Merge branch 'master' into saravea

Conflicts: mod/blog/views/default/blog/sidebar/archives.php
author: Silvio Rhatto <rhatto@riseup.net> 2014-03-14 21:25:01 -0300
committer: Silvio Rhatto <rhatto@riseup.net> 2014-03-14 21:25:01 -0300
commit: 3651c99a195685f3a868e159e72c4daf8cb371d3 (patch)
tree: cb004dd7b6ca55215a2c20112fe0c5209d98c18e /actions
parent: 97e689213ff4e829f251af526ed4e796a3cc2b71 (diff)
parent: c2707bb867ddb285af85d7a0e75db26ef692d68c (diff)
download: elgg-3651c99a195685f3a868e159e72c4daf8cb371d3.tar.gz
elgg-3651c99a195685f3a868e159e72c4daf8cb371d3.tar.bz2
8 files changed, 52 insertions, 38 deletions
diff --git a/actions/admin/site/regenerate_secret.php b/actions/admin/site/regenerate_secret.php
new file mode 100644
index 000000000..3112fb5f3
--- /dev/null
+++ b/actions/admin/site/regenerate_secret.php
@@ -0,0 +1,11 @@
+<?php
+/**
+ * Generate a new site secret
+ */
+
+init_site_secret();
+elgg_reset_system_cache();
+
+system_message(elgg_echo('admin:site:secret_regenerated'));
+
+forward(REFERER);
diff --git a/actions/admin/site/update_advanced.php b/actions/admin/site/update_advanced.php
index 0fd8d1f35..4888b0a8d 100644
--- a/actions/admin/site/update_advanced.php
+++ b/actions/admin/site/update_advanced.php
@@ -14,10 +14,10 @@ if ($site = elgg_get_site_entity()) {
 		throw new InstallationException(elgg_echo('InvalidParameterException:NonElggSite'));
 	}
 
-	$site->url = get_input('wwwroot');
+	$site->url = rtrim(get_input('wwwroot', '', false), '/') . '/';
 
-	datalist_set('path', sanitise_filepath(get_input('path')));
-	$dataroot = sanitise_filepath(get_input('dataroot'));
+	datalist_set('path', sanitise_filepath(get_input('path', '', false)));
+	$dataroot = sanitise_filepath(get_input('dataroot', '', false));
 
 	// check for relative paths
 	if (stripos(PHP_OS, 'win') === 0) {
diff --git a/actions/admin/site/update_basic.php b/actions/admin/site/update_basic.php
index 97d258b65..9765182cc 100644
--- a/actions/admin/site/update_basic.php
+++ b/actions/admin/site/update_basic.php
@@ -16,7 +16,7 @@ if ($site = elgg_get_site_entity()) {
 	}
 
 	$site->description = get_input('sitedescription');
-	$site->name = get_input('sitename');
+	$site->name = strip_tags(get_input('sitename'));
 	$site->email = get_input('siteemail');
 	$site->save();
 
diff --git a/actions/avatar/remove.php b/actions/avatar/remove.php
index cd38e456a..9cb40a760 100644
--- a/actions/avatar/remove.php
+++ b/actions/avatar/remove.php
@@ -3,32 +3,34 @@
  * Avatar remove action
  */
 
-$guid = get_input('guid');
-$user = get_entity($guid);
-if ($user) {
-	// Delete all icons from diskspace
-	$icon_sizes = elgg_get_config('icon_sizes');
-	foreach ($icon_sizes as $name => $size_info) {
-		$file = new ElggFile();
-		$file->owner_guid = $guid;
-		$file->setFilename("profile/{$guid}{$name}.jpg");
-		$filepath = $file->getFilenameOnFilestore();
-		if (!$file->delete()) {
-			elgg_log("Avatar file remove failed. Remove $filepath manually, please.", 'WARNING');
-		}
-	}
-	
-	// Remove crop coords
-	unset($user->x1);
-	unset($user->x2);
-	unset($user->y1);
-	unset($user->y2);
-	
-	// Remove icon
-	unset($user->icontime);
-	system_message(elgg_echo('avatar:remove:success'));
-} else {
+$user_guid = get_input('guid');
+$user = get_user($user_guid);
+
+if (!$user || !$user->canEdit()) {
 	register_error(elgg_echo('avatar:remove:fail'));
+	forward(REFERER);
 }
 
+// Delete all icons from diskspace
+$icon_sizes = elgg_get_config('icon_sizes');
+foreach ($icon_sizes as $name => $size_info) {
+	$file = new ElggFile();
+	$file->owner_guid = $user_guid;
+	$file->setFilename("profile/{$user_guid}{$name}.jpg");
+	$filepath = $file->getFilenameOnFilestore();
+	if (!$file->delete()) {
+		elgg_log("Avatar file remove failed. Remove $filepath manually, please.", 'WARNING');
+	}
+}
+
+// Remove crop coords
+unset($user->x1);
+unset($user->x2);
+unset($user->y1);
+unset($user->y2);
+
+// Remove icon
+unset($user->icontime);
+
+system_message(elgg_echo('avatar:remove:success'));
 forward(REFERER);
diff --git a/actions/comments/delete.php b/actions/comments/delete.php
index f2c058ff4..c6b481da4 100644
--- a/actions/comments/delete.php
+++ b/actions/comments/delete.php
@@ -5,11 +5,6 @@
  * @package Elgg
  */
 
-// Ensure we're logged in
-if (!elgg_is_logged_in()) {
-	forward();
-}
-
 // Make sure we can get the comment in question
 $annotation_id = (int) get_input('annotation_id');
 $comment = elgg_get_annotation_from_id($annotation_id);
diff --git a/actions/friends/collections/add.php b/actions/friends/collections/add.php
index 9dc17b37e..e63a149f7 100644
--- a/actions/friends/collections/add.php
+++ b/actions/friends/collections/add.php
@@ -6,7 +6,7 @@
  * @subpackage Friends.Collections
  */
 
-$collection_name = get_input('collection_name');
+$collection_name = htmlspecialchars(get_input('collection_name', '', false), ENT_QUOTES, 'UTF-8');
 $friends = get_input('friends_collection');
 
 if (!$collection_name) {
diff --git a/actions/login.php b/actions/login.php
index 1e5e92ede..bd7f91299 100644
--- a/actions/login.php
+++ b/actions/login.php
@@ -9,7 +9,6 @@
 // set forward url
 if (!empty($_SESSION['last_forward_from'])) {
 	$forward_url = $_SESSION['last_forward_from'];
-	unset($_SESSION['last_forward_from']);
 } elseif (get_input('returntoreferer')) {
 	$forward_url = REFERER;
 } else {
@@ -62,5 +61,9 @@ if ($user->language) {
 	$message = elgg_echo('loginok');
 }
 
+if (isset($_SESSION['last_forward_from'])) {
+	unset($_SESSION['last_forward_from']);
+}
+
 system_message($message);
 forward($forward_url);
diff --git a/actions/profile/edit.php b/actions/profile/edit.php
index 63fb31600..e1f066e82 100644
--- a/actions/profile/edit.php
+++ b/actions/profile/edit.php
@@ -4,6 +4,8 @@
  *
  */
 
+elgg_make_sticky_form('profile:edit');
+
 $guid = get_input('guid');
 $owner = get_entity($guid);
 
@@ -48,7 +50,7 @@ foreach ($profile_fields as $shortname => $valuetype) {
 		forward(REFERER);
 	}
 
-	if ($valuetype == 'url' && !preg_match('~^https?\://~i', $value)) {
+	if ($value && $valuetype == 'url' && !preg_match('~^https?\://~i', $value)) {
 		$value = "http://$value";
 	}
 
@@ -80,7 +82,7 @@ if (sizeof($input) > 0) {
 		);
 		elgg_delete_metadata($options);
 		
-		if(!is_null($value) && ($value !== '')){
+		if (!is_null($value) && ($value !== '')) {
 			// only create metadata for non empty values (0 is allowed) to prevent metadata records with empty string values #4858
 			
 			if (isset($accesslevel[$shortname])) {
@@ -107,6 +109,7 @@ if (sizeof($input) > 0) {
 	// Notify of profile update
 	elgg_trigger_event('profileupdate', $owner->type, $owner);
 
+	elgg_clear_sticky_form('profile:edit');
 	system_message(elgg_echo("profile:saved"));
 }
author	Silvio Rhatto <rhatto@riseup.net>	2014-03-14 21:25:01 -0300
committer	Silvio Rhatto <rhatto@riseup.net>	2014-03-14 21:25:01 -0300
commit	3651c99a195685f3a868e159e72c4daf8cb371d3 (patch)
tree	cb004dd7b6ca55215a2c20112fe0c5209d98c18e /actions
parent	97e689213ff4e829f251af526ed4e796a3cc2b71 (diff)
parent	c2707bb867ddb285af85d7a0e75db26ef692d68c (diff)
download	elgg-3651c99a195685f3a868e159e72c4daf8cb371d3.tar.gz elgg-3651c99a195685f3a868e159e72c4daf8cb371d3.tar.bz2