From cedbc82dccaf74a983f1f92846735b69391fdf10 Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Thu, 28 Jan 2010 07:44:58 -0800
Subject: Do all the html::clean|purify calls in the views and not the
 controller. Also clean the subject line and email message body of the contact
 user email.

---
 modules/gallery/controllers/user_profile.php     | 4 ++--
 modules/gallery/helpers/gallery_event.php        | 2 +-
 modules/gallery/views/user_profile.html.php      | 2 +-
 modules/gallery/views/user_profile_info.html.php | 2 +-
 modules/rest/views/user_profile_rest.html.php    | 2 +-
 5 files changed, 6 insertions(+), 6 deletions(-)

(limited to 'modules')

diff --git a/modules/gallery/controllers/user_profile.php b/modules/gallery/controllers/user_profile.php
index a0e6619e..327d2ff1 100644
--- a/modules/gallery/controllers/user_profile.php
+++ b/modules/gallery/controllers/user_profile.php
@@ -53,11 +53,11 @@ class User_Profile_Controller extends Controller {
     if ($form->validate()) {
       Sendmail::factory()
         ->to($user->email)
-        ->subject($form->message->subject->value)
+        ->subject(html::clean($form->message->subject->value))
         ->header("Mime-Version", "1.0")
         ->header("Content-type", "text/html; charset=iso-8859-1")
         ->reply_to($form->message->reply_to->value)
-        ->message($form->message->message->value)
+        ->message(html::purify($form->message->message->value))
         ->send();
       message::success(t("Sent message to %user_name", array("user_name" => $user->display_name())));
       print json_encode(array("result" => "success"));
diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php
index 70c6de4a..9b252f61 100644
--- a/modules/gallery/helpers/gallery_event.php
+++ b/modules/gallery/helpers/gallery_event.php
@@ -411,7 +411,7 @@ class gallery_event_Core {
         if ($field == "locale") {
           $value = locales::display_name($value);
         }
-        $v->fields[(string) $label] = html::clean($value);
+        $v->fields[(string) $label] = $value;
       }
     }
     $data->content[] = (object) array("title" => t("User information"), "view" => $v);
diff --git a/modules/gallery/views/user_profile.html.php b/modules/gallery/views/user_profile.html.php
index 708b1613..7dc9d13e 100644
--- a/modules/gallery/views/user_profile.html.php
+++ b/modules/gallery/views/user_profile.html.php
@@ -41,7 +41,7 @@
   <? foreach ($info_parts as $info): ?>
   <div>
     <fieldset>
-    <label><?= $info->title ?></label>
+    <label><?= html::purify($info->title) ?></label>
     <div>
     <?= $info->view ?>
     </div>
diff --git a/modules/gallery/views/user_profile_info.html.php b/modules/gallery/views/user_profile_info.html.php
index 2a2549c8..2f2d68d3 100644
--- a/modules/gallery/views/user_profile_info.html.php
+++ b/modules/gallery/views/user_profile_info.html.php
@@ -3,7 +3,7 @@
   <? foreach ($fields as $field => $value): ?>
   <tr>
     <td><?= $field ?></td>
-    <td><?= $value ?></td>
+    <td><?= html::purify($value) ?></td>
   </tr>
   <? endforeach ?>
 </table>
diff --git a/modules/rest/views/user_profile_rest.html.php b/modules/rest/views/user_profile_rest.html.php
index 3807817e..397afa89 100644
--- a/modules/rest/views/user_profile_rest.html.php
+++ b/modules/rest/views/user_profile_rest.html.php
@@ -2,7 +2,7 @@
 <div id="g-rest-detail">
 <ul>
   <li id="g-rest-key">
-  <p><b><?= t("Key") ?></b>:<?= $rest_key ?></p>
+  <p><b><?= t("Key") ?></b>:<?= html::clean($rest_key) ?></p>
   </li>
 </ul>
 </div>
-- 
cgit v1.2.3