From d4104a23ec504e451e7a96f9798ea4ed695e9d97 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Wed, 22 Jul 2009 15:16:56 -0700 Subject: Add explicit unit tests for access::user_can --- modules/gallery/tests/Access_Helper_Test.php | 37 ++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) (limited to 'modules/gallery/tests') diff --git a/modules/gallery/tests/Access_Helper_Test.php b/modules/gallery/tests/Access_Helper_Test.php index 1352b493..59cec453 100644 --- a/modules/gallery/tests/Access_Helper_Test.php +++ b/modules/gallery/tests/Access_Helper_Test.php @@ -64,6 +64,43 @@ class Access_Helper_Test extends Unit_Test_Case { $this->assert_false(array_key_exists("access_test_{$group->id}", $fields)); } + public function user_can_access_test() { + $access_test = group::create("access_test"); + + $root = ORM::factory("item", 1); + access::allow($access_test, "view", $root); + + $item = album::create($root, rand(), "test album"); + + access::deny(group::everybody(), "view", $item); + access::deny(group::registered_users(), "view", $item); + + $user = user::create("access_test", "Access Test", ""); + foreach ($user->groups as $group) { + $user->remove($group); + } + $user->add($access_test); + $user->save(); + + $this->assert_true(access::user_can($user, "view", $item), "Should be able to view"); + } + + public function user_can_no_access_test() { + $root = ORM::factory("item", 1); + $item = album::create($root, rand(), "test album"); + + access::deny(group::everybody(), "view", $item); + access::deny(group::registered_users(), "view", $item); + + $user = user::create("access_test", "Access Test", ""); + foreach ($user->groups as $group) { + $user->remove($group); + } + $user->save(); + + $this->assert_false(access::user_can($user, "view", $item), "Should be unable to view"); + } + public function adding_and_removing_items_adds_ands_removes_rows_test() { $root = ORM::factory("item", 1); $item = album::create($root, rand(), "test album"); -- cgit v1.2.3 From 0e9b80d2efb942167fef269441e65722abac5f54 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Thu, 23 Jul 2009 16:20:40 -0700 Subject: Updated golden file --- modules/gallery/tests/xss_data.txt | 86 +++++++++++++++++++------------------- 1 file changed, 42 insertions(+), 44 deletions(-) (limited to 'modules/gallery/tests') diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt index ce2fa2a5..5a05d4ef 100644 --- a/modules/gallery/tests/xss_data.txt +++ b/modules/gallery/tests/xss_data.txt @@ -2,7 +2,7 @@ modules/akismet/views/admin_akismet.html.php 14 DIRTY $form modules/akismet/views/admin_akismet_stats.html.php 9 DIRTY $api_key modules/akismet/views/admin_akismet_stats.html.php 9 DIRTY $blog_url modules/comment/views/admin_block_recent_comments.html.php 4 DIRTY $i -modules/comment/views/admin_block_recent_comments.html.php 5 DIRTY $comment->author()->avatar_url(32, $theme->theme_url("images/avatar.jpg", true)) +modules/comment/views/admin_block_recent_comments.html.php 5 DIRTY $comment->author()->avatar_url(32, $theme->url("images/avatar.jpg", true)) modules/comment/views/admin_block_recent_comments.html.php 7 $comment->author_name() modules/comment/views/admin_block_recent_comments.html.php 10 DIRTY $comment->created modules/comment/views/admin_block_recent_comments.html.php 12 $comment->author_name() @@ -15,7 +15,7 @@ modules/comment/views/admin_comments.html.php 72 DIRTY $counts-> modules/comment/views/admin_comments.html.php 75 DIRTY $csrf modules/comment/views/admin_comments.html.php 106 DIRTY $comment->id modules/comment/views/admin_comments.html.php 106 DIRTY $i -modules/comment/views/admin_comments.html.php 109 DIRTY $comment->author()->avatar_url(40, $theme->theme_url("images/avatar.jpg", true)) +modules/comment/views/admin_comments.html.php 109 DIRTY $comment->author()->avatar_url(40, $theme->url("images/avatar.jpg", true)) modules/comment/views/admin_comments.html.php 111 $comment->author_name() modules/comment/views/admin_comments.html.php 115 $comment->author_email() modules/comment/views/admin_comments.html.php 116 $comment->author_email() @@ -35,7 +35,7 @@ modules/comment/views/admin_comments.html.php 175 DIRTY $comment- modules/comment/views/admin_comments.html.php 183 DIRTY $comment->id modules/comment/views/admin_comments.html.php 196 DIRTY $pager modules/comment/views/comment.html.php 2 DIRTY $comment->id -modules/comment/views/comment.html.php 5 DIRTY $comment->author()->avatar_url(40, $theme->theme_url("images/avatar.jpg", true)) +modules/comment/views/comment.html.php 5 DIRTY $comment->author()->avatar_url(40, $theme->url("images/avatar.jpg", true)) modules/comment/views/comment.html.php 7 $comment->author_name() modules/comment/views/comment.html.php 12 DIRTY $comment->created modules/comment/views/comment.html.php 13 $comment->author_name() @@ -58,7 +58,7 @@ modules/comment/views/comment.mrss.php 34 DIRTY $child->t modules/comment/views/comment.mrss.php 35 DIRTY $child->thumb_height modules/comment/views/comment.mrss.php 35 DIRTY $child->thumb_width modules/comment/views/comments.html.php 10 DIRTY $comment->id -modules/comment/views/comments.html.php 13 DIRTY $comment->author()->avatar_url(40, $theme->theme_url("images/avatar.jpg", true)) +modules/comment/views/comments.html.php 13 DIRTY $comment->author()->avatar_url(40, $theme->url("images/avatar.jpg", true)) modules/comment/views/comments.html.php 15 $comment->author_name() modules/comment/views/comments.html.php 20 DIRTY $comment->created modules/comment/views/comments.html.php 21 $comment->author_name() @@ -108,7 +108,7 @@ modules/gallery/views/admin_block_photo_stream.html.php 6 DIRTY $photo->w modules/gallery/views/admin_block_photo_stream.html.php 6 DIRTY $photo->height modules/gallery/views/admin_block_photo_stream.html.php 7 DIRTY $photo->thumb_url() modules/gallery/views/admin_block_photo_stream.html.php 7 $photo->title -modules/gallery/views/admin_block_platform.html.php 16 DIRTY $load_average +modules/gallery/views/admin_block_platform.html.php 19 DIRTY $load_average modules/gallery/views/admin_block_stats.html.php 7 DIRTY $album_count modules/gallery/views/admin_block_stats.html.php 10 DIRTY $photo_count modules/gallery/views/admin_dashboard.html.php 5 DIRTY $csrf @@ -303,8 +303,8 @@ modules/info/views/info_block.html.php 10 $item->de modules/info/views/info_block.html.php 16 $item->name modules/info/views/info_block.html.php 22 DIRTY $item->captured modules/info/views/info_block.html.php 29 DIRTY $item->owner->url -modules/info/views/info_block.html.php 29 $item->owner->full_name -modules/info/views/info_block.html.php 31 $item->owner->name +modules/info/views/info_block.html.php 29 $item->owner->display_name() +modules/info/views/info_block.html.php 31 $item->owner->display_name() modules/notification/views/comment_published.html.php 4 $subject modules/notification/views/comment_published.html.php 7 $subject modules/notification/views/comment_published.html.php 11 $comment->text @@ -454,7 +454,7 @@ modules/user/views/admin_users.html.php 36 DIRTY $csrf modules/user/views/admin_users.html.php 67 DIRTY $user->id modules/user/views/admin_users.html.php 67 DIRTY $user->admin modules/user/views/admin_users.html.php 68 DIRTY $user->id -modules/user/views/admin_users.html.php 69 DIRTY $user->avatar_url(20, $theme->theme_url("images/avatar.jpg", true)) +modules/user/views/admin_users.html.php 69 DIRTY $user->avatar_url(20, $theme->url("images/avatar.jpg", true)) modules/user/views/admin_users.html.php 71 $user->name modules/user/views/admin_users.html.php 74 $user->name modules/user/views/admin_users.html.php 77 $user->full_name @@ -475,9 +475,7 @@ modules/user/views/admin_users_group.html.php 22 DIRTY $group->i modules/user/views/admin_users_group.html.php 25 $user->name modules/user/views/admin_users_group.html.php 25 $group->name modules/user/views/login.html.php 12 DIRTY $user->id -modules/user/views/login.html.php 15 $user->full_name -modules/user/views/login.html.php 15 $user->name -modules/user/views/login.html.php 15 $user->full_name +modules/user/views/login.html.php 15 $user->display_name() modules/user/views/login.html.php 18 DIRTY $csrf modules/user/views/login_ajax.html.php 37 DIRTY $form modules/user/views/reset_password.html.php 9 $user->full_name @@ -488,20 +486,20 @@ modules/watermark/views/admin_watermarks.html.php 19 DIRTY $width modules/watermark/views/admin_watermarks.html.php 19 DIRTY $height modules/watermark/views/admin_watermarks.html.php 19 DIRTY $url modules/watermark/views/admin_watermarks.html.php 21 DIRTY $position -themes/admin_default/views/admin.html.php 10 DIRTY $theme->css("lib/yui/reset-fonts-grids.css") -themes/admin_default/views/admin.html.php 11 DIRTY $theme->css("lib/themeroller/ui.base.css") -themes/admin_default/views/admin.html.php 12 DIRTY $theme->css("lib/superfish/css/superfish.css") -themes/admin_default/views/admin.html.php 13 DIRTY $theme->css("themes/default/css/screen.css") -themes/admin_default/views/admin.html.php 14 DIRTY $theme->theme_css("css/screen.css") -themes/admin_default/views/admin.html.php 16 DIRTY $theme->theme_url("css/fix-ie.css") -themes/admin_default/views/admin.html.php 20 DIRTY $theme->script("lib/jquery.js") -themes/admin_default/views/admin.html.php 21 DIRTY $theme->script("lib/jquery.form.js") -themes/admin_default/views/admin.html.php 22 DIRTY $theme->script("lib/jquery-ui.js") -themes/admin_default/views/admin.html.php 23 DIRTY $theme->script("lib/gallery.common.js") -themes/admin_default/views/admin.html.php 28 DIRTY $theme->script("lib/gallery.dialog.js") -themes/admin_default/views/admin.html.php 29 DIRTY $theme->script("lib/superfish/js/superfish.js") -themes/admin_default/views/admin.html.php 30 DIRTY $theme->theme_script("js/jquery.dropshadow.js") -themes/admin_default/views/admin.html.php 31 DIRTY $theme->theme_script("js/ui.init.js") +themes/admin_default/views/admin.html.php 10 DIRTY $theme->css("yui/reset-fonts-grids.css") +themes/admin_default/views/admin.html.php 11 DIRTY $theme->css("themeroller/ui.base.css") +themes/admin_default/views/admin.html.php 12 DIRTY $theme->css("superfish/css/superfish.css") +themes/admin_default/views/admin.html.php 13 DIRTY $theme->css("screen.css") +themes/admin_default/views/admin.html.php 14 DIRTY $theme->css("admin_screen.css") +themes/admin_default/views/admin.html.php 16 DIRTY $theme->url("fix-ie.css") +themes/admin_default/views/admin.html.php 20 DIRTY $theme->script("jquery.js") +themes/admin_default/views/admin.html.php 21 DIRTY $theme->script("jquery.form.js") +themes/admin_default/views/admin.html.php 22 DIRTY $theme->script("jquery-ui.js") +themes/admin_default/views/admin.html.php 23 DIRTY $theme->script("gallery.common.js") +themes/admin_default/views/admin.html.php 28 DIRTY $theme->script("gallery.dialog.js") +themes/admin_default/views/admin.html.php 29 DIRTY $theme->script("superfish/js/superfish.js") +themes/admin_default/views/admin.html.php 30 DIRTY $theme->script("jquery.dropshadow.js") +themes/admin_default/views/admin.html.php 31 DIRTY $theme->script("ui.init.js") themes/admin_default/views/admin.html.php 33 DIRTY $theme->admin_head() themes/admin_default/views/admin.html.php 36 DIRTY $theme->body_attributes() themes/admin_default/views/admin.html.php 37 DIRTY $theme->admin_page_top() @@ -569,7 +567,7 @@ themes/default/views/footer.html.php 4 DIRTY $footer_t themes/default/views/footer.html.php 9 DIRTY $theme->credits() themes/default/views/header.html.php 2 DIRTY $theme->header_top() themes/default/views/header.html.php 4 DIRTY $header_text -themes/default/views/header.html.php 7 DIRTY $theme->theme_url("images/logo.png") +themes/default/views/header.html.php 7 DIRTY $theme->url("images/logo.png") themes/default/views/header.html.php 12 DIRTY $theme->site_menu() themes/default/views/header.html.php 15 DIRTY $theme->header_bottom() themes/default/views/header.html.php 21 DIRTY $parent->id @@ -590,27 +588,27 @@ themes/default/views/page.html.php 13 $theme->i themes/default/views/page.html.php 15 $theme->item()->title themes/default/views/page.html.php 17 $theme->item()->title themes/default/views/page.html.php 20 $theme->tag()->name -themes/default/views/page.html.php 26 DIRTY $theme->theme_url("images/favicon.ico") -themes/default/views/page.html.php 27 DIRTY $theme->css("lib/yui/reset-fonts-grids.css") -themes/default/views/page.html.php 28 DIRTY $theme->css("lib/superfish/css/superfish.css") -themes/default/views/page.html.php 29 DIRTY $theme->css("lib/themeroller/ui.base.css") -themes/default/views/page.html.php 30 DIRTY $theme->theme_css("css/screen.css") -themes/default/views/page.html.php 32 DIRTY $theme->theme_url("css/fix-ie.css") +themes/default/views/page.html.php 26 DIRTY $theme->url("images/favicon.ico") +themes/default/views/page.html.php 27 DIRTY $theme->css("yui/reset-fonts-grids.css") +themes/default/views/page.html.php 28 DIRTY $theme->css("superfish/css/superfish.css") +themes/default/views/page.html.php 29 DIRTY $theme->css("themeroller/ui.base.css") +themes/default/views/page.html.php 30 DIRTY $theme->css("screen.css") +themes/default/views/page.html.php 32 DIRTY $theme->url("css/fix-ie.css") themes/default/views/page.html.php 41 DIRTY $new_width themes/default/views/page.html.php 42 DIRTY $new_height themes/default/views/page.html.php 43 DIRTY $thumb_proportion -themes/default/views/page.html.php 48 DIRTY $theme->script("lib/jquery.js") -themes/default/views/page.html.php 49 DIRTY $theme->script("lib/jquery.form.js") -themes/default/views/page.html.php 50 DIRTY $theme->script("lib/jquery-ui.js") -themes/default/views/page.html.php 51 DIRTY $theme->script("lib/gallery.common.js") -themes/default/views/page.html.php 56 DIRTY $theme->script("lib/gallery.dialog.js") -themes/default/views/page.html.php 57 DIRTY $theme->script("lib/gallery.form.js") -themes/default/views/page.html.php 58 DIRTY $theme->script("lib/superfish/js/superfish.js") -themes/default/views/page.html.php 59 DIRTY $theme->script("lib/jquery.localscroll.js") -themes/default/views/page.html.php 60 DIRTY $theme->theme_script("js/ui.init.js") -themes/default/views/page.html.php 64 DIRTY $theme->script("lib/jquery.scrollTo.js") -themes/default/views/page.html.php 65 DIRTY $theme->script("lib/gallery.show_full_size.js") -themes/default/views/page.html.php 67 DIRTY $theme->script("lib/flowplayer.js") +themes/default/views/page.html.php 48 DIRTY $theme->script("jquery.js") +themes/default/views/page.html.php 49 DIRTY $theme->script("jquery.form.js") +themes/default/views/page.html.php 50 DIRTY $theme->script("jquery-ui.js") +themes/default/views/page.html.php 51 DIRTY $theme->script("gallery.common.js") +themes/default/views/page.html.php 56 DIRTY $theme->script("gallery.dialog.js") +themes/default/views/page.html.php 57 DIRTY $theme->script("gallery.form.js") +themes/default/views/page.html.php 58 DIRTY $theme->script("superfish/js/superfish.js") +themes/default/views/page.html.php 59 DIRTY $theme->script("jquery.localscroll.js") +themes/default/views/page.html.php 60 DIRTY $theme->script("ui.init.js") +themes/default/views/page.html.php 64 DIRTY $theme->script("jquery.scrollTo.js") +themes/default/views/page.html.php 65 DIRTY $theme->script("gallery.show_full_size.js") +themes/default/views/page.html.php 67 DIRTY $theme->script("flowplayer.js") themes/default/views/page.html.php 70 DIRTY $theme->head() themes/default/views/page.html.php 73 DIRTY $theme->body_attributes() themes/default/views/page.html.php 74 DIRTY $theme->page_top() -- cgit v1.2.3 From fa1d32e6466d8c6ffe77d163e2da9c71688a3c61 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Fri, 24 Jul 2009 11:24:43 -0700 Subject: Partial implementation of ticket #80. Provide auto complete and suggestions on the tag add form in the tag sidebar block. Updated the xss golden file as well. Still to do figure out how toget it into the edit popup dialog --- modules/gallery/tests/xss_data.txt | 4 ++-- modules/tag/controllers/tags.php | 17 +++++++++++++++++ modules/tag/helpers/tag.php | 2 +- modules/tag/helpers/tag_theme.php | 2 ++ modules/tag/js/tag.js | 15 +++++++++++++++ modules/tag/views/tag_block.html.php | 10 ++++++++++ 6 files changed, 47 insertions(+), 3 deletions(-) (limited to 'modules/gallery/tests') diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt index 5a05d4ef..981bf31e 100644 --- a/modules/gallery/tests/xss_data.txt +++ b/modules/gallery/tests/xss_data.txt @@ -442,8 +442,8 @@ modules/tag/views/admin_tags.html.php 50 DIRTY $tag->id modules/tag/views/admin_tags.html.php 50 $tag->name modules/tag/views/admin_tags.html.php 51 DIRTY $tag->count modules/tag/views/admin_tags.html.php 52 DIRTY $tag->id -modules/tag/views/tag_block.html.php 3 DIRTY $cloud -modules/tag/views/tag_block.html.php 5 DIRTY $form +modules/tag/views/tag_block.html.php 13 DIRTY $cloud +modules/tag/views/tag_block.html.php 15 DIRTY $form modules/tag/views/tag_cloud.html.php 4 DIRTY $tag->count modules/tag/views/tag_cloud.html.php 4 DIRTY $max_count modules/tag/views/tag_cloud.html.php 5 DIRTY $tag->count diff --git a/modules/tag/controllers/tags.php b/modules/tag/controllers/tags.php index 5dd07935..a600ea1a 100644 --- a/modules/tag/controllers/tags.php +++ b/modules/tag/controllers/tags.php @@ -78,4 +78,21 @@ class Tags_Controller extends REST_Controller { return tag::get_add_form($item); } + + public function autocomplete() { + $tags = array(); + $tag_parts = preg_split("#[,\s;]+# ", $this->input->get("q")); + $limit = $this->input->get("limit"); + $tag_part = end($tag_parts); + $tag_list = ORM::factory("tag") + ->like("name", "{$tag_part}%", false) + ->orderby("name", "ASC") + ->limit($limit) + ->find_all(); + foreach ($tag_list as $tag) { + $tags[] = $tag->name; + } + + print implode("\n", $tags); + } } diff --git a/modules/tag/helpers/tag.php b/modules/tag/helpers/tag.php index 5efa6a19..be5461a4 100644 --- a/modules/tag/helpers/tag.php +++ b/modules/tag/helpers/tag.php @@ -104,7 +104,7 @@ class tag_Core { ($item->is_photo() ? t("Add tag to photo") : t("Add tag to movie")); $group = $form->group("add_tag")->label("Add Tag"); - $group->input("name")->label($label)->rules("required|length[1,64]"); + $group->input("name")->label($label)->rules("required"); $group->hidden("item_id")->value($item->id); $group->submit("")->value(t("Add Tag")); return $form; diff --git a/modules/tag/helpers/tag_theme.php b/modules/tag/helpers/tag_theme.php index d46a91e9..1bce9bd8 100644 --- a/modules/tag/helpers/tag_theme.php +++ b/modules/tag/helpers/tag_theme.php @@ -19,6 +19,8 @@ */ class tag_theme_Core { static function head($theme) { + $theme->css("jquery.autocomplete.css"); + $theme->script("jquery.autocomplete.js"); $theme->script("tag.js"); } diff --git a/modules/tag/js/tag.js b/modules/tag/js/tag.js index a5aaa3f8..282da1ea 100644 --- a/modules/tag/js/tag.js +++ b/modules/tag/js/tag.js @@ -66,3 +66,18 @@ function editInPlace(element) { }; ajaxify_editInPlaceForm(); } + +function formatTagAutoCompleteResult(row) { + var text = $("#gAddTagForm input:text").val(); + if (/[\s,;]/.test(text)) { + for (var i= text.length - 1; i >= 0; i--) { + var chr = text.charAt(i); + if (chr == " " || chr == "," || chr == ";") { + break; + } + } + return text.substr(0, i + 1) + row[0]; + } else { + return row[0]; + } +} diff --git a/modules/tag/views/tag_block.html.php b/modules/tag/views/tag_block.html.php index 12c90857..233eb361 100644 --- a/modules/tag/views/tag_block.html.php +++ b/modules/tag/views/tag_block.html.php @@ -1,4 +1,14 @@ +
">
-- cgit v1.2.3 From 078c77a62b623322956457bfd7bfbdaf56203b00 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Fri, 24 Jul 2009 14:18:15 -0700 Subject: Add tag autocomplete to the album and photo edit pop up dialogs. This required putting a wrapper view around the forms and passing this view as the parameter to the item_edit_form event. The view contains a $script variable that the modules can add script to be included in the form html when rendered as part of the ajax response. --- modules/gallery/controllers/albums.php | 5 +++-- modules/gallery/controllers/movies.php | 5 +++-- modules/gallery/controllers/photos.php | 5 +++-- modules/gallery/helpers/album.php | 14 ++++++++------ modules/gallery/helpers/photo.php | 14 ++++++++------ modules/gallery/tests/xss_data.txt | 2 ++ modules/gallery/views/item_edit.html.php | 9 +++++++++ modules/tag/helpers/tag_event.php | 10 ++++++++-- modules/tag/js/tag.js | 2 +- 9 files changed, 45 insertions(+), 21 deletions(-) create mode 100644 modules/gallery/views/item_edit.html.php (limited to 'modules/gallery/tests') diff --git a/modules/gallery/controllers/albums.php b/modules/gallery/controllers/albums.php index 56b74cb1..4fefd3a1 100644 --- a/modules/gallery/controllers/albums.php +++ b/modules/gallery/controllers/albums.php @@ -166,7 +166,8 @@ class Albums_Controller extends Items_Controller { access::required("view", $album); access::required("edit", $album); - $form = album::get_edit_form($album); + $view = album::get_edit_form($album); + $form = $view->form; if ($valid = $form->validate()) { // Make sure that there's not a conflict if ($album->id != 1 && @@ -202,7 +203,7 @@ class Albums_Controller extends Items_Controller { } else { print json_encode( array("result" => "error", - "form" => $form->__toString())); + "form" => $view->__toString())); } } diff --git a/modules/gallery/controllers/movies.php b/modules/gallery/controllers/movies.php index c8227d74..1391c4b4 100644 --- a/modules/gallery/controllers/movies.php +++ b/modules/gallery/controllers/movies.php @@ -70,7 +70,8 @@ class Movies_Controller extends Items_Controller { access::required("view", $photo); access::required("edit", $photo); - $form = photo::get_edit_form($photo); + $view = photo::get_edit_form($photo); + $form = $view->form; if ($valid = $form->validate()) { // Make sure that there's not a conflict if (Database::instance() @@ -101,7 +102,7 @@ class Movies_Controller extends Items_Controller { } else { print json_encode( array("result" => "error", - "form" => $form->__toString())); + "form" => $view->__toString())); } } diff --git a/modules/gallery/controllers/photos.php b/modules/gallery/controllers/photos.php index 8ee24da8..9d9b25a1 100644 --- a/modules/gallery/controllers/photos.php +++ b/modules/gallery/controllers/photos.php @@ -61,7 +61,8 @@ class Photos_Controller extends Items_Controller { access::required("view", $photo); access::required("edit", $photo); - $form = photo::get_edit_form($photo); + $view = photo::get_edit_form($photo); + $form = $view->form; if ($valid = $form->validate()) { if ($form->edit_item->filename->value != $photo->name) { // Make sure that there's not a conflict @@ -94,7 +95,7 @@ class Photos_Controller extends Items_Controller { } else { print json_encode( array("result" => "error", - "form" => $form->__toString())); + "form" => $view->__toString())); } } diff --git a/modules/gallery/helpers/album.php b/modules/gallery/helpers/album.php index 5f10bd02..0263e0e1 100644 --- a/modules/gallery/helpers/album.php +++ b/modules/gallery/helpers/album.php @@ -94,9 +94,11 @@ class album_Core { } static function get_edit_form($parent) { - $form = new Forge("albums/{$parent->id}", "", "post", array("id" => "gEditAlbumForm")); - $form->hidden("_method")->value("put"); - $group = $form->group("edit_item")->label(t("Edit Album")); + $view = new View("item_edit.html"); + $view->script = array(); + $view->form = new Forge("albums/{$parent->id}", "", "post", array("id" => "gEditAlbumForm")); + $view->form->hidden("_method")->value("put"); + $group = $view->form->group("edit_item")->label(t("Edit Album")); $group->input("title")->label(t("Title"))->value($parent->title); $group->textarea("description")->label(t("Description"))->value($parent->description); @@ -127,11 +129,11 @@ class album_Core { "DESC" => t("Descending"))) ->selected($parent->sort_order); - module::event("item_edit_form", $parent, $form); + module::event("item_edit_form", $parent, $view); $group->hidden("type")->value("album"); $group->submit("")->value(t("Modify")); - $form->add_rules_from(ORM::factory("item")); - return $form; + $view->form->add_rules_from(ORM::factory("item")); + return $view; } } diff --git a/modules/gallery/helpers/photo.php b/modules/gallery/helpers/photo.php index 5cf37de1..299195e9 100644 --- a/modules/gallery/helpers/photo.php +++ b/modules/gallery/helpers/photo.php @@ -135,9 +135,11 @@ class photo_Core { } static function get_edit_form($photo) { - $form = new Forge("photos/$photo->id", "", "post", array("id" => "gEditPhotoForm")); - $form->hidden("_method")->value("put"); - $group = $form->group("edit_item")->label(t("Edit Photo")); + $view = new View("item_edit.html"); + $view->script = array(); + $view->form = new Forge("photos/$photo->id", "", "post", array("id" => "gEditPhotoForm")); + $view->form->hidden("_method")->value("put"); + $group = $view->form->group("edit_item")->label(t("Edit Photo")); $group->input("title")->label(t("Title"))->value($photo->title); $group->textarea("description")->label(t("Description"))->value($photo->description); $group->input("filename")->label(t("Filename"))->value($photo->name) @@ -147,11 +149,11 @@ class photo_Core { ->callback("item::validate_no_trailing_period") ->error_messages("no_trailing_period", t("The photo name can't end in \".\"")); - module::event("item_edit_form", $photo, $form); + module::event("item_edit_form", $photo, $view); $group->submit("")->value(t("Modify")); - $form->add_rules_from(ORM::factory("item")); - return $form; + $view->form->add_rules_from(ORM::factory("item")); + return $view; } /** diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt index 981bf31e..2940a8df 100644 --- a/modules/gallery/tests/xss_data.txt +++ b/modules/gallery/tests/xss_data.txt @@ -207,6 +207,8 @@ modules/gallery/views/admin_themes_preview.html.php 4 DIRTY $info->na modules/gallery/views/admin_themes_preview.html.php 7 DIRTY $url modules/gallery/views/after_install.html.php 11 $user->name modules/gallery/views/after_install.html.php 15 DIRTY $user->id +modules/gallery/views/item_edit.html.php 4 DIRTY $script +modules/gallery/views/item_edit.html.php 8 DIRTY $form modules/gallery/views/kohana_error_page.php 102 DIRTY $message modules/gallery/views/kohana_error_page.php 104 DIRTY $file modules/gallery/views/kohana_error_page.php 104 DIRTY $line diff --git a/modules/gallery/views/item_edit.html.php b/modules/gallery/views/item_edit.html.php new file mode 100644 index 00000000..9aa2fb64 --- /dev/null +++ b/modules/gallery/views/item_edit.html.php @@ -0,0 +1,9 @@ + + + + +
+ +
\ No newline at end of file diff --git a/modules/tag/helpers/tag_event.php b/modules/tag/helpers/tag_event.php index e1ab1b73..58034900 100644 --- a/modules/tag/helpers/tag_event.php +++ b/modules/tag/helpers/tag_event.php @@ -64,9 +64,15 @@ class tag_event_Core { tag::compact(); } - static function item_edit_form($item, $form) { + static function item_edit_form($item, $view) { + $url = url::site("tags/autocomplete"); + $view->script[] = "$('#gEditFormContainer form').ready(function() { + $('#gEditFormContainer form input[id=tags]').autocomplete( + '$url', {max: 30, formatResult: formatTagAutoCompleteResult} + ); + });"; $tag_value = implode("; ", tag::item_tags($item)); - $form->edit_item->input("tags")->label(t("Tags (separate by , or ;)")) + $view->form->edit_item->input("tags")->label(t("Tags (separate by , or ;)")) ->value($tag_value); } diff --git a/modules/tag/js/tag.js b/modules/tag/js/tag.js index 282da1ea..bbf44166 100644 --- a/modules/tag/js/tag.js +++ b/modules/tag/js/tag.js @@ -68,7 +68,7 @@ function editInPlace(element) { } function formatTagAutoCompleteResult(row) { - var text = $("#gAddTagForm input:text").val(); + var text = $(".ac_loading").val(); if (/[\s,;]/.test(text)) { for (var i= text.length - 1; i >= 0; i--) { var chr = text.charAt(i); -- cgit v1.2.3