9 Commits

Author	SHA1	Message	Date
Andy Staudacher	2bc73e2e36	Fix XSS vectors in HTML attributes (mostly t() calls)	2009-08-31 21:51:57 -07:00
Andy Staudacher	b9bd1681a3	Update all code to use helper method html::clean(), html::purify(), ... instead of SafeString directly.	2009-08-29 22:54:20 -07:00
Andy Staudacher	c01ac42c46	Refactor all calls of p::clean() to SafeString::of() and p::purify() to SafeString::purify(). ... Removing any p::clean() calls for arguments to t() and t2() since their args are wrapped in a SafeString anyway.	2009-08-29 12:48:40 -07:00
Bharat Mediratta	3e71a44a96	Add a closing </b> to the warning.	2009-06-12 23:04:34 -07:00
Andy Staudacher	7e4fcb97cb	Fix HTML bug in l10n message	2009-06-09 20:10:34 -07:00
Bharat Mediratta	79d526f1fa	Put in a placeholder link to click on if there's no value for a setting.	2009-06-09 18:58:40 -07:00
Bharat Mediratta	708f27f483	Run p::clean() on any variables that contain data entered by users.	2009-05-31 00:11:48 -07:00
Bharat Mediratta	88a3d43ba9	Update all references to the core application to now point to the ... gallery module. This type of mass update is prone to some small bugs.	2009-05-27 16:17:29 -07:00
Bharat Mediratta	28b41056e3	Restructure things so that the application is now just another module. ... Kohana makes this type of transition fairly straightforward in that all controllers/helpers/etc are still located in the cascading filesystem without any extra effort, except that I've temporarily added a hack to force modules/gallery into the module path. Rename what's left of "core" to be "application" so that it conforms more closely to the Kohana standard (basically, just application/config/config.php which is the minimal thing that you need in the application directory) There's still considerable work left to be done here.	2009-05-27 15:07:27 -07:00