From 1fbdf1a1e00a176686b051bb932d998ad683b2be Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Thu, 23 Jul 2009 10:33:04 -0700
Subject: Add form processing events:  user_add_form_admin            admin
 adding a user  user_edit_form_admin           admin editing a user 
 user_add_form_admin_completed  successfully added a user (admin) 
 user_edit_form                 user editing their own settings 
 user_edit_form_completed       successfully edited a user (admin and user
 editing own settings)

---
 modules/user/controllers/admin_users.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'modules/user/controllers/admin_users.php')

diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php
index b5dc6cb5..0a0086ff 100644
--- a/modules/user/controllers/admin_users.php
+++ b/modules/user/controllers/admin_users.php
@@ -48,8 +48,10 @@ class Admin_Users_Controller extends Controller {
         $desired_locale = $form->add_user->locale->value;
         $user->locale = $desired_locale == "none" ? null : $desired_locale;
       }
-
       $user->save();
+
+      module::event("user_add_form_admin_completed", $user, $form);
+
       message::success(t("Created user %user_name", array("user_name" => p::clean($user->name))));
       print json_encode(array("result" => "success"));
     } else {
-- 
cgit v1.2.3


From 00cd2b646d535e48a21b0b7ceff028ad1bdc2c28 Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Sat, 25 Jul 2009 15:00:57 -0700
Subject: fix for ticket #574. The user->url database wasn't being set when the
 user was updated via the admin panel.

---
 modules/user/controllers/admin_users.php | 1 +
 1 file changed, 1 insertion(+)

(limited to 'modules/user/controllers/admin_users.php')

diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php
index 0a0086ff..043a4ee5 100644
--- a/modules/user/controllers/admin_users.php
+++ b/modules/user/controllers/admin_users.php
@@ -130,6 +130,7 @@ class Admin_Users_Controller extends Controller {
         $user->password = $form->edit_user->password->value;
       }
       $user->email = $form->edit_user->email->value;
+      $user->url = $form->edit_user->url->value;
       if ($form->edit_user->locale) {
         $desired_locale = $form->edit_user->locale->value;
         $user->locale = $desired_locale == "none" ? null : $desired_locale;
-- 
cgit v1.2.3


From 67d4ae21d5f7363f54782c23d2a7ff1d9e9f0505 Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Wed, 29 Jul 2009 17:43:12 -0700
Subject: Clean up user form events.  Thanks to Ben Smith (glooper).

---
 modules/user/controllers/admin_users.php |  2 +-
 modules/user/helpers/user.php            | 11 ++++++-----
 2 files changed, 7 insertions(+), 6 deletions(-)

(limited to 'modules/user/controllers/admin_users.php')

diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php
index 043a4ee5..f87602b8 100644
--- a/modules/user/controllers/admin_users.php
+++ b/modules/user/controllers/admin_users.php
@@ -49,7 +49,6 @@ class Admin_Users_Controller extends Controller {
         $user->locale = $desired_locale == "none" ? null : $desired_locale;
       }
       $user->save();
-
       module::event("user_add_form_admin_completed", $user, $form);
 
       message::success(t("Created user %user_name", array("user_name" => p::clean($user->name))));
@@ -141,6 +140,7 @@ class Admin_Users_Controller extends Controller {
         $user->admin = $form->edit_user->admin->checked;
       }
       $user->save();
+      module::event("user_edit_form_admin_completed", $user, $form);
 
       message::success(t("Changed user %user_name", array("user_name" => p::clean($user->name))));
       print json_encode(array("result" => "success"));
diff --git a/modules/user/helpers/user.php b/modules/user/helpers/user.php
index b1722a1e..69a6ecb3 100644
--- a/modules/user/helpers/user.php
+++ b/modules/user/helpers/user.php
@@ -34,15 +34,16 @@ class user_Core {
       ->matches($group->password);
     $group->input("email")->label(t("Email"))->id("gEmail")->value($user->email);
     $group->input("url")->label(t("URL"))->id("gUrl")->value($user->url);
-    $group->submit("")->value(t("Save"));
     $form->add_rules_from($user);
 
     module::event("user_edit_form", $user, $form);
+    $group->submit("")->value(t("Save"));
     return $form;
   }
 
   static function get_edit_form_admin($user) {
-    $form = new Forge("admin/users/edit_user/$user->id", "", "post", array("id" => "gEditUserForm"));
+    $form = new Forge(
+      "admin/users/edit_user/$user->id", "", "post", array("id" => "gEditUserForm"));
     $group = $form->group("edit_user")->label(t("Edit User"));
     $group->input("name")->label(t("Username"))->id("gUsername")->value($user->name);
     $group->inputs["name"]->error_messages(
@@ -55,11 +56,11 @@ class user_Core {
     $group->input("email")->label(t("Email"))->id("gEmail")->value($user->email);
     $group->input("url")->label(t("URL"))->id("gUrl")->value($user->url);
     $group->checkbox("admin")->label(t("Admin"))->id("gAdmin")->checked($user->admin);
-    $group->submit("")->value(t("Modify User"));
     $form->add_rules_from($user);
     $form->edit_user->password->rules("-required");
 
     module::event("user_edit_form_admin", $user, $form);
+    $group->submit("")->value(t("Modify User"));
     return $form;
   }
 
@@ -76,11 +77,11 @@ class user_Core {
     $group->input("url")->label(t("URL"))->id("gUrl");
     self::_add_locale_dropdown($group);
     $group->checkbox("admin")->label(t("Admin"))->id("gAdmin");
-    $group->submit("")->value(t("Add User"));
     $user = ORM::factory("user");
     $form->add_rules_from($user);
 
-    module::event("user_add_form_admin", $user);
+    module::event("user_add_form_admin", $user, $form);
+    $group->submit("")->value(t("Add User"));
     return $form;
   }
 
-- 
cgit v1.2.3


From c01ac42c4604b3b129e8089e0dc683ebd418b380 Mon Sep 17 00:00:00 2001
From: Andy Staudacher <andy.st@gmail.com>
Date: Sat, 29 Aug 2009 12:48:40 -0700
Subject: Refactor all calls of p::clean() to SafeString::of() and p::purify()
 to SafeString::purify().

Removing any p::clean() calls for arguments to t() and t2() since their args are wrapped in a SafeString anyway.
---
 modules/comment/controllers/comments.php           |  8 +++---
 modules/comment/helpers/comment_rss.php            |  8 +++---
 .../views/admin_block_recent_comments.html.php     |  6 ++---
 modules/comment/views/admin_comments.html.php      | 10 ++++----
 modules/comment/views/comment.html.php             |  6 ++---
 modules/comment/views/comment.mrss.php             | 12 ++++-----
 modules/comment/views/comments.html.php            |  6 ++---
 modules/digibug/controllers/digibug.php            |  2 +-
 modules/exif/views/exif_dialog.html.php            |  4 +--
 modules/g2_import/helpers/g2_import.php            |  2 +-
 .../controllers/admin_advanced_settings.php        |  2 +-
 modules/gallery/controllers/movies.php             |  2 +-
 modules/gallery/controllers/photos.php             |  2 +-
 modules/gallery/controllers/quick.php              | 10 ++++----
 modules/gallery/helpers/gallery_rss.php            |  4 +--
 modules/gallery/helpers/gallery_task.php           |  4 +--
 modules/gallery/helpers/p.php                      | 29 ----------------------
 .../gallery/views/admin_advanced_settings.html.php |  8 +++---
 .../gallery/views/admin_block_log_entries.html.php |  2 +-
 .../views/admin_block_photo_stream.html.php        |  4 +--
 modules/gallery/views/admin_maintenance.html.php   |  2 +-
 .../views/admin_maintenance_show_log.html.php      |  2 +-
 modules/gallery/views/after_install.html.php       |  2 +-
 modules/gallery/views/move_tree.html.php           |  8 +++---
 modules/gallery/views/permissions_browse.html.php  |  4 +--
 modules/gallery/views/permissions_form.html.php    |  2 +-
 modules/gallery/views/simple_uploader.html.php     |  6 ++---
 modules/info/views/info_block.html.php             | 10 ++++----
 .../notification/views/comment_published.html.php  | 12 ++++-----
 modules/notification/views/item_added.html.php     |  8 +++---
 modules/notification/views/item_deleted.html.php   |  6 ++---
 modules/notification/views/item_updated.html.php   | 12 ++++-----
 modules/organize/controllers/organize.php          | 10 ++++----
 modules/organize/views/organize.html.php           |  2 +-
 modules/organize/views/organize_album.html.php     |  2 +-
 modules/rss/views/feed.mrss.php                    | 14 +++++------
 modules/search/views/search.html.php               | 10 ++++----
 .../server_add/controllers/admin_server_add.php    |  4 +--
 modules/server_add/views/server_add_tree.html.php  |  2 +-
 .../views/server_add_tree_dialog.html.php          |  6 ++---
 modules/tag/controllers/admin_tags.php             |  8 +++---
 modules/tag/helpers/tag_rss.php                    |  2 +-
 modules/tag/views/admin_tags.html.php              |  2 +-
 modules/tag/views/tag_cloud.html.php               |  2 +-
 modules/user/controllers/admin_users.php           | 14 +++++------
 modules/user/controllers/login.php                 |  4 +--
 modules/user/controllers/logout.php                |  4 +--
 modules/user/controllers/password.php              |  2 +-
 modules/user/views/admin_users.html.php            |  8 +++---
 modules/user/views/admin_users_group.html.php      |  8 +++---
 modules/user/views/login.html.php                  |  6 ++---
 modules/user/views/reset_password.html.php         |  2 +-
 system/helpers/request.php                         |  2 +-
 themes/default/views/album.html.php                |  4 +--
 themes/default/views/dynamic.html.php              |  4 +--
 themes/default/views/header.html.php               |  4 +--
 themes/default/views/movie.html.php                |  4 +--
 themes/default/views/page.html.php                 |  8 +++---
 themes/default/views/photo.html.php                |  4 +--
 59 files changed, 159 insertions(+), 188 deletions(-)
 delete mode 100644 modules/gallery/helpers/p.php

(limited to 'modules/user/controllers/admin_users.php')

diff --git a/modules/comment/controllers/comments.php b/modules/comment/controllers/comments.php
index 9fb4796e..87633f4c 100644
--- a/modules/comment/controllers/comments.php
+++ b/modules/comment/controllers/comments.php
@@ -39,9 +39,9 @@ class Comments_Controller extends REST_Controller {
       foreach ($comments as $comment) {
         $data[] = array(
           "id" => $comment->id,
-          "author_name" => p::clean($comment->author_name()),
+          "author_name" => SafeString::of($comment->author_name()),
           "created" => $comment->created,
-          "text" => nl2br(p::purify($comment->text)));
+          "text" => nl2br(SafeString::purify($comment->text)));
       }
       print json_encode($data);
       break;
@@ -126,9 +126,9 @@ class Comments_Controller extends REST_Controller {
         array("result" => "success",
               "data" => array(
                 "id" => $comment->id,
-                "author_name" => p::clean($comment->author_name()),
+                "author_name" => SafeString::of($comment->author_name()),
                 "created" => $comment->created,
-                "text" => nl2br(p::purify($comment->text)))));
+                "text" => nl2br(SafeString::purify($comment->text)))));
     } else {
       $view = new Theme_View("comment.html", "fragment");
       $view->comment = $comment;
diff --git a/modules/comment/helpers/comment_rss.php b/modules/comment/helpers/comment_rss.php
index ab3d2283..d0f15010 100644
--- a/modules/comment/helpers/comment_rss.php
+++ b/modules/comment/helpers/comment_rss.php
@@ -23,7 +23,7 @@ class comment_rss_Core {
     $feeds["comment/newest"] = t("All new comments");
     if ($item) {
       $feeds["comment/item/$item->id"] =
-        t("Comments on %title", array("title" => p::purify($item->title)));
+        t("Comments on %title", array("title" => SafeString::purify($item->title)));
     }
     return $feeds;
   }
@@ -53,13 +53,13 @@ class comment_rss_Core {
         $item = $comment->item();
         $feed->children[] = new ArrayObject(
           array("pub_date" => date("D, d M Y H:i:s T", $comment->created),
-                "text" => nl2br(p::purify($comment->text)),
+                "text" => nl2br(SafeString::purify($comment->text)),
                 "thumb_url" => $item->thumb_url(),
                 "thumb_height" => $item->thumb_height,
                 "thumb_width" => $item->thumb_width,
                 "item_uri" => url::abs_site("{$item->type}s/$item->id"),
-                "title" => p::purify($item->title),
-                "author" => p::clean($comment->author_name())),
+                "title" => SafeString::purify($item->title),
+                "author" => SafeString::of($comment->author_name())),
           ArrayObject::ARRAY_AS_PROPS);
       }
 
diff --git a/modules/comment/views/admin_block_recent_comments.html.php b/modules/comment/views/admin_block_recent_comments.html.php
index 516a8181..2c7a5cf1 100644
--- a/modules/comment/views/admin_block_recent_comments.html.php
+++ b/modules/comment/views/admin_block_recent_comments.html.php
@@ -4,13 +4,13 @@
   <li class="<?= ($i % 2 == 0) ? "gEvenRow" : "gOddRow" ?>">
     <img src="<?= $comment->author()->avatar_url(32, $theme->url("images/avatar.jpg", true)) ?>"
          class="gAvatar"
-         alt="<?= p::clean($comment->author_name()) ?>"
+         alt="<?= SafeString::of($comment->author_name()) ?>"
          width="32"
          height="32" />
     <?= gallery::date_time($comment->created) ?>
     <?= t('<a href="#">%author_name</a> said <em>%comment_text</em>',
-          array("author_name" => p::clean($comment->author_name()),
-                "comment_text" => text::limit_words(nl2br(p::purify($comment->text)), 50))); ?>
+          array("author_name" => SafeString::of($comment->author_name()),
+                "comment_text" => text::limit_words(nl2br(SafeString::purify($comment->text)), 50))); ?>
   </li>
   <? endforeach ?>
 </ul>
diff --git a/modules/comment/views/admin_comments.html.php b/modules/comment/views/admin_comments.html.php
index 9fe7164b..b27e3166 100644
--- a/modules/comment/views/admin_comments.html.php
+++ b/modules/comment/views/admin_comments.html.php
@@ -108,12 +108,12 @@
         <a href="#">
           <img src="<?= $comment->author()->avatar_url(40, $theme->url("images/avatar.jpg", true)) ?>"
                class="gAvatar"
-               alt="<?= p::clean($comment->author_name()) ?>"
+               alt="<?= SafeString::of($comment->author_name()) ?>"
                width="40"
                height="40" />
         </a>
-        <p><a href="mailto:<?= p::clean($comment->author_email()) ?>"
-              title="<?= p::clean($comment->author_email()) ?>"> <?= p::clean($comment->author_name()) ?> </a></p>
+        <p><a href="mailto:<?= SafeString::of($comment->author_email()) ?>"
+              title="<?= SafeString::of($comment->author_email()) ?>"> <?= SafeString::of($comment->author_name()) ?> </a></p>
       </td>
       <td>
         <div class="right">
@@ -122,7 +122,7 @@
             <a href="<?= $item->url() ?>">
               <? if ($item->has_thumb()): ?>
               <img src="<?= $item->thumb_url() ?>"
-                 alt="<?= p::purify($item->title) ?>"
+                 alt="<?= SafeString::purify($item->title) ?>"
                  <?= photo::img_dimensions($item->thumb_width, $item->thumb_height, 75) ?>
               />
               <? else: ?>
@@ -132,7 +132,7 @@
           </div>
         </div>
         <p><?= gallery::date($comment->created) ?></p>
-           <?= nl2br(p::purify($comment->text)) ?>
+           <?= nl2br(SafeString::purify($comment->text)) ?>
       </td>
       <td>
         <ul class="gButtonSetVertical">
diff --git a/modules/comment/views/comment.html.php b/modules/comment/views/comment.html.php
index 3d17411c..31bb7f4d 100644
--- a/modules/comment/views/comment.html.php
+++ b/modules/comment/views/comment.html.php
@@ -4,15 +4,15 @@
     <a href="#">
       <img src="<?= $comment->author()->avatar_url(40, $theme->url("images/avatar.jpg", true)) ?>"
            class="gAvatar"
-           alt="<?= p::clean($comment->author_name()) ?>"
+           alt="<?= SafeString::of($comment->author_name()) ?>"
            width="40"
            height="40" />
     </a>
     <?= t("on %date_time, %author_name said",
           array("date_time" => gallery::date_time($comment->created),
-                "author_name" => p::clean($comment->author_name()))) ?>
+                "author_name" => SafeString::of($comment->author_name()))) ?>
   </p>
   <div>
-  <?= nl2br(p::purify($comment->text)) ?>
+  <?= nl2br(SafeString::purify($comment->text)) ?>
   </div>
 </li>
diff --git a/modules/comment/views/comment.mrss.php b/modules/comment/views/comment.mrss.php
index 2b5b13c1..ae7762d9 100644
--- a/modules/comment/views/comment.mrss.php
+++ b/modules/comment/views/comment.mrss.php
@@ -6,9 +6,9 @@
    xmlns:fh="http://purl.org/syndication/history/1.0">
   <channel>
     <generator>Gallery 3</generator>
-    <title><?= p::clean($feed->title) ?></title>
+    <title><?= SafeString::of($feed->title) ?></title>
     <link><?= $feed->uri ?></link>
-    <description><?= p::clean($feed->description) ?></description>
+    <description><?= SafeString::of($feed->description) ?></description>
     <language>en-us</language>
     <atom:link rel="self" href="<?= $feed->uri ?>" type="application/rss+xml" />
     <fh:complete/>
@@ -22,14 +22,14 @@
     <lastBuildDate><?= $pub_date ?></lastBuildDate>
     <? foreach ($feed->children as $child): ?>
     <item>
-      <title><?= p::purify($child->title) ?></title>
-      <link><?= p::clean($child->item_uri) ?></link>
-      <author><?= p::clean($child->author) ?></author>
+      <title><?= SafeString::purify($child->title) ?></title>
+      <link><?= SafeString::of($child->item_uri) ?></link>
+      <author><?= SafeString::of($child->author) ?></author>
       <guid isPermaLink="true"><?= $child->item_uri ?></guid>
       <pubDate><?= $child->pub_date ?></pubDate>
       <content:encoded>
         <![CDATA[
-          <p><?= nl2br(p::purify($child->text)) ?></p>
+          <p><?= nl2br(SafeString::purify($child->text)) ?></p>
           <p>
             <img alt="" src="<?= $child->thumb_url ?>"
                  height="<?= $child->thumb_height ?>" width="<?= $child->thumb_width ?>" />
diff --git a/modules/comment/views/comments.html.php b/modules/comment/views/comments.html.php
index f7251389..7941b7da 100644
--- a/modules/comment/views/comments.html.php
+++ b/modules/comment/views/comments.html.php
@@ -12,16 +12,16 @@
       <a href="#">
         <img src="<?= $comment->author()->avatar_url(40, $theme->url("images/avatar.jpg", true)) ?>"
              class="gAvatar"
-             alt="<?= p::clean($comment->author_name()) ?>"
+             alt="<?= SafeString::of($comment->author_name()) ?>"
              width="40"
              height="40" />
       </a>
       <?= t('on %date <a href="#">%name</a> said',
             array("date" => date("Y-M-d H:i:s", $comment->created),
-                  "name" => p::clean($comment->author_name()))); ?>
+                  "name" => SafeString::of($comment->author_name()))); ?>
     </p>
     <div>
-      <?= nl2br(p::purify($comment->text)) ?>
+      <?= nl2br(SafeString::purify($comment->text)) ?>
     </div>
   </li>
   <? endforeach ?>
diff --git a/modules/digibug/controllers/digibug.php b/modules/digibug/controllers/digibug.php
index e0f4b6bf..509a8b70 100644
--- a/modules/digibug/controllers/digibug.php
+++ b/modules/digibug/controllers/digibug.php
@@ -50,7 +50,7 @@ class Digibug_Controller extends Controller {
       "image_width_1" => $item->width,
       "thumb_height_1" => $item->thumb_height,
       "thumb_width_1" => $item->thumb_width,
-      "title_1" => p::purify($item->title));
+      "title_1" => SafeString::purify($item->title));
 
     print $v;
   }
diff --git a/modules/exif/views/exif_dialog.html.php b/modules/exif/views/exif_dialog.html.php
index 6494b2b0..a981ca09 100644
--- a/modules/exif/views/exif_dialog.html.php
+++ b/modules/exif/views/exif_dialog.html.php
@@ -14,14 +14,14 @@
          <?= $details[$i]["caption"] ?>
          </td>
          <td class="gOdd">
-         <?= p::clean($details[$i]["value"]) ?>
+         <?= SafeString::of($details[$i]["value"]) ?>
          </td>
          <? if (!empty($details[++$i])): ?>
            <td class="gEven">
            <?= $details[$i]["caption"] ?>
            </td>
            <td class="gOdd">
-           <?= p::clean($details[$i]["value"]) ?>
+           <?= SafeString::of($details[$i]["value"]) ?>
            </td>
          <? else: ?>
            <td class="gEven"></td><td class="gOdd"></td>
diff --git a/modules/g2_import/helpers/g2_import.php b/modules/g2_import/helpers/g2_import.php
index 436cef52..a01ca1db 100644
--- a/modules/g2_import/helpers/g2_import.php
+++ b/modules/g2_import/helpers/g2_import.php
@@ -590,7 +590,7 @@ class g2_import_Core {
     self::map($g2_comment->getId(), $comment->id);
     return t("Imported comment '%comment' for item with id: %id",
              array("id" => $comment->item_id,
-                   "comment" => text::limit_words(nl2br(p::purify($comment->text)), 50)));
+                   "comment" => text::limit_words(nl2br(SafeString::purify($comment->text)), 50)));
   }
 
   /**
diff --git a/modules/gallery/controllers/admin_advanced_settings.php b/modules/gallery/controllers/admin_advanced_settings.php
index 64007fdb..d727b654 100644
--- a/modules/gallery/controllers/admin_advanced_settings.php
+++ b/modules/gallery/controllers/admin_advanced_settings.php
@@ -46,7 +46,7 @@ class Admin_Advanced_Settings_Controller extends Admin_Controller {
     module::set_var($module_name, $var_name, Input::instance()->post("value"));
     message::success(
       t("Saved value for %var (%module_name)",
-        array("var" => p::clean($var_name), "module_name" => $module_name)));
+        array("var" => SafeString::of($var_name), "module_name" => $module_name)));
 
     print json_encode(array("result" => "success"));
   }
diff --git a/modules/gallery/controllers/movies.php b/modules/gallery/controllers/movies.php
index c8227d74..09b16759 100644
--- a/modules/gallery/controllers/movies.php
+++ b/modules/gallery/controllers/movies.php
@@ -93,7 +93,7 @@ class Movies_Controller extends Items_Controller {
 
       log::success("content", "Updated photo", "<a href=\"photos/$photo->id\">view</a>");
       message::success(
-        t("Saved photo %photo_title", array("photo_title" => p::clean($photo->title))));
+        t("Saved photo %photo_title", array("photo_title" => $photo->title)));
 
       print json_encode(
         array("result" => "success",
diff --git a/modules/gallery/controllers/photos.php b/modules/gallery/controllers/photos.php
index 8ee24da8..3447b4c6 100644
--- a/modules/gallery/controllers/photos.php
+++ b/modules/gallery/controllers/photos.php
@@ -86,7 +86,7 @@ class Photos_Controller extends Items_Controller {
 
       log::success("content", "Updated photo", "<a href=\"photos/$photo->id\">view</a>");
       message::success(
-        t("Saved photo %photo_title", array("photo_title" => p::clean($photo->title))));
+        t("Saved photo %photo_title", array("photo_title" => $photo->title)));
 
       print json_encode(
         array("result" => "success",
diff --git a/modules/gallery/controllers/quick.php b/modules/gallery/controllers/quick.php
index de027c1b..98a5bf9f 100644
--- a/modules/gallery/controllers/quick.php
+++ b/modules/gallery/controllers/quick.php
@@ -89,7 +89,7 @@ class Quick_Controller extends Controller {
     access::required("view", $item->parent());
     access::required("edit", $item->parent());
 
-    $msg = t("Made <b>%title</b> this album's cover", array("title" => p::purify($item->title)));
+    $msg = t("Made <b>%title</b> this album's cover", array("title" => SafeString::purify($item->title)));
 
     item::make_album_cover($item);
     message::success($msg);
@@ -105,10 +105,10 @@ class Quick_Controller extends Controller {
     if ($item->is_album()) {
       print t(
         "Delete the album <b>%title</b>? All photos and movies in the album will also be deleted.",
-        array("title" => p::purify($item->title)));
+        array("title" => SafeString::purify($item->title)));
     } else {
       print t("Are you sure you want to delete <b>%title</b>?",
-              array("title" => p::purify($item->title)));
+              array("title" => SafeString::purify($item->title)));
     }
 
     $form = item::get_delete_form($item);
@@ -122,9 +122,9 @@ class Quick_Controller extends Controller {
     access::required("edit", $item);
 
     if ($item->is_album()) {
-      $msg = t("Deleted album <b>%title</b>", array("title" => p::purify($item->title)));
+      $msg = t("Deleted album <b>%title</b>", array("title" => SafeString::purify($item->title)));
     } else {
-      $msg = t("Deleted photo <b>%title</b>", array("title" => p::purify($item->title)));
+      $msg = t("Deleted photo <b>%title</b>", array("title" => SafeString::purify($item->title)));
     }
 
     $parent = $item->parent();
diff --git a/modules/gallery/helpers/gallery_rss.php b/modules/gallery/helpers/gallery_rss.php
index 7daf6170..be555296 100644
--- a/modules/gallery/helpers/gallery_rss.php
+++ b/modules/gallery/helpers/gallery_rss.php
@@ -52,9 +52,9 @@ class gallery_rss_Core {
         ->viewable()
         ->descendants($limit, $offset, "photo");
       $feed->max_pages = ceil($item->viewable()->descendants_count("photo") / $limit);
-      $feed->title = p::purify($item->title);
+      $feed->title = SafeString::purify($item->title);
       $feed->link = url::abs_site("albums/{$item->id}");
-      $feed->description = nl2br(p::purify($item->description));
+      $feed->description = nl2br(SafeString::purify($item->description));
 
       return $feed;
     }
diff --git a/modules/gallery/helpers/gallery_task.php b/modules/gallery/helpers/gallery_task.php
index 9edc3acd..8c0e8aa8 100644
--- a/modules/gallery/helpers/gallery_task.php
+++ b/modules/gallery/helpers/gallery_task.php
@@ -64,10 +64,10 @@ class gallery_task_Core {
           if (!$success) {
             $ignored[$item->id] = 1;
             $errors[] = t("Unable to rebuild images for '%title'",
-                          array("title" => p::purify($item->title)));
+                          array("title" => SafeString::purify($item->title)));
           } else {
             $errors[] = t("Successfully rebuilt images for '%title'",
-                          array("title" => p::purify($item->title)));
+                          array("title" => SafeString::purify($item->title)));
           }
         }
 
diff --git a/modules/gallery/helpers/p.php b/modules/gallery/helpers/p.php
deleted file mode 100644
index e852c086..00000000
--- a/modules/gallery/helpers/p.php
+++ /dev/null
@@ -1,29 +0,0 @@
-<?php defined("SYSPATH") or die("No direct script access.");
-/**
- * Gallery - a web based photo album viewer and editor
- * Copyright (C) 2000-2009 Bharat Mediratta
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or (at
- * your option) any later version.
- *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
- */
-class p_Core {
-  static function clean($dirty_html) {
-    return new SafeString($dirty_html);
-  }
-
-  // Deprecated: Please use p::clean($var).purified_html()
-  static function purify($dirty_html) {
-    return SafeString::of($dirty_html)->purified_html();
-  }
-}
diff --git a/modules/gallery/views/admin_advanced_settings.html.php b/modules/gallery/views/admin_advanced_settings.html.php
index b37c1c73..adc15b91 100644
--- a/modules/gallery/views/admin_advanced_settings.html.php
+++ b/modules/gallery/views/admin_advanced_settings.html.php
@@ -20,13 +20,13 @@
     <? if ($var->module_name == "gallery" && $var->name == "_cache") continue ?>
     <tr class="setting">
       <td> <?= $var->module_name ?> </td>
-      <td> <?= p::clean($var->name) ?> </td>
+      <td> <?= SafeString::of($var->name) ?> </td>
       <td>
-        <a href="<?= url::site("admin/advanced_settings/edit/$var->module_name/" . p::clean($var->name)) ?>"
+        <a href="<?= url::site("admin/advanced_settings/edit/$var->module_name/" . SafeString::of($var->name)) ?>"
           class="gDialogLink"
-          title="<?= t("Edit %var (%module_name)", array("var" => p::clean($var->name), "module_name" => $var->module_name)) ?>">
+          title="<?= t("Edit %var (%module_name)", array("var" => $var->name, "module_name" => $var->module_name)) ?>">
           <? if ($var->value): ?>
-          <?= p::clean($var->value) ?>
+          <?= SafeString::of($var->value) ?>
           <? else: ?>
           <i> <?= t("empty") ?> </i>
           <? endif ?>
diff --git a/modules/gallery/views/admin_block_log_entries.html.php b/modules/gallery/views/admin_block_log_entries.html.php
index 44c1657f..b7afb22d 100644
--- a/modules/gallery/views/admin_block_log_entries.html.php
+++ b/modules/gallery/views/admin_block_log_entries.html.php
@@ -2,7 +2,7 @@
 <ul>
   <? foreach ($entries as $entry): ?>
   <li class="<?= log::severity_class($entry->severity) ?>" style="direction: ltr">
-    <a href="<?= url::site("user/$entry->user_id") ?>"><?= p::clean($entry->user->name) ?></a>
+    <a href="<?= url::site("user/$entry->user_id") ?>"><?= SafeString::of($entry->user->name) ?></a>
     <?= gallery::date_time($entry->timestamp) ?>
     <?= $entry->message ?>
     <?= $entry->html ?>
diff --git a/modules/gallery/views/admin_block_photo_stream.html.php b/modules/gallery/views/admin_block_photo_stream.html.php
index 1e1329d1..732bdc38 100644
--- a/modules/gallery/views/admin_block_photo_stream.html.php
+++ b/modules/gallery/views/admin_block_photo_stream.html.php
@@ -2,9 +2,9 @@
 <ul>
 <? foreach ($photos as $photo): ?>
   <li class="gItem gPhoto">
-    <a href="<?= url::site("photos/$photo->id") ?>" title="<?= p::clean($photo->title) ?>">
+    <a href="<?= url::site("photos/$photo->id") ?>" title="<?= SafeString::of($photo->title) ?>">
       <img <?= photo::img_dimensions($photo->width, $photo->height, 72) ?>
-        src="<?= $photo->thumb_url() ?>" alt="<?= p::clean($photo->title) ?>" />
+        src="<?= $photo->thumb_url() ?>" alt="<?= SafeString::of($photo->title) ?>" />
     </a>
   </li>
 <? endforeach ?>
diff --git a/modules/gallery/views/admin_maintenance.html.php b/modules/gallery/views/admin_maintenance.html.php
index 450eb754..a4db38ce 100644
--- a/modules/gallery/views/admin_maintenance.html.php
+++ b/modules/gallery/views/admin_maintenance.html.php
@@ -90,7 +90,7 @@
           <?= $task->status ?>
         </td>
         <td>
-          <?= p::clean($task->owner()->name) ?>
+          <?= SafeString::of($task->owner()->name) ?>
         </td>
         <td>
           <? if ($task->state == "stalled"): ?>
diff --git a/modules/gallery/views/admin_maintenance_show_log.html.php b/modules/gallery/views/admin_maintenance_show_log.html.php
index 9d850986..209aef03 100644
--- a/modules/gallery/views/admin_maintenance_show_log.html.php
+++ b/modules/gallery/views/admin_maintenance_show_log.html.php
@@ -12,7 +12,7 @@ appendTo('body').submit().remove();
 <div id="gTaskLogDialog">
   <h1> <?= $task->name ?> </h1>
   <div class="gTaskLog">
-    <pre><?= p::purify($task->get_log()) ?></pre>
+    <pre><?= SafeString::purify($task->get_log()) ?></pre>
   </div>
   <button id="gCloseButton" class="ui-state-default ui-corner-all" onclick="dismiss()"><?= t("Close") ?></button>
   <button id="gSaveButton" class="ui-state-default ui-corner-all" onclick="download()"><?= t("Save") ?></button>
diff --git a/modules/gallery/views/after_install.html.php b/modules/gallery/views/after_install.html.php
index e4842163..2cf8ec8f 100644
--- a/modules/gallery/views/after_install.html.php
+++ b/modules/gallery/views/after_install.html.php
@@ -8,7 +8,7 @@
 </p>
 
 <p>
-  <?= t("You're logged in to the <b>%user_name</b> account.  The very first thing you should do is to change your password to something that you'll remember.", array("user_name" => p::clean($user->name))) ?>
+  <?= t("You're logged in to the <b>%user_name</b> account.  The very first thing you should do is to change your password to something that you'll remember.", array("user_name" => $user->name)) ?>
 </p>
 
 <p>
diff --git a/modules/gallery/views/move_tree.html.php b/modules/gallery/views/move_tree.html.php
index 5f70cf67..7818a42a 100644
--- a/modules/gallery/views/move_tree.html.php
+++ b/modules/gallery/views/move_tree.html.php
@@ -1,18 +1,18 @@
 <?php defined("SYSPATH") or die("No direct script access.") ?>
 <?= $parent->thumb_img(array(), 25); ?>
 <? if (!access::can("edit", $parent) || $source->is_descendant($parent)): ?>
-<a href="javascript:load_tree('<?= $parent->id ?>',1)"> <?= p::clean($parent->title) ?> <?= t("(locked)") ?> </a>
+<a href="javascript:load_tree('<?= $parent->id ?>',1)"> <?= SafeString::of($parent->title) ?> <?= t("(locked)") ?> </a>
 <? else: ?>
-<a href="javascript:load_tree('<?= $parent->id ?>',0)"> <?= p::clean($parent->title) ?></a>
+<a href="javascript:load_tree('<?= $parent->id ?>',0)"> <?= SafeString::of($parent->title) ?></a>
 <? endif ?>
 <ul id="tree_<?= $parent->id ?>">
   <? foreach ($children as $child): ?>
   <li id="node_<?= $child->id ?>" class="node">
     <?= $child->thumb_img(array(), 25); ?>
     <? if (!access::can("edit", $child) || $source->is_descendant($child)): ?>
-    <a href="javascript:load_tree('<?= $child->id ?>',1)"> <?= p::clean($child->title) ?> <?= t("(locked)") ?></a>
+    <a href="javascript:load_tree('<?= $child->id ?>',1)"> <?= SafeString::of($child->title) ?> <?= t("(locked)") ?></a>
     <? else: ?>
-    <a href="javascript:load_tree('<?= $child->id ?>',0)"> <?= p::clean($child->title) ?> </a>
+    <a href="javascript:load_tree('<?= $child->id ?>',0)"> <?= SafeString::of($child->title) ?> </a>
     <? endif ?>
   </li>
   <? endforeach ?>
diff --git a/modules/gallery/views/permissions_browse.html.php b/modules/gallery/views/permissions_browse.html.php
index 888a27f7..9ea0da25 100644
--- a/modules/gallery/views/permissions_browse.html.php
+++ b/modules/gallery/views/permissions_browse.html.php
@@ -35,14 +35,14 @@
     <? foreach ($parents as $parent): ?>
     <li>
       <a href="javascript:show(<?= $parent->id ?>)">
-        <?= p::clean($parent->title) ?>
+        <?= SafeString::of($parent->title) ?>
       </a>
       <div class="form" id="edit-<?= $parent->id ?>"></div>
       <ul>
         <? endforeach ?>
         <li>
           <a href="javascript:show(<?= $item->id ?>)">
-            <?= p::purify($item->title) ?>
+            <?= SafeString::purify($item->title) ?>
           </a>
           <div class="form" id="edit-<?= $item->id ?>">
             <?= $form ?>
diff --git a/modules/gallery/views/permissions_form.html.php b/modules/gallery/views/permissions_form.html.php
index ee5e3a24..adc0496f 100644
--- a/modules/gallery/views/permissions_form.html.php
+++ b/modules/gallery/views/permissions_form.html.php
@@ -6,7 +6,7 @@
     <tr>
       <th> </th>
       <? foreach ($groups as $group): ?>
-      <th> <?= p::clean($group->name) ?> </th>
+      <th> <?= SafeString::of($group->name) ?> </th>
       <? endforeach ?>
     </tr>
 
diff --git a/modules/gallery/views/simple_uploader.html.php b/modules/gallery/views/simple_uploader.html.php
index 38ac518c..56e568f6 100644
--- a/modules/gallery/views/simple_uploader.html.php
+++ b/modules/gallery/views/simple_uploader.html.php
@@ -6,7 +6,7 @@
 <!-- hack to set the title for the dialog -->
 <form id="gAddPhotosForm" action="<?= url::site("simple_uploader/finish?csrf=$csrf") ?>">
   <fieldset>
-    <legend> <?= t("Add photos to %album_title", array("album_title" => p::purify($item->title))) ?> </legend>
+    <legend> <?= t("Add photos to %album_title", array("album_title" => SafeString::purify($item->title))) ?> </legend>
   </fieldset>
 </form>
 
@@ -26,9 +26,9 @@
   </p>
   <ul class="gBreadcrumbs">
     <? foreach ($item->parents() as $parent): ?>
-    <li> <?= p::clean($parent->title) ?> </li>
+    <li> <?= SafeString::of($parent->title) ?> </li>
     <? endforeach ?>
-    <li class="active"> <?= p::purify($item->title) ?> </li>
+    <li class="active"> <?= SafeString::purify($item->title) ?> </li>
   </ul>
 
   <p>
diff --git a/modules/info/views/info_block.html.php b/modules/info/views/info_block.html.php
index f86ae39d..365a1021 100644
--- a/modules/info/views/info_block.html.php
+++ b/modules/info/views/info_block.html.php
@@ -2,18 +2,18 @@
 <ul class="gMetadata">
   <li>
     <strong class="caption"><?= t("Title:") ?></strong>
-    <?= p::purify($item->title) ?>
+    <?= SafeString::purify($item->title) ?>
   </li>
   <? if ($item->description): ?>
   <li>
     <strong class="caption"><?= t("Description:") ?></strong>
-     <?= nl2br(p::purify($item->description)) ?>
+     <?= nl2br(SafeString::purify($item->description)) ?>
   </li>
   <? endif ?>
   <? if ($item->id != 1): ?>
   <li>
     <strong class="caption"><?= t("Folder name:") ?></strong>
-    <?= p::clean($item->name) ?>
+    <?= SafeString::of($item->name) ?>
   </li>
   <? endif ?>
   <? if ($item->captured): ?>
@@ -26,9 +26,9 @@
   <li>
     <strong class="caption"><?= t("Owner:") ?></strong>
     <? if ($item->owner->url): ?>
-    <a href="<?= $item->owner->url ?>"><?= p::clean($item->owner->display_name()) ?></a>
+    <a href="<?= $item->owner->url ?>"><?= SafeString::of($item->owner->display_name()) ?></a>
     <? else: ?>
-    <?= p::clean($item->owner->display_name()) ?>
+    <?= SafeString::of($item->owner->display_name()) ?>
     <? endif ?>
   </li>
   <? endif ?>
diff --git a/modules/notification/views/comment_published.html.php b/modules/notification/views/comment_published.html.php
index 4a56cdad..02daf921 100644
--- a/modules/notification/views/comment_published.html.php
+++ b/modules/notification/views/comment_published.html.php
@@ -1,26 +1,26 @@
 <?php defined("SYSPATH") or die("No direct script access.") ?>
 <html>
   <head>
-    <title><?= p::clean($subject) ?> </title>
+    <title><?= SafeString::of($subject) ?> </title>
   </head>
   <body>
-    <h2><?= p::clean($subject) ?></h2>
+    <h2><?= SafeString::of($subject) ?></h2>
     <table>
       <tr>
         <td><?= t("Comment:") ?></td>
-  <td><?= nl2br(p::purify($comment->text)) ?></td>
+  <td><?= nl2br(SafeString::purify($comment->text)) ?></td>
       </tr>
       <tr>
         <td><?= t("Author Name:") ?></td>
-        <td><?= p::clean($comment->author_name()) ?></td>
+        <td><?= SafeString::of($comment->author_name()) ?></td>
       </tr>
       <tr>
         <td><?= t("Author Email:") ?></td>
-        <td><?= p::clean($comment->author_email()) ?></td>
+        <td><?= SafeString::of($comment->author_email()) ?></td>
       </tr>
       <tr>
         <td><?= t("Author URL:") ?></td>
-        <td><?= p::clean($comment->author_url()) ?></td>
+        <td><?= SafeString::of($comment->author_url()) ?></td>
       </tr>
       <tr>
         <td><?= t("Url:") ?></td>
diff --git a/modules/notification/views/item_added.html.php b/modules/notification/views/item_added.html.php
index 86724927..70b8fca4 100644
--- a/modules/notification/views/item_added.html.php
+++ b/modules/notification/views/item_added.html.php
@@ -1,14 +1,14 @@
 <?php defined("SYSPATH") or die("No direct script access.") ?>
 <html>
   <head>
-    <title><?= p::clean($subject) ?> </title>
+    <title><?= SafeString::of($subject) ?> </title>
   </head>
   <body>
-    <h2><?= p::clean($subject) ?></h2>
+    <h2><?= SafeString::of($subject) ?></h2>
     <table>
       <tr>
         <td><?= t("Title:") ?></td>
-        <td><?= p::purify($item->title) ?></td>
+        <td><?= SafeString::purify($item->title) ?></td>
       </tr>
       <tr>
         <td><?= t("Url:") ?></td>
@@ -21,7 +21,7 @@
       <? if ($item->description): ?>
       <tr>
         <td><?= t("Description:") ?></td>
-         <td><?= nl2br(p::purify($item->description)) ?></td>
+         <td><?= nl2br(SafeString::purify($item->description)) ?></td>
       </tr>
       <? endif ?>
     </table>
diff --git a/modules/notification/views/item_deleted.html.php b/modules/notification/views/item_deleted.html.php
index 92215211..e04fc71b 100644
--- a/modules/notification/views/item_deleted.html.php
+++ b/modules/notification/views/item_deleted.html.php
@@ -1,15 +1,15 @@
 <?php defined("SYSPATH") or die("No direct script access.") ?>
 <html>
   <head>
-    <title><?= p::clean($subject) ?> </title>
+    <title><?= SafeString::of($subject) ?> </title>
   </head>
   <body>
-    <h2><?= p::clean($subject) ?></h2>
+    <h2><?= SafeString::of($subject) ?></h2>
     <table>
       <tr>
         <td colspan="2">
           <?= t("To view the changed album %title use the link below.",
-              array("title" => p::purify($item->parent()->title))) ?>
+              array("title" => SafeString::purify($item->parent()->title))) ?>
         </td>
       </tr>
       <tr>
diff --git a/modules/notification/views/item_updated.html.php b/modules/notification/views/item_updated.html.php
index 39f9113b..c3a4f795 100644
--- a/modules/notification/views/item_updated.html.php
+++ b/modules/notification/views/item_updated.html.php
@@ -1,18 +1,18 @@
 <?php defined("SYSPATH") or die("No direct script access.") ?>
 <html>
   <head>
-    <title><?= p::clean($subject) ?> </title>
+    <title><?= SafeString::of($subject) ?> </title>
   </head>
   <body>
-    <h2> <?= p::clean($subject) ?> </h2>
+    <h2> <?= SafeString::of($subject) ?> </h2>
     <table>
       <tr>
         <? if ($item->original("title") != $item->title): ?>
         <td><?= t("New Title:") ?></td>
-        <td><?= p::clean($item->title) ?></td>
+        <td><?= SafeString::of($item->title) ?></td>
         <? else: ?>
         <td><?= t("Title:") ?></td>
-        <td><?= p::clean($item->title) ?></td>
+        <td><?= SafeString::of($item->title) ?></td>
         <? endif ?>
       </tr>
       <tr>
@@ -22,12 +22,12 @@
       <? if ($item->original("description") != $item->description): ?>
       <tr>
         <td><?= t("New Description:") ?></td>
-        <td><?= p::clean($item->description) ?></td>
+        <td><?= SafeString::of($item->description) ?></td>
       </tr>
       <? elseif (!empty($item->description)): ?>
       <tr>
         <td><?= t("Description:") ?></td>
-        <td><?= p::clean($item->description) ?></td>
+        <td><?= SafeString::of($item->description) ?></td>
       </tr>
       <? endif ?>
     </table>
diff --git a/modules/organize/controllers/organize.php b/modules/organize/controllers/organize.php
index 898be509..d60aa838 100644
--- a/modules/organize/controllers/organize.php
+++ b/modules/organize/controllers/organize.php
@@ -62,8 +62,8 @@ class Organize_Controller extends Controller {
     access::required("edit", $item);
 
     print json_encode(
-      array("title" => p::purify($item->title),
-            "description" => empty($item->description) ? "" : p::purify($item->description)));
+      array("title" => SafeString::purify($item->title),
+            "description" => empty($item->description) ? "" : SafeString::purify($item->description)));
   }
 
   function tree($item, $parent) {
@@ -281,10 +281,10 @@ class Organize_Controller extends Controller {
 
       if ($item->is_album()) {
         log::success("content", "Updated album", "<a href=\"albums/$item->id\">view</a>");
-        $message = t("Saved album %album_title", array("album_title" => p::purify($item->title)));
+        $message = t("Saved album %album_title", array("album_title" => SafeString::purify($item->title)));
       } else {
         log::success("content", "Updated photo", "<a href=\"photos/$item->id\">view</a>");
-        $message = t("Saved photo %photo_title", array("photo_title" => p::purify($item->title)));
+        $message = t("Saved photo %photo_title", array("photo_title" => SafeString::purify($item->title)));
       }
       print json_encode(array("form" => $form->__toString(), "message" => $message));
     } else {
@@ -321,7 +321,7 @@ class Organize_Controller extends Controller {
       $item->save();
 
       log::success("content", "Updated album", "<a href=\"albums/$item->id\">view</a>");
-      $message = t("Saved album %album_title", array("album_title" => p::purify($item->title)));
+      $message = t("Saved album %album_title", array("album_title" => SafeString::purify($item->title)));
       print json_encode(array("form" => $form->__toString(), "message" => $message));
     } else {
       print json_encode(array("form" => $form->__toString()));
diff --git a/modules/organize/views/organize.html.php b/modules/organize/views/organize.html.php
index 1686d255..1182a887 100644
--- a/modules/organize/views/organize.html.php
+++ b/modules/organize/views/organize.html.php
@@ -16,7 +16,7 @@ var CONFIRM_DELETE = "<?= t("Do you really want to delete the selected albums an
   });
 </script>
 <fieldset style="display: none">
-  <legend><?= t("Organize %name", array("name" => p::purify($item->title))) ?></legend>
+  <legend><?= t("Organize %name", array("name" => SafeString::purify($item->title))) ?></legend>
 </fieldset>
 <div id="doc3" class="yui-t7">
   <div id="bd">
diff --git a/modules/organize/views/organize_album.html.php b/modules/organize/views/organize_album.html.php
index ae2d5d51..4933ed32 100644
--- a/modules/organize/views/organize_album.html.php
+++ b/modules/organize/views/organize_album.html.php
@@ -7,7 +7,7 @@
 
     <div id="gOrganizeBranch-<?= $album->id ?>" ref="<?= $album->id ?>"
           class="<?= $selected ? "gBranchSelected" : "" ?> gBranchText">
-      <?= p::clean($album->title) ?>
+      <?= SafeString::of($album->title) ?>
     </div>
     <div id="gOrganizeChildren-<?= $album->id ?>"
           class="<?= $album_icon == "ui-icon-plus" ? "gBranchCollapsed" : "" ?>">
diff --git a/modules/rss/views/feed.mrss.php b/modules/rss/views/feed.mrss.php
index 447179a5..7298b7f4 100644
--- a/modules/rss/views/feed.mrss.php
+++ b/modules/rss/views/feed.mrss.php
@@ -6,9 +6,9 @@
    xmlns:fh="http://purl.org/syndication/history/1.0">
   <channel>
     <generator>gallery3</generator>
-    <title><?= p::clean($feed->title) ?></title>
+    <title><?= SafeString::of($feed->title) ?></title>
     <link><?= $feed->uri ?></link>
-    <description><?= p::clean($feed->description) ?></description>
+    <description><?= SafeString::of($feed->description) ?></description>
     <language>en-us</language>
     <atom:link rel="self" href="<?= $feed->uri ?>" type="application/rss+xml" />
     <fh:complete/>
@@ -22,25 +22,25 @@
     <lastBuildDate><?= $pub_date ?></lastBuildDate>
     <? foreach ($feed->children as $child): ?>
     <item>
-      <title><?= p::clean($child->title) ?></title>
+      <title><?= SafeString::of($child->title) ?></title>
       <link><?= url::abs_site("{$child->type}s/{$child->id}") ?></link>
       <guid isPermaLink="true"><?= url::abs_site("{$child->type}s/{$child->id}") ?></guid>
       <pubDate><?= date("D, d M Y H:i:s T", $child->created); ?></pubDate>
       <content:encoded>
         <![CDATA[
-          <span><?= p::clean($child->description) ?></span>
+          <span><?= SafeString::of($child->description) ?></span>
           <p>
           <? if ($child->type == "photo" || $child->type == "album"): ?>
             <img alt="" src="<?= $child->resize_url(true) ?>"
-                 title="<?= p::clean($child->title) ?>"
+                 title="<?= SafeString::of($child->title) ?>"
                  height="<?= $child->resize_height ?>" width="<?= $child->resize_width ?>" /><br />
           <? else: ?>
             <a href="<?= url::abs_site("{$child->type}s/{$child->id}") ?>">
             <img alt="" src="<?= $child->thumb_url(true) ?>"
-                 title="<?= p::clean($child->title) ?>"
+                 title="<?= SafeString::of($child->title) ?>"
                  height="<?= $child->thumb_height ?>" width="<?= $child->thumb_width ?>" /></a><br />
           <? endif ?>
-            <?= p::clean($child->description) ?>
+            <?= SafeString::of($child->description) ?>
           </p>
         ]]>
       </content:encoded>
diff --git a/modules/search/views/search.html.php b/modules/search/views/search.html.php
index 6a222ef1..e5c7b4a6 100644
--- a/modules/search/views/search.html.php
+++ b/modules/search/views/search.html.php
@@ -8,10 +8,10 @@
     <ul>
       <li>
         <label for="q"><?= t("Search the gallery") ?></label>
-        <input name="q" id="q" type="text" value="<?= p::clean($q) ?>"/>
+        <input name="q" id="q" type="text" value="<?= SafeString::of($q)->for_html_attr() ?>"/>
       </li>
       <li>
-        <input type="submit" value="<?= t("Search") ?>" />
+        <input type="submit" value="<?= t("Search")->for_html_attr() ?>" />
       </li>
     </ul>
   </fieldset>
@@ -31,10 +31,10 @@
       <a href="<?= url::site("items/$item->id") ?>">
         <?= $item->thumb_img() ?>
         <p>
-          <?= p::purify($item->title) ?>
+    <?= SafeString::purify($item->title) ?>
         </p>
         <div>
-    <?= nl2br(p::purify($item->description)) ?>
+    <?= nl2br(SafeString::purify($item->description)) ?>
         </div>
       </a>
     </li>
@@ -44,7 +44,7 @@
 
   <? else: ?>
   <p>
-    <?= t("No results found for <b>%term</b>", array("term" => p::clean($q))) ?>
+    <?= t("No results found for <b>%term</b>", array("term" => $q)) ?>
   </p>
 
   <? endif; ?>
diff --git a/modules/server_add/controllers/admin_server_add.php b/modules/server_add/controllers/admin_server_add.php
index 30109f42..fac2aa44 100644
--- a/modules/server_add/controllers/admin_server_add.php
+++ b/modules/server_add/controllers/admin_server_add.php
@@ -38,7 +38,7 @@ class Admin_Server_Add_Controller extends Admin_Controller {
         $path = $form->add_path->path->value;
         $paths[$path] = 1;
         module::set_var("server_add", "authorized_paths", serialize($paths));
-        message::success(t("Added path %path", array("path" => p::clean($path))));
+        message::success(t("Added path %path", array("path" => $path)));
         server_add::check_config($paths);
         url::redirect("admin/server_add");
       } else {
@@ -60,7 +60,7 @@ class Admin_Server_Add_Controller extends Admin_Controller {
     $paths = unserialize(module::get_var("server_add", "authorized_paths"));
     if (isset($paths[$path])) {
       unset($paths[$path]);
-      message::success(t("Removed path %path", array("path" => p::clean($path))));
+      message::success(t("Removed path %path", array("path" => $path)));
       module::set_var("server_add", "authorized_paths", serialize($paths));
       server_add::check_config($paths);
     }
diff --git a/modules/server_add/views/server_add_tree.html.php b/modules/server_add/views/server_add_tree.html.php
index 254a9da0..b68544ec 100644
--- a/modules/server_add/views/server_add_tree.html.php
+++ b/modules/server_add/views/server_add_tree.html.php
@@ -24,7 +24,7 @@
                 <? endif ?>
                 file="<?= $file ?>"
                 >
-            <?= p::clean(basename($file)) ?>
+            <?= SafeString::of(basename($file)) ?>
           </span>
         </li>
         <? endforeach ?>
diff --git a/modules/server_add/views/server_add_tree_dialog.html.php b/modules/server_add/views/server_add_tree_dialog.html.php
index 21952849..533cad04 100644
--- a/modules/server_add/views/server_add_tree_dialog.html.php
+++ b/modules/server_add/views/server_add_tree_dialog.html.php
@@ -5,17 +5,17 @@
 </script>
 
 <div id="gServerAdd">
-  <h1 style="display: none;"><?= t("Add Photos to '%title'", array("title" => p::purify($item->title))) ?></h1>
+  <h1 style="display: none;"><?= t("Add Photos to '%title'", array("title" => SafeString::purify($item->title))) ?></h1>
 
   <p id="gDescription"><?= t("Photos will be added to album:") ?></p>
   <ul class="gBreadcrumbs">
     <? foreach ($item->parents() as $parent): ?>
     <li>
-      <?= p::purify($parent->title) ?>
+      <?= SafeString::purify($parent->title) ?>
     </li>
     <? endforeach ?>
     <li class="active">
-      <?= p::purify($item->title) ?>
+      <?= SafeString::purify($item->title) ?>
     </li>
   </ul>
 
diff --git a/modules/tag/controllers/admin_tags.php b/modules/tag/controllers/admin_tags.php
index dcdc16b9..f1b4ca3a 100644
--- a/modules/tag/controllers/admin_tags.php
+++ b/modules/tag/controllers/admin_tags.php
@@ -53,8 +53,8 @@ class Admin_Tags_Controller extends Admin_Controller {
       $name = $tag->name;
       Database::instance()->delete("items_tags", array("tag_id" => "$tag->id"));
       $tag->delete();
-      message::success(t("Deleted tag %tag_name", array("tag_name" => p::clean($name))));
-      log::success("tags", t("Deleted tag %tag_name", array("tag_name" => p::clean($name))));
+      message::success(t("Deleted tag %tag_name", array("tag_name" => $name)));
+      log::success("tags", t("Deleted tag %tag_name", array("tag_name" => $name)));
 
       print json_encode(
         array("result" => "success",
@@ -98,7 +98,7 @@ class Admin_Tags_Controller extends Admin_Controller {
       $tag->save();
 
       $message = t("Renamed tag %old_name to %new_name",
-                   array("old_name" => p::clean($old_name), "new_name" => p::clean($tag->name)));
+                   array("old_name" => $old_name, "new_name" => $tag->name));
       message::success($message);
       log::success("tags", $message);
 
@@ -106,7 +106,7 @@ class Admin_Tags_Controller extends Admin_Controller {
         array("result" => "success",
               "location" => url::site("admin/tags"),
               "tag_id" => $tag->id,
-              "new_tagname" => p::clean($tag->name)));
+              "new_tagname" => SafeString::of($tag->name)));
     } else {
       print json_encode(
         array("result" => "error",
diff --git a/modules/tag/helpers/tag_rss.php b/modules/tag/helpers/tag_rss.php
index f94508cf..7194586d 100644
--- a/modules/tag/helpers/tag_rss.php
+++ b/modules/tag/helpers/tag_rss.php
@@ -22,7 +22,7 @@ class tag_rss_Core {
   static function available_feeds($item, $tag) {
     if ($tag) {
       $feeds["tag/tag/{$tag->id}"] =
-        t("Tag feed for %tag_name", array("tag_name" => p::clean($tag->name)));
+        t("Tag feed for %tag_name", array("tag_name" => $tag->name));
       return $feeds;
     }
     return array();
diff --git a/modules/tag/views/admin_tags.html.php b/modules/tag/views/admin_tags.html.php
index 7d201da7..5bd23112 100644
--- a/modules/tag/views/admin_tags.html.php
+++ b/modules/tag/views/admin_tags.html.php
@@ -47,7 +47,7 @@
           <? endif ?>
 
           <li>
-            <span id="gTag-<?= $tag->id ?>" class="gEditable tag-name"><?= p::clean($tag->name) ?></span>
+            <span id="gTag-<?= $tag->id ?>" class="gEditable tag-name"><?= SafeString::of($tag->name) ?></span>
             <span class="understate">(<?= $tag->count ?>)</span>
             <a href="<?= url::site("admin/tags/form_delete/$tag->id") ?>"
                class="gDialogLink delete-link gButtonLink">
diff --git a/modules/tag/views/tag_cloud.html.php b/modules/tag/views/tag_cloud.html.php
index eba615fc..b4c6ae34 100644
--- a/modules/tag/views/tag_cloud.html.php
+++ b/modules/tag/views/tag_cloud.html.php
@@ -3,7 +3,7 @@
   <? foreach ($tags as $tag): ?>
   <li class="size<?=(int)(($tag->count / $max_count) * 7) ?>">
     <span><?= $tag->count ?> photos are tagged with </span>
-    <a href="<?= url::site("tags/$tag->id") ?>"><?= p::clean($tag->name) ?></a>
+    <a href="<?= url::site("tags/$tag->id") ?>"><?= SafeString::of($tag->name) ?></a>
   </li>
   <? endforeach ?>
 </ul>
diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php
index f87602b8..521f82fa 100644
--- a/modules/user/controllers/admin_users.php
+++ b/modules/user/controllers/admin_users.php
@@ -51,7 +51,7 @@ class Admin_Users_Controller extends Controller {
       $user->save();
       module::event("user_add_form_admin_completed", $user, $form);
 
-      message::success(t("Created user %user_name", array("user_name" => p::clean($user->name))));
+      message::success(t("Created user %user_name", array("user_name" => $user->name)));
       print json_encode(array("result" => "success"));
     } else {
       print json_encode(array("result" => "error",
@@ -84,7 +84,7 @@ class Admin_Users_Controller extends Controller {
                               "form" => $form->__toString()));
     }
 
-    $message = t("Deleted user %user_name", array("user_name" => p::clean($name)));
+    $message = t("Deleted user %user_name", array("user_name" => $name));
     log::success("user", $message);
     message::success($message);
     print json_encode(array("result" => "success"));
@@ -142,7 +142,7 @@ class Admin_Users_Controller extends Controller {
       $user->save();
       module::event("user_edit_form_admin_completed", $user, $form);
 
-      message::success(t("Changed user %user_name", array("user_name" => p::clean($user->name))));
+      message::success(t("Changed user %user_name", array("user_name" => $user->name)));
       print json_encode(array("result" => "success"));
     } else {
       print json_encode(array("result" => "error",
@@ -204,7 +204,7 @@ class Admin_Users_Controller extends Controller {
       $group = group::create($new_name);
       $group->save();
       message::success(
-        t("Created group %group_name", array("group_name" => p::clean($group->name))));
+        t("Created group %group_name", array("group_name" => $group->name)));
       print json_encode(array("result" => "success"));
     } else {
       print json_encode(array("result" => "error",
@@ -233,7 +233,7 @@ class Admin_Users_Controller extends Controller {
                               "form" => $form->__toString()));
     }
 
-    $message = t("Deleted group %group_name", array("group_name" => p::clean($name)));
+    $message = t("Deleted group %group_name", array("group_name" => $name));
     log::success("group", $message);
     message::success($message);
     print json_encode(array("result" => "success"));
@@ -271,11 +271,11 @@ class Admin_Users_Controller extends Controller {
       $group->name = $form->edit_group->inputs["name"]->value;
       $group->save();
       message::success(
-        t("Changed group %group_name", array("group_name" => p::clean($group->name))));
+        t("Changed group %group_name", array("group_name" => $group->name)));
       print json_encode(array("result" => "success"));
     } else {
       message::error(
-        t("Failed to change group %group_name", array("group_name" => p::clean($group->name))));
+        t("Failed to change group %group_name", array("group_name" => $group->name)));
       print json_encode(array("result" => "error",
                               "form" => $form->__toString()));
     }
diff --git a/modules/user/controllers/login.php b/modules/user/controllers/login.php
index 4d901051..b81b17b2 100644
--- a/modules/user/controllers/login.php
+++ b/modules/user/controllers/login.php
@@ -63,7 +63,7 @@ class Login_Controller extends Controller {
         log::warning(
           "user",
           t("Failed login for %name",
-            array("name" => p::clean($form->login->inputs["name"]->value))));
+            array("name" => $form->login->inputs["name"]->value)));
         $form->login->inputs["name"]->add_error("invalid_login", 1);
         $valid = false;
       }
@@ -71,7 +71,7 @@ class Login_Controller extends Controller {
 
     if ($valid) {
       user::login($user);
-      log::info("user", t("User %name logged in", array("name" => p::clean($user->name))));
+      log::info("user", t("User %name logged in", array("name" => $user->name)));
     }
 
     // Either way, regenerate the session id to avoid session trapping
diff --git a/modules/user/controllers/logout.php b/modules/user/controllers/logout.php
index 099b1952..4b141a1c 100644
--- a/modules/user/controllers/logout.php
+++ b/modules/user/controllers/logout.php
@@ -23,8 +23,8 @@ class Logout_Controller extends Controller {
 
     $user = user::active();
     user::logout();
-    log::info("user", t("User %name logged out", array("name" => p::clean($user->name))),
-              html::anchor("user/$user->id", p::clean($user->name)));
+    log::info("user", t("User %name logged out", array("name" => $user->name)),
+              html::anchor("user/$user->id", SafeString::of($user->name)));
     if ($continue_url = $this->input->get("continue")) {
       $item = url::get_item_from_uri($continue_url);
       if (access::can("view", $item)) {
diff --git a/modules/user/controllers/password.php b/modules/user/controllers/password.php
index 2af1b879..066efbba 100644
--- a/modules/user/controllers/password.php
+++ b/modules/user/controllers/password.php
@@ -74,7 +74,7 @@ class Password_Controller extends Controller {
 
       log::success(
         "user",
-        t("Password reset email sent for user %name", array("name" => p::clean($user->name))));
+        t("Password reset email sent for user %name", array("name" => $user->name)));
     } else {
       // Don't include the username here until you're sure that it's XSS safe
       log::warning(
diff --git a/modules/user/views/admin_users.html.php b/modules/user/views/admin_users.html.php
index 542b8b8b..54c4847d 100644
--- a/modules/user/views/admin_users.html.php
+++ b/modules/user/views/admin_users.html.php
@@ -68,16 +68,16 @@
         <td id="user-<?= $user->id ?>" class="core-info gDraggable">
           <img src="<?= $user->avatar_url(20, $theme->url("images/avatar.jpg", true)) ?>"
                title="<?= t("Drag user onto group below to add as a new member") ?>"
-               alt="<?= p::clean($user->name) ?>"
+               alt="<?= SafeString::of($user->name) ?>"
                width="20"
                height="20" />
-          <?= p::clean($user->name) ?>
+          <?= SafeString::of($user->name) ?>
         </td>
         <td>
-          <?= p::clean($user->full_name) ?>
+          <?= SafeString::of($user->full_name) ?>
         </td>
         <td>
-          <?= p::clean($user->email) ?>
+          <?= SafeString::of($user->email) ?>
         </td>
         <td>
           <?= ($user->last_login == 0) ? "" : gallery::date($user->last_login) ?>
diff --git a/modules/user/views/admin_users_group.html.php b/modules/user/views/admin_users_group.html.php
index bfd79dba..f89a4392 100644
--- a/modules/user/views/admin_users_group.html.php
+++ b/modules/user/views/admin_users_group.html.php
@@ -1,9 +1,9 @@
 <?php defined("SYSPATH") or die("No direct script access.") ?>
 <h4>
-  <?= p::clean($group->name) ?>
+  <?= SafeString::of($group->name) ?>
   <? if (!$group->special): ?>
   <a href="<?= url::site("admin/users/delete_group_form/$group->id") ?>"
-    title="<?= t("Delete the %name group", array("name" => p::clean($group->name))) ?>"
+    title="<?= t("Delete the %name group", array("name" => $group->name)) ?>"
     class="gDialogLink gButtonLink ui-state-default ui-corner-all">
     <span class="ui-icon ui-icon-trash"><?= t("delete") ?></span></a>
   <? else: ?>
@@ -17,12 +17,12 @@
 <ul>
   <? foreach ($group->users as $i => $user): ?>
   <li class="gUser">
-    <?= p::clean($user->name) ?>
+    <?= SafeString::of($user->name) ?>
     <? if (!$group->special): ?>
     <a href="javascript:remove_user(<?= $user->id ?>, <?= $group->id ?>)"
        class="gButtonLink ui-state-default ui-corner-all ui-icon-left"
        title="<?= t("Remove %user from %group group",
-              array("user" => p::clean($user->name), "group" => p::clean($group->name))) ?>">
+              array("user" => $user->name, "group" => $group->name)) ?>">
       <span class="ui-icon ui-icon-closethick"><?= t("remove") ?></span>
     </a>
     <? endif ?>
diff --git a/modules/user/views/login.html.php b/modules/user/views/login.html.php
index 97341762..e92513e7 100644
--- a/modules/user/views/login.html.php
+++ b/modules/user/views/login.html.php
@@ -8,11 +8,11 @@
   </li>
   <? else: ?>
   <li class="first">
-    <?= t('Logged in as %name', array('name' => SafeString::of(
+    <?= t('Logged in as %name', array('name' => SafeString::of_safe_html(
       '<a href="' . url::site("form/edit/users/{$user->id}") .
-      '" title="' . t("Edit Your Profile") .
+      '" title="' . t("Edit Your Profile")->for_html_attr() .
       '" id="gUserProfileLink" class="gDialogLink">' .
-      p::clean($user->display_name()) . '</a>')->mark_html_safe())) ?>
+      SafeString::of($user->display_name()) . '</a>'))) ?>
   </li>
   <li>
     <a href="<?= url::site("logout?csrf=$csrf&amp;continue=" . urlencode(url::current(true))) ?>"
diff --git a/modules/user/views/reset_password.html.php b/modules/user/views/reset_password.html.php
index 4c4672ee..3dc7aebf 100644
--- a/modules/user/views/reset_password.html.php
+++ b/modules/user/views/reset_password.html.php
@@ -6,7 +6,7 @@
   <body>
     <h2><?= t("Password Reset Request") ?> </h2>
     <p>
-      <?= t("Hello, %name,", array("name" => p::clean($user->full_name ? $user->full_name : $user->name))) ?>
+      <?= t("Hello, %name,", array("name" => $user->full_name ? $user->full_name : $user->name)) ?>
     </p>
     <p>
       <?= t("We received a request to reset your password for <a href=\"%site_url\">%site_url</a>.  If you made this request, you can confirm it by <a href=\"%confirm_url\">clicking this link</a>.  If you didn't request this password reset, it's ok to ignore this mail.", array("site_url" => url::base(false, "http"), "confirm_url" => $confirm_url)) ?>
diff --git a/system/helpers/request.php b/system/helpers/request.php
index 4203d0e5..15b8edfa 100644
--- a/system/helpers/request.php
+++ b/system/helpers/request.php
@@ -30,7 +30,7 @@ class request_Core {
 			// Set referrer
 			$ref = $_SERVER['HTTP_REFERER'];
 
-			if (strpos($ref, url::base(FALSE)) === 0)
+			if (strpos($ref, (string) url::base(FALSE)) === 0)
 			{
 				// Remove the base URL from the referrer
 				$ref = substr($ref, strlen(url::base(FALSE)));
diff --git a/themes/default/views/album.html.php b/themes/default/views/album.html.php
index c2f95731..ffb4b913 100644
--- a/themes/default/views/album.html.php
+++ b/themes/default/views/album.html.php
@@ -2,8 +2,8 @@
 <? // @todo Set hover on AlbumGrid list items for guest users ?>
 <div id="gInfo">
   <?= $theme->album_top() ?>
-  <h1><?= SafeString::of($item->title)->purified_html() ?></h1>
-  <div class="gDescription"><?= nl2br(SafeString::of($item->description)->purified_html()) ?></div>
+  <h1><?= SafeString::purify($item->title) ?></h1>
+  <div class="gDescription"><?= nl2br(SafeString::purify($item->description)) ?></div>
 </div>
 
 <ul id="gAlbumGrid">
diff --git a/themes/default/views/dynamic.html.php b/themes/default/views/dynamic.html.php
index 2d122e69..2d8e04a2 100644
--- a/themes/default/views/dynamic.html.php
+++ b/themes/default/views/dynamic.html.php
@@ -3,7 +3,7 @@
   <div id="gAlbumHeaderButtons">
     <?= $theme->dynamic_top() ?>
   </div>
-  <h1><?= p::clean($title) ?></h1>
+  <h1><?= SafeString::of($title) ?></h1>
 </div>
 
 <ul id="gAlbumGrid">
@@ -16,7 +16,7 @@
            width="<?= $child->thumb_width ?>"
            height="<?= $child->thumb_height ?>" />
     </a>
-    <h2><?= p::purify($child->title) ?></h2>
+    <h2><?= SafeString::purify($child->title) ?></h2>
     <?= $theme->thumb_bottom($child) ?>
     <ul class="gMetadata">
       <?= $theme->thumb_info($child) ?>
diff --git a/themes/default/views/header.html.php b/themes/default/views/header.html.php
index 2ba1e923..9e34401d 100644
--- a/themes/default/views/header.html.php
+++ b/themes/default/views/header.html.php
@@ -19,10 +19,10 @@
   <? foreach ($parents as $parent): ?>
   <li>
     <a href="<?= url::site("albums/{$parent->id}?show=$item->id") ?>">
-      <?= p::purify($parent->title) ?>
+      <?= SafeString::purify($parent->title) ?>
     </a>
   </li>
   <? endforeach ?>
-  <li class="active"><?= p::purify($item->title) ?></li>
+  <li class="active"><?= SafeString::purify($item->title) ?></li>
 </ul>
 <? endif ?>
diff --git a/themes/default/views/movie.html.php b/themes/default/views/movie.html.php
index 66c80ded..1f25a626 100644
--- a/themes/default/views/movie.html.php
+++ b/themes/default/views/movie.html.php
@@ -15,8 +15,8 @@
   <?= $item->movie_img(array("class" => "gMovie", "id" => "gMovieId-{$item->id}")) ?>
 
   <div id="gInfo">
-    <h1><?= p::purify($item->title) ?></h1>
-       <div><?= nl2br(p::purify($item->description)) ?></div>
+    <h1><?= SafeString::purify($item->title) ?></h1>
+       <div><?= nl2br(SafeString::purify($item->description)) ?></div>
   </div>
 
   <script type="text/javascript">
diff --git a/themes/default/views/page.html.php b/themes/default/views/page.html.php
index 66282bae..ea2be37b 100644
--- a/themes/default/views/page.html.php
+++ b/themes/default/views/page.html.php
@@ -10,14 +10,14 @@
       <? else: ?>
         <? if ($theme->item()): ?>
           <? if ($theme->item()->is_album()): ?>
-          <?= t("Browse Album :: %album_title", array("album_title" => p::clean($theme->item()->title))) ?>
+          <?= t("Browse Album :: %album_title", array("album_title" => $theme->item()->title)) ?>
           <? elseif ($theme->item()->is_photo()): ?>
-          <?= t("Photo :: %photo_title", array("photo_title" => p::clean($theme->item()->title))) ?>
+	  <?= t("Photo :: %photo_title", array("photo_title" => $theme->item()->title)) ?>
           <? else: ?>
-          <?= t("Movie :: %movie_title", array("movie_title" => p::clean($theme->item()->title))) ?>
+          <?= t("Movie :: %movie_title", array("movie_title" => $theme->item()->title)) ?>
           <? endif ?>
         <? elseif ($theme->tag()): ?>
-          <?= t("Browse Tag :: %tag_title", array("tag_title" => p::clean($theme->tag()->name))) ?>
+          <?= t("Browse Tag :: %tag_title", array("tag_title" => $theme->tag()->name)) ?>
         <? else: /* Not an item, not a tag, no page_title specified.  Help! */ ?>
           <?= t("Gallery") ?>
         <? endif ?>
diff --git a/themes/default/views/photo.html.php b/themes/default/views/photo.html.php
index bf4d9da3..1f92e9ba 100644
--- a/themes/default/views/photo.html.php
+++ b/themes/default/views/photo.html.php
@@ -50,8 +50,8 @@
   </div>
 
   <div id="gInfo">
-    <h1><?= p::purify($item->title) ?></h1>
-    <div><?= nl2br(p::purify($item->description)) ?></div>
+    <h1><?= SafeString::purify($item->title) ?></h1>
+    <div><?= nl2br(SafeString::purify($item->description)) ?></div>
   </div>
 
   <script type="text/javascript">
-- 
cgit v1.2.3