aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorcash <cash.costello@gmail.com>2011-12-08 18:22:45 -0500
committercash <cash.costello@gmail.com>2011-12-08 18:22:45 -0500
commit19a8af878b74dd9e840fb45c1be4c3a61e93cd64 (patch)
tree4ac1f48c196a17e1c5c959911641df564d1f6ef4
parente99c2870a1ca815c1c94bfec209bda8de4b23a7e (diff)
parentf1c8a2dadee9a31bf941b92eb3f4030b4f89d191 (diff)
downloadelgg-19a8af878b74dd9e840fb45c1be4c3a61e93cd64.tar.gz
elgg-19a8af878b74dd9e840fb45c1be4c3a61e93cd64.tar.bz2
Merging 1.8 into master. This syncs the branches to recover from the cherry picking
-rw-r--r--CHANGES.txt366
-rw-r--r--engine/lib/river.php5
-rw-r--r--engine/tests/api/river.php21
3 files changed, 50 insertions, 342 deletions
diff --git a/CHANGES.txt b/CHANGES.txt
index fb5870700..879fee50c 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -1,3 +1,29 @@
+Version 1.8.1
+(November 16, 2011 from https://github.com/Elgg/Elgg/tree/1.8)
+
+ Enhancements:
+ * Completed styling of user validation admin page
+ * Adding rel=nofollow for non-trusted links
+ * Added direct icon loading for profile avatars in profile plugin
+ * Improved the structure of content views to make styling easier
+ * Updated version of jQuery to 1.6.4
+ * Added basic support for icon size customization
+ * Added a toggle for gallery/list view in file plugin
+ * Added support for passing CSS classes to icon views
+ * Added support for non http URLs to Elgg's normalize functions
+ * Added better support for the 404 forward if a page handler does handle a request
+
+ Bugfixes:
+ * Fixed autocomplete and userpicker
+ * Fixed RSS and web service-related view types
+ * Fixed walled garden display issues
+ * Added work around for IE/TinyMCE/embed insert problem
+ * Implemented ElggUser.isAdmin() JavaScript method
+ * Fixed the date views and JavaScript datepicker
+ * Fixed horizontal radio buttons styling
+ * Modules only display header if there is content for it
+
+
Version 1.8.1b
(October 11, 2011 from git://github.com/Elgg/Elgg.git)
@@ -152,343 +178,3 @@ Version 1.8.0 (Jackie)
Elgg 1.8.0.1 was released immediately after 1.8.0 to correct a problem in
installation.
-
-
-Previous and Merged Changes:
-
-Version 1.7.11
-(August 15, 2011 from http://github.com/Elgg/elgg)
-
- Security Enhancements:
- * Fixed possible XSS vector in the embed plugin. Thanks to Aung Khant from YEHG for the report.
- * Fixed possible SQL exposure exploit in the search plugin. Thanks again to Aung Khant.
- * Fixed possible SQL injection vector in the search plugin. Thanks to Lostmon Lords for the report.
-
- Bugfixes:
- * Filtering by content works in the dashboard again.
- * Dragging widgets works in IE9.
-
- API Changes:
- * Deleting a container will delete all contained objects regardless of access_id.
- * setLocation() and setLatLong() no longer double escapes strings.
- * Calling elgg_list_entities() with count set no longer breaks the display.
-
-
-Version 1.7.10
-(June 14, 2011 from http://code.elgg.org/branches/1.7)
-
- Security Enhancements:
- * Changes to prevent numerous reflected cross site scripting vectors. Thanks to Aung Khant for
- the reports!
-
- Enhancements:
- * Banned users are more apparent in user lists and profiles.
-
- Bugfixes:
- * TinyMCE: Using Elgg's default font to prevent small font sizes.
- * Files: Optimizations to allow uploading and downloading larger files.
- * Fixed bugs preventing users from adding and removing friends in Friends Collections.
- * $CONFIG->lastcache is correctly set for pages that regenerate the cache.
-
- API Changes:
- * Added unit tests for access collections.
- * Added can_edit_access_collection().
- * Access collection functions no longer check permissions. Do this in actions instead.
-
-
-Version 1.7.9
-(June 1, 2011 from http://code.elgg.org/branches/1.7)
-
- Security Enhancements:
- * Blocking possible access to restricted pages if headers are output too early. Thanks to Vazco
- for reporting!
-
- Bugfixes:
- * Admins can delete Pages again.
- * TinyMCE upgraded to 3.4.2 to fix IE support.
- * Autocomplete input works correctly.
- * Fixed Message Board "all" posts.
- * Fixed deleting internal messages on some non-English sites.
- * Better feedback if an error occurs when saving widgets.
- * Messages from deleted users no longer show the recipient's avatar.
- * Https logins on fully https sites work correctly.
-
- API Changes:
- * Added "creating", "river" plugin hook.
- * User metadata is registered as independent higher in the boot sequence.
- * Group ACLs are updated correctly when joining a non-logged in user to a group.
- * Can return 0 for plugin hook 'comments', 'count'.
-
-
-Version 1.7.8
-(April 4, 2011 from http://code.elgg.org/branches/1.7)
-
- Security Enhancements:
- * Properly encoding search queries (Thanks to lord epsylon (of Lorea) for the report!)
-
- Bugfixes:
- * Blogs - Fixed disappearing blog draft issue.
- * Groups - Editing a topic from discussion list page works now.
- * Search - Group names used in titles.
- * InviteFriends - Invitation link no longer shows up when logged out.
- * Messages - Denormalized the message calculation for better performance.
- * Sorting by time_created in relationship functions supported.
- * Metadata and annotation names can now be updated.
- * Fixed error with deleting a user with disabled entities.
- * Removed unnecessary executable permissions on a number of files. (Thanks to
- pauloortiz for the report!)
-
- API Changes:
- * Added delete_submenu_item() for removing sidebar menu items.
-
-
-Version 1.7.7
-(January 31, 2011 from http://code.elgg.org/branches/1.7)
-
- Security Enhancements:
- * Only admins can view the unvalidated users page (Thanks to Manacim
- Medriano for the report!)
-
- Bugfixes:
- * Fixed deprecation notices for locales that use comma as radix point.
- * Groups - Files can be completely disabled per group.
- * Pages - Deleting and creating subpages is restricted to owner or group member.
- * Groups - group icons deleted when group is deleted.
- * Pagination will not display when all content id displayed.
- * Fixed issue with get_context() when trailing slash is missing.
-
- API Changes:
- * Added $CONFIG->action_token_timeout.
- * Added callback option to elgg_get_entities().
-
-
-Version 1.7.6
-(December 23, 2010 from http://code.elgg.org/branches/1.7)
-
- Security Enhancements:
- * Fixed a possible SQL injection attack when using a crafted
- URL. Thanks to Gerrit Venema from Gol Gol (golgol.nl) for
- the report.
-
- Bugfixes:
- * Pages - Fixed "All Pages" link on "All Site Pages" page.
- * Messages - Fixed invalid URLs when using old-style
- pg/messages/<username> links.
- * Messages - Fixed redirect after deleting a message.
-
- API Changes:
- * Added get_entities_from_access_collection() and deprecated it.
- * is_registered_entity_type() returns correctly when requesting
- just a type and not a subtype.
-
-
-Version 1.7.5
-(November 26, 2010 from http://code.elgg.org/branches/1.7)
-
- Security Enhancements:
- * Fixed a security flaw in the Bookmarks plugin that could
- allow an XSS attack using crafted URLs. Thanks to Akhilesh
- Gupta for the bug report.
- * Fixed a security flaw in the widgets system that could allow
- an XSS attack using crafted URLs.
-
- Bugfixes:
- * Checking for mismatched passwords before creating user when
- manually adding users.
- * 'large' size profile icons created when cropped.
- * Fixed menu entry for user's files link.
- * Fixed caching issues with plugin-added view types.
- * Fixed XFN links on profile page and user lists.
- * Fixed PHP warnings about invalid foreaches in plugins.php
- * Fixed problems in elgg_get_entities_*() when using an array
- for owner_guid.
- * Group profile edit action correctly encodes and saves array input.
- * Language string corrections.
-
- UI/UX Changes:
- * Users must verify their current password before they can changing
- passwords.
- * Using pagehandlers instead of mod/mod_name/ calls in Blogs,
- Bookmarks, Members, Pages, The Wire, Groups, Invite Friends,
- and Messages.
- * Added a page to view Wire posts by user.
-
- API Changes:
- * Added remove_group_tool_option().
- * Wrapped Twitter Service's vendor's oAuth lib in class_exists().
- * Added elgg_list_entities_from_relationship().
- * Exposed order_by param in list_entities_from_relationship().
- * Added a default annotation view.
-
-
-Version 1.7.4
-(October 14, 2010 from http://code.elgg.org/branches/1.7)
-
- Bugfixes:
- * Upgrade Twitter Services to use oAuth so The Wire can post
- to Twitter. See http://el.gg/twitteroauth for instructions.
- * WSOD fixed when viewing an invalid profile page.
- * Checking for mismatched passwords earlier in registration to avoid
- creating a user who can never log in and wasting a username/email.
- * POST data in the web services API is correctly quoted on servers
- with magic quotes enabled.
- * WSOD fixed when trying to update an invalid entity.
- * Group file widget only shows when Files are enabled for the group.
- * Fixed misformatting of some group forum posts in the River.
- * Fixed resizing tall non-square images.
- * Non-English languages work when using memcache.
- * User avatar menus work when switching filters on River Dashboard page.
- * CSS is correctly cached for newly enabled plugins.
- * Can no longer add bookmarks without a title. Previous bookmarks with
- out titles can now be deleted.
-
- UI/UX Changes:
- * Pages: Admin users can edit user-defined "Welcome page."
- * Pages: Group "Welcome page" can be edited.
- * User Validation: Added an admin section for unvalidated users. An
- admin user can resend validation request, validate, or delete
- unvalidated users.
-
- API Changes:
- * test_ip() removed.
- * is_ip_in_range() removed.
- * Read/write DB connections can use different credentials.
- * Twitter services plugin allows other plugins to tweet
- if the user authorizes them. See twitterservice/README.txt
-
-
-Version 1.7.3
-(September 2, 2010 from http://code.elgg.org/branches/1.7)
-
- Security enhancements:
- * Fixed a security flaw that allowed an SQL injection attack
- using crafted POSTs. Thanks to Georg-Christian Pranschke of
- www.sensepost.com for the bug report.
-
- UI/UX Changes:
- * Entering an invalid captcha now forwards to referring page.
-
- Bugfixes:
- * Multiple owners support fixed for legacy get_entity*() functions.
- * "Edit details" and "Edit profile icon" only show up for user's own
- profile.
- * get_objects_in_group() works correctly.
-
-
-Version 1.7.2
-(August 18, 2010 from http://code.elgg.org/elgg/branches/1.7)
-
- UI Changes:
- * Group "widgets" have been standardized with new blog and bookmark widgets.
- * New group member listing page.
- * Group forum topics can be edited including title and status.
- * Added a group creation river entry.
-
- Bugfixes:
- * Fixed preview and draft saving for blog plugin.
- * Page titles are now editable.
- * Fixed several bugs with the new elgg_get* and elgg_list* functions.
- * Groups do not show up as personal friend collections anymore.
- * Fixed an upgrade issue with utf8 usernames.
- * Encoding of & in group forums is fixed.
-
- API changes:
- * Added elgg_list_entities_from_metadata().
- * Added elgg_send_email().
- * Added remove_from_river_by_id().
- * Added remove_from_register() for removing menu items.
- * Added elgg_get_excerpt().
- * Added elgg_get_friendly_title() and elgg_get_friendly_time().
-
-
-Version 1.7.1
-(April 21, 2010 from http://code.elgg.org/elgg/branches/1.7)
-
- UI changes:
- * (Unused) tags field removed from external pages.
- * Languages fixes in groups.
- * Installation checks database settings before writing settings.php.
- * Made the widgets more consistent in their UI.
-
- Bugfixes:
- * Pagination fixed.
- * Profile icons fixed for PHP-CGI users who were seeing incorrect avatars.
- * Tag search works in groups and members.
- * Tag clouds correctly link to tag search.
- * RSS views added to search.
- * Wrapper function for get_entities() correctly rewrites container_guid to
- owner_guid.
- * output/url correctly appends http:// again.
- * full_url() urlencode()'s ' and " to avoid a security problem in IE.
-
- API changes:
- * Moved admin flag to users_entity table and added ElggUser->isAdmin(),
- ->makeAdmin(), and ->removeAdmin() to replace the metadata.
- * Plugin hook for reported content includes the report object.
- * UTF8 upgrade checks server defaults before running to avoid
- corrupted strings.
- * Tags lib updated to elgg_get_*() interface.
- * Can get entities based upon annotation/metadata owner_guid.
- * Moved friendly time and friendly title into overridable views.
- * Added unregister_notification_handler().
- * Added remove_widget_type().
- * Search supports container_guid.
-
-
-Version 1.7.0
-(March 2, 2010 from http://code.elgg.org/elgg/trunk/)
-
- User-visible changes:
- * UTF8 now saved correctly in database. #1151
- * Unit tests added to System diagnostics.
- * Debug values output to screen when enabled in admin settings.
- * Users can now log in from multiple computers or browsers concurrently.
- * Misconfigured plugins no longer break the site. #1454
- * User display names cannot have HTML or be longer than 50 characters.
- * New search system.
-
- Bugfixes:
- * Searching by tag with extended characters now works. #1151, #1231
- * Searching for entities works properly with case-insensitive metadata. #1326
- * Invalid views now default to 'default' view. #1161.
- * Metadata cache now handles a 0 string. #1227
- * ElggPlugin get() now works with 0. #1286
- * Metadata __isset() now works for falsy values (except NULL). #1414
- * clear_plugin_setting() now only clears a single setting.
- * Submenu entries are correctly calculated after a simplecache refresh.
-
- API changes:
- * New plugin hook system:unit_test for adding files to unit tests.
- * $is_admin global deprecated; use elgg_set_ignore_access() instead.
- * Deprecated get_entities(). Use elgg_get_entities().
- * Deprecated get_entities_from_metadata(). Use elgg_get_entities_from_metadata().
- * Deprecated get_entities_from_relationship() and g_e_f_relationships_and_meta(). Use elgg_get_entities_from_relationship().
- * Deprecated get_entities_from_access_id(). Use elgg_get_entities_from_access_id().
- * Deprecated get_entities_from_annotations(). Use elgg_get_entities_from_annotations().
- * Reorganized directory file path to rely on GUID instead of username.
- * annotation_id column added to the river database table.
- * remove_from_river_by_annotation() added.
- * unregister_elgg_event_handler() and unregister_plugin_hook() added. #1465
- * clear_all_plugin_settings() added.
- * get_entity_relationships() supports inverse relationships. #1472.
- * can_write_to_container() can be overridden with the container_permissions_check hook. #1164 (part 2).
- * Deprecated search_for_*().
- * Deprecated search_list*().
- * Added elgg_deprecated_notice().
- * ElggEntity::countEntitiesFromRelationship() supports inverse relationships. #1325
- * delete_relationship() triggers the hook delete:relationship and passes the relationship object. #1213
- * added ElggEntity::removeRelationship(). #1376.
- * get_entity_dates() supports order by. #1406.
- * Added elgg_http_add_url_query_elements().
- * Added elgg_register_tag_metadata_name() and elgg_get_registered_tag_metadata_names();
- * Added ElggEntity::getTags().
- * Added elgg_add_action_tokens_to_url().
-
- Services API:
- * Separated user and api authenticate processing
- * hmac signature encoding now compatible with OAuth
- * New plugin hook api_key:use for keeping stats on key usage
- * New plugin hook rest:init so plugins can configure authentication modules
- * Moved auth.gettoken to POST for increased security
- * Fixed REST POST bug #1114
- * Fixed #881, #1214, #1215, #1216, #1217, #1218, #1219, #1220, #1298, #1364
diff --git a/engine/lib/river.php b/engine/lib/river.php
index 02d52dea1..421813441 100644
--- a/engine/lib/river.php
+++ b/engine/lib/river.php
@@ -207,6 +207,8 @@ function elgg_delete_river(array $options = array()) {
/**
* Get river items
*
+ * @note If using types and subtypes in a query, they are joined with an AND.
+ *
* @param array $options
* ids => INT|ARR River item id(s)
* subject_guids => INT|ARR Subject guid(s)
@@ -430,7 +432,6 @@ function elgg_river_get_access_sql() {
*
* @internal This is a simplified version of elgg_get_entity_type_subtype_where_sql()
* which could be used for all queries once the subtypes have been denormalized.
- * FYI: It allows types and subtypes to not be paired.
*
* @param string $table 'rv'
* @param NULL|array $types Array of types or NULL if none.
@@ -477,7 +478,7 @@ function elgg_get_river_type_subtype_where_sql($table, $types, $subtypes, $pairs
}
if (is_array($subtypes_wheres) && count($subtypes_wheres)) {
- $subtypes_wheres = array(implode(' OR ', $subtypes_wheres));
+ $subtypes_wheres = array('(' . implode(' OR ', $subtypes_wheres) . ')');
}
$wheres = array(implode(' AND ', array_merge($types_wheres, $subtypes_wheres)));
diff --git a/engine/tests/api/river.php b/engine/tests/api/river.php
new file mode 100644
index 000000000..6931b9f41
--- /dev/null
+++ b/engine/tests/api/river.php
@@ -0,0 +1,21 @@
+<?php
+/**
+ * Elgg Test river api
+ *
+ * @package Elgg
+ * @subpackage Test
+ */
+class ElggCoreRiverAPITest extends ElggCoreUnitTest {
+
+ public function testElggTypeSubtypeWhereSQL() {
+ $types = array('object');
+ $subtypes = array('blog');
+ $result = elgg_get_river_type_subtype_where_sql('rv', $types, $subtypes, null);
+ $this->assertIdentical($result, "((rv.type = 'object') AND ((rv.subtype = 'blog')))");
+
+ $types = array('object');
+ $subtypes = array('blog', 'file');
+ $result = elgg_get_river_type_subtype_where_sql('rv', $types, $subtypes, null);
+ $this->assertIdentical($result, "((rv.type = 'object') AND ((rv.subtype = 'blog') OR (rv.subtype = 'file')))");
+ }
+}