CVS edit link for stevector

The Mobile Gallery module is a Views style plugin that outputs images organized in a way that is optimized for mobile devices. Numerous modules take Views results and theme them into common galleries like Lightboxes, JavaScript Carousels, jQuery Cycle and more. These approaches are optimized for desktop browsing and are often cumbersome on mobile devices.

As far as I know, there is not yet another Drupal module available that attempts to optimize such a gallery for mobile devices.

This module is meant to be used in conjunction with a mobile optimized theme to provide a simple interface with a grid of square thumbnails. When a thumbnail is clicked/touched the intended behavior is for the screen to go black and the user will see the larger version of the selected image along with navigation buttons and possibly a caption.

To see this module in use, go to http://m.blkipper.com/entry/bhutan

This module contains two submodules that take slightly different approaches to generating nearly the same results. The 'Simple' submodule requires users to declare an image field and two imagecache presets. The 'Semantic Views' submodule has a dedicated thumbnail field. Other fields will appear in the area intended for the full image. Both submodules also have the option for a separate caption field.

CommentFileSizeAuthor
#1 mobilegallery.zip221.33 KBstevector

Comments

stevector’s picture

stevector
he/him
commented
Status: Postponed (maintainer needs more info) » Active
StatusFileSize
new mobilegallery.zip221.33 KB

Here is the module.

stevector’s picture

stevector
he/him
commented
Status: Active » Needs review

Changing status to "needs review."

avpaderno’s picture

avpaderno
he/him
Primary language Italian
Location Brescia, 🇮🇹 🇪🇺
commented
Issue tags: +Module review
dave reid’s picture

dave reid
he/him
Primary language English
Location Nebraska USA
commented
Assigned: Unassigned » dave reid

Assigning to myself to review

dave reid’s picture

dave reid
he/him
Primary language English
Location Nebraska USA
commented
Component: Miscellaneous » miscellaneous
Status: Needs review » Needs work

Ok so getting back on this. Reviewing the module it looks very well thought-out and well-documented. That is a huge +1 for me. My only concern is there is a lot of direct variable output that could possibly be vulnerable to XSS if left un-sanitized. I haven't verified that it is in fact vulnerable, but all the direct output of variables in the theme functions caused a red flag for me.

mobilegallery.theme.inc:

  $next = $starting_index + $key + 1;
  $next = "<a href='#mg-$next' class='mobilegallery-asi mobilegallery-controls mobilegallery-next-link'><span>Next</span></a>";

  $prev = $starting_index + $key - 1;
  $prev = "<a href='#mg-$prev' class='mobilegallery-asi mobilegallery-controls mobilegallery-prev-link'><span>Prev</span></a>";

  $output = "
  <div class='mobilegallery-nav'>
    $prev
    $next
  </div>
  ";

  return $output;

Plus you can use url() and l() to generate links to anchors, so that should probably be used since we would also want to translate 'Next' and 'Prev', but that's not a show-stopper.

So the only thing blocking this is a verification that inputting <script>alert('XSS!');</script> in your views in all possible places won't cause any popups when viewing the gallery views.

avpaderno’s picture

avpaderno
he/him
Primary language Italian
Location Brescia, 🇮🇹 🇪🇺
commented
Assigned: dave reid » Unassigned
Status: Needs work » Closed (won't fix)

Please read all the following and the links provided as this is very important information about your CVS Application.

Drupal.org has moved from CVS to Git! This is a very significant change for the Drupal community and for your application. Please read the following documentation on how this affects and benefits you and the application process:Migrating from CVS Applications to (Git) Full Project Applications.

  • If your application has been "needs work" (or "postponed (maintainer needs more info)"), your application will be marked as "closed (won't fix)". You can still reopen it, by reading the instructions above.
  • if the status of this application is a different one, it will be changed to "postponed"; you will be able to reopen it by following the instructions in the above link.