public function save($module_name, $var_name) { access::verify_csrf(); module::set_var($module_name, $var_name, Input::instance()->post("value")); message::success(t("Saved value for %var (%module_name)", array("var" => p::clean($var_name), "module_name" => $module_name))); print json_encode(array("result" => "success")); }
private function _send_reset() { $form = $this->_reset_form(); $valid = $form->validate(); if ($valid) { $user = ORM::factory("user")->where("name", $form->reset->inputs["name"]->value)->find(); if (!$user->loaded || empty($user->email)) { $form->reset->inputs["name"]->add_error("no_email", 1); $valid = false; } } if ($valid) { $user->hash = md5(rand()); $user->save(); $message = new View("reset_password.html"); $message->confirm_url = url::abs_site("password/do_reset?key={$user->hash}"); $message->user = $user; Sendmail::factory()->to($user->email)->subject(t("Password Reset Request"))->header("Mime-Version", "1.0")->header("Content-type", "text/html; charset=iso-8859-1")->message($message->render())->send(); log::success("user", t("Password reset email sent for user %name", array("name" => p::clean($user->name)))); } else { // Don't include the username here until you're sure that it's XSS safe log::warning("user", "Password reset email requested for bogus user"); } message::success(t("Password reset email sent")); print json_encode(array("result" => "success")); }
function header($item_id) { $item = ORM::factory("item", $item_id); access::required("view", $item); access::required("edit", $item); print json_encode(array("title" => p::clean($item->title), "description" => empty($item->description) ? "" : p::clean($item->description))); }
/** * @see REST_Controller::_update($resource) */ public function _update($photo) { access::verify_csrf(); access::required("view", $photo); access::required("edit", $photo); $form = photo::get_edit_form($photo); if ($valid = $form->validate()) { if ($form->edit_photo->filename->value != $photo->name) { // Make sure that there's not a conflict if (Database::instance()->from("items")->where("parent_id", $photo->parent_id)->where("id <>", $photo->id)->where("name", $form->edit_photo->filename->value)->count_records()) { $form->edit_photo->filename->add_error("conflict", 1); $valid = false; } } } if ($valid) { $photo->title = $form->edit_photo->title->value; $photo->description = $form->edit_photo->description->value; $photo->rename($form->edit_photo->filename->value); $photo->save(); module::event("photo_edit_form_completed", $photo, $form); log::success("content", "Updated photo", "<a href=\"photos/{$photo->id}\">view</a>"); message::success(t("Saved photo %photo_title", array("photo_title" => p::clean($photo->title)))); print json_encode(array("result" => "success", "location" => url::site("photos/{$photo->id}"))); } else { print json_encode(array("result" => "error", "form" => $form->__toString())); } }
static function feed($feed_id, $offset, $limit, $id) { if ($feed_id != "newest" && $feed_id != "item") { return; } $comments = ORM::factory("comment")->where("state", "published")->orderby("created", "DESC"); $all_comments = ORM::factory("comment")->where("state", "published")->orderby("created", "DESC"); if ($feed_id == "item") { $comments->where("item_id", $id); $all_comments->where("item_id", $id); } if (!empty($comments)) { $feed->view = "comment.mrss"; $comments = $comments->find_all($limit, $offset); $feed->children = array(); foreach ($comments as $comment) { $item = $comment->item(); $feed->children[] = new ArrayObject(array("pub_date" => date("D, d M Y H:i:s T", $comment->created), "text" => nl2br(p::purify($comment->text)), "thumb_url" => $item->thumb_url(), "thumb_height" => $item->thumb_height, "thumb_width" => $item->thumb_width, "item_uri" => url::abs_site("{$item->type}s/{$item->id}"), "title" => p::purify($item->title), "author" => p::clean($comment->author_name())), ArrayObject::ARRAY_AS_PROPS); } $feed->max_pages = ceil($all_comments->find_all()->count() / $limit); $feed->title = htmlspecialchars(t("Recent Comments")); $feed->uri = url::abs_site("albums/" . (empty($id) ? "1" : $id)); $feed->description = t("Recent Comments"); return $feed; } }
static function available_feeds($item, $tag) { $feeds["comment/newest"] = t("All new comments"); if ($item) { $feeds["comment/item/{$item->id}"] = t("Comments on %title", array("title" => p::clean($item->title))); } return $feeds; }
static function available_feeds($item, $tag) { if ($tag) { $feeds["tag/tag/{$tag->id}"] = t("Tag feed for %tag_name", array("tag_name" => p::clean($tag->name))); return $feeds; } return array(); }
public function remove_path() { access::verify_csrf(); $path = $this->input->get("path"); $paths = unserialize(module::get_var("server_add", "authorized_paths")); if (isset($paths[$path])) { unset($paths[$path]); message::success(t("Removed path %path", array("path" => p::clean($path)))); module::set_var("server_add", "authorized_paths", serialize($paths)); server_add::check_config($paths); } url::redirect("admin/server_add"); }
public function index() { access::verify_csrf(); $user = user::active(); user::logout(); log::info("user", t("User %name logged out", array("name" => p::clean($user->name))), html::anchor("user/{$user->id}", p::clean($user->name))); if ($this->input->get("continue")) { $item = url::get_item_from_uri($this->input->get("continue")); if (access::can("view", $item)) { url::redirect($this->input->get("continue")); } else { url::redirect(""); } } }
public function index() { //access::verify_csrf(); $user = user::active(); user::logout(); log::info("user", t("User %name logged out", array("name" => p::clean($user->name))), html::anchor("user/{$user->id}", p::clean($user->name))); if ($continue_url = $this->input->get("continue")) { $item = url::get_item_from_uri($continue_url); if (access::can("view", $item)) { // Don't use url::redirect() because it'll call url::site() and munge the continue url. header("Location: {$continue_url}"); } else { url::redirect("albums/1"); } } }
private function _auth($url) { $form = user::get_login_form($url); $valid = $form->validate(); if ($valid) { $user = ORM::factory("user")->where("name", $form->login->inputs["name"]->value)->find(); if (!$user->loaded || !user::is_correct_password($user, $form->login->password->value)) { log::warning("user", t("Failed login for %name", array("name" => p::clean($form->login->inputs["name"]->value)))); $form->login->inputs["name"]->add_error("invalid_login", 1); $valid = false; } } if ($valid) { user::login($user); log::info("user", t("User %name logged in", array("name" => p::clean($user->name)))); } // Either way, regenerate the session id to avoid session trapping Session::instance()->regenerate(); return array($valid, $form); }
/** * @see REST_Controller::_update($resource) */ public function _update($album) { access::verify_csrf(); access::required("view", $album); access::required("edit", $album); $form = album::get_edit_form($album); if ($valid = $form->validate()) { // Make sure that there's not a conflict if ($album->id != 1 && Database::instance()->from("items")->where("parent_id", $album->parent_id)->where("id <>", $album->id)->where("name", $form->edit_item->dirname->value)->count_records()) { $form->edit_item->dirname->add_error("conflict", 1); $valid = false; } } if ($valid) { $album->title = $form->edit_item->title->value; $album->description = $form->edit_item->description->value; $album->sort_column = $form->edit_item->sort_order->column->value; $album->sort_order = $form->edit_item->sort_order->direction->value; if ($album->id != 1) { $album->rename($form->edit_item->dirname->value); } $album->save(); module::event("item_edit_form_completed", $album, $form); log::success("content", "Updated album", "<a href=\"albums/{$album->id}\">view</a>"); message::success(t("Saved album %album_title", array("album_title" => p::clean($album->title)))); print json_encode(array("result" => "success", "location" => url::site("albums/{$album->id}"))); } else { print json_encode(array("result" => "error", "form" => $form->__toString())); } }
?> " title="<?php echo p::clean($child->title); ?> " height="<?php echo $child->thumb_height; ?> " width="<?php echo $child->thumb_width; ?> " /></a><br /> <? endif ?> <?php echo p::clean($child->description); ?> </p> ]]> </content:encoded> <media:thumbnail url="<?php echo $child->thumb_url(true); ?> " fileSize="<?php echo @filesize($child->thumb_path()); ?> " height="<?php echo $child->thumb_height; ?>
<?php defined("SYSPATH") or die("No direct script access."); ?> <html> <head> <title><?php echo p::clean($subject); ?> </title> </head> <body> <h2><?php echo p::clean($subject); ?> </h2> <table> <tr> <td colspan="2"> <?php echo t("To view the changed album %title use the link below.", array("title" => p::purify($item->parent()->title))); ?> </td> </tr> <tr> <td><?php echo t("Url:"); ?> </td> <td> <a href="<?php
<head> <meta http-equiv="content-type" content="text/html; charset=UTF-8" /> <title> <? if ($page_title): ?> <?= $page_title ?> <? else: ?> <? if ($theme->item()): ?> <? if ($theme->item()->is_album()): ?> <?= t("Browse Album :: %album_title", array("album_title" => p::clean($theme->item()->title))) ?> <? elseif ($theme->item()->is_photo()): ?> <?= t("Photo :: %photo_title", array("photo_title" => p::clean($theme->item()->title))) ?> <? else: ?> <?= t("Movie :: %movie_title", array("movie_title" => p::clean($theme->item()->title))) ?> <? endif ?> <? elseif ($theme->tag()): ?> <?= t("Browse Tag :: %tag_title", array("tag_title" => p::clean($theme->tag()->name))) ?> <? else: /* Not an item, not a tag, no page_title specified. Help! */ ?> <?= t("Gallery") ?> <? endif ?> <? endif ?> </title> <link rel="shortcut icon" href="<?= $theme->url("images/favicon.ico") ?>" type="image/x-icon" /> <link rel="stylesheet" type="text/css" href="<?= url::file("lib/yui/reset-fonts-grids.css") ?>" media="screen,print,projection" /> <link rel="stylesheet" type="text/css" href="<?= url::file("lib/superfish/css/superfish.css") ?>" media="screen" /> <link rel="stylesheet" type="text/css" href="<?= url::file("lib/themeroller/ui.base.css") ?>" media="screen,print,projection" /> <link rel="stylesheet" type="text/css" href="<?= $theme->url("css/screen.css") ?>" media="screen,print,projection" /> <!--[if lt IE 8]>
echo t("Stalled"); ?> <? else: ?> <?php echo t("%percent_complete% Complete", array("percent_complete" => $task->percent_complete)); ?> <? endif ?> </td> <td> <?php echo $task->status; ?> </td> <td> <?php echo p::clean($task->owner()->name); ?> </td> <td> <? if ($task->state == "stalled"): ?> <a class="gDialogLink gButtonLink ui-icon-left ui-state-default ui-corner-all" href="<?php echo url::site("admin/maintenance/resume/{$task->id}?csrf={$csrf}"); ?> "> <?php echo t("resume"); ?> </a> <? endif ?> <a href="<?php
?> <h1 style="display: none"> <?php echo t("Welcome to Gallery 3!"); ?> </h1> <p> <?php echo t("Congratulations on choosing Gallery to host your photos. We're confident that you're going to have a great experience."); ?> </p> <p> <?php echo t("You're logged in to the <b>%user_name</b> account. The very first thing you should do is to change your password to something that you'll remember.", array("user_name" => p::clean($user->name))); ?> </p> <p> <a href="<?php echo url::site("form/edit/users/{$user->id}"); ?> " title="<?php echo t("Edit Your Profile"); ?> " id="gAfterInstallChangePasswordLink" class="gButtonLink ui-state-default ui-corners-all"><?php echo t("Change Password Now"); ?>
<lastBuildDate><?php echo $pub_date; ?> </lastBuildDate> <? foreach ($feed->children as $child): ?> <item> <title><?php echo p::purify($child->title); ?> </title> <link><?php echo p::clean($child->item_uri); ?> </link> <author><?php echo p::clean($child->author); ?> </author> <guid isPermaLink="true"><?php echo $child->item_uri; ?> </guid> <pubDate><?php echo $child->pub_date; ?> </pubDate> <content:encoded> <![CDATA[ <p><?php echo nl2br(p::purify($child->text)); ?>
?> /> <? else: ?> <?php echo t("No thumbnail"); ?> <? endif ?> </a> </div> </div> <p><?php echo gallery::date($comment->created); ?> </p> <?php echo p::clean($comment->text); ?> </td> <td> <ul class="gButtonSetVertical"> <? if ($comment->state != "unpublished"): ?> <li> <a href="javascript:set_state('unpublished',<?php echo $comment->id; ?> )" class="gButtonLink ui-state-default ui-icon-left"> <span class="ui-icon ui-icon-check"></span> <?php echo t("Unapprove"); ?>
<? endif ?> </ul> <strong><?php echo $current_letter; ?> </strong> <ul> <? endif ?> <li> <span id="gTag-<?php echo $tag->id; ?> " class="gEditable tag-name"><?php echo p::clean($tag->name); ?> </span> <span class="understate">(<?php echo $tag->count; ?> )</span> <a href="<?php echo url::site("admin/tags/form_delete/{$tag->id}"); ?> " class="gDialogLink delete-link gButtonLink"> <span class="ui-icon ui-icon-trash"><?php echo t("Delete this tag"); ?> </span></a>
<?php defined("SYSPATH") or die("No direct script access.") ?> <?= $theme->header_top() ?> <? if ($header_text = module::get_var("gallery", "header_text")): ?> <?= $header_text ?> <? else: ?> <a href="<?= url::site("albums/1") ?>"> <img width="107" height="48" id="gLogo" alt="<?= t("Gallery: Your photos on your web site") ?>" src="<?= $theme->url("images/logo.png") ?>" /> </a> <? endif ?> <div id="gSiteMenu" style="display: none"> <?= $theme->site_menu() ?> </div> <?= $theme->header_bottom() ?> <? if (!empty($parents)): ?> <ul class="gBreadcrumbs"> <? foreach ($parents as $parent): ?> <li> <a href="<?= url::site("albums/{$parent->id}?show=$item->id") ?>"> <?= p::clean($parent->title) ?> </a> </li> <? endforeach ?> <li class="active"><?= p::clean($item->title) ?></li> </ul> <? endif ?>
?> " width="20" height="20" /> <?php echo p::clean($user->name); ?> </td> <td> <?php echo p::clean($user->full_name); ?> </td> <td> <?php echo p::clean($user->email); ?> </td> <td> <?php echo $user->last_login == 0 ? "" : gallery::date($user->last_login); ?> </td> <td class="gActions"> <a href="<?php echo url::site("admin/users/edit_user_form/{$user->id}"); ?> " open_text="<?php echo t("close"); ?>
<?php defined("SYSPATH") or die("No direct script access."); ?> <fieldset> <legend> <?php echo t('Edit Permissions'); ?> </legend> <table> <tr> <th> </th> <? foreach ($groups as $group): ?> <th> <?php echo p::clean($group->name); ?> </th> <? endforeach ?> </tr> <? foreach ($permissions as $permission): ?> <tr> <td> <?php echo t($permission->display_name); ?> </td> <? foreach ($groups as $group): ?> <? $intent = access::group_intent($group, $permission->name, $item) ?> <? $allowed = access::group_can($group, $permission->name, $item) ?> <? $lock = access::locked_by($group, $permission->name, $item) ?>
<author><?php echo p::clean($child->author); ?> </author> <guid isPermaLink="true"><?php echo $child->item_uri; ?> </guid> <pubDate><?php echo $child->pub_date; ?> </pubDate> <content:encoded> <![CDATA[ <p><?php echo p::clean($child->text); ?> </p> <p> <img alt="" src="<?php echo $child->thumb_url; ?> " height="<?php echo $child->thumb_height; ?> " width="<?php echo $child->thumb_width; ?> " /> <br />
<?php defined("SYSPATH") or die("No direct script access."); ?> <div id="gAlbumHeader"> <div id="gAlbumHeaderButtons"> <?php echo $theme->dynamic_top(); ?> </div> <h1><?php echo p::clean($title); ?> </h1> </div> <ul id="gAlbumGrid"> <? foreach ($children as $i => $child): ?> <li class="gItem <?php echo $child->is_album() ? "gAlbum" : ""; ?> "> <?php echo $theme->thumb_top($child); ?> <a href="<?php echo $child->url(); ?> "> <img id="gPhotoId-<?php echo $child->id;
<?php defined("SYSPATH") or die("No direct script access."); ?> <ul> <? foreach ($comments as $i => $comment): ?> <li class="<?php echo $i % 2 == 0 ? "gEvenRow" : "gOddRow"; ?> "> <img src="<?php echo $comment->author()->avatar_url(32, $theme->url("images/avatar.jpg", true)); ?> " class="gAvatar" alt="<?php echo p::clean($comment->author_name()); ?> " width="32" height="32" /> <?php echo gallery::date_time($comment->created); ?> <?php echo t('<a href="#">%author_name</a> said <em>%comment_text</em>', array("author_name" => p::clean($comment->author_name()), "comment_text" => text::limit_words(nl2br(p::purify($comment->text)), 50))); ?> </li> <? endforeach ?> </ul>
<? endif ?> <p> <?php echo t("Photos will be uploaded to album: "); ?> </p> <ul class="gBreadcrumbs"> <? foreach ($item->parents() as $parent): ?> <li> <?php echo p::clean($parent->title); ?> </li> <? endforeach ?> <li class="active"> <?php echo p::clean($item->title); ?> </li> </ul> <p><?php echo t("Upload Queue"); ?> </p> <div id="gAddPhotosCanvas" style="text-align: center;"> <div id="gAddPhotosQueue"></div> <div id="gEditPhotosQueue"></div> <span id="gChooseFilesButtonPlaceholder"></span> </div> <button id="gUploadCancel" class="ui-state-default ui-corner-all" type="button" onclick="swfu.cancelQueue();"
<a href="<?php echo $child->url(); ?> "> <?php echo $child->thumb_img(array("class" => "gThumbnail")); ?> </a> <?php echo $theme->thumb_bottom($child); ?> <h2><span></span><a href="<?php echo $child->url(); ?> "><?php echo p::clean($child->title); ?> </a></h2> <ul class="gMetadata"> <?php echo $theme->thumb_info($child); ?> </ul> </li> <? endforeach ?> <? else: ?> <? if ($user->admin || access::can("add", $item)): ?> <? $addurl = url::file("index.php/simple_uploader/app/$item->id") ?> <li><?php echo t("There aren't any photos here yet! <a %attrs>Add some</a>.", array("attrs" => "href=\"{$addurl}\" class=\"gDialogLink\"")); ?>
echo $item->url(array(), true); ?> </a></td> </tr> <? if ($item->original("description") != $item->description): ?> <tr> <td><?php echo t("New Description:"); ?> </td> <td><?php echo p::clean($item->description); ?> </td> </tr> <? elseif (!empty($item->description)): ?> <tr> <td><?php echo t("Description:"); ?> </td> <td><?php echo p::clean($item->description); ?> </td> </tr> <? endif ?> </table> </body> </html>
</a> </td> </tr> <? endif ?> <? if ($item->captured): ?> <tr> <th><?php echo t("Captured:"); ?> </th> <td><?php echo date("M j, Y H:i:s", $item->captured); ?> </td> </tr> <? endif ?> <? if ($item->owner): ?> <tr> <th><?php echo t("Owner:"); ?> </th> <td><a href="#"><?php echo p::clean($item->owner->name); ?> </a></td> </tr> <? endif ?> </tbody> </table>