From eb32e1052df4da268f01a84b809d756d9c9b85b7 Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Sat, 23 Jan 2010 16:44:30 -0800
Subject: Fix typo: change $entryr to $entry->user

---
 modules/gallery/views/admin_block_log_entries.html.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'modules/gallery/views')

diff --git a/modules/gallery/views/admin_block_log_entries.html.php b/modules/gallery/views/admin_block_log_entries.html.php
index 90ce88a7..453724cb 100644
--- a/modules/gallery/views/admin_block_log_entries.html.php
+++ b/modules/gallery/views/admin_block_log_entries.html.php
@@ -2,7 +2,7 @@
 <ul>
   <? foreach ($entries as $entry): ?>
   <li class="<?= log::severity_class($entry->severity) ?>" style="direction: ltr">
-    <a href="<?= user_profile::url($entryr->id) ?>"><?= html::clean($entry->user->name) ?></a>
+    <a href="<?= user_profile::url($entry->user->id) ?>"><?= html::clean($entry->user->name) ?></a>
     <?= gallery::date_time($entry->timestamp) ?>
     <?= $entry->message ?>
     <?= $entry->html ?>
-- 
cgit v1.2.3


From cedbc82dccaf74a983f1f92846735b69391fdf10 Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Thu, 28 Jan 2010 07:44:58 -0800
Subject: Do all the html::clean|purify calls in the views and not the
 controller. Also clean the subject line and email message body of the contact
 user email.

---
 modules/gallery/controllers/user_profile.php     | 4 ++--
 modules/gallery/helpers/gallery_event.php        | 2 +-
 modules/gallery/views/user_profile.html.php      | 2 +-
 modules/gallery/views/user_profile_info.html.php | 2 +-
 modules/rest/views/user_profile_rest.html.php    | 2 +-
 5 files changed, 6 insertions(+), 6 deletions(-)

(limited to 'modules/gallery/views')

diff --git a/modules/gallery/controllers/user_profile.php b/modules/gallery/controllers/user_profile.php
index a0e6619e..327d2ff1 100644
--- a/modules/gallery/controllers/user_profile.php
+++ b/modules/gallery/controllers/user_profile.php
@@ -53,11 +53,11 @@ class User_Profile_Controller extends Controller {
     if ($form->validate()) {
       Sendmail::factory()
         ->to($user->email)
-        ->subject($form->message->subject->value)
+        ->subject(html::clean($form->message->subject->value))
         ->header("Mime-Version", "1.0")
         ->header("Content-type", "text/html; charset=iso-8859-1")
         ->reply_to($form->message->reply_to->value)
-        ->message($form->message->message->value)
+        ->message(html::purify($form->message->message->value))
         ->send();
       message::success(t("Sent message to %user_name", array("user_name" => $user->display_name())));
       print json_encode(array("result" => "success"));
diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php
index 70c6de4a..9b252f61 100644
--- a/modules/gallery/helpers/gallery_event.php
+++ b/modules/gallery/helpers/gallery_event.php
@@ -411,7 +411,7 @@ class gallery_event_Core {
         if ($field == "locale") {
           $value = locales::display_name($value);
         }
-        $v->fields[(string) $label] = html::clean($value);
+        $v->fields[(string) $label] = $value;
       }
     }
     $data->content[] = (object) array("title" => t("User information"), "view" => $v);
diff --git a/modules/gallery/views/user_profile.html.php b/modules/gallery/views/user_profile.html.php
index 708b1613..7dc9d13e 100644
--- a/modules/gallery/views/user_profile.html.php
+++ b/modules/gallery/views/user_profile.html.php
@@ -41,7 +41,7 @@
   <? foreach ($info_parts as $info): ?>
   <div>
     <fieldset>
-    <label><?= $info->title ?></label>
+    <label><?= html::purify($info->title) ?></label>
     <div>
     <?= $info->view ?>
     </div>
diff --git a/modules/gallery/views/user_profile_info.html.php b/modules/gallery/views/user_profile_info.html.php
index 2a2549c8..2f2d68d3 100644
--- a/modules/gallery/views/user_profile_info.html.php
+++ b/modules/gallery/views/user_profile_info.html.php
@@ -3,7 +3,7 @@
   <? foreach ($fields as $field => $value): ?>
   <tr>
     <td><?= $field ?></td>
-    <td><?= $value ?></td>
+    <td><?= html::purify($value) ?></td>
   </tr>
   <? endforeach ?>
 </table>
diff --git a/modules/rest/views/user_profile_rest.html.php b/modules/rest/views/user_profile_rest.html.php
index 3807817e..397afa89 100644
--- a/modules/rest/views/user_profile_rest.html.php
+++ b/modules/rest/views/user_profile_rest.html.php
@@ -2,7 +2,7 @@
 <div id="g-rest-detail">
 <ul>
   <li id="g-rest-key">
-  <p><b><?= t("Key") ?></b>:<?= $rest_key ?></p>
+  <p><b><?= t("Key") ?></b>:<?= html::clean($rest_key) ?></p>
   </li>
 </ul>
 </div>
-- 
cgit v1.2.3


From f943a2deefa822544ef737e579649c6437dc3450 Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Thu, 28 Jan 2010 08:14:33 -0800
Subject: Don't show a link to the user profile for the guest user

---
 modules/comment/views/admin_block_recent_comments.html.php | 6 ++++++
 modules/comment/views/comment.html.php                     | 6 ++++++
 modules/comment/views/comments.html.php                    | 6 ++++++
 modules/gallery/views/admin_block_log_entries.html.php     | 4 ++++
 4 files changed, 22 insertions(+)

(limited to 'modules/gallery/views')

diff --git a/modules/comment/views/admin_block_recent_comments.html.php b/modules/comment/views/admin_block_recent_comments.html.php
index 99f72a30..4017e4f9 100644
--- a/modules/comment/views/admin_block_recent_comments.html.php
+++ b/modules/comment/views/admin_block_recent_comments.html.php
@@ -8,10 +8,16 @@
          width="32"
          height="32" />
     <?= gallery::date_time($comment->created) ?>
+    <? if ($comment->author()->guest): ?>
+    <?= t('%author_name said <em>%comment_text</em>',
+          array("author_name" => html::clean($comment->author_name()),
+                "comment_text" => text::limit_words(nl2br(html::purify($comment->text)), 50))); ?>
+    <? else: ?>
     <?= t('<a href="%url">%author_name</a> said <em>%comment_text</em>',
           array("author_name" => html::clean($comment->author_name()),
                 "url" => user_profile::url($comment->author_id),
                 "comment_text" => text::limit_words(nl2br(html::purify($comment->text)), 50))); ?>
+    <? endif ?>
   </li>
   <? endforeach ?>
 </ul>
diff --git a/modules/comment/views/comment.html.php b/modules/comment/views/comment.html.php
index c4cf1ce0..263e5f97 100644
--- a/modules/comment/views/comment.html.php
+++ b/modules/comment/views/comment.html.php
@@ -8,10 +8,16 @@
            width="40"
            height="40" />
     </a>
+    <? if ($comment->author()->guest): ?>
+    <?= t("on %date_time, %name said",
+          array("date_time" => gallery::date_time($comment->created),
+                "name" => html::clean($comment->author_name()))) ?>
+    <? else: ?>
     <?= t("on %date_time,  <a href=\"%url\">%name</a> said",
           array("date_time" => gallery::date_time($comment->created),
                 "url" => user_profile::url($comment->author_id),
                 "name" => html::clean($comment->author_name()))) ?>
+    <? endif ?>
   </p>
   <div>
   <?= nl2br(html::purify($comment->text)) ?>
diff --git a/modules/comment/views/comments.html.php b/modules/comment/views/comments.html.php
index c8236997..0ed07c22 100644
--- a/modules/comment/views/comments.html.php
+++ b/modules/comment/views/comments.html.php
@@ -22,10 +22,16 @@
              width="40"
              height="40" />
       </a>
+      <? if ($comment->author()->guest): ?>
+      <?= t('on %date %name said',
+            array("date" => date("Y-M-d H:i:s", $comment->created),
+                  "name" => html::clean($comment->author_name()))); ?>
+      <? else: ?>
       <?= t('on %date <a href="%url">%name</a> said',
             array("date" => date("Y-M-d H:i:s", $comment->created),
                   "url" => user_profile::url($comment->author_id),
                   "name" => html::clean($comment->author_name()))); ?>
+      <? endif ?>
     </p>
     <div>
       <?= nl2br(html::purify($comment->text)) ?>
diff --git a/modules/gallery/views/admin_block_log_entries.html.php b/modules/gallery/views/admin_block_log_entries.html.php
index 453724cb..5a8ed23c 100644
--- a/modules/gallery/views/admin_block_log_entries.html.php
+++ b/modules/gallery/views/admin_block_log_entries.html.php
@@ -2,7 +2,11 @@
 <ul>
   <? foreach ($entries as $entry): ?>
   <li class="<?= log::severity_class($entry->severity) ?>" style="direction: ltr">
+    <? if ($entry->user->guest): ?>
+    </span><?= html::clean($entry->user->name) ?></span>
+    <? else: ?>
     <a href="<?= user_profile::url($entry->user->id) ?>"><?= html::clean($entry->user->name) ?></a>
+    <? endif ?>
     <?= gallery::date_time($entry->timestamp) ?>
     <?= $entry->message ?>
     <?= $entry->html ?>
-- 
cgit v1.2.3


From c51fe9682075c961972c344f4888a4adceabe3eb Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Thu, 28 Jan 2010 09:27:27 -0800
Subject: Make the varible for the profile name more descriptive and clean the
 label

---
 modules/gallery/helpers/gallery_event.php        | 4 ++--
 modules/gallery/tests/xss_data.txt               | 1 -
 modules/gallery/views/user_profile_info.html.php | 4 ++--
 3 files changed, 4 insertions(+), 5 deletions(-)

(limited to 'modules/gallery/views')

diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php
index 9b252f61..b3d4daab 100644
--- a/modules/gallery/helpers/gallery_event.php
+++ b/modules/gallery/helpers/gallery_event.php
@@ -404,14 +404,14 @@ class gallery_event_Core {
     if (!$data->display_all) {
       $fields = array("name" => t("Name"), "full_name" => t("Full name"), "url" => "Web site");
     }
-    $v->fields = array();
+    $v->user_profile_data = array();
     foreach ($fields as $field => $label) {
       if (!empty($data->user->$field)) {
         $value = $data->user->$field;
         if ($field == "locale") {
           $value = locales::display_name($value);
         }
-        $v->fields[(string) $label] = $value;
+        $v->user_profile_data[(string) $label] = $value;
       }
     }
     $data->content[] = (object) array("title" => t("User information"), "view" => $v);
diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt
index 04add4c7..663080a0 100644
--- a/modules/gallery/tests/xss_data.txt
+++ b/modules/gallery/tests/xss_data.txt
@@ -224,7 +224,6 @@ modules/gallery/views/upgrader.html.php                      102 DIRTY_ATTR $don
 modules/gallery/views/user_languages_block.html.php          2   DIRTY    form::dropdown("g-select-session-locale",$installed_locales,$selected)
 modules/gallery/views/user_profile.html.php                  35  DIRTY_ATTR $user->avatar_url(40,$theme->url(,true))
 modules/gallery/views/user_profile.html.php                  46  DIRTY    $info->view
-modules/gallery/views/user_profile_info.html.php             5   DIRTY    $field
 modules/image_block/views/image_block_block.html.php         3   DIRTY_JS $item->url()
 modules/image_block/views/image_block_block.html.php         4   DIRTY    $item->thumb_img(array("class"=>"g-thumbnail"))
 modules/info/views/info_block.html.php                       22  DIRTY    date("M j, Y H:i:s",$item->captured)
diff --git a/modules/gallery/views/user_profile_info.html.php b/modules/gallery/views/user_profile_info.html.php
index 2f2d68d3..58e134bb 100644
--- a/modules/gallery/views/user_profile_info.html.php
+++ b/modules/gallery/views/user_profile_info.html.php
@@ -1,8 +1,8 @@
 <?php defined("SYSPATH") or die("No direct script access.") ?>
 <table>
-  <? foreach ($fields as $field => $value): ?>
+  <? foreach ($user_profile_data as $label => $value): ?>
   <tr>
-    <td><?= $field ?></td>
+    <td><?= html::clean($label) ?></td>
     <td><?= html::purify($value) ?></td>
   </tr>
   <? endforeach ?>
-- 
cgit v1.2.3


From 44b372077c64b0f051051c6dd16a88f1507c507f Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Thu, 28 Jan 2010 09:35:38 -0800
Subject: Secure the t("Continue") strings in javascript.

---
 modules/gallery/views/admin_modules.html.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'modules/gallery/views')

diff --git a/modules/gallery/views/admin_modules.html.php b/modules/gallery/views/admin_modules.html.php
index 26b2c87c..c5015e68 100644
--- a/modules/gallery/views/admin_modules.html.php
+++ b/modules/gallery/views/admin_modules.html.php
@@ -22,7 +22,7 @@
             buttons: {
               <?= t("Continue")->for_js() ?>: function() {
                 $("form", this).submit();
-                $(".ui-dialog-buttonpane button:contains(<?= t("Continue") ?>)")
+                $(".ui-dialog-buttonpane button:contains(" + <?= t("Continue")->for_js() ?> + ")")
                   .attr("disabled", "disabled")
                   .addClass("ui-state-disabled");
               },
@@ -32,7 +32,7 @@
             }
           });
           if (!data.allow_continue) {
-            $(".ui-dialog-buttonpane button:contains(<?= t("Continue") ?>)")
+            $(".ui-dialog-buttonpane button:contains(" + <?= t("Continue")->for_js() ?> + ")")
               .attr("disabled", "disabled")
               .addClass("ui-state-disabled");
           }
-- 
cgit v1.2.3


From c011b0e1f63215a4389658ca0a6edcef47a0ea8c Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Thu, 28 Jan 2010 09:37:33 -0800
Subject: Secure the t("Completed") call.

---
 modules/gallery/views/form_uploadify.html.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'modules/gallery/views')

diff --git a/modules/gallery/views/form_uploadify.html.php b/modules/gallery/views/form_uploadify.html.php
index b3b81ecb..137cb353 100644
--- a/modules/gallery/views/form_uploadify.html.php
+++ b/modules/gallery/views/form_uploadify.html.php
@@ -58,7 +58,7 @@
             "<li class=\"g-error\">" + fileObj.name + " - " + msg[1] + "</li>");
         } else {
           $("#g-add-photos-status ul").append(
-            "<li class=\"g-success\">" + fileObj.name + " - <?= t("Completed") ?></li>");
+            "<li class=\"g-success\">" + fileObj.name + " - " + <?= t("Completed")->for_js() ?> + "</li>");
         }
         return true;
       },
-- 
cgit v1.2.3


From fcc72bbbd032e21d2fe0ec727f09692886c8e09e Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Thu, 28 Jan 2010 09:41:18 -0800
Subject: Rename $class to $css_class for clarity.

---
 modules/gallery/views/admin_modules_confirm.html.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'modules/gallery/views')

diff --git a/modules/gallery/views/admin_modules_confirm.html.php b/modules/gallery/views/admin_modules_confirm.html.php
index 59592505..8c4cb2bd 100644
--- a/modules/gallery/views/admin_modules_confirm.html.php
+++ b/modules/gallery/views/admin_modules_confirm.html.php
@@ -6,9 +6,9 @@
 
   <div id="g-admin-modules-messages" class="g-block-content">
    <ul>
-     <? foreach (array("error" => "g-error", "warn" => "g-warning") as $type => $class): ?>
+     <? foreach (array("error" => "g-error", "warn" => "g-warning") as $type => $css_class): ?>
      <? foreach ($messages[$type] as $message): ?>
-     <li class="<?= $class ?>" style="padding-bottom: 0"><?= $message ?></li>
+     <li class="<?= $css_class ?>" style="padding-bottom: 0"><?= $message ?></li>
      <? endforeach ?>
      <? endforeach ?>
    </ul>
-- 
cgit v1.2.3


From b8fb891828effa441a37efdd5babe03a5c7f5efe Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Thu, 28 Jan 2010 11:46:28 -0800
Subject: Make the return button work in chrome, FF, IE, safari and opera.

---
 modules/gallery/views/user_profile.html.php | 1 +
 1 file changed, 1 insertion(+)

(limited to 'modules/gallery/views')

diff --git a/modules/gallery/views/user_profile.html.php b/modules/gallery/views/user_profile.html.php
index 7dc9d13e..f35f8c3f 100644
--- a/modules/gallery/views/user_profile.html.php
+++ b/modules/gallery/views/user_profile.html.php
@@ -26,6 +26,7 @@
   $(document).ready(function() {
     $("#g-profile-return").click(function(event) {
       history.go(-1);
+      return false;
     })
   });
 </script>
-- 
cgit v1.2.3


From 5c527513c688571adcff45f513efff54b9c55e61 Mon Sep 17 00:00:00 2001
From: Andy Staudacher <andy.st@gmail.com>
Date: Thu, 28 Jan 2010 19:46:53 -0800
Subject: Fix language preference block / language cookie reading.

The preference block must have been broken by a jquery update, and the cookie reading by a Kohana update.
---
 modules/gallery/helpers/locales.php                 | 4 +++-
 modules/gallery/views/user_languages_block.html.php | 2 +-
 2 files changed, 4 insertions(+), 2 deletions(-)

(limited to 'modules/gallery/views')

diff --git a/modules/gallery/helpers/locales.php b/modules/gallery/helpers/locales.php
index 5c8c227a..dc32b12f 100644
--- a/modules/gallery/helpers/locales.php
+++ b/modules/gallery/helpers/locales.php
@@ -238,7 +238,9 @@ class locales_Core {
   }
 
   static function cookie_locale() {
-    $cookie_data = Input::instance()->cookie("g_locale");
+    // Can't use Input framework for client side cookies since
+    // they're not signed.
+    $cookie_data = isset($_COOKIE["g_locale"]) ? $_COOKIE["g_locale"] : null;
     $locale = null;
     if ($cookie_data) {
       if (preg_match("/^([a-z]{2,3}(?:_[A-Z]{2})?)$/", trim($cookie_data), $matches)) {
diff --git a/modules/gallery/views/user_languages_block.html.php b/modules/gallery/views/user_languages_block.html.php
index 89185967..3776ca13 100644
--- a/modules/gallery/views/user_languages_block.html.php
+++ b/modules/gallery/views/user_languages_block.html.php
@@ -1,7 +1,7 @@
 <?php defined("SYSPATH") or die("No direct script access.") ?>
 <?= form::dropdown("g-select-session-locale", $installed_locales, $selected) ?>
 <script type="text/javascript">
-  $("#g-select-session-locale").change(function() {
+  $("select[name=g-select-session-locale]").change(function() {
     var old_locale_preference = <?= html::js_string($selected) ?>;
     var locale = $(this).val();
     if (old_locale_preference == locale) {
-- 
cgit v1.2.3


From 0d73738099f7c12f2185018a29b647763c9d36ce Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Fri, 29 Jan 2010 10:13:10 -0800
Subject: Stop using obsolete form::close() Update the way we include the
 hidden CSRF field for InPlaceEdit.

---
 modules/digibug/views/digibug_form.html.php  | 2 +-
 modules/gallery/libraries/InPlaceEdit.php    | 1 -
 modules/gallery/views/in_place_edit.html.php | 5 +++--
 3 files changed, 4 insertions(+), 4 deletions(-)

(limited to 'modules/gallery/views')

diff --git a/modules/digibug/views/digibug_form.html.php b/modules/digibug/views/digibug_form.html.php
index c6994cbe..f7b34e16 100644
--- a/modules/digibug/views/digibug_form.html.php
+++ b/modules/digibug/views/digibug_form.html.php
@@ -3,7 +3,7 @@
   <body>
     <?= form::open("http://www.digibug.com/dapi/order.php") ?>
     <?= form::hidden($order_parms) ?>
-    <?= form::close() ?>
+    </form>
     <script type="text/javascript">
       document.forms[0].submit();
     </script>
diff --git a/modules/gallery/libraries/InPlaceEdit.php b/modules/gallery/libraries/InPlaceEdit.php
index 67ab3805..04a2e9a5 100644
--- a/modules/gallery/libraries/InPlaceEdit.php
+++ b/modules/gallery/libraries/InPlaceEdit.php
@@ -70,7 +70,6 @@ class InPlaceEdit_Core {
 
   public function render() {
     $v = new View("in_place_edit.html");
-    $v->hidden = array("csrf" => access::csrf_token());
     $v->action = url::site($this->action);
     $v->form = $this->form;
     $v->errors = $this->errors;
diff --git a/modules/gallery/views/in_place_edit.html.php b/modules/gallery/views/in_place_edit.html.php
index 45cf1d8c..b556829c 100644
--- a/modules/gallery/views/in_place_edit.html.php
+++ b/modules/gallery/views/in_place_edit.html.php
@@ -1,5 +1,6 @@
 <?php defined("SYSPATH") or die("No direct script access.") ?>
-<?= form::open($action, array("method" => "post", "id" => "g-in-place-edit-form", "class" => "g-short-form"), $hidden) ?>
+<?= form::open($action, array("method" => "post", "id" => "g-in-place-edit-form", "class" => "g-short-form")) ?>
+  <?= access::csrf_form_field() ?>
   <ul>
     <li<? if (!empty($errors["input"])): ?> class="g-error"<? endif ?>>
       <?= form::input("input", $form["input"], " class=\"textbox\"") ?>
@@ -9,7 +10,7 @@
     </li>
     <li><a href="#" class="g-cancel"><?= t("Cancel") ?></a></li>
   </ul>
-<?= form::close() ?>
+</form>
 <? if (!empty($errors["input"])): ?>
 <div id="g-in-place-edit-message" class="g-error"><?= $errors["input"] ?></div>
 <? endif ?>
-- 
cgit v1.2.3


From 1bc0d05760df7bff5cee0a330b5b7181b3c49835 Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Fri, 29 Jan 2010 11:36:35 -0800
Subject: Replace <?= form::close() ?> with </form>. Also add a call to
 access::csrf_form_field in the form template. Fixes ticket #996.

---
 modules/gallery/views/in_place_edit.html.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'modules/gallery/views')

diff --git a/modules/gallery/views/in_place_edit.html.php b/modules/gallery/views/in_place_edit.html.php
index 45cf1d8c..ad9ea845 100644
--- a/modules/gallery/views/in_place_edit.html.php
+++ b/modules/gallery/views/in_place_edit.html.php
@@ -1,5 +1,6 @@
 <?php defined("SYSPATH") or die("No direct script access.") ?>
 <?= form::open($action, array("method" => "post", "id" => "g-in-place-edit-form", "class" => "g-short-form"), $hidden) ?>
+  <?= access::csrf_form_field() ?>
   <ul>
     <li<? if (!empty($errors["input"])): ?> class="g-error"<? endif ?>>
       <?= form::input("input", $form["input"], " class=\"textbox\"") ?>
@@ -9,7 +10,7 @@
     </li>
     <li><a href="#" class="g-cancel"><?= t("Cancel") ?></a></li>
   </ul>
-<?= form::close() ?>
+</form/>
 <? if (!empty($errors["input"])): ?>
 <div id="g-in-place-edit-message" class="g-error"><?= $errors["input"] ?></div>
 <? endif ?>
-- 
cgit v1.2.3


From 43cb6d9b56f802a5952d16b8412f8407dd8cf3c4 Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Sat, 30 Jan 2010 11:38:40 -0800
Subject: Make the error page more robust in the case where there's a failure
 early on in the framework code before we can load Gallery_I18n.php

---
 modules/gallery/views/kohana/error.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'modules/gallery/views')

diff --git a/modules/gallery/views/kohana/error.php b/modules/gallery/views/kohana/error.php
index 7271db14..26628cf2 100644
--- a/modules/gallery/views/kohana/error.php
+++ b/modules/gallery/views/kohana/error.php
@@ -1,5 +1,6 @@
 <?php defined("SYSPATH") or die("No direct script access.") ?>
 <? $error_id = uniqid("error") ?>
+<? if (!function_exists("t")) { function t($msg) { return $msg; } } ?>
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
     <style type="text/css">
@@ -131,7 +132,7 @@
   </head>
   <body>
     <? try { $user = identity::active_user(); } catch (Exception $e) { } ?>
-    <? $admin = php_sapi_name() == "cli" || isset($user) && $user->admin ?>
+    <? $admin = php_sapi_name() == "cli" || (class_exists("User_Model") && isset($user) && $user->admin) ?>
     <div class="big_box" id="framework_error">
       <h1>
         <?= t("Dang...  Something went wrong!") ?>
-- 
cgit v1.2.3