From 788a458a11f04e47fe1c241463785d0f0b12cf3c Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sun, 19 Jul 2009 13:43:06 -0700 Subject: Remove success logging. Only log on errors, otherwise the log is huge. --- modules/search/helpers/search.php | 1 - 1 file changed, 1 deletion(-) (limited to 'modules/search/helpers/search.php') diff --git a/modules/search/helpers/search.php b/modules/search/helpers/search.php index 34eaecbd..6317020f 100644 --- a/modules/search/helpers/search.php +++ b/modules/search/helpers/search.php @@ -79,7 +79,6 @@ class search_Core { $record->data = join(" ", $data); $record->dirty = 0; $record->save(); - return t("Search index updated for '%title'", array("title" => p::purify($item->title))); } static function stats() { -- cgit v1.2.3 From 350c1b02670d971d3a389f786f46fb9be2dec8ed Mon Sep 17 00:00:00 2001 From: Romain LE DISEZ Date: Sun, 19 Jul 2009 00:49:47 +0200 Subject: Use BOOLEAN instead of integer to describe the permissions : - DENY = false - ALLOW = true - UNKNOW = null (for intent only) - INHERIT = null (for cache) Upgrade is not included for now. (cherry picked from commit 719c59e0402464a0e2b14915f6d10218ff5d4729) --- installer/install.sql | 32 ++++++++++++------------- modules/gallery/helpers/access.php | 31 +++++++++++++----------- modules/gallery/views/permissions_form.html.php | 2 +- modules/search/helpers/search.php | 2 +- system/libraries/drivers/Database.php | 4 ++-- 5 files changed, 37 insertions(+), 34 deletions(-) (limited to 'modules/search/helpers/search.php') diff --git a/installer/install.sql b/installer/install.sql index bda576d1..b17b5888 100755 --- a/installer/install.sql +++ b/installer/install.sql @@ -4,12 +4,12 @@ DROP TABLE IF EXISTS {access_caches}; CREATE TABLE {access_caches} ( `id` int(9) NOT NULL auto_increment, `item_id` int(9) default NULL, - `view_full_1` smallint(6) NOT NULL default '0', - `edit_1` smallint(6) NOT NULL default '0', - `add_1` smallint(6) NOT NULL default '0', - `view_full_2` smallint(6) NOT NULL default '0', - `edit_2` smallint(6) NOT NULL default '0', - `add_2` smallint(6) NOT NULL default '0', + `view_full_1` binary(1) NOT NULL default false, + `edit_1` binary(1) NOT NULL default false, + `add_1` binary(1) NOT NULL default false, + `view_full_2` binary(1) NOT NULL default false, + `edit_2` binary(1) NOT NULL default false, + `add_2` binary(1) NOT NULL default false, PRIMARY KEY (`id`) ) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8; /*!40101 SET character_set_client = @saved_cs_client */; @@ -20,14 +20,14 @@ DROP TABLE IF EXISTS {access_intents}; CREATE TABLE {access_intents} ( `id` int(9) NOT NULL auto_increment, `item_id` int(9) default NULL, - `view_1` tinyint(1) default NULL, - `view_full_1` tinyint(1) default NULL, - `edit_1` tinyint(1) default NULL, - `add_1` tinyint(1) default NULL, - `view_2` tinyint(1) default NULL, - `view_full_2` tinyint(1) default NULL, - `edit_2` tinyint(1) default NULL, - `add_2` tinyint(1) default NULL, + `view_1` binary(1) default NULL, + `view_full_1` binary(1) default NULL, + `edit_1` binary(1) default NULL, + `add_1` binary(1) default NULL, + `view_2` binary(1) default NULL, + `view_full_2` binary(1) default NULL, + `edit_2` binary(1) default NULL, + `add_2` binary(1) default NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8; /*!40101 SET character_set_client = @saved_cs_client */; @@ -164,8 +164,8 @@ CREATE TABLE {items} ( `view_count` int(9) default '0', `weight` int(9) NOT NULL default '0', `width` int(9) default NULL, - `view_1` smallint(6) NOT NULL default '0', - `view_2` smallint(6) NOT NULL default '0', + `view_1` binary(1) default false, + `view_2` binary(1) default false, PRIMARY KEY (`id`), KEY `parent_id` (`parent_id`), KEY `type` (`type`), diff --git a/modules/gallery/helpers/access.php b/modules/gallery/helpers/access.php index 65316a8a..4130964d 100644 --- a/modules/gallery/helpers/access.php +++ b/modules/gallery/helpers/access.php @@ -66,9 +66,10 @@ * the Access_Intent_Model */ class access_Core { - const DENY = 0; - const ALLOW = 1; - const UNKNOWN = 2; + const DENY = false; + const ALLOW = true; + const INHERIT = null; // access_intent + const UNKNOWN = null; // cache (access_cache, items) /** * Does the active user have this permission on this item? @@ -141,7 +142,7 @@ class access_Core { * @param Group_Model $group * @param string $perm_name * @param Item_Model $item - * @return integer access::ALLOW, access::DENY or null for no intent + * @return boolean access::ALLOW, access::DENY or access::INHERIT (null) for no intent */ static function group_intent($group, $perm_name, $item) { $intent = model_cache::get("access_intent", $item->id, "item_id"); @@ -169,7 +170,7 @@ class access_Core { ->where("`right` >= $item->right") ->where("items.id <> $item->id") ->join("access_intents", "items.id", "access_intents.item_id") - ->where("access_intents.view_$group->id", 0) + ->where("access_intents.view_$group->id", access::DENY) ->orderby("level", "DESC") ->limit(1) ->find(); @@ -253,7 +254,7 @@ class access_Core { if ($item->id == 1) { throw new Exception("@todo CANT_RESET_ROOT_PERMISSION"); } - self::_set($group, $perm_name, $item, null); + self::_set($group, $perm_name, $item, access::INHERIT); } /** @@ -455,9 +456,10 @@ class access_Core { $db = Database::instance(); $field = "{$perm_name}_{$group->id}"; $cache_table = $perm_name == "view" ? "items" : "access_caches"; - $db->query("ALTER TABLE {{$cache_table}} ADD `$field` SMALLINT NOT NULL DEFAULT 0"); - $db->query("ALTER TABLE {access_intents} ADD `$field` BOOLEAN DEFAULT NULL"); - $db->update("access_intents", array($field => 0), array("item_id" => 1)); + $not_null = $cache_table == "items" ? "" : "NOT NULL"; + $db->query("ALTER TABLE {{$cache_table}} ADD `$field` BINARY $not_null DEFAULT FALSE"); + $db->query("ALTER TABLE {access_intents} ADD `$field` BINARY DEFAULT NULL"); + $db->update("access_intents", array($field => access::DENY), array("item_id" => 1)); model_cache::clear(); ORM::factory("access_intent")->clear_cache(); } @@ -513,7 +515,7 @@ class access_Core { ->where("left >=", $item->left) ->where("right <=", $item->right) ->where("type", "album") - ->where("access_intents.$field IS NOT", null) + ->where("access_intents.$field IS NOT", self::INHERIT) ->orderby("level", "DESC") ->find_all(); foreach ($query as $row) { @@ -557,12 +559,12 @@ class access_Core { // // @todo To optimize this, we wouldn't need to propagate from the parent, we could just // propagate from here with the parent's intent. - if ($access->$field === null) { + if ($access->$field === self::INHERIT) { $tmp_item = ORM::factory("item") ->join("access_intents", "items.id", "access_intents.item_id") ->where("left <", $item->left) ->where("right >", $item->right) - ->where("$field IS NOT", null) + ->where("$field IS NOT", self::UNKNOWN) ->orderby("left", "DESC") ->limit(1) ->find(); @@ -578,12 +580,13 @@ class access_Core { ->join("items", "items.id", "access_intents.item_id") ->where("left >=", $item->left) ->where("right <=", $item->right) - ->where("$field IS NOT", null) + ->where("$field IS NOT", self::INHERIT) ->orderby("level", "ASC") ->find_all(); foreach ($query as $row) { + $value = ($row->$field === access::ALLOW) ? "TRUE" : "FALSE"; $db->query( - "UPDATE {access_caches} SET `$field` = {$row->$field} " . + "UPDATE {access_caches} SET `$field` = $value " . "WHERE `item_id` IN " . " (SELECT `id` FROM {items} " . " WHERE `left` >= $row->left " . diff --git a/modules/gallery/views/permissions_form.html.php b/modules/gallery/views/permissions_form.html.php index 0f60070a..ee5e3a24 100644 --- a/modules/gallery/views/permissions_form.html.php +++ b/modules/gallery/views/permissions_form.html.php @@ -26,7 +26,7 @@ - + admin) { foreach (user::group_ids() as $id) { - $fields[] = "`view_$id` = " . access::ALLOW; + $fields[] = "`view_$id` = TRUE"; // access::ALLOW } $access_sql = "AND (" . join(" AND ", $fields) . ")"; } else { diff --git a/system/libraries/drivers/Database.php b/system/libraries/drivers/Database.php index 807469f6..27f6ea8e 100644 --- a/system/libraries/drivers/Database.php +++ b/system/libraries/drivers/Database.php @@ -120,7 +120,7 @@ abstract class Database_Driver { $key .= ' ='; } - $value = ($value == TRUE) ? ' 1' : ' 0'; + $value = ($value == TRUE) ? ' TRUE' : ' FALSE'; } else { @@ -310,7 +310,7 @@ abstract class Database_Driver { $value = '\''.$this->escape_str($value).'\''; break; case 'boolean': - $value = (int) $value; + $value = ($value == TRUE) ? 'TRUE' : 'FALSE'; break; case 'double': // Convert to non-locale aware float to prevent possible commas -- cgit v1.2.3 From 44bc74edb9ae77bfaeb70f708411026131ec12bb Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Tue, 28 Jul 2009 20:30:34 -0700 Subject: Change search callbacks to use the event system, so move them out of xxx_search helpers and into xxx_event helpers. --- modules/comment/helpers/comment_event.php | 11 ++++++++++ modules/comment/helpers/comment_search.php | 34 ------------------------------ modules/gallery/helpers/gallery_event.php | 6 ++++++ modules/gallery/helpers/gallery_search.php | 24 --------------------- modules/search/helpers/search.php | 12 ++++------- modules/tag/helpers/tag_event.php | 4 ++++ modules/tag/helpers/tag_search.php | 24 --------------------- 7 files changed, 25 insertions(+), 90 deletions(-) delete mode 100644 modules/comment/helpers/comment_search.php delete mode 100644 modules/gallery/helpers/gallery_search.php delete mode 100644 modules/tag/helpers/tag_search.php (limited to 'modules/search/helpers/search.php') diff --git a/modules/comment/helpers/comment_event.php b/modules/comment/helpers/comment_event.php index 614c7c65..0234aea9 100644 --- a/modules/comment/helpers/comment_event.php +++ b/modules/comment/helpers/comment_event.php @@ -38,4 +38,15 @@ class comment_event_Core { ->url("#comments") ->css_id("gCommentsLink")); } + + static function item_index_data($item, $data) { + foreach (Database::instance() + ->select("text") + ->from("comments") + ->where("item_id", $item->id) + ->get() + ->as_array() as $row) { + $data[] = $row->text; + } + } } diff --git a/modules/comment/helpers/comment_search.php b/modules/comment/helpers/comment_search.php deleted file mode 100644 index 29762eae..00000000 --- a/modules/comment/helpers/comment_search.php +++ /dev/null @@ -1,34 +0,0 @@ -select("text") - ->from("comments") - ->where("item_id", $item->id) - ->get() - ->as_array() as $row) { - $data[] = $row->text; - } - return join(" ", $data); - } -} diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php index 1cd96372..64f2a9ff 100644 --- a/modules/gallery/helpers/gallery_event.php +++ b/modules/gallery/helpers/gallery_event.php @@ -47,4 +47,10 @@ class gallery_event_Core { module::clear_var("gallery", "choose_default_tookit"); } } + + static function item_index_data($item, $data) { + $data[] = $item->description; + $data[] = $item->name; + $data[] = $item->title; + } } diff --git a/modules/gallery/helpers/gallery_search.php b/modules/gallery/helpers/gallery_search.php deleted file mode 100644 index 2a4029d3..00000000 --- a/modules/gallery/helpers/gallery_search.php +++ /dev/null @@ -1,24 +0,0 @@ -description, $item->name, $item->title)); - } -} diff --git a/modules/search/helpers/search.php b/modules/search/helpers/search.php index b08cf89d..c03de983 100644 --- a/modules/search/helpers/search.php +++ b/modules/search/helpers/search.php @@ -64,19 +64,15 @@ class search_Core { } static function update($item) { - $data = array(); + $data = new ArrayObject(); $record = ORM::factory("search_record")->where("item_id", $item->id)->find(); if (!$record->loaded) { $record->item_id = $item->id; } - foreach (module::active() as $module) { - $class_name = "{$module->name}_search"; - if (method_exists($class_name, "item_index_data")) { - $data[] = call_user_func(array($class_name, "item_index_data"), $record->item()); - } - } - $record->data = join(" ", $data); + module::event("item_index_data", $record->item(), $data); + Kohana::log("alert",print_r($data,1)); + $record->data = join(" ", (array)$data); $record->dirty = 0; $record->save(); } diff --git a/modules/tag/helpers/tag_event.php b/modules/tag/helpers/tag_event.php index f5fa6d4c..57986e40 100644 --- a/modules/tag/helpers/tag_event.php +++ b/modules/tag/helpers/tag_event.php @@ -93,4 +93,8 @@ class tag_event_Core { ->label(t("Tags")) ->url(url::site("admin/tags"))); } + + static function item_index_data($item, $data) { + $data[] = join(" ", tag::item_tags($item)); + } } diff --git a/modules/tag/helpers/tag_search.php b/modules/tag/helpers/tag_search.php deleted file mode 100644 index 034b7af5..00000000 --- a/modules/tag/helpers/tag_search.php +++ /dev/null @@ -1,24 +0,0 @@ - Date: Thu, 30 Jul 2009 01:25:50 +0800 Subject: Remove debugging print statement in search.php Signed-off-by: Tim Almdal --- modules/search/helpers/search.php | 1 - 1 file changed, 1 deletion(-) (limited to 'modules/search/helpers/search.php') diff --git a/modules/search/helpers/search.php b/modules/search/helpers/search.php index c03de983..355c4493 100644 --- a/modules/search/helpers/search.php +++ b/modules/search/helpers/search.php @@ -71,7 +71,6 @@ class search_Core { } module::event("item_index_data", $record->item(), $data); - Kohana::log("alert",print_r($data,1)); $record->data = join(" ", (array)$data); $record->dirty = 0; $record->save(); -- cgit v1.2.3 From b4b638be44375c93f5222c7b48ed547845d6d7e5 Mon Sep 17 00:00:00 2001 From: Andy Staudacher Date: Sat, 29 Aug 2009 16:28:30 -0700 Subject: Undo url helper changes - url methods no longer return a SafeString. Adding SafeString::of_safe_html() calls where urls are passed as parameters to t() and t2(). --- modules/akismet/helpers/akismet.php | 2 +- modules/digibug/views/admin_digibug.html.php | 2 +- modules/exif/helpers/exif.php | 2 +- modules/g2_import/views/admin_g2_import.html.php | 10 ++++----- modules/gallery/helpers/MY_url.php | 24 +--------------------- modules/gallery/helpers/graphics.php | 2 +- modules/gallery/tests/Xss_Security_Test.php | 15 +++++++++++--- modules/gallery/views/admin_block_welcome.html.php | 10 ++++----- modules/gallery/views/upgrader.html.php | 2 +- modules/recaptcha/helpers/recaptcha.php | 2 +- modules/search/helpers/search.php | 2 +- modules/server_add/helpers/server_add.php | 2 +- modules/user/views/reset_password.html.php | 4 +++- system/helpers/request.php | 2 +- 14 files changed, 35 insertions(+), 46 deletions(-) (limited to 'modules/search/helpers/search.php') diff --git a/modules/akismet/helpers/akismet.php b/modules/akismet/helpers/akismet.php index db45a6ab..abca78d2 100644 --- a/modules/akismet/helpers/akismet.php +++ b/modules/akismet/helpers/akismet.php @@ -94,7 +94,7 @@ class akismet_Core { if (empty($api_key)) { site_status::warning( t("Akismet is not quite ready! Please provide an API Key", - array("url" => url::site("admin/akismet"))), + array("url" => SafeString::of_safe_html(url::site("admin/akismet")))), "akismet_config"); } else { site_status::clear("akismet_config"); diff --git a/modules/digibug/views/admin_digibug.html.php b/modules/digibug/views/admin_digibug.html.php index 7e4436ff..5f27a3fd 100644 --- a/modules/digibug/views/admin_digibug.html.php +++ b/modules/digibug/views/admin_digibug.html.php @@ -16,7 +16,7 @@

register with Digibug and enter your Digibug id in the Advanced Settings page you can make money off of your photos!", array("signup_url" => "http://www.digibug.com/signup.php", - "advanced_settings_url" => url::site("admin/advanced_settings"))) ?> + "advanced_settings_url" => SafeString::of_safe_html(url::site("admin/advanced_settings")))) ?>

diff --git a/modules/exif/helpers/exif.php b/modules/exif/helpers/exif.php index 20ecd0cb..d4e60338 100644 --- a/modules/exif/helpers/exif.php +++ b/modules/exif/helpers/exif.php @@ -164,7 +164,7 @@ class exif_Core { if ($remaining) { site_status::warning( t('Your Exif index needs to be updated. Fix this now', - array("url" => url::site("admin/maintenance/start/exif_task::update_index?csrf=__CSRF__"))), + array("url" => SafeString::of_safe_html(url::site("admin/maintenance/start/exif_task::update_index?csrf=__CSRF__")))), "exif_index_out_of_date"); } } diff --git a/modules/g2_import/views/admin_g2_import.html.php b/modules/g2_import/views/admin_g2_import.html.php index da2bb5d1..f53510f6 100644 --- a/modules/g2_import/views/admin_g2_import.html.php +++ b/modules/g2_import/views/admin_g2_import.html.php @@ -37,9 +37,9 @@
  • Using the same value will speed up your import.", - array("g2_pixels" => $g2_sizes["thumb"]["size"], - "g3_pixels" => $thumb_size, - "url" => url::site("admin/theme_options"))) ?> + array("g2_pixels" => $g2_sizes["thumb"]["size"], + "g3_pixels" => $thumb_size, + "url" => SafeString::of_safe_html(url::site("admin/theme_options")))) ?>
    • @@ -47,8 +47,8 @@
  • Using the same value will speed up your import.", array("g2_pixels" => $g2_sizes["resize"]["size"], - "g3_pixels" => $resize_size, - "url" => url::site("admin/theme_options"))) ?> + "g3_pixels" => $resize_size, + "url" => SafeString::of_safe_html(url::site("admin/theme_options")))) ?>
    • diff --git a/modules/gallery/helpers/MY_url.php b/modules/gallery/helpers/MY_url.php index 6092a9d8..c4967c52 100644 --- a/modules/gallery/helpers/MY_url.php +++ b/modules/gallery/helpers/MY_url.php @@ -30,8 +30,7 @@ class url extends url_Core { if ($parts[0] == "albums" || $parts[0] == "photos") { $uri = model_cache::get("item", $parts[1])->relative_path(); } - $url = parent::site($uri . $query, $protocol); - return SafeString::of_safe_html($url); + return parent::site($uri . $query, $protocol); } static function parse_url() { @@ -100,25 +99,4 @@ class url extends url_Core { static function abs_current($qs=false) { return self::abs_site(url::current($qs)); } - - public static function base($index=false, $protocol=false) { - $url = parent::base($index, $protocol); - return SafeString::of_safe_html($url); - } - - public static function current($qs=false) { - $url = parent::current($qs); - return SafeString::of_safe_html($url); - } - - public static function file($file, $index=false) { - $url = parent::file($file, $index); - return SafeString::of_safe_html($url); - } - - public static function merge(array $arguments) { - $url = parent::merge($arguments); - return SafeString::of_safe_html($url); - } - } diff --git a/modules/gallery/helpers/graphics.php b/modules/gallery/helpers/graphics.php index 7dc46eeb..fbb85bec 100644 --- a/modules/gallery/helpers/graphics.php +++ b/modules/gallery/helpers/graphics.php @@ -442,7 +442,7 @@ class graphics_Core { if (!module::get_var("gallery", "graphics_toolkit")) { site_status::warning( t("Graphics toolkit missing! Please choose a toolkit", - array("url" => url::site("admin/graphics"))), + array("url" => SafeString::of_safe_html(url::site("admin/graphics")))), "missing_graphics_toolkit"); } } diff --git a/modules/gallery/tests/Xss_Security_Test.php b/modules/gallery/tests/Xss_Security_Test.php index 690dc760..a2d3d59b 100644 --- a/modules/gallery/tests/Xss_Security_Test.php +++ b/modules/gallery/tests/Xss_Security_Test.php @@ -130,14 +130,14 @@ class Xss_Security_Test extends Unit_Test_Case { $token = $tokens[$token_number]; } } else if ($token[1] == "url") { - // url methods return a SafeString + // url methods return safe HTML if (self::_token_matches(array(T_DOUBLE_COLON, "::"), $tokens, $token_number + 1) && self::_token_matches(array(T_STRING), $tokens, $token_number + 2) && in_array($tokens[$token_number + 2][1], array("site", "current", "base", "file", "abs_site", "abs_current", "abs_file", "merge")) && self::_token_matches("(", $tokens, $token_number + 3)) { - $frame->is_safestring(true); + $frame->is_safe_html(true); $method = $tokens[$token_number + 2][1]; $frame->expr_append("::$method("); @@ -203,7 +203,8 @@ class Xss_Security_Test extends Unit_Test_Case { $state = "CLEAN"; } } else { - if ($frame->is_safestring() || $frame->purified_html_called() || $frame->for_html_called()) { + if ($frame->is_safe_html() || $frame->is_safestring() || + $frame->purified_html_called() || $frame->for_html_called()) { $state = "CLEAN"; } } @@ -259,6 +260,7 @@ class Xss_Security_Test_Frame { private $_for_html_called = false; private $_purified_html_called = false; private $_json_encode_called = false; + private $_is_safe_html = false; private $_line; function __construct($line_number, $in_script_block) { @@ -288,6 +290,13 @@ class Xss_Security_Test_Frame { return $this->_is_safestring; } + function is_safe_html($new_val=NULL) { + if ($new_val !== NULL) { + $this->_is_safe_html = (bool) $new_val; + } + return $this->_is_safe_html; + } + function json_encode_called($new_val=NULL) { if ($new_val !== NULL) { $this->_json_encode_called = (bool) $new_val; diff --git a/modules/gallery/views/admin_block_welcome.html.php b/modules/gallery/views/admin_block_welcome.html.php index 38d2bd56..c6ccdbf3 100644 --- a/modules/gallery/views/admin_block_welcome.html.php +++ b/modules/gallery/views/admin_block_welcome.html.php @@ -5,16 +5,16 @@ diff --git a/modules/gallery/views/upgrader.html.php b/modules/gallery/views/upgrader.html.php index 37578855..ccc86da8 100644 --- a/modules/gallery/views/upgrader.html.php +++ b/modules/gallery/views/upgrader.html.php @@ -18,7 +18,7 @@

    Gallery is up to date.", - array("url" => url::site("albums/1"))) ?> + array("url" => SafeString::of_safe_html(url::site("albums/1")))) ?>

    diff --git a/modules/recaptcha/helpers/recaptcha.php b/modules/recaptcha/helpers/recaptcha.php index 501dd972..35d9febd 100644 --- a/modules/recaptcha/helpers/recaptcha.php +++ b/modules/recaptcha/helpers/recaptcha.php @@ -43,7 +43,7 @@ class recaptcha_Core { if (empty($public_key) || empty($private_key)) { site_status::warning( t("reCAPTCHA is not quite ready! Please configure the reCAPTCHA Keys", - array("url" => url::site("admin/recaptcha"))), + array("url" => SafeString::of_safe_html(url::site("admin/recaptcha")))), "recaptcha_config"); } else { site_status::clear("recaptcha_config"); diff --git a/modules/search/helpers/search.php b/modules/search/helpers/search.php index 355c4493..4be04039 100644 --- a/modules/search/helpers/search.php +++ b/modules/search/helpers/search.php @@ -58,7 +58,7 @@ class search_Core { if ($remaining) { site_status::warning( t('Your search index needs to be updated. Fix this now', - array("url" => url::site("admin/maintenance/start/search_task::update_index?csrf=__CSRF__"))), + array("url" => SafeString::of_safe_html(url::site("admin/maintenance/start/search_task::update_index?csrf=__CSRF__")))), "search_index_out_of_date"); } } diff --git a/modules/server_add/helpers/server_add.php b/modules/server_add/helpers/server_add.php index 74f51ad9..57afac12 100644 --- a/modules/server_add/helpers/server_add.php +++ b/modules/server_add/helpers/server_add.php @@ -25,7 +25,7 @@ class server_add_Core { if (empty($paths)) { site_status::warning( t("Server Add needs configuration. Configure it now!", - array("url" => url::site("admin/server_add"))), + array("url" => SafeString::of_safe_html(url::site("admin/server_add")))), "server_add_configuration"); } else { site_status::clear("server_add_configuration"); diff --git a/modules/user/views/reset_password.html.php b/modules/user/views/reset_password.html.php index 3dc7aebf..6fa92d54 100644 --- a/modules/user/views/reset_password.html.php +++ b/modules/user/views/reset_password.html.php @@ -9,7 +9,9 @@ $user->full_name ? $user->full_name : $user->name)) ?>

    - %site_url. If you made this request, you can confirm it by clicking this link. If you didn't request this password reset, it's ok to ignore this mail.", array("site_url" => url::base(false, "http"), "confirm_url" => $confirm_url)) ?> + %site_url. If you made this request, you can confirm it by clicking this link. If you didn't request this password reset, it's ok to ignore this mail.", + array("site_url" => SafeString::of_safe_html(url::base(false, "http")), + "confirm_url" => $confirm_url)) ?>

    diff --git a/system/helpers/request.php b/system/helpers/request.php index 15b8edfa..4203d0e5 100644 --- a/system/helpers/request.php +++ b/system/helpers/request.php @@ -30,7 +30,7 @@ class request_Core { // Set referrer $ref = $_SERVER['HTTP_REFERER']; - if (strpos($ref, (string) url::base(FALSE)) === 0) + if (strpos($ref, url::base(FALSE)) === 0) { // Remove the base URL from the referrer $ref = substr($ref, strlen(url::base(FALSE))); -- cgit v1.2.3 From effccfd41d2618cfd41ce6db0834c2298fdb42d8 Mon Sep 17 00:00:00 2001 From: Andy Staudacher Date: Sun, 30 Aug 2009 07:00:56 -0700 Subject: Change all instances of SafeString::of_safe_html() to html::mark_safe() in views. --- modules/akismet/helpers/akismet.php | 2 +- modules/digibug/views/admin_digibug.html.php | 2 +- modules/exif/helpers/exif.php | 2 +- modules/g2_import/views/admin_g2_import.html.php | 4 ++-- modules/gallery/controllers/admin_languages.php | 2 +- modules/gallery/helpers/graphics.php | 2 +- modules/gallery/views/admin_block_welcome.html.php | 10 +++++----- modules/gallery/views/upgrader.html.php | 2 +- modules/recaptcha/helpers/recaptcha.php | 2 +- modules/search/helpers/search.php | 2 +- modules/server_add/helpers/server_add.php | 2 +- modules/user/views/login.html.php | 2 +- modules/user/views/reset_password.html.php | 2 +- 13 files changed, 18 insertions(+), 18 deletions(-) (limited to 'modules/search/helpers/search.php') diff --git a/modules/akismet/helpers/akismet.php b/modules/akismet/helpers/akismet.php index abca78d2..7cd598cd 100644 --- a/modules/akismet/helpers/akismet.php +++ b/modules/akismet/helpers/akismet.php @@ -94,7 +94,7 @@ class akismet_Core { if (empty($api_key)) { site_status::warning( t("Akismet is not quite ready! Please provide an API Key", - array("url" => SafeString::of_safe_html(url::site("admin/akismet")))), + array("url" => html::mark_safe(url::site("admin/akismet")))), "akismet_config"); } else { site_status::clear("akismet_config"); diff --git a/modules/digibug/views/admin_digibug.html.php b/modules/digibug/views/admin_digibug.html.php index 5f27a3fd..c4956591 100644 --- a/modules/digibug/views/admin_digibug.html.php +++ b/modules/digibug/views/admin_digibug.html.php @@ -16,7 +16,7 @@

    register with Digibug and enter your Digibug id in the Advanced Settings page you can make money off of your photos!", array("signup_url" => "http://www.digibug.com/signup.php", - "advanced_settings_url" => SafeString::of_safe_html(url::site("admin/advanced_settings")))) ?> + "advanced_settings_url" => html::mark_safe(url::site("admin/advanced_settings")))) ?>

    diff --git a/modules/exif/helpers/exif.php b/modules/exif/helpers/exif.php index d4e60338..9a4dbeec 100644 --- a/modules/exif/helpers/exif.php +++ b/modules/exif/helpers/exif.php @@ -164,7 +164,7 @@ class exif_Core { if ($remaining) { site_status::warning( t('Your Exif index needs to be updated. Fix this now', - array("url" => SafeString::of_safe_html(url::site("admin/maintenance/start/exif_task::update_index?csrf=__CSRF__")))), + array("url" => html::mark_safe(url::site("admin/maintenance/start/exif_task::update_index?csrf=__CSRF__")))), "exif_index_out_of_date"); } } diff --git a/modules/g2_import/views/admin_g2_import.html.php b/modules/g2_import/views/admin_g2_import.html.php index f53510f6..fde3464b 100644 --- a/modules/g2_import/views/admin_g2_import.html.php +++ b/modules/g2_import/views/admin_g2_import.html.php @@ -39,7 +39,7 @@ Using the same value will speed up your import.", array("g2_pixels" => $g2_sizes["thumb"]["size"], "g3_pixels" => $thumb_size, - "url" => SafeString::of_safe_html(url::site("admin/theme_options")))) ?> + "url" => html::mark_safe(url::site("admin/theme_options")))) ?> @@ -48,7 +48,7 @@ Using the same value will speed up your import.", array("g2_pixels" => $g2_sizes["resize"]["size"], "g3_pixels" => $resize_size, - "url" => SafeString::of_safe_html(url::site("admin/theme_options")))) ?> + "url" => html::mark_safe(url::site("admin/theme_options")))) ?> diff --git a/modules/gallery/controllers/admin_languages.php b/modules/gallery/controllers/admin_languages.php index 68be709e..b1bc4cff 100644 --- a/modules/gallery/controllers/admin_languages.php +++ b/modules/gallery/controllers/admin_languages.php @@ -111,7 +111,7 @@ class Admin_Languages_Controller extends Admin_Controller { $group->input("api_key") ->label(empty($api_key) ? t("This is a unique key that will allow you to send translations to the remote server. To get your API key go to %server-link.", - array("server-link" => SafeString::of_safe_html(html::anchor($server_link)))) + array("server-link" => html::mark_safe(html::anchor($server_link)))) : t("API Key")) ->value($api_key) ->error_messages("invalid", t("The API key you provided is invalid.")); diff --git a/modules/gallery/helpers/graphics.php b/modules/gallery/helpers/graphics.php index fbb85bec..cc37a193 100644 --- a/modules/gallery/helpers/graphics.php +++ b/modules/gallery/helpers/graphics.php @@ -442,7 +442,7 @@ class graphics_Core { if (!module::get_var("gallery", "graphics_toolkit")) { site_status::warning( t("Graphics toolkit missing! Please choose a toolkit", - array("url" => SafeString::of_safe_html(url::site("admin/graphics")))), + array("url" => html::mark_safe(url::site("admin/graphics")))), "missing_graphics_toolkit"); } } diff --git a/modules/gallery/views/admin_block_welcome.html.php b/modules/gallery/views/admin_block_welcome.html.php index c6ccdbf3..71ef4368 100644 --- a/modules/gallery/views/admin_block_welcome.html.php +++ b/modules/gallery/views/admin_block_welcome.html.php @@ -5,16 +5,16 @@
    • graphics and language settings.", - array("graphics_url" => SafeString::of_safe_html(url::site("admin/graphics")), - "language_url" => SafeString::of_safe_html(url::site("admin/languages")))) ?> + array("graphics_url" => html::mark_safe(url::site("admin/graphics")), + "language_url" => html::mark_safe(url::site("admin/languages")))) ?>
    • choose a theme, or customize the way it looks.", - array("theme_url" => SafeString::of_safe_html(url::site("admin/themes")), - "theme_options_url" => SafeString::of_safe_html(url::site("admin/theme_options")))) ?> + array("theme_url" => html::mark_safe(url::site("admin/themes")), + "theme_options_url" => html::mark_safe(url::site("admin/theme_options")))) ?>
    • install modules to add cool features!", - array("modules_url" => SafeString::of_safe_html(url::site("admin/modules")))) ?> + array("modules_url" => html::mark_safe(url::site("admin/modules")))) ?>
    diff --git a/modules/gallery/views/upgrader.html.php b/modules/gallery/views/upgrader.html.php index ccc86da8..de6ce0e7 100644 --- a/modules/gallery/views/upgrader.html.php +++ b/modules/gallery/views/upgrader.html.php @@ -18,7 +18,7 @@

    Gallery is up to date.", - array("url" => SafeString::of_safe_html(url::site("albums/1")))) ?> + array("url" => html::mark_safe(url::site("albums/1")))) ?>

    diff --git a/modules/recaptcha/helpers/recaptcha.php b/modules/recaptcha/helpers/recaptcha.php index 35d9febd..5ac65661 100644 --- a/modules/recaptcha/helpers/recaptcha.php +++ b/modules/recaptcha/helpers/recaptcha.php @@ -43,7 +43,7 @@ class recaptcha_Core { if (empty($public_key) || empty($private_key)) { site_status::warning( t("reCAPTCHA is not quite ready! Please configure the reCAPTCHA Keys", - array("url" => SafeString::of_safe_html(url::site("admin/recaptcha")))), + array("url" => html::mark_safe(url::site("admin/recaptcha")))), "recaptcha_config"); } else { site_status::clear("recaptcha_config"); diff --git a/modules/search/helpers/search.php b/modules/search/helpers/search.php index 4be04039..5e23a04b 100644 --- a/modules/search/helpers/search.php +++ b/modules/search/helpers/search.php @@ -58,7 +58,7 @@ class search_Core { if ($remaining) { site_status::warning( t('Your search index needs to be updated. Fix this now', - array("url" => SafeString::of_safe_html(url::site("admin/maintenance/start/search_task::update_index?csrf=__CSRF__")))), + array("url" => html::mark_safe(url::site("admin/maintenance/start/search_task::update_index?csrf=__CSRF__")))), "search_index_out_of_date"); } } diff --git a/modules/server_add/helpers/server_add.php b/modules/server_add/helpers/server_add.php index 57afac12..a84e1afd 100644 --- a/modules/server_add/helpers/server_add.php +++ b/modules/server_add/helpers/server_add.php @@ -25,7 +25,7 @@ class server_add_Core { if (empty($paths)) { site_status::warning( t("Server Add needs configuration. Configure it now!", - array("url" => SafeString::of_safe_html(url::site("admin/server_add")))), + array("url" => html::mark_safe(url::site("admin/server_add")))), "server_add_configuration"); } else { site_status::clear("server_add_configuration"); diff --git a/modules/user/views/login.html.php b/modules/user/views/login.html.php index 85f673ce..dfd09661 100644 --- a/modules/user/views/login.html.php +++ b/modules/user/views/login.html.php @@ -8,7 +8,7 @@
  • - SafeString::of_safe_html( + html::mark_safe( 'id}") . '" title="' . t("Edit Your Profile")->for_html_attr() . '" id="gUserProfileLink" class="gDialogLink">' . diff --git a/modules/user/views/reset_password.html.php b/modules/user/views/reset_password.html.php index 6fa92d54..4097bb82 100644 --- a/modules/user/views/reset_password.html.php +++ b/modules/user/views/reset_password.html.php @@ -10,7 +10,7 @@

    %site_url. If you made this request, you can confirm it by clicking this link. If you didn't request this password reset, it's ok to ignore this mail.", - array("site_url" => SafeString::of_safe_html(url::base(false, "http")), + array("site_url" => html::mark_safe(url::base(false, "http")), "confirm_url" => $confirm_url)) ?>

    -- cgit v1.2.3 From ddb84c84e16766c6b79bd7fea61532257e83ef8b Mon Sep 17 00:00:00 2001 From: Andy Staudacher Date: Mon, 31 Aug 2009 00:42:18 -0700 Subject: Rename mark_safe() to mark_clean() --- modules/akismet/helpers/akismet.php | 2 +- modules/digibug/views/admin_digibug.html.php | 2 +- modules/exif/helpers/exif.php | 2 +- modules/g2_import/views/admin_g2_import.html.php | 4 ++-- modules/gallery/controllers/admin_languages.php | 2 +- modules/gallery/helpers/MY_html.php | 6 +++--- modules/gallery/helpers/graphics.php | 2 +- modules/gallery/tests/Html_Helper_Test.php | 4 ++-- modules/gallery/tests/Xss_Security_Test.php | 2 +- modules/gallery/views/admin_block_welcome.html.php | 10 +++++----- modules/gallery/views/permissions_browse.html.php | 2 +- modules/gallery/views/upgrader.html.php | 2 +- modules/recaptcha/helpers/recaptcha.php | 2 +- modules/search/helpers/search.php | 2 +- modules/server_add/helpers/server_add.php | 2 +- modules/user/views/login.html.php | 2 +- modules/user/views/reset_password.html.php | 2 +- 17 files changed, 25 insertions(+), 25 deletions(-) (limited to 'modules/search/helpers/search.php') diff --git a/modules/akismet/helpers/akismet.php b/modules/akismet/helpers/akismet.php index 7cd598cd..acd5cb3e 100644 --- a/modules/akismet/helpers/akismet.php +++ b/modules/akismet/helpers/akismet.php @@ -94,7 +94,7 @@ class akismet_Core { if (empty($api_key)) { site_status::warning( t("Akismet is not quite ready! Please provide an API Key", - array("url" => html::mark_safe(url::site("admin/akismet")))), + array("url" => html::mark_clean(url::site("admin/akismet")))), "akismet_config"); } else { site_status::clear("akismet_config"); diff --git a/modules/digibug/views/admin_digibug.html.php b/modules/digibug/views/admin_digibug.html.php index c4956591..9a1838f7 100644 --- a/modules/digibug/views/admin_digibug.html.php +++ b/modules/digibug/views/admin_digibug.html.php @@ -16,7 +16,7 @@

    register with Digibug and enter your Digibug id in the Advanced Settings page you can make money off of your photos!", array("signup_url" => "http://www.digibug.com/signup.php", - "advanced_settings_url" => html::mark_safe(url::site("admin/advanced_settings")))) ?> + "advanced_settings_url" => html::mark_clean(url::site("admin/advanced_settings")))) ?>

    diff --git a/modules/exif/helpers/exif.php b/modules/exif/helpers/exif.php index 9a4dbeec..83540622 100644 --- a/modules/exif/helpers/exif.php +++ b/modules/exif/helpers/exif.php @@ -164,7 +164,7 @@ class exif_Core { if ($remaining) { site_status::warning( t('Your Exif index needs to be updated. Fix this now', - array("url" => html::mark_safe(url::site("admin/maintenance/start/exif_task::update_index?csrf=__CSRF__")))), + array("url" => html::mark_clean(url::site("admin/maintenance/start/exif_task::update_index?csrf=__CSRF__")))), "exif_index_out_of_date"); } } diff --git a/modules/g2_import/views/admin_g2_import.html.php b/modules/g2_import/views/admin_g2_import.html.php index fde3464b..23ff27a8 100644 --- a/modules/g2_import/views/admin_g2_import.html.php +++ b/modules/g2_import/views/admin_g2_import.html.php @@ -39,7 +39,7 @@ Using the same value will speed up your import.", array("g2_pixels" => $g2_sizes["thumb"]["size"], "g3_pixels" => $thumb_size, - "url" => html::mark_safe(url::site("admin/theme_options")))) ?> + "url" => html::mark_clean(url::site("admin/theme_options")))) ?>
    • @@ -48,7 +48,7 @@ Using the same value will speed up your import.", array("g2_pixels" => $g2_sizes["resize"]["size"], "g3_pixels" => $resize_size, - "url" => html::mark_safe(url::site("admin/theme_options")))) ?> + "url" => html::mark_clean(url::site("admin/theme_options")))) ?> diff --git a/modules/gallery/controllers/admin_languages.php b/modules/gallery/controllers/admin_languages.php index d85c47f9..894daedb 100644 --- a/modules/gallery/controllers/admin_languages.php +++ b/modules/gallery/controllers/admin_languages.php @@ -111,7 +111,7 @@ class Admin_Languages_Controller extends Admin_Controller { $group->input("api_key") ->label(empty($api_key) ? t("This is a unique key that will allow you to send translations to the remote server. To get your API key go to %server-link.", - array("server-link" => html::mark_safe(html::anchor($server_link)))) + array("server-link" => html::mark_clean(html::anchor($server_link)))) : t("API Key")) ->value($api_key) ->error_messages("invalid", t("The API key you provided is invalid.")); diff --git a/modules/gallery/helpers/MY_html.php b/modules/gallery/helpers/MY_html.php index 4522d01c..b29f287f 100644 --- a/modules/gallery/helpers/MY_html.php +++ b/modules/gallery/helpers/MY_html.php @@ -51,12 +51,12 @@ class html extends html_Core { * * Example:
        *   // Parameters to t() are automatically escaped by default.
-   *   // If the parameter is marked as safe, it won't get escaped.
+   *   // If the parameter is marked as clean, it won't get escaped.
    *   t('Go there',
-   *     array("url" => html::mark_safe(url::current())))
+   *     array("url" => html::mark_clean(url::current())))
    *
    */ - static function mark_safe($html) { + static function mark_clean($html) { return SafeString::of_safe_html($html); } diff --git a/modules/gallery/helpers/graphics.php b/modules/gallery/helpers/graphics.php index 787f8dc3..acbcb9b2 100644 --- a/modules/gallery/helpers/graphics.php +++ b/modules/gallery/helpers/graphics.php @@ -443,7 +443,7 @@ class graphics_Core { if (!module::get_var("gallery", "graphics_toolkit")) { site_status::warning( t("Graphics toolkit missing! Please choose a toolkit", - array("url" => html::mark_safe(url::site("admin/graphics")))), + array("url" => html::mark_clean(url::site("admin/graphics")))), "missing_graphics_toolkit"); } } diff --git a/modules/gallery/tests/Html_Helper_Test.php b/modules/gallery/tests/Html_Helper_Test.php index 3623705e..bfce6dcf 100644 --- a/modules/gallery/tests/Html_Helper_Test.php +++ b/modules/gallery/tests/Html_Helper_Test.php @@ -32,8 +32,8 @@ class Html_Helper_Test extends Unit_Test_Case { $this->assert_true($safe_string instanceof SafeString); } - public function mark_safe_test() { - $safe_string = html::mark_safe("hello

    world

    "); + public function mark_clean_test() { + $safe_string = html::mark_clean("hello

    world

    "); $this->assert_true($safe_string instanceof SafeString); $safe_string_2 = html::clean($safe_string); $this->assert_equal("hello

    world

    ", diff --git a/modules/gallery/tests/Xss_Security_Test.php b/modules/gallery/tests/Xss_Security_Test.php index ef36f6b7..0ba5a587 100644 --- a/modules/gallery/tests/Xss_Security_Test.php +++ b/modules/gallery/tests/Xss_Security_Test.php @@ -195,7 +195,7 @@ class Xss_Security_Test extends Unit_Test_Case { in_array($tokens[$token_number + 2][1], array("clean", "purify", "js_string", "clean_attribute")) && self::_token_matches("(", $tokens, $token_number + 3)) { - // Not checking for mark_safe(). We want such calls to be marked dirty (thus reviewed). + // Not checking for mark_clean(). We want such calls to be marked dirty (thus reviewed). $method = $tokens[$token_number + 2][1]; $frame->expr_append("::$method("); diff --git a/modules/gallery/views/admin_block_welcome.html.php b/modules/gallery/views/admin_block_welcome.html.php index 71ef4368..d8c96187 100644 --- a/modules/gallery/views/admin_block_welcome.html.php +++ b/modules/gallery/views/admin_block_welcome.html.php @@ -5,16 +5,16 @@
    • graphics and language settings.", - array("graphics_url" => html::mark_safe(url::site("admin/graphics")), - "language_url" => html::mark_safe(url::site("admin/languages")))) ?> + array("graphics_url" => html::mark_clean(url::site("admin/graphics")), + "language_url" => html::mark_clean(url::site("admin/languages")))) ?>
    • choose a theme, or customize the way it looks.", - array("theme_url" => html::mark_safe(url::site("admin/themes")), - "theme_options_url" => html::mark_safe(url::site("admin/theme_options")))) ?> + array("theme_url" => html::mark_clean(url::site("admin/themes")), + "theme_options_url" => html::mark_clean(url::site("admin/theme_options")))) ?>
    • install modules to add cool features!", - array("modules_url" => html::mark_safe(url::site("admin/modules")))) ?> + array("modules_url" => html::mark_clean(url::site("admin/modules")))) ?>
    diff --git a/modules/gallery/views/permissions_browse.html.php b/modules/gallery/views/permissions_browse.html.php index 231daa04..b9af9117 100644 --- a/modules/gallery/views/permissions_browse.html.php +++ b/modules/gallery/views/permissions_browse.html.php @@ -29,7 +29,7 @@
    • mod_rewrite and set AllowOverride FileInfo Options to fix this.", - array("mod_rewrite_attrs" => html::mark_safe("href=\"http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html\" target=\"_blank\"", "apache_attrs" => "href=\"http://httpd.apache.org/docs/2.0/mod/core.html#allowoverride\" target=\"_blank\""))) ?> + array("mod_rewrite_attrs" => html::mark_clean("href=\"http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html\" target=\"_blank\"", "apache_attrs" => "href=\"http://httpd.apache.org/docs/2.0/mod/core.html#allowoverride\" target=\"_blank\""))) ?>
    diff --git a/modules/gallery/views/upgrader.html.php b/modules/gallery/views/upgrader.html.php index de6ce0e7..04200920 100644 --- a/modules/gallery/views/upgrader.html.php +++ b/modules/gallery/views/upgrader.html.php @@ -18,7 +18,7 @@

    Gallery is up to date.", - array("url" => html::mark_safe(url::site("albums/1")))) ?> + array("url" => html::mark_clean(url::site("albums/1")))) ?>

    diff --git a/modules/recaptcha/helpers/recaptcha.php b/modules/recaptcha/helpers/recaptcha.php index 5ac65661..bead6156 100644 --- a/modules/recaptcha/helpers/recaptcha.php +++ b/modules/recaptcha/helpers/recaptcha.php @@ -43,7 +43,7 @@ class recaptcha_Core { if (empty($public_key) || empty($private_key)) { site_status::warning( t("reCAPTCHA is not quite ready! Please configure the reCAPTCHA Keys", - array("url" => html::mark_safe(url::site("admin/recaptcha")))), + array("url" => html::mark_clean(url::site("admin/recaptcha")))), "recaptcha_config"); } else { site_status::clear("recaptcha_config"); diff --git a/modules/search/helpers/search.php b/modules/search/helpers/search.php index 5e23a04b..0080b4ce 100644 --- a/modules/search/helpers/search.php +++ b/modules/search/helpers/search.php @@ -58,7 +58,7 @@ class search_Core { if ($remaining) { site_status::warning( t('Your search index needs to be updated. Fix this now', - array("url" => html::mark_safe(url::site("admin/maintenance/start/search_task::update_index?csrf=__CSRF__")))), + array("url" => html::mark_clean(url::site("admin/maintenance/start/search_task::update_index?csrf=__CSRF__")))), "search_index_out_of_date"); } } diff --git a/modules/server_add/helpers/server_add.php b/modules/server_add/helpers/server_add.php index a84e1afd..27794855 100644 --- a/modules/server_add/helpers/server_add.php +++ b/modules/server_add/helpers/server_add.php @@ -25,7 +25,7 @@ class server_add_Core { if (empty($paths)) { site_status::warning( t("Server Add needs configuration. Configure it now!", - array("url" => html::mark_safe(url::site("admin/server_add")))), + array("url" => html::mark_clean(url::site("admin/server_add")))), "server_add_configuration"); } else { site_status::clear("server_add_configuration"); diff --git a/modules/user/views/login.html.php b/modules/user/views/login.html.php index dfd09661..27431ce8 100644 --- a/modules/user/views/login.html.php +++ b/modules/user/views/login.html.php @@ -8,7 +8,7 @@
  • - html::mark_safe( + html::mark_clean( 'id}") . '" title="' . t("Edit Your Profile")->for_html_attr() . '" id="gUserProfileLink" class="gDialogLink">' . diff --git a/modules/user/views/reset_password.html.php b/modules/user/views/reset_password.html.php index 4097bb82..92ca4917 100644 --- a/modules/user/views/reset_password.html.php +++ b/modules/user/views/reset_password.html.php @@ -10,7 +10,7 @@

    %site_url. If you made this request, you can confirm it by clicking this link. If you didn't request this password reset, it's ok to ignore this mail.", - array("site_url" => html::mark_safe(url::base(false, "http")), + array("site_url" => html::mark_clean(url::base(false, "http")), "confirm_url" => $confirm_url)) ?>

    -- cgit v1.2.3