name ?>

get_log()) ?>

get_log()) ?>

diff --git a/modules/gallery/views/after_install.html.php b/modules/gallery/views/after_install.html.php index e4842163..2cf8ec8f 100644 --- a/modules/gallery/views/after_install.html.php +++ b/modules/gallery/views/after_install.html.php @@ -8,7 +8,7 @@

- %user_name account. The very first thing you should do is to change your password to something that you'll remember.", array("user_name" => p::clean($user->name))) ?> + %user_name account. The very first thing you should do is to change your password to something that you'll remember.", array("user_name" => $user->name)) ?>

diff --git a/modules/gallery/views/move_tree.html.php b/modules/gallery/views/move_tree.html.php index 5f70cf67..7818a42a 100644 --- a/modules/gallery/views/move_tree.html.php +++ b/modules/gallery/views/move_tree.html.php @@ -1,18 +1,18 @@ thumb_img(array(), 25); ?> is_descendant($parent)): ?> - title) ?> + title) ?> - title) ?> + title) ?>

thumb_img(array(), 25); ?> is_descendant($child)): ?> - title) ?> + title) ?> - title) ?> + title) ?>

- title) ?> + title) ?>

diff --git a/modules/gallery/views/permissions_form.html.php b/modules/gallery/views/permissions_form.html.php index ee5e3a24..adc0496f 100644 --- a/modules/gallery/views/permissions_form.html.php +++ b/modules/gallery/views/permissions_form.html.php @@ -6,7 +6,7 @@ - name) ?> + name) ?> diff --git a/modules/gallery/views/simple_uploader.html.php b/modules/gallery/views/simple_uploader.html.php index 38ac518c..56e568f6 100644 --- a/modules/gallery/views/simple_uploader.html.php +++ b/modules/gallery/views/simple_uploader.html.php @@ -6,7 +6,7 @@ @@ -26,9 +26,9 @@

title) ?>
title) ?>
title) ?>
title) ?>

diff --git a/modules/info/views/info_block.html.php b/modules/info/views/info_block.html.php index f86ae39d..365a1021 100644 --- a/modules/info/views/info_block.html.php +++ b/modules/info/views/info_block.html.php @@ -2,18 +2,18 @@

- title) ?> + title) ?>
- description)) ?> + description)) ?>
- name) ?> + name) ?>
owner->url): ?> - owner->display_name()) ?> + owner->display_name()) ?> - owner->display_name()) ?> + owner->display_name()) ?>

<?= p::clean($subject) ?>

<?= SafeString::of($subject) ?>

<?= p::clean($subject) ?>

<?= SafeString::of($subject) ?>

	text)) ?>	text)) ?>
	author_name()) ?>	author_name()) ?>
	author_email()) ?>	author_email()) ?>
	author_url()) ?>	author_url()) ?>

	title) ?>	title) ?>

	description)) ?>	description)) ?>

<?= p::clean($subject) ?>

<?= SafeString::of($subject) ?>

<?= p::clean($subject) ?>

<?= SafeString::of($subject) ?>

p::purify($item->parent()->title))) ?> + array("title" => SafeString::purify($item->parent()->title))) ?>

title) ?>	title) ?>	title) ?>	title) ?>
description) ?>	description) ?>
description) ?>	description) ?>

id\">view

diff --git a/modules/organize/views/organize_album.html.php b/modules/organize/views/organize_album.html.php index ae2d5d51..4933ed32 100644 --- a/modules/organize/views/organize_album.html.php +++ b/modules/organize/views/organize_album.html.php @@ -7,7 +7,7 @@

gBranchText"> - title) ?> + title) ?>

"> diff --git a/modules/rss/views/feed.mrss.php b/modules/rss/views/feed.mrss.php index 447179a5..7298b7f4 100644 --- a/modules/rss/views/feed.mrss.php +++ b/modules/rss/views/feed.mrss.php @@ -6,9 +6,9 @@ xmlns:fh="http://purl.org/syndication/history/1.0"> gallery3 - <?= p::clean($feed->title) ?> + <?= SafeString::of($feed->title) ?> uri ?> - description) ?> + description) ?> en-us @@ -22,25 +22,25 @@ children as $child): ?> - <?= p::clean($child->title) ?> + <?= SafeString::of($child->title) ?> type}s/{$child->id}") ?> type}s/{$child->id}") ?> created); ?> description) ?> + description) ?>

type == "photo" || $child->type == "album"): ?>
type}s/{$child->id}") ?>">
- description) ?> + description) ?>

]]> diff --git a/modules/search/views/search.html.php b/modules/search/views/search.html.php index 6a222ef1..e5c7b4a6 100644 --- a/modules/search/views/search.html.php +++ b/modules/search/views/search.html.php @@ -8,10 +8,10 @@

- +
- " /> + for_html_attr() ?>" />

@@ -31,10 +31,10 @@ id") ?>"> thumb_img() ?>

- title) ?> + title) ?>

- description)) ?> + description)) ?>

@@ -44,7 +44,7 @@

- %term", array("term" => p::clean($q))) ?> + %term", array("term" => $q)) ?>

diff --git a/modules/server_add/controllers/admin_server_add.php b/modules/server_add/controllers/admin_server_add.php index 30109f42..fac2aa44 100644 --- a/modules/server_add/controllers/admin_server_add.php +++ b/modules/server_add/controllers/admin_server_add.php @@ -38,7 +38,7 @@ class Admin_Server_Add_Controller extends Admin_Controller { $path = $form->add_path->path->value; $paths[$path] = 1; module::set_var("server_add", "authorized_paths", serialize($paths)); - message::success(t("Added path %path", array("path" => p::clean($path)))); + message::success(t("Added path %path", array("path" => $path))); server_add::check_config($paths); url::redirect("admin/server_add"); } else { @@ -60,7 +60,7 @@ class Admin_Server_Add_Controller extends Admin_Controller { $paths = unserialize(module::get_var("server_add", "authorized_paths")); if (isset($paths[$path])) { unset($paths[$path]); - message::success(t("Removed path %path", array("path" => p::clean($path)))); + message::success(t("Removed path %path", array("path" => $path))); module::set_var("server_add", "authorized_paths", serialize($paths)); server_add::check_config($paths); } diff --git a/modules/server_add/views/server_add_tree.html.php b/modules/server_add/views/server_add_tree.html.php index 254a9da0..b68544ec 100644 --- a/modules/server_add/views/server_add_tree.html.php +++ b/modules/server_add/views/server_add_tree.html.php @@ -24,7 +24,7 @@ file="" > - + diff --git a/modules/server_add/views/server_add_tree_dialog.html.php b/modules/server_add/views/server_add_tree_dialog.html.php index 21952849..533cad04 100644 --- a/modules/server_add/views/server_add_tree_dialog.html.php +++ b/modules/server_add/views/server_add_tree_dialog.html.php @@ -5,17 +5,17 @@

- +

- title) ?> + title) ?>
- title) ?> + title) ?>

diff --git a/modules/tag/controllers/admin_tags.php b/modules/tag/controllers/admin_tags.php index dcdc16b9..f1b4ca3a 100644 --- a/modules/tag/controllers/admin_tags.php +++ b/modules/tag/controllers/admin_tags.php @@ -53,8 +53,8 @@ class Admin_Tags_Controller extends Admin_Controller { $name = $tag->name; Database::instance()->delete("items_tags", array("tag_id" => "$tag->id")); $tag->delete(); - message::success(t("Deleted tag %tag_name", array("tag_name" => p::clean($name)))); - log::success("tags", t("Deleted tag %tag_name", array("tag_name" => p::clean($name)))); + message::success(t("Deleted tag %tag_name", array("tag_name" => $name))); + log::success("tags", t("Deleted tag %tag_name", array("tag_name" => $name))); print json_encode( array("result" => "success", @@ -98,7 +98,7 @@ class Admin_Tags_Controller extends Admin_Controller { $tag->save(); $message = t("Renamed tag %old_name to %new_name", - array("old_name" => p::clean($old_name), "new_name" => p::clean($tag->name))); + array("old_name" => $old_name, "new_name" => $tag->name)); message::success($message); log::success("tags", $message); @@ -106,7 +106,7 @@ class Admin_Tags_Controller extends Admin_Controller { array("result" => "success", "location" => url::site("admin/tags"), "tag_id" => $tag->id, - "new_tagname" => p::clean($tag->name))); + "new_tagname" => SafeString::of($tag->name))); } else { print json_encode( array("result" => "error", diff --git a/modules/tag/helpers/tag_rss.php b/modules/tag/helpers/tag_rss.php index f94508cf..7194586d 100644 --- a/modules/tag/helpers/tag_rss.php +++ b/modules/tag/helpers/tag_rss.php @@ -22,7 +22,7 @@ class tag_rss_Core { static function available_feeds($item, $tag) { if ($tag) { $feeds["tag/tag/{$tag->id}"] = - t("Tag feed for %tag_name", array("tag_name" => p::clean($tag->name))); + t("Tag feed for %tag_name", array("tag_name" => $tag->name)); return $feeds; } return array(); diff --git a/modules/tag/views/admin_tags.html.php b/modules/tag/views/admin_tags.html.php index 7d201da7..5bd23112 100644 --- a/modules/tag/views/admin_tags.html.php +++ b/modules/tag/views/admin_tags.html.php @@ -47,7 +47,7 @@

- name) ?> + name) ?> (count ?>) id") ?>" class="gDialogLink delete-link gButtonLink"> diff --git a/modules/tag/views/tag_cloud.html.php b/modules/tag/views/tag_cloud.html.php index eba615fc..b4c6ae34 100644 --- a/modules/tag/views/tag_cloud.html.php +++ b/modules/tag/views/tag_cloud.html.php @@ -3,7 +3,7 @@

count ?> photos are tagged with - id") ?>">name) ?> + id") ?>">name) ?>

diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php index f87602b8..521f82fa 100644 --- a/modules/user/controllers/admin_users.php +++ b/modules/user/controllers/admin_users.php @@ -51,7 +51,7 @@ class Admin_Users_Controller extends Controller { $user->save(); module::event("user_add_form_admin_completed", $user, $form); - message::success(t("Created user %user_name", array("user_name" => p::clean($user->name)))); + message::success(t("Created user %user_name", array("user_name" => $user->name))); print json_encode(array("result" => "success")); } else { print json_encode(array("result" => "error", @@ -84,7 +84,7 @@ class Admin_Users_Controller extends Controller { "form" => $form->__toString())); } - $message = t("Deleted user %user_name", array("user_name" => p::clean($name))); + $message = t("Deleted user %user_name", array("user_name" => $name)); log::success("user", $message); message::success($message); print json_encode(array("result" => "success")); @@ -142,7 +142,7 @@ class Admin_Users_Controller extends Controller { $user->save(); module::event("user_edit_form_admin_completed", $user, $form); - message::success(t("Changed user %user_name", array("user_name" => p::clean($user->name)))); + message::success(t("Changed user %user_name", array("user_name" => $user->name))); print json_encode(array("result" => "success")); } else { print json_encode(array("result" => "error", @@ -204,7 +204,7 @@ class Admin_Users_Controller extends Controller { $group = group::create($new_name); $group->save(); message::success( - t("Created group %group_name", array("group_name" => p::clean($group->name)))); + t("Created group %group_name", array("group_name" => $group->name))); print json_encode(array("result" => "success")); } else { print json_encode(array("result" => "error", @@ -233,7 +233,7 @@ class Admin_Users_Controller extends Controller { "form" => $form->__toString())); } - $message = t("Deleted group %group_name", array("group_name" => p::clean($name))); + $message = t("Deleted group %group_name", array("group_name" => $name)); log::success("group", $message); message::success($message); print json_encode(array("result" => "success")); @@ -271,11 +271,11 @@ class Admin_Users_Controller extends Controller { $group->name = $form->edit_group->inputs["name"]->value; $group->save(); message::success( - t("Changed group %group_name", array("group_name" => p::clean($group->name)))); + t("Changed group %group_name", array("group_name" => $group->name))); print json_encode(array("result" => "success")); } else { message::error( - t("Failed to change group %group_name", array("group_name" => p::clean($group->name)))); + t("Failed to change group %group_name", array("group_name" => $group->name))); print json_encode(array("result" => "error", "form" => $form->__toString())); } diff --git a/modules/user/controllers/login.php b/modules/user/controllers/login.php index 4d901051..b81b17b2 100644 --- a/modules/user/controllers/login.php +++ b/modules/user/controllers/login.php @@ -63,7 +63,7 @@ class Login_Controller extends Controller { log::warning( "user", t("Failed login for %name", - array("name" => p::clean($form->login->inputs["name"]->value)))); + array("name" => $form->login->inputs["name"]->value))); $form->login->inputs["name"]->add_error("invalid_login", 1); $valid = false; } @@ -71,7 +71,7 @@ class Login_Controller extends Controller { if ($valid) { user::login($user); - log::info("user", t("User %name logged in", array("name" => p::clean($user->name)))); + log::info("user", t("User %name logged in", array("name" => $user->name))); } // Either way, regenerate the session id to avoid session trapping diff --git a/modules/user/controllers/logout.php b/modules/user/controllers/logout.php index 099b1952..4b141a1c 100644 --- a/modules/user/controllers/logout.php +++ b/modules/user/controllers/logout.php @@ -23,8 +23,8 @@ class Logout_Controller extends Controller { $user = user::active(); user::logout(); - log::info("user", t("User %name logged out", array("name" => p::clean($user->name))), - html::anchor("user/$user->id", p::clean($user->name))); + log::info("user", t("User %name logged out", array("name" => $user->name)), + html::anchor("user/$user->id", SafeString::of($user->name))); if ($continue_url = $this->input->get("continue")) { $item = url::get_item_from_uri($continue_url); if (access::can("view", $item)) { diff --git a/modules/user/controllers/password.php b/modules/user/controllers/password.php index 2af1b879..066efbba 100644 --- a/modules/user/controllers/password.php +++ b/modules/user/controllers/password.php @@ -74,7 +74,7 @@ class Password_Controller extends Controller { log::success( "user", - t("Password reset email sent for user %name", array("name" => p::clean($user->name)))); + t("Password reset email sent for user %name", array("name" => $user->name))); } else { // Don't include the username here until you're sure that it's XSS safe log::warning( diff --git a/modules/user/views/admin_users.html.php b/modules/user/views/admin_users.html.php index 542b8b8b..54c4847d 100644 --- a/modules/user/views/admin_users.html.php +++ b/modules/user/views/admin_users.html.php @@ -68,16 +68,16 @@

" title="" - alt="name) ?>" + alt="name) ?>" width="20" height="20" /> - name) ?> + name) ?> - full_name) ?> + full_name) ?> - email) ?> + email) ?> last_login == 0) ? "" : gallery::date($user->last_login) ?> diff --git a/modules/user/views/admin_users_group.html.php b/modules/user/views/admin_users_group.html.php index bfd79dba..f89a4392 100644 --- a/modules/user/views/admin_users_group.html.php +++ b/modules/user/views/admin_users_group.html.php @@ -1,9 +1,9 @@

- name) ?> + name) ?> special): ?> id") ?>" - title=" p::clean($group->name))) ?>" + title=" $group->name)) ?>" class="gDialogLink gButtonLink ui-state-default ui-corner-all"> @@ -17,12 +17,12 @@
users as $i => $user): ?>
- name) ?> + name) ?> special): ?> p::clean($user->name), "group" => p::clean($group->name))) ?>"> + array("user" => $user->name, "group" => $group->name)) ?>"> diff --git a/modules/user/views/login.html.php b/modules/user/views/login.html.php index 97341762..e92513e7 100644 --- a/modules/user/views/login.html.php +++ b/modules/user/views/login.html.php @@ -8,11 +8,11 @@

- SafeString::of( + SafeString::of_safe_html( 'id}") . - '" title="' . t("Edit Your Profile") . + '" title="' . t("Edit Your Profile")->for_html_attr() . '" id="gUserProfileLink" class="gDialogLink">' . - p::clean($user->display_name()) . '')->mark_html_safe())) ?> + SafeString::of($user->display_name()) . ''))) ?>

" diff --git a/modules/user/views/reset_password.html.php b/modules/user/views/reset_password.html.php index 4c4672ee..3dc7aebf 100644 --- a/modules/user/views/reset_password.html.php +++ b/modules/user/views/reset_password.html.php @@ -6,7 +6,7 @@

- p::clean($user->full_name ? $user->full_name : $user->name))) ?> + $user->full_name ? $user->full_name : $user->name)) ?>

%site_url. If you made this request, you can confirm it by clicking this link. If you didn't request this password reset, it's ok to ignore this mail.", array("site_url" => url::base(false, "http"), "confirm_url" => $confirm_url)) ?> diff --git a/system/helpers/request.php b/system/helpers/request.php index 4203d0e5..15b8edfa 100644 --- a/system/helpers/request.php +++ b/system/helpers/request.php @@ -30,7 +30,7 @@ class request_Core { // Set referrer $ref = $_SERVER['HTTP_REFERER']; - if (strpos($ref, url::base(FALSE)) === 0) + if (strpos($ref, (string) url::base(FALSE)) === 0) { // Remove the base URL from the referrer $ref = substr($ref, strlen(url::base(FALSE))); diff --git a/themes/default/views/album.html.php b/themes/default/views/album.html.php index c2f95731..ffb4b913 100644 --- a/themes/default/views/album.html.php +++ b/themes/default/views/album.html.php @@ -2,8 +2,8 @@
album_top() ?> -
title)->purified_html() ?>
-
description)->purified_html()) ?>
+
title) ?>
+
description)) ?>

diff --git a/themes/default/views/dynamic.html.php b/themes/default/views/dynamic.html.php index 2d122e69..2d8e04a2 100644 --- a/themes/default/views/dynamic.html.php +++ b/themes/default/views/dynamic.html.php @@ -3,7 +3,7 @@
dynamic_top() ?>
-
+

title) ?>

id}?show=$item->id") ?>"> - title) ?> + title) ?>
title) ?>
title) ?>

title) ?>

description)) ?>

title) ?>

description)) ?>

world

world<\\/p>", $string); } diff --git a/modules/gallery/tests/Xss_Security_Test.php b/modules/gallery/tests/Xss_Security_Test.php index 8e5f8354..16e5a856 100644 --- a/modules/gallery/tests/Xss_Security_Test.php +++ b/modules/gallery/tests/Xss_Security_Test.php @@ -151,7 +151,7 @@ class Xss_Security_Test extends Unit_Test_Case { if (self::_token_matches(array(T_DOUBLE_COLON, "::"), $tokens, $token_number + 1) && self::_token_matches(array(T_STRING), $tokens, $token_number + 2) && in_array($tokens[$token_number + 2][1], - array("clean", "purify", "escape_for_js", "clean_attribute_test")) && + array("clean", "purify", "clean_js", "clean_attribute")) && self::_token_matches("(", $tokens, $token_number + 3)) { // Not checking for mark_safe(). We want such calls to be marked dirty (thus reviewed). @@ -161,7 +161,7 @@ class Xss_Security_Test extends Unit_Test_Case { $token_number += 3; $token = $tokens[$token_number]; - if ("escape_for_js" == $method) { + if ("clean_js" == $method) { $frame->is_safe_js(true); } else { $frame->is_safe_html(true); diff --git a/modules/gallery/views/admin_advanced_settings.html.php b/modules/gallery/views/admin_advanced_settings.html.php index adc15b91..4235e8f8 100644 --- a/modules/gallery/views/admin_advanced_settings.html.php +++ b/modules/gallery/views/admin_advanced_settings.html.php @@ -20,13 +20,13 @@ module_name == "gallery" && $var->name == "_cache") continue ?> module_name ?> - name) ?> + name) ?> - module_name/" . SafeString::of($var->name)) ?>" + module_name/" . html::clean($var->name)) ?>" class="gDialogLink" title=" $var->name, "module_name" => $var->module_name)) ?>"> value): ?> - value) ?> + value) ?> diff --git a/modules/gallery/views/admin_block_log_entries.html.php b/modules/gallery/views/admin_block_log_entries.html.php index b7afb22d..780ff2d0 100644 --- a/modules/gallery/views/admin_block_log_entries.html.php +++ b/modules/gallery/views/admin_block_log_entries.html.php @@ -2,7 +2,7 @@

- user_id") ?>">user->name) ?> + user_id") ?>">user->name) ?> timestamp) ?> message ?> html ?> diff --git a/modules/gallery/views/admin_block_photo_stream.html.php b/modules/gallery/views/admin_block_photo_stream.html.php index 732bdc38..a50836ad 100644 --- a/modules/gallery/views/admin_block_photo_stream.html.php +++ b/modules/gallery/views/admin_block_photo_stream.html.php @@ -2,9 +2,9 @@
- - id") ?>" title="title) ?>"> + id") ?>" title="title) ?>"> width, $photo->height, 72) ?> - src="thumb_url() ?>" alt="title) ?>" /> + src="thumb_url() ?>" alt="title) ?>" />

"> +

\ No newline at end of file -- cgit v1.2.3 From fa1d32e6466d8c6ffe77d163e2da9c71688a3c61 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Fri, 24 Jul 2009 11:24:43 -0700 Subject: Partial implementation of ticket #80. Provide auto complete and suggestions on the tag add form in the tag sidebar block. Updated the xss golden file as well. Still to do figure out how toget it into the edit popup dialog --- modules/gallery/tests/xss_data.txt | 4 ++-- modules/tag/controllers/tags.php | 17 +++++++++++++++++ modules/tag/helpers/tag.php | 2 +- modules/tag/helpers/tag_theme.php | 2 ++ modules/tag/js/tag.js | 15 +++++++++++++++ modules/tag/views/tag_block.html.php | 10 ++++++++++ 6 files changed, 47 insertions(+), 3 deletions(-) (limited to 'modules/tag/views') diff --git a/modules/gallery/tests/xss_data.txt b/modules/gallery/tests/xss_data.txt index 5a05d4ef..981bf31e 100644 --- a/modules/gallery/tests/xss_data.txt +++ b/modules/gallery/tests/xss_data.txt @@ -442,8 +442,8 @@ modules/tag/views/admin_tags.html.php 50 DIRTY $tag->id modules/tag/views/admin_tags.html.php 50 $tag->name modules/tag/views/admin_tags.html.php 51 DIRTY $tag->count modules/tag/views/admin_tags.html.php 52 DIRTY $tag->id -modules/tag/views/tag_block.html.php 3 DIRTY $cloud -modules/tag/views/tag_block.html.php 5 DIRTY $form +modules/tag/views/tag_block.html.php 13 DIRTY $cloud +modules/tag/views/tag_block.html.php 15 DIRTY $form modules/tag/views/tag_cloud.html.php 4 DIRTY $tag->count modules/tag/views/tag_cloud.html.php 4 DIRTY $max_count modules/tag/views/tag_cloud.html.php 5 DIRTY $tag->count diff --git a/modules/tag/controllers/tags.php b/modules/tag/controllers/tags.php index 5dd07935..a600ea1a 100644 --- a/modules/tag/controllers/tags.php +++ b/modules/tag/controllers/tags.php @@ -78,4 +78,21 @@ class Tags_Controller extends REST_Controller { return tag::get_add_form($item); } + + public function autocomplete() { + $tags = array(); + $tag_parts = preg_split("#[,\s;]+# ", $this->input->get("q")); + $limit = $this->input->get("limit"); + $tag_part = end($tag_parts); + $tag_list = ORM::factory("tag") + ->like("name", "{$tag_part}%", false) + ->orderby("name", "ASC") + ->limit($limit) + ->find_all(); + foreach ($tag_list as $tag) { + $tags[] = $tag->name; + } + + print implode("\n", $tags); + } } diff --git a/modules/tag/helpers/tag.php b/modules/tag/helpers/tag.php index 5efa6a19..be5461a4 100644 --- a/modules/tag/helpers/tag.php +++ b/modules/tag/helpers/tag.php @@ -104,7 +104,7 @@ class tag_Core { ($item->is_photo() ? t("Add tag to photo") : t("Add tag to movie")); $group = $form->group("add_tag")->label("Add Tag"); - $group->input("name")->label($label)->rules("required|length[1,64]"); + $group->input("name")->label($label)->rules("required"); $group->hidden("item_id")->value($item->id); $group->submit("")->value(t("Add Tag")); return $form; diff --git a/modules/tag/helpers/tag_theme.php b/modules/tag/helpers/tag_theme.php index d46a91e9..1bce9bd8 100644 --- a/modules/tag/helpers/tag_theme.php +++ b/modules/tag/helpers/tag_theme.php @@ -19,6 +19,8 @@ */ class tag_theme_Core { static function head($theme) { + $theme->css("jquery.autocomplete.css"); + $theme->script("jquery.autocomplete.js"); $theme->script("tag.js"); } diff --git a/modules/tag/js/tag.js b/modules/tag/js/tag.js index a5aaa3f8..282da1ea 100644 --- a/modules/tag/js/tag.js +++ b/modules/tag/js/tag.js @@ -66,3 +66,18 @@ function editInPlace(element) { }; ajaxify_editInPlaceForm(); } + +function formatTagAutoCompleteResult(row) { + var text = $("#gAddTagForm input:text").val(); + if (/[\s,;]/.test(text)) { + for (var i= text.length - 1; i >= 0; i--) { + var chr = text.charAt(i); + if (chr == " " || chr == "," || chr == ";") { + break; + } + } + return text.substr(0, i + 1) + row[0]; + } else { + return row[0]; + } +} diff --git a/modules/tag/views/tag_block.html.php b/modules/tag/views/tag_block.html.php index 12c90857..233eb361 100644 --- a/modules/tag/views/tag_block.html.php +++ b/modules/tag/views/tag_block.html.php @@ -1,4 +1,14 @@ +

-- cgit v1.2.3 From 975a5ded7b6cc11ce55f2a9bbaa43d4897687b37 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Tue, 28 Jul 2009 09:04:55 +0800 Subject: Clean up amd simplify the tag processing: Only allow comma separators between phrases. Using only 1 separator cleans up the javascript as well, as we can use some of the jquery autocomplete to set the tag separator. Signed-off-by: Tim Almdal --- modules/tag/controllers/tags.php | 2 +- modules/tag/helpers/tag_event.php | 6 +++++- modules/tag/js/tag.js | 15 --------------- modules/tag/views/tag_block.html.php | 4 +++- 4 files changed, 9 insertions(+), 18 deletions(-) (limited to 'modules/tag/views') diff --git a/modules/tag/controllers/tags.php b/modules/tag/controllers/tags.php index 69178925..c993e374 100644 --- a/modules/tag/controllers/tags.php +++ b/modules/tag/controllers/tags.php @@ -81,7 +81,7 @@ class Tags_Controller extends REST_Controller { public function autocomplete() { $tags = array(); - $tag_parts = preg_split("#[,\s]+# ", $this->input->get("q")); + $tag_parts = preg_split("#,#", $this->input->get("q")); $limit = $this->input->get("limit"); $tag_part = end($tag_parts); $tag_list = ORM::factory("tag") diff --git a/modules/tag/helpers/tag_event.php b/modules/tag/helpers/tag_event.php index 7becf36f..0cb49ffa 100644 --- a/modules/tag/helpers/tag_event.php +++ b/modules/tag/helpers/tag_event.php @@ -68,7 +68,11 @@ class tag_event_Core { $url = url::site("tags/autocomplete"); $view->script[] = "$('#gEditFormContainer form').ready(function() { $('#gEditFormContainer form input[id=tags]').autocomplete( - '$url', {max: 30, formatResult: formatTagAutoCompleteResult} + '$url', + {max: 30, + multiple: true, + multipleSeparator: ',', + cacheLength: 1} ); });"; $tag_value = implode(", ", tag::item_tags($item)); diff --git a/modules/tag/js/tag.js b/modules/tag/js/tag.js index bbf44166..a5aaa3f8 100644 --- a/modules/tag/js/tag.js +++ b/modules/tag/js/tag.js @@ -66,18 +66,3 @@ function editInPlace(element) { }; ajaxify_editInPlaceForm(); } - -function formatTagAutoCompleteResult(row) { - var text = $(".ac_loading").val(); - if (/[\s,;]/.test(text)) { - for (var i= text.length - 1; i >= 0; i--) { - var chr = text.charAt(i); - if (chr == " " || chr == "," || chr == ";") { - break; - } - } - return text.substr(0, i + 1) + row[0]; - } else { - return row[0]; - } -} diff --git a/modules/tag/views/tag_block.html.php b/modules/tag/views/tag_block.html.php index 233eb361..59a4ef88 100644 --- a/modules/tag/views/tag_block.html.php +++ b/modules/tag/views/tag_block.html.php @@ -5,7 +5,9 @@ $("#gAddTagForm input:text").autocomplete( url, { max: 30, - formatResult: formatTagAutoCompleteResult} + multiple: true, + multipleSeparator: ',', + cacheLength: 1} ); }); -- cgit v1.2.3 From c01ac42c4604b3b129e8089e0dc683ebd418b380 Mon Sep 17 00:00:00 2001 From: Andy Staudacher Date: Sat, 29 Aug 2009 12:48:40 -0700 Subject: Refactor all calls of p::clean() to SafeString::of() and p::purify() to SafeString::purify(). Removing any p::clean() calls for arguments to t() and t2() since their args are wrapped in a SafeString anyway. --- modules/comment/controllers/comments.php | 8 +++--- modules/comment/helpers/comment_rss.php | 8 +++--- .../views/admin_block_recent_comments.html.php | 6 ++--- modules/comment/views/admin_comments.html.php | 10 ++++---- modules/comment/views/comment.html.php | 6 ++--- modules/comment/views/comment.mrss.php | 12 ++++----- modules/comment/views/comments.html.php | 6 ++--- modules/digibug/controllers/digibug.php | 2 +- modules/exif/views/exif_dialog.html.php | 4 +-- modules/g2_import/helpers/g2_import.php | 2 +- .../controllers/admin_advanced_settings.php | 2 +- modules/gallery/controllers/movies.php | 2 +- modules/gallery/controllers/photos.php | 2 +- modules/gallery/controllers/quick.php | 10 ++++---- modules/gallery/helpers/gallery_rss.php | 4 +-- modules/gallery/helpers/gallery_task.php | 4 +-- modules/gallery/helpers/p.php | 29 ---------------------- .../gallery/views/admin_advanced_settings.html.php | 8 +++--- .../gallery/views/admin_block_log_entries.html.php | 2 +- .../views/admin_block_photo_stream.html.php | 4 +-- modules/gallery/views/admin_maintenance.html.php | 2 +- .../views/admin_maintenance_show_log.html.php | 2 +- modules/gallery/views/after_install.html.php | 2 +- modules/gallery/views/move_tree.html.php | 8 +++--- modules/gallery/views/permissions_browse.html.php | 4 +-- modules/gallery/views/permissions_form.html.php | 2 +- modules/gallery/views/simple_uploader.html.php | 6 ++--- modules/info/views/info_block.html.php | 10 ++++---- .../notification/views/comment_published.html.php | 12 ++++----- modules/notification/views/item_added.html.php | 8 +++--- modules/notification/views/item_deleted.html.php | 6 ++--- modules/notification/views/item_updated.html.php | 12 ++++----- modules/organize/controllers/organize.php | 10 ++++---- modules/organize/views/organize.html.php | 2 +- modules/organize/views/organize_album.html.php | 2 +- modules/rss/views/feed.mrss.php | 14 +++++------ modules/search/views/search.html.php | 10 ++++---- .../server_add/controllers/admin_server_add.php | 4 +-- modules/server_add/views/server_add_tree.html.php | 2 +- .../views/server_add_tree_dialog.html.php | 6 ++--- modules/tag/controllers/admin_tags.php | 8 +++--- modules/tag/helpers/tag_rss.php | 2 +- modules/tag/views/admin_tags.html.php | 2 +- modules/tag/views/tag_cloud.html.php | 2 +- modules/user/controllers/admin_users.php | 14 +++++------ modules/user/controllers/login.php | 4 +-- modules/user/controllers/logout.php | 4 +-- modules/user/controllers/password.php | 2 +- modules/user/views/admin_users.html.php | 8 +++--- modules/user/views/admin_users_group.html.php | 8 +++--- modules/user/views/login.html.php | 6 ++--- modules/user/views/reset_password.html.php | 2 +- system/helpers/request.php | 2 +- themes/default/views/album.html.php | 4 +-- themes/default/views/dynamic.html.php | 4 +-- themes/default/views/header.html.php | 4 +-- themes/default/views/movie.html.php | 4 +-- themes/default/views/page.html.php | 8 +++--- themes/default/views/photo.html.php | 4 +-- 59 files changed, 159 insertions(+), 188 deletions(-) delete mode 100644 modules/gallery/helpers/p.php (limited to 'modules/tag/views') diff --git a/modules/comment/controllers/comments.php b/modules/comment/controllers/comments.php index 9fb4796e..87633f4c 100644 --- a/modules/comment/controllers/comments.php +++ b/modules/comment/controllers/comments.php @@ -39,9 +39,9 @@ class Comments_Controller extends REST_Controller { foreach ($comments as $comment) { $data[] = array( "id" => $comment->id, - "author_name" => p::clean($comment->author_name()), + "author_name" => SafeString::of($comment->author_name()), "created" => $comment->created, - "text" => nl2br(p::purify($comment->text))); + "text" => nl2br(SafeString::purify($comment->text))); } print json_encode($data); break; @@ -126,9 +126,9 @@ class Comments_Controller extends REST_Controller { array("result" => "success", "data" => array( "id" => $comment->id, - "author_name" => p::clean($comment->author_name()), + "author_name" => SafeString::of($comment->author_name()), "created" => $comment->created, - "text" => nl2br(p::purify($comment->text))))); + "text" => nl2br(SafeString::purify($comment->text))))); } else { $view = new Theme_View("comment.html", "fragment"); $view->comment = $comment; diff --git a/modules/comment/helpers/comment_rss.php b/modules/comment/helpers/comment_rss.php index ab3d2283..d0f15010 100644 --- a/modules/comment/helpers/comment_rss.php +++ b/modules/comment/helpers/comment_rss.php @@ -23,7 +23,7 @@ class comment_rss_Core { $feeds["comment/newest"] = t("All new comments"); if ($item) { $feeds["comment/item/$item->id"] = - t("Comments on %title", array("title" => p::purify($item->title))); + t("Comments on %title", array("title" => SafeString::purify($item->title))); } return $feeds; } @@ -53,13 +53,13 @@ class comment_rss_Core { $item = $comment->item(); $feed->children[] = new ArrayObject( array("pub_date" => date("D, d M Y H:i:s T", $comment->created), - "text" => nl2br(p::purify($comment->text)), + "text" => nl2br(SafeString::purify($comment->text)), "thumb_url" => $item->thumb_url(), "thumb_height" => $item->thumb_height, "thumb_width" => $item->thumb_width, "item_uri" => url::abs_site("{$item->type}s/$item->id"), - "title" => p::purify($item->title), - "author" => p::clean($comment->author_name())), + "title" => SafeString::purify($item->title), + "author" => SafeString::of($comment->author_name())), ArrayObject::ARRAY_AS_PROPS); } diff --git a/modules/comment/views/admin_block_recent_comments.html.php b/modules/comment/views/admin_block_recent_comments.html.php index 516a8181..2c7a5cf1 100644 --- a/modules/comment/views/admin_block_recent_comments.html.php +++ b/modules/comment/views/admin_block_recent_comments.html.php @@ -4,13 +4,13 @@

" class="gAvatar" - alt="author_name()) ?>" + alt="author_name()) ?>" width="32" height="32" /> created) ?> %author_name said %comment_text', - array("author_name" => p::clean($comment->author_name()), - "comment_text" => text::limit_words(nl2br(p::purify($comment->text)), 50))); ?> + array("author_name" => SafeString::of($comment->author_name()), + "comment_text" => text::limit_words(nl2br(SafeString::purify($comment->text)), 50))); ?>

diff --git a/modules/comment/views/admin_comments.html.php b/modules/comment/views/admin_comments.html.php index 9fe7164b..b27e3166 100644 --- a/modules/comment/views/admin_comments.html.php +++ b/modules/comment/views/admin_comments.html.php @@ -108,12 +108,12 @@

" class="gAvatar" - alt="author_name()) ?>" + alt="author_name()) ?>" width="40" height="40" /> -

author_name()) ?>

@@ -122,7 +122,7 @@ has_thumb()): ?> <?= p::purify($item->title) ?>

thumb_width, $item->thumb_height, 75) ?> /> @@ -132,7 +132,7 @@

name ?>

p::purify($item->title))) ?>

SafeString::purify($item->title))) ?>

title)->purified_html() ?>

title) ?>

title) ?>

title) ?>

title) ?>

title) ?>

SafeString::purify($album->title))) ?>

html::purify($album->title))) ?>

SafeString::purify($item->title))) ?>

html::purify($item->title))) ?>

title) ?>

title) ?>

title) ?>

title) ?>

title) ?>

title) ?>

title) ?>

title) ?>

-- cgit v1.2.3

name ?>

p::purify($item->title))) ?>

SafeString::purify($item->title))) ?>

title)->purified_html() ?>

title) ?>

title) ?>

title) ?>

title) ?>

title) ?>

SafeString::purify($album->title))) ?>

html::purify($album->title))) ?>

SafeString::purify($item->title))) ?>

html::purify($item->title))) ?>

- name) ?> + name) ?> special): ?> id") ?>" title=" $group->name)) ?>" @@ -17,7 +17,7 @@ users as $i => $user): ?>

title) ?>

title) ?>

title) ?>

title) ?>

title) ?>

title) ?>

title) ?>

title) ?>

-- cgit v1.2.3