From 0d424a635d12eee59d2080fa7ffa32a248b0fd5c Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 3 Jul 2010 14:25:33 -0700 Subject: When we delete an item, make sure that we scrub it from any other items that may have it in the album_cover_item_id column. Fixes ticket #1172. --- modules/gallery/tests/Item_Helper_Test.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'modules/gallery/tests') diff --git a/modules/gallery/tests/Item_Helper_Test.php b/modules/gallery/tests/Item_Helper_Test.php index 00229973..eb2458cb 100644 --- a/modules/gallery/tests/Item_Helper_Test.php +++ b/modules/gallery/tests/Item_Helper_Test.php @@ -111,15 +111,18 @@ class Item_Helper_Test extends Gallery_Unit_Test_Case { $this->assert_not_same($rand, $photo2->slug); } - public function delete_cover_photo_picks_new_album_cover() { - $album = test::random_album(); + public function delete_cover_photo_picks_new_album_cover_test() { + $parent = test::random_album(); + $album = test::random_album($parent); $photo1 = test::random_photo($album); // At this point, $photo1 is the album cover. We verify this in // Item_Model_Test::first_photo_becomes_album_cover $photo2 = test::random_photo($album); $photo1->delete(); $album->reload(); + $parent->reload(); $this->assert_same($photo2->id, $album->album_cover_item_id); + $this->assert_same($photo2->id, $parent->album_cover_item_id); } } -- cgit v1.2.3 From eee8c27f2666d65c03c36698a612a055e9b55d5e Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Tue, 6 Jul 2010 08:43:02 -0700 Subject: Correct the controller auth golden file from when the simple_uploader was renamed to flash_uploader --- modules/gallery/tests/controller_auth_data.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'modules/gallery/tests') diff --git a/modules/gallery/tests/controller_auth_data.txt b/modules/gallery/tests/controller_auth_data.txt index 8263f79d..f7ceed90 100644 --- a/modules/gallery/tests/controller_auth_data.txt +++ b/modules/gallery/tests/controller_auth_data.txt @@ -9,6 +9,8 @@ modules/gallery/controllers/albums.php show modules/gallery/controllers/combined.php javascript DIRTY_AUTH modules/gallery/controllers/combined.php css DIRTY_AUTH modules/gallery/controllers/file_proxy.php __call DIRTY_CSRF|DIRTY_AUTH +modules/gallery/controllers/flash_uploader.php start DIRTY_AUTH +modules/gallery/controllers/flash_uploader.php finish DIRTY_AUTH modules/gallery/controllers/login.php ajax DIRTY_AUTH modules/gallery/controllers/login.php auth_ajax DIRTY_AUTH modules/gallery/controllers/login.php html DIRTY_AUTH @@ -16,8 +18,6 @@ modules/gallery/controllers/login.php auth_html modules/gallery/controllers/logout.php index DIRTY_AUTH modules/gallery/controllers/maintenance.php index DIRTY_AUTH modules/gallery/controllers/quick.php form_edit DIRTY_CSRF -modules/gallery/controllers/simple_uploader.php start DIRTY_AUTH -modules/gallery/controllers/simple_uploader.php finish DIRTY_AUTH modules/gallery/controllers/upgrader.php index DIRTY_AUTH modules/gallery/controllers/user_profile.php show DIRTY_AUTH modules/gallery/controllers/user_profile.php contact DIRTY_AUTH -- cgit v1.2.3 From 9d66783f47636153bf3661d1d89e694dd5188c36 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Tue, 6 Jul 2010 09:48:37 -0700 Subject: Update the xss golden file --- modules/gallery/tests/xss_data.txt | 64 +++++++++++++++++++------------------- 1 file changed, 32 insertions(+), 32 deletions(-) (limited to 'modules/gallery/tests') diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt index 4ead8a3f..26edaebc 100644 --- a/modules/gallery/tests/xss_data.txt +++ b/modules/gallery/tests/xss_data.txt @@ -28,11 +28,11 @@ modules/comment/views/comment.mrss.php 16 DIRTY_JS $feed- modules/comment/views/comment.mrss.php 19 DIRTY_JS $feed->next_page_uri modules/comment/views/comment.mrss.php 21 DIRTY $pub_date modules/comment/views/comment.mrss.php 22 DIRTY $pub_date -modules/comment/views/comment.mrss.php 28 DIRTY $child->item_uri -modules/comment/views/comment.mrss.php 29 DIRTY $child->pub_date -modules/comment/views/comment.mrss.php 34 DIRTY_ATTR $child->thumb_url -modules/comment/views/comment.mrss.php 35 DIRTY_ATTR $child->thumb_height -modules/comment/views/comment.mrss.php 35 DIRTY_ATTR $child->thumb_width +modules/comment/views/comment.mrss.php 28 DIRTY $comment->item_uri +modules/comment/views/comment.mrss.php 29 DIRTY $comment->pub_date +modules/comment/views/comment.mrss.php 34 DIRTY_ATTR $comment->thumb_url +modules/comment/views/comment.mrss.php 35 DIRTY_ATTR $comment->thumb_height +modules/comment/views/comment.mrss.php 35 DIRTY_ATTR $comment->thumb_width modules/comment/views/comments.html.php 28 DIRTY_ATTR $comment->id modules/comment/views/comments.html.php 31 DIRTY_ATTR $comment->author()->avatar_url(40,$theme->url(,true)) modules/comment/views/user_profile_comments.html.php 5 DIRTY_ATTR $comment->id @@ -109,7 +109,7 @@ modules/gallery/views/admin_sidebar.html.php 50 DIRTY $avail modules/gallery/views/admin_sidebar.html.php 58 DIRTY $active modules/gallery/views/admin_sidebar_blocks.html.php 4 DIRTY_ATTR $ref modules/gallery/views/admin_sidebar_blocks.html.php 4 DIRTY $text -modules/gallery/views/admin_theme_options.html.php 6 DIRTY $form +modules/gallery/views/admin_theme_options.html.php 36 DIRTY $form modules/gallery/views/admin_themes.html.php 3 DIRTY_JS url::site("admin/themes/choose") modules/gallery/views/admin_themes.html.php 5 DIRTY_JS $csrf modules/gallery/views/admin_themes.html.php 22 DIRTY $themes[$site]->name @@ -120,7 +120,7 @@ modules/gallery/views/admin_themes.html.php 60 DIRTY $theme modules/gallery/views/admin_themes.html.php 62 DIRTY $themes[$admin]->description modules/gallery/views/admin_themes.html.php 76 DIRTY $info->name modules/gallery/views/admin_themes.html.php 78 DIRTY $info->description -modules/gallery/views/admin_themes_preview.html.php 7 DIRTY_ATTR $url +modules/gallery/views/admin_themes_preview.html.php 8 DIRTY_ATTR $url modules/gallery/views/error_404.html.php 14 DIRTY $login_form modules/gallery/views/error_admin.html.php 150 DIRTY $type modules/gallery/views/error_admin.html.php 150 DIRTY $code @@ -167,7 +167,7 @@ modules/gallery/views/error_admin.html.php 251 DIRTY_ATTR $env modules/gallery/views/error_admin.html.php 257 DIRTY $key modules/gallery/views/error_admin.html.php 261 DIRTY Kohana_Exception::safe_dump($value,$key) modules/gallery/views/form_uploadify.html.php 9 DIRTY_JS url::file("lib/uploadify/uploadify.swf") -modules/gallery/views/form_uploadify.html.php 10 DIRTY_JS url::site("simple_uploader/add_photo/{$album->id}") +modules/gallery/views/form_uploadify.html.php 10 DIRTY_JS url::site("flash_uploader/add_photo/{$album->id}") modules/gallery/views/form_uploadify.html.php 14 DIRTY_JS url::file("lib/uploadify/cancel.png") modules/gallery/views/form_uploadify.html.php 15 DIRTY_JS $simultaneous_upload_limit modules/gallery/views/in_place_edit.html.php 2 DIRTY form::open($action,array("method"=>"post","id"=>"g-in-place-edit-form","class"=>"g-short-form")) @@ -190,7 +190,7 @@ modules/gallery/views/l10n_client.html.php 58 DIRTY form:: modules/gallery/views/l10n_client.html.php 62 DIRTY form::textarea("l10n-edit-plural-translation-many","",' rows="2"') modules/gallery/views/l10n_client.html.php 67 DIRTY form::textarea("l10n-edit-plural-translation-other","",' rows="2"') modules/gallery/views/login_ajax.html.php 6 DIRTY_JS url::site("password/reset") -modules/gallery/views/login_ajax.html.php 37 DIRTY $form +modules/gallery/views/login_ajax.html.php 44 DIRTY $form modules/gallery/views/maintenance.html.php 46 DIRTY auth::get_login_form("login/auth_html") modules/gallery/views/menu.html.php 4 DIRTY $menu->css_id?"id='$menu->css_id'":"" modules/gallery/views/menu.html.php 4 DIRTY_ATTR $menu->css_class @@ -298,26 +298,26 @@ modules/rss/views/feed.mrss.php 16 DIRTY_JS $feed- modules/rss/views/feed.mrss.php 19 DIRTY_JS $feed->next_page_uri modules/rss/views/feed.mrss.php 21 DIRTY $pub_date modules/rss/views/feed.mrss.php 22 DIRTY $pub_date -modules/rss/views/feed.mrss.php 28 DIRTY date("D, d M Y H:i:s T",$child->created); -modules/rss/views/feed.mrss.php 35 DIRTY_ATTR $child->resize_url(true) -modules/rss/views/feed.mrss.php 37 DIRTY_ATTR $child->resize_height -modules/rss/views/feed.mrss.php 37 DIRTY_ATTR $child->resize_width -modules/rss/views/feed.mrss.php 40 DIRTY_ATTR $child->thumb_url(true) -modules/rss/views/feed.mrss.php 42 DIRTY_ATTR $child->thumb_height -modules/rss/views/feed.mrss.php 42 DIRTY_ATTR $child->thumb_width -modules/rss/views/feed.mrss.php 48 DIRTY_ATTR $child->thumb_url(true) -modules/rss/views/feed.mrss.php 49 DIRTY_ATTR $child->thumb_height -modules/rss/views/feed.mrss.php 50 DIRTY_ATTR $child->thumb_width -modules/rss/views/feed.mrss.php 57 DIRTY_ATTR $child->resize_url(true) -modules/rss/views/feed.mrss.php 58 DIRTY_ATTR @filesize($child->resize_path()) -modules/rss/views/feed.mrss.php 59 DIRTY_ATTR $child->mime_type -modules/rss/views/feed.mrss.php 60 DIRTY_ATTR $child->resize_height -modules/rss/views/feed.mrss.php 61 DIRTY_ATTR $child->resize_width -modules/rss/views/feed.mrss.php 65 DIRTY_ATTR $child->file_url(true) -modules/rss/views/feed.mrss.php 66 DIRTY_ATTR @filesize($child->file_path()) -modules/rss/views/feed.mrss.php 67 DIRTY_ATTR $child->mime_type -modules/rss/views/feed.mrss.php 68 DIRTY_ATTR $child->height -modules/rss/views/feed.mrss.php 69 DIRTY_ATTR $child->width +modules/rss/views/feed.mrss.php 28 DIRTY date("D, d M Y H:i:s T",$item->created); +modules/rss/views/feed.mrss.php 35 DIRTY_ATTR $item->resize_url(true) +modules/rss/views/feed.mrss.php 37 DIRTY_ATTR $item->resize_height +modules/rss/views/feed.mrss.php 37 DIRTY_ATTR $item->resize_width +modules/rss/views/feed.mrss.php 40 DIRTY_ATTR $item->thumb_url(true) +modules/rss/views/feed.mrss.php 42 DIRTY_ATTR $item->thumb_height +modules/rss/views/feed.mrss.php 42 DIRTY_ATTR $item->thumb_width +modules/rss/views/feed.mrss.php 48 DIRTY_ATTR $item->thumb_url(true) +modules/rss/views/feed.mrss.php 49 DIRTY_ATTR $item->thumb_height +modules/rss/views/feed.mrss.php 50 DIRTY_ATTR $item->thumb_width +modules/rss/views/feed.mrss.php 57 DIRTY_ATTR $item->resize_url(true) +modules/rss/views/feed.mrss.php 58 DIRTY_ATTR @filesize($item->resize_path()) +modules/rss/views/feed.mrss.php 59 DIRTY_ATTR $item->mime_type +modules/rss/views/feed.mrss.php 60 DIRTY_ATTR $item->resize_height +modules/rss/views/feed.mrss.php 61 DIRTY_ATTR $item->resize_width +modules/rss/views/feed.mrss.php 65 DIRTY_ATTR $item->file_url(true) +modules/rss/views/feed.mrss.php 66 DIRTY_ATTR @filesize($item->file_path()) +modules/rss/views/feed.mrss.php 67 DIRTY_ATTR $item->mime_type +modules/rss/views/feed.mrss.php 68 DIRTY_ATTR $item->height +modules/rss/views/feed.mrss.php 69 DIRTY_ATTR $item->width modules/rss/views/rss_block.html.php 6 DIRTY_JS rss::url($url) modules/search/views/search.html.php 27 DIRTY_ATTR $item_class modules/search/views/search.html.php 28 DIRTY_JS $item->url() @@ -406,9 +406,9 @@ themes/wind/views/page.html.php 81 DIRTY $heade themes/wind/views/page.html.php 83 DIRTY_JS item::root()->url() themes/wind/views/page.html.php 87 DIRTY $theme->user_menu() themes/wind/views/page.html.php 108 DIRTY_JS $parent->url($parent==$theme->item()->parent()?"show={$theme->item()->id}":null) -themes/wind/views/page.html.php 124 DIRTY $content -themes/wind/views/page.html.php 130 DIRTY newView("sidebar.html") -themes/wind/views/page.html.php 137 DIRTY $footer_text +themes/wind/views/page.html.php 126 DIRTY $content +themes/wind/views/page.html.php 132 DIRTY newView("sidebar.html") +themes/wind/views/page.html.php 139 DIRTY $footer_text themes/wind/views/paginator.html.php 33 DIRTY_JS $first_page_url themes/wind/views/paginator.html.php 42 DIRTY_JS $previous_page_url themes/wind/views/paginator.html.php 70 DIRTY_JS $next_page_url -- cgit v1.2.3 From dbf3199e46d8a9c0ae37108f6afda35232ef4cdd Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Tue, 6 Jul 2010 14:12:00 -0700 Subject: Fix for ticket #1181. Use $.getJSON to retrieve the json contents of the dialog. Convert all the controllers that create the data to go into a dialog to return the html as part of a json object. --- lib/gallery.dialog.js | 5 +++-- modules/exif/controllers/exif.php | 2 +- modules/gallery/controllers/admin_advanced_settings.php | 2 +- modules/gallery/controllers/admin_maintenance.php | 6 +++--- modules/gallery/controllers/admin_themes.php | 2 +- modules/gallery/controllers/albums.php | 4 ++-- modules/gallery/controllers/flash_uploader.php | 3 ++- modules/gallery/controllers/login.php | 2 +- modules/gallery/controllers/move.php | 2 +- modules/gallery/controllers/movies.php | 2 +- modules/gallery/controllers/permissions.php | 2 +- modules/gallery/controllers/photos.php | 6 +++--- modules/gallery/controllers/quick.php | 17 +++++------------ modules/gallery/controllers/user_profile.php | 2 +- modules/gallery/tests/xss_data.txt | 1 + modules/gallery/views/move_browse.html.php | 13 ++++++++----- modules/gallery/views/quick_delete_confirm.html.php | 12 ++++++++++++ modules/organize/controllers/organize.php | 2 +- modules/server_add/controllers/server_add.php | 2 +- modules/tag/controllers/admin_tags.php | 2 +- modules/user/controllers/admin_users.php | 12 ++++++------ modules/user/controllers/users.php | 6 +++--- modules/watermark/controllers/admin_watermarks.php | 6 +++--- 23 files changed, 62 insertions(+), 51 deletions(-) create mode 100644 modules/gallery/views/quick_delete_confirm.html.php (limited to 'modules/gallery/tests') diff --git a/lib/gallery.dialog.js b/lib/gallery.dialog.js index 6ec8c634..1e91e3ae 100644 --- a/lib/gallery.dialog.js +++ b/lib/gallery.dialog.js @@ -1,3 +1,4 @@ + (function($) { $.widget("ui.gallery_dialog", { _init: function() { @@ -26,8 +27,8 @@ $("#g-dialog").gallery_show_loading(); - $.get(sHref, function(data) { - $("#g-dialog").html(data).gallery_show_loading(); + $.getJSON(sHref, function(data) { + $("#g-dialog").html(unescape(data.form)).gallery_show_loading(); if ($("#g-dialog form").length) { self.form_loaded(null, $("#g-dialog form")); diff --git a/modules/exif/controllers/exif.php b/modules/exif/controllers/exif.php index 2fe875e3..fe5b2ff4 100644 --- a/modules/exif/controllers/exif.php +++ b/modules/exif/controllers/exif.php @@ -28,6 +28,6 @@ class Exif_Controller extends Controller { $view = new View("exif_dialog.html"); $view->details = exif::get($item); - print $view; + print json_encode(array("form" => (string) $view)); } } diff --git a/modules/gallery/controllers/admin_advanced_settings.php b/modules/gallery/controllers/admin_advanced_settings.php index 6f4e9403..2bbbdf50 100644 --- a/modules/gallery/controllers/admin_advanced_settings.php +++ b/modules/gallery/controllers/admin_advanced_settings.php @@ -39,7 +39,7 @@ class Admin_Advanced_Settings_Controller extends Admin_Controller { $group->input("var_name")->label(t("Setting"))->value($var_name)->disabled(1); $group->textarea("value")->label(t("Value"))->value($value); $group->submit("")->value(t("Save")); - print $form; + print json_encode(array("form" => (string) $form)); } public function save($module_name, $var_name) { diff --git a/modules/gallery/controllers/admin_maintenance.php b/modules/gallery/controllers/admin_maintenance.php index d6a2d191..489f5d54 100644 --- a/modules/gallery/controllers/admin_maintenance.php +++ b/modules/gallery/controllers/admin_maintenance.php @@ -64,7 +64,7 @@ class Admin_Maintenance_Controller extends Admin_Controller { log::info("tasks", t("Task %task_name started (task id %task_id)", array("task_name" => $task->name, "task_id" => $task->id)), html::anchor("admin/maintenance", t("maintenance"))); - print $view; + print json_encode(array("form" => (string) $view)); } /** @@ -86,7 +86,7 @@ class Admin_Maintenance_Controller extends Admin_Controller { log::info("tasks", t("Task %task_name resumed (task id %task_id)", array("task_name" => $task->name, "task_id" => $task->id)), html::anchor("admin/maintenance", t("maintenance"))); - print $view; + print json_encode(array("form" => (string) $view)); } /** @@ -103,7 +103,7 @@ class Admin_Maintenance_Controller extends Admin_Controller { $view = new View("admin_maintenance_show_log.html"); $view->task = $task; - print $view; + print json_encode(array("form" => (string) $view)); } /** diff --git a/modules/gallery/controllers/admin_themes.php b/modules/gallery/controllers/admin_themes.php index e59eadaf..b1bd438f 100644 --- a/modules/gallery/controllers/admin_themes.php +++ b/modules/gallery/controllers/admin_themes.php @@ -52,7 +52,7 @@ class Admin_Themes_Controller extends Admin_Controller { } else { $view->url = item::root()->url("theme=$theme_name"); } - print $view; + print json_encode(array("form" => (string) $view)); } public function choose($type, $theme_name) { diff --git a/modules/gallery/controllers/albums.php b/modules/gallery/controllers/albums.php index eaa09be5..8aed1341 100644 --- a/modules/gallery/controllers/albums.php +++ b/modules/gallery/controllers/albums.php @@ -168,7 +168,7 @@ class Albums_Controller extends Items_Controller { access::required("view", $album); access::required("add", $album); - print album::get_add_form($album); + print json_encode(array("form" => (string) album::get_add_form($album))); } public function form_edit($album_id) { @@ -176,6 +176,6 @@ class Albums_Controller extends Items_Controller { access::required("view", $album); access::required("edit", $album); - print album::get_edit_form($album); + print json_encode(array("form" => (string) album::get_edit_form($album))); } } diff --git a/modules/gallery/controllers/flash_uploader.php b/modules/gallery/controllers/flash_uploader.php index f7da5124..be3896cd 100644 --- a/modules/gallery/controllers/flash_uploader.php +++ b/modules/gallery/controllers/flash_uploader.php @@ -26,7 +26,8 @@ class Flash_Uploader_Controller extends Controller { $item = $item->parent(); } - print $this->_get_add_form($item); + print json_encode(array("form" => (string)$this->_get_add_form($item))); + //print $this->_get_add_form($item); } public function start() { diff --git a/modules/gallery/controllers/login.php b/modules/gallery/controllers/login.php index 2b60316b..b823504b 100644 --- a/modules/gallery/controllers/login.php +++ b/modules/gallery/controllers/login.php @@ -22,7 +22,7 @@ class Login_Controller extends Controller { public function ajax() { $view = new View("login_ajax.html"); $view->form = auth::get_login_form("login/auth_ajax"); - print $view; + print json_encode(array("form" => (string) $view)); } public function auth_ajax() { diff --git a/modules/gallery/controllers/move.php b/modules/gallery/controllers/move.php index f8b85b6f..a99ef341 100644 --- a/modules/gallery/controllers/move.php +++ b/modules/gallery/controllers/move.php @@ -26,7 +26,7 @@ class Move_Controller extends Controller { $view = new View("move_browse.html"); $view->source = $source; $view->tree = $this->_get_tree_html($source, ORM::factory("item", 1)); - print $view; + print json_encode(array("form" => (string) $view)); } public function save($source_id) { diff --git a/modules/gallery/controllers/movies.php b/modules/gallery/controllers/movies.php index 16d22d90..c18dbcde 100644 --- a/modules/gallery/controllers/movies.php +++ b/modules/gallery/controllers/movies.php @@ -102,6 +102,6 @@ class Movies_Controller extends Items_Controller { access::required("view", $movie); access::required("edit", $movie); - print movie::get_edit_form($movie); + print json_encode(array("form" => (string) movie::get_edit_form($movie))); } } diff --git a/modules/gallery/controllers/permissions.php b/modules/gallery/controllers/permissions.php index fc06cb44..8fdda7b2 100644 --- a/modules/gallery/controllers/permissions.php +++ b/modules/gallery/controllers/permissions.php @@ -33,7 +33,7 @@ class Permissions_Controller extends Controller { $view->parents = $item->parents(); $view->form = $this->_get_form($item); - print $view; + print json_encode(array("form" => (string) $view)); } function form($id) { diff --git a/modules/gallery/controllers/photos.php b/modules/gallery/controllers/photos.php index f336d07c..9f17cebb 100644 --- a/modules/gallery/controllers/photos.php +++ b/modules/gallery/controllers/photos.php @@ -24,9 +24,9 @@ class Photos_Controller extends Items_Controller { // sure that we're actually receiving an object throw new Kohana_404_Exception(); } - + access::required("view", $photo); - + $where = array(array("type", "!=", "album")); $position = $photo->parent()->get_position($photo, $where); if ($position > 1) { @@ -102,6 +102,6 @@ class Photos_Controller extends Items_Controller { access::required("view", $photo); access::required("edit", $photo); - print photo::get_edit_form($photo); + print json_encode(array("form" => (string) photo::get_edit_form($photo))); } } diff --git a/modules/gallery/controllers/quick.php b/modules/gallery/controllers/quick.php index 6cfbbc62..7df5bf18 100644 --- a/modules/gallery/controllers/quick.php +++ b/modules/gallery/controllers/quick.php @@ -90,17 +90,10 @@ class Quick_Controller extends Controller { access::required("view", $item); access::required("edit", $item); - if ($item->is_album()) { - print t( - "Delete the album %title? All photos and movies in the album will also be deleted.", - array("title" => html::purify($item->title))); - } else { - print t("Are you sure you want to delete %title?", - array("title" => html::purify($item->title))); - } - - $form = item::get_delete_form($item); - print $form; + $v = new View("quick_delete_confirm.html"); + $v->item = $item; + $v->form = item::get_delete_form($item); + print json_encode(array("form" => (string) $v)); } public function delete($id) { @@ -149,6 +142,6 @@ class Quick_Controller extends Controller { // Pass on the source item where this form was generated, so we have an idea where to return to. $form->hidden("from_id")->value((int)Input::instance()->get("from_id", 0)); - print $form; + print json_encode(array("form" => (string) $form)); } } diff --git a/modules/gallery/controllers/user_profile.php b/modules/gallery/controllers/user_profile.php index c064e791..431918ff 100644 --- a/modules/gallery/controllers/user_profile.php +++ b/modules/gallery/controllers/user_profile.php @@ -44,7 +44,7 @@ class User_Profile_Controller extends Controller { public function contact($id) { $user = identity::lookup_user($id); - print user_profile::get_contact_form($user); + print json_encode(array("form" => (string) user_profile::get_contact_form($user))); } public function send($id) { diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt index 26edaebc..475f75c1 100644 --- a/modules/gallery/tests/xss_data.txt +++ b/modules/gallery/tests/xss_data.txt @@ -253,6 +253,7 @@ modules/gallery/views/permissions_form.html.php 75 DIRTY_JS $item- modules/gallery/views/permissions_form.html.php 80 DIRTY_JS $group->id modules/gallery/views/permissions_form.html.php 80 DIRTY_JS $permission->id modules/gallery/views/permissions_form.html.php 80 DIRTY_JS $item->id +modules/gallery/views/quick_delete_confirm.html.php 11 DIRTY $form modules/gallery/views/reauthenticate.html.php 9 DIRTY $form modules/gallery/views/upgrader.html.php 57 DIRTY_ATTR $done?"muted":"" modules/gallery/views/upgrader.html.php 61 DIRTY_ATTR $done?"muted":"" diff --git a/modules/gallery/views/move_browse.html.php b/modules/gallery/views/move_browse.html.php index ce3fc2fd..f77c724c 100644 --- a/modules/gallery/views/move_browse.html.php +++ b/modules/gallery/views/move_browse.html.php @@ -1,4 +1,5 @@ +
-

+

type == "photo"): ?> - + type == "movie"): ?> - + type == "album"): ?> - +

@@ -42,6 +43,8 @@
id") ?>"> - for_html_attr() ?>" disabled="disabled"/> + for_html_attr() ?>" + disabled="disabled" class="submit" />
+
diff --git a/modules/gallery/views/quick_delete_confirm.html.php b/modules/gallery/views/quick_delete_confirm.html.php new file mode 100644 index 00000000..176ffb96 --- /dev/null +++ b/modules/gallery/views/quick_delete_confirm.html.php @@ -0,0 +1,12 @@ + +
+

+ is_album()): ?> + %title? All photos and movies in the album will also be deleted.", + array("title" => html::purify($item->title))) ?> + + %title?", array("title" => html::purify($item->title))) ?> + +

+ +
diff --git a/modules/organize/controllers/organize.php b/modules/organize/controllers/organize.php index 135a6fc9..ebd40c8d 100644 --- a/modules/organize/controllers/organize.php +++ b/modules/organize/controllers/organize.php @@ -47,7 +47,7 @@ class Organize_Controller extends Controller { $v->controller_uri = url::site("organize") . "/"; $v->swf_uri = url::file("modules/organize/lib/Gallery3WebClient.swf?") . filemtime(MODPATH . "organize/lib/Gallery3WebClient.swf"); - print $v; + print json_encode(array("form" => (string) $v)); } function add_album_fields() { diff --git a/modules/server_add/controllers/server_add.php b/modules/server_add/controllers/server_add.php index 715274ab..d6c2459d 100644 --- a/modules/server_add/controllers/server_add.php +++ b/modules/server_add/controllers/server_add.php @@ -30,7 +30,7 @@ class Server_Add_Controller extends Admin_Controller { $view->tree = new View("server_add_tree.html"); $view->tree->files = $files; $view->tree->parents = array(); - print $view; + print json_encode(array("form" => (string) $view)); } public function children() { diff --git a/modules/tag/controllers/admin_tags.php b/modules/tag/controllers/admin_tags.php index 9e875d14..c2da7bc3 100644 --- a/modules/tag/controllers/admin_tags.php +++ b/modules/tag/controllers/admin_tags.php @@ -37,7 +37,7 @@ class Admin_Tags_Controller extends Admin_Controller { public function form_delete($id) { $tag = ORM::factory("tag", $id); if ($tag->loaded()) { - print tag::get_delete_form($tag); + print json_encode(array("form" => (string) tag::get_delete_form($tag))); } } diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php index e14be393..b9d06891 100644 --- a/modules/user/controllers/admin_users.php +++ b/modules/user/controllers/admin_users.php @@ -61,7 +61,7 @@ class Admin_Users_Controller extends Admin_Controller { } public function add_user_form() { - print $this->_get_user_add_form_admin(); + print json_encode(array("form" => (string) $this->_get_user_add_form_admin())); } public function delete_user($id) { @@ -95,7 +95,7 @@ class Admin_Users_Controller extends Admin_Controller { if (empty($user)) { throw new Kohana_404_Exception(); } - print $this->_get_user_delete_form_admin($user); + print json_encode(array("form" => (string) $this->_get_user_delete_form_admin($user))); } public function edit_user($id) { @@ -146,7 +146,7 @@ class Admin_Users_Controller extends Admin_Controller { throw new Kohana_404_Exception(); } - print $this->_get_user_edit_form_admin($user); + print json_encode(array("form" => (string) $this->_get_user_edit_form_admin($user))); } public function add_user_to_group($user_id, $group_id) { @@ -199,7 +199,7 @@ class Admin_Users_Controller extends Admin_Controller { } public function add_group_form() { - print $this->_get_group_add_form_admin(); + print json_encode(array("form" => (string) $this->_get_group_add_form_admin())); } public function delete_group($id) { @@ -230,7 +230,7 @@ class Admin_Users_Controller extends Admin_Controller { throw new Kohana_404_Exception(); } - print $this->_get_group_delete_form_admin($group); + print json_encode(array("form" => (string) $this->_get_group_delete_form_admin($group))); } public function edit_group($id) { @@ -272,7 +272,7 @@ class Admin_Users_Controller extends Admin_Controller { throw new Kohana_404_Exception(); } - print $this->_get_group_edit_form_admin($group); + print json_encode(array("form" => (string) $this->_get_group_edit_form_admin($group))); } /* User Form Definitions */ diff --git a/modules/user/controllers/users.php b/modules/user/controllers/users.php index 7f3f6b1f..4ddfb47c 100644 --- a/modules/user/controllers/users.php +++ b/modules/user/controllers/users.php @@ -139,7 +139,7 @@ class Users_Controller extends Controller { access::forbidden(); } - print $this->_get_edit_form($user); + print json_encode(array("form" => (string) $this->_get_edit_form($user))); } public function form_change_password($id) { @@ -148,7 +148,7 @@ class Users_Controller extends Controller { access::forbidden(); } - print $this->_get_change_password_form($user); + print json_encode(array("form" => (string) $this->_get_change_password_form($user))); } public function form_change_email($id) { @@ -157,7 +157,7 @@ class Users_Controller extends Controller { access::forbidden(); } - print $this->_get_change_email_form($user); + print json_encode(array("form" => (string) $this->_get_change_email_form($user))); } private function _get_change_password_form($user) { diff --git a/modules/watermark/controllers/admin_watermarks.php b/modules/watermark/controllers/admin_watermarks.php index 18b463ca..8b217b4a 100644 --- a/modules/watermark/controllers/admin_watermarks.php +++ b/modules/watermark/controllers/admin_watermarks.php @@ -35,7 +35,7 @@ class Admin_Watermarks_Controller extends Admin_Controller { } public function form_edit() { - print watermark::get_edit_form(); + print json_encode(array("form" => (string) watermark::get_edit_form())); } public function edit() { @@ -58,7 +58,7 @@ class Admin_Watermarks_Controller extends Admin_Controller { } public function form_delete() { - print watermark::get_delete_form(); + print json_encode(array("form" => (string) watermark::get_delete_form())); } public function delete() { @@ -88,7 +88,7 @@ class Admin_Watermarks_Controller extends Admin_Controller { } public function form_add() { - print watermark::get_add_form(); + print json_encode(array("form" => (string) watermark::get_add_form())); } public function add() { -- cgit v1.2.3 From f9137c756e325a629dbe3e28ca351871c12477c5 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Tue, 27 Jul 2010 10:53:31 -0700 Subject: Updated --- modules/gallery/tests/controller_auth_data.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'modules/gallery/tests') diff --git a/modules/gallery/tests/controller_auth_data.txt b/modules/gallery/tests/controller_auth_data.txt index f7ceed90..3c9b3afc 100644 --- a/modules/gallery/tests/controller_auth_data.txt +++ b/modules/gallery/tests/controller_auth_data.txt @@ -9,8 +9,6 @@ modules/gallery/controllers/albums.php show modules/gallery/controllers/combined.php javascript DIRTY_AUTH modules/gallery/controllers/combined.php css DIRTY_AUTH modules/gallery/controllers/file_proxy.php __call DIRTY_CSRF|DIRTY_AUTH -modules/gallery/controllers/flash_uploader.php start DIRTY_AUTH -modules/gallery/controllers/flash_uploader.php finish DIRTY_AUTH modules/gallery/controllers/login.php ajax DIRTY_AUTH modules/gallery/controllers/login.php auth_ajax DIRTY_AUTH modules/gallery/controllers/login.php html DIRTY_AUTH @@ -19,6 +17,8 @@ modules/gallery/controllers/logout.php index modules/gallery/controllers/maintenance.php index DIRTY_AUTH modules/gallery/controllers/quick.php form_edit DIRTY_CSRF modules/gallery/controllers/upgrader.php index DIRTY_AUTH +modules/gallery/controllers/uploader.php start DIRTY_AUTH +modules/gallery/controllers/uploader.php finish DIRTY_AUTH modules/gallery/controllers/user_profile.php show DIRTY_AUTH modules/gallery/controllers/user_profile.php contact DIRTY_AUTH modules/gallery/controllers/user_profile.php send DIRTY_AUTH -- cgit v1.2.3 From bf1e1d3d1f523ff789b137e115b95e69cf6c5b13 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Tue, 27 Jul 2010 11:19:48 -0700 Subject: Verified --- modules/gallery/tests/xss_data.txt | 28 +++++++++++++++------------- 1 file changed, 15 insertions(+), 13 deletions(-) (limited to 'modules/gallery/tests') diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt index 475f75c1..02483865 100644 --- a/modules/gallery/tests/xss_data.txt +++ b/modules/gallery/tests/xss_data.txt @@ -76,7 +76,7 @@ modules/gallery/views/admin_languages.html.php 61 DIRTY_ATTR ($de modules/gallery/views/admin_languages.html.php 62 DIRTY form::checkbox("installed_locales[]",$code,isset($installed_locales[$code])) modules/gallery/views/admin_languages.html.php 63 DIRTY $display_name modules/gallery/views/admin_languages.html.php 65 DIRTY form::radio("default_locale",$code,($default_locale==$code),((isset($installed_locales[$code]))?'':'disabled="disabled"')) -modules/gallery/views/admin_languages.html.php 110 DIRTY $share_translations_form +modules/gallery/views/admin_languages.html.php 113 DIRTY $share_translations_form modules/gallery/views/admin_maintenance.html.php 24 DIRTY_ATTR text::alternate("g-odd","g-even") modules/gallery/views/admin_maintenance.html.php 24 DIRTY_ATTR log::severity_class($task->severity) modules/gallery/views/admin_maintenance.html.php 25 DIRTY_ATTR log::severity_class($task->severity) @@ -167,7 +167,7 @@ modules/gallery/views/error_admin.html.php 251 DIRTY_ATTR $env modules/gallery/views/error_admin.html.php 257 DIRTY $key modules/gallery/views/error_admin.html.php 261 DIRTY Kohana_Exception::safe_dump($value,$key) modules/gallery/views/form_uploadify.html.php 9 DIRTY_JS url::file("lib/uploadify/uploadify.swf") -modules/gallery/views/form_uploadify.html.php 10 DIRTY_JS url::site("flash_uploader/add_photo/{$album->id}") +modules/gallery/views/form_uploadify.html.php 10 DIRTY_JS url::site("uploader/add_photo/{$album->id}") modules/gallery/views/form_uploadify.html.php 14 DIRTY_JS url::file("lib/uploadify/cancel.png") modules/gallery/views/form_uploadify.html.php 15 DIRTY_JS $simultaneous_upload_limit modules/gallery/views/in_place_edit.html.php 2 DIRTY form::open($action,array("method"=>"post","id"=>"g-in-place-edit-form","class"=>"g-short-form")) @@ -206,9 +206,9 @@ modules/gallery/views/menu_dialog.html.php 5 DIRTY_JS $menu- modules/gallery/views/menu_link.html.php 3 DIRTY $menu->css_id?"id='{$menu->css_id}'":"" modules/gallery/views/menu_link.html.php 4 DIRTY_ATTR $menu->css_class modules/gallery/views/menu_link.html.php 5 DIRTY_JS $menu->url -modules/gallery/views/move_browse.html.php 4 DIRTY_JS url::site("move/show_sub_tree/{$source->id}/__TARGETID__") -modules/gallery/views/move_browse.html.php 39 DIRTY $tree -modules/gallery/views/move_browse.html.php 43 DIRTY access::csrf_form_field() +modules/gallery/views/move_browse.html.php 5 DIRTY_JS url::site("move/show_sub_tree/{$source->id}/__TARGETID__") +modules/gallery/views/move_browse.html.php 40 DIRTY $tree +modules/gallery/views/move_browse.html.php 44 DIRTY access::csrf_form_field() modules/gallery/views/move_tree.html.php 2 DIRTY $parent->thumb_img(array(),25); modules/gallery/views/move_tree.html.php 4 DIRTY_JS $parent->id modules/gallery/views/move_tree.html.php 6 DIRTY_JS $parent->id @@ -255,14 +255,14 @@ modules/gallery/views/permissions_form.html.php 80 DIRTY_JS $permi modules/gallery/views/permissions_form.html.php 80 DIRTY_JS $item->id modules/gallery/views/quick_delete_confirm.html.php 11 DIRTY $form modules/gallery/views/reauthenticate.html.php 9 DIRTY $form -modules/gallery/views/upgrader.html.php 57 DIRTY_ATTR $done?"muted":"" -modules/gallery/views/upgrader.html.php 61 DIRTY_ATTR $done?"muted":"" -modules/gallery/views/upgrader.html.php 69 DIRTY_ATTR $module->version==$module->code_version?"current":"upgradeable" -modules/gallery/views/upgrader.html.php 70 DIRTY_ATTR $id -modules/gallery/views/upgrader.html.php 74 DIRTY $module->version -modules/gallery/views/upgrader.html.php 77 DIRTY $module->code_version -modules/gallery/views/upgrader.html.php 99 DIRTY_ATTR $done?"muted":"" -modules/gallery/views/upgrader.html.php 102 DIRTY_ATTR $done?"muted":"" +modules/gallery/views/upgrader.html.php 59 DIRTY_ATTR $done?"muted":"" +modules/gallery/views/upgrader.html.php 63 DIRTY_ATTR $done?"muted":"" +modules/gallery/views/upgrader.html.php 71 DIRTY_ATTR $module->version==$module->code_version?"current":"upgradeable" +modules/gallery/views/upgrader.html.php 72 DIRTY_ATTR $id +modules/gallery/views/upgrader.html.php 76 DIRTY $module->version +modules/gallery/views/upgrader.html.php 79 DIRTY $module->code_version +modules/gallery/views/upgrader.html.php 101 DIRTY_ATTR $done?"muted":"" +modules/gallery/views/upgrader.html.php 104 DIRTY_ATTR $done?"muted":"" modules/gallery/views/user_languages_block.html.php 2 DIRTY form::dropdown("g-select-session-locale",$installed_locales,$selected) modules/gallery/views/user_profile.html.php 34 DIRTY_ATTR $user->avatar_url(40,$theme->url(,true)) modules/gallery/views/user_profile.html.php 43 DIRTY $info->view @@ -289,7 +289,9 @@ modules/organize/views/organize_dialog.html.php 95 DIRTY_JS $sort_ modules/organize/views/organize_dialog.html.php 96 DIRTY_JS $album->id modules/organize/views/organize_dialog.html.php 97 DIRTY_JS $rest_uri modules/organize/views/organize_dialog.html.php 98 DIRTY_JS $controller_uri +modules/organize/views/organize_dialog.html.php 104 DIRTY_JS $flash_minimum_version="10.0.0" modules/organize/views/organize_dialog.html.php 122 DIRTY_JS $swf_uri +modules/organize/views/organize_dialog.html.php 136 DIRTY_ATTR request::protocol() modules/recaptcha/views/admin_recaptcha.html.php 11 DIRTY $form modules/recaptcha/views/admin_recaptcha.html.php 23 DIRTY_JS $public_key modules/recaptcha/views/form_recaptcha.html.php 7 DIRTY_JS $public_key -- cgit v1.2.3