13 files changed, 196 insertions, 81 deletions
diff --git a/views/default/output/access.php b/views/default/output/access.php
index cb1ffc94c..5c8d62c4d 100644
--- a/views/default/output/access.php
+++ b/views/default/output/access.php
@@ -9,8 +9,9 @@
 //sort out the access level for display
 if (isset($vars['entity']) && elgg_instanceof($vars['entity'])) {
 	$access_id = $vars['entity']->access_id;
-	$access_class = 'access_level';
+	$access_class = 'elgg-access';
 	$access_id_string = get_readable_access_level($access_id);
+	$access_id_string = htmlspecialchars($access_id_string, ENT_QUOTES, 'UTF-8', false);
 
 	// if within a group or shared access collection display group name and open/closed membership status
 	// @todo have a better way to do this instead of checking against subtype / class.
@@ -20,20 +21,22 @@ if (isset($vars['entity']) && elgg_instanceof($vars['entity'])) {
 		// we decided to show that the item is in a group, rather than its actual access level
 		// not required. Group ACLs are prepended with "Group: " when written.
 		//$access_id_string = elgg_echo('groups:group') . $container->name;
-		$membership = $is_group->membership;
+		$membership = $container->membership;
 
 		if ($membership == ACCESS_PUBLIC) {
-			$access_class .= ' group_open';
+			$access_class .= ' elgg-access-group-open';
 		} else {
-			$access_class .= ' group_closed';
+			$access_class .= ' elgg-access-group-closed';
 		}
+
+		// @todo this is plugin specific code in core. Should be removed.
 	} elseif ($container && $container->getSubtype() == 'shared_access') {
-		$access_level .= ' shared_collection';
+		$access_class .= ' shared_collection';
 	} elseif ($access_id == ACCESS_PRIVATE) {
-		$access_level .= ' private';
-	} else {
-		$access_level .= ' entity_access';
+		$access_class .= ' elgg-access-private';
 	}
 
-	echo "<span class=\"$access_class\">$access_id_string</span>";
-}
-\ No newline at end of file
+	$help_text = elgg_echo('access:help');
+
+	echo "<span title=\"$help_text\" class=\"$access_class\">$access_id_string</span>";
+}
diff --git a/views/default/output/calendar.php b/views/default/output/calendar.php
index 8729fa1c5..fa0bd0c04 100644
--- a/views/default/output/calendar.php
+++ b/views/default/output/calendar.php
@@ -9,9 +9,5 @@
  * @uses $vars['value'] The current value, if any
  *
  */
-
-if (is_int($vars['value'])) {
-	echo date("F j, Y", $vars['value']);
-} else {
-	echo htmlspecialchars($vars['value'], ENT_QUOTES, 'UTF-8');
-}
-\ No newline at end of file
+elgg_deprecated_notice('output/calendar was deprecated in favor of output/date', 1.8);
+echo elgg_view('output/date', $vars);
+\ No newline at end of file
diff --git a/views/default/output/confirmlink.php b/views/default/output/confirmlink.php
index 20431e5a7..532790a38 100644
--- a/views/default/output/confirmlink.php
+++ b/views/default/output/confirmlink.php
@@ -6,14 +6,16 @@
  * @package Elgg
  * @subpackage Core
  *
- * @uses $vars['text'] The text of the link
- * @uses $vars['href'] The address
- * @uses $vars['confirm'] The dialog text
- * @uses $vars['text_encode'] Encode special characters?
+ * @uses $vars['text']        The text of the link
+ * @uses $vars['href']        The address
+ * @uses $vars['title']       The title text (defaults to confirm text)
+ * @uses $vars['confirm']     The dialog text
+ * @uses $vars['encode_text'] Run $vars['text'] through htmlspecialchars() (false)
  */
 
-$confirm = elgg_extract('confirm', $vars, elgg_echo('question:areyousure'));
-$encode = elgg_extract('text_encode', $vars, true);
+$vars['rel'] = elgg_extract('confirm', $vars, elgg_echo('question:areyousure'));
+$vars['rel'] = addslashes($vars['rel']);
+$encode = elgg_extract('encode_text', $vars, false);
 
 // always generate missing action tokens
 $vars['href'] = elgg_add_action_tokens_to_url(elgg_normalize_url($vars['href']), true);
@@ -23,7 +25,10 @@ if ($encode) {
 	$text = htmlspecialchars($text, ENT_QUOTES, 'UTF-8', false);
 }
 
-$vars['title'] = addslashes($confirm);
+if (!isset($vars['title']) && isset($vars['confirm'])) {
+	$vars['title'] = $vars['rel'];
+}
+
 if (isset($vars['class'])) {
 	if (!is_array($vars['class'])) {
 		$vars['class'] = array($vars['class']);
@@ -32,11 +37,11 @@ if (isset($vars['class'])) {
 } else {
 	$vars['class'] = 'elgg-requires-confirmation';
 }
-//$vars['onclick'] = "return confirm('" . addslashes($confirm) . "')";
 
 unset($vars['encode_text']);
 unset($vars['text']);
 unset($vars['confirm']);
+unset($vars['is_trusted']);
 
 $attributes = elgg_format_attributes($vars);
 echo "<a $attributes>$text</a>";
diff --git a/views/default/output/date.php b/views/default/output/date.php
index bd8a65714..1644a3480 100644
--- a/views/default/output/date.php
+++ b/views/default/output/date.php
@@ -6,10 +6,12 @@
  * @package Elgg
  * @subpackage Core
  *
- * @uses $vars['value'] A UNIX epoch timestamp
- *
+ * @uses $vars['value'] Date as text or a Unix timestamp in seconds
  */
 
-if ($vars['value'] > 86400) {
-	echo date("F j, Y",$vars['value']);
-}
-\ No newline at end of file
+// convert timestamps to text for display
+if (is_numeric($vars['value'])) {
+	$vars['value'] = gmdate('Y-m-d', $vars['value']);
+}
+
+echo $vars['value'];
diff --git a/views/default/output/email.php b/views/default/output/email.php
index 00eefad1f..f5a8bc4b8 100644
--- a/views/default/output/email.php
+++ b/views/default/output/email.php
@@ -10,6 +10,8 @@
  *
  */
 
+$encoded_value = htmlspecialchars($vars['value'], ENT_QUOTES, 'UTF-8');
+
 if (!empty($vars['value'])) {
-	echo "<a href=\"mailto:" . $vars['value'] . "\">". htmlspecialchars($vars['value'], ENT_QUOTES, 'UTF-8', false) ."</a>";
+	echo "<a href=\"mailto:$encoded_value\">$encoded_value</a>";
 }
 \ No newline at end of file
diff --git a/views/default/output/img.php b/views/default/output/img.php
new file mode 100644
index 000000000..d3f596801
--- /dev/null
+++ b/views/default/output/img.php
@@ -0,0 +1,12 @@
+<?php
+/**
+ * Elgg image view
+ *
+ * @uses string $vars['src'] The image src url.
+ */
+
+$vars['src'] = elgg_normalize_url($vars['src']);
+$vars['src'] = elgg_format_url($vars['src']);
+
+$attributes = elgg_format_attributes($vars);
+echo "<img $attributes/>";
diff --git a/views/default/output/location.php b/views/default/output/location.php
new file mode 100644
index 000000000..e1009f17d
--- /dev/null
+++ b/views/default/output/location.php
@@ -0,0 +1,19 @@
+<?php
+/**
+ * Display a location
+ *
+ * @uses $vars['entity'] The ElggEntity that has a location
+ * @uses $vars['value']  The location string if the entity is not passed
+ */
+
+if (isset($vars['entity'])) {
+	$vars['value'] = $vars['entity']->location;
+	unset($vars['entity']);
+}
+
+// Fixes #4566 we used to allow arrays of strings for location
+if (is_array($vars['value'])) {
+	$vars['value'] = implode(', ', $vars['value']);
+}
+
+echo elgg_view('output/tag', $vars);
diff --git a/views/default/output/longtext.php b/views/default/output/longtext.php
index 703bb0868..589100c4f 100644
--- a/views/default/output/longtext.php
+++ b/views/default/output/longtext.php
@@ -11,22 +11,28 @@
  * @uses $vars['class']
  */
 
-$class = 'elgg-text';
+$class = 'elgg-output';
 $additional_class = elgg_extract('class', $vars, '');
 if ($additional_class) {
-	$class = "$class $additional_class";
+	$vars['class'] = "$class $additional_class";
+} else {
+	$vars['class'] = $class;
 }
 
 $parse_urls = elgg_extract('parse_urls', $vars, true);
+unset($vars['parse_urls']);
 
 $text = $vars['value'];
-
-$text = filter_tags($text);
+unset($vars['value']);
 
 if ($parse_urls) {
 	$text = parse_urls($text);
 }
 
-$text = autop($text);
+$text = filter_tags($text);
+
+$text = elgg_autop($text);
+
+$attributes = elgg_format_attributes($vars);
 
-echo "<div class=\"$class\">$text</div>";
+echo "<div $attributes>$text</div>";
diff --git a/views/default/output/tag.php b/views/default/output/tag.php
new file mode 100644
index 000000000..6bd9a72a7
--- /dev/null
+++ b/views/default/output/tag.php
@@ -0,0 +1,35 @@
+<?php
+/**
+ * Elgg single tag output
+ *
+ * @uses $vars['value']   String
+ * @uses $vars['type']    The entity type, optional
+ * @uses $vars['subtype'] The entity subtype, optional
+ *
+ */
+
+if (!empty($vars['type'])) {
+	$type = "&type=" . rawurlencode($vars['type']);
+} else {
+	$type = "";
+}
+if (!empty($vars['subtype'])) {
+	$subtype = "&subtype=" . rawurlencode($vars['subtype']);
+} else {
+	$subtype = "";
+}
+if (!empty($vars['object'])) {
+	$object = "&object=" . rawurlencode($vars['object']);
+} else {
+	$object = "";
+}
+
+if (isset($vars['value'])) {
+	$url = elgg_get_site_url() . 'search?q=' . rawurlencode($vars['value']) . "&search_type=tags{$type}{$subtype}{$object}";
+	$vars['value'] = htmlspecialchars($vars['value'], ENT_QUOTES, 'UTF-8', false);
+	echo elgg_view('output/url', array(
+		'href' => $url,
+		'text' => $vars['value'],
+		'rel' => 'tag',
+	));
+}
diff --git a/views/default/output/tagcloud.php b/views/default/output/tagcloud.php
index d9397faab..2fbf1cd0a 100644
--- a/views/default/output/tagcloud.php
+++ b/views/default/output/tagcloud.php
@@ -12,8 +12,6 @@
  * @uses $vars['subtype'] Entity subtype
  */
 
-$context = elgg_get_context();
-
 if (!empty($vars['subtype'])) {
 	$subtype = "&entity_subtype=" . urlencode($vars['subtype']);
 } else {
@@ -41,6 +39,8 @@ if (!empty($vars['tagcloud']) && is_array($vars['tagcloud'])) {
 	
 	$cloud = '';
 	foreach ($vars['tagcloud'] as $tag) {
+		$tag->tag = htmlspecialchars($tag->tag, ENT_QUOTES, 'UTF-8', false);
+
 		if ($cloud != '') {
 			$cloud .= ', ';
 		}
@@ -49,23 +49,18 @@ if (!empty($vars['tagcloud']) && is_array($vars['tagcloud'])) {
 		if ($size < 100) {
 			$size = 100;
 		}
-		$url = elgg_get_site_url()."pg/search/?q=". urlencode($tag->tag) . "&search_type=tags$type$subtype";
-		$url = elgg_format_url($url);
-		$cloud .= "<a href=\"$url\" style=\"font-size: $size%\" title=\"".addslashes($tag->tag)." ($tag->total)\">" . htmlspecialchars($tag->tag, ENT_QUOTES, 'UTF-8') . "</a>";
-	}
-		
-	if ($context != 'tags') {
-		$text = elgg_echo('tagcloud:allsitetags');
-		$cloud .= '<p class="elgg-tags">';
-		$cloud .= "<a href=\"".elgg_get_site_url()."pg/tags\">$text</a>";
-		$cloud .= '</p>';
+		$url = "search?q=". urlencode($tag->tag) . "&search_type=tags$type$subtype";
+
+		$cloud .= elgg_view('output/url', array(
+			'text' => $tag->tag,
+			'href' => $url,
+			'style' => "font-size: $size%;",
+			'title' => "$tag->tag ($tag->total)",
+			'rel' => 'tag'
+		));
 	}
 	
 	$cloud .= elgg_view('tagcloud/extend');
 
-	if ($context != 'tags') {
-		echo elgg_view_module('aside', elgg_echo('tagcloud'), $cloud, array('class' => 'elgg-tagcloud'));
-	} else {
-		echo "<div class=\"elgg-tagcloud\">$cloud</div>";
-	}
+	echo "<div class=\"elgg-tagcloud\">$cloud</div>";
 }
diff --git a/views/default/output/tags.php b/views/default/output/tags.php
index f4804e76e..db096a3be 100644
--- a/views/default/output/tags.php
+++ b/views/default/output/tags.php
@@ -1,24 +1,34 @@
 <?php
 /**
  * Elgg tags
- *
  * Tags can be a single string (for one tag) or an array of strings
  *
- * @package Elgg
- * @subpackage Core
- *
- * @uses $vars['tags'] The tags to display
- * @uses $vars['type'] The entity type, optional
+ * @uses $vars['value']   Array of tags or a string
+ * @uses $vars['type']    The entity type, optional
  * @uses $vars['subtype'] The entity subtype, optional
+ * @uses $vars['entity']  Optional. Entity whose tags are being displayed (metadata ->tags)
+ * @uses $vars['list_class'] Optional. Additional classes to be passed to <ul> element
+ * @uses $vars['item_class'] Optional. Additional classes to be passed to <li> elements
+ * @uses $vars['icon_class'] Optional. Additional classes to be passed to tags icon image
  */
 
+if (isset($vars['entity'])) {
+	$vars['tags'] = $vars['entity']->tags;
+	unset($vars['entity']);
+}
+
+if (!empty($vars['type'])) {
+	$type = "&type=" . rawurlencode($vars['type']);
+} else {
+	$type = "";
+}
 if (!empty($vars['subtype'])) {
-	$subtype = "&subtype=" . urlencode($vars['subtype']);
+	$subtype = "&subtype=" . rawurlencode($vars['subtype']);
 } else {
 	$subtype = "";
 }
 if (!empty($vars['object'])) {
-	$object = "&object=" . urlencode($vars['object']);
+	$object = "&object=" . rawurlencode($vars['object']);
 } else {
 	$object = "";
 }
@@ -27,24 +37,46 @@ if (empty($vars['tags']) && !empty($vars['value'])) {
 	$vars['tags'] = $vars['value'];
 }
 
+if (empty($vars['tags']) && isset($vars['entity'])) {
+	$vars['tags'] = $vars['entity']->tags;
+}
+
 if (!empty($vars['tags'])) {
 	if (!is_array($vars['tags'])) {
 		$vars['tags'] = array($vars['tags']);
 	}
 
-	echo '<ul class="elgg-tags">';
+	$list_class = "elgg-tags";
+	if (isset($vars['list_class'])) {
+		$list_class = "$list_class {$vars['list_class']}";
+	}
+
+	$item_class = "elgg-tag";
+	if (isset($vars['item_class'])) {
+		$item_class = "$item_class {$vars['item_class']}";
+	}
+
+	$icon_class = elgg_extract('icon_class', $vars);
+	$list_items = '<li>' . elgg_view_icon('tag', $icon_class) . '</li>';
+		
 	foreach($vars['tags'] as $tag) {
-		if (!empty($vars['type'])) {
-			$type = "&type={$vars['type']}";
-		} else {
-			$type = "";
-		}
-		$url = elgg_get_site_url() . 'pg/search/?q=' . urlencode($tag) . "&search_type=tags{$type}{$subtype}{$object}";
+		$url = elgg_get_site_url() . 'search?q=' . rawurlencode($tag) . "&search_type=tags{$type}{$subtype}{$object}";
 		if (is_string($tag)) {
-			echo '<li>';
-			echo "<a rel=\"tag\" href=\"$url\">" . htmlspecialchars($tag, ENT_QUOTES, 'UTF-8') . "</a>";
-			echo '</li>';
+			$tag = htmlspecialchars($tag, ENT_QUOTES, 'UTF-8', false);
+			$list_items .= "<li class=\"$item_class\">";
+			$list_items .= elgg_view('output/url', array('href' => $url, 'text' => $tag, 'rel' => 'tag'));
+			$list_items .= '</li>';
 		}
 	}
-	echo '</ul>';
+
+	$list = <<<___HTML
+		<div class="clearfix">
+			<ul class="$list_class">
+				$list_items
+			</ul>
+		</div>
+___HTML;
+
+	echo $list;
 }
+
diff --git a/views/default/output/text.php b/views/default/output/text.php
index 2c9242c1d..5cbfc35b0 100644
--- a/views/default/output/text.php
+++ b/views/default/output/text.php
@@ -6,8 +6,7 @@
  * @package Elgg
  * @subpackage Core
  *
- * @uses $vars['text'] The text to display
- *
+ * @uses $vars['value'] The text to display
  */
 
 echo htmlspecialchars($vars['value'], ENT_QUOTES, 'UTF-8', false);
 \ No newline at end of file
diff --git a/views/default/output/url.php b/views/default/output/url.php
index fdeb94ac3..81b02087d 100644
--- a/views/default/output/url.php
+++ b/views/default/output/url.php
@@ -8,9 +8,9 @@
  *
  * @uses string $vars['text']        The string between the <a></a> tags.
  * @uses string $vars['href']        The unencoded url string
- * @uses bool   $vars['encode_text'] Run $vars['text'] through htmlspecialchars()?
- * @uses bool   $vars['is_action']   Is this a link to an action?
- *
+ * @uses bool   $vars['encode_text'] Run $vars['text'] through htmlspecialchars() (false)
+ * @uses bool   $vars['is_action']   Is this a link to an action (false)
+ * @uses bool   $vars['is_trusted']  Is this link trusted (false)
  */
 
 $url = elgg_extract('href', $vars, null);
@@ -20,7 +20,7 @@ if (!$url and isset($vars['value'])) {
 }
 
 if (isset($vars['text'])) {
-	if (isset($vars['encode_text']) && $vars['encode_text']) {
+	if (elgg_extract('encode_text', $vars, false)) {
 		$text = htmlspecialchars($vars['text'], ENT_QUOTES, 'UTF-8', false);
 	} else {
 		$text = $vars['text'];
@@ -35,13 +35,22 @@ unset($vars['encode_text']);
 if ($url) {
 	$url = elgg_normalize_url($url);
 
-	if (isset($vars['is_action'])) {
+	if (elgg_extract('is_action', $vars, false)) {
 		$url = elgg_add_action_tokens_to_url($url, false);
-		unset($vars['is_action']);
+	}
+
+	if (!elgg_extract('is_trusted', $vars, false)) {
+		if (!isset($vars['rel'])) {
+			$vars['rel'] = 'nofollow';
+			$url = strip_tags($url);
+		}
 	}
 
 	$vars['href'] = $url;
 }
 
+unset($vars['is_action']);
+unset($vars['is_trusted']);
+
 $attributes = elgg_format_attributes($vars);
-echo "<a $attributes>$text</a>";
-\ No newline at end of file
+echo "<a $attributes>$text</a>";