From 33d0b82d024df8fd85798cc4f6b9bab377f4f783 Mon Sep 17 00:00:00 2001 From: Andy Staudacher Date: Sun, 19 Jul 2009 15:45:16 -0700 Subject: Fix l10n message inconsistency, ticket 546 --- modules/server_add/controllers/server_add.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/server_add') diff --git a/modules/server_add/controllers/server_add.php b/modules/server_add/controllers/server_add.php index 6056d7cd..0be0f698 100644 --- a/modules/server_add/controllers/server_add.php +++ b/modules/server_add/controllers/server_add.php @@ -251,7 +251,7 @@ class Server_Add_Controller extends Admin_Controller { $task->state = "success"; $task->percent_complete = 100; ORM::factory("server_add_file")->where("task_id", $task->id)->delete_all(); - message::info(t2("Successfully added one photo", + message::info(t2("Successfully added one photo / album", "Successfully added %count photos and albums", $task->get("completed_files"))); } -- cgit v1.2.3 From 5a0424f458323578a6b2e5395a58f3d2bfc034dc Mon Sep 17 00:00:00 2001 From: Shai Ben-Naphtali Date: Tue, 21 Jul 2009 03:30:21 +0800 Subject: Fix some consistency in text. This fixes ticket #546 Signed-off-by: Bharat Mediratta --- modules/organize/controllers/organize.php | 4 ++-- modules/server_add/controllers/server_add.php | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) (limited to 'modules/server_add') diff --git a/modules/organize/controllers/organize.php b/modules/organize/controllers/organize.php index 27852904..898be509 100644 --- a/modules/organize/controllers/organize.php +++ b/modules/organize/controllers/organize.php @@ -516,7 +516,7 @@ class Organize_Controller extends Controller { break; case "delete": - return array("description" => t("Delete selected photos and albums"), + return array("description" => t("Delete selected photos / albums"), "name" => t("Delete images in %name", array("name" => $item->title)), "type" => "delete", "runningMsg" => t("Delete images in progress"), @@ -537,4 +537,4 @@ class Organize_Controller extends Controller { throw new Exception("Operation '$operation' is not implmented"); } } -} \ No newline at end of file +} diff --git a/modules/server_add/controllers/server_add.php b/modules/server_add/controllers/server_add.php index 0be0f698..f68392ce 100644 --- a/modules/server_add/controllers/server_add.php +++ b/modules/server_add/controllers/server_add.php @@ -239,7 +239,7 @@ class Server_Add_Controller extends Admin_Controller { $entry->save(); } $task->set("completed_files", $completed_files); - $task->status = t("Adding photos and albums (%completed of %total)", + $task->status = t("Adding photos / albums (%completed of %total)", array("completed" => $completed_files, "total" => $total_files)); $task->percent_complete = 10 + 100 * ($completed_files / $total_files); @@ -252,7 +252,7 @@ class Server_Add_Controller extends Admin_Controller { $task->percent_complete = 100; ORM::factory("server_add_file")->where("task_id", $task->id)->delete_all(); message::info(t2("Successfully added one photo / album", - "Successfully added %count photos and albums", + "Successfully added %count photos / albums", $task->get("completed_files"))); } } -- cgit v1.2.3 From 050c82cf80b06a555252efaf701434b0cfd59bed Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Tue, 21 Jul 2009 11:09:23 -0700 Subject: Escape bare & symbols so that we use valid entities. Fixes ticket #577. --- modules/organize/views/organize.html.php | 2 +- modules/server_add/views/admin_server_add.html.php | 2 +- modules/server_add/views/server_add_tree_dialog.html.php | 2 +- modules/user/views/login.html.php | 2 +- themes/admin_default/views/admin.html.php | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) (limited to 'modules/server_add') diff --git a/modules/organize/views/organize.html.php b/modules/organize/views/organize.html.php index 65d67d04..1686d255 100644 --- a/modules/organize/views/organize.html.php +++ b/modules/organize/views/organize.html.php @@ -33,7 +33,7 @@ var CONFIRM_DELETE = "
"> + ref="">
    diff --git a/modules/server_add/views/admin_server_add.html.php b/modules/server_add/views/admin_server_add.html.php index 588a9fca..30ab3536 100644 --- a/modules/server_add/views/admin_server_add.html.php +++ b/modules/server_add/views/admin_server_add.html.php @@ -11,7 +11,7 @@ -

    created) ?>

    - text)) ?> + text)) ?>
      diff --git a/modules/comment/views/comment.html.php b/modules/comment/views/comment.html.php index 3d17411c..31bb7f4d 100644 --- a/modules/comment/views/comment.html.php +++ b/modules/comment/views/comment.html.php @@ -4,15 +4,15 @@ " class="gAvatar" - alt="author_name()) ?>" + alt="author_name()) ?>" width="40" height="40" /> gallery::date_time($comment->created), - "author_name" => p::clean($comment->author_name()))) ?> + "author_name" => SafeString::of($comment->author_name()))) ?>

      - text)) ?> + text)) ?>
      diff --git a/modules/comment/views/comment.mrss.php b/modules/comment/views/comment.mrss.php index 2b5b13c1..ae7762d9 100644 --- a/modules/comment/views/comment.mrss.php +++ b/modules/comment/views/comment.mrss.php @@ -6,9 +6,9 @@ xmlns:fh="http://purl.org/syndication/history/1.0"> Gallery 3 - <?= p::clean($feed->title) ?> + <?= SafeString::of($feed->title) ?> uri ?> - description) ?> + description) ?> en-us @@ -22,14 +22,14 @@ children as $child): ?> - <?= p::purify($child->title) ?> - item_uri) ?> - author) ?> + <?= SafeString::purify($child->title) ?> + item_uri) ?> + author) ?> item_uri ?> pub_date ?> text)) ?>

      +

      text)) ?>

      diff --git a/modules/comment/views/comments.html.php b/modules/comment/views/comments.html.php index f7251389..7941b7da 100644 --- a/modules/comment/views/comments.html.php +++ b/modules/comment/views/comments.html.php @@ -12,16 +12,16 @@ " class="gAvatar" - alt="author_name()) ?>" + alt="author_name()) ?>" width="40" height="40" /> %name said', array("date" => date("Y-M-d H:i:s", $comment->created), - "name" => p::clean($comment->author_name()))); ?> + "name" => SafeString::of($comment->author_name()))); ?>

      - text)) ?> + text)) ?>
      diff --git a/modules/digibug/controllers/digibug.php b/modules/digibug/controllers/digibug.php index e0f4b6bf..509a8b70 100644 --- a/modules/digibug/controllers/digibug.php +++ b/modules/digibug/controllers/digibug.php @@ -50,7 +50,7 @@ class Digibug_Controller extends Controller { "image_width_1" => $item->width, "thumb_height_1" => $item->thumb_height, "thumb_width_1" => $item->thumb_width, - "title_1" => p::purify($item->title)); + "title_1" => SafeString::purify($item->title)); print $v; } diff --git a/modules/exif/views/exif_dialog.html.php b/modules/exif/views/exif_dialog.html.php index 6494b2b0..a981ca09 100644 --- a/modules/exif/views/exif_dialog.html.php +++ b/modules/exif/views/exif_dialog.html.php @@ -14,14 +14,14 @@ - + - + diff --git a/modules/g2_import/helpers/g2_import.php b/modules/g2_import/helpers/g2_import.php index 436cef52..a01ca1db 100644 --- a/modules/g2_import/helpers/g2_import.php +++ b/modules/g2_import/helpers/g2_import.php @@ -590,7 +590,7 @@ class g2_import_Core { self::map($g2_comment->getId(), $comment->id); return t("Imported comment '%comment' for item with id: %id", array("id" => $comment->item_id, - "comment" => text::limit_words(nl2br(p::purify($comment->text)), 50))); + "comment" => text::limit_words(nl2br(SafeString::purify($comment->text)), 50))); } /** diff --git a/modules/gallery/controllers/admin_advanced_settings.php b/modules/gallery/controllers/admin_advanced_settings.php index 64007fdb..d727b654 100644 --- a/modules/gallery/controllers/admin_advanced_settings.php +++ b/modules/gallery/controllers/admin_advanced_settings.php @@ -46,7 +46,7 @@ class Admin_Advanced_Settings_Controller extends Admin_Controller { module::set_var($module_name, $var_name, Input::instance()->post("value")); message::success( t("Saved value for %var (%module_name)", - array("var" => p::clean($var_name), "module_name" => $module_name))); + array("var" => SafeString::of($var_name), "module_name" => $module_name))); print json_encode(array("result" => "success")); } diff --git a/modules/gallery/controllers/movies.php b/modules/gallery/controllers/movies.php index c8227d74..09b16759 100644 --- a/modules/gallery/controllers/movies.php +++ b/modules/gallery/controllers/movies.php @@ -93,7 +93,7 @@ class Movies_Controller extends Items_Controller { log::success("content", "Updated photo", "id\">view"); message::success( - t("Saved photo %photo_title", array("photo_title" => p::clean($photo->title)))); + t("Saved photo %photo_title", array("photo_title" => $photo->title))); print json_encode( array("result" => "success", diff --git a/modules/gallery/controllers/photos.php b/modules/gallery/controllers/photos.php index 8ee24da8..3447b4c6 100644 --- a/modules/gallery/controllers/photos.php +++ b/modules/gallery/controllers/photos.php @@ -86,7 +86,7 @@ class Photos_Controller extends Items_Controller { log::success("content", "Updated photo", "id\">view"); message::success( - t("Saved photo %photo_title", array("photo_title" => p::clean($photo->title)))); + t("Saved photo %photo_title", array("photo_title" => $photo->title))); print json_encode( array("result" => "success", diff --git a/modules/gallery/controllers/quick.php b/modules/gallery/controllers/quick.php index de027c1b..98a5bf9f 100644 --- a/modules/gallery/controllers/quick.php +++ b/modules/gallery/controllers/quick.php @@ -89,7 +89,7 @@ class Quick_Controller extends Controller { access::required("view", $item->parent()); access::required("edit", $item->parent()); - $msg = t("Made %title this album's cover", array("title" => p::purify($item->title))); + $msg = t("Made %title this album's cover", array("title" => SafeString::purify($item->title))); item::make_album_cover($item); message::success($msg); @@ -105,10 +105,10 @@ class Quick_Controller extends Controller { if ($item->is_album()) { print t( "Delete the album %title? All photos and movies in the album will also be deleted.", - array("title" => p::purify($item->title))); + array("title" => SafeString::purify($item->title))); } else { print t("Are you sure you want to delete %title?", - array("title" => p::purify($item->title))); + array("title" => SafeString::purify($item->title))); } $form = item::get_delete_form($item); @@ -122,9 +122,9 @@ class Quick_Controller extends Controller { access::required("edit", $item); if ($item->is_album()) { - $msg = t("Deleted album %title", array("title" => p::purify($item->title))); + $msg = t("Deleted album %title", array("title" => SafeString::purify($item->title))); } else { - $msg = t("Deleted photo %title", array("title" => p::purify($item->title))); + $msg = t("Deleted photo %title", array("title" => SafeString::purify($item->title))); } $parent = $item->parent(); diff --git a/modules/gallery/helpers/gallery_rss.php b/modules/gallery/helpers/gallery_rss.php index 7daf6170..be555296 100644 --- a/modules/gallery/helpers/gallery_rss.php +++ b/modules/gallery/helpers/gallery_rss.php @@ -52,9 +52,9 @@ class gallery_rss_Core { ->viewable() ->descendants($limit, $offset, "photo"); $feed->max_pages = ceil($item->viewable()->descendants_count("photo") / $limit); - $feed->title = p::purify($item->title); + $feed->title = SafeString::purify($item->title); $feed->link = url::abs_site("albums/{$item->id}"); - $feed->description = nl2br(p::purify($item->description)); + $feed->description = nl2br(SafeString::purify($item->description)); return $feed; } diff --git a/modules/gallery/helpers/gallery_task.php b/modules/gallery/helpers/gallery_task.php index 9edc3acd..8c0e8aa8 100644 --- a/modules/gallery/helpers/gallery_task.php +++ b/modules/gallery/helpers/gallery_task.php @@ -64,10 +64,10 @@ class gallery_task_Core { if (!$success) { $ignored[$item->id] = 1; $errors[] = t("Unable to rebuild images for '%title'", - array("title" => p::purify($item->title))); + array("title" => SafeString::purify($item->title))); } else { $errors[] = t("Successfully rebuilt images for '%title'", - array("title" => p::purify($item->title))); + array("title" => SafeString::purify($item->title))); } } diff --git a/modules/gallery/helpers/p.php b/modules/gallery/helpers/p.php deleted file mode 100644 index e852c086..00000000 --- a/modules/gallery/helpers/p.php +++ /dev/null @@ -1,29 +0,0 @@ -purified_html(); - } -} diff --git a/modules/gallery/views/admin_advanced_settings.html.php b/modules/gallery/views/admin_advanced_settings.html.php index b37c1c73..adc15b91 100644 --- a/modules/gallery/views/admin_advanced_settings.html.php +++ b/modules/gallery/views/admin_advanced_settings.html.php @@ -20,13 +20,13 @@ module_name == "gallery" && $var->name == "_cache") continue ?> module_name ?> - name) ?> + name) ?> - module_name/" . p::clean($var->name)) ?>" + module_name/" . SafeString::of($var->name)) ?>" class="gDialogLink" - title=" p::clean($var->name), "module_name" => $var->module_name)) ?>"> + title=" $var->name, "module_name" => $var->module_name)) ?>"> value): ?> - value) ?> + value) ?> diff --git a/modules/gallery/views/admin_block_log_entries.html.php b/modules/gallery/views/admin_block_log_entries.html.php index 44c1657f..b7afb22d 100644 --- a/modules/gallery/views/admin_block_log_entries.html.php +++ b/modules/gallery/views/admin_block_log_entries.html.php @@ -2,7 +2,7 @@
      • - user_id") ?>">user->name) ?> + user_id") ?>">user->name) ?> timestamp) ?> message ?> html ?> diff --git a/modules/gallery/views/admin_block_photo_stream.html.php b/modules/gallery/views/admin_block_photo_stream.html.php index 1e1329d1..732bdc38 100644 --- a/modules/gallery/views/admin_block_photo_stream.html.php +++ b/modules/gallery/views/admin_block_photo_stream.html.php @@ -2,9 +2,9 @@
        • - id") ?>" title="title) ?>"> + id") ?>" title="title) ?>"> width, $photo->height, 72) ?> - src="thumb_url() ?>" alt="title) ?>" /> + src="thumb_url() ?>" alt="title) ?>" />
          • diff --git a/modules/gallery/views/admin_maintenance.html.php b/modules/gallery/views/admin_maintenance.html.php index 450eb754..a4db38ce 100644 --- a/modules/gallery/views/admin_maintenance.html.php +++ b/modules/gallery/views/admin_maintenance.html.php @@ -90,7 +90,7 @@ status ?> - owner()->name) ?> + owner()->name) ?> state == "stalled"): ?> diff --git a/modules/gallery/views/admin_maintenance_show_log.html.php b/modules/gallery/views/admin_maintenance_show_log.html.php index 9d850986..209aef03 100644 --- a/modules/gallery/views/admin_maintenance_show_log.html.php +++ b/modules/gallery/views/admin_maintenance_show_log.html.php @@ -12,7 +12,7 @@ appendTo('body').submit().remove();

          name ?>

          - 
          get_log()) ?>
          + 
          get_log()) ?>
          diff --git a/modules/gallery/views/after_install.html.php b/modules/gallery/views/after_install.html.php index e4842163..2cf8ec8f 100644 --- a/modules/gallery/views/after_install.html.php +++ b/modules/gallery/views/after_install.html.php @@ -8,7 +8,7 @@

          - %user_name account. The very first thing you should do is to change your password to something that you'll remember.", array("user_name" => p::clean($user->name))) ?> + %user_name account. The very first thing you should do is to change your password to something that you'll remember.", array("user_name" => $user->name)) ?>

          diff --git a/modules/gallery/views/move_tree.html.php b/modules/gallery/views/move_tree.html.php index 5f70cf67..7818a42a 100644 --- a/modules/gallery/views/move_tree.html.php +++ b/modules/gallery/views/move_tree.html.php @@ -1,18 +1,18 @@ thumb_img(array(), 25); ?> is_descendant($parent)): ?> - title) ?> + title) ?> - title) ?> + title) ?>

          • thumb_img(array(), 25); ?> is_descendant($child)): ?> - title) ?> + title) ?> - title) ?> + title) ?>
            • diff --git a/modules/gallery/views/permissions_browse.html.php b/modules/gallery/views/permissions_browse.html.php index 888a27f7..9ea0da25 100644 --- a/modules/gallery/views/permissions_browse.html.php +++ b/modules/gallery/views/permissions_browse.html.php @@ -35,14 +35,14 @@
          • - title) ?> + title) ?>
            • - title) ?> + title) ?>
              diff --git a/modules/gallery/views/permissions_form.html.php b/modules/gallery/views/permissions_form.html.php index ee5e3a24..adc0496f 100644 --- a/modules/gallery/views/permissions_form.html.php +++ b/modules/gallery/views/permissions_form.html.php @@ -6,7 +6,7 @@ - name) ?> + name) ?> diff --git a/modules/gallery/views/simple_uploader.html.php b/modules/gallery/views/simple_uploader.html.php index 38ac518c..56e568f6 100644 --- a/modules/gallery/views/simple_uploader.html.php +++ b/modules/gallery/views/simple_uploader.html.php @@ -6,7 +6,7 @@
              ">
              - p::purify($item->title))) ?> + SafeString::purify($item->title))) ?>
              @@ -26,9 +26,9 @@

                parents() as $parent): ?> -
              • title) ?>
                • +
              • title) ?>
                • -
              • title) ?>
                • +
              • title) ?>

              diff --git a/modules/info/views/info_block.html.php b/modules/info/views/info_block.html.php index f86ae39d..365a1021 100644 --- a/modules/info/views/info_block.html.php +++ b/modules/info/views/info_block.html.php @@ -2,18 +2,18 @@

              • - title) ?> + title) ?>
                • description): ?>
              • - description)) ?> + description)) ?>
                • id != 1): ?>
              • - name) ?> + name) ?>
                • captured): ?> @@ -26,9 +26,9 @@
              • owner->url): ?> - owner->display_name()) ?> + owner->display_name()) ?> - owner->display_name()) ?> + owner->display_name()) ?>
                • diff --git a/modules/notification/views/comment_published.html.php b/modules/notification/views/comment_published.html.php index 4a56cdad..02daf921 100644 --- a/modules/notification/views/comment_published.html.php +++ b/modules/notification/views/comment_published.html.php @@ -1,26 +1,26 @@ - <?= p::clean($subject) ?> + <?= SafeString::of($subject) ?> -

                +

                - + - + - + - + diff --git a/modules/notification/views/item_added.html.php b/modules/notification/views/item_added.html.php index 86724927..70b8fca4 100644 --- a/modules/notification/views/item_added.html.php +++ b/modules/notification/views/item_added.html.php @@ -1,14 +1,14 @@ - <?= p::clean($subject) ?> + <?= SafeString::of($subject) ?> -

                +

                text)) ?>text)) ?>
                author_name()) ?>author_name()) ?>
                author_email()) ?>author_email()) ?>
                author_url()) ?>author_url()) ?>
                - + @@ -21,7 +21,7 @@ description): ?> - +
                title) ?>title) ?>
                description)) ?>description)) ?>
                diff --git a/modules/notification/views/item_deleted.html.php b/modules/notification/views/item_deleted.html.php index 92215211..e04fc71b 100644 --- a/modules/notification/views/item_deleted.html.php +++ b/modules/notification/views/item_deleted.html.php @@ -1,15 +1,15 @@ - <?= p::clean($subject) ?> + <?= SafeString::of($subject) ?> -

                +

                diff --git a/modules/notification/views/item_updated.html.php b/modules/notification/views/item_updated.html.php index 39f9113b..c3a4f795 100644 --- a/modules/notification/views/item_updated.html.php +++ b/modules/notification/views/item_updated.html.php @@ -1,18 +1,18 @@ - <?= p::clean($subject) ?> + <?= SafeString::of($subject) ?> -

                +

                p::purify($item->parent()->title))) ?> + array("title" => SafeString::purify($item->parent()->title))) ?>
                original("title") != $item->title): ?> - + - + @@ -22,12 +22,12 @@ original("description") != $item->description): ?> - + description)): ?> - +
                title) ?>title) ?> title) ?>title) ?>
                description) ?>description) ?>
                description) ?>description) ?>
                diff --git a/modules/organize/controllers/organize.php b/modules/organize/controllers/organize.php index 898be509..d60aa838 100644 --- a/modules/organize/controllers/organize.php +++ b/modules/organize/controllers/organize.php @@ -62,8 +62,8 @@ class Organize_Controller extends Controller { access::required("edit", $item); print json_encode( - array("title" => p::purify($item->title), - "description" => empty($item->description) ? "" : p::purify($item->description))); + array("title" => SafeString::purify($item->title), + "description" => empty($item->description) ? "" : SafeString::purify($item->description))); } function tree($item, $parent) { @@ -281,10 +281,10 @@ class Organize_Controller extends Controller { if ($item->is_album()) { log::success("content", "Updated album", "id\">view"); - $message = t("Saved album %album_title", array("album_title" => p::purify($item->title))); + $message = t("Saved album %album_title", array("album_title" => SafeString::purify($item->title))); } else { log::success("content", "Updated photo", "id\">view"); - $message = t("Saved photo %photo_title", array("photo_title" => p::purify($item->title))); + $message = t("Saved photo %photo_title", array("photo_title" => SafeString::purify($item->title))); } print json_encode(array("form" => $form->__toString(), "message" => $message)); } else { @@ -321,7 +321,7 @@ class Organize_Controller extends Controller { $item->save(); log::success("content", "Updated album", "id\">view"); - $message = t("Saved album %album_title", array("album_title" => p::purify($item->title))); + $message = t("Saved album %album_title", array("album_title" => SafeString::purify($item->title))); print json_encode(array("form" => $form->__toString(), "message" => $message)); } else { print json_encode(array("form" => $form->__toString())); diff --git a/modules/organize/views/organize.html.php b/modules/organize/views/organize.html.php index 1686d255..1182a887 100644 --- a/modules/organize/views/organize.html.php +++ b/modules/organize/views/organize.html.php @@ -16,7 +16,7 @@ var CONFIRM_DELETE = "
                - p::purify($item->title))) ?> + SafeString::purify($item->title))) ?>
                diff --git a/modules/organize/views/organize_album.html.php b/modules/organize/views/organize_album.html.php index ae2d5d51..4933ed32 100644 --- a/modules/organize/views/organize_album.html.php +++ b/modules/organize/views/organize_album.html.php @@ -7,7 +7,7 @@
                gBranchText"> - title) ?> + title) ?>
                "> diff --git a/modules/rss/views/feed.mrss.php b/modules/rss/views/feed.mrss.php index 447179a5..7298b7f4 100644 --- a/modules/rss/views/feed.mrss.php +++ b/modules/rss/views/feed.mrss.php @@ -6,9 +6,9 @@ xmlns:fh="http://purl.org/syndication/history/1.0"> gallery3 - <?= p::clean($feed->title) ?> + <?= SafeString::of($feed->title) ?> uri ?> - description) ?> + description) ?> en-us @@ -22,25 +22,25 @@ children as $child): ?> - <?= p::clean($child->title) ?> + <?= SafeString::of($child->title) ?> type}s/{$child->id}") ?> type}s/{$child->id}") ?> created); ?> description) ?> + description) ?>

                type == "photo" || $child->type == "album"): ?>
                type}s/{$child->id}") ?>">
                - description) ?> + description) ?>

                ]]>                 diff --git a/modules/search/views/search.html.php b/modules/search/views/search.html.php index 6a222ef1..e5c7b4a6 100644 --- a/modules/search/views/search.html.php +++ b/modules/search/views/search.html.php @@ -8,10 +8,10 @@
                • - +
                • - " /> + for_html_attr() ?>" />
                @@ -31,10 +31,10 @@ id") ?>"> thumb_img() ?>

                - title) ?> + title) ?>

                - description)) ?> + description)) ?>
                @@ -44,7 +44,7 @@

                - %term", array("term" => p::clean($q))) ?> + %term", array("term" => $q)) ?>

                diff --git a/modules/server_add/controllers/admin_server_add.php b/modules/server_add/controllers/admin_server_add.php index 30109f42..fac2aa44 100644 --- a/modules/server_add/controllers/admin_server_add.php +++ b/modules/server_add/controllers/admin_server_add.php @@ -38,7 +38,7 @@ class Admin_Server_Add_Controller extends Admin_Controller { $path = $form->add_path->path->value; $paths[$path] = 1; module::set_var("server_add", "authorized_paths", serialize($paths)); - message::success(t("Added path %path", array("path" => p::clean($path)))); + message::success(t("Added path %path", array("path" => $path))); server_add::check_config($paths); url::redirect("admin/server_add"); } else { @@ -60,7 +60,7 @@ class Admin_Server_Add_Controller extends Admin_Controller { $paths = unserialize(module::get_var("server_add", "authorized_paths")); if (isset($paths[$path])) { unset($paths[$path]); - message::success(t("Removed path %path", array("path" => p::clean($path)))); + message::success(t("Removed path %path", array("path" => $path))); module::set_var("server_add", "authorized_paths", serialize($paths)); server_add::check_config($paths); } diff --git a/modules/server_add/views/server_add_tree.html.php b/modules/server_add/views/server_add_tree.html.php index 254a9da0..b68544ec 100644 --- a/modules/server_add/views/server_add_tree.html.php +++ b/modules/server_add/views/server_add_tree.html.php @@ -24,7 +24,7 @@ file="" > - + diff --git a/modules/server_add/views/server_add_tree_dialog.html.php b/modules/server_add/views/server_add_tree_dialog.html.php index 21952849..533cad04 100644 --- a/modules/server_add/views/server_add_tree_dialog.html.php +++ b/modules/server_add/views/server_add_tree_dialog.html.php @@ -5,17 +5,17 @@
                -

                p::purify($item->title))) ?>

                +

                SafeString::purify($item->title))) ?>

                  parents() as $parent): ?>
                • - title) ?> + title) ?>
                • - title) ?> + title) ?>
                diff --git a/modules/tag/controllers/admin_tags.php b/modules/tag/controllers/admin_tags.php index dcdc16b9..f1b4ca3a 100644 --- a/modules/tag/controllers/admin_tags.php +++ b/modules/tag/controllers/admin_tags.php @@ -53,8 +53,8 @@ class Admin_Tags_Controller extends Admin_Controller { $name = $tag->name; Database::instance()->delete("items_tags", array("tag_id" => "$tag->id")); $tag->delete(); - message::success(t("Deleted tag %tag_name", array("tag_name" => p::clean($name)))); - log::success("tags", t("Deleted tag %tag_name", array("tag_name" => p::clean($name)))); + message::success(t("Deleted tag %tag_name", array("tag_name" => $name))); + log::success("tags", t("Deleted tag %tag_name", array("tag_name" => $name))); print json_encode( array("result" => "success", @@ -98,7 +98,7 @@ class Admin_Tags_Controller extends Admin_Controller { $tag->save(); $message = t("Renamed tag %old_name to %new_name", - array("old_name" => p::clean($old_name), "new_name" => p::clean($tag->name))); + array("old_name" => $old_name, "new_name" => $tag->name)); message::success($message); log::success("tags", $message); @@ -106,7 +106,7 @@ class Admin_Tags_Controller extends Admin_Controller { array("result" => "success", "location" => url::site("admin/tags"), "tag_id" => $tag->id, - "new_tagname" => p::clean($tag->name))); + "new_tagname" => SafeString::of($tag->name))); } else { print json_encode( array("result" => "error", diff --git a/modules/tag/helpers/tag_rss.php b/modules/tag/helpers/tag_rss.php index f94508cf..7194586d 100644 --- a/modules/tag/helpers/tag_rss.php +++ b/modules/tag/helpers/tag_rss.php @@ -22,7 +22,7 @@ class tag_rss_Core { static function available_feeds($item, $tag) { if ($tag) { $feeds["tag/tag/{$tag->id}"] = - t("Tag feed for %tag_name", array("tag_name" => p::clean($tag->name))); + t("Tag feed for %tag_name", array("tag_name" => $tag->name)); return $feeds; } return array(); diff --git a/modules/tag/views/admin_tags.html.php b/modules/tag/views/admin_tags.html.php index 7d201da7..5bd23112 100644 --- a/modules/tag/views/admin_tags.html.php +++ b/modules/tag/views/admin_tags.html.php @@ -47,7 +47,7 @@
              • - name) ?> + name) ?> (count ?>) id") ?>" class="gDialogLink delete-link gButtonLink"> diff --git a/modules/tag/views/tag_cloud.html.php b/modules/tag/views/tag_cloud.html.php index eba615fc..b4c6ae34 100644 --- a/modules/tag/views/tag_cloud.html.php +++ b/modules/tag/views/tag_cloud.html.php @@ -3,7 +3,7 @@
              • count ?> photos are tagged with - id") ?>">name) ?> + id") ?>">name) ?>
              diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php index f87602b8..521f82fa 100644 --- a/modules/user/controllers/admin_users.php +++ b/modules/user/controllers/admin_users.php @@ -51,7 +51,7 @@ class Admin_Users_Controller extends Controller { $user->save(); module::event("user_add_form_admin_completed", $user, $form); - message::success(t("Created user %user_name", array("user_name" => p::clean($user->name)))); + message::success(t("Created user %user_name", array("user_name" => $user->name))); print json_encode(array("result" => "success")); } else { print json_encode(array("result" => "error", @@ -84,7 +84,7 @@ class Admin_Users_Controller extends Controller { "form" => $form->__toString())); } - $message = t("Deleted user %user_name", array("user_name" => p::clean($name))); + $message = t("Deleted user %user_name", array("user_name" => $name)); log::success("user", $message); message::success($message); print json_encode(array("result" => "success")); @@ -142,7 +142,7 @@ class Admin_Users_Controller extends Controller { $user->save(); module::event("user_edit_form_admin_completed", $user, $form); - message::success(t("Changed user %user_name", array("user_name" => p::clean($user->name)))); + message::success(t("Changed user %user_name", array("user_name" => $user->name))); print json_encode(array("result" => "success")); } else { print json_encode(array("result" => "error", @@ -204,7 +204,7 @@ class Admin_Users_Controller extends Controller { $group = group::create($new_name); $group->save(); message::success( - t("Created group %group_name", array("group_name" => p::clean($group->name)))); + t("Created group %group_name", array("group_name" => $group->name))); print json_encode(array("result" => "success")); } else { print json_encode(array("result" => "error", @@ -233,7 +233,7 @@ class Admin_Users_Controller extends Controller { "form" => $form->__toString())); } - $message = t("Deleted group %group_name", array("group_name" => p::clean($name))); + $message = t("Deleted group %group_name", array("group_name" => $name)); log::success("group", $message); message::success($message); print json_encode(array("result" => "success")); @@ -271,11 +271,11 @@ class Admin_Users_Controller extends Controller { $group->name = $form->edit_group->inputs["name"]->value; $group->save(); message::success( - t("Changed group %group_name", array("group_name" => p::clean($group->name)))); + t("Changed group %group_name", array("group_name" => $group->name))); print json_encode(array("result" => "success")); } else { message::error( - t("Failed to change group %group_name", array("group_name" => p::clean($group->name)))); + t("Failed to change group %group_name", array("group_name" => $group->name))); print json_encode(array("result" => "error", "form" => $form->__toString())); } diff --git a/modules/user/controllers/login.php b/modules/user/controllers/login.php index 4d901051..b81b17b2 100644 --- a/modules/user/controllers/login.php +++ b/modules/user/controllers/login.php @@ -63,7 +63,7 @@ class Login_Controller extends Controller { log::warning( "user", t("Failed login for %name", - array("name" => p::clean($form->login->inputs["name"]->value)))); + array("name" => $form->login->inputs["name"]->value))); $form->login->inputs["name"]->add_error("invalid_login", 1); $valid = false; } @@ -71,7 +71,7 @@ class Login_Controller extends Controller { if ($valid) { user::login($user); - log::info("user", t("User %name logged in", array("name" => p::clean($user->name)))); + log::info("user", t("User %name logged in", array("name" => $user->name))); } // Either way, regenerate the session id to avoid session trapping diff --git a/modules/user/controllers/logout.php b/modules/user/controllers/logout.php index 099b1952..4b141a1c 100644 --- a/modules/user/controllers/logout.php +++ b/modules/user/controllers/logout.php @@ -23,8 +23,8 @@ class Logout_Controller extends Controller { $user = user::active(); user::logout(); - log::info("user", t("User %name logged out", array("name" => p::clean($user->name))), - html::anchor("user/$user->id", p::clean($user->name))); + log::info("user", t("User %name logged out", array("name" => $user->name)), + html::anchor("user/$user->id", SafeString::of($user->name))); if ($continue_url = $this->input->get("continue")) { $item = url::get_item_from_uri($continue_url); if (access::can("view", $item)) { diff --git a/modules/user/controllers/password.php b/modules/user/controllers/password.php index 2af1b879..066efbba 100644 --- a/modules/user/controllers/password.php +++ b/modules/user/controllers/password.php @@ -74,7 +74,7 @@ class Password_Controller extends Controller { log::success( "user", - t("Password reset email sent for user %name", array("name" => p::clean($user->name)))); + t("Password reset email sent for user %name", array("name" => $user->name))); } else { // Don't include the username here until you're sure that it's XSS safe log::warning( diff --git a/modules/user/views/admin_users.html.php b/modules/user/views/admin_users.html.php index 542b8b8b..54c4847d 100644 --- a/modules/user/views/admin_users.html.php +++ b/modules/user/views/admin_users.html.php @@ -68,16 +68,16 @@ " title="" - alt="name) ?>" + alt="name) ?>" width="20" height="20" /> - name) ?> + name) ?> - full_name) ?> + full_name) ?> - email) ?> + email) ?> last_login == 0) ? "" : gallery::date($user->last_login) ?> diff --git a/modules/user/views/admin_users_group.html.php b/modules/user/views/admin_users_group.html.php index bfd79dba..f89a4392 100644 --- a/modules/user/views/admin_users_group.html.php +++ b/modules/user/views/admin_users_group.html.php @@ -1,9 +1,9 @@

              - name) ?> + name) ?> special): ?> id") ?>" - title=" p::clean($group->name))) ?>" + title=" $group->name)) ?>" class="gDialogLink gButtonLink ui-state-default ui-corner-all"> @@ -17,12 +17,12 @@

                @@ -16,7 +16,7 @@ width="thumb_width ?>" height="thumb_height ?>" /> -

                title) ?>

                +

                title) ?>

                thumb_bottom($child) ?>
                  thumb_info($child) ?> diff --git a/themes/default/views/header.html.php b/themes/default/views/header.html.php index 2ba1e923..9e34401d 100644 --- a/themes/default/views/header.html.php +++ b/themes/default/views/header.html.php @@ -19,10 +19,10 @@
                • id}?show=$item->id") ?>"> - title) ?> + title) ?>
                  • -
                • title) ?>
                  • +
                • title) ?>
                diff --git a/themes/default/views/movie.html.php b/themes/default/views/movie.html.php index 66c80ded..1f25a626 100644 --- a/themes/default/views/movie.html.php +++ b/themes/default/views/movie.html.php @@ -15,8 +15,8 @@ movie_img(array("class" => "gMovie", "id" => "gMovieId-{$item->id}")) ?>
                -

                title) ?>

                -
                description)) ?>
                +

                title) ?>

                +
                description)) ?>
                * */ - static function escape_for_js($string) { + static function clean_js($string) { return SafeString::of($string)->for_js(); } diff --git a/modules/gallery/helpers/gallery_rss.php b/modules/gallery/helpers/gallery_rss.php index affb3101..dee6ae40 100644 --- a/modules/gallery/helpers/gallery_rss.php +++ b/modules/gallery/helpers/gallery_rss.php @@ -53,9 +53,9 @@ class gallery_rss_Core { ->descendants($limit, $offset, array("type" => "photo")); $feed->max_pages = ceil( $item->viewable()->descendants_count(array("type" => "photo")) / $limit); - $feed->title = SafeString::purify($item->title); + $feed->title = html::purify($item->title); $feed->link = url::abs_site("albums/{$item->id}"); - $feed->description = nl2br(SafeString::purify($item->description)); + $feed->description = nl2br(html::purify($item->description)); return $feed; } diff --git a/modules/gallery/helpers/gallery_task.php b/modules/gallery/helpers/gallery_task.php index 8c0e8aa8..c9557324 100644 --- a/modules/gallery/helpers/gallery_task.php +++ b/modules/gallery/helpers/gallery_task.php @@ -64,10 +64,10 @@ class gallery_task_Core { if (!$success) { $ignored[$item->id] = 1; $errors[] = t("Unable to rebuild images for '%title'", - array("title" => SafeString::purify($item->title))); + array("title" => html::purify($item->title))); } else { $errors[] = t("Successfully rebuilt images for '%title'", - array("title" => SafeString::purify($item->title))); + array("title" => html::purify($item->title))); } } diff --git a/modules/gallery/tests/Html_Helper_Test.php b/modules/gallery/tests/Html_Helper_Test.php index 4d934ad5..a9903256 100644 --- a/modules/gallery/tests/Html_Helper_Test.php +++ b/modules/gallery/tests/Html_Helper_Test.php @@ -40,8 +40,8 @@ class Html_Helper_Test extends Unit_Test_Case { $safe_string_2); } - public function escape_for_js_test() { - $string = html::escape_for_js("hello's

                world

                "); + public function clean_js_test() { + $string = html::clean_js("hello's

                world

                "); $this->assert_equal("hello\\'s

                world<\\/p>", $string); } diff --git a/modules/gallery/tests/Xss_Security_Test.php b/modules/gallery/tests/Xss_Security_Test.php index 8e5f8354..16e5a856 100644 --- a/modules/gallery/tests/Xss_Security_Test.php +++ b/modules/gallery/tests/Xss_Security_Test.php @@ -151,7 +151,7 @@ class Xss_Security_Test extends Unit_Test_Case { if (self::_token_matches(array(T_DOUBLE_COLON, "::"), $tokens, $token_number + 1) && self::_token_matches(array(T_STRING), $tokens, $token_number + 2) && in_array($tokens[$token_number + 2][1], - array("clean", "purify", "escape_for_js", "clean_attribute_test")) && + array("clean", "purify", "clean_js", "clean_attribute")) && self::_token_matches("(", $tokens, $token_number + 3)) { // Not checking for mark_safe(). We want such calls to be marked dirty (thus reviewed). @@ -161,7 +161,7 @@ class Xss_Security_Test extends Unit_Test_Case { $token_number += 3; $token = $tokens[$token_number]; - if ("escape_for_js" == $method) { + if ("clean_js" == $method) { $frame->is_safe_js(true); } else { $frame->is_safe_html(true); diff --git a/modules/gallery/views/admin_advanced_settings.html.php b/modules/gallery/views/admin_advanced_settings.html.php index adc15b91..4235e8f8 100644 --- a/modules/gallery/views/admin_advanced_settings.html.php +++ b/modules/gallery/views/admin_advanced_settings.html.php @@ -20,13 +20,13 @@ module_name == "gallery" && $var->name == "_cache") continue ?> module_name ?> - name) ?> + name) ?> - module_name/" . SafeString::of($var->name)) ?>" + module_name/" . html::clean($var->name)) ?>" class="gDialogLink" title=" $var->name, "module_name" => $var->module_name)) ?>"> value): ?> - value) ?> + value) ?> diff --git a/modules/gallery/views/admin_block_log_entries.html.php b/modules/gallery/views/admin_block_log_entries.html.php index b7afb22d..780ff2d0 100644 --- a/modules/gallery/views/admin_block_log_entries.html.php +++ b/modules/gallery/views/admin_block_log_entries.html.php @@ -2,7 +2,7 @@

                • - user_id") ?>">user->name) ?> + user_id") ?>">user->name) ?> timestamp) ?> message ?> html ?> diff --git a/modules/gallery/views/admin_block_photo_stream.html.php b/modules/gallery/views/admin_block_photo_stream.html.php index 732bdc38..a50836ad 100644 --- a/modules/gallery/views/admin_block_photo_stream.html.php +++ b/modules/gallery/views/admin_block_photo_stream.html.php @@ -2,9 +2,9 @@
                  • - id") ?>" title="title) ?>"> + id") ?>" title="title) ?>"> width, $photo->height, 72) ?> - src="thumb_url() ?>" alt="title) ?>" /> + src="thumb_url() ?>" alt="title) ?>" />
                    • diff --git a/modules/gallery/views/admin_languages.html.php b/modules/gallery/views/admin_languages.html.php index 4bee9bb1..052d749b 100644 --- a/modules/gallery/views/admin_languages.html.php +++ b/modules/gallery/views/admin_languages.html.php @@ -40,7 +40,7 @@
                    -

                    SafeString::purify($album->title))) ?>

                    +

                    html::purify($album->title))) ?>

                    diff --git a/modules/organize/views/organize_tree.html.php b/modules/organize/views/organize_tree.html.php index 387d5977..5b676889 100644 --- a/modules/organize/views/organize_tree.html.php +++ b/modules/organize/views/organize_tree.html.php @@ -5,7 +5,7 @@ - title) ?> + title) ?>
                      @@ -17,7 +17,7 @@ " ref="id ?>"> - title) ?> + title) ?> id == $album->id): ?> @@ -29,7 +29,7 @@ - title) ?> + title) ?> diff --git a/modules/rss/views/feed.mrss.php b/modules/rss/views/feed.mrss.php index 7298b7f4..731703c7 100644 --- a/modules/rss/views/feed.mrss.php +++ b/modules/rss/views/feed.mrss.php @@ -6,9 +6,9 @@ xmlns:fh="http://purl.org/syndication/history/1.0"> gallery3 - <?= SafeString::of($feed->title) ?> + <?= html::clean($feed->title) ?> uri ?> - description) ?> + description) ?> en-us @@ -22,25 +22,25 @@ children as $child): ?> - <?= SafeString::of($child->title) ?> + <?= html::clean($child->title) ?> type}s/{$child->id}") ?> type}s/{$child->id}") ?> created); ?> description) ?> + description) ?>

                      type == "photo" || $child->type == "album"): ?>
                      type}s/{$child->id}") ?>">
                      - description) ?> + description) ?>

                      ]]>                       diff --git a/modules/rss/views/rss_block.html.php b/modules/rss/views/rss_block.html.php index cd8db89d..737731b6 100644 --- a/modules/rss/views/rss_block.html.php +++ b/modules/rss/views/rss_block.html.php @@ -5,7 +5,7 @@ - + diff --git a/modules/search/views/search.html.php b/modules/search/views/search.html.php index e5c7b4a6..7963948d 100644 --- a/modules/search/views/search.html.php +++ b/modules/search/views/search.html.php @@ -8,7 +8,7 @@
                      • - +
                      • for_html_attr() ?>" /> @@ -31,10 +31,10 @@ id") ?>"> thumb_img() ?>

                        - title) ?> + title) ?>

                        - description)) ?> + description)) ?>
                        • diff --git a/modules/server_add/views/admin_server_add.html.php b/modules/server_add/views/admin_server_add.html.php index c4439bda..b48a19da 100644 --- a/modules/server_add/views/admin_server_add.html.php +++ b/modules/server_add/views/admin_server_add.html.php @@ -16,7 +16,7 @@ class="gRemoveDir ui-icon ui-icon-trash"> X - +
                      diff --git a/modules/server_add/views/server_add_tree.html.php b/modules/server_add/views/server_add_tree.html.php index 2f65a590..dbae42c5 100644 --- a/modules/server_add/views/server_add_tree.html.php +++ b/modules/server_add/views/server_add_tree.html.php @@ -10,7 +10,7 @@
                    • - +
                        @@ -24,7 +24,7 @@ file=" '\\"')) ?>" > - + diff --git a/modules/server_add/views/server_add_tree_dialog.html.php b/modules/server_add/views/server_add_tree_dialog.html.php index 912e69b6..8eb6e4df 100644 --- a/modules/server_add/views/server_add_tree_dialog.html.php +++ b/modules/server_add/views/server_add_tree_dialog.html.php @@ -5,17 +5,17 @@
                        -

                        SafeString::purify($item->title))) ?>

                        +

                        html::purify($item->title))) ?>

                          parents() as $parent): ?>
                        • - title) ?> + title) ?>
                        • - title) ?> + title) ?>
                        diff --git a/modules/tag/controllers/admin_tags.php b/modules/tag/controllers/admin_tags.php index f1b4ca3a..8b8dde21 100644 --- a/modules/tag/controllers/admin_tags.php +++ b/modules/tag/controllers/admin_tags.php @@ -106,7 +106,7 @@ class Admin_Tags_Controller extends Admin_Controller { array("result" => "success", "location" => url::site("admin/tags"), "tag_id" => $tag->id, - "new_tagname" => SafeString::of($tag->name))); + "new_tagname" => html::clean($tag->name))); } else { print json_encode( array("result" => "error", diff --git a/modules/tag/views/admin_tags.html.php b/modules/tag/views/admin_tags.html.php index 30dd0728..3d805c5e 100644 --- a/modules/tag/views/admin_tags.html.php +++ b/modules/tag/views/admin_tags.html.php @@ -32,7 +32,7 @@ name, 0, 1)) ?> - +
                          $tags_per_column): /* new column */ ?> @@ -42,12 +42,12 @@
                        - + diff --git a/modules/user/controllers/logout.php b/modules/user/controllers/logout.php index 4b141a1c..fc3ced56 100644 --- a/modules/user/controllers/logout.php +++ b/modules/user/controllers/logout.php @@ -24,7 +24,7 @@ class Logout_Controller extends Controller { $user = user::active(); user::logout(); log::info("user", t("User %name logged out", array("name" => $user->name)), - html::anchor("user/$user->id", SafeString::of($user->name))); + html::anchor("user/$user->id", html::clean($user->name))); if ($continue_url = $this->input->get("continue")) { $item = url::get_item_from_uri($continue_url); if (access::can("view", $item)) { diff --git a/modules/user/views/admin_users.html.php b/modules/user/views/admin_users.html.php index 36c4f4fd..9455f9d9 100644 --- a/modules/user/views/admin_users.html.php +++ b/modules/user/views/admin_users.html.php @@ -68,16 +68,16 @@ " title="" - alt="name) ?>" + alt="name) ?>" width="20" height="20" /> - name) ?> + name) ?> - full_name) ?> + full_name) ?> - email) ?> + email) ?> last_login == 0) ? "" : gallery::date($user->last_login) ?> diff --git a/modules/user/views/admin_users_group.html.php b/modules/user/views/admin_users_group.html.php index f89a4392..8418ebc9 100644 --- a/modules/user/views/admin_users_group.html.php +++ b/modules/user/views/admin_users_group.html.php @@ -1,6 +1,6 @@

                        - name) ?> + name) ?> special): ?> id") ?>" title=" $group->name)) ?>" @@ -17,7 +17,7 @@

                          @@ -16,7 +16,7 @@ width="thumb_width ?>" height="thumb_height ?>" /> -

                          title) ?>

                          +

                          title) ?>

                          thumb_bottom($child) ?>
                            thumb_info($child) ?> diff --git a/themes/default/views/header.html.php b/themes/default/views/header.html.php index 9e34401d..dcfa6fd8 100644 --- a/themes/default/views/header.html.php +++ b/themes/default/views/header.html.php @@ -19,10 +19,10 @@
                          • id}?show=$item->id") ?>"> - title) ?> + title) ?>
                            • -
                          • title) ?>
                            • +
                          • title) ?>
                          diff --git a/themes/default/views/movie.html.php b/themes/default/views/movie.html.php index 237743b7..910814dd 100644 --- a/themes/default/views/movie.html.php +++ b/themes/default/views/movie.html.php @@ -28,8 +28,8 @@ movie_img(array("class" => "gMovie", "id" => "gMovieId-{$item->id}")) ?>
                          -

                          title) ?>

                          -
                          description)) ?>
                          +

                          title) ?>

                          +
                          description)) ?>
                          photo_bottom() ?> diff --git a/themes/default/views/photo.html.php b/themes/default/views/photo.html.php index 5b5cb12b..c601c4cc 100644 --- a/themes/default/views/photo.html.php +++ b/themes/default/views/photo.html.php @@ -5,7 +5,7 @@ block? - if (is_array($token) && $token[0] == T_INLINE_HTML) { - $inline_html = $token[1]; - // T_INLINE_HTML blocks can be split. Need to handle the case - // where one token has "expr_append($inline_html); - } - - // Note: This approach won't catch }i', $inline_html, $matches, PREG_OFFSET_CAPTURE)) { - $last_match = array_pop($matches[0]); - if (is_array($last_match)) { - $closing_script_pos = $last_match[1]; - } else { - $closing_script_pos = $last_match; - } - } - if (preg_match('{]*>}i', $inline_html, $matches, PREG_OFFSET_CAPTURE)) { - $last_match = array_pop($matches[0]); - if (is_array($last_match)) { - $opening_script_pos = $last_match[1]; - } else { - $opening_script_pos = $last_match; - } - } - if ($opening_script_pos != $closing_script_pos) { - $in_script_block = $opening_script_pos > $closing_script_pos; - } - } - - // Look and report each instance of < ? = ... ? > - if (!is_array($token)) { - // A single char token, e.g: ; ( ) - if ($frame) { - $frame->expr_append($token); - } - } else if ($token[0] == T_OPEN_TAG_WITH_ECHO) { - // No need for a stack here - assume < ? = cannot be nested. - $frame = self::_create_frame($token, $in_script_block); + $token = $tokens[$token_number]; + + // Are we in a block? + if (is_array($token) && $token[0] == T_INLINE_HTML) { + $inline_html = $token[1]; + // T_INLINE_HTML blocks can be split. Need to handle the case + // where one token has "expr_append($inline_html); + } + + // Note: This approach won't catch }i', $inline_html, $matches, PREG_OFFSET_CAPTURE)) { + $last_match = array_pop($matches[0]); + if (is_array($last_match)) { + $closing_script_pos = $last_match[1]; + } else { + $closing_script_pos = $last_match; + } + } + if (preg_match('{]*>}i', $inline_html, $matches, PREG_OFFSET_CAPTURE)) { + $last_match = array_pop($matches[0]); + if (is_array($last_match)) { + $opening_script_pos = $last_match[1]; + } else { + $opening_script_pos = $last_match; + } + } + if ($opening_script_pos != $closing_script_pos) { + $in_script_block = $opening_script_pos > $closing_script_pos; + } + } + + // Look and report each instance of < ? = ... ? > + if (!is_array($token)) { + // A single char token, e.g: ; ( ) + if ($frame) { + $frame->expr_append($token); + } + } else if ($token[0] == T_OPEN_TAG_WITH_ECHO) { + // No need for a stack here - assume < ? = cannot be nested. + $frame = self::_create_frame($token, $in_script_block); } else if ($frame && $token[0] == T_CLOSE_TAG) { - // Store the < ? = ... ? > block that just ended here. - $found[$view][] = $frame; - $frame = null; + // Store the < ? = ... ? > block that just ended here. + $found[$view][] = $frame; + $frame = null; } else if ($frame && $token[0] == T_VARIABLE) { - $frame->expr_append($token[1]); + $frame->expr_append($token[1]); if ($token[1] == '$theme') { - if (self::_token_matches(array(T_OBJECT_OPERATOR, "->"), $tokens, $token_number + 1) && - self::_token_matches(array(T_STRING), $tokens, $token_number + 2) && - in_array($tokens[$token_number + 2][1], - array("thumb_proportion", "site_menu", "album_menu", "tag_menu", "photo_menu", + if (self::_token_matches(array(T_OBJECT_OPERATOR, "->"), $tokens, $token_number + 1) && + self::_token_matches(array(T_STRING), $tokens, $token_number + 2) && + in_array($tokens[$token_number + 2][1], + array("thumb_proportion", "site_menu", "album_menu", "tag_menu", "photo_menu", "context_menu", "pager", "site_status", "messages", "album_blocks", "album_bottom", "album_top", "body_attributes", "credits", "dynamic_bottom", "dynamic_top", "footer", "head", "header_bottom", "header_top", "page_bottom", "page_top", "photo_blocks", "photo_bottom", "photo_top", "resize_bottom", "resize_top", "sidebar_blocks", "sidebar_bottom", "sidebar_top", "thumb_bottom", "thumb_info", "thumb_top")) && - self::_token_matches("(", $tokens, $token_number + 3)) { + self::_token_matches("(", $tokens, $token_number + 3)) { - $method = $tokens[$token_number + 2][1]; - $frame->expr_append("->$method("); + $method = $tokens[$token_number + 2][1]; + $frame->expr_append("->$method("); - $token_number += 3; - $token = $tokens[$token_number]; + $token_number += 3; + $token = $tokens[$token_number]; $frame->is_safe_html(true); - } else if (self::_token_matches(array(T_OBJECT_OPERATOR, "->"), $tokens, $token_number + 1) && - self::_token_matches(array(T_STRING), $tokens, $token_number + 2) && - in_array($tokens[$token_number + 2][1], - array("css", "script", "url")) && - self::_token_matches("(", $tokens, $token_number + 3) && - // Only allow constant strings here - self::_token_matches(array(T_CONSTANT_ENCAPSED_STRING), $tokens, $token_number + 4)) { + } else if (self::_token_matches(array(T_OBJECT_OPERATOR, "->"), $tokens, $token_number + 1) && + self::_token_matches(array(T_STRING), $tokens, $token_number + 2) && + in_array($tokens[$token_number + 2][1], + array("css", "script", "url")) && + self::_token_matches("(", $tokens, $token_number + 3) && + // Only allow constant strings here + self::_token_matches(array(T_CONSTANT_ENCAPSED_STRING), $tokens, $token_number + 4)) { - $method = $tokens[$token_number + 2][1]; - $frame->expr_append("->$method("); + $method = $tokens[$token_number + 2][1]; + $frame->expr_append("->$method("); - $token_number += 4; - $token = $tokens[$token_number]; + $token_number += 4; + $token = $tokens[$token_number]; $frame->is_safe_html(true); - } + } } - } else if ($frame && $token[0] == T_STRING) { - $frame->expr_append($token[1]); - // t() and t2() are special in that they're guaranteed to return a SafeString(). - if (in_array($token[1], array("t", "t2"))) { - if (self::_token_matches("(", $tokens, $token_number + 1)) { - $frame->is_safe_html(true); - $frame->expr_append("("); - - $token_number++; - $token = $tokens[$token_number]; - } - } else if ($token[1] == "SafeString") { - // Looking for SafeString::of(... - if (self::_token_matches(array(T_DOUBLE_COLON, "::"), $tokens, $token_number + 1) && - self::_token_matches(array(T_STRING), $tokens, $token_number + 2) && - in_array($tokens[$token_number + 2][1], array("of", "purify")) && - self::_token_matches("(", $tokens, $token_number + 3)) { + } else if ($frame && $token[0] == T_STRING) { + $frame->expr_append($token[1]); + // t() and t2() are special in that they're guaranteed to return a SafeString(). + if (in_array($token[1], array("t", "t2"))) { + if (self::_token_matches("(", $tokens, $token_number + 1)) { + $frame->is_safe_html(true); + $frame->expr_append("("); + + $token_number++; + $token = $tokens[$token_number]; + } + } else if ($token[1] == "SafeString") { + // Looking for SafeString::of(... + if (self::_token_matches(array(T_DOUBLE_COLON, "::"), $tokens, $token_number + 1) && + self::_token_matches(array(T_STRING), $tokens, $token_number + 2) && + in_array($tokens[$token_number + 2][1], array("of", "purify")) && + self::_token_matches("(", $tokens, $token_number + 3)) { // Not checking for of_safe_html(). We want such calls to be marked dirty (thus reviewed). - $frame->is_safe_html(true); - - $method = $tokens[$token_number + 2][1]; - $frame->expr_append("::$method("); - - $token_number += 3; - $token = $tokens[$token_number]; - } - } else if ($token[1] == "json_encode") { - if (self::_token_matches("(", $tokens, $token_number + 1)) { - $frame->is_safe_js(true); - $frame->expr_append("("); - - $token_number++; - $token = $tokens[$token_number]; - } - } else if ($token[1] == "url") { - // url methods return safe HTML - if (self::_token_matches(array(T_DOUBLE_COLON, "::"), $tokens, $token_number + 1) && - self::_token_matches(array(T_STRING), $tokens, $token_number + 2) && - in_array($tokens[$token_number + 2][1], - array("site", "current", "base", "file", "abs_site", "abs_current", - "abs_file", "merge")) && - self::_token_matches("(", $tokens, $token_number + 3)) { - $frame->is_safe_html(true); - - $method = $tokens[$token_number + 2][1]; - $frame->expr_append("::$method("); - - $token_number += 3; - $token = $tokens[$token_number]; - } - } else if ($token[1] == "html") { - if (self::_token_matches(array(T_DOUBLE_COLON, "::"), $tokens, $token_number + 1) && - self::_token_matches(array(T_STRING), $tokens, $token_number + 2) && - in_array($tokens[$token_number + 2][1], - array("clean", "purify", "js_string", "clean_attribute")) && - self::_token_matches("(", $tokens, $token_number + 3)) { + $frame->is_safe_html(true); + + $method = $tokens[$token_number + 2][1]; + $frame->expr_append("::$method("); + + $token_number += 3; + $token = $tokens[$token_number]; + } + } else if ($token[1] == "json_encode") { + if (self::_token_matches("(", $tokens, $token_number + 1)) { + $frame->is_safe_js(true); + $frame->expr_append("("); + + $token_number++; + $token = $tokens[$token_number]; + } + } else if ($token[1] == "url") { + // url methods return safe HTML + if (self::_token_matches(array(T_DOUBLE_COLON, "::"), $tokens, $token_number + 1) && + self::_token_matches(array(T_STRING), $tokens, $token_number + 2) && + in_array($tokens[$token_number + 2][1], + array("site", "current", "base", "file", "abs_site", "abs_current", + "abs_file", "merge")) && + self::_token_matches("(", $tokens, $token_number + 3)) { + $frame->is_safe_html(true); + + $method = $tokens[$token_number + 2][1]; + $frame->expr_append("::$method("); + + $token_number += 3; + $token = $tokens[$token_number]; + } + } else if ($token[1] == "html") { + if (self::_token_matches(array(T_DOUBLE_COLON, "::"), $tokens, $token_number + 1) && + self::_token_matches(array(T_STRING), $tokens, $token_number + 2) && + in_array($tokens[$token_number + 2][1], + array("clean", "purify", "js_string", "clean_attribute")) && + self::_token_matches("(", $tokens, $token_number + 3)) { // Not checking for mark_safe(). We want such calls to be marked dirty (thus reviewed). - $method = $tokens[$token_number + 2][1]; - $frame->expr_append("::$method("); + $method = $tokens[$token_number + 2][1]; + $frame->expr_append("::$method("); - $token_number += 3; - $token = $tokens[$token_number]; + $token_number += 3; + $token = $tokens[$token_number]; if ("js_string" == $method) { $frame->is_safe_js(true); } else { $frame->is_safe_html(true); } - } - } - } else if ($frame && $token[0] == T_OBJECT_OPERATOR) { - $frame->expr_append($token[1]); - - if (self::_token_matches(array(T_STRING), $tokens, $token_number + 1) && - in_array($tokens[$token_number + 1][1], - array("for_js", "for_html", "purified_html", "for_html_attr")) && - self::_token_matches("(", $tokens, $token_number + 2)) { - $method = $tokens[$token_number + 1][1]; - $frame->expr_append("$method("); - - $token_number += 2; - $token = $tokens[$token_number]; - - if ("for_js" == $method) { - $frame->is_safe_js(true); - } else { - $frame->is_safe_html(true); - } - } + } + } + } else if ($frame && $token[0] == T_OBJECT_OPERATOR) { + $frame->expr_append($token[1]); + + if (self::_token_matches(array(T_STRING), $tokens, $token_number + 1) && + in_array($tokens[$token_number + 1][1], + array("for_js", "for_html", "purified_html", "for_html_attr")) && + self::_token_matches("(", $tokens, $token_number + 2)) { + $method = $tokens[$token_number + 1][1]; + $frame->expr_append("$method("); + + $token_number += 2; + $token = $tokens[$token_number]; + + if ("for_js" == $method) { + $frame->is_safe_js(true); + } else { + $frame->is_safe_html(true); + } + } } else if ($frame) { - $frame->expr_append($token[1]); - } + $frame->expr_append($token[1]); + } } } @@ -252,26 +252,26 @@ class Xss_Security_Test extends Unit_Test_Case { ksort($found); foreach ($found as $view => $frames) { foreach ($frames as $frame) { - $state = "DIRTY"; - if ($frame->in_script_block()) { - $state = "DIRTY_JS"; - if ($frame->is_safe_js()) { - $state = "CLEAN"; - } - } else { - if ($frame->is_safe_html()) { - $state = "CLEAN"; - } - } - - if ("CLEAN" == $state) { - // Don't print CLEAN instances - No need to update the golden - // file when adding / moving clean instances. - continue; - } - - fprintf($fd, "%-60s %-3s %-8s %s\n", - $view, $frame->line(), $state, $frame->expr()); + $state = "DIRTY"; + if ($frame->in_script_block()) { + $state = "DIRTY_JS"; + if ($frame->is_safe_js()) { + $state = "CLEAN"; + } + } else { + if ($frame->is_safe_html()) { + $state = "CLEAN"; + } + } + + if ("CLEAN" == $state) { + // Don't print CLEAN instances - No need to update the golden + // file when adding / moving clean instances. + continue; + } + + fprintf($fd, "%-60s %-3s %-8s %s\n", + $view, $frame->line(), $state, $frame->expr()); } } fclose($fd); @@ -280,7 +280,7 @@ class Xss_Security_Test extends Unit_Test_Case { $canonical = MODPATH . "gallery/tests/xss_data.txt"; exec("diff $canonical $new", $output, $return_value); $this->assert_false( - $return_value, "XSS golden file mismatch. Output:\n" . implode("\n", $output) ); + $return_value, "XSS golden file mismatch. Output:\n" . implode("\n", $output) ); } private static function _create_frame($token, $in_script_block) { @@ -296,9 +296,9 @@ class Xss_Security_Test extends Unit_Test_Case { if (is_array($expected_token)) { for ($i = 0; $i < count($expected_token); $i++) { - if ($expected_token[$i] != $token[$i]) { - return false; - } + if ($expected_token[$i] != $token[$i]) { + return false; + } } return true; } else { diff --git a/modules/server_add/helpers/server_add_event.php b/modules/server_add/helpers/server_add_event.php index 6b21ec2e..b2d55153 100644 --- a/modules/server_add/helpers/server_add_event.php +++ b/modules/server_add/helpers/server_add_event.php @@ -35,7 +35,7 @@ class server_add_event_Core { // turn that into a dropdown if there are two different ways to add things. Do that in a // portable way for now. If we find ourselves duplicating this pattern, we should make an // API method for this. - $add_menu = $menu->get("add_menu"); + $add_menu = $menu->get("add_menu"); $add_menu->append(Menu::factory("dialog") ->id("server_add") ->label(t("Server add")) -- cgit v1.2.3 From bd52a85f98c321543fc1ad0bd06863efd19c7e89 Mon Sep 17 00:00:00 2001 From: Andy Staudacher Date: Sun, 30 Aug 2009 21:34:55 -0700 Subject: (mostly harmless) XSS fix in server add --- modules/server_add/views/server_add_tree.html.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'modules/server_add') diff --git a/modules/server_add/views/server_add_tree.html.php b/modules/server_add/views/server_add_tree.html.php index dbae42c5..def37b74 100644 --- a/modules/server_add/views/server_add_tree.html.php +++ b/modules/server_add/views/server_add_tree.html.php @@ -9,7 +9,7 @@
                        • - +
                            @@ -22,7 +22,7 @@ ondblclick="open_dir($(this).attr('file'))" - file=" '\\"')) ?>" + file="" > -- cgit v1.2.3 From 2bf9b8ee550a805605f862c392839e49ae42f89d Mon Sep 17 00:00:00 2001 From: Andy Staudacher Date: Sun, 30 Aug 2009 23:11:13 -0700 Subject: Fix double -> single quotes (::js_string returns a double-quotes delimited string) --- modules/server_add/views/server_add_tree.html.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/server_add') diff --git a/modules/server_add/views/server_add_tree.html.php b/modules/server_add/views/server_add_tree.html.php index def37b74..918fbdc7 100644 --- a/modules/server_add/views/server_add_tree.html.php +++ b/modules/server_add/views/server_add_tree.html.php @@ -9,7 +9,7 @@
                          • - +
                              -- cgit v1.2.3 From ddb84c84e16766c6b79bd7fea61532257e83ef8b Mon Sep 17 00:00:00 2001 From: Andy Staudacher Date: Mon, 31 Aug 2009 00:42:18 -0700 Subject: Rename mark_safe() to mark_clean() --- modules/akismet/helpers/akismet.php | 2 +- modules/digibug/views/admin_digibug.html.php | 2 +- modules/exif/helpers/exif.php | 2 +- modules/g2_import/views/admin_g2_import.html.php | 4 ++-- modules/gallery/controllers/admin_languages.php | 2 +- modules/gallery/helpers/MY_html.php | 6 +++--- modules/gallery/helpers/graphics.php | 2 +- modules/gallery/tests/Html_Helper_Test.php | 4 ++-- modules/gallery/tests/Xss_Security_Test.php | 2 +- modules/gallery/views/admin_block_welcome.html.php | 10 +++++----- modules/gallery/views/permissions_browse.html.php | 2 +- modules/gallery/views/upgrader.html.php | 2 +- modules/recaptcha/helpers/recaptcha.php | 2 +- modules/search/helpers/search.php | 2 +- modules/server_add/helpers/server_add.php | 2 +- modules/user/views/login.html.php | 2 +- modules/user/views/reset_password.html.php | 2 +- 17 files changed, 25 insertions(+), 25 deletions(-) (limited to 'modules/server_add') diff --git a/modules/akismet/helpers/akismet.php b/modules/akismet/helpers/akismet.php index 7cd598cd..acd5cb3e 100644 --- a/modules/akismet/helpers/akismet.php +++ b/modules/akismet/helpers/akismet.php @@ -94,7 +94,7 @@ class akismet_Core { if (empty($api_key)) { site_status::warning( t("Akismet is not quite ready! Please provide an API Key", - array("url" => html::mark_safe(url::site("admin/akismet")))), + array("url" => html::mark_clean(url::site("admin/akismet")))), "akismet_config"); } else { site_status::clear("akismet_config"); diff --git a/modules/digibug/views/admin_digibug.html.php b/modules/digibug/views/admin_digibug.html.php index c4956591..9a1838f7 100644 --- a/modules/digibug/views/admin_digibug.html.php +++ b/modules/digibug/views/admin_digibug.html.php @@ -16,7 +16,7 @@

                              register with Digibug and enter your Digibug id in the Advanced Settings page you can make money off of your photos!", array("signup_url" => "http://www.digibug.com/signup.php", - "advanced_settings_url" => html::mark_safe(url::site("admin/advanced_settings")))) ?> + "advanced_settings_url" => html::mark_clean(url::site("admin/advanced_settings")))) ?>

                    diff --git a/modules/exif/helpers/exif.php b/modules/exif/helpers/exif.php index 9a4dbeec..83540622 100644 --- a/modules/exif/helpers/exif.php +++ b/modules/exif/helpers/exif.php @@ -164,7 +164,7 @@ class exif_Core { if ($remaining) { site_status::warning( t('Your Exif index needs to be updated. Fix this now', - array("url" => html::mark_safe(url::site("admin/maintenance/start/exif_task::update_index?csrf=__CSRF__")))), + array("url" => html::mark_clean(url::site("admin/maintenance/start/exif_task::update_index?csrf=__CSRF__")))), "exif_index_out_of_date"); } } diff --git a/modules/g2_import/views/admin_g2_import.html.php b/modules/g2_import/views/admin_g2_import.html.php index fde3464b..23ff27a8 100644 --- a/modules/g2_import/views/admin_g2_import.html.php +++ b/modules/g2_import/views/admin_g2_import.html.php @@ -39,7 +39,7 @@ Using the same value will speed up your import.", array("g2_pixels" => $g2_sizes["thumb"]["size"], "g3_pixels" => $thumb_size, - "url" => html::mark_safe(url::site("admin/theme_options")))) ?> + "url" => html::mark_clean(url::site("admin/theme_options")))) ?> @@ -48,7 +48,7 @@ Using the same value will speed up your import.", array("g2_pixels" => $g2_sizes["resize"]["size"], "g3_pixels" => $resize_size, - "url" => html::mark_safe(url::site("admin/theme_options")))) ?> + "url" => html::mark_clean(url::site("admin/theme_options")))) ?>
                  diff --git a/modules/gallery/controllers/admin_languages.php b/modules/gallery/controllers/admin_languages.php index d85c47f9..894daedb 100644 --- a/modules/gallery/controllers/admin_languages.php +++ b/modules/gallery/controllers/admin_languages.php @@ -111,7 +111,7 @@ class Admin_Languages_Controller extends Admin_Controller { $group->input("api_key") ->label(empty($api_key) ? t("This is a unique key that will allow you to send translations to the remote server. To get your API key go to %server-link.", - array("server-link" => html::mark_safe(html::anchor($server_link)))) + array("server-link" => html::mark_clean(html::anchor($server_link)))) : t("API Key")) ->value($api_key) ->error_messages("invalid", t("The API key you provided is invalid.")); diff --git a/modules/gallery/helpers/MY_html.php b/modules/gallery/helpers/MY_html.php index 4522d01c..b29f287f 100644 --- a/modules/gallery/helpers/MY_html.php +++ b/modules/gallery/helpers/MY_html.php @@ -51,12 +51,12 @@ class html extends html_Core { * * Example:
                      *   // Parameters to t() are automatically escaped by default.
-   *   // If the parameter is marked as safe, it won't get escaped.
+   *   // If the parameter is marked as clean, it won't get escaped.
    *   t('Go there',
-   *     array("url" => html::mark_safe(url::current())))
+   *     array("url" => html::mark_clean(url::current())))
    *
                  */ - static function mark_safe($html) { + static function mark_clean($html) { return SafeString::of_safe_html($html); } diff --git a/modules/gallery/helpers/graphics.php b/modules/gallery/helpers/graphics.php index 787f8dc3..acbcb9b2 100644 --- a/modules/gallery/helpers/graphics.php +++ b/modules/gallery/helpers/graphics.php @@ -443,7 +443,7 @@ class graphics_Core { if (!module::get_var("gallery", "graphics_toolkit")) { site_status::warning( t("Graphics toolkit missing! Please choose a toolkit", - array("url" => html::mark_safe(url::site("admin/graphics")))), + array("url" => html::mark_clean(url::site("admin/graphics")))), "missing_graphics_toolkit"); } } diff --git a/modules/gallery/tests/Html_Helper_Test.php b/modules/gallery/tests/Html_Helper_Test.php index 3623705e..bfce6dcf 100644 --- a/modules/gallery/tests/Html_Helper_Test.php +++ b/modules/gallery/tests/Html_Helper_Test.php @@ -32,8 +32,8 @@ class Html_Helper_Test extends Unit_Test_Case { $this->assert_true($safe_string instanceof SafeString); } - public function mark_safe_test() { - $safe_string = html::mark_safe("hello

                  world

                  "); + public function mark_clean_test() { + $safe_string = html::mark_clean("hello

                  world

                  "); $this->assert_true($safe_string instanceof SafeString); $safe_string_2 = html::clean($safe_string); $this->assert_equal("hello

                  world

                  ", diff --git a/modules/gallery/tests/Xss_Security_Test.php b/modules/gallery/tests/Xss_Security_Test.php index ef36f6b7..0ba5a587 100644 --- a/modules/gallery/tests/Xss_Security_Test.php +++ b/modules/gallery/tests/Xss_Security_Test.php @@ -195,7 +195,7 @@ class Xss_Security_Test extends Unit_Test_Case { in_array($tokens[$token_number + 2][1], array("clean", "purify", "js_string", "clean_attribute")) && self::_token_matches("(", $tokens, $token_number + 3)) { - // Not checking for mark_safe(). We want such calls to be marked dirty (thus reviewed). + // Not checking for mark_clean(). We want such calls to be marked dirty (thus reviewed). $method = $tokens[$token_number + 2][1]; $frame->expr_append("::$method("); diff --git a/modules/gallery/views/admin_block_welcome.html.php b/modules/gallery/views/admin_block_welcome.html.php index 71ef4368..d8c96187 100644 --- a/modules/gallery/views/admin_block_welcome.html.php +++ b/modules/gallery/views/admin_block_welcome.html.php @@ -5,16 +5,16 @@
                  • graphics and language settings.", - array("graphics_url" => html::mark_safe(url::site("admin/graphics")), - "language_url" => html::mark_safe(url::site("admin/languages")))) ?> + array("graphics_url" => html::mark_clean(url::site("admin/graphics")), + "language_url" => html::mark_clean(url::site("admin/languages")))) ?>
                  • choose a theme, or customize the way it looks.", - array("theme_url" => html::mark_safe(url::site("admin/themes")), - "theme_options_url" => html::mark_safe(url::site("admin/theme_options")))) ?> + array("theme_url" => html::mark_clean(url::site("admin/themes")), + "theme_options_url" => html::mark_clean(url::site("admin/theme_options")))) ?>
                  • install modules to add cool features!", - array("modules_url" => html::mark_safe(url::site("admin/modules")))) ?> + array("modules_url" => html::mark_clean(url::site("admin/modules")))) ?>
                  diff --git a/modules/gallery/views/permissions_browse.html.php b/modules/gallery/views/permissions_browse.html.php index 231daa04..b9af9117 100644 --- a/modules/gallery/views/permissions_browse.html.php +++ b/modules/gallery/views/permissions_browse.html.php @@ -29,7 +29,7 @@
                  • mod_rewrite and set AllowOverride FileInfo Options to fix this.", - array("mod_rewrite_attrs" => html::mark_safe("href=\"http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html\" target=\"_blank\"", "apache_attrs" => "href=\"http://httpd.apache.org/docs/2.0/mod/core.html#allowoverride\" target=\"_blank\""))) ?> + array("mod_rewrite_attrs" => html::mark_clean("href=\"http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html\" target=\"_blank\"", "apache_attrs" => "href=\"http://httpd.apache.org/docs/2.0/mod/core.html#allowoverride\" target=\"_blank\""))) ?>
                  diff --git a/modules/gallery/views/upgrader.html.php b/modules/gallery/views/upgrader.html.php index de6ce0e7..04200920 100644 --- a/modules/gallery/views/upgrader.html.php +++ b/modules/gallery/views/upgrader.html.php @@ -18,7 +18,7 @@

                  Gallery is up to date.", - array("url" => html::mark_safe(url::site("albums/1")))) ?> + array("url" => html::mark_clean(url::site("albums/1")))) ?>

    diff --git a/modules/recaptcha/helpers/recaptcha.php b/modules/recaptcha/helpers/recaptcha.php index 5ac65661..bead6156 100644 --- a/modules/recaptcha/helpers/recaptcha.php +++ b/modules/recaptcha/helpers/recaptcha.php @@ -43,7 +43,7 @@ class recaptcha_Core { if (empty($public_key) || empty($private_key)) { site_status::warning( t("reCAPTCHA is not quite ready! Please configure the reCAPTCHA Keys", - array("url" => html::mark_safe(url::site("admin/recaptcha")))), + array("url" => html::mark_clean(url::site("admin/recaptcha")))), "recaptcha_config"); } else { site_status::clear("recaptcha_config"); diff --git a/modules/search/helpers/search.php b/modules/search/helpers/search.php index 5e23a04b..0080b4ce 100644 --- a/modules/search/helpers/search.php +++ b/modules/search/helpers/search.php @@ -58,7 +58,7 @@ class search_Core { if ($remaining) { site_status::warning( t('Your search index needs to be updated. Fix this now', - array("url" => html::mark_safe(url::site("admin/maintenance/start/search_task::update_index?csrf=__CSRF__")))), + array("url" => html::mark_clean(url::site("admin/maintenance/start/search_task::update_index?csrf=__CSRF__")))), "search_index_out_of_date"); } } diff --git a/modules/server_add/helpers/server_add.php b/modules/server_add/helpers/server_add.php index a84e1afd..27794855 100644 --- a/modules/server_add/helpers/server_add.php +++ b/modules/server_add/helpers/server_add.php @@ -25,7 +25,7 @@ class server_add_Core { if (empty($paths)) { site_status::warning( t("Server Add needs configuration. Configure it now!", - array("url" => html::mark_safe(url::site("admin/server_add")))), + array("url" => html::mark_clean(url::site("admin/server_add")))), "server_add_configuration"); } else { site_status::clear("server_add_configuration"); diff --git a/modules/user/views/login.html.php b/modules/user/views/login.html.php index dfd09661..27431ce8 100644 --- a/modules/user/views/login.html.php +++ b/modules/user/views/login.html.php @@ -8,7 +8,7 @@
  • - html::mark_safe( + html::mark_clean( 'id}") . '" title="' . t("Edit Your Profile")->for_html_attr() . '" id="gUserProfileLink" class="gDialogLink">' . diff --git a/modules/user/views/reset_password.html.php b/modules/user/views/reset_password.html.php index 4097bb82..92ca4917 100644 --- a/modules/user/views/reset_password.html.php +++ b/modules/user/views/reset_password.html.php @@ -10,7 +10,7 @@

    %site_url. If you made this request, you can confirm it by clicking this link. If you didn't request this password reset, it's ok to ignore this mail.", - array("site_url" => html::mark_safe(url::base(false, "http")), + array("site_url" => html::mark_clean(url::base(false, "http")), "confirm_url" => $confirm_url)) ?>

    -- cgit v1.2.3 From ac8c9d6670b5dc0b56e1acf7cb468d5fa846fc28 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sun, 6 Sep 2009 11:26:20 -0700 Subject: Fix indentation. --- modules/server_add/js/server_add.js | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'modules/server_add') diff --git a/modules/server_add/js/server_add.js b/modules/server_add/js/server_add.js index fbd61dcc..51ef41a7 100644 --- a/modules/server_add/js/server_add.js +++ b/modules/server_add/js/server_add.js @@ -24,9 +24,11 @@ function open_dir(path) { function start_add() { var paths = []; - $.each($("#gServerAdd span.selected"), function () { - paths.push($(this).attr("file")); - }); + $.each($("#gServerAdd span.selected"), + function () { + paths.push($(this).attr("file")); + } + ); $.ajax({ url: START_URL, -- cgit v1.2.3