From c01ac42c4604b3b129e8089e0dc683ebd418b380 Mon Sep 17 00:00:00 2001
From: Andy Staudacher <andy.st@gmail.com>
Date: Sat, 29 Aug 2009 12:48:40 -0700
Subject: Refactor all calls of p::clean() to SafeString::of() and p::purify()
 to SafeString::purify().

Removing any p::clean() calls for arguments to t() and t2() since their args are wrapped in a SafeString anyway.
---
 modules/gallery/views/admin_maintenance.html.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'modules/gallery/views/admin_maintenance.html.php')

diff --git a/modules/gallery/views/admin_maintenance.html.php b/modules/gallery/views/admin_maintenance.html.php
index 450eb754..a4db38ce 100644
--- a/modules/gallery/views/admin_maintenance.html.php
+++ b/modules/gallery/views/admin_maintenance.html.php
@@ -90,7 +90,7 @@
           <?= $task->status ?>
         </td>
         <td>
-          <?= p::clean($task->owner()->name) ?>
+          <?= SafeString::of($task->owner()->name) ?>
         </td>
         <td>
           <? if ($task->state == "stalled"): ?>
-- 
cgit v1.2.3


From 5db0b68a70434a16d8881a6e560a9526530a8a60 Mon Sep 17 00:00:00 2001
From: Chad Kieffer <ckieffer@gmail.com>
Date: Sat, 29 Aug 2009 14:01:04 -0600
Subject: Update status message styles. Lighten backgrounds, don't show
 background on Admin Maintenance rows, and added gModuleStatus class.

---
 modules/akismet/views/admin_akismet.html.php       |  2 +-
 modules/comment/views/admin_comments.html.php      |  2 +-
 modules/gallery/views/admin_graphics_gd.html.php   | 12 ++--
 .../views/admin_graphics_graphicsmagick.html.php   | 10 +--
 .../views/admin_graphics_imagemagick.html.php      | 10 +--
 modules/gallery/views/admin_graphics_none.html.php |  5 +-
 modules/gallery/views/admin_maintenance.html.php   | 16 +++--
 modules/gallery/views/admin_modules.html.php       |  2 +-
 themes/admin_default/css/admin_screen.css          |  9 ++-
 themes/admin_default/css/screen.css                | 80 ++++++++++------------
 themes/default/css/screen.css                      | 60 +++++-----------
 11 files changed, 92 insertions(+), 116 deletions(-)

(limited to 'modules/gallery/views/admin_maintenance.html.php')

diff --git a/modules/akismet/views/admin_akismet.html.php b/modules/akismet/views/admin_akismet.html.php
index 410902a5..009d8810 100644
--- a/modules/akismet/views/admin_akismet.html.php
+++ b/modules/akismet/views/admin_akismet.html.php
@@ -8,7 +8,7 @@
   </p>
 
   <? if ($valid_key): ?>
-  <div class="gSuccess">
+  <div class="gModuleStatus gSuccess">
     <?= t("Your API Key is valid.  Your comments will be filtered!") ?>
   </div>
   <? endif ?>
diff --git a/modules/comment/views/admin_comments.html.php b/modules/comment/views/admin_comments.html.php
index 9fe7164b..03511d91 100644
--- a/modules/comment/views/admin_comments.html.php
+++ b/modules/comment/views/admin_comments.html.php
@@ -103,7 +103,7 @@
       </th>
     </tr>
     <? foreach ($comments as $i => $comment): ?>
-    <tr id="gComment-<?= $comment->id ?>" class="<?= ($i % 2 == 0) ? "gEvenRow" : "gOddRow" ?>">
+    <tr id="gComment-<?= $comment->id ?>" class="<?= ($i % 2 == 0) ? "gOddRow" : "gEvenRow" ?>">
       <td>
         <a href="#">
           <img src="<?= $comment->author()->avatar_url(40, $theme->url("images/avatar.jpg", true)) ?>"
diff --git a/modules/gallery/views/admin_graphics_gd.html.php b/modules/gallery/views/admin_graphics_gd.html.php
index aa9ee67c..010a31b4 100644
--- a/modules/gallery/views/admin_graphics_gd.html.php
+++ b/modules/gallery/views/admin_graphics_gd.html.php
@@ -7,26 +7,24 @@
         array("url" => "http://www.boutell.com/gd")) ?>
   </p>
   <? if ($tk->installed && $tk->rotate): ?>
-  <p class="gSuccess">
+  <div class="gModuleStatus gInfo">
     <?= t("You have GD version %version.", array("version" => $tk->version)) ?>
-  </p>
+  </div>
   <p>
     <a class="gButtonLink ui-state-default ui-corner-all"><?= t("Activate GD") ?></a>
   </p>
   <? elseif ($tk->installed): ?>
-
   <? if ($tk->error): ?>
-  <p class="gWarning">
+  <p class="gModuleStatus gWarning">
     <?= $tk->error ?>
   </p>
   <? endif ?>
-
   <p>
     <a class="gButtonLink ui-state-default ui-corner-all"><?= t("Activate GD") ?></a>
   </p>
   <? else: ?>
-  <p class="gInfo">
+  <div class="gModuleStatus gInfo">
     <?= t("You do not have GD installed.") ?>
-  </p>
+  </div>
   <? endif ?>
 </div>
diff --git a/modules/gallery/views/admin_graphics_graphicsmagick.html.php b/modules/gallery/views/admin_graphics_graphicsmagick.html.php
index bf3ad339..97624850 100644
--- a/modules/gallery/views/admin_graphics_graphicsmagick.html.php
+++ b/modules/gallery/views/admin_graphics_graphicsmagick.html.php
@@ -1,21 +1,21 @@
 <?php defined("SYSPATH") or die("No direct script access.") ?>
 <div id="graphicsmagick" class="gBlock<?= $is_active ? " gSelected" : "" ?><?= $tk->installed ? "  gInstalledToolkit" : " gUnavailable" ?>">
-  <h3> <?= t("GraphicsMagick") ?> </h3>
   <img class="logo" width="107" height="76" src="<?= url::file("modules/gallery/images/graphicsmagick.png"); ?>" alt="<? t("Visit the GraphicsMagick project site") ?>" />
+  <h3> <?= t("GraphicsMagick") ?> </h3>
   <p>
     <?= t("GraphicsMagick is a standalone graphics program available on most Linux systems.  Please refer to the <a href=\"%url\">GraphicsMagick website</a> for more information.",
         array("url" => "http://www.graphicsmagick.org")) ?>
   </p>
   <? if ($tk->installed): ?>
-  <p class="gSuccess">
+  <div class="gModuleStatus gInfo">
     <?= t("GraphicsMagick version %version is available in %dir", array("version" => $tk->version, "dir" => $tk->dir)) ?>
-  </p>
+  </div>
   <p>
     <a class="gButtonLink ui-state-default ui-corner-all"><?= t("Activate Graphics Magic") ?></a>
   </p>
   <? else: ?>
-  <p class="gWarning">
+  <div class="gModuleStatus gWarning">
     <?= $tk->error ?>
-  </p>
+  </div>
   <? endif ?>
 </div>
diff --git a/modules/gallery/views/admin_graphics_imagemagick.html.php b/modules/gallery/views/admin_graphics_imagemagick.html.php
index b8f7ffb8..cdff7c2c 100644
--- a/modules/gallery/views/admin_graphics_imagemagick.html.php
+++ b/modules/gallery/views/admin_graphics_imagemagick.html.php
@@ -1,21 +1,21 @@
 <?php defined("SYSPATH") or die("No direct script access.") ?>
 <div id="imagemagick" class="gBlock<?= $is_active ? " gSelected" : "" ?><?= $tk->installed ? "  gInstalledToolkit" : " gUnavailable" ?>">
-  <h3> <?= t("ImageMagick") ?> </h3>
   <img class="logo" width="114" height="118" src="<?= url::file("modules/gallery/images/imagemagick.jpg"); ?>" alt="<? t("Visit the ImageMagick project site") ?>" />
+  <h3> <?= t("ImageMagick") ?> </h3>
   <p>
     <?= t("ImageMagick is a standalone graphics program available on most Linux systems.  Please refer to the <a href=\"%url\">ImageMagick website</a> for more information.",
         array("url" => "http://www.imagemagick.org")) ?>
   </p>
   <? if ($tk->installed): ?>
-  <p class="gSuccess">
+  <div class="gModuleStatus gInfo">
     <?= t("ImageMagick version %version is available in %dir", array("version" => $tk->version, "dir" => $tk->dir)) ?>
-  </p>
+  </div>
   <p>
     <a class="gButtonLink ui-state-default ui-corner-all"><?= t("Activate ImageMagick") ?></a>
   </p>
   <? elseif ($tk->error): ?>
-  <p class="gWarning">
+  <div class="gModuleStatus gWarning">
     <?= $tk->error ?>
-  </p>
+  </div>
   <? endif ?>
 </div>
diff --git a/modules/gallery/views/admin_graphics_none.html.php b/modules/gallery/views/admin_graphics_none.html.php
index be2a580d..e6923a5a 100644
--- a/modules/gallery/views/admin_graphics_none.html.php
+++ b/modules/gallery/views/admin_graphics_none.html.php
@@ -1,6 +1,7 @@
 <?php defined("SYSPATH") or die("No direct script access.") ?>
-<div id="none" class="gBlock">
-  <h3 class="gWarning"> <?= t("No Active Toolkit") ?> </h3>
+
+<div id="none" class="gModuleStatus gWarning gBlock">
+  <h3> <?= t("No Active Toolkit") ?> </h3>
   <p>
     <?= t("We were unable to detect a graphics program.  You must install one of the toolkits below in order to use many Gallery features.") ?>
   </p>
diff --git a/modules/gallery/views/admin_maintenance.html.php b/modules/gallery/views/admin_maintenance.html.php
index 450eb754..3649ea58 100644
--- a/modules/gallery/views/admin_maintenance.html.php
+++ b/modules/gallery/views/admin_maintenance.html.php
@@ -7,7 +7,7 @@
 
   <div id="gAvailableTasks">
     <h2> <?= t("Available Tasks") ?> </h2>
-    <table>
+    <table class="gMessages">
       <tr>
         <th>
           <?= t("Name") ?>
@@ -19,8 +19,9 @@
           <?= t("Action") ?>
         </th>
       </tr>
+      <? $i = 0; ?>
       <? foreach ($task_definitions as $task): ?>
-      <tr class="<?= log::severity_class($task->severity) ?>">
+      <tr class="<?= log::severity_class($task->severity) ?> <?= ($i % 2 == 0) ? "gOddRow" : "gEvenRow" ?>">
         <td>
           <?= $task->name ?>
         </td>
@@ -34,17 +35,18 @@
           </a>
         </td>
       </tr>
+      <? $i++ ?>
       <? endforeach ?>
     </table>
   </div>
 
   <? if ($running_tasks->count()): ?>
   <div id="gRunningTasks">
-    <h2> <?= t("Running Tasks") ?> </h2>
     <a href="<?= url::site("admin/maintenance/cancel_running_tasks?csrf=$csrf") ?>"
        class="gButtonLink ui-icon-left ui-state-default ui-corner-all right">
       <?= t("cancel all") ?></a>
 
+    <h2> <?= t("Running Tasks") ?> </h2>
     <table>
       <tr>
         <th>
@@ -66,8 +68,9 @@
           <?= t("Action") ?>
         </th>
       </tr>
+      <? $i = 0; ?>
       <? foreach ($running_tasks as $task): ?>
-      <tr class="<?= $task->state == "stalled" ? "gWarning" : "" ?>">
+      <tr class="<?= $task->state == "stalled" ? "gWarning" : "" ?> <?= ($i % 2 == 0) ? "gOddRow" : "gEvenRow" ?>">
         <td>
           <?= gallery::date_time($task->updated) ?>
         </td>
@@ -105,6 +108,7 @@
           </a>
         </td>
       </tr>
+      <? $i++ ?>
       <? endforeach ?>
     </table>
   </div>
@@ -138,8 +142,9 @@
           <?= t("Action") ?>
         </th>
       </tr>
+      <? $i = 0; ?>
       <? foreach ($finished_tasks as $task): ?>
-      <tr class="<?= $task->state == "success" ? "gSuccess" : "gError" ?>">
+      <tr class="<?= $task->state == "success" ? "gSuccess" : "gError" ?> <?= ($i % 2 == 0) ? "gOddRow" : "gEvenRow" ?>">
         <td>
           <?= gallery::date_time($task->updated) ?>
         </td>
@@ -183,6 +188,7 @@
         </td>
       </tr>
       <? endforeach ?>
+      <? $i++ ?>
     </table>
   </div>
   <? endif ?>
diff --git a/modules/gallery/views/admin_modules.html.php b/modules/gallery/views/admin_modules.html.php
index 3fddd6cd..168e20d0 100644
--- a/modules/gallery/views/admin_modules.html.php
+++ b/modules/gallery/views/admin_modules.html.php
@@ -16,7 +16,7 @@
       </tr>
       <? $i = 0 ?>
       <? foreach ($available as $module_name => $module_info):  ?>
-      <tr class="<?= ($i % 2 == 0) ? "gEvenRow" : "gOddRow" ?>">
+      <tr class="<?= ($i % 2 == 0) ? "gOddRow" : "gEvenRow" ?>">
         <? $data = array("name" => $module_name); ?>
         <? if ($module_info->locked) $data["disabled"] = 1; ?>
         <td> <?= form::checkbox($data, '1', module::is_active($module_name)) ?> </td>
diff --git a/themes/admin_default/css/admin_screen.css b/themes/admin_default/css/admin_screen.css
index 913631dc..7e468442 100644
--- a/themes/admin_default/css/admin_screen.css
+++ b/themes/admin_default/css/admin_screen.css
@@ -35,13 +35,12 @@
 .gSelected img,
 .gAvailable .gBlock img {
   float: left;
-  margin-right: 1em;
+  margin: 0 1em 1em 0;
 }
 
 .rtl .gSelected img,
 .rtl .gAvailable .gBlock img {
   float: right;
-  margin-left: 1em;
 }
 
 .gSelected {
@@ -202,7 +201,7 @@
 #gAdminGraphics .gAvailable .gBlock {
   clear: none;
   float: left;
-  height: 16em;
+  height: 17em;
   margin-right: 1em;
   width: 30%;
 }
@@ -263,8 +262,8 @@ li.gGroup {
 }
 
 li.gGroup h4 {
-  background-color: #EEEEEE;
-  border-bottom: 1px dashed #CCCCCC;
+  background-color: #eee;
+  border-bottom: 1px dashed ccc;
   padding: .5em 0 .5em .5em;
 }
 li.gGroup .gButtonLink {
diff --git a/themes/admin_default/css/screen.css b/themes/admin_default/css/screen.css
index 062c0e41..c275eb10 100644
--- a/themes/admin_default/css/screen.css
+++ b/themes/admin_default/css/screen.css
@@ -108,7 +108,7 @@ table {
 }
 
 #gContent table {
-  margin: 1em 0;
+  margin: 1em 0 3em 0;
 }
 
 caption,
@@ -124,6 +124,10 @@ td {
   vertical-align: top;
 }
 
+#gAdminMaintenance td {
+  vertical-align: middle;
+}
+
 /* Forms ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ */
 
 fieldset {
@@ -279,9 +283,9 @@ li.gError select {
   width: 100%;
 }
 
-#gAdminAkismet .gSuccess,
 #gSiteStatus li,
-#gMessage li {
+#gMessage li,
+.gModuleStatus {
   border: 1px solid #ccc;
   margin-bottom: .4em;
 }
@@ -292,71 +296,62 @@ li.gError select {
   border-bottom: 1px solid #ccc;
 }
 
-#gSiteStatus .gError,
-#gMessage .gError,
-form p.gError,
-#gSiteStatus .gInfo,
-#gMessage .gInfo,
-#gSiteStatus .gSuccess,
-#gMessage .gSuccess,
-#gSiteStatus .gWarning,
-#gMessage .gWarning {
+.gModuleStatus {
+  clear: both;
+  margin-bottom: 1em;
+}
+
+.gError,
+.gInfo,
+.gSuccess,
+.gWarning {
   background-position: .4em 50%;
   background-repeat: no-repeat;
   padding: .4em .5em .4em 30px;
 }
 
 .gError {
-  background-color: #fcc;
-}
-
-form .gError {
-  color: #f00;
-}
-
-#gSiteStatus .gError,
-#gMessage .gError,
-form p.gError {
+  background-color: #f6cbca;
+  color: red;
   background-image: url('../images/ico-error.png');
 }
 
 .gInfo {
   background-color: #e8e8e8;
-}
-
-#gSiteStatus .gInfo,
-#gMessage .gInfo {
   background-image: url('../images/ico-info.png');
 }
 
 .gSuccess {
-  background-color: #96EF95;
-}
-
-#gSiteStatus .gSuccess,
-#gMessage .gSuccess {
+  background-color: #d9efc2;
   background-image: url('../images/ico-success.png');
 }
 
 .gWarning {
-  background-color: #ff9;
+  background-color: #fcf9ce;
+  background-image: url('../images/ico-warning.png');
 }
 
-#gSiteStatus .gWarning,
-#gMessage .gWarning {
-  background-image: url('../images/ico-warning.png');
+table .gError {
+  background-color: #f6cbca !important;
+}
+
+table .gWarning {
+  background-color: #fcf9ce !important;
 }
 
+.gPager .gInfo,
 form .gError,
-.gPager .gInfo {
-  background-color: #fff;
+table .gInfo,
+table .gSuccess {
+  background-color: transparent !important;
 }
 
-#gAdminMaintenance .gError,
-#gAdminMaintenance .gInfo,
-#gAdminMaintenance .gWarning,
-#gAdminMaintenance .gSuccess {
-  background-image: none;
+.gPager .gInfo,
+table .gError,
+table .gInfo,
+table .gSuccess,
+table .gWarning {
+  background-image: none !important;
 }
 
 /* Inline layout (forms, lists) ~~~~~~~~~~ */
@@ -823,7 +818,6 @@ form .gError,
 .ui-widget-overlay {
   background: #000;
   opacity: .7;
-  filter: Alpha(Opacity=70);
 }
 
 #gDialog {
diff --git a/themes/default/css/screen.css b/themes/default/css/screen.css
index d39152e4..82cdb331 100644
--- a/themes/default/css/screen.css
+++ b/themes/default/css/screen.css
@@ -279,9 +279,9 @@ li.gError select {
   width: 100%;
 }
 
-#gAdminAkismet .gSuccess,
 #gSiteStatus li,
-#gMessage li {
+#gMessage li,
+.gModuleStatus {
   border: 1px solid #ccc;
   margin-bottom: .4em;
 }
@@ -292,71 +292,49 @@ li.gError select {
   border-bottom: 1px solid #ccc;
 }
 
-#gSiteStatus .gError,
-#gMessage .gError,
-form p.gError,
-#gSiteStatus .gInfo,
-#gMessage .gInfo,
-#gSiteStatus .gSuccess,
-#gMessage .gSuccess,
-#gSiteStatus .gWarning,
-#gMessage .gWarning {
+.gModuleStatus {
+  clear: both;
+  margin-bottom: 1em;
+}
+
+.gError,
+.gInfo,
+.gSuccess,
+.gWarning {
   background-position: .4em 50%;
   background-repeat: no-repeat;
   padding: .4em .5em .4em 30px;
 }
 
 .gError {
-  background-color: #fcc;
-}
-
-form .gError {
-  color: #f00;
-}
-
-#gSiteStatus .gError,
-#gMessage .gError,
-form p.gError {
+  background-color: #f6cbca;
+  color: #fc0;
   background-image: url('../images/ico-error.png');
 }
 
 .gInfo {
   background-color: #e8e8e8;
-}
-
-#gSiteStatus .gInfo,
-#gMessage .gInfo {
   background-image: url('../images/ico-info.png');
 }
 
 .gSuccess {
-  background-color: #96EF95;
-}
-
-#gSiteStatus .gSuccess,
-#gMessage .gSuccess {
+  background-color: #d9efc2;
   background-image: url('../images/ico-success.png');
 }
 
 .gWarning {
-  background-color: #ff9;
-}
-
-#gSiteStatus .gWarning,
-#gMessage .gWarning {
+  background-color: #fcf9ce;
   background-image: url('../images/ico-warning.png');
 }
 
 form .gError,
 .gPager .gInfo {
-  background-color: #fff;
+  background-color: #fff !important;
 }
 
-#gAdminMaintenance .gError,
-#gAdminMaintenance .gInfo,
-#gAdminMaintenance .gWarning,
-#gAdminMaintenance .gSuccess {
-  background-image: none;
+.gPager .gInfo {
+  background-image: none !important;
+  padding: 0 !important;
 }
 
 /* Inline layout (forms, lists) ~~~~~~~~~~ */
-- 
cgit v1.2.3


From 0204617b602183a3e157bc7e23c617acd22a5212 Mon Sep 17 00:00:00 2001
From: Andy Staudacher <andy.st@gmail.com>
Date: Sat, 29 Aug 2009 15:41:02 -0700
Subject: XSS fixes

---
 modules/gallery/views/admin_maintenance.html.php   | 2 +-
 modules/rss/views/rss_block.html.php               | 2 +-
 modules/server_add/views/admin_server_add.html.php | 4 ++--
 modules/server_add/views/server_add_tree.html.php  | 4 ++--
 modules/tag/views/admin_tags.html.php              | 4 ++--
 5 files changed, 8 insertions(+), 8 deletions(-)

(limited to 'modules/gallery/views/admin_maintenance.html.php')

diff --git a/modules/gallery/views/admin_maintenance.html.php b/modules/gallery/views/admin_maintenance.html.php
index a0a6a19e..a1f7b126 100644
--- a/modules/gallery/views/admin_maintenance.html.php
+++ b/modules/gallery/views/admin_maintenance.html.php
@@ -164,7 +164,7 @@
           <?= $task->status ?>
         </td>
         <td>
-          <?= $task->owner()->name ?>
+          <?= SafeString::of($task->owner()->name) ?>
         </td>
         <td>
           <? if ($task->done): ?>
diff --git a/modules/rss/views/rss_block.html.php b/modules/rss/views/rss_block.html.php
index 39921d7d..cd8db89d 100644
--- a/modules/rss/views/rss_block.html.php
+++ b/modules/rss/views/rss_block.html.php
@@ -5,7 +5,7 @@
     <span class="ui-icon-left">
     <a href="<?= rss::url($url) ?>">
       <span class="ui-icon ui-icon-signal-diag"></span>
-      <?= $title ?>
+      <?= SafeString::purify($title) ?>
     </a>
     </span>
   </li>
diff --git a/modules/server_add/views/admin_server_add.html.php b/modules/server_add/views/admin_server_add.html.php
index 30ab3536..c4439bda 100644
--- a/modules/server_add/views/admin_server_add.html.php
+++ b/modules/server_add/views/admin_server_add.html.php
@@ -11,12 +11,12 @@
     <ul id="gPathList">
       <? foreach ($paths as $id => $path): ?>
       <li class="ui-icon-left">
-        <a href="<?= url::site("admin/server_add/remove_path?path=$path&amp;csrf=$csrf") ?>"
+        <a href="<?= url::site("admin/server_add/remove_path?path=" . urlencode($path) . "&amp;csrf=$csrf") ?>"
            id="icon_<?= $id?>"
            class="gRemoveDir ui-icon ui-icon-trash">
           X
         </a>
-        <?= $path ?>
+        <?= SafeString::of($path) ?>
       </li>
       <? endforeach ?>
     </ul>
diff --git a/modules/server_add/views/server_add_tree.html.php b/modules/server_add/views/server_add_tree.html.php
index b68544ec..2f65a590 100644
--- a/modules/server_add/views/server_add_tree.html.php
+++ b/modules/server_add/views/server_add_tree.html.php
@@ -10,7 +10,7 @@
     <li class="ui-icon-left">
       <span class="ui-icon ui-icon-folder-open"></span>
       <span ondblclick="open_dir('<?= $dir ?>')">
-        <?= basename($dir) ?>
+        <?= SafeString::of(basename($dir)) ?>
       </span>
       <ul>
         <? endforeach ?>
@@ -22,7 +22,7 @@
                 <? if (is_dir($file)): ?>
                 ondblclick="open_dir($(this).attr('file'))"
                 <? endif ?>
-                file="<?= $file ?>"
+                file="<?= strtr($file, array('"' => '\\"')) ?>"
                 >
             <?= SafeString::of(basename($file)) ?>
           </span>
diff --git a/modules/tag/views/admin_tags.html.php b/modules/tag/views/admin_tags.html.php
index 5bd23112..30dd0728 100644
--- a/modules/tag/views/admin_tags.html.php
+++ b/modules/tag/views/admin_tags.html.php
@@ -32,7 +32,7 @@
           <? $current_letter = strtoupper(mb_substr($tag->name, 0, 1)) ?>
 
           <? if ($i == 0): /* first letter */ ?>
-            <strong><?= $current_letter ?></strong>
+            <strong><?= SafeString::of($current_letter) ?></strong>
             <ul>
           <? elseif ($last_letter != $current_letter): /* new letter */ ?>
             <? if ($column_tag_count > $tags_per_column): /* new column */ ?>
@@ -42,7 +42,7 @@
             <? endif ?>
 
             </ul>
-            <strong><?= $current_letter ?></strong>
+            <strong><?= SafeString::of($current_letter) ?></strong>
             <ul>
           <? endif ?>
 
-- 
cgit v1.2.3


From b9bd1681a3b1496c0f1bbe5e6254ab4fd0c9fe30 Mon Sep 17 00:00:00 2001
From: Andy Staudacher <andy.st@gmail.com>
Date: Sat, 29 Aug 2009 22:54:20 -0700
Subject: Update all code to use helper method html::clean(), html::purify(),
 ... instead of SafeString directly.

---
 modules/comment/controllers/comments.php                   |  8 ++++----
 modules/comment/helpers/comment_rss.php                    |  8 ++++----
 modules/comment/views/admin_block_recent_comments.html.php |  6 +++---
 modules/comment/views/admin_comments.html.php              | 10 +++++-----
 modules/comment/views/comment.html.php                     |  6 +++---
 modules/comment/views/comment.mrss.php                     | 12 ++++++------
 modules/comment/views/comments.html.php                    |  6 +++---
 modules/digibug/controllers/digibug.php                    |  2 +-
 modules/exif/views/exif_dialog.html.php                    |  4 ++--
 modules/g2_import/helpers/g2_import.php                    |  2 +-
 modules/gallery/controllers/admin_advanced_settings.php    |  2 +-
 modules/gallery/controllers/quick.php                      | 10 +++++-----
 modules/gallery/helpers/MY_html.php                        |  4 ++--
 modules/gallery/helpers/gallery_rss.php                    |  4 ++--
 modules/gallery/helpers/gallery_task.php                   |  4 ++--
 modules/gallery/tests/Html_Helper_Test.php                 |  4 ++--
 modules/gallery/tests/Xss_Security_Test.php                |  4 ++--
 modules/gallery/views/admin_advanced_settings.html.php     |  6 +++---
 modules/gallery/views/admin_block_log_entries.html.php     |  2 +-
 modules/gallery/views/admin_block_photo_stream.html.php    |  4 ++--
 modules/gallery/views/admin_languages.html.php             |  4 ++--
 modules/gallery/views/admin_maintenance.html.php           |  4 ++--
 modules/gallery/views/admin_maintenance_show_log.html.php  |  2 +-
 modules/gallery/views/move_tree.html.php                   |  8 ++++----
 modules/gallery/views/permissions_browse.html.php          |  4 ++--
 modules/gallery/views/permissions_form.html.php            |  2 +-
 modules/gallery/views/simple_uploader.html.php             | 14 +++++++-------
 modules/info/views/info_block.html.php                     | 10 +++++-----
 modules/notification/views/comment_published.html.php      | 12 ++++++------
 modules/notification/views/item_added.html.php             |  8 ++++----
 modules/notification/views/item_deleted.html.php           |  6 +++---
 modules/notification/views/item_updated.html.php           | 12 ++++++------
 modules/organize/views/organize_dialog.html.php            |  2 +-
 modules/organize/views/organize_tree.html.php              |  6 +++---
 modules/rss/views/feed.mrss.php                            | 14 +++++++-------
 modules/rss/views/rss_block.html.php                       |  2 +-
 modules/search/views/search.html.php                       |  6 +++---
 modules/server_add/views/admin_server_add.html.php         |  2 +-
 modules/server_add/views/server_add_tree.html.php          |  4 ++--
 modules/server_add/views/server_add_tree_dialog.html.php   |  6 +++---
 modules/tag/controllers/admin_tags.php                     |  2 +-
 modules/tag/views/admin_tags.html.php                      |  6 +++---
 modules/tag/views/tag_cloud.html.php                       |  2 +-
 modules/user/controllers/logout.php                        |  2 +-
 modules/user/views/admin_users.html.php                    |  8 ++++----
 modules/user/views/admin_users_group.html.php              |  4 ++--
 modules/user/views/login.html.php                          |  2 +-
 themes/default/views/album.html.php                        |  6 +++---
 themes/default/views/dynamic.html.php                      |  4 ++--
 themes/default/views/header.html.php                       |  4 ++--
 themes/default/views/movie.html.php                        |  4 ++--
 themes/default/views/photo.html.php                        |  6 +++---
 52 files changed, 143 insertions(+), 143 deletions(-)

(limited to 'modules/gallery/views/admin_maintenance.html.php')

diff --git a/modules/comment/controllers/comments.php b/modules/comment/controllers/comments.php
index 87633f4c..82b12893 100644
--- a/modules/comment/controllers/comments.php
+++ b/modules/comment/controllers/comments.php
@@ -39,9 +39,9 @@ class Comments_Controller extends REST_Controller {
       foreach ($comments as $comment) {
         $data[] = array(
           "id" => $comment->id,
-          "author_name" => SafeString::of($comment->author_name()),
+          "author_name" => html::clean($comment->author_name()),
           "created" => $comment->created,
-          "text" => nl2br(SafeString::purify($comment->text)));
+          "text" => nl2br(html::purify($comment->text)));
       }
       print json_encode($data);
       break;
@@ -126,9 +126,9 @@ class Comments_Controller extends REST_Controller {
         array("result" => "success",
               "data" => array(
                 "id" => $comment->id,
-                "author_name" => SafeString::of($comment->author_name()),
+                "author_name" => html::clean($comment->author_name()),
                 "created" => $comment->created,
-                "text" => nl2br(SafeString::purify($comment->text)))));
+                "text" => nl2br(html::purify($comment->text)))));
     } else {
       $view = new Theme_View("comment.html", "fragment");
       $view->comment = $comment;
diff --git a/modules/comment/helpers/comment_rss.php b/modules/comment/helpers/comment_rss.php
index 4151dcd0..b539887b 100644
--- a/modules/comment/helpers/comment_rss.php
+++ b/modules/comment/helpers/comment_rss.php
@@ -23,7 +23,7 @@ class comment_rss_Core {
     $feeds["comment/newest"] = t("All new comments");
     if ($item) {
       $feeds["comment/item/$item->id"] =
-        t("Comments on %title", array("title" => SafeString::purify($item->title)));
+        t("Comments on %title", array("title" => html::purify($item->title)));
     }
     return $feeds;
   }
@@ -49,13 +49,13 @@ class comment_rss_Core {
       $item = $comment->item();
       $feed->children[] = new ArrayObject(
         array("pub_date" => date("D, d M Y H:i:s T", $comment->created),
-              "text" => nl2br(SafeString::purify($comment->text)),
+              "text" => nl2br(html::purify($comment->text)),
               "thumb_url" => $item->thumb_url(),
               "thumb_height" => $item->thumb_height,
               "thumb_width" => $item->thumb_width,
               "item_uri" => url::abs_site("{$item->type}s/$item->id"),
-              "title" => SafeString::purify($item->title),
-              "author" => SafeString::of($comment->author_name())),
+              "title" => html::purify($item->title),
+              "author" => html::clean($comment->author_name())),
         ArrayObject::ARRAY_AS_PROPS);
     }
 
diff --git a/modules/comment/views/admin_block_recent_comments.html.php b/modules/comment/views/admin_block_recent_comments.html.php
index 2c7a5cf1..dc3975e0 100644
--- a/modules/comment/views/admin_block_recent_comments.html.php
+++ b/modules/comment/views/admin_block_recent_comments.html.php
@@ -4,13 +4,13 @@
   <li class="<?= ($i % 2 == 0) ? "gEvenRow" : "gOddRow" ?>">
     <img src="<?= $comment->author()->avatar_url(32, $theme->url("images/avatar.jpg", true)) ?>"
          class="gAvatar"
-         alt="<?= SafeString::of($comment->author_name()) ?>"
+         alt="<?= html::clean($comment->author_name()) ?>"
          width="32"
          height="32" />
     <?= gallery::date_time($comment->created) ?>
     <?= t('<a href="#">%author_name</a> said <em>%comment_text</em>',
-          array("author_name" => SafeString::of($comment->author_name()),
-                "comment_text" => text::limit_words(nl2br(SafeString::purify($comment->text)), 50))); ?>
+          array("author_name" => html::clean($comment->author_name()),
+                "comment_text" => text::limit_words(nl2br(html::purify($comment->text)), 50))); ?>
   </li>
   <? endforeach ?>
 </ul>
diff --git a/modules/comment/views/admin_comments.html.php b/modules/comment/views/admin_comments.html.php
index 8b0b4c29..801ce2b3 100644
--- a/modules/comment/views/admin_comments.html.php
+++ b/modules/comment/views/admin_comments.html.php
@@ -108,12 +108,12 @@
         <a href="#">
           <img src="<?= $comment->author()->avatar_url(40, $theme->url("images/avatar.jpg", true)) ?>"
                class="gAvatar"
-               alt="<?= SafeString::of($comment->author_name()) ?>"
+               alt="<?= html::clean($comment->author_name()) ?>"
                width="40"
                height="40" />
         </a>
-        <p><a href="mailto:<?= SafeString::of($comment->author_email()) ?>"
-              title="<?= SafeString::of($comment->author_email()) ?>"> <?= SafeString::of($comment->author_name()) ?> </a></p>
+        <p><a href="mailto:<?= html::clean($comment->author_email()) ?>"
+              title="<?= html::clean($comment->author_email()) ?>"> <?= html::clean($comment->author_name()) ?> </a></p>
       </td>
       <td>
         <div class="right">
@@ -122,7 +122,7 @@
             <a href="<?= $item->url() ?>">
               <? if ($item->has_thumb()): ?>
               <img src="<?= $item->thumb_url() ?>"
-                 alt="<?= SafeString::purify($item->title) ?>"
+                 alt="<?= html::purify($item->title) ?>"
                  <?= photo::img_dimensions($item->thumb_width, $item->thumb_height, 75) ?>
               />
               <? else: ?>
@@ -132,7 +132,7 @@
           </div>
         </div>
         <p><?= gallery::date($comment->created) ?></p>
-           <?= nl2br(SafeString::purify($comment->text)) ?>
+           <?= nl2br(html::purify($comment->text)) ?>
       </td>
       <td>
         <ul class="gButtonSetVertical">
diff --git a/modules/comment/views/comment.html.php b/modules/comment/views/comment.html.php
index 31bb7f4d..1d0786cb 100644
--- a/modules/comment/views/comment.html.php
+++ b/modules/comment/views/comment.html.php
@@ -4,15 +4,15 @@
     <a href="#">
       <img src="<?= $comment->author()->avatar_url(40, $theme->url("images/avatar.jpg", true)) ?>"
            class="gAvatar"
-           alt="<?= SafeString::of($comment->author_name()) ?>"
+           alt="<?= html::clean($comment->author_name()) ?>"
            width="40"
            height="40" />
     </a>
     <?= t("on %date_time, %author_name said",
           array("date_time" => gallery::date_time($comment->created),
-                "author_name" => SafeString::of($comment->author_name()))) ?>
+                "author_name" => html::clean($comment->author_name()))) ?>
   </p>
   <div>
-  <?= nl2br(SafeString::purify($comment->text)) ?>
+  <?= nl2br(html::purify($comment->text)) ?>
   </div>
 </li>
diff --git a/modules/comment/views/comment.mrss.php b/modules/comment/views/comment.mrss.php
index ae7762d9..c2a4b538 100644
--- a/modules/comment/views/comment.mrss.php
+++ b/modules/comment/views/comment.mrss.php
@@ -6,9 +6,9 @@
    xmlns:fh="http://purl.org/syndication/history/1.0">
   <channel>
     <generator>Gallery 3</generator>
-    <title><?= SafeString::of($feed->title) ?></title>
+    <title><?= html::clean($feed->title) ?></title>
     <link><?= $feed->uri ?></link>
-    <description><?= SafeString::of($feed->description) ?></description>
+    <description><?= html::clean($feed->description) ?></description>
     <language>en-us</language>
     <atom:link rel="self" href="<?= $feed->uri ?>" type="application/rss+xml" />
     <fh:complete/>
@@ -22,14 +22,14 @@
     <lastBuildDate><?= $pub_date ?></lastBuildDate>
     <? foreach ($feed->children as $child): ?>
     <item>
-      <title><?= SafeString::purify($child->title) ?></title>
-      <link><?= SafeString::of($child->item_uri) ?></link>
-      <author><?= SafeString::of($child->author) ?></author>
+      <title><?= html::purify($child->title) ?></title>
+      <link><?= html::clean($child->item_uri) ?></link>
+      <author><?= html::clean($child->author) ?></author>
       <guid isPermaLink="true"><?= $child->item_uri ?></guid>
       <pubDate><?= $child->pub_date ?></pubDate>
       <content:encoded>
         <![CDATA[
-          <p><?= nl2br(SafeString::purify($child->text)) ?></p>
+          <p><?= nl2br(html::purify($child->text)) ?></p>
           <p>
             <img alt="" src="<?= $child->thumb_url ?>"
                  height="<?= $child->thumb_height ?>" width="<?= $child->thumb_width ?>" />
diff --git a/modules/comment/views/comments.html.php b/modules/comment/views/comments.html.php
index 9eac0502..1e45c946 100644
--- a/modules/comment/views/comments.html.php
+++ b/modules/comment/views/comments.html.php
@@ -18,16 +18,16 @@
       <a href="#">
         <img src="<?= $comment->author()->avatar_url(40, $theme->url("images/avatar.jpg", true)) ?>"
              class="gAvatar"
-             alt="<?= SafeString::of($comment->author_name()) ?>"
+             alt="<?= html::clean($comment->author_name()) ?>"
              width="40"
              height="40" />
       </a>
       <?= t('on %date <a href="#">%name</a> said',
             array("date" => date("Y-M-d H:i:s", $comment->created),
-                  "name" => SafeString::of($comment->author_name()))); ?>
+                  "name" => html::clean($comment->author_name()))); ?>
     </p>
     <div>
-      <?= nl2br(SafeString::purify($comment->text)) ?>
+      <?= nl2br(html::purify($comment->text)) ?>
     </div>
   </li>
   <? endforeach ?>
diff --git a/modules/digibug/controllers/digibug.php b/modules/digibug/controllers/digibug.php
index 509a8b70..0939704b 100644
--- a/modules/digibug/controllers/digibug.php
+++ b/modules/digibug/controllers/digibug.php
@@ -50,7 +50,7 @@ class Digibug_Controller extends Controller {
       "image_width_1" => $item->width,
       "thumb_height_1" => $item->thumb_height,
       "thumb_width_1" => $item->thumb_width,
-      "title_1" => SafeString::purify($item->title));
+      "title_1" => html::purify($item->title));
 
     print $v;
   }
diff --git a/modules/exif/views/exif_dialog.html.php b/modules/exif/views/exif_dialog.html.php
index a981ca09..11d1e212 100644
--- a/modules/exif/views/exif_dialog.html.php
+++ b/modules/exif/views/exif_dialog.html.php
@@ -14,14 +14,14 @@
          <?= $details[$i]["caption"] ?>
          </td>
          <td class="gOdd">
-         <?= SafeString::of($details[$i]["value"]) ?>
+         <?= html::clean($details[$i]["value"]) ?>
          </td>
          <? if (!empty($details[++$i])): ?>
            <td class="gEven">
            <?= $details[$i]["caption"] ?>
            </td>
            <td class="gOdd">
-           <?= SafeString::of($details[$i]["value"]) ?>
+           <?= html::clean($details[$i]["value"]) ?>
            </td>
          <? else: ?>
            <td class="gEven"></td><td class="gOdd"></td>
diff --git a/modules/g2_import/helpers/g2_import.php b/modules/g2_import/helpers/g2_import.php
index a01ca1db..7e5c6f75 100644
--- a/modules/g2_import/helpers/g2_import.php
+++ b/modules/g2_import/helpers/g2_import.php
@@ -590,7 +590,7 @@ class g2_import_Core {
     self::map($g2_comment->getId(), $comment->id);
     return t("Imported comment '%comment' for item with id: %id",
              array("id" => $comment->item_id,
-                   "comment" => text::limit_words(nl2br(SafeString::purify($comment->text)), 50)));
+                   "comment" => text::limit_words(nl2br(html::purify($comment->text)), 50)));
   }
 
   /**
diff --git a/modules/gallery/controllers/admin_advanced_settings.php b/modules/gallery/controllers/admin_advanced_settings.php
index d727b654..43c77340 100644
--- a/modules/gallery/controllers/admin_advanced_settings.php
+++ b/modules/gallery/controllers/admin_advanced_settings.php
@@ -46,7 +46,7 @@ class Admin_Advanced_Settings_Controller extends Admin_Controller {
     module::set_var($module_name, $var_name, Input::instance()->post("value"));
     message::success(
       t("Saved value for %var (%module_name)",
-        array("var" => SafeString::of($var_name), "module_name" => $module_name)));
+        array("var" => html::clean($var_name), "module_name" => $module_name)));
 
     print json_encode(array("result" => "success"));
   }
diff --git a/modules/gallery/controllers/quick.php b/modules/gallery/controllers/quick.php
index 8fddb563..20731f9c 100644
--- a/modules/gallery/controllers/quick.php
+++ b/modules/gallery/controllers/quick.php
@@ -75,7 +75,7 @@ class Quick_Controller extends Controller {
     access::required("view", $item->parent());
     access::required("edit", $item->parent());
 
-    $msg = t("Made <b>%title</b> this album's cover", array("title" => SafeString::purify($item->title)));
+    $msg = t("Made <b>%title</b> this album's cover", array("title" => html::purify($item->title)));
 
     item::make_album_cover($item);
     message::success($msg);
@@ -91,10 +91,10 @@ class Quick_Controller extends Controller {
     if ($item->is_album()) {
       print t(
         "Delete the album <b>%title</b>? All photos and movies in the album will also be deleted.",
-        array("title" => SafeString::purify($item->title)));
+        array("title" => html::purify($item->title)));
     } else {
       print t("Are you sure you want to delete <b>%title</b>?",
-              array("title" => SafeString::purify($item->title)));
+              array("title" => html::purify($item->title)));
     }
 
     $form = item::get_delete_form($item);
@@ -108,9 +108,9 @@ class Quick_Controller extends Controller {
     access::required("edit", $item);
 
     if ($item->is_album()) {
-      $msg = t("Deleted album <b>%title</b>", array("title" => SafeString::purify($item->title)));
+      $msg = t("Deleted album <b>%title</b>", array("title" => html::purify($item->title)));
     } else {
-      $msg = t("Deleted photo <b>%title</b>", array("title" => SafeString::purify($item->title)));
+      $msg = t("Deleted photo <b>%title</b>", array("title" => html::purify($item->title)));
     }
 
     $parent = $item->parent();
diff --git a/modules/gallery/helpers/MY_html.php b/modules/gallery/helpers/MY_html.php
index eb388811..75114898 100644
--- a/modules/gallery/helpers/MY_html.php
+++ b/modules/gallery/helpers/MY_html.php
@@ -65,11 +65,11 @@ class html extends html_Core {
    *
    * Example:<pre>
    *   <script type="text/javascript>"
-   *     var some_js_var = "<?= html::escape_for_js($php_var) ?>";
+   *     var some_js_var = "<?= html::clean_js($php_var) ?>";
    *   </script>
    * </pre>
    */
-  static function escape_for_js($string) {
+  static function clean_js($string) {
     return SafeString::of($string)->for_js();
   }
 
diff --git a/modules/gallery/helpers/gallery_rss.php b/modules/gallery/helpers/gallery_rss.php
index affb3101..dee6ae40 100644
--- a/modules/gallery/helpers/gallery_rss.php
+++ b/modules/gallery/helpers/gallery_rss.php
@@ -53,9 +53,9 @@ class gallery_rss_Core {
         ->descendants($limit, $offset, array("type" => "photo"));
       $feed->max_pages = ceil(
         $item->viewable()->descendants_count(array("type" => "photo")) / $limit);
-      $feed->title = SafeString::purify($item->title);
+      $feed->title = html::purify($item->title);
       $feed->link = url::abs_site("albums/{$item->id}");
-      $feed->description = nl2br(SafeString::purify($item->description));
+      $feed->description = nl2br(html::purify($item->description));
 
       return $feed;
     }
diff --git a/modules/gallery/helpers/gallery_task.php b/modules/gallery/helpers/gallery_task.php
index 8c0e8aa8..c9557324 100644
--- a/modules/gallery/helpers/gallery_task.php
+++ b/modules/gallery/helpers/gallery_task.php
@@ -64,10 +64,10 @@ class gallery_task_Core {
           if (!$success) {
             $ignored[$item->id] = 1;
             $errors[] = t("Unable to rebuild images for '%title'",
-                          array("title" => SafeString::purify($item->title)));
+                          array("title" => html::purify($item->title)));
           } else {
             $errors[] = t("Successfully rebuilt images for '%title'",
-                          array("title" => SafeString::purify($item->title)));
+                          array("title" => html::purify($item->title)));
           }
         }
 
diff --git a/modules/gallery/tests/Html_Helper_Test.php b/modules/gallery/tests/Html_Helper_Test.php
index 4d934ad5..a9903256 100644
--- a/modules/gallery/tests/Html_Helper_Test.php
+++ b/modules/gallery/tests/Html_Helper_Test.php
@@ -40,8 +40,8 @@ class Html_Helper_Test extends Unit_Test_Case {
 			$safe_string_2);
   }
 
-  public function escape_for_js_test() {
-    $string = html::escape_for_js("hello's <p  >world</p>");
+  public function clean_js_test() {
+    $string = html::clean_js("hello's <p  >world</p>");
     $this->assert_equal("hello\\'s <p  >world<\\/p>",
 			$string);
   }
diff --git a/modules/gallery/tests/Xss_Security_Test.php b/modules/gallery/tests/Xss_Security_Test.php
index 8e5f8354..16e5a856 100644
--- a/modules/gallery/tests/Xss_Security_Test.php
+++ b/modules/gallery/tests/Xss_Security_Test.php
@@ -151,7 +151,7 @@ class Xss_Security_Test extends Unit_Test_Case {
 	    if (self::_token_matches(array(T_DOUBLE_COLON, "::"), $tokens, $token_number + 1) &&
 		self::_token_matches(array(T_STRING), $tokens, $token_number + 2) &&
 		in_array($tokens[$token_number + 2][1],
-			 array("clean", "purify", "escape_for_js", "clean_attribute_test")) &&
+			 array("clean", "purify", "clean_js", "clean_attribute")) &&
 		self::_token_matches("(", $tokens, $token_number + 3)) {
               // Not checking for mark_safe(). We want such calls to be marked dirty (thus reviewed).
 
@@ -161,7 +161,7 @@ class Xss_Security_Test extends Unit_Test_Case {
 	      $token_number += 3;
 	      $token = $tokens[$token_number];
 
-              if ("escape_for_js" == $method) {
+              if ("clean_js" == $method) {
                 $frame->is_safe_js(true);
               } else {
                 $frame->is_safe_html(true);
diff --git a/modules/gallery/views/admin_advanced_settings.html.php b/modules/gallery/views/admin_advanced_settings.html.php
index adc15b91..4235e8f8 100644
--- a/modules/gallery/views/admin_advanced_settings.html.php
+++ b/modules/gallery/views/admin_advanced_settings.html.php
@@ -20,13 +20,13 @@
     <? if ($var->module_name == "gallery" && $var->name == "_cache") continue ?>
     <tr class="setting">
       <td> <?= $var->module_name ?> </td>
-      <td> <?= SafeString::of($var->name) ?> </td>
+      <td> <?= html::clean($var->name) ?> </td>
       <td>
-        <a href="<?= url::site("admin/advanced_settings/edit/$var->module_name/" . SafeString::of($var->name)) ?>"
+        <a href="<?= url::site("admin/advanced_settings/edit/$var->module_name/" . html::clean($var->name)) ?>"
           class="gDialogLink"
           title="<?= t("Edit %var (%module_name)", array("var" => $var->name, "module_name" => $var->module_name)) ?>">
           <? if ($var->value): ?>
-          <?= SafeString::of($var->value) ?>
+          <?= html::clean($var->value) ?>
           <? else: ?>
           <i> <?= t("empty") ?> </i>
           <? endif ?>
diff --git a/modules/gallery/views/admin_block_log_entries.html.php b/modules/gallery/views/admin_block_log_entries.html.php
index b7afb22d..780ff2d0 100644
--- a/modules/gallery/views/admin_block_log_entries.html.php
+++ b/modules/gallery/views/admin_block_log_entries.html.php
@@ -2,7 +2,7 @@
 <ul>
   <? foreach ($entries as $entry): ?>
   <li class="<?= log::severity_class($entry->severity) ?>" style="direction: ltr">
-    <a href="<?= url::site("user/$entry->user_id") ?>"><?= SafeString::of($entry->user->name) ?></a>
+    <a href="<?= url::site("user/$entry->user_id") ?>"><?= html::clean($entry->user->name) ?></a>
     <?= gallery::date_time($entry->timestamp) ?>
     <?= $entry->message ?>
     <?= $entry->html ?>
diff --git a/modules/gallery/views/admin_block_photo_stream.html.php b/modules/gallery/views/admin_block_photo_stream.html.php
index 732bdc38..a50836ad 100644
--- a/modules/gallery/views/admin_block_photo_stream.html.php
+++ b/modules/gallery/views/admin_block_photo_stream.html.php
@@ -2,9 +2,9 @@
 <ul>
 <? foreach ($photos as $photo): ?>
   <li class="gItem gPhoto">
-    <a href="<?= url::site("photos/$photo->id") ?>" title="<?= SafeString::of($photo->title) ?>">
+    <a href="<?= url::site("photos/$photo->id") ?>" title="<?= html::clean($photo->title) ?>">
       <img <?= photo::img_dimensions($photo->width, $photo->height, 72) ?>
-        src="<?= $photo->thumb_url() ?>" alt="<?= SafeString::of($photo->title) ?>" />
+        src="<?= $photo->thumb_url() ?>" alt="<?= html::clean($photo->title) ?>" />
     </a>
   </li>
 <? endforeach ?>
diff --git a/modules/gallery/views/admin_languages.html.php b/modules/gallery/views/admin_languages.html.php
index 4bee9bb1..052d749b 100644
--- a/modules/gallery/views/admin_languages.html.php
+++ b/modules/gallery/views/admin_languages.html.php
@@ -40,7 +40,7 @@
   </form>
 	
 	<script type="text/javascript">
-    var old_default_locale = "<?= SafeString::of($default_locale)->for_js() ?>";
+    var old_default_locale = "<?= html::escape_for_js($default_locale) ?>";
     
     $("input[name='installed_locales[]']").change(function (event) {
       if (this.checked) {
@@ -57,7 +57,7 @@
       dataType: "json",
       success: function(data) {
         if (data.result == "success") {
-          el = $('<a href="<?= url::site("admin/maintenance/start/gallery_task::update_l10n?csrf=$csrf")->for_js() ?>"></a>'); // this is a little hack to trigger the update_l10n task in a dialog
+          el = $('<a href="<?= html::escape_for_js(url::site("admin/maintenance/start/gallery_task::update_l10n?csrf=$csrf")) ?>"></a>'); // this is a little hack to trigger the update_l10n task in a dialog
           el.gallery_dialog();
           el.trigger('click');
         }
diff --git a/modules/gallery/views/admin_maintenance.html.php b/modules/gallery/views/admin_maintenance.html.php
index a1f7b126..05bc0923 100644
--- a/modules/gallery/views/admin_maintenance.html.php
+++ b/modules/gallery/views/admin_maintenance.html.php
@@ -93,7 +93,7 @@
           <?= $task->status ?>
         </td>
         <td>
-          <?= SafeString::of($task->owner()->name) ?>
+          <?= html::clean($task->owner()->name) ?>
         </td>
         <td>
           <? if ($task->state == "stalled"): ?>
@@ -164,7 +164,7 @@
           <?= $task->status ?>
         </td>
         <td>
-          <?= SafeString::of($task->owner()->name) ?>
+          <?= html::clean($task->owner()->name) ?>
         </td>
         <td>
           <? if ($task->done): ?>
diff --git a/modules/gallery/views/admin_maintenance_show_log.html.php b/modules/gallery/views/admin_maintenance_show_log.html.php
index 209aef03..8ea1beb6 100644
--- a/modules/gallery/views/admin_maintenance_show_log.html.php
+++ b/modules/gallery/views/admin_maintenance_show_log.html.php
@@ -12,7 +12,7 @@ appendTo('body').submit().remove();
 <div id="gTaskLogDialog">
   <h1> <?= $task->name ?> </h1>
   <div class="gTaskLog">
-    <pre><?= SafeString::purify($task->get_log()) ?></pre>
+    <pre><?= html::purify($task->get_log()) ?></pre>
   </div>
   <button id="gCloseButton" class="ui-state-default ui-corner-all" onclick="dismiss()"><?= t("Close") ?></button>
   <button id="gSaveButton" class="ui-state-default ui-corner-all" onclick="download()"><?= t("Save") ?></button>
diff --git a/modules/gallery/views/move_tree.html.php b/modules/gallery/views/move_tree.html.php
index 7818a42a..623f80ee 100644
--- a/modules/gallery/views/move_tree.html.php
+++ b/modules/gallery/views/move_tree.html.php
@@ -1,18 +1,18 @@
 <?php defined("SYSPATH") or die("No direct script access.") ?>
 <?= $parent->thumb_img(array(), 25); ?>
 <? if (!access::can("edit", $parent) || $source->is_descendant($parent)): ?>
-<a href="javascript:load_tree('<?= $parent->id ?>',1)"> <?= SafeString::of($parent->title) ?> <?= t("(locked)") ?> </a>
+<a href="javascript:load_tree('<?= $parent->id ?>',1)"> <?= html::clean($parent->title) ?> <?= t("(locked)") ?> </a>
 <? else: ?>
-<a href="javascript:load_tree('<?= $parent->id ?>',0)"> <?= SafeString::of($parent->title) ?></a>
+<a href="javascript:load_tree('<?= $parent->id ?>',0)"> <?= html::clean($parent->title) ?></a>
 <? endif ?>
 <ul id="tree_<?= $parent->id ?>">
   <? foreach ($children as $child): ?>
   <li id="node_<?= $child->id ?>" class="node">
     <?= $child->thumb_img(array(), 25); ?>
     <? if (!access::can("edit", $child) || $source->is_descendant($child)): ?>
-    <a href="javascript:load_tree('<?= $child->id ?>',1)"> <?= SafeString::of($child->title) ?> <?= t("(locked)") ?></a>
+    <a href="javascript:load_tree('<?= $child->id ?>',1)"> <?= html::clean($child->title) ?> <?= t("(locked)") ?></a>
     <? else: ?>
-    <a href="javascript:load_tree('<?= $child->id ?>',0)"> <?= SafeString::of($child->title) ?> </a>
+    <a href="javascript:load_tree('<?= $child->id ?>',0)"> <?= html::clean($child->title) ?> </a>
     <? endif ?>
   </li>
   <? endforeach ?>
diff --git a/modules/gallery/views/permissions_browse.html.php b/modules/gallery/views/permissions_browse.html.php
index 90970112..d9395b3f 100644
--- a/modules/gallery/views/permissions_browse.html.php
+++ b/modules/gallery/views/permissions_browse.html.php
@@ -39,13 +39,13 @@
     <? foreach ($parents as $parent): ?>
     <li id="item-<?= $parent->id ?>">
       <a href="javascript:show(<?= $parent->id ?>)">
-        <?= SafeString::purify($parent->title) ?>
+        <?= html::purify($parent->title) ?>
       </a>
     </li>
     <? endforeach ?>
     <li class="active" id="item-<?= $item->id ?>">
       <a href="javascript:show(<?= $item->id ?>)">
-    	<?= SafeString::purify($item->title) ?>
+    	<?= html::purify($item->title) ?>
       </a>
     </li>
   </ul>
diff --git a/modules/gallery/views/permissions_form.html.php b/modules/gallery/views/permissions_form.html.php
index adc0496f..e6b217c5 100644
--- a/modules/gallery/views/permissions_form.html.php
+++ b/modules/gallery/views/permissions_form.html.php
@@ -6,7 +6,7 @@
     <tr>
       <th> </th>
       <? foreach ($groups as $group): ?>
-      <th> <?= SafeString::of($group->name) ?> </th>
+      <th> <?= html::clean($group->name) ?> </th>
       <? endforeach ?>
     </tr>
 
diff --git a/modules/gallery/views/simple_uploader.html.php b/modules/gallery/views/simple_uploader.html.php
index 1f185780..b136972a 100644
--- a/modules/gallery/views/simple_uploader.html.php
+++ b/modules/gallery/views/simple_uploader.html.php
@@ -6,7 +6,7 @@
 <!-- hack to set the title for the dialog -->
 <form id="gAddPhotosForm" action="<?= url::site("simple_uploader/finish?csrf=$csrf") ?>">
   <fieldset>
-    <legend> <?= t("Add photos to %album_title", array("album_title" => SafeString::purify($item->title))) ?> </legend>
+    <legend> <?= t("Add photos to %album_title", array("album_title" => html::purify($item->title))) ?> </legend>
   </fieldset>
 </form>
 
@@ -26,9 +26,9 @@
   </p>
   <ul class="gBreadcrumbs">
     <? foreach ($item->parents() as $parent): ?>
-    <li> <?= SafeString::of($parent->title) ?> </li>
+    <li> <?= html::clean($parent->title) ?> </li>
     <? endforeach ?>
-    <li class="active"> <?= SafeString::purify($item->title) ?> </li>
+    <li class="active"> <?= html::purify($item->title) ?> </li>
   </ul>
 
   <p>
@@ -82,13 +82,13 @@
 
 <script type="text/javascript">
   var swfu = new SWFUpload({
-    flash_url: "<?= url::file("lib/swfupload/swfupload.swf")->for_js() ?>",
-    upload_url: "<?= url::site("simple_uploader/add_photo/$item->id")->for_js() ?>",
+    flash_url: "<?= html::escape_for_js(url::file("lib/swfupload/swfupload.swf")) ?>",
+    upload_url: "<?= html::escape_for_js(url::site("simple_uploader/add_photo/$item->id")) ?>",
     post_params: <?= json_encode(array(
       "g3sid" => Session::instance()->id(),
       "user_agent" => Input::instance()->server("HTTP_USER_AGENT"),
       "csrf" => $csrf)) ?>,
-    file_size_limit: "<?= SafeString::of(ini_get("upload_max_filesize") ? num::convert_to_bytes(ini_get("upload_max_filesize"))."B" : "100MB")->for_js() ?>",
+    file_size_limit: "<?= html::escape_for_js(ini_get("upload_max_filesize") ? num::convert_to_bytes(ini_get("upload_max_filesize"))."B" : "100MB")) ?>",
     file_types: "*.gif;*.jpg;*.jpeg;*.png;*.flv;*.mp4;*.GIF;*.JPG;*.JPEG;*.PNG;*.FLV;*.MP4",
     file_types_description: "<?= t("Photos and Movies")->for_js() ?>",
     file_upload_limit: 1000,
@@ -97,7 +97,7 @@
     debug: false,
 
     // Button settings
-    button_image_url: "<?= url::file("themes/default/images/select-photos-backg.png")->for_js() ?>",
+    button_image_url: "<?= html::escape_for_js(url::file("themes/default/images/select-photos-backg.png")) ?>",
     button_width: "202",
     button_height: "45",
     button_placeholder_id: "gChooseFilesButtonPlaceholder",
diff --git a/modules/info/views/info_block.html.php b/modules/info/views/info_block.html.php
index bfaaee99..d8f36984 100644
--- a/modules/info/views/info_block.html.php
+++ b/modules/info/views/info_block.html.php
@@ -2,18 +2,18 @@
 <ul class="gMetadata">
   <li>
     <strong class="caption"><?= t("Title:") ?></strong>
-    <?= SafeString::purify($item->title) ?>
+    <?= html::purify($item->title) ?>
   </li>
   <? if ($item->description): ?>
   <li>
     <strong class="caption"><?= t("Description:") ?></strong>
-     <?= nl2br(SafeString::purify($item->description)) ?>
+     <?= nl2br(html::purify($item->description)) ?>
   </li>
   <? endif ?>
   <? if (!$item->is_album()): ?>
   <li>
     <strong class="caption"><?= t("File name:") ?></strong>
-    <?= SafeString::of($item->name) ?>
+    <?= html::clean($item->name) ?>
   </li>
   <? endif ?>
   <? if ($item->captured): ?>
@@ -26,9 +26,9 @@
   <li>
     <strong class="caption"><?= t("Owner:") ?></strong>
     <? if ($item->owner->url): ?>
-    <a href="<?= $item->owner->url ?>"><?= SafeString::of($item->owner->display_name()) ?></a>
+    <a href="<?= $item->owner->url ?>"><?= html::clean($item->owner->display_name()) ?></a>
     <? else: ?>
-    <?= SafeString::of($item->owner->display_name()) ?>
+    <?= html::clean($item->owner->display_name()) ?>
     <? endif ?>
   </li>
   <? endif ?>
diff --git a/modules/notification/views/comment_published.html.php b/modules/notification/views/comment_published.html.php
index 02daf921..e39e39c6 100644
--- a/modules/notification/views/comment_published.html.php
+++ b/modules/notification/views/comment_published.html.php
@@ -1,26 +1,26 @@
 <?php defined("SYSPATH") or die("No direct script access.") ?>
 <html>
   <head>
-    <title><?= SafeString::of($subject) ?> </title>
+    <title><?= html::clean($subject) ?> </title>
   </head>
   <body>
-    <h2><?= SafeString::of($subject) ?></h2>
+    <h2><?= html::clean($subject) ?></h2>
     <table>
       <tr>
         <td><?= t("Comment:") ?></td>
-  <td><?= nl2br(SafeString::purify($comment->text)) ?></td>
+  <td><?= nl2br(html::purify($comment->text)) ?></td>
       </tr>
       <tr>
         <td><?= t("Author Name:") ?></td>
-        <td><?= SafeString::of($comment->author_name()) ?></td>
+        <td><?= html::clean($comment->author_name()) ?></td>
       </tr>
       <tr>
         <td><?= t("Author Email:") ?></td>
-        <td><?= SafeString::of($comment->author_email()) ?></td>
+        <td><?= html::clean($comment->author_email()) ?></td>
       </tr>
       <tr>
         <td><?= t("Author URL:") ?></td>
-        <td><?= SafeString::of($comment->author_url()) ?></td>
+        <td><?= html::clean($comment->author_url()) ?></td>
       </tr>
       <tr>
         <td><?= t("Url:") ?></td>
diff --git a/modules/notification/views/item_added.html.php b/modules/notification/views/item_added.html.php
index 70b8fca4..f697fea6 100644
--- a/modules/notification/views/item_added.html.php
+++ b/modules/notification/views/item_added.html.php
@@ -1,14 +1,14 @@
 <?php defined("SYSPATH") or die("No direct script access.") ?>
 <html>
   <head>
-    <title><?= SafeString::of($subject) ?> </title>
+    <title><?= html::clean($subject) ?> </title>
   </head>
   <body>
-    <h2><?= SafeString::of($subject) ?></h2>
+    <h2><?= html::clean($subject) ?></h2>
     <table>
       <tr>
         <td><?= t("Title:") ?></td>
-        <td><?= SafeString::purify($item->title) ?></td>
+        <td><?= html::purify($item->title) ?></td>
       </tr>
       <tr>
         <td><?= t("Url:") ?></td>
@@ -21,7 +21,7 @@
       <? if ($item->description): ?>
       <tr>
         <td><?= t("Description:") ?></td>
-         <td><?= nl2br(SafeString::purify($item->description)) ?></td>
+         <td><?= nl2br(html::purify($item->description)) ?></td>
       </tr>
       <? endif ?>
     </table>
diff --git a/modules/notification/views/item_deleted.html.php b/modules/notification/views/item_deleted.html.php
index e04fc71b..a51782ff 100644
--- a/modules/notification/views/item_deleted.html.php
+++ b/modules/notification/views/item_deleted.html.php
@@ -1,15 +1,15 @@
 <?php defined("SYSPATH") or die("No direct script access.") ?>
 <html>
   <head>
-    <title><?= SafeString::of($subject) ?> </title>
+    <title><?= html::clean($subject) ?> </title>
   </head>
   <body>
-    <h2><?= SafeString::of($subject) ?></h2>
+    <h2><?= html::clean($subject) ?></h2>
     <table>
       <tr>
         <td colspan="2">
           <?= t("To view the changed album %title use the link below.",
-              array("title" => SafeString::purify($item->parent()->title))) ?>
+              array("title" => html::purify($item->parent()->title))) ?>
         </td>
       </tr>
       <tr>
diff --git a/modules/notification/views/item_updated.html.php b/modules/notification/views/item_updated.html.php
index c3a4f795..ba03540a 100644
--- a/modules/notification/views/item_updated.html.php
+++ b/modules/notification/views/item_updated.html.php
@@ -1,18 +1,18 @@
 <?php defined("SYSPATH") or die("No direct script access.") ?>
 <html>
   <head>
-    <title><?= SafeString::of($subject) ?> </title>
+    <title><?= html::clean($subject) ?> </title>
   </head>
   <body>
-    <h2> <?= SafeString::of($subject) ?> </h2>
+    <h2> <?= html::clean($subject) ?> </h2>
     <table>
       <tr>
         <? if ($item->original("title") != $item->title): ?>
         <td><?= t("New Title:") ?></td>
-        <td><?= SafeString::of($item->title) ?></td>
+        <td><?= html::clean($item->title) ?></td>
         <? else: ?>
         <td><?= t("Title:") ?></td>
-        <td><?= SafeString::of($item->title) ?></td>
+        <td><?= html::clean($item->title) ?></td>
         <? endif ?>
       </tr>
       <tr>
@@ -22,12 +22,12 @@
       <? if ($item->original("description") != $item->description): ?>
       <tr>
         <td><?= t("New Description:") ?></td>
-        <td><?= SafeString::of($item->description) ?></td>
+        <td><?= html::clean($item->description) ?></td>
       </tr>
       <? elseif (!empty($item->description)): ?>
       <tr>
         <td><?= t("Description:") ?></td>
-        <td><?= SafeString::of($item->description) ?></td>
+        <td><?= html::clean($item->description) ?></td>
       </tr>
       <? endif ?>
     </table>
diff --git a/modules/organize/views/organize_dialog.html.php b/modules/organize/views/organize_dialog.html.php
index 27d5b508..857499aa 100644
--- a/modules/organize/views/organize_dialog.html.php
+++ b/modules/organize/views/organize_dialog.html.php
@@ -5,7 +5,7 @@
   var sort_order_url = "<?= url::site("organize/sort_order/__ALBUM_ID__/__COL__/__DIR__?csrf=$csrf") ?>";
 </script>
 <div id="gOrganize" class="gDialogPanel">
-  <h1 style="display:none"><?= t("Organize %name", array("name" => SafeString::purify($album->title))) ?></h1>
+  <h1 style="display:none"><?= t("Organize %name", array("name" => html::purify($album->title))) ?></h1>
   <div id="bd">
     <div class="yui-gf">
       <div class="yui-u first">
diff --git a/modules/organize/views/organize_tree.html.php b/modules/organize/views/organize_tree.html.php
index 387d5977..5b676889 100644
--- a/modules/organize/views/organize_tree.html.php
+++ b/modules/organize/views/organize_tree.html.php
@@ -5,7 +5,7 @@
   <span class="ui-icon ui-icon-minus">
   </span>
   <span class="gAlbumText" ref="<?= $parent->id ?>">
-    <?= SafeString::of($parent->title) ?>
+    <?= html::clean($parent->title) ?>
   </span>
   <ul class="ui-icon-plus">
     <? endforeach ?>
@@ -17,7 +17,7 @@
       </span>
       <span class="gAlbumText <?= $peer->id == $album->id ? "selected" : "" ?>"
             ref="<?= $peer->id ?>">
-        <?= SafeString::of($peer->title) ?>
+        <?= html::clean($peer->title) ?>
       </span>
 
       <? if ($peer->id == $album->id): ?>
@@ -29,7 +29,7 @@
           </span>
           <span class="gAlbumText"
                 ref="<?= $child->id ?>">
-            <?= SafeString::of($child->title) ?>
+            <?= html::clean($child->title) ?>
           </span>
         </li>
         <? endforeach ?>
diff --git a/modules/rss/views/feed.mrss.php b/modules/rss/views/feed.mrss.php
index 7298b7f4..731703c7 100644
--- a/modules/rss/views/feed.mrss.php
+++ b/modules/rss/views/feed.mrss.php
@@ -6,9 +6,9 @@
    xmlns:fh="http://purl.org/syndication/history/1.0">
   <channel>
     <generator>gallery3</generator>
-    <title><?= SafeString::of($feed->title) ?></title>
+    <title><?= html::clean($feed->title) ?></title>
     <link><?= $feed->uri ?></link>
-    <description><?= SafeString::of($feed->description) ?></description>
+    <description><?= html::clean($feed->description) ?></description>
     <language>en-us</language>
     <atom:link rel="self" href="<?= $feed->uri ?>" type="application/rss+xml" />
     <fh:complete/>
@@ -22,25 +22,25 @@
     <lastBuildDate><?= $pub_date ?></lastBuildDate>
     <? foreach ($feed->children as $child): ?>
     <item>
-      <title><?= SafeString::of($child->title) ?></title>
+      <title><?= html::clean($child->title) ?></title>
       <link><?= url::abs_site("{$child->type}s/{$child->id}") ?></link>
       <guid isPermaLink="true"><?= url::abs_site("{$child->type}s/{$child->id}") ?></guid>
       <pubDate><?= date("D, d M Y H:i:s T", $child->created); ?></pubDate>
       <content:encoded>
         <![CDATA[
-          <span><?= SafeString::of($child->description) ?></span>
+          <span><?= html::clean($child->description) ?></span>
           <p>
           <? if ($child->type == "photo" || $child->type == "album"): ?>
             <img alt="" src="<?= $child->resize_url(true) ?>"
-                 title="<?= SafeString::of($child->title) ?>"
+                 title="<?= html::clean($child->title) ?>"
                  height="<?= $child->resize_height ?>" width="<?= $child->resize_width ?>" /><br />
           <? else: ?>
             <a href="<?= url::abs_site("{$child->type}s/{$child->id}") ?>">
             <img alt="" src="<?= $child->thumb_url(true) ?>"
-                 title="<?= SafeString::of($child->title) ?>"
+                 title="<?= html::clean($child->title) ?>"
                  height="<?= $child->thumb_height ?>" width="<?= $child->thumb_width ?>" /></a><br />
           <? endif ?>
-            <?= SafeString::of($child->description) ?>
+            <?= html::clean($child->description) ?>
           </p>
         ]]>
       </content:encoded>
diff --git a/modules/rss/views/rss_block.html.php b/modules/rss/views/rss_block.html.php
index cd8db89d..737731b6 100644
--- a/modules/rss/views/rss_block.html.php
+++ b/modules/rss/views/rss_block.html.php
@@ -5,7 +5,7 @@
     <span class="ui-icon-left">
     <a href="<?= rss::url($url) ?>">
       <span class="ui-icon ui-icon-signal-diag"></span>
-      <?= SafeString::purify($title) ?>
+      <?= html::purify($title) ?>
     </a>
     </span>
   </li>
diff --git a/modules/search/views/search.html.php b/modules/search/views/search.html.php
index e5c7b4a6..7963948d 100644
--- a/modules/search/views/search.html.php
+++ b/modules/search/views/search.html.php
@@ -8,7 +8,7 @@
     <ul>
       <li>
         <label for="q"><?= t("Search the gallery") ?></label>
-        <input name="q" id="q" type="text" value="<?= SafeString::of($q)->for_html_attr() ?>"/>
+        <input name="q" id="q" type="text" value="<?= html::clean_attribute($q) ?>"/>
       </li>
       <li>
         <input type="submit" value="<?= t("Search")->for_html_attr() ?>" />
@@ -31,10 +31,10 @@
       <a href="<?= url::site("items/$item->id") ?>">
         <?= $item->thumb_img() ?>
         <p>
-    <?= SafeString::purify($item->title) ?>
+    <?= html::purify($item->title) ?>
         </p>
         <div>
-    <?= nl2br(SafeString::purify($item->description)) ?>
+    <?= nl2br(html::purify($item->description)) ?>
         </div>
       </a>
     </li>
diff --git a/modules/server_add/views/admin_server_add.html.php b/modules/server_add/views/admin_server_add.html.php
index c4439bda..b48a19da 100644
--- a/modules/server_add/views/admin_server_add.html.php
+++ b/modules/server_add/views/admin_server_add.html.php
@@ -16,7 +16,7 @@
            class="gRemoveDir ui-icon ui-icon-trash">
           X
         </a>
-        <?= SafeString::of($path) ?>
+        <?= html::clean($path) ?>
       </li>
       <? endforeach ?>
     </ul>
diff --git a/modules/server_add/views/server_add_tree.html.php b/modules/server_add/views/server_add_tree.html.php
index 2f65a590..dbae42c5 100644
--- a/modules/server_add/views/server_add_tree.html.php
+++ b/modules/server_add/views/server_add_tree.html.php
@@ -10,7 +10,7 @@
     <li class="ui-icon-left">
       <span class="ui-icon ui-icon-folder-open"></span>
       <span ondblclick="open_dir('<?= $dir ?>')">
-        <?= SafeString::of(basename($dir)) ?>
+        <?= html::clean(basename($dir)) ?>
       </span>
       <ul>
         <? endforeach ?>
@@ -24,7 +24,7 @@
                 <? endif ?>
                 file="<?= strtr($file, array('"' => '\\"')) ?>"
                 >
-            <?= SafeString::of(basename($file)) ?>
+            <?= html::clean(basename($file)) ?>
           </span>
         </li>
         <? endforeach ?>
diff --git a/modules/server_add/views/server_add_tree_dialog.html.php b/modules/server_add/views/server_add_tree_dialog.html.php
index 912e69b6..8eb6e4df 100644
--- a/modules/server_add/views/server_add_tree_dialog.html.php
+++ b/modules/server_add/views/server_add_tree_dialog.html.php
@@ -5,17 +5,17 @@
 </script>
 
 <div id="gServerAdd">
-  <h1 style="display: none;"><?= t("Add Photos to '%title'", array("title" => SafeString::purify($item->title))) ?></h1>
+  <h1 style="display: none;"><?= t("Add Photos to '%title'", array("title" => html::purify($item->title))) ?></h1>
 
   <p id="gDescription"><?= t("Photos will be added to album:") ?></p>
   <ul class="gBreadcrumbs">
     <? foreach ($item->parents() as $parent): ?>
     <li>
-      <?= SafeString::purify($parent->title) ?>
+      <?= html::purify($parent->title) ?>
     </li>
     <? endforeach ?>
     <li class="active">
-      <?= SafeString::purify($item->title) ?>
+      <?= html::purify($item->title) ?>
     </li>
   </ul>
 
diff --git a/modules/tag/controllers/admin_tags.php b/modules/tag/controllers/admin_tags.php
index f1b4ca3a..8b8dde21 100644
--- a/modules/tag/controllers/admin_tags.php
+++ b/modules/tag/controllers/admin_tags.php
@@ -106,7 +106,7 @@ class Admin_Tags_Controller extends Admin_Controller {
         array("result" => "success",
               "location" => url::site("admin/tags"),
               "tag_id" => $tag->id,
-              "new_tagname" => SafeString::of($tag->name)));
+              "new_tagname" => html::clean($tag->name)));
     } else {
       print json_encode(
         array("result" => "error",
diff --git a/modules/tag/views/admin_tags.html.php b/modules/tag/views/admin_tags.html.php
index 30dd0728..3d805c5e 100644
--- a/modules/tag/views/admin_tags.html.php
+++ b/modules/tag/views/admin_tags.html.php
@@ -32,7 +32,7 @@
           <? $current_letter = strtoupper(mb_substr($tag->name, 0, 1)) ?>
 
           <? if ($i == 0): /* first letter */ ?>
-            <strong><?= SafeString::of($current_letter) ?></strong>
+            <strong><?= html::clean($current_letter) ?></strong>
             <ul>
           <? elseif ($last_letter != $current_letter): /* new letter */ ?>
             <? if ($column_tag_count > $tags_per_column): /* new column */ ?>
@@ -42,12 +42,12 @@
             <? endif ?>
 
             </ul>
-            <strong><?= SafeString::of($current_letter) ?></strong>
+            <strong><?= html::clean($current_letter) ?></strong>
             <ul>
           <? endif ?>
 
           <li>
-            <span id="gTag-<?= $tag->id ?>" class="gEditable tag-name"><?= SafeString::of($tag->name) ?></span>
+            <span id="gTag-<?= $tag->id ?>" class="gEditable tag-name"><?= html::clean($tag->name) ?></span>
             <span class="understate">(<?= $tag->count ?>)</span>
             <a href="<?= url::site("admin/tags/form_delete/$tag->id") ?>"
                class="gDialogLink delete-link gButtonLink">
diff --git a/modules/tag/views/tag_cloud.html.php b/modules/tag/views/tag_cloud.html.php
index b4c6ae34..d6a0b5f8 100644
--- a/modules/tag/views/tag_cloud.html.php
+++ b/modules/tag/views/tag_cloud.html.php
@@ -3,7 +3,7 @@
   <? foreach ($tags as $tag): ?>
   <li class="size<?=(int)(($tag->count / $max_count) * 7) ?>">
     <span><?= $tag->count ?> photos are tagged with </span>
-    <a href="<?= url::site("tags/$tag->id") ?>"><?= SafeString::of($tag->name) ?></a>
+    <a href="<?= url::site("tags/$tag->id") ?>"><?= html::clean($tag->name) ?></a>
   </li>
   <? endforeach ?>
 </ul>
diff --git a/modules/user/controllers/logout.php b/modules/user/controllers/logout.php
index 4b141a1c..fc3ced56 100644
--- a/modules/user/controllers/logout.php
+++ b/modules/user/controllers/logout.php
@@ -24,7 +24,7 @@ class Logout_Controller extends Controller {
     $user = user::active();
     user::logout();
     log::info("user", t("User %name logged out", array("name" => $user->name)),
-              html::anchor("user/$user->id", SafeString::of($user->name)));
+              html::anchor("user/$user->id", html::clean($user->name)));
     if ($continue_url = $this->input->get("continue")) {
       $item = url::get_item_from_uri($continue_url);
       if (access::can("view", $item)) {
diff --git a/modules/user/views/admin_users.html.php b/modules/user/views/admin_users.html.php
index 36c4f4fd..9455f9d9 100644
--- a/modules/user/views/admin_users.html.php
+++ b/modules/user/views/admin_users.html.php
@@ -68,16 +68,16 @@
         <td id="user-<?= $user->id ?>" class="core-info gDraggable">
           <img src="<?= $user->avatar_url(20, $theme->url("images/avatar.jpg", true)) ?>"
                title="<?= t("Drag user onto group below to add as a new member") ?>"
-               alt="<?= SafeString::of($user->name) ?>"
+               alt="<?= html::clean($user->name) ?>"
                width="20"
                height="20" />
-          <?= SafeString::of($user->name) ?>
+          <?= html::clean($user->name) ?>
         </td>
         <td>
-          <?= SafeString::of($user->full_name) ?>
+          <?= html::clean($user->full_name) ?>
         </td>
         <td>
-          <?= SafeString::of($user->email) ?>
+          <?= html::clean($user->email) ?>
         </td>
         <td>
           <?= ($user->last_login == 0) ? "" : gallery::date($user->last_login) ?>
diff --git a/modules/user/views/admin_users_group.html.php b/modules/user/views/admin_users_group.html.php
index f89a4392..8418ebc9 100644
--- a/modules/user/views/admin_users_group.html.php
+++ b/modules/user/views/admin_users_group.html.php
@@ -1,6 +1,6 @@
 <?php defined("SYSPATH") or die("No direct script access.") ?>
 <h4>
-  <?= SafeString::of($group->name) ?>
+  <?= html::clean($group->name) ?>
   <? if (!$group->special): ?>
   <a href="<?= url::site("admin/users/delete_group_form/$group->id") ?>"
     title="<?= t("Delete the %name group", array("name" => $group->name)) ?>"
@@ -17,7 +17,7 @@
 <ul>
   <? foreach ($group->users as $i => $user): ?>
   <li class="gUser">
-    <?= SafeString::of($user->name) ?>
+    <?= html::clean($user->name) ?>
     <? if (!$group->special): ?>
     <a href="javascript:remove_user(<?= $user->id ?>, <?= $group->id ?>)"
        class="gButtonLink ui-state-default ui-corner-all ui-icon-left"
diff --git a/modules/user/views/login.html.php b/modules/user/views/login.html.php
index e92513e7..85f673ce 100644
--- a/modules/user/views/login.html.php
+++ b/modules/user/views/login.html.php
@@ -12,7 +12,7 @@
       '<a href="' . url::site("form/edit/users/{$user->id}") .
       '" title="' . t("Edit Your Profile")->for_html_attr() .
       '" id="gUserProfileLink" class="gDialogLink">' .
-      SafeString::of($user->display_name()) . '</a>'))) ?>
+      html::clean($user->display_name()) . '</a>'))) ?>
   </li>
   <li>
     <a href="<?= url::site("logout?csrf=$csrf&amp;continue=" . urlencode(url::current(true))) ?>"
diff --git a/themes/default/views/album.html.php b/themes/default/views/album.html.php
index 8c690f5f..caabeee3 100644
--- a/themes/default/views/album.html.php
+++ b/themes/default/views/album.html.php
@@ -2,8 +2,8 @@
 <? // @todo Set hover on AlbumGrid list items for guest users ?>
 <div id="gInfo">
   <?= $theme->album_top() ?>
-  <h1><?= SafeString::purify($item->title) ?></h1>
-  <div class="gDescription"><?= nl2br(SafeString::purify($item->description)) ?></div>
+  <h1><?= html::purify($item->title) ?></h1>
+  <div class="gDescription"><?= nl2br(html::purify($item->description)) ?></div>
 </div>
 
 <ul id="gAlbumGrid">
@@ -20,7 +20,7 @@
     </a>
     <?= $theme->thumb_bottom($child) ?>
     <?= $theme->context_menu($child, "#gItemId-{$child->id} .gThumbnail") ?>
-    <h2><span></span><a href="<?= $child->url() ?>"><?= SafeString::of($child->title) ?></a></h2>
+    <h2><span></span><a href="<?= $child->url() ?>"><?= html::clean($child->title) ?></a></h2>
     <ul class="gMetadata">
       <?= $theme->thumb_info($child) ?>
     </ul>
diff --git a/themes/default/views/dynamic.html.php b/themes/default/views/dynamic.html.php
index 2d8e04a2..9ed9d69b 100644
--- a/themes/default/views/dynamic.html.php
+++ b/themes/default/views/dynamic.html.php
@@ -3,7 +3,7 @@
   <div id="gAlbumHeaderButtons">
     <?= $theme->dynamic_top() ?>
   </div>
-  <h1><?= SafeString::of($title) ?></h1>
+  <h1><?= html::clean($title) ?></h1>
 </div>
 
 <ul id="gAlbumGrid">
@@ -16,7 +16,7 @@
            width="<?= $child->thumb_width ?>"
            height="<?= $child->thumb_height ?>" />
     </a>
-    <h2><?= SafeString::purify($child->title) ?></h2>
+    <h2><?= html::purify($child->title) ?></h2>
     <?= $theme->thumb_bottom($child) ?>
     <ul class="gMetadata">
       <?= $theme->thumb_info($child) ?>
diff --git a/themes/default/views/header.html.php b/themes/default/views/header.html.php
index 9e34401d..dcfa6fd8 100644
--- a/themes/default/views/header.html.php
+++ b/themes/default/views/header.html.php
@@ -19,10 +19,10 @@
   <? foreach ($parents as $parent): ?>
   <li>
     <a href="<?= url::site("albums/{$parent->id}?show=$item->id") ?>">
-      <?= SafeString::purify($parent->title) ?>
+      <?= html::purify($parent->title) ?>
     </a>
   </li>
   <? endforeach ?>
-  <li class="active"><?= SafeString::purify($item->title) ?></li>
+  <li class="active"><?= html::purify($item->title) ?></li>
 </ul>
 <? endif ?>
diff --git a/themes/default/views/movie.html.php b/themes/default/views/movie.html.php
index 237743b7..910814dd 100644
--- a/themes/default/views/movie.html.php
+++ b/themes/default/views/movie.html.php
@@ -28,8 +28,8 @@
   <?= $item->movie_img(array("class" => "gMovie", "id" => "gMovieId-{$item->id}")) ?>
 
   <div id="gInfo">
-    <h1><?= SafeString::purify($item->title) ?></h1>
-       <div><?= nl2br(SafeString::purify($item->description)) ?></div>
+    <h1><?= html::purify($item->title) ?></h1>
+       <div><?= nl2br(html::purify($item->description)) ?></div>
   </div>
 
   <?= $theme->photo_bottom() ?>
diff --git a/themes/default/views/photo.html.php b/themes/default/views/photo.html.php
index 5b5cb12b..c601c4cc 100644
--- a/themes/default/views/photo.html.php
+++ b/themes/default/views/photo.html.php
@@ -5,7 +5,7 @@
 <script>
   $(document).ready(function() {
     $(".gFullSizeLink").click(function() {
-      $.gallery_show_full_size("<?= $theme->item()->file_url()->for_js() ?>", "<?= $theme->item()->width ?>", "<?= $theme->item()->height ?>");
+      $.gallery_show_full_size("<?= html::escape_for_js($theme->item()->file_url()) ?>", "<?= $theme->item()->width ?>", "<?= $theme->item()->height ?>");
       return false;
     });
   });
@@ -51,8 +51,8 @@
   </div>
 
   <div id="gInfo">
-    <h1><?= SafeString::purify($item->title) ?></h1>
-    <div><?= nl2br(SafeString::purify($item->description)) ?></div>
+    <h1><?= html::purify($item->title) ?></h1>
+    <div><?= nl2br(html::purify($item->description)) ?></div>
   </div>
 
   <?= $theme->photo_bottom() ?>
-- 
cgit v1.2.3


From 80ae2fe4bf8d5872d0aeb18559fa8b099d07282f Mon Sep 17 00:00:00 2001
From: Chad Kieffer <ckieffer@gmail.com>
Date: Sun, 30 Aug 2009 23:51:31 -0600
Subject: Finish this pass at the Admin Maintenance view. Re-introduce status
 icons, put Cancel All, Delete All buttons in the action heading cell.

---
 modules/gallery/views/admin_maintenance.html.php | 20 +++++++++-----------
 themes/admin_default/css/screen.css              |  7 +------
 themes/default/css/screen.css                    |  1 -
 3 files changed, 10 insertions(+), 18 deletions(-)

(limited to 'modules/gallery/views/admin_maintenance.html.php')

diff --git a/modules/gallery/views/admin_maintenance.html.php b/modules/gallery/views/admin_maintenance.html.php
index 05bc0923..4bca8653 100644
--- a/modules/gallery/views/admin_maintenance.html.php
+++ b/modules/gallery/views/admin_maintenance.html.php
@@ -22,7 +22,7 @@
       <? $i = 0; ?>
       <? foreach ($task_definitions as $task): ?>
       <tr class="<?= log::severity_class($task->severity) ?> <?= ($i % 2 == 0) ? "gOddRow" : "gEvenRow" ?>">
-        <td>
+        <td class="<?= log::severity_class($task->severity) ?>">
           <?= $task->name ?>
         </td>
         <td>
@@ -42,10 +42,6 @@
 
   <? if ($running_tasks->count()): ?>
   <div id="gRunningTasks">
-    <a href="<?= url::site("admin/maintenance/cancel_running_tasks?csrf=$csrf") ?>"
-       class="gButtonLink ui-icon-left ui-state-default ui-corner-all right">
-      <?= t("cancel all") ?></a>
-
     <h2> <?= t("Running Tasks") ?> </h2>
     <table>
       <tr>
@@ -66,12 +62,15 @@
         </th>
         <th>
           <?= t("Action") ?>
+          <a href="<?= url::site("admin/maintenance/cancel_running_tasks?csrf=$csrf") ?>"
+             class="gButtonLink ui-icon-left ui-state-default ui-corner-all right">
+            <?= t("cancel all") ?></a>
         </th>
       </tr>
       <? $i = 0; ?>
       <? foreach ($running_tasks as $task): ?>
       <tr class="<?= $task->state == "stalled" ? "gWarning" : "" ?> <?= ($i % 2 == 0) ? "gOddRow" : "gEvenRow" ?>">
-        <td>
+        <td class="<?= $task->state == "stalled" ? "gWarning" : "" ?>">
           <?= gallery::date_time($task->updated) ?>
         </td>
         <td>
@@ -116,10 +115,6 @@
 
   <? if ($finished_tasks->count()): ?>
   <div id="gFinishedTasks">
-    <a href="<?= url::site("admin/maintenance/remove_finished_tasks?csrf=$csrf") ?>"
-         class="gButtonLink ui-icon-left ui-state-default ui-corner-all right">
-       <span class="ui-icon ui-icon-trash"></span><?= t("remove all finished") ?></a>
-
     <h2> <?= t("Finished Tasks") ?> </h2>
     <table>
       <tr>
@@ -140,12 +135,15 @@
         </th>
         <th>
           <?= t("Action") ?>
+          <a href="<?= url::site("admin/maintenance/remove_finished_tasks?csrf=$csrf") ?>"
+               class="gButtonLink ui-icon-left ui-state-default ui-corner-all right">
+             <span class="ui-icon ui-icon-trash"></span><?= t("remove all finished") ?></a>
         </th>
       </tr>
       <? $i = 0; ?>
       <? foreach ($finished_tasks as $task): ?>
       <tr class="<?= $task->state == "success" ? "gSuccess" : "gError" ?> <?= ($i % 2 == 0) ? "gOddRow" : "gEvenRow" ?>">
-        <td>
+        <td class="<?= $task->state == "success" ? "gSuccess" : "gError" ?>">
           <?= gallery::date_time($task->updated) ?>
         </td>
         <td>
diff --git a/themes/admin_default/css/screen.css b/themes/admin_default/css/screen.css
index c275eb10..21b2b31c 100644
--- a/themes/admin_default/css/screen.css
+++ b/themes/admin_default/css/screen.css
@@ -312,7 +312,6 @@ li.gError select {
 
 .gError {
   background-color: #f6cbca;
-  color: red;
   background-image: url('../images/ico-error.png');
 }
 
@@ -346,11 +345,7 @@ table .gSuccess {
   background-color: transparent !important;
 }
 
-.gPager .gInfo,
-table .gError,
-table .gInfo,
-table .gSuccess,
-table .gWarning {
+.gPager .gInfo {
   background-image: none !important;
 }
 
diff --git a/themes/default/css/screen.css b/themes/default/css/screen.css
index 5eb30bde..7cf4cfbe 100644
--- a/themes/default/css/screen.css
+++ b/themes/default/css/screen.css
@@ -308,7 +308,6 @@ li.gError select {
 
 .gError {
   background-color: #f6cbca;
-  color: #f00;
   background-image: url('../images/ico-error.png');
 }
 
-- 
cgit v1.2.3


From 02409d3b99fe7601cf5ed03d07b03112f2fe0c38 Mon Sep 17 00:00:00 2001
From: Chad Kieffer <ckieffer@gmail.com>
Date: Wed, 2 Sep 2009 22:35:54 -0600
Subject: Fix bg images in tables bug in webkit and ie. #718

---
 modules/gallery/views/admin_maintenance.html.php |  8 ++--
 themes/admin_default/css/screen.css              | 47 ++++++++++++------------
 2 files changed, 27 insertions(+), 28 deletions(-)

(limited to 'modules/gallery/views/admin_maintenance.html.php')

diff --git a/modules/gallery/views/admin_maintenance.html.php b/modules/gallery/views/admin_maintenance.html.php
index 4bca8653..ce693d73 100644
--- a/modules/gallery/views/admin_maintenance.html.php
+++ b/modules/gallery/views/admin_maintenance.html.php
@@ -7,7 +7,7 @@
 
   <div id="gAvailableTasks">
     <h2> <?= t("Available Tasks") ?> </h2>
-    <table class="gMessages">
+    <table>
       <tr>
         <th>
           <?= t("Name") ?>
@@ -21,7 +21,7 @@
       </tr>
       <? $i = 0; ?>
       <? foreach ($task_definitions as $task): ?>
-      <tr class="<?= log::severity_class($task->severity) ?> <?= ($i % 2 == 0) ? "gOddRow" : "gEvenRow" ?>">
+      <tr class="<?= ($i % 2 == 0) ? "gOddRow" : "gEvenRow" ?> <?= log::severity_class($task->severity) ?>">
         <td class="<?= log::severity_class($task->severity) ?>">
           <?= $task->name ?>
         </td>
@@ -69,7 +69,7 @@
       </tr>
       <? $i = 0; ?>
       <? foreach ($running_tasks as $task): ?>
-      <tr class="<?= $task->state == "stalled" ? "gWarning" : "" ?> <?= ($i % 2 == 0) ? "gOddRow" : "gEvenRow" ?>">
+      <tr class="<?= ($i % 2 == 0) ? "gOddRow" : "gEvenRow" ?> <?= $task->state == "stalled" ? "gWarning" : "" ?>">
         <td class="<?= $task->state == "stalled" ? "gWarning" : "" ?>">
           <?= gallery::date_time($task->updated) ?>
         </td>
@@ -142,7 +142,7 @@
       </tr>
       <? $i = 0; ?>
       <? foreach ($finished_tasks as $task): ?>
-      <tr class="<?= $task->state == "success" ? "gSuccess" : "gError" ?> <?= ($i % 2 == 0) ? "gOddRow" : "gEvenRow" ?>">
+      <tr class="<?= ($i % 2 == 0) ? "gOddRow" : "gEvenRow" ?> <?= $task->state == "success" ? "gSuccess" : "gError" ?>">
         <td class="<?= $task->state == "success" ? "gSuccess" : "gError" ?>">
           <?= gallery::date_time($task->updated) ?>
         </td>
diff --git a/themes/admin_default/css/screen.css b/themes/admin_default/css/screen.css
index 24328133..c81db58d 100644
--- a/themes/admin_default/css/screen.css
+++ b/themes/admin_default/css/screen.css
@@ -356,48 +356,47 @@ li.gError select {
 .gInfo,
 .gSuccess,
 .gWarning {
-  background-position: .4em 50%;
-  background-repeat: no-repeat;
   padding: .4em .5em .4em 30px;
 }
 
-.gError {
-  background-color: #f6cbca;
-  background-image: url('../images/ico-error.png');
+.gError, tr.gError td.gError {
+  background: #f6cbca url('../images/ico-error.png') no-repeat .4em 50%;
 }
 
 .gInfo {
-  background-color: #e8e8e8;
-  background-image: url('../images/ico-info.png');
+  background: #e8e8e8 url('../images/ico-info.png') no-repeat .4em 50%;
 }
 
 .gSuccess {
-  background-color: #d9efc2;
-  background-image: url('../images/ico-success.png');
+  background: #d9efc2  url('../images/ico-success.png') no-repeat .4em 50%;
 }
 
-.gWarning {
-  background-color: #fcf9ce;
-  background-image: url('../images/ico-warning.png');
+.gWarning, tr.gWarning td.gWarning {
+  background: #fcf9ce url('../images/ico-warning.png') no-repeat .4em 50%;
+}
+
+.gPager .gInfo,
+tr.gError,
+tr.gInfo,
+tr.gSuccess,
+tr.gWarning {
+  background: none;
 }
 
-table .gError {
-  background-color: #f6cbca !important;
+.gInfo td.gInfo {
+  background-color: transparent;
 }
 
-table .gWarning {
-  background-color: #fcf9ce !important;
+.gSuccess td.gSuccess {
+  background-color: transparent;
 }
 
-.gPager .gInfo,
-form .gError,
-table .gInfo,
-table .gSuccess {
-  background-color: transparent !important;
+.gError td {
+  background-color: #f6cbca;
 }
 
-.gPager .gInfo {
-  background-image: none !important;
+.gWarning td {
+  background-color: #fcf9ce;
 }
 
 /* Inline layout (forms, lists) ~~~~~~~~~~ */
@@ -643,7 +642,7 @@ li.gGroup {
 
 li.gGroup h4 {
   background-color: #eee;
-  border-bottom: 1px dashed ccc;
+  border-bottom: 1px dashed #ccc;
   padding: .5em 0 .5em .5em;
 }
 li.gGroup .gButtonLink {
-- 
cgit v1.2.3