From b46998e392bbf52fadc9c8e13271d911dff01cbe Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Thu, 16 Jul 2009 10:24:10 -0700 Subject: Update Xss_Security_Test to know about p::purify() and checkpoint the golden file. --- modules/gallery/tests/xss_data.txt | 93 ++++++++++++++++++++------------------ 1 file changed, 50 insertions(+), 43 deletions(-) (limited to 'modules/gallery/tests/xss_data.txt') diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt index 982343f6..d1167555 100644 --- a/modules/gallery/tests/xss_data.txt +++ b/modules/gallery/tests/xss_data.txt @@ -141,22 +141,28 @@ modules/gallery/views/admin_maintenance.html.php 75 DIRTY $task->na modules/gallery/views/admin_maintenance.html.php 86 DIRTY $task->percent_complete modules/gallery/views/admin_maintenance.html.php 90 DIRTY $task->status modules/gallery/views/admin_maintenance.html.php 93 $task->owner()->name -modules/gallery/views/admin_maintenance.html.php 97 DIRTY $task->id -modules/gallery/views/admin_maintenance.html.php 97 DIRTY $csrf -modules/gallery/views/admin_maintenance.html.php 101 DIRTY $task->id -modules/gallery/views/admin_maintenance.html.php 101 DIRTY $csrf -modules/gallery/views/admin_maintenance.html.php 113 DIRTY $csrf -modules/gallery/views/admin_maintenance.html.php 140 DIRTY $task->state -modules/gallery/views/admin_maintenance.html.php 142 DIRTY $task->updated -modules/gallery/views/admin_maintenance.html.php 145 DIRTY $task->name -modules/gallery/views/admin_maintenance.html.php 157 DIRTY $task->status -modules/gallery/views/admin_maintenance.html.php 160 DIRTY $task->owner()->name -modules/gallery/views/admin_maintenance.html.php 164 DIRTY $task->id -modules/gallery/views/admin_maintenance.html.php 164 DIRTY $csrf -modules/gallery/views/admin_maintenance.html.php 168 DIRTY $task->id -modules/gallery/views/admin_maintenance.html.php 168 DIRTY $csrf -modules/gallery/views/admin_maintenance.html.php 171 DIRTY $task->id -modules/gallery/views/admin_maintenance.html.php 171 DIRTY $csrf +modules/gallery/views/admin_maintenance.html.php 98 DIRTY $task->id +modules/gallery/views/admin_maintenance.html.php 98 DIRTY $csrf +modules/gallery/views/admin_maintenance.html.php 102 DIRTY $task->id +modules/gallery/views/admin_maintenance.html.php 102 DIRTY $csrf +modules/gallery/views/admin_maintenance.html.php 115 DIRTY $csrf +modules/gallery/views/admin_maintenance.html.php 142 DIRTY $task->state +modules/gallery/views/admin_maintenance.html.php 144 DIRTY $task->updated +modules/gallery/views/admin_maintenance.html.php 147 DIRTY $task->name +modules/gallery/views/admin_maintenance.html.php 159 DIRTY $task->status +modules/gallery/views/admin_maintenance.html.php 162 DIRTY $task->owner()->name +modules/gallery/views/admin_maintenance.html.php 166 DIRTY $task->id +modules/gallery/views/admin_maintenance.html.php 166 DIRTY $csrf +modules/gallery/views/admin_maintenance.html.php 170 DIRTY $task->id +modules/gallery/views/admin_maintenance.html.php 170 DIRTY $csrf +modules/gallery/views/admin_maintenance.html.php 175 DIRTY $task->id +modules/gallery/views/admin_maintenance.html.php 175 DIRTY $csrf +modules/gallery/views/admin_maintenance.html.php 178 DIRTY $task->id +modules/gallery/views/admin_maintenance.html.php 178 DIRTY $csrf +modules/gallery/views/admin_maintenance_show_log.html.php 8 DIRTY $task->id +modules/gallery/views/admin_maintenance_show_log.html.php 8 DIRTY $csrf +modules/gallery/views/admin_maintenance_show_log.html.php 13 DIRTY $task->name +modules/gallery/views/admin_maintenance_show_log.html.php 15 $task->get_log() modules/gallery/views/admin_maintenance_task.html.php 5 DIRTY $task->id modules/gallery/views/admin_maintenance_task.html.php 5 DIRTY $csrf modules/gallery/views/admin_maintenance_task.html.php 26 DIRTY $task->name @@ -201,10 +207,10 @@ modules/gallery/views/admin_themes_preview.html.php 4 DIRTY $info->na modules/gallery/views/admin_themes_preview.html.php 7 DIRTY $url modules/gallery/views/after_install.html.php 11 $user->name modules/gallery/views/after_install.html.php 15 DIRTY $user->id -modules/gallery/views/kohana_error_page.php 98 DIRTY $message -modules/gallery/views/kohana_error_page.php 100 DIRTY $file -modules/gallery/views/kohana_error_page.php 100 DIRTY $line -modules/gallery/views/kohana_error_page.php 112 DIRTY $trace +modules/gallery/views/kohana_error_page.php 102 DIRTY $message +modules/gallery/views/kohana_error_page.php 104 DIRTY $file +modules/gallery/views/kohana_error_page.php 104 DIRTY $line +modules/gallery/views/kohana_error_page.php 116 DIRTY $trace modules/gallery/views/kohana_profiler.php 32 DIRTY $profile->render() modules/gallery/views/kohana_profiler.php 34 DIRTY $execution_time modules/gallery/views/l10n_client.html.php 17 DIRTY $string @@ -212,8 +218,8 @@ modules/gallery/views/l10n_client.html.php 19 DIRTY $string modules/gallery/views/l10n_client.html.php 20 DIRTY $string modules/gallery/views/l10n_client.html.php 22 DIRTY $string modules/gallery/views/l10n_client.html.php 28 DIRTY $l10n_search_form -modules/gallery/views/l10n_client.html.php 72 DIRTY $string_list -modules/gallery/views/l10n_client.html.php 73 DIRTY $plural_forms +modules/gallery/views/l10n_client.html.php 74 DIRTY $string_list +modules/gallery/views/l10n_client.html.php 75 DIRTY $plural_forms modules/gallery/views/move_browse.html.php 4 DIRTY $source->id modules/gallery/views/move_browse.html.php 39 DIRTY $tree modules/gallery/views/move_browse.html.php 42 DIRTY $source->id @@ -280,8 +286,8 @@ modules/gallery/views/simple_uploader.html.php 7 DIRTY $csrf modules/gallery/views/simple_uploader.html.php 9 $item->title modules/gallery/views/simple_uploader.html.php 29 $parent->title modules/gallery/views/simple_uploader.html.php 31 $item->title -modules/gallery/views/simple_uploader.html.php 85 DIRTY $item->id -modules/gallery/views/simple_uploader.html.php 89 DIRTY $csrf +modules/gallery/views/simple_uploader.html.php 86 DIRTY $item->id +modules/gallery/views/simple_uploader.html.php 90 DIRTY $csrf modules/gallery/views/upgrader.html.php 44 DIRTY $module->version modules/gallery/views/upgrader.html.php 44 DIRTY $module->code_version modules/gallery/views/upgrader.html.php 45 DIRTY $id @@ -417,16 +423,17 @@ modules/server_add/views/admin_server_add.html.php 14 DIRTY $csrf modules/server_add/views/admin_server_add.html.php 15 DIRTY $id modules/server_add/views/admin_server_add.html.php 19 DIRTY $path modules/server_add/views/admin_server_add.html.php 24 DIRTY $form -modules/server_add/views/server_add_tree.html.php 4 DIRTY $tree_id -modules/server_add/views/server_add_tree.html.php 6 DIRTY $file_info -modules/server_add/views/server_add_tree.html.php 10 $file_info -modules/server_add/views/server_add_tree.html.php 10 DIRTY $checked -modules/server_add/views/server_add_tree.html.php 10 $file -modules/server_add/views/server_add_tree_dialog.html.php 10 $album_title -modules/server_add/views/server_add_tree_dialog.html.php 15 $parent->title -modules/server_add/views/server_add_tree_dialog.html.php 17 $album_title -modules/server_add/views/server_add_tree_dialog.html.php 20 DIRTY $action -modules/server_add/views/server_add_tree_dialog.html.php 22 DIRTY $tree +modules/server_add/views/server_add_tree.html.php 12 DIRTY $dir +modules/server_add/views/server_add_tree.html.php 13 DIRTY $dir +modules/server_add/views/server_add_tree.html.php 20 DIRTY $file +modules/server_add/views/server_add_tree.html.php 25 DIRTY $file +modules/server_add/views/server_add_tree.html.php 27 $file +modules/server_add/views/server_add_tree_dialog.html.php 4 DIRTY $item->id +modules/server_add/views/server_add_tree_dialog.html.php 4 DIRTY $csrf +modules/server_add/views/server_add_tree_dialog.html.php 8 $item->title +modules/server_add/views/server_add_tree_dialog.html.php 14 $parent->title +modules/server_add/views/server_add_tree_dialog.html.php 18 $item->title +modules/server_add/views/server_add_tree_dialog.html.php 23 DIRTY $tree modules/tag/views/admin_tags.html.php 13 DIRTY $csrf modules/tag/views/admin_tags.html.php 27 DIRTY $tags->count() modules/tag/views/admin_tags.html.php 35 DIRTY $current_letter @@ -501,14 +508,14 @@ themes/admin_default/views/admin.html.php 37 DIRTY $theme->a themes/admin_default/views/admin.html.php 43 DIRTY $theme->site_status() themes/admin_default/views/admin.html.php 45 DIRTY $theme->admin_header_top() themes/admin_default/views/admin.html.php 48 DIRTY $csrf -themes/admin_default/views/admin.html.php 52 DIRTY $theme->admin_menu() -themes/admin_default/views/admin.html.php 54 DIRTY $theme->admin_header_bottom() -themes/admin_default/views/admin.html.php 60 DIRTY $theme->messages() -themes/admin_default/views/admin.html.php 61 DIRTY $content -themes/admin_default/views/admin.html.php 67 DIRTY $sidebar -themes/admin_default/views/admin.html.php 72 DIRTY $theme->admin_footer() -themes/admin_default/views/admin.html.php 74 DIRTY $theme->admin_credits() -themes/admin_default/views/admin.html.php 78 DIRTY $theme->admin_page_bottom() +themes/admin_default/views/admin.html.php 54 DIRTY $theme->admin_menu() +themes/admin_default/views/admin.html.php 56 DIRTY $theme->admin_header_bottom() +themes/admin_default/views/admin.html.php 62 DIRTY $theme->messages() +themes/admin_default/views/admin.html.php 63 DIRTY $content +themes/admin_default/views/admin.html.php 69 DIRTY $sidebar +themes/admin_default/views/admin.html.php 74 DIRTY $theme->admin_footer() +themes/admin_default/views/admin.html.php 76 DIRTY $theme->admin_credits() +themes/admin_default/views/admin.html.php 80 DIRTY $theme->admin_page_bottom() themes/admin_default/views/block.html.php 2 DIRTY $id themes/admin_default/views/block.html.php 2 DIRTY $css_id themes/admin_default/views/block.html.php 5 DIRTY $id @@ -544,7 +551,7 @@ themes/default/views/block.html.php 3 DIRTY $css_id themes/default/views/block.html.php 4 DIRTY $title themes/default/views/block.html.php 6 DIRTY $content themes/default/views/dynamic.html.php 4 DIRTY $theme->dynamic_top() -themes/default/views/dynamic.html.php 6 $tag->name +themes/default/views/dynamic.html.php 6 $title themes/default/views/dynamic.html.php 11 DIRTY $child->is_album() themes/default/views/dynamic.html.php 12 DIRTY $theme->thumb_top($child) themes/default/views/dynamic.html.php 13 DIRTY $child->url() -- cgit v1.2.3 From 43324fd12a23b35707300ff110f207552c3811f1 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Thu, 16 Jul 2009 12:29:01 -0700 Subject: Update golden file to match recent changes in event code. --- modules/gallery/tests/xss_data.txt | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'modules/gallery/tests/xss_data.txt') diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt index d1167555..e6f3721b 100644 --- a/modules/gallery/tests/xss_data.txt +++ b/modules/gallery/tests/xss_data.txt @@ -326,12 +326,12 @@ modules/notification/views/item_deleted.html.php 18 DIRTY $item->pa modules/notification/views/item_deleted.html.php 19 DIRTY $item->parent()->url(array(), true) modules/notification/views/item_updated.html.php 4 $subject modules/notification/views/item_updated.html.php 7 $subject -modules/notification/views/item_updated.html.php 12 $new->title -modules/notification/views/item_updated.html.php 15 $new->title -modules/notification/views/item_updated.html.php 20 DIRTY $new->url(array(), true) -modules/notification/views/item_updated.html.php 20 DIRTY $new->url(array(), true) -modules/notification/views/item_updated.html.php 25 $new->description -modules/notification/views/item_updated.html.php 30 $new->description +modules/notification/views/item_updated.html.php 12 $item->title +modules/notification/views/item_updated.html.php 15 $item->title +modules/notification/views/item_updated.html.php 20 DIRTY $item->url(array(), true) +modules/notification/views/item_updated.html.php 20 DIRTY $item->url(array(), true) +modules/notification/views/item_updated.html.php 25 $item->description +modules/notification/views/item_updated.html.php 30 $item->description modules/organize/views/organize.html.php 10 DIRTY $item->id modules/organize/views/organize.html.php 12 DIRTY $csrf modules/organize/views/organize.html.php 13 DIRTY $csrf -- cgit v1.2.3 From 59e410bb792cf1d8703c17f9034b681d4114f8fc Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Tue, 21 Jul 2009 07:25:34 -0700 Subject: Updated for movieplayer.html.php update --- modules/gallery/tests/xss_data.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/gallery/tests/xss_data.txt') diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt index e6f3721b..ce2fa2a5 100644 --- a/modules/gallery/tests/xss_data.txt +++ b/modules/gallery/tests/xss_data.txt @@ -237,7 +237,7 @@ modules/gallery/views/move_tree.html.php 15 DIRTY $child->i modules/gallery/views/move_tree.html.php 15 $child->title modules/gallery/views/movieplayer.html.php 2 DIRTY $item->file_url(true) modules/gallery/views/movieplayer.html.php 2 DIRTY $attrs -modules/gallery/views/movieplayer.html.php 4 DIRTY $attrs +modules/gallery/views/movieplayer.html.php 5 DIRTY $attrs modules/gallery/views/permissions_browse.html.php 15 DIRTY $csrf modules/gallery/views/permissions_browse.html.php 37 DIRTY $parent->id modules/gallery/views/permissions_browse.html.php 38 $parent->title -- cgit v1.2.3 From 0e9b80d2efb942167fef269441e65722abac5f54 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Thu, 23 Jul 2009 16:20:40 -0700 Subject: Updated golden file --- modules/gallery/tests/xss_data.txt | 86 +++++++++++++++++++------------------- 1 file changed, 42 insertions(+), 44 deletions(-) (limited to 'modules/gallery/tests/xss_data.txt') diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt index ce2fa2a5..5a05d4ef 100644 --- a/modules/gallery/tests/xss_data.txt +++ b/modules/gallery/tests/xss_data.txt @@ -2,7 +2,7 @@ modules/akismet/views/admin_akismet.html.php 14 DIRTY $form modules/akismet/views/admin_akismet_stats.html.php 9 DIRTY $api_key modules/akismet/views/admin_akismet_stats.html.php 9 DIRTY $blog_url modules/comment/views/admin_block_recent_comments.html.php 4 DIRTY $i -modules/comment/views/admin_block_recent_comments.html.php 5 DIRTY $comment->author()->avatar_url(32, $theme->theme_url("images/avatar.jpg", true)) +modules/comment/views/admin_block_recent_comments.html.php 5 DIRTY $comment->author()->avatar_url(32, $theme->url("images/avatar.jpg", true)) modules/comment/views/admin_block_recent_comments.html.php 7 $comment->author_name() modules/comment/views/admin_block_recent_comments.html.php 10 DIRTY $comment->created modules/comment/views/admin_block_recent_comments.html.php 12 $comment->author_name() @@ -15,7 +15,7 @@ modules/comment/views/admin_comments.html.php 72 DIRTY $counts-> modules/comment/views/admin_comments.html.php 75 DIRTY $csrf modules/comment/views/admin_comments.html.php 106 DIRTY $comment->id modules/comment/views/admin_comments.html.php 106 DIRTY $i -modules/comment/views/admin_comments.html.php 109 DIRTY $comment->author()->avatar_url(40, $theme->theme_url("images/avatar.jpg", true)) +modules/comment/views/admin_comments.html.php 109 DIRTY $comment->author()->avatar_url(40, $theme->url("images/avatar.jpg", true)) modules/comment/views/admin_comments.html.php 111 $comment->author_name() modules/comment/views/admin_comments.html.php 115 $comment->author_email() modules/comment/views/admin_comments.html.php 116 $comment->author_email() @@ -35,7 +35,7 @@ modules/comment/views/admin_comments.html.php 175 DIRTY $comment- modules/comment/views/admin_comments.html.php 183 DIRTY $comment->id modules/comment/views/admin_comments.html.php 196 DIRTY $pager modules/comment/views/comment.html.php 2 DIRTY $comment->id -modules/comment/views/comment.html.php 5 DIRTY $comment->author()->avatar_url(40, $theme->theme_url("images/avatar.jpg", true)) +modules/comment/views/comment.html.php 5 DIRTY $comment->author()->avatar_url(40, $theme->url("images/avatar.jpg", true)) modules/comment/views/comment.html.php 7 $comment->author_name() modules/comment/views/comment.html.php 12 DIRTY $comment->created modules/comment/views/comment.html.php 13 $comment->author_name() @@ -58,7 +58,7 @@ modules/comment/views/comment.mrss.php 34 DIRTY $child->t modules/comment/views/comment.mrss.php 35 DIRTY $child->thumb_height modules/comment/views/comment.mrss.php 35 DIRTY $child->thumb_width modules/comment/views/comments.html.php 10 DIRTY $comment->id -modules/comment/views/comments.html.php 13 DIRTY $comment->author()->avatar_url(40, $theme->theme_url("images/avatar.jpg", true)) +modules/comment/views/comments.html.php 13 DIRTY $comment->author()->avatar_url(40, $theme->url("images/avatar.jpg", true)) modules/comment/views/comments.html.php 15 $comment->author_name() modules/comment/views/comments.html.php 20 DIRTY $comment->created modules/comment/views/comments.html.php 21 $comment->author_name() @@ -108,7 +108,7 @@ modules/gallery/views/admin_block_photo_stream.html.php 6 DIRTY $photo->w modules/gallery/views/admin_block_photo_stream.html.php 6 DIRTY $photo->height modules/gallery/views/admin_block_photo_stream.html.php 7 DIRTY $photo->thumb_url() modules/gallery/views/admin_block_photo_stream.html.php 7 $photo->title -modules/gallery/views/admin_block_platform.html.php 16 DIRTY $load_average +modules/gallery/views/admin_block_platform.html.php 19 DIRTY $load_average modules/gallery/views/admin_block_stats.html.php 7 DIRTY $album_count modules/gallery/views/admin_block_stats.html.php 10 DIRTY $photo_count modules/gallery/views/admin_dashboard.html.php 5 DIRTY $csrf @@ -303,8 +303,8 @@ modules/info/views/info_block.html.php 10 $item->de modules/info/views/info_block.html.php 16 $item->name modules/info/views/info_block.html.php 22 DIRTY $item->captured modules/info/views/info_block.html.php 29 DIRTY $item->owner->url -modules/info/views/info_block.html.php 29 $item->owner->full_name -modules/info/views/info_block.html.php 31 $item->owner->name +modules/info/views/info_block.html.php 29 $item->owner->display_name() +modules/info/views/info_block.html.php 31 $item->owner->display_name() modules/notification/views/comment_published.html.php 4 $subject modules/notification/views/comment_published.html.php 7 $subject modules/notification/views/comment_published.html.php 11 $comment->text @@ -454,7 +454,7 @@ modules/user/views/admin_users.html.php 36 DIRTY $csrf modules/user/views/admin_users.html.php 67 DIRTY $user->id modules/user/views/admin_users.html.php 67 DIRTY $user->admin modules/user/views/admin_users.html.php 68 DIRTY $user->id -modules/user/views/admin_users.html.php 69 DIRTY $user->avatar_url(20, $theme->theme_url("images/avatar.jpg", true)) +modules/user/views/admin_users.html.php 69 DIRTY $user->avatar_url(20, $theme->url("images/avatar.jpg", true)) modules/user/views/admin_users.html.php 71 $user->name modules/user/views/admin_users.html.php 74 $user->name modules/user/views/admin_users.html.php 77 $user->full_name @@ -475,9 +475,7 @@ modules/user/views/admin_users_group.html.php 22 DIRTY $group->i modules/user/views/admin_users_group.html.php 25 $user->name modules/user/views/admin_users_group.html.php 25 $group->name modules/user/views/login.html.php 12 DIRTY $user->id -modules/user/views/login.html.php 15 $user->full_name -modules/user/views/login.html.php 15 $user->name -modules/user/views/login.html.php 15 $user->full_name +modules/user/views/login.html.php 15 $user->display_name() modules/user/views/login.html.php 18 DIRTY $csrf modules/user/views/login_ajax.html.php 37 DIRTY $form modules/user/views/reset_password.html.php 9 $user->full_name @@ -488,20 +486,20 @@ modules/watermark/views/admin_watermarks.html.php 19 DIRTY $width modules/watermark/views/admin_watermarks.html.php 19 DIRTY $height modules/watermark/views/admin_watermarks.html.php 19 DIRTY $url modules/watermark/views/admin_watermarks.html.php 21 DIRTY $position -themes/admin_default/views/admin.html.php 10 DIRTY $theme->css("lib/yui/reset-fonts-grids.css") -themes/admin_default/views/admin.html.php 11 DIRTY $theme->css("lib/themeroller/ui.base.css") -themes/admin_default/views/admin.html.php 12 DIRTY $theme->css("lib/superfish/css/superfish.css") -themes/admin_default/views/admin.html.php 13 DIRTY $theme->css("themes/default/css/screen.css") -themes/admin_default/views/admin.html.php 14 DIRTY $theme->theme_css("css/screen.css") -themes/admin_default/views/admin.html.php 16 DIRTY $theme->theme_url("css/fix-ie.css") -themes/admin_default/views/admin.html.php 20 DIRTY $theme->script("lib/jquery.js") -themes/admin_default/views/admin.html.php 21 DIRTY $theme->script("lib/jquery.form.js") -themes/admin_default/views/admin.html.php 22 DIRTY $theme->script("lib/jquery-ui.js") -themes/admin_default/views/admin.html.php 23 DIRTY $theme->script("lib/gallery.common.js") -themes/admin_default/views/admin.html.php 28 DIRTY $theme->script("lib/gallery.dialog.js") -themes/admin_default/views/admin.html.php 29 DIRTY $theme->script("lib/superfish/js/superfish.js") -themes/admin_default/views/admin.html.php 30 DIRTY $theme->theme_script("js/jquery.dropshadow.js") -themes/admin_default/views/admin.html.php 31 DIRTY $theme->theme_script("js/ui.init.js") +themes/admin_default/views/admin.html.php 10 DIRTY $theme->css("yui/reset-fonts-grids.css") +themes/admin_default/views/admin.html.php 11 DIRTY $theme->css("themeroller/ui.base.css") +themes/admin_default/views/admin.html.php 12 DIRTY $theme->css("superfish/css/superfish.css") +themes/admin_default/views/admin.html.php 13 DIRTY $theme->css("screen.css") +themes/admin_default/views/admin.html.php 14 DIRTY $theme->css("admin_screen.css") +themes/admin_default/views/admin.html.php 16 DIRTY $theme->url("fix-ie.css") +themes/admin_default/views/admin.html.php 20 DIRTY $theme->script("jquery.js") +themes/admin_default/views/admin.html.php 21 DIRTY $theme->script("jquery.form.js") +themes/admin_default/views/admin.html.php 22 DIRTY $theme->script("jquery-ui.js") +themes/admin_default/views/admin.html.php 23 DIRTY $theme->script("gallery.common.js") +themes/admin_default/views/admin.html.php 28 DIRTY $theme->script("gallery.dialog.js") +themes/admin_default/views/admin.html.php 29 DIRTY $theme->script("superfish/js/superfish.js") +themes/admin_default/views/admin.html.php 30 DIRTY $theme->script("jquery.dropshadow.js") +themes/admin_default/views/admin.html.php 31 DIRTY $theme->script("ui.init.js") themes/admin_default/views/admin.html.php 33 DIRTY $theme->admin_head() themes/admin_default/views/admin.html.php 36 DIRTY $theme->body_attributes() themes/admin_default/views/admin.html.php 37 DIRTY $theme->admin_page_top() @@ -569,7 +567,7 @@ themes/default/views/footer.html.php 4 DIRTY $footer_t themes/default/views/footer.html.php 9 DIRTY $theme->credits() themes/default/views/header.html.php 2 DIRTY $theme->header_top() themes/default/views/header.html.php 4 DIRTY $header_text -themes/default/views/header.html.php 7 DIRTY $theme->theme_url("images/logo.png") +themes/default/views/header.html.php 7 DIRTY $theme->url("images/logo.png") themes/default/views/header.html.php 12 DIRTY $theme->site_menu() themes/default/views/header.html.php 15 DIRTY $theme->header_bottom() themes/default/views/header.html.php 21 DIRTY $parent->id @@ -590,27 +588,27 @@ themes/default/views/page.html.php 13 $theme->i themes/default/views/page.html.php 15 $theme->item()->title themes/default/views/page.html.php 17 $theme->item()->title themes/default/views/page.html.php 20 $theme->tag()->name -themes/default/views/page.html.php 26 DIRTY $theme->theme_url("images/favicon.ico") -themes/default/views/page.html.php 27 DIRTY $theme->css("lib/yui/reset-fonts-grids.css") -themes/default/views/page.html.php 28 DIRTY $theme->css("lib/superfish/css/superfish.css") -themes/default/views/page.html.php 29 DIRTY $theme->css("lib/themeroller/ui.base.css") -themes/default/views/page.html.php 30 DIRTY $theme->theme_css("css/screen.css") -themes/default/views/page.html.php 32 DIRTY $theme->theme_url("css/fix-ie.css") +themes/default/views/page.html.php 26 DIRTY $theme->url("images/favicon.ico") +themes/default/views/page.html.php 27 DIRTY $theme->css("yui/reset-fonts-grids.css") +themes/default/views/page.html.php 28 DIRTY $theme->css("superfish/css/superfish.css") +themes/default/views/page.html.php 29 DIRTY $theme->css("themeroller/ui.base.css") +themes/default/views/page.html.php 30 DIRTY $theme->css("screen.css") +themes/default/views/page.html.php 32 DIRTY $theme->url("css/fix-ie.css") themes/default/views/page.html.php 41 DIRTY $new_width themes/default/views/page.html.php 42 DIRTY $new_height themes/default/views/page.html.php 43 DIRTY $thumb_proportion -themes/default/views/page.html.php 48 DIRTY $theme->script("lib/jquery.js") -themes/default/views/page.html.php 49 DIRTY $theme->script("lib/jquery.form.js") -themes/default/views/page.html.php 50 DIRTY $theme->script("lib/jquery-ui.js") -themes/default/views/page.html.php 51 DIRTY $theme->script("lib/gallery.common.js") -themes/default/views/page.html.php 56 DIRTY $theme->script("lib/gallery.dialog.js") -themes/default/views/page.html.php 57 DIRTY $theme->script("lib/gallery.form.js") -themes/default/views/page.html.php 58 DIRTY $theme->script("lib/superfish/js/superfish.js") -themes/default/views/page.html.php 59 DIRTY $theme->script("lib/jquery.localscroll.js") -themes/default/views/page.html.php 60 DIRTY $theme->theme_script("js/ui.init.js") -themes/default/views/page.html.php 64 DIRTY $theme->script("lib/jquery.scrollTo.js") -themes/default/views/page.html.php 65 DIRTY $theme->script("lib/gallery.show_full_size.js") -themes/default/views/page.html.php 67 DIRTY $theme->script("lib/flowplayer.js") +themes/default/views/page.html.php 48 DIRTY $theme->script("jquery.js") +themes/default/views/page.html.php 49 DIRTY $theme->script("jquery.form.js") +themes/default/views/page.html.php 50 DIRTY $theme->script("jquery-ui.js") +themes/default/views/page.html.php 51 DIRTY $theme->script("gallery.common.js") +themes/default/views/page.html.php 56 DIRTY $theme->script("gallery.dialog.js") +themes/default/views/page.html.php 57 DIRTY $theme->script("gallery.form.js") +themes/default/views/page.html.php 58 DIRTY $theme->script("superfish/js/superfish.js") +themes/default/views/page.html.php 59 DIRTY $theme->script("jquery.localscroll.js") +themes/default/views/page.html.php 60 DIRTY $theme->script("ui.init.js") +themes/default/views/page.html.php 64 DIRTY $theme->script("jquery.scrollTo.js") +themes/default/views/page.html.php 65 DIRTY $theme->script("gallery.show_full_size.js") +themes/default/views/page.html.php 67 DIRTY $theme->script("flowplayer.js") themes/default/views/page.html.php 70 DIRTY $theme->head() themes/default/views/page.html.php 73 DIRTY $theme->body_attributes() themes/default/views/page.html.php 74 DIRTY $theme->page_top() -- cgit v1.2.3 From fa1d32e6466d8c6ffe77d163e2da9c71688a3c61 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Fri, 24 Jul 2009 11:24:43 -0700 Subject: Partial implementation of ticket #80. Provide auto complete and suggestions on the tag add form in the tag sidebar block. Updated the xss golden file as well. Still to do figure out how toget it into the edit popup dialog --- modules/gallery/tests/xss_data.txt | 4 ++-- modules/tag/controllers/tags.php | 17 +++++++++++++++++ modules/tag/helpers/tag.php | 2 +- modules/tag/helpers/tag_theme.php | 2 ++ modules/tag/js/tag.js | 15 +++++++++++++++ modules/tag/views/tag_block.html.php | 10 ++++++++++ 6 files changed, 47 insertions(+), 3 deletions(-) (limited to 'modules/gallery/tests/xss_data.txt') diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt index 5a05d4ef..981bf31e 100644 --- a/modules/gallery/tests/xss_data.txt +++ b/modules/gallery/tests/xss_data.txt @@ -442,8 +442,8 @@ modules/tag/views/admin_tags.html.php 50 DIRTY $tag->id modules/tag/views/admin_tags.html.php 50 $tag->name modules/tag/views/admin_tags.html.php 51 DIRTY $tag->count modules/tag/views/admin_tags.html.php 52 DIRTY $tag->id -modules/tag/views/tag_block.html.php 3 DIRTY $cloud -modules/tag/views/tag_block.html.php 5 DIRTY $form +modules/tag/views/tag_block.html.php 13 DIRTY $cloud +modules/tag/views/tag_block.html.php 15 DIRTY $form modules/tag/views/tag_cloud.html.php 4 DIRTY $tag->count modules/tag/views/tag_cloud.html.php 4 DIRTY $max_count modules/tag/views/tag_cloud.html.php 5 DIRTY $tag->count diff --git a/modules/tag/controllers/tags.php b/modules/tag/controllers/tags.php index 5dd07935..a600ea1a 100644 --- a/modules/tag/controllers/tags.php +++ b/modules/tag/controllers/tags.php @@ -78,4 +78,21 @@ class Tags_Controller extends REST_Controller { return tag::get_add_form($item); } + + public function autocomplete() { + $tags = array(); + $tag_parts = preg_split("#[,\s;]+# ", $this->input->get("q")); + $limit = $this->input->get("limit"); + $tag_part = end($tag_parts); + $tag_list = ORM::factory("tag") + ->like("name", "{$tag_part}%", false) + ->orderby("name", "ASC") + ->limit($limit) + ->find_all(); + foreach ($tag_list as $tag) { + $tags[] = $tag->name; + } + + print implode("\n", $tags); + } } diff --git a/modules/tag/helpers/tag.php b/modules/tag/helpers/tag.php index 5efa6a19..be5461a4 100644 --- a/modules/tag/helpers/tag.php +++ b/modules/tag/helpers/tag.php @@ -104,7 +104,7 @@ class tag_Core { ($item->is_photo() ? t("Add tag to photo") : t("Add tag to movie")); $group = $form->group("add_tag")->label("Add Tag"); - $group->input("name")->label($label)->rules("required|length[1,64]"); + $group->input("name")->label($label)->rules("required"); $group->hidden("item_id")->value($item->id); $group->submit("")->value(t("Add Tag")); return $form; diff --git a/modules/tag/helpers/tag_theme.php b/modules/tag/helpers/tag_theme.php index d46a91e9..1bce9bd8 100644 --- a/modules/tag/helpers/tag_theme.php +++ b/modules/tag/helpers/tag_theme.php @@ -19,6 +19,8 @@ */ class tag_theme_Core { static function head($theme) { + $theme->css("jquery.autocomplete.css"); + $theme->script("jquery.autocomplete.js"); $theme->script("tag.js"); } diff --git a/modules/tag/js/tag.js b/modules/tag/js/tag.js index a5aaa3f8..282da1ea 100644 --- a/modules/tag/js/tag.js +++ b/modules/tag/js/tag.js @@ -66,3 +66,18 @@ function editInPlace(element) { }; ajaxify_editInPlaceForm(); } + +function formatTagAutoCompleteResult(row) { + var text = $("#gAddTagForm input:text").val(); + if (/[\s,;]/.test(text)) { + for (var i= text.length - 1; i >= 0; i--) { + var chr = text.charAt(i); + if (chr == " " || chr == "," || chr == ";") { + break; + } + } + return text.substr(0, i + 1) + row[0]; + } else { + return row[0]; + } +} diff --git a/modules/tag/views/tag_block.html.php b/modules/tag/views/tag_block.html.php index 12c90857..233eb361 100644 --- a/modules/tag/views/tag_block.html.php +++ b/modules/tag/views/tag_block.html.php @@ -1,4 +1,14 @@ +
">
-- cgit v1.2.3 From 078c77a62b623322956457bfd7bfbdaf56203b00 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Fri, 24 Jul 2009 14:18:15 -0700 Subject: Add tag autocomplete to the album and photo edit pop up dialogs. This required putting a wrapper view around the forms and passing this view as the parameter to the item_edit_form event. The view contains a $script variable that the modules can add script to be included in the form html when rendered as part of the ajax response. --- modules/gallery/controllers/albums.php | 5 +++-- modules/gallery/controllers/movies.php | 5 +++-- modules/gallery/controllers/photos.php | 5 +++-- modules/gallery/helpers/album.php | 14 ++++++++------ modules/gallery/helpers/photo.php | 14 ++++++++------ modules/gallery/tests/xss_data.txt | 2 ++ modules/gallery/views/item_edit.html.php | 9 +++++++++ modules/tag/helpers/tag_event.php | 10 ++++++++-- modules/tag/js/tag.js | 2 +- 9 files changed, 45 insertions(+), 21 deletions(-) create mode 100644 modules/gallery/views/item_edit.html.php (limited to 'modules/gallery/tests/xss_data.txt') diff --git a/modules/gallery/controllers/albums.php b/modules/gallery/controllers/albums.php index 56b74cb1..4fefd3a1 100644 --- a/modules/gallery/controllers/albums.php +++ b/modules/gallery/controllers/albums.php @@ -166,7 +166,8 @@ class Albums_Controller extends Items_Controller { access::required("view", $album); access::required("edit", $album); - $form = album::get_edit_form($album); + $view = album::get_edit_form($album); + $form = $view->form; if ($valid = $form->validate()) { // Make sure that there's not a conflict if ($album->id != 1 && @@ -202,7 +203,7 @@ class Albums_Controller extends Items_Controller { } else { print json_encode( array("result" => "error", - "form" => $form->__toString())); + "form" => $view->__toString())); } } diff --git a/modules/gallery/controllers/movies.php b/modules/gallery/controllers/movies.php index c8227d74..1391c4b4 100644 --- a/modules/gallery/controllers/movies.php +++ b/modules/gallery/controllers/movies.php @@ -70,7 +70,8 @@ class Movies_Controller extends Items_Controller { access::required("view", $photo); access::required("edit", $photo); - $form = photo::get_edit_form($photo); + $view = photo::get_edit_form($photo); + $form = $view->form; if ($valid = $form->validate()) { // Make sure that there's not a conflict if (Database::instance() @@ -101,7 +102,7 @@ class Movies_Controller extends Items_Controller { } else { print json_encode( array("result" => "error", - "form" => $form->__toString())); + "form" => $view->__toString())); } } diff --git a/modules/gallery/controllers/photos.php b/modules/gallery/controllers/photos.php index 8ee24da8..9d9b25a1 100644 --- a/modules/gallery/controllers/photos.php +++ b/modules/gallery/controllers/photos.php @@ -61,7 +61,8 @@ class Photos_Controller extends Items_Controller { access::required("view", $photo); access::required("edit", $photo); - $form = photo::get_edit_form($photo); + $view = photo::get_edit_form($photo); + $form = $view->form; if ($valid = $form->validate()) { if ($form->edit_item->filename->value != $photo->name) { // Make sure that there's not a conflict @@ -94,7 +95,7 @@ class Photos_Controller extends Items_Controller { } else { print json_encode( array("result" => "error", - "form" => $form->__toString())); + "form" => $view->__toString())); } } diff --git a/modules/gallery/helpers/album.php b/modules/gallery/helpers/album.php index 5f10bd02..0263e0e1 100644 --- a/modules/gallery/helpers/album.php +++ b/modules/gallery/helpers/album.php @@ -94,9 +94,11 @@ class album_Core { } static function get_edit_form($parent) { - $form = new Forge("albums/{$parent->id}", "", "post", array("id" => "gEditAlbumForm")); - $form->hidden("_method")->value("put"); - $group = $form->group("edit_item")->label(t("Edit Album")); + $view = new View("item_edit.html"); + $view->script = array(); + $view->form = new Forge("albums/{$parent->id}", "", "post", array("id" => "gEditAlbumForm")); + $view->form->hidden("_method")->value("put"); + $group = $view->form->group("edit_item")->label(t("Edit Album")); $group->input("title")->label(t("Title"))->value($parent->title); $group->textarea("description")->label(t("Description"))->value($parent->description); @@ -127,11 +129,11 @@ class album_Core { "DESC" => t("Descending"))) ->selected($parent->sort_order); - module::event("item_edit_form", $parent, $form); + module::event("item_edit_form", $parent, $view); $group->hidden("type")->value("album"); $group->submit("")->value(t("Modify")); - $form->add_rules_from(ORM::factory("item")); - return $form; + $view->form->add_rules_from(ORM::factory("item")); + return $view; } } diff --git a/modules/gallery/helpers/photo.php b/modules/gallery/helpers/photo.php index 5cf37de1..299195e9 100644 --- a/modules/gallery/helpers/photo.php +++ b/modules/gallery/helpers/photo.php @@ -135,9 +135,11 @@ class photo_Core { } static function get_edit_form($photo) { - $form = new Forge("photos/$photo->id", "", "post", array("id" => "gEditPhotoForm")); - $form->hidden("_method")->value("put"); - $group = $form->group("edit_item")->label(t("Edit Photo")); + $view = new View("item_edit.html"); + $view->script = array(); + $view->form = new Forge("photos/$photo->id", "", "post", array("id" => "gEditPhotoForm")); + $view->form->hidden("_method")->value("put"); + $group = $view->form->group("edit_item")->label(t("Edit Photo")); $group->input("title")->label(t("Title"))->value($photo->title); $group->textarea("description")->label(t("Description"))->value($photo->description); $group->input("filename")->label(t("Filename"))->value($photo->name) @@ -147,11 +149,11 @@ class photo_Core { ->callback("item::validate_no_trailing_period") ->error_messages("no_trailing_period", t("The photo name can't end in \".\"")); - module::event("item_edit_form", $photo, $form); + module::event("item_edit_form", $photo, $view); $group->submit("")->value(t("Modify")); - $form->add_rules_from(ORM::factory("item")); - return $form; + $view->form->add_rules_from(ORM::factory("item")); + return $view; } /** diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt index 981bf31e..2940a8df 100644 --- a/modules/gallery/tests/xss_data.txt +++ b/modules/gallery/tests/xss_data.txt @@ -207,6 +207,8 @@ modules/gallery/views/admin_themes_preview.html.php 4 DIRTY $info->na modules/gallery/views/admin_themes_preview.html.php 7 DIRTY $url modules/gallery/views/after_install.html.php 11 $user->name modules/gallery/views/after_install.html.php 15 DIRTY $user->id +modules/gallery/views/item_edit.html.php 4 DIRTY $script +modules/gallery/views/item_edit.html.php 8 DIRTY $form modules/gallery/views/kohana_error_page.php 102 DIRTY $message modules/gallery/views/kohana_error_page.php 104 DIRTY $file modules/gallery/views/kohana_error_page.php 104 DIRTY $line diff --git a/modules/gallery/views/item_edit.html.php b/modules/gallery/views/item_edit.html.php new file mode 100644 index 00000000..9aa2fb64 --- /dev/null +++ b/modules/gallery/views/item_edit.html.php @@ -0,0 +1,9 @@ + + + + +
+ +
\ No newline at end of file diff --git a/modules/tag/helpers/tag_event.php b/modules/tag/helpers/tag_event.php index e1ab1b73..58034900 100644 --- a/modules/tag/helpers/tag_event.php +++ b/modules/tag/helpers/tag_event.php @@ -64,9 +64,15 @@ class tag_event_Core { tag::compact(); } - static function item_edit_form($item, $form) { + static function item_edit_form($item, $view) { + $url = url::site("tags/autocomplete"); + $view->script[] = "$('#gEditFormContainer form').ready(function() { + $('#gEditFormContainer form input[id=tags]').autocomplete( + '$url', {max: 30, formatResult: formatTagAutoCompleteResult} + ); + });"; $tag_value = implode("; ", tag::item_tags($item)); - $form->edit_item->input("tags")->label(t("Tags (separate by , or ;)")) + $view->form->edit_item->input("tags")->label(t("Tags (separate by , or ;)")) ->value($tag_value); } diff --git a/modules/tag/js/tag.js b/modules/tag/js/tag.js index 282da1ea..bbf44166 100644 --- a/modules/tag/js/tag.js +++ b/modules/tag/js/tag.js @@ -68,7 +68,7 @@ function editInPlace(element) { } function formatTagAutoCompleteResult(row) { - var text = $("#gAddTagForm input:text").val(); + var text = $(".ac_loading").val(); if (/[\s,;]/.test(text)) { for (var i= text.length - 1; i >= 0; i--) { var chr = text.charAt(i); -- cgit v1.2.3 From b3fe70e654c1519f8f1d54a80f99d0af7a8f2e49 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Mon, 27 Jul 2009 11:34:27 -0700 Subject: Updated. --- modules/gallery/tests/xss_data.txt | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'modules/gallery/tests/xss_data.txt') diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt index 2940a8df..45f7c7ec 100644 --- a/modules/gallery/tests/xss_data.txt +++ b/modules/gallery/tests/xss_data.txt @@ -163,9 +163,9 @@ modules/gallery/views/admin_maintenance_show_log.html.php 8 DIRTY $task->id modules/gallery/views/admin_maintenance_show_log.html.php 8 DIRTY $csrf modules/gallery/views/admin_maintenance_show_log.html.php 13 DIRTY $task->name modules/gallery/views/admin_maintenance_show_log.html.php 15 $task->get_log() -modules/gallery/views/admin_maintenance_task.html.php 5 DIRTY $task->id -modules/gallery/views/admin_maintenance_task.html.php 5 DIRTY $csrf -modules/gallery/views/admin_maintenance_task.html.php 26 DIRTY $task->name +modules/gallery/views/admin_maintenance_task.html.php 23 DIRTY $task->id +modules/gallery/views/admin_maintenance_task.html.php 23 DIRTY $csrf +modules/gallery/views/admin_maintenance_task.html.php 47 DIRTY $task->name modules/gallery/views/admin_modules.html.php 19 DIRTY $i modules/gallery/views/admin_modules.html.php 22 DIRTY $data modules/gallery/views/admin_modules.html.php 22 DIRTY $module_name @@ -567,11 +567,11 @@ themes/default/views/dynamic.html.php 29 DIRTY $theme->p themes/default/views/footer.html.php 2 DIRTY $theme->footer() themes/default/views/footer.html.php 4 DIRTY $footer_text themes/default/views/footer.html.php 9 DIRTY $theme->credits() -themes/default/views/header.html.php 2 DIRTY $theme->header_top() -themes/default/views/header.html.php 4 DIRTY $header_text -themes/default/views/header.html.php 7 DIRTY $theme->url("images/logo.png") +themes/default/views/header.html.php 3 DIRTY $theme->header_top() +themes/default/views/header.html.php 5 DIRTY $header_text +themes/default/views/header.html.php 8 DIRTY $theme->url("images/logo.png") themes/default/views/header.html.php 12 DIRTY $theme->site_menu() -themes/default/views/header.html.php 15 DIRTY $theme->header_bottom() +themes/default/views/header.html.php 14 DIRTY $theme->header_bottom() themes/default/views/header.html.php 21 DIRTY $parent->id themes/default/views/header.html.php 21 DIRTY $item->id themes/default/views/header.html.php 22 $parent->title -- cgit v1.2.3 From 2f969c80eb2e228f2c5729c6f4660c99555f9c9f Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Tue, 28 Jul 2009 11:59:58 +0800 Subject: Create A Forge Script element. Form_Script allows the specification of either a url to a script file or in line text which will be included in a script block. Signed-off-by: Tim Almdal --- modules/gallery/libraries/Form_Script.php | 66 +++++++++++++++++++++++++++++++ modules/gallery/tests/DrawForm_Test.php | 39 ++++++++++++++++++ modules/gallery/tests/xss_data.txt | 4 +- modules/gallery/views/form.html.php | 2 + 4 files changed, 109 insertions(+), 2 deletions(-) create mode 100644 modules/gallery/libraries/Form_Script.php (limited to 'modules/gallery/tests/xss_data.txt') diff --git a/modules/gallery/libraries/Form_Script.php b/modules/gallery/libraries/Form_Script.php new file mode 100644 index 00000000..e841408d --- /dev/null +++ b/modules/gallery/libraries/Form_Script.php @@ -0,0 +1,66 @@ + false, + "type" => "script", + "url" => "", + "text" => ""); + + public function __construct($name) { + // Set dummy data so we don"t get errors + $this->attr["action"] = ""; + $this->attr["method"] = "post"; + $this->data["name"] = $name; + } + + public function __get($key) { + return isset($this->data[$key]) ? $this->data[$key] : null; + } + + /** + * Sets url attribute + */ + public function url($url) { + $this->data["url"] = $url; + + return $this; + } + + public function text($script_text) { + $this->data["text"] = $script_text; + + return $this; + } + + public function render() { + $script = array(); + if (!empty($this->data["url"])) { + $script[] = html::script($this->data["url"]); + } + + if (!empty($this->data["text"])) { + $script[] = "\n"; + } + + return implode("\n", $script); + } + +} // End Form Script \ No newline at end of file diff --git a/modules/gallery/tests/DrawForm_Test.php b/modules/gallery/tests/DrawForm_Test.php index 2c5aaba4..dde54257 100644 --- a/modules/gallery/tests/DrawForm_Test.php +++ b/modules/gallery/tests/DrawForm_Test.php @@ -80,5 +80,44 @@ class DrawForm_Test extends Unit_Test_Case { $this->assert_same($expected, $rendered); } + function form_script_test() { + $form = new Forge("test/controller", "", "post", array("id" => "gTestGroupForm")); + $group = $form->group("test_group")->label(t("Test Group")); + $group->input("title")->label(t("Title")); + $group->textarea("description")->label(t("Text Area")); + $form->script("") + ->url(url::file("test.js")) + ->text("alert('Test Javascript');"); + $group->submit("")->value(t("Submit")); + $rendered = $form->__toString(); + + $expected = "
\n" . + "\n" . + "
\n" . + " Test Group\n" . + "
    \n" . + "
  • \n" . + " \n" . + " \n" . + "
    • \n" . + "
  • \n" . + " \n" . + " \n" . + "
    • \n" . + "
  • \n" . + " \n" . + "
    • \n" . + "
\n" . + "
\n" . + "\n\n" . + "\n" . + "
\n"; + $this->assert_same($expected, $rendered); + } } diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt index 45f7c7ec..cc9261e5 100644 --- a/modules/gallery/tests/xss_data.txt +++ b/modules/gallery/tests/xss_data.txt @@ -444,8 +444,8 @@ modules/tag/views/admin_tags.html.php 50 DIRTY $tag->id modules/tag/views/admin_tags.html.php 50 $tag->name modules/tag/views/admin_tags.html.php 51 DIRTY $tag->count modules/tag/views/admin_tags.html.php 52 DIRTY $tag->id -modules/tag/views/tag_block.html.php 13 DIRTY $cloud -modules/tag/views/tag_block.html.php 15 DIRTY $form +modules/tag/views/tag_block.html.php 15 DIRTY $cloud +modules/tag/views/tag_block.html.php 17 DIRTY $form modules/tag/views/tag_cloud.html.php 4 DIRTY $tag->count modules/tag/views/tag_cloud.html.php 4 DIRTY $max_count modules/tag/views/tag_cloud.html.php 5 DIRTY $tag->count diff --git a/modules/gallery/views/form.html.php b/modules/gallery/views/form.html.php index ec2a56a9..730d77cb 100644 --- a/modules/gallery/views/form.html.php +++ b/modules/gallery/views/form.html.php @@ -40,6 +40,8 @@ if (!function_exists("DrawForm")) { print "$prefix {$hidden->render()}\n"; } print "$prefix\n"; + } else if ($input->type == 'script') { + print $input->render(); } else { if ($input->error_messages()) { print "$prefix
  • \n"; -- cgit v1.2.3 From a7f4d7aced009007d36e48685648e9bc3382f8cb Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Tue, 28 Jul 2009 20:40:28 +0800 Subject: Revert commit 078c77a62b623322956457bfd7bfbdaf56203b00 and change the tag_event:item_edit_form to use the new Form_Script library to inject script into a form. Signed-off-by: Tim Almdal --- modules/gallery/controllers/albums.php | 5 ++--- modules/gallery/controllers/movies.php | 5 ++--- modules/gallery/controllers/photos.php | 5 ++--- modules/gallery/helpers/album.php | 14 ++++++-------- modules/gallery/helpers/photo.php | 14 ++++++-------- modules/gallery/tests/xss_data.txt | 2 -- modules/gallery/views/item_edit.html.php | 9 --------- modules/tag/helpers/tag_event.php | 18 +++++++----------- modules/tag/js/tag.js | 1 + 9 files changed, 26 insertions(+), 47 deletions(-) delete mode 100644 modules/gallery/views/item_edit.html.php (limited to 'modules/gallery/tests/xss_data.txt') diff --git a/modules/gallery/controllers/albums.php b/modules/gallery/controllers/albums.php index 4fefd3a1..56b74cb1 100644 --- a/modules/gallery/controllers/albums.php +++ b/modules/gallery/controllers/albums.php @@ -166,8 +166,7 @@ class Albums_Controller extends Items_Controller { access::required("view", $album); access::required("edit", $album); - $view = album::get_edit_form($album); - $form = $view->form; + $form = album::get_edit_form($album); if ($valid = $form->validate()) { // Make sure that there's not a conflict if ($album->id != 1 && @@ -203,7 +202,7 @@ class Albums_Controller extends Items_Controller { } else { print json_encode( array("result" => "error", - "form" => $view->__toString())); + "form" => $form->__toString())); } } diff --git a/modules/gallery/controllers/movies.php b/modules/gallery/controllers/movies.php index 1391c4b4..c8227d74 100644 --- a/modules/gallery/controllers/movies.php +++ b/modules/gallery/controllers/movies.php @@ -70,8 +70,7 @@ class Movies_Controller extends Items_Controller { access::required("view", $photo); access::required("edit", $photo); - $view = photo::get_edit_form($photo); - $form = $view->form; + $form = photo::get_edit_form($photo); if ($valid = $form->validate()) { // Make sure that there's not a conflict if (Database::instance() @@ -102,7 +101,7 @@ class Movies_Controller extends Items_Controller { } else { print json_encode( array("result" => "error", - "form" => $view->__toString())); + "form" => $form->__toString())); } } diff --git a/modules/gallery/controllers/photos.php b/modules/gallery/controllers/photos.php index 9d9b25a1..8ee24da8 100644 --- a/modules/gallery/controllers/photos.php +++ b/modules/gallery/controllers/photos.php @@ -61,8 +61,7 @@ class Photos_Controller extends Items_Controller { access::required("view", $photo); access::required("edit", $photo); - $view = photo::get_edit_form($photo); - $form = $view->form; + $form = photo::get_edit_form($photo); if ($valid = $form->validate()) { if ($form->edit_item->filename->value != $photo->name) { // Make sure that there's not a conflict @@ -95,7 +94,7 @@ class Photos_Controller extends Items_Controller { } else { print json_encode( array("result" => "error", - "form" => $view->__toString())); + "form" => $form->__toString())); } } diff --git a/modules/gallery/helpers/album.php b/modules/gallery/helpers/album.php index f146bfb3..6065f580 100644 --- a/modules/gallery/helpers/album.php +++ b/modules/gallery/helpers/album.php @@ -94,11 +94,9 @@ class album_Core { } static function get_edit_form($parent) { - $view = new View("item_edit.html"); - $view->script = array(); - $view->form = new Forge("albums/{$parent->id}", "", "post", array("id" => "gEditAlbumForm")); - $view->form->hidden("_method")->value("put"); - $group = $view->form->group("edit_item")->label(t("Edit Album")); + $form = new Forge("albums/{$parent->id}", "", "post", array("id" => "gEditAlbumForm")); + $form->hidden("_method")->value("put"); + $group = $form->group("edit_item")->label(t("Edit Album")); $group->input("title")->label(t("Title"))->value($parent->title); $group->textarea("description")->label(t("Description"))->value($parent->description); @@ -130,11 +128,11 @@ class album_Core { "DESC" => t("Descending"))) ->selected($parent->sort_order); - module::event("item_edit_form", $parent, $view); + module::event("item_edit_form", $parent, $form); $group->hidden("type")->value("album"); $group->submit("")->value(t("Modify")); - $view->form->add_rules_from(ORM::factory("item")); - return $view; + $form->add_rules_from(ORM::factory("item")); + return $form; } } diff --git a/modules/gallery/helpers/photo.php b/modules/gallery/helpers/photo.php index 299195e9..5cf37de1 100644 --- a/modules/gallery/helpers/photo.php +++ b/modules/gallery/helpers/photo.php @@ -135,11 +135,9 @@ class photo_Core { } static function get_edit_form($photo) { - $view = new View("item_edit.html"); - $view->script = array(); - $view->form = new Forge("photos/$photo->id", "", "post", array("id" => "gEditPhotoForm")); - $view->form->hidden("_method")->value("put"); - $group = $view->form->group("edit_item")->label(t("Edit Photo")); + $form = new Forge("photos/$photo->id", "", "post", array("id" => "gEditPhotoForm")); + $form->hidden("_method")->value("put"); + $group = $form->group("edit_item")->label(t("Edit Photo")); $group->input("title")->label(t("Title"))->value($photo->title); $group->textarea("description")->label(t("Description"))->value($photo->description); $group->input("filename")->label(t("Filename"))->value($photo->name) @@ -149,11 +147,11 @@ class photo_Core { ->callback("item::validate_no_trailing_period") ->error_messages("no_trailing_period", t("The photo name can't end in \".\"")); - module::event("item_edit_form", $photo, $view); + module::event("item_edit_form", $photo, $form); $group->submit("")->value(t("Modify")); - $view->form->add_rules_from(ORM::factory("item")); - return $view; + $form->add_rules_from(ORM::factory("item")); + return $form; } /** diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt index cc9261e5..82b039d7 100644 --- a/modules/gallery/tests/xss_data.txt +++ b/modules/gallery/tests/xss_data.txt @@ -207,8 +207,6 @@ modules/gallery/views/admin_themes_preview.html.php 4 DIRTY $info->na modules/gallery/views/admin_themes_preview.html.php 7 DIRTY $url modules/gallery/views/after_install.html.php 11 $user->name modules/gallery/views/after_install.html.php 15 DIRTY $user->id -modules/gallery/views/item_edit.html.php 4 DIRTY $script -modules/gallery/views/item_edit.html.php 8 DIRTY $form modules/gallery/views/kohana_error_page.php 102 DIRTY $message modules/gallery/views/kohana_error_page.php 104 DIRTY $file modules/gallery/views/kohana_error_page.php 104 DIRTY $line diff --git a/modules/gallery/views/item_edit.html.php b/modules/gallery/views/item_edit.html.php deleted file mode 100644 index 9aa2fb64..00000000 --- a/modules/gallery/views/item_edit.html.php +++ /dev/null @@ -1,9 +0,0 @@ - - - - -
    - -
    \ No newline at end of file diff --git a/modules/tag/helpers/tag_event.php b/modules/tag/helpers/tag_event.php index 0cb49ffa..0fe8a393 100644 --- a/modules/tag/helpers/tag_event.php +++ b/modules/tag/helpers/tag_event.php @@ -64,19 +64,15 @@ class tag_event_Core { tag::compact(); } - static function item_edit_form($item, $view) { + static function item_edit_form($item, $form) { $url = url::site("tags/autocomplete"); - $view->script[] = "$('#gEditFormContainer form').ready(function() { - $('#gEditFormContainer form input[id=tags]').autocomplete( - '$url', - {max: 30, - multiple: true, - multipleSeparator: ',', - cacheLength: 1} - ); - });"; + $form->script("") + ->text("$('form input[id=tags]').ready(function() { + $('form input[id=tags]').autocomplete( + '$url', {max: 30, multiple: true, multipleSeparator: ',', cacheLength: 1}); + });"); $tag_value = implode(", ", tag::item_tags($item)); - $view->form->edit_item->input("tags")->label(t("Tags (comma separated)")) + $form->edit_item->input("tags")->label(t("Tags (comma separated)")) ->value($tag_value); } diff --git a/modules/tag/js/tag.js b/modules/tag/js/tag.js index a5aaa3f8..765c2a35 100644 --- a/modules/tag/js/tag.js +++ b/modules/tag/js/tag.js @@ -66,3 +66,4 @@ function editInPlace(element) { }; ajaxify_editInPlaceForm(); } + -- cgit v1.2.3 From 031a19724ae361825f18d3e29d3fdf1fa9f9b303 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Thu, 30 Jul 2009 09:55:09 -0700 Subject: Update golden file --- modules/gallery/tests/xss_data.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'modules/gallery/tests/xss_data.txt') diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt index 82b039d7..0e118ce7 100644 --- a/modules/gallery/tests/xss_data.txt +++ b/modules/gallery/tests/xss_data.txt @@ -163,9 +163,9 @@ modules/gallery/views/admin_maintenance_show_log.html.php 8 DIRTY $task->id modules/gallery/views/admin_maintenance_show_log.html.php 8 DIRTY $csrf modules/gallery/views/admin_maintenance_show_log.html.php 13 DIRTY $task->name modules/gallery/views/admin_maintenance_show_log.html.php 15 $task->get_log() -modules/gallery/views/admin_maintenance_task.html.php 23 DIRTY $task->id -modules/gallery/views/admin_maintenance_task.html.php 23 DIRTY $csrf -modules/gallery/views/admin_maintenance_task.html.php 47 DIRTY $task->name +modules/gallery/views/admin_maintenance_task.html.php 30 DIRTY $task->id +modules/gallery/views/admin_maintenance_task.html.php 30 DIRTY $csrf +modules/gallery/views/admin_maintenance_task.html.php 54 DIRTY $task->name modules/gallery/views/admin_modules.html.php 19 DIRTY $i modules/gallery/views/admin_modules.html.php 22 DIRTY $data modules/gallery/views/admin_modules.html.php 22 DIRTY $module_name -- cgit v1.2.3