html.php b/modules/gallery/views/simple_uploader.html.php
index 1f185780..b136972a 100644
--- a/modules/gallery/views/simple_uploader.html.php
+++ b/modules/gallery/views/simple_uploader.html.php
@@ -6,7 +6,7 @@
 <!-- hack to set the title for the dialog -->
 <form id="gAddPhotosForm" action="<?= url::site("simple_uploader/finish?csrf=$csrf") ?>">
   <fieldset>
-    <legend> <?= t("Add photos to %album_title", array("album_title" => SafeString::purify($item->title))) ?> </legend>
+    <legend> <?= t("Add photos to %album_title", array("album_title" => html::purify($item->title))) ?> </legend>
   </fieldset>
 </form>
 
@@ -26,9 +26,9 @@
   </p>
   <ul class="gBreadcrumbs">
     <? foreach ($item->parents() as $parent): ?>
-    <li> <?= SafeString::of($parent->title) ?> </li>
+    <li> <?= html::clean($parent->title) ?> </li>
     <? endforeach ?>
-    <li class="active"> <?= SafeString::purify($item->title) ?> </li>
+    <li class="active"> <?= html::purify($item->title) ?> </li>
   </ul>
 
   <p>
@@ -82,13 +82,13 @@
 
 <script type="text/javascript">
   var swfu = new SWFUpload({
-    flash_url: "<?= url::file("lib/swfupload/swfupload.swf")->for_js() ?>",
-    upload_url: "<?= url::site("simple_uploader/add_photo/$item->id")->for_js() ?>",
+    flash_url: "<?= html::escape_for_js(url::file("lib/swfupload/swfupload.swf")) ?>",
+    upload_url: "<?= html::escape_for_js(url::site("simple_uploader/add_photo/$item->id")) ?>",
     post_params: <?= json_encode(array(
       "g3sid" => Session::instance()->id(),
       "user_agent" => Input::instance()->server("HTTP_USER_AGENT"),
       "csrf" => $csrf)) ?>,
-    file_size_limit: "<?= SafeString::of(ini_get("upload_max_filesize") ? num::convert_to_bytes(ini_get("upload_max_filesize"))."B" : "100MB")->for_js() ?>",
+    file_size_limit: "<?= html::escape_for_js(ini_get("upload_max_filesize") ? num::convert_to_bytes(ini_get("upload_max_filesize"))."B" : "100MB")) ?>",
     file_types: "*.gif;*.jpg;*.jpeg;*.png;*.flv;*.mp4;*.GIF;*.JPG;*.JPEG;*.PNG;*.FLV;*.MP4",
     file_types_description: "<?= t("Photos and Movies")->for_js() ?>",
     file_upload_limit: 1000,
@@ -97,7 +97,7 @@
     debug: false,
 
     // Button settings
-    button_image_url: "<?= url::file("themes/default/images/select-photos-backg.png")->for_js() ?>",
+    button_image_url: "<?= html::escape_for_js(url::file("themes/default/images/select-photos-backg.png")) ?>",
     button_width: "202",
     button_height: "45",
     button_placeholder_id: "gChooseFilesButtonPlaceholder",
diff --git a/modules/info/views/info_block.html.php b/modules/info/views/info_block.html.php
index bfaaee99..d8f36984 100644
--- a/modules/info/views/info_block.html.php
+++ b/modules/info/views/info_block.html.php
@@ -2,18 +2,18 @@
 <ul class="gMetadata">
   <li>
     <strong class="caption"><?= t("Title:") ?></strong>
-    <?= SafeString::purify($item->title) ?>
+    <?= html::purify($item->title) ?>
   </li>
   <? if ($item->description): ?>
   <li>
     <strong class="caption"><?= t("Description:") ?></strong>
-     <?= nl2br(SafeString::purify($item->description)) ?>
+     <?= nl2br(html::purify($item->description)) ?>
   </li>
   <? endif ?>
   <? if (!$item->is_album()): ?>
   <li>
     <strong class="caption"><?= t("File name:") ?></strong>
-    <?= SafeString::of($item->name) ?>
+    <?= html::clean($item->name) ?>
   </li>
   <? endif ?>
   <? if ($item->captured): ?>
@@ -26,9 +26,9 @@
   <li>
     <strong class="caption"><?= t("Owner:") ?></strong>
     <? if ($item->owner->url): ?>
-    <a href="<?= $item->owner->url ?>"><?= SafeString::of($item->owner->display_name()) ?></a>
+    <a href="<?= $item->owner->url ?>"><?= html::clean($item->owner->display_name()) ?></a>
     <? else: ?>
-    <?= SafeString::of($item->owner->display_name()) ?>
+    <?= html::clean($item->owner->display_name()) ?>
     <? endif ?>
   </li>
   <? endif ?>
diff --git a/modules/notification/views/comment_published.html.php b/modules/notification/views/comment_published.html.php
index 02daf921..e39e39c6 100644
--- a/modules/notification/views/comment_published.html.php
+++ b/modules/notification/views/comment_published.html.php
@@ -1,26 +1,26 @@
 <?php defined("SYSPATH") or die("No direct script access.") ?>
 <html>
   <head>
-    <title><?= SafeString::of($subject) ?> </title>
+    <title><?= html::clean($subject) ?> </title>
   </head>
   <body>
-    <h2><?= SafeString::of($subject) ?></h2>
+    <h2><?= html::clean($subject) ?></h2>
     <table>
       <tr>
         <td><?= t("Comment:") ?></td>
-  <td><?= nl2br(SafeString::purify($comment->text)) ?></td>
+  <td><?= nl2br(html::purify($comment->text)) ?></td>
       </tr>
       <tr>
         <td><?= t("Author Name:") ?></td>
-        <td><?= SafeString::of($comment->author_name()) ?></td>
+        <td><?= html::clean($comment->author_name()) ?></td>
       </tr>
       <tr>
         <td><?= t("Author Email:") ?></td>
-        <td><?= SafeString::of($comment->author_email()) ?></td>
+        <td><?= html::clean($comment->author_email()) ?></td>
       </tr>
       <tr>
         <td><?= t("Author URL:") ?></td>
-        <td><?= SafeString::of($comment->author_url()) ?></td>
+        <td><?= html::clean($comment->author_url()) ?></td>
       </tr>
       <tr>
         <td><?= t("Url:") ?></td>
diff --git a/modules/notification/views/item_added.html.php b/modules/notification/views/item_added.html.php
index 70b8fca4..f697fea6 100644
--- a/modules/notification/views/item_added.html.php
+++ b/modules/notification/views/item_added.html.php
@@ -1,14 +1,14 @@
 <?php defined("SYSPATH") or die("No direct script access.") ?>
 <html>
   <head>
-    <title><?= SafeString::of($subject) ?> </title>
+    <title><?= html::clean($subject) ?> </title>
   </head>
   <body>
-    <h2><?= SafeString::of($subject) ?></h2>
+    <h2><?= html::clean($subject) ?></h2>
     <table>
       <tr>
         <td><?= t("Title:") ?></td>
-        <td><?= SafeString::purify($item->title) ?></td>
+        <td><?= html::purify($item->title) ?></td>
       </tr>
       <tr>
         <td><?= t("Url:") ?></td>
@@ -21,7 +21,7 @@
       <? if ($item->description): ?>
       <tr>
         <td><?= t("Description:") ?></td>
-         <td><?= nl2br(SafeString::purify($item->description)) ?></td>
+         <td><?= nl2br(html::purify($item->description)) ?></td>
       </tr>
       <? endif ?>
     </table>
diff --git a/modules/notification/views/item_deleted.html.php b/modules/notification/views/item_deleted.html.php
index e04fc71b..a51782ff 100644
--- a/modules/notification/views/item_deleted.html.php
+++ b/modules/notification/views/item_deleted.html.php
@@ -1,15 +1,15 @@
 <?php defined("SYSPATH") or die("No direct script access.") ?>
 <html>
   <head>
-    <title><?= SafeString::of($subject) ?> </title>
+    <title><?= html::clean($subject) ?> </title>
   </head>
   <body>
-    <h2><?= SafeString::of($subject) ?></h2>
+    <h2><?= html::clean($subject) ?></h2>
     <table>
       <tr>
         <td colspan="2">
           <?= t("To view the changed album %title use the link below.",
-              array("title" => SafeString::purify($item->parent()->title))) ?>
+              array("title" => html::purify($item->parent()->title))) ?>
         </td>
       </tr>
       <tr>
diff --git a/modules/notification/views/item_updated.html.php b/modules/notification/views/item_updated.html.php
index c3a4f795..ba03540a 100644
--- a/modules/notification/views/item_updated.html.php
+++ b/modules/notification/views/item_updated.html.php
@@ -1,18 +1,18 @@
 <?php defined("SYSPATH") or die("No direct script access.") ?>
 <html>
   <head>
-    <title><?= SafeString::of($subject) ?> </title>
+    <title><?= html::clean($subject) ?> </title>
   </head>
   <body>
-    <h2> <?= SafeString::of($subject) ?> </h2>
+    <h2> <?= html::clean($subject) ?> </h2>
     <table>
       <tr>
         <? if ($item->original("title") != $item->title): ?>
         <td><?= t("New Title:") ?></td>
-        <td><?= SafeString::of($item->title) ?></td>
+        <td><?= html::clean($item->title) ?></td>
         <? else: ?>
         <td><?= t("Title:") ?></td>
-        <td><?= SafeString::of($item->title) ?></td>
+        <td><?= html::clean($item->title) ?></td>
         <? endif ?>
       </tr>
       <tr>
@@ -22,12 +22,12 @@
       <? if ($item->original("description") != $item->description): ?>
       <tr>
         <td><?= t("New Description:") ?></td>
-        <td><?= SafeString::of($item->description) ?></td>
+        <td><?= html::clean($item->description) ?></td>
       </tr>
       <? elseif (!empty($item->description)): ?>
       <tr>
         <td><?= t("Description:") ?></td>
-        <td><?= SafeString::of($item->description) ?></td>
+        <td><?= html::clean($item->description) ?></td>
       </tr>
       <? endif ?>
     </table>
diff --git a/modules/organize/views/organize_dialog.html.php b/modules/organize/views/organize_dialog.html.php
index 27d5b508..857499aa 100644
--- a/modules/organize/views/organize_dialog.html.php
+++ b/modules/organize/views/organize_dialog.html.php
@@ -5,7 +5,7 @@
   var sort_order_url = "<?= url::site("organize/sort_order/__ALBUM_ID__/__COL__/__DIR__?csrf=$csrf") ?>";
 </script>
 <div id="gOrganize" class="gDialogPanel">
-  <h1 style="display:none"><?= t("Organize %name", array("name" => SafeString::purify($album->title))) ?></h1>
+  <h1 style="display:none"><?= t("Organize %name", array("name" => html::purify($album->title))) ?></h1>
   <div id="bd">
     <div class="yui-gf">
       <div class="yui-u first">
diff --git a/modules/organize/views/organize_tree.html.php b/modules/organize/views/organize_tree.html.php
index 387d5977..5b676889 100644
--- a/modules/organize/views/organize_tree.html.php
+++ b/modules/organize/views/organize_tree.html.php
@@ -5,7 +5,7 @@
   <span class="ui-icon ui-icon-minus">
   </span>
   <span class="gAlbumText" ref="<?= $parent->id ?>">
-    <?= SafeString::of($parent->title) ?>
+    <?= html::clean($parent->title) ?>
   </span>
   <ul class="ui-icon-plus">
     <? endforeach ?>
@@ -17,7 +17,7 @@
       </span>
       <span class="gAlbumText <?= $peer->id == $album->id ? "selected" : "" ?>"
             ref="<?= $peer->id ?>">
-        <?= SafeString::of($peer->title) ?>
+        <?= html::clean($peer->title) ?>
       </span>
 
       <? if ($peer->id == $album->id): ?>
@@ -29,7 +29,7 @@
           </span>
           <span class="gAlbumText"
                 ref="<?= $child->id ?>">
-            <?= SafeString::of($child->title) ?>
+            <?= html::clean($child->title) ?>
           </span>
         </li>
         <? endforeach ?>
diff --git a/modules/rss/views/feed.mrss.php b/modules/rss/views/feed.mrss.php
index 7298b7f4..731703c7 100644
--- a/modules/rss/views/feed.mrss.php
+++ b/modules/rss/views/feed.mrss.php
@@ -6,9 +6,9 @@
    xmlns:fh="http://purl.org/syndication/history/1.0">
   <channel>
     <generator>gallery3</generator>
-    <title><?= SafeString::of($feed->title) ?></title>
+    <title><?= html::clean($feed->title) ?></title>
     <link><?= $feed->uri ?></link>
-    <description><?= SafeString::of($feed->description) ?></description>
+    <description><?= html::clean($feed->description) ?></description>
     <language>en-us</language>
     <atom:link rel="self" href="<?= $feed->uri ?>" type="application/rss+xml" />
     <fh:complete/>
@@ -22,25 +22,25 @@
     <lastBuildDate><?= $pub_date ?></lastBuildDate>
     <? foreach ($feed->children as $child): ?>
     <item>
-      <title><?= SafeString::of($child->title) ?></title>
+      <title><?= html::clean($child->title) ?></title>
       <link><?= url::abs_site("{$child->type}s/{$child->id}") ?></link>
       <guid isPermaLink="true"><?= url::abs_site("{$child->type}s/{$child->id}") ?></guid>
       <pubDate><?= date("D, d M Y H:i:s T", $child->created); ?></pubDate>
       <content:encoded>
         <![CDATA[
-          <span><?= SafeString::of($child->description) ?></span>
+          <span><?= html::clean($child->description) ?></span>
           <p>
           <? if ($child->type == "photo" || $child->type == "album"): ?>
             <img alt="" src="<?= $child->resize_url(true) ?>"
-                 title="<?= SafeString::of($child->title) ?>"
+                 title="<?= html::clean($child->title) ?>"
                  height="<?= $child->resize_height ?>" width="<?= $child->resize_width ?>" /><br />
           <? else: ?>
             <a href="<?= url::abs_site("{$child->type}s/{$child->id}") ?>">
             <img alt="" src="<?= $child->thumb_url(true) ?>"
-                 title="<?= SafeString::of($child->title) ?>"
+                 title="<?= html::clean($child->title) ?>"
                  height="<?= $child->thumb_height ?>" width="<?= $child->thumb_width ?>" /></a><br />
           <? endif ?>
-            <?= SafeString::of($child->description) ?>
+            <?= html::clean($child->description) ?>
           </p>
         ]]>
       </content:encoded>
diff --git a/modules/rss/views/rss_block.html.php b/modules/rss/views/rss_block.html.php
index cd8db89d..737731b6 100644
--- a/modules/rss/views/rss_block.html.php
+++ b/modules/rss/views/rss_block.html.php
@@ -5,7 +5,7 @@
     <span class="ui-icon-left">
     <a href="<?= rss::url($url) ?>">
       <span class="ui-icon ui-icon-signal-diag"></span>
-      <?= SafeString::purify($title) ?>
+      <?= html::purify($title) ?>
     </a>
     </span>
   </li>
diff --git a/modules/search/views/search.html.php b/modules/search/views/search.html.php
index e5c7b4a6..7963948d 100644
--- a/modules/search/views/search.html.php
+++ b/modules/search/views/search.html.php
@@ -8,7 +8,7 @@
     <ul>
       <li>
         <label for="q"><?= t("Search the gallery") ?></label>
-        <input name="q" id="q" type="text" value="<?= SafeString::of($q)->for_html_attr() ?>"/>
+        <input name="q" id="q" type="text" value="<?= html::clean_attribute($q) ?>"/>
       </li>
       <li>
         <input type="submit" value="<?= t("Search")->for_html_attr() ?>" />
@@ -31,10 +31,10 @@
       <a href="<?= url::site("items/$item->id") ?>">
         <?= $item->thumb_img() ?>
         <p>
-    <?= SafeString::purify($item->title) ?>
+    <?= html::purify($item->title) ?>
         </p>
         <div>
-    <?= nl2br(SafeString::purify($item->description)) ?>
+    <?= nl2br(html::purify($item->description)) ?>
         </div>
       </a>
     </li>
diff --git a/modules/server_add/views/admin_server_add.html.php b/modules/server_add/views/admin_server_add.html.php
index c4439bda..b48a19da 100644
--- a/modules/server_add/views/admin_server_add.html.php
+++ b/modules/server_add/views/admin_server_add.html.php
@@ -16,7 +16,7 @@
            class="gRemoveDir ui-icon ui-icon-trash">
           X
         </a>
-        <?= SafeString::of($path) ?>
+        <?= html::clean($path) ?>
       </li>
       <? endforeach ?>
     </ul>
diff --git a/modules/server_add/views/server_add_tree.html.php b/modules/server_add/views/server_add_tree.html.php
index 2f65a590..dbae42c5 100644
--- a/modules/server_add/views/server_add_tree.html.php
+++ b/modules/server_add/views/server_add_tree.html.php
@@ -10,7 +10,7 @@
     <li class="ui-icon-left">
       <span class="ui-icon ui-icon-folder-open"></span>
       <span ondblclick="open_dir('<?= $dir ?>')">
-        <?= SafeString::of(basename($dir)) ?>
+        <?= html::clean(basename($dir)) ?>
       </span>
       <ul>
         <? endforeach ?>
@@ -24,7 +24,7 @@
                 <? endif ?>
                 file="<?= strtr($file, array('"' => '\\"')) ?>"
                 >
-            <?= SafeString::of(basename($file)) ?>
+            <?= html::clean(basename($file)) ?>
           </span>
         </li>
         <? endforeach ?>
diff --git a/modules/server_add/views/server_add_tree_dialog.html.php b/modules/server_add/views/server_add_tree_dialog.html.php
index 912e69b6..8eb6e4df 100644
--- a/modules/server_add/views/server_add_tree_dialog.html.php
+++ b/modules/server_add/views/server_add_tree_dialog.html.php
@@ -5,17 +5,17 @@
 </script>
 
 <div id="gServerAdd">
-  <h1 style="display: none;"><?= t("Add Photos to '%title'", array("title" => SafeString::purify($item->title))) ?></h1>
+  <h1 style="display: none;"><?= t("Add Photos to '%title'", array("title" => html::purify($item->title))) ?></h1>
 
   <p id="gDescription"><?= t("Photos will be added to album:") ?></p>
   <ul class="gBreadcrumbs">
     <? foreach ($item->parents() as $parent): ?>
     <li>
-      <?= SafeString::purify($parent->title) ?>
+      <?= html::purify($parent->title) ?>
     </li>
     <? endforeach ?>
     <li class="active">
-      <?= SafeString::purify($item->title) ?>
+      <?= html::purify($item->title) ?>
     </li>
   </ul>
 
diff --git a/modules/tag/controllers/admin_tags.php b/modules/tag/controllers/admin_tags.php
index f1b4ca3a..8b8dde21 100644
--- a/modules/tag/controllers/admin_tags.php
+++ b/modules/tag/controllers/admin_tags.php
@@ -106,7 +106,7 @@ class Admin_Tags_Controller extends Admin_Controller {
         array("result" => "success",
               "location" => url::site("admin/tags"),
               "tag_id" => $tag->id,
-              "new_tagname" => SafeString::of($tag->name)));
+              "new_tagname" => html::clean($tag->name)));
     } else {
       print json_encode(
         array("result" => "error",
diff --git a/modules/tag/views/admin_tags.html.php b/modules/tag/views/admin_tags.html.php
index 30dd0728..3d805c5e 100644
--- a/modules/tag/views/admin_tags.html.php
+++ b/modules/tag/views/admin_tags.html.php
@@ -32,7 +32,7 @@
           <? $current_letter = strtoupper(mb_substr($tag->name, 0, 1)) ?>
 
           <? if ($i == 0): /* first letter */ ?>
-            <strong><?= SafeString::of($current_letter) ?></strong>
+            <strong><?= html::clean($current_letter) ?></strong>
             <ul>
           <? elseif ($last_letter != $current_letter): /* new letter */ ?>
             <? if ($column_tag_count > $tags_per_column): /* new column */ ?>
@@ -42,12 +42,12 @@
             <? endif ?>
 
             </ul>
-            <strong><?= SafeString::of($current_letter) ?></strong>
+            <strong><?= html::clean($current_letter) ?></strong>
             <ul>
           <? endif ?>
 
           <li>
-            <span id="gTag-<?= $tag->id ?>" class="gEditable tag-name"><?= SafeString::of($tag->name) ?></span>
+            <span id="gTag-<?= $tag->id ?>" class="gEditable tag-name"><?= html::clean($tag->name) ?></span>
             <span class="understate">(<?= $tag->count ?>)</span>
             <a href="<?= url::site("admin/tags/form_delete/$tag->id") ?>"
                class="gDialogLink delete-link gButtonLink">
diff --git a/modules/tag/views/tag_cloud.html.php b/modules/tag/views/tag_cloud.html.php
index b4c6ae34..d6a0b5f8 100644
--- a/modules/tag/views/tag_cloud.html.php
+++ b/modules/tag/views/tag_cloud.html.php
@@ -3,7 +3,7 @@
   <? foreach ($tags as $tag): ?>
   <li class="size<?=(int)(($tag->count / $max_count) * 7) ?>">
     <span><?= $tag->count ?> photos are tagged with </span>
-    <a href="<?= url::site("tags/$tag->id") ?>"><?= SafeString::of($tag->name) ?></a>
+    <a href="<?= url::site("tags/$tag->id") ?>"><?= html::clean($tag->name) ?></a>
   </li>
   <? endforeach ?>
 </ul>
diff --git a/modules/user/controllers/logout.php b/modules/user/controllers/logout.php
index 4b141a1c..fc3ced56 100644
--- a/modules/user/controllers/logout.php
+++ b/modules/user/controllers/logout.php
@@ -24,7 +24,7 @@ class Logout_Controller extends Controller {
     $user = user::active();
     user::logout();
     log::info("user", t("User %name logged out", array("name" => $user->name)),
-              html::anchor("user/$user->id", SafeString::of($user->name)));
+              html::anchor("user/$user->id", html::clean($user->name)));
     if ($continue_url = $this->input->get("continue")) {
       $item = url::get_item_from_uri($continue_url);
       if (access::can("view", $item)) {
diff --git a/modules/user/views/admin_users.html.php b/modules/user/views/admin_users.html.php
index 36c4f4fd..9455f9d9 100644
--- a/modules/user/views/admin_users.html.php
+++ b/modules/user/views/admin_users.html.php
@@ -68,16 +68,16 @@
         <td id="user-<?= $user->id ?>" class="core-info gDraggable">
           <img src="<?= $user->avatar_url(20, $theme->url("images/avatar.jpg", true)) ?>"
                title="<?= t("Drag user onto group below to add as a new member") ?>"
-               alt="<?= SafeString::of($user->name) ?>"
+               alt="<?= html::clean($user->name) ?>"
                width="20"
                height="20" />
-          <?= SafeString::of($user->name) ?>
+          <?= html::clean($user->name) ?>
         </td>
         <td>
-          <?= SafeString::of($user->full_name) ?>
+          <?= html::clean($user->full_name) ?>
         </td>
         <td>
-          <?= SafeString::of($user->email) ?>
+          <?= html::clean($user->email) ?>
         </td>
         <td>
           <?= ($user->last_login == 0) ? "" : gallery::date($user->last_login) ?>
diff --git a/modules/user/views/admin_users_group.html.php b/modules/user/views/admin_users_group.html.php
index f89a4392..8418ebc9 100644
--- a/modules/user/views/admin_users_group.html.php
+++ b/modules/user/views/admin_users_group.html.php
@@ -1,6 +1,6 @@
 <?php defined("SYSPATH") or die("No direct script access.") ?>
 <h4>
-  <?= SafeString::of($group->name) ?>
+  <?= html::clean($group->name) ?>
   <? if (!$group->special): ?>
   <a href="<?= url::site("admin/users/delete_group_form/$group->id") ?>"
     title="<?= t("Delete the %name group", array("name" => $group->name)) ?>"
@@ -17,7 +17,7 @@
 <ul>
   <? foreach ($group->users as $i => $user): ?>
   <li class="gUser">
-    <?= SafeString::of($user->name) ?>
+    <?= html::clean($user->name) ?>
     <? if (!$group->special): ?>
     <a href="javascript:remove_user(<?= $user->id ?>, <?= $group->id ?>)"
        class="gButtonLink ui-state-default ui-corner-all ui-icon-left"
diff --git a/modules/user/views/login.html.php b/modules/user/views/login.html.php
index e92513e7..85f673ce 100644
--- a/modules/user/views/login.html.php
+++ b/modules/user/views/login.html.php
@@ -12,7 +12,7 @@
       '<a href="' . url::site("form/edit/users/{$user->id}") .
       '" title="' . t("Edit Your Profile")->for_html_attr() .
       '" id="gUserProfileLink" class="gDialogLink">' .
-      SafeString::of($user->display_name()) . '</a>'))) ?>
+      html::clean($user->display_name()) . '</a>'))) ?>
   </li>
   <li>
     <a href="<?= url::site("logout?csrf=$csrf&amp;continue=" . urlencode(url::current(true))) ?>"
diff --git a/themes/default/views/album.html.php b/themes/default/views/album.html.php
index 8c690f5f..caabeee3 100644
--- a/themes/default/views/album.html.php
+++ b/themes/default/views/album.html.php
@@ -2,8 +2,8 @@
 <? // @todo Set hover on AlbumGrid list items for guest users ?>
 <div id="gInfo">
   <?= $theme->album_top() ?>
-  <h1><?= SafeString::purify($item->title) ?></h1>
-  <div class="gDescription"><?= nl2br(SafeString::purify($item->description)) ?></div>
+  <h1><?= html::purify($item->title) ?></h1>
+  <div class="gDescription"><?= nl2br(html::purify($item->description)) ?></div>
 </div>
 
 <ul id="gAlbumGrid">
@@ -20,7 +20,7 @@
     </a>
     <?= $theme->thumb_bottom($child) ?>
     <?= $theme->context_menu($child, "#gItemId-{$child->id} .gThumbnail") ?>
-    <h2><span></span><a href="<?= $child->url() ?>"><?= SafeString::of($child->title) ?></a></h2>
+    <h2><span></span><a href="<?= $child->url() ?>"><?= html::clean($child->title) ?></a></h2>
     <ul class="gMetadata">
       <?= $theme->thumb_info($child) ?>
     </ul>
diff --git a/themes/default/views/dynamic.html.php b/themes/default/views/dynamic.html.php
index 2d8e04a2..9ed9d69b 100644
--- a/themes/default/views/dynamic.html.php
+++ b/themes/default/views/dynamic.html.php
@@ -3,7 +3,7 @@
   <div id="gAlbumHeaderButtons">
     <?= $theme->dynamic_top() ?>
   </div>
-  <h1><?= SafeString::of($title) ?></h1>
+  <h1><?= html::clean($title) ?></h1>
 </div>
 
 <ul id="gAlbumGrid">
@@ -16,7 +16,7 @@
            width="<?= $child->thumb_width ?>"
            height="<?= $child->thumb_height ?>" />
     </a>
-    <h2><?= SafeString::purify($child->title) ?></h2>
+    <h2><?= html::purify($child->title) ?></h2>
     <?= $theme->thumb_bottom($child) ?>
     <ul class="gMetadata">
       <?= $theme->thumb_info($child) ?>
diff --git a/themes/default/views/header.html.php b/themes/default/views/header.html.php
index 9e34401d..dcfa6fd8 100644
--- a/themes/default/views/header.html.php
+++ b/themes/default/views/header.html.php
@@ -19,10 +19,10 @@
   <? foreach ($parents as $parent): ?>
   <li>
     <a href="<?= url::site("albums/{$parent->id}?show=$item->id") ?>">
-      <?= SafeString::purify($parent->title) ?>
+      <?= html::purify($parent->title) ?>
     </a>
   </li>
   <? endforeach ?>
-  <li class="active"><?= SafeString::purify($item->title) ?></li>
+  <li class="active"><?= html::purify($item->title) ?></li>
 </ul>
 <? endif ?>
diff --git a/themes/default/views/movie.html.php b/themes/default/views/movie.html.php
index 237743b7..910814dd 100644
--- a/themes/default/views/movie.html.php
+++ b/themes/default/views/movie.html.php
@@ -28,8 +28,8 @@
   <?= $item->movie_img(array("class" => "gMovie", "id" => "gMovieId-{$item->id}")) ?>
 
   <div id="gInfo">
-    <h1><?= SafeString::purify($item->title) ?></h1>
-       <div><?= nl2br(SafeString::purify($item->description)) ?></div>
+    <h1><?= html::purify($item->title) ?></h1>
+       <div><?= nl2br(html::purify($item->description)) ?></div>
   </div>
 
   <?= $theme->photo_bottom() ?>
diff --git a/themes/default/views/photo.html.php b/themes/default/views/photo.html.php
index 5b5cb12b..c601c4cc 100644
--- a/themes/default/views/photo.html.php
+++ b/themes/default/views/photo.html.php
@@ -5,7 +5,7 @@
 <script>
   $(document).ready(function() {
     $(".gFullSizeLink").click(function() {
-      $.gallery_show_full_size("<?= $theme->item()->file_url()->for_js() ?>", "<?= $theme->item()->width ?>", "<?= $theme->item()->height ?>");
+      $.gallery_show_full_size("<?= html::escape_for_js($theme->item()->file_url()) ?>", "<?= $theme->item()->width ?>", "<?= $theme->item()->height ?>");
       return false;
     });
   });
@@ -51,8 +51,8 @@
   </div>
 
   <div id="gInfo">
-    <h1><?= SafeString::purify($item->title) ?></h1>
-    <div><?= nl2br(SafeString::purify($item->description)) ?></div>
+    <h1><?= html::purify($item->title) ?></h1>
+    <div><?= nl2br(html::purify($item->description)) ?></div>
   </div>
 
   <?= $theme->photo_bottom() ?>
-- 
cgit v1.2.3


From 2aad580f53dbc06bb170c710467b47a5a532c6c8 Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Tue, 8 Sep 2009 13:44:52 -0700
Subject: Move specialized (pretty) url generation back into Item_Model so that
 we're not relying on overriding url::site() to do tricks around item urls. 
 This means that you won't get item urls by doing url::site("albums/37"), for
 example, but it also means that we won't get pretty urls where we don't
 expect them (like in the action of a <form> element).

Incidentally, this will help us move over to using the slug format
because if you've got a bad character in a url, the edit forms will
now work on it since they'll be id based.
---
 modules/gallery/controllers/admin_themes.php       |  4 +-
 modules/gallery/controllers/after_install.php      |  2 +-
 modules/gallery/controllers/albums.php             | 16 ++++----
 modules/gallery/controllers/move.php               |  2 +-
 modules/gallery/controllers/movies.php             |  2 +-
 modules/gallery/controllers/photos.php             |  2 +-
 modules/gallery/controllers/quick.php              |  2 +-
 modules/gallery/helpers/MY_url.php                 | 19 ----------
 modules/gallery/helpers/gallery.php                | 44 +++++++++++-----------
 modules/gallery/helpers/gallery_rss.php            |  4 +-
 modules/gallery/helpers/item.php                   |  8 ++++
 modules/gallery/models/item.php                    | 21 +++++++++--
 .../views/admin_block_photo_stream.html.php        |  2 +-
 modules/gallery/views/upgrader.html.php            |  2 +-
 .../notification/views/comment_published.html.php  |  4 +-
 modules/notification/views/item_deleted.html.php   |  4 +-
 modules/search/views/search.html.php               |  2 +-
 modules/user/controllers/login.php                 |  2 +-
 modules/user/controllers/logout.php                |  2 +-
 modules/user/controllers/password.php              |  2 +-
 themes/admin_default/views/admin.html.php          |  6 +--
 themes/default/views/page.html.php                 |  4 +-
 22 files changed, 80 insertions(+), 76 deletions(-)

(limited to 'modules/gallery/controllers/quick.php')

diff --git a/modules/gallery/controllers/admin_themes.php b/modules/gallery/controllers/admin_themes.php
index da001c55..24f91aba 100644
--- a/modules/gallery/controllers/admin_themes.php
+++ b/modules/gallery/controllers/admin_themes.php
@@ -38,7 +38,7 @@ class Admin_Themes_Controller extends Admin_Controller {
       $theme_info = new ArrayObject(parse_ini_file($file), ArrayObject::ARRAY_AS_PROPS);
       $theme_info->description = t($theme_info->description);
       $theme_info->name = t($theme_info->name);
-      
+
       $themes[$theme_name] = $theme_info;
     }
     return $themes;
@@ -54,7 +54,7 @@ class Admin_Themes_Controller extends Admin_Controller {
     if ($type == "admin") {
       $view->url = url::site("admin?theme=$theme_name");
     } else {
-      $view->url = url::site("albums/1?theme=$theme_name");
+      $view->url = item::root()->url("theme=$theme_name");
     }
     print $view;
   }
diff --git a/modules/gallery/controllers/after_install.php b/modules/gallery/controllers/after_install.php
index f066afe4..b640092f 100644
--- a/modules/gallery/controllers/after_install.php
+++ b/modules/gallery/controllers/after_install.php
@@ -20,7 +20,7 @@
 class After_Install_Controller extends Controller {
   public function index() {
     if (!user::active()->admin) {
-      url::redirect("albums/1");
+      url::redirect(item::root()->url());
     }
 
     $v = new View("after_install.html");
diff --git a/modules/gallery/controllers/albums.php b/modules/gallery/controllers/albums.php
index b7a9f339..abcabfa6 100644
--- a/modules/gallery/controllers/albums.php
+++ b/modules/gallery/controllers/albums.php
@@ -42,9 +42,9 @@ class Albums_Controller extends Items_Controller {
       $index = $album->get_position($show);
       $page = ceil($index / $page_size);
       if ($page == 1) {
-        url::redirect("albums/$album->id");
+        url::redirect($album->url());
       } else {
-        url::redirect("albums/$album->id?page=$page");
+        url::redirect($album->url("page=$page"));
       }
     }
 
@@ -55,9 +55,9 @@ class Albums_Controller extends Items_Controller {
 
     // Make sure that the page references a valid offset
     if ($page < 1) {
-      url::redirect("albums/$album->id");
+      url::redirect($album->url());
     } else if ($page > $max_pages) {
-      url::redirect("albums/$album->id?page=$max_pages");
+      url::redirect($album->url("page=$max_pages"));
     }
 
     $template = new Theme_View("page.html", "album");
@@ -116,8 +116,8 @@ class Albums_Controller extends Items_Controller {
 
       print json_encode(
         array("result" => "success",
-              "location" => url::site("albums/$new_album->id"),
-              "resource" => url::site("albums/$new_album->id")));
+              "location" => $new_album->url(),
+              "resource" => $new_album->url()));
     } else {
       print json_encode(
         array(
@@ -149,8 +149,8 @@ class Albums_Controller extends Items_Controller {
 
       print json_encode(
         array("result" => "success",
-              "resource" => url::site("photos/$photo->id"),
-              "location" => url::site("photos/$photo->id")));
+              "resource" => $photo->url(),
+              "location" => $photo->url()));
     } else {
       print json_encode(
         array("result" => "error",
diff --git a/modules/gallery/controllers/move.php b/modules/gallery/controllers/move.php
index 93ef05a6..87b73436 100644
--- a/modules/gallery/controllers/move.php
+++ b/modules/gallery/controllers/move.php
@@ -43,7 +43,7 @@ class Move_Controller extends Controller {
 
     print json_encode(
       array("result" => "success",
-            "location" => url::site("albums/{$target->id}")));
+            "location" => $target->url()));
   }
 
   public function show_sub_tree($source_id, $target_id) {
diff --git a/modules/gallery/controllers/movies.php b/modules/gallery/controllers/movies.php
index c549dbf8..1c266cc8 100644
--- a/modules/gallery/controllers/movies.php
+++ b/modules/gallery/controllers/movies.php
@@ -105,7 +105,7 @@ class Movies_Controller extends Items_Controller {
       $photo->save();
       module::event("item_edit_form_completed", $photo, $form);
 
-      log::success("content", "Updated photo", "<a href=\"photos/$photo->id\">view</a>");
+      log::success("content", "Updated photo", "<a href=\"{$photo->url()}\">view</a>");
       message::success(
         t("Saved photo %photo_title", array("photo_title" => $photo->title)));
 
diff --git a/modules/gallery/controllers/photos.php b/modules/gallery/controllers/photos.php
index 959097b2..79ad674a 100644
--- a/modules/gallery/controllers/photos.php
+++ b/modules/gallery/controllers/photos.php
@@ -97,7 +97,7 @@ class Photos_Controller extends Items_Controller {
       $photo->save();
       module::event("item_edit_form_completed", $photo, $form);
 
-      log::success("content", "Updated photo", "<a href=\"photos/$photo->id\">view</a>");
+      log::success("content", "Updated photo", "<a href=\"{$photo->url()}\">view</a>");
       message::success(
                        t("Saved photo %photo_title",
                          array("photo_title" => html::purify($photo->title))));
diff --git a/modules/gallery/controllers/quick.php b/modules/gallery/controllers/quick.php
index 20731f9c..2ac54754 100644
--- a/modules/gallery/controllers/quick.php
+++ b/modules/gallery/controllers/quick.php
@@ -121,7 +121,7 @@ class Quick_Controller extends Controller {
       print json_encode(array("result" => "success", "reload" => 1));
     } else {
       print json_encode(array("result" => "success",
-                              "location" => url::site("albums/$parent->id")));
+                              "location" => $parent->url()));
     }
   }
 
diff --git a/modules/gallery/helpers/MY_url.php b/modules/gallery/helpers/MY_url.php
index 1ca9a58f..368c947e 100644
--- a/modules/gallery/helpers/MY_url.php
+++ b/modules/gallery/helpers/MY_url.php
@@ -18,25 +18,6 @@
  * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
  */
 class url extends url_Core {
-  static function site($uri, $protocol=false) {
-    if (($pos = strpos($uri, "?")) !== false) {
-      list ($uri, $query) = explode("?", $uri, 2);
-      $query = "?$query";
-    } else {
-      $query = "";
-    }
-
-    // @todo if we're only doing this for Item_Model, why not just put this
-    // all into Item_Model::url()?  It'd make url::site() faster.  Downside is that
-    // anywhere we refer to an item by id, eg url::site("albums/123") would have
-    // to load the item and do $item->url();
-    $parts = explode("/", $uri, 3);
-    if ($parts[0] == "albums" || $parts[0] == "photos" || $parts[0] == "movies") {
-      $uri = model_cache::get("item", $parts[1])->relative_url();
-    }
-    return parent::site($uri . $query, $protocol);
-  }
-
   static function parse_url() {
     if (Router::$controller) {
       return;
diff --git a/modules/gallery/helpers/gallery.php b/modules/gallery/helpers/gallery.php
index f72ef982..813134eb 100644
--- a/modules/gallery/helpers/gallery.php
+++ b/modules/gallery/helpers/gallery.php
@@ -82,9 +82,9 @@ class gallery_Core {
   static function site_menu($menu, $theme) {
     if ($theme->page_type != "login") {
       $menu->append(Menu::factory("link")
-              ->id("home")
-              ->label(t("Home"))
-              ->url(url::site("albums/1")));
+                    ->id("home")
+                    ->label(t("Home"))
+                    ->url(item::root()->url()));
 
       $item = $theme->item();
 
@@ -92,39 +92,39 @@ class gallery_Core {
       $can_add = $item && access::can("add", $item);
 
       if ($can_add) {
-              $menu->append($add_menu = Menu::factory("submenu")
-                    ->id("add_menu")
-                    ->label(t("Add")));
+        $menu->append($add_menu = Menu::factory("submenu")
+                      ->id("add_menu")
+                      ->label(t("Add")));
         $add_menu->append(Menu::factory("dialog")
-                    ->id("add_photos_item")
-                    ->label(t("Add photos"))
-                    ->url(url::site("simple_uploader/app/$item->id")));
+                          ->id("add_photos_item")
+                          ->label(t("Add photos"))
+                          ->url(url::site("simple_uploader/app/$item->id")));
         if ($item->is_album()) {
-                $add_menu->append(Menu::factory("dialog")
-                      ->id("add_album_item")
-                      ->label(t("Add an album"))
-                      ->url(url::site("form/add/albums/$item->id?type=album")));
-                                }
+          $add_menu->append(Menu::factory("dialog")
+                            ->id("add_album_item")
+                            ->label(t("Add an album"))
+                            ->url(url::site("form/add/albums/$item->id?type=album")));
+        }
       }
 
       $menu->append($options_menu = Menu::factory("submenu")
-              ->id("options_menu")
-              ->label(t("Photo options")));
+                    ->id("options_menu")
+                    ->label(t("Photo options")));
       if ($item && ($can_edit || $can_add)) {
         if ($can_edit) {
           $options_menu->append(Menu::factory("dialog")
-                          ->id("edit_item")
-                          ->label($item->is_album() ? t("Edit album") : t("Edit photo"))
-                          ->url(url::site("form/edit/{$item->type}s/$item->id")));
+                                ->id("edit_item")
+                                ->label($item->is_album() ? t("Edit album") : t("Edit photo"))
+                                ->url(url::site("form/edit/{$item->type}s/$item->id")));
         }
 
         if ($item->is_album()) {
           $options_menu->label(t("Album options"));
           if ($can_edit) {
             $options_menu->append(Menu::factory("dialog")
-                            ->id("edit_permissions")
-                            ->label(t("Edit permissions"))
-                            ->url(url::site("permissions/browse/$item->id")));
+                                  ->id("edit_permissions")
+                                  ->label(t("Edit permissions"))
+                                  ->url(url::site("permissions/browse/$item->id")));
           }
         }
       }
diff --git a/modules/gallery/helpers/gallery_rss.php b/modules/gallery/helpers/gallery_rss.php
index dee6ae40..f30df092 100644
--- a/modules/gallery/helpers/gallery_rss.php
+++ b/modules/gallery/helpers/gallery_rss.php
@@ -40,7 +40,7 @@ class gallery_rss_Core {
 
       $feed->max_pages = ceil($all_children->find_all()->count() / $limit);
       $feed->title = t("Recent Updates");
-      $feed->link = url::abs_site("albums/1");
+      $feed->link = item::root()->abs_url();
       $feed->description = t("Recent Updates");
       return $feed;
 
@@ -54,7 +54,7 @@ class gallery_rss_Core {
       $feed->max_pages = ceil(
         $item->viewable()->descendants_count(array("type" => "photo")) / $limit);
       $feed->title = html::purify($item->title);
-      $feed->link = url::abs_site("albums/{$item->id}");
+      $feed->link = $item->abs_url();
       $feed->description = nl2br(html::purify($item->description));
 
       return $feed;
diff --git a/modules/gallery/helpers/item.php b/modules/gallery/helpers/item.php
index 8da88b6e..d907a177 100644
--- a/modules/gallery/helpers/item.php
+++ b/modules/gallery/helpers/item.php
@@ -184,4 +184,12 @@ class item_Core {
 
     return $model;
   }
+
+  /**
+   * Return the root Item_Model
+   * @return Item_Model
+   */
+  static function root() {
+    return model_cache::get("item", 1);
+  }
 }
\ No newline at end of file
diff --git a/modules/gallery/models/item.php b/modules/gallery/models/item.php
index 0ec5d048..6e9debea 100644
--- a/modules/gallery/models/item.php
+++ b/modules/gallery/models/item.php
@@ -168,9 +168,24 @@ class Item_Model extends ORM_MPTT {
    *
    * @param string $query the query string (eg "show=3")
    */
-  public function url($query=array(), $full_uri=false) {
-    $url = ($full_uri ? url::abs_site("{$this->type}s/$this->id")
-            : url::site("{$this->type}s/$this->id"));
+  public function url($query=null) {
+    $relative_url = $this->relative_url();
+    $url = url::site($relative_url);
+    if ($query) {
+      $url .= "?$query";
+    }
+    return $url;
+  }
+
+  /**
+   * album: url::abs_site("albums/2")
+   * photo: url::abs_site("photos/3")
+   *
+   * @param string $query the query string (eg "show=3")
+   */
+  public function abs_url($query=null) {
+    $relative_url = $this->relative_url();
+    $url = url::abs_site($relative_url);
     if ($query) {
       $url .= "?$query";
     }
diff --git a/modules/gallery/views/admin_block_photo_stream.html.php b/modules/gallery/views/admin_block_photo_stream.html.php
index 1b9d8ff5..4968c39b 100644
--- a/modules/gallery/views/admin_block_photo_stream.html.php
+++ b/modules/gallery/views/admin_block_photo_stream.html.php
@@ -2,7 +2,7 @@
 <ul>
 <? foreach ($photos as $photo): ?>
   <li class="gItem gPhoto">
-    <a href="<?= url::site("photos/$photo->id") ?>" title="<?= html::purify($photo->title)->for_html_attr() ?>">
+    <a href="<?= $photo->url() ?>" title="<?= html::purify($photo->title)->for_html_attr() ?>">
       <img <?= photo::img_dimensions($photo->width, $photo->height, 72) ?>
         src="<?= $photo->thumb_url() ?>" alt="<?= html::purify($photo->title)->for_html_attr() ?>" />
     </a>
diff --git a/modules/gallery/views/upgrader.html.php b/modules/gallery/views/upgrader.html.php
index 04200920..5f93c2d5 100644
--- a/modules/gallery/views/upgrader.html.php
+++ b/modules/gallery/views/upgrader.html.php
@@ -18,7 +18,7 @@
             <h1> <?= t("That's it!") ?> </h1>
             <p>
               <?= t("Your <a href=\"%url\">Gallery</a> is up to date.",
-                    array("url" => html::mark_clean(url::site("albums/1")))) ?>
+                    array("url" => html::mark_clean(item::root()->url()))) ?>
             </p>
           </div>
         </div>
diff --git a/modules/notification/views/comment_published.html.php b/modules/notification/views/comment_published.html.php
index e39e39c6..a8ca1899 100644
--- a/modules/notification/views/comment_published.html.php
+++ b/modules/notification/views/comment_published.html.php
@@ -25,8 +25,8 @@
       <tr>
         <td><?= t("Url:") ?></td>
         <td>
-          <a href="<?= $comment->item()->url(array(), true) ?>#comments">
-            <?= $comment->item()->url(array(), true) ?>#comments
+          <a href="<?= $comment->item()->abs_url() ?>#comments">
+            <?= $comment->item()->abs_url() ?>#comments
           </a>
         </td>
       </tr>
diff --git a/modules/notification/views/item_deleted.html.php b/modules/notification/views/item_deleted.html.php
index a51782ff..a95cdd89 100644
--- a/modules/notification/views/item_deleted.html.php
+++ b/modules/notification/views/item_deleted.html.php
@@ -15,8 +15,8 @@
       <tr>
         <td><?= t("Url:") ?></td>
         <td>
-          <a href="<?= $item->parent()->url(array(), true) ?>">
-            <?= $item->parent()->url(array(), true) ?>
+          <a href="<?= $item->parent()->abs_url() ?>">
+            <?= $item->parent()->abs_url() ?>
           </a>
         </td>
       </tr>
diff --git a/modules/search/views/search.html.php b/modules/search/views/search.html.php
index 7963948d..91d9eec8 100644
--- a/modules/search/views/search.html.php
+++ b/modules/search/views/search.html.php
@@ -28,7 +28,7 @@
         <? $item_class = "gAlbum"; ?>
       <? endif ?>
    <li class="gItem <?= $item_class ?>">
-      <a href="<?= url::site("items/$item->id") ?>">
+      <a href="<?= $item->url() ?>">
         <?= $item->thumb_img() ?>
         <p>
     <?= html::purify($item->title) ?>
diff --git a/modules/user/controllers/login.php b/modules/user/controllers/login.php
index b81b17b2..dcac0723 100644
--- a/modules/user/controllers/login.php
+++ b/modules/user/controllers/login.php
@@ -48,7 +48,7 @@ class Login_Controller extends Controller {
 
     list ($valid, $form) = $this->_auth("login/auth_html");
     if ($valid) {
-      url::redirect("albums/1");
+      url::redirect(item::root()->url());
     } else {
       print $form;
     }
diff --git a/modules/user/controllers/logout.php b/modules/user/controllers/logout.php
index fc3ced56..3bf274a6 100644
--- a/modules/user/controllers/logout.php
+++ b/modules/user/controllers/logout.php
@@ -31,7 +31,7 @@ class Logout_Controller extends Controller {
         // Don't use url::redirect() because it'll call url::site() and munge the continue url.
         header("Location: $continue_url");
       } else {
-        url::redirect("albums/1");
+        url::redirect(item::root()->url());
       }
     }
   }
diff --git a/modules/user/controllers/password.php b/modules/user/controllers/password.php
index a6522369..8c18916e 100644
--- a/modules/user/controllers/password.php
+++ b/modules/user/controllers/password.php
@@ -130,7 +130,7 @@ class Password_Controller extends Controller {
       $user->hash = null;
       $user->save();
       message::success(t("Password reset successfully"));
-      url::redirect("albums/1");
+      url::redirect(item::root()->url());
     } else {
       print $view;
     }
diff --git a/themes/admin_default/views/admin.html.php b/themes/admin_default/views/admin.html.php
index 9c5f1413..5564484c 100644
--- a/themes/admin_default/views/admin.html.php
+++ b/themes/admin_default/views/admin.html.php
@@ -43,10 +43,10 @@
       <div id="gHeader">
         <?= $theme->admin_header_top() ?>
         <ul id="gLoginMenu">
-          <li class="first"><?= html::anchor("albums/1", "&larr; ".t("Back to the Gallery")) ?></li>
-          <li id="gLogoutLink"><a href="<?= url::site("logout?continue=albums/1&amp;csrf=$csrf") ?>"><?= t("Logout") ?></a></li>
+          <li class="first"><?= html::anchor(item::root()->url(), "&larr; ".t("Back to the Gallery")) ?></li>
+          <li id="gLogoutLink"><a href="<?= url::site("logout?continue=items/1&amp;csrf=$csrf") ?>"><?= t("Logout") ?></a></li>
         </ul>
-        <a id="gLogo" href="<?= url::site("albums/1") ?>" title="<?= t("go back to the Gallery")->for_html_attr() ?>">
+        <a id="gLogo" href="<?= item::root()->url() ?>" title="<?= t("go back to the Gallery")->for_html_attr() ?>">
           &larr; <?= t("back to the ...") ?>
         </a>
         <div id="gSiteAdminMenu" style="display: none;">
diff --git a/themes/default/views/page.html.php b/themes/default/views/page.html.php
index 350ba41c..733534ea 100644
--- a/themes/default/views/page.html.php
+++ b/themes/default/views/page.html.php
@@ -81,7 +81,7 @@
           <? if ($header_text = module::get_var("gallery", "header_text")): ?>
           <?= $header_text ?>
           <? else: ?>
-          <a id="gLogo" href="<?= url::site("albums/1") ?>" title="<?= t("go back to the Gallery home")->for_html_attr() ?>">
+          <a id="gLogo" href="<?= item::root()->url() ?>" title="<?= t("go back to the Gallery home")->for_html_attr() ?>">
             <img width="107" height="48" alt="<?= t("Gallery logo: Your photos on your web site")->for_html_attr() ?>" src="<?= url::file("lib/images/logo.png") ?>" />
           </a>
           <? endif ?>
@@ -95,7 +95,7 @@
         <ul class="gBreadcrumbs">
           <? foreach ($parents as $parent): ?>
           <li>
-            <a href="<?= url::site("albums/{$parent->id}?show={$theme->item()->id}") ?>">
+            <a href="<?= $parent->url("show={$theme->item()->id}") ?>">
               <?= html::purify($parent->title) ?>
             </a>
           </li>
-- 
cgit v1.2.3