diff options
author | cash <cash.costello@gmail.com> | 2011-12-08 18:22:45 -0500 |
---|---|---|
committer | cash <cash.costello@gmail.com> | 2011-12-08 18:22:45 -0500 |
commit | 19a8af878b74dd9e840fb45c1be4c3a61e93cd64 (patch) | |
tree | 4ac1f48c196a17e1c5c959911641df564d1f6ef4 | |
parent | e99c2870a1ca815c1c94bfec209bda8de4b23a7e (diff) | |
parent | f1c8a2dadee9a31bf941b92eb3f4030b4f89d191 (diff) | |
download | elgg-19a8af878b74dd9e840fb45c1be4c3a61e93cd64.tar.gz elgg-19a8af878b74dd9e840fb45c1be4c3a61e93cd64.tar.bz2 |
Merging 1.8 into master. This syncs the branches to recover from the cherry picking
-rw-r--r-- | CHANGES.txt | 366 | ||||
-rw-r--r-- | engine/lib/river.php | 5 | ||||
-rw-r--r-- | engine/tests/api/river.php | 21 |
3 files changed, 50 insertions, 342 deletions
diff --git a/CHANGES.txt b/CHANGES.txt index fb5870700..879fee50c 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,3 +1,29 @@ +Version 1.8.1 +(November 16, 2011 from https://github.com/Elgg/Elgg/tree/1.8) + + Enhancements: + * Completed styling of user validation admin page + * Adding rel=nofollow for non-trusted links + * Added direct icon loading for profile avatars in profile plugin + * Improved the structure of content views to make styling easier + * Updated version of jQuery to 1.6.4 + * Added basic support for icon size customization + * Added a toggle for gallery/list view in file plugin + * Added support for passing CSS classes to icon views + * Added support for non http URLs to Elgg's normalize functions + * Added better support for the 404 forward if a page handler does handle a request + + Bugfixes: + * Fixed autocomplete and userpicker + * Fixed RSS and web service-related view types + * Fixed walled garden display issues + * Added work around for IE/TinyMCE/embed insert problem + * Implemented ElggUser.isAdmin() JavaScript method + * Fixed the date views and JavaScript datepicker + * Fixed horizontal radio buttons styling + * Modules only display header if there is content for it + + Version 1.8.1b (October 11, 2011 from git://github.com/Elgg/Elgg.git) @@ -152,343 +178,3 @@ Version 1.8.0 (Jackie) Elgg 1.8.0.1 was released immediately after 1.8.0 to correct a problem in installation. - - -Previous and Merged Changes: - -Version 1.7.11 -(August 15, 2011 from http://github.com/Elgg/elgg) - - Security Enhancements: - * Fixed possible XSS vector in the embed plugin. Thanks to Aung Khant from YEHG for the report. - * Fixed possible SQL exposure exploit in the search plugin. Thanks again to Aung Khant. - * Fixed possible SQL injection vector in the search plugin. Thanks to Lostmon Lords for the report. - - Bugfixes: - * Filtering by content works in the dashboard again. - * Dragging widgets works in IE9. - - API Changes: - * Deleting a container will delete all contained objects regardless of access_id. - * setLocation() and setLatLong() no longer double escapes strings. - * Calling elgg_list_entities() with count set no longer breaks the display. - - -Version 1.7.10 -(June 14, 2011 from http://code.elgg.org/branches/1.7) - - Security Enhancements: - * Changes to prevent numerous reflected cross site scripting vectors. Thanks to Aung Khant for - the reports! - - Enhancements: - * Banned users are more apparent in user lists and profiles. - - Bugfixes: - * TinyMCE: Using Elgg's default font to prevent small font sizes. - * Files: Optimizations to allow uploading and downloading larger files. - * Fixed bugs preventing users from adding and removing friends in Friends Collections. - * $CONFIG->lastcache is correctly set for pages that regenerate the cache. - - API Changes: - * Added unit tests for access collections. - * Added can_edit_access_collection(). - * Access collection functions no longer check permissions. Do this in actions instead. - - -Version 1.7.9 -(June 1, 2011 from http://code.elgg.org/branches/1.7) - - Security Enhancements: - * Blocking possible access to restricted pages if headers are output too early. Thanks to Vazco - for reporting! - - Bugfixes: - * Admins can delete Pages again. - * TinyMCE upgraded to 3.4.2 to fix IE support. - * Autocomplete input works correctly. - * Fixed Message Board "all" posts. - * Fixed deleting internal messages on some non-English sites. - * Better feedback if an error occurs when saving widgets. - * Messages from deleted users no longer show the recipient's avatar. - * Https logins on fully https sites work correctly. - - API Changes: - * Added "creating", "river" plugin hook. - * User metadata is registered as independent higher in the boot sequence. - * Group ACLs are updated correctly when joining a non-logged in user to a group. - * Can return 0 for plugin hook 'comments', 'count'. - - -Version 1.7.8 -(April 4, 2011 from http://code.elgg.org/branches/1.7) - - Security Enhancements: - * Properly encoding search queries (Thanks to lord epsylon (of Lorea) for the report!) - - Bugfixes: - * Blogs - Fixed disappearing blog draft issue. - * Groups - Editing a topic from discussion list page works now. - * Search - Group names used in titles. - * InviteFriends - Invitation link no longer shows up when logged out. - * Messages - Denormalized the message calculation for better performance. - * Sorting by time_created in relationship functions supported. - * Metadata and annotation names can now be updated. - * Fixed error with deleting a user with disabled entities. - * Removed unnecessary executable permissions on a number of files. (Thanks to - pauloortiz for the report!) - - API Changes: - * Added delete_submenu_item() for removing sidebar menu items. - - -Version 1.7.7 -(January 31, 2011 from http://code.elgg.org/branches/1.7) - - Security Enhancements: - * Only admins can view the unvalidated users page (Thanks to Manacim - Medriano for the report!) - - Bugfixes: - * Fixed deprecation notices for locales that use comma as radix point. - * Groups - Files can be completely disabled per group. - * Pages - Deleting and creating subpages is restricted to owner or group member. - * Groups - group icons deleted when group is deleted. - * Pagination will not display when all content id displayed. - * Fixed issue with get_context() when trailing slash is missing. - - API Changes: - * Added $CONFIG->action_token_timeout. - * Added callback option to elgg_get_entities(). - - -Version 1.7.6 -(December 23, 2010 from http://code.elgg.org/branches/1.7) - - Security Enhancements: - * Fixed a possible SQL injection attack when using a crafted - URL. Thanks to Gerrit Venema from Gol Gol (golgol.nl) for - the report. - - Bugfixes: - * Pages - Fixed "All Pages" link on "All Site Pages" page. - * Messages - Fixed invalid URLs when using old-style - pg/messages/<username> links. - * Messages - Fixed redirect after deleting a message. - - API Changes: - * Added get_entities_from_access_collection() and deprecated it. - * is_registered_entity_type() returns correctly when requesting - just a type and not a subtype. - - -Version 1.7.5 -(November 26, 2010 from http://code.elgg.org/branches/1.7) - - Security Enhancements: - * Fixed a security flaw in the Bookmarks plugin that could - allow an XSS attack using crafted URLs. Thanks to Akhilesh - Gupta for the bug report. - * Fixed a security flaw in the widgets system that could allow - an XSS attack using crafted URLs. - - Bugfixes: - * Checking for mismatched passwords before creating user when - manually adding users. - * 'large' size profile icons created when cropped. - * Fixed menu entry for user's files link. - * Fixed caching issues with plugin-added view types. - * Fixed XFN links on profile page and user lists. - * Fixed PHP warnings about invalid foreaches in plugins.php - * Fixed problems in elgg_get_entities_*() when using an array - for owner_guid. - * Group profile edit action correctly encodes and saves array input. - * Language string corrections. - - UI/UX Changes: - * Users must verify their current password before they can changing - passwords. - * Using pagehandlers instead of mod/mod_name/ calls in Blogs, - Bookmarks, Members, Pages, The Wire, Groups, Invite Friends, - and Messages. - * Added a page to view Wire posts by user. - - API Changes: - * Added remove_group_tool_option(). - * Wrapped Twitter Service's vendor's oAuth lib in class_exists(). - * Added elgg_list_entities_from_relationship(). - * Exposed order_by param in list_entities_from_relationship(). - * Added a default annotation view. - - -Version 1.7.4 -(October 14, 2010 from http://code.elgg.org/branches/1.7) - - Bugfixes: - * Upgrade Twitter Services to use oAuth so The Wire can post - to Twitter. See http://el.gg/twitteroauth for instructions. - * WSOD fixed when viewing an invalid profile page. - * Checking for mismatched passwords earlier in registration to avoid - creating a user who can never log in and wasting a username/email. - * POST data in the web services API is correctly quoted on servers - with magic quotes enabled. - * WSOD fixed when trying to update an invalid entity. - * Group file widget only shows when Files are enabled for the group. - * Fixed misformatting of some group forum posts in the River. - * Fixed resizing tall non-square images. - * Non-English languages work when using memcache. - * User avatar menus work when switching filters on River Dashboard page. - * CSS is correctly cached for newly enabled plugins. - * Can no longer add bookmarks without a title. Previous bookmarks with - out titles can now be deleted. - - UI/UX Changes: - * Pages: Admin users can edit user-defined "Welcome page." - * Pages: Group "Welcome page" can be edited. - * User Validation: Added an admin section for unvalidated users. An - admin user can resend validation request, validate, or delete - unvalidated users. - - API Changes: - * test_ip() removed. - * is_ip_in_range() removed. - * Read/write DB connections can use different credentials. - * Twitter services plugin allows other plugins to tweet - if the user authorizes them. See twitterservice/README.txt - - -Version 1.7.3 -(September 2, 2010 from http://code.elgg.org/branches/1.7) - - Security enhancements: - * Fixed a security flaw that allowed an SQL injection attack - using crafted POSTs. Thanks to Georg-Christian Pranschke of - www.sensepost.com for the bug report. - - UI/UX Changes: - * Entering an invalid captcha now forwards to referring page. - - Bugfixes: - * Multiple owners support fixed for legacy get_entity*() functions. - * "Edit details" and "Edit profile icon" only show up for user's own - profile. - * get_objects_in_group() works correctly. - - -Version 1.7.2 -(August 18, 2010 from http://code.elgg.org/elgg/branches/1.7) - - UI Changes: - * Group "widgets" have been standardized with new blog and bookmark widgets. - * New group member listing page. - * Group forum topics can be edited including title and status. - * Added a group creation river entry. - - Bugfixes: - * Fixed preview and draft saving for blog plugin. - * Page titles are now editable. - * Fixed several bugs with the new elgg_get* and elgg_list* functions. - * Groups do not show up as personal friend collections anymore. - * Fixed an upgrade issue with utf8 usernames. - * Encoding of & in group forums is fixed. - - API changes: - * Added elgg_list_entities_from_metadata(). - * Added elgg_send_email(). - * Added remove_from_river_by_id(). - * Added remove_from_register() for removing menu items. - * Added elgg_get_excerpt(). - * Added elgg_get_friendly_title() and elgg_get_friendly_time(). - - -Version 1.7.1 -(April 21, 2010 from http://code.elgg.org/elgg/branches/1.7) - - UI changes: - * (Unused) tags field removed from external pages. - * Languages fixes in groups. - * Installation checks database settings before writing settings.php. - * Made the widgets more consistent in their UI. - - Bugfixes: - * Pagination fixed. - * Profile icons fixed for PHP-CGI users who were seeing incorrect avatars. - * Tag search works in groups and members. - * Tag clouds correctly link to tag search. - * RSS views added to search. - * Wrapper function for get_entities() correctly rewrites container_guid to - owner_guid. - * output/url correctly appends http:// again. - * full_url() urlencode()'s ' and " to avoid a security problem in IE. - - API changes: - * Moved admin flag to users_entity table and added ElggUser->isAdmin(), - ->makeAdmin(), and ->removeAdmin() to replace the metadata. - * Plugin hook for reported content includes the report object. - * UTF8 upgrade checks server defaults before running to avoid - corrupted strings. - * Tags lib updated to elgg_get_*() interface. - * Can get entities based upon annotation/metadata owner_guid. - * Moved friendly time and friendly title into overridable views. - * Added unregister_notification_handler(). - * Added remove_widget_type(). - * Search supports container_guid. - - -Version 1.7.0 -(March 2, 2010 from http://code.elgg.org/elgg/trunk/) - - User-visible changes: - * UTF8 now saved correctly in database. #1151 - * Unit tests added to System diagnostics. - * Debug values output to screen when enabled in admin settings. - * Users can now log in from multiple computers or browsers concurrently. - * Misconfigured plugins no longer break the site. #1454 - * User display names cannot have HTML or be longer than 50 characters. - * New search system. - - Bugfixes: - * Searching by tag with extended characters now works. #1151, #1231 - * Searching for entities works properly with case-insensitive metadata. #1326 - * Invalid views now default to 'default' view. #1161. - * Metadata cache now handles a 0 string. #1227 - * ElggPlugin get() now works with 0. #1286 - * Metadata __isset() now works for falsy values (except NULL). #1414 - * clear_plugin_setting() now only clears a single setting. - * Submenu entries are correctly calculated after a simplecache refresh. - - API changes: - * New plugin hook system:unit_test for adding files to unit tests. - * $is_admin global deprecated; use elgg_set_ignore_access() instead. - * Deprecated get_entities(). Use elgg_get_entities(). - * Deprecated get_entities_from_metadata(). Use elgg_get_entities_from_metadata(). - * Deprecated get_entities_from_relationship() and g_e_f_relationships_and_meta(). Use elgg_get_entities_from_relationship(). - * Deprecated get_entities_from_access_id(). Use elgg_get_entities_from_access_id(). - * Deprecated get_entities_from_annotations(). Use elgg_get_entities_from_annotations(). - * Reorganized directory file path to rely on GUID instead of username. - * annotation_id column added to the river database table. - * remove_from_river_by_annotation() added. - * unregister_elgg_event_handler() and unregister_plugin_hook() added. #1465 - * clear_all_plugin_settings() added. - * get_entity_relationships() supports inverse relationships. #1472. - * can_write_to_container() can be overridden with the container_permissions_check hook. #1164 (part 2). - * Deprecated search_for_*(). - * Deprecated search_list*(). - * Added elgg_deprecated_notice(). - * ElggEntity::countEntitiesFromRelationship() supports inverse relationships. #1325 - * delete_relationship() triggers the hook delete:relationship and passes the relationship object. #1213 - * added ElggEntity::removeRelationship(). #1376. - * get_entity_dates() supports order by. #1406. - * Added elgg_http_add_url_query_elements(). - * Added elgg_register_tag_metadata_name() and elgg_get_registered_tag_metadata_names(); - * Added ElggEntity::getTags(). - * Added elgg_add_action_tokens_to_url(). - - Services API: - * Separated user and api authenticate processing - * hmac signature encoding now compatible with OAuth - * New plugin hook api_key:use for keeping stats on key usage - * New plugin hook rest:init so plugins can configure authentication modules - * Moved auth.gettoken to POST for increased security - * Fixed REST POST bug #1114 - * Fixed #881, #1214, #1215, #1216, #1217, #1218, #1219, #1220, #1298, #1364 diff --git a/engine/lib/river.php b/engine/lib/river.php index 02d52dea1..421813441 100644 --- a/engine/lib/river.php +++ b/engine/lib/river.php @@ -207,6 +207,8 @@ function elgg_delete_river(array $options = array()) { /** * Get river items * + * @note If using types and subtypes in a query, they are joined with an AND. + * * @param array $options * ids => INT|ARR River item id(s) * subject_guids => INT|ARR Subject guid(s) @@ -430,7 +432,6 @@ function elgg_river_get_access_sql() { * * @internal This is a simplified version of elgg_get_entity_type_subtype_where_sql() * which could be used for all queries once the subtypes have been denormalized. - * FYI: It allows types and subtypes to not be paired. * * @param string $table 'rv' * @param NULL|array $types Array of types or NULL if none. @@ -477,7 +478,7 @@ function elgg_get_river_type_subtype_where_sql($table, $types, $subtypes, $pairs } if (is_array($subtypes_wheres) && count($subtypes_wheres)) { - $subtypes_wheres = array(implode(' OR ', $subtypes_wheres)); + $subtypes_wheres = array('(' . implode(' OR ', $subtypes_wheres) . ')'); } $wheres = array(implode(' AND ', array_merge($types_wheres, $subtypes_wheres))); diff --git a/engine/tests/api/river.php b/engine/tests/api/river.php new file mode 100644 index 000000000..6931b9f41 --- /dev/null +++ b/engine/tests/api/river.php @@ -0,0 +1,21 @@ +<?php +/** + * Elgg Test river api + * + * @package Elgg + * @subpackage Test + */ +class ElggCoreRiverAPITest extends ElggCoreUnitTest { + + public function testElggTypeSubtypeWhereSQL() { + $types = array('object'); + $subtypes = array('blog'); + $result = elgg_get_river_type_subtype_where_sql('rv', $types, $subtypes, null); + $this->assertIdentical($result, "((rv.type = 'object') AND ((rv.subtype = 'blog')))"); + + $types = array('object'); + $subtypes = array('blog', 'file'); + $result = elgg_get_river_type_subtype_where_sql('rv', $types, $subtypes, null); + $this->assertIdentical($result, "((rv.type = 'object') AND ((rv.subtype = 'blog') OR (rv.subtype = 'file')))"); + } +} |