aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSem <sembrestels@riseup.net>2014-01-22 04:05:47 +0100
committerSem <sembrestels@riseup.net>2014-01-22 04:05:47 +0100
commit68614b769f4ae4f28c3f395f47b68baba7c48c64 (patch)
tree2c5a744a3859d27883f92b72aef9cf81f1a947d0
parent69e2d8c5d8732042c9319aef1fdea45a82b63e42 (diff)
parentc0295c275d6edbca6c6c8bb51dc199150d0d5fc3 (diff)
downloadelgg-68614b769f4ae4f28c3f395f47b68baba7c48c64.tar.gz
elgg-68614b769f4ae4f28c3f395f47b68baba7c48c64.tar.bz2
Merge branch 'release/1.8.1'
-rw-r--r--.gitignore3
-rw-r--r--CHANGES.txt146
-rw-r--r--COPYRIGHT.txt1
-rw-r--r--README.md28
-rw-r--r--README.txt24
-rw-r--r--actions/admin/site/regenerate_secret.php11
-rw-r--r--actions/admin/site/update_advanced.php6
-rw-r--r--actions/admin/site/update_basic.php2
-rw-r--r--actions/avatar/remove.php52
-rw-r--r--actions/comments/delete.php5
-rw-r--r--actions/friends/collections/add.php2
-rw-r--r--actions/login.php5
-rw-r--r--actions/profile/edit.php9
-rw-r--r--actions/register.php2
-rw-r--r--documentation/info/manifest.xml2
-rw-r--r--engine/classes/ElggAccess.php4
-rw-r--r--engine/classes/ElggAnnotation.php5
-rw-r--r--engine/classes/ElggAttributeLoader.php77
-rw-r--r--engine/classes/ElggAutoP.php59
-rw-r--r--engine/classes/ElggBatch.php71
-rw-r--r--engine/classes/ElggCache.php4
-rw-r--r--engine/classes/ElggCrypto.php208
-rw-r--r--engine/classes/ElggData.php20
-rw-r--r--engine/classes/ElggDiskFilestore.php40
-rw-r--r--engine/classes/ElggEntity.php46
-rw-r--r--engine/classes/ElggExtender.php2
-rw-r--r--engine/classes/ElggFile.php21
-rw-r--r--engine/classes/ElggFileCache.php6
-rw-r--r--engine/classes/ElggGroup.php25
-rw-r--r--engine/classes/ElggLRUCache.php181
-rw-r--r--engine/classes/ElggMemcache.php2
-rw-r--r--engine/classes/ElggMenuBuilder.php29
-rw-r--r--engine/classes/ElggMetadata.php4
-rw-r--r--engine/classes/ElggObject.php19
-rw-r--r--engine/classes/ElggPlugin.php33
-rw-r--r--engine/classes/ElggPluginPackage.php6
-rw-r--r--engine/classes/ElggPriorityList.php30
-rw-r--r--engine/classes/ElggRelationship.php5
-rw-r--r--engine/classes/ElggSite.php20
-rw-r--r--engine/classes/ElggStaticVariableCache.php6
-rw-r--r--engine/classes/ElggTranslit.php55
-rw-r--r--engine/classes/ElggUser.php23
-rw-r--r--engine/classes/ElggVolatileMetadataCache.php92
-rw-r--r--engine/classes/ElggWidget.php12
-rw-r--r--engine/classes/ElggXMLElement.php24
-rw-r--r--engine/classes/ODDMetaData.php14
-rw-r--r--engine/classes/ODDRelationship.php8
-rw-r--r--engine/handlers/cache_handler.php13
-rw-r--r--engine/lib/access.php11
-rw-r--r--engine/lib/actions.php117
-rw-r--r--engine/lib/admin.php37
-rw-r--r--engine/lib/annotations.php89
-rw-r--r--engine/lib/cache.php11
-rw-r--r--engine/lib/calendar.php2
-rw-r--r--engine/lib/configuration.php29
-rw-r--r--engine/lib/cron.php4
-rw-r--r--engine/lib/database.php95
-rw-r--r--engine/lib/deprecated-1.7.php2
-rw-r--r--engine/lib/deprecated-1.8.php66
-rw-r--r--engine/lib/elgglib.php78
-rw-r--r--engine/lib/entities.php216
-rw-r--r--engine/lib/export.php29
-rw-r--r--engine/lib/extender.php20
-rw-r--r--engine/lib/filestore.php6
-rw-r--r--engine/lib/group.php6
-rw-r--r--engine/lib/input.php15
-rw-r--r--engine/lib/languages.php48
-rw-r--r--engine/lib/location.php4
-rw-r--r--engine/lib/mb_wrapper.php2
-rw-r--r--engine/lib/memcache.php20
-rw-r--r--engine/lib/metadata.php62
-rw-r--r--engine/lib/metastrings.php37
-rw-r--r--engine/lib/navigation.php21
-rw-r--r--engine/lib/notification.php38
-rw-r--r--engine/lib/objects.php6
-rw-r--r--engine/lib/opendd.php4
-rw-r--r--engine/lib/output.php57
-rw-r--r--engine/lib/pageowner.php7
-rw-r--r--engine/lib/plugins.php90
-rw-r--r--engine/lib/relationships.php34
-rw-r--r--engine/lib/river.php23
-rw-r--r--engine/lib/sessions.php17
-rw-r--r--engine/lib/sites.php12
-rw-r--r--engine/lib/statistics.php11
-rw-r--r--engine/lib/system_log.php22
-rw-r--r--engine/lib/tags.php7
-rw-r--r--engine/lib/upgrade.php21
-rw-r--r--engine/lib/upgrades/2009102801.php5
-rw-r--r--engine/lib/upgrades/2010033101.php2
-rw-r--r--engine/lib/upgrades/2010061501.php6
-rw-r--r--engine/lib/upgrades/2010071001.php5
-rw-r--r--engine/lib/upgrades/2010071002.php5
-rw-r--r--engine/lib/upgrades/2011052801.php5
-rw-r--r--engine/lib/upgrades/2012041801-1.8.3-multiple_user_tokens-852225f7fd89f6c5.php2
-rw-r--r--engine/lib/upgrades/2013030600-1.8.13-update_user_location-8999eb8bf1bdd9a3.php24
-rw-r--r--engine/lib/upgrades/2013051700-1.8.15-add_missing_group_index-52a63a3a3ffaced2.php28
-rw-r--r--engine/lib/upgrades/2013052900-1.8.15-ipv6_in_syslog-f5c2cc0196e9e731.php12
-rw-r--r--engine/lib/upgrades/2013060900-1.8.15-site_secret-404fc165cf9e0ac9.php16
-rw-r--r--engine/lib/upgrades/create_upgrade.php5
-rw-r--r--engine/lib/user_settings.php7
-rw-r--r--engine/lib/users.php100
-rw-r--r--engine/lib/views.php56
-rw-r--r--engine/lib/web_services.php27
-rw-r--r--engine/lib/widgets.php3
-rw-r--r--engine/lib/xml.php2
-rw-r--r--engine/schema/mysql.sql2
-rw-r--r--engine/tests/api/access_collections.php3
-rw-r--r--engine/tests/api/annotations.php80
-rw-r--r--engine/tests/api/entity_getter_functions.php68
-rw-r--r--engine/tests/api/helpers.php103
-rw-r--r--engine/tests/api/metadata.php16
-rw-r--r--engine/tests/api/metadata_cache.php7
-rw-r--r--engine/tests/api/metastrings.php33
-rw-r--r--engine/tests/api/plugins.php4
-rw-r--r--engine/tests/objects/entities.php2
-rw-r--r--engine/tests/objects/objects.php2
-rw-r--r--engine/tests/objects/users.php21
-rw-r--r--engine/tests/regression/trac_bugs.php190
-rw-r--r--engine/tests/test_files/plugin_18/manifest.xml2
-rw-r--r--engine/tests/test_files/xxe/external_entity.txt1
-rw-r--r--engine/tests/test_files/xxe/request.xml8
-rw-r--r--htaccess_dist46
-rw-r--r--install/ElggInstaller.php14
-rw-r--r--install/cli/sample_installer.php40
-rw-r--r--install/languages/en.php3
-rw-r--r--js/lib/elgglib.js4
-rw-r--r--js/lib/languages.js12
-rw-r--r--js/lib/security.js33
-rw-r--r--js/lib/session.js32
-rw-r--r--js/lib/ui.river.js26
-rw-r--r--js/lib/ui.userpicker.js4
-rw-r--r--js/tests/ElggLibTest.js11
-rw-r--r--js/tests/README5
-rw-r--r--languages/en.php29
-rw-r--r--mod/blog/actions/blog/save.php33
-rw-r--r--mod/blog/lib/blog.php8
-rw-r--r--mod/blog/start.php28
-rw-r--r--mod/blog/views/default/blog/sidebar/archives.php2
-rw-r--r--mod/blog/views/default/forms/blog/save.php2
-rw-r--r--mod/blog/views/default/river/object/blog/create.php6
-rw-r--r--mod/bookmarks/languages/en.php2
-rw-r--r--mod/bookmarks/pages/bookmarks/all.php3
-rw-r--r--mod/bookmarks/pages/bookmarks/friends.php2
-rw-r--r--mod/bookmarks/pages/bookmarks/owner.php3
-rw-r--r--mod/bookmarks/start.php21
-rw-r--r--mod/categories/pages/categories/listing.php4
-rw-r--r--mod/custom_index/index.php2
-rw-r--r--mod/developers/languages/en.php3
-rw-r--r--mod/developers/manifest.xml2
-rw-r--r--mod/developers/start.php9
-rw-r--r--mod/developers/views/default/theme_preview/components/image_block.php12
-rw-r--r--mod/developers/views/default/theme_preview/components/list.php38
-rw-r--r--mod/developers/views/default/theme_preview/components/messages.php10
-rw-r--r--mod/developers/views/default/theme_preview/components/table.php22
-rw-r--r--mod/developers/views/default/theme_preview/icons/avatars.php72
-rw-r--r--mod/developers/views/default/theme_preview/icons/sprites.php120
-rw-r--r--mod/developers/views/default/theme_preview/modules/modules.php44
-rw-r--r--mod/developers/views/default/theme_preview/navigation/breadcrumbs.php20
-rw-r--r--mod/developers/views/default/theme_preview/navigation/default.php22
-rw-r--r--mod/developers/views/default/theme_preview/navigation/extras.php34
-rw-r--r--mod/developers/views/default/theme_preview/navigation/filter.php26
-rw-r--r--mod/developers/views/default/theme_preview/navigation/horizontal.php24
-rw-r--r--mod/developers/views/default/theme_preview/navigation/owner_block.php26
-rw-r--r--mod/developers/views/default/theme_preview/navigation/page.php38
-rw-r--r--mod/developers/views/default/theme_preview/navigation/pagination.php14
-rw-r--r--mod/developers/views/default/theme_preview/navigation/site.php36
-rw-r--r--mod/developers/views/default/theme_preview/navigation/tabs.php18
-rw-r--r--mod/developers/views/default/theme_preview/typography/headings.php10
-rw-r--r--mod/developers/views/default/theme_preview/typography/misc.php32
-rw-r--r--mod/developers/views/default/theme_preview/typography/paragraph.php36
-rw-r--r--mod/embed/start.php26
-rw-r--r--mod/embed/views/default/js/embed/embed.php13
-rw-r--r--mod/externalpages/start.php8
-rw-r--r--mod/file/actions/file/upload.php23
-rw-r--r--mod/file/pages/file/friends.php2
-rw-r--r--mod/file/pages/file/owner.php7
-rw-r--r--mod/file/pages/file/search.php4
-rw-r--r--mod/file/pages/file/world.php7
-rw-r--r--mod/groups/actions/groups/edit.php30
-rw-r--r--mod/groups/actions/groups/membership/invite.php73
-rw-r--r--mod/groups/lib/discussion.php5
-rw-r--r--mod/groups/lib/groups.php44
-rw-r--r--mod/groups/start.php10
-rw-r--r--mod/groups/views/default/forms/groups/edit.php13
-rw-r--r--mod/groups/views/default/groups/css.php4
-rw-r--r--mod/groups/views/default/groups/profile/summary.php9
-rw-r--r--mod/groups/views/default/groups/sidebar/featured.php2
-rw-r--r--mod/groups/views/default/groups/sidebar/members.php2
-rw-r--r--mod/groups/views/default/groups/sidebar/my_status.php4
-rw-r--r--mod/groups/views/default/object/groupforumtopic.php5
-rw-r--r--mod/htmlawed/start.php4
-rw-r--r--mod/htmlawed/tests/tags.php78
-rwxr-xr-xmod/htmlawed/vendors/htmLawed/htmLawed.php82
-rwxr-xr-xmod/htmlawed/vendors/htmLawed/htmLawedTest.php89
-rwxr-xr-x[-rw-r--r--]mod/htmlawed/vendors/htmLawed/htmLawed_README.htm4336
-rwxr-xr-xmod/htmlawed/vendors/htmLawed/htmLawed_README.txt3433
-rwxr-xr-xmod/htmlawed/vendors/htmLawed/htmLawed_TESTCASE.txt66
-rw-r--r--mod/logbrowser/views/default/forms/logbrowser/refine.php4
-rw-r--r--mod/logbrowser/views/default/logbrowser/refine.php2
-rw-r--r--mod/logbrowser/views/default/logbrowser/table.php2
-rw-r--r--mod/logrotate/languages/en.php3
-rw-r--r--mod/logrotate/start.php51
-rw-r--r--mod/logrotate/views/default/plugins/logrotate/settings.php1
-rw-r--r--mod/members/pages/members/search.php8
-rw-r--r--mod/messageboard/pages/messageboard/owner.php1
-rw-r--r--mod/messages/start.php53
-rw-r--r--mod/notifications/actions/groupsave.php4
-rw-r--r--mod/notifications/groups.php4
-rw-r--r--mod/notifications/index.php4
-rw-r--r--mod/notifications/views/default/forms/notificationsettings/groupsave.php4
-rw-r--r--mod/notifications/views/default/notifications/subscriptions/forminternals.php4
-rw-r--r--mod/oauth_api/manifest.xml25
-rw-r--r--mod/oauth_api/start.php24
-rw-r--r--mod/oauth_api/vendors/oauth/LICENSE21
-rw-r--r--mod/oauth_api/vendors/oauth/example/server/INSTALL53
-rw-r--r--mod/oauth_api/vendors/oauth/example/server/core/init.php127
-rw-r--r--mod/oauth_api/vendors/oauth/example/server/core/templates/inc/footer.tpl2
-rw-r--r--mod/oauth_api/vendors/oauth/example/server/core/templates/inc/header.tpl2
-rw-r--r--mod/oauth_api/vendors/oauth/example/server/core/templates/index.tpl13
-rw-r--r--mod/oauth_api/vendors/oauth/example/server/core/templates/logon.tpl21
-rw-r--r--mod/oauth_api/vendors/oauth/example/server/core/templates/register.tpl41
-rw-r--r--mod/oauth_api/vendors/oauth/example/server/www/hello.php65
-rw-r--r--mod/oauth_api/vendors/oauth/example/server/www/index.php37
-rw-r--r--mod/oauth_api/vendors/oauth/example/server/www/logon.php55
-rw-r--r--mod/oauth_api/vendors/oauth/example/server/www/oauth.php77
-rw-r--r--mod/oauth_api/vendors/oauth/example/server/www/register.php28
-rw-r--r--mod/oauth_api/vendors/oauth/example/server/www/services.xrds.php71
-rw-r--r--mod/oauth_api/vendors/oauth/library/OAuthDiscovery.php226
-rw-r--r--mod/oauth_api/vendors/oauth/library/OAuthException.php50
-rw-r--r--mod/oauth_api/vendors/oauth/library/OAuthRequest.php801
-rw-r--r--mod/oauth_api/vendors/oauth/library/OAuthRequestLogger.php274
-rw-r--r--mod/oauth_api/vendors/oauth/library/OAuthRequestSigner.php209
-rw-r--r--mod/oauth_api/vendors/oauth/library/OAuthRequestVerifier.php262
-rw-r--r--mod/oauth_api/vendors/oauth/library/OAuthRequester.php508
-rw-r--r--mod/oauth_api/vendors/oauth/library/OAuthServer.php232
-rw-r--r--mod/oauth_api/vendors/oauth/library/OAuthStore.php86
-rw-r--r--mod/oauth_api/vendors/oauth/library/body/OAuthBodyContentDisposition.php129
-rw-r--r--mod/oauth_api/vendors/oauth/library/body/OAuthBodyMultipartFormdata.php143
-rw-r--r--mod/oauth_api/vendors/oauth/library/discovery/xrds_parse.php304
-rw-r--r--mod/oauth_api/vendors/oauth/library/discovery/xrds_parse.txt101
-rw-r--r--mod/oauth_api/vendors/oauth/library/signature_method/OAuthSignatureMethod.class.php69
-rw-r--r--mod/oauth_api/vendors/oauth/library/signature_method/OAuthSignatureMethod_HMAC_SHA1.php115
-rw-r--r--mod/oauth_api/vendors/oauth/library/signature_method/OAuthSignatureMethod_MD5.php95
-rw-r--r--mod/oauth_api/vendors/oauth/library/signature_method/OAuthSignatureMethod_PLAINTEXT.php80
-rw-r--r--mod/oauth_api/vendors/oauth/library/signature_method/OAuthSignatureMethod_RSA_SHA1.php136
-rw-r--r--mod/oauth_api/vendors/oauth/library/store/OAuthStoreAbstract.class.php149
-rw-r--r--mod/oauth_api/vendors/oauth/library/store/OAuthStoreAnyMeta.php265
-rw-r--r--mod/oauth_api/vendors/oauth/library/store/OAuthStoreMySQL.php1879
-rw-r--r--mod/oauth_api/vendors/oauth/library/store/mysql/install.php32
-rw-r--r--mod/oauth_api/vendors/oauth/library/store/mysql/mysql.sql219
-rw-r--r--mod/oauth_api/vendors/oauth/test/discovery/xrds-fireeagle.xrds78
-rw-r--r--mod/oauth_api/vendors/oauth/test/discovery/xrds-getsatisfaction.xrds73
-rw-r--r--mod/oauth_api/vendors/oauth/test/discovery/xrds-magnolia.xrds81
-rw-r--r--mod/oauth_api/vendors/oauth/test/oauth_test.php188
-rw-r--r--mod/pages/actions/annotations/page/delete.php20
-rw-r--r--mod/pages/actions/pages/delete.php26
-rw-r--r--mod/pages/languages/en.php7
-rw-r--r--mod/pages/lib/pages.php7
-rw-r--r--mod/pages/pages/pages/edit.php13
-rw-r--r--mod/pages/pages/pages/friends.php2
-rw-r--r--mod/pages/pages/pages/history.php4
-rw-r--r--mod/pages/pages/pages/owner.php6
-rw-r--r--mod/pages/pages/pages/world.php4
-rw-r--r--mod/pages/start.php48
-rw-r--r--mod/pages/upgrades/2012061800.php49
-rw-r--r--mod/pages/views/default/annotation/page.php18
-rw-r--r--mod/pages/views/default/object/page_top.php26
-rw-r--r--mod/pages/views/default/pages/sidebar/history.php1
-rw-r--r--mod/profile/icondirect.php6
-rw-r--r--mod/profile/views/default/profile/details.php16
-rw-r--r--mod/reportedcontent/views/default/admin/administer_utilities/reportedcontent.php2
-rw-r--r--mod/reportedcontent/views/default/object/reported_content.php20
-rw-r--r--mod/reportedcontent/views/default/widgets/reportedcontent/content.php4
-rw-r--r--mod/search/README.txt2
-rw-r--r--mod/search/pages/search/index.php12
-rw-r--r--mod/search/search_hooks.php148
-rw-r--r--mod/search/views/default/search/comments/entity.php11
-rw-r--r--mod/search/views/default/search/list.php14
-rw-r--r--mod/search/views/rss/search/comments/entity.php11
-rw-r--r--mod/simplepie/README8
-rw-r--r--mod/simplepie/actions/simplepie/save_group_feed.php14
-rw-r--r--mod/simplepie/languages/en.php6
-rw-r--r--mod/simplepie/languages/es.php14
-rw-r--r--mod/simplepie/manifest.xml2
-rw-r--r--mod/simplepie/start.php10
-rw-r--r--mod/simplepie/views/default/forms/simplepie/save_group_feed.php39
-rw-r--r--mod/simplepie/views/default/simplepie/group_module.php109
-rw-r--r--mod/thewire/pages/thewire/everyone.php2
-rw-r--r--mod/thewire/pages/thewire/friends.php2
-rw-r--r--mod/thewire/pages/thewire/owner.php4
-rw-r--r--mod/thewire/views/default/thewire/profile_status.php4
-rw-r--r--mod/tinymce/vendor/tinymce/changelog.txt1414
-rw-r--r--mod/tinymce/vendor/tinymce/examples/full.html4
-rw-r--r--mod/tinymce/vendor/tinymce/examples/lists/media_list.js2
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/langs/en.js2
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/plugins/advimage/js/image.js8
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/plugins/advlink/js/advlink.js21
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/plugins/autolink/editor_plugin.js2
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/plugins/autolink/editor_plugin_src.js36
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/plugins/autoresize/editor_plugin.js2
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/plugins/autoresize/editor_plugin_src.js58
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/plugins/autosave/editor_plugin.js2
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/plugins/autosave/editor_plugin_src.js6
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/plugins/autosave/langs/en.js4
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/plugins/contextmenu/editor_plugin.js2
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/plugins/contextmenu/editor_plugin_src.js17
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/plugins/directionality/editor_plugin.js2
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/plugins/directionality/editor_plugin_src.js41
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/plugins/emotions/emotions.htm2
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/plugins/fullscreen/editor_plugin.js2
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/plugins/fullscreen/editor_plugin_src.js10
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/plugins/legacyoutput/editor_plugin.js2
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/plugins/legacyoutput/editor_plugin_src.js2
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/plugins/lists/editor_plugin.js2
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/plugins/lists/editor_plugin_src.js166
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/plugins/media/editor_plugin.js2
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/plugins/media/editor_plugin_src.js38
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/plugins/media/js/media.js101
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/plugins/noneditable/editor_plugin.js2
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/plugins/noneditable/editor_plugin_src.js556
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/plugins/paste/editor_plugin.js2
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/plugins/paste/editor_plugin_src.js20
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/plugins/searchreplace/searchreplace.htm2
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/plugins/spellchecker/editor_plugin.js2
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/plugins/spellchecker/editor_plugin_src.js8
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/plugins/style/css/props.css1
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/plugins/style/editor_plugin.js2
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/plugins/style/editor_plugin_src.js22
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/plugins/style/js/props.js80
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/plugins/style/langs/en_dlg.js2
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/plugins/style/props.htm7
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/plugins/style/readme.txt19
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/plugins/tabfocus/editor_plugin.js2
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/plugins/tabfocus/editor_plugin_src.js2
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/plugins/table/editor_plugin.js2
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/plugins/table/editor_plugin_src.js128
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/plugins/table/js/cell.js4
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/plugins/table/js/row.js17
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/plugins/table/js/table.js23
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/plugins/table/row.htm30
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/plugins/visualblocks/css/visualblocks.css21
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/plugins/visualblocks/editor_plugin.js1
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/plugins/visualblocks/editor_plugin_src.js63
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/plugins/wordcount/editor_plugin.js2
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/plugins/wordcount/editor_plugin_src.js20
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/themes/advanced/color_picker.htm8
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/themes/advanced/editor_template.js2
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/themes/advanced/editor_template_src.js224
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/themes/advanced/img/icons.gifbin11790 -> 11982 bytes
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/themes/advanced/js/anchor.js25
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/themes/advanced/js/color_picker.js674
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/themes/advanced/js/image.js6
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/themes/advanced/js/link.js12
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/themes/advanced/js/source_editor.js32
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/themes/advanced/langs/en_dlg.js2
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/themes/advanced/skins/default/dialog.css5
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/themes/advanced/skins/default/ui.css7
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/themes/advanced/skins/highcontrast/dialog.css7
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/themes/advanced/skins/highcontrast/ui.css6
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/themes/advanced/skins/o2k7/dialog.css5
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/themes/advanced/skins/o2k7/ui.css7
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/themes/advanced/source_editor.htm2
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/tiny_mce.js2
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/tiny_mce_popup.js2
-rw-r--r--mod/tinymce/vendor/tinymce/jscripts/tiny_mce/tiny_mce_src.js9038
-rw-r--r--mod/tinymce/views/default/js/tinymce.php14
-rw-r--r--mod/twitter/graphics/thewire_speech_bubble.gifbin560 -> 0 bytes
-rw-r--r--mod/twitter/graphics/twitter16px.pngbin724 -> 0 bytes
-rw-r--r--mod/twitter/languages/en.php17
-rw-r--r--mod/twitter/manifest.xml16
-rw-r--r--mod/twitter/start.php14
-rw-r--r--mod/twitter/views/default/twitter/css.php63
-rw-r--r--mod/twitter/views/default/widgets/twitter/content.php42
-rw-r--r--mod/twitter/views/default/widgets/twitter/edit.php24
-rw-r--r--mod/twitter_api/languages/en.php4
-rw-r--r--mod/twitter_api/lib/twitter_api.php41
-rw-r--r--mod/twitter_api/manifest.xml10
-rw-r--r--mod/twitter_api/pages/twitter_api/interstitial.php4
-rw-r--r--mod/twitter_api/start.php33
-rw-r--r--mod/twitter_api/vendors/twitteroauth/OAuth.php390
-rw-r--r--mod/twitter_api/vendors/twitteroauth/README117
-rw-r--r--mod/twitter_api/vendors/twitteroauth/twitterOAuth.php16
-rw-r--r--mod/twitter_api/views/default/forms/twitter_api/interstitial_settings.php7
-rw-r--r--mod/twitter_api/views/default/plugins/twitter_api/settings.php15
-rw-r--r--pages/account/forgotten_password.php11
-rw-r--r--pages/account/login.php14
-rw-r--r--pages/account/register.php11
-rw-r--r--pages/account/reset_password.php11
-rw-r--r--pages/avatar/edit.php5
-rw-r--r--pages/river.php1
-rw-r--r--pages/settings/account.php3
-rw-r--r--pages/settings/statistics.php3
-rw-r--r--pages/settings/tools.php5
-rw-r--r--upgrade.php2
-rw-r--r--version.php6
-rw-r--r--views/default/admin/settings/advanced/site_secret.php11
-rw-r--r--views/default/css/admin.php29
-rw-r--r--views/default/css/elements/forms.php5
-rw-r--r--views/default/css/elements/navigation.php7
-rw-r--r--views/default/css/ie.php8
-rw-r--r--views/default/css/ie7.php12
-rw-r--r--views/default/forms/admin/site/regenerate_secret.php24
-rw-r--r--views/default/forms/plugins/settings/save.php6
-rw-r--r--views/default/forms/profile/edit.php13
-rw-r--r--views/default/icon/default.php30
-rw-r--r--views/default/input/pulldown.php2
-rw-r--r--views/default/input/userpicker.php8
-rw-r--r--views/default/js/elgg.php2
-rw-r--r--views/default/js/languages.php24
-rw-r--r--views/default/js/walled_garden.php28
-rw-r--r--views/default/object/default.php1
-rw-r--r--views/default/object/elements/full.php4
-rw-r--r--views/default/object/elements/summary.php2
-rw-r--r--views/default/output/access.php2
-rw-r--r--views/default/output/tag.php17
-rw-r--r--views/default/output/tagcloud.php2
-rw-r--r--views/default/output/tags.php19
-rw-r--r--views/default/page/walled_garden.php15
-rw-r--r--views/default/river/elements/summary.php3
419 files changed, 16853 insertions, 18770 deletions
diff --git a/.gitignore b/.gitignore
index c90f6b8..2303faa 100644
--- a/.gitignore
+++ b/.gitignore
@@ -40,7 +40,7 @@
!/mod/uservalidationbyemail/
!/mod/zaudio/
-# ignore IDE/hidden/OS cache files
+# ignore IDE/hidden/testing/OS cache files
.*
*~
/nbproject
@@ -51,6 +51,7 @@ Session.vim
tmtags
Thumbs.db
Desktop.ini
+/JsTestDriver-*.jar
# don't ignore travis config
!/.travis.yml
diff --git a/CHANGES.txt b/CHANGES.txt
index 13c30ae..f6974a3 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -1,3 +1,149 @@
+Version 1.8.18
+(January 11, 2014 from https://github.com/Elgg/Elgg/tree/1.8)
+ Contributing Developers:
+ * Juho Jaakkola
+ * Steve Clay
+
+ Bugfixes:
+ * Fixes notify_user() broken in 1.8.17
+
+
+Version 1.8.17
+(January 1, 2014 from https://github.com/Elgg/Elgg/tree/1.8)
+ Contributing Developers:
+ * Brett Profitt
+ * Cash Costello
+ * Ed Lyons
+ * Evan Winslow
+ * Jeroen Dalsem
+ * Jerome Bakker
+ * Juho Jaakkola
+ * Matt Beckett
+ * Paweł Sroka
+ * Sem
+ * Steve Clay
+
+ Security Fixes:
+ * Specially-crafted request could return the contents of sensitive files.
+ * Reflected XSS attack was possible against 1.8 systems.
+ * The cryptographic key used for various purposes may have been generated with weak entropy, particularly on Windows.
+
+ Bugfixes:
+ * URLs with non-ASCII usernames again work
+ * Floated images are now properly cleared in content areas
+ * The activity page title now matches the document title
+ * Search again supports multiple comments on the same entity
+ * Blog archive sidebar now reverse chronological
+ * URLs with matching parens can now be auto-linked
+ * Log browser links for users now work
+ * Disabling over 50 objects should no longer result in an infinite loop
+ * Radio/checkbox inputs no longer have border radius (for IE10)
+ * User picker: the Only Friends checkbox again works
+ * Group bookmarklet no longer shown to non-members
+ * Widget reordering fixed when moving across columns
+ * Refuse to deactivate plugins needed as dependencies
+
+ Enhancements:
+ * Group member listings are ordered by name
+ * The system_log table can now store IPv6 addresses
+ * Web services auth_gettoken() now accepts email address
+ * List functions: no need to specify pagination for unlimited queries
+ * Htmlawed was upgraded to 1.1.16
+
+
+Version 1.8.16
+(June 25, 2013 from https://github.com/Elgg/Elgg/tree/1.8)
+ Contributing Developers:
+ * Brett Profitt
+ * Cash Costello
+ * Jeff Tilson
+ * Jerome Bakker
+ * Paweł Sroka
+ * Steve Clay
+
+ Security Fixes:
+ * Fixed avatar removal bug (thanks to Jerome Bakker for the first report of this)
+
+ Bugfixes:
+ * Fixed infinite loop when deleting/disabling an entity with > 50 annotations
+ * Fixed deleting log tables in log rotate plugin
+ * Added full text index for groups if missing
+ * Added workaround for IE8 and jumping user avatar
+ * Fixed pagination for members pages
+ * Fixed several internal cache issues
+ * Plus many more bug fixes
+
+
+Version 1.8.15
+(April 23, 2013 from https://github.com/Elgg/Elgg/tree/1.8)
+ Contributing Developers:
+ * Cash Costello
+ * Ismayil Khayredinov
+ * Jeff Tilson
+ * Juho Jaakkola
+ * Matt Beckett
+ * Paweł Sroka
+ * Sem
+ * Steve Clay
+ * Tom Voorneveld
+
+ Bugfixes:
+ * Not displaying http:// on profiles when website isn't set
+ * Fixed pagination display issue for small screens
+ * Not hiding subpages of top level pages that have been deleted
+ * Stop corrupting JavaScript views with elgg deprecation messages
+ * Fixed out of memory error due to query cache
+ * Fixed bug preventing users authorizing Twitter account access
+ * Fixed friends access level for editing pages
+ * Fixed uploading files within the embed dialog
+
+ Enhancements:
+ * Added browser caching of language JS files
+ * Adding nofollow on user posted URLs for spam deterrence (thanks to Hellekin)
+ * Auto-registering views for simplecache when their URL is requested
+ * Display helpful message for those who have site URL configuration issues
+ * Can revert to a previous revision with pages plugin
+ * Site owners can turn off posting wire messages to Twitter
+ * Search results are sorted by relevance
+
+ Dropped Plugins:
+ * Twitter widget due to changes in Twitter API and terms of service
+ * OAuth API plugin due to conflicts with the Twitter API plugin
+
+
+Version 1.8.14
+(March 12, 2013 from https://github.com/Elgg/Elgg/tree/1.8)
+ Contributing Developers:
+ * Aday Talavera
+ * Brett Profitt
+ * Cash Costello
+ * Ed Lyons
+ * German Bortoli
+ * Hellekin Wolf
+ * iionly
+ * Jerome Bakker
+ * Luciano Lima
+ * Matt Beckett
+ * Paweł Sroka
+ * Sem
+ * Steve Clay
+
+ Security Fixes:
+ * Fixed a XSS vulnerability when accepting URLs on user profiles
+ * Fixed bug that exposed subject lines of messages in inbox
+ * Added requirement for CSRF token for login
+
+ Bugfixes:
+ * Strip html tags from tag input
+ * Fixed several display issues for IE7
+ * Fixed several issues with blog drafts
+ * Fixed repeated token timeout errors
+ * Fixed JavaScript localization for non-English languages
+
+ Enhancements:
+ * Web services fall back to json if the viewtype is invalid
+
+
Version 1.8.13
(January 29, 2013 from https://github.com/Elgg/Elgg/tree/1.8)
Contributing Developers:
diff --git a/COPYRIGHT.txt b/COPYRIGHT.txt
index 76781f2..2625153 100644
--- a/COPYRIGHT.txt
+++ b/COPYRIGHT.txt
@@ -6,6 +6,7 @@ The MITRE Corportation (jricher@mitre.org)
Curverider Ltd (info@elgg.com)
Individuals:
+Steve Clay (steve@mrclay.org)
Cash Costello (cash.costello@gmail.com)
Brett Profitt (brett.profitt@gmail.com)
Dave Tosh (davidgtosh@gmail.com)
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..a1b3e1c
--- /dev/null
+++ b/README.md
@@ -0,0 +1,28 @@
+Lorea
+=====
+
+(Re-)Taking the Networks!
+
+The [lorea](https://lorea.org) code aims at providing individuals and teams with privacy-aware, security-conscious, and user-controlled-data collaborative tools over the Web, and around it.
+
+The main application is based on [Elgg](http://elgg.org), a PHP-based social networking platform. Lorea extends it with plugins to provide better privacy features, including strong encryption, *OStatus-based federation* with other Lorea/Elgg installations and OStatus-compliant projects, etc.
+
+It also integrates other popular technologies such as [DokuWiki](http://www.dokuwiki.org), [Etherpad](http://etherpad.org), [XMPP](http://xmpp.org), etc., and provides *GPG-encrypted mailing-lists* to groups.
+
+### Installation
+
+Our code is divided in two git repositories: elgg and lorea-plugins. You can get it using the following commands.
+
+<pre>
+$ git clone git://gitorious.org/lorea/elgg.git
+$ cd elgg
+$ git remote add lorea-plugins git://gitorious.org/lorea/lorea-plugins.git
+$ git pull lorea-plugins master
+</pre>
+
+You can update the code to the latest release using:
+
+<pre>
+$ git pull origin master
+$ git pull lorea-plugins master
+</pre>
diff --git a/README.txt b/README.txt
deleted file mode 100644
index dd604fd..0000000
--- a/README.txt
+++ /dev/null
@@ -1,24 +0,0 @@
-Elgg
-Copyright (c) 2008-2013 See COPYRIGHT.txt
-
-See CONTRIBUTORS.txt for development credits.
-
-Elgg is managed by the Elgg Foundation, a nonprofit organization that was
-founded to govern, protect, and promote the Elgg open source social network
-engine. The Foundation aims to provide a stable, commercially and
-individually independent organization that operates in the best interest of Elgg
-as an open source project.
-
-The project site can be found at http://elgg.org/
-
-The Elgg project was started in 2004 by:
-Ben Werdmuller <ben@benwerd.com, http://benwerd.com> and
-Dave Tosh <davidgtosh@gmail.com>
-
-Elgg is released under the GNU General Public License (GPL) Version 2 and the
-Massachusetts Institute of Technology (MIT) License. See LICENSE.txt
-in the root of the package you downloaded.
-
-For installation instructions, see INSTALL.txt.
-
-For upgrade instructions, see UPGRADE.txt.
diff --git a/actions/admin/site/regenerate_secret.php b/actions/admin/site/regenerate_secret.php
new file mode 100644
index 0000000..3112fb5
--- /dev/null
+++ b/actions/admin/site/regenerate_secret.php
@@ -0,0 +1,11 @@
+<?php
+/**
+ * Generate a new site secret
+ */
+
+init_site_secret();
+elgg_reset_system_cache();
+
+system_message(elgg_echo('admin:site:secret_regenerated'));
+
+forward(REFERER);
diff --git a/actions/admin/site/update_advanced.php b/actions/admin/site/update_advanced.php
index 0fd8d1f..4888b0a 100644
--- a/actions/admin/site/update_advanced.php
+++ b/actions/admin/site/update_advanced.php
@@ -14,10 +14,10 @@ if ($site = elgg_get_site_entity()) {
throw new InstallationException(elgg_echo('InvalidParameterException:NonElggSite'));
}
- $site->url = get_input('wwwroot');
+ $site->url = rtrim(get_input('wwwroot', '', false), '/') . '/';
- datalist_set('path', sanitise_filepath(get_input('path')));
- $dataroot = sanitise_filepath(get_input('dataroot'));
+ datalist_set('path', sanitise_filepath(get_input('path', '', false)));
+ $dataroot = sanitise_filepath(get_input('dataroot', '', false));
// check for relative paths
if (stripos(PHP_OS, 'win') === 0) {
diff --git a/actions/admin/site/update_basic.php b/actions/admin/site/update_basic.php
index 97d258b..9765182 100644
--- a/actions/admin/site/update_basic.php
+++ b/actions/admin/site/update_basic.php
@@ -16,7 +16,7 @@ if ($site = elgg_get_site_entity()) {
}
$site->description = get_input('sitedescription');
- $site->name = get_input('sitename');
+ $site->name = strip_tags(get_input('sitename'));
$site->email = get_input('siteemail');
$site->save();
diff --git a/actions/avatar/remove.php b/actions/avatar/remove.php
index cd38e45..9cb40a7 100644
--- a/actions/avatar/remove.php
+++ b/actions/avatar/remove.php
@@ -3,32 +3,34 @@
* Avatar remove action
*/
-$guid = get_input('guid');
-$user = get_entity($guid);
-if ($user) {
- // Delete all icons from diskspace
- $icon_sizes = elgg_get_config('icon_sizes');
- foreach ($icon_sizes as $name => $size_info) {
- $file = new ElggFile();
- $file->owner_guid = $guid;
- $file->setFilename("profile/{$guid}{$name}.jpg");
- $filepath = $file->getFilenameOnFilestore();
- if (!$file->delete()) {
- elgg_log("Avatar file remove failed. Remove $filepath manually, please.", 'WARNING');
- }
- }
-
- // Remove crop coords
- unset($user->x1);
- unset($user->x2);
- unset($user->y1);
- unset($user->y2);
-
- // Remove icon
- unset($user->icontime);
- system_message(elgg_echo('avatar:remove:success'));
-} else {
+$user_guid = get_input('guid');
+$user = get_user($user_guid);
+
+if (!$user || !$user->canEdit()) {
register_error(elgg_echo('avatar:remove:fail'));
+ forward(REFERER);
}
+// Delete all icons from diskspace
+$icon_sizes = elgg_get_config('icon_sizes');
+foreach ($icon_sizes as $name => $size_info) {
+ $file = new ElggFile();
+ $file->owner_guid = $user_guid;
+ $file->setFilename("profile/{$user_guid}{$name}.jpg");
+ $filepath = $file->getFilenameOnFilestore();
+ if (!$file->delete()) {
+ elgg_log("Avatar file remove failed. Remove $filepath manually, please.", 'WARNING');
+ }
+}
+
+// Remove crop coords
+unset($user->x1);
+unset($user->x2);
+unset($user->y1);
+unset($user->y2);
+
+// Remove icon
+unset($user->icontime);
+
+system_message(elgg_echo('avatar:remove:success'));
forward(REFERER);
diff --git a/actions/comments/delete.php b/actions/comments/delete.php
index f2c058f..c6b481d 100644
--- a/actions/comments/delete.php
+++ b/actions/comments/delete.php
@@ -5,11 +5,6 @@
* @package Elgg
*/
-// Ensure we're logged in
-if (!elgg_is_logged_in()) {
- forward();
-}
-
// Make sure we can get the comment in question
$annotation_id = (int) get_input('annotation_id');
$comment = elgg_get_annotation_from_id($annotation_id);
diff --git a/actions/friends/collections/add.php b/actions/friends/collections/add.php
index 9dc17b3..e63a149 100644
--- a/actions/friends/collections/add.php
+++ b/actions/friends/collections/add.php
@@ -6,7 +6,7 @@
* @subpackage Friends.Collections
*/
-$collection_name = get_input('collection_name');
+$collection_name = htmlspecialchars(get_input('collection_name', '', false), ENT_QUOTES, 'UTF-8');
$friends = get_input('friends_collection');
if (!$collection_name) {
diff --git a/actions/login.php b/actions/login.php
index 1e5e92e..bd7f912 100644
--- a/actions/login.php
+++ b/actions/login.php
@@ -9,7 +9,6 @@
// set forward url
if (!empty($_SESSION['last_forward_from'])) {
$forward_url = $_SESSION['last_forward_from'];
- unset($_SESSION['last_forward_from']);
} elseif (get_input('returntoreferer')) {
$forward_url = REFERER;
} else {
@@ -62,5 +61,9 @@ if ($user->language) {
$message = elgg_echo('loginok');
}
+if (isset($_SESSION['last_forward_from'])) {
+ unset($_SESSION['last_forward_from']);
+}
+
system_message($message);
forward($forward_url);
diff --git a/actions/profile/edit.php b/actions/profile/edit.php
index 89bf2bc..e1f066e 100644
--- a/actions/profile/edit.php
+++ b/actions/profile/edit.php
@@ -4,6 +4,8 @@
*
*/
+elgg_make_sticky_form('profile:edit');
+
$guid = get_input('guid');
$owner = get_entity($guid);
@@ -48,6 +50,10 @@ foreach ($profile_fields as $shortname => $valuetype) {
forward(REFERER);
}
+ if ($value && $valuetype == 'url' && !preg_match('~^https?\://~i', $value)) {
+ $value = "http://$value";
+ }
+
if ($valuetype == 'tags') {
$value = string_to_tag_array($value);
}
@@ -76,7 +82,7 @@ if (sizeof($input) > 0) {
);
elgg_delete_metadata($options);
- if(!is_null($value) && ($value !== '')){
+ if (!is_null($value) && ($value !== '')) {
// only create metadata for non empty values (0 is allowed) to prevent metadata records with empty string values #4858
if (isset($accesslevel[$shortname])) {
@@ -103,6 +109,7 @@ if (sizeof($input) > 0) {
// Notify of profile update
elgg_trigger_event('profileupdate', $owner->type, $owner);
+ elgg_clear_sticky_form('profile:edit');
system_message(elgg_echo("profile:saved"));
}
diff --git a/actions/register.php b/actions/register.php
index 810ceaf..7392623 100644
--- a/actions/register.php
+++ b/actions/register.php
@@ -45,7 +45,9 @@ if (elgg_get_config('allow_registration')) {
// @todo should registration be allowed no matter what the plugins return?
if (!elgg_trigger_plugin_hook('register', 'user', $params, TRUE)) {
+ $ia = elgg_set_ignore_access(true);
$new_user->delete();
+ elgg_set_ignore_access($ia);
// @todo this is a generic messages. We could have plugins
// throw a RegistrationException, but that is very odd
// for the plugin hooks system.
diff --git a/documentation/info/manifest.xml b/documentation/info/manifest.xml
index 4941584..4fd4be8 100644
--- a/documentation/info/manifest.xml
+++ b/documentation/info/manifest.xml
@@ -7,7 +7,7 @@
<description>This is a longer, more interesting description of my plugin, its features, and other important information.</description>
<website>http://www.elgg.org/</website>
<repository>https://github.com/Elgg/Elgg</repository>
- <bugtracker>http://trac.elgg.org</bugtracker>
+ <bugtracker>https://github.com/Elgg/Elgg/issues</bugtracker>
<donations>http://elgg.org/supporter.php</donations>
<copyright>(C) Elgg 2011</copyright>
<license>GNU General Public License version 2</license>
diff --git a/engine/classes/ElggAccess.php b/engine/classes/ElggAccess.php
index 6f8d9bb..0aed477 100644
--- a/engine/classes/ElggAccess.php
+++ b/engine/classes/ElggAccess.php
@@ -16,6 +16,7 @@ class ElggAccess {
*/
private $ignore_access;
+ // @codingStandardsIgnoreStart
/**
* Get current ignore access setting.
*
@@ -26,6 +27,7 @@ class ElggAccess {
elgg_deprecated_notice('ElggAccess::get_ignore_access() is deprecated by ElggAccess::getIgnoreAccess()', 1.8);
return $this->getIgnoreAccess();
}
+ // @codingStandardsIgnoreEnd
/**
* Get current ignore access setting.
@@ -36,6 +38,7 @@ class ElggAccess {
return $this->ignore_access;
}
+ // @codingStandardsIgnoreStart
/**
* Set ignore access.
*
@@ -49,6 +52,7 @@ class ElggAccess {
elgg_deprecated_notice('ElggAccess::set_ignore_access() is deprecated by ElggAccess::setIgnoreAccess()', 1.8);
return $this->setIgnoreAccess($ignore);
}
+ // @codingStandardsIgnoreEnd
/**
* Set ignore access.
diff --git a/engine/classes/ElggAnnotation.php b/engine/classes/ElggAnnotation.php
index 511b515..175e704 100644
--- a/engine/classes/ElggAnnotation.php
+++ b/engine/classes/ElggAnnotation.php
@@ -11,6 +11,9 @@
* @package Elgg.Core
* @subpackage DataModel.Annotations
* @link http://docs.elgg.org/DataModel/Annotations
+ *
+ * @property string $value_type
+ * @property string $enabled
*/
class ElggAnnotation extends ElggExtender {
@@ -56,6 +59,8 @@ class ElggAnnotation extends ElggExtender {
* Save this instance
*
* @return int an object id
+ *
+ * @throws IOException
*/
function save() {
if ($this->id > 0) {
diff --git a/engine/classes/ElggAttributeLoader.php b/engine/classes/ElggAttributeLoader.php
index 602bb8b..ffc80b0 100644
--- a/engine/classes/ElggAttributeLoader.php
+++ b/engine/classes/ElggAttributeLoader.php
@@ -4,6 +4,9 @@
* Loads ElggEntity attributes from DB or validates those passed in via constructor
*
* @access private
+ *
+ * @package Elgg.Core
+ * @subpackage DataModel
*/
class ElggAttributeLoader {
@@ -21,7 +24,7 @@ class ElggAttributeLoader {
'time_created',
'time_updated',
'last_action',
- 'enabled'
+ 'enabled',
);
/**
@@ -65,9 +68,11 @@ class ElggAttributeLoader {
public $full_loader = '';
/**
- * @param string $class class of object being loaded
- * @param string $required_type entity type this is being used to populate
- * @param array $initialized_attrs attributes after initializeAttributes() has been run
+ * Constructor
+ *
+ * @param string $class class of object being loaded
+ * @param string $required_type entity type this is being used to populate
+ * @param array $initialized_attrs attributes after initializeAttributes() has been run
* @throws InvalidArgumentException
*/
public function __construct($class, $required_type, array $initialized_attrs) {
@@ -87,14 +92,33 @@ class ElggAttributeLoader {
$this->secondary_attr_names = array_diff($all_attr_names, self::$primary_attr_names);
}
+ /**
+ * Get primary attributes missing that are missing
+ *
+ * @param stdClass $row Database row
+ * @return array
+ */
protected function isMissingPrimaries($row) {
return array_diff(self::$primary_attr_names, array_keys($row)) !== array();
}
+ /**
+ * Get secondary attributes that are missing
+ *
+ * @param stdClass $row Database row
+ * @return array
+ */
protected function isMissingSecondaries($row) {
return array_diff($this->secondary_attr_names, array_keys($row)) !== array();
}
+ /**
+ * Check that the type is correct
+ *
+ * @param stdClass $row Database row
+ * @return void
+ * @throws InvalidClassException
+ */
protected function checkType($row) {
if ($row['type'] !== $this->required_type) {
$msg = elgg_echo('InvalidClassException:NotValidElggStar', array($row['guid'], $this->class));
@@ -148,11 +172,11 @@ class ElggAttributeLoader {
if (!is_callable($this->primary_loader)) {
throw new LogicException('Primary attribute loader must be callable');
}
- if (!$this->requires_access_control) {
+ if ($this->requires_access_control) {
+ $fetched = (array) call_user_func($this->primary_loader, $row['guid']);
+ } else {
$ignoring_access = elgg_set_ignore_access();
- }
- $fetched = (array) call_user_func($this->primary_loader, $row['guid']);
- if (!$this->requires_access_control) {
+ $fetched = (array) call_user_func($this->primary_loader, $row['guid']);
elgg_set_ignore_access($ignoring_access);
}
if (!$fetched) {
@@ -176,6 +200,8 @@ class ElggAttributeLoader {
// saved, these are stored w/ type "site", but with no sites_entity row. These
// are probably only created in the unit tests.
// @todo Don't save vanilla ElggEntities with type "site"
+
+ $row = $this->filterAddedColumns($row);
$row['guid'] = (int) $row['guid'];
return $row;
}
@@ -185,15 +211,38 @@ class ElggAttributeLoader {
}
}
- // loading complete: re-check missing and check type
- if (($was_missing_primaries && $this->isMissingPrimaries($row))
- || ($was_missing_secondaries && $this->isMissingSecondaries($row))) {
- throw new LogicException('Attribute loaders failed to return proper attributes');
- }
+ $row = $this->filterAddedColumns($row);
+
+ // Note: If there are still missing attributes, we're running on a 1.7 or earlier schema. We let
+ // this pass so the upgrades can run.
- // guid needs to be an int http://trac.elgg.org/ticket/4111
+ // guid needs to be an int https://github.com/elgg/elgg/issues/4111
$row['guid'] = (int) $row['guid'];
return $row;
}
+
+ /**
+ * Filter out keys returned by the query which should not appear in the entity's attributes
+ *
+ * @param array $row All columns from the query
+ * @return array Columns acceptable for the entity's attributes
+ */
+ protected function filterAddedColumns($row) {
+ // make an array with keys as acceptable attribute names
+ $acceptable_attrs = self::$primary_attr_names;
+ array_splice($acceptable_attrs, count($acceptable_attrs), 0, $this->secondary_attr_names);
+ $acceptable_attrs = array_combine($acceptable_attrs, $acceptable_attrs);
+
+ // @todo remove these when #4584 is in place
+ $acceptable_attrs['tables_split'] = true;
+ $acceptable_attrs['tables_loaded'] = true;
+
+ foreach ($row as $key => $val) {
+ if (!isset($acceptable_attrs[$key])) {
+ unset($row[$key]);
+ }
+ }
+ return $row;
+ }
}
diff --git a/engine/classes/ElggAutoP.php b/engine/classes/ElggAutoP.php
index 89d77e5..05842d1 100644
--- a/engine/classes/ElggAutoP.php
+++ b/engine/classes/ElggAutoP.php
@@ -7,6 +7,9 @@
*
* In DIV elements, Ps are only added when there would be at
* least two of them.
+ *
+ * @package Elgg.Core
+ * @subpackage Output
*/
class ElggAutoP {
@@ -51,8 +54,12 @@ class ElggAutoP {
protected $_alterList = 'article aside blockquote body details div footer header
section';
+ /** @var string */
protected $_unique = '';
+ /**
+ * Constructor
+ */
public function __construct() {
$this->_blocks = preg_split('@\\s+@', $this->_blocks);
$this->_descendList = preg_split('@\\s+@', $this->_descendList);
@@ -98,25 +105,34 @@ class ElggAutoP {
$html = str_replace('&', $this->_unique . 'AMP', $html);
$this->_doc = new DOMDocument();
-
+
// parse to DOM, suppressing loadHTML warnings
// http://www.php.net/manual/en/domdocument.loadhtml.php#95463
libxml_use_internal_errors(true);
+ // Do not load entities. May be unnecessary, better safe than sorry
+ $disable_load_entities = libxml_disable_entity_loader(true);
+
if (!$this->_doc->loadHTML("<html><meta http-equiv='content-type' "
. "content='text/html; charset={$this->encoding}'><body>{$html}</body>"
. "</html>")) {
+
+ libxml_disable_entity_loader($disable_load_entities);
return false;
}
+ libxml_disable_entity_loader($disable_load_entities);
+
$this->_xpath = new DOMXPath($this->_doc);
// start processing recursively at the BODY element
$nodeList = $this->_xpath->query('//body[1]');
- $this->_addParagraphs($nodeList->item(0));
+ $this->addParagraphs($nodeList->item(0));
// serialize back to HTML
$html = $this->_doc->saveHTML();
+ // Note: we create <autop> elements, which will later be converted to paragraphs
+
// split AUTOPs into multiples at /\n\n+/
$html = preg_replace('/(' . $this->_unique . 'NL){2,}/', '</autop><autop>', $html);
$html = str_replace(array($this->_unique . 'BR', $this->_unique . 'NL', '<br>'),
@@ -126,14 +142,22 @@ class ElggAutoP {
// re-parse so we can handle new AUTOP elements
+ // Do not load entities. May be unnecessary, better safe than sorry
+ $disable_load_entities = libxml_disable_entity_loader(true);
+
if (!$this->_doc->loadHTML($html)) {
+ libxml_disable_entity_loader($disable_load_entities);
return false;
}
+
+ libxml_disable_entity_loader($disable_load_entities);
+
// must re-create XPath object after DOM load
$this->_xpath = new DOMXPath($this->_doc);
// strip AUTOPs that only have comments/whitespace
foreach ($this->_xpath->query('//autop') as $autop) {
+ /* @var DOMElement $autop */
$hasContent = false;
if (trim($autop->textContent) !== '') {
$hasContent = true;
@@ -146,17 +170,19 @@ class ElggAutoP {
}
}
if (!$hasContent) {
- // strip w/ preg_replace later (faster than moving nodes out)
+ // mark to be later replaced w/ preg_replace (faster than moving nodes out)
$autop->setAttribute("r", "1");
}
}
- // remove a single AUTOP inside certain elements
+ // If a DIV contains a single AUTOP, remove it
foreach ($this->_xpath->query('//div') as $el) {
+ /* @var DOMElement $el */
$autops = $this->_xpath->query('./autop', $el);
if ($autops->length === 1) {
- // strip w/ preg_replace later (faster than moving nodes out)
- $autops->item(0)->setAttribute("r", "1");
+ $firstAutop = $autops->item(0);
+ /* @var DOMElement $firstAutop */
+ $firstAutop->setAttribute("r", "1");
}
}
@@ -182,15 +208,16 @@ class ElggAutoP {
/**
* Add P and BR elements as necessary
*
- * @param DOMElement $el
+ * @param DOMElement $el DOM element
+ * @return void
*/
- protected function _addParagraphs(DOMElement $el) {
- // no need to recurse, just queue up
+ protected function addParagraphs(DOMElement $el) {
+ // no need to call recursively, just queue up
$elsToProcess = array($el);
$inlinesToProcess = array();
while ($el = array_shift($elsToProcess)) {
// if true, we can alter all child nodes, if not, we'll just call
- // _addParagraphs on each element in the descendInto list
+ // addParagraphs on each element in the descendInto list
$alterInline = in_array($el->nodeName, $this->_alterList);
// inside affected elements, we want to trim leading whitespace from
@@ -216,16 +243,16 @@ class ElggAutoP {
$isElement = ($node->nodeType === XML_ELEMENT_NODE);
if ($isElement) {
- $elName = $node->nodeName;
+ $isBlock = in_array($node->nodeName, $this->_blocks);
+ } else {
+ $isBlock = false;
}
- $isBlock = ($isElement && in_array($elName, $this->_blocks));
if ($alterInline) {
- $isInline = $isElement && ! $isBlock;
$isText = ($node->nodeType === XML_TEXT_NODE);
$isLastInline = (! $node->nextSibling
- || ($node->nextSibling->nodeType === XML_ELEMENT_NODE
- && in_array($node->nextSibling->nodeName, $this->_blocks)));
+ || ($node->nextSibling->nodeType === XML_ELEMENT_NODE
+ && in_array($node->nextSibling->nodeName, $this->_blocks)));
if ($isElement) {
$isFollowingBr = ($node->nodeName === 'br');
}
@@ -258,7 +285,7 @@ class ElggAutoP {
if ($isBlock) {
if (in_array($node->nodeName, $this->_descendList)) {
$elsToProcess[] = $node;
- //$this->_addParagraphs($node);
+ //$this->addParagraphs($node);
}
}
$openP = true;
diff --git a/engine/classes/ElggBatch.php b/engine/classes/ElggBatch.php
index c1a77a0..d810ea0 100644
--- a/engine/classes/ElggBatch.php
+++ b/engine/classes/ElggBatch.php
@@ -150,6 +150,20 @@ class ElggBatch
private $incrementOffset = true;
/**
+ * Entities that could not be instantiated during a fetch
+ *
+ * @var stdClass[]
+ */
+ private $incompleteEntities = array();
+
+ /**
+ * Total number of incomplete entities fetched
+ *
+ * @var int
+ */
+ private $totalIncompletes = 0;
+
+ /**
* Batches operations on any elgg_get_*() or compatible function that supports
* an options array.
*
@@ -222,16 +236,22 @@ class ElggBatch
}
/**
+ * Tell the process that an entity was incomplete during a fetch
+ *
+ * @param stdClass $row
+ *
+ * @access private
+ */
+ public function reportIncompleteEntity(stdClass $row) {
+ $this->incompleteEntities[] = $row;
+ }
+
+ /**
* Fetches the next chunk of results
*
* @return bool
*/
private function getNextResultsChunk() {
- // reset memory caches after first chunk load
- if ($this->chunkIndex > 0) {
- global $DB_QUERY_CACHE, $ENTITY_CACHE;
- $DB_QUERY_CACHE = $ENTITY_CACHE = array();
- }
// always reset results.
$this->results = array();
@@ -265,27 +285,47 @@ class ElggBatch
if ($this->incrementOffset) {
$offset = $this->offset + $this->retrievedResults;
} else {
- $offset = $this->offset;
+ $offset = $this->offset + $this->totalIncompletes;
}
$current_options = array(
'limit' => $limit,
- 'offset' => $offset
+ 'offset' => $offset,
+ '__ElggBatch' => $this,
);
$options = array_merge($this->options, $current_options);
- $getter = $this->getter;
- if (is_string($getter)) {
- $this->results = $getter($options);
- } else {
- $this->results = call_user_func_array($getter, array($options));
+ $this->incompleteEntities = array();
+ $this->results = call_user_func_array($this->getter, array($options));
+
+ $num_results = count($this->results);
+ $num_incomplete = count($this->incompleteEntities);
+
+ $this->totalIncompletes += $num_incomplete;
+
+ if ($this->incompleteEntities) {
+ // pad the front of the results with nulls representing the incompletes
+ array_splice($this->results, 0, 0, array_pad(array(), $num_incomplete, null));
+ // ...and skip past them
+ reset($this->results);
+ for ($i = 0; $i < $num_incomplete; $i++) {
+ next($this->results);
+ }
}
if ($this->results) {
$this->chunkIndex++;
- $this->resultIndex = 0;
- $this->retrievedResults += count($this->results);
+
+ // let the system know we've jumped past the nulls
+ $this->resultIndex = $num_incomplete;
+
+ $this->retrievedResults += ($num_results + $num_incomplete);
+ if ($num_results == 0) {
+ // This fetch was *all* incompletes! We need to fetch until we can either
+ // offer at least one row to iterate over, or give up.
+ return $this->getNextResultsChunk();
+ }
return true;
} else {
return false;
@@ -296,7 +336,8 @@ class ElggBatch
* Increment the offset from the original options array? Setting to
* false is required for callbacks that delete rows.
*
- * @param bool $increment
+ * @param bool $increment Set to false when deleting data
+ * @return void
*/
public function setIncrementOffset($increment = true) {
$this->incrementOffset = (bool) $increment;
diff --git a/engine/classes/ElggCache.php b/engine/classes/ElggCache.php
index 4317f4b..909eab3 100644
--- a/engine/classes/ElggCache.php
+++ b/engine/classes/ElggCache.php
@@ -21,6 +21,7 @@ abstract class ElggCache implements ArrayAccess {
$this->variables = array();
}
+ // @codingStandardsIgnoreStart
/**
* Set a cache variable.
*
@@ -35,6 +36,7 @@ abstract class ElggCache implements ArrayAccess {
elgg_deprecated_notice('ElggCache::set_variable() is deprecated by ElggCache::setVariable()', 1.8);
$this->setVariable($variable, $value);
}
+ // @codingStandardsIgnoreEnd
/**
* Set a cache variable.
@@ -52,6 +54,7 @@ abstract class ElggCache implements ArrayAccess {
$this->variables[$variable] = $value;
}
+ // @codingStandardsIgnoreStart
/**
* Get variables for this cache.
*
@@ -65,6 +68,7 @@ abstract class ElggCache implements ArrayAccess {
elgg_deprecated_notice('ElggCache::get_variable() is deprecated by ElggCache::getVariable()', 1.8);
return $this->getVariable($variable);
}
+ // @codingStandardsIgnoreEnd
/**
* Get variables for this cache.
diff --git a/engine/classes/ElggCrypto.php b/engine/classes/ElggCrypto.php
new file mode 100644
index 0000000..317d371
--- /dev/null
+++ b/engine/classes/ElggCrypto.php
@@ -0,0 +1,208 @@
+<?php
+/**
+ * ElggCrypto
+ *
+ * @package Elgg.Core
+ * @subpackage Crypto
+ *
+ * @access private
+ */
+class ElggCrypto {
+
+ /**
+ * Character set for temp passwords (no risk of embedded profanity/glyphs that look similar)
+ */
+ const CHARS_PASSWORD = 'bcdfghjklmnpqrstvwxyz2346789';
+
+ /**
+ * Generate a string of highly randomized bytes (over the full 8-bit range).
+ *
+ * @param int $length Number of bytes needed
+ * @return string Random bytes
+ *
+ * @author George Argyros <argyros.george@gmail.com>
+ * @copyright 2012, George Argyros. All rights reserved.
+ * @license Modified BSD
+ * @link https://github.com/GeorgeArgyros/Secure-random-bytes-in-PHP/blob/master/srand.php Original
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * * Neither the name of the <organization> nor the
+ * names of its contributors may be used to endorse or promote products
+ * derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL GEORGE ARGYROS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+ public function getRandomBytes($length) {
+ /**
+ * Our primary choice for a cryptographic strong randomness function is
+ * openssl_random_pseudo_bytes.
+ */
+ $SSLstr = '4'; // http://xkcd.com/221/
+ if (function_exists('openssl_random_pseudo_bytes')
+ && (version_compare(PHP_VERSION, '5.3.4') >= 0 || substr(PHP_OS, 0, 3) !== 'WIN')) {
+ $SSLstr = openssl_random_pseudo_bytes($length, $strong);
+ if ($strong) {
+ return $SSLstr;
+ }
+ }
+
+ /**
+ * If mcrypt extension is available then we use it to gather entropy from
+ * the operating system's PRNG. This is better than reading /dev/urandom
+ * directly since it avoids reading larger blocks of data than needed.
+ * Older versions of mcrypt_create_iv may be broken or take too much time
+ * to finish so we only use this function with PHP 5.3.7 and above.
+ * @see https://bugs.php.net/bug.php?id=55169
+ */
+ if (function_exists('mcrypt_create_iv')
+ && (version_compare(PHP_VERSION, '5.3.7') >= 0 || substr(PHP_OS, 0, 3) !== 'WIN')) {
+ $str = mcrypt_create_iv($length, MCRYPT_DEV_URANDOM);
+ if ($str !== false) {
+ return $str;
+ }
+ }
+
+ /**
+ * No build-in crypto randomness function found. We collect any entropy
+ * available in the PHP core PRNGs along with some filesystem info and memory
+ * stats. To make this data cryptographically strong we add data either from
+ * /dev/urandom or if its unavailable, we gather entropy by measuring the
+ * time needed to compute a number of SHA-1 hashes.
+ */
+ $str = '';
+ $bits_per_round = 2; // bits of entropy collected in each clock drift round
+ $msec_per_round = 400; // expected running time of each round in microseconds
+ $hash_len = 20; // SHA-1 Hash length
+ $total = $length; // total bytes of entropy to collect
+
+ $handle = @fopen('/dev/urandom', 'rb');
+ if ($handle && function_exists('stream_set_read_buffer')) {
+ @stream_set_read_buffer($handle, 0);
+ }
+
+ do {
+ $bytes = ($total > $hash_len) ? $hash_len : $total;
+ $total -= $bytes;
+
+ //collect any entropy available from the PHP system and filesystem
+ $entropy = rand() . uniqid(mt_rand(), true) . $SSLstr;
+ $entropy .= implode('', @fstat(@fopen(__FILE__, 'r')));
+ $entropy .= memory_get_usage() . getmypid();
+ $entropy .= serialize($_ENV) . serialize($_SERVER);
+ if (function_exists('posix_times')) {
+ $entropy .= serialize(posix_times());
+ }
+ if (function_exists('zend_thread_id')) {
+ $entropy .= zend_thread_id();
+ }
+
+ if ($handle) {
+ $entropy .= @fread($handle, $bytes);
+ } else {
+ // Measure the time that the operations will take on average
+ for ($i = 0; $i < 3; $i++) {
+ $c1 = microtime(true);
+ $var = sha1(mt_rand());
+ for ($j = 0; $j < 50; $j++) {
+ $var = sha1($var);
+ }
+ $c2 = microtime(true);
+ $entropy .= $c1 . $c2;
+ }
+
+ // Based on the above measurement determine the total rounds
+ // in order to bound the total running time.
+ $rounds = (int) ($msec_per_round * 50 / (int) (($c2 - $c1) * 1000000));
+
+ // Take the additional measurements. On average we can expect
+ // at least $bits_per_round bits of entropy from each measurement.
+ $iter = $bytes * (int) (ceil(8 / $bits_per_round));
+
+ for ($i = 0; $i < $iter; $i++) {
+ $c1 = microtime();
+ $var = sha1(mt_rand());
+ for ($j = 0; $j < $rounds; $j++) {
+ $var = sha1($var);
+ }
+ $c2 = microtime();
+ $entropy .= $c1 . $c2;
+ }
+ }
+
+ // We assume sha1 is a deterministic extractor for the $entropy variable.
+ $str .= sha1($entropy, true);
+
+ } while ($length > strlen($str));
+
+ if ($handle) {
+ @fclose($handle);
+ }
+
+ return substr($str, 0, $length);
+ }
+
+ /**
+ * Generate a random string of specified length.
+ *
+ * Uses supplied character list for generating the new string.
+ * If no character list provided - uses Base64 URL character set.
+ *
+ * @param int $length Desired length of the string
+ * @param string|null $chars Characters to be chosen from randomly. If not given, the Base64 URL
+ * charset will be used.
+ *
+ * @return string The random string
+ *
+ * @throws InvalidArgumentException
+ *
+ * @copyright Copyright (c) 2005-2013 Zend Technologies USA Inc. (http://www.zend.com)
+ * @license http://framework.zend.com/license/new-bsd New BSD License
+ *
+ * @see https://github.com/zendframework/zf2/blob/master/library/Zend/Math/Rand.php#L179
+ */
+ public static function getRandomString($length, $chars = null) {
+ if ($length < 1) {
+ throw new InvalidArgumentException('Length should be >= 1');
+ }
+
+ if (empty($chars)) {
+ $numBytes = ceil($length * 0.75);
+ $bytes = self::getRandomBytes($numBytes);
+ $string = substr(rtrim(base64_encode($bytes), '='), 0, $length);
+
+ // Base64 URL
+ return strtr($string, '+/', '-_');
+ }
+
+ $listLen = strlen($chars);
+
+ if ($listLen == 1) {
+ return str_repeat($chars, $length);
+ }
+
+ $bytes = self::getRandomBytes($length);
+ $pos = 0;
+ $result = '';
+ for ($i = 0; $i < $length; $i++) {
+ $pos = ($pos + ord($bytes[$i])) % $listLen;
+ $result .= $chars[$pos];
+ }
+
+ return $result;
+ }
+}
diff --git a/engine/classes/ElggData.php b/engine/classes/ElggData.php
index 3470ee1..4f843cd 100644
--- a/engine/classes/ElggData.php
+++ b/engine/classes/ElggData.php
@@ -5,6 +5,9 @@
*
* @package Elgg.Core
* @subpackage DataModel
+ *
+ * @property int $owner_guid
+ * @property int $time_created
*/
abstract class ElggData implements
Loggable, // Can events related to this object class be logged
@@ -23,6 +26,7 @@ abstract class ElggData implements
*/
protected $attributes = array();
+ // @codingStandardsIgnoreStart
/**
* Initialise the attributes array.
*
@@ -33,16 +37,15 @@ abstract class ElggData implements
* Passing false returns false. Core constructors always pass false.
* Does nothing either way since attributes are initialized by the time
* this is called.
- * @return false|void False is
+ * @return void
* @deprecated 1.8 Use initializeAttributes()
*/
protected function initialise_attributes($pre18_api = true) {
if ($pre18_api) {
elgg_deprecated_notice('initialise_attributes() is deprecated by initializeAttributes()', 1.8);
- } else {
- return false;
}
}
+ // @codingStandardsIgnoreEnd
/**
* Initialize the attributes array.
@@ -111,7 +114,7 @@ abstract class ElggData implements
* @param string $name The attribute to set
* @param mixed $value The value to set it to
*
- * @return The success of your set funtion?
+ * @return bool The success of your set function?
*/
abstract protected function set($name, $value);
@@ -195,7 +198,7 @@ abstract class ElggData implements
*
* @see Iterator::current()
*
- * @return void
+ * @return mixed
*/
public function current() {
return current($this->attributes);
@@ -206,7 +209,7 @@ abstract class ElggData implements
*
* @see Iterator::key()
*
- * @return void
+ * @return string
*/
public function key() {
return key($this->attributes);
@@ -228,7 +231,7 @@ abstract class ElggData implements
*
* @see Iterator::valid()
*
- * @return void
+ * @return bool
*/
public function valid() {
return $this->valid;
@@ -266,12 +269,13 @@ abstract class ElggData implements
*
* @param mixed $key Name
*
- * @return void
+ * @return mixed
*/
public function offsetGet($key) {
if (array_key_exists($key, $this->attributes)) {
return $this->attributes[$key];
}
+ return null;
}
/**
diff --git a/engine/classes/ElggDiskFilestore.php b/engine/classes/ElggDiskFilestore.php
index 7aace43..6e23540 100644
--- a/engine/classes/ElggDiskFilestore.php
+++ b/engine/classes/ElggDiskFilestore.php
@@ -60,6 +60,7 @@ class ElggDiskFilestore extends ElggFilestore {
$path = substr($fullname, 0, $ls);
$name = substr($fullname, $ls);
+ // @todo $name is unused, remove it or do we need to fix something?
// Try and create the directory
try {
@@ -108,7 +109,7 @@ class ElggDiskFilestore extends ElggFilestore {
*
* @param resource $f File pointer resource
* @param int $length The number of bytes to read
- * @param inf $offset The number of bytes to start after
+ * @param int $offset The number of bytes to start after
*
* @return mixed Contents of file or false on fail.
*/
@@ -193,11 +194,14 @@ class ElggDiskFilestore extends ElggFilestore {
}
/**
- * Returns the filename as saved on disk for an ElggFile object
+ * Get the filename as saved on disk for an ElggFile object
+ *
+ * Returns an empty string if no filename set
*
* @param ElggFile $file File object
*
* @return string The full path of where the file is stored
+ * @throws InvalidParameterException
*/
public function getFilenameOnFilestore(ElggFile $file) {
$owner_guid = $file->getOwnerGuid();
@@ -211,7 +215,12 @@ class ElggDiskFilestore extends ElggFilestore {
throw new InvalidParameterException($msg);
}
- return $this->dir_root . $this->makefileMatrix($owner_guid) . $file->getFilename();
+ $filename = $file->getFilename();
+ if (!$filename) {
+ return '';
+ }
+
+ return $this->dir_root . $this->makeFileMatrix($owner_guid) . $filename;
}
/**
@@ -219,7 +228,7 @@ class ElggDiskFilestore extends ElggFilestore {
*
* @param ElggFile $file File object
*
- * @return mixed
+ * @return string
*/
public function grabFile(ElggFile $file) {
return file_get_contents($file->getFilenameOnFilestore());
@@ -233,6 +242,9 @@ class ElggDiskFilestore extends ElggFilestore {
* @return bool
*/
public function exists(ElggFile $file) {
+ if (!$file->getFilename()) {
+ return false;
+ }
return file_exists($this->getFilenameOnFilestore($file));
}
@@ -246,12 +258,13 @@ class ElggDiskFilestore extends ElggFilestore {
*/
public function getSize($prefix = '', $container_guid) {
if ($container_guid) {
- return get_dir_size($this->dir_root . $this->makefileMatrix($container_guid) . $prefix);
+ return get_dir_size($this->dir_root . $this->makeFileMatrix($container_guid) . $prefix);
} else {
return false;
}
}
+ // @codingStandardsIgnoreStart
/**
* Create a directory $dirroot
*
@@ -266,6 +279,7 @@ class ElggDiskFilestore extends ElggFilestore {
return $this->makeDirectoryRoot($dirroot);
}
+ // @codingStandardsIgnoreEnd
/**
* Create a directory $dirroot
@@ -285,6 +299,7 @@ class ElggDiskFilestore extends ElggFilestore {
return true;
}
+ // @codingStandardsIgnoreStart
/**
* Multibyte string tokeniser.
*
@@ -315,30 +330,31 @@ class ElggDiskFilestore extends ElggFilestore {
} else {
return str_split($string);
}
-
- return false;
}
+ // @codingStandardsIgnoreEnd
+ // @codingStandardsIgnoreStart
/**
* Construct a file path matrix for an entity.
*
* @param int $identifier The guide of the entity to store the data under.
*
- * @return str The path where the entity's data will be stored.
+ * @return string The path where the entity's data will be stored.
* @deprecated 1.8 Use ElggDiskFilestore::makeFileMatrix()
*/
protected function make_file_matrix($identifier) {
elgg_deprecated_notice('ElggDiskFilestore::make_file_matrix() is deprecated by ::makeFileMatrix()', 1.8);
- return $this->makefileMatrix($identifier);
+ return $this->makeFileMatrix($identifier);
}
+ // @codingStandardsIgnoreEnd
/**
* Construct a file path matrix for an entity.
*
* @param int $guid The guide of the entity to store the data under.
*
- * @return str The path where the entity's data will be stored.
+ * @return string The path where the entity's data will be stored.
*/
protected function makeFileMatrix($guid) {
$entity = get_entity($guid);
@@ -352,6 +368,7 @@ class ElggDiskFilestore extends ElggFilestore {
return "$time_created/$entity->guid/";
}
+ // @codingStandardsIgnoreStart
/**
* Construct a filename matrix.
*
@@ -363,13 +380,14 @@ class ElggDiskFilestore extends ElggFilestore {
*
* @param int $guid The entity to contrust a matrix for
*
- * @return str The
+ * @return string The
*/
protected function user_file_matrix($guid) {
elgg_deprecated_notice('ElggDiskFilestore::user_file_matrix() is deprecated by ::makeFileMatrix()', 1.8);
return $this->makeFileMatrix($guid);
}
+ // @codingStandardsIgnoreEnd
/**
* Returns a list of attributes to save to the database when saving
diff --git a/engine/classes/ElggEntity.php b/engine/classes/ElggEntity.php
index 929abce..a563f6f 100644
--- a/engine/classes/ElggEntity.php
+++ b/engine/classes/ElggEntity.php
@@ -24,7 +24,7 @@
*
* @package Elgg.Core
* @subpackage DataModel.Entities
- *
+ *
* @property string $type object, user, group, or site (read-only after save)
* @property string $subtype Further clarifies the nature of the entity (read-only after save)
* @property int $guid The unique identifier for this entity (read only)
@@ -34,6 +34,7 @@
* @property int $access_id Specifies the visibility level of this entity
* @property int $time_created A UNIX timestamp of when the entity was created (read-only, set on first save)
* @property int $time_updated A UNIX timestamp of when the entity was last updated (automatically updated on save)
+ * @property-read string $enabled
*/
abstract class ElggEntity extends ElggData implements
Notable, // Calendar interface
@@ -351,8 +352,8 @@ abstract class ElggEntity extends ElggData implements
'limit' => 0
);
// @todo in 1.9 make this return false if can't add metadata
- // http://trac.elgg.org/ticket/4520
- //
+ // https://github.com/elgg/elgg/issues/4520
+ //
// need to remove access restrictions right now to delete
// because this is the expected behavior
$ia = elgg_set_ignore_access(true);
@@ -374,12 +375,11 @@ abstract class ElggEntity extends ElggData implements
}
return $result;
- }
-
- // unsaved entity. store in temp array
- // returning single entries instead of an array of 1 element is decided in
- // getMetaData(), just like pulling from the db.
- else {
+ } else {
+ // unsaved entity. store in temp array
+ // returning single entries instead of an array of 1 element is decided in
+ // getMetaData(), just like pulling from the db.
+ //
// if overwrite, delete first
if (!$multiple || !isset($this->temp_metadata[$name])) {
$this->temp_metadata[$name] = array();
@@ -940,7 +940,7 @@ abstract class ElggEntity extends ElggData implements
* @param ElggMetadata $metadata The piece of metadata to specifically check
* @param int $user_guid The user GUID, optionally (default: logged in user)
*
- * @return true|false
+ * @return bool
*/
function canEditMetadata($metadata = null, $user_guid = 0) {
return can_edit_entity_metadata($this->getGUID(), $user_guid, $metadata);
@@ -964,7 +964,7 @@ abstract class ElggEntity extends ElggData implements
*
* @tip Can be overridden by registering for the permissions_check:comment,
* <entity type> plugin hook.
- *
+ *
* @param int $user_guid User guid (default is logged in user)
*
* @return bool
@@ -1270,15 +1270,23 @@ abstract class ElggEntity extends ElggData implements
public function save() {
$guid = $this->getGUID();
if ($guid > 0) {
- cache_entity($this);
- return update_entity(
+ // See #5600. This ensures the lower level can_edit_entity() check will use a
+ // fresh entity from the DB so it sees the persisted owner_guid
+ _elgg_disable_caching_for_entity($guid);
+
+ $ret = update_entity(
$guid,
$this->get('owner_guid'),
$this->get('access_id'),
$this->get('container_guid'),
$this->get('time_created')
);
+
+ _elgg_enable_caching_for_entity($guid);
+ _elgg_cache_entity($this);
+
+ return $ret;
} else {
// Create a new entity (nb: using attribute array directly
// 'cos set function does something special!)
@@ -1320,7 +1328,7 @@ abstract class ElggEntity extends ElggData implements
$this->attributes['subtype'] = get_subtype_id($this->attributes['type'],
$this->attributes['subtype']);
- cache_entity($this);
+ _elgg_cache_entity($this);
return $this->attributes['guid'];
}
@@ -1357,12 +1365,12 @@ abstract class ElggEntity extends ElggData implements
$this->attributes['tables_loaded']++;
}
- // guid needs to be an int http://trac.elgg.org/ticket/4111
+ // guid needs to be an int https://github.com/elgg/elgg/issues/4111
$this->attributes['guid'] = (int)$this->attributes['guid'];
// Cache object handle
if ($this->attributes['guid']) {
- cache_entity($this);
+ _elgg_cache_entity($this);
}
return true;
@@ -1668,9 +1676,11 @@ abstract class ElggEntity extends ElggData implements
/**
* Import data from an parsed ODD xml data array.
*
- * @param array $data XML data
+ * @param ODD $data XML data
*
* @return true
+ *
+ * @throws InvalidParameterException
*/
public function import(ODD $data) {
if (!($data instanceof ODDEntity)) {
@@ -1732,8 +1742,6 @@ abstract class ElggEntity extends ElggData implements
* @return array
*/
public function getTags($tag_names = NULL) {
- global $CONFIG;
-
if ($tag_names && !is_array($tag_names)) {
$tag_names = array($tag_names);
}
diff --git a/engine/classes/ElggExtender.php b/engine/classes/ElggExtender.php
index d94bad8..25aba35 100644
--- a/engine/classes/ElggExtender.php
+++ b/engine/classes/ElggExtender.php
@@ -171,7 +171,7 @@ abstract class ElggExtender extends ElggData {
public function export() {
$uuid = get_uuid_from_object($this);
- $meta = new ODDMetadata($uuid, guid_to_uuid($this->entity_guid), $this->attributes['name'],
+ $meta = new ODDMetaData($uuid, guid_to_uuid($this->entity_guid), $this->attributes['name'],
$this->attributes['value'], $this->attributes['type'], guid_to_uuid($this->owner_guid));
$meta->setAttribute('published', date("r", $this->time_created));
diff --git a/engine/classes/ElggFile.php b/engine/classes/ElggFile.php
index f21621f..2308083 100644
--- a/engine/classes/ElggFile.php
+++ b/engine/classes/ElggFile.php
@@ -93,6 +93,7 @@ class ElggFile extends ElggObject {
$container_guid = $this->container_guid;
}
$fs = $this->getFilestore();
+ // @todo add getSize() to ElggFilestore
return $fs->getSize($prefix, $container_guid);
}
@@ -127,9 +128,11 @@ class ElggFile extends ElggObject {
* @param mixed $default A default. Useful to pass what the browser thinks it is.
* @since 1.7.12
*
+ * @note If $file is provided, this may be called statically
+ *
* @return mixed Detected type on success, false on failure.
*/
- static function detectMimeType($file = null, $default = null) {
+ public function detectMimeType($file = null, $default = null) {
if (!$file) {
if (isset($this) && $this->filename) {
$file = $this->filename;
@@ -178,6 +181,8 @@ class ElggFile extends ElggObject {
* @param string $mode Either read/write/append
*
* @return resource File handler
+ *
+ * @throws IOException|InvalidParameterException
*/
public function open($mode) {
if (!$this->getFilename()) {
@@ -270,9 +275,14 @@ class ElggFile extends ElggObject {
*/
public function delete() {
$fs = $this->getFilestore();
- if ($fs->delete($this)) {
- return parent::delete();
+
+ $result = $fs->delete($this);
+
+ if ($this->getGUID() && $result) {
+ $result = parent::delete();
}
+
+ return $result;
}
/**
@@ -285,6 +295,7 @@ class ElggFile extends ElggObject {
public function seek($position) {
$fs = $this->getFilestore();
+ // @todo add seek() to ElggFilestore
return $fs->seek($this->handle, $position);
}
@@ -347,6 +358,8 @@ class ElggFile extends ElggObject {
* a filestore as recorded in metadata or the system default.
*
* @return ElggFilestore
+ *
+ * @throws ClassNotFoundException
*/
protected function getFilestore() {
// Short circuit if already set.
@@ -359,7 +372,6 @@ class ElggFile extends ElggObject {
// need to get all filestore::* metadata because the rest are "parameters" that
// get passed to filestore::setParameters()
if ($this->guid) {
- $db_prefix = elgg_get_config('dbprefix');
$options = array(
'guid' => $this->guid,
'where' => array("n.string LIKE 'filestore::%'"),
@@ -388,6 +400,7 @@ class ElggFile extends ElggObject {
$this->filestore = new $filestore();
$this->filestore->setParameters($parameters);
+ // @todo explain why $parameters will always be set here (PhpStorm complains)
}
// this means the entity hasn't been saved so fallback to default
diff --git a/engine/classes/ElggFileCache.php b/engine/classes/ElggFileCache.php
index 34178d4..94143f7 100644
--- a/engine/classes/ElggFileCache.php
+++ b/engine/classes/ElggFileCache.php
@@ -13,6 +13,8 @@ class ElggFileCache extends ElggCache {
* @param string $cache_path The cache path.
* @param int $max_age Maximum age in seconds, 0 if no limit.
* @param int $max_size Maximum size of cache in seconds, 0 if no limit.
+ *
+ * @throws ConfigurationException
*/
function __construct($cache_path, $max_age = 0, $max_size = 0) {
$this->setVariable("cache_path", $cache_path);
@@ -24,6 +26,7 @@ class ElggFileCache extends ElggCache {
}
}
+ // @codingStandardsIgnoreStart
/**
* Create and return a handle to a file.
*
@@ -39,6 +42,7 @@ class ElggFileCache extends ElggCache {
return $this->createFile($filename, $rw);
}
+ // @codingStandardsIgnoreEnd
/**
* Create and return a handle to a file.
@@ -70,6 +74,7 @@ class ElggFileCache extends ElggCache {
return fopen($path . $filename, $rw);
}
+ // @codingStandardsIgnoreStart
/**
* Create a sanitised filename for the file.
*
@@ -84,6 +89,7 @@ class ElggFileCache extends ElggCache {
return $filename;
}
+ // @codingStandardsIgnoreEnd
/**
* Create a sanitised filename for the file.
diff --git a/engine/classes/ElggGroup.php b/engine/classes/ElggGroup.php
index ea257f3..7e69b7a 100644
--- a/engine/classes/ElggGroup.php
+++ b/engine/classes/ElggGroup.php
@@ -32,7 +32,7 @@ class ElggGroup extends ElggEntity
* @param mixed $guid If an int, load that GUID.
* If an entity table db row, then will load the rest of the data.
*
- * @throws Exception if there was a problem creating the group.
+ * @throws IOException|InvalidParameterException if there was a problem creating the group.
*/
function __construct($guid = null) {
$this->initializeAttributes();
@@ -48,21 +48,18 @@ class ElggGroup extends ElggEntity
$msg = elgg_echo('IOException:FailedToLoadGUID', array(get_class(), $guid->guid));
throw new IOException($msg);
}
-
- // Is $guid is an ElggGroup? Use a copy constructor
} else if ($guid instanceof ElggGroup) {
+ // $guid is an ElggGroup so this is a copy constructor
elgg_deprecated_notice('This type of usage of the ElggGroup constructor was deprecated. Please use the clone method.', 1.7);
foreach ($guid->attributes as $key => $value) {
$this->attributes[$key] = $value;
}
-
- // Is this is an ElggEntity but not an ElggGroup = ERROR!
} else if ($guid instanceof ElggEntity) {
+ // @todo why separate from else
throw new InvalidParameterException(elgg_echo('InvalidParameterException:NonElggGroup'));
-
- // Is it a GUID
} else if (is_numeric($guid)) {
+ // $guid is a GUID so load entity
if (!$this->load($guid)) {
throw new IOException(elgg_echo('IOException:FailedToLoadGUID', array(get_class(), $guid)));
}
@@ -220,6 +217,7 @@ class ElggGroup extends ElggEntity
* @return array|false
*/
public function getObjects($subtype = "", $limit = 10, $offset = 0) {
+ // @todo are we deprecating this method, too?
return get_objects_in_group($this->getGUID(), $subtype, 0, 0, "", $limit, $offset, false);
}
@@ -233,6 +231,7 @@ class ElggGroup extends ElggEntity
* @return array|false
*/
public function getFriendsObjects($subtype = "", $limit = 10, $offset = 0) {
+ // @todo are we deprecating this method, too?
return get_objects_in_group($this->getGUID(), $subtype, 0, 0, "", $limit, $offset, false);
}
@@ -244,6 +243,7 @@ class ElggGroup extends ElggEntity
* @return array|false
*/
public function countObjects($subtype = "") {
+ // @todo are we deprecating this method, too?
return get_objects_in_group($this->getGUID(), $subtype, 0, 0, "", 10, 0, true);
}
@@ -284,7 +284,7 @@ class ElggGroup extends ElggEntity
*
* @return bool
*/
- public function isMember($user = 0) {
+ public function isMember($user = null) {
if (!($user instanceof ElggUser)) {
$user = elgg_get_logged_in_user_entity();
}
@@ -335,7 +335,7 @@ class ElggGroup extends ElggEntity
$this->attributes = $attrs;
$this->attributes['tables_loaded'] = 2;
- cache_entity($this);
+ _elgg_cache_entity($this);
return true;
}
@@ -352,7 +352,12 @@ class ElggGroup extends ElggEntity
}
// Now save specific stuff
- return create_group_entity($this->get('guid'), $this->get('name'), $this->get('description'));
+
+ _elgg_disable_caching_for_entity($this->guid);
+ $ret = create_group_entity($this->get('guid'), $this->get('name'), $this->get('description'));
+ _elgg_enable_caching_for_entity($this->guid);
+
+ return $ret;
}
// EXPORTABLE INTERFACE ////////////////////////////////////////////////////////////
diff --git a/engine/classes/ElggLRUCache.php b/engine/classes/ElggLRUCache.php
new file mode 100644
index 0000000..f51af2e
--- /dev/null
+++ b/engine/classes/ElggLRUCache.php
@@ -0,0 +1,181 @@
+<?php
+
+/**
+ * Least Recently Used Cache
+ *
+ * A fixed sized cache that removes the element used last when it reaches its
+ * size limit.
+ *
+ * Based on https://github.com/cash/LRUCache
+ *
+ * @access private
+ *
+ * @package Elgg.Core
+ * @subpackage Cache
+ */
+class ElggLRUCache implements ArrayAccess {
+ /** @var int */
+ protected $maximumSize;
+
+ /**
+ * The front of the array contains the LRU element
+ *
+ * @var array
+ */
+ protected $data = array();
+
+ /**
+ * Create a LRU Cache
+ *
+ * @param int $size The size of the cache
+ * @throws InvalidArgumentException
+ */
+ public function __construct($size) {
+ if (!is_int($size) || $size <= 0) {
+ throw new InvalidArgumentException();
+ }
+ $this->maximumSize = $size;
+ }
+
+ /**
+ * Get the value cached with this key
+ *
+ * @param int|string $key The key. Strings that are ints are cast to ints.
+ * @param mixed $default The value to be returned if key not found. (Optional)
+ * @return mixed
+ */
+ public function get($key, $default = null) {
+ if (isset($this->data[$key])) {
+ $this->recordAccess($key);
+ return $this->data[$key];
+ } else {
+ return $default;
+ }
+ }
+
+ /**
+ * Add something to the cache
+ *
+ * @param int|string $key The key. Strings that are ints are cast to ints.
+ * @param mixed $value The value to cache
+ * @return void
+ */
+ public function set($key, $value) {
+ if (isset($this->data[$key])) {
+ $this->data[$key] = $value;
+ $this->recordAccess($key);
+ } else {
+ $this->data[$key] = $value;
+ if ($this->size() > $this->maximumSize) {
+ // remove least recently used element (front of array)
+ reset($this->data);
+ unset($this->data[key($this->data)]);
+ }
+ }
+ }
+
+ /**
+ * Get the number of elements in the cache
+ *
+ * @return int
+ */
+ public function size() {
+ return count($this->data);
+ }
+
+ /**
+ * Does the cache contain an element with this key
+ *
+ * @param int|string $key The key
+ * @return boolean
+ */
+ public function containsKey($key) {
+ return isset($this->data[$key]);
+ }
+
+ /**
+ * Remove the element with this key.
+ *
+ * @param int|string $key The key
+ * @return mixed Value or null if not set
+ */
+ public function remove($key) {
+ if (isset($this->data[$key])) {
+ $value = $this->data[$key];
+ unset($this->data[$key]);
+ return $value;
+ } else {
+ return null;
+ }
+ }
+
+ /**
+ * Clear the cache
+ *
+ * @return void
+ */
+ public function clear() {
+ $this->data = array();
+ }
+
+ /**
+ * Moves the element from current position to end of array
+ *
+ * @param int|string $key The key
+ * @return void
+ */
+ protected function recordAccess($key) {
+ $value = $this->data[$key];
+ unset($this->data[$key]);
+ $this->data[$key] = $value;
+ }
+
+ /**
+ * Assigns a value for the specified key
+ *
+ * @see ArrayAccess::offsetSet()
+ *
+ * @param int|string $key The key to assign the value to.
+ * @param mixed $value The value to set.
+ * @return void
+ */
+ public function offsetSet($key, $value) {
+ $this->set($key, $value);
+ }
+
+ /**
+ * Get the value for specified key
+ *
+ * @see ArrayAccess::offsetGet()
+ *
+ * @param int|string $key The key to retrieve.
+ * @return mixed
+ */
+ public function offsetGet($key) {
+ return $this->get($key);
+ }
+
+ /**
+ * Unsets a key.
+ *
+ * @see ArrayAccess::offsetUnset()
+ *
+ * @param int|string $key The key to unset.
+ * @return void
+ */
+ public function offsetUnset($key) {
+ $this->remove($key);
+ }
+
+ /**
+ * Does key exist?
+ *
+ * @see ArrayAccess::offsetExists()
+ *
+ * @param int|string $key A key to check for.
+ * @return boolean
+ */
+ public function offsetExists($key) {
+ return $this->containsKey($key);
+ }
+}
diff --git a/engine/classes/ElggMemcache.php b/engine/classes/ElggMemcache.php
index d9539b9..91d50ab 100644
--- a/engine/classes/ElggMemcache.php
+++ b/engine/classes/ElggMemcache.php
@@ -32,6 +32,8 @@ class ElggMemcache extends ElggSharedMemoryCache {
*
* @param string $namespace The namespace for this cache to write to -
* note, namespaces of the same name are shared!
+ *
+ * @throws ConfigurationException
*/
function __construct($namespace = 'default') {
global $CONFIG;
diff --git a/engine/classes/ElggMenuBuilder.php b/engine/classes/ElggMenuBuilder.php
index d9a704d..b463143 100644
--- a/engine/classes/ElggMenuBuilder.php
+++ b/engine/classes/ElggMenuBuilder.php
@@ -8,6 +8,9 @@
*/
class ElggMenuBuilder {
+ /**
+ * @var ElggMenuItem[]
+ */
protected $menu = array();
protected $selected = null;
@@ -15,7 +18,7 @@ class ElggMenuBuilder {
/**
* ElggMenuBuilder constructor
*
- * @param array $menu Array of ElggMenuItem objects
+ * @param ElggMenuItem[] $menu Array of ElggMenuItem objects
*/
public function __construct(array $menu) {
$this->menu = $menu;
@@ -107,6 +110,7 @@ class ElggMenuBuilder {
$children = array();
// divide base nodes from children
foreach ($section as $menu_item) {
+ /* @var ElggMenuItem $menu_item */
$parent_name = $menu_item->getParentName();
if (!$parent_name) {
$parents[$menu_item->getName()] = $menu_item;
@@ -118,13 +122,16 @@ class ElggMenuBuilder {
// attach children to parents
$iteration = 0;
$current_gen = $parents;
+ $next_gen = null;
while (count($children) && $iteration < 5) {
foreach ($children as $index => $menu_item) {
$parent_name = $menu_item->getParentName();
if (array_key_exists($parent_name, $current_gen)) {
$next_gen[$menu_item->getName()] = $menu_item;
- $current_gen[$parent_name]->addChild($menu_item);
- $menu_item->setParent($current_gen[$parent_name]);
+ if (!in_array($menu_item, $current_gen[$parent_name]->getData('children'))) {
+ $current_gen[$parent_name]->addChild($menu_item);
+ $menu_item->setParent($current_gen[$parent_name]);
+ }
unset($children[$index]);
}
}
@@ -216,12 +223,12 @@ class ElggMenuBuilder {
array_push($stack, $root);
while (!empty($stack)) {
$node = array_pop($stack);
+ /* @var ElggMenuItem $node */
$node->sortChildren($sort_callback);
$children = $node->getChildren();
if ($children) {
$stack = array_merge($stack, $children);
}
- $p = count($stack);
}
}
}
@@ -230,8 +237,8 @@ class ElggMenuBuilder {
/**
* Compare two menu items by their display text
*
- * @param ElggMenuItem $a
- * @param ElggMenuItem $b
+ * @param ElggMenuItem $a Menu item
+ * @param ElggMenuItem $b Menu item
* @return bool
*/
public static function compareByText($a, $b) {
@@ -248,8 +255,8 @@ class ElggMenuBuilder {
/**
* Compare two menu items by their identifiers
*
- * @param ElggMenuItem $a
- * @param ElggMenuItem $b
+ * @param ElggMenuItem $a Menu item
+ * @param ElggMenuItem $b Menu item
* @return bool
*/
public static function compareByName($a, $b) {
@@ -266,9 +273,11 @@ class ElggMenuBuilder {
/**
* Compare two menu items by their priority
*
- * @param ElggMenuItem $a
- * @param ElggMenuItem $b
+ * @param ElggMenuItem $a Menu item
+ * @param ElggMenuItem $b Menu item
* @return bool
+ *
+ * @todo change name to compareByPriority
*/
public static function compareByWeight($a, $b) {
$aw = $a->getWeight();
diff --git a/engine/classes/ElggMetadata.php b/engine/classes/ElggMetadata.php
index 7f45dc3..3a8e2d8 100644
--- a/engine/classes/ElggMetadata.php
+++ b/engine/classes/ElggMetadata.php
@@ -6,6 +6,10 @@
*
* @package Elgg.Core
* @subpackage Metadata
+ *
+ * @property string $value_type
+ * @property int $owner_guid
+ * @property string $enabled
*/
class ElggMetadata extends ElggExtender {
diff --git a/engine/classes/ElggObject.php b/engine/classes/ElggObject.php
index 6263f84..aeaa3ba 100644
--- a/engine/classes/ElggObject.php
+++ b/engine/classes/ElggObject.php
@@ -66,21 +66,18 @@ class ElggObject extends ElggEntity {
$msg = elgg_echo('IOException:FailedToLoadGUID', array(get_class(), $guid->guid));
throw new IOException($msg);
}
-
- // Is $guid is an ElggObject? Use a copy constructor
} else if ($guid instanceof ElggObject) {
+ // $guid is an ElggObject so this is a copy constructor
elgg_deprecated_notice('This type of usage of the ElggObject constructor was deprecated. Please use the clone method.', 1.7);
foreach ($guid->attributes as $key => $value) {
$this->attributes[$key] = $value;
}
-
- // Is this is an ElggEntity but not an ElggObject = ERROR!
} else if ($guid instanceof ElggEntity) {
+ // @todo remove - do not need separate exception
throw new InvalidParameterException(elgg_echo('InvalidParameterException:NonElggObject'));
-
- // Is it a GUID
} else if (is_numeric($guid)) {
+ // $guid is a GUID so load
if (!$this->load($guid)) {
throw new IOException(elgg_echo('IOException:FailedToLoadGUID', array(get_class(), $guid)));
}
@@ -110,7 +107,7 @@ class ElggObject extends ElggEntity {
$this->attributes = $attrs;
$this->attributes['tables_loaded'] = 2;
- cache_entity($this);
+ _elgg_cache_entity($this);
return true;
}
@@ -129,8 +126,12 @@ class ElggObject extends ElggEntity {
}
// Save ElggObject-specific attributes
- return create_object_entity($this->get('guid'), $this->get('title'),
- $this->get('description'));
+
+ _elgg_disable_caching_for_entity($this->guid);
+ $ret = create_object_entity($this->get('guid'), $this->get('title'), $this->get('description'));
+ _elgg_enable_caching_for_entity($this->guid);
+
+ return $ret;
}
/**
diff --git a/engine/classes/ElggPlugin.php b/engine/classes/ElggPlugin.php
index 8f71b79..545b9a5 100644
--- a/engine/classes/ElggPlugin.php
+++ b/engine/classes/ElggPlugin.php
@@ -145,7 +145,7 @@ class ElggPlugin extends ElggObject {
/**
* Sets the location of this plugin.
*
- * @param path $id The path to the plugin's dir.
+ * @param string $id The path to the plugin's dir.
* @return bool
*/
public function setID($id) {
@@ -299,17 +299,15 @@ class ElggPlugin extends ElggObject {
$private_settings = get_data($q);
- if ($private_settings) {
- $return = array();
+ $return = array();
+ if ($private_settings) {
foreach ($private_settings as $setting) {
$return[$setting->name] = $setting->value;
}
-
- return $return;
}
- return false;
+ return $return;
}
/**
@@ -350,11 +348,14 @@ class ElggPlugin extends ElggObject {
*/
public function unsetAllSettings() {
$db_prefix = get_config('dbprefix');
- $ps_prefix = elgg_namespace_plugin_private_setting('setting', '');
+
+ $us_prefix = elgg_namespace_plugin_private_setting('user_setting', '', $this->getID());
+ $is_prefix = elgg_namespace_plugin_private_setting('internal', '', $this->getID());
$q = "DELETE FROM {$db_prefix}private_settings
WHERE entity_guid = $this->guid
- AND name NOT LIKE '$ps_prefix%'";
+ AND name NOT LIKE '$us_prefix%'
+ AND name NOT LIKE '$is_prefix%'";
return delete_data($q);
}
@@ -420,20 +421,18 @@ class ElggPlugin extends ElggObject {
$private_settings = get_data($q);
- if ($private_settings) {
- $return = array();
+ $return = array();
+ if ($private_settings) {
foreach ($private_settings as $setting) {
$name = substr($setting->name, $ps_prefix_len);
$value = $setting->value;
$return[$name] = $value;
}
-
- return $return;
}
- return false;
+ return $return;
}
/**
@@ -546,7 +545,7 @@ class ElggPlugin extends ElggObject {
* Returns if the plugin is complete, meaning has all required files
* and Elgg can read them and they make sense.
*
- * @todo bad name? This could be confused with isValid() from ElggPackage.
+ * @todo bad name? This could be confused with isValid() from ElggPluginPackage.
*
* @return bool
*/
@@ -597,6 +596,8 @@ class ElggPlugin extends ElggObject {
* Checks if this plugin can be activated on the current
* Elgg installation.
*
+ * @todo remove $site_guid param or implement it
+ *
* @param mixed $site_guid Optional site guid
* @return bool
*/
@@ -647,8 +648,8 @@ class ElggPlugin extends ElggObject {
// Note: this will not run re-run the init hooks!
if ($return) {
if ($this->canReadFile('activate.php')) {
- $flags = ELGG_PLUGIN_INCLUDE_START | ELGG_PLUGIN_REGISTER_CLASSES
- | ELGG_PLUGIN_REGISTER_LANGUAGES | ELGG_PLUGIN_REGISTER_VIEWS;
+ $flags = ELGG_PLUGIN_INCLUDE_START | ELGG_PLUGIN_REGISTER_CLASSES |
+ ELGG_PLUGIN_REGISTER_LANGUAGES | ELGG_PLUGIN_REGISTER_VIEWS;
$this->start($flags);
diff --git a/engine/classes/ElggPluginPackage.php b/engine/classes/ElggPluginPackage.php
index 2dc4bdb..37eb4bf 100644
--- a/engine/classes/ElggPluginPackage.php
+++ b/engine/classes/ElggPluginPackage.php
@@ -100,7 +100,6 @@ class ElggPluginPackage {
* @param string $plugin The ID (directory name) or full path of the plugin.
* @param bool $validate Automatically run isValid()?
*
- * @return true
* @throws PluginException
*/
public function __construct($plugin, $validate = true) {
@@ -213,6 +212,7 @@ class ElggPluginPackage {
return false;
}
+ // Note: $conflicts and $requires are not unused. They're called dynamically
$conflicts = $this->getManifest()->getConflicts();
$requires = $this->getManifest()->getRequires();
$provides = $this->getManifest()->getProvides();
@@ -294,6 +294,7 @@ class ElggPluginPackage {
return true;
}
+ $this->errorMsg = elgg_echo('unknown_error');
return false;
}
@@ -330,8 +331,10 @@ class ElggPluginPackage {
* @return bool|array
*/
public function checkDependencies($full_report = false) {
+ // Note: $conflicts and $requires are not unused. They're called dynamically
$requires = $this->getManifest()->getRequires();
$conflicts = $this->getManifest()->getConflicts();
+
$enabled_plugins = elgg_get_plugins('active');
$this_id = $this->getID();
$report = array();
@@ -368,6 +371,7 @@ class ElggPluginPackage {
$check_types = array('requires', 'conflicts');
if ($full_report) {
+ // Note: $suggests is not unused. It's called dynamically
$suggests = $this->getManifest()->getSuggests();
$check_types[] = 'suggests';
}
diff --git a/engine/classes/ElggPriorityList.php b/engine/classes/ElggPriorityList.php
index 8a3b836..416df88 100644
--- a/engine/classes/ElggPriorityList.php
+++ b/engine/classes/ElggPriorityList.php
@@ -89,7 +89,7 @@
* return true;
* }
*
- * @package Elgg.Core
+ * @package Elgg.Core
* @subpackage Helpers
*/
class ElggPriorityList
@@ -126,7 +126,9 @@ class ElggPriorityList
* maintains its priority and the new element is to the next available
* slot, taking into consideration all previously registered elements.
* Negative elements are accepted.
+ * @param bool $exact unused
* @return int The priority of the added element.
+ * @todo remove $exact or implement it. Note we use variable name strict below.
*/
public function add($element, $priority = null, $exact = false) {
if ($priority !== null && !is_numeric($priority)) {
@@ -146,7 +148,8 @@ class ElggPriorityList
* @warning The element must have the same attributes / values. If using $strict, it must have
* the same types. array(10) will fail in strict against array('10') (str vs int).
*
- * @param type $element
+ * @param mixed $element The element to remove from the list
+ * @param bool $strict Whether to check the type of the element match
* @return bool
*/
public function remove($element, $strict = false) {
@@ -162,10 +165,10 @@ class ElggPriorityList
/**
* Move an existing element to a new priority.
*
- * @param mixed $current_priority
- * @param int $new_priority
- *
- * @return int The new priority.
+ * @param mixed $element The element to move
+ * @param int $new_priority The new priority for the element
+ * @param bool $strict Whether to check the type of the element match
+ * @return bool
*/
public function move($element, $new_priority, $strict = false) {
$new_priority = (int) $new_priority;
@@ -200,12 +203,12 @@ class ElggPriorityList
*
* If no user function is provided the elements are sorted by priority registered.
*
- * The callback function should accept the array of elements as the first argument and should
- * return a sorted array.
+ * The callback function should accept the array of elements as the first
+ * argument and should return a sorted array.
*
* This function can be called multiple times.
*
- * @param type $callback
+ * @param callback $callback The callback for sorting. Numeric sorting is the default.
* @return bool
*/
public function sort($callback = null) {
@@ -268,7 +271,7 @@ class ElggPriorityList
/**
* Returns the element at $priority.
*
- * @param int $priority
+ * @param int $priority The priority
* @return mixed The element or false on fail.
*/
public function getElement($priority) {
@@ -351,7 +354,12 @@ class ElggPriorityList
return ($key !== NULL && $key !== FALSE);
}
- // Countable
+ /**
+ * Countable interface
+ *
+ * @see Countable::count()
+ * @return int
+ */
public function count() {
return count($this->elements);
}
diff --git a/engine/classes/ElggRelationship.php b/engine/classes/ElggRelationship.php
index efc0f7e..d2e8888 100644
--- a/engine/classes/ElggRelationship.php
+++ b/engine/classes/ElggRelationship.php
@@ -71,6 +71,7 @@ class ElggRelationship extends ElggData implements
* Save the relationship
*
* @return int the relationship id
+ * @throws IOException
*/
public function save() {
if ($this->id > 0) {
@@ -145,7 +146,7 @@ class ElggRelationship extends ElggData implements
* @param ODD $data ODD data
* @return bool
- * @throws ImportException
+ * @throws ImportException|InvalidParameterException
*/
public function import(ODD $data) {
if (!($data instanceof ODDRelationship)) {
@@ -179,6 +180,8 @@ class ElggRelationship extends ElggData implements
return true;
}
}
+
+ return false;
}
// SYSTEM LOG INTERFACE ////////////////////////////////////////////////////////////
diff --git a/engine/classes/ElggSite.php b/engine/classes/ElggSite.php
index 1fe49b8..dd996fe 100644
--- a/engine/classes/ElggSite.php
+++ b/engine/classes/ElggSite.php
@@ -77,28 +77,24 @@ class ElggSite extends ElggEntity {
$msg = elgg_echo('IOException:FailedToLoadGUID', array(get_class(), $guid->guid));
throw new IOException($msg);
}
-
- // Is $guid is an ElggSite? Use a copy constructor
} else if ($guid instanceof ElggSite) {
+ // $guid is an ElggSite so this is a copy constructor
elgg_deprecated_notice('This type of usage of the ElggSite constructor was deprecated. Please use the clone method.', 1.7);
foreach ($guid->attributes as $key => $value) {
$this->attributes[$key] = $value;
}
-
- // Is this is an ElggEntity but not an ElggSite = ERROR!
} else if ($guid instanceof ElggEntity) {
+ // @todo remove and just use else clause
throw new InvalidParameterException(elgg_echo('InvalidParameterException:NonElggSite'));
-
- // See if this is a URL
} else if (strpos($guid, "http") !== false) {
+ // url so retrieve by url
$guid = get_site_by_url($guid);
foreach ($guid->attributes as $key => $value) {
$this->attributes[$key] = $value;
}
-
- // Is it a GUID
} else if (is_numeric($guid)) {
+ // $guid is a GUID so load
if (!$this->load($guid)) {
throw new IOException(elgg_echo('IOException:FailedToLoadGUID', array(get_class(), $guid)));
}
@@ -128,7 +124,7 @@ class ElggSite extends ElggEntity {
$this->attributes = $attrs;
$this->attributes['tables_loaded'] = 2;
- cache_entity($this);
+ _elgg_cache_entity($this);
return true;
}
@@ -381,7 +377,9 @@ class ElggSite extends ElggEntity {
elgg_register_plugin_hook_handler('index', 'system', 'elgg_walled_garden_index', 1);
if (!$this->isPublicPage()) {
- $_SESSION['last_forward_from'] = current_page_url();
+ if (!elgg_is_xhr()) {
+ $_SESSION['last_forward_from'] = current_page_url();
+ }
register_error(elgg_echo('loggedinrequired'));
forward();
}
@@ -443,8 +441,6 @@ class ElggSite extends ElggEntity {
// include a hook for plugin authors to include public pages
$plugins = elgg_trigger_plugin_hook('public_pages', 'walled_garden', NULL, array());
- // lookup admin-specific public pages
-
// allow public pages
foreach (array_merge($defaults, $plugins) as $public) {
$pattern = "`^{$CONFIG->url}$public/*$`i";
diff --git a/engine/classes/ElggStaticVariableCache.php b/engine/classes/ElggStaticVariableCache.php
index 17d8494..9c14fdf 100644
--- a/engine/classes/ElggStaticVariableCache.php
+++ b/engine/classes/ElggStaticVariableCache.php
@@ -11,7 +11,7 @@ class ElggStaticVariableCache extends ElggSharedMemoryCache {
/**
* The cache.
*
- * @var unknown_type
+ * @var array
*/
private static $__cache;
@@ -22,7 +22,7 @@ class ElggStaticVariableCache extends ElggSharedMemoryCache {
* memory, optionally with a given namespace (to avoid overlap).
*
* @param string $namespace The namespace for this cache to write to.
- * @note namespaces of the same name are shared!
+ * @warning namespaces of the same name are shared!
*/
function __construct($namespace = 'default') {
$this->setNamespace($namespace);
@@ -80,7 +80,7 @@ class ElggStaticVariableCache extends ElggSharedMemoryCache {
}
/**
- * This was probably meant to delete everything?
+ * Clears the cache for a particular namespace
*
* @return void
*/
diff --git a/engine/classes/ElggTranslit.php b/engine/classes/ElggTranslit.php
index 676c59f..b4bf877 100644
--- a/engine/classes/ElggTranslit.php
+++ b/engine/classes/ElggTranslit.php
@@ -20,11 +20,10 @@
* and is licensed under the LGPL. For more information, see
* <http://www.doctrine-project.org>.
*
- * @author Konsta Vesterinen <kvesteri@cc.hut.fi>
- * @author Jonathan H. Wage <jonwage@gmail.com>
- *
- * @author Steve Clay <steve@mrclay.org>
- * @package Elgg.Core
+ * @package Elgg.Core
+ * @author Konsta Vesterinen <kvesteri@cc.hut.fi>
+ * @author Jonathan H. Wage <jonwage@gmail.com>
+ * @author Steve Clay <steve@mrclay.org>
*
* @access private Plugin authors should not use this directly
*/
@@ -32,8 +31,9 @@ class ElggTranslit {
/**
* Create a version of a string for embedding in a URL
- * @param string $string a UTF-8 string
- * @param string $separator
+ *
+ * @param string $string A UTF-8 string
+ * @param string $separator The character to separate words with
* @return string
*/
static public function urlize($string, $separator = '-') {
@@ -49,24 +49,29 @@ class ElggTranslit {
// Internationalization, AND 日本語!
$string = self::transliterateAscii($string);
- // more translation
+ // allow HTML tags in titles
+ $string = preg_replace('~<([a-zA-Z][^>]*)>~', ' $1 ', $string);
+
+ // more substitutions
+ // @todo put these somewhere else
$string = strtr($string, array(
- // Euro/GBP
- "\xE2\x82\xAC" /* € */ => 'E', "\xC2\xA3" /* £ */ => 'GBP',
+ // currency
+ "\xE2\x82\xAC" /* € */ => ' E ',
+ "\xC2\xA3" /* £ */ => ' GBP ',
));
// remove all ASCII except 0-9a-zA-Z, hyphen, underscore, and whitespace
// note: "x" modifier did not work with this pattern.
$string = preg_replace('~['
- . '\x00-\x08' # control chars
- . '\x0b\x0c' # vert tab, form feed
- . '\x0e-\x1f' # control chars
- . '\x21-\x2c' # ! ... ,
- . '\x2e\x2f' # . slash
- . '\x3a-\x40' # : ... @
- . '\x5b-\x5e' # [ ... ^
- . '\x60' # `
- . '\x7b-\x7f' # { ... DEL
+ . '\x00-\x08' // control chars
+ . '\x0b\x0c' // vert tab, form feed
+ . '\x0e-\x1f' // control chars
+ . '\x21-\x2c' // ! ... ,
+ . '\x2e\x2f' // . slash
+ . '\x3a-\x40' // : ... @
+ . '\x5b-\x5e' // [ ... ^
+ . '\x60' // `
+ . '\x7b-\x7f' // { ... DEL
. ']~', '', $string);
$string = strtr($string, '', '');
@@ -80,10 +85,10 @@ class ElggTranslit {
// note: we cannot use [^0-9a-zA-Z] because that matches multibyte chars.
// note: "x" modifier did not work with this pattern.
$pattern = '~['
- . '\x00-\x2f' # controls ... slash
- . '\x3a-\x40' # : ... @
- . '\x5b-\x60' # [ ... `
- . '\x7b-\x7f' # { ... DEL
+ . '\x00-\x2f' // controls ... slash
+ . '\x3a-\x40' // : ... @
+ . '\x5b-\x60' // [ ... `
+ . '\x7b-\x7f' // { ... DEL
. ']+~x';
// ['internationalization', 'and', '日本語']
@@ -98,6 +103,7 @@ class ElggTranslit {
/**
* Transliterate Western multibyte chars to ASCII
+ *
* @param string $utf8 a UTF-8 string
* @return string
*/
@@ -247,6 +253,7 @@ class ElggTranslit {
/**
* Tests that "normalizer_normalize" exists and works
+ *
* @return bool
*/
static public function hasNormalizerSupport() {
@@ -255,7 +262,7 @@ class ElggTranslit {
$form_c = "\xC3\x85"; // 'LATIN CAPITAL LETTER A WITH RING ABOVE' (U+00C5)
$form_d = "A\xCC\x8A"; // A followed by 'COMBINING RING ABOVE' (U+030A)
$ret = (function_exists('normalizer_normalize')
- && $form_c === normalizer_normalize($form_d));
+ && $form_c === normalizer_normalize($form_d));
}
return $ret;
}
diff --git a/engine/classes/ElggUser.php b/engine/classes/ElggUser.php
index 6c1cdc1..6163f9b 100644
--- a/engine/classes/ElggUser.php
+++ b/engine/classes/ElggUser.php
@@ -40,6 +40,9 @@ class ElggUser extends ElggEntity
$this->attributes['code'] = NULL;
$this->attributes['banned'] = "no";
$this->attributes['admin'] = 'no';
+ $this->attributes['prev_last_action'] = NULL;
+ $this->attributes['last_login'] = NULL;
+ $this->attributes['prev_last_login'] = NULL;
$this->attributes['tables_split'] = 2;
}
@@ -65,30 +68,26 @@ class ElggUser extends ElggEntity
$msg = elgg_echo('IOException:FailedToLoadGUID', array(get_class(), $guid->guid));
throw new IOException($msg);
}
-
- // See if this is a username
} else if (is_string($guid)) {
+ // $guid is a username
$user = get_user_by_username($guid);
if ($user) {
foreach ($user->attributes as $key => $value) {
$this->attributes[$key] = $value;
}
}
-
- // Is $guid is an ElggUser? Use a copy constructor
} else if ($guid instanceof ElggUser) {
+ // $guid is an ElggUser so this is a copy constructor
elgg_deprecated_notice('This type of usage of the ElggUser constructor was deprecated. Please use the clone method.', 1.7);
foreach ($guid->attributes as $key => $value) {
$this->attributes[$key] = $value;
}
-
- // Is this is an ElggEntity but not an ElggUser = ERROR!
} else if ($guid instanceof ElggEntity) {
+ // @todo why have a special case here
throw new InvalidParameterException(elgg_echo('InvalidParameterException:NonElggUser'));
-
- // Is it a GUID
} else if (is_numeric($guid)) {
+ // $guid is a GUID so load entity
if (!$this->load($guid)) {
throw new IOException(elgg_echo('IOException:FailedToLoadGUID', array(get_class(), $guid)));
}
@@ -116,7 +115,7 @@ class ElggUser extends ElggEntity
$this->attributes = $attrs;
$this->attributes['tables_loaded'] = 2;
- cache_entity($this);
+ _elgg_cache_entity($this);
return true;
}
@@ -133,9 +132,13 @@ class ElggUser extends ElggEntity
}
// Now save specific stuff
- return create_user_entity($this->get('guid'), $this->get('name'), $this->get('username'),
+ _elgg_disable_caching_for_entity($this->guid);
+ $ret = create_user_entity($this->get('guid'), $this->get('name'), $this->get('username'),
$this->get('password'), $this->get('salt'), $this->get('email'), $this->get('language'),
$this->get('code'));
+ _elgg_enable_caching_for_entity($this->guid);
+
+ return $ret;
}
/**
diff --git a/engine/classes/ElggVolatileMetadataCache.php b/engine/classes/ElggVolatileMetadataCache.php
index 8a33c19..4acda7c 100644
--- a/engine/classes/ElggVolatileMetadataCache.php
+++ b/engine/classes/ElggVolatileMetadataCache.php
@@ -33,9 +33,11 @@ class ElggVolatileMetadataCache {
protected $ignoreAccess = null;
/**
- * @param int $entity_guid
- *
- * @param array $values
+ * Cache metadata for an entity
+ *
+ * @param int $entity_guid The GUID of the entity
+ * @param array $values The metadata values to cache
+ * @return void
*/
public function saveAll($entity_guid, array $values) {
if (!$this->getIgnoreAccess()) {
@@ -45,8 +47,9 @@ class ElggVolatileMetadataCache {
}
/**
- * @param int $entity_guid
- *
+ * Get the metadata for an entity
+ *
+ * @param int $entity_guid The GUID of the entity
* @return array
*/
public function loadAll($entity_guid) {
@@ -61,15 +64,17 @@ class ElggVolatileMetadataCache {
* Declare that there may be fetch-able metadata names in storage that this
* cache doesn't know about
*
- * @param int $entity_guid
+ * @param int $entity_guid The GUID of the entity
+ * @return void
*/
public function markOutOfSync($entity_guid) {
unset($this->isSynchronized[$entity_guid]);
}
/**
- * @param $entity_guid
- *
+ * Have all the metadata for this entity been cached?
+ *
+ * @param int $entity_guid The GUID of the entity
* @return bool
*/
public function isSynchronized($entity_guid) {
@@ -77,13 +82,15 @@ class ElggVolatileMetadataCache {
}
/**
- * @param int $entity_guid
- *
- * @param string $name
- *
- * @param array|int|string|null $value null means it is known that there is no
- * fetch-able metadata under this name
- * @param bool $allow_multiple
+ * Cache a piece of metadata
+ *
+ * @param int $entity_guid The GUID of the entity
+ * @param string $name The metadata name
+ * @param array|int|string|null $value The metadata value. null means it is
+ * known that there is no fetch-able
+ * metadata under this name
+ * @param bool $allow_multiple Can the metadata be an array
+ * @return void
*/
public function save($entity_guid, $name, $value, $allow_multiple = false) {
if ($this->getIgnoreAccess()) {
@@ -115,10 +122,8 @@ class ElggVolatileMetadataCache {
* function's return value should be trusted (otherwise a null return value
* is ambiguous).
*
- * @param int $entity_guid
- *
- * @param string $name
- *
+ * @param int $entity_guid The GUID of the entity
+ * @param string $name The metadata name
* @return array|string|int|null null = value does not exist
*/
public function load($entity_guid, $name) {
@@ -133,9 +138,9 @@ class ElggVolatileMetadataCache {
* Forget about this metadata entry. We don't want to try to guess what the
* next fetch from storage will return
*
- * @param int $entity_guid
- *
- * @param string $name
+ * @param int $entity_guid The GUID of the entity
+ * @param string $name The metadata name
+ * @return void
*/
public function markUnknown($entity_guid, $name) {
unset($this->values[$entity_guid][$name]);
@@ -145,10 +150,8 @@ class ElggVolatileMetadataCache {
/**
* If true, load() will return an accurate value for this name
*
- * @param int $entity_guid
- *
- * @param string $name
- *
+ * @param int $entity_guid The GUID of the entity
+ * @param string $name The metadata name
* @return bool
*/
public function isKnown($entity_guid, $name) {
@@ -163,10 +166,8 @@ class ElggVolatileMetadataCache {
/**
* Declare that metadata under this name is known to be not fetch-able from storage
*
- * @param int $entity_guid
- *
- * @param string $name
- *
+ * @param int $entity_guid The GUID of the entity
+ * @param string $name The metadata name
* @return array
*/
public function markEmpty($entity_guid, $name) {
@@ -176,7 +177,8 @@ class ElggVolatileMetadataCache {
/**
* Forget about all metadata for an entity
*
- * @param int $entity_guid
+ * @param int $entity_guid The GUID of the entity
+ * @return void
*/
public function clear($entity_guid) {
$this->values[$entity_guid] = array();
@@ -185,6 +187,8 @@ class ElggVolatileMetadataCache {
/**
* Clear entire cache and mark all entities as out of sync
+ *
+ * @return void
*/
public function flush() {
$this->values = array();
@@ -197,7 +201,8 @@ class ElggVolatileMetadataCache {
*
* This setting makes this component a little more loosely-coupled.
*
- * @param bool $ignore
+ * @param bool $ignore Whether to ignore access or not
+ * @return void
*/
public function setIgnoreAccess($ignore) {
$this->ignoreAccess = (bool) $ignore;
@@ -205,12 +210,16 @@ class ElggVolatileMetadataCache {
/**
* Tell the cache to call elgg_get_ignore_access() to determing access status.
+ *
+ * @return void
*/
public function unsetIgnoreAccess() {
$this->ignoreAccess = null;
}
/**
+ * Get the ignore access value
+ *
* @return bool
*/
protected function getIgnoreAccess() {
@@ -225,12 +234,10 @@ class ElggVolatileMetadataCache {
* Invalidate based on options passed to the global *_metadata functions
*
* @param string $action Action performed on metadata. "delete", "disable", or "enable"
- *
- * @param array $options Options passed to elgg_(delete|disable|enable)_metadata
- *
- * "guid" if given, invalidation will be limited to this entity
- *
- * "metadata_name" if given, invalidation will be limited to metadata with this name
+ * @param array $options Options passed to elgg_(delete|disable|enable)_metadata
+ * "guid" if given, invalidation will be limited to this entity
+ * "metadata_name" if given, invalidation will be limited to metadata with this name
+ * @return void
*/
public function invalidateByOptions($action, array $options) {
// remove as little as possible, optimizing for common cases
@@ -254,7 +261,10 @@ class ElggVolatileMetadataCache {
}
/**
- * @param int|array $guids
+ * Populate the cache from a set of entities
+ *
+ * @param int|array $guids Array of or single GUIDs
+ * @return void
*/
public function populateFromEntities($guids) {
if (empty($guids)) {
@@ -318,9 +328,7 @@ class ElggVolatileMetadataCache {
* cache if RAM usage becomes an issue.
*
* @param array $guids GUIDs of entities to examine
- *
- * @param int $limit Limit in characters of all metadata (with ints casted to strings)
- *
+ * @param int $limit Limit in characters of all metadata (with ints casted to strings)
* @return array
*/
public function filterMetadataHeavyEntities(array $guids, $limit = 1024000) {
diff --git a/engine/classes/ElggWidget.php b/engine/classes/ElggWidget.php
index 99708f6..66191bf 100644
--- a/engine/classes/ElggWidget.php
+++ b/engine/classes/ElggWidget.php
@@ -7,6 +7,11 @@
*
* @package Elgg.Core
* @subpackage Widgets
+ *
+ * @property-read string $handler internal, do not use
+ * @property-read string $column internal, do not use
+ * @property-read string $order internal, do not use
+ * @property-read string $context internal, do not use
*/
class ElggWidget extends ElggObject {
@@ -141,10 +146,15 @@ class ElggWidget extends ElggObject {
}
}
+ $bottom_rank = count($widgets);
+ if ($column == $this->column) {
+ $bottom_rank--;
+ }
+
if ($rank == 0) {
// top of the column
$this->order = reset($widgets)->order - 10;
- } elseif ($rank == (count($widgets) - 1)) {
+ } elseif ($rank == $bottom_rank) {
// bottom of the column of active widgets
$this->order = end($widgets)->order + 10;
} else {
diff --git a/engine/classes/ElggXMLElement.php b/engine/classes/ElggXMLElement.php
index 65a1391..cbd3fc5 100644
--- a/engine/classes/ElggXMLElement.php
+++ b/engine/classes/ElggXMLElement.php
@@ -20,7 +20,12 @@ class ElggXMLElement {
if ($xml instanceof SimpleXMLElement) {
$this->_element = $xml;
} else {
+ // do not load entities
+ $disable_load_entities = libxml_disable_entity_loader(true);
+
$this->_element = new SimpleXMLElement($xml);
+
+ libxml_disable_entity_loader($disable_load_entities);
}
}
@@ -32,7 +37,7 @@ class ElggXMLElement {
}
/**
- * @return array:string The attributes
+ * @return string[] The attributes
*/
public function getAttributes() {
//include namespace declarations as attributes
@@ -64,7 +69,7 @@ class ElggXMLElement {
}
/**
- * @return array:ElggXMLElement Child elements
+ * @return ElggXMLElement[] Child elements
*/
public function getChildren() {
$children = $this->_element->children();
@@ -76,6 +81,12 @@ class ElggXMLElement {
return $result;
}
+ /**
+ * Override ->
+ *
+ * @param string $name Property name
+ * @return mixed
+ */
function __get($name) {
switch ($name) {
case 'name':
@@ -94,6 +105,12 @@ class ElggXMLElement {
return null;
}
+ /**
+ * Override isset
+ *
+ * @param string $name Property name
+ * @return boolean
+ */
function __isset($name) {
switch ($name) {
case 'name':
@@ -111,5 +128,4 @@ class ElggXMLElement {
}
return false;
}
-
-} \ No newline at end of file
+}
diff --git a/engine/classes/ODDMetaData.php b/engine/classes/ODDMetaData.php
index 58862e0..09b6535 100644
--- a/engine/classes/ODDMetaData.php
+++ b/engine/classes/ODDMetaData.php
@@ -10,12 +10,12 @@ class ODDMetaData extends ODD {
/**
* New ODD metadata
*
- * @param unknown_type $uuid Unique ID
- * @param unknown_type $entity_uuid Another unique ID
- * @param unknown_type $name Name
- * @param unknown_type $value Value
- * @param unknown_type $type Type
- * @param unknown_type $owner_uuid Owner ID
+ * @param string $uuid Unique ID
+ * @param string $entity_uuid Another unique ID
+ * @param string $name Name
+ * @param string $value Value
+ * @param string $type Type
+ * @param string $owner_uuid Owner ID
*/
function __construct($uuid, $entity_uuid, $name, $value, $type = "", $owner_uuid = "") {
parent::__construct();
@@ -31,7 +31,7 @@ class ODDMetaData extends ODD {
/**
* Returns 'metadata'
*
- * @return 'metadata'
+ * @return string 'metadata'
*/
protected function getTagName() {
return "metadata";
diff --git a/engine/classes/ODDRelationship.php b/engine/classes/ODDRelationship.php
index 2906b1c..8b1fe21 100644
--- a/engine/classes/ODDRelationship.php
+++ b/engine/classes/ODDRelationship.php
@@ -10,9 +10,9 @@ class ODDRelationship extends ODD {
/**
* New ODD Relationship
*
- * @param unknown_type $uuid1 First UUID
- * @param unknown_type $type Type of telationship
- * @param unknown_type $uuid2 Second UUId
+ * @param string $uuid1 First UUID
+ * @param string $type Type of telationship
+ * @param string $uuid2 Second UUId
*/
function __construct($uuid1, $type, $uuid2) {
parent::__construct();
@@ -25,7 +25,7 @@ class ODDRelationship extends ODD {
/**
* Returns 'relationship'
*
- * @return 'relationship'
+ * @return string 'relationship'
*/
protected function getTagName() {
return "relationship";
diff --git a/engine/handlers/cache_handler.php b/engine/handlers/cache_handler.php
index 7706c2c..36fc665 100644
--- a/engine/handlers/cache_handler.php
+++ b/engine/handlers/cache_handler.php
@@ -88,15 +88,18 @@ header("ETag: \"$etag\"");
$filename = $dataroot . 'views_simplecache/' . md5($viewtype . $view);
if (file_exists($filename)) {
- $contents = file_get_contents($filename);
+ readfile($filename);
} else {
// someone trying to access a non-cached file or a race condition with cache flushing
mysql_close($mysql_dblink);
require_once(dirname(dirname(__FILE__)) . "/start.php");
- elgg_regenerate_simplecache();
+
+ global $CONFIG;
+ if (!in_array($view, $CONFIG->views->simplecache)) {
+ header("HTTP/1.1 404 Not Found");
+ exit;
+ }
elgg_set_viewtype($viewtype);
- $contents = elgg_view($view);
+ echo elgg_view($view);
}
-
-echo $contents;
diff --git a/engine/lib/access.php b/engine/lib/access.php
index f7d3bf7..de0693e 100644
--- a/engine/lib/access.php
+++ b/engine/lib/access.php
@@ -1015,6 +1015,10 @@ function access_init() {
*
* Returns true to override the access system or null if no change is needed.
*
+ * @param string $hook
+ * @param string $type
+ * @param bool $value
+ * @param array $params
* @return true|null
* @access private
*/
@@ -1047,6 +1051,13 @@ function elgg_override_permissions($hook, $type, $value, $params) {
/**
* Runs unit tests for the entities object.
+ *
+ * @param string $hook
+ * @param string $type
+ * @param array $value
+ * @param array $params
+ * @return array
+ *
* @access private
*/
function access_test($hook, $type, $value, $params) {
diff --git a/engine/lib/actions.php b/engine/lib/actions.php
index 53b185d..8047914 100644
--- a/engine/lib/actions.php
+++ b/engine/lib/actions.php
@@ -65,18 +65,16 @@ function action($action, $forwarder = "") {
// @todo REMOVE THESE ONCE #1509 IS IN PLACE.
// Allow users to disable plugins without a token in order to
// remove plugins that are incompatible.
- // Login and logout are for convenience.
+ // Logout for convenience.
// file/download (see #2010)
$exceptions = array(
'admin/plugins/disable',
'logout',
- 'login',
'file/download',
);
if (!in_array($action, $exceptions)) {
- // All actions require a token.
- action_gatekeeper();
+ action_gatekeeper($action);
}
$forwarder = str_replace(elgg_get_site_url(), "", $forwarder);
@@ -189,6 +187,26 @@ function elgg_unregister_action($action) {
}
/**
+ * Is the token timestamp within acceptable range?
+ *
+ * @param int $ts timestamp from the CSRF token
+ *
+ * @return bool
+ */
+function _elgg_validate_token_timestamp($ts) {
+ $action_token_timeout = elgg_get_config('action_token_timeout');
+ // default is 2 hours
+ $timeout = ($action_token_timeout !== null) ? $action_token_timeout : 2;
+
+ $hour = 60 * 60;
+ $timeout = $timeout * $hour;
+ $now = time();
+
+ // Validate time to ensure its not crazy
+ return ($timeout == 0 || ($ts > $now - $timeout) && ($ts < $now + $timeout));
+}
+
+/**
* Validate an action token.
*
* Calls to actions will automatically validate tokens. If tokens are not
@@ -206,8 +224,6 @@ function elgg_unregister_action($action) {
* @access private
*/
function validate_action_token($visibleerrors = TRUE, $token = NULL, $ts = NULL) {
- global $CONFIG;
-
if (!$token) {
$token = get_input('__elgg_token');
}
@@ -216,29 +232,18 @@ function validate_action_token($visibleerrors = TRUE, $token = NULL, $ts = NULL)
$ts = get_input('__elgg_ts');
}
- if (!isset($CONFIG->action_token_timeout)) {
- // default to 2 hours
- $timeout = 2;
- } else {
- $timeout = $CONFIG->action_token_timeout;
- }
-
$session_id = session_id();
if (($token) && ($ts) && ($session_id)) {
// generate token, check with input and forward if invalid
- $generated_token = generate_action_token($ts);
+ $required_token = generate_action_token($ts);
// Validate token
- if ($token == $generated_token) {
- $hour = 60 * 60;
- $timeout = $timeout * $hour;
- $now = time();
-
- // Validate time to ensure its not crazy
- if ($timeout == 0 || ($ts > $now - $timeout) && ($ts < $now + $timeout)) {
+ if ($token == $required_token) {
+
+ if (_elgg_validate_token_timestamp($ts)) {
// We have already got this far, so unless anything
- // else says something to the contry we assume we're ok
+ // else says something to the contrary we assume we're ok
$returnval = true;
$returnval = elgg_trigger_plugin_hook('action_gatekeeper:permissions:check', 'all', array(
@@ -252,10 +257,20 @@ function validate_action_token($visibleerrors = TRUE, $token = NULL, $ts = NULL)
register_error(elgg_echo('actiongatekeeper:pluginprevents'));
}
} else if ($visibleerrors) {
- register_error(elgg_echo('actiongatekeeper:timeerror'));
+ // this is necessary because of #5133
+ if (elgg_is_xhr()) {
+ register_error(elgg_echo('js:security:token_refresh_failed', array(elgg_get_site_url())));
+ } else {
+ register_error(elgg_echo('actiongatekeeper:timeerror'));
+ }
}
} else if ($visibleerrors) {
- register_error(elgg_echo('actiongatekeeper:tokeninvalid'));
+ // this is necessary because of #5133
+ if (elgg_is_xhr()) {
+ register_error(elgg_echo('js:security:token_refresh_failed', array(elgg_get_site_url())));
+ } else {
+ register_error(elgg_echo('actiongatekeeper:tokeninvalid'));
+ }
}
} else {
if (! empty($_SERVER['CONTENT_LENGTH']) && empty($_POST)) {
@@ -284,12 +299,33 @@ function validate_action_token($visibleerrors = TRUE, $token = NULL, $ts = NULL)
* This function verifies form input for security features (like a generated token),
* and forwards if they are invalid.
*
+ * @param string $action The action being performed
+ *
* @return mixed True if valid or redirects.
* @access private
*/
-function action_gatekeeper() {
- if (validate_action_token()) {
- return TRUE;
+function action_gatekeeper($action) {
+ if ($action === 'login') {
+ if (validate_action_token(false)) {
+ return true;
+ }
+
+ $token = get_input('__elgg_token');
+ $ts = (int)get_input('__elgg_ts');
+ if ($token && _elgg_validate_token_timestamp($ts)) {
+ // The tokens are present and the time looks valid: this is probably a mismatch due to the
+ // login form being on a different domain.
+ register_error(elgg_echo('actiongatekeeper:crosssitelogin'));
+
+
+ forward('login', 'csrf');
+ }
+
+ // let the validator send an appropriate msg
+ validate_action_token();
+
+ } elseif (validate_action_token()) {
+ return true;
}
forward(REFERER, 'csrf');
@@ -328,16 +364,19 @@ function generate_action_token($timestamp) {
}
/**
- * Initialise the site secret hash.
+ * Initialise the site secret (32 bytes: "z" to indicate format + 186-bit key in Base64 URL).
*
* Used during installation and saves as a datalist.
*
+ * Note: Old secrets were hex encoded.
+ *
* @return mixed The site secret hash or false
* @access private
* @todo Move to better file.
*/
function init_site_secret() {
- $secret = md5(rand() . microtime());
+ $secret = 'z' . ElggCrypto::getRandomString(31);
+
if (datalist_set('__site_secret__', $secret)) {
return $secret;
}
@@ -364,6 +403,26 @@ function get_site_secret() {
}
/**
+ * Get the strength of the site secret
+ *
+ * @return string "strong", "moderate", or "weak"
+ * @access private
+ */
+function _elgg_get_site_secret_strength() {
+ $secret = get_site_secret();
+ if ($secret[0] !== 'z') {
+ $rand_max = getrandmax();
+ if ($rand_max < pow(2, 16)) {
+ return 'weak';
+ }
+ if ($rand_max < pow(2, 32)) {
+ return 'moderate';
+ }
+ }
+ return 'strong';
+}
+
+/**
* Check if an action is registered and its script exists.
*
* @param string $action Action name
diff --git a/engine/lib/admin.php b/engine/lib/admin.php
index 35ab559..f36f296 100644
--- a/engine/lib/admin.php
+++ b/engine/lib/admin.php
@@ -134,11 +134,11 @@ function elgg_delete_admin_notice($id) {
}
/**
- * List all admin messages.
+ * Get admin notices. An admin must be logged in since the notices are private.
*
* @param int $limit Limit
*
- * @return array List of admin notices
+ * @return array Array of admin notices
* @since 1.8.0
*/
function elgg_get_admin_notices($limit = 10) {
@@ -158,11 +158,13 @@ function elgg_get_admin_notices($limit = 10) {
* @since 1.8.0
*/
function elgg_admin_notice_exists($id) {
+ $old_ia = elgg_set_ignore_access(true);
$notice = elgg_get_entities_from_metadata(array(
'type' => 'object',
'subtype' => 'admin_notice',
'metadata_name_value_pair' => array('name' => 'admin_notice_id', 'value' => $id)
));
+ elgg_set_ignore_access($old_ia);
return ($notice) ? TRUE : FALSE;
}
@@ -234,6 +236,7 @@ function admin_init() {
elgg_register_action('admin/site/update_advanced', '', 'admin');
elgg_register_action('admin/site/flush_cache', '', 'admin');
elgg_register_action('admin/site/unlock_upgrade', '', 'admin');
+ elgg_register_action('admin/site/regenerate_secret', '', 'admin');
elgg_register_action('admin/menu/save', '', 'admin');
@@ -289,6 +292,7 @@ function admin_init() {
elgg_register_admin_menu_item('configure', 'settings', null, 100);
elgg_register_admin_menu_item('configure', 'basic', 'settings', 10);
elgg_register_admin_menu_item('configure', 'advanced', 'settings', 20);
+ elgg_register_admin_menu_item('configure', 'advanced/site_secret', 'settings', 25);
elgg_register_admin_menu_item('configure', 'menu_items', 'appearance', 30);
elgg_register_admin_menu_item('configure', 'profile_fields', 'appearance', 40);
// default widgets is added via an event handler elgg_default_widgets_init() in widgets.php
@@ -346,7 +350,7 @@ function elgg_admin_add_plugin_settings_menu() {
$active_plugins = elgg_get_plugins('active');
if (!$active_plugins) {
// nothing added because no items
- return FALSE;
+ return;
}
foreach ($active_plugins as $plugin) {
@@ -380,6 +384,7 @@ function elgg_admin_add_plugin_settings_menu() {
*/
function elgg_admin_sort_page_menu($hook, $type, $return, $params) {
$configure_items = $return['configure'];
+ /* @var ElggMenuItem[] $configure_items */
foreach ($configure_items as $menu_item) {
if ($menu_item->getName() == 'settings') {
$settings = $menu_item;
@@ -387,6 +392,7 @@ function elgg_admin_sort_page_menu($hook, $type, $return, $params) {
}
// keep the basic and advanced settings at the top
+ /* @var ElggMenuItem $settings */
$children = $settings->getChildren();
$site_settings = array_splice($children, 0, 2);
usort($children, array('ElggMenuBuilder', 'compareByText'));
@@ -466,14 +472,18 @@ function admin_page_handler($page) {
$vars = array('page' => $page);
// special page for plugin settings since we create the form for them
- if ($page[0] == 'plugin_settings' && isset($page[1]) &&
- (elgg_view_exists("settings/{$page[1]}/edit") || elgg_view_exists("plugins/{$page[1]}/settings"))) {
+ if ($page[0] == 'plugin_settings') {
+ if (isset($page[1]) && (elgg_view_exists("settings/{$page[1]}/edit") ||
+ elgg_view_exists("plugins/{$page[1]}/settings"))) {
- $view = 'admin/plugin_settings';
- $plugin = elgg_get_plugin_from_id($page[1]);
- $vars['plugin'] = $plugin;
+ $view = 'admin/plugin_settings';
+ $plugin = elgg_get_plugin_from_id($page[1]);
+ $vars['plugin'] = $plugin;
- $title = elgg_echo("admin:{$page[0]}");
+ $title = elgg_echo("admin:{$page[0]}");
+ } else {
+ forward('', '404');
+ }
} else {
$view = 'admin/' . implode('/', $page);
$title = elgg_echo("admin:{$page[0]}");
@@ -552,7 +562,7 @@ function admin_plugin_screenshot_page_handler($pages) {
* * COPYRIGHT.txt
* * LICENSE.txt
*
- * @param type $page
+ * @param array $pages
* @return bool
* @access private
*/
@@ -615,7 +625,11 @@ function admin_markdown_page_handler($pages) {
/**
* Adds default admin widgets to the admin dashboard.
*
- * @return void
+ * @param string $event
+ * @param string $type
+ * @param ElggUser $user
+ *
+ * @return null|true
* @access private
*/
function elgg_add_admin_widgets($event, $type, $user) {
@@ -637,6 +651,7 @@ function elgg_add_admin_widgets($event, $type, $user) {
$guid = elgg_create_widget($user->getGUID(), $handler, 'admin');
if ($guid) {
$widget = get_entity($guid);
+ /* @var ElggWidget $widget */
$widget->move($column, $position);
}
}
diff --git a/engine/lib/annotations.php b/engine/lib/annotations.php
index 3b9f847..5e9b530 100644
--- a/engine/lib/annotations.php
+++ b/engine/lib/annotations.php
@@ -17,6 +17,7 @@
*/
function row_to_elggannotation($row) {
if (!($row instanceof stdClass)) {
+ // @todo should throw in this case?
return $row;
}
@@ -30,7 +31,7 @@ function row_to_elggannotation($row) {
*
* @param int $id The id of the annotation object being retrieved.
*
- * @return false|ElggAnnotation
+ * @return ElggAnnotation|false
*/
function elgg_get_annotation_from_id($id) {
return elgg_get_metastring_based_object_from_id($id, 'annotations');
@@ -195,10 +196,22 @@ function update_annotation($annotation_id, $name, $value, $value_type, $owner_gu
* for the proper use of the "calculation" option.
*
*
- * @return mixed
+ * @return ElggAnnotation[]|mixed
* @since 1.8.0
*/
function elgg_get_annotations(array $options = array()) {
+
+ // @todo remove support for count shortcut - see #4393
+ if (isset($options['__egefac']) && $options['__egefac']) {
+ unset($options['__egefac']);
+ } else {
+ // support shortcut of 'count' => true for 'annotation_calculation' => 'count'
+ if (isset($options['count']) && $options['count']) {
+ $options['annotation_calculation'] = 'count';
+ unset($options['count']);
+ }
+ }
+
$options['metastring_type'] = 'annotations';
return elgg_get_metastring_based_objects($options);
}
@@ -211,7 +224,7 @@ function elgg_get_annotations(array $options = array()) {
* annotation_name(s), annotation_value(s), or guid(s) must be set.
*
* @param array $options An options array. {@See elgg_get_annotations()}
- * @return mixed Null if the metadata name is invalid. Bool on success or fail.
+ * @return bool|null true on success, false on failure, null if no annotations to delete.
* @since 1.8.0
*/
function elgg_delete_annotations(array $options) {
@@ -229,16 +242,20 @@ function elgg_delete_annotations(array $options) {
* @warning Unlike elgg_get_annotations() this will not accept an empty options array!
*
* @param array $options An options array. {@See elgg_get_annotations()}
- * @return mixed
+ * @return bool|null true on success, false on failure, null if no annotations disabled.
* @since 1.8.0
*/
function elgg_disable_annotations(array $options) {
if (!elgg_is_valid_options_for_batch_operation($options, 'annotations')) {
return false;
}
+
+ // if we can see hidden (disabled) we need to use the offset
+ // otherwise we risk an infinite loop if there are more than 50
+ $inc_offset = access_get_show_hidden_status();
$options['metastring_type'] = 'annotations';
- return elgg_batch_metastring_based_objects($options, 'elgg_batch_disable_callback', false);
+ return elgg_batch_metastring_based_objects($options, 'elgg_batch_disable_callback', $inc_offset);
}
/**
@@ -246,8 +263,11 @@ function elgg_disable_annotations(array $options) {
*
* @warning Unlike elgg_get_annotations() this will not accept an empty options array!
*
+ * @warning In order to enable annotations, you must first use
+ * {@link access_show_hidden_entities()}.
+ *
* @param array $options An options array. {@See elgg_get_annotations()}
- * @return mixed
+ * @return bool|null true on success, false on failure, null if no metadata enabled.
* @since 1.8.0
*/
function elgg_enable_annotations(array $options) {
@@ -403,8 +423,8 @@ function elgg_list_entities_from_annotations($options = array()) {
function elgg_get_entities_from_annotation_calculation($options) {
$db_prefix = elgg_get_config('dbprefix');
$defaults = array(
- 'calculation' => 'sum',
- 'order_by' => 'annotation_calculation desc'
+ 'calculation' => 'sum',
+ 'order_by' => 'annotation_calculation desc'
);
$options = array_merge($defaults, $options);
@@ -424,6 +444,10 @@ function elgg_get_entities_from_annotation_calculation($options) {
$options['callback'] = 'entity_row_to_elggstar';
+ // see #4393
+ // @todo remove after the 'count' shortcut is removed from elgg_get_annotations()
+ $options['__egefac'] = true;
+
return elgg_get_annotations($options);
}
@@ -437,23 +461,30 @@ function elgg_get_entities_from_annotation_calculation($options) {
* @return string
*/
function elgg_list_entities_from_annotation_calculation($options) {
+ $defaults = array(
+ 'calculation' => 'sum',
+ 'order_by' => 'annotation_calculation desc'
+ );
+ $options = array_merge($defaults, $options);
+
return elgg_list_entities($options, 'elgg_get_entities_from_annotation_calculation');
}
/**
- * Handler called by trigger_plugin_hook on the "export" event.
+ * Export the annotations for the specified entity
*
* @param string $hook 'export'
- * @param string $entity_type 'all'
+ * @param string $type 'all'
* @param mixed $returnvalue Default return value
- * @param mixed $params List of params to export
+ * @param mixed $params Parameters determining what annotations to export
*
* @elgg_plugin_hook export all
*
- * @return mixed
+ * @return array
+ * @throws InvalidParameterException
* @access private
*/
-function export_annotation_plugin_hook($hook, $entity_type, $returnvalue, $params) {
+function export_annotation_plugin_hook($hook, $type, $returnvalue, $params) {
// Sanity check values
if ((!is_array($params)) && (!isset($params['guid']))) {
throw new InvalidParameterException(elgg_echo('InvalidParameterException:GUIDNotForExport'));
@@ -464,12 +495,12 @@ function export_annotation_plugin_hook($hook, $entity_type, $returnvalue, $param
}
$guid = (int)$params['guid'];
- $name = $params['name'];
+ $options = array('guid' => $guid, 'limit' => 0);
+ if (isset($params['name'])) {
+ $options['annotation_name'] = $params['name'];
+ }
- $result = elgg_get_annotations(array(
- 'guid' => $guid,
- 'limit' => 0
- ));
+ $result = elgg_get_annotations($options);
if ($result) {
foreach ($result as $r) {
@@ -514,15 +545,16 @@ function elgg_annotation_exists($entity_guid, $annotation_type, $owner_guid = NU
return FALSE;
}
- $entity_guid = (int)$entity_guid;
- $annotation_type = sanitise_string($annotation_type);
+ $entity_guid = sanitize_int($entity_guid);
+ $owner_guid = sanitize_int($owner_guid);
+ $annotation_type = sanitize_string($annotation_type);
- $sql = "select a.id" .
- " FROM {$CONFIG->dbprefix}annotations a, {$CONFIG->dbprefix}metastrings m " .
- " WHERE a.owner_guid={$owner_guid} AND a.entity_guid={$entity_guid} " .
- " AND a.name_id=m.id AND m.string='{$annotation_type}'";
+ $sql = "SELECT a.id FROM {$CONFIG->dbprefix}annotations a" .
+ " JOIN {$CONFIG->dbprefix}metastrings m ON a.name_id = m.id" .
+ " WHERE a.owner_guid = $owner_guid AND a.entity_guid = $entity_guid" .
+ " AND m.string = '$annotation_type'";
- if ($check_annotation = get_data_row($sql)) {
+ if (get_data_row($sql)) {
return TRUE;
}
@@ -541,6 +573,7 @@ function elgg_comment_url_handler(ElggAnnotation $comment) {
if ($entity) {
return $entity->getURL() . '#item-annotation-' . $comment->id;
}
+ return "";
}
/**
@@ -557,6 +590,12 @@ function elgg_register_annotation_url_handler($extender_name = "all", $function_
/**
* Register annotation unit tests
+ *
+ * @param string $hook
+ * @param string $type
+ * @param array $value
+ * @param array $params
+ * @return array
* @access private
*/
function annotations_test($hook, $type, $value, $params) {
diff --git a/engine/lib/cache.php b/engine/lib/cache.php
index be1c43e..3116c1a 100644
--- a/engine/lib/cache.php
+++ b/engine/lib/cache.php
@@ -125,7 +125,7 @@ function elgg_get_filepath_cache() {
* @access private
*/
function elgg_filepath_cache_reset() {
- return elgg_reset_system_cache();
+ elgg_reset_system_cache();
}
/**
* @access private
@@ -143,13 +143,13 @@ function elgg_filepath_cache_load($type) {
* @access private
*/
function elgg_enable_filepath_cache() {
- return elgg_enable_system_cache();
+ elgg_enable_system_cache();
}
/**
* @access private
*/
function elgg_disable_filepath_cache() {
- return elgg_disable_system_cache();
+ elgg_disable_system_cache();
}
/* Simplecache */
@@ -208,6 +208,7 @@ function elgg_get_simplecache_url($type, $view) {
global $CONFIG;
$lastcache = (int)$CONFIG->lastcache;
$viewtype = elgg_get_viewtype();
+ elgg_register_simplecache_view("$type/$view");// see #5302
if (elgg_is_simplecache_enabled()) {
$url = elgg_get_site_url() . "cache/$type/$viewtype/$view.$lastcache.$type";
} else {
@@ -222,7 +223,7 @@ function elgg_get_simplecache_url($type, $view) {
/**
* Regenerates the simple cache.
*
- * @warning This does not invalidate the cache, but actively resets it.
+ * @warning This does not invalidate the cache, but actively rebuilds it.
*
* @param string $viewtype Optional viewtype to regenerate. Defaults to all valid viewtypes.
*
@@ -444,7 +445,7 @@ function _elgg_cache_init() {
if ($CONFIG->system_cache_enabled && !$CONFIG->i18n_loaded_from_cache) {
reload_all_translations();
foreach ($CONFIG->translations as $lang => $map) {
- elgg_save_system_cache("$lang.php", serialize($map));
+ elgg_save_system_cache("$lang.lang", serialize($map));
}
}
}
diff --git a/engine/lib/calendar.php b/engine/lib/calendar.php
index 9a06c52..e6f9593 100644
--- a/engine/lib/calendar.php
+++ b/engine/lib/calendar.php
@@ -39,6 +39,8 @@ function get_day_end($day = null, $month = null, $year = null) {
/**
* Return the notable entities for a given time period.
*
+ * @todo this function also accepts an array(type => subtypes) for 3rd arg. Should we document this?
+ *
* @param int $start_time The start time as a unix timestamp.
* @param int $end_time The end time as a unix timestamp.
* @param string $type The type of entity (eg "user", "object" etc)
diff --git a/engine/lib/configuration.php b/engine/lib/configuration.php
index b10e511..55e5bbd 100644
--- a/engine/lib/configuration.php
+++ b/engine/lib/configuration.php
@@ -36,6 +36,7 @@ function elgg_get_site_url($site_guid = 0) {
if (!$site instanceof ElggSite) {
return false;
}
+ /* @var ElggSite $site */
return $site->url;
}
@@ -138,7 +139,7 @@ function elgg_set_config($name, $value) {
/**
* Save a configuration setting
*
- * @param string $name Configuration name (cannot be greater than 32 characters)
+ * @param string $name Configuration name (cannot be greater than 255 characters)
* @param mixed $value Configuration value. Should be string for installation setting
* @param int $site_guid NULL for installation setting, 0 for default site
*
@@ -173,7 +174,7 @@ function elgg_save_config($name, $value, $site_guid = 0) {
/**
* Check that installation has completed and the database is populated.
*
- * @throws InstallationException
+ * @throws InstallationException|DatabaseException
* @return void
* @access private
*/
@@ -181,7 +182,7 @@ function verify_installation() {
global $CONFIG;
if (isset($CONFIG->installed)) {
- return $CONFIG->installed;
+ return;
}
try {
@@ -227,9 +228,9 @@ function datalist_get($name) {
$name = trim($name);
- // cannot store anything longer than 32 characters in db, so catch here
- if (elgg_strlen($name) > 32) {
- elgg_log("The name length for configuration variables cannot be greater than 32", "ERROR");
+ // cannot store anything longer than 255 characters in db, so catch here
+ if (elgg_strlen($name) > 255) {
+ elgg_log("The name length for configuration variables cannot be greater than 255", "ERROR");
return false;
}
@@ -286,7 +287,7 @@ function datalist_get($name) {
function datalist_set($name, $value) {
global $CONFIG, $DATALIST_CACHE;
- // cannot store anything longer than 32 characters in db, so catch before we set
+ // cannot store anything longer than 255 characters in db, so catch before we set
if (elgg_strlen($name) > 255) {
elgg_log("The name length for configuration variables cannot be greater than 255", "ERROR");
return false;
@@ -332,7 +333,7 @@ function datalist_set($name, $value) {
* This will cause the run once function to be run on all installations. To perform
* additional upgrades, create new functions for each release.
*
- * @warning The function name cannot be longer than 32 characters long due to
+ * @warning The function name cannot be longer than 255 characters long due to
* the current schema for the datalist table.
*
* @internal A datalist entry $functioname is created with the value of time().
@@ -407,7 +408,7 @@ function unset_config($name, $site_guid = 0) {
* @param string $value Its value
* @param int $site_guid Optionally, the GUID of the site (current site is assumed by default)
*
- * @return 0
+ * @return bool
* @todo The config table doens't have numeric primary keys so insert_data returns 0.
* @todo Use "INSERT ... ON DUPLICATE KEY UPDATE" instead of trying to delete then add.
* @see unset_config()
@@ -419,9 +420,9 @@ function set_config($name, $value, $site_guid = 0) {
$name = trim($name);
- // cannot store anything longer than 32 characters in db, so catch before we set
- if (elgg_strlen($name) > 32) {
- elgg_log("The name length for configuration variables cannot be greater than 32", "ERROR");
+ // cannot store anything longer than 255 characters in db, so catch before we set
+ if (elgg_strlen($name) > 255) {
+ elgg_log("The name length for configuration variables cannot be greater than 255", "ERROR");
return false;
}
@@ -485,9 +486,9 @@ function get_config($name, $site_guid = 0) {
// @todo these haven't really been implemented in Elgg 1.8. Complete in 1.9.
// show dep message
if ($new_name) {
- // $msg = "Config value $name has been renamed as $new_name";
+ // $msg = "Config value $name has been renamed as $new_name";
$name = $new_name;
- // elgg_deprecated_notice($msg, $dep_version);
+ // elgg_deprecated_notice($msg, $dep_version);
}
// decide from where to return the value
diff --git a/engine/lib/cron.php b/engine/lib/cron.php
index f7a032f..4f3d05b 100644
--- a/engine/lib/cron.php
+++ b/engine/lib/cron.php
@@ -26,11 +26,10 @@ function cron_init() {
* @param array $page Pages
*
* @return bool
+ * @throws CronException
* @access private
*/
function cron_page_handler($page) {
- global $CONFIG;
-
if (!isset($page[0])) {
forward();
}
@@ -51,7 +50,6 @@ function cron_page_handler($page) {
$params['time'] = time();
// Data to return to
- $std_out = "";
$old_stdout = "";
ob_start();
diff --git a/engine/lib/database.php b/engine/lib/database.php
index 7d90b30..a794978 100644
--- a/engine/lib/database.php
+++ b/engine/lib/database.php
@@ -12,15 +12,19 @@
/**
* Query cache for all queries.
*
- * Each query and its results are stored in this array as:
+ * Each query and its results are stored in this cache as:
* <code>
- * $DB_QUERY_CACHE[$query] => array(result1, result2, ... resultN)
+ * $DB_QUERY_CACHE[query hash] => array(result1, result2, ... resultN)
* </code>
+ * @see elgg_query_runner() for details on the hash.
*
- * @global array $DB_QUERY_CACHE
+ * @warning Elgg used to set this as an empty array to turn off the cache
+ *
+ * @global ElggLRUCache|null $DB_QUERY_CACHE
+ * @access private
*/
global $DB_QUERY_CACHE;
-$DB_QUERY_CACHE = array();
+$DB_QUERY_CACHE = null;
/**
* Queries to be executed upon shutdown.
@@ -38,6 +42,7 @@ $DB_QUERY_CACHE = array();
* </code>
*
* @global array $DB_DELAYED_QUERIES
+ * @access private
*/
global $DB_DELAYED_QUERIES;
$DB_DELAYED_QUERIES = array();
@@ -48,7 +53,8 @@ $DB_DELAYED_QUERIES = array();
* Each database link created with establish_db_link($name) is stored in
* $dblink as $dblink[$name] => resource. Use get_db_link($name) to retrieve it.
*
- * @global array $dblink
+ * @global resource[] $dblink
+ * @access private
*/
global $dblink;
$dblink = array();
@@ -59,6 +65,7 @@ $dblink = array();
* Each call to the database increments this counter.
*
* @global integer $dbcalls
+ * @access private
*/
global $dbcalls;
$dbcalls = 0;
@@ -72,11 +79,12 @@ $dbcalls = 0;
* resource. eg "read", "write", or "readwrite".
*
* @return void
+ * @throws DatabaseException
* @access private
*/
function establish_db_link($dblinkname = "readwrite") {
// Get configuration, and globalise database link
- global $CONFIG, $dblink, $DB_QUERY_CACHE, $dbcalls;
+ global $CONFIG, $dblink, $DB_QUERY_CACHE;
if ($dblinkname != "readwrite" && isset($CONFIG->db[$dblinkname])) {
if (is_array($CONFIG->db[$dblinkname])) {
@@ -120,7 +128,8 @@ function establish_db_link($dblinkname = "readwrite") {
// Set up cache if global not initialized and query cache not turned off
if ((!$DB_QUERY_CACHE) && (!$db_cache_off)) {
- $DB_QUERY_CACHE = new ElggStaticVariableCache('db_query_cache');
+ // @todo if we keep this cache in 1.9, expose the size as a config parameter
+ $DB_QUERY_CACHE = new ElggLRUCache(200);
}
}
@@ -134,7 +143,7 @@ function establish_db_link($dblinkname = "readwrite") {
* @access private
*/
function setup_db_connections() {
- global $CONFIG, $dblink;
+ global $CONFIG;
if (!empty($CONFIG->db->split)) {
establish_db_link('read');
@@ -197,7 +206,7 @@ function db_delayedexecution_shutdown_hook() {
*
* @param string $dblinktype The type of link we want: "read", "write" or "readwrite".
*
- * @return object Database link
+ * @return resource Database link
* @access private
*/
function get_db_link($dblinktype) {
@@ -216,7 +225,7 @@ function get_db_link($dblinktype) {
/**
* Execute an EXPLAIN for $query.
*
- * @param str $query The query to explain
+ * @param string $query The query to explain
* @param mixed $link The database link resource to user.
*
* @return mixed An object of the query's result, or FALSE
@@ -240,14 +249,14 @@ function explain_query($query, $link) {
* {@link $dbcalls} is incremented and the query is saved into the {@link $DB_QUERY_CACHE}.
*
* @param string $query The query
- * @param link $dblink The DB link
+ * @param resource $dblink The DB link
*
- * @return The result of mysql_query()
+ * @return resource result of mysql_query()
* @throws DatabaseException
* @access private
*/
function execute_query($query, $dblink) {
- global $CONFIG, $dbcalls;
+ global $dbcalls;
if ($query == NULL) {
throw new DatabaseException(elgg_echo('DatabaseException:InvalidQuery'));
@@ -275,7 +284,7 @@ function execute_query($query, $dblink) {
* the raw result from {@link mysql_query()}.
*
* @param string $query The query to execute
- * @param resource $dblink The database link to use or the link type (read | write)
+ * @param resource|string $dblink The database link to use or the link type (read | write)
* @param string $handler A callback function to pass the results array to
*
* @return true
@@ -386,20 +395,18 @@ function get_data_row($query, $callback = "") {
* @access private
*/
function elgg_query_runner($query, $callback = null, $single = false) {
- global $CONFIG, $DB_QUERY_CACHE;
+ global $DB_QUERY_CACHE;
// Since we want to cache results of running the callback, we need to
// need to namespace the query with the callback and single result request.
- // http://trac.elgg.org/ticket/4049
+ // https://github.com/elgg/elgg/issues/4049
$hash = (string)$callback . (int)$single . $query;
// Is cached?
if ($DB_QUERY_CACHE) {
- $cached_query = $DB_QUERY_CACHE[$hash];
-
- if ($cached_query !== FALSE) {
+ if (isset($DB_QUERY_CACHE[$hash])) {
elgg_log("DB query $query results returned from cache (hash: $hash)", 'NOTICE');
- return $cached_query;
+ return $DB_QUERY_CACHE[$hash];
}
}
@@ -410,7 +417,7 @@ function elgg_query_runner($query, $callback = null, $single = false) {
// test for callback once instead of on each iteration.
// @todo check profiling to see if this needs to be broken out into
- // explicit cases instead of checking in the interation.
+ // explicit cases instead of checking in the iteration.
$is_callable = is_callable($callback);
while ($row = mysql_fetch_object($result)) {
if ($is_callable) {
@@ -451,18 +458,12 @@ function elgg_query_runner($query, $callback = null, $single = false) {
* @access private
*/
function insert_data($query) {
- global $CONFIG, $DB_QUERY_CACHE;
elgg_log("DB query $query", 'NOTICE');
$dblink = get_db_link('write');
- // Invalidate query cache
- if ($DB_QUERY_CACHE) {
- $DB_QUERY_CACHE->clear();
- }
-
- elgg_log("Query cache invalidated", 'NOTICE');
+ _elgg_invalidate_query_cache();
if (execute_query("$query", $dblink)) {
return mysql_insert_id($dblink);
@@ -472,7 +473,7 @@ function insert_data($query) {
}
/**
- * Update a row in the database.
+ * Update the database.
*
* @note Altering the DB invalidates all queries in {@link $DB_QUERY_CACHE}.
*
@@ -482,17 +483,12 @@ function insert_data($query) {
* @access private
*/
function update_data($query) {
- global $CONFIG, $DB_QUERY_CACHE;
elgg_log("DB query $query", 'NOTICE');
$dblink = get_db_link('write');
- // Invalidate query cache
- if ($DB_QUERY_CACHE) {
- $DB_QUERY_CACHE->clear();
- elgg_log("Query cache invalidated", 'NOTICE');
- }
+ _elgg_invalidate_query_cache();
if (execute_query("$query", $dblink)) {
return TRUE;
@@ -502,7 +498,7 @@ function update_data($query) {
}
/**
- * Remove a row from the database.
+ * Remove data from the database.
*
* @note Altering the DB invalidates all queries in {@link $DB_QUERY_CACHE}.
*
@@ -512,17 +508,12 @@ function update_data($query) {
* @access private
*/
function delete_data($query) {
- global $CONFIG, $DB_QUERY_CACHE;
elgg_log("DB query $query", 'NOTICE');
$dblink = get_db_link('write');
- // Invalidate query cache
- if ($DB_QUERY_CACHE) {
- $DB_QUERY_CACHE->clear();
- elgg_log("Query cache invalidated", 'NOTICE');
- }
+ _elgg_invalidate_query_cache();
if (execute_query("$query", $dblink)) {
return mysql_affected_rows($dblink);
@@ -531,6 +522,22 @@ function delete_data($query) {
return FALSE;
}
+/**
+ * Invalidate the query cache
+ *
+ * @access private
+ */
+function _elgg_invalidate_query_cache() {
+ global $DB_QUERY_CACHE;
+ if ($DB_QUERY_CACHE instanceof ElggLRUCache) {
+ $DB_QUERY_CACHE->clear();
+ elgg_log("Query cache invalidated", 'NOTICE');
+ } elseif ($DB_QUERY_CACHE) {
+ // In case someone sets the cache to an array and primes it with data
+ $DB_QUERY_CACHE = array();
+ elgg_log("Query cache invalidated", 'NOTICE');
+ }
+}
/**
* Return tables matching the database prefix {@link $CONFIG->dbprefix}% in the currently
@@ -638,7 +645,7 @@ function run_sql_script($scriptlocation) {
$statement = str_replace("prefix_", $CONFIG->dbprefix, $statement);
if (!empty($statement)) {
try {
- $result = update_data($statement);
+ update_data($statement);
} catch (DatabaseException $e) {
$errors[] = $e->getMessage();
}
@@ -661,7 +668,7 @@ function run_sql_script($scriptlocation) {
/**
* Format a query string for logging
- *
+ *
* @param string $query Query string
* @return string
* @access private
diff --git a/engine/lib/deprecated-1.7.php b/engine/lib/deprecated-1.7.php
index 519eea8..ee95b56 100644
--- a/engine/lib/deprecated-1.7.php
+++ b/engine/lib/deprecated-1.7.php
@@ -1137,6 +1137,7 @@ function make_register_object($register_name, $register_value, $children_array =
* @param int $guid GUID
*
* @return 1
+ * @deprecated 1.7
*/
function delete_object_entity($guid) {
system_message(elgg_echo('deprecatedfunction', array('delete_user_entity')));
@@ -1154,6 +1155,7 @@ function delete_object_entity($guid) {
* @param int $guid User GUID
*
* @return 1
+ * @deprecated 1.7
*/
function delete_user_entity($guid) {
system_message(elgg_echo('deprecatedfunction', array('delete_user_entity')));
diff --git a/engine/lib/deprecated-1.8.php b/engine/lib/deprecated-1.8.php
index 4b9d415..91068d0 100644
--- a/engine/lib/deprecated-1.8.php
+++ b/engine/lib/deprecated-1.8.php
@@ -87,7 +87,7 @@ function list_entities_from_access_id($access_id, $entity_type = "", $entity_sub
elgg_deprecated_notice("All list_entities* functions were deprecated in 1.8. Use elgg_list_entities* instead.", 1.8);
echo elgg_list_entities_from_access_id(array('access_id' => $access_id,
- 'types' => $entity_type, 'subtypes' => $entity_subtype, 'owner_guids' => $owner_guid,
+ 'type' => $entity_type, 'subtype' => $entity_subtype, 'owner_guids' => $owner_guid,
'limit' => $limit, 'full_view' => $fullview, 'list_type_toggle' => $listtypetoggle,
'pagination' => $pagination,));
}
@@ -1314,8 +1314,8 @@ function list_entities_from_metadata($meta_name, $meta_value = "", $entity_type
$options = array(
'metadata_name' => $meta_name,
'metadata_value' => $meta_value,
- 'types' => $entity_type,
- 'subtypes' => $entity_subtype,
+ 'type' => $entity_type,
+ 'subtype' => $entity_subtype,
'limit' => $limit,
'offset' => $offset,
'count' => TRUE,
@@ -2120,8 +2120,8 @@ $fullview = true, $listtypetoggle = false, $pagination = true, $order_by = '') {
'relationship' => $relationship,
'relationship_guid' => $relationship_guid,
'inverse_relationship' => $inverse_relationship,
- 'types' => $type,
- 'subtypes' => $subtype,
+ 'type' => $type,
+ 'subtype' => $subtype,
'owner_guid' => $owner_guid,
'order_by' => $order_by,
'limit' => $limit,
@@ -2566,9 +2566,9 @@ $owner_guid = "", $owner_relationship = "") {
'relationship' => $owner_relationship,
'relationship_guid' => $owner_guid[0],
'inverse_relationship' => FALSE,
- 'types' => 'user',
- 'subtypes' => $subtype,
- 'limit' => 9999))
+ 'type' => 'user',
+ 'subtype' => $subtype,
+ 'limit' => false))
) {
$friendsarray = array();
@@ -2721,8 +2721,8 @@ function get_site_collections($site_guid, $subtype = "", $limit = 10, $offset =
'relationship' => 'member_of_site',
'relationship_guid' => $site_guid,
'inverse_relationship' => TRUE,
- 'types' => 'collection',
- 'subtypes' => $subtype,
+ 'type' => 'collection',
+ 'subtype' => $subtype,
'limit' => $limit,
'offset' => $offset
));
@@ -3414,6 +3414,7 @@ function list_annotations($entity_guid, $name = "", $limit = 25, $asc = true) {
* @param unknown_type $timeupper
* @param unknown_type $calculation
* @internal Don't use this at all.
+ * @deprecated 1.8 Use elgg_get_annotations()
*/
function elgg_deprecated_annotation_calculation($entity_guid = 0, $entity_type = "", $entity_subtype = "",
$name = "", $value = "", $value_type = "", $owner_guid = 0, $timelower = 0,
@@ -4667,6 +4668,7 @@ function display_widget(ElggObject $widget) {
*
* @param ElggEntity $entity
* @return int Number of comments
+ * @deprecated 1.8 Use ElggEntity->countComments()
*/
function elgg_count_comments($entity) {
elgg_deprecated_notice('elgg_count_comments() is deprecated by ElggEntity->countComments()', 1.8);
@@ -4772,3 +4774,47 @@ function default_page_handler($page, $handler) {
return FALSE;
}
+
+/**
+ * Invalidate this class's entry in the cache.
+ *
+ * @param int $guid The entity guid
+ *
+ * @return void
+ * @access private
+ * @deprecated 1.8
+ */
+function invalidate_cache_for_entity($guid) {
+ elgg_deprecated_notice('invalidate_cache_for_entity() is a private function and should not be used.', 1.8);
+ _elgg_invalidate_cache_for_entity($guid);
+}
+
+/**
+ * Cache an entity.
+ *
+ * Stores an entity in $ENTITY_CACHE;
+ *
+ * @param ElggEntity $entity Entity to cache
+ *
+ * @return void
+ * @access private
+ * @deprecated 1.8
+ */
+function cache_entity(ElggEntity $entity) {
+ elgg_deprecated_notice('cache_entity() is a private function and should not be used.', 1.8);
+ _elgg_cache_entity($entity);
+}
+
+/**
+ * Retrieve a entity from the cache.
+ *
+ * @param int $guid The guid
+ *
+ * @return ElggEntity|bool false if entity not cached, or not fully loaded
+ * @access private
+ * @deprecated 1.8
+ */
+function retrieve_cached_entity($guid) {
+ elgg_deprecated_notice('retrieve_cached_entity() is a private function and should not be used.', 1.8);
+ return _elgg_retrieve_cached_entity($guid);
+}
diff --git a/engine/lib/elgglib.php b/engine/lib/elgglib.php
index 5406058..34111c6 100644
--- a/engine/lib/elgglib.php
+++ b/engine/lib/elgglib.php
@@ -93,10 +93,17 @@ function elgg_register_library($name, $location) {
* @return void
* @throws InvalidParameterException
* @since 1.8.0
+ * @todo return boolean in 1.9 to indicate whether the library has been loaded
*/
function elgg_load_library($name) {
global $CONFIG;
+ static $loaded_libraries = array();
+
+ if (in_array($name, $loaded_libraries)) {
+ return;
+ }
+
if (!isset($CONFIG->libraries)) {
$CONFIG->libraries = array();
}
@@ -113,6 +120,8 @@ function elgg_load_library($name) {
);
throw new InvalidParameterException($error);
}
+
+ $loaded_libraries[] = $name;
}
/**
@@ -124,12 +133,11 @@ function elgg_load_library($name) {
* @param string $location URL to forward to browser to. Can be path relative to the network's URL.
* @param string $reason Short explanation for why we're forwarding
*
- * @return False False if headers have been sent. Terminates execution if forwarding.
+ * @return false False if headers have been sent. Terminates execution if forwarding.
+ * @throws SecurityException
*/
function forward($location = "", $reason = 'system') {
- global $CONFIG;
-
- if (!headers_sent()) {
+ if (!headers_sent($file, $line)) {
if ($location === REFERER) {
$location = $_SERVER['HTTP_REFERER'];
}
@@ -148,7 +156,7 @@ function forward($location = "", $reason = 'system') {
exit;
}
} else {
- throw new SecurityException(elgg_echo('SecurityException:ForwardFailedToRedirect'));
+ throw new SecurityException(elgg_echo('SecurityException:ForwardFailedToRedirect', array($file, $line)));
}
}
@@ -384,7 +392,7 @@ function elgg_load_external_file($type, $name) {
$item->url = '';
$item->location = '';
- $priority = $CONFIG->externals[$type]->add($item);
+ $CONFIG->externals[$type]->add($item);
$CONFIG->externals_map[$type][$name] = $item;
}
}
@@ -528,7 +536,7 @@ function sanitise_filepath($path, $append_slash = TRUE) {
* @param string $register Types of message: "error", "success" (default: success)
* @param bool $count Count the number of messages (default: false)
*
- * @return true|false|array Either the array of messages, or a response regarding
+ * @return bool|array Either the array of messages, or a response regarding
* whether the message addition was successful.
* @todo Clean up. Separate registering messages and retrieving them.
*/
@@ -562,7 +570,7 @@ function system_messages($message = null, $register = "success", $count = false)
return sizeof($_SESSION['msg'][$register]);
} else {
$count = 0;
- foreach ($_SESSION['msg'] as $register => $submessages) {
+ foreach ($_SESSION['msg'] as $submessages) {
$count += sizeof($submessages);
}
return $count;
@@ -738,7 +746,7 @@ function elgg_unregister_event_handler($event, $object_type, $callback) {
* @tip When referring to events, the preferred syntax is "event, type".
*
* @internal Only rarely should events be changed, added, or removed in core.
- * When making changes to events, be sure to first create a ticket in trac.
+ * When making changes to events, be sure to first create a ticket on Github.
*
* @internal @tip Think of $object_type as the primary namespace element, and
* $event as the secondary namespace.
@@ -839,7 +847,7 @@ function elgg_trigger_event($event, $object_type, $object = null) {
*
* @param string $hook The name of the hook
* @param string $type The type of the hook
- * @param callback $callback The name of a valid function or an array with object and method
+ * @param callable $callback The name of a valid function or an array with object and method
* @param int $priority The priority - 500 is default, lower numbers called first
*
* @return bool
@@ -885,7 +893,7 @@ function elgg_register_plugin_hook_handler($hook, $type, $callback, $priority =
*
* @param string $hook The name of the hook
* @param string $entity_type The name of the type of entity (eg "user", "object" etc)
- * @param callback $callback The PHP callback to be removed
+ * @param callable $callback The PHP callback to be removed
*
* @return void
* @since 1.8.0
@@ -1060,6 +1068,7 @@ function _elgg_php_exception_handler($exception) {
* @param array $vars An array that points to the active symbol table where error occurred
*
* @return true
+ * @throws Exception
* @access private
* @todo Replace error_log calls with elgg_log calls.
*/
@@ -1185,6 +1194,11 @@ function elgg_dump($value, $to_screen = TRUE, $level = 'NOTICE') {
$to_screen = FALSE;
}
+ // Do not want to write to JS or CSS pages
+ if (elgg_in_context('js') || elgg_in_context('css')) {
+ $to_screen = FALSE;
+ }
+
if ($to_screen == TRUE) {
echo '<pre>';
print_r($value);
@@ -1292,8 +1306,6 @@ function elgg_deprecated_notice($msg, $dep_version, $backtrace_level = 1) {
* @return string The current page URL.
*/
function current_page_url() {
- global $CONFIG;
-
$url = parse_url(elgg_get_site_url());
$page = $url['scheme'] . "://";
@@ -1338,7 +1350,7 @@ function full_url() {
"" : (":" . $_SERVER["SERVER_PORT"]);
// This is here to prevent XSS in poorly written browsers used by 80% of the population.
- // {@trac [5813]}
+ // https://github.com/Elgg/Elgg/commit/0c947e80f512cb0a482b1864fd0a6965c8a0cd4a
$quotes = array('\'', '"');
$encoded = array('%27', '%22');
@@ -1354,7 +1366,7 @@ function full_url() {
* @param array $parts Associative array of URL components like parse_url() returns
* @param bool $html_encode HTML Encode the url?
*
- * @return str Full URL
+ * @return string Full URL
* @since 1.7.0
*/
function elgg_http_build_url(array $parts, $html_encode = TRUE) {
@@ -1385,10 +1397,10 @@ function elgg_http_build_url(array $parts, $html_encode = TRUE) {
* add tokens to the action. The form view automatically handles
* tokens.
*
- * @param str $url Full action URL
- * @param bool $html_encode HTML encode the url? (default: false)
+ * @param string $url Full action URL
+ * @param bool $html_encode HTML encode the url? (default: false)
*
- * @return str URL with action tokens
+ * @return string URL with action tokens
* @since 1.7.0
* @link http://docs.elgg.org/Tutorials/Actions
*/
@@ -1440,17 +1452,17 @@ function elgg_http_remove_url_query_element($url, $element) {
}
$url_array['query'] = http_build_query($query);
- $string = elgg_http_build_url($url_array);
+ $string = elgg_http_build_url($url_array, false);
return $string;
}
/**
* Adds an element or elements to a URL's query string.
*
- * @param str $url The URL
- * @param array $elements Key/value pairs to add to the URL
+ * @param string $url The URL
+ * @param array $elements Key/value pairs to add to the URL
*
- * @return str The new URL with the query strings added
+ * @return string The new URL with the query strings added
* @since 1.7.0
*/
function elgg_http_add_url_query_elements($url, array $elements) {
@@ -1487,8 +1499,6 @@ function elgg_http_add_url_query_elements($url, array $elements) {
* @since 1.8.0
*/
function elgg_http_url_is_identical($url1, $url2, $ignore_params = array('offset', 'limit')) {
- global $CONFIG;
-
// if the server portion is missing but it starts with / then add the url in.
// @todo use elgg_normalize_url()
if (elgg_substr($url1, 0, 1) == '/') {
@@ -1627,7 +1637,7 @@ $sort_type = SORT_LOCALE_STRING) {
$sort = array();
- foreach ($array as $k => $v) {
+ foreach ($array as $v) {
if (isset($v[$element])) {
$sort[] = strtolower($v[$element]);
} else {
@@ -1646,7 +1656,7 @@ $sort_type = SORT_LOCALE_STRING) {
*
* @param string $ini_get_arg The INI setting
*
- * @return true|false Depending on whether it's on or off
+ * @return bool Depending on whether it's on or off
*/
function ini_get_bool($ini_get_arg) {
$temp = strtolower(ini_get($ini_get_arg));
@@ -1662,7 +1672,7 @@ function ini_get_bool($ini_get_arg) {
*
* @tip Use this for arithmetic when determining if a file can be uploaded.
*
- * @param str $setting The php.ini setting
+ * @param string $setting The php.ini setting
*
* @return int
* @since 1.7.0
@@ -1677,8 +1687,10 @@ function elgg_get_ini_setting_in_bytes($setting) {
switch($last) {
case 'g':
$val *= 1024;
+ // fallthrough intentional
case 'm':
$val *= 1024;
+ // fallthrough intentional
case 'k':
$val *= 1024;
}
@@ -1835,7 +1847,7 @@ function elgg_ajax_page_handler($page) {
*
* @param array $page The page array
*
- * @return void
+ * @return bool
* @elgg_pagehandler css
* @access private
*/
@@ -1899,6 +1911,7 @@ function elgg_cacheable_view_page_handler($page, $type) {
echo $return;
return true;
}
+ return false;
}
/**
@@ -2220,7 +2233,7 @@ function elgg_init() {
* @param array $params empty
*
* @elgg_plugin_hook unit_tests system
- * @return void
+ * @return array
* @access private
*/
function elgg_api_test($hook, $type, $value, $params) {
@@ -2232,7 +2245,10 @@ function elgg_api_test($hook, $type, $value, $params) {
}
/**#@+
- * Controlls access levels on ElggEntity entities, metadata, and annotations.
+ * Controls access levels on ElggEntity entities, metadata, and annotations.
+ *
+ * @warning ACCESS_DEFAULT is a place holder for the input/access view. Do not
+ * use it when saving an entity.
*
* @var int
*/
@@ -2266,7 +2282,7 @@ define('ELGG_ENTITIES_NO_VALUE', 0);
* referring page.
*
* @see forward
- * @var unknown_type
+ * @var int -1
*/
define('REFERRER', -1);
diff --git a/engine/lib/entities.php b/engine/lib/entities.php
index ce736ce..4fcf1c6 100644
--- a/engine/lib/entities.php
+++ b/engine/lib/entities.php
@@ -17,6 +17,15 @@ global $ENTITY_CACHE;
$ENTITY_CACHE = array();
/**
+ * GUIDs of entities banned from the entity cache (during this request)
+ *
+ * @global array $ENTITY_CACHE_DISABLED_GUIDS
+ * @access private
+ */
+global $ENTITY_CACHE_DISABLED_GUIDS;
+$ENTITY_CACHE_DISABLED_GUIDS = array();
+
+/**
* Cache subtypes and related class names.
*
* @global array|null $SUBTYPE_CACHE array once populated from DB, initially null
@@ -26,14 +35,42 @@ global $SUBTYPE_CACHE;
$SUBTYPE_CACHE = null;
/**
+ * Remove this entity from the entity cache and make sure it is not re-added
+ *
+ * @param int $guid The entity guid
+ *
+ * @access private
+ * @todo this is a workaround until #5604 can be implemented
+ */
+function _elgg_disable_caching_for_entity($guid) {
+ global $ENTITY_CACHE_DISABLED_GUIDS;
+
+ _elgg_invalidate_cache_for_entity($guid);
+ $ENTITY_CACHE_DISABLED_GUIDS[$guid] = true;
+}
+
+/**
+ * Allow this entity to be stored in the entity cache
+ *
+ * @param int $guid The entity guid
+ *
+ * @access private
+ */
+function _elgg_enable_caching_for_entity($guid) {
+ global $ENTITY_CACHE_DISABLED_GUIDS;
+
+ unset($ENTITY_CACHE_DISABLED_GUIDS[$guid]);
+}
+
+/**
* Invalidate this class's entry in the cache.
*
* @param int $guid The entity guid
*
- * @return null
+ * @return void
* @access private
*/
-function invalidate_cache_for_entity($guid) {
+function _elgg_invalidate_cache_for_entity($guid) {
global $ENTITY_CACHE;
$guid = (int)$guid;
@@ -50,14 +87,14 @@ function invalidate_cache_for_entity($guid) {
*
* @param ElggEntity $entity Entity to cache
*
- * @return null
- * @see retrieve_cached_entity()
- * @see invalidate_cache_for_entity()
+ * @return void
+ * @see _elgg_retrieve_cached_entity()
+ * @see _elgg_invalidate_cache_for_entity()
* @access private
- * TODO(evan): Use an ElggCache object
+ * @todo Use an ElggCache object
*/
-function cache_entity(ElggEntity $entity) {
- global $ENTITY_CACHE;
+function _elgg_cache_entity(ElggEntity $entity) {
+ global $ENTITY_CACHE, $ENTITY_CACHE_DISABLED_GUIDS;
// Don't cache non-plugin entities while access control is off, otherwise they could be
// exposed to users who shouldn't see them when control is re-enabled.
@@ -65,8 +102,13 @@ function cache_entity(ElggEntity $entity) {
return;
}
+ $guid = $entity->getGUID();
+ if (isset($ENTITY_CACHE_DISABLED_GUIDS[$guid])) {
+ return;
+ }
+
// Don't store too many or we'll have memory problems
- // TODO(evan): Pick a less arbitrary limit
+ // @todo Pick a less arbitrary limit
if (count($ENTITY_CACHE) > 256) {
$random_guid = array_rand($ENTITY_CACHE);
@@ -79,7 +121,7 @@ function cache_entity(ElggEntity $entity) {
elgg_get_metadata_cache()->clear($random_guid);
}
- $ENTITY_CACHE[$entity->guid] = $entity;
+ $ENTITY_CACHE[$guid] = $entity;
}
/**
@@ -88,11 +130,11 @@ function cache_entity(ElggEntity $entity) {
* @param int $guid The guid
*
* @return ElggEntity|bool false if entity not cached, or not fully loaded
- * @see cache_entity()
- * @see invalidate_cache_for_entity()
+ * @see _elgg_cache_entity()
+ * @see _elgg_invalidate_cache_for_entity()
* @access private
*/
-function retrieve_cached_entity($guid) {
+function _elgg_retrieve_cached_entity($guid) {
global $ENTITY_CACHE;
if (isset($ENTITY_CACHE[$guid])) {
@@ -105,31 +147,6 @@ function retrieve_cached_entity($guid) {
}
/**
- * As retrieve_cached_entity, but returns the result as a stdClass
- * (compatible with load functions that expect a database row.)
- *
- * @param int $guid The guid
- *
- * @return mixed
- * @todo unused
- * @access private
- */
-function retrieve_cached_entity_row($guid) {
- $obj = retrieve_cached_entity($guid);
- if ($obj) {
- $tmp = new stdClass;
-
- foreach ($obj as $k => $v) {
- $tmp->$k = $v;
- }
-
- return $tmp;
- }
-
- return false;
-}
-
-/**
* Return the id for a given subtype.
*
* ElggEntity objects have a type and a subtype. Subtypes
@@ -432,7 +449,7 @@ function update_subtype($type, $subtype, $class = '') {
* @param int $time_created The time creation timestamp
*
* @return bool
- * @link http://docs.elgg.org/DataModel/Entities
+ * @throws InvalidParameterException
* @access private
*/
function update_entity($guid, $owner_guid, $access_id, $container_guid = null, $time_created = null) {
@@ -455,6 +472,10 @@ function update_entity($guid, $owner_guid, $access_id, $container_guid = null, $
$time_created = (int) $time_created;
}
+ if ($access_id == ACCESS_DEFAULT) {
+ throw new InvalidParameterException('ACCESS_DEFAULT is not a valid access level. See its documentation in elgglib.h');
+ }
+
if ($entity && $entity->canEdit()) {
if (elgg_trigger_event('update', $entity->type, $entity)) {
$ret = update_data("UPDATE {$CONFIG->dbprefix}entities
@@ -531,6 +552,7 @@ function can_write_to_container($user_guid = 0, $container_guid = 0, $type = 'al
// If still not approved, see if the user is a member of the group
// @todo this should be moved to the groups plugin/library
if (!$return && $user && $container instanceof ElggGroup) {
+ /* @var ElggGroup $container */
if ($container->isMember($user)) {
$return = true;
}
@@ -580,7 +602,6 @@ $container_guid = 0) {
$type = sanitise_string($type);
$subtype_id = add_subtype($type, $subtype);
$owner_guid = (int)$owner_guid;
- $access_id = (int)$access_id;
$time = time();
if ($site_guid == 0) {
$site_guid = $CONFIG->site_guid;
@@ -589,6 +610,10 @@ $container_guid = 0) {
if ($container_guid == 0) {
$container_guid = $owner_guid;
}
+ $access_id = (int)$access_id;
+ if ($access_id == ACCESS_DEFAULT) {
+ throw new InvalidParameterException('ACCESS_DEFAULT is not a valid access level. See its documentation in elgglib.h');
+ }
$user_guid = elgg_get_logged_in_user_guid();
if (!can_write_to_container($user_guid, $owner_guid, $type, $subtype)) {
@@ -736,7 +761,7 @@ function get_entity($guid) {
// @todo We need a single Memcache instance with a shared pool of namespace wrappers. This function would pull an instance from the pool.
static $shared_cache;
- // We could also use: if (!(int) $guid) { return FALSE },
+ // We could also use: if (!(int) $guid) { return FALSE },
// but that evaluates to a false positive for $guid = TRUE.
// This is a bit slower, but more thorough.
if (!is_numeric($guid) || $guid === 0 || $guid === '0') {
@@ -744,7 +769,7 @@ function get_entity($guid) {
}
// Check local cache first
- $new_entity = retrieve_cached_entity($guid);
+ $new_entity = _elgg_retrieve_cached_entity($guid);
if ($new_entity) {
return $new_entity;
}
@@ -766,7 +791,7 @@ function get_entity($guid) {
if ($shared_cache) {
$cached_entity = $shared_cache->load($guid);
- // @todo store ACLs in memcache http://trac.elgg.org/ticket/3018#comment:3
+ // @todo store ACLs in memcache https://github.com/elgg/elgg/issues/3018#issuecomment-13662617
if ($cached_entity) {
// @todo use ACL and cached entity access_id to determine if user can see it
return $cached_entity;
@@ -781,7 +806,7 @@ function get_entity($guid) {
}
if ($new_entity) {
- cache_entity($new_entity);
+ _elgg_cache_entity($new_entity);
}
return $new_entity;
}
@@ -908,6 +933,8 @@ function elgg_get_entities(array $options = array()) {
'joins' => array(),
'callback' => 'entity_row_to_elggstar',
+
+ '__ElggBatch' => null,
);
$options = array_merge($defaults, $options);
@@ -1025,7 +1052,7 @@ function elgg_get_entities(array $options = array()) {
}
if ($options['callback'] === 'entity_row_to_elggstar') {
- $dt = _elgg_fetch_entities_from_sql($query);
+ $dt = _elgg_fetch_entities_from_sql($query, $options['__ElggBatch']);
} else {
$dt = get_data($query, $options['callback']);
}
@@ -1036,7 +1063,7 @@ function elgg_get_entities(array $options = array()) {
foreach ($dt as $item) {
// A custom callback could result in items that aren't ElggEntity's, so check for them
if ($item instanceof ElggEntity) {
- cache_entity($item);
+ _elgg_cache_entity($item);
// plugins usually have only settings
if (!$item instanceof ElggPlugin) {
$guids[] = $item->guid;
@@ -1060,13 +1087,14 @@ function elgg_get_entities(array $options = array()) {
/**
* Return entities from an SQL query generated by elgg_get_entities.
*
- * @param string $sql
+ * @param string $sql
+ * @param ElggBatch $batch
* @return ElggEntity[]
*
* @access private
* @throws LogicException
*/
-function _elgg_fetch_entities_from_sql($sql) {
+function _elgg_fetch_entities_from_sql($sql, ElggBatch $batch = null) {
static $plugin_subtype;
if (null === $plugin_subtype) {
$plugin_subtype = get_subtype_id('object', 'plugin');
@@ -1101,7 +1129,7 @@ function _elgg_fetch_entities_from_sql($sql) {
if (empty($row->guid) || empty($row->type)) {
throw new LogicException('Entity row missing guid or type');
}
- if ($entity = retrieve_cached_entity($row->guid)) {
+ if ($entity = _elgg_retrieve_cached_entity($row->guid)) {
$rows[$i] = $entity;
continue;
}
@@ -1119,16 +1147,17 @@ function _elgg_fetch_entities_from_sql($sql) {
// Do secondary queries and merge rows
if ($lookup_types) {
$dbprefix = elgg_get_config('dbprefix');
- }
- foreach ($lookup_types as $type => $guids) {
- $set = "(" . implode(',', $guids) . ")";
- $sql = "SELECT * FROM {$dbprefix}{$type}s_entity WHERE guid IN $set";
- $secondary_rows = get_data($sql);
- if ($secondary_rows) {
- foreach ($secondary_rows as $secondary_row) {
- $key = $guid_to_key[$secondary_row->guid];
- // cast to arrays to merge then cast back
- $rows[$key] = (object)array_merge((array)$rows[$key], (array)$secondary_row);
+
+ foreach ($lookup_types as $type => $guids) {
+ $set = "(" . implode(',', $guids) . ")";
+ $sql = "SELECT * FROM {$dbprefix}{$type}s_entity WHERE guid IN $set";
+ $secondary_rows = get_data($sql);
+ if ($secondary_rows) {
+ foreach ($secondary_rows as $secondary_row) {
+ $key = $guid_to_key[$secondary_row->guid];
+ // cast to arrays to merge then cast back
+ $rows[$key] = (object)array_merge((array)$rows[$key], (array)$secondary_row);
+ }
}
}
}
@@ -1142,6 +1171,11 @@ function _elgg_fetch_entities_from_sql($sql) {
} catch (IncompleteEntityException $e) {
// don't let incomplete entities throw fatal errors
unset($rows[$i]);
+
+ // report incompletes to the batch process that spawned this query
+ if ($batch) {
+ $batch->reportIncompleteEntity($row);
+ }
}
}
}
@@ -1217,13 +1251,24 @@ function elgg_get_entity_type_subtype_where_sql($table, $types, $subtypes, $pair
$subtype_ids = array();
if ($subtypes) {
foreach ($subtypes as $subtype) {
- // check that the subtype is valid (with ELGG_ENTITIES_NO_VALUE being a valid subtype)
- if (ELGG_ENTITIES_NO_VALUE === $subtype || $subtype_id = get_subtype_id($type, $subtype)) {
- $subtype_ids[] = (ELGG_ENTITIES_NO_VALUE === $subtype) ? ELGG_ENTITIES_NO_VALUE : $subtype_id;
- } else {
- $valid_subtypes_count--;
- elgg_log("Type-subtype '$type:$subtype' does not exist!", 'NOTICE');
+ // check that the subtype is valid
+ if (!$subtype && ELGG_ENTITIES_NO_VALUE === $subtype) {
+ // subtype value is 0
+ $subtype_ids[] = ELGG_ENTITIES_NO_VALUE;
+ } elseif (!$subtype) {
+ // subtype is ignored.
+ // this handles ELGG_ENTITIES_ANY_VALUE, '', and anything falsy that isn't 0
continue;
+ } else {
+ $subtype_id = get_subtype_id($type, $subtype);
+
+ if ($subtype_id) {
+ $subtype_ids[] = $subtype_id;
+ } else {
+ $valid_subtypes_count--;
+ elgg_log("Type-subtype '$type:$subtype' does not exist!", 'NOTICE');
+ continue;
+ }
}
}
@@ -1428,8 +1473,10 @@ function elgg_list_entities(array $options = array(), $getter = 'elgg_get_entiti
global $autofeed;
$autofeed = true;
+ $offset_key = isset($options['offset_key']) ? $options['offset_key'] : 'offset';
+
$defaults = array(
- 'offset' => (int) max(get_input('offset', 0), 0),
+ 'offset' => (int) max(get_input($offset_key, 0), 0),
'limit' => (int) max(get_input('limit', 10), 0),
'full_view' => TRUE,
'list_type_toggle' => FALSE,
@@ -1459,11 +1506,13 @@ function elgg_list_entities(array $options = array(), $getter = 'elgg_get_entiti
*
* @tip Use this to generate a list of archives by month for when entities were added or updated.
*
+ * @todo document how to pass in array for $subtype
+ *
* @warning Months are returned in the form YYYYMM.
*
* @param string $type The type of entity
* @param string $subtype The subtype of entity
- * @param int $container_guid The container GUID that the entinties belong to
+ * @param int $container_guid The container GUID that the entities belong to
* @param int $site_guid The site GUID
* @param string $order_by Order_by SQL order by clause
*
@@ -1613,7 +1662,7 @@ function disable_entity($guid, $reason = "", $recursive = true) {
$entity->disableMetadata();
$entity->disableAnnotations();
- invalidate_cache_for_entity($guid);
+ _elgg_invalidate_cache_for_entity($guid);
$res = update_data("UPDATE {$CONFIG->dbprefix}entities
SET enabled = 'no'
@@ -1629,8 +1678,8 @@ function disable_entity($guid, $reason = "", $recursive = true) {
/**
* Enable an entity.
*
- * @warning In order to enable an entity using ElggEntity::enable(),
- * you must first use {@link access_show_hidden_entities()}.
+ * @warning In order to enable an entity, you must first use
+ * {@link access_show_hidden_entities()}.
*
* @param int $guid GUID of entity to enable
* @param bool $recursive Recursively enable all entities disabled with the entity?
@@ -1711,7 +1760,7 @@ function delete_entity($guid, $recursive = true) {
// delete cache
if (isset($ENTITY_CACHE[$guid])) {
- invalidate_cache_for_entity($guid);
+ _elgg_invalidate_cache_for_entity($guid);
}
// If memcache is available then delete this entry from the cache
@@ -1758,6 +1807,10 @@ function delete_entity($guid, $recursive = true) {
elgg_set_ignore_access($ia);
}
+ $entity_disable_override = access_get_show_hidden_status();
+ access_show_hidden_entities(true);
+ $ia = elgg_set_ignore_access(true);
+
// Now delete the entity itself
$entity->deleteMetadata();
$entity->deleteOwnedMetadata();
@@ -1765,6 +1818,9 @@ function delete_entity($guid, $recursive = true) {
$entity->deleteOwnedAnnotations();
$entity->deleteRelationships();
+ access_show_hidden_entities($entity_disable_override);
+ elgg_set_ignore_access($ia);
+
elgg_delete_river(array('subject_guid' => $guid));
elgg_delete_river(array('object_guid' => $guid));
remove_all_private_settings($guid);
@@ -2072,7 +2128,7 @@ function can_edit_entity_metadata($entity_guid, $user_guid = 0, $metadata = null
$return = null;
- if ($metadata->owner_guid == 0) {
+ if ($metadata && ($metadata->owner_guid == 0)) {
$return = true;
}
if (is_null($return)) {
@@ -2413,6 +2469,7 @@ function elgg_instanceof($entity, $type = NULL, $subtype = NULL, $class = NULL)
$return = ($entity instanceof ElggEntity);
if ($type) {
+ /* @var ElggEntity $entity */
$return = $return && ($entity->getType() == $type);
}
@@ -2472,11 +2529,18 @@ function update_entity_last_action($guid, $posted = NULL) {
function entities_gc() {
global $CONFIG;
- $tables = array ('sites_entity', 'objects_entity', 'groups_entity', 'users_entity');
+ $tables = array(
+ 'site' => 'sites_entity',
+ 'object' => 'objects_entity',
+ 'group' => 'groups_entity',
+ 'user' => 'users_entity'
+ );
- foreach ($tables as $table) {
- delete_data("DELETE from {$CONFIG->dbprefix}{$table}
- where guid NOT IN (SELECT guid from {$CONFIG->dbprefix}entities)");
+ foreach ($tables as $type => $table) {
+ delete_data("DELETE FROM {$CONFIG->dbprefix}{$table}
+ WHERE guid NOT IN (SELECT guid FROM {$CONFIG->dbprefix}entities)");
+ delete_data("DELETE FROM {$CONFIG->dbprefix}entities
+ WHERE type = '$type' AND guid NOT IN (SELECT guid FROM {$CONFIG->dbprefix}{$table})");
}
}
diff --git a/engine/lib/export.php b/engine/lib/export.php
index ae9be95..ecc894e 100644
--- a/engine/lib/export.php
+++ b/engine/lib/export.php
@@ -11,7 +11,7 @@
*
* @param mixed $object The object either an ElggEntity, ElggRelationship or ElggExtender
*
- * @return the UUID or false
+ * @return string|false the UUID or false
*/
function get_uuid_from_object($object) {
if ($object instanceof ElggEntity) {
@@ -40,8 +40,6 @@ function get_uuid_from_object($object) {
* @return string
*/
function guid_to_uuid($guid) {
- global $CONFIG;
-
return elgg_get_site_url() . "export/opendd/$guid/";
}
@@ -53,8 +51,6 @@ function guid_to_uuid($guid) {
* @return bool
*/
function is_uuid_this_domain($uuid) {
- global $CONFIG;
-
if (strpos($uuid, elgg_get_site_url()) === 0) {
return true;
}
@@ -67,7 +63,7 @@ function is_uuid_this_domain($uuid) {
*
* @param string $uuid A unique ID
*
- * @return mixed
+ * @return ElggEntity|false
*/
function get_entity_from_uuid($uuid) {
$uuid = sanitise_string($uuid);
@@ -117,18 +113,19 @@ function _process_element(ODD $odd) {
global $IMPORTED_DATA, $IMPORTED_OBJECT_COUNTER;
// See if anyone handles this element, return true if it is.
+ $to_be_serialised = null;
if ($odd) {
$handled = elgg_trigger_plugin_hook("import", "all", array("element" => $odd), $to_be_serialised);
- }
- // If not, then see if any of its sub elements are handled
- if ($handled) {
- // Increment validation counter
- $IMPORTED_OBJECT_COUNTER ++;
- // Return the constructed object
- $IMPORTED_DATA[] = $handled;
+ // If not, then see if any of its sub elements are handled
+ if ($handled) {
+ // Increment validation counter
+ $IMPORTED_OBJECT_COUNTER ++;
+ // Return the constructed object
+ $IMPORTED_DATA[] = $handled;
- return true;
+ return true;
+ }
}
return false;
@@ -167,7 +164,7 @@ function exportAsArray($guid) {
*
* @param int $guid The GUID.
*
- * @return xml
+ * @return string XML
* @see ElggEntity for an example of its usage.
* @access private
*/
@@ -184,7 +181,7 @@ function export($guid) {
* @param string $xml XML string
*
* @return bool
- * @throws Exception if there was a problem importing the data.
+ * @throws ImportException if there was a problem importing the data.
* @access private
*/
function import($xml) {
diff --git a/engine/lib/extender.php b/engine/lib/extender.php
index 538f601..8323bd3 100644
--- a/engine/lib/extender.php
+++ b/engine/lib/extender.php
@@ -86,6 +86,7 @@ function oddmetadata_to_elggextender(ElggEntity $entity, ODDMetaData $element) {
* @return null
* @elgg_plugin_hook_handler volatile metadata
* @todo investigate more.
+ * @throws ImportException
* @access private
*/
function import_extender_plugin_hook($hook, $entity_type, $returnvalue, $params) {
@@ -94,6 +95,7 @@ function import_extender_plugin_hook($hook, $entity_type, $returnvalue, $params)
$tmp = NULL;
if ($element instanceof ODDMetaData) {
+ /* @var ODDMetaData $element */
// Recall entity
$entity_uuid = $element->getAttribute('entity_uuid');
$entity = get_entity_from_uuid($entity_uuid);
@@ -124,14 +126,20 @@ function import_extender_plugin_hook($hook, $entity_type, $returnvalue, $params)
* @return bool
*/
function can_edit_extender($extender_id, $type, $user_guid = 0) {
- if (!elgg_is_logged_in()) {
- return false;
+ // @todo Since Elgg 1.0, Elgg has returned false from can_edit_extender()
+ // if no user was logged in. This breaks the access override. This is a
+ // temporary work around. This function needs to be rewritten in Elgg 1.9
+ if (!elgg_check_access_overrides($user_guid)) {
+ if (!elgg_is_logged_in()) {
+ return false;
+ }
}
$user_guid = (int)$user_guid;
- $user = get_entity($user_guid);
+ $user = get_user($user_guid);
if (!$user) {
$user = elgg_get_logged_in_user_entity();
+ $user_guid = elgg_get_logged_in_user_guid();
}
$functionname = "elgg_get_{$type}_from_id";
@@ -147,16 +155,16 @@ function can_edit_extender($extender_id, $type, $user_guid = 0) {
/* @var ElggExtender $extender */
// If the owner is the specified user, great! They can edit.
- if ($extender->getOwnerGUID() == $user->getGUID()) {
+ if ($extender->getOwnerGUID() == $user_guid) {
return true;
}
// If the user can edit the entity this is attached to, great! They can edit.
- if (can_edit_entity($extender->entity_guid, $user->getGUID())) {
+ if (can_edit_entity($extender->entity_guid, $user_guid)) {
return true;
}
- // Trigger plugin hooks
+ // Trigger plugin hook - note that $user may be null
$params = array('entity' => $extender->getEntity(), 'user' => $user);
return elgg_trigger_plugin_hook('permissions_check', $type, $params, false);
}
diff --git a/engine/lib/filestore.php b/engine/lib/filestore.php
index 93a1272..a3c7ba4 100644
--- a/engine/lib/filestore.php
+++ b/engine/lib/filestore.php
@@ -308,8 +308,6 @@ function get_image_resize_parameters($width, $height, $options) {
function file_delete($guid) {
if ($file = get_entity($guid)) {
if ($file->canEdit()) {
- $container = get_entity($file->container_guid);
-
$thumbnail = $file->thumbnail;
$smallthumb = $file->smallthumb;
$largethumb = $file->largethumb;
@@ -383,7 +381,7 @@ function file_get_general_file_type($mimetype) {
/**
* Delete a directory and all its contents
*
- * @param str $directory Directory to delete
+ * @param string $directory Directory to delete
*
* @return bool
*/
@@ -500,7 +498,7 @@ function filestore_init() {
/**
* Unit tests for files
*
- * @param sting $hook unit_test
+ * @param string $hook unit_test
* @param string $type system
* @param mixed $value Array of tests
* @param mixed $params Params
diff --git a/engine/lib/group.php b/engine/lib/group.php
index 5a38e1e..6ded8a8 100644
--- a/engine/lib/group.php
+++ b/engine/lib/group.php
@@ -170,7 +170,7 @@ function get_group_members($group_guid, $limit = 10, $offset = 0, $site_guid = 0
'relationship' => 'member',
'relationship_guid' => $group_guid,
'inverse_relationship' => TRUE,
- 'types' => 'user',
+ 'type' => 'user',
'limit' => $limit,
'offset' => $offset,
'count' => $count,
@@ -240,9 +240,11 @@ function leave_group($group_guid, $user_guid) {
*/
function get_users_membership($user_guid) {
$options = array(
+ 'type' => 'group',
'relationship' => 'member',
'relationship_guid' => $user_guid,
- 'inverse_relationship' => FALSE
+ 'inverse_relationship' => false,
+ 'limit' => false,
);
return elgg_get_entities_from_relationship($options);
}
diff --git a/engine/lib/input.php b/engine/lib/input.php
index 6d1646e..80b0b87 100644
--- a/engine/lib/input.php
+++ b/engine/lib/input.php
@@ -60,8 +60,8 @@ function get_input($variable, $default = NULL, $filter_result = TRUE) {
*
* Note: this function does not handle nested arrays (ex: form input of param[m][n])
*
- * @param string $variable The name of the variable
- * @param string $value The value of the variable
+ * @param string $variable The name of the variable
+ * @param string|string[] $value The value of the variable
*
* @return void
*/
@@ -226,6 +226,8 @@ function elgg_clear_sticky_value($form_name, $variable) {
/**
* Page handler for autocomplete endpoint.
*
+ * @todo split this into functions/objects, this is way too big
+ *
* /livesearch?q=<query>
*
* Other options include:
@@ -233,6 +235,7 @@ function elgg_clear_sticky_value($form_name, $variable) {
* match_owner int 0/1
* limit int default is 10
*
+ * @param array $page
* @return string JSON string is returned and then exit
* @access private
*/
@@ -265,10 +268,8 @@ function input_livesearch_page_handler($page) {
}
if (get_input('match_owner', false)) {
- $owner_guid = $user->getGUID();
$owner_where = 'AND e.owner_guid = ' . $user->getGUID();
} else {
- $owner_guid = null;
$owner_where = '';
}
@@ -289,7 +290,9 @@ function input_livesearch_page_handler($page) {
if ($entities = get_data($query)) {
foreach ($entities as $entity) {
+ // @todo use elgg_get_entities (don't query in a loop!)
$entity = get_entity($entity->guid);
+ /* @var ElggUser $entity */
if (!$entity) {
continue;
}
@@ -338,7 +341,9 @@ function input_livesearch_page_handler($page) {
";
if ($entities = get_data($query)) {
foreach ($entities as $entity) {
+ // @todo use elgg_get_entities (don't query in a loop!)
$entity = get_entity($entity->guid);
+ /* @var ElggGroup $entity */
if (!$entity) {
continue;
}
@@ -385,7 +390,9 @@ function input_livesearch_page_handler($page) {
if ($entities = get_data($query)) {
foreach ($entities as $entity) {
+ // @todo use elgg_get_entities (don't query in a loop!)
$entity = get_entity($entity->guid);
+ /* @var ElggUser $entity */
if (!$entity) {
continue;
}
diff --git a/engine/lib/languages.php b/engine/lib/languages.php
index 98006f7..61ba91d 100644
--- a/engine/lib/languages.php
+++ b/engine/lib/languages.php
@@ -77,7 +77,7 @@ function elgg_echo($message_key, $args = array(), $language = "") {
* @param string $country_code Standard country code (eg 'en', 'nl', 'es')
* @param array $language_array Formatted array of strings
*
- * @return true|false Depending on success
+ * @return bool Depending on success
*/
function add_translation($country_code, $language_array) {
global $CONFIG;
@@ -104,8 +104,6 @@ function add_translation($country_code, $language_array) {
* @return string The language code for the site/user or "en" if not set
*/
function get_current_language() {
- global $CONFIG;
-
$language = get_language();
if (!$language) {
@@ -141,6 +139,9 @@ function get_language() {
return false;
}
+/**
+ * @access private
+ */
function _elgg_load_translations() {
global $CONFIG;
@@ -148,7 +149,7 @@ function _elgg_load_translations() {
$loaded = true;
$languages = array_unique(array('en', get_current_language()));
foreach ($languages as $language) {
- $data = elgg_load_system_cache("$language.php");
+ $data = elgg_load_system_cache("$language.lang");
if ($data) {
add_translation($language, unserialize($data));
} else {
@@ -177,7 +178,7 @@ function _elgg_load_translations() {
* @param bool $load_all If true all languages are loaded, if
* false only the current language + en are loaded
*
- * @return void
+ * @return bool success
*/
function register_translations($path, $load_all = false) {
global $CONFIG;
@@ -229,23 +230,37 @@ function register_translations($path, $load_all = false) {
/**
* Reload all translations from all registered paths.
*
- * This is only called by functions which need to know all possible translations, namely the
- * statistic gathering ones.
+ * This is only called by functions which need to know all possible translations.
*
* @todo Better on demand loading based on language_paths array
*
- * @return bool
+ * @return void
*/
function reload_all_translations() {
global $CONFIG;
static $LANG_RELOAD_ALL_RUN;
if ($LANG_RELOAD_ALL_RUN) {
- return null;
+ return;
}
- foreach ($CONFIG->language_paths as $path => $dummy) {
- register_translations($path, true);
+ if ($CONFIG->i18n_loaded_from_cache) {
+ $cache = elgg_get_system_cache();
+ $cache_dir = $cache->getVariable("cache_path");
+ $filenames = elgg_get_file_list($cache_dir, array(), array(), array(".lang"));
+ foreach ($filenames as $filename) {
+ if (preg_match('/([a-z]+)\.[^.]+$/', $filename, $matches)) {
+ $language = $matches[1];
+ $data = elgg_load_system_cache("$language.lang");
+ if ($data) {
+ add_translation($language, unserialize($data));
+ }
+ }
+ }
+ } else {
+ foreach ($CONFIG->language_paths as $path => $dummy) {
+ register_translations($path, true);
+ }
}
$LANG_RELOAD_ALL_RUN = true;
@@ -337,14 +352,3 @@ function get_missing_language_keys($language) {
return false;
}
-
-/**
- * Initialize the language library
- * @access private
- */
-function elgg_languages_init() {
- $lang = get_current_language();
- elgg_register_simplecache_view("js/languages/$lang");
-}
-
-elgg_register_event_handler('init', 'system', 'elgg_languages_init');
diff --git a/engine/lib/location.php b/engine/lib/location.php
index 5b88950..1534c7d 100644
--- a/engine/lib/location.php
+++ b/engine/lib/location.php
@@ -101,7 +101,7 @@ function elgg_get_entities_from_location(array $options = array()) {
$long_min = $long - $long_distance;
$long_max = $long + $long_distance;
- $where = array();
+ $wheres = array();
$wheres[] = "lat_name.string='geo:lat'";
$wheres[] = "lat_value.string >= $lat_min";
$wheres[] = "lat_value.string <= $lat_max";
@@ -139,7 +139,7 @@ function elgg_get_entities_from_location(array $options = array()) {
/**
* Returns a viewable list of entities from location
*
- * @param array $options
+ * @param array $options Options array
*
* @see elgg_list_entities()
* @see elgg_get_entities_from_location()
diff --git a/engine/lib/mb_wrapper.php b/engine/lib/mb_wrapper.php
index c2f5503..68fa690 100644
--- a/engine/lib/mb_wrapper.php
+++ b/engine/lib/mb_wrapper.php
@@ -11,7 +11,7 @@ if (is_callable('mb_internal_encoding')) {
* NOTE: This differs from parse_str() by returning the results
* instead of placing them in the local scope!
*
- * @param str $str The string
+ * @param string $str The string
*
* @return array
* @since 1.7.0
diff --git a/engine/lib/memcache.php b/engine/lib/memcache.php
index f79fba4..79b87e8 100644
--- a/engine/lib/memcache.php
+++ b/engine/lib/memcache.php
@@ -35,3 +35,23 @@ function is_memcache_available() {
return $memcache_available;
}
+
+/**
+ * Invalidate an entity in memcache
+ *
+ * @param int $entity_guid The GUID of the entity to invalidate
+ *
+ * @return void
+ * @access private
+ */
+function _elgg_invalidate_memcache_for_entity($entity_guid) {
+ static $newentity_cache;
+
+ if ((!$newentity_cache) && (is_memcache_available())) {
+ $newentity_cache = new ElggMemcache('new_entity_cache');
+ }
+
+ if ($newentity_cache) {
+ $newentity_cache->delete($entity_guid);
+ }
+} \ No newline at end of file
diff --git a/engine/lib/metadata.php b/engine/lib/metadata.php
index f76c20f..fdb1b85 100644
--- a/engine/lib/metadata.php
+++ b/engine/lib/metadata.php
@@ -191,19 +191,19 @@ function update_metadata($id, $name, $value, $value_type, $owner_guid, $access_i
}
// Add the metastring
- $value = add_metastring($value);
- if (!$value) {
+ $value_id = add_metastring($value);
+ if (!$value_id) {
return false;
}
- $name = add_metastring($name);
- if (!$name) {
+ $name_id = add_metastring($name);
+ if (!$name_id) {
return false;
}
// If ok then add it
$query = "UPDATE {$CONFIG->dbprefix}metadata"
- . " set name_id='$name', value_id='$value', value_type='$value_type', access_id=$access_id,"
+ . " set name_id='$name_id', value_id='$value_id', value_type='$value_type', access_id=$access_id,"
. " owner_guid=$owner_guid where id=$id";
$result = update_data($query);
@@ -277,10 +277,18 @@ $access_id = ACCESS_PRIVATE, $allow_multiple = false) {
* all metadata that match the query instead of returning
* ElggMetadata objects.
*
- * @return mixed
+ * @return ElggMetadata[]|mixed
* @since 1.8.0
*/
function elgg_get_metadata(array $options = array()) {
+
+ // @todo remove support for count shortcut - see #4393
+ // support shortcut of 'count' => true for 'metadata_calculation' => 'count'
+ if (isset($options['count']) && $options['count']) {
+ $options['metadata_calculation'] = 'count';
+ unset($options['count']);
+ }
+
$options['metastring_type'] = 'metadata';
return elgg_get_metastring_based_objects($options);
}
@@ -292,21 +300,22 @@ function elgg_get_metadata(array $options = array()) {
* This requires at least one constraint: metadata_owner_guid(s),
* metadata_name(s), metadata_value(s), or guid(s) must be set.
*
- * @warning This returns null on no ops.
- *
* @param array $options An options array. {@see elgg_get_metadata()}
- * @return mixed Null if the metadata name is invalid. Bool on success or fail.
+ * @return bool|null true on success, false on failure, null if no metadata to delete.
* @since 1.8.0
*/
function elgg_delete_metadata(array $options) {
if (!elgg_is_valid_options_for_batch_operation($options, 'metadata')) {
return false;
}
+ $options['metastring_type'] = 'metadata';
+ $result = elgg_batch_metastring_based_objects($options, 'elgg_batch_delete_callback', false);
+ // This moved last in case an object's constructor sets metadata. Currently the batch
+ // delete process has to create the entity to delete its metadata. See #5214
elgg_get_metadata_cache()->invalidateByOptions('delete', $options);
- $options['metastring_type'] = 'metadata';
- return elgg_batch_metastring_based_objects($options, 'elgg_batch_delete_callback', false);
+ return $result;
}
/**
@@ -314,10 +323,8 @@ function elgg_delete_metadata(array $options) {
*
* @warning Unlike elgg_get_metadata() this will not accept an empty options array!
*
- * @warning This returns null on no ops.
- *
* @param array $options An options array. {@See elgg_get_metadata()}
- * @return mixed
+ * @return bool|null true on success, false on failure, null if no metadata disabled.
* @since 1.8.0
*/
function elgg_disable_metadata(array $options) {
@@ -326,9 +333,13 @@ function elgg_disable_metadata(array $options) {
}
elgg_get_metadata_cache()->invalidateByOptions('disable', $options);
+
+ // if we can see hidden (disabled) we need to use the offset
+ // otherwise we risk an infinite loop if there are more than 50
+ $inc_offset = access_get_show_hidden_status();
$options['metastring_type'] = 'metadata';
- return elgg_batch_metastring_based_objects($options, 'elgg_batch_disable_callback', false);
+ return elgg_batch_metastring_based_objects($options, 'elgg_batch_disable_callback', $inc_offset);
}
/**
@@ -336,10 +347,11 @@ function elgg_disable_metadata(array $options) {
*
* @warning Unlike elgg_get_metadata() this will not accept an empty options array!
*
- * @warning This returns null on no ops.
+ * @warning In order to enable metadata, you must first use
+ * {@link access_show_hidden_entities()}.
*
* @param array $options An options array. {@See elgg_get_metadata()}
- * @return mixed
+ * @return bool|null true on success, false on failure, null if no metadata enabled.
* @since 1.8.0
*/
function elgg_enable_metadata(array $options) {
@@ -394,9 +406,11 @@ function elgg_enable_metadata(array $options) {
* 'operand' => '=',
* 'case_sensitive' => TRUE
* )
- * Currently if multiple values are sent via
+ * Currently if multiple values are sent via
* an array (value => array('value1', 'value2')
* the pair's operand will be forced to "IN".
+ * If passing "IN" as the operand and a string as the value,
+ * the value must be a properly quoted and escaped string.
*
* metadata_name_value_pairs_operator => NULL|STR The operator to use for combining
* (name = value) OPERATOR (name = value); default AND
@@ -412,7 +426,7 @@ function elgg_enable_metadata(array $options) {
*
* metadata_owner_guids => NULL|ARR guids for metadata owners
*
- * @return mixed If count, int. If not count, array. false on errors.
+ * @return ElggEntity[]|mixed If count, int. If not count, array. false on errors.
* @since 1.7.0
*/
function elgg_get_entities_from_metadata(array $options = array()) {
@@ -461,7 +475,7 @@ function elgg_get_entities_from_metadata(array $options = array()) {
* @param array|null $order_by_metadata Array of names / direction
* @param array|null $owner_guids Array of owner GUIDs
*
- * @return FALSE|array False on fail, array('joins', 'wheres')
+ * @return false|array False on fail, array('joins', 'wheres')
* @since 1.7.0
* @access private
*/
@@ -608,6 +622,8 @@ $owner_guids = NULL) {
// if the operand is IN don't quote it because quoting should be done already.
if (is_numeric($pair['value'])) {
$value = sanitise_string($pair['value']);
+ } else if (is_bool($pair['value'])) {
+ $value = (int) $pair['value'];
} else if (is_array($pair['value'])) {
$values_array = array();
@@ -774,10 +790,10 @@ function string_to_tag_array($string) {
$ar = explode(",", $string);
$ar = array_map('trim', $ar);
$ar = array_filter($ar, 'is_not_null');
+ $ar = array_map('strip_tags', $ar);
return $ar;
}
return false;
-
}
/**
@@ -909,8 +925,8 @@ function elgg_get_metadata_cache() {
* Invalidate the metadata cache based on options passed to various *_metadata functions
*
* @param string $action Action performed on metadata. "delete", "disable", or "enable"
- *
- * @param array $options Options passed to elgg_(delete|disable|enable)_metadata
+ * @param array $options Options passed to elgg_(delete|disable|enable)_metadata
+ * @return void
*/
function elgg_invalidate_metadata_cache($action, array $options) {
// remove as little as possible, optimizing for common cases
diff --git a/engine/lib/metastrings.php b/engine/lib/metastrings.php
index cf6dd4d..57d876c 100644
--- a/engine/lib/metastrings.php
+++ b/engine/lib/metastrings.php
@@ -67,7 +67,7 @@ function get_metastring_id($string, $case_sensitive = TRUE) {
}
$row = FALSE;
- $metaStrings = get_data($query, "entity_row_to_elggstar");
+ $metaStrings = get_data($query);
if (is_array($metaStrings)) {
if (sizeof($metaStrings) > 1) {
$ids = array();
@@ -389,11 +389,6 @@ function elgg_get_metastring_based_objects($options) {
$selects = $options['selects'];
- // allow count shortcut
- if ($options['count']) {
- $options['metastring_calculation'] = 'count';
- }
-
// For performance reasons we don't want the joins required for metadata / annotations
// unless we're going through one of their callbacks.
// this means we expect the functions passing different callbacks to pass their required joins.
@@ -426,9 +421,11 @@ function elgg_get_metastring_based_objects($options) {
if ($metastring_clauses) {
$wheres = array_merge($wheres, $metastring_clauses['wheres']);
$joins = array_merge($joins, $metastring_clauses['joins']);
+ } else {
+ $wheres[] = get_access_sql_suffix('n_table');
}
- if ($options['metastring_calculation'] === ELGG_ENTITIES_NO_VALUE) {
+ if ($options['metastring_calculation'] === ELGG_ENTITIES_NO_VALUE && !$options['count']) {
$selects = array_unique($selects);
// evalutate selects
$select_str = '';
@@ -439,6 +436,9 @@ function elgg_get_metastring_based_objects($options) {
}
$query = "SELECT DISTINCT n_table.*{$select_str} FROM {$db_prefix}$type n_table";
+ } elseif ($options['count']) {
+ // count is over the entities
+ $query = "SELECT count(DISTINCT e.guid) as calculation FROM {$db_prefix}$type n_table";
} else {
$query = "SELECT {$options['metastring_calculation']}(v.string) as calculation FROM {$db_prefix}$type n_table";
}
@@ -467,7 +467,7 @@ function elgg_get_metastring_based_objects($options) {
$defaults['order_by']);
}
- if ($options['metastring_calculation'] === ELGG_ENTITIES_NO_VALUE) {
+ if ($options['metastring_calculation'] === ELGG_ENTITIES_NO_VALUE && !$options['count']) {
if (isset($options['group_by'])) {
$options['group_by'] = sanitise_string($options['group_by']);
$query .= " GROUP BY {$options['group_by']}";
@@ -515,21 +515,16 @@ function elgg_get_metastring_sql($table, $names = null, $values = null,
&& !$ids
&& (!$pairs && $pairs !== 0)) {
- return '';
+ return array();
}
$db_prefix = elgg_get_config('dbprefix');
- // join counter for incremental joins.
- $i = 1;
-
// binary forces byte-to-byte comparision of strings, making
// it case- and diacritical-mark- sensitive.
// only supported on values.
$binary = ($case_sensitive) ? ' BINARY ' : '';
- $access = get_access_sql_suffix($table);
-
$return = array (
'joins' => array (),
'wheres' => array()
@@ -594,13 +589,15 @@ function elgg_get_metastring_sql($table, $names = null, $values = null,
}
if ($names_where && $values_where) {
- $wheres[] = "($names_where AND $values_where AND $access)";
+ $wheres[] = "($names_where AND $values_where)";
} elseif ($names_where) {
- $wheres[] = "($names_where AND $access)";
+ $wheres[] = $names_where;
} elseif ($values_where) {
- $wheres[] = "($values_where AND $access)";
+ $wheres[] = $values_where;
}
+ $wheres[] = get_access_sql_suffix($table);
+
if ($where = implode(' AND ', $wheres)) {
$return['wheres'][] = "($where)";
}
@@ -663,9 +660,10 @@ function elgg_normalize_metastrings_options(array $options = array()) {
*
* @param int $id The object's ID
* @param string $enabled Value to set to: yes or no
- * @param string $type The type of table to use: metadata or anntations
+ * @param string $type The type of table to use: metadata or annotations
*
* @return bool
+ * @throws InvalidParameterException
* @since 1.8.0
* @access private
*/
@@ -740,7 +738,7 @@ function elgg_batch_metastring_based_objects(array $options, $callback, $inc_off
*
* @param int $id The metastring-based object's ID
* @param string $type The type: annotation or metadata
- * @return mixed
+ * @return ElggMetadata|ElggAnnotation
*
* @since 1.8.0
* @access private
@@ -806,6 +804,7 @@ function elgg_delete_metastring_based_object_by_id($id, $type) {
}
if ($metabyname_memcache) {
+ // @todo why name_id? is that even populated?
$metabyname_memcache->delete("{$obj->entity_guid}:{$obj->name_id}");
}
}
diff --git a/engine/lib/navigation.php b/engine/lib/navigation.php
index 86624cd..ab9cc05 100644
--- a/engine/lib/navigation.php
+++ b/engine/lib/navigation.php
@@ -126,6 +126,7 @@ function elgg_unregister_menu_item($menu_name, $item_name) {
}
foreach ($CONFIG->menus[$menu_name] as $index => $menu_object) {
+ /* @var ElggMenuItem $menu_object */
if ($menu_object->getName() == $item_name) {
unset($CONFIG->menus[$menu_name][$index]);
return true;
@@ -151,7 +152,8 @@ function elgg_is_menu_item_registered($menu_name, $item_name) {
return false;
}
- foreach ($CONFIG->menus[$menu_name] as $index => $menu_object) {
+ foreach ($CONFIG->menus[$menu_name] as $menu_object) {
+ /* @var ElggMenuItem $menu_object */
if ($menu_object->getName() == $item_name) {
return true;
}
@@ -216,7 +218,7 @@ function elgg_push_breadcrumb($title, $link = NULL) {
}
// avoid key collisions.
- $CONFIG->breadcrumbs[] = array('title' => $title, 'link' => $link);
+ $CONFIG->breadcrumbs[] = array('title' => elgg_get_excerpt($title, 100), 'link' => $link);
}
/**
@@ -311,8 +313,8 @@ function elgg_site_menu_setup($hook, $type, $return, $params) {
// check if we have anything selected
$selected = false;
- foreach ($return as $section_name => $section) {
- foreach ($section as $key => $item) {
+ foreach ($return as $section) {
+ foreach ($section as $item) {
if ($item->getSelected()) {
$selected = true;
break 2;
@@ -321,7 +323,8 @@ function elgg_site_menu_setup($hook, $type, $return, $params) {
}
if (!$selected) {
- // nothing selected, match name to context
+ // nothing selected, match name to context or match url
+ $current_url = current_page_url();
foreach ($return as $section_name => $section) {
foreach ($section as $key => $item) {
// only highlight internal links
@@ -330,6 +333,10 @@ function elgg_site_menu_setup($hook, $type, $return, $params) {
$return[$section_name][$key]->setSelected(true);
break 2;
}
+ if ($item->getHref() == $current_url) {
+ $return[$section_name][$key]->setSelected(true);
+ break 2;
+ }
}
}
}
@@ -345,6 +352,7 @@ function elgg_site_menu_setup($hook, $type, $return, $params) {
function elgg_river_menu_setup($hook, $type, $return, $params) {
if (elgg_is_logged_in()) {
$item = $params['item'];
+ /* @var ElggRiverItem $item */
$object = $item->getObjectEntity();
// comments and non-objects cannot be commented on or liked
if (!elgg_in_context('widgets') && $item->annotation_id == 0) {
@@ -388,6 +396,7 @@ function elgg_entity_menu_setup($hook, $type, $return, $params) {
}
$entity = $params['entity'];
+ /* @var ElggEntity $entity */
$handler = elgg_extract('handler', $params, false);
// access
@@ -433,6 +442,7 @@ function elgg_entity_menu_setup($hook, $type, $return, $params) {
function elgg_widget_menu_setup($hook, $type, $return, $params) {
$widget = $params['entity'];
+ /* @var ElggWidget $widget */
$show_edit = elgg_extract('show_edit', $params, true);
$collapse = array(
@@ -481,6 +491,7 @@ function elgg_widget_menu_setup($hook, $type, $return, $params) {
*/
function elgg_annotation_menu_setup($hook, $type, $return, $params) {
$annotation = $params['annotation'];
+ /* @var ElggAnnotation $annotation */
if ($annotation->name == 'generic_comment' && $annotation->canEdit()) {
$url = elgg_http_add_url_query_elements('action/comments/delete', array(
diff --git a/engine/lib/notification.php b/engine/lib/notification.php
index 9e3c075..be0c359 100644
--- a/engine/lib/notification.php
+++ b/engine/lib/notification.php
@@ -86,7 +86,7 @@ function unregister_notification_handler($method) {
* @throws NotificationException
*/
function notify_user($to, $from, $subject, $message, array $params = NULL, $methods_override = "") {
- global $NOTIFICATION_HANDLERS, $CONFIG;
+ global $NOTIFICATION_HANDLERS;
// Sanitise
if (!is_array($to)) {
@@ -110,12 +110,15 @@ function notify_user($to, $from, $subject, $message, array $params = NULL, $meth
// Are we overriding delivery?
$methods = $methods_override;
if (!$methods) {
- $tmp = (array)get_user_notification_settings($guid);
+ $tmp = get_user_notification_settings($guid);
$methods = array();
- foreach ($tmp as $k => $v) {
- // Add method if method is turned on for user!
- if ($v) {
- $methods[] = $k;
+ // $tmp may be false. don't cast
+ if (is_object($tmp)) {
+ foreach ($tmp as $k => $v) {
+ // Add method if method is turned on for user!
+ if ($v) {
+ $methods[] = $k;
+ }
}
}
}
@@ -165,7 +168,7 @@ function notify_user($to, $from, $subject, $message, array $params = NULL, $meth
*
* @param int $user_guid The user id
*
- * @return stdClass
+ * @return stdClass|false
*/
function get_user_notification_settings($user_guid = 0) {
$user_guid = (int)$user_guid;
@@ -174,7 +177,8 @@ function get_user_notification_settings($user_guid = 0) {
$user_guid = elgg_get_logged_in_user_guid();
}
- // @todo: holy crap, really?
+ // @todo: there should be a better way now that metadata is cached. E.g. just query for MD names, then
+ // query user object directly
$all_metadata = elgg_get_metadata(array(
'guid' => $user_guid,
'limit' => 0
@@ -237,6 +241,7 @@ function set_user_notification_setting($user_guid, $method, $value) {
* @param array $params Optional parameters (none taken in this instance)
*
* @return bool
+ * @throws NotificationException
* @access private
*/
function email_notify_handler(ElggEntity $from, ElggUser $to, $subject, $message,
@@ -263,7 +268,7 @@ array $params = NULL) {
$to = $to->email;
// From
- $site = get_entity($CONFIG->site_guid);
+ $site = elgg_get_site_entity();
// If there's an email address, use it - but only if its not from a user.
if (!($from instanceof ElggUser) && $from->email) {
$from = $from->email;
@@ -288,6 +293,7 @@ array $params = NULL) {
* @param array $params Optional parameters (none used in this function)
*
* @return bool
+ * @throws NotificationException
* @since 1.7.2
*/
function elgg_send_email($from, $to, $subject, $body, array $params = NULL) {
@@ -344,6 +350,8 @@ function elgg_send_email($from, $to, $subject, $body, array $params = NULL) {
// Sanitise subject by stripping line endings
$subject = preg_replace("/(\r\n|\r|\n)/", " ", $subject);
+ // this is because Elgg encodes everything and matches what is done with body
+ $subject = html_entity_decode($subject, ENT_COMPAT, 'UTF-8'); // Decode any html entities
if (is_callable('mb_encode_mimeheader')) {
$subject = mb_encode_mimeheader($subject, "UTF-8", "B");
}
@@ -422,7 +430,7 @@ function register_notification_object($entity_type, $object_subtype, $language_n
* @param int $user_guid The GUID of the user who wants to follow a user's content
* @param int $author_guid The GUID of the user whose content the user wants to follow
*
- * @return true|false Depending on success
+ * @return bool Depending on success
*/
function register_notification_interest($user_guid, $author_guid) {
return add_entity_relationship($user_guid, 'notify', $author_guid);
@@ -434,7 +442,7 @@ function register_notification_interest($user_guid, $author_guid) {
* @param int $user_guid The GUID of the user who is following a user's content
* @param int $author_guid The GUID of the user whose content the user wants to unfollow
*
- * @return true|false Depending on success
+ * @return bool Depending on success
*/
function remove_notification_interest($user_guid, $author_guid) {
return remove_entity_relationship($user_guid, 'notify', $author_guid);
@@ -450,12 +458,13 @@ function remove_notification_interest($user_guid, $author_guid) {
* @param string $object_type mixed
* @param mixed $object The object created
*
- * @return void
+ * @return bool
* @access private
*/
function object_notifications($event, $object_type, $object) {
// We only want to trigger notification events for ElggEntities
if ($object instanceof ElggEntity) {
+ /* @var ElggEntity $object */
// Get config data
global $CONFIG, $SESSION, $NOTIFICATION_HANDLERS;
@@ -492,9 +501,10 @@ function object_notifications($event, $object_type, $object) {
'relationship' => 'notify' . $method,
'relationship_guid' => $object->container_guid,
'inverse_relationship' => TRUE,
- 'types' => 'user',
- 'limit' => 99999
+ 'type' => 'user',
+ 'limit' => false
));
+ /* @var ElggUser[] $interested_users */
if ($interested_users && is_array($interested_users)) {
foreach ($interested_users as $user) {
diff --git a/engine/lib/objects.php b/engine/lib/objects.php
index e5e8f67..ff3cc73 100644
--- a/engine/lib/objects.php
+++ b/engine/lib/objects.php
@@ -93,16 +93,16 @@ function get_object_sites($object_guid, $limit = 10, $offset = 0) {
return elgg_get_entities_from_relationship(array(
'relationship' => 'member_of_site',
'relationship_guid' => $object_guid,
- 'types' => 'site',
+ 'type' => 'site',
'limit' => $limit,
- 'offset' => $offset
+ 'offset' => $offset,
));
}
/**
* Runs unit tests for ElggObject
*
- * @param sting $hook unit_test
+ * @param string $hook unit_test
* @param string $type system
* @param mixed $value Array of tests
* @param mixed $params Params
diff --git a/engine/lib/opendd.php b/engine/lib/opendd.php
index f00ea6a..7d635a2 100644
--- a/engine/lib/opendd.php
+++ b/engine/lib/opendd.php
@@ -7,6 +7,8 @@
* @version 0.4
*/
+// @codingStandardsIgnoreStart
+
/**
* Attempt to construct an ODD object out of a XmlElement or sub-elements.
*
@@ -103,3 +105,5 @@ function ODD_Import($xml) {
function ODD_Export(ODDDocument $document) {
return "$document";
}
+
+// @codingStandardsIgnoreEnd
diff --git a/engine/lib/output.php b/engine/lib/output.php
index 9295f21..de4f911 100644
--- a/engine/lib/output.php
+++ b/engine/lib/output.php
@@ -12,29 +12,34 @@
*
* @param string $text The input string
*
- * @return string The output stirng with formatted links
- **/
+ * @return string The output string with formatted links
+ */
function parse_urls($text) {
+
+ // URI specification: http://www.ietf.org/rfc/rfc3986.txt
+ // This varies from the specification in the following ways:
+ // * Supports non-ascii characters
+ // * Does not allow parentheses and single quotes
+ // * Cuts off commas, exclamation points, and periods off as last character
+
// @todo this causes problems with <attr = "val">
// must be in <attr="val"> format (no space).
// By default htmlawed rewrites tags to this format.
// if PHP supported conditional negative lookbehinds we could use this:
// $r = preg_replace_callback('/(?<!=)(?<![ ])?(?<!["\'])((ht|f)tps?:\/\/[^\s\r\n\t<>"\'\!\(\),]+)/i',
- //
- // we can put , in the list of excluded char but need to keep . because of domain names.
- // it is removed in the callback.
- $r = preg_replace_callback('/(?<!=)(?<!["\'])((ht|f)tps?:\/\/[^\s\r\n\t<>"\'\!\(\),]+)/i',
+ $r = preg_replace_callback('/(?<![=\/"\'])((ht|f)tps?:\/\/[^\s\r\n\t<>"\']+)/i',
create_function(
'$matches',
'
$url = $matches[1];
- $period = \'\';
- if (substr($url, -1, 1) == \'.\') {
- $period = \'.\';
- $url = trim($url, \'.\');
+ $punc = "";
+ $last = substr($url, -1, 1);
+ if (in_array($last, array(".", "!", ",", "(", ")"))) {
+ $punc = $last;
+ $url = rtrim($url, ".!,()");
}
$urltext = str_replace("/", "/<wbr />", $url);
- return "<a href=\"$url\">$urltext</a>$period";
+ return "<a href=\"$url\" rel=\"nofollow\">$urltext</a>$punc";
'
), $text);
@@ -224,7 +229,6 @@ function elgg_normalize_url($url) {
$php_5_3_0_to_5_3_2 = version_compare(PHP_VERSION, '5.3.0', '>=') &&
version_compare(PHP_VERSION, '5.3.3', '<');
- $validated = false;
if ($php_5_2_13_and_below || $php_5_3_0_to_5_3_2) {
$tmp_address = str_replace("-", "", $url);
$validated = filter_var($tmp_address, FILTER_VALIDATE_URL);
@@ -285,11 +289,9 @@ function elgg_get_friendly_title($title) {
return $result;
}
- // handle some special cases
- $title = str_replace('&amp;', 'and', $title);
- // quotes and angle brackets stored in the database as html encoded
- $title = htmlspecialchars_decode($title);
-
+ // titles are often stored HTML encoded
+ $title = html_entity_decode($title, ENT_QUOTES, 'UTF-8');
+
$title = ElggTranslit::urlize($title);
return $title;
@@ -419,9 +421,28 @@ function _elgg_html_decode($string) {
}
/**
+ * Prepares query string for output to prevent CSRF attacks.
+ *
+ * @param string $string
+ * @return string
+ *
+ * @access private
+ */
+function _elgg_get_display_query($string) {
+ //encode <,>,&, quotes and characters above 127
+ if (function_exists('mb_convert_encoding')) {
+ $display_query = mb_convert_encoding($string, 'HTML-ENTITIES', 'UTF-8');
+ } else {
+ // if no mbstring extension, we just strip characters
+ $display_query = preg_replace("/[^\x01-\x7F]/", "", $string);
+ }
+ return htmlspecialchars($display_query, ENT_QUOTES, 'UTF-8', false);
+}
+
+/**
* Unit tests for Output
*
- * @param sting $hook unit_test
+ * @param string $hook unit_test
* @param string $type system
* @param mixed $value Array of tests
* @param mixed $params Params
diff --git a/engine/lib/pageowner.php b/engine/lib/pageowner.php
index 94765fe..bd63d08 100644
--- a/engine/lib/pageowner.php
+++ b/engine/lib/pageowner.php
@@ -29,7 +29,9 @@ function elgg_get_page_owner_guid($guid = 0) {
// return guid of page owner entity
$guid = elgg_trigger_plugin_hook('page_owner', 'system', NULL, 0);
- $page_owner_guid = $guid;
+ if ($guid) {
+ $page_owner_guid = $guid;
+ }
return $guid;
}
@@ -39,7 +41,7 @@ function elgg_get_page_owner_guid($guid = 0) {
*
* @note Access is disabled when getting the page owner entity.
*
- * @return ElggEntity|false The current page owner or false if none.
+ * @return ElggUser|ElggGroup|false The current page owner or false if none.
*
* @since 1.8.0
*/
@@ -113,6 +115,7 @@ function default_page_owner_handler($hook, $entity_type, $returnvalue, $params)
}
if ($user = get_user_by_username($username)) {
+ elgg_set_ignore_access($ia);
return $user->getGUID();
}
}
diff --git a/engine/lib/plugins.php b/engine/lib/plugins.php
index 94aff27..d5d3db4 100644
--- a/engine/lib/plugins.php
+++ b/engine/lib/plugins.php
@@ -91,7 +91,9 @@ function elgg_get_plugin_ids_in_dir($dir = null) {
* @access private
*/
function elgg_generate_plugin_entities() {
+ // @todo $site unused, can remove?
$site = get_config('site');
+
$dir = elgg_get_plugins_path();
$db_prefix = elgg_get_config('dbprefix');
@@ -107,6 +109,7 @@ function elgg_generate_plugin_entities() {
$old_access = access_get_show_hidden_status();
access_show_hidden_entities(true);
$known_plugins = elgg_get_entities_from_relationship($options);
+ /* @var ElggPlugin[] $known_plugins */
if (!$known_plugins) {
$known_plugins = array();
@@ -138,7 +141,7 @@ function elgg_generate_plugin_entities() {
$index = $id_map[$plugin_id];
$plugin = $known_plugins[$index];
// was this plugin deleted and its entity disabled?
- if ($plugin->enabled != 'yes') {
+ if (!$plugin->isEnabled()) {
$plugin->enable();
$plugin->deactivate();
$plugin->setPriority('last');
@@ -192,7 +195,7 @@ function _elgg_cache_plugin_by_id(ElggPlugin $plugin) {
* Returns an ElggPlugin object with the path $path.
*
* @param string $plugin_id The id (dir name) of the plugin. NOT the guid.
- * @return mixed ElggPlugin or false.
+ * @return ElggPlugin|false
* @since 1.8.0
*/
function elgg_get_plugin_from_id($plugin_id) {
@@ -260,6 +263,8 @@ function elgg_get_max_plugin_priority() {
$data = get_data($q);
if ($data) {
$max = $data[0]->max;
+ } else {
+ $max = 1;
}
// can't have a priority of 0.
@@ -306,13 +311,11 @@ function elgg_is_active_plugin($plugin_id, $site_guid = null) {
* @access private
*/
function elgg_load_plugins() {
- global $CONFIG;
-
$plugins_path = elgg_get_plugins_path();
- $start_flags = ELGG_PLUGIN_INCLUDE_START
- | ELGG_PLUGIN_REGISTER_VIEWS
- | ELGG_PLUGIN_REGISTER_LANGUAGES
- | ELGG_PLUGIN_REGISTER_CLASSES;
+ $start_flags = ELGG_PLUGIN_INCLUDE_START |
+ ELGG_PLUGIN_REGISTER_VIEWS |
+ ELGG_PLUGIN_REGISTER_LANGUAGES |
+ ELGG_PLUGIN_REGISTER_CLASSES;
if (!$plugins_path) {
return false;
@@ -360,7 +363,7 @@ function elgg_load_plugins() {
*
* @param string $status The status of the plugins. active, inactive, or all.
* @param mixed $site_guid Optional site guid
- * @return array
+ * @return ElggPlugin[]
* @since 1.8.0
* @access private
*/
@@ -441,6 +444,7 @@ function elgg_set_plugin_priorities(array $order) {
// though we do start with 1
$order = array_values($order);
+ $missing_plugins = array();
foreach ($plugins as $plugin) {
$plugin_id = $plugin->getID();
@@ -639,19 +643,18 @@ function elgg_get_plugins_provides($type = null, $name = null) {
* @access private
*/
function elgg_check_plugins_provides($type, $name, $version = null, $comparison = 'ge') {
- if (!$provided = elgg_get_plugins_provides($type, $name)) {
+ $provided = elgg_get_plugins_provides($type, $name);
+ if (!$provided) {
return array(
'status' => false,
'version' => ''
);
}
- if ($provided) {
- if ($version) {
- $status = version_compare($provided['version'], $version, $comparison);
- } else {
- $status = true;
- }
+ if ($version) {
+ $status = version_compare($provided['version'], $version, $comparison);
+ } else {
+ $status = true;
}
return array(
@@ -861,9 +864,9 @@ function elgg_set_plugin_user_setting($name, $value, $user_guid = null, $plugin_
/**
* Unsets a user-specific plugin setting
*
- * @param str $name Name of the setting
- * @param int $user_guid Defaults to logged in user
- * @param str $plugin_id Defaults to contextual plugin name
+ * @param string $name Name of the setting
+ * @param int $user_guid Defaults to logged in user
+ * @param string $plugin_id Defaults to contextual plugin name
*
* @return bool
* @since 1.8.0
@@ -1087,7 +1090,7 @@ function plugin_run_once() {
/**
* Runs unit tests for the entity objects.
*
- * @param sting $hook unit_test
+ * @param string $hook unit_test
* @param string $type system
* @param mixed $value Array of tests
* @param mixed $params Params
@@ -1102,6 +1105,49 @@ function plugins_test($hook, $type, $value, $params) {
}
/**
+ * Checks on deactivate plugin event if disabling it won't create unmet dependencies and blocks disable in such case.
+ *
+ * @param string $event deactivate
+ * @param string $type plugin
+ * @param array $params Parameters array containing entry with ELggPlugin instance under 'plugin_entity' key
+ * @return bool false to block plugin deactivation action
+ *
+ * @access private
+ */
+function _plugins_deactivate_dependency_check($event, $type, $params) {
+ $plugin_id = $params['plugin_entity']->getManifest()->getPluginID();
+ $plugin_name = $params['plugin_entity']->getManifest()->getName();
+
+ $active_plugins = elgg_get_plugins();
+
+ $dependents = array();
+ foreach ($active_plugins as $plugin) {
+ $manifest = $plugin->getManifest();
+ $requires = $manifest->getRequires();
+
+ foreach ($requires as $required) {
+ if ($required['type'] == 'plugin' && $required['name'] == $plugin_id) {
+ // there are active dependents
+ $dependents[$manifest->getPluginID()] = $plugin;
+ }
+ }
+ }
+
+ if ($dependents) {
+ $list = '<ul>';
+ // construct error message and prevent disabling
+ foreach ($dependents as $dependent) {
+ $list .= '<li>' . $dependent->getManifest()->getName() . '</li>';
+ }
+ $list .= '</ul>';
+
+ register_error(elgg_echo('ElggPlugin:Dependencies:ActiveDependent', array($plugin_name, $list)));
+
+ return false;
+ }
+}
+
+/**
* Initialize the plugin system
* Listens to system init and registers actions
*
@@ -1112,6 +1158,10 @@ function plugin_init() {
run_function_once("plugin_run_once");
elgg_register_plugin_hook_handler('unit_test', 'system', 'plugins_test');
+
+ // note - plugins are booted by the time this handler is registered
+ // deactivation due to error may have already occurred
+ elgg_register_event_handler('deactivate', 'plugin', '_plugins_deactivate_dependency_check');
elgg_register_action("plugins/settings/save", '', 'admin');
elgg_register_action("plugins/usersettings/save");
diff --git a/engine/lib/relationships.php b/engine/lib/relationships.php
index 01654b1..b0cd627 100644
--- a/engine/lib/relationships.php
+++ b/engine/lib/relationships.php
@@ -12,7 +12,7 @@
*
* @param stdClass $row Database row from the relationship table
*
- * @return stdClass or ElggMetadata
+ * @return ElggRelationship|stdClass
* @access private
*/
function row_to_elggrelationship($row) {
@@ -28,7 +28,7 @@ function row_to_elggrelationship($row) {
*
* @param int $id The ID of a relationship
*
- * @return mixed
+ * @return ElggRelationship|false
*/
function get_relationship($id) {
global $CONFIG;
@@ -109,7 +109,7 @@ function add_entity_relationship($guid_one, $relationship, $guid_two) {
* @param string $relationship The type of relationship
* @param int $guid_two The GUID of the entity the relationship is with
*
- * @return object|false Depending on success
+ * @return ElggRelationship|false Depending on success
*/
function check_entity_relationship($guid_one, $relationship, $guid_two) {
global $CONFIG;
@@ -123,7 +123,7 @@ function check_entity_relationship($guid_one, $relationship, $guid_two) {
AND relationship='$relationship'
AND guid_two=$guid_two limit 1";
- $row = get_data_row($query);
+ $row = row_to_elggrelationship(get_data_row($query));
if ($row) {
return $row;
}
@@ -220,7 +220,7 @@ function remove_entity_relationships($guid_one, $relationship = "", $inverse = f
* @param int $guid The GUID of the relationship owner
* @param bool $inverse_relationship Inverse relationship owners?
*
- * @return mixed
+ * @return ElggRelationship[]
*/
function get_entity_relationships($guid, $inverse_relationship = FALSE) {
global $CONFIG;
@@ -259,7 +259,7 @@ function get_entity_relationships($guid, $inverse_relationship = FALSE) {
*
* inverse_relationship => BOOL Inverse the relationship
*
- * @return mixed If count, int. If not count, array. false on errors.
+ * @return ElggEntity[]|mixed If count, int. If not count, array. false on errors.
* @since 1.7.0
*/
function elgg_get_entities_from_relationship($options) {
@@ -316,7 +316,7 @@ function elgg_get_entities_from_relationship($options) {
* Provide in table.column format.
* @param string $relationship Relationship string
* @param int $relationship_guid Entity guid to check
- * @param string $inverse_relationship Inverse relationship check?
+ * @param bool $inverse_relationship Inverse relationship check?
*
* @return mixed
* @since 1.7.0
@@ -363,7 +363,7 @@ $relationship_guid = NULL, $inverse_relationship = FALSE) {
/**
* Returns a viewable list of entities by relationship
*
- * @param array $options
+ * @param array $options Options array for retrieval of entities
*
* @see elgg_list_entities()
* @see elgg_get_entities_from_relationship()
@@ -381,7 +381,7 @@ function elgg_list_entities_from_relationship(array $options = array()) {
*
* @param array $options An options array compatible with
* elgg_get_entities_from_relationship()
- * @return mixed int If count, int. If not count, array. false on errors.
+ * @return ElggEntity[]|mixed int If count, int. If not count, array. false on errors.
* @since 1.8.0
*/
function elgg_get_entities_from_relationship_count(array $options = array()) {
@@ -398,7 +398,7 @@ function elgg_get_entities_from_relationship_count(array $options = array()) {
*
* @param array $options Options array
*
- * @return array
+ * @return string
* @since 1.8.0
*/
function elgg_list_entities_from_relationship_count($options) {
@@ -499,7 +499,7 @@ function already_attached($guid_one, $guid_two) {
* @param int $guid Entity GUID
* @param string $type The type of object to return e.g. 'file', 'friend_of' etc
*
- * @return an array of objects
+ * @return ElggEntity[]
* @access private
*/
function get_attachments($guid, $type = "") {
@@ -507,7 +507,7 @@ function get_attachments($guid, $type = "") {
'relationship' => 'attached',
'relationship_guid' => $guid,
'inverse_relationship' => false,
- 'types' => $type,
+ 'type' => $type,
'subtypes' => '',
'owner_guid' => 0,
'order_by' => 'time_created desc',
@@ -571,9 +571,8 @@ function import_relationship_plugin_hook($hook, $entity_type, $returnvalue, $par
if ($element instanceof ODDRelationship) {
$tmp = new ElggRelationship();
$tmp->import($element);
-
- return $tmp;
}
+ return $tmp;
}
/**
@@ -586,11 +585,10 @@ function import_relationship_plugin_hook($hook, $entity_type, $returnvalue, $par
*
* @elgg_event_handler export all
* @return mixed
+ * @throws InvalidParameterException
* @access private
*/
function export_relationship_plugin_hook($hook, $entity_type, $returnvalue, $params) {
- global $CONFIG;
-
// Sanity check values
if ((!is_array($params)) && (!isset($params['guid']))) {
throw new InvalidParameterException(elgg_echo('InvalidParameterException:GUIDNotForExport'));
@@ -624,9 +622,9 @@ function export_relationship_plugin_hook($hook, $entity_type, $returnvalue, $par
* @access private
*/
function relationship_notification_hook($event, $type, $object) {
-
+ /* @var ElggRelationship $object */
$user_one = get_entity($object->guid_one);
- $user_two = get_entity($object->guid_two);
+ /* @var ElggUser $user_one */
return notify_user($object->guid_two,
$object->guid_one,
diff --git a/engine/lib/river.php b/engine/lib/river.php
index 33f3436..e92040e 100644
--- a/engine/lib/river.php
+++ b/engine/lib/river.php
@@ -120,7 +120,7 @@ $posted = 0, $annotation_id = 0) {
* subtypes => STR|ARR Entity subtype string(s)
* type_subtype_pairs => ARR Array of type => subtype pairs where subtype
* can be an array of subtype strings
- *
+ *
* posted_time_lower => INT The lower bound on the time posted
* posted_time_upper => INT The upper bound on the time posted
*
@@ -380,10 +380,10 @@ function _elgg_prefetch_river_entities(array $river_items) {
// prefetch objects and subjects
$guids = array();
foreach ($river_items as $item) {
- if ($item->subject_guid && !retrieve_cached_entity($item->subject_guid)) {
+ if ($item->subject_guid && !_elgg_retrieve_cached_entity($item->subject_guid)) {
$guids[$item->subject_guid] = true;
}
- if ($item->object_guid && !retrieve_cached_entity($item->object_guid)) {
+ if ($item->object_guid && !_elgg_retrieve_cached_entity($item->object_guid)) {
$guids[$item->object_guid] = true;
}
}
@@ -402,7 +402,7 @@ function _elgg_prefetch_river_entities(array $river_items) {
$guids = array();
foreach ($river_items as $item) {
$object = $item->getObjectEntity();
- if ($object->container_guid && !retrieve_cached_entity($object->container_guid)) {
+ if ($object->container_guid && !_elgg_retrieve_cached_entity($object->container_guid)) {
$guids[$object->container_guid] = true;
}
}
@@ -434,8 +434,13 @@ function elgg_list_river(array $options = array()) {
'pagination' => TRUE,
'list_class' => 'elgg-list-river elgg-river', // @todo remove elgg-river in Elgg 1.9
);
-
+
$options = array_merge($defaults, $options);
+
+ if (!$options["limit"] && !$options["offset"]) {
+ // no need for pagination if listing is unlimited
+ $options["pagination"] = false;
+ }
$options['count'] = TRUE;
$count = elgg_get_river($options);
@@ -445,6 +450,7 @@ function elgg_list_river(array $options = array()) {
$options['count'] = $count;
$options['items'] = $items;
+
return elgg_view('page/components/list', $options);
}
@@ -500,6 +506,7 @@ function elgg_get_river_type_subtype_where_sql($table, $types, $subtypes, $pairs
return '';
}
+ $wheres = array();
$types_wheres = array();
$subtypes_wheres = array();
@@ -644,7 +651,7 @@ function update_river_access_by_object($object_guid, $access_id) {
}
/**
- * Page handler for activiy
+ * Page handler for activity
*
* @param array $page
* @return bool
@@ -663,10 +670,6 @@ function elgg_river_page_handler($page) {
}
set_input('page_type', $page_type);
- // content filter code here
- $entity_type = '';
- $entity_subtype = '';
-
require_once("{$CONFIG->path}pages/river.php");
return true;
}
diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php
index 72ca0a1..e3d5ce9 100644
--- a/engine/lib/sessions.php
+++ b/engine/lib/sessions.php
@@ -87,6 +87,9 @@ function elgg_is_admin_logged_in() {
*/
function elgg_is_admin_user($user_guid) {
global $CONFIG;
+
+ $user_guid = (int)$user_guid;
+
// cannot use magic metadata here because of recursion
// must support the old way of getting admin from metadata
@@ -286,8 +289,6 @@ function check_rate_limit_exceeded($user_guid) {
* @throws LoginException
*/
function login(ElggUser $user, $persistent = false) {
- global $CONFIG;
-
// User is banned, return false.
if ($user->isBanned()) {
throw new LoginException(elgg_echo('LoginException:BannedUser'));
@@ -325,6 +326,12 @@ function login(ElggUser $user, $persistent = false) {
set_last_login($_SESSION['guid']);
reset_login_failure_count($user->guid); // Reset any previous failed login attempts
+ // if memcache is enabled, invalidate the user in memcache @see https://github.com/Elgg/Elgg/issues/3143
+ if (is_memcache_available()) {
+ // this needs to happen with a shutdown function because of the timing with set_last_login()
+ register_shutdown_function("_elgg_invalidate_memcache_for_entity", $_SESSION['guid']);
+ }
+
return true;
}
@@ -334,8 +341,6 @@ function login(ElggUser $user, $persistent = false) {
* @return bool
*/
function logout() {
- global $CONFIG;
-
if (isset($_SESSION['user'])) {
if (!elgg_trigger_event('logout', 'user', $_SESSION['user'])) {
return false;
@@ -616,10 +621,8 @@ function _elgg_session_destroy($id) {
global $sess_save_path;
$sess_file = "$sess_save_path/sess_$id";
- return(@unlink($sess_file));
+ return @unlink($sess_file);
}
-
- return false;
}
/**
diff --git a/engine/lib/sites.php b/engine/lib/sites.php
index d9eb2d2..3de0ecc 100644
--- a/engine/lib/sites.php
+++ b/engine/lib/sites.php
@@ -26,7 +26,7 @@ function elgg_get_site_entity($site_guid = 0) {
$site = get_entity($site_guid);
}
- if($site instanceof ElggSite){
+ if ($site instanceof ElggSite) {
$result = $site;
}
@@ -118,8 +118,6 @@ function create_site_entity($guid, $name, $description, $url) {
* @return bool
*/
function add_site_user($site_guid, $user_guid) {
- global $CONFIG;
-
$site_guid = (int)$site_guid;
$user_guid = (int)$user_guid;
@@ -150,8 +148,6 @@ function remove_site_user($site_guid, $user_guid) {
* @return mixed
*/
function add_site_object($site_guid, $object_guid) {
- global $CONFIG;
-
$site_guid = (int)$site_guid;
$object_guid = (int)$object_guid;
@@ -192,8 +188,8 @@ function get_site_objects($site_guid, $subtype = "", $limit = 10, $offset = 0) {
'relationship' => 'member_of_site',
'relationship_guid' => $site_guid,
'inverse_relationship' => TRUE,
- 'types' => 'object',
- 'subtypes' => $subtype,
+ 'type' => 'object',
+ 'subtype' => $subtype,
'limit' => $limit,
'offset' => $offset
));
@@ -242,7 +238,7 @@ function get_site_domain($guid) {
/**
* Unit tests for sites
*
- * @param sting $hook unit_test
+ * @param string $hook unit_test
* @param string $type system
* @param mixed $value Array of tests
* @param mixed $params Params
diff --git a/engine/lib/statistics.php b/engine/lib/statistics.php
index 5ee6405..4cb0bb0 100644
--- a/engine/lib/statistics.php
+++ b/engine/lib/statistics.php
@@ -95,15 +95,20 @@ function get_number_users($show_deactivated = false) {
* @return string
*/
function get_online_users() {
- $count = find_active_users(600, 10, 0, true);
- $objects = find_active_users(600, 10);
+ $limit = max(0, (int) get_input("limit", 10));
+ $offset = max(0, (int) get_input("offset", 0));
+
+ $count = find_active_users(600, $limit, $offset, true);
+ $objects = find_active_users(600, $limit, $offset);
if ($objects) {
return elgg_view_entity_list($objects, array(
'count' => $count,
- 'limit' => 10
+ 'limit' => $limit,
+ 'offset' => $offset
));
}
+ return '';
}
/**
diff --git a/engine/lib/system_log.php b/engine/lib/system_log.php
index 53fa245..8430263 100644
--- a/engine/lib/system_log.php
+++ b/engine/lib/system_log.php
@@ -10,6 +10,8 @@
/**
* Retrieve the system log based on a number of parameters.
*
+ * @todo too many args, and the first arg is too confusing
+ *
* @param int|array $by_user The guid(s) of the user(s) who initiated the event.
* Use 0 for unowned entries. Anything else falsey means anyone.
* @param string $event The event you are searching on.
@@ -22,12 +24,12 @@
* @param int $timebefore Lower time limit
* @param int $timeafter Upper time limit
* @param int $object_id GUID of an object
- * @param str $ip_address The IP address.
+ * @param string $ip_address The IP address.
* @return mixed
*/
-function get_system_log($by_user = "", $event = "", $class = "", $type = "", $subtype = "",
-$limit = 10, $offset = 0, $count = false, $timebefore = 0, $timeafter = 0, $object_id = 0,
-$ip_address = false) {
+function get_system_log($by_user = "", $event = "", $class = "", $type = "", $subtype = "", $limit = 10,
+ $offset = 0, $count = false, $timebefore = 0, $timeafter = 0, $object_id = 0,
+ $ip_address = "") {
global $CONFIG;
@@ -166,6 +168,7 @@ function system_log($object, $event) {
if ($object instanceof Loggable) {
+ /* @var ElggEntity|ElggExtender $object */
if (datalist_get('version') < 2012012000) {
// this is a site that doesn't have the ip_address column yet
return;
@@ -184,7 +187,16 @@ function system_log($object, $event) {
$object_subtype = $object->getSubtype();
$event = sanitise_string($event);
$time = time();
- $ip_address = sanitise_string($_SERVER['REMOTE_ADDR']);
+
+ if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
+ $ip_address = array_pop(explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']));
+ } elseif (!empty($_SERVER['HTTP_X_REAL_IP'])) {
+ $ip_address = array_pop(explode(',', $_SERVER['HTTP_X_REAL_IP']));
+ } else {
+ $ip_address = $_SERVER['REMOTE_ADDR'];
+ }
+ $ip_address = sanitise_string($ip_address);
+
$performed_by = elgg_get_logged_in_user_guid();
if (isset($object->access_id)) {
diff --git a/engine/lib/tags.php b/engine/lib/tags.php
index a0887d0..586a9b9 100644
--- a/engine/lib/tags.php
+++ b/engine/lib/tags.php
@@ -48,7 +48,7 @@ function calculate_tag_size($min, $max, $number_of_tags, $buckets = 6) {
* @param array $tags The array of tags.
* @param int $buckets The number of buckets
*
- * @return An associated array of tags with a weighting, this can then be mapped to a display class.
+ * @return array An associated array of tags with a weighting, this can then be mapped to a display class.
* @access private
*/
function generate_tag_cloud(array $tags, $buckets = 6) {
@@ -114,8 +114,8 @@ function generate_tag_cloud(array $tags, $buckets = 6) {
*
* joins => array() Additional joins
*
- * @return false/array - if no tags or error, false
- * otherwise, array of objects with ->tag and ->total values
+ * @return object[]|false If no tags or error, false
+ * otherwise, array of objects with ->tag and ->total values
* @since 1.7.1
*/
function elgg_get_tags(array $options = array()) {
@@ -172,6 +172,7 @@ function elgg_get_tags(array $options = array()) {
// catch for tags that were spaces
$wheres[] = "msv.string != ''";
+ $sanitised_tags = array();
foreach ($options['tag_names'] as $tag) {
$sanitised_tags[] = '"' . sanitise_string($tag) . '"';
}
diff --git a/engine/lib/upgrade.php b/engine/lib/upgrade.php
index f4f4b16..158ec9e 100644
--- a/engine/lib/upgrade.php
+++ b/engine/lib/upgrade.php
@@ -17,8 +17,9 @@
* @access private
*/
function upgrade_code($version, $quiet = FALSE) {
+ // do not remove - upgrade scripts depend on this
global $CONFIG;
-
+
$version = (int) $version;
$upgrade_path = elgg_get_config('path') . 'engine/lib/upgrades/';
$processed_upgrades = elgg_get_processed_upgrades();
@@ -244,7 +245,7 @@ function version_upgrade() {
// No version number? Oh snap...this is an upgrade from a clean installation < 1.7.
// Run all upgrades without error reporting and hope for the best.
- // See http://trac.elgg.org/elgg/ticket/1432 for more.
+ // See https://github.com/elgg/elgg/issues/1432 for more.
$quiet = !$dbversion;
// Note: Database upgrades are deprecated as of 1.8. Use code upgrades. See #1433
@@ -291,7 +292,6 @@ function elgg_upgrade_bootstrap_17_to_18() {
'2011010101.php',
);
- $upgrades_17 = array();
$upgrade_files = elgg_get_upgrade_files();
$processed_upgrades = array();
@@ -354,15 +354,12 @@ function _elgg_upgrade_unlock() {
* @access private
*/
function _elgg_upgrade_is_locked() {
- global $CONFIG, $DB_QUERY_CACHE;
-
+ global $CONFIG;
+
$is_locked = count(get_data("show tables like '{$CONFIG->dbprefix}upgrade_lock'"));
-
- // Invalidate query cache
- if ($DB_QUERY_CACHE) {
- $DB_QUERY_CACHE->clear();
- elgg_log("Query cache invalidated", 'NOTICE');
- }
-
+
+ // @todo why?
+ _elgg_invalidate_query_cache();
+
return $is_locked;
}
diff --git a/engine/lib/upgrades/2009102801.php b/engine/lib/upgrades/2009102801.php
index cab9a68..3ad113f 100644
--- a/engine/lib/upgrades/2009102801.php
+++ b/engine/lib/upgrades/2009102801.php
@@ -203,14 +203,15 @@ function user_file_matrix($guid) {
return "$time_created/$user->guid/";
}
-global $DB_QUERY_CACHE, $DB_PROFILE, $ENTITY_CACHE;
+global $ENTITY_CACHE, $CONFIG;
/**
* Upgrade file locations
*/
$users = mysql_query("SELECT guid, username
FROM {$CONFIG->dbprefix}users_entity WHERE username != ''");
while ($user = mysql_fetch_object($users)) {
- $DB_QUERY_CACHE = $DB_PROFILE = $ENTITY_CACHE = array();
+ $ENTITY_CACHE = array();
+ _elgg_invalidate_query_cache();
$to = $CONFIG->dataroot . user_file_matrix($user->guid);
foreach (array('1_0', '1_1', '1_6') as $version) {
diff --git a/engine/lib/upgrades/2010033101.php b/engine/lib/upgrades/2010033101.php
index 0bffee0..4779295 100644
--- a/engine/lib/upgrades/2010033101.php
+++ b/engine/lib/upgrades/2010033101.php
@@ -1,7 +1,7 @@
<?php
/**
- * Conditional upgrade for UTF8 as described in http://trac.elgg.org/ticket/1928
+ * Conditional upgrade for UTF8 as described in https://github.com/elgg/elgg/issues/1928
*/
// get_version() returns the code version.
diff --git a/engine/lib/upgrades/2010061501.php b/engine/lib/upgrades/2010061501.php
index 9ff7d31..744c28f 100644
--- a/engine/lib/upgrades/2010061501.php
+++ b/engine/lib/upgrades/2010061501.php
@@ -45,7 +45,7 @@ if ($dbversion < 2009100701) {
}
}
- global $DB_QUERY_CACHE, $DB_PROFILE, $ENTITY_CACHE;
+ global $ENTITY_CACHE;
/**
Upgrade file locations
@@ -60,7 +60,9 @@ if ($dbversion < 2009100701) {
$users = mysql_query("SELECT guid, username FROM {$CONFIG->dbprefix}users_entity
WHERE username != ''", $link);
while ($user = mysql_fetch_object($users)) {
- $DB_QUERY_CACHE = $DB_PROFILE = $ENTITY_CACHE = array();
+ $ENTITY_CACHE = array();
+ _elgg_invalidate_query_cache();
+
$to = $CONFIG->dataroot . user_file_matrix($user->guid);
foreach (array('1_0', '1_1', '1_6') as $version) {
diff --git a/engine/lib/upgrades/2010071001.php b/engine/lib/upgrades/2010071001.php
index 1b5d379..5594493 100644
--- a/engine/lib/upgrades/2010071001.php
+++ b/engine/lib/upgrades/2010071001.php
@@ -30,11 +30,12 @@ function user_file_matrix_2010071001($guid) {
$sizes = array('large', 'medium', 'small', 'tiny', 'master', 'topbar');
-global $DB_QUERY_CACHE, $DB_PROFILE, $ENTITY_CACHE, $CONFIG;
+global $ENTITY_CACHE, $CONFIG;
$users = mysql_query("SELECT guid, username FROM {$CONFIG->dbprefix}users_entity
WHERE username != ''");
while ($user = mysql_fetch_object($users)) {
- $DB_QUERY_CACHE = $DB_PROFILE = $ENTITY_CACHE = array();
+ $ENTITY_CACHE = array();
+ _elgg_invalidate_query_cache();
$user_directory = user_file_matrix_2010071001($user->guid);
if (!$user_directory) {
diff --git a/engine/lib/upgrades/2010071002.php b/engine/lib/upgrades/2010071002.php
index 30bd653..52aa15e 100644
--- a/engine/lib/upgrades/2010071002.php
+++ b/engine/lib/upgrades/2010071002.php
@@ -4,12 +4,13 @@
*/
// loop through all users checking collections and notifications
-global $DB_QUERY_CACHE, $DB_PROFILE, $ENTITY_CACHE, $CONFIG;
+global $ENTITY_CACHE, $CONFIG;
global $NOTIFICATION_HANDLERS;
$users = mysql_query("SELECT guid, username FROM {$CONFIG->dbprefix}users_entity
WHERE username != ''");
while ($user = mysql_fetch_object($users)) {
- $DB_QUERY_CACHE = $DB_PROFILE = $ENTITY_CACHE = array();
+ $ENTITY_CACHE = array();
+ _elgg_invalidate_query_cache();
$user = get_entity($user->guid);
foreach ($NOTIFICATION_HANDLERS as $method => $foo) {
diff --git a/engine/lib/upgrades/2011052801.php b/engine/lib/upgrades/2011052801.php
index 8084bc0..b5a8e10 100644
--- a/engine/lib/upgrades/2011052801.php
+++ b/engine/lib/upgrades/2011052801.php
@@ -2,7 +2,7 @@
/**
* Make sure all users have the relationship member_of_site
*/
-global $DB_QUERY_CACHE, $DB_PROFILE, $ENTITY_CACHE, $CONFIG;
+global $ENTITY_CACHE;
$db_prefix = get_config('dbprefix');
$limit = 100;
@@ -17,7 +17,8 @@ $q = "SELECT e.* FROM {$db_prefix}entities e
$users = get_data($q);
while ($users) {
- $DB_QUERY_CACHE = $DB_PROFILE = $ENTITY_CACHE = array();
+ $ENTITY_CACHE = array();
+ _elgg_invalidate_query_cache();
// do manually to not trigger any events because these aren't new users.
foreach ($users as $user) {
diff --git a/engine/lib/upgrades/2012041801-1.8.3-multiple_user_tokens-852225f7fd89f6c5.php b/engine/lib/upgrades/2012041801-1.8.3-multiple_user_tokens-852225f7fd89f6c5.php
index 07732f2..780038c 100644
--- a/engine/lib/upgrades/2012041801-1.8.3-multiple_user_tokens-852225f7fd89f6c5.php
+++ b/engine/lib/upgrades/2012041801-1.8.3-multiple_user_tokens-852225f7fd89f6c5.php
@@ -3,7 +3,7 @@
* Elgg 1.8.3 upgrade 2012041801
* multiple_user_tokens
*
- * Fixes http://trac.elgg.org/ticket/4291
+ * Fixes https://github.com/elgg/elgg/issues/4291
* Removes the unique index on users_apisessions for user_guid and site_guid
*/
diff --git a/engine/lib/upgrades/2013030600-1.8.13-update_user_location-8999eb8bf1bdd9a3.php b/engine/lib/upgrades/2013030600-1.8.13-update_user_location-8999eb8bf1bdd9a3.php
new file mode 100644
index 0000000..8eccf05
--- /dev/null
+++ b/engine/lib/upgrades/2013030600-1.8.13-update_user_location-8999eb8bf1bdd9a3.php
@@ -0,0 +1,24 @@
+<?php
+/**
+ * Elgg 1.8.14 upgrade 2013030600
+ * update_user_location
+ *
+ * Before Elgg 1.8, a location like "London, England" would be stored as an array.
+ * This script turns that back into a string.
+ */
+
+$ia = elgg_set_ignore_access(true);
+$options = array(
+ 'type' => 'user',
+ 'limit' => 0,
+);
+$batch = new ElggBatch('elgg_get_entities', $options);
+
+foreach ($batch as $entity) {
+ _elgg_invalidate_query_cache();
+
+ if (is_array($entity->location)) {
+ $entity->location = implode(', ', $entity->location);
+ }
+}
+elgg_set_ignore_access($ia);
diff --git a/engine/lib/upgrades/2013051700-1.8.15-add_missing_group_index-52a63a3a3ffaced2.php b/engine/lib/upgrades/2013051700-1.8.15-add_missing_group_index-52a63a3a3ffaced2.php
new file mode 100644
index 0000000..ee99bdb
--- /dev/null
+++ b/engine/lib/upgrades/2013051700-1.8.15-add_missing_group_index-52a63a3a3ffaced2.php
@@ -0,0 +1,28 @@
+<?php
+/**
+ * Elgg 1.8.15 upgrade 2013051700
+ * add_missing_group_index
+ *
+ * Some Elgg sites are missing the groups_entity full text index on name and
+ * description. This checks if it exists and adds it if it does not.
+ */
+
+$db_prefix = elgg_get_config('dbprefix');
+
+$full_text_index_exists = false;
+$results = get_data("SHOW INDEX FROM {$db_prefix}groups_entity");
+if ($results) {
+ foreach ($results as $result) {
+ if ($result->Index_type === 'FULLTEXT') {
+ $full_text_index_exists = true;
+ }
+ }
+}
+
+if ($full_text_index_exists == false) {
+ $query = "ALTER TABLE {$db_prefix}groups_entity
+ ADD FULLTEXT name_2 (name, description)";
+ if (!update_data($query)) {
+ elgg_log("Failed to add full text index to groups_entity table", 'ERROR');
+ }
+}
diff --git a/engine/lib/upgrades/2013052900-1.8.15-ipv6_in_syslog-f5c2cc0196e9e731.php b/engine/lib/upgrades/2013052900-1.8.15-ipv6_in_syslog-f5c2cc0196e9e731.php
new file mode 100644
index 0000000..d333a6c
--- /dev/null
+++ b/engine/lib/upgrades/2013052900-1.8.15-ipv6_in_syslog-f5c2cc0196e9e731.php
@@ -0,0 +1,12 @@
+<?php
+/**
+ * Elgg 1.8.15 upgrade 2013052900
+ * ipv6_in_syslog
+ *
+ * Upgrade the ip column in system_log to be able to store ipv6 addresses
+ */
+
+$db_prefix = elgg_get_config('dbprefix');
+$q = "ALTER TABLE {$db_prefix}system_log MODIFY COLUMN ip_address varchar(46) NOT NULL";
+
+update_data($q); \ No newline at end of file
diff --git a/engine/lib/upgrades/2013060900-1.8.15-site_secret-404fc165cf9e0ac9.php b/engine/lib/upgrades/2013060900-1.8.15-site_secret-404fc165cf9e0ac9.php
new file mode 100644
index 0000000..538d74d
--- /dev/null
+++ b/engine/lib/upgrades/2013060900-1.8.15-site_secret-404fc165cf9e0ac9.php
@@ -0,0 +1,16 @@
+<?php
+/**
+ * Elgg 1.8.15 upgrade 2013060900
+ * site_secret
+ *
+ * Description
+ */
+
+$strength = _elgg_get_site_secret_strength();
+
+if ($strength !== 'strong') {
+ // a new key is needed immediately
+ register_translations(elgg_get_root_path() . 'languages/');
+
+ elgg_add_admin_notice('weak_site_key', elgg_echo("upgrade:site_secret_warning:$strength"));
+}
diff --git a/engine/lib/upgrades/create_upgrade.php b/engine/lib/upgrades/create_upgrade.php
index 3652e18..b34f31b 100644
--- a/engine/lib/upgrades/create_upgrade.php
+++ b/engine/lib/upgrades/create_upgrade.php
@@ -93,7 +93,7 @@ if (!$h) {
die("Could not open file $upgrade_file");
}
-if (!fputs($h, $upgrade_code)) {
+if (!fwrite($h, $upgrade_code)) {
die("Could not write to $upgrade_file");
} else {
elgg_set_version_dot_php_version($upgrade_version);
@@ -128,8 +128,9 @@ function elgg_set_version_dot_php_version($version) {
rewind($h);
- fputs($h, $out);
+ fwrite($h, $out);
fclose($h);
+ return true;
}
/**
diff --git a/engine/lib/user_settings.php b/engine/lib/user_settings.php
index e4069fb..0e36dc4 100644
--- a/engine/lib/user_settings.php
+++ b/engine/lib/user_settings.php
@@ -265,9 +265,9 @@ function elgg_set_user_default_access() {
* @access private
*/
function usersettings_pagesetup() {
- if (elgg_get_context() == "settings") {
- $user = elgg_get_page_owner_entity();
+ $user = elgg_get_page_owner_entity();
+ if ($user && elgg_get_context() == "settings") {
$params = array(
'name' => '1_account',
'text' => elgg_echo('usersettings:user:opt:linktext'),
@@ -308,7 +308,7 @@ function usersettings_page_handler($page) {
$user = get_user_by_username($page[1]);
elgg_set_page_owner_guid($user->guid);
} else {
- $user = elgg_get_logged_in_user_guid();
+ $user = elgg_get_logged_in_user_entity();
elgg_set_page_owner_guid($user->guid);
}
@@ -332,6 +332,7 @@ function usersettings_page_handler($page) {
require $path;
return true;
}
+ return false;
}
/**
diff --git a/engine/lib/users.php b/engine/lib/users.php
index 95ef9d1..a8fb912 100644
--- a/engine/lib/users.php
+++ b/engine/lib/users.php
@@ -237,7 +237,7 @@ function make_user_admin($user_guid) {
}
$r = update_data("UPDATE {$CONFIG->dbprefix}users_entity set admin='yes' where guid=$user_guid");
- invalidate_cache_for_entity($user_guid);
+ _elgg_invalidate_cache_for_entity($user_guid);
return $r;
}
@@ -273,7 +273,7 @@ function remove_user_admin($user_guid) {
}
$r = update_data("UPDATE {$CONFIG->dbprefix}users_entity set admin='no' where guid=$user_guid");
- invalidate_cache_for_entity($user_guid);
+ _elgg_invalidate_cache_for_entity($user_guid);
return $r;
}
@@ -290,7 +290,7 @@ function remove_user_admin($user_guid) {
* @param int $limit Number of results to return
* @param int $offset Any indexing offset
*
- * @return false|array On success, an array of ElggSites
+ * @return ElggSite[]|false On success, an array of ElggSites
*/
function get_user_sites($user_guid, $limit = 10, $offset = 0) {
$user_guid = (int)$user_guid;
@@ -302,7 +302,7 @@ function get_user_sites($user_guid, $limit = 10, $offset = 0) {
'relationship' => 'member_of_site',
'relationship_guid' => $user_guid,
'inverse_relationship' => FALSE,
- 'types' => 'site',
+ 'type' => 'site',
'limit' => $limit,
'offset' => $offset,
));
@@ -343,8 +343,6 @@ function user_add_friend($user_guid, $friend_guid) {
* @return bool Depending on success
*/
function user_remove_friend($user_guid, $friend_guid) {
- global $CONFIG;
-
$user_guid = (int) $user_guid;
$friend_guid = (int) $friend_guid;
@@ -379,7 +377,7 @@ function user_is_friend($user_guid, $friend_guid) {
* @param int $limit Number of results to return (default 10)
* @param int $offset Indexing offset, if any
*
- * @return false|array Either an array of ElggUsers or false, depending on success
+ * @return ElggUser[]|false Either an array of ElggUsers or false, depending on success
*/
function get_user_friends($user_guid, $subtype = ELGG_ENTITIES_ANY_VALUE, $limit = 10,
$offset = 0) {
@@ -387,8 +385,8 @@ $offset = 0) {
return elgg_get_entities_from_relationship(array(
'relationship' => 'friend',
'relationship_guid' => $user_guid,
- 'types' => 'user',
- 'subtypes' => $subtype,
+ 'type' => 'user',
+ 'subtype' => $subtype,
'limit' => $limit,
'offset' => $offset
));
@@ -402,7 +400,7 @@ $offset = 0) {
* @param int $limit Number of results to return (default 10)
* @param int $offset Indexing offset, if any
*
- * @return false|array Either an array of ElggUsers or false, depending on success
+ * @return ElggUser[]|false Either an array of ElggUsers or false, depending on success
*/
function get_user_friends_of($user_guid, $subtype = ELGG_ENTITIES_ANY_VALUE, $limit = 10,
$offset = 0) {
@@ -411,8 +409,8 @@ $offset = 0) {
'relationship' => 'friend',
'relationship_guid' => $user_guid,
'inverse_relationship' => TRUE,
- 'types' => 'user',
- 'subtypes' => $subtype,
+ 'type' => 'user',
+ 'subtype' => $subtype,
'limit' => $limit,
'offset' => $offset
));
@@ -428,7 +426,7 @@ $offset = 0) {
* @param int $timelower The earliest time the entity can have been created. Default: all
* @param int $timeupper The latest time the entity can have been created. Default: all
*
- * @return false|array An array of ElggObjects or false, depending on success
+ * @return ElggObject[]|false An array of ElggObjects or false, depending on success
*/
function get_user_friends_objects($user_guid, $subtype = ELGG_ENTITIES_ANY_VALUE, $limit = 10,
$offset = 0, $timelower = 0, $timeupper = 0) {
@@ -555,13 +553,18 @@ function get_user($guid) {
function get_user_by_username($username) {
global $CONFIG, $USERNAME_TO_GUID_MAP_CACHE;
+ // Fixes #6052. Username is frequently sniffed from the path info, which,
+ // unlike $_GET, is not URL decoded. If the username was not URL encoded,
+ // this is harmless.
+ $username = rawurldecode($username);
+
$username = sanitise_string($username);
$access = get_access_sql_suffix('e');
// Caching
if ((isset($USERNAME_TO_GUID_MAP_CACHE[$username]))
- && (retrieve_cached_entity($USERNAME_TO_GUID_MAP_CACHE[$username]))) {
- return retrieve_cached_entity($USERNAME_TO_GUID_MAP_CACHE[$username]);
+ && (_elgg_retrieve_cached_entity($USERNAME_TO_GUID_MAP_CACHE[$username]))) {
+ return _elgg_retrieve_cached_entity($USERNAME_TO_GUID_MAP_CACHE[$username]);
}
$query = "SELECT e.* from {$CONFIG->dbprefix}users_entity u
@@ -594,9 +597,9 @@ function get_user_by_code($code) {
// Caching
if ((isset($CODE_TO_GUID_MAP_CACHE[$code]))
- && (retrieve_cached_entity($CODE_TO_GUID_MAP_CACHE[$code]))) {
+ && (_elgg_retrieve_cached_entity($CODE_TO_GUID_MAP_CACHE[$code]))) {
- return retrieve_cached_entity($CODE_TO_GUID_MAP_CACHE[$code]);
+ return _elgg_retrieve_cached_entity($CODE_TO_GUID_MAP_CACHE[$code]);
}
$query = "SELECT e.* from {$CONFIG->dbprefix}users_entity u
@@ -675,25 +678,22 @@ function find_active_users($seconds = 600, $limit = 10, $offset = 0, $count = fa
* @return bool
*/
function send_new_password_request($user_guid) {
- global $CONFIG;
-
$user_guid = (int)$user_guid;
$user = get_entity($user_guid);
- if ($user) {
+ if ($user instanceof ElggUser) {
// generate code
$code = generate_random_cleartext_password();
$user->setPrivateSetting('passwd_conf_code', $code);
-
// generate link
- $link = $CONFIG->site->url . "resetpassword?u=$user_guid&c=$code";
+ $link = elgg_get_site_url() . "resetpassword?u=$user_guid&c=$code";
// generate email
$email = elgg_echo('email:resetreq:body', array($user->name, $_SERVER['REMOTE_ADDR'], $link));
- return notify_user($user->guid, $CONFIG->site->guid,
- elgg_echo('email:resetreq:subject'), $email, NULL, 'email');
+ return notify_user($user->guid, elgg_get_site_entity()->guid,
+ elgg_echo('email:resetreq:subject'), $email, array(), 'email');
}
return false;
@@ -710,19 +710,18 @@ function send_new_password_request($user_guid) {
* @return bool
*/
function force_user_password_reset($user_guid, $password) {
- global $CONFIG;
-
$user = get_entity($user_guid);
+ if ($user instanceof ElggUser) {
+ $ia = elgg_set_ignore_access();
- if ($user) {
- $salt = generate_random_cleartext_password(); // Reset the salt
- $user->salt = $salt;
+ $user->salt = generate_random_cleartext_password();
+ $hash = generate_user_password($user, $password);
+ $user->password = $hash;
+ $result = (bool)$user->save();
- $hash = generate_user_password($user, $password);
+ elgg_set_ignore_access($ia);
- $query = "UPDATE {$CONFIG->dbprefix}users_entity
- set password='$hash', salt='$salt' where guid=$user_guid";
- return update_data($query);
+ return $result;
}
return false;
@@ -742,7 +741,7 @@ function execute_new_password_request($user_guid, $conf_code) {
$user_guid = (int)$user_guid;
$user = get_entity($user_guid);
- if ($user) {
+ if ($user instanceof ElggUser) {
$saved_code = $user->getPrivateSetting('passwd_conf_code');
if ($saved_code && $saved_code == $conf_code) {
@@ -756,7 +755,7 @@ function execute_new_password_request($user_guid, $conf_code) {
$email = elgg_echo('email:resetpassword:body', array($user->name, $password));
return notify_user($user->guid, $CONFIG->site->guid,
- elgg_echo('email:resetpassword:subject'), $email, NULL, 'email');
+ elgg_echo('email:resetpassword:subject'), $email, array(), 'email');
}
}
}
@@ -841,7 +840,7 @@ function validate_username($username) {
for ($n = 0; $n < strlen($blacklist2); $n++) {
if (strpos($username, $blacklist2[$n]) !== false) {
$msg = elgg_echo('registration:invalidchars', array($blacklist2[$n], $blacklist2));
- $msg = htmlentities($msg, ENT_COMPAT, 'UTF-8');
+ $msg = htmlspecialchars($msg, ENT_QUOTES, 'UTF-8');
throw new RegistrationException($msg);
}
}
@@ -908,13 +907,11 @@ function validate_email_address($address) {
* @param string $invitecode An invite code from a friend
*
* @return int|false The new user's GUID; false on failure
+ * @throws RegistrationException
*/
function register_user($username, $password, $name, $email,
$allow_multiple_emails = false, $friend_guid = 0, $invitecode = '') {
- // Load the configuration
- global $CONFIG;
-
// no need to trim password.
$username = trim($username);
$name = trim(strip_tags($name));
@@ -1031,7 +1028,7 @@ function elgg_get_user_validation_status($user_guid) {
'metadata_name' => 'validated'
));
if ($md == false) {
- return;
+ return null;
}
if ($md[0]->value) {
@@ -1067,10 +1064,10 @@ function collections_submenu_items() {
* @return bool
* @access private
*/
-function friends_page_handler($page_elements, $handler) {
+function friends_page_handler($segments, $handler) {
elgg_set_context('friends');
- if (isset($page_elements[0]) && $user = get_user_by_username($page_elements[0])) {
+ if (isset($segments[0]) && $user = get_user_by_username($segments[0])) {
elgg_set_page_owner_guid($user->getGUID());
}
if (elgg_get_logged_in_user_guid() == elgg_get_page_owner_guid()) {
@@ -1099,6 +1096,7 @@ function friends_page_handler($page_elements, $handler) {
* @access private
*/
function collections_page_handler($page_elements) {
+ gatekeeper();
elgg_set_context('friends');
$base = elgg_get_config('path');
if (isset($page_elements[0])) {
@@ -1197,13 +1195,11 @@ function set_last_login($user_guid) {
* @param string $object_type user
* @param ElggUser $object User object
*
- * @return bool
+ * @return void
* @access private
*/
function user_create_hook_add_site_relationship($event, $object_type, $object) {
- global $CONFIG;
-
- add_entity_relationship($object->getGUID(), 'member_of_site', $CONFIG->site->getGUID());
+ add_entity_relationship($object->getGUID(), 'member_of_site', elgg_get_site_entity()->guid);
}
/**
@@ -1233,6 +1229,7 @@ function user_avatar_hook($hook, $entity_type, $returnvalue, $params) {
*/
function elgg_user_hover_menu($hook, $type, $return, $params) {
$user = $params['entity'];
+ /* @var ElggUser $user */
if (elgg_is_logged_in()) {
if (elgg_get_logged_in_user_guid() != $user->guid) {
@@ -1309,7 +1306,12 @@ function elgg_user_hover_menu($hook, $type, $return, $params) {
/**
* Setup the menu shown with an entity
*
+ * @param string $hook
+ * @param string $type
+ * @param array $return
+ * @param array $params
* @return array
+ *
* @access private
*/
function elgg_users_setup_entity_menu($hook, $type, $return, $params) {
@@ -1321,6 +1323,7 @@ function elgg_users_setup_entity_menu($hook, $type, $return, $params) {
if (!elgg_instanceof($entity, 'user')) {
return $return;
}
+ /* @var ElggUser $entity */
if ($entity->isBanned()) {
$banned = elgg_echo('banned');
@@ -1334,9 +1337,10 @@ function elgg_users_setup_entity_menu($hook, $type, $return, $params) {
} else {
$return = array();
if (isset($entity->location)) {
+ $location = htmlspecialchars($entity->location, ENT_QUOTES, 'UTF-8', false);
$options = array(
'name' => 'location',
- 'text' => "<span>$entity->location</span>",
+ 'text' => "<span>$location</span>",
'href' => false,
'priority' => 150,
);
@@ -1587,7 +1591,7 @@ function users_init() {
/**
* Runs unit tests for ElggObject
*
- * @param sting $hook unit_test
+ * @param string $hook unit_test
* @param string $type system
* @param mixed $value Array of tests
* @param mixed $params Params
diff --git a/engine/lib/views.php b/engine/lib/views.php
index 01291b8..1142461 100644
--- a/engine/lib/views.php
+++ b/engine/lib/views.php
@@ -218,7 +218,7 @@ function elgg_register_ajax_view($view) {
/**
* Unregister a view for ajax calls
- *
+ *
* @param string $view The view name
* @return void
* @since 1.8.3
@@ -369,7 +369,7 @@ function elgg_view_exists($view, $viewtype = '', $recurse = true) {
* view, $view_name plugin hook.
*
* @warning Any variables in $_SESSION will override passed vars
- * upon name collision. See {@trac #2124}.
+ * upon name collision. See https://github.com/Elgg/Elgg/issues/2124
*
* @param string $view The name and location of the view to use
* @param array $vars Variables to pass to the view.
@@ -795,7 +795,7 @@ function elgg_view_menu($menu_name, array $vars = array()) {
* - bool 'full_view' Whether to show a full or condensed view.
*
* @tip This function can automatically appends annotations to entities if in full
- * view and a handler is registered for the entity:annotate. See {@trac 964} and
+ * view and a handler is registered for the entity:annotate. See https://github.com/Elgg/Elgg/issues/964 and
* {@link elgg_view_entity_annotations()}.
*
* @param ElggEntity $entity The entity to display
@@ -992,6 +992,11 @@ function elgg_view_annotation(ElggAnnotation $annotation, array $vars = array(),
function elgg_view_entity_list($entities, $vars = array(), $offset = 0, $limit = 10, $full_view = true,
$list_type_toggle = true, $pagination = true) {
+ if (!$vars["limit"] && !$vars["offset"]) {
+ // no need for pagination if listing is unlimited
+ $vars["pagination"] = false;
+ }
+
if (!is_int($offset)) {
$offset = (int)get_input('offset', 0);
}
@@ -1064,8 +1069,13 @@ function elgg_view_annotation_list($annotations, array $vars = array()) {
'full_view' => true,
'offset_key' => 'annoff',
);
-
+
$vars = array_merge($defaults, $vars);
+
+ if (!$vars["limit"] && !$vars["offset"]) {
+ // no need for pagination if listing is unlimited
+ $vars["pagination"] = false;
+ }
return elgg_view('page/components/list', $vars);
}
@@ -1107,7 +1117,7 @@ function elgg_view_entity_annotations(ElggEntity $entity, $full_view = true) {
* This is a shortcut for {@elgg_view page/elements/title}.
*
* @param string $title The page title
- * @param array $vars View variables (was submenu be displayed? (deprecated))
+ * @param array $vars View variables (was submenu be displayed? (deprecated))
*
* @return string The HTML (etc)
*/
@@ -1179,7 +1189,7 @@ function elgg_view_comments($entity, $add_comment = true, array $vars = array())
*
* @param string $image The icon and other information
* @param string $body Description content
- * @param array $vars Additional parameters for the view
+ * @param array $vars Additional parameters for the view
*
* @return string
* @since 1.8.0
@@ -1236,15 +1246,17 @@ function elgg_view_river_item($item, array $vars = array()) {
// subject is disabled or subject/object deleted
return '';
}
+
+ // @todo this needs to be cleaned up
// Don't hide objects in closed groups that a user can see.
- // see http://trac.elgg.org/ticket/4789
-// else {
-// // hide based on object's container
-// $visibility = ElggGroupItemVisibility::factory($object->container_guid);
-// if ($visibility->shouldHideItems) {
-// return '';
-// }
-// }
+ // see https://github.com/elgg/elgg/issues/4789
+ // else {
+ // // hide based on object's container
+ // $visibility = ElggGroupItemVisibility::factory($object->container_guid);
+ // if ($visibility->shouldHideItems) {
+ // return '';
+ // }
+ // }
$vars['item'] = $item;
@@ -1308,7 +1320,7 @@ function elgg_view_form($action, $form_vars = array(), $body_vars = array()) {
/**
* View an item in a list
*
- * @param object $item ElggEntity or ElggAnnotation
+ * @param ElggEntity|ElggAnnotation $item
* @param array $vars Additional parameters for the rendering
*
* @return string
@@ -1332,12 +1344,12 @@ function elgg_view_list_item($item, array $vars = array()) {
/**
* View one of the elgg sprite icons
- *
+ *
* Shorthand for <span class="elgg-icon elgg-icon-$name"></span>
- *
+ *
* @param string $name The specific icon to display
* @param string $class Additional class: float, float-alt, or custom class
- *
+ *
* @return string The html for displaying an icon
*/
function elgg_view_icon($name, $class = '') {
@@ -1451,17 +1463,13 @@ function elgg_get_views($dir, $base) {
*/
function elgg_view_tree($view_root, $viewtype = "") {
global $CONFIG;
- static $treecache;
+ static $treecache = array();
// Get viewtype
if (!$viewtype) {
$viewtype = elgg_get_viewtype();
}
- // Has the treecache been initialised?
- if (!isset($treecache)) {
- $treecache = array();
- }
// A little light internal caching
if (!empty($treecache[$view_root])) {
return $treecache[$view_root];
@@ -1640,7 +1648,7 @@ function elgg_views_boot() {
}
// set default icon sizes - can be overridden in settings.php or with plugin
- if (!$CONFIG->icon_sizes) {
+ if (!isset($CONFIG->icon_sizes)) {
$icon_sizes = array(
'topbar' => array('w' => 16, 'h' => 16, 'square' => TRUE, 'upscale' => TRUE),
'tiny' => array('w' => 25, 'h' => 25, 'square' => TRUE, 'upscale' => TRUE),
diff --git a/engine/lib/web_services.php b/engine/lib/web_services.php
index c8e4a13..51cad6f 100644
--- a/engine/lib/web_services.php
+++ b/engine/lib/web_services.php
@@ -178,7 +178,7 @@ function authenticate_method($method) {
// check if user authentication is required
if ($API_METHODS[$method]["require_user_auth"] == true) {
if ($user_auth_result == false) {
- throw new APIException($user_pam->getFailureMessage());
+ throw new APIException($user_pam->getFailureMessage(), ErrorResult::$RESULT_FAIL_AUTHTOKEN);
}
}
@@ -1166,6 +1166,17 @@ function list_all_apis() {
* @access private
*/
function auth_gettoken($username, $password) {
+ // check if username is an email address
+ if (is_email_address($username)) {
+ $users = get_user_by_email($username);
+
+ // check if we have a unique user
+ if (is_array($users) && (count($users) == 1)) {
+ $username = $users[0]->username;
+ }
+ }
+
+ // validate username and password
if (true === elgg_authenticate($username, $password)) {
$token = create_user_token($username);
if ($token) {
@@ -1195,7 +1206,7 @@ $ERRORS = array();
*
* @return void
* @access private
- *
+ *
* @throws Exception
*/
function _php_api_error_handler($errno, $errmsg, $filename, $linenum, $vars) {
@@ -1267,14 +1278,14 @@ function service_handler($handler, $request) {
$request = explode('/', $request);
// after the handler, the first identifier is response format
- // ex) http://example.org/services/api/rest/xml/?method=test
- $reponse_format = array_shift($request);
+ // ex) http://example.org/services/api/rest/json/?method=test
+ $response_format = array_shift($request);
// Which view - xml, json, ...
- if ($reponse_format) {
- elgg_set_viewtype($reponse_format);
+ if ($response_format && elgg_is_valid_view_type($response_format)) {
+ elgg_set_viewtype($response_format);
} else {
- // default to xml
- elgg_set_viewtype("xml");
+ // default to json
+ elgg_set_viewtype("json");
}
if (!isset($CONFIG->servicehandler) || empty($handler)) {
diff --git a/engine/lib/widgets.php b/engine/lib/widgets.php
index d73dd63..699462a 100644
--- a/engine/lib/widgets.php
+++ b/engine/lib/widgets.php
@@ -336,7 +336,7 @@ function elgg_default_widgets_init() {
*
* @param string $event The event
* @param string $type The type of object
- * @param object $entity The entity being created
+ * @param ElggEntity $entity The entity being created
* @return void
* @access private
*/
@@ -372,6 +372,7 @@ function elgg_create_default_widgets($event, $type, $entity) {
);
$widgets = elgg_get_entities_from_private_settings($options);
+ /* @var ElggWidget[] $widgets */
foreach ($widgets as $widget) {
// change the container and owner
diff --git a/engine/lib/xml.php b/engine/lib/xml.php
index ff82d7e..497459d 100644
--- a/engine/lib/xml.php
+++ b/engine/lib/xml.php
@@ -104,7 +104,7 @@ function serialise_array_to_xml(array $data, $n = 0) {
*
* @param string $xml The XML
*
- * @return object
+ * @return ElggXMLElement
*/
function xml_to_object($xml) {
return new ElggXMLElement($xml);
diff --git a/engine/schema/mysql.sql b/engine/schema/mysql.sql
index 6c6e9db..4714b71 100644
--- a/engine/schema/mysql.sql
+++ b/engine/schema/mysql.sql
@@ -361,7 +361,7 @@ CREATE TABLE `prefix_system_log` (
`access_id` int(11) NOT NULL,
`enabled` enum('yes','no') NOT NULL DEFAULT 'yes',
`time_created` int(11) NOT NULL,
- `ip_address` varchar(15) NOT NULL,
+ `ip_address` varchar(46) NOT NULL,
PRIMARY KEY (`id`),
KEY `object_id` (`object_id`),
KEY `object_class` (`object_class`),
diff --git a/engine/tests/api/access_collections.php b/engine/tests/api/access_collections.php
index ebcd7d3..4acfae5 100644
--- a/engine/tests/api/access_collections.php
+++ b/engine/tests/api/access_collections.php
@@ -54,7 +54,6 @@ class ElggCoreAccessCollectionsTest extends ElggCoreUnitTest {
}
public function testCreateGetDeleteACL() {
- global $DB_QUERY_CACHE;
$acl_name = 'test access collection';
$acl_id = create_access_collection($acl_name);
@@ -67,8 +66,6 @@ class ElggCoreAccessCollectionsTest extends ElggCoreUnitTest {
$this->assertEqual($acl->id, $acl_id);
if ($acl) {
- $DB_QUERY_CACHE = array();
-
$this->assertEqual($acl->name, $acl_name);
$result = delete_access_collection($acl_id);
diff --git a/engine/tests/api/annotations.php b/engine/tests/api/annotations.php
index 9472929..c0b0687 100644
--- a/engine/tests/api/annotations.php
+++ b/engine/tests/api/annotations.php
@@ -65,6 +65,86 @@ class ElggCoreAnnotationAPITest extends ElggCoreUnitTest {
$annotations = elgg_get_annotations($options);
$this->assertTrue(empty($annotations));
+ // nothing to delete so null returned
+ $this->assertNull(elgg_delete_annotations($options));
+
+ $this->assertTrue($e->delete());
+ }
+
+ public function testElggDisableAnnotations() {
+ $e = new ElggObject();
+ $e->save();
+
+ for ($i=0; $i<30; $i++) {
+ $e->annotate('test_annotation', rand(0,10000));
+ }
+
+ $options = array(
+ 'guid' => $e->getGUID(),
+ 'limit' => 0
+ );
+
+ $this->assertTrue(elgg_disable_annotations($options));
+
+ $annotations = elgg_get_annotations($options);
+ $this->assertTrue(empty($annotations));
+
+ access_show_hidden_entities(true);
+ $annotations = elgg_get_annotations($options);
+ $this->assertIdentical(30, count($annotations));
+ access_show_hidden_entities(false);
+
+ $this->assertTrue($e->delete());
+ }
+
+ public function testElggEnableAnnotations() {
+ $e = new ElggObject();
+ $e->save();
+
+ for ($i=0; $i<30; $i++) {
+ $e->annotate('test_annotation', rand(0,10000));
+ }
+
+ $options = array(
+ 'guid' => $e->getGUID(),
+ 'limit' => 0
+ );
+
+ $this->assertTrue(elgg_disable_annotations($options));
+
+ // cannot see any annotations so returns null
+ $this->assertNull(elgg_enable_annotations($options));
+
+ access_show_hidden_entities(true);
+ $this->assertTrue(elgg_enable_annotations($options));
+ access_show_hidden_entities(false);
+
+ $annotations = elgg_get_annotations($options);
+ $this->assertIdentical(30, count($annotations));
+
+ $this->assertTrue($e->delete());
+ }
+
+ public function testElggAnnotationExists() {
+ $e = new ElggObject();
+ $e->save();
+ $guid = $e->getGUID();
+
+ $this->assertFalse(elgg_annotation_exists($guid, 'test_annotation'));
+
+ $e->annotate('test_annotation', rand(0, 10000));
+ $this->assertTrue(elgg_annotation_exists($guid, 'test_annotation'));
+ // this metastring should always exist but an annotation of this name should not
+ $this->assertFalse(elgg_annotation_exists($guid, 'email'));
+
+ $options = array(
+ 'guid' => $guid,
+ 'limit' => 0
+ );
+ $this->assertTrue(elgg_disable_annotations($options));
+ $this->assertTrue(elgg_annotation_exists($guid, 'test_annotation'));
+
$this->assertTrue($e->delete());
+ $this->assertFalse(elgg_annotation_exists($guid, 'test_annotation'));
}
}
diff --git a/engine/tests/api/entity_getter_functions.php b/engine/tests/api/entity_getter_functions.php
index 9db248d..fef9dc0 100644
--- a/engine/tests/api/entity_getter_functions.php
+++ b/engine/tests/api/entity_getter_functions.php
@@ -2648,7 +2648,7 @@ class ElggCoreEntityGetterFunctionsTest extends ElggCoreUnitTest {
$name = 'test_annotation_' . rand(0, 9999);
$values = array();
$options = array(
- 'types' => 'object',
+ 'type' => 'object',
'subtypes' => $subtypes,
'limit' => 5
);
@@ -2687,7 +2687,7 @@ class ElggCoreEntityGetterFunctionsTest extends ElggCoreUnitTest {
$order = array_keys($values);
$options = array(
- 'types' => 'object',
+ 'type' => 'object',
'subtypes' => $subtypes,
'limit' => 5,
'annotation_name' => $name,
@@ -2729,6 +2729,36 @@ class ElggCoreEntityGetterFunctionsTest extends ElggCoreUnitTest {
}
}
+ public function testElggGetEntitiesFromAnnotationCalculationCount() {
+ // add two annotations with a unique name to an entity
+ // then count the number of entities with that annotation name
+
+ $subtypes = $this->getRandomValidSubtypes(array('object'), 1);
+ $name = 'test_annotation_' . rand(0, 9999);
+ $values = array();
+ $options = array(
+ 'type' => 'object',
+ 'subtypes' => $subtypes,
+ 'limit' => 1
+ );
+ $es = elgg_get_entities($options);
+ $entity = $es[0];
+ $value = rand(0, 9999);
+ $entity->annotate($name, $value);
+ $value = rand(0, 9999);
+ $entity->annotate($name, $value);
+
+ $options = array(
+ 'type' => 'object',
+ 'subtypes' => $subtypes,
+ 'annotation_name' => $name,
+ 'calculation' => 'count',
+ 'count' => true,
+ );
+ $count = elgg_get_entities_from_annotation_calculation($options);
+ $this->assertEqual(1, $count);
+ }
+
public function testElggGetAnnotationsAnnotationNames() {
$options = array('annotation_names' => array());
$a_e_map = array();
@@ -2817,4 +2847,38 @@ class ElggCoreEntityGetterFunctionsTest extends ElggCoreUnitTest {
$entities = elgg_get_entities($options);
$this->assertFalse($entities);
}
+
+ public function testEGEEmptySubtypePlurality() {
+ $options = array(
+ 'type' => 'user',
+ 'subtypes' => ''
+ );
+
+ $entities = elgg_get_entities($options);
+ $this->assertTrue(is_array($entities));
+
+ $options = array(
+ 'type' => 'user',
+ 'subtype' => ''
+ );
+
+ $entities = elgg_get_entities($options);
+ $this->assertTrue(is_array($entities));
+
+ $options = array(
+ 'type' => 'user',
+ 'subtype' => array('')
+ );
+
+ $entities = elgg_get_entities($options);
+ $this->assertTrue(is_array($entities));
+
+ $options = array(
+ 'type' => 'user',
+ 'subtypes' => array('')
+ );
+
+ $entities = elgg_get_entities($options);
+ $this->assertTrue(is_array($entities));
+ }
}
diff --git a/engine/tests/api/helpers.php b/engine/tests/api/helpers.php
index 62e4471..414fb41 100644
--- a/engine/tests/api/helpers.php
+++ b/engine/tests/api/helpers.php
@@ -519,7 +519,7 @@ class ElggCoreHelpersTest extends ElggCoreUnitTest {
$this->assertIdentical($elements_sorted_string, $test_elements);
}
- // see http://trac.elgg.org/ticket/4288
+ // see https://github.com/elgg/elgg/issues/4288
public function testElggBatchIncOffset() {
// normal increment
$options = array(
@@ -578,6 +578,107 @@ class ElggCoreHelpersTest extends ElggCoreUnitTest {
$this->assertEqual(11, $j);
}
+ public function testElggBatchReadHandlesBrokenEntities() {
+ $num_test_entities = 8;
+ $guids = array();
+ for ($i = $num_test_entities; $i > 0; $i--) {
+ $entity = new ElggObject();
+ $entity->type = 'object';
+ $entity->subtype = 'test_5357_subtype';
+ $entity->access_id = ACCESS_PUBLIC;
+ $entity->save();
+ $guids[] = $entity->guid;
+ _elgg_invalidate_cache_for_entity($entity->guid);
+ }
+
+ // break entities such that the first fetch has one incomplete
+ // and the second and third fetches have only incompletes!
+ $db_prefix = elgg_get_config('dbprefix');
+ delete_data("
+ DELETE FROM {$db_prefix}objects_entity
+ WHERE guid IN ({$guids[1]}, {$guids[2]}, {$guids[3]}, {$guids[4]}, {$guids[5]})
+ ");
+
+ $options = array(
+ 'type' => 'object',
+ 'subtype' => 'test_5357_subtype',
+ 'order_by' => 'e.guid',
+ );
+
+ $entities_visited = array();
+ $batch = new ElggBatch('elgg_get_entities', $options, null, 2);
+ /* @var ElggEntity[] $batch */
+ foreach ($batch as $entity) {
+ $entities_visited[] = $entity->guid;
+ }
+
+ // The broken entities should not have been visited
+ $this->assertEqual($entities_visited, array($guids[0], $guids[6], $guids[7]));
+
+ // cleanup (including leftovers from previous tests)
+ $entity_rows = elgg_get_entities(array_merge($options, array(
+ 'callback' => '',
+ 'limit' => false,
+ )));
+ $guids = array();
+ foreach ($entity_rows as $row) {
+ $guids[] = $row->guid;
+ }
+ delete_data("DELETE FROM {$db_prefix}entities WHERE guid IN (" . implode(',', $guids) . ")");
+ delete_data("DELETE FROM {$db_prefix}objects_entity WHERE guid IN (" . implode(',', $guids) . ")");
+ }
+
+ public function testElggBatchDeleteHandlesBrokenEntities() {
+ $num_test_entities = 8;
+ $guids = array();
+ for ($i = $num_test_entities; $i > 0; $i--) {
+ $entity = new ElggObject();
+ $entity->type = 'object';
+ $entity->subtype = 'test_5357_subtype';
+ $entity->access_id = ACCESS_PUBLIC;
+ $entity->save();
+ $guids[] = $entity->guid;
+ _elgg_invalidate_cache_for_entity($entity->guid);
+ }
+
+ // break entities such that the first fetch has one incomplete
+ // and the second and third fetches have only incompletes!
+ $db_prefix = elgg_get_config('dbprefix');
+ delete_data("
+ DELETE FROM {$db_prefix}objects_entity
+ WHERE guid IN ({$guids[1]}, {$guids[2]}, {$guids[3]}, {$guids[4]}, {$guids[5]})
+ ");
+
+ $options = array(
+ 'type' => 'object',
+ 'subtype' => 'test_5357_subtype',
+ 'order_by' => 'e.guid',
+ );
+
+ $entities_visited = array();
+ $batch = new ElggBatch('elgg_get_entities', $options, null, 2, false);
+ /* @var ElggEntity[] $batch */
+ foreach ($batch as $entity) {
+ $entities_visited[] = $entity->guid;
+ $entity->delete();
+ }
+
+ // The broken entities should not have been visited
+ $this->assertEqual($entities_visited, array($guids[0], $guids[6], $guids[7]));
+
+ // cleanup (including leftovers from previous tests)
+ $entity_rows = elgg_get_entities(array_merge($options, array(
+ 'callback' => '',
+ 'limit' => false,
+ )));
+ $guids = array();
+ foreach ($entity_rows as $row) {
+ $guids[] = $row->guid;
+ }
+ delete_data("DELETE FROM {$db_prefix}entities WHERE guid IN (" . implode(',', $guids) . ")");
+ delete_data("DELETE FROM {$db_prefix}objects_entity WHERE guid IN (" . implode(',', $guids) . ")");
+ }
+
static function elgg_batch_callback_test($options, $reset = false) {
static $count = 1;
diff --git a/engine/tests/api/metadata.php b/engine/tests/api/metadata.php
index 825290d..d23510c 100644
--- a/engine/tests/api/metadata.php
+++ b/engine/tests/api/metadata.php
@@ -123,9 +123,23 @@ class ElggCoreMetadataAPITest extends ElggCoreUnitTest {
$e->delete();
}
+ /**
+ * https://github.com/Elgg/Elgg/issues/4867
+ */
+ public function testElggGetEntityMetadataWhereSqlWithFalseValue() {
+ $pair = array('name' => 'test' , 'value' => false);
+ $result = elgg_get_entity_metadata_where_sql('e', 'metadata', null, null, $pair);
+ $where = preg_replace( '/\s+/', ' ', $result['wheres'][0]);
+ $this->assertTrue(strpos($where, "msn1.string = 'test' AND BINARY msv1.string = 0") > 0);
+
+ $result = elgg_get_entity_metadata_where_sql('e', 'metadata', array('test'), array(false));
+ $where = preg_replace( '/\s+/', ' ', $result['wheres'][0]);
+ $this->assertTrue(strpos($where, "msn.string IN ('test')) AND ( BINARY msv.string IN ('0')"));
+ }
+
// Make sure metadata with multiple values is correctly deleted when re-written
// by another user
- // http://trac.elgg.org/ticket/2776
+ // https://github.com/elgg/elgg/issues/2776
public function test_elgg_metadata_multiple_values() {
$u1 = new ElggUser();
$u1->username = rand();
diff --git a/engine/tests/api/metadata_cache.php b/engine/tests/api/metadata_cache.php
index 846116a..7fb3281 100644
--- a/engine/tests/api/metadata_cache.php
+++ b/engine/tests/api/metadata_cache.php
@@ -166,4 +166,11 @@ class ElggCoreMetadataCacheTest extends ElggCoreUnitTest {
$actual = $this->cache->filterMetadataHeavyEntities($guids, 6000);
$this->assertIdentical($actual, $expected);
}
+
+ public function testCreateMetadataInvalidates() {
+ $this->obj1->foo = 1;
+ create_metadata($this->guid1, 'foo', 2, '', elgg_get_logged_in_user_guid(), ACCESS_FRIENDS);
+
+ $this->assertEqual($this->obj1->foo, 2);
+ }
}
diff --git a/engine/tests/api/metastrings.php b/engine/tests/api/metastrings.php
index 0a89450..5efdab9 100644
--- a/engine/tests/api/metastrings.php
+++ b/engine/tests/api/metastrings.php
@@ -55,8 +55,11 @@ class ElggCoreMetastringsTest extends ElggCoreUnitTest {
* Called after each test method.
*/
public function tearDown() {
- // do not allow SimpleTest to interpret Elgg notices as exceptions
- $this->swallowErrors();
+ access_show_hidden_entities(true);
+ elgg_delete_annotations(array(
+ 'guid' => $this->object->guid,
+ ));
+ access_show_hidden_entities(false);
}
/**
@@ -98,6 +101,31 @@ class ElggCoreMetastringsTest extends ElggCoreUnitTest {
}
}
+ public function testGetMetastringObjectFromIDWithDisabledAnnotation() {
+ $name = 'test_annotation_name' . rand();
+ $value = 'test_annotation_value' . rand();
+ $id = create_annotation($this->object->guid, $name, $value);
+ $annotation = elgg_get_annotation_from_id($id);
+ $this->assertTrue($annotation->disable());
+
+ $test = elgg_get_metastring_based_object_from_id($id, 'annotation');
+ $this->assertEqual(false, $test);
+ }
+
+ public function testGetMetastringBasedObjectWithDisabledAnnotation() {
+ $name = 'test_annotation_name' . rand();
+ $value = 'test_annotation_value' . rand();
+ $id = create_annotation($this->object->guid, $name, $value);
+ $annotation = elgg_get_annotation_from_id($id);
+ $this->assertTrue($annotation->disable());
+
+ $test = elgg_get_metastring_based_objects(array(
+ 'metastring_type' => 'annotations',
+ 'guid' => $this->object->guid,
+ ));
+ $this->assertEqual(array(), $test);
+ }
+
public function testEnableDisableByID() {
$db_prefix = elgg_get_config('dbprefix');
$annotations = $this->createAnnotations(1);
@@ -119,7 +147,6 @@ class ElggCoreMetastringsTest extends ElggCoreUnitTest {
// enable
$ashe = access_get_show_hidden_status();
access_show_hidden_entities(true);
- flush();
$this->assertTrue(elgg_set_metastring_based_object_enabled_by_id($id, 'yes', $type));
$test = get_data($q);
diff --git a/engine/tests/api/plugins.php b/engine/tests/api/plugins.php
index 114f399..d0f111c 100644
--- a/engine/tests/api/plugins.php
+++ b/engine/tests/api/plugins.php
@@ -69,7 +69,7 @@ class ElggCorePluginsAPITest extends ElggCoreUnitTest {
'description' => 'A longer, more interesting description.',
'website' => 'http://www.elgg.org/',
'repository' => 'https://github.com/Elgg/Elgg',
- 'bugtracker' => 'http://trac.elgg.org',
+ 'bugtracker' => 'https://github.com/elgg/elgg/issues',
'donations' => 'http://elgg.org/supporter.php',
'copyright' => '(C) Elgg Foundation 2011',
'license' => 'GNU General Public License version 2',
@@ -174,7 +174,7 @@ class ElggCorePluginsAPITest extends ElggCoreUnitTest {
}
public function testElggPluginManifestGetBugtracker() {
- $this->assertEqual($this->manifest18->getBugTrackerURL(), 'http://trac.elgg.org');
+ $this->assertEqual($this->manifest18->getBugTrackerURL(), 'https://github.com/elgg/elgg/issues');
$this->assertEqual($this->manifest17->getBugTrackerURL(), '');
}
diff --git a/engine/tests/objects/entities.php b/engine/tests/objects/entities.php
index 248b85c..bac7207 100644
--- a/engine/tests/objects/entities.php
+++ b/engine/tests/objects/entities.php
@@ -271,7 +271,7 @@ class ElggCoreEntityTest extends ElggCoreUnitTest {
$this->save_entity();
// test deleting incorrectly
- // @link http://trac.elgg.org/ticket/2273
+ // @link https://github.com/elgg/elgg/issues/2273
$this->assertNull($this->entity->deleteMetadata('impotent'));
$this->assertEqual($this->entity->important, 'indeed!');
diff --git a/engine/tests/objects/objects.php b/engine/tests/objects/objects.php
index 915594e..263ab24 100644
--- a/engine/tests/objects/objects.php
+++ b/engine/tests/objects/objects.php
@@ -194,7 +194,7 @@ class ElggCoreObjectTest extends ElggCoreUnitTest {
$old = elgg_set_ignore_access(true);
}
- // see http://trac.elgg.org/ticket/1196
+ // see https://github.com/elgg/elgg/issues/1196
public function testElggEntityRecursiveDisableWhenLoggedOut() {
$e1 = new ElggObject();
$e1->access_id = ACCESS_PUBLIC;
diff --git a/engine/tests/objects/users.php b/engine/tests/objects/users.php
index a3573ac..8a1033a 100644
--- a/engine/tests/objects/users.php
+++ b/engine/tests/objects/users.php
@@ -65,6 +65,9 @@ class ElggCoreUserTest extends ElggCoreUnitTest {
$attributes['code'] = NULL;
$attributes['banned'] = 'no';
$attributes['admin'] = 'no';
+ $attributes['prev_last_action'] = NULL;
+ $attributes['last_login'] = NULL;
+ $attributes['prev_last_login'] = NULL;
ksort($attributes);
$entity_attributes = $this->user->expose_attributes();
@@ -142,7 +145,7 @@ class ElggCoreUserTest extends ElggCoreUnitTest {
}
public function testElggUserNameCache() {
- // Trac #1305
+ // issue https://github.com/elgg/elgg/issues/1305
// very unlikely a user would have this username
$name = (string)time();
@@ -156,6 +159,22 @@ class ElggCoreUserTest extends ElggCoreUnitTest {
$this->assertFalse($user);
}
+ public function testGetUserByUsernameAcceptsUrlEncoded() {
+ $username = (string)time();
+ $this->user->username = $username;
+ $guid = $this->user->save();
+
+ // percent encode first letter
+ $first_letter = $username[0];
+ $first_letter = str_pad('%' . dechex(ord($first_letter)), 2, '0', STR_PAD_LEFT);
+ $username = $first_letter . substr($username, 1);
+
+ $user = get_user_by_username($username);
+ $this->assertTrue((bool) $user);
+ $this->assertEqual($guid, $user->guid);
+
+ $this->user->delete();
+ }
public function testElggUserMakeAdmin() {
global $CONFIG;
diff --git a/engine/tests/regression/trac_bugs.php b/engine/tests/regression/trac_bugs.php
index 691433a..6892756 100644
--- a/engine/tests/regression/trac_bugs.php
+++ b/engine/tests/regression/trac_bugs.php
@@ -1,7 +1,7 @@
<?php
/**
- * Elgg Regression Tests -- Trac Bugfixes
- * Any bugfixes from Trac that require testing belong here.
+ * Elgg Regression Tests -- GitHub Bugfixes
+ * Any bugfixes from GitHub that require testing belong here.
*
* @package Elgg
* @subpackage Test
@@ -201,26 +201,28 @@ class ElggCoreRegressionBugsTest extends ElggCoreUnitTest {
}
/**
- * http://trac.elgg.org/ticket/3210 - Don't remove -s in friendly titles
- * http://trac.elgg.org/ticket/2276 - improve char encoding
+ * https://github.com/elgg/elgg/issues/3210 - Don't remove -s in friendly titles
+ * https://github.com/elgg/elgg/issues/2276 - improve char encoding
*/
public function test_friendly_title() {
$cases = array(
+ // acid test
+ "B&N > Amazon, OK? <bold> 'hey!' $34"
+ => "bn-amazon-ok-bold-hey-34",
+
// hyphen, underscore and ASCII whitespace replaced by separator,
// other non-alphanumeric ASCII removed
- "a-a_a a\na\ra\ta\va!a\"a#a\$a%a&a'a(a)a*a+a,a.a/a:a;a<a=a>a?a@a[a\\a]a^a`a{a|a}a~a"
- => "a-a-a-a-a-a-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
-
+ "a-a_a a\na\ra\ta\va!a\"a#a\$a%aa'a(a)a*a+a,a.a/a:a;a=a?a@a[a\\a]a^a`a{a|a}a~a"
+ => "a-a-a-a-a-a-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
+
// separators trimmed
- "-_ hello _-" => "hello",
+ "-_ hello _-"
+ => "hello",
// accents removed, lower case, other multibyte chars are URL encoded
"I\xC3\xB1t\xC3\xABrn\xC3\xA2ti\xC3\xB4n\xC3\xA0liz\xC3\xA6ti\xC3\xB8n, AND \xE6\x97\xA5\xE6\x9C\xAC\xE8\xAA\x9E"
// Iñtërnâtiônàlizætiøn, AND 日本語
=> 'internationalizaetion-and-%E6%97%A5%E6%9C%AC%E8%AA%9E',
-
- // some HTML entity replacements
- "Me &amp; You" => 'me-and-you',
);
// where available, string is converted to NFC before transliteration
@@ -234,4 +236,170 @@ class ElggCoreRegressionBugsTest extends ElggCoreUnitTest {
$this->assertIdentical($expected, $friendly_title);
}
}
+
+ /**
+ * Test #5369 -- parse_urls()
+ * https://github.com/Elgg/Elgg/issues/5369
+ */
+ public function test_parse_urls() {
+
+ $cases = array(
+ 'no.link.here' =>
+ 'no.link.here',
+ 'simple link http://example.org test' =>
+ 'simple link <a href="http://example.org" rel="nofollow">http:/<wbr />/<wbr />example.org</a> test',
+ 'non-ascii http://ñew.org/ test' =>
+ 'non-ascii <a href="http://ñew.org/" rel="nofollow">http:/<wbr />/<wbr />ñew.org/<wbr /></a> test',
+
+ // section 2.1
+ 'percent encoded http://example.org/a%20b test' =>
+ 'percent encoded <a href="http://example.org/a%20b" rel="nofollow">http:/<wbr />/<wbr />example.org/<wbr />a%20b</a> test',
+ // section 2.2: skipping single quote and parenthese
+ 'reserved characters http://example.org/:/?#[]@!$&*+,;= test' =>
+ 'reserved characters <a href="http://example.org/:/?#[]@!$&*+,;=" rel="nofollow">http:/<wbr />/<wbr />example.org/<wbr />:/<wbr />?#[]@!$&*+,;=</a> test',
+ // section 2.3
+ 'unreserved characters http://example.org/a1-._~ test' =>
+ 'unreserved characters <a href="http://example.org/a1-._~" rel="nofollow">http:/<wbr />/<wbr />example.org/<wbr />a1-._~</a> test',
+
+ 'parameters http://example.org/?val[]=1&val[]=2 test' =>
+ 'parameters <a href="http://example.org/?val[]=1&val[]=2" rel="nofollow">http:/<wbr />/<wbr />example.org/<wbr />?val[]=1&val[]=2</a> test',
+ 'port http://example.org:80/ test' =>
+ 'port <a href="http://example.org:80/" rel="nofollow">http:/<wbr />/<wbr />example.org:80/<wbr /></a> test',
+
+ 'parentheses (http://www.google.com) test' =>
+ 'parentheses (<a href="http://www.google.com" rel="nofollow">http:/<wbr />/<wbr />www.google.com</a>) test',
+ 'comma http://elgg.org, test' =>
+ 'comma <a href="http://elgg.org" rel="nofollow">http:/<wbr />/<wbr />elgg.org</a>, test',
+ 'period http://elgg.org. test' =>
+ 'period <a href="http://elgg.org" rel="nofollow">http:/<wbr />/<wbr />elgg.org</a>. test',
+ 'exclamation http://elgg.org! test' =>
+ 'exclamation <a href="http://elgg.org" rel="nofollow">http:/<wbr />/<wbr />elgg.org</a>! test',
+
+ 'already anchor <a href="http://twitter.com/">twitter</a> test' =>
+ 'already anchor <a href="http://twitter.com/">twitter</a> test',
+
+ 'ssl https://example.org/ test' =>
+ 'ssl <a href="https://example.org/" rel="nofollow">https:/<wbr />/<wbr />example.org/<wbr /></a> test',
+ 'ftp ftp://example.org/ test' =>
+ 'ftp <a href="ftp://example.org/" rel="nofollow">ftp:/<wbr />/<wbr />example.org/<wbr /></a> test',
+
+ 'web archive anchor <a href="http://web.archive.org/web/20000229040250/http://www.google.com/">google</a>' =>
+ 'web archive anchor <a href="http://web.archive.org/web/20000229040250/http://www.google.com/">google</a>',
+
+ 'single quotes already anchor <a href=\'http://www.yahoo.com\'>yahoo</a>' =>
+ 'single quotes already anchor <a href=\'http://www.yahoo.com\'>yahoo</a>',
+
+ 'unquoted already anchor <a href=http://www.yahoo.com>yahoo</a>' =>
+ 'unquoted already anchor <a href=http://www.yahoo.com>yahoo</a>',
+
+ 'parens in uri http://thedailywtf.com/Articles/A-(Long-Overdue)-BuildMaster-Introduction.aspx' =>
+ 'parens in uri <a href="http://thedailywtf.com/Articles/A-(Long-Overdue)-BuildMaster-Introduction.aspx" rel="nofollow">http:/<wbr />/<wbr />thedailywtf.com/<wbr />Articles/<wbr />A-(Long-Overdue)-BuildMaster-Introduction.aspx</a>'
+ );
+ foreach ($cases as $input => $output) {
+ $this->assertEqual($output, parse_urls($input));
+ }
+ }
+
+ /**
+ * Ensure additional select columns do not end up in entity attributes.
+ *
+ * https://github.com/Elgg/Elgg/issues/5538
+ */
+ public function test_extra_columns_dont_appear_in_attributes() {
+ global $ENTITY_CACHE;
+
+ // may not have groups in DB - let's create one
+ $group = new ElggGroup();
+ $group->name = 'test_group';
+ $group->access_id = ACCESS_PUBLIC;
+ $this->assertTrue($group->save() !== false);
+
+ // entity cache interferes with our test
+ $ENTITY_CACHE = array();
+
+ foreach (array('site', 'user', 'group', 'object') as $type) {
+ $entities = elgg_get_entities(array(
+ 'type' => $type,
+ 'selects' => array('1 as _nonexistent_test_column'),
+ 'limit' => 1,
+ ));
+ if (!$this->assertTrue($entities, "Query for '$type' did not return an entity.")) {
+ continue;
+ }
+ $entity = $entities[0];
+ $this->assertNull($entity->_nonexistent_test_column, "Additional select columns are leaking to attributes for '$type'");
+ }
+
+ $group->delete();
+ }
+
+ /**
+ * Ensure that ElggBatch doesn't go into infinite loop when disabling annotations recursively when show hidden is enabled.
+ *
+ * https://github.com/Elgg/Elgg/issues/5952
+ */
+ public function test_disabling_annotations_infinite_loop() {
+
+ //let's have some entity
+ $group = new ElggGroup();
+ $group->name = 'test_group';
+ $group->access_id = ACCESS_PUBLIC;
+ $this->assertTrue($group->save() !== false);
+
+ $total = 51;
+ //add some annotations
+ for ($cnt = 0; $cnt < $total; $cnt++) {
+ $group->annotate('test_annotation', 'value_' . $total);
+ }
+
+ //disable them
+ $show_hidden = access_get_show_hidden_status();
+ access_show_hidden_entities(true);
+ $options = array(
+ 'guid' => $group->guid,
+ 'limit' => $total, //using strict limit to avoid real infinite loop and just see ElggBatch limiting on it before finishing the work
+ );
+ elgg_disable_annotations($options);
+ access_show_hidden_entities($show_hidden);
+
+ //confirm all being disabled
+ $annotations = $group->getAnnotations(array(
+ 'limit' => $total,
+ ));
+ foreach ($annotations as $annotation) {
+ $this->assertTrue($annotation->enabled == 'no');
+ }
+
+ //delete group and annotations
+ $group->delete();
+ }
+
+ public function test_ElggXMLElement_does_not_load_external_entities() {
+ $elLast = libxml_disable_entity_loader(false);
+
+ // build payload that should trigger loading of external entity
+ $payload = file_get_contents(dirname(dirname(__FILE__)) . '/test_files/xxe/request.xml');
+ $path = realpath(dirname(dirname(__FILE__)) . '/test_files/xxe/external_entity.txt');
+ $path = str_replace('\\', '/', $path);
+ if ($path[0] != '/') {
+ $path = '/' . $path;
+ }
+ $path = 'file://' . $path;
+ $payload = sprintf($payload, $path);
+
+ // make sure we can actually this in this environment
+ $element = new SimpleXMLElement($payload);
+ $can_load_entity = preg_match('/secret/', (string)$element->methodName);
+
+ $this->skipUnless($can_load_entity, "XXE vulnerability cannot be tested on this system");
+
+ if ($can_load_entity) {
+ $el = new ElggXMLElement($payload);
+ $chidren = $el->getChildren();
+ $content = $chidren[0]->getContent();
+ $this->assertNoPattern('/secret/', $content);
+ }
+
+ libxml_disable_entity_loader($elLast);
+ }
}
diff --git a/engine/tests/test_files/plugin_18/manifest.xml b/engine/tests/test_files/plugin_18/manifest.xml
index 5d78861..c8b4075 100644
--- a/engine/tests/test_files/plugin_18/manifest.xml
+++ b/engine/tests/test_files/plugin_18/manifest.xml
@@ -7,7 +7,7 @@
<description>A longer, more interesting description.</description>
<website>http://www.elgg.org/</website>
<repository>https://github.com/Elgg/Elgg</repository>
- <bugtracker>http://trac.elgg.org</bugtracker>
+ <bugtracker>https://github.com/elgg/elgg/issues</bugtracker>
<donations>http://elgg.org/supporter.php</donations>
<copyright>(C) Elgg Foundation 2011</copyright>
<license>GNU General Public License version 2</license>
diff --git a/engine/tests/test_files/xxe/external_entity.txt b/engine/tests/test_files/xxe/external_entity.txt
new file mode 100644
index 0000000..536aca3
--- /dev/null
+++ b/engine/tests/test_files/xxe/external_entity.txt
@@ -0,0 +1 @@
+secret \ No newline at end of file
diff --git a/engine/tests/test_files/xxe/request.xml b/engine/tests/test_files/xxe/request.xml
new file mode 100644
index 0000000..4390f9d
--- /dev/null
+++ b/engine/tests/test_files/xxe/request.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0"?>
+<!DOCTYPE foo [
+<!ELEMENT methodName ANY >
+<!ENTITY xxe SYSTEM "%s" >
+]>
+<methodCall>
+ <methodName>test&xxe;test</methodName>
+</methodCall>
diff --git a/htaccess_dist b/htaccess_dist
index 4c888e7..44d1294 100644
--- a/htaccess_dist
+++ b/htaccess_dist
@@ -1,14 +1,11 @@
# Elgg htaccess directives
-# Copyright Curverider Ltd 2008-2009
-# License http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
-# Link http://elgg.org/
<Files "htaccess_dist">
order allow,deny
deny from all
</Files>
-# Don't listing directory
+# Don't allow listing directories
Options -Indexes
# Follow symbolic links
@@ -17,13 +14,28 @@ Options +FollowSymLinks
# Default handler
DirectoryIndex index.php
-# Turn on expiry
+
+############################
+# BROWSER CACHING
+
+# The expires module controls the Expires and Cache-Control headers. Elgg sets
+# these for dynamically generated files so this is just for static files.
<IfModule mod_expires.c>
ExpiresActive On
- ExpiresDefault "access plus 10 years"
+ ExpiresDefault "access plus 1 year"
</IfModule>
-# php 5, apache 1 and 2
+# Conditional requests are controlled through Last-Modified and ETag headers.
+# Elgg sets these on dynamically generated cacheable files so this is just for
+# static files. Note: Apache sends Last-Modified by default on static files so
+# I don't think we need to be sending ETag for these files.
+<FilesMatch "\.(jpg|jpeg|gif|png|mp3|flv|mov|avi|3pg|html|htm|swf|js|css|ico)$">
+ FileETag MTime Size
+</FilesMatch>
+
+
+############################
+# PHP SETTINGS
<IfModule mod_php5.c>
# limit the maximum memory consumed by the php script to 64 MB
php_value memory_limit 64M
@@ -37,6 +49,10 @@ DirectoryIndex index.php
php_value display_errors 0
</IfModule>
+
+############################
+# COMPRESSION
+
# Turn on mod_gzip if available
<IfModule mod_gzip.c>
mod_gzip_on yes
@@ -75,13 +91,9 @@ DirectoryIndex index.php
</IfModule>
-# Configure ETags
-<FilesMatch "\.(jpg|jpeg|gif|png|mp3|flv|mov|avi|3pg|html|htm|swf|js|ico)$">
- FileETag MTime Size
-</FilesMatch>
-# Add Proper MIME-Type for Favicon to allow expires to work
-AddType image/vnd.microsoft.icon .ico
+############################
+# REWRITE RULES
<IfModule mod_rewrite.c>
@@ -100,6 +112,14 @@ RewriteEngine on
#
#RewriteBase /
+
+# If your users receive the message "Sorry, logging in from a different domain is not permitted"
+# you must make sure your login form is served from the same hostname as your site pages.
+# See http://docs.elgg.org/wiki/Login_token_mismatch_error for more info.
+#
+# If you must add RewriteRules to change hostname, add them directly below (above all the others)
+
+
# In for backwards compatibility
RewriteRule ^pg\/([A-Za-z0-9\_\-]+)$ engine/handlers/page_handler.php?handler=$1&%{QUERY_STRING} [L]
RewriteRule ^pg\/([A-Za-z0-9\_\-]+)\/(.*)$ engine/handlers/page_handler.php?handler=$1&page=$2&%{QUERY_STRING} [L]
diff --git a/install/ElggInstaller.php b/install/ElggInstaller.php
index 775bbf5..78cdde9 100644
--- a/install/ElggInstaller.php
+++ b/install/ElggInstaller.php
@@ -1148,11 +1148,21 @@ class ElggInstaller {
foreach ($formVars as $field => $info) {
if ($info['required'] == TRUE && !$submissionVars[$field]) {
$name = elgg_echo("install:database:label:$field");
- register_error("$name is required");
+ register_error(elgg_echo('install:error:requiredfield', array($name)));
return FALSE;
}
}
+ // according to postgres documentation: SQL identifiers and key words must
+ // begin with a letter (a-z, but also letters with diacritical marks and
+ // non-Latin letters) or an underscore (_). Subsequent characters in an
+ // identifier or key word can be letters, underscores, digits (0-9), or dollar signs ($).
+ // Refs #4994
+ if (!preg_match("/^[a-zA-Z_][\w]*$/", $submissionVars['dbprefix'])) {
+ register_error(elgg_echo('install:error:database_prefix'));
+ return FALSE;
+ }
+
return $this->checkDatabaseSettings(
$submissionVars['dbuser'],
$submissionVars['dbpassword'],
@@ -1404,7 +1414,7 @@ class ElggInstaller {
$submissionVars['wwwroot'] = sanitise_filepath($submissionVars['wwwroot']);
$site = new ElggSite();
- $site->name = $submissionVars['sitename'];
+ $site->name = strip_tags($submissionVars['sitename']);
$site->url = $submissionVars['wwwroot'];
$site->access_id = ACCESS_PUBLIC;
$site->email = $submissionVars['siteemail'];
diff --git a/install/cli/sample_installer.php b/install/cli/sample_installer.php
index 0bae0cd..a51f9aa 100644
--- a/install/cli/sample_installer.php
+++ b/install/cli/sample_installer.php
@@ -1,28 +1,12 @@
<?php
+
/**
* Sample cli installer script
*/
+// change to true to run this script. Change back to false when done.
$enabled = false;
-// Do not edit below this line. //////////////////////////////
-
-
-if (!$enabled) {
- echo "To enable this script, change \$enabled to true.\n";
- echo "You *must* disable this script after a successful installation.\n";
- exit;
-}
-
-if (PHP_SAPI !== 'cli') {
- echo "You must use the command line to run this script.";
- exit;
-}
-
-require_once(dirname(dirname(__FILE__)) . "/ElggInstaller.php");
-
-$installer = new ElggInstaller();
-
// none of the following may be empty
$params = array(
// database parameters
@@ -43,11 +27,29 @@ $params = array(
'password' => '',
);
+
+// Do not edit below this line. //////////////////////////////
+
+
+if (!$enabled) {
+ echo "To enable this script, change \$enabled to true.\n";
+ echo "You *must* disable this script after a successful installation.\n";
+ exit;
+}
+
+if (PHP_SAPI !== 'cli') {
+ echo "You must use the command line to run this script.";
+ exit;
+}
+
+require_once(dirname(dirname(__FILE__)) . "/ElggInstaller.php");
+
+$installer = new ElggInstaller();
+
// install and create the .htaccess file
$installer->batchInstall($params, TRUE);
// at this point installation has completed (otherwise an exception halted execution).
-
// try to rewrite the script to disable it.
if (is_writable(__FILE__)) {
$code = file_get_contents(__FILE__);
diff --git a/install/languages/en.php b/install/languages/en.php
index b2583fb..531379b 100644
--- a/install/languages/en.php
+++ b/install/languages/en.php
@@ -124,6 +124,7 @@ If you are ready to proceed, click the Next button.",
'install:error:htaccess' => 'Unable to create an .htaccess',
'install:error:settings' => 'Unable to create the settings file',
'install:error:databasesettings' => 'Unable to connect to the database with these settings.',
+ 'install:error:database_prefix' => 'Invalid characters in database prefix',
'install:error:oldmysql' => 'MySQL must be version 5.0 or above. Your server is using %s.',
'install:error:nodatabase' => 'Unable to use database %s. It may not exist.',
'install:error:cannotloadtables' => 'Cannot load the database tables',
@@ -131,7 +132,7 @@ If you are ready to proceed, click the Next button.",
'install:error:readsettingsphp' => 'Unable to read engine/settings.example.php',
'install:error:writesettingphp' => 'Unable to write engine/settings.php',
'install:error:requiredfield' => '%s is required',
- 'install:error:relative_path' => 'We don\'t think "%s" is an absoluate path for your data directory',
+ 'install:error:relative_path' => 'We don\'t think "%s" is an absolute path for your data directory',
'install:error:datadirectoryexists' => 'Your data directory %s does not exist.',
'install:error:writedatadirectory' => 'Your data directory %s is not writable by the web server.',
'install:error:locationdatadirectory' => 'Your data directory %s must be outside of your install path for security.',
diff --git a/js/lib/elgglib.js b/js/lib/elgglib.js
index af2c940..a8e187f 100644
--- a/js/lib/elgglib.js
+++ b/js/lib/elgglib.js
@@ -474,8 +474,8 @@ elgg.parse_str = function(string) {
re = /([^&=]+)=?([^&]*)/g;
while (result = re.exec(string)) {
- key = decodeURIComponent(result[1])
- value = decodeURIComponent(result[2])
+ key = decodeURIComponent(result[1].replace(/\+/g, ' '));
+ value = decodeURIComponent(result[2].replace(/\+/g, ' '));
params[key] = value;
}
diff --git a/js/lib/languages.js b/js/lib/languages.js
index 99a1ba0..d218cbc 100644
--- a/js/lib/languages.js
+++ b/js/lib/languages.js
@@ -28,13 +28,11 @@ elgg.reload_all_translations = function(language) {
var lang = language || elgg.get_language();
var url, options;
- if (elgg.config.simplecache_enabled) {
- url = 'cache/js/default/languages/' + lang + '.' + elgg.config.lastcache + '.js';
- options = {};
- } else {
- url = 'ajax/view/js/languages';
- options = {data: {language: lang}};
- }
+ url = 'ajax/view/js/languages';
+ options = {data: {language: lang}};
+ if (elgg.config.simplecache_enabled) {
+ options.data.lc = elgg.config.lastcache;
+ }
options['success'] = function(json) {
elgg.add_translation(lang, json);
diff --git a/js/lib/security.js b/js/lib/security.js
index 61aa1cf..9c12f85 100644
--- a/js/lib/security.js
+++ b/js/lib/security.js
@@ -7,6 +7,8 @@ elgg.security.token = {};
elgg.security.tokenRefreshFailed = false;
+elgg.security.tokenRefreshTimer = null;
+
/**
* Sets the currently active security token and updates all forms and links on the current page.
*
@@ -30,31 +32,17 @@ elgg.security.setToken = function(json) {
};
/**
- * Security tokens time out, so lets refresh those every so often.
+ * Security tokens time out so we refresh those every so often.
*
- * @todo handle error and bad return data
+ * @private
*/
elgg.security.refreshToken = function() {
elgg.action('security/refreshtoken', function(data) {
-
- // @todo might want to move this to setToken() once http://trac.elgg.org/ticket/3127
- // is implemented. It's here right now to avoid soggy code.
- if (!data || !(data.output.__elgg_ts && data.output.__elgg_token)) {
- elgg.register_error(elgg.echo('js:security:token_refresh_failed', [elgg.get_site_url()]));
- elgg.security.tokenRefreshFailed = true;
-
- // don't setToken because we refresh every 5 minutes and tokens are good for 1
- // hour by default
- return;
- }
-
- // if had problems last time, let them know it's working now
- if (elgg.security.tokenRefreshFailed) {
- elgg.system_message(elgg.echo('js:security:token_refreshed', [elgg.get_site_url()]));
- elgg.security.tokenRefreshFailed = false;
+ if (data && data.output.__elgg_ts && data.output.__elgg_token) {
+ elgg.security.setToken(data.output);
+ } else {
+ clearInterval(elgg.security.tokenRefreshTimer);
}
-
- elgg.security.setToken(data.output);
});
};
@@ -112,9 +100,8 @@ elgg.security.addToken = function(data) {
};
elgg.security.init = function() {
- //refresh security token every 5 minutes
- //this is set in the js/elgg PHP view.
- setInterval(elgg.security.refreshToken, elgg.security.interval);
+ // elgg.security.interval is set in the js/elgg PHP view.
+ elgg.security.tokenRefreshTimer = setInterval(elgg.security.refreshToken, elgg.security.interval);
};
elgg.register_hook_handler('boot', 'system', elgg.security.init); \ No newline at end of file
diff --git a/js/lib/session.js b/js/lib/session.js
index fa3d60a..a8d5273 100644
--- a/js/lib/session.js
+++ b/js/lib/session.js
@@ -14,9 +14,9 @@ elgg.provide('elgg.session');
* {string} options[domain]
* {boolean} options[secure]
*
- * @return {string} The value of the cookie, if only name is specified
+ * @return {string|undefined} The value of the cookie, if only name is specified. Undefined if no value set
*/
-elgg.session.cookie = function (name, value, options) {
+elgg.session.cookie = function(name, value, options) {
var cookies = [], cookie = [], i = 0, date, valid = true;
//elgg.session.cookie()
@@ -47,21 +47,19 @@ elgg.session.cookie = function (name, value, options) {
}
cookies.push(name + '=' + value);
-
- if (elgg.isNumber(options.expires)) {
- if (elgg.isNumber(options.expires)) {
- date = new Date();
- date.setTime(date.getTime() + (options.expires * 24 * 60 * 60 * 1000));
- } else if (options.expires.toUTCString) {
- date = options.expires;
- } else {
- valid = false;
- }
-
- if (valid) {
- cookies.push('expires=' + date.toUTCString());
- }
- }
+
+ if (options.expires) {
+ if (elgg.isNumber(options.expires)) {
+ date = new Date();
+ date.setTime(date.getTime() + (options.expires * 24 * 60 * 60 * 1000));
+ } else if (options.expires.toUTCString) {
+ date = options.expires;
+ }
+
+ if (date) {
+ cookies.push('expires=' + date.toUTCString());
+ }
+ }
// CAUTION: Needed to parenthesize options.path and options.domain
// in the following expressions, otherwise they evaluate to undefined
diff --git a/js/lib/ui.river.js b/js/lib/ui.river.js
index a56a664..c103fab 100644
--- a/js/lib/ui.river.js
+++ b/js/lib/ui.river.js
@@ -1,14 +1,14 @@
-elgg.provide('elgg.ui.river');
-
-elgg.ui.river.init = function() {
- $('#elgg-river-selector').change(function() {
- var url = window.location.href;
- if (window.location.search.length) {
- url = url.substring(0, url.indexOf('?'));
- }
- url += '?' + $(this).val();
- elgg.forward(url);
- });
-};
-
+elgg.provide('elgg.ui.river');
+
+elgg.ui.river.init = function() {
+ $('#elgg-river-selector').change(function() {
+ var url = window.location.href;
+ if (window.location.search.length) {
+ url = url.substring(0, url.indexOf('?'));
+ }
+ url += '?' + $(this).val();
+ elgg.forward(url);
+ });
+};
+
elgg.register_hook_handler('init', 'system', elgg.ui.river.init); \ No newline at end of file
diff --git a/js/lib/ui.userpicker.js b/js/lib/ui.userpicker.js
index 7298da1..669b84c 100644
--- a/js/lib/ui.userpicker.js
+++ b/js/lib/ui.userpicker.js
@@ -107,11 +107,11 @@ elgg.userpicker.viewUser = function(info) {
* @return Object
*/
elgg.userpicker.getSearchParams = function(obj) {
- if (obj.element.siblings('[name=match_on]').attr('checked')) {
+ if (obj.element.parent('.elgg-user-picker').find('input[name=match_on]').attr('checked')) {
return {'match_on[]': 'friends', 'term' : obj.term};
} else {
return {'match_on[]': 'users', 'term' : obj.term};
}
};
-elgg.register_hook_handler('init', 'system', elgg.userpicker.init); \ No newline at end of file
+elgg.register_hook_handler('init', 'system', elgg.userpicker.init);
diff --git a/js/tests/ElggLibTest.js b/js/tests/ElggLibTest.js
index 2a676e2..bd39e7f 100644
--- a/js/tests/ElggLibTest.js
+++ b/js/tests/ElggLibTest.js
@@ -78,6 +78,7 @@ ElggLibTest.prototype.testNormalizeUrl = function() {
['https://example.com', 'https://example.com'],
['http://example-time.com', 'http://example-time.com'],
['//example.com', '//example.com'],
+ ['mod/my_plugin/graphics/image.jpg', elgg.config.wwwroot + 'mod/my_plugin/graphics/image.jpg'],
['ftp://example.com/file', 'ftp://example.com/file'],
['mailto:brett@elgg.org', 'mailto:brett@elgg.org'],
@@ -127,3 +128,13 @@ ElggLibTest.prototype.testParseUrl = function() {
});
};
+ElggLibTest.prototype.testParseStr = function() {
+
+ [
+ ["A+%2B+B=A+%2B+B", {"A + B": "A + B"}]
+
+ ].forEach(function(args) {
+ assertEquals(args[1], elgg.parse_str(args[0]));
+ });
+};
+
diff --git a/js/tests/README b/js/tests/README
index 4f86b27..f43c0c8 100644
--- a/js/tests/README
+++ b/js/tests/README
@@ -12,9 +12,10 @@ based debuggers. Visit its wiki at the Google Code site for more information.
Sample Usage
============
1. Put jar file in the base directory of Elgg
- 2. Run the server: java -jar JsTestDriver-1.3.3d.jar --port 4224
+ 2. Run the server: java -jar JsTestDriver-1.3.5.jar --port 4224
3. Point a web browser at http://localhost:4224
- 4. Run the tests: java -jar JsTestDriver-1.3.3d.jar --config js/tests/jsTestDriver.conf --basePath . --tests all
+ 4. Click "Capture this browser"
+ 5. Run the tests: java -jar JsTestDriver-1.3.5.jar --config js/tests/jsTestDriver.conf --basePath . --tests all
Configuration Hints
diff --git a/languages/en.php b/languages/en.php
index 3538960..07407d1 100644
--- a/languages/en.php
+++ b/languages/en.php
@@ -105,6 +105,8 @@ $english = array(
'ElggPlugin:Dependencies:Priority:Before' => 'Before %s',
'ElggPlugin:Dependencies:Priority:Uninstalled' => '%s is not installed',
'ElggPlugin:Dependencies:Suggests:Unsatisfied' => 'Missing',
+
+ 'ElggPlugin:Dependencies:ActiveDependent' => 'There are other plugins that list %s as a dependency. You must disable the following plugins before disabling this one: %s',
'ElggPlugin:InvalidAndDeactivated' => '%s is an invalid plugin and has been deactivated.',
@@ -175,7 +177,7 @@ $english = array(
'ConfigurationException:NoSiteID' => "No site ID has been specified.",
'SecurityException:APIAccessDenied' => "Sorry, API access has been disabled by the administrator.",
'SecurityException:NoAuthMethods' => "No authentication methods were found that could authenticate this API request.",
- 'SecurityException:ForwardFailedToRedirect' => 'Redirect could not be issued due to headers already being sent. Halting execution for security. Search http://docs.elgg.org/ for more information.',
+ 'SecurityException:ForwardFailedToRedirect' => 'Redirect could not be issued due to headers already being sent. Halting execution for security. Output started in file %s at line %d. Search http://docs.elgg.org/ for more information.',
'InvalidParameterException:APIMethodOrFunctionNotSet' => "Method or function not set in call in expose_method()",
'InvalidParameterException:APIParametersArrayStructure' => "Parameters array structure is incorrect for call to expose method '%s'",
'InvalidParameterException:UnrecognisedHttpMethod' => "Unrecognised http method %s for api method '%s'",
@@ -359,6 +361,7 @@ $english = array(
'friendspicker:chararray' => 'ABCDEFGHIJKLMNOPQRSTUVWXYZ',
'avatar' => 'Avatar',
+ 'avatar:noaccess' => "You're not allowed to edit this user's avatar",
'avatar:create' => 'Create your avatar',
'avatar:edit' => 'Edit avatar',
'avatar:preview' => 'Preview',
@@ -594,10 +597,24 @@ $english = array(
'admin:settings' => 'Settings',
'admin:settings:basic' => 'Basic Settings',
'admin:settings:advanced' => 'Advanced Settings',
+ 'admin:settings:advanced/site_secret' => 'Site Secret',
'admin:site:description' => "This admin panel allows you to control global settings for your site. Choose an option below to get started.",
+ 'admin:settings:advanced:site_secret' => 'Site Secret',
'admin:site:opt:linktext' => "Configure site...",
'admin:site:access:warning' => "Changing the access setting only affects the permissions on content created in the future.",
+ 'admin:site:secret:intro' => 'Elgg uses a key to create security tokens for various purposes.',
+ 'admin:site:secret_regenerated' => "Your site secret has been regenerated.",
+ 'admin:site:secret:regenerate' => "Regenerate site secret",
+ 'admin:site:secret:regenerate:help' => "Note: This may inconvenience some users by invalidating tokens used in \"remember me\" cookies, e-mail validation requests, invitation codes, etc.",
+ 'site_secret:current_strength' => 'Key Strength',
+ 'site_secret:strength:weak' => "Weak",
+ 'site_secret:strength_msg:weak' => "We strongly recommend that you regenerate your site secret.",
+ 'site_secret:strength:moderate' => "Moderate",
+ 'site_secret:strength_msg:moderate' => "We recommend you regenerate your site secret for the best site security.",
+ 'site_secret:strength:strong' => "Strong",
+ 'site_secret:strength_msg:strong' => "&#x2713; Your site secret is sufficiently strong.",
+
'admin:dashboard' => 'Dashboard',
'admin:widget:online_users' => 'Online users',
'admin:widget:online_users:help' => 'Lists the users currently on the site',
@@ -902,6 +919,7 @@ $english = array(
'total' => 'Total',
'learnmore' => "Click here to learn more.",
+ 'unknown_error' => 'Unknown error',
'content' => "content",
'content:latest' => 'Latest activity',
@@ -1060,7 +1078,7 @@ Once you have logged in, we highly recommend that you change your password.
'upgrade:unlock' => 'Unlock upgrade',
'upgrade:unlock:confirm' => "The database is locked for another upgrade. Running concurrent upgrades is dangerous. You should only continue if you know there is not another upgrade running. Unlock?",
'upgrade:locked' => "Cannot upgrade. Another upgrade is running. To clear the upgrade lock, visit the Admin section.",
- 'upgrade:unlock:success' => "Upgrade unlocked suscessfully.",
+ 'upgrade:unlock:success' => "Upgrade unlocked successfully.",
'upgrade:unable_to_upgrade' => 'Unable to upgrade.',
'upgrade:unable_to_upgrade_info' =>
'This installation cannot be upgraded because legacy views
@@ -1075,6 +1093,8 @@ Once you have logged in, we highly recommend that you change your password.
'update:twitter_api:deactivated' => 'Twitter API (previously Twitter Service) was deactivated during the upgrade. Please activate it manually if required.',
'update:oauth_api:deactivated' => 'OAuth API (previously OAuth Lib) was deactivated during the upgrade. Please activate it manually if required.',
+ 'upgrade:site_secret_warning:moderate' => "You are encouraged to regenerate your site key to improve system security. See Configure &gt; Settings &gt; Site Secret",
+ 'upgrade:site_secret_warning:weak' => "You are strongly encouraged to regenerate your site key to improve system security. See Configure &gt; Settings &gt; Site Secret",
'deprecated:function' => '%s() was deprecated by %s()',
@@ -1189,10 +1209,11 @@ You cannot reply to this email.",
* Action gatekeeper
*/
'actiongatekeeper:missingfields' => 'Form is missing __token or __ts fields',
- 'actiongatekeeper:tokeninvalid' => "We encountered an error (token mismatch). This probably means that the page you were using expired.",
+ 'actiongatekeeper:tokeninvalid' => "The page you were using had expired. Please try again.",
'actiongatekeeper:timeerror' => 'The page you were using has expired. Please refresh and try again.',
'actiongatekeeper:pluginprevents' => 'A extension has prevented this form from being submitted.',
'actiongatekeeper:uploadexceeded' => 'The size of file(s) uploaded exceeded the limit set by your site administrator',
+ 'actiongatekeeper:crosssitelogin' => "Sorry, logging in from a different domain is not permitted. Please try again.",
/**
@@ -1211,7 +1232,7 @@ You cannot reply to this email.",
* Javascript
*/
- 'js:security:token_refresh_failed' => 'Cannot contact %s. You may experience problems saving content.',
+ 'js:security:token_refresh_failed' => 'Failed to contact %s. You may experience problems saving content. Please refresh this page.',
'js:security:token_refreshed' => 'Connection to %s restored!',
/**
diff --git a/mod/blog/actions/blog/save.php b/mod/blog/actions/blog/save.php
index 070c963..82a9e6c 100644
--- a/mod/blog/actions/blog/save.php
+++ b/mod/blog/actions/blog/save.php
@@ -2,6 +2,12 @@
/**
* Save blog entity
*
+ * Can be called by clicking save button or preview button. If preview button,
+ * we automatically save as draft. The preview button is only available for
+ * non-published drafts.
+ *
+ * Drafts are saved with the access set to private.
+ *
* @package Blog
*/
@@ -73,11 +79,7 @@ foreach ($values as $name => $default) {
switch ($name) {
case 'tags':
- if ($value) {
- $values[$name] = string_to_tag_array($value);
- } else {
- unset ($values[$name]);
- }
+ $values[$name] = string_to_tag_array($value);
break;
case 'excerpt':
@@ -99,11 +101,6 @@ foreach ($values as $name => $default) {
}
break;
- // don't try to set the guid
- case 'guid':
- unset($values['guid']);
- break;
-
default:
$values[$name] = $value;
break;
@@ -115,13 +112,16 @@ if ($save == false) {
$values['status'] = 'draft';
}
+// if draft, set access to private and cache the future access
+if ($values['status'] == 'draft') {
+ $values['future_access'] = $values['access_id'];
+ $values['access_id'] = ACCESS_PRIVATE;
+}
+
// assign values to the entity, stopping on error.
if (!$error) {
foreach ($values as $name => $value) {
- if (FALSE === ($blog->$name = $value)) {
- $error = elgg_echo('blog:error:cannot_save' . "$name=$value");
- break;
- }
+ $blog->$name = $value;
}
}
@@ -151,6 +151,11 @@ if (!$error) {
if (($new_post || $old_status == 'draft') && $status == 'published') {
add_to_river('river/object/blog/create', 'create', $blog->owner_guid, $blog->getGUID());
+ // we only want notifications sent when post published
+ register_notification_object('object', 'blog', elgg_echo('blog:newpost'));
+ elgg_trigger_event('publish', 'object', $blog);
+
+ // reset the creation time for posts that move from draft to published
if ($guid) {
$blog->time_created = time();
$blog->save();
diff --git a/mod/blog/lib/blog.php b/mod/blog/lib/blog.php
index 3c71dfb..9753f27 100644
--- a/mod/blog/lib/blog.php
+++ b/mod/blog/lib/blog.php
@@ -39,8 +39,8 @@ function blog_get_page_content_read($guid = NULL) {
elgg_push_breadcrumb($blog->title);
$return['content'] = elgg_view_entity($blog, array('full_view' => true));
- //check to see if comment are on
- if ($blog->comments_on != 'Off') {
+ // check to see if we should allow comments
+ if ($blog->comments_on != 'Off' && $blog->status == 'published') {
$return['content'] .= elgg_view_comments($blog);
}
@@ -363,6 +363,10 @@ function blog_prepare_form_vars($post = NULL, $revision = NULL) {
$values[$field] = $post->$field;
}
}
+
+ if ($post->status == 'draft') {
+ $values['access_id'] = $post->future_access;
+ }
}
if (elgg_is_sticky_form('blog')) {
diff --git a/mod/blog/start.php b/mod/blog/start.php
index eb6eee0..e724b91 100644
--- a/mod/blog/start.php
+++ b/mod/blog/start.php
@@ -41,8 +41,8 @@ function blog_init() {
// override the default url to view a blog object
elgg_register_entity_url_handler('object', 'blog', 'blog_url_handler');
- // notifications
- register_notification_object('object', 'blog', elgg_echo('blog:newpost'));
+ // notifications - need to register for unique event because of draft/published status
+ elgg_register_event_handler('publish', 'object', 'object_notifications');
elgg_register_plugin_hook_handler('notify:entity:message', 'object', 'blog_notify_message');
// add blog link to
@@ -113,14 +113,23 @@ function blog_page_handler($page) {
switch ($page_type) {
case 'owner':
$user = get_user_by_username($page[1]);
+ if (!$user) {
+ forward('', '404');
+ }
$params = blog_get_page_content_list($user->guid);
break;
case 'friends':
$user = get_user_by_username($page[1]);
+ if (!$user) {
+ forward('', '404');
+ }
$params = blog_get_page_content_friends($user->guid);
break;
case 'archive':
$user = get_user_by_username($page[1]);
+ if (!$user) {
+ forward('', '404');
+ }
$params = blog_get_page_content_archive($user->guid, $page[2], $page[3]);
break;
case 'view':
@@ -139,7 +148,11 @@ function blog_page_handler($page) {
$params = blog_get_page_content_edit($page_type, $page[1], $page[2]);
break;
case 'group':
- if ($page[2] == 'all') {
+ $group = get_entity($page[1]);
+ if (!elgg_instanceof($group, 'group')) {
+ forward('', '404');
+ }
+ if (!isset($page[2]) || $page[2] == 'all') {
$params = blog_get_page_content_list($page[1]);
} else {
$params = blog_get_page_content_archive($page[1], $page[3], $page[4]);
@@ -214,7 +227,14 @@ function blog_entity_menu_setup($hook, $type, $return, $params) {
return $return;
}
- if ($entity->canEdit() && $entity->status != 'published') {
+ if ($entity->status != 'published') {
+ // draft status replaces access
+ foreach ($return as $index => $item) {
+ if ($item->getName() == 'access') {
+ unset($return[$index]);
+ }
+ }
+
$status_text = elgg_echo("blog:status:{$entity->status}");
$options = array(
'name' => 'published_status',
diff --git a/mod/blog/views/default/blog/sidebar/archives.php b/mod/blog/views/default/blog/sidebar/archives.php
index 3d8f28c..5098e6e 100644
--- a/mod/blog/views/default/blog/sidebar/archives.php
+++ b/mod/blog/views/default/blog/sidebar/archives.php
@@ -14,7 +14,7 @@ if (elgg_instanceof($page_owner, 'user')) {
// This is a limitation of the URL schema.
if ($page_owner && $vars['page'] != 'friends') {
- $dates = get_entity_dates('object', 'blog', $page_owner->getGUID());
+ $dates = array_reverse(get_entity_dates('object', 'blog', $page_owner->getGUID()));
if ($dates) {
$title = elgg_echo('blog:archives');
diff --git a/mod/blog/views/default/forms/blog/save.php b/mod/blog/views/default/forms/blog/save.php
index 36fa2e0..f825acc 100644
--- a/mod/blog/views/default/forms/blog/save.php
+++ b/mod/blog/views/default/forms/blog/save.php
@@ -10,7 +10,7 @@ $vars['entity'] = $blog;
$draft_warning = $vars['draft_warning'];
if ($draft_warning) {
- $draft_warning = '<span class="message warning">' . $draft_warning . '</span>';
+ $draft_warning = '<span class="mbm elgg-text-help">' . $draft_warning . '</span>';
}
$action_buttons = '';
diff --git a/mod/blog/views/default/river/object/blog/create.php b/mod/blog/views/default/river/object/blog/create.php
index a054c10..b808f1b 100644
--- a/mod/blog/views/default/river/object/blog/create.php
+++ b/mod/blog/views/default/river/object/blog/create.php
@@ -4,10 +4,12 @@
*/
$object = $vars['item']->getObjectEntity();
-$excerpt = strip_tags($object->excerpt);
+
+$excerpt = $object->excerpt ? $object->excerpt : $object->description;
+$excerpt = strip_tags($excerpt);
$excerpt = elgg_get_excerpt($excerpt);
echo elgg_view('river/elements/layout', array(
'item' => $vars['item'],
'message' => $excerpt,
-)); \ No newline at end of file
+));
diff --git a/mod/bookmarks/languages/en.php b/mod/bookmarks/languages/en.php
index d498028..970b394 100644
--- a/mod/bookmarks/languages/en.php
+++ b/mod/bookmarks/languages/en.php
@@ -9,7 +9,7 @@ $english = array(
* Menu items and titles
*/
'bookmarks' => "Bookmarks",
- 'bookmarks:add' => "Add bookmark",
+ 'bookmarks:add' => "Add a bookmark",
'bookmarks:edit' => "Edit bookmark",
'bookmarks:owner' => "%s's bookmarks",
'bookmarks:friends' => "Friends' bookmarks",
diff --git a/mod/bookmarks/pages/bookmarks/all.php b/mod/bookmarks/pages/bookmarks/all.php
index bdb8fc7..5c6011a 100644
--- a/mod/bookmarks/pages/bookmarks/all.php
+++ b/mod/bookmarks/pages/bookmarks/all.php
@@ -13,9 +13,8 @@ elgg_register_title_button();
$content = elgg_list_entities(array(
'type' => 'object',
'subtype' => 'bookmarks',
- 'limit' => 10,
'full_view' => false,
- 'view_toggle_type' => false
+ 'view_toggle_type' => false,
));
if (!$content) {
diff --git a/mod/bookmarks/pages/bookmarks/friends.php b/mod/bookmarks/pages/bookmarks/friends.php
index 15b1da0..1739963 100644
--- a/mod/bookmarks/pages/bookmarks/friends.php
+++ b/mod/bookmarks/pages/bookmarks/friends.php
@@ -7,7 +7,7 @@
$page_owner = elgg_get_page_owner_entity();
if (!$page_owner) {
- forward('bookmarks/all');
+ forward('', '404');
}
elgg_push_breadcrumb($page_owner->name, "bookmarks/owner/$page_owner->username");
diff --git a/mod/bookmarks/pages/bookmarks/owner.php b/mod/bookmarks/pages/bookmarks/owner.php
index a024ff3..b7b9079 100644
--- a/mod/bookmarks/pages/bookmarks/owner.php
+++ b/mod/bookmarks/pages/bookmarks/owner.php
@@ -7,7 +7,7 @@
$page_owner = elgg_get_page_owner_entity();
if (!$page_owner) {
- forward('bookmarks/all');
+ forward('', '404');
}
elgg_push_breadcrumb($page_owner->name);
@@ -18,7 +18,6 @@ $content .= elgg_list_entities(array(
'type' => 'object',
'subtype' => 'bookmarks',
'container_guid' => $page_owner->guid,
- 'limit' => 10,
'full_view' => false,
'view_toggle_type' => false
));
diff --git a/mod/bookmarks/start.php b/mod/bookmarks/start.php
index 3846f51..caea435 100644
--- a/mod/bookmarks/start.php
+++ b/mod/bookmarks/start.php
@@ -56,6 +56,9 @@ function bookmarks_init() {
// Listen to notification events and supply a more useful message
elgg_register_plugin_hook_handler('notify:entity:message', 'object', 'bookmarks_notify_message');
+ // Register bookmarks view for ecml parsing
+ elgg_register_plugin_hook_handler('get_views', 'ecml', 'bookmarks_ecml_views_hook');
+
// Register a URL handler for bookmarks
elgg_register_entity_url_handler('object', 'bookmarks', 'bookmark_url');
@@ -282,8 +285,11 @@ function bookmarks_page_menu($hook, $type, $return, $params) {
if (!$page_owner) {
$page_owner = elgg_get_logged_in_user_entity();
}
-
+
if ($page_owner instanceof ElggGroup) {
+ if (!$page_owner->isMember()) {
+ return $return;
+ }
$title = elgg_echo('bookmarks:bookmarklet:group');
} else {
$title = elgg_echo('bookmarks:bookmarklet');
@@ -295,3 +301,16 @@ function bookmarks_page_menu($hook, $type, $return, $params) {
return $return;
}
+
+/**
+ * Return bookmarks views to parse for ecml
+ *
+ * @param string $hook
+ * @param string $type
+ * @param array $return
+ * @param array $params
+ */
+function bookmarks_ecml_views_hook($hook, $type, $return, $params) {
+ $return['object/bookmarks'] = elgg_echo('item:object:bookmarks');
+ return $return;
+}
diff --git a/mod/categories/pages/categories/listing.php b/mod/categories/pages/categories/listing.php
index 8924506..d51e6c1 100644
--- a/mod/categories/pages/categories/listing.php
+++ b/mod/categories/pages/categories/listing.php
@@ -15,8 +15,8 @@ $type = get_input("type", 'object');
$params = array(
'metadata_name' => 'universal_categories',
'metadata_value' => $category,
- 'types' => $type,
- 'subtypes' => $subtype,
+ 'type' => $type,
+ 'subtype' => $subtype,
'owner_guid' => $owner_guid,
'limit' => $limit,
'full_view' => FALSE,
diff --git a/mod/custom_index/index.php b/mod/custom_index/index.php
index 53990a0..05771f5 100644
--- a/mod/custom_index/index.php
+++ b/mod/custom_index/index.php
@@ -31,7 +31,7 @@ $files = elgg_list_entities($list_params);
//get the newest members who have an avatar
$newest_members = elgg_list_entities_from_metadata(array(
'metadata_names' => 'icontime',
- 'types' => 'user',
+ 'type' => 'user',
'limit' => 10,
'full_view' => false,
'pagination' => false,
diff --git a/mod/developers/languages/en.php b/mod/developers/languages/en.php
index 856efe0..266b540 100644
--- a/mod/developers/languages/en.php
+++ b/mod/developers/languages/en.php
@@ -28,7 +28,8 @@ $english = array(
'developers:label:show_strings' => "Show raw translation strings",
'developers:help:show_strings' => "This displays the translation strings used by elgg_echo().",
'developers:label:wrap_views' => "Wrap views",
- 'developers:help:wrap_views' => "This wraps almost every view with HTML comments. Useful for finding the view creating particular HTML.",
+ 'developers:help:wrap_views' => "This wraps almost every view with HTML comments. Useful for finding the view creating particular HTML.
+ This can break non-HTML views in the default viewtype. See developers_wrap_views() for details.",
'developers:label:log_events' => "Log events and plugin hooks",
'developers:help:log_events' => "Write events and plugin hooks to the log. Warning: there are many of these per page.",
diff --git a/mod/developers/manifest.xml b/mod/developers/manifest.xml
index e319988..23e726e 100644
--- a/mod/developers/manifest.xml
+++ b/mod/developers/manifest.xml
@@ -8,7 +8,7 @@
<blurb>Developer tools for Elgg</blurb>
<description>A set of tools for writing plugins and themes. It is recommended that you have this plugin at the top of the plugin list.</description>
<website>http://www.elgg.org/</website>
- <bugtracker>http://trac.elgg.org</bugtracker>
+ <bugtracker>https://github.com/Elgg/Elgg/issues</bugtracker>
<copyright>See COPYRIGHT.txt</copyright>
<license>GNU General Public License version 2</license>
diff --git a/mod/developers/start.php b/mod/developers/start.php
index 413a8ed..94d0f65 100644
--- a/mod/developers/start.php
+++ b/mod/developers/start.php
@@ -89,6 +89,15 @@ function developers_clear_strings() {
/**
* Post-process a view to add wrapper comments to it
+ *
+ * 1. Only process views served with the 'default' viewtype.
+ * 2. Does not wrap views that begin with js/ or css/ as they are not HTML.
+ * 3. Does not wrap views that are images (start with icon/). Is this still true?
+ * 4. Does not wrap input and output views (why?).
+ * 5. Does not wrap html head or the primary page shells
+ *
+ * @warning this will break views in the default viewtype that return non-HTML data
+ * that do not match the above restrictions.
*/
function developers_wrap_views($hook, $type, $result, $params) {
if (elgg_get_viewtype() != "default") {
diff --git a/mod/developers/views/default/theme_preview/components/image_block.php b/mod/developers/views/default/theme_preview/components/image_block.php
index 0bb1642..ecd35ac 100644
--- a/mod/developers/views/default/theme_preview/components/image_block.php
+++ b/mod/developers/views/default/theme_preview/components/image_block.php
@@ -1,6 +1,6 @@
-<?php
-$ipsum = elgg_view('developers/ipsum');
-
-$user = new ElggUser();
-$image = elgg_view_entity_icon($user, 'small');
-echo elgg_view_image_block($image, "$ipsum $ipsum $ipsum $ipsum $ipsum $ipsum $ipsum");
+<?php
+$ipsum = elgg_view('developers/ipsum');
+
+$user = new ElggUser();
+$image = elgg_view_entity_icon($user, 'small');
+echo elgg_view_image_block($image, "$ipsum $ipsum $ipsum $ipsum $ipsum $ipsum $ipsum");
diff --git a/mod/developers/views/default/theme_preview/components/list.php b/mod/developers/views/default/theme_preview/components/list.php
index 8096bda..fcb6f76 100644
--- a/mod/developers/views/default/theme_preview/components/list.php
+++ b/mod/developers/views/default/theme_preview/components/list.php
@@ -1,19 +1,19 @@
-<?php
-
-$obj1 = new ElggObject();
-$obj1->title = "Object 1";
-$obj1->description = $ipsum;
-
-$obj2 = new ElggObject();
-$obj2->title = "Object 2";
-$obj2->description = $ipsum;
-
-$obj3 = new ElggObject();
-$obj3->title = "Object 3";
-$obj3->description = $ipsum;
-
-$obj4 = new ElggObject();
-$obj4->title = "Object 4";
-$obj4->description = $ipsum;
-
-echo elgg_view('page/components/list', array('items' => array($obj1, $obj2, $obj3, $obj4)));
+<?php
+
+$obj1 = new ElggObject();
+$obj1->title = "Object 1";
+$obj1->description = $ipsum;
+
+$obj2 = new ElggObject();
+$obj2->title = "Object 2";
+$obj2->description = $ipsum;
+
+$obj3 = new ElggObject();
+$obj3->title = "Object 3";
+$obj3->description = $ipsum;
+
+$obj4 = new ElggObject();
+$obj4->title = "Object 4";
+$obj4->description = $ipsum;
+
+echo elgg_view('page/components/list', array('items' => array($obj1, $obj2, $obj3, $obj4)));
diff --git a/mod/developers/views/default/theme_preview/components/messages.php b/mod/developers/views/default/theme_preview/components/messages.php
index ac4d2bf..a532552 100644
--- a/mod/developers/views/default/theme_preview/components/messages.php
+++ b/mod/developers/views/default/theme_preview/components/messages.php
@@ -1,5 +1,5 @@
-<ul>
- <li class="elgg-message elgg-state-success mas">Success message (.elgg-state-success)</li>
- <li class="elgg-message elgg-state-error mas">Error message (.elgg-state-error)</li>
- <li class="elgg-message elgg-state-notice mas">Notice message (.elgg-state-notice)</li>
-</ul>
+<ul>
+ <li class="elgg-message elgg-state-success mas">Success message (.elgg-state-success)</li>
+ <li class="elgg-message elgg-state-error mas">Error message (.elgg-state-error)</li>
+ <li class="elgg-message elgg-state-notice mas">Notice message (.elgg-state-notice)</li>
+</ul>
diff --git a/mod/developers/views/default/theme_preview/components/table.php b/mod/developers/views/default/theme_preview/components/table.php
index 8b8b13e..7d619dc 100644
--- a/mod/developers/views/default/theme_preview/components/table.php
+++ b/mod/developers/views/default/theme_preview/components/table.php
@@ -1,12 +1,12 @@
-<table class="<?php echo $vars['class']; ?>">
-<?php
- echo "<thead><tr><th>column 1</th><th>column 2</th></tr></thead>";
- for ($i = 1; $i < 5; $i++) {
- echo '<tr>';
- for ($j = 1; $j < 3; $j++) {
- echo "<td>value $j</td>";
- }
- echo '</tr>';
- }
-?>
+<table class="<?php echo $vars['class']; ?>">
+<?php
+ echo "<thead><tr><th>column 1</th><th>column 2</th></tr></thead>";
+ for ($i = 1; $i < 5; $i++) {
+ echo '<tr>';
+ for ($j = 1; $j < 3; $j++) {
+ echo "<td>value $j</td>";
+ }
+ echo '</tr>';
+ }
+?>
</table> \ No newline at end of file
diff --git a/mod/developers/views/default/theme_preview/icons/avatars.php b/mod/developers/views/default/theme_preview/icons/avatars.php
index f50a6b7..3aa1eda 100644
--- a/mod/developers/views/default/theme_preview/icons/avatars.php
+++ b/mod/developers/views/default/theme_preview/icons/avatars.php
@@ -1,36 +1,36 @@
-<?php
- $user = new ElggUser();
- $group = new ElggGroup();
-
- $sizes = array('large', 'medium', 'small', 'tiny');
-?>
-<table class="elgg-table">
- <tr>
- <th></th>
- <?php
- foreach ($sizes as $size) {
- echo "<th>$size</th>";
- }
- ?>
- </tr>
- <tr>
- <th>User</th>
- <?php
- foreach ($sizes as $size) {
- echo '<td>';
- echo elgg_view_entity_icon($user, $size, array('use_hover' => false));
- echo '</td>';
- }
- ?>
- </tr>
- <tr>
- <th>Group</th>
- <?php
- foreach ($sizes as $size) {
- echo '<td>';
- echo elgg_view_entity_icon($group, $size, array('use_hover' => false));
- echo '</td>';
- }
- ?>
- </tr>
-</table>
+<?php
+ $user = new ElggUser();
+ $group = new ElggGroup();
+
+ $sizes = array('large', 'medium', 'small', 'tiny');
+?>
+<table class="elgg-table">
+ <tr>
+ <th></th>
+ <?php
+ foreach ($sizes as $size) {
+ echo "<th>$size</th>";
+ }
+ ?>
+ </tr>
+ <tr>
+ <th>User</th>
+ <?php
+ foreach ($sizes as $size) {
+ echo '<td>';
+ echo elgg_view_entity_icon($user, $size, array('use_hover' => false));
+ echo '</td>';
+ }
+ ?>
+ </tr>
+ <tr>
+ <th>Group</th>
+ <?php
+ foreach ($sizes as $size) {
+ echo '<td>';
+ echo elgg_view_entity_icon($group, $size, array('use_hover' => false));
+ echo '</td>';
+ }
+ ?>
+ </tr>
+</table>
diff --git a/mod/developers/views/default/theme_preview/icons/sprites.php b/mod/developers/views/default/theme_preview/icons/sprites.php
index 134dd9a..3edb0bd 100644
--- a/mod/developers/views/default/theme_preview/icons/sprites.php
+++ b/mod/developers/views/default/theme_preview/icons/sprites.php
@@ -1,61 +1,61 @@
-<?php
-$icons = array(
- 'arrow-left',
- 'arrow-right',
- 'arrow-two-head',
- 'calendar',
- 'checkmark',
- 'clip',
- 'cursor-drag-arrow',
- 'delete-alt',
- 'delete',
- 'download',
- 'facebook',
- 'home',
- 'hover-menu',
- 'link',
- 'mail-alt',
- 'mail',
- 'print-alt',
- 'print',
- 'push-pin-alt',
- 'push-pin',
- 'redo',
- 'refresh',
- 'round-arrow-left',
- 'round-arrow-right',
- 'round-checkmark',
- 'round-minus',
- 'round-plus',
- 'rss',
- 'search-focus',
- 'search',
- 'settings-alt',
- 'settings',
- 'share',
- 'shop-cart',
- 'speech-bubble-alt',
- 'speech-bubble',
- 'star-alt',
- 'star-empty',
- 'star',
- 'tag',
- 'thumbs-down-alt',
- 'thumbs-down',
- 'thumbs-up-alt',
- 'thumbs-up',
- 'trash',
- 'twitter',
- 'undo',
- 'user',
- 'users',
-);
-?>
-
-<ul class="elgg-gallery">
-<?php
- foreach ($icons as $icon) {
- echo "<li title=\".elgg-icon-$icon\" style=\"margin:10px\">" . elgg_view_icon($icon) . "</li>";
- }
-?>
+<?php
+$icons = array(
+ 'arrow-left',
+ 'arrow-right',
+ 'arrow-two-head',
+ 'calendar',
+ 'checkmark',
+ 'clip',
+ 'cursor-drag-arrow',
+ 'delete-alt',
+ 'delete',
+ 'download',
+ 'facebook',
+ 'home',
+ 'hover-menu',
+ 'link',
+ 'mail-alt',
+ 'mail',
+ 'print-alt',
+ 'print',
+ 'push-pin-alt',
+ 'push-pin',
+ 'redo',
+ 'refresh',
+ 'round-arrow-left',
+ 'round-arrow-right',
+ 'round-checkmark',
+ 'round-minus',
+ 'round-plus',
+ 'rss',
+ 'search-focus',
+ 'search',
+ 'settings-alt',
+ 'settings',
+ 'share',
+ 'shop-cart',
+ 'speech-bubble-alt',
+ 'speech-bubble',
+ 'star-alt',
+ 'star-empty',
+ 'star',
+ 'tag',
+ 'thumbs-down-alt',
+ 'thumbs-down',
+ 'thumbs-up-alt',
+ 'thumbs-up',
+ 'trash',
+ 'twitter',
+ 'undo',
+ 'user',
+ 'users',
+);
+?>
+
+<ul class="elgg-gallery">
+<?php
+ foreach ($icons as $icon) {
+ echo "<li title=\".elgg-icon-$icon\" style=\"margin:10px\">" . elgg_view_icon($icon) . "</li>";
+ }
+?>
</ul> \ No newline at end of file
diff --git a/mod/developers/views/default/theme_preview/modules/modules.php b/mod/developers/views/default/theme_preview/modules/modules.php
index e0d39c0..04f5917 100644
--- a/mod/developers/views/default/theme_preview/modules/modules.php
+++ b/mod/developers/views/default/theme_preview/modules/modules.php
@@ -1,23 +1,23 @@
-<?php
-
-$ipsum = elgg_view('developers/ipsum');
-
-?>
-<div class="elgg-grid">
- <div class="elgg-col elgg-col-1of2">
- <div class="pam">
- <?php
- echo elgg_view_module('aside', 'Aside (.elgg-module-aside)', $ipsum);
- echo elgg_view_module('popup', 'Popup (.elgg-module-popup)', $ipsum);
- ?>
- </div>
- </div>
- <div class="elgg-col elgg-col-1of2">
- <div class="pam">
- <?php
- echo elgg_view_module('info', 'Info (.elgg-module-info)', $ipsum);
- echo elgg_view_module('featured', 'Featured (.elgg-module-featured)', $ipsum);
- ?>
- </div>
- </div>
+<?php
+
+$ipsum = elgg_view('developers/ipsum');
+
+?>
+<div class="elgg-grid">
+ <div class="elgg-col elgg-col-1of2">
+ <div class="pam">
+ <?php
+ echo elgg_view_module('aside', 'Aside (.elgg-module-aside)', $ipsum);
+ echo elgg_view_module('popup', 'Popup (.elgg-module-popup)', $ipsum);
+ ?>
+ </div>
+ </div>
+ <div class="elgg-col elgg-col-1of2">
+ <div class="pam">
+ <?php
+ echo elgg_view_module('info', 'Info (.elgg-module-info)', $ipsum);
+ echo elgg_view_module('featured', 'Featured (.elgg-module-featured)', $ipsum);
+ ?>
+ </div>
+ </div>
</div> \ No newline at end of file
diff --git a/mod/developers/views/default/theme_preview/navigation/breadcrumbs.php b/mod/developers/views/default/theme_preview/navigation/breadcrumbs.php
index c910b2a..0439bd5 100644
--- a/mod/developers/views/default/theme_preview/navigation/breadcrumbs.php
+++ b/mod/developers/views/default/theme_preview/navigation/breadcrumbs.php
@@ -1,10 +1,10 @@
-<?php
-elgg_push_breadcrumb('First', "#");
-elgg_push_breadcrumb('Second', "#");
-elgg_push_breadcrumb('Third');
-
-echo elgg_view('navigation/breadcrumbs', array('class' => mts));
-
-elgg_pop_breadcrumb();
-elgg_pop_breadcrumb();
-elgg_pop_breadcrumb();
+<?php
+elgg_push_breadcrumb('First', "#");
+elgg_push_breadcrumb('Second', "#");
+elgg_push_breadcrumb('Third');
+
+echo elgg_view('navigation/breadcrumbs', array('class' => mts));
+
+elgg_pop_breadcrumb();
+elgg_pop_breadcrumb();
+elgg_pop_breadcrumb();
diff --git a/mod/developers/views/default/theme_preview/navigation/default.php b/mod/developers/views/default/theme_preview/navigation/default.php
index bfd2616..6efcd88 100644
--- a/mod/developers/views/default/theme_preview/navigation/default.php
+++ b/mod/developers/views/default/theme_preview/navigation/default.php
@@ -1,11 +1,11 @@
-<?php
-
-$params = array();
-$params['menu'] = array();
-$params['menu']['default'] = array();
-for ($i=1; $i<=5; $i++) {
- $params['menu']['default'][] = new ElggMenuItem($i, "Page $i", "#");
-}
-$params['menu']['default'][2]->setSelected(true);
-
-echo elgg_view('navigation/menu/default', $params);
+<?php
+
+$params = array();
+$params['menu'] = array();
+$params['menu']['default'] = array();
+for ($i=1; $i<=5; $i++) {
+ $params['menu']['default'][] = new ElggMenuItem($i, "Page $i", "#");
+}
+$params['menu']['default'][2]->setSelected(true);
+
+echo elgg_view('navigation/menu/default', $params);
diff --git a/mod/developers/views/default/theme_preview/navigation/extras.php b/mod/developers/views/default/theme_preview/navigation/extras.php
index 43b19f8..01bc6d4 100644
--- a/mod/developers/views/default/theme_preview/navigation/extras.php
+++ b/mod/developers/views/default/theme_preview/navigation/extras.php
@@ -1,18 +1,18 @@
-<?php
-
-$params = array();
-$params['menu'] = array();
-$params['menu']['default'] = array();
-$params['menu']['default'][] = new ElggMenuItem(1, elgg_view_icon('push-pin-alt'), "#");
-$params['menu']['default'][] = new ElggMenuItem(2, elgg_view_icon('rss'), "#");
-$params['menu']['default'][] = new ElggMenuItem(3, elgg_view_icon('star-alt'), "#");
-$params['name'] = 'extras';
-$params['class'] = 'elgg-menu-hz';
-
-?>
-
-<div class="elgg-sidebar">
-<?php
- echo elgg_view('navigation/menu/default', $params);
-?>
+<?php
+
+$params = array();
+$params['menu'] = array();
+$params['menu']['default'] = array();
+$params['menu']['default'][] = new ElggMenuItem(1, elgg_view_icon('push-pin-alt'), "#");
+$params['menu']['default'][] = new ElggMenuItem(2, elgg_view_icon('rss'), "#");
+$params['menu']['default'][] = new ElggMenuItem(3, elgg_view_icon('star-alt'), "#");
+$params['name'] = 'extras';
+$params['class'] = 'elgg-menu-hz';
+
+?>
+
+<div class="elgg-sidebar">
+<?php
+ echo elgg_view('navigation/menu/default', $params);
+?>
</div> \ No newline at end of file
diff --git a/mod/developers/views/default/theme_preview/navigation/filter.php b/mod/developers/views/default/theme_preview/navigation/filter.php
index ea1c8b0..70cd31d 100644
--- a/mod/developers/views/default/theme_preview/navigation/filter.php
+++ b/mod/developers/views/default/theme_preview/navigation/filter.php
@@ -1,13 +1,13 @@
-<?php
-
-$params = array();
-$params['menu'] = array();
-$params['menu']['default'] = array();
-for ($i=1; $i<=5; $i++) {
- $params['menu']['default'][] = new ElggMenuItem($i, "Page $i", "#");
-}
-$params['menu']['default'][2]->setSelected(true);
-
-$params['name'] = 'filter';
-
-echo elgg_view('navigation/menu/default', $params);
+<?php
+
+$params = array();
+$params['menu'] = array();
+$params['menu']['default'] = array();
+for ($i=1; $i<=5; $i++) {
+ $params['menu']['default'][] = new ElggMenuItem($i, "Page $i", "#");
+}
+$params['menu']['default'][2]->setSelected(true);
+
+$params['name'] = 'filter';
+
+echo elgg_view('navigation/menu/default', $params);
diff --git a/mod/developers/views/default/theme_preview/navigation/horizontal.php b/mod/developers/views/default/theme_preview/navigation/horizontal.php
index f404f42..44e04cd 100644
--- a/mod/developers/views/default/theme_preview/navigation/horizontal.php
+++ b/mod/developers/views/default/theme_preview/navigation/horizontal.php
@@ -1,12 +1,12 @@
-<?php
-
-$params = array();
-$params['menu'] = array();
-$params['menu']['default'] = array();
-for ($i=1; $i<=5; $i++) {
- $params['menu']['default'][] = new ElggMenuItem($i, "Page $i", "#");
-}
-$params['menu']['default'][2]->setSelected(true);
-$params['class'] = 'elgg-menu-hz';
-
-echo elgg_view('navigation/menu/default', $params);
+<?php
+
+$params = array();
+$params['menu'] = array();
+$params['menu']['default'] = array();
+for ($i=1; $i<=5; $i++) {
+ $params['menu']['default'][] = new ElggMenuItem($i, "Page $i", "#");
+}
+$params['menu']['default'][2]->setSelected(true);
+$params['class'] = 'elgg-menu-hz';
+
+echo elgg_view('navigation/menu/default', $params);
diff --git a/mod/developers/views/default/theme_preview/navigation/owner_block.php b/mod/developers/views/default/theme_preview/navigation/owner_block.php
index 20b93d1..f5f2039 100644
--- a/mod/developers/views/default/theme_preview/navigation/owner_block.php
+++ b/mod/developers/views/default/theme_preview/navigation/owner_block.php
@@ -1,13 +1,13 @@
-<?php
-$params = array();
-$params['menu'] = array();
-$params['menu']['default'] = array();
-for ($i=1; $i<=5; $i++) {
- $params['menu']['default'][] = new ElggMenuItem($i, "Page $i", "#");
-}
-$params['menu']['default'][2]->setSelected(true);
-$params['name'] = 'owner-block';
-
-echo '<div class="elgg-sidebar">';
-echo elgg_view('navigation/menu/default', $params);
-echo '</div>';
+<?php
+$params = array();
+$params['menu'] = array();
+$params['menu']['default'] = array();
+for ($i=1; $i<=5; $i++) {
+ $params['menu']['default'][] = new ElggMenuItem($i, "Page $i", "#");
+}
+$params['menu']['default'][2]->setSelected(true);
+$params['name'] = 'owner-block';
+
+echo '<div class="elgg-sidebar">';
+echo elgg_view('navigation/menu/default', $params);
+echo '</div>';
diff --git a/mod/developers/views/default/theme_preview/navigation/page.php b/mod/developers/views/default/theme_preview/navigation/page.php
index a57edc2..1da6a1f 100644
--- a/mod/developers/views/default/theme_preview/navigation/page.php
+++ b/mod/developers/views/default/theme_preview/navigation/page.php
@@ -1,20 +1,20 @@
-<?php
-
-$params = array();
-$params['menu'] = array();
-$params['menu']['default'] = array();
-for ($i=1; $i<=5; $i++) {
- $params['menu']['default'][] = new ElggMenuItem($i, "Page $i", "#");
-}
-$params['menu']['default'][2]->setSelected(true);
-
-$m = new ElggMenuItem(10, "Child", "#");
-$m->setParent($params['menu']['default'][1]);
-$params['menu']['default'][1]->addChild($m);
-?>
-
-<div class="elgg-sidebar">
-<?php
- echo elgg_view('navigation/menu/page', $params);
-?>
+<?php
+
+$params = array();
+$params['menu'] = array();
+$params['menu']['default'] = array();
+for ($i=1; $i<=5; $i++) {
+ $params['menu']['default'][] = new ElggMenuItem($i, "Page $i", "#");
+}
+$params['menu']['default'][2]->setSelected(true);
+
+$m = new ElggMenuItem(10, "Child", "#");
+$m->setParent($params['menu']['default'][1]);
+$params['menu']['default'][1]->addChild($m);
+?>
+
+<div class="elgg-sidebar">
+<?php
+ echo elgg_view('navigation/menu/page', $params);
+?>
</div> \ No newline at end of file
diff --git a/mod/developers/views/default/theme_preview/navigation/pagination.php b/mod/developers/views/default/theme_preview/navigation/pagination.php
index 90ae48e..f5e1b63 100644
--- a/mod/developers/views/default/theme_preview/navigation/pagination.php
+++ b/mod/developers/views/default/theme_preview/navigation/pagination.php
@@ -1,8 +1,8 @@
-<?php
-$params = array(
- 'count' => 1000,
- 'limit' => 10,
- 'offset' => 230,
-);
-
+<?php
+$params = array(
+ 'count' => 1000,
+ 'limit' => 10,
+ 'offset' => 230,
+);
+
echo elgg_view('navigation/pagination', $params); \ No newline at end of file
diff --git a/mod/developers/views/default/theme_preview/navigation/site.php b/mod/developers/views/default/theme_preview/navigation/site.php
index 329036b..90bb8ff 100644
--- a/mod/developers/views/default/theme_preview/navigation/site.php
+++ b/mod/developers/views/default/theme_preview/navigation/site.php
@@ -1,18 +1,18 @@
-<?php
-
-$params = array();
-$params['menu'] = array();
-$params['menu']['default'] = array();
-for ($i=1; $i<=5; $i++) {
- $params['menu']['default'][] = new ElggMenuItem($i, "Page $i", "#");
-}
-$params['menu']['default'][2]->setSelected(true);
-?>
-
-<div class="elgg-page-header">
- <div class="elgg-inner">
- <?php
- echo elgg_view('navigation/menu/site', $params);
- ?>
- </div>
-</div>
+<?php
+
+$params = array();
+$params['menu'] = array();
+$params['menu']['default'] = array();
+for ($i=1; $i<=5; $i++) {
+ $params['menu']['default'][] = new ElggMenuItem($i, "Page $i", "#");
+}
+$params['menu']['default'][2]->setSelected(true);
+?>
+
+<div class="elgg-page-header">
+ <div class="elgg-inner">
+ <?php
+ echo elgg_view('navigation/menu/site', $params);
+ ?>
+ </div>
+</div>
diff --git a/mod/developers/views/default/theme_preview/navigation/tabs.php b/mod/developers/views/default/theme_preview/navigation/tabs.php
index 81fe4e6..dd282dc 100644
--- a/mod/developers/views/default/theme_preview/navigation/tabs.php
+++ b/mod/developers/views/default/theme_preview/navigation/tabs.php
@@ -1,10 +1,10 @@
-<?php
-$params = array(
- 'tabs' => array(
- array('title' => 'First', 'url' => "#"),
- array('title' => 'Second', 'url' => "#", 'selected' => true),
- array('title' => 'Third', 'url' => "#"),
- )
-);
-
+<?php
+$params = array(
+ 'tabs' => array(
+ array('title' => 'First', 'url' => "#"),
+ array('title' => 'Second', 'url' => "#", 'selected' => true),
+ array('title' => 'Third', 'url' => "#"),
+ )
+);
+
echo elgg_view('navigation/tabs', $params); \ No newline at end of file
diff --git a/mod/developers/views/default/theme_preview/typography/headings.php b/mod/developers/views/default/theme_preview/typography/headings.php
index 1eb96c7..d843853 100644
--- a/mod/developers/views/default/theme_preview/typography/headings.php
+++ b/mod/developers/views/default/theme_preview/typography/headings.php
@@ -1,6 +1,6 @@
-<h1>Level 1 heading</h1>
-<h2>Level 2 heading</h2>
-<h3>Level 3 heading</h3>
-<h4>Level 4 heading</h4>
-<h5>Level 5 heading</h5>
+<h1>Level 1 heading</h1>
+<h2>Level 2 heading</h2>
+<h3>Level 3 heading</h3>
+<h4>Level 4 heading</h4>
+<h5>Level 5 heading</h5>
<h6>Level 6 heading</h6> \ No newline at end of file
diff --git a/mod/developers/views/default/theme_preview/typography/misc.php b/mod/developers/views/default/theme_preview/typography/misc.php
index 93a279c..0b9fd9d 100644
--- a/mod/developers/views/default/theme_preview/typography/misc.php
+++ b/mod/developers/views/default/theme_preview/typography/misc.php
@@ -1,16 +1,16 @@
-<ul>
- <li>I am <a href="?abc123">the a tag</a> example</li>
- <li>I am <abbr title="test">the abbr tag</abbr> example</li>
- <li>I am <acronym>the acronym tag</acronym> example</li>
- <li>I am <b>the b tag</b> example</li>
- <li>I am <code>the code tag</code> example</li>
- <li>I am <del>the del tag</del> example</li>
- <li>I am <em>the em tag</em> example</li>
- <li>I am <i>the i tag</i> example</li>
- <li>I am <strong>the strong tag</strong> example</li>
-</ul>
-<blockquote><p>Paragraph inside Blockquote: <?php echo $ipsum; ?></p></blockquote>
-<pre>
- <strong>Preformated:</strong>Testing one row
- and another
-</pre>
+<ul>
+ <li>I am <a href="?abc123">the a tag</a> example</li>
+ <li>I am <abbr title="test">the abbr tag</abbr> example</li>
+ <li>I am <acronym>the acronym tag</acronym> example</li>
+ <li>I am <b>the b tag</b> example</li>
+ <li>I am <code>the code tag</code> example</li>
+ <li>I am <del>the del tag</del> example</li>
+ <li>I am <em>the em tag</em> example</li>
+ <li>I am <i>the i tag</i> example</li>
+ <li>I am <strong>the strong tag</strong> example</li>
+</ul>
+<blockquote><p>Paragraph inside Blockquote: <?php echo $ipsum; ?></p></blockquote>
+<pre>
+ <strong>Preformated:</strong>Testing one row
+ and another
+</pre>
diff --git a/mod/developers/views/default/theme_preview/typography/paragraph.php b/mod/developers/views/default/theme_preview/typography/paragraph.php
index 54d548f..a3a7b2c 100644
--- a/mod/developers/views/default/theme_preview/typography/paragraph.php
+++ b/mod/developers/views/default/theme_preview/typography/paragraph.php
@@ -1,19 +1,19 @@
-<p>Lorem ipsum dolor sit amet, <a href="#" title="test link">test link</a>
-adipiscing elit. Nullam dignissim convallis est. Quisque aliquam. Donec
-faucibus. Nunc iaculis suscipit dui. Nam sit amet sem. Aliquam libero
-nisi, imperdiet at, tincidunt nec, gravida vehicula, nisl. Praesent
-mattis, massa quis luctus <strong>strong</strong>, turpis mi volutpat justo, eu
-volutpat enim diam eget metus. Maecenas ornare tortor. Donec sed tellus
-eget sapien fringilla nonummy. Mauris a ante. Suspendisse quam sem,
-consequat at, commodo vitae, feugiat in, nunc. Morbi imperdiet augue
-quis tellus.</p>
-
-<p>Lorem ipsum dolor sit amet, <em>emphasis</em> consectetuer
-adipiscing elit. Nullam dignissim convallis est. Quisque aliquam. Donec
-faucibus. Nunc iaculis suscipit dui. Nam sit amet sem. Aliquam libero
-nisi, imperdiet at, tincidunt nec, gravida vehicula, nisl. Praesent
-mattis, massa quis luctus fermentum, turpis mi volutpat justo, eu
-volutpat enim diam eget metus. Maecenas ornare tortor. Donec sed tellus
-eget sapien fringilla nonummy. Mauris a ante. Suspendisse quam sem,
-consequat at, commodo vitae, feugiat in, nunc. Morbi imperdiet augue
+<p>Lorem ipsum dolor sit amet, <a href="#" title="test link">test link</a>
+adipiscing elit. Nullam dignissim convallis est. Quisque aliquam. Donec
+faucibus. Nunc iaculis suscipit dui. Nam sit amet sem. Aliquam libero
+nisi, imperdiet at, tincidunt nec, gravida vehicula, nisl. Praesent
+mattis, massa quis luctus <strong>strong</strong>, turpis mi volutpat justo, eu
+volutpat enim diam eget metus. Maecenas ornare tortor. Donec sed tellus
+eget sapien fringilla nonummy. Mauris a ante. Suspendisse quam sem,
+consequat at, commodo vitae, feugiat in, nunc. Morbi imperdiet augue
+quis tellus.</p>
+
+<p>Lorem ipsum dolor sit amet, <em>emphasis</em> consectetuer
+adipiscing elit. Nullam dignissim convallis est. Quisque aliquam. Donec
+faucibus. Nunc iaculis suscipit dui. Nam sit amet sem. Aliquam libero
+nisi, imperdiet at, tincidunt nec, gravida vehicula, nisl. Praesent
+mattis, massa quis luctus fermentum, turpis mi volutpat justo, eu
+volutpat enim diam eget metus. Maecenas ornare tortor. Donec sed tellus
+eget sapien fringilla nonummy. Mauris a ante. Suspendisse quam sem,
+consequat at, commodo vitae, feugiat in, nunc. Morbi imperdiet augue
quis tellus.</p> \ No newline at end of file
diff --git a/mod/embed/start.php b/mod/embed/start.php
index e8a3f8c..1da35aa 100644
--- a/mod/embed/start.php
+++ b/mod/embed/start.php
@@ -13,14 +13,19 @@ elgg_register_event_handler('init', 'system', 'embed_init');
*/
function embed_init() {
elgg_extend_view('css/elgg', 'embed/css');
-
- elgg_register_plugin_hook_handler('register', 'menu:longtext', 'embed_longtext_menu');
+ elgg_extend_view('css/admin', 'embed/css');
+
+ if (elgg_is_logged_in()) {
+ elgg_register_plugin_hook_handler('register', 'menu:longtext', 'embed_longtext_menu');
+ }
elgg_register_plugin_hook_handler('register', 'menu:embed', 'embed_select_tab', 1000);
// Page handler for the modal media embed
elgg_register_page_handler('embed', 'embed_page_handler');
- elgg_register_js('elgg.embed', 'js/embed/embed.js', 'footer');
+ $embed_js = elgg_get_simplecache_url('js', 'embed/embed');
+ elgg_register_simplecache_view('js/embed/embed');
+ elgg_register_js('elgg.embed', $embed_js, 'footer');
}
/**
@@ -39,10 +44,12 @@ function embed_longtext_menu($hook, $type, $items, $vars) {
}
$url = 'embed';
- if (elgg_get_page_owner_guid()) {
- $url = 'embed?container_guid=' . elgg_get_page_owner_guid();
+
+ $page_owner = elgg_get_page_owner_entity();
+ if (elgg_instanceof($page_owner, 'group') && $page_owner->isMember()) {
+ $url = 'embed?container_guid=' . $page_owner->getGUID();
}
-
+
$items[] = ElggMenuItem::factory(array(
'name' => 'embed',
'href' => $url,
@@ -95,7 +102,12 @@ function embed_page_handler($page) {
$container_guid = (int)get_input('container_guid');
if ($container_guid) {
- elgg_set_page_owner_guid($container_guid);
+ $container = get_entity($container_guid);
+
+ if (elgg_instanceof($container, 'group') && $container->isMember()) {
+ // embedding inside a group so save file to group files
+ elgg_set_page_owner_guid($container_guid);
+ }
}
echo elgg_view('embed/layout');
diff --git a/mod/embed/views/default/js/embed/embed.php b/mod/embed/views/default/js/embed/embed.php
index eb6153a..e84427f 100644
--- a/mod/embed/views/default/js/embed/embed.php
+++ b/mod/embed/views/default/js/embed/embed.php
@@ -1,3 +1,4 @@
+//<script>
elgg.provide('elgg.embed');
elgg.embed.init = function() {
@@ -90,6 +91,18 @@ elgg.embed.submit = function(event) {
$('.embed-wrapper .elgg-form-file-upload').show();
}
}
+
+ // ie 7 and 8 have a null response because of the use of an iFrame
+ // so just show the list after upload.
+ // http://jquery.malsup.com/form/#file-upload claims you can wrap JSON
+ // in a textarea, but a quick test didn't work, and that is fairly
+ // intrusive to the rest of the ajax system.
+ else if (response === undefined && $.browser.msie) {
+ var forward = $('input[name=embed_forward]').val();
+ var url = elgg.normalize_url('embed/tab/' + forward);
+ url = elgg.embed.addContainerGUID(url);
+ $('.embed-wrapper').parent().load(url);
+ }
},
error : function(xhr, status) {
// @todo nothing for now
diff --git a/mod/externalpages/start.php b/mod/externalpages/start.php
index 74da7f8..f0ffa6b 100644
--- a/mod/externalpages/start.php
+++ b/mod/externalpages/start.php
@@ -12,7 +12,7 @@ function expages_init() {
elgg_register_page_handler('terms', 'expages_page_handler');
elgg_register_page_handler('privacy', 'expages_page_handler');
elgg_register_page_handler('expages', 'expages_page_handler');
-
+
// Register public external pages
elgg_register_plugin_hook_handler('public_pages', 'walled_garden', 'expages_public');
@@ -65,7 +65,7 @@ function expages_page_handler($page, $handler) {
$type = strtolower($handler);
$title = elgg_echo("expages:$type");
- $content = elgg_view_title($title);
+ $header = elgg_view_title($title);
$object = elgg_get_entities(array(
'type' => 'object',
@@ -80,11 +80,11 @@ function expages_page_handler($page, $handler) {
$content = elgg_view('expages/wrapper', array('content' => $content));
if (elgg_is_logged_in() || !elgg_get_config('walled_garden')) {
- $body = elgg_view_layout('one_sidebar', array('content' => $content));
+ $body = elgg_view_layout('one_sidebar', array('title' => $title, 'content' => $content));
echo elgg_view_page($title, $body);
} else {
elgg_load_css('elgg.walled_garden');
- $body = elgg_view_layout('walled_garden', array('content' => $content));
+ $body = elgg_view_layout('walled_garden', array('content' => $header . $content));
echo elgg_view_page($title, $body, 'walled_garden');
}
return true;
diff --git a/mod/file/actions/file/upload.php b/mod/file/actions/file/upload.php
index d6dce25..e20c407 100644
--- a/mod/file/actions/file/upload.php
+++ b/mod/file/actions/file/upload.php
@@ -71,9 +71,7 @@ $file->title = $title;
$file->description = $desc;
$file->access_id = $access_id;
$file->container_guid = $container_guid;
-
-$tags = explode(",", $tags);
-$file->tags = $tags;
+$file->tags = string_to_tag_array($tags);
// we have a file upload, so process it
if (isset($_FILES['upload']['name']) && !empty($_FILES['upload']['name'])) {
@@ -167,6 +165,23 @@ if (isset($_FILES['upload']['name']) && !empty($_FILES['upload']['name'])) {
$file->largethumb = $prefix."largethumb".$filestorename;
unset($thumblarge);
}
+ } elseif ($file->icontime) {
+ // if it is not an image, we do not need thumbnails
+ unset($file->icontime);
+
+ $thumb = new ElggFile();
+
+ $thumb->setFilename($prefix . "thumb" . $filestorename);
+ $thumb->delete();
+ unset($file->thumbnail);
+
+ $thumb->setFilename($prefix . "smallthumb" . $filestorename);
+ $thumb->delete();
+ unset($file->smallthumb);
+
+ $thumb->setFilename($prefix . "largethumb" . $filestorename);
+ $thumb->delete();
+ unset($file->largethumb);
}
} else {
// not saving a file but still need to save the entity to push attributes to database
@@ -204,4 +219,4 @@ if ($new_file) {
}
forward($file->getURL());
-}
+}
diff --git a/mod/file/pages/file/friends.php b/mod/file/pages/file/friends.php
index f504bdc..d55c1e6 100644
--- a/mod/file/pages/file/friends.php
+++ b/mod/file/pages/file/friends.php
@@ -7,7 +7,7 @@
$owner = elgg_get_page_owner_entity();
if (!$owner) {
- forward('file/all');
+ forward('', '404');
}
elgg_push_breadcrumb(elgg_echo('file'), "file/all");
diff --git a/mod/file/pages/file/owner.php b/mod/file/pages/file/owner.php
index fb87af1..99cf627 100644
--- a/mod/file/pages/file/owner.php
+++ b/mod/file/pages/file/owner.php
@@ -10,7 +10,7 @@ group_gatekeeper();
$owner = elgg_get_page_owner_entity();
if (!$owner) {
- forward('file/all');
+ forward('', '404');
}
elgg_push_breadcrumb(elgg_echo('file'), "file/all");
@@ -36,10 +36,9 @@ $title = elgg_echo("file:user", array($owner->name));
// List files
$content = elgg_list_entities(array(
- 'types' => 'object',
- 'subtypes' => 'file',
+ 'type' => 'object',
+ 'subtype' => 'file',
'container_guid' => $owner->guid,
- 'limit' => 10,
'full_view' => FALSE,
));
if (!$content) {
diff --git a/mod/file/pages/file/search.php b/mod/file/pages/file/search.php
index 402a289..d60dfb7 100644
--- a/mod/file/pages/file/search.php
+++ b/mod/file/pages/file/search.php
@@ -74,8 +74,8 @@ if ($listtype == "gallery") {
}
$params = array(
- 'types' => 'object',
- 'subtypes' => 'file',
+ 'type' => 'object',
+ 'subtype' => 'file',
'container_guid' => $page_owner_guid,
'limit' => $limit,
'full_view' => false,
diff --git a/mod/file/pages/file/world.php b/mod/file/pages/file/world.php
index 770dfd6..96c8de7 100644
--- a/mod/file/pages/file/world.php
+++ b/mod/file/pages/file/world.php
@@ -9,14 +9,11 @@ elgg_push_breadcrumb(elgg_echo('file'));
elgg_register_title_button();
-$limit = get_input("limit", 10);
-
$title = elgg_echo('file:all');
$content = elgg_list_entities(array(
- 'types' => 'object',
- 'subtypes' => 'file',
- 'limit' => $limit,
+ 'type' => 'object',
+ 'subtype' => 'file',
'full_view' => FALSE
));
if (!$content) {
diff --git a/mod/groups/actions/groups/edit.php b/mod/groups/actions/groups/edit.php
index d0689be..f19b905 100644
--- a/mod/groups/actions/groups/edit.php
+++ b/mod/groups/actions/groups/edit.php
@@ -54,6 +54,20 @@ if ($group_guid && !$group->canEdit()) {
// Assume we can edit or this is a new group
if (sizeof($input) > 0) {
foreach($input as $shortname => $value) {
+ // update access collection name if group name changes
+ if (!$is_new_group && $shortname == 'name' && $value != $group->name) {
+ $group_name = html_entity_decode($value, ENT_QUOTES, 'UTF-8');
+ $ac_name = sanitize_string(elgg_echo('groups:group') . ": " . $group_name);
+ $acl = get_access_collection($group->group_acl);
+ if ($acl) {
+ // @todo Elgg api does not support updating access collection name
+ $db_prefix = elgg_get_config('dbprefix');
+ $query = "UPDATE {$db_prefix}access_collections SET name = '$ac_name'
+ WHERE id = $group->group_acl";
+ update_data($query);
+ }
+ }
+
$group->$shortname = $value;
}
}
@@ -92,7 +106,21 @@ if (!$is_new_group && $new_owner_guid && $new_owner_guid != $old_owner_guid) {
// verify new owner is member and old owner/admin is logged in
if (is_group_member($group_guid, $new_owner_guid) && ($old_owner_guid == $user->guid || $user->isAdmin())) {
$group->owner_guid = $new_owner_guid;
-
+ $group->container_guid = $new_owner_guid;
+
+ $metadata = elgg_get_metadata(array(
+ 'guid' => $group_guid,
+ 'limit' => false,
+ ));
+ if ($metadata) {
+ foreach ($metadata as $md) {
+ if ($md->owner_guid == $old_owner_guid) {
+ $md->owner_guid = $new_owner_guid;
+ $md->save();
+ }
+ }
+ }
+
// @todo Remove this when #4683 fixed
$owner_has_changed = true;
$old_icontime = $group->icontime;
diff --git a/mod/groups/actions/groups/membership/invite.php b/mod/groups/actions/groups/membership/invite.php
index db90ecf..a96165b 100644
--- a/mod/groups/actions/groups/membership/invite.php
+++ b/mod/groups/actions/groups/membership/invite.php
@@ -7,43 +7,48 @@
$logged_in_user = elgg_get_logged_in_user_entity();
-$user_guid = get_input('user_guid');
-if (!is_array($user_guid)) {
- $user_guid = array($user_guid);
+$user_guids = get_input('user_guid');
+if (!is_array($user_guids)) {
+ $user_guids = array($user_guids);
}
$group_guid = get_input('group_guid');
+$group = get_entity($group_guid);
-if (sizeof($user_guid)) {
- foreach ($user_guid as $u_id) {
- $user = get_entity($u_id);
- $group = get_entity($group_guid);
-
- if ($user && $group && ($group instanceof ElggGroup) && $group->canEdit()) {
-
- if (!check_entity_relationship($group->guid, 'invited', $user->guid)) {
-
- // Create relationship
- add_entity_relationship($group->guid, 'invited', $user->guid);
-
- // Send email
- $url = elgg_normalize_url("groups/invitations/$user->username");
- $result = notify_user($user->getGUID(), $group->owner_guid,
- elgg_echo('groups:invite:subject', array($user->name, $group->name)),
- elgg_echo('groups:invite:body', array(
- $user->name,
- $logged_in_user->name,
- $group->name,
- $url,
- )),
- NULL);
- if ($result) {
- system_message(elgg_echo("groups:userinvited"));
- } else {
- register_error(elgg_echo("groups:usernotinvited"));
- }
- } else {
- register_error(elgg_echo("groups:useralreadyinvited"));
- }
+if (count($user_guids) > 0 && elgg_instanceof($group, 'group') && $group->canEdit()) {
+ foreach ($user_guids as $guid) {
+ $user = get_user($guid);
+ if (!$user) {
+ continue;
+ }
+
+ if (check_entity_relationship($group->guid, 'invited', $user->guid)) {
+ register_error(elgg_echo("groups:useralreadyinvited"));
+ continue;
+ }
+
+ if (check_entity_relationship($user->guid, 'member', $group->guid)) {
+ // @todo add error message
+ continue;
+ }
+
+ // Create relationship
+ add_entity_relationship($group->guid, 'invited', $user->guid);
+
+ // Send notification
+ $url = elgg_normalize_url("groups/invitations/$user->username");
+ $result = notify_user($user->getGUID(), $group->owner_guid,
+ elgg_echo('groups:invite:subject', array($user->name, $group->name)),
+ elgg_echo('groups:invite:body', array(
+ $user->name,
+ $logged_in_user->name,
+ $group->name,
+ $url,
+ )),
+ NULL);
+ if ($result) {
+ system_message(elgg_echo("groups:userinvited"));
+ } else {
+ register_error(elgg_echo("groups:usernotinvited"));
}
}
}
diff --git a/mod/groups/lib/discussion.php b/mod/groups/lib/discussion.php
index ab2fe48..874e21b 100644
--- a/mod/groups/lib/discussion.php
+++ b/mod/groups/lib/discussion.php
@@ -39,9 +39,8 @@ function discussion_handle_list_page($guid) {
elgg_set_page_owner_guid($guid);
$group = get_entity($guid);
- if (!$group) {
- register_error(elgg_echo('group:notfound'));
- forward();
+ if (!elgg_instanceof($group, 'group')) {
+ forward('', '404');
}
elgg_push_breadcrumb($group->name);
diff --git a/mod/groups/lib/groups.php b/mod/groups/lib/groups.php
index d8d0f56..d5bec18 100644
--- a/mod/groups/lib/groups.php
+++ b/mod/groups/lib/groups.php
@@ -55,7 +55,7 @@ function groups_handle_all_page() {
}
$filter = elgg_view('groups/group_sort_menu', array('selected' => $selected_tab));
-
+
$sidebar = elgg_view('groups/sidebar/find');
$sidebar .= elgg_view('groups/sidebar/featured');
@@ -73,13 +73,14 @@ function groups_search_page() {
elgg_push_breadcrumb(elgg_echo('search'));
$tag = get_input("tag");
- $title = elgg_echo('groups:search:title', array($tag));
+ $display_query = _elgg_get_display_query($tag);
+ $title = elgg_echo('groups:search:title', array($display_query));
// groups plugin saves tags as "interests" - see groups_fields_setup() in start.php
$params = array(
'metadata_name' => 'interests',
'metadata_value' => $tag,
- 'types' => 'group',
+ 'type' => 'group',
'full_view' => FALSE,
);
$content = elgg_list_entities_from_metadata($params);
@@ -115,7 +116,9 @@ function groups_handle_owned_page() {
}
elgg_push_breadcrumb($title);
- elgg_register_title_button();
+ if (elgg_get_plugin_setting('limited_groups', 'groups') != 'yes' || elgg_is_admin_logged_in()) {
+ elgg_register_title_button();
+ }
$content = elgg_list_entities(array(
'type' => 'group',
@@ -150,7 +153,9 @@ function groups_handle_mine_page() {
}
elgg_push_breadcrumb($title);
- elgg_register_title_button();
+ if (elgg_get_plugin_setting('limited_groups', 'groups') != 'yes' || elgg_is_admin_logged_in()) {
+ elgg_register_title_button();
+ }
$content = elgg_list_entities_from_relationship(array(
'type' => 'group',
@@ -181,7 +186,7 @@ function groups_handle_mine_page() {
*/
function groups_handle_edit_page($page, $guid = 0) {
gatekeeper();
-
+
if ($page == 'add') {
elgg_set_page_owner_guid(elgg_get_logged_in_user_guid());
$title = elgg_echo('groups:add');
@@ -204,7 +209,7 @@ function groups_handle_edit_page($page, $guid = 0) {
$content = elgg_echo('groups:noaccess');
}
}
-
+
$params = array(
'content' => $content,
'title' => $title,
@@ -255,8 +260,8 @@ function groups_handle_profile_page($guid) {
elgg_push_context('group_profile');
$group = get_entity($guid);
- if (!$group) {
- forward('groups/all');
+ if (!elgg_instanceof($group, 'group')) {
+ forward('', '404');
}
elgg_push_breadcrumb($group->name);
@@ -266,7 +271,7 @@ function groups_handle_profile_page($guid) {
$content = elgg_view('groups/profile/layout', array('entity' => $group));
$sidebar = '';
- if (group_gatekeeper(false)) {
+ if (group_gatekeeper(false)) {
if (elgg_is_active_plugin('search')) {
$sidebar .= elgg_view('groups/sidebar/search', array('entity' => $group));
}
@@ -275,18 +280,18 @@ function groups_handle_profile_page($guid) {
$subscribed = false;
if (elgg_is_active_plugin('notifications')) {
global $NOTIFICATION_HANDLERS;
-
+
foreach ($NOTIFICATION_HANDLERS as $method => $foo) {
$relationship = check_entity_relationship(elgg_get_logged_in_user_guid(),
'notify' . $method, $guid);
-
+
if ($relationship) {
$subscribed = true;
break;
}
}
}
-
+
$sidebar .= elgg_view('groups/sidebar/my_status', array(
'entity' => $group,
'subscribed' => $subscribed
@@ -334,7 +339,7 @@ function groups_handle_activity_page($guid) {
if (!$content) {
$content = '<p>' . elgg_echo('groups:activity:none') . '</p>';
}
-
+
$params = array(
'content' => $content,
'title' => $title,
@@ -366,12 +371,15 @@ function groups_handle_members_page($guid) {
elgg_push_breadcrumb($group->name, $group->getURL());
elgg_push_breadcrumb(elgg_echo('groups:members'));
+ $db_prefix = elgg_get_config('dbprefix');
$content = elgg_list_entities_from_relationship(array(
'relationship' => 'member',
'relationship_guid' => $group->guid,
'inverse_relationship' => true,
- 'types' => 'user',
+ 'type' => 'user',
'limit' => 20,
+ 'joins' => array("JOIN {$db_prefix}users_entity u ON e.guid=u.guid"),
+ 'order_by' => 'u.name ASC',
));
$params = array(
@@ -424,7 +432,7 @@ function groups_handle_invite_page($guid) {
/**
* Manage requests to join a group
- *
+ *
* @param int $guid Group entity GUID
*/
function groups_handle_requests_page($guid) {
@@ -440,7 +448,7 @@ function groups_handle_requests_page($guid) {
if ($group && $group->canEdit()) {
elgg_push_breadcrumb($group->name, $group->getURL());
elgg_push_breadcrumb($title);
-
+
$requests = elgg_get_entities_from_relationship(array(
'type' => 'user',
'relationship' => 'membership_request',
@@ -561,6 +569,8 @@ function groups_prepare_form_vars($group = null) {
if ($group->access_id != ACCESS_PUBLIC && $group->access_id != ACCESS_LOGGED_IN) {
// group only access - this is done to handle access not created when group is created
$values['vis'] = ACCESS_PRIVATE;
+ } else {
+ $values['vis'] = $group->access_id;
}
$values['entity'] = $group;
diff --git a/mod/groups/start.php b/mod/groups/start.php
index 4e49d9e..6002a53 100644
--- a/mod/groups/start.php
+++ b/mod/groups/start.php
@@ -142,13 +142,17 @@ function groups_setup_sidebar_menus() {
$page_owner = elgg_get_page_owner_entity();
if (elgg_in_context('group_profile')) {
+ if (!elgg_instanceof($page_owner, 'group')) {
+ forward('', '404');
+ }
+
if (elgg_is_logged_in() && $page_owner->canEdit() && !$page_owner->isPublicMembership()) {
$url = elgg_get_site_url() . "groups/requests/{$page_owner->getGUID()}";
$count = elgg_get_entities_from_relationship(array(
'type' => 'user',
'relationship' => 'membership_request',
- 'relationship_guid' => $guid,
+ 'relationship_guid' => $page_owner->getGUID(),
'inverse_relationship' => true,
'count' => true,
));
@@ -572,7 +576,7 @@ function groups_write_acl_plugin_hook($hook, $entity_type, $returnvalue, $params
'relationship' => 'member',
'relationship_guid' => $user_guid,
'inverse_relationship' => FALSE,
- 'limit' => 999
+ 'limit' => false
));
if ($groups) {
@@ -1013,7 +1017,7 @@ function discussion_reply_notifications($event, $type, $annotation) {
'relationship' => 'notify' . $method,
'relationship_guid' => $topic->getContainerGUID(),
'inverse_relationship' => true,
- 'types' => 'user',
+ 'type' => 'user',
'limit' => 0,
));
diff --git a/mod/groups/views/default/forms/groups/edit.php b/mod/groups/views/default/forms/groups/edit.php
index 41d97e6..e2dc545 100644
--- a/mod/groups/views/default/forms/groups/edit.php
+++ b/mod/groups/views/default/forms/groups/edit.php
@@ -91,9 +91,18 @@ if (isset($vars['entity'])) {
}
if ($entity && ($owner_guid == elgg_get_logged_in_user_guid() || elgg_is_admin_logged_in())) {
- $owner_guid = $vars['entity']->owner_guid;
$members = array();
- foreach ($vars['entity']->getMembers(0) as $member) {
+
+ $options = array(
+ 'relationship' => 'member',
+ 'relationship_guid' => $vars['entity']->getGUID(),
+ 'inverse_relationship' => true,
+ 'type' => 'user',
+ 'limit' => 0,
+ );
+
+ $batch = new ElggBatch('elgg_get_entities_from_relationship', $options);
+ foreach ($batch as $member) {
$members[$member->guid] = "$member->name (@$member->username)";
}
?>
diff --git a/mod/groups/views/default/groups/css.php b/mod/groups/views/default/groups/css.php
index 6f710dd..32dd2b7 100644
--- a/mod/groups/views/default/groups/css.php
+++ b/mod/groups/views/default/groups/css.php
@@ -9,10 +9,6 @@
.groups-profile > .elgg-image {
margin-right: 10px;
}
-.groups-profile img {
- width: 100%;
- height: auto;
-}
.groups-stats {
background: #eeeeee;
padding: 5px;
diff --git a/mod/groups/views/default/groups/profile/summary.php b/mod/groups/views/default/groups/profile/summary.php
index f1221f1..3f74968 100644
--- a/mod/groups/views/default/groups/profile/summary.php
+++ b/mod/groups/views/default/groups/profile/summary.php
@@ -25,7 +25,14 @@ if (!$owner) {
<div class="groups-profile clearfix elgg-image-block">
<div class="elgg-image">
<div class="groups-profile-icon">
- <?php echo elgg_view_entity_icon($group, 'large', array('href' => '')); ?>
+ <?php
+ // we don't force icons to be square so don't set width/height
+ echo elgg_view_entity_icon($group, 'large', array(
+ 'href' => '',
+ 'width' => '',
+ 'height' => '',
+ ));
+ ?>
</div>
<div class="groups-stats">
<p>
diff --git a/mod/groups/views/default/groups/sidebar/featured.php b/mod/groups/views/default/groups/sidebar/featured.php
index 8bd51ab..f3f8f8d 100644
--- a/mod/groups/views/default/groups/sidebar/featured.php
+++ b/mod/groups/views/default/groups/sidebar/featured.php
@@ -8,7 +8,7 @@
$featured_groups = elgg_get_entities_from_metadata(array(
'metadata_name' => 'featured_group',
'metadata_value' => 'yes',
- 'types' => 'group',
+ 'type' => 'group',
'limit' => 10,
));
diff --git a/mod/groups/views/default/groups/sidebar/members.php b/mod/groups/views/default/groups/sidebar/members.php
index 11273d0..1199a0c 100644
--- a/mod/groups/views/default/groups/sidebar/members.php
+++ b/mod/groups/views/default/groups/sidebar/members.php
@@ -20,7 +20,7 @@ $body = elgg_list_entities_from_relationship(array(
'relationship' => 'member',
'relationship_guid' => $vars['entity']->guid,
'inverse_relationship' => true,
- 'types' => 'user',
+ 'type' => 'user',
'limit' => $limit,
'list_type' => 'gallery',
'gallery_class' => 'elgg-gallery-users',
diff --git a/mod/groups/views/default/groups/sidebar/my_status.php b/mod/groups/views/default/groups/sidebar/my_status.php
index 4c36c02..1e4e84b 100644
--- a/mod/groups/views/default/groups/sidebar/my_status.php
+++ b/mod/groups/views/default/groups/sidebar/my_status.php
@@ -14,7 +14,7 @@ $subscribed = elgg_extract('subscribed', $vars);
if (!elgg_is_logged_in()) {
return true;
}
-$t = new ElggMenuItem();
+
// membership status
$is_member = $group->isMember($user);
$is_owner = $group->getOwnerEntity() == $user;
@@ -41,7 +41,7 @@ if ($is_owner) {
}
// notification info
-if (elgg_is_active_plugin('notifications')) {
+if (elgg_is_active_plugin('notifications') && $is_member) {
if ($subscribed) {
elgg_register_menu_item('groups:my_status', array(
'name' => 'subscription_status',
diff --git a/mod/groups/views/default/object/groupforumtopic.php b/mod/groups/views/default/object/groupforumtopic.php
index 34e0ee3..e6988d1 100644
--- a/mod/groups/views/default/object/groupforumtopic.php
+++ b/mod/groups/views/default/object/groupforumtopic.php
@@ -73,7 +73,10 @@ if ($full) {
$info = elgg_view_image_block($poster_icon, $list_body);
- $body = elgg_view('output/longtext', array('value' => $topic->description));
+ $body = elgg_view('output/longtext', array(
+ 'value' => $topic->description,
+ 'class' => 'clearfix',
+ ));
echo <<<HTML
$info
diff --git a/mod/htmlawed/start.php b/mod/htmlawed/start.php
index 12b6470..25a70a4 100644
--- a/mod/htmlawed/start.php
+++ b/mod/htmlawed/start.php
@@ -156,10 +156,8 @@ function htmlawed_tag_post_processor($element, $attributes = false) {
* Runs unit tests for htmlawed
*
* @return array
- * */
+ */
function htmlawed_test($hook, $type, $value, $params) {
- global $CONFIG;
-
$value[] = dirname(__FILE__) . '/tests/tags.php';
return $value;
}
diff --git a/mod/htmlawed/tests/tags.php b/mod/htmlawed/tests/tags.php
index b3914a9..05fe829 100644
--- a/mod/htmlawed/tests/tags.php
+++ b/mod/htmlawed/tests/tags.php
@@ -1,45 +1,47 @@
<?php
+
/**
* Dupplicated tags in htmlawed
*/
class HtmLawedDuplicateTagsTest extends ElggCoreUnitTest {
- /**
- * Called before each test object.
- */
- public function __construct() {
- parent::__construct();
- }
-
- /**
- * Called before each test method.
- */
- public function setUp() {
- }
-
- /**
- * Called after each test method.
- */
- public function tearDown() {
- // do not allow SimpleTest to interpret Elgg notices as exceptions
- $this->swallowErrors();
- }
-
- /**
- * Called after each test object.
- */
- public function __destruct() {
- elgg_set_ignore_access($this->ia);
- // all __destruct() code should go above here
- parent::__destruct();
- }
-
- public function testNotDuplicateTags() {
- $filter_html = '<ul><li>item</li></ul>';
- set_input('test', $filter_html);
-
- $expected = $filter_html;
- $result = get_input('test');
- $this->assertEqual($result, $expected);
- }
+ /**
+ * Called before each test object.
+ */
+ public function __construct() {
+ parent::__construct();
+ }
+
+ /**
+ * Called before each test method.
+ */
+ public function setUp() {
+
+ }
+
+ /**
+ * Called after each test method.
+ */
+ public function tearDown() {
+ // do not allow SimpleTest to interpret Elgg notices as exceptions
+ $this->swallowErrors();
+ }
+
+ /**
+ * Called after each test object.
+ */
+ public function __destruct() {
+ // all __destruct() code should go above here
+ parent::__destruct();
+ }
+
+ public function testNotDuplicateTags() {
+ $filter_html = '<ul><li>item</li></ul>';
+ set_input('test', $filter_html);
+
+ $expected = $filter_html;
+ $result = get_input('test');
+ $this->assertEqual($result, $expected);
+ }
+
} \ No newline at end of file
diff --git a/mod/htmlawed/vendors/htmLawed/htmLawed.php b/mod/htmlawed/vendors/htmLawed/htmLawed.php
index 0d96249..63f8c41 100755
--- a/mod/htmlawed/vendors/htmLawed/htmLawed.php
+++ b/mod/htmlawed/vendors/htmLawed/htmLawed.php
@@ -1,9 +1,9 @@
<?php
/*
-htmLawed 1.1.11, 5 June 2012
+htmLawed 1.1.16, 29 August 2013
Copyright Santosh Patnaik
-Dual licensed with LGPL 3 and GPL 2 or later
+Dual licensed with LGPL 3 and GPL 2+
A PHP Labware internal utility; www.bioinformatics.org/phplabware/internal_utilities/htmLawed
See htmLawed_README.txt/htm
@@ -194,7 +194,10 @@ for($i=-1, $ci=count($t); ++$i<$ci;){
echo '&lt;', $s, $e, $a, '&gt;';
}
if(isset($x[0])){
- if($do < 3 or isset($ok['#pcdata'])){echo $x;}
+ if(strlen(trim($x)) && (($ql && isset($cB[$p])) or (isset($cB[$in]) && !$ql))){
+ echo '<div>', $x, '</div>';
+ }
+ elseif($do < 3 or isset($ok['#pcdata'])){echo $x;}
elseif(strpos($x, "\x02\x04")){
foreach(preg_split('`(\x01\x02[^\x01\x02]+\x02\x01)`', $x, -1, PREG_SPLIT_DELIM_CAPTURE | PREG_SPLIT_NO_EMPTY) as $v){
echo (substr($v, 0, 2) == "\x01\x02" ? $v : ($do > 4 ? preg_replace('`\S`', '', $v) : ''));
@@ -202,7 +205,7 @@ for($i=-1, $ci=count($t); ++$i<$ci;){
}elseif($do > 4){echo preg_replace('`\S`', '', $x);}
}
// get markup
- if(!preg_match('`^(/?)([a-zA-Z1-6]+)([^>]*)>(.*)`sm', $t[$i], $r)){$x = $t[$i]; continue;}
+ if(!preg_match('`^(/?)([a-z1-6]+)([^>]*)>(.*)`sm', $t[$i], $r)){$x = $t[$i]; continue;}
$s = null; $e = null; $a = null; $x = null; list($all, $s, $e, $a, $x) = $r;
// close tag
if($s){
@@ -333,7 +336,7 @@ $c = isset($C['schemes'][$c]) ? $C['schemes'][$c] : $C['schemes']['*'];
static $d = 'denied:';
if(isset($c['!']) && substr($p, 0, 7) != $d){$p = "$d$p";}
if(isset($c['*']) or !strcspn($p, '#?;') or (substr($p, 0, 7) == $d)){return "{$b}{$p}{$a}";} // All ok, frag, query, param
-if(preg_match('`^([a-z\d\-+.&#; ]+?)(:|&#(58|x3a);|%3a|\\\\0{0,4}3a).`i', $p, $m) && !isset($c[strtolower($m[1])])){ // Denied prot
+if(preg_match('`^([^:?[@!$()*,=/\'\]]+?)(:|&#(58|x3a);|%3a|\\\\0{0,4}3a).`i', $p, $m) && !isset($c[strtolower($m[1])])){ // Denied prot
return "{$b}{$d}{$p}{$a}";
}
if($C['abs_url']){
@@ -488,7 +491,7 @@ global $S;
$rl = isset($S[$e]) ? $S[$e] : array();
$a = array(); $nfr = 0;
foreach($aA as $k=>$v){
- if(((isset($C['deny_attribute']['*']) ? isset($C['deny_attribute'][$k]) : !isset($C['deny_attribute'][$k])) or isset($rl[$k])) && ((!isset($rl['n'][$k]) && !isset($rl['n']['*'])) or isset($rl[$k])) && (isset($aN[$k][$e]) or (isset($aNU[$k]) && !isset($aNU[$k][$e])))){
+ if(((isset($C['deny_attribute']['*']) ? isset($C['deny_attribute'][$k]) : !isset($C['deny_attribute'][$k])) && (isset($aN[$k][$e]) or (isset($aNU[$k]) && !isset($aNU[$k][$e]))) && !isset($rl['n'][$k]) && !isset($rl['n']['*'])) or isset($rl[$k])){
if(isset($aNE[$k])){$v = $k;}
elseif(!empty($lcase) && (($e != 'button' or $e != 'input') or $k == 'type')){ // Rather loose but ?not cause issues
$v = (isset($aNL[($v2 = strtolower($v))])) ? $v2 : $v;
@@ -622,7 +625,7 @@ if($e == 'u'){$e = 'span'; return 'text-decoration: underline;';}
static $fs = array('0'=>'xx-small', '1'=>'xx-small', '2'=>'small', '3'=>'medium', '4'=>'large', '5'=>'x-large', '6'=>'xx-large', '7'=>'300%', '-1'=>'smaller', '-2'=>'60%', '+1'=>'larger', '+2'=>'150%', '+3'=>'200%', '+4'=>'300%');
if($e == 'font'){
$a2 = '';
- if(preg_match('`face\s*=\s*(\'|")([^=]+?)\\1`i', $a, $m) or preg_match('`face\s*=\s*([^"])(\S+)`i', $a, $m)){
+ if(preg_match('`face\s*=\s*(\'|")([^=]+?)\\1`i', $a, $m) or preg_match('`face\s*=(\s*)(\S+)`i', $a, $m)){
$a2 .= ' font-family: '. str_replace('"', '\'', trim($m[2])). ';';
}
if(preg_match('`color\s*=\s*(\'|")?(.+?)(\\1|\s|$)`i', $a, $m)){
@@ -641,41 +644,50 @@ return '';
function hl_tidy($t, $w, $p){
// Tidy/compact HTM
if(strpos(' pre,script,textarea', "$p,")){return $t;}
-$t = str_replace(' </', '</', preg_replace(array('`(<\w[^>]*(?<!/)>)\s+`', '`\s+`', '`(<\w[^>]*(?<!/)>) `'), array(' $1', ' ', '$1'), preg_replace_callback(array('`(<(!\[CDATA\[))(.+?)(\]\]>)`sm', '`(<(!--))(.+?)(-->)`sm', '`(<(pre|script|textarea)[^>]*?>)(.+?)(</\2>)`sm'), create_function('$m', 'return $m[1]. str_replace(array("<", ">", "\n", "\r", "\t", " "), array("\x01", "\x02", "\x03", "\x04", "\x05", "\x07"), $m[3]). $m[4];'), $t)));
+$t = preg_replace('`\s+`', ' ', preg_replace_callback(array('`(<(!\[CDATA\[))(.+?)(\]\]>)`sm', '`(<(!--))(.+?)(-->)`sm', '`(<(pre|script|textarea)[^>]*?>)(.+?)(</\2>)`sm'), create_function('$m', 'return $m[1]. str_replace(array("<", ">", "\n", "\r", "\t", " "), array("\x01", "\x02", "\x03", "\x04", "\x05", "\x07"), $m[3]). $m[4];'), $t));
if(($w = strtolower($w)) == -1){
return str_replace(array("\x01", "\x02", "\x03", "\x04", "\x05", "\x07"), array('<', '>', "\n", "\r", "\t", ' '), $t);
}
$s = strpos(" $w", 't') ? "\t" : ' ';
$s = preg_match('`\d`', $w, $m) ? str_repeat($s, $m[0]) : str_repeat($s, ($s == "\t" ? 1 : 2));
-$n = preg_match('`[ts]([1-9])`', $w, $m) ? $m[1] : 0;
+$N = preg_match('`[ts]([1-9])`', $w, $m) ? $m[1] : 0;
$a = array('br'=>1);
-$b = array('button'=>1, 'input'=>1, 'option'=>1);
+$b = array('button'=>1, 'input'=>1, 'option'=>1, 'param'=>1);
$c = array('caption'=>1, 'dd'=>1, 'dt'=>1, 'h1'=>1, 'h2'=>1, 'h3'=>1, 'h4'=>1, 'h5'=>1, 'h6'=>1, 'isindex'=>1, 'label'=>1, 'legend'=>1, 'li'=>1, 'object'=>1, 'p'=>1, 'pre'=>1, 'td'=>1, 'textarea'=>1, 'th'=>1);
-$d = array('address'=>1, 'blockquote'=>1, 'center'=>1, 'colgroup'=>1, 'dir'=>1, 'div'=>1, 'dl'=>1, 'fieldset'=>1, 'form'=>1, 'hr'=>1, 'iframe'=>1, 'map'=>1, 'menu'=>1, 'noscript'=>1, 'ol'=>1, 'optgroup'=>1, 'rbc'=>1, 'rtc'=>1, 'ruby'=>1, 'script'=>1, 'select'=>1, 'table'=>1, 'tfoot'=>1, 'thead'=>1, 'tr'=>1, 'ul'=>1);
-ob_start();
-if(isset($d[$p])){echo str_repeat($s, ++$n);}
-$t = explode('<', $t);
-echo ltrim(array_shift($t));
-for($i=-1, $j=count($t); ++$i<$j;){
- $r = ''; list($e, $r) = explode('>', $t[$i]);
- $x = $e[0] == '/' ? 0 : (substr($e, -1) == '/' ? 1 : ($e[0] != '!' ? 2 : -1));
- $y = !$x ? ltrim($e, '/') : ($x > 0 ? substr($e, 0, strcspn($e, ' ')) : 0);
- $e = "<$e>";
- if(isset($d[$y])){
- if(!$x){echo "\n", str_repeat($s, --$n), "$e\n", str_repeat($s, $n);}
- else{echo "\n", str_repeat($s, $n), "$e\n", str_repeat($s, ($x != 1 ? ++$n : $n));}
- echo ltrim($r); continue;
+$d = array('address'=>1, 'blockquote'=>1, 'center'=>1, 'colgroup'=>1, 'dir'=>1, 'div'=>1, 'dl'=>1, 'fieldset'=>1, 'form'=>1, 'hr'=>1, 'iframe'=>1, 'map'=>1, 'menu'=>1, 'noscript'=>1, 'ol'=>1, 'optgroup'=>1, 'rbc'=>1, 'rtc'=>1, 'ruby'=>1, 'script'=>1, 'select'=>1, 'table'=>1, 'tbody'=>1, 'tfoot'=>1, 'thead'=>1, 'tr'=>1, 'ul'=>1);
+$T = explode('<', $t);
+$X = 1;
+while($X){
+ $n = $N;
+ $t = $T;
+ ob_start();
+ if(isset($d[$p])){echo str_repeat($s, ++$n);}
+ echo ltrim(array_shift($t));
+ for($i=-1, $j=count($t); ++$i<$j;){
+ $r = ''; list($e, $r) = explode('>', $t[$i]);
+ $x = $e[0] == '/' ? 0 : (substr($e, -1) == '/' ? 1 : ($e[0] != '!' ? 2 : -1));
+ $y = !$x ? ltrim($e, '/') : ($x > 0 ? substr($e, 0, strcspn($e, ' ')) : 0);
+ $e = "<$e>";
+ if(isset($d[$y])){
+ if(!$x){
+ if($n){echo "\n", str_repeat($s, --$n), "$e\n", str_repeat($s, $n);}
+ else{++$N; ob_end_clean(); continue 2;}
+ }
+ else{echo "\n", str_repeat($s, $n), "$e\n", str_repeat($s, ($x != 1 ? ++$n : $n));}
+ echo $r; continue;
+ }
+ $f = "\n". str_repeat($s, $n);
+ if(isset($c[$y])){
+ if(!$x){echo $e, $f, $r;}
+ else{echo $f, $e, $r;}
+ }elseif(isset($b[$y])){echo $f, $e, $r;
+ }elseif(isset($a[$y])){echo $e, $f, $r;
+ }elseif(!$y){echo $f, $e, $f, $r;
+ }else{echo $e, $r;}
}
- $f = "\n". str_repeat($s, $n);
- if(isset($c[$y])){
- if(!$x){echo $e, $f, ltrim($r);}
- else{echo $f, $e, $r;}
- }elseif(isset($b[$y])){echo $f, $e, $r;
- }elseif(isset($a[$y])){echo $e, $f, ltrim($r);
- }elseif(!$y){echo $f, $e, $f, ltrim($r);
- }else{echo $e, $r;}
-}
-$t = preg_replace('`[\n]\s*?[\n]+`', "\n", ob_get_contents());
+ $X = 0;
+}
+$t = str_replace(array("\n ", " \n"), "\n", preg_replace('`[\n]\s*?[\n]+`', "\n", ob_get_contents()));
ob_end_clean();
if(($l = strpos(" $w", 'r') ? (strpos(" $w", 'n') ? "\r\n" : "\r") : 0)){
$t = str_replace("\n", $l, $t);
@@ -686,7 +698,7 @@ return str_replace(array("\x01", "\x02", "\x03", "\x04", "\x05", "\x07"), array(
function hl_version(){
// rel
-return '1.1.11';
+return '1.1.16';
// eof
}
diff --git a/mod/htmlawed/vendors/htmLawed/htmLawedTest.php b/mod/htmlawed/vendors/htmLawed/htmLawedTest.php
index 806aa46..3a5b921 100755
--- a/mod/htmlawed/vendors/htmLawed/htmLawedTest.php
+++ b/mod/htmlawed/vendors/htmLawed/htmLawedTest.php
@@ -1,10 +1,10 @@
<?php
/*
-htmLawedTest.php, 22 October 2011
-htmLawed 1.1.11, 5 June 2012
+htmLawedTest.php, 28 May 2013
+htmLawed 1.1.16, 29 August 2013
Copyright Santosh Patnaik
-Dual licensed with LGPL 3 and GPL 2 or later
+Dual licensed with LGPL 3 and GPL 2+
A PHP Labware internal utility - http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed
Test htmLawed; user provides text input; input and processed input are shown as highlighted code and rendered HTML; also shown are execution time and peak memory usage
@@ -22,7 +22,7 @@ $_sid = 'sid'; // session name; alphanum.
$_slife = 30; // session life in min.
// errors
-error_reporting(E_ALL | (defined('E_STRICT') ? E_STRICT : 1));
+error_reporting(E_ALL | (defined('E_STRICT') ? E_STRICT : 0));
ini_set('display_errors', $_errs);
// session
@@ -144,15 +144,16 @@ body{background-color:#efefef;}
body, button, div, html, input, p{font-size:13px; font-family:'Lucida grande', Verdana, Arial, Helvetica, sans-serif;}
button, input{font-size: 85%;}
div.help{border-top: 1px dotted gray; margin-top: 15px; padding-top: 15px; color:#999999;}
-#inputC, #inputD, #inputF, #inputR, #outputD, #outputF, #outputH, #outputR, #settingF{display:block;}
+#inputC, #inputD, #inputF, #inputR, #outputD, #outputF, #outputH, #outputR, #settingF, #diff{display:block;}
#inputC, #settingF{background-color:white; border:1px gray solid; padding:3px;}
#inputC li{margin: 0; padding: 0;}
#inputC ul{margin: 0; padding: 0; margin-left: 14px;}
#inputC input{margin: 0; margin-left: 2px; margin-right: 2px; padding: 1px; vertical-align: middle;}
#inputD{overflow:auto; background-color:#ffff99; border:1px #cc9966 solid; padding:3px;}
#inputR{overflow:auto; background-color:#ffffcc; border:1px #ffcc99 solid; padding:3px;}
-#inputC, #settingF, #inputD, #inputR, #outputD, #outputR, textarea{font-size:100%; font-family:'Bitstream vera sans mono', 'courier new', 'courier', monospace;}
-#outputD{overflow:auto; background-color: #99ffcc; border:1px #66cc99 solid; padding:3px;}
+#inputC, #settingF, #inputD, #inputR, #outputD, #outputR, #diff, textarea{font-size:100%; font-family:'Bitstream vera sans mono', 'courier new', 'courier', monospace;}
+#outputD{overflow:auto; background-color: #99ffcc; border:1px #66cc99 solid; padding:3px;}
+#diff{overflow:auto; background-color: white; border:1px #dcdcdc solid; padding:3px;}
#outputH{overflow:auto; background-color:white; padding:3px; border:1px #dcdcdc solid;}
#outputR{overflow:auto; background-color: #ccffcc; border:1px #99cc99 solid; padding:3px;}
span.cmtcdata{color: orange;}
@@ -261,9 +262,6 @@ function sndUnproc(){
var i = document.getElementById('text');
if(!i){return;}
i = i.value;
- i = i.replace(/>/g, '&gt;');
- i = i.replace(/</g, '&lt;');
- i = i.replace(/"/g, '&quot;');
var w = window.open('htmLawedTest.php?pre=1', 'hlprehtm');
var f = document.createElement('form');
f.enctype = 'application/x-www-form-urlencoded';
@@ -271,10 +269,14 @@ function sndUnproc(){
f.acceptCharset = '<?php echo htmlspecialchars($_POST['enc']); ?>';
if(f.style){f.style.display = 'none';}
else{f.visibility = 'hidden';}
- f.innerHTML = '<p style="display:none;"><input style="display:none;" type="hidden" name="token" id="token" value="<?php echo $token; ?>" /><input style="display:none;" type="hidden" name="<?php echo htmlspecialchars($_sid); ?>" id="<?php echo htmlspecialchars($_sid); ?>" value="' + readCookie('<?php echo htmlspecialchars($_sid); ?>') + '" /><input style="display:none;" type="hidden" name="inputH" id="inputH" value="'+ i+ '" /></p>';
+ f.innerHTML = '<p style="display:none;"><input style="display:none;" type="hidden" name="token" id="token" value="<?php echo $token; ?>" /><input style="display:none;" type="hidden" name="<?php echo htmlspecialchars($_sid); ?>" id="<?php echo htmlspecialchars($_sid); ?>" value="' + readCookie('<?php echo htmlspecialchars($_sid); ?>') + '" /></p>';
f.action = 'htmLawedTest.php?pre=1';
f.target = 'hlprehtm';
f.method = 'post';
+ var t = document.createElement('textarea');
+ t.name = 'inputH';
+ t.value = i;
+ f.appendChild(t);
var b = document.getElementsByTagName('body')[0];
b.appendChild(f);
f.submit();
@@ -284,9 +286,6 @@ function sndValidn(id, type){
var i = document.getElementById(id);
if(!i){return;}
i = i.value;
- i = i.replace(/>/g, '&gt;');
- i = i.replace(/</g, '&lt;');
- i = i.replace(/"/g, '&quot;');
var w = window.open('http://validator.w3.org/check', 'validate'+id+type);
var f = document.createElement('form');
f.enctype = 'application/x-www-form-urlencoded';
@@ -294,9 +293,13 @@ function sndValidn(id, type){
f.acceptCharset = '<?php echo htmlspecialchars($_POST['enc']); ?>';
if(f.style){f.style.display = 'none';}
else{f.visibility = 'hidden';}
- f.innerHTML = '<p style="display:none;"><input style="display:none;" type="hidden" name="fragment" id="fragment" value="'+ i+ '" /><input style="display:none;" type="hidden" name="prefill" id="prefill" value="1" /><input style="display:none;" type="hidden" name="prefill_doctype" id="prefill_doctype" value="'+ type+ '" /><input style="display:none;" type="hidden" name="group" id="group" value="1" /><input type="hidden" name="ss" id="ss" value="1" /></p>';
+ f.innerHTML = '<p style="display:none;"><input style="display:none;" type="hidden" name="prefill" id="prefill" value="1" /><input style="display:none;" type="hidden" name="prefill_doctype" id="prefill_doctype" value="'+ type+ '" /><input style="display:none;" type="hidden" name="group" id="group" value="1" /><input type="hidden" name="ss" id="ss" value="1" /></p>';
f.action = 'http://validator.w3.org/check';
f.target = 'validate'+id+type;
+ var t = document.createElement('textarea');
+ t.name = 'fragment';
+ t.value = i;
+ f.appendChild(t);
var b = document.getElementsByTagName('body')[0];
b.appendChild(f);
f.submit();
@@ -376,6 +379,58 @@ tRs = {
}
};
tRs.adEv(window, 'load', tRs.adBtn);
+// Diff Match and Patch javascript code by Neil Fraser; Apache license 2.0; http://code.google.com/p/google-diff-match-patch/
+(function(){function diff_match_patch(){this.Diff_Timeout=1;this.Diff_EditCost=4;this.Match_Threshold=0.5;this.Match_Distance=1E3;this.Patch_DeleteThreshold=0.5;this.Patch_Margin=4;this.Match_MaxBits=32}
+diff_match_patch.prototype.diff_main=function(a,b,c,d){"undefined"==typeof d&&(d=0>=this.Diff_Timeout?Number.MAX_VALUE:(new Date).getTime()+1E3*this.Diff_Timeout);if(null==a||null==b)throw Error("Null input. (diff_main)");if(a==b)return a?[[0,a]]:[];"undefined"==typeof c&&(c=!0);var e=c,f=this.diff_commonPrefix(a,b),c=a.substring(0,f),a=a.substring(f),b=b.substring(f),f=this.diff_commonSuffix(a,b),g=a.substring(a.length-f),a=a.substring(0,a.length-f),b=b.substring(0,b.length-f),a=this.diff_compute_(a,
+b,e,d);c&&a.unshift([0,c]);g&&a.push([0,g]);this.diff_cleanupMerge(a);return a};
+diff_match_patch.prototype.diff_compute_=function(a,b,c,d){if(!a)return[[1,b]];if(!b)return[[-1,a]];var e=a.length>b.length?a:b,f=a.length>b.length?b:a,g=e.indexOf(f);if(-1!=g)return c=[[1,e.substring(0,g)],[0,f],[1,e.substring(g+f.length)]],a.length>b.length&&(c[0][0]=c[2][0]=-1),c;if(1==f.length)return[[-1,a],[1,b]];return(e=this.diff_halfMatch_(a,b))?(f=e[0],a=e[1],g=e[2],b=e[3],e=e[4],f=this.diff_main(f,g,c,d),c=this.diff_main(a,b,c,d),f.concat([[0,e]],c)):c&&100<a.length&&100<b.length?this.diff_lineMode_(a,
+b,d):this.diff_bisect_(a,b,d)};
+diff_match_patch.prototype.diff_lineMode_=function(a,b,c){var d=this.diff_linesToChars_(a,b),a=d.chars1,b=d.chars2,d=d.lineArray,a=this.diff_main(a,b,!1,c);this.diff_charsToLines_(a,d);this.diff_cleanupSemantic(a);a.push([0,""]);for(var e=d=b=0,f="",g="";b<a.length;){switch(a[b][0]){case 1:e++;g+=a[b][1];break;case -1:d++;f+=a[b][1];break;case 0:if(1<=d&&1<=e){a.splice(b-d-e,d+e);b=b-d-e;d=this.diff_main(f,g,!1,c);for(e=d.length-1;0<=e;e--)a.splice(b,0,d[e]);b+=d.length}d=e=0;g=f=""}b++}a.pop();return a};
+diff_match_patch.prototype.diff_bisect_=function(a,b,c){for(var d=a.length,e=b.length,f=Math.ceil((d+e)/2),g=f,h=2*f,j=Array(h),i=Array(h),k=0;k<h;k++)j[k]=-1,i[k]=-1;j[g+1]=0;i[g+1]=0;for(var k=d-e,p=0!=k%2,q=0,s=0,o=0,v=0,u=0;u<f&&!((new Date).getTime()>c);u++){for(var n=-u+q;n<=u-s;n+=2){var l=g+n,m;m=n==-u||n!=u&&j[l-1]<j[l+1]?j[l+1]:j[l-1]+1;for(var r=m-n;m<d&&r<e&&a.charAt(m)==b.charAt(r);)m++,r++;j[l]=m;if(m>d)s+=2;else if(r>e)q+=2;else if(p&&(l=g+k-n,0<=l&&l<h&&-1!=i[l])){var t=d-i[l];if(m>=
+t)return this.diff_bisectSplit_(a,b,m,r,c)}}for(n=-u+o;n<=u-v;n+=2){l=g+n;t=n==-u||n!=u&&i[l-1]<i[l+1]?i[l+1]:i[l-1]+1;for(m=t-n;t<d&&m<e&&a.charAt(d-t-1)==b.charAt(e-m-1);)t++,m++;i[l]=t;if(t>d)v+=2;else if(m>e)o+=2;else if(!p&&(l=g+k-n,0<=l&&l<h&&-1!=j[l]&&(m=j[l],r=g+m-l,t=d-t,m>=t)))return this.diff_bisectSplit_(a,b,m,r,c)}}return[[-1,a],[1,b]]};
+diff_match_patch.prototype.diff_bisectSplit_=function(a,b,c,d,e){var f=a.substring(0,c),g=b.substring(0,d),a=a.substring(c),b=b.substring(d),f=this.diff_main(f,g,!1,e),e=this.diff_main(a,b,!1,e);return f.concat(e)};
+diff_match_patch.prototype.diff_linesToChars_=function(a,b){function c(a){for(var b="",c=0,f=-1,g=d.length;f<a.length-1;){f=a.indexOf("\n",c);-1==f&&(f=a.length-1);var q=a.substring(c,f+1),c=f+1;(e.hasOwnProperty?e.hasOwnProperty(q):void 0!==e[q])?b+=String.fromCharCode(e[q]):(b+=String.fromCharCode(g),e[q]=g,d[g++]=q)}return b}var d=[],e={};d[0]="";var f=c(a),g=c(b);return{chars1:f,chars2:g,lineArray:d}};
+diff_match_patch.prototype.diff_charsToLines_=function(a,b){for(var c=0;c<a.length;c++){for(var d=a[c][1],e=[],f=0;f<d.length;f++)e[f]=b[d.charCodeAt(f)];a[c][1]=e.join("")}};diff_match_patch.prototype.diff_commonPrefix=function(a,b){if(!a||!b||a.charAt(0)!=b.charAt(0))return 0;for(var c=0,d=Math.min(a.length,b.length),e=d,f=0;c<e;)a.substring(f,e)==b.substring(f,e)?f=c=e:d=e,e=Math.floor((d-c)/2+c);return e};
+diff_match_patch.prototype.diff_commonSuffix=function(a,b){if(!a||!b||a.charAt(a.length-1)!=b.charAt(b.length-1))return 0;for(var c=0,d=Math.min(a.length,b.length),e=d,f=0;c<e;)a.substring(a.length-e,a.length-f)==b.substring(b.length-e,b.length-f)?f=c=e:d=e,e=Math.floor((d-c)/2+c);return e};
+diff_match_patch.prototype.diff_commonOverlap_=function(a,b){var c=a.length,d=b.length;if(0==c||0==d)return 0;c>d?a=a.substring(c-d):c<d&&(b=b.substring(0,c));c=Math.min(c,d);if(a==b)return c;for(var d=0,e=1;;){var f=a.substring(c-e),f=b.indexOf(f);if(-1==f)return d;e+=f;if(0==f||a.substring(c-e)==b.substring(0,e))d=e,e++}};
+diff_match_patch.prototype.diff_halfMatch_=function(a,b){function c(a,b,c){for(var d=a.substring(c,c+Math.floor(a.length/4)),e=-1,g="",h,j,n,l;-1!=(e=b.indexOf(d,e+1));){var m=f.diff_commonPrefix(a.substring(c),b.substring(e)),r=f.diff_commonSuffix(a.substring(0,c),b.substring(0,e));g.length<r+m&&(g=b.substring(e-r,e)+b.substring(e,e+m),h=a.substring(0,c-r),j=a.substring(c+m),n=b.substring(0,e-r),l=b.substring(e+m))}return 2*g.length>=a.length?[h,j,n,l,g]:null}if(0>=this.Diff_Timeout)return null;
+var d=a.length>b.length?a:b,e=a.length>b.length?b:a;if(4>d.length||2*e.length<d.length)return null;var f=this,g=c(d,e,Math.ceil(d.length/4)),d=c(d,e,Math.ceil(d.length/2)),h;if(!g&&!d)return null;h=d?g?g[4].length>d[4].length?g:d:d:g;var j;a.length>b.length?(g=h[0],d=h[1],e=h[2],j=h[3]):(e=h[0],j=h[1],g=h[2],d=h[3]);h=h[4];return[g,d,e,j,h]};
+diff_match_patch.prototype.diff_cleanupSemantic=function(a){for(var b=!1,c=[],d=0,e=null,f=0,g=0,h=0,j=0,i=0;f<a.length;)0==a[f][0]?(c[d++]=f,g=j,h=i,i=j=0,e=a[f][1]):(1==a[f][0]?j+=a[f][1].length:i+=a[f][1].length,e&&e.length<=Math.max(g,h)&&e.length<=Math.max(j,i)&&(a.splice(c[d-1],0,[-1,e]),a[c[d-1]+1][0]=1,d--,d--,f=0<d?c[d-1]:-1,i=j=h=g=0,e=null,b=!0)),f++;b&&this.diff_cleanupMerge(a);this.diff_cleanupSemanticLossless(a);for(f=1;f<a.length;){if(-1==a[f-1][0]&&1==a[f][0]){b=a[f-1][1];c=a[f][1];
+d=this.diff_commonOverlap_(b,c);e=this.diff_commonOverlap_(c,b);if(d>=e){if(d>=b.length/2||d>=c.length/2)a.splice(f,0,[0,c.substring(0,d)]),a[f-1][1]=b.substring(0,b.length-d),a[f+1][1]=c.substring(d),f++}else if(e>=b.length/2||e>=c.length/2)a.splice(f,0,[0,b.substring(0,e)]),a[f-1][0]=1,a[f-1][1]=c.substring(0,c.length-e),a[f+1][0]=-1,a[f+1][1]=b.substring(e),f++;f++}f++}};
+diff_match_patch.prototype.diff_cleanupSemanticLossless=function(a){function b(a,b){if(!a||!b)return 6;var c=a.charAt(a.length-1),d=b.charAt(0),e=c.match(diff_match_patch.nonAlphaNumericRegex_),f=d.match(diff_match_patch.nonAlphaNumericRegex_),g=e&&c.match(diff_match_patch.whitespaceRegex_),h=f&&d.match(diff_match_patch.whitespaceRegex_),c=g&&c.match(diff_match_patch.linebreakRegex_),d=h&&d.match(diff_match_patch.linebreakRegex_),i=c&&a.match(diff_match_patch.blanklineEndRegex_),j=d&&b.match(diff_match_patch.blanklineStartRegex_);
+return i||j?5:c||d?4:e&&!g&&h?3:g||h?2:e||f?1:0}for(var c=1;c<a.length-1;){if(0==a[c-1][0]&&0==a[c+1][0]){var d=a[c-1][1],e=a[c][1],f=a[c+1][1],g=this.diff_commonSuffix(d,e);if(g)var h=e.substring(e.length-g),d=d.substring(0,d.length-g),e=h+e.substring(0,e.length-g),f=h+f;for(var g=d,h=e,j=f,i=b(d,e)+b(e,f);e.charAt(0)===f.charAt(0);){var d=d+e.charAt(0),e=e.substring(1)+f.charAt(0),f=f.substring(1),k=b(d,e)+b(e,f);k>=i&&(i=k,g=d,h=e,j=f)}a[c-1][1]!=g&&(g?a[c-1][1]=g:(a.splice(c-1,1),c--),a[c][1]=
+h,j?a[c+1][1]=j:(a.splice(c+1,1),c--))}c++}};diff_match_patch.nonAlphaNumericRegex_=/[^a-zA-Z0-9]/;diff_match_patch.whitespaceRegex_=/\s/;diff_match_patch.linebreakRegex_=/[\r\n]/;diff_match_patch.blanklineEndRegex_=/\n\r?\n$/;diff_match_patch.blanklineStartRegex_=/^\r?\n\r?\n/;
+diff_match_patch.prototype.diff_cleanupEfficiency=function(a){for(var b=!1,c=[],d=0,e=null,f=0,g=!1,h=!1,j=!1,i=!1;f<a.length;){if(0==a[f][0])a[f][1].length<this.Diff_EditCost&&(j||i)?(c[d++]=f,g=j,h=i,e=a[f][1]):(d=0,e=null),j=i=!1;else if(-1==a[f][0]?i=!0:j=!0,e&&(g&&h&&j&&i||e.length<this.Diff_EditCost/2&&3==g+h+j+i))a.splice(c[d-1],0,[-1,e]),a[c[d-1]+1][0]=1,d--,e=null,g&&h?(j=i=!0,d=0):(d--,f=0<d?c[d-1]:-1,j=i=!1),b=!0;f++}b&&this.diff_cleanupMerge(a)};
+diff_match_patch.prototype.diff_cleanupMerge=function(a){a.push([0,""]);for(var b=0,c=0,d=0,e="",f="",g;b<a.length;)switch(a[b][0]){case 1:d++;f+=a[b][1];b++;break;case -1:c++;e+=a[b][1];b++;break;case 0:1<c+d?(0!==c&&0!==d&&(g=this.diff_commonPrefix(f,e),0!==g&&(0<b-c-d&&0==a[b-c-d-1][0]?a[b-c-d-1][1]+=f.substring(0,g):(a.splice(0,0,[0,f.substring(0,g)]),b++),f=f.substring(g),e=e.substring(g)),g=this.diff_commonSuffix(f,e),0!==g&&(a[b][1]=f.substring(f.length-g)+a[b][1],f=f.substring(0,f.length-
+g),e=e.substring(0,e.length-g))),0===c?a.splice(b-d,c+d,[1,f]):0===d?a.splice(b-c,c+d,[-1,e]):a.splice(b-c-d,c+d,[-1,e],[1,f]),b=b-c-d+(c?1:0)+(d?1:0)+1):0!==b&&0==a[b-1][0]?(a[b-1][1]+=a[b][1],a.splice(b,1)):b++,c=d=0,f=e=""}""===a[a.length-1][1]&&a.pop();c=!1;for(b=1;b<a.length-1;)0==a[b-1][0]&&0==a[b+1][0]&&(a[b][1].substring(a[b][1].length-a[b-1][1].length)==a[b-1][1]?(a[b][1]=a[b-1][1]+a[b][1].substring(0,a[b][1].length-a[b-1][1].length),a[b+1][1]=a[b-1][1]+a[b+1][1],a.splice(b-1,1),c=!0):a[b][1].substring(0,
+a[b+1][1].length)==a[b+1][1]&&(a[b-1][1]+=a[b+1][1],a[b][1]=a[b][1].substring(a[b+1][1].length)+a[b+1][1],a.splice(b+1,1),c=!0)),b++;c&&this.diff_cleanupMerge(a)};diff_match_patch.prototype.diff_xIndex=function(a,b){var c=0,d=0,e=0,f=0,g;for(g=0;g<a.length;g++){1!==a[g][0]&&(c+=a[g][1].length);-1!==a[g][0]&&(d+=a[g][1].length);if(c>b)break;e=c;f=d}return a.length!=g&&-1===a[g][0]?f:f+(b-e)};
+diff_match_patch.prototype.diff_prettyHtml=function(a){for(var b=[],c=/&/g,d=/</g,e=/>/g,f=/\n/g,g=0;g<a.length;g++){var h=a[g][0],j=a[g][1],j=j.replace(c,"&amp;").replace(d,"&lt;").replace(e,"&gt;").replace(f,"<span style=\"color: #dcdcdc;\">&not;</span><br>");switch(h){case 1:b[g]='<ins style="background:#ccffcc; text-decoration: none;">'+j+"</ins>";break;case -1:b[g]='<del style="background:#ffffcc; text-decoration: line-through; color: orange;">'+j+"</del>";break;case 0:b[g]="<span>"+j+"</span>"}}return b.join("")};
+diff_match_patch.prototype.diff_text1=function(a){for(var b=[],c=0;c<a.length;c++)1!==a[c][0]&&(b[c]=a[c][1]);return b.join("")};diff_match_patch.prototype.diff_text2=function(a){for(var b=[],c=0;c<a.length;c++)-1!==a[c][0]&&(b[c]=a[c][1]);return b.join("")};diff_match_patch.prototype.diff_levenshtein=function(a){for(var b=0,c=0,d=0,e=0;e<a.length;e++){var f=a[e][0],g=a[e][1];switch(f){case 1:c+=g.length;break;case -1:d+=g.length;break;case 0:b+=Math.max(c,d),d=c=0}}return b+=Math.max(c,d)};
+diff_match_patch.prototype.diff_toDelta=function(a){for(var b=[],c=0;c<a.length;c++)switch(a[c][0]){case 1:b[c]="+"+encodeURI(a[c][1]);break;case -1:b[c]="-"+a[c][1].length;break;case 0:b[c]="="+a[c][1].length}return b.join("\t").replace(/%20/g," ")};
+diff_match_patch.prototype.diff_fromDelta=function(a,b){for(var c=[],d=0,e=0,f=b.split(/\t/g),g=0;g<f.length;g++){var h=f[g].substring(1);switch(f[g].charAt(0)){case "+":try{c[d++]=[1,decodeURI(h)]}catch(j){throw Error("Illegal escape in diff_fromDelta: "+h);}break;case "-":case "=":var i=parseInt(h,10);if(isNaN(i)||0>i)throw Error("Invalid number in diff_fromDelta: "+h);h=a.substring(e,e+=i);"="==f[g].charAt(0)?c[d++]=[0,h]:c[d++]=[-1,h];break;default:if(f[g])throw Error("Invalid diff operation in diff_fromDelta: "+
+f[g]);}}if(e!=a.length)throw Error("Delta length ("+e+") does not equal source text length ("+a.length+").");return c};diff_match_patch.prototype.match_main=function(a,b,c){if(null==a||null==b||null==c)throw Error("Null input. (match_main)");c=Math.max(0,Math.min(c,a.length));return a==b?0:a.length?a.substring(c,c+b.length)==b?c:this.match_bitap_(a,b,c):-1};
+diff_match_patch.prototype.match_bitap_=function(a,b,c){function d(a,d){var e=a/b.length,g=Math.abs(c-d);return!f.Match_Distance?g?1:e:e+g/f.Match_Distance}if(b.length>this.Match_MaxBits)throw Error("Pattern too long for this browser.");var e=this.match_alphabet_(b),f=this,g=this.Match_Threshold,h=a.indexOf(b,c);-1!=h&&(g=Math.min(d(0,h),g),h=a.lastIndexOf(b,c+b.length),-1!=h&&(g=Math.min(d(0,h),g)));for(var j=1<<b.length-1,h=-1,i,k,p=b.length+a.length,q,s=0;s<b.length;s++){i=0;for(k=p;i<k;)d(s,c+
+k)<=g?i=k:p=k,k=Math.floor((p-i)/2+i);p=k;i=Math.max(1,c-k+1);var o=Math.min(c+k,a.length)+b.length;k=Array(o+2);for(k[o+1]=(1<<s)-1;o>=i;o--){var v=e[a.charAt(o-1)];k[o]=0===s?(k[o+1]<<1|1)&v:(k[o+1]<<1|1)&v|(q[o+1]|q[o])<<1|1|q[o+1];if(k[o]&j&&(v=d(s,o-1),v<=g))if(g=v,h=o-1,h>c)i=Math.max(1,2*c-h);else break}if(d(s+1,c)>g)break;q=k}return h};
+diff_match_patch.prototype.match_alphabet_=function(a){for(var b={},c=0;c<a.length;c++)b[a.charAt(c)]=0;for(c=0;c<a.length;c++)b[a.charAt(c)]|=1<<a.length-c-1;return b};
+diff_match_patch.prototype.patch_addContext_=function(a,b){if(0!=b.length){for(var c=b.substring(a.start2,a.start2+a.length1),d=0;b.indexOf(c)!=b.lastIndexOf(c)&&c.length<this.Match_MaxBits-this.Patch_Margin-this.Patch_Margin;)d+=this.Patch_Margin,c=b.substring(a.start2-d,a.start2+a.length1+d);d+=this.Patch_Margin;(c=b.substring(a.start2-d,a.start2))&&a.diffs.unshift([0,c]);(d=b.substring(a.start2+a.length1,a.start2+a.length1+d))&&a.diffs.push([0,d]);a.start1-=c.length;a.start2-=c.length;a.length1+=
+c.length+d.length;a.length2+=c.length+d.length}};
+diff_match_patch.prototype.patch_make=function(a,b,c){var d;if("string"==typeof a&&"string"==typeof b&&"undefined"==typeof c)d=a,b=this.diff_main(d,b,!0),2<b.length&&(this.diff_cleanupSemantic(b),this.diff_cleanupEfficiency(b));else if(a&&"object"==typeof a&&"undefined"==typeof b&&"undefined"==typeof c)b=a,d=this.diff_text1(b);else if("string"==typeof a&&b&&"object"==typeof b&&"undefined"==typeof c)d=a;else if("string"==typeof a&&"string"==typeof b&&c&&"object"==typeof c)d=a,b=c;else throw Error("Unknown call format to patch_make.");
+if(0===b.length)return[];for(var c=[],a=new diff_match_patch.patch_obj,e=0,f=0,g=0,h=d,j=0;j<b.length;j++){var i=b[j][0],k=b[j][1];if(!e&&0!==i)a.start1=f,a.start2=g;switch(i){case 1:a.diffs[e++]=b[j];a.length2+=k.length;d=d.substring(0,g)+k+d.substring(g);break;case -1:a.length1+=k.length;a.diffs[e++]=b[j];d=d.substring(0,g)+d.substring(g+k.length);break;case 0:k.length<=2*this.Patch_Margin&&e&&b.length!=j+1?(a.diffs[e++]=b[j],a.length1+=k.length,a.length2+=k.length):k.length>=2*this.Patch_Margin&&
+e&&(this.patch_addContext_(a,h),c.push(a),a=new diff_match_patch.patch_obj,e=0,h=d,f=g)}1!==i&&(f+=k.length);-1!==i&&(g+=k.length)}e&&(this.patch_addContext_(a,h),c.push(a));return c};diff_match_patch.prototype.patch_deepCopy=function(a){for(var b=[],c=0;c<a.length;c++){var d=a[c],e=new diff_match_patch.patch_obj;e.diffs=[];for(var f=0;f<d.diffs.length;f++)e.diffs[f]=d.diffs[f].slice();e.start1=d.start1;e.start2=d.start2;e.length1=d.length1;e.length2=d.length2;b[c]=e}return b};
+diff_match_patch.prototype.patch_apply=function(a,b){if(0==a.length)return[b,[]];var a=this.patch_deepCopy(a),c=this.patch_addPadding(a),b=c+b+c;this.patch_splitMax(a);for(var d=0,e=[],f=0;f<a.length;f++){var g=a[f].start2+d,h=this.diff_text1(a[f].diffs),j,i=-1;if(h.length>this.Match_MaxBits){if(j=this.match_main(b,h.substring(0,this.Match_MaxBits),g),-1!=j&&(i=this.match_main(b,h.substring(h.length-this.Match_MaxBits),g+h.length-this.Match_MaxBits),-1==i||j>=i))j=-1}else j=this.match_main(b,h,g);
+if(-1==j)e[f]=!1,d-=a[f].length2-a[f].length1;else if(e[f]=!0,d=j-g,g=-1==i?b.substring(j,j+h.length):b.substring(j,i+this.Match_MaxBits),h==g)b=b.substring(0,j)+this.diff_text2(a[f].diffs)+b.substring(j+h.length);else if(g=this.diff_main(h,g,!1),h.length>this.Match_MaxBits&&this.diff_levenshtein(g)/h.length>this.Patch_DeleteThreshold)e[f]=!1;else{this.diff_cleanupSemanticLossless(g);for(var h=0,k,i=0;i<a[f].diffs.length;i++){var p=a[f].diffs[i];0!==p[0]&&(k=this.diff_xIndex(g,h));1===p[0]?b=b.substring(0,
+j+k)+p[1]+b.substring(j+k):-1===p[0]&&(b=b.substring(0,j+k)+b.substring(j+this.diff_xIndex(g,h+p[1].length)));-1!==p[0]&&(h+=p[1].length)}}}b=b.substring(c.length,b.length-c.length);return[b,e]};
+diff_match_patch.prototype.patch_addPadding=function(a){for(var b=this.Patch_Margin,c="",d=1;d<=b;d++)c+=String.fromCharCode(d);for(d=0;d<a.length;d++)a[d].start1+=b,a[d].start2+=b;var d=a[0],e=d.diffs;if(0==e.length||0!=e[0][0])e.unshift([0,c]),d.start1-=b,d.start2-=b,d.length1+=b,d.length2+=b;else if(b>e[0][1].length){var f=b-e[0][1].length;e[0][1]=c.substring(e[0][1].length)+e[0][1];d.start1-=f;d.start2-=f;d.length1+=f;d.length2+=f}d=a[a.length-1];e=d.diffs;0==e.length||0!=e[e.length-1][0]?(e.push([0,
+c]),d.length1+=b,d.length2+=b):b>e[e.length-1][1].length&&(f=b-e[e.length-1][1].length,e[e.length-1][1]+=c.substring(0,f),d.length1+=f,d.length2+=f);return c};
+diff_match_patch.prototype.patch_splitMax=function(a){for(var b=this.Match_MaxBits,c=0;c<a.length;c++)if(!(a[c].length1<=b)){var d=a[c];a.splice(c--,1);for(var e=d.start1,f=d.start2,g="";0!==d.diffs.length;){var h=new diff_match_patch.patch_obj,j=!0;h.start1=e-g.length;h.start2=f-g.length;if(""!==g)h.length1=h.length2=g.length,h.diffs.push([0,g]);for(;0!==d.diffs.length&&h.length1<b-this.Patch_Margin;){var g=d.diffs[0][0],i=d.diffs[0][1];1===g?(h.length2+=i.length,f+=i.length,h.diffs.push(d.diffs.shift()),
+j=!1):-1===g&&1==h.diffs.length&&0==h.diffs[0][0]&&i.length>2*b?(h.length1+=i.length,e+=i.length,j=!1,h.diffs.push([g,i]),d.diffs.shift()):(i=i.substring(0,b-h.length1-this.Patch_Margin),h.length1+=i.length,e+=i.length,0===g?(h.length2+=i.length,f+=i.length):j=!1,h.diffs.push([g,i]),i==d.diffs[0][1]?d.diffs.shift():d.diffs[0][1]=d.diffs[0][1].substring(i.length))}g=this.diff_text2(h.diffs);g=g.substring(g.length-this.Patch_Margin);i=this.diff_text1(d.diffs).substring(0,this.Patch_Margin);""!==i&&
+(h.length1+=i.length,h.length2+=i.length,0!==h.diffs.length&&0===h.diffs[h.diffs.length-1][0]?h.diffs[h.diffs.length-1][1]+=i:h.diffs.push([0,i]));j||a.splice(++c,0,h)}}};diff_match_patch.prototype.patch_toText=function(a){for(var b=[],c=0;c<a.length;c++)b[c]=a[c];return b.join("")};
+diff_match_patch.prototype.patch_fromText=function(a){var b=[];if(!a)return b;for(var a=a.split("\n"),c=0,d=/^@@ -(\d+),?(\d*) \+(\d+),?(\d*) @@$/;c<a.length;){var e=a[c].match(d);if(!e)throw Error("Invalid patch string: "+a[c]);var f=new diff_match_patch.patch_obj;b.push(f);f.start1=parseInt(e[1],10);""===e[2]?(f.start1--,f.length1=1):"0"==e[2]?f.length1=0:(f.start1--,f.length1=parseInt(e[2],10));f.start2=parseInt(e[3],10);""===e[4]?(f.start2--,f.length2=1):"0"==e[4]?f.length2=0:(f.start2--,f.length2=
+parseInt(e[4],10));for(c++;c<a.length;){e=a[c].charAt(0);try{var g=decodeURI(a[c].substring(1))}catch(h){throw Error("Illegal escape in patch_fromText: "+g);}if("-"==e)f.diffs.push([-1,g]);else if("+"==e)f.diffs.push([1,g]);else if(" "==e)f.diffs.push([0,g]);else if("@"==e)break;else if(""!==e)throw Error('Invalid patch mode "'+e+'" in: '+g);c++}}return b};diff_match_patch.patch_obj=function(){this.diffs=[];this.start2=this.start1=null;this.length2=this.length1=0};
+diff_match_patch.patch_obj.prototype.toString=function(){var a,b;a=0===this.length1?this.start1+",0":1==this.length1?this.start1+1:this.start1+1+","+this.length1;b=0===this.length2?this.start2+",0":1==this.length2?this.start2+1:this.start2+1+","+this.length2;a=["@@ -"+a+" +"+b+" @@\n"];var c;for(b=0;b<this.diffs.length;b++){switch(this.diffs[b][0]){case 1:c="+";break;case -1:c="-";break;case 0:c=" "}a[b+1]=c+encodeURI(this.diffs[b][1])+"\n"}return a.join("").replace(/%20/g," ")};
+this.diff_match_patch=diff_match_patch;this.DIFF_DELETE=-1;this.DIFF_INSERT=1;this.DIFF_EQUAL=0;})()
+var dmp = new diff_match_patch(); function diffLaunch(){var text1 = document.getElementById('text').value; var text2 = document.getElementById('text2').value; dmp.Diff_Timeout = 0; dmp.Diff_EditCost = 4; var d = dmp.diff_main(text1, text2); var ds = dmp.diff_prettyHtml(d); document.getElementById('diff').innerHTML = ds;
+}
//--><!]]></script>
<title>htmLawed (<?php echo hl_version();?>) test</title>
</head>
@@ -545,7 +600,7 @@ if($do){
$st = microtime();
$out = htmLawed($_POST['text'], $cfg, $_POST['spec']);
$et = microtime();
- echo '<br /><a href="htmLawedTest.php" title="[toggle visibility] syntax-highlighted" onclick="javascript:toggle(\'inputR\'); return false;"><span class="notice">Input code &raquo;</span></a> <span class="help" title="tags estimated as half of total &gt; and &lt; chars; values may be inaccurate for non-ASCII text"><small><big>', strlen($_POST['text']), '</big> chars, ~<big>', ($tag = round((substr_count($_POST['text'], '>') + substr_count($_POST['text'], '<'))/2)), '</big> tag', ($tag > 1 ? 's' : ''), '</small>&nbsp;</span><div id="inputR" style="display: none;">', format($_POST['text']), '</div><script type="text/javascript">hl(\'inputR\');</script>', (!isset($_POST['text'][$_hlimit]) ? ' <a href="htmLawedTest.php" title="[toggle visibility] hexdump; non-viewable characters like line-returns are shown as dots" onclick="javascript:toggle(\'inputD\'); return false;"><span class="notice">Input binary &raquo;&nbsp;</span></a><div id="inputD" style="display: none;">'. hexdump($_POST['text']). '</div>' : ''), ' <a href="htmLawedTest.php" title="[toggle visibility] finalized internal settings as interpreted by htmLawed; for developers" onclick="javascript:toggle(\'settingF\'); return false;"><span class="notice">Finalized internal settings &raquo;&nbsp;</span></a> <div id="settingF" style="display: none;">', str_replace(array(' ', "\t", ' '), array(' ', '&nbsp; ', '&nbsp; '), nl2br(htmlspecialchars(print_r($GLOBALS['hlcfg']['config'], true)))), '</div><script type="text/javascript">hl(\'settingF\');</script>', '<br /><a href="htmLawedTest.php" title="[toggle visibility] suitable for copy-paste" onclick="javascript:toggle(\'outputF\'); return false;"><span class="notice">Output &raquo;</span></a> <span class="help" title="approx., server-specific value excluding the \'include()\' call"><small>htmLawed processing time <big>', number_format(((substr($et,0,9)) + (substr($et,-10)) - (substr($st,0,9)) - (substr($st,-10))),4), '</big> s</small></span>', (($mem = memory_get_peak_usage()) !== false ? '<span class="help"><small>, peak memory usage <big>'. round(($mem-$pre_mem)/1048576, 2). '</big> <small>MB</small>' : ''), '</small></span><div id="outputF" style="display: block;"><div><textarea id="text2" class="textarea" name="text2" rows="5" cols="100" style="width: 100%;">', htmlspecialchars($out), '</textarea></div><button type="button" onclick="javascript:document.getElementById(\'text2\').focus();document.getElementById(\'text2\').select()" title="select all to copy" style="float:right;">Select all</button>';
+ echo '<br /><a href="htmLawedTest.php" title="[toggle visibility] syntax-highlighted" onclick="javascript:toggle(\'inputR\'); return false;"><span class="notice">Input code &raquo;</span></a> <span class="help" title="tags estimated as half of total &gt; and &lt; chars; values may be inaccurate for non-ASCII text"><small><big>', strlen($_POST['text']), '</big> chars, ~<big>', ($tag = round((substr_count($_POST['text'], '>') + substr_count($_POST['text'], '<'))/2)), '</big> tag', ($tag > 1 ? 's' : ''), '</small>&nbsp;</span><div id="inputR" style="display: none;">', format($_POST['text']), '</div><script type="text/javascript">hl(\'inputR\');</script>', (!isset($_POST['text'][$_hlimit]) ? ' <a href="htmLawedTest.php" title="[toggle visibility] hexdump; non-viewable characters like line-returns are shown as dots" onclick="javascript:toggle(\'inputD\'); return false;"><span class="notice">Input binary &raquo;&nbsp;</span></a><div id="inputD" style="display: none;">'. hexdump($_POST['text']). '</div>' : ''), ' <a href="htmLawedTest.php" title="[toggle visibility] finalized internal settings as interpreted by htmLawed; for developers" onclick="javascript:toggle(\'settingF\'); return false;"><span class="notice">Finalized internal settings &raquo;&nbsp;</span></a> <div id="settingF" style="display: none;">$config: ', str_replace(array(' ', "\t", ' '), array(' ', '&nbsp; ', '&nbsp; '), nl2br(htmlspecialchars(print_r($GLOBALS['hlcfg']['config'], true)))), '<br />$spec: ', str_replace(array(' ', "\t", ' '), array(' ', '&nbsp; ', '&nbsp; '), nl2br(htmlspecialchars(print_r($GLOBALS['hlcfg']['spec'], true)))), '</div><script type="text/javascript">hl(\'settingF\');</script>', '<br /><a href="htmLawedTest.php" title="[toggle visibility] suitable for copy-paste" onclick="javascript:toggle(\'outputF\'); return false;"><span class="notice">Output &raquo;</span></a> <span class="help" title="approx., server-specific value excluding the \'include()\' call"><small>htmLawed processing time <big>', number_format(((substr($et,0,9)) + (substr($et,-10)) - (substr($st,0,9)) - (substr($st,-10))),4), '</big> s</small></span>', (($mem = memory_get_peak_usage()) !== false ? '<span class="help"><small>, peak memory usage <big>'. round(($mem-$pre_mem)/1048576, 2). '</big> <small>MB</small>' : ''), '</small></span><div id="outputF" style="display: block;"><div><textarea id="text2" class="textarea" name="text2" rows="5" cols="100" style="width: 100%;">', htmlspecialchars($out), '</textarea></div><button type="button" onclick="javascript:document.getElementById(\'text2\').focus();document.getElementById(\'text2\').select()" title="select all to copy" style="float:right;">Select all</button>';
if($_w3c_validate && $validation)
{
?>
@@ -555,7 +610,7 @@ if($do){
<?php
}
- echo '</div><br /><a href="htmLawedTest.php" title="[toggle visibility] syntax-highlighted" onclick="javascript:toggle(\'outputR\'); return false;"><span class="notice">Output code &raquo;</span></a><div id="outputR" style="display: block;">', format($out), '</div><script type="text/javascript">hl(\'outputR\');</script>', (!isset($_POST['text'][$_hlimit]) ? '<br /><a href="htmLawedTest.php" title="[toggle visibility] hexdump; non-viewable characters like line-returns are shown as dots" onclick="javascript:toggle(\'outputD\'); return false;"><span class="notice">Output binary &raquo;</span></a><div id="outputD" style="display: none;">'. hexdump($out). '</div>' : ''), '<br /><a href="htmLawedTest.php" title="[toggle visibility] XHTML 1 Transitional doctype" onclick="javascript:toggle(\'outputH\'); return false;"><span class="notice">Output rendered &raquo;</span></a><div id="outputH" style="display: block;">', $out, '</div>';
+ echo '</div><br /><a href="htmLawedTest.php" title="[toggle visibility] syntax-highlighted" onclick="javascript:toggle(\'outputR\'); return false;"><span class="notice">Output code &raquo;</span></a><div id="outputR" style="display: block;">', format($out), '</div><script type="text/javascript">hl(\'outputR\');</script>', (!isset($_POST['text'][$_hlimit]) ? ' <a href="htmLawedTest.php" title="[toggle visibility] hexdump; non-viewable characters like line-returns are shown as dots" onclick="javascript:toggle(\'outputD\'); return false;"><span class="notice">Output binary &raquo;</span></a><div id="outputD" style="display: none;">'. hexdump($out). '</div>' : ''), ' <a href="htmLawedTest.php" title="[toggle visibility] inline output-input diff; might not be perfectly accurate, semantically or otherwise " onclick="javascript:toggle(\'diff\'); diffLaunch(); return false;"><span class="notice">Diff &raquo;</span></a> <div id="diff" style="display: none;"></div><br /><a href="htmLawedTest.php" title="[toggle visibility] XHTML 1 Transitional doctype" onclick="javascript:toggle(\'outputH\'); return false;"><span class="notice">Output rendered &raquo;</span></a><div id="outputH" style="display: block;">', $out, '</div>';
}
else{
?>
diff --git a/mod/htmlawed/vendors/htmLawed/htmLawed_README.htm b/mod/htmlawed/vendors/htmLawed/htmLawed_README.htm
index 6dd78fb..819b39e 100644..100755
--- a/mod/htmlawed/vendors/htmLawed/htmLawed_README.htm
+++ b/mod/htmlawed/vendors/htmLawed/htmLawed_README.htm
@@ -1,2160 +1,2178 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-<meta http-equiv="Content-Language" content="en" />
-<meta name="description" content="htmLawed PHP software is a free, open-source, customizable HTML input purifier and filter - htmLawed_README.txt - presented with rTxt2htm, a PHP Labware utility" />
-<meta name="keywords" content="htmLawed, HTM, HTML, HTML Tidy, converter, filter, formatter, purifier, sanitizer, XSS, input, PHP, software, code, script, security, cross-site scripting, hack, sanitize, remove, standards, tags, attributes, elements, htmLawed_README.txt, rTxt2htm, PHP Labware" />
-<style type="text/css" media="all">
-<!--/*--><![CDATA[/*><!--*/
-a {text-decoration:none; color: blue;}
-
-a:hover {color: red;}
-
-a:visited {color: blue;}
-
-body {margin: 0; padding: 0;}
-
-body, div, html, p {font-family: Georgia, 'Times new roman', Times;}
-
-code.code {font-family: 'Bitstream vera sans mono', 'Courier New', 'Courier', monospace;}
-
-div.comment {padding: 5px; color: #999999; font-size: 80%;}
-
-div.comment a {color: #6699cc;}
-
-div#body {width: 70%; margin: 5px; padding: 5px;} /* holds non-toc content */
-
-div#toc {position: fixed; top: 5px; left: 73%; z-index: 2; margin-top: 5px; margin-left: 5px; border: 1px solid gray; padding: 5px; background-color: #ededed; width: 23%; overflow: auto; max-height:94%; font-size: 90%;} /* holds content table (toc) */
-
-div#top {font-size: 14px; margin: 5px; padding: 5px;} /* holds all content */
-
-div.monospace {overflow: auto; font-family: 'Bitstream vera sans mono', 'Courier New', 'Courier', monospace;}
-
-div.sub-section {padding-left: 15px;}
-
-div.sub-sub-section {padding-left: 30px;}
-
-h1 {font-size: 22px; margin-top: 5px; margin-bottom: 5px;}
-
-h2 {font-size: 20px; float: left; margin-top: 15px; margin-bottom: 5px;}
-
-h3 {font-size: 18px; float: left; margin-top: 15px; margin-bottom: 5px;}
-
-h4 {font-size: 16px; float: left; margin-top: 15px; margin-bottom: 5px;}
-
-hr {margin-top: 15px; margin-bottom: 5px;}
-
-input, textarea {font-family: 'Bitstream vera sans mono', 'Courier New', 'Courier', monospace;}
-
-p.subtle {color: gray; padding: 0; padding-top: 10px; margin: 0;}
-
-p.subtle a, p.subtle a:visited {color: #6699cc;}
-
-span.item-no {color: black;}
-
-span.subtle {color: gray; margin: 0; padding:0;}
-
-span.subtle a, span.subtle a:visited {color: #6699cc;}
-
-span.term {font-family: 'Bitstream vera sans mono', 'Courier New', 'Courier', monospace;}
-
-span.toc-item {color: black;}
-
-span.totop {float: right; margin-top: 15px; margin-bottom: 5px;}
-
-span.totop a, span.totop a:visited {color: #6699cc;}
-
-@media screen { /* fixes for old IE */
-
- * html, * html body {overflow-y: auto!important; height: 100%; margin: 0; padding: 0;}
-
- * html div#body {height: 100%; overflow-y: auto; position: relative;}
-
- * html div#toc {position: absolute;}
-
-}
-
-/*]]>*/-->
-</style>
-<title>htmLawed documentation | htmLawed PHP software is a free, open-source, customizable HTML input purifier and filter</title>
-</head>
-<body>
-<div id="top">
-<h1><a id="peak" name="peak"></a>htmLawed documentation</h1>
-
-<div id="toc"><span class="toc-item"><a href="#s1"><span class="item-no">1</span>&#160; About htmLawed</a></span><br />
-&#160; <span class="toc-item"><a href="#s1.1"><span class="item-no">1.1</span>&#160; Example uses</a></span><br />
-&#160; <span class="toc-item"><a href="#s1.2"><span class="item-no">1.2</span>&#160; Features</a></span><br />
-&#160; <span class="toc-item"><a href="#s1.3"><span class="item-no">1.3</span>&#160; History</a></span><br />
-&#160; <span class="toc-item"><a href="#s1.4"><span class="item-no">1.4</span>&#160; License &amp; copyright</a></span><br />
-&#160; <span class="toc-item"><a href="#s1.5"><span class="item-no">1.5</span>&#160; Terms used here</a></span><br />
-<span class="toc-item"><a href="#s2"><span class="item-no">2</span>&#160; Usage</a></span><br />
-&#160; <span class="toc-item"><a href="#s2.1"><span class="item-no">2.1</span>&#160; Simple</a></span><br />
-&#160; <span class="toc-item"><a href="#s2.2"><span class="item-no">2.2</span>&#160; Configuring htmLawed using the <span class="term">$config</span>&#160;parameter</a></span><br />
-&#160; <span class="toc-item"><a href="#s2.3"><span class="item-no">2.3</span>&#160; Extra HTML specifications using the <span class="term">$spec</span>&#160;parameter</a></span><br />
-&#160; <span class="toc-item"><a href="#s2.4"><span class="item-no">2.4</span>&#160; Performance time &amp; memory usage</a></span><br />
-&#160; <span class="toc-item"><a href="#s2.5"><span class="item-no">2.5</span>&#160; Some security risks to keep in mind</a></span><br />
-&#160; <span class="toc-item"><a href="#s2.6"><span class="item-no">2.6</span>&#160; Use without modifying old <span class="term">kses()</span>&#160;code</a></span><br />
-&#160; <span class="toc-item"><a href="#s2.7"><span class="item-no">2.7</span>&#160; Tolerance for ill-written HTML</a></span><br />
-&#160; <span class="toc-item"><a href="#s2.8"><span class="item-no">2.8</span>&#160; Limitations &amp; work-arounds</a></span><br />
-&#160; <span class="toc-item"><a href="#s2.9"><span class="item-no">2.9</span>&#160; Examples of usage</a></span><br />
-<span class="toc-item"><a href="#s3"><span class="item-no">3</span>&#160; Details</a></span><br />
-&#160; <span class="toc-item"><a href="#s3.1"><span class="item-no">3.1</span>&#160; Invalid/dangerous characters</a></span><br />
-&#160; <span class="toc-item"><a href="#s3.2"><span class="item-no">3.2</span>&#160; Character references/entities</a></span><br />
-&#160; <span class="toc-item"><a href="#s3.3"><span class="item-no">3.3</span>&#160; HTML elements</a></span><br />
-&#160; &#160; <span class="toc-item"><a href="#s3.3.1"><span class="item-no">3.3.1</span>&#160; HTML comments and <span class="term">CDATA</span>&#160;sections</a></span><br />
-&#160; &#160; <span class="toc-item"><a href="#s3.3.2"><span class="item-no">3.3.2</span>&#160; Tag-transformation for better XHTML-Strict</a></span><br />
-&#160; &#160; <span class="toc-item"><a href="#s3.3.3"><span class="item-no">3.3.3</span>&#160; Tag balancing and proper nesting</a></span><br />
-&#160; &#160; <span class="toc-item"><a href="#s3.3.4"><span class="item-no">3.3.4</span>&#160; Elements requiring child elements</a></span><br />
-&#160; &#160; <span class="toc-item"><a href="#s3.3.5"><span class="item-no">3.3.5</span>&#160; Beautify or compact HTML</a></span><br />
-&#160; <span class="toc-item"><a href="#s3.4"><span class="item-no">3.4</span>&#160; Attributes</a></span><br />
-&#160; &#160; <span class="toc-item"><a href="#s3.4.1"><span class="item-no">3.4.1</span>&#160; Auto-addition of XHTML-required attributes</a></span><br />
-&#160; &#160; <span class="toc-item"><a href="#s3.4.2"><span class="item-no">3.4.2</span>&#160; Duplicate/invalid <span class="term">id</span>&#160;values</a></span><br />
-&#160; &#160; <span class="toc-item"><a href="#s3.4.3"><span class="item-no">3.4.3</span>&#160; URL schemes (protocols) and scripts in attribute values</a></span><br />
-&#160; &#160; <span class="toc-item"><a href="#s3.4.4"><span class="item-no">3.4.4</span>&#160; Absolute &amp; relative URLs</a></span><br />
-&#160; &#160; <span class="toc-item"><a href="#s3.4.5"><span class="item-no">3.4.5</span>&#160; Lower-cased, standard attribute values</a></span><br />
-&#160; &#160; <span class="toc-item"><a href="#s3.4.6"><span class="item-no">3.4.6</span>&#160; Transformation of deprecated attributes</a></span><br />
-&#160; &#160; <span class="toc-item"><a href="#s3.4.7"><span class="item-no">3.4.7</span>&#160; Anti-spam &amp; <span class="term">href</span></a></span><br />
-&#160; &#160; <span class="toc-item"><a href="#s3.4.8"><span class="item-no">3.4.8</span>&#160; Inline style properties</a></span><br />
-&#160; &#160; <span class="toc-item"><a href="#s3.4.9"><span class="item-no">3.4.9</span>&#160; Hook function for tag content</a></span><br />
-&#160; <span class="toc-item"><a href="#s3.5"><span class="item-no">3.5</span>&#160; Simple configuration directive for most valid XHTML</a></span><br />
-&#160; <span class="toc-item"><a href="#s3.6"><span class="item-no">3.6</span>&#160; Simple configuration directive for most <em>safe</em>&#160;HTML</a></span><br />
-&#160; <span class="toc-item"><a href="#s3.7"><span class="item-no">3.7</span>&#160; Using a hook function</a></span><br />
-&#160; <span class="toc-item"><a href="#s3.8"><span class="item-no">3.8</span>&#160; Obtaining <em>finalized</em>&#160;parameter values</a></span><br />
-&#160; <span class="toc-item"><a href="#s3.9"><span class="item-no">3.9</span>&#160; Retaining non-HTML tags in input with mixed markup</a></span><br />
-<span class="toc-item"><a href="#s4"><span class="item-no">4</span>&#160; Other</a></span><br />
-&#160; <span class="toc-item"><a href="#s4.1"><span class="item-no">4.1</span>&#160; Support</a></span><br />
-&#160; <span class="toc-item"><a href="#s4.2"><span class="item-no">4.2</span>&#160; Known issues</a></span><br />
-&#160; <span class="toc-item"><a href="#s4.3"><span class="item-no">4.3</span>&#160; Change-log</a></span><br />
-&#160; <span class="toc-item"><a href="#s4.4"><span class="item-no">4.4</span>&#160; Testing</a></span><br />
-&#160; <span class="toc-item"><a href="#s4.5"><span class="item-no">4.5</span>&#160; Upgrade, &amp; old versions</a></span><br />
-&#160; <span class="toc-item"><a href="#s4.6"><span class="item-no">4.6</span>&#160; Comparison with <span class="term">HTMLPurifier</span></a></span><br />
-&#160; <span class="toc-item"><a href="#s4.7"><span class="item-no">4.7</span>&#160; Use through application plug-ins/modules</a></span><br />
-&#160; <span class="toc-item"><a href="#s4.8"><span class="item-no">4.8</span>&#160; Use in non-PHP applications</a></span><br />
-&#160; <span class="toc-item"><a href="#s4.9"><span class="item-no">4.9</span>&#160; Donate</a></span><br />
-&#160; <span class="toc-item"><a href="#s4.10"><span class="item-no">4.10</span>&#160; Acknowledgements</a></span><br />
-<span class="toc-item"><a href="#s5"><span class="item-no">5</span>&#160; Appendices</a></span><br />
-&#160; <span class="toc-item"><a href="#s5.1"><span class="item-no">5.1</span>&#160; Characters discouraged in HTML</a></span><br />
-&#160; <span class="toc-item"><a href="#s5.2"><span class="item-no">5.2</span>&#160; Valid attribute-element combinations</a></span><br />
-&#160; <span class="toc-item"><a href="#s5.3"><span class="item-no">5.3</span>&#160; CSS 2.1 properties accepting URLs</a></span><br />
-&#160; <span class="toc-item"><a href="#s5.4"><span class="item-no">5.4</span>&#160; Microsoft Windows 1252 character replacements</a></span><br />
-&#160; <span class="toc-item"><a href="#s5.5"><span class="item-no">5.5</span>&#160; URL format</a></span><br />
-&#160; <span class="toc-item"><a href="#s5.6"><span class="item-no">5.6</span>&#160; Brief on htmLawed code</a></span></div><!-- ended div toc -->
-
-<div id="body">
-<br />
-<div class="comment">htmLawed_README.txt, 8 June 2012<br />
-htmLawed 1.1.11, 5 June 2012<br />
-Copyright Santosh Patnaik<br />
-Dual licensed with LGPL 3 and GPL 2 or later<br />
-A PHP Labware internal utility &#45; <a href="http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed">http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed</a>&#160;</div>
-<br />
-
-<div class="section"><h2>
-<a name="s1" id="s1"></a><span class="item-no">1</span>&#160; About htmLawed
-</h2><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" />
-<br />
-&#160; htmLawed is a highly customizable single-file PHP script to make text secure, and standard- and admin policy-compliant for use in the body of HTML 4, XHTML 1 or 1.1, or generic XML documents. It is thus a configurable input (X)HTML filter, processor, purifier, sanitizer, beautifier, etc., and an alternative to the <a href="http://tidy.sourceforge.net">HTMLTidy</a>&#160;application.<br />
-<br />
-&#160; The <em>lawing in</em>&#160;of input text is needed to ensure that HTML code in the text is standard-compliant, does not introduce security vulnerabilities, and does not break the aesthetics, design or layout of web-pages. htmLawed tries to do this by, for example, making HTML well-formed with balanced and properly nested tags, neutralizing code that may be used for cross-site scripting (<span class="term">XSS</span>) attacks, and allowing only specified HTML elements/tags and attributes.<br />
-
-<div class="sub-section"><h3>
-<a name="s1.1" id="s1.1"></a><span class="item-no">1.1</span>&#160; Example uses
-</h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" />
-<br />
-&#160; * &#160;Filtering of text submitted as comments on blogs to allow only certain HTML elements<br />
-<br />
-&#160; * &#160;Making RSS/Atom newsfeed item-content standard-compliant: often one uses an excerpt from an HTML document for the content, and with unbalanced tags, non-numerical entities, etc., such excerpts may not be XML-compliant<br />
-<br />
-&#160; * &#160;Text processing for stricter XML standard-compliance: e.g., to have lowercased <span class="term">x</span>&#160;in hexadecimal numeric entities becomes necessary if an XHTML document with MathML content needs to be served as <span class="term">application/xml</span><br />
-<br />
-&#160; * &#160;Scraping text or data from web-pages<br />
-<br />
-&#160; * &#160;Pretty-printing HTML code<br />
-
-</div>
-<div class="sub-section"><h3>
-<a name="s1.2" id="s1.2"></a><span class="item-no">1.2</span>&#160; Features
-</h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" />
-<br />
-&#160; Key: <span class="term">&#42;</span>&#160;security feature, <span class="term">^</span>&#160;standard compliance, <span class="term">~</span>&#160;requires setting right options, <span class="term">&#96;</span>&#160;different from <span class="term">Kses</span><br />
-<br />
-&#160; * &#160;make input more <strong>secure</strong>&#160;and <strong>standard-compliant</strong><br />
-&#160; * &#160;use for HTML 4, XHTML 1.0 or 1.1, or even generic <strong>XML</strong>&#160;documents &#160;^~`<br />
-<br />
-&#160; * &#160;<strong>beautify</strong>&#160;or <strong>compact</strong>&#160;HTML &#160;^~`<br />
-<br />
-&#160; * &#160;<strong>restrict elements</strong>&#160; ^~`<br />
-&#160; * &#160;proper closure of empty elements like <span class="term">img</span>&#160; ^`<br />
-&#160; * &#160;<strong>transform deprecated elements</strong>&#160;like <span class="term">u</span>&#160; ^~`<br />
-&#160; * &#160;HTML <strong>comments</strong>&#160;and <span class="term">CDATA</span>&#160;sections can be permitted &#160;^~`<br />
-&#160; * &#160;elements like <span class="term">script</span>, <span class="term">object</span>&#160;and <span class="term">form</span>&#160;can be permitted &#160;~<br />
-<br />
-&#160; * &#160;<strong>restrict attributes</strong>, including <strong>element-specifically</strong>&#160; ^~`<br />
-&#160; * &#160;remove <strong>invalid attributes</strong>&#160; ^`<br />
-&#160; * &#160;element and attribute names are <strong>lower-cased</strong>&#160; ^<br />
-&#160; * &#160;provide <strong>required attributes</strong>, like <span class="term">alt</span>&#160;for <span class="term">image</span>&#160; ^`<br />
-&#160; * &#160;<strong>transform deprecated attributes</strong>&#160; ^~`<br />
-&#160; * &#160;attributes <strong>declared only once</strong>&#160; ^`<br />
-<br />
-&#160; * &#160;<strong>restrict attribute values</strong>, including <strong>element-specifically</strong>&#160; ^~`<br />
-&#160; * &#160;a value is declared for <em>empty</em>&#160;(<em>minimized</em>) attributes like <span class="term">checked</span>&#160; ^<br />
-&#160; * &#160;check for potentially dangerous attribute values &#160;*~<br />
-&#160; * &#160;ensure <strong>unique</strong>&#160;<span class="term">id</span>&#160;attribute values &#160;^~`<br />
-&#160; * &#160;<strong>double-quote</strong>&#160;attribute values &#160;^<br />
-&#160; * &#160;lower-case <strong>standard attribute values</strong>&#160;like <span class="term">password</span>&#160; ^`<br />
-<br />
-&#160; * &#160;<strong>attribute-specific URL protocol/scheme restriction</strong>&#160; *~`<br />
-&#160; * &#160;disable <strong>dynamic expressions</strong>&#160;in <span class="term">style</span>&#160;values &#160;*~`<br />
-<br />
-&#160; * &#160;neutralize invalid named character entities &#160;^`<br />
-&#160; * &#160;<strong>convert</strong>&#160;hexadecimal numeric entities to decimal ones, or vice versa &#160;^~`<br />
-&#160; * &#160;convert named entities to numeric ones for generic XML use &#160;^~`<br />
-<br />
-&#160; * &#160;remove <strong>null</strong>&#160;characters &#160;*<br />
-&#160; * &#160;neutralize potentially dangerous proprietary Netscape <strong>Javascript entities</strong>&#160; *<br />
-&#160; * &#160;replace potentially dangerous <strong>soft-hyphen</strong>&#160;character in URL-accepting attribute values with spaces &#160;*<br />
-<br />
-&#160; * &#160;remove common <strong>invalid characters</strong>&#160;not allowed in HTML or XML &#160;^`<br />
-&#160; * &#160;replace <strong>characters from Microsoft applications</strong>&#160;like <span class="term">Word</span>&#160;that are discouraged in HTML or XML &#160;^~`<br />
-&#160; * &#160;neutralize entities for characters invalid or discouraged in HTML or XML &#160;^`<br />
-&#160; * &#160;appropriately neutralize <span class="term">&lt;</span>, <span class="term">&amp;</span>, <span class="term">"</span>, and <span class="term">&gt;</span>&#160;characters &#160;^*`<br />
-<br />
-&#160; * &#160;understands improperly spaced tag content (like, spread over more than a line) and properly spaces them &#160;`<br />
-&#160; * &#160;attempts to <strong>balance tags</strong>&#160;for well-formedness &#160;^~`<br />
-&#160; * &#160;understands when <strong>omitable closing tags</strong>&#160;like <span class="term">&lt;/p&gt;</span>&#160;(allowed in HTML 4, transitional, e.g.) are missing &#160;^~`<br />
-&#160; * &#160;attempts to permit only <strong>validly nested tags</strong>&#160; ^~`<br />
-&#160; * &#160;option to <strong>remove or neutralize bad content</strong>&#160;^~`<br />
-&#160; * &#160;attempts to <strong>rectify common errors of plain-text misplacement</strong>&#160;(e.g., directly inside <span class="term">blockquote</span>) ^~`<br />
-<br />
-&#160; * &#160;fast, <strong>non-OOP</strong>&#160;code of ~45 kb incurring peak basal memory usage of ~0.5 MB<br />
-&#160; * &#160;<strong>compatible</strong>&#160;with pre-existing code using <span class="term">Kses</span>&#160;(the filter used by <span class="term">WordPress</span>)<br />
-<br />
-&#160; * &#160;optional <strong>anti-spam</strong>&#160;measures such as addition of <span class="term">rel="nofollow"</span>&#160;and link-disabling &#160;~`<br />
-&#160; * &#160;optionally makes <strong>relative URLs absolute</strong>, and vice versa &#160;~`<br />
-<br />
-&#160; * &#160;optionally mark <span class="term">&amp;</span>&#160;to identify the entities for <span class="term">&amp;</span>, <span class="term">&lt;</span>&#160;and <span class="term">&gt;</span>&#160;introduced by htmLawed &#160;~`<br />
-<br />
-&#160; * &#160;allows deployment of powerful <strong>hook functions</strong>&#160;to <strong>inject</strong>&#160;HTML, <strong>consolidate</strong>&#160;<span class="term">style</span>&#160;attributes to <span class="term">class</span>, finely check attribute values, etc. &#160;~`<br />
-<br />
-&#160; * &#160;<strong>independent of character encoding</strong>&#160;of input and does not affect it<br />
-<br />
-&#160; * &#160;<strong>tolerance for ill-written HTML</strong>&#160;to a certain degree<br />
-
-</div>
-<div class="sub-section"><h3>
-<a name="s1.3" id="s1.3"></a><span class="item-no">1.3</span>&#160; History
-</h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" />
-<br />
-&#160; htmLawed was developed for use with <span class="term">LabWiki</span>, a wiki software developed at PHP Labware, as a suitable software could not be found. Existing PHP software like <span class="term">Kses</span>&#160;and <span class="term">HTMLPurifier</span>&#160;were deemed inadequate, slow, resource-intensive, or dependent on external applications like <span class="term">HTML Tidy</span>.<br />
-<br />
-&#160; htmLawed started as a modification of Ulf Harnhammar's <span class="term">Kses</span>&#160;(version 0.2.2) software, and is compatible with code that uses <span class="term">Kses</span>; see <a href="#s2.6">section 2.6</a>.<br />
-
-</div>
-<div class="sub-section"><h3>
-<a name="s1.4" id="s1.4"></a><span class="item-no">1.4</span>&#160; License &amp; copyright
-</h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" />
-<br />
-&#160; htmLawed is free and open-source software dual licensed under LGPL license version <a href="http://www.gnu.org/licenses/lgpl-3.0.txt">3</a>&#160;and GPL license version <a href="http://www.gnu.org/licenses/gpl-2.0.txt">2</a>&#160;or later, and copyrighted by Santosh Patnaik, MD, PhD.<br />
-
-</div>
-<div class="sub-section"><h3>
-<a name="s1.5" id="s1.5"></a><span class="item-no">1.5</span>&#160; Terms used here
-</h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" />
-<br />
-&#160; * &#160;<em>administrator</em>&#160;- or admin; person setting up the code to pass input through htmLawed; also, <em>user</em><br />
-&#160; * &#160;<em>attributes</em>&#160;- name-value pairs like <span class="term">href="http&#58;//x.com"</span>&#160;in opening tags<br />
-&#160; * &#160;<em>author</em>&#160;- <em>writer</em><br />
-&#160; * &#160;<em>character</em>&#160;- atomic unit of text; internally represented by a numeric <em>code-point</em>&#160;as specified by the <em>encoding</em>&#160;or <em>charset</em>&#160;in use<br />
-&#160; * &#160;<em>entity</em>&#160;- markup like <span class="term">&amp;gt;</span>&#160;and <span class="term">&amp;#160;</span>&#160;used to refer to a character<br />
-&#160; * &#160;<em>element</em>&#160;- HTML element like <span class="term">a</span>&#160;and <span class="term">img</span><br />
-&#160; * &#160;<em>element content</em>&#160;- &#160;content between the opening and closing tags of an element, like <span class="term">click</span>&#160;of <span class="term">&lt;a href="x"&gt;click&lt;/a&gt;</span><br />
-&#160; * &#160;<em>HTML</em>&#160;- implies XHTML unless specified otherwise<br />
-&#160; * &#160;<em>input</em>&#160;- text string given to htmLawed to process<br />
-&#160; * &#160;<em>processing</em>&#160;- involves filtering, correction, etc., of input<br />
-&#160; * &#160;<em>safe</em>&#160;- absence or reduction of certain characters and HTML elements and attributes in the input that can otherwise potentially and circumstantially expose web-site users to security vulnerabilities like cross-site scripting attacks (XSS)<br />
-&#160; * &#160;<em>scheme</em>&#160;- URL protocol like <span class="term">http</span>&#160;and <span class="term">ftp</span><br />
-&#160; * &#160;<em>specs</em>&#160;- standard specifications<br />
-&#160; * &#160;<em>style property</em>&#160;- terms like <span class="term">border</span>&#160;and <span class="term">height</span>&#160;for which declarations are made in values for the <span class="term">style</span>&#160;attribute of elements<br />
-&#160; * &#160;<em>tag</em>&#160;- markers like <span class="term">&lt;a href="x"&gt;</span>&#160;and <span class="term">&lt;/a&gt;</span>&#160;delineating element content; the opening tag can contain attributes<br />
-&#160; * &#160;<em>tag content</em>&#160;- consists of tag markers <span class="term">&lt;</span>&#160;and <span class="term">&gt;</span>, element names like <span class="term">div</span>, and possibly attributes<br />
-&#160; * &#160;<em>user</em>&#160;- administrator<br />
-&#160; * &#160;<em>writer</em>&#160;- end-user like a blog commenter providing the input that is to be processed; also, <em>author</em><br />
-
-</div>
-</div>
-<div class="section"><h2>
-<a name="s2" id="s2"></a><span class="item-no">2</span>&#160; Usage
-</h2><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" />
-<br />
-&#160; htmLawed should work with PHP 4.4 and higher. Either <span class="term">include()</span>&#160;the <span class="term">htmLawed.php</span>&#160;file or copy-paste the entire code.<br />
-<br />
-&#160; To easily <strong>test</strong>&#160;htmLawed using a form-based interface, use the provided <a href="htmLawedTest.php">demo</a>&#160;(<span class="term">htmLawed.php</span>&#160;and <span class="term">htmLawedTest.php</span>&#160;should be in the same directory on the web-server).<br />
-<br />
-&#160; <strong>Note</strong>: For code for usage of the htmLawed class (for htmLawed in OOP), please refer to the <a href="http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed">htmLawed</a>&#160;website; the filtering itself can be configured, etc., as described here.<br />
-
-<div class="sub-section"><h3>
-<a name="s2.1" id="s2.1"></a><span class="item-no">2.1</span>&#160; Simple
-</h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" />
-<br />
-&#160; The input text to be processed, <span class="term">$text</span>, is passed as an argument of type string; <span class="term">htmLawed()</span>&#160;returns the processed string:<br />
-<br />
-
-<code class="code">&#160; &#160; $processed = htmLawed($text);</code>
-<br />
-<br />
-&#160; <strong>Note</strong>: If input is from a <span class="term">$_GET</span>&#160;or <span class="term">$_POST</span>&#160;value, and <span class="term">magic quotes</span>&#160;are enabled on the PHP setup, run <span class="term">stripslashes()</span>&#160;on the input before passing to htmLawed.<br />
-<br />
-&#160; By default, htmLawed will process the text allowing all valid HTML elements/tags, secure URL scheme/CSS style properties, etc. It will allow <span class="term">CDATA</span>&#160;sections and HTML comments, balance tags, and ensure proper nesting of elements. Such actions can be configured using two other optional arguments -- <span class="term">$config</span>&#160;and <span class="term">$spec</span>:<br />
-<br />
-
-<code class="code">&#160; &#160; $processed = htmLawed($text, $config, $spec);</code>
-<br />
-<br />
-&#160; These extra parameters are detailed below. Some examples are shown in <a href="#s2.9">section 2.9</a>.<br />
-<br />
-&#160; <strong>Note</strong>: For maximum protection against <span class="term">XSS</span>&#160;and other scripting attacks (e.g., by disallowing Javascript code), consider using the <span class="term">safe</span>&#160;parameter; see <a href="#s3.6">section 3.6</a>.<br />
-
-</div>
-<div class="sub-section"><h3>
-<a name="s2.2" id="s2.2"></a><span class="item-no">2.2</span>&#160; Configuring htmLawed using the <span class="term">$config</span>&#160;parameter
-</h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" />
-<br />
-&#160; <span class="term">$config</span>&#160;instructs htmLawed on how to tackle certain tasks. When <span class="term">$config</span>&#160;is not specified, or not set as an array (e.g., <span class="term">$config = 1</span>), htmLawed will take default actions. One or many of the task-action or value-specification pairs can be specified in <span class="term">$config</span>&#160;as array key-value pairs. If a parameter is not specified, htmLawed will use the default value/action indicated further below.<br />
-<br />
-
-<code class="code">&#160; &#160; $config = array(&#39;comment&#39;=&gt;0, &#39;cdata&#39;=&gt;1);</code>
-<br />
-
-<code class="code">&#160; &#160; $processed = htmLawed($text, $config);</code>
-<br />
-<br />
-&#160; Or,<br />
-<br />
-
-<code class="code">&#160; &#160; $processed = htmLawed($text, array(&#39;comment&#39;=&gt;0, &#39;cdata&#39;=&gt;1));</code>
-<br />
-<br />
-&#160; Below are the possible value-specification combinations. In PHP code, values that are integers should not be quoted and should be used as numeric types (unless meant as string/text).<br />
-<br />
-&#160; Key: <span class="term">&#42;</span>&#160;default, <span class="term">^</span>&#160;different default when htmLawed is used in the Kses-compatible mode (see <a href="#s2.6">section 2.6</a>), <span class="term">~</span>&#160;different default when <span class="term">valid_xhtml</span>&#160;is set to <span class="term">1</span>&#160;(see <a href="#s3.5">section 3.5</a>), <span class="term">"</span>&#160;different default when <span class="term">safe</span>&#160;is set to <span class="term">1</span>&#160;(see <a href="#s3.6">section 3.6</a>)<br />
-<br />
-&#160; <strong>abs_url</strong><br />
-&#160; Make URLs absolute or relative; <span class="term">$config["base_url"]</span>&#160;needs to be set; see <a href="#s3.4.4">section 3.4.4</a><br />
-<br />
-&#160; <span class="term">-1</span>&#160;- make relative<br />
-&#160; <span class="term">0</span>&#160;- no action &#160;*<br />
-&#160; <span class="term">1</span>&#160;- make absolute<br />
-<br />
-&#160; <strong>and_mark</strong><br />
-&#160; Mark <span class="term">&amp;</span>&#160;characters in the original input; see <a href="#s3.2">section 3.2</a><br />
-<br />
-&#160; <strong>anti_link_spam</strong><br />
-&#160; Anti-link-spam measure; see <a href="#s3.4.7">section 3.4.7</a><br />
-<br />
-&#160; <span class="term">0</span>&#160;- no measure taken &#160;*<br />
-&#160; <span class="term">array("regex1", "regex2")</span>&#160;- will ensure a <span class="term">rel</span>&#160;attribute with <span class="term">nofollow</span>&#160;in its value in case the <span class="term">href</span>&#160;attribute value matches the regular expression pattern <span class="term">regex1</span>, and/or will remove <span class="term">href</span>&#160;if its value matches the regular expression pattern <span class="term">regex2</span>. E.g., <span class="term">array("/./", "/&#58;//\W&#42;(?!(abc\.com|xyz\.org))/")</span>; see <a href="#s3.4.7">section 3.4.7</a>&#160;for more.<br />
-<br />
-&#160; <strong>anti_mail_spam</strong><br />
-&#160; Anti-mail-spam measure; see <a href="#s3.4.7">section 3.4.7</a><br />
-<br />
-&#160; <span class="term">0</span>&#160;- no measure taken &#160;*<br />
-&#160; <span class="term">word</span>&#160;- <span class="term">@</span>&#160;in mail address in <span class="term">href</span>&#160;attribute value is replaced with specified <span class="term">word</span><br />
-<br />
-&#160; <strong>balance</strong><br />
-&#160; Balance tags for well-formedness and proper nesting; see <a href="#s3.3.3">section 3.3.3</a><br />
-<br />
-&#160; <span class="term">0</span>&#160;- no<br />
-&#160; <span class="term">1</span>&#160;- yes &#160;*<br />
-<br />
-&#160; <strong>base_url</strong><br />
-&#160; Base URL value that needs to be set if <span class="term">$config["abs_url"]</span>&#160;is not <span class="term">0</span>; see <a href="#s3.4.4">section 3.4.4</a><br />
-<br />
-&#160; <strong>cdata</strong><br />
-&#160; Handling of <span class="term">CDATA</span>&#160;sections; see <a href="#s3.3.1">section 3.3.1</a><br />
-<br />
-&#160; <span class="term">0</span>&#160;- don't consider <span class="term">CDATA</span>&#160;sections as markup and proceed as if plain text &#160;^"<br />
-&#160; <span class="term">1</span>&#160;- remove<br />
-&#160; <span class="term">2</span>&#160;- allow, but neutralize any <span class="term">&lt;</span>, <span class="term">&gt;</span>, and <span class="term">&amp;</span>&#160;inside by converting them to named entities<br />
-&#160; <span class="term">3</span>&#160;- allow &#160;*<br />
-<br />
-&#160; <strong>clean_ms_char</strong><br />
-&#160; Replace discouraged characters introduced by Microsoft Word, etc.; see <a href="#s3.1">section 3.1</a><br />
-<br />
-&#160; <span class="term">0</span>&#160;- no &#160;*<br />
-&#160; <span class="term">1</span>&#160;- yes<br />
-&#160; <span class="term">2</span>&#160;- yes, but replace special single &amp; double quotes with ordinary ones<br />
-<br />
-&#160; <strong>comment</strong><br />
-&#160; Handling of HTML comments; see <a href="#s3.3.1">section 3.3.1</a><br />
-<br />
-&#160; <span class="term">0</span>&#160;- don't consider comments as markup and proceed as if plain text &#160;^"<br />
-&#160; <span class="term">1</span>&#160;- remove<br />
-&#160; <span class="term">2</span>&#160;- allow, but neutralize any <span class="term">&lt;</span>, <span class="term">&gt;</span>, and <span class="term">&amp;</span>&#160;inside by converting to named entities<br />
-&#160; <span class="term">3</span>&#160;- allow &#160;*<br />
-<br />
-&#160; <strong>css_expression</strong><br />
-&#160; Allow dynamic CSS expression by not removing the expression from CSS property values in <span class="term">style</span>&#160;attributes; see <a href="#s3.4.8">section 3.4.8</a><br />
-<br />
-&#160; <span class="term">0</span>&#160;- remove &#160;*<br />
-&#160; <span class="term">1</span>&#160;- allow<br />
-<br />
-&#160; <strong>deny_attribute</strong><br />
-&#160; Denied HTML attributes; see <a href="#s3.4">section 3.4</a><br />
-<br />
-&#160; <span class="term">0</span>&#160;- none &#160;*<br />
-&#160; <span class="term">string</span>&#160;- dictated by values in <span class="term">string</span><br />
-&#160; <span class="term">on&#42;</span>&#160;(like <span class="term">onfocus</span>) attributes not allowed - "<br />
-<br />
-&#160; <strong>direct_nest_list</strong><br />
-&#160; Allow direct nesting of a list within another without requiring it to be a list item; see <a href="#s3.3.4">section 3.3.4</a><br />
-<br />
-&#160; <span class="term">0</span>&#160;- no &#160;*<br />
-&#160; <span class="term">1</span>&#160;- yes<br />
-<br />
-&#160; <strong>elements</strong><br />
-&#160; Allowed HTML elements; see <a href="#s3.3">section 3.3</a><br />
-<br />
-&#160; <span class="term">&#42; -center -dir -font -isindex -menu -s -strike -u</span>&#160;- &#160;~<br />
-&#160; <span class="term">applet, embed, iframe, object, script</span>&#160;not allowed - "<br />
-<br />
-&#160; <strong>hexdec_entity</strong><br />
-&#160; Allow hexadecimal numeric entities and do not convert to the more widely accepted decimal ones, or convert decimal to hexadecimal ones; see <a href="#s3.2">section 3.2</a><br />
-<br />
-&#160; <span class="term">0</span>&#160;- no<br />
-&#160; <span class="term">1</span>&#160;- yes &#160;*<br />
-&#160; <span class="term">2</span>&#160;- convert decimal to hexadecimal ones<br />
-<br />
-&#160; <strong>hook</strong><br />
-&#160; Name of an optional hook function to alter the input string, <span class="term">$config</span>&#160;or <span class="term">$spec</span>&#160;before htmLawed starts its main work; see <a href="#s3.7">section 3.7</a><br />
-<br />
-&#160; <span class="term">0</span>&#160;- no hook function &#160;*<br />
-&#160; <span class="term">name</span>&#160;- <span class="term">name</span>&#160;is name of the hook function (<span class="term">kses_hook</span>&#160; ^)<br />
-<br />
-&#160; <strong>hook_tag</strong><br />
-&#160; Name of an optional hook function to alter tag content finalized by htmLawed; see <a href="#s3.4.9">section 3.4.9</a><br />
-<br />
-&#160; <span class="term">0</span>&#160;- no hook function &#160;*<br />
-&#160; <span class="term">name</span>&#160;- <span class="term">name</span>&#160;is name of the hook function<br />
-<br />
-&#160; <strong>keep_bad</strong><br />
-&#160; Neutralize bad tags by converting <span class="term">&lt;</span>&#160;and <span class="term">&gt;</span>&#160;to entities, or remove them; see <a href="#s3.3.3">section 3.3.3</a><br />
-<br />
-&#160; <span class="term">0</span>&#160;- remove &#160;^<br />
-&#160; <span class="term">1</span>&#160;- neutralize both tags and element content<br />
-&#160; <span class="term">2</span>&#160;- remove tags but neutralize element content<br />
-&#160; <span class="term">3</span>&#160;and <span class="term">4</span>&#160;- like <span class="term">1</span>&#160;and <span class="term">2</span>&#160;but remove if text (<span class="term">pcdata</span>) is invalid in parent element<br />
-&#160; <span class="term">5</span>&#160;and <span class="term">6</span>&#160;* - &#160;like <span class="term">3</span>&#160;and <span class="term">4</span>&#160;but line-breaks, tabs and spaces are left<br />
-<br />
-&#160; <strong>lc_std_val</strong><br />
-&#160; For XHTML compliance, predefined, standard attribute values, like <span class="term">get</span>&#160;for the <span class="term">method</span>&#160;attribute of <span class="term">form</span>, must be lowercased; see <a href="#s3.4.5">section 3.4.5</a><br />
-<br />
-&#160; <span class="term">0</span>&#160;- no<br />
-&#160; <span class="term">1</span>&#160;- yes &#160;*<br />
-<br />
-&#160; <strong>make_tag_strict</strong><br />
-&#160; Transform/remove these non-strict XHTML elements, even if they are allowed by the admin: <span class="term">applet</span>&#160;<span class="term">center</span>&#160;<span class="term">dir</span>&#160;<span class="term">embed</span>&#160;<span class="term">font</span>&#160;<span class="term">isindex</span>&#160;<span class="term">menu</span>&#160;<span class="term">s</span>&#160;<span class="term">strike</span>&#160;<span class="term">u</span>; see <a href="#s3.3.2">section 3.3.2</a><br />
-<br />
-&#160; <span class="term">0</span>&#160;- no &#160;^<br />
-&#160; <span class="term">1</span>&#160;- yes, but leave <span class="term">applet</span>, <span class="term">embed</span>&#160;and <span class="term">isindex</span>&#160;elements that currently can't be transformed &#160;*<br />
-&#160; <span class="term">2</span>&#160;- yes, removing <span class="term">applet</span>, <span class="term">embed</span>&#160;and <span class="term">isindex</span>&#160;elements and their contents (nested elements remain) &#160;~<br />
-<br />
-&#160; <strong>named_entity</strong><br />
-&#160; Allow non-universal named HTML entities, or convert to numeric ones; see <a href="#s3.2">section 3.2</a><br />
-<br />
-&#160; <span class="term">0</span>&#160;- convert<br />
-&#160; <span class="term">1</span>&#160;- allow &#160;*<br />
-<br />
-&#160; <strong>no_deprecated_attr</strong><br />
-&#160; Allow deprecated attributes or transform them; see <a href="#s3.4.6">section 3.4.6</a><br />
-<br />
-&#160; <span class="term">0</span>&#160;- allow &#160;^<br />
-&#160; <span class="term">1</span>&#160;- transform, but <span class="term">name</span>&#160;attributes for <span class="term">a</span>&#160;and <span class="term">map</span>&#160;are retained &#160;*<br />
-&#160; <span class="term">2</span>&#160;- transform<br />
-<br />
-&#160; <strong>parent</strong><br />
-&#160; Name of the parent element, possibly imagined, that will hold the input; see <a href="#s3.3">section 3.3</a><br />
-<br />
-&#160; <strong>safe</strong><br />
-&#160; Magic parameter to make input the most secure against XSS without needing to specify other relevant <span class="term">$config</span>&#160;parameters; see <a href="#s3.6">section 3.6</a><br />
-<br />
-&#160; <span class="term">0</span>&#160;- no &#160;*<br />
-&#160; <span class="term">1</span>&#160;- will auto-adjust other relevant <span class="term">$config</span>&#160;parameters (indicated by <span class="term">"</span>&#160;in this list)<br />
-<br />
-&#160; <strong>schemes</strong><br />
-&#160; Array of attribute-specific, comma-separated, lower-cased list of schemes (protocols) allowed in attributes accepting URLs (or <span class="term">!</span>&#160;to <em>deny</em>&#160;any URL); <span class="term">&#42;</span>&#160;covers all unspecified attributes; see <a href="#s3.4.3">section 3.4.3</a><br />
-<br />
-&#160; <span class="term">href&#58; aim, feed, file, ftp, gopher, http, https, irc, mailto, news, nntp, sftp, ssh, telnet; &#42;&#58;file, http, https</span>&#160; *<br />
-&#160; <span class="term">&#42;&#58; ftp, gopher, http, https, mailto, news, nntp, telnet</span>&#160; ^<br />
-&#160; <span class="term">href&#58; aim, feed, file, ftp, gopher, http, https, irc, mailto, news, nntp, sftp, ssh, telnet; style&#58; !; &#42;&#58;file, http, https</span>&#160; "<br />
-<br />
-&#160; <strong>show_setting</strong><br />
-&#160; Name of a PHP variable to assign the <em>finalized</em>&#160;<span class="term">$config</span>&#160;and <span class="term">$spec</span>&#160;values; see <a href="#s3.8">section 3.8</a><br />
-<br />
-&#160; <strong>style_pass</strong><br />
-&#160; Do not look at <span class="term">style</span>&#160;attribute values, letting them through without any alteration<br />
-<br />
-&#160; <span class="term">0</span>&#160;- no *<br />
-&#160; <span class="term">1</span>&#160;- htmLawed will let through any <span class="term">style</span>&#160;value; see <a href="#s3.4.8">section 3.4.8</a><br />
-<br />
-&#160; <strong>tidy</strong><br />
-&#160; Beautify or compact HTML code; see <a href="#s3.3.5">section 3.3.5</a><br />
-<br />
-&#160; <span class="term">-1</span>&#160;- compact<br />
-&#160; <span class="term">0</span>&#160;- no &#160;*<br />
-&#160; <span class="term">1</span>&#160;or <span class="term">string</span>&#160;- beautify (custom format specified by <span class="term">string</span>)<br />
-<br />
-&#160; <strong>unique_ids</strong><br />
-&#160; <span class="term">id</span>&#160;attribute value checks; see <a href="#s3.4.2">section 3.4.2</a><br />
-<br />
-&#160; <span class="term">0</span>&#160;- no &#160;^<br />
-&#160; <span class="term">1</span>&#160;- remove duplicate and/or invalid ones &#160;*<br />
-&#160; <span class="term">word</span>&#160;- remove invalid ones and replace duplicate ones with new and unique ones based on the <span class="term">word</span>; the admin-specified <span class="term">word</span>, like <span class="term">my_</span>, should begin with a letter (a-z) and can contain letters, digits, <span class="term">.</span>, <span class="term">_</span>, <span class="term">-</span>, and <span class="term">&#58;</span>.<br />
-<br />
-&#160; <strong>valid_xhtml</strong><br />
-&#160; Magic parameter to make input the most valid XHTML without needing to specify other relevant <span class="term">$config</span>&#160;parameters; see <a href="#s3.5">section 3.5</a><br />
-<br />
-&#160; <span class="term">0</span>&#160;- no &#160;*<br />
-&#160; <span class="term">1</span>&#160;- will auto-adjust other relevant <span class="term">$config</span>&#160;parameters (indicated by <span class="term">~</span>&#160;in this list)<br />
-<br />
-&#160; <strong>xml:lang</strong><br />
-&#160; Auto-adding <span class="term">xml&#58;lang</span>&#160;attribute; see <a href="#s3.4.1">section 3.4.1</a><br />
-<br />
-&#160; <span class="term">0</span>&#160;- no &#160;*<br />
-&#160; <span class="term">1</span>&#160;- add if <span class="term">lang</span>&#160;attribute is present<br />
-&#160; <span class="term">2</span>&#160;- add if <span class="term">lang</span>&#160;attribute is present, and remove <span class="term">lang</span>&#160; ~<br />
-
-</div>
-<div class="sub-section"><h3>
-<a name="s2.3" id="s2.3"></a><span class="item-no">2.3</span>&#160; Extra HTML specifications using the $spec parameter
-</h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" />
-<br />
-&#160; The <span class="term">$spec</span>&#160;argument can be used to disallow an otherwise legal attribute for an element, or to restrict the attribute's values. This can also be helpful as a security measure (e.g., in certain versions of browsers, certain values can cause buffer overflows and denial of service attacks), or in enforcing admin policy compliance. <span class="term">$spec</span>&#160;is specified as a string of text containing one or more <em>rules</em>, with multiple rules separated from each other by a semi-colon (<span class="term">;</span>). E.g.,<br />
-<br />
-
-<code class="code">&#160; &#160; $spec = &#39;i=-&#42;; td, tr=style, id, -&#42;; a=id(match="/[a-z][a-z\d.&#58;\-&#96;"]&#42;/i"/minval=2), href(maxlen=100/minlen=34); img=-width,-alt&#39;;</code>
-<br />
-
-<code class="code">&#160; &#160; $processed = htmLawed($text, $config, $spec);</code>
-<br />
-<br />
-&#160; Or,<br />
-<br />
-
-<code class="code">&#160; &#160; $processed = htmLawed($text, $config, &#39;i=-&#42;; td, tr=style, id, -&#42;; a=id(match="/[a-z][a-z\d.&#58;\-&#96;"]&#42;/i"/minval=2), href(maxlen=100/minlen=34); img=-width,-alt&#39;);</code>
-<br />
-<br />
-&#160; A rule begins with an HTML <strong>element</strong>&#160;name(s) (<em>rule-element</em>), for which the rule applies, followed by an equal (<span class="term">=</span>) sign. A rule-element may represent multiple elements if comma (,)-separated element names are used. E.g., <span class="term">th,td,tr=</span>.<br />
-<br />
-&#160; Rest of the rule consists of comma-separated HTML <strong>attribute names</strong>. A minus (<span class="term">-</span>) character before an attribute means that the attribute is not permitted inside the rule-element. E.g., <span class="term">-width</span>. To deny all attributes, <span class="term">-&#42;</span>&#160;can be used.<br />
-<br />
-&#160; Following shows examples of rule excerpts with rule-element <span class="term">a</span>&#160;and the attributes that are being permitted:<br />
-<br />
-&#160; * &#160;<span class="term">a=</span>&#160;- all<br />
-&#160; * &#160;<span class="term">a=id</span>&#160;- all<br />
-&#160; * &#160;<span class="term">a=href, title, -id, -onclick</span>&#160;- all except <span class="term">id</span>&#160;and <span class="term">onclick</span><br />
-&#160; * &#160;<span class="term">a=&#42;, id, -id</span>&#160;- all except <span class="term">id</span><br />
-&#160; * &#160;<span class="term">a=-&#42;</span>&#160;- none<br />
-&#160; * &#160;<span class="term">a=-&#42;, href, title</span>&#160;- none except <span class="term">href</span>&#160;and <span class="term">title</span><br />
-&#160; * &#160;<span class="term">a=-&#42;, -id, href, title</span>&#160;- none except <span class="term">href</span>&#160;and <span class="term">title</span><br />
-<br />
-&#160; Rules regarding <strong>attribute values</strong>&#160;are optionally specified inside round brackets after attribute names in slash ('/')-separated <em>parameter = value</em>&#160;pairs. E.g., <span class="term">title(maxlen=30/minlen=5)</span>. None, or one or more of the following parameters may be specified:<br />
-<br />
-&#160; * &#160;<span class="term">oneof</span>&#160;- one or more choices separated by <span class="term">|</span>&#160;that the value should match; if only one choice is provided, then the value must match that choice<br />
-<br />
-&#160; * &#160;<span class="term">noneof</span>&#160;- one or more choices separated by <span class="term">|</span>&#160;that the value should not match<br />
-<br />
-&#160; * &#160;<span class="term">maxlen</span>&#160;and <span class="term">minlen</span>&#160;- upper and lower limits for the number of characters in the attribute value; specified in numbers<br />
-<br />
-&#160; * &#160;<span class="term">maxval</span>&#160;and <span class="term">minval</span>&#160;- upper and lower limits for the numerical value specified in the attribute value; specified in numbers<br />
-<br />
-&#160; * &#160;<span class="term">match</span>&#160;and <span class="term">nomatch</span>&#160;- pattern that the attribute value should or should not match; specified as PHP/PCRE-compatible regular expressions with delimiters and possibly modifiers<br />
-<br />
-&#160; * &#160;<span class="term">default</span>&#160;- a value to force on the attribute if the value provided by the writer does not fit any of the specified parameters<br />
-<br />
-&#160; If <span class="term">default</span>&#160;is not set and the attribute value does not satisfy any of the specified parameters, then the attribute is removed. The <span class="term">default</span>&#160;value can also be used to force all attribute declarations to take the same value (by getting the values declared illegal by setting, e.g., <span class="term">maxlen</span>&#160;to <span class="term">-1</span>).<br />
-<br />
-&#160; Examples with <em>input</em>&#160;<span class="term">&lt;input title="WIDTH" value="10em" /&gt;&lt;input title="length" value="5" /&gt;</span>&#160;are shown below.<br />
-<br />
-&#160; <em>Rule</em>: <span class="term">input=title(maxlen=60/minlen=6), value</span><br />
-&#160; <em>Output</em>: <span class="term">&lt;input value="10em" /&gt;&lt;input title="length" value="5" /&gt;</span><br />
-<br />
-&#160; <em>Rule</em>: <span class="term">input=title(), value(maxval=8/default=6)</span><br />
-&#160; <em>Output</em>: <span class="term">&lt;input title="WIDTH" value="6" /&gt;&lt;input title="length" value="5" /&gt;</span><br />
-<br />
-&#160; <em>Rule</em>: <span class="term">input=title(nomatch=%w.d%i), value(match=%em%/default=6em)</span><br />
-&#160; <em>Output</em>: <span class="term">&lt;input value="10em" /&gt;&lt;input title="length" value="6em" /&gt;</span><br />
-<br />
-&#160; <em>Rule</em>: <span class="term">input=title(oneof=height|depth/default=depth), value(noneof=5|6)</span><br />
-&#160; <em>Output</em>: <span class="term">&lt;input title="depth" value="10em" /&gt;&lt;input title="depth" /&gt;</span><br />
-<br />
-&#160; <strong>Special characters</strong>: The characters <span class="term">;</span>, <span class="term">,</span>, <span class="term">/</span>, <span class="term">(</span>, <span class="term">)</span>, <span class="term">|</span>, <span class="term">~</span>&#160;and space have special meanings in the rules. Words in the rules that use such characters, or the characters themselves, should be <em>escaped</em>&#160;by enclosing in pairs of double-quotes (<span class="term">"</span>). A back-tick (<span class="term">&#96;</span>) can be used to escape a literal <span class="term">"</span>. An example rule illustrating this is <span class="term">input=value(maxlen=30/match="/^\w/"/default="your &#96;"ID&#96;"")</span>.<br />
-<br />
-&#160; <strong>Note</strong>: To deny an attribute for all elements for which it is legal, <span class="term">$config["deny_attribute"]</span>&#160;(see <a href="#s3.4">section 3.4</a>) can be used instead of <span class="term">$spec</span>. Also, attributes can be allowed element-specifically through <span class="term">$spec</span>&#160;while being denied globally through <span class="term">$config["deny_attribute"]</span>. The <span class="term">hook_tag</span>&#160;parameter (<a href="#s3.4.9">section 3.4.9</a>) can also be used to implement the <span class="term">$spec</span>&#160;functionality.<br />
-
-</div>
-<div class="sub-section"><h3>
-<a name="s2.4" id="s2.4"></a><span class="item-no">2.4</span>&#160; Performance time &amp; memory usage
-</h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" />
-<br />
-&#160; The time and memory used by htmLawed depends on its configuration and the size of the input, and the amount, nestedness and well-formedness of the HTML markup within it. In particular, tag balancing and beautification each can increase the processing time by about a quarter.<br />
-<br />
-&#160; The htmLawed <a href="htmLawedTest.php">demo</a>&#160;can be used to evaluate the performance and effects of different types of input and <span class="term">$config</span>.<br />
-
-</div>
-<div class="sub-section"><h3>
-<a name="s2.5" id="s2.5"></a><span class="item-no">2.5</span>&#160; Some security risks to keep in mind
-</h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" />
-<br />
-&#160; When setting the parameters/arguments (like those to allow certain HTML elements) for use with htmLawed, one should bear in mind that the setting may let through potentially <em>dangerous</em>&#160;HTML code which is meant to steal user-data, deface a website, render a page non-functional, etc.<br />
-<br />
-&#160; Unless end-users, either people or software, supplying the content are completely trusted, security issues arising from the degree of HTML usage permission has to be kept in mind. For example, following increase security risks:<br />
-<br />
-&#160; * &#160;Allowing <span class="term">script</span>, <span class="term">applet</span>, <span class="term">embed</span>, <span class="term">iframe</span>&#160;or <span class="term">object</span>&#160;elements, or certain of their attributes like <span class="term">allowscriptaccess</span><br />
-<br />
-&#160; * &#160;Allowing HTML comments (some Internet Explorer versions are vulnerable with, e.g., <span class="term">&lt;!--[if gte IE 4]&gt;&lt;script&gt;alert("xss");&lt;/script&gt;&lt;![endif]--&gt;</span><br />
-<br />
-&#160; * &#160;Allowing dynamic CSS expressions (a feature of the IE browser)<br />
-<br />
-&#160; * &#160;Allowing the <span class="term">style</span>&#160;attribute<br />
-<br />
-&#160; To remove <em>unsecure</em>&#160;HTML, code-developers using htmLawed must set <span class="term">$config</span>&#160;appropriately. E.g., <span class="term">$config["elements"] = "&#42; -script"</span>&#160;to deny the <span class="term">script</span>&#160;element (<a href="#s3.3">section 3.3</a>), <span class="term">$config["safe"] = 1</span>&#160;to auto-configure ceratin htmLawed parameters for maximizing security (<a href="#s3.6">section 3.6</a>), etc.<br />
-<br />
-&#160; Permitting the <span class="term">&#42;style&#42;</span>&#160;attribute brings in risks of <em>click-jacking</em>, <em>phishing</em>, web-page overlays, etc., <em>even</em>&#160;when the <span class="term">safe</span>&#160;parameter is enabled (see <a href="#s3.6">section 3.6</a>). Except for URLs and a few other things like CSS dynamic expressions, htmLawed currently does not check every CSS style property. It does provide ways for the code-developer implementing htmLawed to do such checks through htmLawed's <span class="term">$spec</span>&#160;argument, and through the <span class="term">hook_tag</span>&#160;parameter (see <a href="#s3.4.8">section 3.4.8</a>&#160;for more). Disallowing <span class="term">style</span>&#160;completely and relying on CSS classes and stylesheet files is recommended.<br />
-<br />
-&#160; htmLawed does not check or correct the character <strong>encoding</strong>&#160;of the input it receives. In conjunction with permitting circumstances such as when the character encoding is left undefined through HTTP headers or HTML <span class="term">meta</span>&#160;tags, this can permit an exploit (like Google's UTF-7/XSS vulnerability of the past).<br />
-
-</div>
-<div class="sub-section"><h3>
-<a name="s2.6" id="s2.6"></a><span class="item-no">2.6</span>&#160; Use without modifying old <span class="term">kses()</span>&#160;code
-</h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" />
-<br />
-&#160; The <span class="term">Kses</span>&#160;PHP script is used by many applications (like <span class="term">WordPress</span>). It is possible to have such applications use htmLawed instead, since it is compatible with code that calls the <span class="term">kses()</span>&#160;function declared in the <span class="term">Kses</span>&#160;file (usually named <span class="term">kses.php</span>). E.g., application code like this will continue to work after replacing <span class="term">Kses</span>&#160;with htmLawed:<br />
-<br />
-
-<code class="code">&#160; &#160; $comment_filtered = kses($comment_input, array(&#39;a&#39;=&gt;array(), &#39;b&#39;=&gt;array(), &#39;i&#39;=&gt;array()));</code>
-<br />
-<br />
-&#160; For some of the <span class="term">$config</span>&#160;parameters, htmLawed will use values other than the default ones. These are indicated by <span class="term">^</span>&#160;in <a href="#s2.2">section 2.2</a>. To force htmLawed to use other values, function <span class="term">kses()</span>&#160;in the htmLawed code should be edited -- a few configurable parameters/variables need to be changed.<br />
-<br />
-&#160; If the application uses a <span class="term">Kses</span>&#160;file that has the <span class="term">kses()</span>&#160;function declared, then, to have the application use htmLawed instead of <span class="term">Kses</span>, simply rename <span class="term">htmLawed.php</span>&#160;(to <span class="term">kses.php</span>, e.g.) and replace the <span class="term">Kses</span>&#160;file (or just replace the code in the <span class="term">Kses</span>&#160;file with the htmLawed code). If the <span class="term">kses()</span>&#160;function in the <span class="term">Kses</span>&#160;file had been renamed by the application developer (e.g., in <span class="term">WordPress</span>, it is named <span class="term">wp_kses()</span>), then appropriately rename the <span class="term">kses()</span>&#160;function in the htmLawed code.<br />
-<br />
-&#160; If the <span class="term">Kses</span>&#160;file used by the application has been highly altered by the application developers, then one may need a different approach. E.g., with <span class="term">WordPress</span>, it is best to copy the htmLawed code to <span class="term">wp_includes/kses.php</span>, rename the newly added function <span class="term">kses()</span>&#160;to <span class="term">wp_kses()</span>, and delete the code for the original <span class="term">wp_kses()</span>&#160;function.<br />
-<br />
-&#160; If the <span class="term">Kses</span>&#160;code has a non-empty hook function (e.g., <span class="term">wp_kses_hook()</span>&#160;in case of <span class="term">WordPress</span>), then the code for htmLawed's <span class="term">kses_hook()</span>&#160;function should be appropriately edited. However, the requirement of the hook function should be re-evaluated considering that htmLawed has extra capabilities. With <span class="term">WordPress</span>, the hook function is an essential one. The following code is suggested for the htmLawed <span class="term">kses_hook()</span>&#160;in case of <span class="term">WordPress</span>:<br />
-<br />
-
-<code class="code">&#160; &#160; function kses_hook($string, &amp;$cf, &amp;$spec){</code>
-<br />
-
-<code class="code">&#160; &#160; // kses compatibility</code>
-<br />
-
-<code class="code">&#160; &#160; $allowed_html = $spec;</code>
-<br />
-
-<code class="code">&#160; &#160; $allowed_protocols = array();</code>
-<br />
-
-<code class="code">&#160; &#160; foreach($cf[&#39;schemes&#39;] as $v){</code>
-<br />
-
-<code class="code">&#160; &#160; &#160;foreach($v as $k2=&gt;$v2){</code>
-<br />
-
-<code class="code">&#160; &#160; &#160; if(!in_array($k2, $allowed_protocols)){</code>
-<br />
-
-<code class="code">&#160; &#160; &#160; &#160;$allowed_protocols[] = $k2;</code>
-<br />
-
-<code class="code">&#160; &#160; &#160; }</code>
-<br />
-
-<code class="code">&#160; &#160; &#160;}</code>
-<br />
-
-<code class="code">&#160; &#160; }</code>
-<br />
-
-<code class="code">&#160; &#160; return wp_kses_hook($string, $allowed_html, $allowed_protocols);</code>
-<br />
-
-<code class="code">&#160; &#160; // eof</code>
-<br />
-
-<code class="code">&#160; &#160; }</code>
-<br />
-
-</div>
-<div class="sub-section"><h3>
-<a name="s2.7" id="s2.7"></a><span class="item-no">2.7</span>&#160; Tolerance for ill-written HTML
-</h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" />
-<br />
-&#160; htmLawed can work with ill-written HTML code in the input. However, HTML that is too ill-written may not be <em>read</em>&#160;as HTML, and be considered mere plain text instead. Following statements indicate the degree of <em>looseness</em>&#160;that htmLawed can work with, and can be provided in instructions to writers:<br />
-<br />
-&#160; * &#160;Tags must be flanked by <span class="term">&lt;</span>&#160;and <span class="term">&gt;</span>&#160;with no <span class="term">&gt;</span>&#160;inside -- any needed <span class="term">&gt;</span>&#160;should be put in as <span class="term">&amp;gt;</span>. It is possible for tag content (element name and attributes) to be spread over many lines instead of being on one. A space may be present between the tag content and <span class="term">&gt;</span>, like <span class="term">&lt;div &gt;</span>&#160;and <span class="term">&lt;img / &gt;</span>, but not after the <span class="term">&lt;</span>.<br />
-<br />
-&#160; * &#160;Element and attribute names need not be lower-cased.<br />
-<br />
-&#160; * &#160;Attribute string of elements may be liberally spaced with tabs, line-breaks, etc.<br />
-<br />
-&#160; * &#160;Attribute values may not be double-quoted, or may be single-quoted.<br />
-<br />
-&#160; * &#160;Left-padding of numeric entities (like, <span class="term">&amp;#0160;</span>, <span class="term">&amp;x07ff;</span>) with <span class="term">0</span>&#160;is okay as long as the number of characters between between the <span class="term">&amp;</span>&#160;and the <span class="term">;</span>&#160;does not exceed 8. All entities must end with <span class="term">;</span>&#160;though.<br />
-<br />
-&#160; * &#160;Named character entities must be properly cased. E.g., <span class="term">&amp;Lt;</span>&#160;or <span class="term">&amp;TILDE;</span>&#160;will not be let through without modification.<br />
-<br />
-&#160; * &#160;HTML comments should not be inside element tags (okay between tags), and should begin with <span class="term">&lt;!--</span>&#160;and end with <span class="term">--&gt;</span>. Characters like <span class="term">&lt;</span>, <span class="term">&gt;</span>, and <span class="term">&amp;</span>&#160;may be allowed inside depending on <span class="term">$config</span>, but any <span class="term">--&gt;</span>&#160;inside should be put in as <span class="term">--&amp;gt;</span>. Any <span class="term">--</span>&#160;inside will be automatically converted to <span class="term">-</span>, and a space will be added before the comment delimiter <span class="term">--&gt;</span>.<br />
-<br />
-&#160; * &#160;<span class="term">CDATA</span>&#160;sections should not be inside element tags, and can be in element content only if plain text is allowed for that element. They should begin with <span class="term">&lt;[CDATA[</span>&#160;and end with <span class="term">]]&gt;</span>. Characters like <span class="term">&lt;</span>, <span class="term">&gt;</span>, and <span class="term">&amp;</span>&#160;may be allowed inside depending on <span class="term">$config</span>, but any <span class="term">]]&gt;</span>&#160;inside should be put in as <span class="term">]]&amp;gt;</span>.<br />
-<br />
-&#160; * &#160;For attribute values, character entities <span class="term">&amp;lt;</span>, <span class="term">&amp;gt;</span>&#160;and <span class="term">&amp;amp;</span>&#160;should be used instead of characters <span class="term">&lt;</span>&#160;and <span class="term">&gt;</span>, and <span class="term">&amp;</span>&#160;(when <span class="term">&amp;</span>&#160;is not part of a character entity). This applies even for Javascript code in values of attributes like <span class="term">onclick</span>.<br />
-<br />
-&#160; * &#160;Characters <span class="term">&lt;</span>, <span class="term">&gt;</span>, <span class="term">&amp;</span>&#160;and <span class="term">"</span>&#160;that are part of actual Javascript, etc., code in <span class="term">script</span>&#160;elements should be used as such and not be put in as entities like <span class="term">&amp;gt;</span>. Otherwise, though the HTML will be valid, the code may fail to work. Further, if such characters have to be used, then they should be put inside <span class="term">CDATA</span>&#160;sections.<br />
-<br />
-&#160; * &#160;Simple instructions like "an opening tag cannot be present between two closing tags" and "nested elements should be closed in the reverse order of how they were opened" can help authors write balanced HTML. If tags are imbalanced, htmLawed will try to balance them, but in the process, depending on <span class="term">$config["keep_bad"]</span>, some code/text may be lost.<br />
-<br />
-&#160; * &#160;Input authors should be notified of admin-specified allowed elements, attributes, configuration values (like conversion of named entities to numeric ones), etc.<br />
-<br />
-&#160; * &#160;With <span class="term">$config["unique_ids"]</span>&#160;not <span class="term">0</span>&#160;and the <span class="term">id</span>&#160;attribute being permitted, writers should carefully avoid using duplicate or invalid <span class="term">id</span>&#160;values as even though htmLawed will correct/remove the values, the final output may not be the one desired. E.g., when <span class="term">&lt;a id="home"&gt;&lt;/a&gt;&lt;input id="home" /&gt;&lt;label for="home"&gt;&lt;/label&gt;</span>&#160;is processed into<br />
-<span class="term">&lt;a id="home"&gt;&lt;/a&gt;&lt;input id="prefix_home" /&gt;&lt;label for="home"&gt;&lt;/label&gt;</span>.<br />
-<br />
-&#160; * &#160;Note that even if intended HTML is lost in a highly ill-written input, the processed output will be more secure and standard-compliant.<br />
-<br />
-&#160; * &#160;For URLs, unless <span class="term">$config["scheme"]</span>&#160;is appropriately set, writers should avoid using escape characters or entities in schemes. E.g., <span class="term">htt&amp;#112;</span>&#160;(which many browsers will read as the harmless <span class="term">http</span>) may be considered bad by htmLawed.<br />
-<br />
-&#160; * &#160;htmLawed will attempt to put plain text present directly inside <span class="term">blockquote</span>, <span class="term">form</span>, <span class="term">map</span>&#160;and <span class="term">noscript</span>&#160;elements (illegal as per the specs) inside auto-generated <span class="term">div</span>&#160;elements.<br />
-
-</div>
-<div class="sub-section"><h3>
-<a name="s2.8" id="s2.8"></a><span class="item-no">2.8</span>&#160; Limitations &amp; work-arounds
-</h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" />
-<br />
-&#160; htmLawed's main objective is to make the input text <em>more</em>&#160;standard-compliant, secure for web-page readers, and free of HTML elements and attributes considered undesirable by the administrator. Some of its current limitations, regardless of this objective, are noted below along with work-arounds.<br />
-<br />
-&#160; It should be borne in mind that no browser application is 100% standard-compliant, and that some of the standard specs (like asking for normalization of white-spacing within <span class="term">textarea</span>&#160;elements) are clearly wrong. Regarding security, note that <em>unsafe</em>&#160;HTML code is not necessarily legally invalid.<br />
-<br />
-&#160; * &#160;htmLawed is meant for input that goes into the <span class="term">body</span>&#160;of HTML documents. HTML's head-level elements are not supported, nor are the frameset elements <span class="term">frameset</span>, <span class="term">frame</span>&#160;and <span class="term">noframes</span>.<br />
-<br />
-&#160; * &#160;It cannot transform the non-standard <span class="term">embed</span>&#160;elements to the standard-compliant <span class="term">object</span>&#160;elements. Yet, it can allow <span class="term">embed</span>&#160;elements if permitted (<span class="term">embed</span>&#160;is widely used and supported). Admins can certainly use the <span class="term">hook_tag</span>&#160;parameter (<a href="#s3.4.9">section 3.4.9</a>) to deploy a custom embed-to-object converter function.<br />
-<br />
-&#160; * &#160;The only non-standard element that may be permitted is <span class="term">embed</span>; others like <span class="term">noembed</span>&#160;and <span class="term">nobr</span>&#160;cannot be permitted without modifying the htmLawed code.<br />
-<br />
-&#160; * &#160;It cannot handle input that has non-HTML code like <span class="term">SVG</span>&#160;and <span class="term">MathML</span>. One way around is to break the input into pieces and passing only those without non-HTML code to htmLawed. Another is described in <a href="#s3.9">section 3.9</a>. A third way may be to some how take advantage of the <span class="term">$config["and_mark"]</span>&#160;parameter (see <a href="#s3.2">section 3.2</a>).<br />
-<br />
-&#160; * &#160;By default, htmLawed won't check many attribute values for standard compliance. E.g., <span class="term">width="20m"</span>&#160;with the dimension in non-standard <span class="term">m</span>&#160;is let through. Implementing universal and strict attribute value checks can make htmLawed slow and resource-intensive. Admins should look at the <span class="term">hook_tag</span>&#160;parameter (<a href="#s3.4.9">section 3.4.9</a>) or <span class="term">$spec</span>&#160;to enforce finer checks.<br />
-<br />
-&#160; * &#160;The attributes, deprecated (which can be transformed too) or not, that it supports are largely those that are in the specs. Only a few of the proprietary attributes are supported.<br />
-<br />
-&#160; * &#160;Except for contained URLs and dynamic expressions (also optional), htmLawed does not check CSS style property values. Admins should look at using the <span class="term">hook_tag</span>&#160;parameter (<a href="#s3.4.9">section 3.4.9</a>) or <span class="term">$spec</span>&#160;for finer checks. Perhaps the best option is to disallow <span class="term">style</span>&#160;but allow <span class="term">class</span>&#160;attributes with the right <span class="term">oneof</span>&#160;or <span class="term">match</span>&#160;values for <span class="term">class</span>, and have the various class style properties in <span class="term">.css</span>&#160;CSS stylesheet files.<br />
-<br />
-&#160; * &#160;htmLawed does not parse emoticons, decode <em>BBcode</em>, or <em>wikify</em>, auto-converting text to proper HTML. Similarly, it won't convert line-breaks to <span class="term">br</span>&#160;elements. Such functions are beyond its purview. Admins should use other code to pre- or post-process the input for such purposes.<br />
-<br />
-&#160; * &#160;htmLawed cannot be used to have links force-opened in new windows (by auto-adding appropriate <span class="term">target</span>&#160;and <span class="term">onclick</span>&#160;attributes to <span class="term">a</span>). Admins should look at Javascript-based DOM-modifying solutions for this. Admins may also be able to use a custom hook function to enforce such checks (<span class="term">hook_tag</span>&#160;parameter; see <a href="#s3.4.9">section 3.4.9</a>).<br />
-<br />
-&#160; * &#160;Nesting-based checks are not possible. E.g., one cannot disallow <span class="term">p</span>&#160;elements specifically inside <span class="term">td</span>&#160;while permitting it elsewhere. Admins may be able to use a custom hook function to enforce such checks (<span class="term">hook_tag</span>&#160;parameter; see <a href="#s3.4.9">section 3.4.9</a>).<br />
-<br />
-&#160; * &#160;Except for optionally converting absolute or relative URLs to the other type, htmLawed will not alter URLs (e.g., to change the value of query strings or to convert <span class="term">http</span>&#160;to <span class="term">https</span>. Having absolute URLs may be a standard-requirement, e.g., when HTML is embedded in email messages, whereas altering URLs for other purposes is beyond htmLawed's goals. Admins may be able to use a custom hook function to enforce such checks (<span class="term">hook_tag</span>&#160;parameter; see <a href="#s3.4.9">section 3.4.9</a>).<br />
-<br />
-&#160; * &#160;Pairs of opening and closing tags that do not enclose any content (like <span class="term">&lt;em&gt;&lt;/em&gt;</span>) are not removed. This may be against the standard specs for certain elements (e.g., <span class="term">table</span>). However, presence of such standard-incompliant code will not break the display or layout of content. Admins can also use simple regex-based code to filter out such code.<br />
-<br />
-&#160; * &#160;htmLawed does not check for certain element orderings described in the standard specs (e.g., in a <span class="term">table</span>, <span class="term">tbody</span>&#160;is allowed before <span class="term">tfoot</span>). Admins may be able to use a custom hook function to enforce such checks (<span class="term">hook_tag</span>&#160;parameter; see <a href="#s3.4.9">section 3.4.9</a>).<br />
-<br />
-&#160; * &#160;htmLawed does not check the number of nested elements. E.g., it will allow two <span class="term">caption</span>&#160;elements in a <span class="term">table</span>&#160;element, illegal as per the specs. Admins may be able to use a custom hook function to enforce such checks (<span class="term">hook_tag</span>&#160;parameter; see <a href="#s3.4.9">section 3.4.9</a>).<br />
-<br />
-&#160; * &#160;htmLawed might convert certain entities to actual characters and remove backslashes and CSS comment-markers (<span class="term">/&#42;</span>) in <span class="term">style</span>&#160;attribute values in order to detect malicious HTML like crafted IE-specific dynamic expressions like <span class="term">&amp;#101;xpression...</span>. If this is too harsh, admins can allow CSS expressions through htmLawed core but then use a custom function through the <span class="term">hook_tag</span>&#160;parameter (<a href="#s3.4.9">section 3.4.9</a>) to more specifically identify CSS expressions in the <span class="term">style</span>&#160;attribute values. Also, using <span class="term">$config["style_pass"]</span>, it is possible to have htmLawed pass <span class="term">style</span>&#160;attribute values without even looking at them (<a href="#s3.4.8">section 3.4.8</a>).<br />
-<br />
-&#160; * &#160;htmLawed does not correct certain possible attribute-based security vulnerabilities (e.g., <span class="term">&lt;a href="http&#58;//x%22+style=%22background-image&#58;xss"&gt;x&lt;/a&gt;</span>). These arise when browsers mis-identify markup in <em>escaped</em>&#160;text, defeating the very purpose of escaping text (a bad browser will read the given example as <span class="term">&lt;a href="http&#58;//x" style="background-image&#58;xss"&gt;x&lt;/a&gt;</span>).<br />
-<br />
-&#160; * &#160;Because of poor Unicode support in PHP, htmLawed does not remove the <em>high value</em>&#160;HTML-invalid characters with multi-byte code-points. Such characters however are extremely unlikely to be in the input. (see <a href="#s3.1">section 3.1</a>).<br />
-<br />
-&#160; * &#160;htmLawed does not check or correct the character encoding of the input it receives. In conjunction with permitting circumstances such as when the character encoding is left undefined through HTTP headers or HTML <span class="term">meta</span>&#160;tags, this can permit an exploit (like Google's UTF-7/XSS vulnerability of the past).<br />
-<br />
-&#160; * &#160;Like any script using PHP's PCRE regex functions, PHP setup-specific low PCRE limit values can cause htmLawed to at least partially fail with very long input texts.<br />
-
-</div>
-<div class="sub-section"><h3>
-<a name="s2.9" id="s2.9"></a><span class="item-no">2.9</span>&#160; Examples of usage
-</h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" />
-<br />
-&#160; Safest, allowing only <em>safe</em>&#160;HTML markup --<br />
-<br />
-
-<code class="code">&#160; &#160; $config = array(&#39;safe&#39;=&gt;1);</code>
-<br />
-
-<code class="code">&#160; &#160; $out = htmLawed($in);</code>
-<br />
-<br />
-&#160; Simplest, allowing all valid HTML markup except <span class="term">javascript&#58;</span>&#160;--<br />
-<br />
-
-<code class="code">&#160; &#160; $out = htmLawed($in);</code>
-<br />
-<br />
-&#160; Allowing all valid HTML markup including <span class="term">javascript&#58;</span>&#160;--<br />
-<br />
-
-<code class="code">&#160; &#160; $config = array(&#39;schemes&#39;=&gt;&#39;&#42;&#58;&#42;&#39;);</code>
-<br />
-
-<code class="code">&#160; &#160; $out = htmLawed($in, $config);</code>
-<br />
-<br />
-&#160; Allowing only <span class="term">safe</span>&#160;HTML and the elements <span class="term">a</span>, <span class="term">em</span>, and <span class="term">strong</span>&#160;--<br />
-<br />
-
-<code class="code">&#160; &#160; $config = array(&#39;safe&#39;=&gt;1, &#39;elements&#39;=&gt;&#39;a, em, strong&#39;);</code>
-<br />
-
-<code class="code">&#160; &#160; $out = htmLawed($in, $config);</code>
-<br />
-<br />
-&#160; Not allowing elements <span class="term">script</span>&#160;and <span class="term">object</span>&#160;--<br />
-<br />
-
-<code class="code">&#160; &#160; $config = array(&#39;elements&#39;=&gt;&#39;&#42; -script -object&#39;);</code>
-<br />
-
-<code class="code">&#160; &#160; $out = htmLawed($in, $config);</code>
-<br />
-<br />
-&#160; Not allowing attributes <span class="term">id</span>&#160;and <span class="term">style</span>&#160;--<br />
-<br />
-
-<code class="code">&#160; &#160; $config = array(&#39;deny_attribute&#39;=&gt;&#39;id, style&#39;);</code>
-<br />
-
-<code class="code">&#160; &#160; $out = htmLawed($in, $config);</code>
-<br />
-<br />
-&#160; Permitting only attributes <span class="term">title</span>&#160;and <span class="term">href</span>&#160;--<br />
-<br />
-
-<code class="code">&#160; &#160; $config = array(&#39;deny_attribute&#39;=&gt;&#39;&#42; -title -href&#39;);</code>
-<br />
-
-<code class="code">&#160; &#160; $out = htmLawed($in, $config);</code>
-<br />
-<br />
-&#160; Remove bad/disallowed tags altogether instead of converting them to entities --<br />
-<br />
-
-<code class="code">&#160; &#160; $config = array(&#39;keep_bad&#39;=&gt;0);</code>
-<br />
-
-<code class="code">&#160; &#160; $out = htmLawed($in, $config);</code>
-<br />
-<br />
-&#160; Allowing attribute <span class="term">title</span>&#160;only in <span class="term">a</span>&#160;and not allowing attributes <span class="term">id</span>, <span class="term">style</span>, or scriptable <em>on*</em>&#160;attributes like <span class="term">onclick</span>&#160;--<br />
-<br />
-
-<code class="code">&#160; &#160; $config = array(&#39;deny_attribute&#39;=&gt;&#39;title, id, style, on&#42;&#39;);</code>
-<br />
-
-<code class="code">&#160; &#160; $spec = &#39;a=title&#39;;</code>
-<br />
-
-<code class="code">&#160; &#160; $out = htmLawed($in, $config, $spec);</code>
-<br />
-<br />
-&#160; Some case-studies are presented below.<br />
-<br />
-&#160; <strong>1.</strong>&#160;A blog administrator wants to allow only <span class="term">a</span>, <span class="term">em</span>, <span class="term">strike</span>, <span class="term">strong</span>&#160;and <span class="term">u</span>&#160;in comments, but needs <span class="term">strike</span>&#160;and <span class="term">u</span>&#160;transformed to <span class="term">span</span>&#160;for better XHTML 1-strict compliance, and, he wants the <span class="term">a</span>&#160;links to be to <span class="term">http</span>&#160;or <span class="term">https</span>&#160;resources:<br />
-<br />
-
-<code class="code">&#160; &#160; $processed = htmLawed($in, array(&#39;elements&#39;=&gt;&#39;a, em, strike, strong, u&#39;, &#39;make_tag_strict&#39;=&gt;1, &#39;safe&#39;=&gt;1, &#39;schemes&#39;=&gt;&#39;&#42;&#58;http, https&#39;), &#39;a=href&#39;);</code>
-<br />
-<br />
-&#160; <strong>2.</strong>&#160;An author uses a custom-made web application to load content on his web-site. He is the only one using that application and the content he generates has all types of HTML, including scripts. The web application uses htmLawed primarily as a tool to correct errors that creep in while writing HTML and to take care of the occasional <em>bad</em>&#160;characters in copy-paste text introduced by Microsoft Office. The web application provides a preview before submitted input is added to the content. For the previewing process, htmLawed is set up as follows:<br />
-<br />
-
-<code class="code">&#160; &#160; $processed = htmLawed($in, array(&#39;css_expression&#39;=&gt;1, &#39;keep_bad&#39;=&gt;1, &#39;make_tag_strict&#39;=&gt;1, &#39;schemes&#39;=&gt;&#39;&#42;&#58;&#42;&#39;, &#39;valid_xhtml&#39;=&gt;1));</code>
-<br />
-<br />
-&#160; For the final submission process, <span class="term">keep_bad</span>&#160;is set to <span class="term">6</span>. A value of <span class="term">1</span>&#160;for the preview process allows the author to note and correct any HTML mistake without losing any of the typed text.<br />
-<br />
-&#160; <strong>3.</strong>&#160;A data-miner is scraping information in a specific table of similar web-pages and is collating the data rows, and uses htmLawed to reduce unnecessary markup and white-spaces:<br />
-<br />
-
-<code class="code">&#160; &#160; $processed = htmLawed($in, array(&#39;elements&#39;=&gt;&#39;tr, td&#39;, &#39;tidy&#39;=&gt;-1), &#39;tr, td =&#39;);</code>
-<br />
-
-</div>
-</div>
-<div class="section"><h2>
-<a name="s3" id="s3"></a><span class="item-no">3</span>&#160; Details
-</h2><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" />
-<div class="sub-section"><h3>
-<a name="s3.1" id="s3.1"></a><span class="item-no">3.1</span>&#160; Invalid/dangerous characters
-</h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" />
-<br />
-&#160; Valid characters (more correctly, their code-points) in HTML or XML are, hexadecimally, <span class="term">9</span>, <span class="term">a</span>, <span class="term">d</span>, <span class="term">20</span>&#160;to <span class="term">d7ff</span>, and <span class="term">e000</span>&#160;to <span class="term">10ffff</span>, except <span class="term">fffe</span>&#160;and <span class="term">ffff</span>&#160;(decimally, <span class="term">9</span>, <span class="term">10</span>, <span class="term">13</span>, <span class="term">32</span>&#160;to <span class="term">55295</span>, and <span class="term">57344</span>&#160;to <span class="term">1114111</span>, except <span class="term">65534</span>&#160;and <span class="term">65535</span>). htmLawed removes the invalid characters <span class="term">0</span>&#160;to <span class="term">8</span>, <span class="term">b</span>, <span class="term">c</span>, and <span class="term">e</span>&#160;to <span class="term">1f</span>.<br />
-<br />
-&#160; Because of PHP's poor native support for multi-byte characters, htmLawed cannot check for the remaining invalid code-points. However, for various reasons, it is very unlikely for any of those characters to be in the input.<br />
-<br />
-&#160; Characters that are discouraged (see <a href="#s5.1">section 5.1</a>) but not invalid are not removed by htmLawed.<br />
-<br />
-&#160; It (function <span class="term">hl_tag()</span>) also replaces the potentially dangerous (in some Mozilla [Firefox] and Opera browsers) soft-hyphen character (code-point, hexadecimally, <span class="term">ad</span>, or decimally, <span class="term">173</span>) in attribute values with spaces. Where required, the characters <span class="term">&lt;</span>, <span class="term">&gt;</span>, <span class="term">&amp;</span>, and <span class="term">"</span>&#160;are converted to entities.<br />
-<br />
-&#160; With <span class="term">$config["clean_ms_char"]</span>&#160;set as <span class="term">1</span>&#160;or <span class="term">2</span>, many of the discouraged characters (decimal code-points <span class="term">127</span>&#160;to <span class="term">159</span>&#160;except <span class="term">133</span>) that many Microsoft applications incorrectly use (as per the <span class="term">Windows 1252</span>&#160;[<span class="term">Cp-1252</span>] or a similar encoding system), and the character for decimal code-point <span class="term">133</span>, are converted to appropriate decimal numerical entities (or removed for a few cases)-- see appendix in <a href="#s5.4">section 5.4</a>. This can help avoid some display issues arising from copying-pasting of content.<br />
-<br />
-&#160; With <span class="term">$config["clean_ms_char"]</span>&#160;set as <span class="term">2</span>, characters for the hexadecimal code-points <span class="term">82</span>, <span class="term">91</span>, and <span class="term">92</span>&#160;(for special single-quotes), and <span class="term">84</span>, <span class="term">93</span>, and <span class="term">94</span>&#160;(for special double-quotes) are converted to ordinary single and double quotes respectively and not to entities.<br />
-<br />
-&#160; The character values are replaced with entities/characters and not character values referred to by the entities/characters to keep this task independent of the character-encoding of input text.<br />
-<br />
-&#160; The <span class="term">$config["clean_ms_char"]</span>&#160;parameter should not be used if authors do not copy-paste Microsoft-created text, or if the input text is not believed to use the <span class="term">Windows 1252</span>&#160;(<span class="term">Cp-1252</span>) or a similar encoding like <span class="term">Cp-1251</span>. Further, the input form and the web-pages displaying it or its content should have the character encoding appropriately marked-up.<br />
-
-</div>
-<div class="sub-section"><h3>
-<a name="s3.2" id="s3.2"></a><span class="item-no">3.2</span>&#160; Character references/entities
-</h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" />
-<br />
-&#160; Valid character entities take the form <span class="term">&amp;&#42;;</span>&#160;where <span class="term">&#42;</span>&#160;is <span class="term">#x</span>&#160;followed by a hexadecimal number (hexadecimal numeric entity; like <span class="term">&amp;#xA0;</span>&#160;for non-breaking space), or alphanumeric like <span class="term">gt</span>&#160;(external or named entity; like <span class="term">&amp;nbsp;</span>&#160;for non-breaking space), or <span class="term">#</span>&#160;followed by a number (decimal numeric entity; like <span class="term">&amp;#160;</span>&#160;for non-breaking space). Character entities referring to the soft-hyphen character (the <span class="term">&amp;shy;</span>&#160;or <span class="term">\xad</span>&#160;character; hexadecimal code-point <span class="term">ad</span>&#160;[decimal <span class="term">173</span>]) in URL-accepting attribute values are always replaced with spaces; soft-hyphens in attribute values introduce vulnerabilities in some older versions of the Opera and Mozilla [Firefox] browsers.<br />
-<br />
-&#160; htmLawed (function <span class="term">hl_ent()</span>):<br />
-<br />
-&#160; * &#160;Neutralizes entities with multiple leading zeroes or missing semi-colons (potentially dangerous)<br />
-<br />
-&#160; * &#160;Lowercases the <span class="term">X</span>&#160;(for XML-compliance) and <span class="term">A-F</span>&#160;of hexadecimal numeric entities<br />
-<br />
-&#160; * &#160;Neutralizes entities referring to characters that are HTML-invalid (see <a href="#s3.1">section 3.1</a>)<br />
-<br />
-&#160; * &#160;Neutralizes entities referring to characters that are HTML-discouraged (code-points, hexadecimally, <span class="term">7f</span>&#160;to <span class="term">84</span>, <span class="term">86</span>&#160;to <span class="term">9f</span>, and <span class="term">fdd0</span>&#160;to <span class="term">fddf</span>, or decimally, <span class="term">127</span>&#160;to &l