diff --git a/modules/server_add/views/admin_server_add.html.php b/modules/server_add/views/admin_server_add.html.php index 588a9fca..30ab3536 100644 --- a/modules/server_add/views/admin_server_add.html.php +++ b/modules/server_add/views/admin_server_add.html.php @@ -11,7 +11,7 @@

- " + " id="icon_" class="gRemoveDir ui-icon ui-icon-trash"> X diff --git a/modules/server_add/views/server_add_tree_dialog.html.php b/modules/server_add/views/server_add_tree_dialog.html.php index 21952849..a4eda3b9 100644 --- a/modules/server_add/views/server_add_tree_dialog.html.php +++ b/modules/server_add/views/server_add_tree_dialog.html.php @@ -1,7 +1,7 @@
diff --git a/modules/user/views/login.html.php b/modules/user/views/login.html.php index 4c1a5b3c..42bff4da 100644 --- a/modules/user/views/login.html.php +++ b/modules/user/views/login.html.php @@ -15,7 +15,7 @@ p::clean($user->display_name()) . '')) ?>
- " + " id="gLogoutLink">

" title=""> ← -- cgit v1.2.3 From 80f48b084af874fea52ed29f06a1337954b137bf Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Tue, 21 Jul 2009 13:02:20 -0700 Subject: In the logout link, urlencode the continue url so that ampersands, etc don't break encapsulation. In the logout controller, don't run the url through url::redirect because that uses url::site(). Just set the Location header directly. This fixes ticket #483. --- modules/user/controllers/logout.php | 11 ++++++----- modules/user/views/login.html.php | 2 +- 2 files changed, 7 insertions(+), 6 deletions(-) (limited to 'modules/user/views') diff --git a/modules/user/controllers/logout.php b/modules/user/controllers/logout.php index 63971789..099b1952 100644 --- a/modules/user/controllers/logout.php +++ b/modules/user/controllers/logout.php @@ -19,18 +19,19 @@ */ class Logout_Controller extends Controller { public function index() { - access::verify_csrf(); + //access::verify_csrf(); $user = user::active(); user::logout(); log::info("user", t("User %name logged out", array("name" => p::clean($user->name))), html::anchor("user/$user->id", p::clean($user->name))); - if ($this->input->get("continue")) { - $item = url::get_item_from_uri($this->input->get("continue")); + if ($continue_url = $this->input->get("continue")) { + $item = url::get_item_from_uri($continue_url); if (access::can("view", $item)) { - url::redirect($this->input->get("continue")); + // Don't use url::redirect() because it'll call url::site() and munge the continue url. + header("Location: $continue_url"); } else { - url::redirect(""); + url::redirect("albums/1"); } } } diff --git a/modules/user/views/login.html.php b/modules/user/views/login.html.php index 42bff4da..10ed31b2 100644 --- a/modules/user/views/login.html.php +++ b/modules/user/views/login.html.php @@ -15,7 +15,7 @@ p::clean($user->display_name()) . '

- " + " id="gLogoutLink">

Date: Thu, 23 Jul 2009 10:20:49 -0700 Subject: Convert instances of theme_url() to just url() to match the API change made in dbeadc1407293d0c7af36723db6fe5699890b845 --- modules/comment/views/admin_block_recent_comments.html.php | 2 +- modules/comment/views/admin_comments.html.php | 2 +- modules/comment/views/comment.html.php | 2 +- modules/comment/views/comments.html.php | 2 +- modules/user/views/admin_users.html.php | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) (limited to 'modules/user/views') diff --git a/modules/comment/views/admin_block_recent_comments.html.php b/modules/comment/views/admin_block_recent_comments.html.php index 4ff24f86..516a8181 100644 --- a/modules/comment/views/admin_block_recent_comments.html.php +++ b/modules/comment/views/admin_block_recent_comments.html.php @@ -2,7 +2,7 @@

"> - " + " class="gAvatar" alt="author_name()) ?>" width="32" diff --git a/modules/comment/views/admin_comments.html.php b/modules/comment/views/admin_comments.html.php index ad0ae8f3..9fe7164b 100644 --- a/modules/comment/views/admin_comments.html.php +++ b/modules/comment/views/admin_comments.html.php @@ -106,7 +106,7 @@ "> - " + " class="gAvatar" alt="author_name()) ?>" width="40" diff --git a/modules/comment/views/comment.html.php b/modules/comment/views/comment.html.php index ab72a0c8..3d17411c 100644 --- a/modules/comment/views/comment.html.php +++ b/modules/comment/views/comment.html.php @@ -2,7 +2,7 @@
- " + " class="gAvatar" alt="author_name()) ?>" width="40" diff --git a/modules/comment/views/comments.html.php b/modules/comment/views/comments.html.php index fa25a4e0..f7251389 100644 --- a/modules/comment/views/comments.html.php +++ b/modules/comment/views/comments.html.php @@ -10,7 +10,7 @@

- " + " class="gAvatar" alt="author_name()) ?>" width="40" diff --git a/modules/user/views/admin_users.html.php b/modules/user/views/admin_users.html.php index b469f82d..542b8b8b 100644 --- a/modules/user/views/admin_users.html.php +++ b/modules/user/views/admin_users.html.php @@ -66,7 +66,7 @@ $user): ?> user admin ? "admin" : "" ?>"> - " + " title="" alt="name) ?>" width="20" -- cgit v1.2.3 From a302a9c3fa7ec8d11373dc5eeb9c94400a255b1a Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Fri, 7 Aug 2009 23:58:57 +0800 Subject: Refactor the gallery dialog into a jQuery widget Signed-off-by: Bharat Mediratta --- lib/gallery.common.js | 27 ++- lib/gallery.dialog.js | 252 ++++++++++----------- modules/gallery/views/after_install.html.php | 2 +- .../views/server_add_tree_dialog.html.php | 5 +- modules/tag/js/tag.js | 2 +- modules/user/views/admin_users.html.php | 2 +- themes/admin_default/js/ui.init.js | 2 +- themes/default/js/ui.init.js | 2 +- 8 files changed, 155 insertions(+), 139 deletions(-) (limited to 'modules/user/views') diff --git a/lib/gallery.common.js b/lib/gallery.common.js index 1eaa6db2..e063462e 100644 --- a/lib/gallery.common.js +++ b/lib/gallery.common.js @@ -2,17 +2,15 @@ * To change this template, choose Tools | Templates * and open the template in the editor. */ -(function () { +(function ($) { $.fn.showMessage = function(message) { return this.each(function(i){ $(this).effect("highlight", {"color": "white"}, 3000); $(this).animate({opacity: 1.0}, 6000); }); }; -})(jQuery); // Vertically align a block element's content -(function () { $.fn.vAlign = function(container) { return this.each(function(i){ if (container == null) { @@ -26,10 +24,8 @@ $(el).css('margin-top', nh); }); }; -})(jQuery); // Get the viewport size -(function () { $.getViewportSize = function() { return { width : function() { @@ -40,4 +36,25 @@ } }; }; + + /** + * Toggle the processing indicator, both large and small + * @param elementID Target ID, including #, to apply .gLoadingSize + */ + $.fn.showLoading = function() { + return this.each(function(i){ + var size; + switch ($(this).attr("id")) { + case "#gDialog": + case "#gPanel": + size = "Large"; + break; + default: + size = "Small"; + break; + } + $(this).toggleClass("gLoading" + size); + }); + }; + })(jQuery); diff --git a/lib/gallery.dialog.js b/lib/gallery.dialog.js index 74c2f20e..7e0ba1b4 100644 --- a/lib/gallery.dialog.js +++ b/lib/gallery.dialog.js @@ -1,140 +1,136 @@ -/** - * Fire openDialog() and prevent links from opening - * @see openDialog() - */ -function handleDialogEvent(event) { - var target = event.currentTarget; - if (!target) { - target = event.srcElement; - } - openDialog(target); - event.preventDefault(); -} +(function($) { + $.widget("ui.galleryDialog", { + _init: function() { + var self = this; + this.element.click(function(event){ + event.preventDefault(); + var element = event.currentTarget; + var sHref = $(element).attr("href"); + var sTitle = $(element).attr("title"); + var eDialog = '

'; -function ajaxify_dialog() { - $("#gDialog form").ajaxForm({ - dataType: "json", - success: function(data) { - if (data.form) { - $("#gDialog form").replaceWith(data.form); - ajaxify_dialog(); - on_form_loaded(); - if (typeof data.reset == 'function') { - eval(data.reset + '()'); - } - } - if (data.result == "success") { - if (data.location) { - window.location = data.location; - } else { - window.location.reload(); - } - } - } - }); -}; + $("body").append(eDialog); + + if (!self.options.close) { + self.options.close = self.closeDialog; + } + $("#gDialog").dialog(self.options); -/** - * Display modal dialogs, populate dialog with trigger link's href - * @requires ui.core - * @requires ui.draggable - * @requires ui.resizable - * @requires ui.dialog - * @see handleDialogEvent() - * @see showLoading() - */ -function openDialog(element) { - var sHref = $(element).attr("href"); - var sTitle = $(element).attr("title"); - var eDialog = '

diff --git a/modules/server_add/views/server_add_tree_dialog.html.php b/modules/server_add/views/server_add_tree_dialog.html.php index 21952849..5c5dfd0f 100644 --- a/modules/server_add/views/server_add_tree_dialog.html.php +++ b/modules/server_add/views/server_add_tree_dialog.html.php @@ -34,7 +34,7 @@ - @@ -48,6 +48,9 @@ progressbar("value", 0); $("#gProgress").slideDown("fast", function() { start_add() }); }); + $("#gServerCloseButton").click(function(event) { + $("#gDialog").dialog("close"); + }); }); diff --git a/modules/tag/js/tag.js b/modules/tag/js/tag.js index 765c2a35..535582c5 100644 --- a/modules/tag/js/tag.js +++ b/modules/tag/js/tag.js @@ -23,7 +23,7 @@ function closeEditInPlaceForms() { $("#gRenameTagForm").parent().html($("#gRenameTagForm").parent().data("revert")); li.height(""); $(".gEditable", li).bind("click", editInPlace); - $(".gDialogLink", li).bind("click", handleDialogEvent); + $(".gDialogLink", li).galleryDialog(); } } diff --git a/modules/user/views/admin_users.html.php b/modules/user/views/admin_users.html.php index 542b8b8b..a487d565 100644 --- a/modules/user/views/admin_users.html.php +++ b/modules/user/views/admin_users.html.php @@ -28,7 +28,7 @@ {}, function(data) { $("#group-" + group_id).html(data); - $("#group-" + group_id + " .gDialogLink").bind("click", handleDialogEvent); + $("#group-" + group_id + " .gDialogLink").galleryDialog()); }); } diff --git a/themes/admin_default/js/ui.init.js b/themes/admin_default/js/ui.init.js index 63b74300..eea3cab2 100644 --- a/themes/admin_default/js/ui.init.js +++ b/themes/admin_default/js/ui.init.js @@ -17,7 +17,7 @@ $(document).ready(function(){ $("#gMessage li").showMessage(); // Initialize modal dialogs - $(".gDialogLink").bind("click", handleDialogEvent); + $(".gDialogLink").galleryDialog(); // Initialize panels $(".gPanelLink").galleryPanel(); diff --git a/themes/default/js/ui.init.js b/themes/default/js/ui.init.js index ff76c79c..33d04328 100644 --- a/themes/default/js/ui.init.js +++ b/themes/default/js/ui.init.js @@ -34,7 +34,7 @@ $(document).ready(function() { // Initialize dialogs $(".gMenuLink").addClass("gDialogLink"); $("#gLoginLink").addClass("gDialogLink"); - $(".gDialogLink").bind("click", handleDialogEvent); + $(".gDialogLink").galleryDialog(); // Initialize view menu if ($("#gViewMenu").length) { -- cgit v1.2.3 From 445a8fb1b6b6f410d1ea432da6d704bf2f59a14d Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Sat, 8 Aug 2009 01:47:56 +0800 Subject: Change galleryPanel and galleryDialog widgets to gallery_panel and gallery_dialog respectively Signed-off-by: Bharat Mediratta --- lib/gallery.dialog.js | 8 ++++---- lib/gallery.panel.js | 2 +- modules/gallery/views/after_install.html.php | 2 +- modules/tag/js/tag.js | 2 +- modules/user/views/admin_users.html.php | 2 +- themes/admin_default/js/ui.init.js | 4 ++-- themes/default/js/ui.init.js | 2 +- 7 files changed, 11 insertions(+), 11 deletions(-) (limited to 'modules/user/views') diff --git a/lib/gallery.dialog.js b/lib/gallery.dialog.js index 7e0ba1b4..04ab44de 100644 --- a/lib/gallery.dialog.js +++ b/lib/gallery.dialog.js @@ -1,5 +1,5 @@ (function($) { - $.widget("ui.galleryDialog", { + $.widget("ui.gallery_dialog", { _init: function() { var self = this; this.element.click(function(event){ @@ -12,7 +12,7 @@ $("body").append(eDialog); if (!self.options.close) { - self.options.close = self.closeDialog; + self.options.close = self.close_dialog; } $("#gDialog").dialog(self.options); @@ -91,7 +91,7 @@ ); }, - closeDialog: function (event, ui) { + close_dialog: function (event, ui) { var self = $("#gDialog").dialog("option", "self"); self.destroy(); }, @@ -124,7 +124,7 @@ dialog_closing: function(event, ui) {} }); - $.extend($.ui.galleryDialog, { + $.extend($.ui.gallery_dialog, { defaults: { autoOpen: false, autoResize: true, diff --git a/lib/gallery.panel.js b/lib/gallery.panel.js index 98d78d2a..e0bf4259 100644 --- a/lib/gallery.panel.js +++ b/lib/gallery.panel.js @@ -1,5 +1,5 @@ (function($) { - $.widget("ui.galleryPanel", { + $.widget("ui.gallery_panel", { _init: function() { var self = this; this.element.click(function(event) { diff --git a/modules/gallery/views/after_install.html.php b/modules/gallery/views/after_install.html.php index feb2d281..bfce46f0 100644 --- a/modules/gallery/views/after_install.html.php +++ b/modules/gallery/views/after_install.html.php @@ -16,7 +16,7 @@ title="" id="gAfterInstallChangePasswordLink" class="gButtonLink ui-state-default ui-corners-all">

diff --git a/modules/tag/js/tag.js b/modules/tag/js/tag.js index 535582c5..61ac73f4 100644 --- a/modules/tag/js/tag.js +++ b/modules/tag/js/tag.js @@ -23,7 +23,7 @@ function closeEditInPlaceForms() { $("#gRenameTagForm").parent().html($("#gRenameTagForm").parent().data("revert")); li.height(""); $(".gEditable", li).bind("click", editInPlace); - $(".gDialogLink", li).galleryDialog(); + $(".gDialogLink", li).gallery_dialog(); } } diff --git a/modules/user/views/admin_users.html.php b/modules/user/views/admin_users.html.php index a487d565..9bd4c068 100644 --- a/modules/user/views/admin_users.html.php +++ b/modules/user/views/admin_users.html.php @@ -28,7 +28,7 @@ {}, function(data) { $("#group-" + group_id).html(data); - $("#group-" + group_id + " .gDialogLink").galleryDialog()); + $("#group-" + group_id + " .gDialogLink").gallery_dialog(); }); } diff --git a/themes/admin_default/js/ui.init.js b/themes/admin_default/js/ui.init.js index eea3cab2..89dd5b47 100644 --- a/themes/admin_default/js/ui.init.js +++ b/themes/admin_default/js/ui.init.js @@ -17,10 +17,10 @@ $(document).ready(function(){ $("#gMessage li").showMessage(); // Initialize modal dialogs - $(".gDialogLink").galleryDialog(); + $(".gDialogLink").gallery_dialog(); // Initialize panels - $(".gPanelLink").galleryPanel(); + $(".gPanelLink").gallery_panel(); if ($("#gPhotoStream").length) { // Vertically align thumbs in photostream diff --git a/themes/default/js/ui.init.js b/themes/default/js/ui.init.js index 33d04328..4b876c66 100644 --- a/themes/default/js/ui.init.js +++ b/themes/default/js/ui.init.js @@ -34,7 +34,7 @@ $(document).ready(function() { // Initialize dialogs $(".gMenuLink").addClass("gDialogLink"); $("#gLoginLink").addClass("gDialogLink"); - $(".gDialogLink").galleryDialog(); + $(".gDialogLink").gallery_dialog(); // Initialize view menu if ($("#gViewMenu").length) { -- cgit v1.2.3 From 020281d932c566476222e6c825ada3affff239a6 Mon Sep 17 00:00:00 2001 From: Andy Staudacher Date: Sat, 29 Aug 2009 10:45:47 -0700 Subject: Adding SafeString which is going to replace p::clean() and p::purify(). Refactoring of Xss_Security_Test. t() and t2() return a SafeString instance. TODO: - Update all code to use SafeString where appropriate. - Update golden fole of Xss_Security_Test - Stop reporting CLEAN vars in Xss_Security_Test --- modules/gallery/helpers/p.php | 16 +- modules/gallery/libraries/I18n.php | 20 +- modules/gallery/libraries/MY_ORM.php | 4 + modules/gallery/libraries/SafeString.php | 142 ++++++++++++ modules/gallery/tests/SafeString_Test.php | 111 ++++++++++ modules/gallery/tests/Xss_Security_Test.php | 325 ++++++++++++++++++++++------ modules/user/views/login.html.php | 6 +- 7 files changed, 535 insertions(+), 89 deletions(-) create mode 100644 modules/gallery/libraries/SafeString.php create mode 100644 modules/gallery/tests/SafeString_Test.php (limited to 'modules/user/views') diff --git a/modules/gallery/helpers/p.php b/modules/gallery/helpers/p.php index 862c769b..e852c086 100644 --- a/modules/gallery/helpers/p.php +++ b/modules/gallery/helpers/p.php @@ -18,22 +18,12 @@ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA. */ class p_Core { - private static $_purifier = null; static function clean($dirty_html) { - return html::specialchars($dirty_html); + return new SafeString($dirty_html); } + // Deprecated: Please use p::clean($var).purified_html() static function purify($dirty_html) { - if (empty(self::$_purifier)) { - require_once(dirname(__file__) . "/../lib/HTMLPurifier/HTMLPurifier.auto.php"); - $config = HTMLPurifier_Config::createDefault(); - foreach (Kohana::config('purifier') as $category => $key_value) { - foreach ($key_value as $key => $value) { - $config->set("$category.$key", $value); - } - } - self::$_purifier = new HTMLPurifier($config); - } - return self::$_purifier->purify($dirty_html); + return SafeString::of($dirty_html)->purified_html(); } } diff --git a/modules/gallery/libraries/I18n.php b/modules/gallery/libraries/I18n.php index 03a6d8f6..8dc42e04 100644 --- a/modules/gallery/libraries/I18n.php +++ b/modules/gallery/libraries/I18n.php @@ -84,6 +84,12 @@ class I18n_Core { /** * Translates a localizable message. + * + * Security: + * The returned string is safe for use in HTML (it contains a safe subset of HTML and + * interpolation parameters are converted to HTML entities). + * For use in JavaScript, please call ->for_js() on it. + * * @param $message String|array The message to be translated. E.g. "Hello world" * or array("one" => "One album", "other" => "%count albums") * @param $options array (optional) Options array for key value pairs which are used @@ -110,7 +116,7 @@ class I18n_Core { $entry = $this->interpolate($locale, $entry, $values); - return $entry; + return SafeString::of($entry)->mark_html_safe(); } private function lookup($locale, $message) { @@ -179,17 +185,19 @@ class I18n_Core { return is_array($message); } - private function interpolate($locale, $string, $values) { + private function interpolate($locale, $string, $key_values) { // TODO: Handle locale specific number formatting. // Replace x_y before replacing x. - krsort($values, SORT_STRING); + krsort($key_values, SORT_STRING); $keys = array(); - foreach (array_keys($values) as $key) { + $values = array(); + foreach ($key_values as $key => $value) { $keys[] = "%$key"; + $values[] = new SafeString($value); } - return str_replace($keys, array_values($values), $string); + return str_replace($keys, $values, $string); } private function pluralize($locale, $entry, $count) { @@ -414,4 +422,4 @@ class I18n_Core { return $count == 1 ? 'one' : 'other'; } } -} \ No newline at end of file +} diff --git a/modules/gallery/libraries/MY_ORM.php b/modules/gallery/libraries/MY_ORM.php index de8adc1d..2c9ad1d7 100644 --- a/modules/gallery/libraries/MY_ORM.php +++ b/modules/gallery/libraries/MY_ORM.php @@ -43,6 +43,10 @@ class ORM extends ORM_Core { $this->original = clone $this; } + if ($value instanceof SafeString) { + $value = $value->unescaped(); + } + return parent::__set($column, $value); } diff --git a/modules/gallery/libraries/SafeString.php b/modules/gallery/libraries/SafeString.php new file mode 100644 index 00000000..53bcb27a --- /dev/null +++ b/modules/gallery/libraries/SafeString.php @@ -0,0 +1,142 @@ +_is_safe_html = $string->_is_safe_html; + $string = $string->unescaped(); + } + $this->_raw_string = (string) $string; + } + + /** + * Factory method returning a new SafeString instance for the given string. + */ + static function of($string) { + return new SafeString($string); + } + + /** + * Marks this string as safe to be used in HTML without any escaping. + */ + function mark_html_safe() { + $this->_is_safe_html = true; + return $this; + } + + /** + * Safe for use in HTML. + * @see #for_html() + */ + function __toString() { + if ($this->_is_safe_html) { + return $this->_raw_string; + } else { + return self::_escape_for_html($this->_raw_string); + } + } + + /** + * Safe for use in HTML. + * + * Example:

+   *    
+   *

+ * @return the string escaped for use in HTML. + */ + function for_html() { + return $this; + } + + /** + * Safe for use in JavaScript. + * + * Example:

+   *    block?
+	if (is_array($token) && $token[0] == T_INLINE_HTML) {
+	  $inline_html = $token[1];
+	  // T_INLINE_HTML blocks can be split. Need to handle the case
+	  // where one token has "expr_append($inline_html);
+	  }
+
+	  // Note: This approach won't catch }i', $inline_html, $matches, PREG_OFFSET_CAPTURE)) {
+	    $last_match = array_pop($matches[0]);
+	    if (is_array($last_match)) {
+	      $closing_script_pos = $last_match[1];
+	    } else {
+	      $closing_script_pos = $last_match;
+	    }
+	  }
+	  if (preg_match('{]*>}i', $inline_html, $matches, PREG_OFFSET_CAPTURE)) {
+	    $last_match = array_pop($matches[0]);
+	    if (is_array($last_match)) {
+	      $opening_script_pos = $last_match[1];
+	    } else {
+	      $opening_script_pos = $last_match;
+	    }
+	  }
+	  if ($opening_script_pos != $closing_script_pos) {
+	    $in_script_block = $opening_script_pos > $closing_script_pos;
+	  }
+	}
+
+	// Look and report each instance of < ? = ... ? >
+	if (!is_array($token)) {
+	  // A single char token, e.g: ; ( )
+	  if ($frame) {
+	    $frame->expr_append($token);
+	  }
+	} else if ($token[0] == T_OPEN_TAG_WITH_ECHO) {
+	  // No need for a stack here - assume < ? = cannot be nested.
+	  $frame = self::_create_frame($token, $in_script_block);
+        } else if ($frame && $token[0] == T_CLOSE_TAG) {
+	  // Store the < ? = ... ? > block that just ended here.
+	  $found[$view][] = $frame;
+	  $frame = null;
+        } else if ($frame && $token[0] == T_VARIABLE) {
+	  $frame->expr_append($token[1]);
+	} else if ($frame && $token[0] == T_STRING) {
+	  $frame->expr_append($token[1]);
+	  // t() and t2() are special in that they're guaranteed to return a SafeString().
+	  if (in_array($token[1], array("t", "t2"))) {
+	    if (self::_token_matches("(", $tokens, $token_number + 1)) {
+	      $frame->is_safestring(true);
+	      $frame->expr_append("(");
+
+	      $token_number++;
+	      $token = $tokens[$token_number];
+	    }
+	  } else if ($token[1] == "SafeString") {
+	    // Looking for SafeString::of(...
+	    if (self::_token_matches(array(T_DOUBLE_COLON, "::"), $tokens, $token_number + 1) &&
+		self::_token_matches(array(T_STRING, "of"), $tokens, $token_number + 2)	&&
+		self::_token_matches("(", $tokens, $token_number + 3)) {
+	      $frame->is_safestring(true);
+	      $frame->expr_append("::of(");
+
+	      $token_number += 3;
+	      $token = $tokens[$token_number];
+	    }
+	  } else if ($token[1] == "json_encode") {
+	    if (self::_token_matches("(", $tokens, $token_number + 1)) {
+	      $frame->json_encode_called(true);
+	      $frame->expr_append("(");
+
+	      $token_number++;
+	      $token = $tokens[$token_number];
+	    }
+	  }
+	} else if ($frame && $token[0] == T_OBJECT_OPERATOR) {
+	  $frame->expr_append($token[1]);
+
+	  if (self::_token_matches(array(T_STRING), $tokens, $token_number + 1) &&
+	      in_array($tokens[$token_number + 1][1],
+		       array("for_js", "for_html", "purified_html")) &&
+	      self::_token_matches("(", $tokens, $token_number + 2)) {
+
+	    $method = $tokens[$token_number + 1][1];
+	    $frame->expr_append("$method(");
+
+	    $token_number += 2;
+	    $token = $tokens[$token_number];
+
+	    if ("for_js" == $method) {
+	      $frame->for_js_called(true);
+	    } else if ("for_html" == $method) {
+	      $frame->for_html_called(true);
+	    } else if ("purified_html" == $method) {
+	      $frame->purified_html_called(true);
+	    }
+	  }
+        } else if ($frame) {
+	  $frame->expr_append($token[1]);
+	}
       }
     }
 
-    $canonical = MODPATH . "gallery/tests/xss_data.txt";
+    // Generate the report.
+    /*
+     * States for uses of < ? = X ? >:
+     * JS_XSS:
+     *   In 
 
-   p::purify($item->title))) ?>
+   SafeString::purify($item->title))) ?>
 
 
   
diff --git a/modules/organize/views/organize_album.html.php b/modules/organize/views/organize_album.html.php
index ae2d5d51..4933ed32 100644
--- a/modules/organize/views/organize_album.html.php
+++ b/modules/organize/views/organize_album.html.php
@@ -7,7 +7,7 @@
 
      gBranchText">
-      title) ?>
+      title) ?>
     
     ">
diff --git a/modules/rss/views/feed.mrss.php b/modules/rss/views/feed.mrss.php
index 447179a5..7298b7f4 100644
--- a/modules/rss/views/feed.mrss.php
+++ b/modules/rss/views/feed.mrss.php
@@ -6,9 +6,9 @@
    xmlns:fh="http://purl.org/syndication/history/1.0">
   
     gallery3
-    <?= p::clean($feed->title) ?>
+    <?= SafeString::of($feed->title) ?>
     uri ?>
-    description) ?>
+    description) ?>
     en-us
     
     
@@ -22,25 +22,25 @@
     
     children as $child): ?>
     
-      <?= p::clean($child->title) ?>
+      <?= SafeString::of($child->title) ?>
       type}s/{$child->id}") ?>
       type}s/{$child->id}") ?>
       created); ?>
       
         description) ?>
+          description) ?>
           
           type == "photo" || $child->type == "album"): ?>
             

           
             type}s/{$child->id}") ?>">
             

           
-            description) ?>
+            description) ?>
           
         ]]>
       
diff --git a/modules/search/views/search.html.php b/modules/search/views/search.html.php
index 6a222ef1..e5c7b4a6 100644
--- a/modules/search/views/search.html.php
+++ b/modules/search/views/search.html.php
@@ -8,10 +8,10 @@
     
       
         
-        
+        
       
       
-        " />
+        for_html_attr() ?>" />
       
     
   
@@ -31,10 +31,10 @@
       id") ?>">
         thumb_img() ?>
         
-          title) ?>
+    title) ?>
         
         
-    description)) ?>
+    description)) ?>

- %term", array("term" => p::clean($q))) ?> + %term", array("term" => $q)) ?>

- +

- title) ?> + title) ?>
- title) ?> + title) ?>

diff --git a/modules/tag/controllers/admin_tags.php b/modules/tag/controllers/admin_tags.php index dcdc16b9..f1b4ca3a 100644 --- a/modules/tag/controllers/admin_tags.php +++ b/modules/tag/controllers/admin_tags.php @@ -53,8 +53,8 @@ class Admin_Tags_Controller extends Admin_Controller { $name = $tag->name; Database::instance()->delete("items_tags", array("tag_id" => "$tag->id")); $tag->delete(); - message::success(t("Deleted tag %tag_name", array("tag_name" => p::clean($name)))); - log::success("tags", t("Deleted tag %tag_name", array("tag_name" => p::clean($name)))); + message::success(t("Deleted tag %tag_name", array("tag_name" => $name))); + log::success("tags", t("Deleted tag %tag_name", array("tag_name" => $name))); print json_encode( array("result" => "success", @@ -98,7 +98,7 @@ class Admin_Tags_Controller extends Admin_Controller { $tag->save(); $message = t("Renamed tag %old_name to %new_name", - array("old_name" => p::clean($old_name), "new_name" => p::clean($tag->name))); + array("old_name" => $old_name, "new_name" => $tag->name)); message::success($message); log::success("tags", $message); @@ -106,7 +106,7 @@ class Admin_Tags_Controller extends Admin_Controller { array("result" => "success", "location" => url::site("admin/tags"), "tag_id" => $tag->id, - "new_tagname" => p::clean($tag->name))); + "new_tagname" => SafeString::of($tag->name))); } else { print json_encode( array("result" => "error", diff --git a/modules/tag/helpers/tag_rss.php b/modules/tag/helpers/tag_rss.php index f94508cf..7194586d 100644 --- a/modules/tag/helpers/tag_rss.php +++ b/modules/tag/helpers/tag_rss.php @@ -22,7 +22,7 @@ class tag_rss_Core { static function available_feeds($item, $tag) { if ($tag) { $feeds["tag/tag/{$tag->id}"] = - t("Tag feed for %tag_name", array("tag_name" => p::clean($tag->name))); + t("Tag feed for %tag_name", array("tag_name" => $tag->name)); return $feeds; } return array(); diff --git a/modules/tag/views/admin_tags.html.php b/modules/tag/views/admin_tags.html.php index 7d201da7..5bd23112 100644 --- a/modules/tag/views/admin_tags.html.php +++ b/modules/tag/views/admin_tags.html.php @@ -47,7 +47,7 @@

- name) ?> + name) ?> (count ?>) id") ?>" class="gDialogLink delete-link gButtonLink"> diff --git a/modules/tag/views/tag_cloud.html.php b/modules/tag/views/tag_cloud.html.php index eba615fc..b4c6ae34 100644 --- a/modules/tag/views/tag_cloud.html.php +++ b/modules/tag/views/tag_cloud.html.php @@ -3,7 +3,7 @@

count ?> photos are tagged with - id") ?>">name) ?> + id") ?>">name) ?>

diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php index f87602b8..521f82fa 100644 --- a/modules/user/controllers/admin_users.php +++ b/modules/user/controllers/admin_users.php @@ -51,7 +51,7 @@ class Admin_Users_Controller extends Controller { $user->save(); module::event("user_add_form_admin_completed", $user, $form); - message::success(t("Created user %user_name", array("user_name" => p::clean($user->name)))); + message::success(t("Created user %user_name", array("user_name" => $user->name))); print json_encode(array("result" => "success")); } else { print json_encode(array("result" => "error", @@ -84,7 +84,7 @@ class Admin_Users_Controller extends Controller { "form" => $form->__toString())); } - $message = t("Deleted user %user_name", array("user_name" => p::clean($name))); + $message = t("Deleted user %user_name", array("user_name" => $name)); log::success("user", $message); message::success($message); print json_encode(array("result" => "success")); @@ -142,7 +142,7 @@ class Admin_Users_Controller extends Controller { $user->save(); module::event("user_edit_form_admin_completed", $user, $form); - message::success(t("Changed user %user_name", array("user_name" => p::clean($user->name)))); + message::success(t("Changed user %user_name", array("user_name" => $user->name))); print json_encode(array("result" => "success")); } else { print json_encode(array("result" => "error", @@ -204,7 +204,7 @@ class Admin_Users_Controller extends Controller { $group = group::create($new_name); $group->save(); message::success( - t("Created group %group_name", array("group_name" => p::clean($group->name)))); + t("Created group %group_name", array("group_name" => $group->name))); print json_encode(array("result" => "success")); } else { print json_encode(array("result" => "error", @@ -233,7 +233,7 @@ class Admin_Users_Controller extends Controller { "form" => $form->__toString())); } - $message = t("Deleted group %group_name", array("group_name" => p::clean($name))); + $message = t("Deleted group %group_name", array("group_name" => $name)); log::success("group", $message); message::success($message); print json_encode(array("result" => "success")); @@ -271,11 +271,11 @@ class Admin_Users_Controller extends Controller { $group->name = $form->edit_group->inputs["name"]->value; $group->save(); message::success( - t("Changed group %group_name", array("group_name" => p::clean($group->name)))); + t("Changed group %group_name", array("group_name" => $group->name))); print json_encode(array("result" => "success")); } else { message::error( - t("Failed to change group %group_name", array("group_name" => p::clean($group->name)))); + t("Failed to change group %group_name", array("group_name" => $group->name))); print json_encode(array("result" => "error", "form" => $form->__toString())); } diff --git a/modules/user/controllers/login.php b/modules/user/controllers/login.php index 4d901051..b81b17b2 100644 --- a/modules/user/controllers/login.php +++ b/modules/user/controllers/login.php @@ -63,7 +63,7 @@ class Login_Controller extends Controller { log::warning( "user", t("Failed login for %name", - array("name" => p::clean($form->login->inputs["name"]->value)))); + array("name" => $form->login->inputs["name"]->value))); $form->login->inputs["name"]->add_error("invalid_login", 1); $valid = false; } @@ -71,7 +71,7 @@ class Login_Controller extends Controller { if ($valid) { user::login($user); - log::info("user", t("User %name logged in", array("name" => p::clean($user->name)))); + log::info("user", t("User %name logged in", array("name" => $user->name))); } // Either way, regenerate the session id to avoid session trapping diff --git a/modules/user/controllers/logout.php b/modules/user/controllers/logout.php index 099b1952..4b141a1c 100644 --- a/modules/user/controllers/logout.php +++ b/modules/user/controllers/logout.php @@ -23,8 +23,8 @@ class Logout_Controller extends Controller { $user = user::active(); user::logout(); - log::info("user", t("User %name logged out", array("name" => p::clean($user->name))), - html::anchor("user/$user->id", p::clean($user->name))); + log::info("user", t("User %name logged out", array("name" => $user->name)), + html::anchor("user/$user->id", SafeString::of($user->name))); if ($continue_url = $this->input->get("continue")) { $item = url::get_item_from_uri($continue_url); if (access::can("view", $item)) { diff --git a/modules/user/controllers/password.php b/modules/user/controllers/password.php index 2af1b879..066efbba 100644 --- a/modules/user/controllers/password.php +++ b/modules/user/controllers/password.php @@ -74,7 +74,7 @@ class Password_Controller extends Controller { log::success( "user", - t("Password reset email sent for user %name", array("name" => p::clean($user->name)))); + t("Password reset email sent for user %name", array("name" => $user->name))); } else { // Don't include the username here until you're sure that it's XSS safe log::warning( diff --git a/modules/user/views/admin_users.html.php b/modules/user/views/admin_users.html.php index 542b8b8b..54c4847d 100644 --- a/modules/user/views/admin_users.html.php +++ b/modules/user/views/admin_users.html.php @@ -68,16 +68,16 @@

" title="" - alt="name) ?>" + alt="name) ?>" width="20" height="20" /> - name) ?> + name) ?> - full_name) ?> + full_name) ?> - email) ?> + email) ?> last_login == 0) ? "" : gallery::date($user->last_login) ?> diff --git a/modules/user/views/admin_users_group.html.php b/modules/user/views/admin_users_group.html.php index bfd79dba..f89a4392 100644 --- a/modules/user/views/admin_users_group.html.php +++ b/modules/user/views/admin_users_group.html.php @@ -1,9 +1,9 @@

- name) ?> + name) ?> special): ?> id") ?>" - title=" p::clean($group->name))) ?>" + title=" $group->name)) ?>" class="gDialogLink gButtonLink ui-state-default ui-corner-all"> @@ -17,12 +17,12 @@
users as $i => $user): ?>
- name) ?> + name) ?> special): ?> p::clean($user->name), "group" => p::clean($group->name))) ?>"> + array("user" => $user->name, "group" => $group->name)) ?>"> diff --git a/modules/user/views/login.html.php b/modules/user/views/login.html.php index 97341762..e92513e7 100644 --- a/modules/user/views/login.html.php +++ b/modules/user/views/login.html.php @@ -8,11 +8,11 @@

- SafeString::of( + SafeString::of_safe_html( 'id}") . - '" title="' . t("Edit Your Profile") . + '" title="' . t("Edit Your Profile")->for_html_attr() . '" id="gUserProfileLink" class="gDialogLink">' . - p::clean($user->display_name()) . '')->mark_html_safe())) ?> + SafeString::of($user->display_name()) . ''))) ?>

" diff --git a/modules/user/views/reset_password.html.php b/modules/user/views/reset_password.html.php index 4c4672ee..3dc7aebf 100644 --- a/modules/user/views/reset_password.html.php +++ b/modules/user/views/reset_password.html.php @@ -6,7 +6,7 @@

- p::clean($user->full_name ? $user->full_name : $user->name))) ?> + $user->full_name ? $user->full_name : $user->name)) ?>

%site_url. If you made this request, you can confirm it by clicking this link. If you didn't request this password reset, it's ok to ignore this mail.", array("site_url" => url::base(false, "http"), "confirm_url" => $confirm_url)) ?> diff --git a/system/helpers/request.php b/system/helpers/request.php index 4203d0e5..15b8edfa 100644 --- a/system/helpers/request.php +++ b/system/helpers/request.php @@ -30,7 +30,7 @@ class request_Core { // Set referrer $ref = $_SERVER['HTTP_REFERER']; - if (strpos($ref, url::base(FALSE)) === 0) + if (strpos($ref, (string) url::base(FALSE)) === 0) { // Remove the base URL from the referrer $ref = substr($ref, strlen(url::base(FALSE))); diff --git a/themes/default/views/album.html.php b/themes/default/views/album.html.php index c2f95731..ffb4b913 100644 --- a/themes/default/views/album.html.php +++ b/themes/default/views/album.html.php @@ -2,8 +2,8 @@
album_top() ?> -
title)->purified_html() ?>
-
description)->purified_html()) ?>
+
title) ?>
+
description)) ?>

diff --git a/themes/default/views/dynamic.html.php b/themes/default/views/dynamic.html.php index 2d122e69..2d8e04a2 100644 --- a/themes/default/views/dynamic.html.php +++ b/themes/default/views/dynamic.html.php @@ -3,7 +3,7 @@
dynamic_top() ?>
-
+

- +

diff --git a/modules/organize/views/organize_tree.html.php b/modules/organize/views/organize_tree.html.php index 387d5977..5b676889 100644 --- a/modules/organize/views/organize_tree.html.php +++ b/modules/organize/views/organize_tree.html.php @@ -5,7 +5,7 @@ - title) ?> + title) ?>

" ref="id ?>"> - title) ?> + title) ?>

- title) ?> + title) ?>

gallery3 - <?= SafeString::of($feed->title) ?> + <?= html::clean($feed->title) ?> uri ?> - description) ?> + description) ?> en-us @@ -22,25 +22,25 @@ children as $child): ?> - <?= SafeString::of($child->title) ?> + <?= html::clean($child->title) ?> type}s/{$child->id}") ?> type}s/{$child->id}") ?> created); ?> description) ?> + description) ?>

type == "photo" || $child->type == "album"): ?>
type}s/{$child->id}") ?>">
- description) ?> + description) ?>

]]> diff --git a/modules/rss/views/rss_block.html.php b/modules/rss/views/rss_block.html.php index cd8db89d..737731b6 100644 --- a/modules/rss/views/rss_block.html.php +++ b/modules/rss/views/rss_block.html.php @@ -5,7 +5,7 @@ - + diff --git a/modules/search/views/search.html.php b/modules/search/views/search.html.php index e5c7b4a6..7963948d 100644 --- a/modules/search/views/search.html.php +++ b/modules/search/views/search.html.php @@ -8,7 +8,7 @@

- +
for_html_attr() ?>" /> @@ -31,10 +31,10 @@ id") ?>"> thumb_img() ?>
- title) ?> + title) ?>

- description)) ?> + description)) ?>

diff --git a/modules/server_add/views/server_add_tree.html.php b/modules/server_add/views/server_add_tree.html.php index 2f65a590..dbae42c5 100644 --- a/modules/server_add/views/server_add_tree.html.php +++ b/modules/server_add/views/server_add_tree.html.php @@ -10,7 +10,7 @@

- +

- title) ?> + title) ?>
- title) ?> + title) ?>

diff --git a/modules/tag/controllers/admin_tags.php b/modules/tag/controllers/admin_tags.php index f1b4ca3a..8b8dde21 100644 --- a/modules/tag/controllers/admin_tags.php +++ b/modules/tag/controllers/admin_tags.php @@ -106,7 +106,7 @@ class Admin_Tags_Controller extends Admin_Controller { array("result" => "success", "location" => url::site("admin/tags"), "tag_id" => $tag->id, - "new_tagname" => SafeString::of($tag->name))); + "new_tagname" => html::clean($tag->name))); } else { print json_encode( array("result" => "error", diff --git a/modules/tag/views/admin_tags.html.php b/modules/tag/views/admin_tags.html.php index 30dd0728..3d805c5e 100644 --- a/modules/tag/views/admin_tags.html.php +++ b/modules/tag/views/admin_tags.html.php @@ -32,7 +32,7 @@ name, 0, 1)) ?> - +

$tags_per_column): /* new column */ ?> @@ -42,12 +42,12 @@ - +

diff --git a/modules/user/controllers/logout.php b/modules/user/controllers/logout.php index 4b141a1c..fc3ced56 100644 --- a/modules/user/controllers/logout.php +++ b/modules/user/controllers/logout.php @@ -24,7 +24,7 @@ class Logout_Controller extends Controller { $user = user::active(); user::logout(); log::info("user", t("User %name logged out", array("name" => $user->name)), - html::anchor("user/$user->id", SafeString::of($user->name))); + html::anchor("user/$user->id", html::clean($user->name))); if ($continue_url = $this->input->get("continue")) { $item = url::get_item_from_uri($continue_url); if (access::can("view", $item)) { diff --git a/modules/user/views/admin_users.html.php b/modules/user/views/admin_users.html.php index 36c4f4fd..9455f9d9 100644 --- a/modules/user/views/admin_users.html.php +++ b/modules/user/views/admin_users.html.php @@ -68,16 +68,16 @@

" title="" - alt="name) ?>" + alt="name) ?>" width="20" height="20" /> - name) ?> + name) ?> - full_name) ?> + full_name) ?> - email) ?> + email) ?> last_login == 0) ? "" : gallery::date($user->last_login) ?> diff --git a/modules/user/views/admin_users_group.html.php b/modules/user/views/admin_users_group.html.php index f89a4392..8418ebc9 100644 --- a/modules/user/views/admin_users_group.html.php +++ b/modules/user/views/admin_users_group.html.php @@ -1,6 +1,6 @@

- name) ?> + name) ?> special): ?> id") ?>" title=" $group->name)) ?>" @@ -17,7 +17,7 @@
users as $i => $user): ?>
- name) ?> + name) ?> special): ?> id}") . '" title="' . t("Edit Your Profile")->for_html_attr() . '" id="gUserProfileLink" class="gDialogLink">' . - SafeString::of($user->display_name()) . ''))) ?> + html::clean($user->display_name()) . ''))) ?>

" diff --git a/themes/default/views/album.html.php b/themes/default/views/album.html.php index 8c690f5f..caabeee3 100644 --- a/themes/default/views/album.html.php +++ b/themes/default/views/album.html.php @@ -2,8 +2,8 @@
album_top() ?> -
title) ?>
-
description)) ?>
+
title) ?>
+
description)) ?>

@@ -20,7 +20,7 @@ thumb_bottom($child) ?> context_menu($child, "#gItemId-{$child->id} .gThumbnail") ?> -
title) ?>
+
title) ?>

thumb_info($child) ?>
diff --git a/themes/default/views/dynamic.html.php b/themes/default/views/dynamic.html.php index 2d8e04a2..9ed9d69b 100644 --- a/themes/default/views/dynamic.html.php +++ b/themes/default/views/dynamic.html.php @@ -3,7 +3,7 @@
dynamic_top() ?>
-
+

title) ?>

id}?show=$item->id") ?>"> - title) ?> + title) ?>
title) ?>
title) ?>

title) ?>

description)) ?>

title) ?>

description)) ?>

Date: Fri, 4 Sep 2009 20:29:12 -0700 Subject: placeholder for a missing view --- modules/user/views/user_languages_block.html.php | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 modules/user/views/user_languages_block.html.php (limited to 'modules/user/views') diff --git a/modules/user/views/user_languages_block.html.php b/modules/user/views/user_languages_block.html.php new file mode 100644 index 00000000..c422f55c --- /dev/null +++ b/modules/user/views/user_languages_block.html.php @@ -0,0 +1,2 @@ + + -- cgit v1.2.3 From 047196b23c5fb12b3c517892d8016679a0ea8799 Mon Sep 17 00:00:00 2001 From: Andy Staudacher Date: Sat, 5 Sep 2009 17:39:49 -0700 Subject: Add missing view for language selection --- modules/user/views/user_languages_block.html.php | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) (limited to 'modules/user/views') diff --git a/modules/user/views/user_languages_block.html.php b/modules/user/views/user_languages_block.html.php index c422f55c..df145bc0 100644 --- a/modules/user/views/user_languages_block.html.php +++ b/modules/user/views/user_languages_block.html.php @@ -1,2 +1,19 @@ - + + + -- cgit v1.2.3 From d8f5b0f5a30adb97d48fa49999c6ec7407666c44 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Sat, 5 Sep 2009 21:14:25 -0700 Subject: Change click() to change() so that we immediately update the UI when the user picks a new option. --- modules/user/views/user_languages_block.html.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/user/views') diff --git a/modules/user/views/user_languages_block.html.php b/modules/user/views/user_languages_block.html.php index df145bc0..b5ae674c 100644 --- a/modules/user/views/user_languages_block.html.php +++ b/modules/user/views/user_languages_block.html.php @@ -1,7 +1,7 @@

p::purify($item->title))) ?>

SafeString::purify($item->title))) ?>

title)->purified_html() ?>

title) ?>

title) ?>

title) ?>

title) ?>

title) ?>

title) ?>

title) ?>

title) ?>

title) ?>

SafeString::purify($album->title))) ?>

html::purify($album->title))) ?>

SafeString::purify($item->title))) ?>

html::purify($item->title))) ?>

title) ?>

title) ?>

title) ?>

title) ?>

p::purify($item->title))) ?>

SafeString::purify($item->title))) ?>

title)->purified_html() ?>

title) ?>

title) ?>

title) ?>

title) ?>

title) ?>

SafeString::purify($album->title))) ?>

html::purify($album->title))) ?>

SafeString::purify($item->title))) ?>

html::purify($item->title))) ?>

- name) ?> + name) ?> special): ?> id") ?>" title=" $group->name)) ?>" @@ -17,7 +17,7 @@ users as $i => $user): ?>

title) ?>

title) ?>

title) ?>

title) ?>

title) ?>

title) ?>

title) ?>

title) ?>