From: garvinhicking <garvinhicking>
Date: Wed, 9 Aug 2006 07:28:41 +0000 (+0000)
Subject: Fix more entry sorting
X-Git-Tag: 1.1~147
X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=fd6d541eb248a3f1a82c8ee457364b08805000b9;p=s9y.git

Fix more entry sorting
---

diff --git a/deployment/serendipity_editor.js b/deployment/serendipity_editor.js
index 12713f3..acac0b2 100644
--- a/deployment/serendipity_editor.js
+++ b/deployment/serendipity_editor.js
@@ -72,7 +72,7 @@ function wrapSelectionWithLink(txtarea) {
          document.getElementById && getMozSelection(txtarea) == "") {
         var my_desc = prompt("Enter Description", '');
     }
-    
+
     var my_title = prompt("Enter title/tooltip:", "");
 
 	html_title = "";
@@ -142,7 +142,7 @@ function serendipity_insLink (area) {
         area.focus();
         return;
     }
-    
+
 	html_title = "";
     if (my_title != "") {
 		html_title = ' title="' + my_title + '"';
@@ -155,7 +155,9 @@ function serendipity_insLink (area) {
 function serendipity_imageSelector_addToElement (str, el)
 {
     document.getElementById(el).value = str;
-    document.getElementById(el).focus();
+    if (document.getElementById(el).type != 'hidden' && document.getElementById(el).focus) {
+        document.getElementById(el).focus();
+    }
     if (document.getElementById(el).onchange) {
         document.getElementById(el).onchange();
     }
@@ -183,7 +185,7 @@ function serendipity_imageSelector_done(textarea)
     var src = '';
     var f = document.forms['serendipity[selForm]'].elements;
 
-    if (f['serendipity[linkThumbnail]'][0].checked == true) {
+    if (f['serendipity[linkThumbnail]'] && f['serendipity[linkThumbnail]'][0].checked == true) {
         img       = f['thumbName'].value;
         imgWidth  = f['imgThumbWidth'].value;
         imgHeight = f['imgThumbHeight'].value;
@@ -193,10 +195,30 @@ function serendipity_imageSelector_done(textarea)
         imgHeight = f['imgHeight'].value;
     }
 
-    if (f['serendipity[filename_only]'] && f['serendipity[filename_only]'].value == 'true') {
-        self.opener.serendipity_imageSelector_addToElement(img, f['serendipity[htmltarget]'].value);
-        self.close();
-        return true;
+    if (f['serendipity[filename_only]']) {
+        if (f['serendipity[htmltarget]']) {
+            starget = f['serendipity[htmltarget]'].value;
+        } else {
+            starget = 'serendipity[' + textarea + ']';
+        }
+
+        if (f['serendipity[filename_only]'].value == 'true') {
+            parent.self.opener.serendipity_imageSelector_addToElement(img, f['serendipity[htmltarget]'].value);
+            parent.self.close();
+            return true;
+        } else if (f['serendipity[filename_only]'].value == 'id') {
+            parent.self.opener.serendipity_imageSelector_addToElement(f['imgID'].value, starget);
+            parent.self.close();
+            return true;
+        } else if (f['serendipity[filename_only]'].value == 'thumb') {
+            parent.self.opener.serendipity_imageSelector_addToElement(f['thumbName'].value, starget);
+            parent.self.close();
+            return true;
+        } else if (f['serendipity[filename_only]'].value == 'big') {
+            parent.self.opener.serendipity_imageSelector_addToElement(f['imgName'].value, starget);
+            parent.self.close();
+            return true;
+        }
     }
 
     if (document.getElementById('serendipity_imagecomment').value != '') {
@@ -205,31 +227,53 @@ function serendipity_imageSelector_done(textarea)
         styled = true;
     }
 
+    imgID = 0;
+    if (f['imgID']) {
+        imgID = f['imgID'].value;
+    }
+    baseURL = '';
+    if (f['baseURL']) {
+        baseURL = f['baseURL'].value;
+    }
+
     floating = 'center';
-    if (XHTML11) {
-        if (f['serendipity[align]'][0].checked == true) {
-            img = "<img width='" + imgWidth + "' height='" + imgHeight + "' " + (styled ? 'style="border: 0px; padding-left: 5px; padding-right: 5px;"' : '') + ' src="' + img + "\" alt=\"\" />";
-        } else if (f['serendipity[align]'][1].checked == true) {
-            img = "<img width='" + imgWidth + "' height='" + imgHeight + "' " + (styled ? 'style="float: left; border: 0px; padding-left: 5px; padding-right: 5px;"' : '') + ' src="' + img + "\" alt=\"\" />";
-            floating = 'left';
-        } else if (f['serendipity[align]'][2].checked == true) {
-            img = "<img width='" + imgWidth + "' height='" + imgHeight + "' " + (styled ? 'style="float: right; border: 0px; padding-left: 5px; padding-right: 5px;"' : '') + ' src="' + img + "\" alt=\"\" />";
-            floating = 'right';
-        }
-    } else {
-        if (f['serendipity[align]'][0].checked == true) {
-            img = "<img width='" + imgWidth + "' height='" + imgHeight + "' border='0' hspace='5' src='" + img + "' alt='' />";
-        } else if (f['serendipity[align]'][1].checked == true) {
-            img = "<img width='" + imgWidth + "' height='" + imgHeight + "' border='0' hspace='5' align='left' src='" + img + "' alt='' />";
-            floating = 'left';
-        } else if (f['serendipity[align]'][2].checked == true) {
-            img = "<img width='" + imgWidth + "' height='" + imgHeight + "' border='0' hspace='5' align='right' src='" + img + "' alt='' />";
-            floating = 'right';
-        }
+    if (f['serendipity[align]'][0].checked == true) {
+        img = "<!--s9ymdb:" + imgID + "--><img width='" + imgWidth + "' height='" + imgHeight + "' " + (styled ? 'style="border: 0px; padding-left: 5px; padding-right: 5px;"' : '') + ' src="' + img + "\" alt=\"\" />";
+    } else if (f['serendipity[align]'][1].checked == true) {
+        img = "<!--s9ymdb:" + imgID + "--><img width='" + imgWidth + "' height='" + imgHeight + "' " + (styled ? 'style="float: left; border: 0px; padding-left: 5px; padding-right: 5px;"' : '') + ' src="' + img + "\" alt=\"\" />";
+        floating = 'left';
+    } else if (f['serendipity[align]'][2].checked == true) {
+        img = "<!--s9ymdb:" + imgID + "--><img width='" + imgWidth + "' height='" + imgHeight + "' " + (styled ? 'style="float: right; border: 0px; padding-left: 5px; padding-right: 5px;"' : '') + ' src="' + img + "\" alt=\"\" />";
+        floating = 'right';
     }
 
     if (f['serendipity[isLink]'][1].checked == true) {
-        insert = "<a class='serendipity_image_link' href='" + f['serendipity[url]'].value + "'>" + img + "</a>";
+        if (f['serendipity[target]'].selectedIndex) {
+            targetval = f['serendipity[target]'].options[f['serendipity[target]'].selectedIndex].value;
+        } else {
+            targetval = '';
+        }
+
+        prepend   = '';
+        ilink     = f['serendipity[url]'].value;
+        if (!targetval || targetval == 'none') {
+            itarget = '';
+        } else if (targetval == 'js') {
+            itarget = ' onclick="F1 = window.open(\'' + f['serendipity[url]'].value + '\',\'Zoom\',\''
+                    + 'height=' + (parseInt(f['imgHeight'].value) + 15) + ','
+                    + 'width='  + (parseInt(f['imgWidth'].value)  + 15) + ','
+                    + 'top='    + (screen.height - f['imgHeight'].value) /2 + ','
+                    + 'left='   + (screen.width  - f['imgWidth'].value)  /2 + ','
+                    + 'toolbar=no,menubar=no,location=no,resize=1,resizable=1,scrollbars=yes\'); return false;"';
+        } else if (targetval == '_blank') {
+            itarget = ' target="_blank"';
+        } else if (targetval == 'plugin') {
+            itarget = ' id="s9yisphref' + imgID + '" onclick="javascript:this.href = this.href + \'&amp;serendipity[from]=\' + self.location.href;"';
+            prepend = '<a title="' + ilink + '" id="s9yisp' + imgID + '"></a>';
+            ilink   = baseURL + 'serendipity_admin_image_selector.php?serendipity[step]=showItem&amp;serendipity[image]=' + imgID;
+        }
+
+        insert = prepend + "<a class='serendipity_image_link' href='" + ilink + "'" + itarget + ">" + img + "</a>";
     } else {
         insert = img;
     }
@@ -244,14 +288,15 @@ function serendipity_imageSelector_done(textarea)
         block = insert;
     }
 
-    if (self.opener.editorref) {
-        self.opener.editorref.surroundHTML(block, '');
+    if (typeof(parent.self.opener.htmlarea_editors) != 'undefined' && typeof(parent.self.opener.htmlarea_editors[textarea] != 'undefined')) {
+        parent.self.opener.htmlarea_editors[textarea].surroundHTML(block, '');
+    } else if (parent.self.opener.editorref) {
+        parent.self.opener.editorref.surroundHTML(block, '');
     } else {
-    	
-        self.opener.serendipity_imageSelector_addToBody(block, textarea);
+        parent.self.opener.serendipity_imageSelector_addToBody(block, textarea);
     }
 
-    self.close();
+    parent.self.close();
 }
 
 // -->
diff --git a/docs/NEWS b/docs/NEWS
index b87a6cd..8089099 100644
--- a/docs/NEWS
+++ b/docs/NEWS
@@ -243,6 +243,10 @@ Version 1.1-alpha5()
 Version 1.0.1 ()
 ------------------------------------------------------------------------
 
+   * Fix problem on newer Firefox versions, where insertion of images
+     in the WYSIWYG editor did not work. It might be necessary to
+     purge your browsers cache for this to properly work. (Jay Bertrandt)
+
    * Fix utf8 iconv conversion failing on some older PHP setups.
      Thanks to Matthias Leisi!
 
diff --git a/include/admin/images.inc.php b/include/admin/images.inc.php
index d8d56d9..51e56fa 100644
--- a/include/admin/images.inc.php
+++ b/include/admin/images.inc.php
@@ -11,20 +11,57 @@ if (!serendipity_checkPermission('adminImages')) {
 }
 
 switch ($serendipity['GET']['adminAction']) {
+    case 'imgedit':
+        echo '<div class="warning js_warning"><em>' . PREFERENCE_USE_JS_WARNING . '</em></div>';
+
+        if (!isset($serendipity['eyecandy']) || serendipity_db_bool($serendipity['eyecandy'])) {
+        } else {
+            return true;
+        }
+
+        include(S9Y_INCLUDE_PATH . "include/functions_images_crop.inc.php");
+        $media['is_imgedit'] = true;
+        $media['css_imgedit'] = serendipity_getTemplateFile('admin/imgedit.css');
+
+        if (isset($serendipity['GET']['fid'])) {
+            $file = serendipity_fetchImageFromDatabase($serendipity['GET']['fid']);
+            if (!is_array($file) || !serendipity_checkPermission('adminImagesDelete') || (!serendipity_checkPermission('adminImagesMaintainOthers') && $file['authorid'] != '0' && $file['authorid'] != $serendipity['authorid'])) {
+                return;
+            }
+    
+            $fullfile = $serendipity['serendipityPath'] . $serendipity['uploadPath'] . $file['path'] . $file['name'] . '.' . $file['extension'];
+            $httpfile = $serendipity['serendipityHTTPPath'] . $serendipity['uploadHTTPPath'] . $file['path'] . $file['name'] . '.' . $file['extension'];
+
+            $img = new imgedit($fullfile, $httpfile);
+            
+            // Set the filenames used for the cropping areas. Width/Height are automagically detected. Orientation is either horizontal or vertical.
+            $img->setArea('imgedit_area.gif',  'h');
+            $img->setArea('imgedit_varea.gif', 'v');
+            
+            // Let the IMGEditor do its magic. It will parse its results straightly into a template variable array.
+            $img->main();
+            $serendipity['smarty']->assign('imgedit', $img->imgedit_smarty);
+            serendipity_smarty_fetch('IMGEDIT', $img->output_template);
+        }
+        break;
+
     case 'sync':
         if (!serendipity_checkPermission('adminImagesSync')) {
             break;
         }
-        @set_time_limit(0);
+
+        if (function_exists('set_time_limit')) {
+            @set_time_limit(0);
+        }
         @ignore_user_abort();
 
-        echo '<p><b>' . SYNCING . '</b></p><br />';
+        echo '<p class="image_synch"><b>' . SYNCING . '</b></p><br />';
         flush();
 
         $i = serendipity_syncThumbs();
         printf(SYNC_DONE, $i);
 
-        echo '<p><b>' . RESIZING . '</b></p><br />';
+        echo '<p class="image_resize"><b>' . RESIZING . '</b></p><br />';
         flush();
 
         $i = serendipity_generateThumbs();
@@ -44,7 +81,7 @@ switch ($serendipity['GET']['adminAction']) {
     case 'delete':
         $file     = serendipity_fetchImageFromDatabase($serendipity['GET']['fid']);
 
-        if (!serendipity_checkPermission('adminImagesDelete') || (!serendipity_checkPermission('adminImagesMaintainOthers') && $file['authorid'] != '0' && $file['authorid'] != $serendipity['authorid'])) {
+        if (!is_array($file) || !serendipity_checkPermission('adminImagesDelete') || (!serendipity_checkPermission('adminImagesMaintainOthers') && $file['authorid'] != '0' && $file['authorid'] != $serendipity['authorid'])) {
             return;
         }
 
@@ -52,11 +89,11 @@ switch ($serendipity['GET']['adminAction']) {
             $serendipity['adminFile'] = 'serendipity_admin.php';
         }
         $abortLoc = $serendipity['serendipityHTTPPath'] . $serendipity['adminFile'] . '?serendipity[adminModule]=images';
-        $newLoc   = $abortLoc . '&serendipity[adminAction]=DoDelete&serendipity[fid]=' . $serendipity['GET']['fid'] . '&' . serendipity_setFormToken('url');
+        $newLoc   = $abortLoc . '&serendipity[adminAction]=DoDelete&serendipity[fid]=' . (int)$serendipity['GET']['fid'] . '&' . serendipity_setFormToken('url');
 
-        printf(ABOUT_TO_DELETE_FILE, $file['name'] .'.'. $file['extension']);
+        printf('<div class="image_notify_delete">' . ABOUT_TO_DELETE_FILE . '</div>', $file['name'] .'.'. $file['extension']);
 ?>
-    <form method="get" name="delete_image">
+    <form method="get" id="delete_image">
         <div>
               <a href="<?php echo $newLoc; ?>" class="serendipityPrettyButton"><?php echo DUMP_IT ?></a>
               &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
@@ -67,84 +104,66 @@ switch ($serendipity['GET']['adminAction']) {
         break;
 
     case 'rename':
+        $serendipity['GET']['fid'] = (int)$serendipity['GET']['fid'];
         $file = serendipity_fetchImageFromDatabase($serendipity['GET']['fid']);
         $serendipity['GET']['newname'] = serendipity_uploadSecure($serendipity['GET']['newname'], true);
 
-        if (!serendipity_checkFormToken() || !serendipity_checkPermission('adminImagesDelete') || (!serendipity_checkPermission('adminImagesMaintainOthers') && $file['authorid'] != '0' && $file['authorid'] != $serendipity['authorid'])) {
-            return;
-        }
-
-        if (serendipity_isActiveFile(basename($serendipity['GET']['newname']))) {
-            printf(ERROR_FILE_FORBIDDEN, $serendipity['GET']['newname']);
+        if (!is_array($file) || !serendipity_checkFormToken() || !serendipity_checkPermission('adminImagesDelete') || (!serendipity_checkPermission('adminImagesMaintainOthers') && $file['authorid'] != '0' && $file['authorid'] != $serendipity['authorid'])) {
             return;
         }
 
-        if ($file['hotlink']) {
-            serendipity_updateImageInDatabase(array('name' => $serendipity['GET']['newname']), $serendipity['GET']['fid']);
-        } else {
-            $newfile = $serendipity['serendipityPath'] . $serendipity['uploadPath'] . $file['path'] . $serendipity['GET']['newname'] . '.' . $file['extension'];
-            $oldfile = $serendipity['serendipityPath'] . $serendipity['uploadPath'] . $file['path'] . $file['name'] . '.'. $file['extension'];
-            if ($serendipity['GET']['newname'] != '' && file_exists($oldfile) && !file_exists($newfile)) {
-                $renameValues = array(array(
-                    'from'   => $oldfile,
-                    'to'     => $newfile,
-                    'thumb'  => $serendipity['thumbSuffix'],
-                    'fthumb' => $file['thumbnail_name']
-                ));
-
-                serendipity_plugin_api::hook_event('backend_media_rename', $renameValues);
-
-                // Rename file
-                rename($renameValues[0]['from'], $renameValues[0]['to']);
-
-                foreach($renameValues as $renameData) {
-                    // Rename thumbnail
-                    rename($serendipity['serendipityPath'] . $serendipity['uploadPath'] . $file['path'] . $file['name'] . (!empty($renameData['fthumb']) ? '.' . $renameData['fthumb'] : '') . '.' .  $file['extension'],
-                           $serendipity['serendipityPath'] . $serendipity['uploadPath'] . $file['path'] . $serendipity['GET']['newname'] . '.' . $renameData['thumb'] . '.' . $file['extension']);
-                }
-
-                serendipity_updateImageInDatabase(array('thumbnail_name' => $renameValues[0]['thumb'], 'name' => $serendipity['GET']['newname']), $serendipity['GET']['fid']);
-
-                // Forward user to overview (we don't want the user's back button to rename things again)
-            } else {
-                if (!file_exists($oldfile)) {
-                    echo ERROR_FILE_NOT_EXISTS;
-                } elseif (file_exists($newfile)) {
-                    echo ERROR_FILE_EXISTS;
-                } else {
-                    echo ERROR_SOMETHING;
-                }
+        if (!serendipity_moveMediaDirectory(null, $serendipity['GET']['newname'], 'file', $serendipity['GET']['fid'], $file)) {
     ?>
         <br />
         <input type="button" onclick="history.go(-1);" value="<?php echo BACK; ?>" class="serendipityPrettyButton" />
     <?php
                 break;
-            }
         }
 
         // if we successfully rename
     ?>
         <script language="javascript" type="text/javascript">
-            location.href="?serendipity[adminModule]=images";
+            location.href="?serendipity[adminModule]=images&serendipity[adminAction]=default";
         </script>
         <noscript>
-            <a href="?serendipity[adminModule]=images"><?php echo DONE ?></a>
+            <a href="?serendipity[adminModule]=images&amp;serendipity[adminAction]=default"><?php echo DONE ?></a>
         </noscript>
     <?php
         break;
 
+    case 'properties':
+        $new_media = array(array('image_id' => $serendipity['GET']['fid']));
+        serendipity_showPropertyForm($new_media);
+        break;
+
     case 'add':
         if (!serendipity_checkFormToken() || !serendipity_checkPermission('adminImagesAdd')) {
             return;
         }
 
+        if ($serendipity['POST']['adminSubAction'] == 'properties') {
+            $properties        = serendipity_parsePropertyForm();
+            $image_id          = $properties['image_id'];
+            $created_thumbnail = true;
+?>
+        <script language="javascript" type="text/javascript">
+            location.href="?serendipity[adminModule]=images&serendipity[adminAction]=default";
+        </script>
+        <noscript>
+            <a href="?serendipity[adminModule]=images&amp;serendipity[adminAction]=default"><?php echo DONE ?></a>
+        </noscript>
+<?php
+            break;
+        }
+
 ?>
-    <b><?php echo ADDING_IMAGE; ?></b>
+    <div class="image_add"><b><?php echo ADDING_IMAGE; ?></b></div>
     <br /><br />
 <?php
 
     $authorid = (isset($serendipity['POST']['all_authors']) && $serendipity['POST']['all_authors'] == 'true') ? '0' : $serendipity['authorid'];
 
+    $new_media = array();
     // First find out whether to fetch a file or accept an upload
     if ($serendipity['POST']['imageurl'] != '' && $serendipity['POST']['imageurl'] != 'http://') {
         if (!empty($serendipity['POST']['target_filename'][2])) {
@@ -170,37 +189,42 @@ switch ($serendipity['GET']['adminAction']) {
         $serendipity['POST']['target_directory'][$tindex] = serendipity_uploadSecure($serendipity['POST']['target_directory'][$tindex], true, true);
         $target = $serendipity['serendipityPath'] . $serendipity['uploadPath'] . $serendipity['POST']['target_directory'][$tindex] . $tfile;
 
+        $realname = $tfile;
         if (file_exists($target)) {
-            echo '(' . $target . ') ' . ERROR_FILE_EXISTS_ALREADY;
-        } else {
-            require_once S9Y_PEAR_PATH . 'HTTP/Request.php';
-            $options = array();
-            serendipity_plugin_api::hook_event('backend_http_request', $options, 'image');
-            $req = &new HTTP_Request($serendipity['POST']['imageurl'], $options);
-            // Try to get the URL
-
-            if (PEAR::isError($req->sendRequest()) || $req->getResponseCode() != '200') {
-                printf(REMOTE_FILE_NOT_FOUND, $serendipity['POST']['imageurl']);
-            } else {
-                // Fetch file
-                $fContent = $req->getResponseBody();
+            echo '(' . $target . ') ' . ERROR_FILE_EXISTS_ALREADY . '<br />';
+            $realname = serendipity_imageAppend($tfile, $target, $serendipity['serendipityPath'] . $serendipity['uploadPath'] . $serendipity['POST']['target_directory'][$tindex]);
+        }
 
-                if ($serendipity['POST']['imageimporttype'] == 'hotlink') {
-                    $tempfile = $serendipity['serendipityPath'] . $serendipity['uploadPath'] . '/hotlink_' . time();
-                    $fp = fopen($tempfile, 'w');
-                    fwrite($fp, $fContent);
-                    fclose($fp);
+        require_once S9Y_PEAR_PATH . 'HTTP/Request.php';
+        $options = array();
+        serendipity_plugin_api::hook_event('backend_http_request', $options, 'image');
+        serendipity_request_start();
+        $req = &new HTTP_Request($serendipity['POST']['imageurl'], $options);
+        // Try to get the URL
 
-                    $image_id = @serendipity_insertHotlinkedImageInDatabase($tfile, $serendipity['POST']['imageurl'], $authorid, null, $tempfile);
-                    printf(HOTLINK_DONE. '<br />', $serendipity['POST']['imageurl'], $tfile);
-                    serendipity_plugin_api::hook_event('backend_image_addHotlink', $tempfile);
-                } else {
-                    $fp = fopen($target, 'w');
-                    fwrite($fp, $fContent);
-                    fclose($fp);
+        if (PEAR::isError($req->sendRequest()) || $req->getResponseCode() != '200') {
+            printf(REMOTE_FILE_NOT_FOUND, $serendipity['POST']['imageurl']);
+        } else {
+            // Fetch file
+            $fContent = $req->getResponseBody();
+
+            if ($serendipity['POST']['imageimporttype'] == 'hotlink') {
+                $tempfile = $serendipity['serendipityPath'] . $serendipity['uploadPath'] . '/hotlink_' . time();
+                $fp = fopen($tempfile, 'w');
+                fwrite($fp, $fContent);
+                fclose($fp);
+
+                $image_id = @serendipity_insertHotlinkedImageInDatabase($tfile, $serendipity['POST']['imageurl'], $authorid, null, $tempfile);
+                printf(HOTLINK_DONE. '<br />', $serendipity['POST']['imageurl'], $tfile);
+                serendipity_plugin_api::hook_event('backend_image_addHotlink', $tempfile);
+            } else {
+                $fp = fopen($target, 'w');
+                fwrite($fp, $fContent);
+                fclose($fp);
 
-                    printf(FILE_FETCHED . '<br />', $serendipity['POST']['imageurl'], $tfile);
+                printf(FILE_FETCHED . '<br />', $serendipity['POST']['imageurl'], $tfile);
 
+                if (serendipity_checkMediaSize($target)) {
                     $thumbs = array(array(
                         'thumbSize' => $serendipity['thumbSize'],
                         'thumb'     => $serendipity['thumbSuffix']
@@ -215,10 +239,16 @@ switch ($serendipity['GET']['adminAction']) {
                     }
 
                     // Insert into database
-                    $image_id = serendipity_insertImageInDatabase($tfile, $serendipity['POST']['target_directory'][$tindex], $authorid);
+                    $image_id = serendipity_insertImageInDatabase($tfile, $serendipity['POST']['target_directory'][$tindex], $authorid, null, $realname);
                     serendipity_plugin_api::hook_event('backend_image_add', $target);
+                    $new_media[] = array(
+                        'image_id'          => $image_id,
+                        'target'            => $target,
+                        'created_thumbnail' => $created_thumbnail
+                    );
                 }
             }
+            serendipity_request_end();
         }
     } else {
         if (!is_array($serendipity['POST']['target_filename'])) {
@@ -248,38 +278,57 @@ switch ($serendipity['GET']['adminAction']) {
             $serendipity['POST']['target_directory'][$idx] = serendipity_uploadSecure($serendipity['POST']['target_directory'][$idx], true, true);
             $target = $serendipity['serendipityPath'] . $serendipity['uploadPath'] . $serendipity['POST']['target_directory'][$idx] . $tfile;
 
+            $realname = $tfile;
             if (file_exists($target)) {
-                echo '(' . $target . ') ' . ERROR_FILE_EXISTS_ALREADY;
-                echo '<br />';
-            } else {
-                // Accept file
-                if (is_uploaded_file($uploadtmp) && move_uploaded_file($uploadtmp, $target)) {
-                    printf(FILE_UPLOADED . '<br />', $uploadfile, $target);
-                    @umask(0000);
-                    @chmod($target, 0664);
+                echo '(' . $target . ') ' . ERROR_FILE_EXISTS_ALREADY . '<br />';
+                $realname = serendipity_imageAppend($tfile, $target, $serendipity['serendipityPath'] . $serendipity['uploadPath'] . $serendipity['POST']['target_directory'][$idx]);
+            }
 
-                    $thumbs = array(array(
-                        'thumbSize' => $serendipity['thumbSize'],
-                        'thumb'     => $serendipity['thumbSuffix']
-                    ));
-                    serendipity_plugin_api::hook_event('backend_media_makethumb', $thumbs);
+            // Accept file
+            if (is_uploaded_file($uploadtmp) && serendipity_checkMediaSize($uploadtmp) && move_uploaded_file($uploadtmp, $target)) {
+                printf(FILE_UPLOADED . '<br />', $uploadfile, $target);
+                @umask(0000);
+                @chmod($target, 0664);
 
-                    foreach($thumbs as $thumb) {
-                        // Create thumbnail
-                        if ( $created_thumbnail = serendipity_makeThumbnail($tfile, $serendipity['POST']['target_directory'][$idx], $thumb['thumbSize'], $thumb['thumb']) ) {
-                            echo THUMB_CREATED_DONE . '<br />';
-                        }
-                    }
+                $thumbs = array(array(
+                    'thumbSize' => $serendipity['thumbSize'],
+                    'thumb'     => $serendipity['thumbSuffix']
+                ));
+                serendipity_plugin_api::hook_event('backend_media_makethumb', $thumbs);
 
-                    // Insert into database
-                    $image_id = serendipity_insertImageInDatabase($tfile, $serendipity['POST']['target_directory'][$idx], $authorid);
-                    serendipity_plugin_api::hook_event('backend_image_add', $target);
-                } else {
-                    echo ERROR_UNKNOWN_NOUPLOAD . '<br />';
+                foreach($thumbs as $thumb) {
+                    // Create thumbnail
+                    if ( $created_thumbnail = serendipity_makeThumbnail($tfile, $serendipity['POST']['target_directory'][$idx], $thumb['thumbSize'], $thumb['thumb']) ) {
+                        echo THUMB_CREATED_DONE . '<br />';
+                    }
                 }
+
+                // Insert into database
+                $image_id = serendipity_insertImageInDatabase($tfile, $serendipity['POST']['target_directory'][$idx], $authorid, null, $realname);
+                serendipity_plugin_api::hook_event('backend_image_add', $target);
+                $new_media[] = array(
+                    'image_id'          => $image_id,
+                    'target'            => $target,
+                    'created_thumbnail' => $created_thumbnail
+                );
+            } else {
+                echo ERROR_UNKNOWN_NOUPLOAD . '<br />';
             }
         }
     }
+
+    if (isset($_REQUEST['go_properties'])) {
+        serendipity_showPropertyForm($new_media);
+    } else {
+        $hidden = array(
+            'author'   => $serendipity['serendipityUser'],
+            'authorid' => $serendipity['authorid']
+        );
+
+        foreach($new_media AS $nm) {
+            serendipity_insertMediaProperty('base_hidden', '', $nm['image_id'], $hidden);
+        }
+    }
     break;
 
 
@@ -302,22 +351,104 @@ switch ($serendipity['GET']['adminAction']) {
 
         break;
 
+    case 'directoryEdit':
+        if (!serendipity_checkPermission('adminImagesDirectories')) {
+            return;
+        }
+
+        $use_dir   = serendipity_uploadSecure($serendipity['GET']['dir']);
+        $checkpath = array(
+            array(
+                'relpath' => $use_dir
+            )
+        );
+
+        if (!serendipity_directoryACL($checkpath, 'write')) {
+            return;
+        }
+
+        if (!empty($serendipity['POST']['save'])) {
+            $newDir   = serendipity_uploadSecure($serendipity['POST']['newDir']);
+            $oldDir   = serendipity_uploadSecure($serendipity['POST']['oldDir']);
+
+            if ($oldDir != $newDir) {
+                serendipity_moveMediaDirectory($oldDir, $newDir);
+                $use_dir = $newDir;
+            }
+            serendipity_ACLGrant(0, 'directory', 'read', $serendipity['POST']['read_authors'], $use_dir);
+            serendipity_ACLGrant(0, 'directory', 'write', $serendipity['POST']['write_authors'], $use_dir);
+            echo '<div>' . sprintf(SETTINGS_SAVED_AT, serendipity_strftime('%H:%M:%S')) . '</div>';
+        }
+
+        $groups = serendipity_getAllGroups();
+        $read_groups  = serendipity_ACLGet(0, 'directory', 'read', $use_dir);
+        $write_groups = serendipity_ACLGet(0, 'directory', 'write', $use_dir);
+?>
+
+    <div class="image_directory_edit"><strong><?php echo MANAGE_DIRECTORIES ?></strong></div>
+    <br />
+    <form id="image_directory_edit_form" method="POST" action="?serendipity[adminModule]=images&amp;serendipity[adminAction]=directoryEdit&amp;serendipity[dir]=<?php echo htmlspecialchars($serendipity['GET']['dir']) ?>">
+    <?php echo serendipity_setFormToken(); ?>
+    <input type="hidden" name="serendipity[oldDir]" value="<?php echo $use_dir; ?>" />
+    <table cellpadding="5">
+        <tr>
+            <td width="100"><strong><?php echo NAME ?></strong></td>
+            <td><input type="text" name="serendipity[newDir]" value="<?php echo $use_dir; ?>" /></td>
+        </tr>
+        <tr>
+            <td><label for="read_authors"><?php echo PERM_READ; ?></label></td>
+            <td>
+                <select size="6" id="read_authors" multiple="multiple" name="serendipity[read_authors][]">
+                    <option value="0" <?php echo (isset($read_groups[0])) ? 'selected="selected"' : ''; ?>><?php echo ALL_AUTHORS; ?></option>
+<?php
+            foreach($groups AS $group) {
+                echo '<option value="' . $group['confkey'] . '" ' . (isset($read_groups[$group['confkey']]) ? 'selected="selected"' : '') . '>' . htmlspecialchars($group['confvalue']) . '</option>' . "\n";
+            }
+?>
+                </select>
+            </td>
+        </tr>
+
+        <tr>
+            <td><label for="write_authors"><?php echo PERM_WRITE; ?></label></td>
+            <td>
+                <select size="6" id="write_authors" multiple="multiple" name="serendipity[write_authors][]">
+                    <option value="0" <?php echo (isset($write_groups[0])) ? 'selected="selected"' : ''; ?>><?php echo ALL_AUTHORS; ?></option>
+<?php
+            foreach($groups AS $group) {
+                echo '<option value="' . $group['confkey'] . '" ' . (isset($write_groups[$group['confkey']]) ? 'selected="selected"' : '') . '>' . htmlspecialchars($group['confvalue']) . '</option>' . "\n";
+            }
+?>
+                </select>
+            </td>
+        </tr>
+    </table>
+    <br />
+    <br />
+    <div align="center">
+        <input name="serendipity[save]" value="<?php echo SAVE ?>" class="serendipityPrettyButton" type="submit" />
+    </div>
+    </form>
+
+<?php
+        break;
+
     case 'directoryDelete':
         if (!serendipity_checkPermission('adminImagesDirectories')) {
             return;
         }
 ?>
 
-    <strong><?php echo DELETE_DIRECTORY ?></strong><br />
-    <?php echo DELETE_DIRECTORY_DESC ?>
+    <div class="image_directory_delete"><strong><?php echo DELETE_DIRECTORY ?></strong></div>
+    <div class="image_directory_delete_desc"><?php echo DELETE_DIRECTORY_DESC ?></div>
     <br />
     <br />
-    <form method="POST" action="?serendipity[adminModule]=images&serendipity[adminAction]=directoryDoDelete&amp;serendipity[dir]=<?php echo $serendipity['GET']['dir'] ?>">
+    <form id="image_directory_delete_form" method="POST" action="?serendipity[adminModule]=images&amp;serendipity[adminAction]=directoryDoDelete&amp;serendipity[dir]=<?php echo htmlspecialchars($serendipity['GET']['dir']) ?>">
     <?php echo serendipity_setFormToken(); ?>
     <table cellpadding="5">
         <tr>
             <td width="100"><strong><?php echo NAME ?></strong></td>
-            <td><?php echo basename($serendipity['GET']['dir']) ?></td>
+            <td><?php echo basename(htmlspecialchars($serendipity['GET']['dir'])) ?></td>
         </tr>
         <tr>
             <td colspan="2"><input type="checkbox" name="serendipity[nuke]" value="true" style="margin: 0"> <?php echo FORCE_DELETE ?></td>
@@ -326,8 +457,8 @@ switch ($serendipity['GET']['adminAction']) {
     <br />
     <br />
     <div align="center">
-        <?php echo sprintf(CONFIRM_DELETE_DIRECTORY, $serendipity['GET']['dir']) ?><br />
-        <input name="SAVE" value="<?php echo DELETE_DIRECTORY ?>" class="serendipityPrettyButton" type="submit">
+        <?php echo sprintf(CONFIRM_DELETE_DIRECTORY, htmlspecialchars($serendipity['GET']['dir'])) ?><br />
+        <input name="SAVE" value="<?php echo DELETE_DIRECTORY ?>" class="serendipityPrettyButton" type="submit" />
     </div>
     </form>
 
@@ -340,13 +471,30 @@ switch ($serendipity['GET']['adminAction']) {
         }
 
         $new_dir = serendipity_uploadSecure($serendipity['POST']['parent'] . '/' . $serendipity['POST']['name'], true);
-        $new_dir = str_replace('..', '', $new_dir);
+        $new_dir = str_replace(array('..', '//'), array('', '/'), $new_dir);
 
         /* TODO: check if directory already exist */
         if (@mkdir($serendipity['serendipityPath'] . $serendipity['uploadPath'] . $new_dir)) {
             printf(DIRECTORY_CREATED, $serendipity['POST']['name']);
             @umask(0000);
             @chmod($serendipity['serendipityPath'] . $serendipity['uploadPath'] . $new_dir, 0777);
+            
+            // Apply parent ACL to new child.
+            $array_parent_read  = serendipity_ACLGet(0, 'directory', 'read',  $serendipity['POST']['parent']);
+            $array_parent_write = serendipity_ACLGet(0, 'directory', 'write', $serendipity['POST']['parent']);
+            if (!is_array($array_parent_read) || count($array_parent_read) < 1) {
+                $parent_read = array(0);
+            } else {
+                $parent_read = array_keys($array_parent_read);
+            }
+            if (!is_array($array_parent_write) || count($array_parent_write) < 1) {
+                $parent_write = array(0);
+            } else {
+                $parent_write = array_keys($array_parent_write);
+            }
+
+            serendipity_ACLGrant(0, 'directory', 'read', $parent_read, $new_dir . '/');
+            serendipity_ACLGrant(0, 'directory', 'write', $parent_write, $new_dir . '/');
         } else {
             printf(DIRECTORY_WRITE_ERROR, $new_dir);
         }
@@ -357,12 +505,23 @@ switch ($serendipity['GET']['adminAction']) {
         if (!serendipity_checkPermission('adminImagesDirectories')) {
             return;
         }
+
+        $folders = serendipity_traversePath(
+            $serendipity['serendipityPath'] . $serendipity['uploadPath'],
+            '',
+            true,
+            NULL,
+            1,
+            NULL,
+            'write'
+        );
+        usort($folders, 'serendipity_sortPath');
 ?>
-    <strong><?php echo CREATE_DIRECTORY ?></strong><br />
-    <?php echo CREATE_DIRECTORY_DESC ?>
+    <div class="image_directory_create"><strong><?php echo CREATE_DIRECTORY ?></strong></div>
+    <div class="image_directory_create_desc"><?php echo CREATE_DIRECTORY_DESC ?></div>
     <br />
     <br />
-    <form method="POST" action="?serendipity[adminModule]=images&serendipity[adminAction]=directoryDoCreate">
+    <form id="image_directory_create_form" method="POST" action="?serendipity[step]=directoryDoCreate&amp;serendipity[adminModule]=images&amp;serendipity[adminAction]=directoryDoCreate">
     <?php echo serendipity_setFormToken(); ?>
     <table cellpadding="5">
         <tr>
@@ -373,8 +532,8 @@ switch ($serendipity['GET']['adminAction']) {
             <td><?php echo PARENT_DIRECTORY ?></td>
             <td><select name="serendipity[parent]">
                     <option value=""><?php echo BASE_DIRECTORY ?></option>
-                <?php foreach ( serendipity_traversePath($serendipity['serendipityPath'] . $serendipity['uploadPath']) as $folder ) { ?>
-                    <option value="<?php echo $folder['relpath'] ?>"><?php echo str_repeat('&nbsp;', $folder['depth']*2) . ' '. $folder['name'] ?></option>
+                <?php foreach ( $folders as $folder ) { ?>
+                    <option <?php echo ($folder['relpath'] == $serendipity['GET']['only_path'] ? 'selected="selected"' : ''); ?> value="<?php echo $folder['relpath'] ?>"><?php echo str_repeat('&nbsp;', $folder['depth']*2) . ' '. $folder['name'] ?></option>
                 <?php } ?>
                 </select>
             </td>
@@ -390,23 +549,33 @@ switch ($serendipity['GET']['adminAction']) {
             return;
         }
 
+        $folders = serendipity_traversePath(
+            $serendipity['serendipityPath'] . $serendipity['uploadPath'],
+            '',
+            true,
+            NULL,
+            1,
+            NULL,
+            'write'
+        );
+        usort($folders, 'serendipity_sortPath');
 ?>
+    <div class="image_directory_list"><?php echo DIRECTORIES_AVAILABLE; ?></div>
     <br />
-    <?php echo DIRECTORIES_AVAILABLE; ?>
-    <br />
-    <table border="0" cellspacing="0" cellpadding="4" width="100%">
+    <table id="image_directory_listing" border="0" cellspacing="0" cellpadding="4" width="100%">
         <tr>
-            <td colspan="2"><strong><?php echo BASE_DIRECTORY ?></strong></td>
+            <td colspan="4"><strong><?php echo BASE_DIRECTORY ?></strong></td>
         </tr>
-        <?php foreach ( serendipity_traversePath($serendipity['serendipityPath'] . $serendipity['uploadPath']) as $folder ) { ?>
+        <?php foreach ($folders as $folder) { ?>
         <tr>
-            <td width="16"><a href="?serendipity[adminModule]=images&amp;serendipity[adminAction]=directoryDelete&amp;serendipity[dir]=<?php echo urlencode($folder['relpath']) ?>"><img src="<?php echo serendipity_getTemplateFile('admin/img/delete.png') ?>" alt="<?php echo DELETE ?>" border="0"></a></td>
+            <td width="16"><a href="?serendipity[adminModule]=images&amp;serendipity[adminAction]=directoryEdit&amp;serendipity[dir]=<?php echo htmlspecialchars($folder['relpath']) ?>"><img src="<?php echo serendipity_getTemplateFile('admin/img/edit.png') ?>" border="0" alt="<?php echo EDIT ?>" /></a></td>
+            <td width="16"><a href="?serendipity[adminModule]=images&amp;serendipity[adminAction]=directoryDelete&amp;serendipity[dir]=<?php echo htmlspecialchars($folder['relpath']) ?>"><img src="<?php echo serendipity_getTemplateFile('admin/img/delete.png') ?>" alt="<?php echo DELETE ?>" border="0"></a></td>
             <td style="padding-left: <?php echo $folder['depth']*10 ?>"><?php echo $folder['name'] ?></td>
         </tr>
         <?php } ?>
     </table>
     <br />
-    <div><a href="?serendipity[adminModule]=images&serendipity[adminAction]=directoryCreate" class="serendipityPrettyButton"><?php echo CREATE_NEW_DIRECTORY ?></a></div>
+    <div><a href="?serendipity[adminModule]=images&amp;serendipity[adminAction]=directoryCreate" class="serendipityPrettyButton"><?php echo CREATE_NEW_DIRECTORY ?></a></div>
 
 <?php
         break;
@@ -417,300 +586,75 @@ switch ($serendipity['GET']['adminAction']) {
         }
 
         serendipity_restoreVar($serendipity['COOKIE']['addmedia_directory'], $serendipity['GET']['only_path']);
-?>
-    <?php echo ADD_MEDIA_BLAHBLAH; ?>
-
-    <script type="text/javascript">
-    // Function prototype inspired by http://molily.de/javascript-nodelist
-    function showNodes(n) {
-        var html;
-        html = '<!--nodeset--><li>';
-
-        switch (n.nodeType) {
-            case 1:
-                html += 'Type is <em>' + n.nodeName + '<\/em>';
-                if (n.hasChildNodes()) {
-                    ausgabe += ' - childNodes: ' + n.childNodes.length;
-                }
-                break;
-
-            case 3:
-                var nval = n.nodeValue.replace(/</g, '&lt;').replace(/\n/g, '\\n');
-                html += 'Content: <strong>' + nval + '<\/strong>';
-                break;
-
-            case 8:
-                var nval = n.nodeValue.replace(/</g, '&lt;').replace(/\n/g, '\\n');
-                html += 'Hidden: <em>' + nval + '<\/em>';
-                break;
-
-            default:
-                html += 'Type is ' + n.nodeType + ', Content is <strong>' + n.nodeValue + '<\/strong>';
-        }
-
-        if (n.hasChildNodes()) {
-            html += '\n<ol>\n';
-            for (i=0; i < n.childNodes.length; i++) {
-                j = n.childNodes[i];
-                html += showNodes(j);
-            }
-            html += '</ol>\n';
-        }
-        html += '</li>\n';
-
-        return html;
-    }
-
-    function getfilename(value) {
-        re = /^.+[\/\\]+?(.+)$/;
-        return value.replace(re, "$1");
-    }
-
-    isFileUpload = true;
-    function hideForeign() {
-        document.getElementById('foreign_upload').style.display = 'none';
-        document.getElementById('imageurl').value = '';
-        isFileUpload = false;
-    }
-
-    var fieldcount = 1;
-    function addField() {
-        fieldcount++;
-
-        fields = document.getElementById('upload_template').cloneNode(true);
-        fields.id = 'upload_form_' + fieldcount;
-        fields.style.display = 'block';
-
-        // Get the DOM outline be uncommenting this:
-        //document.getElementById('debug').innerHTML = showNodes(fields);
-
-        // garvin: This gets a bit weird. Opera, Mozilla and IE all have their own numbering.
-        // We cannot operate on "ID" basis, since a unique ID is not yet set before instancing.
-        if (fields.childNodes[0].nodeValue == null) {
-            // This is Internet Explorer, it does not have a linebreak as first element.
-            userfile       = fields.childNodes[0].childNodes[0].childNodes[0].childNodes[1].childNodes[0];
-            targetfilename = fields.childNodes[0].childNodes[0].childNodes[2].childNodes[1].childNodes[0];
-            targetdir      = fields.childNodes[0].childNodes[0].childNodes[3].childNodes[1].childNodes[0];
-            columncount    = fields.childNodes[1].childNodes[0];
-        } else {
-            // We have a browser which has \n's as their own nodes. Don't ask me. Now let's check if it's Opera or Mozilla.
-            if (fields.childNodes[1].childNodes[0].nodeValue == null) {
-                // This is Opera.
-                userfile       = fields.childNodes[1].childNodes[0].childNodes[0].childNodes[1].childNodes[0];
-                targetfilename = fields.childNodes[1].childNodes[0].childNodes[2].childNodes[1].childNodes[0];
-                targetdir      = fields.childNodes[1].childNodes[0].childNodes[3].childNodes[1].childNodes[0];
-                columncount    = fields.childNodes[3].childNodes[0];
-            } else if (fields.childNodes[1].childNodes[1].childNodes[0].childNodes[3] == null) {
-            	// This is Safari.
-                userfile       = fields.childNodes[1].childNodes[1].childNodes[0].childNodes[1].childNodes[0];
-                targetfilename = fields.childNodes[1].childNodes[1].childNodes[2].childNodes[1].childNodes[0];
-                targetdir      = fields.childNodes[1].childNodes[1].childNodes[3].childNodes[1].childNodes[0];
-                columncount    = fields.childNodes[3].childNodes[0];
-            } else {
-                // This is Mozilla.
-                userfile       = fields.childNodes[1].childNodes[1].childNodes[0].childNodes[3].childNodes[0];
-                targetfilename = fields.childNodes[1].childNodes[1].childNodes[4].childNodes[3].childNodes[0];
-                targetdir      = fields.childNodes[1].childNodes[1].childNodes[6].childNodes[3].childNodes[0];
-                columncount    = fields.childNodes[3].childNodes[0];
-            }
-        }
-
-        userfile.id   = 'userfile_' + fieldcount;
-        userfile.name = 'serendipity[userfile][' + fieldcount + ']';
-
-        targetfilename.id   = 'target_filename_' + fieldcount;
-        targetfilename.name = 'serendipity[target_filename][' + fieldcount + ']';
-
-        targetdir.id   = 'target_directory_' + fieldcount;
-        targetdir.name = 'serendipity[target_directory][' + fieldcount + ']';
-
-        columncount.id   = 'column_count_' + fieldcount;
-        columncount.name = 'serendipity[column_count][' + fieldcount + ']';
-
-        iNode = document.getElementById('upload_form');
-        iNode.parentNode.insertBefore(fields, iNode);
-
-        document.getElementById(targetdir.id).selectedIndex = document.getElementById('target_directory_' + (fieldcount - 1)).selectedIndex;
-    }
-
-    var inputStorage = new Array();
-    function checkInputs() {
-        for (i = 1; i <= fieldcount; i++) {
-            if (!inputStorage[i]) {
-                fillInput(i, i);
-            } else if (inputStorage[i] == document.getElementById('target_filename_' + i).value) {
-                fillInput(i, i);
-            }
-        }
-
-    }
-
-    function debugFields() {
-        for (i = 1; i <= fieldcount; i++) {
-            debugField('target_filename_' + i);
-            debugField('userfile_' + i);
-        }
-    }
-
-    function rememberOptions() {
-        td     = document.getElementById('target_directory_2');
-        td_val = td.options[td.selectedIndex].value;
-        SetCookie("addmedia_directory", td_val);
-    }
-
-    function debugField(id) {
-        alert(id + ': ' + document.getElementById(id).value);
-    }
-
-    function fillInput(source, target) {
-        useDuplicate = false;
-
-        // First field is a special value for foreign URLs instead of uploaded files
-        if (source == 1 && document.getElementById('imageurl').value != "") {
-            sourceval = getfilename(document.getElementById('imageurl').value);
-            useDuplicate = true;
-        } else {
-            sourceval = getfilename(document.getElementById('userfile_' + source).value);
-        }
-
-        if (sourceval.length > 0) {
-            document.getElementById('target_filename_' + target).value = sourceval;
-            inputStorage[target] = sourceval;
-        }
-
-        // Display filename in duplicate form as well!
-        if (useDuplicate) {
-            tkey = target + 1;
-
-            if (!inputStorage[tkey] || inputStorage[tkey] == document.getElementById('target_filename_' + tkey).value) {
-                document.getElementById('target_filename_' + (target+1)).value = sourceval;
-                inputStorage[target + 1] = '~~~';
-            }
-        }
-    }
-    </script>
+        $folders = serendipity_traversePath(
+            $serendipity['serendipityPath'] . $serendipity['uploadPath'],
+            '',
+            true,
+            NULL,
+            1,
+            NULL,
+            'write'
+        );
+        usort($folders, 'serendipity_sortPath');
 
-    <form action="?" method="POST" id="uploadform" enctype="multipart/form-data" onsubmit="rememberOptions()">
-        <div>
-            <?php echo serendipity_setFormToken(); ?>
-            <input type="hidden" name="serendipity[action]"      value="admin" />
-            <input type="hidden" name="serendipity[adminModule]" value="images" />
-            <input type="hidden" name="serendipity[adminAction]" value="add" />
-<?php
+        $form_hidden = '';
         if (isset($image_selector_addvars) && is_array($image_selector_addvars)) {
             // These variables may come from serendipity_admin_image_selector.php to show embedded upload form
             foreach($image_selector_addvars AS $imgsel_key => $imgsel_val) {
-                echo '          <input type="hidden" name="serendipity[' . htmlspecialchars($imgsel_key) . ']" value="' . htmlspecialchars($imgsel_val) . '" />' . "\n";
+                $form_hidden .= '          <input type="hidden" name="serendipity[' . htmlspecialchars($imgsel_key) . ']" value="' . htmlspecialchars($imgsel_val) . '" />' . "\n";
             }
         }
-?>
-            <table id="foreign_upload">
-                <tr>
-                    <td nowrap="nowrap"><?php echo ENTER_MEDIA_URL; ?></td>
-                    <td><input type="text" id="imageurl" name="serendipity[imageurl]"
-                             onchange="checkInputs()"
-                              value=""
-                               size="40" /></td>
-                </tr>
-                <tr>
-                    <td nowrap="nowrap"><?php echo ENTER_MEDIA_URL_METHOD; ?></td>
-                    <td>
-                        <select name="serendipity[imageimporttype]">
-                            <option value="image"><?php echo FETCH_METHOD_IMAGE; ?></option>
-                            <option value="hotlink"><?php echo FETCH_METHOD_HOTLINK; ?></option>
-                        </select>
-                    </td>
-                </tr>
-
-                <tr>
-                    <td align="center" colspan="2"><b> - <?php echo WORD_OR; ?> - </b></td>
-                </tr>
-            </table>
-
-            <!-- WARNING: Do not change spacing or breaks below. If you do, the JavaScript childNodes need to be edited. Newlines count as nodes! -->
-            <div id="upload_template">
-            <table style="margin-top: 35px" id="upload_table">
-                <tr>
-                    <td nowrap='nowrap'><?php echo ENTER_MEDIA_UPLOAD; ?></td>
-                    <td><input id="userfile_1" name="serendipity[userfile][1]"
-                             onchange="checkInputs();"
-                               type="file" /></td>
-                </tr>
-
-                <tr>
-                    <td align="center" colspan="2"><br /></td>
-                </tr>
-
-                <tr>
-                    <td><?php echo SAVE_FILE_AS; ?></td>
-                    <td><input type="text" id="target_filename_1" name="serendipity[target_filename][1]" value="" size="40" /></td>
-                </tr>
-
-                <tr>
-                    <td><?php echo STORE_IN_DIRECTORY; ?></td>
-                    <td><select id="target_directory_1" name="serendipity[target_directory][1]">
-                        <option value=""><?php echo BASE_DIRECTORY; ?></option>
-                        <?php foreach (serendipity_traversePath($serendipity['serendipityPath'] . $serendipity['uploadPath']) as $folder) { ?>
-                        <option <?php echo ($serendipity['GET']['only_path'] == $folder['relpath']) ? 'selected="selected"' : '' ?> value="<?php echo $folder['relpath'] ?>"><?php echo str_repeat('&nbsp;', $folder['depth']*2) . ' '. $folder['name'] ?></option>
-                        <?php } ?>
-                        </select>
-                    </td>
-                </tr>
-           </table>
-           <div id="ccounter"><input type="hidden" name="serendipity[column_count][1]" id="column_count_1" value="true" /></div>
-           </div>
-
-           <div id="debug">
-           </div>
-
-           <script type="text/javascript">
-                document.getElementById('upload_template').style.display  = 'none';
-                document.write('<span id="upload_form"><' + '/span>');
-                addField();
-           </script>
-
-            <?php serendipity_plugin_api::hook_event('backend_image_addform', $serendipity); ?>
-
-            <div style="text-align: center; margin-top: 15px; margin-bottom: 15px">
-                <script type="text/javascript">
-                    document.write('<input class="serendipityPrettyButton" type="button" value="<?php echo IMAGE_MORE_INPUT; ?>" onclick="hideForeign(); addField()"' + '/><br' + '/>');
-                </script>
-                <input type="checkbox" name="serendipity[all_authors]" value="true" checked="checked" id="all_authors" /><label for="all_authors"><?php echo ALL_AUTHORS; ?></label> <input onclick="checkInputs();" type="submit" value="<?php echo GO; ?>" class="serendipityPrettyButton" />
-            </div>
-        </div>
-        <div><?php echo ADD_MEDIA_BLAHBLAH_NOTE; ?></div>
-    </form>
-<?php
+
+        serendipity_smarty_init();
+        $mediaFiles = array(
+            'token'             => serendipity_setFormToken(),
+            'form_hidden'       => $form_hidden,
+            'folders'           => $folders,
+            'only_path'         => $serendipity['GET']['only_path'],
+            'max_file_size'     => $serendipity['maxFileSize'],
+            'maxImgHeight'      => $serendipity['maxImgHeight'],
+            'maxImgWidth'       => $serendipity['maxImgWidth'],
+        );
+        $serendipity['smarty']->assign('media', $mediaFiles);
+        $serendipity['smarty']->display(serendipity_getTemplateFile('admin/media_upload.tpl', 'serendipityPath'));
     break;
 
     case 'rotateCW':
         $file = serendipity_fetchImageFromDatabase($serendipity['GET']['fid']);
-        if (!serendipity_checkPermission('adminImagesDelete') || (!serendipity_checkPermission('adminImagesMaintainOthers') && $file['authorid'] != '0' && $file['authorid'] != $serendipity['authorid'])) {
+        if (!is_array($file) || !serendipity_checkPermission('adminImagesDelete') || (!serendipity_checkPermission('adminImagesMaintainOthers') && $file['authorid'] != '0' && $file['authorid'] != $serendipity['authorid'])) {
             return;
         }
 
+        if (empty($serendipity['adminFile_redirect'])) {
+            $serendipity['adminFile_redirect'] = htmlspecialchars($_SERVER['HTTP_REFERER']);
+        }
+
         if (serendipity_rotateImg($serendipity['GET']['fid'], -90)) {
 ?>
         <script language="javascript" type="text/javascript">
-            location.href="<?php echo htmlspecialchars($_SERVER['HTTP_REFERER']) ?>";
+            location.href="<?php echo $serendipity['adminFile_redirect'] ?>";
         </script>
-	<noscript><a href="<?php echo htmlspecialchars($_SERVER['HTTP_REFERER']) ?>"><?php echo DONE ?></a></noscript>
+	<noscript><a href="<?php echo $serendipity['adminFile_redirect'] ?>"><?php echo DONE ?></a></noscript>
 <?php
         }
     break;
 
     case 'rotateCCW':
         $file = serendipity_fetchImageFromDatabase($serendipity['GET']['fid']);
-        if (!serendipity_checkPermission('adminImagesDelete') || (!serendipity_checkPermission('adminImagesMaintainOthers') && $file['authorid'] != '0' && $file['authorid'] != $serendipity['authorid'])) {
+        if (!is_array($file) || !serendipity_checkPermission('adminImagesDelete') || (!serendipity_checkPermission('adminImagesMaintainOthers') && $file['authorid'] != '0' && $file['authorid'] != $serendipity['authorid'])) {
             return;
         }
 
+        if (empty($serendipity['adminFile_redirect'])) {
+            $serendipity['adminFile_redirect'] = htmlspecialchars($_SERVER['HTTP_REFERER']);
+        }
+
         if (serendipity_rotateImg($serendipity['GET']['fid'], 90)) {
 ?>
         <script language="javascript" type="text/javascript">
-            location.href="<?php echo htmlspecialchars($_SERVER['HTTP_REFERER']) ?>";
+            location.href="<?php echo $serendipity['adminFile_redirect'] ?>";
         </script>
-	<noscript><a href="<?php echo htmlspecialchars($_SERVER['HTTP_REFERER']) ?>"><?php echo DONE ?></a></noscript>
+	<noscript><a href="<?php echo $serendipity['adminFile_redirect'] ?>"><?php echo DONE ?></a></noscript>
 <?php
         }
     break;
@@ -718,7 +662,7 @@ switch ($serendipity['GET']['adminAction']) {
     case 'scale':
         $file = serendipity_fetchImageFromDatabase($serendipity['GET']['fid']);
 
-        if (!serendipity_checkFormToken() || !serendipity_checkPermission('adminImagesDelete') || (!serendipity_checkPermission('adminImagesMaintainOthers') && $file['authorid'] != '0' && $file['authorid'] != $serendipity['authorid'])) {
+        if (!is_array($file) || !serendipity_checkFormToken() || !serendipity_checkPermission('adminImagesDelete') || (!serendipity_checkPermission('adminImagesMaintainOthers') && $file['authorid'] != '0' && $file['authorid'] != $serendipity['authorid'])) {
             return;
         }
 
@@ -726,8 +670,8 @@ switch ($serendipity['GET']['adminAction']) {
           SCALING_IMAGE . '<br />',
 
           $file['path'] . $file['name'] .'.'. $file['extension'],
-          $serendipity['GET']['width'],
-          $serendipity['GET']['height']
+          (int)$serendipity['GET']['width'],
+          (int)$serendipity['GET']['height']
         );
 
         echo serendipity_scaleImg($serendipity['GET']['fid'], $serendipity['GET']['width'], $serendipity['GET']['height']) . '<br />';
@@ -735,16 +679,16 @@ switch ($serendipity['GET']['adminAction']) {
         // Forward user to overview (we don't want the user's back button to rename things again)
 ?>
     <script language="javascript" type="text/javascript">
-       // location.href="?serendipity[adminModule]=images";
+       location.href="?serendipity[adminModule]=images&serendipity[adminAction]=default";
     </script>
-    <noscript><a href="<?php echo htmlspecialchars($_SERVER['HTTP_REFERER']) ?>"><?php echo DONE ?></a></noscript>
+    <noscript><a href="?serendipity[adminModule]=images&amp;serendipity[adminAction]=default"><?php echo DONE ?></a></noscript>
 <?php
         break;
 
     case 'scaleSelect':
         $file = serendipity_fetchImageFromDatabase($serendipity['GET']['fid']);
 
-        if (!serendipity_checkPermission('adminImagesDelete') || (!serendipity_checkPermission('adminImagesMaintainOthers') && $file['authorid'] != '0' && $file['authorid'] != $serendipity['authorid'])) {
+        if (!is_array($file) || !serendipity_checkPermission('adminImagesDelete') || (!serendipity_checkPermission('adminImagesMaintainOthers') && $file['authorid'] != '0' && $file['authorid'] != $serendipity['authorid'])) {
             return;
         }
 
@@ -774,7 +718,7 @@ switch ($serendipity['GET']['adminAction']) {
     </script>
 <?php
 
-        printf(RESIZE_BLAHBLAH, $serendipity['GET']['fname']);
+        printf(RESIZE_BLAHBLAH, htmlspecialchars($serendipity['GET']['fname']));
         printf(ORIGINAL_SIZE, $s[0],$s[1]);
         echo HERE_YOU_CAN_ENTER_BLAHBLAH;
 ?>
@@ -816,8 +760,7 @@ switch ($serendipity['GET']['adminAction']) {
             }
         }
     //-->
-    </script>
-
+</script>
 
 <?php
         if (!isset($serendipity['thumbPerPage'])) {
diff --git a/include/functions_entries_admin.inc.php b/include/functions_entries_admin.inc.php
index 78e8148..5927e06 100644
--- a/include/functions_entries_admin.inc.php
+++ b/include/functions_entries_admin.inc.php
@@ -2,7 +2,14 @@
 # Copyright (c) 2003-2005, Jannis Hermanns (on behalf the Serendipity Developer Team)
 # All rights reserved.  See LICENSE file for licensing details
 
-include_once(S9Y_INCLUDE_PATH . "include/functions_trackbacks.inc.php");
+if (defined('S9Y_FRAMEWORK_ENTRIES_ADMIN')) {
+    return;
+}
+@define('S9Y_FRAMEWORK_ENTRIES_ADMIN', true);
+
+if (!defined('S9Y_FRAMEWORK_TRACKBACKS')) {
+    include(S9Y_INCLUDE_PATH . "include/functions_trackbacks.inc.php");
+}
 
 /**
  * Prints the form for editing/creating new blog entries
@@ -113,7 +120,7 @@ function serendipity_printEntryForm($targetURL, $hiddens = array(), $entry = arr
 ?>
         <div class="serendipityAdminMsgError"><?php echo $errMsg; ?></div>
 <?php } ?>
-        <form <?php echo $entry['entry_form']; ?> action="<?php echo $targetURL; ?>" method="post" <?php echo ($serendipity['XHTML11'] ? 'id' : 'name'); ?>="serendipityEntry" style="margin-top: 0px; margin-bottom: 0px; padding-top: 0px; padding-bottom: 0px">
+        <form <?php echo $entry['entry_form']; ?> action="<?php echo $targetURL; ?>" method="post" id="serendipityEntry" style="margin-top: 0px; margin-bottom: 0px; padding-top: 0px; padding-bottom: 0px">
         <?php echo $hidden; ?>
 
         <table class="serendipityEntryEdit" border="0" width="100%">
@@ -525,7 +532,7 @@ function serendipity_emit_htmlarea_code($item, $jsname, $spawnMulti = false) {
         config<?php echo $jsname; ?>    = editor<?php echo $jsname; ?>.config;
         config<?php echo $jsname; ?>.registerButton('image_selector', '<?PHP echo MANAGE_IMAGES; ?>', '<?php echo $serendipity['serendipityHTTPPath']; ?>htmlarea/images/ed_s9yimage.gif', false,
             function(editor, id) {
-                window.open('<?php echo $serendipity['serendipityHTTPPath']; ?>serendipity_admin_image_selector.php?serendipity[textarea]=<?php echo $jsname; ?>', 'ImageSel', 'width=800,height=600,toolbar=no,scrollbars=1,scrollbars,resize=1,resizable=1');
+                window.open('<?php echo $serendipity['serendipityHTTPPath']; ?>serendipity_admin_image_selector.php?serendipity[textarea]=<?php echo $jsname . ($spawnMulti ? "' + editor._textArea.id + '" : ''); ?>', 'ImageSel', 'width=800,height=600,toolbar=no,scrollbars=1,scrollbars,resize=1,resizable=1');
                 editorref = editor<?php echo $jsname; ?>;
             }
         );
diff --git a/serendipity_editor.js b/serendipity_editor.js
index 12713f3..acac0b2 100644
--- a/serendipity_editor.js
+++ b/serendipity_editor.js
@@ -72,7 +72,7 @@ function wrapSelectionWithLink(txtarea) {
          document.getElementById && getMozSelection(txtarea) == "") {
         var my_desc = prompt("Enter Description", '');
     }
-    
+
     var my_title = prompt("Enter title/tooltip:", "");
 
 	html_title = "";
@@ -142,7 +142,7 @@ function serendipity_insLink (area) {
         area.focus();
         return;
     }
-    
+
 	html_title = "";
     if (my_title != "") {
 		html_title = ' title="' + my_title + '"';
@@ -155,7 +155,9 @@ function serendipity_insLink (area) {
 function serendipity_imageSelector_addToElement (str, el)
 {
     document.getElementById(el).value = str;
-    document.getElementById(el).focus();
+    if (document.getElementById(el).type != 'hidden' && document.getElementById(el).focus) {
+        document.getElementById(el).focus();
+    }
     if (document.getElementById(el).onchange) {
         document.getElementById(el).onchange();
     }
@@ -183,7 +185,7 @@ function serendipity_imageSelector_done(textarea)
     var src = '';
     var f = document.forms['serendipity[selForm]'].elements;
 
-    if (f['serendipity[linkThumbnail]'][0].checked == true) {
+    if (f['serendipity[linkThumbnail]'] && f['serendipity[linkThumbnail]'][0].checked == true) {
         img       = f['thumbName'].value;
         imgWidth  = f['imgThumbWidth'].value;
         imgHeight = f['imgThumbHeight'].value;
@@ -193,10 +195,30 @@ function serendipity_imageSelector_done(textarea)
         imgHeight = f['imgHeight'].value;
     }
 
-    if (f['serendipity[filename_only]'] && f['serendipity[filename_only]'].value == 'true') {
-        self.opener.serendipity_imageSelector_addToElement(img, f['serendipity[htmltarget]'].value);
-        self.close();
-        return true;
+    if (f['serendipity[filename_only]']) {
+        if (f['serendipity[htmltarget]']) {
+            starget = f['serendipity[htmltarget]'].value;
+        } else {
+            starget = 'serendipity[' + textarea + ']';
+        }
+
+        if (f['serendipity[filename_only]'].value == 'true') {
+            parent.self.opener.serendipity_imageSelector_addToElement(img, f['serendipity[htmltarget]'].value);
+            parent.self.close();
+            return true;
+        } else if (f['serendipity[filename_only]'].value == 'id') {
+            parent.self.opener.serendipity_imageSelector_addToElement(f['imgID'].value, starget);
+            parent.self.close();
+            return true;
+        } else if (f['serendipity[filename_only]'].value == 'thumb') {
+            parent.self.opener.serendipity_imageSelector_addToElement(f['thumbName'].value, starget);
+            parent.self.close();
+            return true;
+        } else if (f['serendipity[filename_only]'].value == 'big') {
+            parent.self.opener.serendipity_imageSelector_addToElement(f['imgName'].value, starget);
+            parent.self.close();
+            return true;
+        }
     }
 
     if (document.getElementById('serendipity_imagecomment').value != '') {
@@ -205,31 +227,53 @@ function serendipity_imageSelector_done(textarea)
         styled = true;
     }
 
+    imgID = 0;
+    if (f['imgID']) {
+        imgID = f['imgID'].value;
+    }
+    baseURL = '';
+    if (f['baseURL']) {
+        baseURL = f['baseURL'].value;
+    }
+
     floating = 'center';
-    if (XHTML11) {
-        if (f['serendipity[align]'][0].checked == true) {
-            img = "<img width='" + imgWidth + "' height='" + imgHeight + "' " + (styled ? 'style="border: 0px; padding-left: 5px; padding-right: 5px;"' : '') + ' src="' + img + "\" alt=\"\" />";
-        } else if (f['serendipity[align]'][1].checked == true) {
-            img = "<img width='" + imgWidth + "' height='" + imgHeight + "' " + (styled ? 'style="float: left; border: 0px; padding-left: 5px; padding-right: 5px;"' : '') + ' src="' + img + "\" alt=\"\" />";
-            floating = 'left';
-        } else if (f['serendipity[align]'][2].checked == true) {
-            img = "<img width='" + imgWidth + "' height='" + imgHeight + "' " + (styled ? 'style="float: right; border: 0px; padding-left: 5px; padding-right: 5px;"' : '') + ' src="' + img + "\" alt=\"\" />";
-            floating = 'right';
-        }
-    } else {
-        if (f['serendipity[align]'][0].checked == true) {
-            img = "<img width='" + imgWidth + "' height='" + imgHeight + "' border='0' hspace='5' src='" + img + "' alt='' />";
-        } else if (f['serendipity[align]'][1].checked == true) {
-            img = "<img width='" + imgWidth + "' height='" + imgHeight + "' border='0' hspace='5' align='left' src='" + img + "' alt='' />";
-            floating = 'left';
-        } else if (f['serendipity[align]'][2].checked == true) {
-            img = "<img width='" + imgWidth + "' height='" + imgHeight + "' border='0' hspace='5' align='right' src='" + img + "' alt='' />";
-            floating = 'right';
-        }
+    if (f['serendipity[align]'][0].checked == true) {
+        img = "<!--s9ymdb:" + imgID + "--><img width='" + imgWidth + "' height='" + imgHeight + "' " + (styled ? 'style="border: 0px; padding-left: 5px; padding-right: 5px;"' : '') + ' src="' + img + "\" alt=\"\" />";
+    } else if (f['serendipity[align]'][1].checked == true) {
+        img = "<!--s9ymdb:" + imgID + "--><img width='" + imgWidth + "' height='" + imgHeight + "' " + (styled ? 'style="float: left; border: 0px; padding-left: 5px; padding-right: 5px;"' : '') + ' src="' + img + "\" alt=\"\" />";
+        floating = 'left';
+    } else if (f['serendipity[align]'][2].checked == true) {
+        img = "<!--s9ymdb:" + imgID + "--><img width='" + imgWidth + "' height='" + imgHeight + "' " + (styled ? 'style="float: right; border: 0px; padding-left: 5px; padding-right: 5px;"' : '') + ' src="' + img + "\" alt=\"\" />";
+        floating = 'right';
     }
 
     if (f['serendipity[isLink]'][1].checked == true) {
-        insert = "<a class='serendipity_image_link' href='" + f['serendipity[url]'].value + "'>" + img + "</a>";
+        if (f['serendipity[target]'].selectedIndex) {
+            targetval = f['serendipity[target]'].options[f['serendipity[target]'].selectedIndex].value;
+        } else {
+            targetval = '';
+        }
+
+        prepend   = '';
+        ilink     = f['serendipity[url]'].value;
+        if (!targetval || targetval == 'none') {
+            itarget = '';
+        } else if (targetval == 'js') {
+            itarget = ' onclick="F1 = window.open(\'' + f['serendipity[url]'].value + '\',\'Zoom\',\''
+                    + 'height=' + (parseInt(f['imgHeight'].value) + 15) + ','
+                    + 'width='  + (parseInt(f['imgWidth'].value)  + 15) + ','
+                    + 'top='    + (screen.height - f['imgHeight'].value) /2 + ','
+                    + 'left='   + (screen.width  - f['imgWidth'].value)  /2 + ','
+                    + 'toolbar=no,menubar=no,location=no,resize=1,resizable=1,scrollbars=yes\'); return false;"';
+        } else if (targetval == '_blank') {
+            itarget = ' target="_blank"';
+        } else if (targetval == 'plugin') {
+            itarget = ' id="s9yisphref' + imgID + '" onclick="javascript:this.href = this.href + \'&amp;serendipity[from]=\' + self.location.href;"';
+            prepend = '<a title="' + ilink + '" id="s9yisp' + imgID + '"></a>';
+            ilink   = baseURL + 'serendipity_admin_image_selector.php?serendipity[step]=showItem&amp;serendipity[image]=' + imgID;
+        }
+
+        insert = prepend + "<a class='serendipity_image_link' href='" + ilink + "'" + itarget + ">" + img + "</a>";
     } else {
         insert = img;
     }
@@ -244,14 +288,15 @@ function serendipity_imageSelector_done(textarea)
         block = insert;
     }
 
-    if (self.opener.editorref) {
-        self.opener.editorref.surroundHTML(block, '');
+    if (typeof(parent.self.opener.htmlarea_editors) != 'undefined' && typeof(parent.self.opener.htmlarea_editors[textarea] != 'undefined')) {
+        parent.self.opener.htmlarea_editors[textarea].surroundHTML(block, '');
+    } else if (parent.self.opener.editorref) {
+        parent.self.opener.editorref.surroundHTML(block, '');
     } else {
-    	
-        self.opener.serendipity_imageSelector_addToBody(block, textarea);
+        parent.self.opener.serendipity_imageSelector_addToBody(block, textarea);
     }
 
-    self.close();
+    parent.self.close();
 }
 
 // -->