From f488384a7b56b1e9511fa23d3ac359de64901213 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Mon, 30 Apr 2012 15:04:45 -0700 Subject: Guard reparent/rearrange against bad values in source_id. Fixes #1843. --- modules/organize/controllers/organize.php | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'modules/organize/controllers') diff --git a/modules/organize/controllers/organize.php b/modules/organize/controllers/organize.php index 5a2c3e4f..048f6fc3 100644 --- a/modules/organize/controllers/organize.php +++ b/modules/organize/controllers/organize.php @@ -81,6 +81,9 @@ class Organize_Controller extends Controller { foreach (explode(",", $input->post("source_ids")) as $source_id) { $source = ORM::factory("item", $source_id); + if (!$source->loaded()) { + continue; + } access::required("edit", $source->parent()); if ($source->contains($new_parent) || $source->id == $new_parent->id) { @@ -116,6 +119,11 @@ class Organize_Controller extends Controller { $input = Input::instance(); $target = ORM::factory("item", $input->post("target_id")); + if (!$target->loaded()) { + json::reply(null); + return; + } + $album = $target->parent(); access::required("edit", $album); -- cgit v1.2.3 From 581d9a58db6a18a2597ee5487e57716f367c884b Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 5 May 2012 19:38:31 -0700 Subject: Clean up title handling code in organize and wind theme for consistency. Fixes #1847. --- modules/organize/controllers/organize.php | 5 +++-- modules/organize/views/organize_dialog.html.php | 2 +- modules/organize/views/organize_frame.html.php | 2 +- themes/wind/views/dynamic.html.php | 2 +- themes/wind/views/page.html.php | 4 ++-- 5 files changed, 8 insertions(+), 7 deletions(-) (limited to 'modules/organize/controllers') diff --git a/modules/organize/controllers/organize.php b/modules/organize/controllers/organize.php index 048f6fc3..3f04e56d 100644 --- a/modules/organize/controllers/organize.php +++ b/modules/organize/controllers/organize.php @@ -56,7 +56,7 @@ class Organize_Controller extends Controller { "sort_column" => $album->sort_column, "sort_order" => $album->sort_order, "editable" => access::can("edit", $album), - "title" => $album->title, + "title" => (string)html::clean($album->title), "children" => array()); foreach ($album->viewable()->children() as $child) { @@ -67,8 +67,9 @@ class Organize_Controller extends Controller { "width" => $dims[1], "height" => $dims[0], "type" => $child->type, - "title" => $child->title); + "title" => (string)html::clean($child->title)); } + Kohana_Log::add("error","".print_r($data,1)); json::reply($data); } diff --git a/modules/organize/views/organize_dialog.html.php b/modules/organize/views/organize_dialog.html.php index a386fa77..9ea4d923 100644 --- a/modules/organize/views/organize_dialog.html.php +++ b/modules/organize/views/organize_dialog.html.php @@ -11,7 +11,7 @@ var set_title = function(title) { $("#g-dialog").dialog("option", "title", ORGANIZE_TITLE.replace("__TITLE__", title)); } - set_title("title ?>"); + set_title("title) ?>"); var done_loading = function() { $("#g-organize-app-loading").hide(); diff --git a/modules/organize/views/organize_frame.html.php b/modules/organize/views/organize_frame.html.php index 20a1a6da..51d49104 100644 --- a/modules/organize/views/organize_frame.html.php +++ b/modules/organize/views/organize_frame.html.php @@ -506,7 +506,7 @@ root: { allowDrop: Boolean(), nodeType: "async", - text: "title ?>", + text: "title) ?>", draggable: false, id: "id ?>", expanded: true diff --git a/themes/wind/views/dynamic.html.php b/themes/wind/views/dynamic.html.php index a8a4d362..c8b2fcaf 100644 --- a/themes/wind/views/dynamic.html.php +++ b/themes/wind/views/dynamic.html.php @@ -3,7 +3,7 @@
dynamic_top() ?>
-

+