Merged 5928-6908 from 1.7 branch to trunk.

git-svn-id: http://code.elgg.org/elgg/trunk@6059 36083f99-b078-4883-b0ff-0f9b5a30f544
author: brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544> 2010-05-14 20:50:34 +0000
committer: brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544> 2010-05-14 20:50:34 +0000
commit: 0c2c36ff3b0329ff849930d0403f933653a84dcd (patch)
tree: cdd859d225d68dcfa9603997f4c183eac8864900 /engine
parent: b6aaba915151dd07800761a01b67ffffaee1302b (diff)
download: elgg-0c2c36ff3b0329ff849930d0403f933653a84dcd.tar.gz
elgg-0c2c36ff3b0329ff849930d0403f933653a84dcd.tar.bz2
11 files changed, 368 insertions, 584 deletions
diff --git a/engine/lib/actions.php b/engine/lib/actions.php
index 66c2d9505..57da1389f 100644
--- a/engine/lib/actions.php
+++ b/engine/lib/actions.php
@@ -21,9 +21,6 @@
 function action($action, $forwarder = "") {
 	global $CONFIG;
 
-	// set GET params
-	elgg_set_input_from_uri();
-
 	// @todo REMOVE THESE ONCE #1509 IS IN PLACE.
 	// Allow users to disable plugins without a token in order to
 	// remove plugins that are imcompatible.
@@ -72,6 +69,8 @@ function action($action, $forwarder = "") {
 			} else {
 				register_error(elgg_echo('actionloggedout'));
 			}
+		} else {
+			register_error(elgg_echo('actionunauthorized'));
 		}
 	} else {
 		register_error(sprintf(elgg_echo('actionundefined'),$action));
@@ -197,14 +196,11 @@ function generate_action_token($timestamp) {
 	// Current session id
 	$session_id = session_id();
 
-	// Get user agent
-	$ua = $_SERVER['HTTP_USER_AGENT'];
-
 	// Session token
 	$st = $_SESSION['__elgg_session'];
 
 	if (($site_secret) && ($session_id)) {
-		return md5($site_secret.$timestamp.$session_id.$ua.$st);
+		return md5($site_secret.$timestamp.$session_id.$st);
 	}
 
 	return FALSE;
diff --git a/engine/lib/activity.php b/engine/lib/activity.php
deleted file mode 100644
index 51b083531..000000000
--- a/engine/lib/activity.php
+++ /dev/null
@@ -1,169 +0,0 @@
-<?php
-/**
- * Elgg activity stream.
- * Functions for listening for and generating the rich activity stream from the
- * system log.
- *
- * @package Elgg
- * @subpackage Core
- * @author Curverider Ltd
- * @link http://elgg.org/
- */
-
-/**
- * Construct and execute the query required for the activity stream.
- *
- * @param int $limit Limit the query.
- * @param int $offset Execute from the given object
- * @param mixed $type A type, or array of types to look for. Note: This is how they appear in the SYSTEM LOG.
- * @param mixed $subtype A subtype, or array of types to look for. Note: This is how they appear in the SYSTEM LOG.
- * @param mixed $owner_guid The guid or a collection of GUIDs
- * @param string $owner_relationship If defined, the relationship between $owner_guid and the entity owner_guid - so "is $owner_guid $owner_relationship with $entity->owner_guid"
- * @return array An array of system log entries.
- */
-function get_activity_stream_data($limit = 10, $offset = 0, $type = "", $subtype = "", $owner_guid = "", $owner_relationship = "") {
-	global $CONFIG;
-
-	$limit = (int)$limit;
-	$offset = (int)$offset;
-
-	if ($type) {
-		if (!is_array($type)) {
-			$type = array(sanitise_string($type));
-		} else {
-			foreach ($type as $k => $v) {
-				$type[$k] = sanitise_string($v);
-			}
-		}
-	}
-
-	if ($subtype) {
-		if (!is_array($subtype)) {
-			$subtype = array(sanitise_string($subtype));
-		} else {
-			foreach ($subtype as $k => $v) {
-				$subtype[$k] = sanitise_string($v);
-			}
-		}
-	}
-
-	if ($owner_guid) {
-		if (is_array($owner_guid)) {
-			foreach ($owner_guid as $k => $v) {
-				$owner_guid[$k] = (int)$v;
-			}
-		} else {
-			$owner_guid = array((int)$owner_guid);
-		}
-	}
-
-	$owner_relationship = sanitise_string($owner_relationship);
-
-	// Get a list of possible views
-	$activity_events= array();
-	$activity_views = array_merge(elgg_view_tree('activity', 'default'), elgg_view_tree('river', 'default')); // Join activity with river
-
-	$done = array();
-
-	foreach ($activity_views as $view) {
-		$fragments = explode('/', $view);
-		$tmp = explode('/',$view, 2);
-		$tmp = $tmp[1];
-
-		if ((isset($fragments[0])) && (($fragments[0] == 'river') || ($fragments[0] == 'activity'))
-			&& (!in_array($tmp, $done))) {
-
-			if (isset($fragments[1])) {
-				$f = array();
-				for ($n = 1; $n < count($fragments); $n++) {
-					$val = sanitise_string($fragments[$n]);
-					switch($n) {
-						case 1: $key = 'type'; break;
-						case 2: $key = 'subtype'; break;
-						case 3: $key = 'event'; break;
-					}
-					$f[$key] = $val;
-				}
-
-				// Filter result based on parameters
-				$add = true;
-				if ($type) {
-					if (!in_array($f['type'], $type)) {
-						$add = false;
-					}
-				}
-				if (($add) && ($subtype)) {
-					if (!in_array($f['subtype'], $subtype)) {
-						$add = false;
-					}
-				}
-				if (($add) && ($event)) {
-					if (!in_array($f['event'], $event)) {
-						$add = false;
-					}
-				}
-
-				if ($add) {
-					$activity_events[] = $f;
-				}
-			}
-
-			$done[] = $tmp;
-		}
-	}
-
-	$n = 0;
-	foreach ($activity_events as $details) {
-		// Get what we're talking about
-		if ($details['subtype'] == 'default') {
-			$details['subtype'] = '';
-		}
-
-		if (($details['type']) && ($details['event'])) {
-			if ($n > 0) {
-				$obj_query .= " or ";
-			}
-
-			$access = "";
-			if ($details['type']!='relationship') {
-				$access = " and " . get_access_sql_suffix('sl');
-			}
-
-			$obj_query .= "( sl.object_type='{$details['type']}'
-				AND sl.object_subtype='{$details['subtype']}'
-				AND sl.event='{$details['event']}' $access )";
-
-			$n++;
-		}
-	}
-
-	// User
-	if ((count($owner_guid)) &&  ($owner_guid[0] != 0)) {
-		$user = " and sl.performed_by_guid in (".implode(',', $owner_guid).")";
-
-		if ($owner_relationship) {
-			$friendsarray = "";
-			if ($friends = elgg_get_entities_from_relationship(array(
-				'relationship' => $owner_relationship, 
-				'relationship_guid' => $owner_guid[0],
-				'inverse_relationship' => FALSE, 
-				'types' => 'user', 
-				'subtypes' => $subtype, 
-				'limit' => 9999))
-			) {
-
-				$friendsarray = array();
-				foreach($friends as $friend) {
-					$friendsarray[] = $friend->getGUID();
-				}
-
-				$user = " and sl.performed_by_guid in (" . implode(',', $friendsarray).")";
-			}
-		}
-	}
-
-	$query = "SELECT sl.* FROM {$CONFIG->dbprefix}system_log sl
-		WHERE 1 $user AND ($obj_query)
-		ORDER BY sl.time_created desc limit $offset, $limit";
-	return get_data($query);
-}
diff --git a/engine/lib/api.php b/engine/lib/api.php
index 6707a7418..0da0c82f0 100644
--- a/engine/lib/api.php
+++ b/engine/lib/api.php
@@ -1438,17 +1438,6 @@ function __php_api_exception_handler($exception) {
 function service_handler($handler, $request) {
 	global $CONFIG;
 
-	// setup the input parameters since this comes through rewrite rule
-	$query = substr($_SERVER['REQUEST_URI'], strpos($_SERVER['REQUEST_URI'], '?')+1);
-	if (isset($query)) {
-		$query_arr = elgg_parse_str($query);
-		if (is_array($query_arr)) {
-			foreach($query_arr as $name => $val) {
-				set_input($name, $val);
-			}
-		}
-	}
-
 	set_context('api');
 
 	$request = explode('/',$request);
diff --git a/engine/lib/elgglib.php b/engine/lib/elgglib.php
index fd99cee0b..eac75403f 100644
--- a/engine/lib/elgglib.php
+++ b/engine/lib/elgglib.php
@@ -476,11 +476,10 @@ function elgg_view_regenerate_simplecache() {
 
 function elgg_view_enable_simplecache() {
 	global $CONFIG;
-	if(!$CONFIG->simplecache_enabled) {
-		datalist_set('simplecache_enabled',1);
-		$CONFIG->simplecache_enabled = 1;
-		elgg_view_regenerate_simplecache();
-	}
+
+	datalist_set('simplecache_enabled',1);
+	$CONFIG->simplecache_enabled = 1;
+	elgg_view_regenerate_simplecache();
 }
 
 /**
@@ -1386,6 +1385,39 @@ function elgg_extend_view($view, $view_extension, $priority = 501, $viewtype = '
 }
 
 /**
+ * Unextends a view.
+ *
+ * @param string $view The view that was extended.
+ * @param string $view_extension This view that was added to $view
+ * @return bool
+ * @since 1.7.2
+ */
+function elgg_unextend_view($view, $view_extension) {
+	global $CONFIG;
+
+	if (!isset($CONFIG->views)) {
+		return FALSE;
+	}
+
+	if (!isset($CONFIG->views->extensions)) {
+		return FALSE;
+	}
+
+	if (!isset($CONFIG->views->extensions[$view])) {
+		return FALSE;
+	}
+
+	$priority = array_search($view_extension, $CONFIG->views->extensions[$view]);
+	if ($priority === FALSE) {
+		return FALSE;
+	}
+
+	unset($CONFIG->views->extensions[$view][$priority]);
+	
+	return TRUE;
+}
+
+/**
  * @deprecated 1.7.  Use elgg_extend_view().
  * @param $view
  * @param $view_name
@@ -1498,26 +1530,6 @@ function page_draw($title, $body, $sidebar = "") {
 }
 
 /**
- * Displays a UNIX timestamp in a friendly way (eg "less than a minute ago")
- *
- * @param int $time A UNIX epoch timestamp
- * @return string The friendly time
- */
-function friendly_time($time) {
-	return elgg_view('output/friendlytime', array('time' => $time));
-}
-
-/**
- * When given a title, returns a version suitable for inclusion in a URL
- *
- * @param string $title The title
- * @return string The optimised title
- */
-function friendly_title($title) {
-	return elgg_view('output/friendlytitle', array('title' => $title));
-}
-
-/**
  * Library loading and handling
  */
 
@@ -2813,17 +2825,6 @@ interface Friendable {
 }
 
 /**
- * Handles formatting of ampersands in urls
- *
- * @param string $url
- * @return string
- * @since 1.7.1
- */
-function elgg_format_url($url) {
-	return preg_replace('/&(?!amp;)/', '&amp;', $url);
-}
-
-/**
  * Rebuilds a parsed (partial) URL
  *
  * @param array $parts Associative array of URL components like parse_url() returns
diff --git a/engine/lib/entities.php b/engine/lib/entities.php
index 481feac6b..8e20ec269 100644
--- a/engine/lib/entities.php
+++ b/engine/lib/entities.php
@@ -2319,8 +2319,8 @@ function elgg_get_entity_site_where_sql($table, $site_guids) {
  */
 function elgg_list_entities($options) {
 	$defaults = array(
-		'offset' => 0,
-		'limit' => 10,
+		'offset' => (int) max(get_input('offset', 0), 0),
+		'limit' => (int) max(get_input('limit', 10), 0),
 		'full_view' => TRUE,
 		'view_type_toggle' => FALSE,
 		'pagination' => TRUE
diff --git a/engine/lib/input.php b/engine/lib/input.php
index 26416d646..cf0af2b8e 100644
--- a/engine/lib/input.php
+++ b/engine/lib/input.php
@@ -105,102 +105,6 @@ function sanitise_filepath($path) {
 	return $path;
 }
 
-
-/**
- * Takes a string and turns any URLs into formatted links
- *
- * @param string $text The input string
- * @return string The output stirng with formatted links
- **/
-function parse_urls($text) {
-	// @todo this causes problems with <attr = "val">
-	// must be ing <attr="val"> format (no space).
-	// By default htmlawed rewrites tags to this format.
-	// if PHP supported conditional negative lookbehinds we could use this:
-	// $r = preg_replace_callback('/(?<!=)(?<![ ])?(?<!["\'])((ht|f)tps?:\/\/[^\s\r\n\t<>"\'\!\(\),]+)/i',
-	//
-	// we can put , in the list of excluded char but need to keep . because of domain names.
-	// it is removed in the callback.
-	$r = preg_replace_callback('/(?<!=)(?<!["\'])((ht|f)tps?:\/\/[^\s\r\n\t<>"\'\!\(\),]+)/i',
-	create_function(
-		'$matches',
-		'
-			$url = $matches[1];
-			$period = \'\';
-			if (substr($url, -1, 1) == \'.\') {
-				$period = \'.\';
-				$url = trim($url, \'.\');
-			}
-			$urltext = str_replace("/", "/<wbr />", $url);
-			return "<a href=\"$url\" style=\"text-decoration:underline;\">$urltext</a>$period";
-		'
-	), $text);
-
-	return $r;
-}
-
-/**
- *
- * Adds P tags.
- * Borrowed from Wordpress.
- *
- **/
-function autop($pee, $br = 1) {
-	$pee = $pee . "\n"; // just to make things a little easier, pad the end
-	$pee = preg_replace('|<br />\s*<br />|', "\n\n", $pee);
-	// Space things out a little
-	$allblocks = '(?:table|thead|tfoot|caption|colgroup|tbody|tr|td|th|div|dl|dd|dt|ul|ol|li|pre|select|form|map|area|blockquote|address|math|style|input|p|h[1-6]|hr)';
-	$pee = preg_replace('!(<' . $allblocks . '[^>]*>)!', "\n$1", $pee);
-	$pee = preg_replace('!(</' . $allblocks . '>)!', "$1\n\n", $pee);
-	$pee = str_replace(array("\r\n", "\r"), "\n", $pee); // cross-platform newlines
-	if ( strpos($pee, '<object') !== false ) {
-		$pee = preg_replace('|\s*<param([^>]*)>\s*|', "<param$1>", $pee); // no pee inside object/embed
-		$pee = preg_replace('|\s*</embed>\s*|', '</embed>', $pee);
-	}
-	$pee = preg_replace("/\n\n+/", "\n\n", $pee); // take care of duplicates
-	$pee = preg_replace('/\n?(.+?)(?:\n\s*\n|\z)/s', "<p>$1</p>\n", $pee); // make paragraphs, including one at the end
-	$pee = preg_replace('|<p>\s*?</p>|', '', $pee); // under certain strange conditions it could create a P of entirely whitespace
-	$pee = preg_replace('!<p>([^<]+)\s*?(</(?:div|address|form)[^>]*>)!', "<p>$1</p>$2", $pee);
-	$pee = preg_replace( '|<p>|', "$1<p>", $pee );
-	$pee = preg_replace('!<p>\s*(</?' . $allblocks . '[^>]*>)\s*</p>!', "$1", $pee); // don't pee all over a tag
-	$pee = preg_replace("|<p>(<li.+?)</p>|", "$1", $pee); // problem with nested lists
-	$pee = preg_replace('|<p><blockquote([^>]*)>|i', "<blockquote$1><p>", $pee);
-	$pee = str_replace('</blockquote></p>', '</p></blockquote>', $pee);
-	$pee = preg_replace('!<p>\s*(</?' . $allblocks . '[^>]*>)!', "$1", $pee);
-	$pee = preg_replace('!(</?' . $allblocks . '[^>]*>)\s*</p>!', "$1", $pee);
-	if ($br) {
-		$pee = preg_replace_callback('/<(script|style).*?<\/\\1>/s', create_function('$matches', 'return str_replace("\n", "<WPPreserveNewline />", $matches[0]);'), $pee);
-		$pee = preg_replace('|(?<!<br />)\s*\n|', "<br />\n", $pee); // optionally make line breaks
-		$pee = str_replace('<WPPreserveNewline />', "\n", $pee);
-	}
-	$pee = preg_replace('!(</?' . $allblocks . '[^>]*>)\s*<br />!', "$1", $pee);
-	$pee = preg_replace('!<br />(\s*</?(?:p|li|div|dl|dd|dt|th|pre|td|ul|ol)[^>]*>)!', '$1', $pee);
-//	if (strpos($pee, '<pre') !== false) {
-//		mind the space between the ? and >.  Only there because of the comment.
-//		$pee = preg_replace_callback('!(<pre.*? >)(.*?)</pre>!is', 'clean_pre', $pee );
-//	}
-	$pee = preg_replace( "|\n</p>$|", '</p>', $pee );
-
-	return $pee;
-}
-
-/**
- * Examins $_SERVER['REQUEST_URI'] and set_input()s on each.
- * Required if the params are sent as GET and not forwarded by mod_rewrite.
- *
- * @return bool on success
- */
-function elgg_set_input_from_uri() {
-	$query = parse_url($_SERVER['REQUEST_URI'], PHP_URL_QUERY);
-	$query_arr = elgg_parse_str($query);
-
-	if (is_array($query_arr)) {
-		foreach($query_arr as $name => $val) {
-			set_input($name, $val);
-		}
-	}
-}
-
 /**
  * Page handler for autocomplete endpoint.
  *
diff --git a/engine/lib/output.php b/engine/lib/output.php
new file mode 100644
index 000000000..d2b76a482
--- /dev/null
+++ b/engine/lib/output.php
@@ -0,0 +1,150 @@
+<?php
+/**
+ * Output functions
+ * Processing text for output, formatting HTML, 
+ *
+ * @package Elgg
+ * @subpackage Core
+ * @author Curverider Ltd <info@elgg.com>
+ * @link http://elgg.org/
+ */
+
+/**
+ * Takes a string and turns any URLs into formatted links
+ *
+ * @param string $text The input string
+ * @return string The output stirng with formatted links
+ **/
+function parse_urls($text) {
+	// @todo this causes problems with <attr = "val">
+	// must be ing <attr="val"> format (no space).
+	// By default htmlawed rewrites tags to this format.
+	// if PHP supported conditional negative lookbehinds we could use this:
+	// $r = preg_replace_callback('/(?<!=)(?<![ ])?(?<!["\'])((ht|f)tps?:\/\/[^\s\r\n\t<>"\'\!\(\),]+)/i',
+	//
+	// we can put , in the list of excluded char but need to keep . because of domain names.
+	// it is removed in the callback.
+	$r = preg_replace_callback('/(?<!=)(?<!["\'])((ht|f)tps?:\/\/[^\s\r\n\t<>"\'\!\(\),]+)/i',
+	create_function(
+		'$matches',
+		'
+			$url = $matches[1];
+			$period = \'\';
+			if (substr($url, -1, 1) == \'.\') {
+				$period = \'.\';
+				$url = trim($url, \'.\');
+			}
+			$urltext = str_replace("/", "/<wbr />", $url);
+			return "<a href=\"$url\" style=\"text-decoration:underline;\">$urltext</a>$period";
+		'
+	), $text);
+
+	return $r;
+}
+
+/**
+ * Create paragraphs from text with line spacing
+ * Borrowed from Wordpress.
+ *
+ **/
+function autop($pee, $br = 1) {
+	$pee = $pee . "\n"; // just to make things a little easier, pad the end
+	$pee = preg_replace('|<br />\s*<br />|', "\n\n", $pee);
+	// Space things out a little
+	$allblocks = '(?:table|thead|tfoot|caption|colgroup|tbody|tr|td|th|div|dl|dd|dt|ul|ol|li|pre|select|form|map|area|blockquote|address|math|style|input|p|h[1-6]|hr)';
+	$pee = preg_replace('!(<' . $allblocks . '[^>]*>)!', "\n$1", $pee);
+	$pee = preg_replace('!(</' . $allblocks . '>)!', "$1\n\n", $pee);
+	$pee = str_replace(array("\r\n", "\r"), "\n", $pee); // cross-platform newlines
+	if ( strpos($pee, '<object') !== false ) {
+		$pee = preg_replace('|\s*<param([^>]*)>\s*|', "<param$1>", $pee); // no pee inside object/embed
+		$pee = preg_replace('|\s*</embed>\s*|', '</embed>', $pee);
+	}
+	$pee = preg_replace("/\n\n+/", "\n\n", $pee); // take care of duplicates
+	$pee = preg_replace('/\n?(.+?)(?:\n\s*\n|\z)/s', "<p>$1</p>\n", $pee); // make paragraphs, including one at the end
+	$pee = preg_replace('|<p>\s*?</p>|', '', $pee); // under certain strange conditions it could create a P of entirely whitespace
+	$pee = preg_replace('!<p>([^<]+)\s*?(</(?:div|address|form)[^>]*>)!', "<p>$1</p>$2", $pee);
+	$pee = preg_replace( '|<p>|', "$1<p>", $pee );
+	$pee = preg_replace('!<p>\s*(</?' . $allblocks . '[^>]*>)\s*</p>!', "$1", $pee); // don't pee all over a tag
+	$pee = preg_replace("|<p>(<li.+?)</p>|", "$1", $pee); // problem with nested lists
+	$pee = preg_replace('|<p><blockquote([^>]*)>|i', "<blockquote$1><p>", $pee);
+	$pee = str_replace('</blockquote></p>', '</p></blockquote>', $pee);
+	$pee = preg_replace('!<p>\s*(</?' . $allblocks . '[^>]*>)!', "$1", $pee);
+	$pee = preg_replace('!(</?' . $allblocks . '[^>]*>)\s*</p>!', "$1", $pee);
+	if ($br) {
+		$pee = preg_replace_callback('/<(script|style).*?<\/\\1>/s', create_function('$matches', 'return str_replace("\n", "<WPPreserveNewline />", $matches[0]);'), $pee);
+		$pee = preg_replace('|(?<!<br />)\s*\n|', "<br />\n", $pee); // optionally make line breaks
+		$pee = str_replace('<WPPreserveNewline />', "\n", $pee);
+	}
+	$pee = preg_replace('!(</?' . $allblocks . '[^>]*>)\s*<br />!', "$1", $pee);
+	$pee = preg_replace('!<br />(\s*</?(?:p|li|div|dl|dd|dt|th|pre|td|ul|ol)[^>]*>)!', '$1', $pee);
+//	if (strpos($pee, '<pre') !== false) {
+//		mind the space between the ? and >.  Only there because of the comment.
+//		$pee = preg_replace_callback('!(<pre.*? >)(.*?)</pre>!is', 'clean_pre', $pee );
+//	}
+	$pee = preg_replace( "|\n</p>$|", '</p>', $pee );
+
+	return $pee;
+}
+
+/**
+ * Returns an excerpt.
+ * Will return up to n chars stopping at the nearest space.
+ * If no spaces are found (like in Japanese) will crop off at the
+ * n char mark. Adds ... if any text was chopped.
+ *
+ * @param string $text
+ * @param int $num_chars Return a string up to $num_chars long
+ * @return string
+ * @since 1.7.2
+ */
+function elgg_make_excerpt($text, $num_chars = 250) {
+	$text = trim(strip_tags($text));
+	$string_length = elgg_strlen($text);
+
+	// handle cases
+	$excerpt = elgg_substr($text, 0, $num_chars);
+	$space = elgg_strrpos($excerpt, ' ', 0);
+
+	// don't crop if can't find a space.
+	if ($space === FALSE) {
+		$space = $num_chars;
+	}
+	$excerpt = trim(elgg_substr($excerpt, 0, $space));
+
+	if ($string_length != elgg_strlen($excerpt)) {
+		$excerpt .= '...';
+	}
+
+	return $excerpt;
+}
+
+/**
+ * Handles formatting of ampersands in urls
+ *
+ * @param string $url
+ * @return string
+ * @since 1.7.1
+ */
+function elgg_format_url($url) {
+	return preg_replace('/&(?!amp;)/', '&amp;', $url);
+}
+
+/**
+ * When given a title, returns a version suitable for inclusion in a URL
+ *
+ * @param string $title The title
+ * @return string The optimised title
+ */
+function friendly_title($title) {
+	return elgg_view('output/friendlytitle', array('title' => $title));
+}
+
+/**
+ * Displays a UNIX timestamp in a friendly way (eg "less than a minute ago")
+ *
+ * @param int $time A UNIX epoch timestamp
+ * @return string The friendly time
+ */
+function friendly_time($time) {
+	return elgg_view('output/friendlytime', array('time' => $time));
+}
+\ No newline at end of file
diff --git a/engine/lib/pagehandler.php b/engine/lib/pagehandler.php
index fc11f2d67..490b81159 100644
--- a/engine/lib/pagehandler.php
+++ b/engine/lib/pagehandler.php
@@ -20,20 +20,7 @@ function page_handler($handler, $page) {
 
 	set_context($handler);
 
-	// if there are any query parameters, make them available from get_input
-	if (strpos($_SERVER['REQUEST_URI'], '?') !== FALSE) {
-		$query = substr($_SERVER['REQUEST_URI'], strpos($_SERVER['REQUEST_URI'], '?') + 1);
-		if (isset($query)) {
-			$query_arr = elgg_parse_str($query);
-			if (is_array($query_arr)) {
-				foreach($query_arr as $name => $val) {
-					set_input($name, $val);
-				}
-			}
-		}
-	}
-
-	$page = explode('/', $page);
+	$page = explode('/',$page);
 	// remove empty array element when page url ends in a / (see #1480)
 	if ($page[count($page) - 1] === '') {
 		array_pop($page);
diff --git a/engine/lib/river2.php b/engine/lib/river.php
index a4908167d..61d40f6ef 100644
--- a/engine/lib/river2.php
+++ b/engine/lib/river.php
@@ -49,7 +49,7 @@ function add_to_river($view,$action_type,$subject_guid,$object_guid,$access_id =
 	global $CONFIG;
 
 	// Attempt to save river item; return success status
-	$insert_data = insert_data("insert into {$CONFIG->dbprefix}river " .
+	return insert_data("insert into {$CONFIG->dbprefix}river " .
 		" set type = '{$type}', " .
 		" subtype = '{$subtype}', " .
 		" action_type = '{$action_type}', " .
@@ -59,12 +59,6 @@ function add_to_river($view,$action_type,$subject_guid,$object_guid,$access_id =
 		" object_guid = {$object_guid}, " .
 		" annotation_id = {$annotation_id}, " .
 		" posted = {$posted} ");
-		
-	//update the entities which had the action carried out on it
-	if($insert_data){
-		update_entity_last_action($object_guid, $posted);
-		return $insert_data;
-	}
 }
 
 /**
@@ -119,6 +113,23 @@ function remove_from_river_by_annotation($annotation_id) {
 }
 
 /**
+ * Removes a single river entry
+ *
+ * @param int $id The ID of the river entry
+ * @return true|false Depending on success
+ * @since 1.7.2
+ */
+function remove_from_river_by_id($id) {
+	global $CONFIG;
+
+	// Sanitise
+	$id = (int) $id;
+
+	return delete_data("delete from {$CONFIG->dbprefix}river where id = {$id}");
+}
+
+
+/**
  * Sets the access ID on river items for a particular object
  *
  * @param int $object_guid The GUID of the entity
@@ -253,118 +264,6 @@ function get_river_items($subject_guid = 0, $object_guid = 0, $subject_relations
 }
 
 /**
- * Retrieves items from the river. All parameters are optional.
- *
- * @param int|array $subject_guid Acting entity to restrict to. Default: all
- * @param int|array $object_guid Entity being acted on to restrict to. Default: all
- * @param string $subject_relationship If set to a relationship type, this will use 
- * 	$subject_guid as the starting point and set the subjects to be all users this 
- * 	entity has this relationship with (eg 'friend'). Default: blank
- * @param string $type The type of entity to restrict to. Default: all
- * @param string $subtype The subtype of entity to restrict to. Default: all
- * @param string $action_type The type of river action to restrict to. Default: all
- * @param int $limit The number of items to retrieve. Default: 20
- * @param int $offset The page offset. Default: 0
- * @param int $posted_min The minimum time period to look at. Default: none
- * @param int $posted_max The maximum time period to look at. Default: none
- * @return array|false Depending on success
- */
-function elgg_get_river_items($subject_guid = 0, $object_guid = 0, $subject_relationship = '', $type = '',
-	$subtype = '', $action_type = '', $limit = 10, $offset = 0, $posted_min = 0, $posted_max = 0) {
-
-	// Get config
-	global $CONFIG;
-
-	// Sanitise variables
-	if (!is_array($subject_guid)) {
-		$subject_guid = (int) $subject_guid;
-	} else {
-		foreach($subject_guid as $key => $temp) {
-			$subject_guid[$key] = (int) $temp;
-		}
-	}
-	if (!is_array($object_guid)) {
-		$object_guid = (int) $object_guid;
-	} else {
-		foreach($object_guid as $key => $temp) {
-			$object_guid[$key] = (int) $temp;
-		}
-	}
-	if (!empty($type)) {
-		$type = sanitise_string($type);
-	}
-	if (!empty($subtype)) {
-		$subtype = sanitise_string($subtype);
-	}
-	if (!empty($action_type)) {
-		$action_type = sanitise_string($action_type);
-	}
-	$limit = (int) $limit;
-	$offset = (int) $offset;
-	$posted_min = (int) $posted_min;
-	$posted_max = (int) $posted_max;
-
-	// Construct 'where' clauses for the river
-	$where = array();
-	$where[] = str_replace("and enabled='yes'",'',str_replace('owner_guid','subject_guid',get_access_sql_suffix_new('er','e')));
-
-	if (empty($subject_relationship)) {
-		if (!empty($subject_guid)) {
-			if (!is_array($subject_guid)) {
-				$where[] = " subject_guid = {$subject_guid} ";
-			} else {
-				$where[] = " subject_guid in (" . implode(',',$subject_guid) . ") ";
-			}
-		}
-	} else {
-		if (!is_array($subject_guid)) {
-			if ($entities = get_entities_from_relationship($subject_relationship,$subject_guid,false,'','',0,'',9999)) {
-				$guids = array();
-				foreach($entities as $entity) {
-					$guids[] = (int) $entity->guid;
-				}
-				// $guids[] = $subject_guid;
-				$where[] = " subject_guid in (" . implode(',',$guids) . ") ";
-			} else {
-				return array();
-			}
-		}
-	}
-	if (!empty($object_guid))
-		if (!is_array($object_guid)) {
-			$where[] = " object_guid = {$object_guid} ";
-		} else {
-			$where[] = " object_guid in (" . implode(',',$object_guid) . ") ";
-		}
-	if (!empty($type)) {
-		$where[] = " er.type = '{$type}' ";
-	}
-	if (!empty($subtype)) {
-		$where[] = " er.subtype = '{$subtype}' ";
-	}
-	if (!empty($action_type)) {
-		$where[] = " action_type = '{$action_type}' ";
-	}
-	if (!empty($posted_min)) {
-		$where[] = " posted > {$posted_min} ";
-	}
-	if (!empty($posted_max)) {
-		$where[] = " posted < {$posted_max} ";
-	}
-
-	$whereclause = implode(' and ', $where);
-
-	// Construct main SQL
-	$sql = "select er.*" .
-	 		" from {$CONFIG->dbprefix}river er, {$CONFIG->dbprefix}entities e " .
-	 		" where {$whereclause} AND er.object_guid = e.guid GROUP BY object_guid " .
-	 		" ORDER BY e.last_action desc LIMIT {$offset},{$limit}";
-
-	// Get data
-	return get_data($sql);
-}
-
-/**
  * Returns a human-readable representation of a river item
  *
  * @see get_river_items
@@ -386,17 +285,10 @@ function elgg_view_river_item($item) {
 				));
 			}
 		}
-		if (get_plugin_setting('activitytype', 'riverdashboard') == 'classic'){
-			return elgg_view('river/item/wrapper_classic',array(
-				'item' => $item,
-				'body' => $body
-			));
-		}else{
-			return elgg_view('river/item/wrapper',array(
-				'item' => $item,
-				'body' => $body
-			));
-		}
+		return elgg_view('river/item/wrapper',array(
+			'item' => $item,
+			'body' => $body
+		));
 	}
 	return false;
 }
@@ -418,20 +310,13 @@ function elgg_view_river_item($item) {
  * @return string Human-readable river.
  */
 function elgg_view_river_items($subject_guid = 0, $object_guid = 0, $subject_relationship = '',
-	$type = '', $subtype = '', $action_type = '', $limit = 20, $posted_min = 0, $posted_max = 0, $pagination = true, $chronological = true) {
+	$type = '', $subtype = '', $action_type = '', $limit = 20, $posted_min = 0, $posted_max = 0, $pagination = true) {
 
 	// Get input from outside world and sanitise it
 	$offset = (int) get_input('offset',0);
 
-	// Get the correct function
-	if($chronological == true){
-		$riveritems = get_river_items($subject_guid,$object_guid,$subject_relationship,$type,$subtype,$action_type,($limit + 1),$offset,$posted_min,$posted_max);
-	}else{
-		$riveritems = elgg_get_river_items($subject_guid,$object_guid,$subject_relationship,$type,$subtype,$action_type,($limit + 1),$offset,$posted_min,$posted_max);
-	}
-	
 	// Get river items, if they exist
-	if ($riveritems) {
+	if ($riveritems = get_river_items($subject_guid,$object_guid,$subject_relationship,$type,$subtype,$action_type,($limit + 1),$offset,$posted_min,$posted_max)) {
 
 		return elgg_view('river/item/list',array(
 			'limit' => $limit,
@@ -444,101 +329,163 @@ function elgg_view_river_items($subject_guid = 0, $object_guid = 0, $subject_rel
 
 	return '';
 }
+
 /**
- * Update last_action on the given entity.
+ * Construct and execute the query required for the activity stream.
  *
- * @param int $guid Entity annotation|relationship action carried out on
- * @param int $posted Timestamp of last action
- **/
-function update_entity_last_action($guid, $posted){
-	global $CONFIG;
-	if(!$posted)
-		$posted = time();
-	$guid = (int)$guid;
-	if($guid){
-		//now add to the river updated table
-		$query = update_data("UPDATE {$CONFIG->dbprefix}entities SET last_action = {$posted} WHERE guid = {$guid}");
-		if($query)
-			return true;
-		else
-			return false;
-	}else{
-		return false;
-	}
-}
-/**
- * This function has been added here until we decide if it is going to roll into core or not
- * Add access restriction sql code to a given query.
- * Note that if this code is executed in privileged mode it will return blank.
- * @TODO: DELETE once Query classes are fully integrated
+ * @deprecated 1.8
  *
- * @param string $table_prefix Optional table. prefix for the access code.
- * @param int $owner
+ * @param int $limit Limit the query.
+ * @param int $offset Execute from the given object
+ * @param mixed $type A type, or array of types to look for. Note: This is how they appear in the SYSTEM LOG.
+ * @param mixed $subtype A subtype, or array of types to look for. Note: This is how they appear in the SYSTEM LOG.
+ * @param mixed $owner_guid The guid or a collection of GUIDs
+ * @param string $owner_relationship If defined, the relationship between $owner_guid and the entity owner_guid - so "is $owner_guid $owner_relationship with $entity->owner_guid"
+ * @return array An array of system log entries.
  */
-function get_access_sql_suffix_new($table_prefix_one = '', $table_prefix_two = '', $owner = null) {
-	global $ENTITY_SHOW_HIDDEN_OVERRIDE, $CONFIG;
+function get_activity_stream_data($limit = 10, $offset = 0, $type = "", $subtype = "", $owner_guid = "", $owner_relationship = "") {
+	global $CONFIG;
 
-	$sql = "";
-	$friends_bit = "";
-	$enemies_bit = "";
+	$limit = (int)$limit;
+	$offset = (int)$offset;
 
-	if ($table_prefix_one) {
-			$table_prefix_one = sanitise_string($table_prefix_one) . ".";
+	if ($type) {
+		if (!is_array($type)) {
+			$type = array(sanitise_string($type));
+		} else {
+			foreach ($type as $k => $v) {
+				$type[$k] = sanitise_string($v);
+			}
+		}
 	}
 
-	if ($table_prefix_two) {
-			$table_prefix_two = sanitise_string($table_prefix_two) . ".";
+	if ($subtype) {
+		if (!is_array($subtype)) {
+			$subtype = array(sanitise_string($subtype));
+		} else {
+			foreach ($subtype as $k => $v) {
+				$subtype[$k] = sanitise_string($v);
+			}
+		}
 	}
 
-	if (!isset($owner)) {
-		$owner = get_loggedin_userid();
+	if ($owner_guid) {
+		if (is_array($owner_guid)) {
+			foreach ($owner_guid as $k => $v) {
+				$owner_guid[$k] = (int)$v;
+			}
+		} else {
+			$owner_guid = array((int)$owner_guid);
+		}
 	}
 
-	if (!$owner) {
-		$owner = -1;
-	}
+	$owner_relationship = sanitise_string($owner_relationship);
+
+	// Get a list of possible views
+	$activity_events= array();
+	$activity_views = array_merge(elgg_view_tree('activity', 'default'), elgg_view_tree('river', 'default')); // Join activity with river
+
+	$done = array();
+
+	foreach ($activity_views as $view) {
+		$fragments = explode('/', $view);
+		$tmp = explode('/',$view, 2);
+		$tmp = $tmp[1];
+
+		if ((isset($fragments[0])) && (($fragments[0] == 'river') || ($fragments[0] == 'activity'))
+			&& (!in_array($tmp, $done))) {
+
+			if (isset($fragments[1])) {
+				$f = array();
+				for ($n = 1; $n < count($fragments); $n++) {
+					$val = sanitise_string($fragments[$n]);
+					switch($n) {
+						case 1: $key = 'type'; break;
+						case 2: $key = 'subtype'; break;
+						case 3: $key = 'event'; break;
+					}
+					$f[$key] = $val;
+				}
+
+				// Filter result based on parameters
+				$add = true;
+				if ($type) {
+					if (!in_array($f['type'], $type)) {
+						$add = false;
+					}
+				}
+				if (($add) && ($subtype)) {
+					if (!in_array($f['subtype'], $subtype)) {
+						$add = false;
+					}
+				}
+				if (($add) && ($event)) {
+					if (!in_array($f['event'], $event)) {
+						$add = false;
+					}
+				}
 
-	$ignore_access = elgg_check_access_overrides($owner);
-	$access = get_access_list($owner);
-
-	if ($ignore_access) {
-		$sql = " (1 = 1) ";
-	} else if ($owner != -1) {
-		$friends_bit = "{$table_prefix_one}access_id = " . ACCESS_FRIENDS . "
-			AND {$table_prefix_one}owner_guid IN (
-				SELECT guid_one FROM {$CONFIG->dbprefix}entity_relationships
-				WHERE relationship='friend' AND guid_two=$owner
-			)";
-
-		$friends_bit = '('.$friends_bit.') OR ';
-
-		if ((isset($CONFIG->user_block_and_filter_enabled)) && ($CONFIG->user_block_and_filter_enabled)) {
-			// check to see if the user is in the entity owner's block list
-			// or if the entity owner is in the user's filter list
-			// if so, disallow access
-			$enemies_bit = get_annotation_sql('elgg_block_list', "{$table_prefix_one}owner_guid", $owner, false);
-			$enemies_bit = '('
-				. $enemies_bit
-				. '	AND ' . get_annotation_sql('elgg_filter_list', $owner, "{$table_prefix_one}owner_guid", false)
-			. ')';
+				if ($add) {
+					$activity_events[] = $f;
+				}
+			}
+
+			$done[] = $tmp;
 		}
 	}
 
-	if (empty($sql)) {
-		$sql = " $friends_bit ({$table_prefix_one}access_id IN {$access}
-			OR ({$table_prefix_one}owner_guid = {$owner})
-			OR (
-				{$table_prefix_one}access_id = " . ACCESS_PRIVATE . "
-				AND {$table_prefix_one}owner_guid = $owner
-			)
-		)";
+	$n = 0;
+	foreach ($activity_events as $details) {
+		// Get what we're talking about
+		if ($details['subtype'] == 'default') {
+			$details['subtype'] = '';
+		}
+
+		if (($details['type']) && ($details['event'])) {
+			if ($n > 0) {
+				$obj_query .= " or ";
+			}
+
+			$access = "";
+			if ($details['type']!='relationship') {
+				$access = " and " . get_access_sql_suffix('sl');
+			}
+
+			$obj_query .= "( sl.object_type='{$details['type']}'
+				AND sl.object_subtype='{$details['subtype']}'
+				AND sl.event='{$details['event']}' $access )";
+
+			$n++;
+		}
 	}
 
-	if ($enemies_bit) {
-		$sql = "$enemies_bit AND ($sql)";
+	// User
+	if ((count($owner_guid)) &&  ($owner_guid[0] != 0)) {
+		$user = " and sl.performed_by_guid in (".implode(',', $owner_guid).")";
+
+		if ($owner_relationship) {
+			$friendsarray = "";
+			if ($friends = elgg_get_entities_from_relationship(array(
+				'relationship' => $owner_relationship,
+				'relationship_guid' => $owner_guid[0],
+				'inverse_relationship' => FALSE,
+				'types' => 'user',
+				'subtypes' => $subtype,
+				'limit' => 9999))
+			) {
+
+				$friendsarray = array();
+				foreach($friends as $friend) {
+					$friendsarray[] = $friend->getGUID();
+				}
+
+				$user = " and sl.performed_by_guid in (" . implode(',', $friendsarray).")";
+			}
+		}
 	}
 
-	if (!$ENTITY_SHOW_HIDDEN_OVERRIDE)
-		$sql .= " and {$table_prefix_two}enabled='yes'";
-	return '('.$sql.')';
-}
-\ No newline at end of file
+	$query = "SELECT sl.* FROM {$CONFIG->dbprefix}system_log sl
+		WHERE 1 $user AND ($obj_query)
+		ORDER BY sl.time_created desc limit $offset, $limit";
+	return get_data($query);
+}
diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php
index ffea2dcc2..b74b2f524 100644
--- a/engine/lib/sessions.php
+++ b/engine/lib/sessions.php
@@ -460,17 +460,6 @@ function logout() {
 }
 
 /**
- * Returns a fingerprint for an elgg session.
- *
- * @return string
- */
-function get_session_fingerprint() {
-	global $CONFIG;
-
-	return md5($_SERVER['HTTP_USER_AGENT'] . get_site_secret());
-}
-
-/**
  * Initialises the system session and potentially logs the user in
  *
  * This function looks for:
@@ -505,16 +494,6 @@ function session_init($event, $object_type, $object) {
 	session_name('Elgg');
 	session_start();
 
-	// Do some sanity checking by generating a fingerprint (makes some XSS attacks harder)
-	if (isset($_SESSION['__elgg_fingerprint'])) {
-		if ($_SESSION['__elgg_fingerprint'] != get_session_fingerprint()) {
-			session_destroy();
-			return false;
-		}
-	} else {
-		$_SESSION['__elgg_fingerprint'] = get_session_fingerprint();
-	}
-
 	// Generate a simple token (private from potentially public session id)
 	if (!isset($_SESSION['__elgg_session'])) {
 		$_SESSION['__elgg_session'] = md5(microtime().rand());
diff --git a/engine/start.php b/engine/start.php
index aade0a817..b7c63dfa4 100644
--- a/engine/start.php
+++ b/engine/start.php
@@ -51,18 +51,18 @@ set_exception_handler('__elgg_php_exception_handler');
 // attempt to save settings.php and .htaccess if in installation.
 if ($sanitised = sanitised()) {
 
-	// load library files
+	// load the rest of the library files from engine/lib/
 	$lib_files = array(
-		'actions.php', 'activity.php', 'admin.php', 'annotations.php', 'api.php',
-		'cache.php', 'calendar.php', 'configuration.php', 'cron.php',
-		'entities.php', 'export.php', 'extender.php', 'database.php', 'filestore.php',
-		'group.php', 'input.php', 'install.php', 'location.php', 'mb_wrapper.php',
+		'admin.php', 'annotations.php', 'api.php', 'cache.php',
+		'calendar.php', 'configuration.php', 'cron.php', 'entities.php',
+		'export.php', 'extender.php', 'filestore.php', 'group.php',
+		'input.php', 'install.php', 'location.php', 'mb_wrapper.php',
 		'memcache.php', 'metadata.php', 'metastrings.php', 'notification.php',
-		'objects.php', 'opendd.php', 'pagehandler.php', 'pageowner.php', 'pam.php',
-		'plugins.php', 'query.php', 'relationships.php', 'river2.php', 'sites.php',
-		'social.php', 'statistics.php', 'system_log.php', 'tags.php',
-		'usersettings.php', 'users.php', 'version.php', 'widgets.php', 'xml.php',
-		'xml-rpc.php'
+		'objects.php', 'opendd.php', 'output.php', 'pagehandler.php', 
+		'pageowner.php', 'pam.php', 'plugins.php', 'query.php',
+		'relationships.php', 'river.php', 'sites.php', 'social.php',
+		'statistics.php', 'system_log.php', 'tags.php', 'usersettings.php',
+		'users.php', 'version.php', 'widgets.php', 'xml.php', 'xml-rpc.php'
 	);
 
 	foreach($lib_files as $file) {
@@ -136,4 +136,4 @@ if (($installed) && ($db_installed)) {
 		datalist_set('simplecache_'.$oldview,$lastcached);
 	}
 	$CONFIG->lastcache = $lastcached;
-}
-\ No newline at end of file
+}
author	brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>	2010-05-14 20:50:34 +0000
committer	brettp <brettp@36083f99-b078-4883-b0ff-0f9b5a30f544>	2010-05-14 20:50:34 +0000
commit	0c2c36ff3b0329ff849930d0403f933653a84dcd (patch)
tree	cdd859d225d68dcfa9603997f4c183eac8864900 /engine
parent	b6aaba915151dd07800761a01b67ffffaee1302b (diff)
download	elgg-0c2c36ff3b0329ff849930d0403f933653a84dcd.tar.gz elgg-0c2c36ff3b0329ff849930d0403f933653a84dcd.tar.bz2