diff options
| author | Sem <sembrestels@riseup.net> | 2011-11-18 07:32:27 +0100 |
|---|---|---|
| committer | Sem <sembrestels@riseup.net> | 2011-11-18 07:32:27 +0100 |
| commit | e53d410129701ea1c9d19529afa493f11b5f5b70 (patch) | |
| tree | d9963b24bf8932654b4a47e36602c75975e50dba /engine | |
| parent | 377da25d2965c64941f83baae119fc970ec60982 (diff) | |
| parent | 08a962c98e2923724f8013d6eaae89101243752a (diff) | |
| download | elgg-e53d410129701ea1c9d19529afa493f11b5f5b70.tar.gz elgg-e53d410129701ea1c9d19529afa493f11b5f5b70.tar.bz2 | |
Merge github.com:Elgg/Elgg
Conflicts:
engine/lib/input.php
Diffstat (limited to 'engine')
75 files changed, 1550 insertions, 923 deletions
diff --git a/engine/classes/ElggAnnotation.php b/engine/classes/ElggAnnotation.php index 78d29ee7f..511b5151f 100644 --- a/engine/classes/ElggAnnotation.php +++ b/engine/classes/ElggAnnotation.php @@ -78,7 +78,7 @@ class ElggAnnotation extends ElggExtender { * @return bool */ function delete() { - remove_from_river_by_annotation($this->id); + elgg_delete_river(array('annotation_id' => $this->id)); return elgg_delete_metastring_based_object_by_id($this->id, 'annotations'); } diff --git a/engine/classes/ElggEntity.php b/engine/classes/ElggEntity.php index 2fa0d7b02..fdf2a80ea 100644 --- a/engine/classes/ElggEntity.php +++ b/engine/classes/ElggEntity.php @@ -1179,16 +1179,16 @@ abstract class ElggEntity extends ElggData implements return $this->icon_override[$size]; } - $url = "_graphics/icons/default/$size.png"; - $url = elgg_normalize_url($url); - $type = $this->getType(); $params = array( 'entity' => $this, 'size' => $size, ); - $url = elgg_trigger_plugin_hook('entity:icon:url', $type, $params, $url); + $url = elgg_trigger_plugin_hook('entity:icon:url', $type, $params, null); + if ($url == null) { + $url = "_graphics/icons/default/$size.png"; + } return elgg_normalize_url($url); } @@ -1434,10 +1434,11 @@ abstract class ElggEntity extends ElggData implements * * @param string $location String representation of the location * - * @return true + * @return bool */ public function setLocation($location) { - return $this->location = $location; + $this->location = $location; + return true; } /** @@ -1446,7 +1447,7 @@ abstract class ElggEntity extends ElggData implements * @param float $lat Latitude * @param float $long Longitude * - * @return true + * @return bool * @todo Unimplemented */ public function setLatLong($lat, $long) { @@ -1459,20 +1460,20 @@ abstract class ElggEntity extends ElggData implements /** * Return the entity's latitude. * - * @return int + * @return float * @todo Unimplemented */ public function getLatitude() { - return $this->get('geo:lat'); + return (float)$this->get('geo:lat'); } /** * Return the entity's longitude * - * @return Int + * @return float */ public function getLongitude() { - return $this->get('geo:long'); + return (float)$this->get('geo:long'); } /* diff --git a/engine/classes/ElggFile.php b/engine/classes/ElggFile.php index fe25491a8..f21621ffd 100644 --- a/engine/classes/ElggFile.php +++ b/engine/classes/ElggFile.php @@ -121,6 +121,47 @@ class ElggFile extends ElggObject { } /** + * Detects mime types based on filename or actual file. + * + * @param mixed $file The full path of the file to check. For uploaded files, use tmp_name. + * @param mixed $default A default. Useful to pass what the browser thinks it is. + * @since 1.7.12 + * + * @return mixed Detected type on success, false on failure. + */ + static function detectMimeType($file = null, $default = null) { + if (!$file) { + if (isset($this) && $this->filename) { + $file = $this->filename; + } else { + return false; + } + } + + $mime = false; + + // for PHP5 folks. + if (function_exists('finfo_file') && defined('FILEINFO_MIME_TYPE')) { + $resource = finfo_open(FILEINFO_MIME_TYPE); + if ($resource) { + $mime = finfo_file($resource, $file); + } + } + + // for everyone else. + if (!$mime && function_exists('mime_content_type')) { + $mime = mime_content_type($file); + } + + // default + if (!$mime) { + return $default; + } + + return $mime; + } + + /** * Set the optional file description. * * @param string $description The description. diff --git a/engine/classes/ElggMemcache.php b/engine/classes/ElggMemcache.php index 7d19fb2c7..1fd3be0d1 100644 --- a/engine/classes/ElggMemcache.php +++ b/engine/classes/ElggMemcache.php @@ -147,15 +147,20 @@ class ElggMemcache extends ElggSharedMemoryCache { /** * Saves a name and value to the cache * - * @param string $key Name - * @param string $data Value + * @param string $key Name + * @param string $data Value + * @param integer $expires Expires (in seconds) * * @return bool */ - public function save($key, $data) { + public function save($key, $data, $expires = null) { $key = $this->_makeMemcacheKey($key); - $result = $this->memcache->set($key, $data, null, $this->expires); + if ($expires === null) { + $expires = $this->expires; + } + + $result = $this->memcache->set($key, $data, null, $expires); if (!$result) { elgg_log("MEMCACHE: FAILED TO SAVE $key", 'ERROR'); } diff --git a/engine/classes/ElggMenuItem.php b/engine/classes/ElggMenuItem.php index f7a6b5c65..62547134a 100644 --- a/engine/classes/ElggMenuItem.php +++ b/engine/classes/ElggMenuItem.php @@ -100,6 +100,9 @@ class ElggMenuItem { if (!isset($options['name']) || !isset($options['text'])) { return NULL; } + if (!isset($options['href'])) { + $options['href'] = ''; + } $item = new ElggMenuItem($options['name'], $options['text'], $options['href']); unset($options['name']); @@ -412,6 +415,7 @@ class ElggMenuItem { * * @param int $priority The smaller numbers mean higher priority (1 before 100) * @return void + * @deprecated */ public function setWeight($priority) { $this->data['priority'] = $priority; @@ -421,12 +425,32 @@ class ElggMenuItem { * Get the priority of the menu item * * @return int + * @deprecated */ public function getWeight() { return $this->data['priority']; } /** + * Set the priority of the menu item + * + * @param int $priority The smaller numbers mean higher priority (1 before 100) + * @return void + */ + public function setPriority($priority) { + $this->data['priority'] = $priority; + } + + /** + * Get the priority of the menu item + * + * @return int + */ + public function getPriority() { + return $this->data['priority']; + } + + /** * Set the section identifier * * @param string $section The identifier of the section @@ -543,12 +567,16 @@ class ElggMenuItem { if ($this->data['linkClass']) { if (isset($vars['class'])) { - $vars['class'] += $this->getLinkClass(); + $vars['class'] = $vars['class'] . ' ' . $this->getLinkClass(); } else { $vars['class'] = $this->getLinkClass(); } } + if (!isset($vars['rel']) && !isset($vars['is_trusted'])) { + $vars['is_trusted'] = true; + } + if ($this->confirm) { $vars['confirm'] = $this->confirm; return elgg_view('output/confirmlink', $vars); diff --git a/engine/classes/ElggMetadata.php b/engine/classes/ElggMetadata.php index ed3f8614f..32e7b32f1 100644 --- a/engine/classes/ElggMetadata.php +++ b/engine/classes/ElggMetadata.php @@ -45,11 +45,13 @@ class ElggMetadata extends ElggExtender { /** * Determines whether or not the user can edit this piece of metadata * + * @param int $user_guid The GUID of the user (defaults to currently logged in user) + * * @return true|false Depending on permissions */ - function canEdit() { + function canEdit($user_guid = 0) { if ($entity = get_entity($this->get('entity_guid'))) { - return $entity->canEditMetadata($this); + return $entity->canEditMetadata($this, $user_guid); } return false; } diff --git a/engine/classes/ElggPlugin.php b/engine/classes/ElggPlugin.php index d837431fc..c4d6ec034 100644 --- a/engine/classes/ElggPlugin.php +++ b/engine/classes/ElggPlugin.php @@ -116,6 +116,21 @@ class ElggPlugin extends ElggObject { } /** + * Returns the manifest's name if available, otherwise the ID. + * + * @return string + * @since 1.8.1 + */ + public function getFriendlyName() { + $manifest = $this->getManifest(); + if ($manifest) { + return $manifest->getName(); + } + + return $this->getID(); + } + + /** * Returns the plugin's full path with trailing slash. * * @return string @@ -249,8 +264,6 @@ class ElggPlugin extends ElggObject { /** * Returns a plugin setting * - * @todo These need to be namespaced - * * @param string $name The setting name * @return mixed */ @@ -303,7 +316,6 @@ class ElggPlugin extends ElggObject { * Set a plugin setting for the plugin * * @todo This will only work once the plugin has a GUID. - * @todo These need to be namespaced. * * @param string $name The name to set * @param string $value The value to set @@ -314,13 +326,6 @@ class ElggPlugin extends ElggObject { if (!$this->guid) { return false; } - // Hook to validate setting - $value = elgg_trigger_plugin_hook('setting', 'plugin', array( - 'plugin_id' => $this->pluginID, - 'plugin' => $this, - 'name' => $name, - 'value' => $value - ), $value); return $this->set($name, $value); } @@ -597,7 +602,12 @@ class ElggPlugin extends ElggObject { */ public function canActivate($site_guid = null) { if ($this->getPackage()) { - return $this->getPackage()->isValid() && $this->getPackage()->checkDependencies(); + $result = $this->getPackage()->isValid() && $this->getPackage()->checkDependencies(); + if (!$result) { + $this->errorMsg = $this->getPackage()->getError(); + } + + return $result; } return false; @@ -882,7 +892,9 @@ class ElggPlugin extends ElggObject { } /** - * Save a value to private settings. + * Save a value as private setting or attribute. + * + * Attributes include title and description. * * @param string $name Name * @param mixed $value Value @@ -900,6 +912,14 @@ class ElggPlugin extends ElggObject { return true; } else { + // Hook to validate setting + $value = elgg_trigger_plugin_hook('setting', 'plugin', array( + 'plugin_id' => $this->pluginID, + 'plugin' => $this, + 'name' => $name, + 'value' => $value + ), $value); + return $this->setPrivateSetting($name, $value); } } diff --git a/engine/classes/ElggPluginManifest.php b/engine/classes/ElggPluginManifest.php index 0f3b1d7a8..eacc16455 100644 --- a/engine/classes/ElggPluginManifest.php +++ b/engine/classes/ElggPluginManifest.php @@ -224,20 +224,15 @@ class ElggPluginManifest { /** * Returns the plugin name * - * @param bool $elgg_echo Run the name through elgg_echo. * @return string */ - public function getName($elgg_echo = true) { + public function getName() { $name = $this->parser->getAttribute('name'); if (!$name && $this->pluginID) { $name = ucwords(str_replace('_', ' ', $this->pluginID)); } - if ($elgg_echo) { - $name = elgg_echo($name); - } - return $name; } @@ -245,33 +240,21 @@ class ElggPluginManifest { /** * Return the description * - * @param bool $elgg_echo Run the description through elgg_echo. * @return string */ - public function getDescription($elgg_echo = true) { - $desc = $this->parser->getAttribute('description'); - - if ($elgg_echo) { - return elgg_echo($desc); - } else { - return $desc; - } + public function getDescription() { + return $this->parser->getAttribute('description'); } /** * Return the short description * - * @param bool $elgg_echo Run the blurb through elgg_echo. * @return string */ - public function getBlurb($elgg_echo = true) { + public function getBlurb() { $blurb = $this->parser->getAttribute('blurb'); - if ($blurb) { - if ($elgg_echo) { - $blurb = elgg_echo($blurb); - } - } else { + if (!$blurb) { $blurb = elgg_get_excerpt($this->getDescription()); } @@ -348,10 +331,9 @@ class ElggPluginManifest { /** * Return the screenshots listed. * - * @param bool $elgg_echo Run the screenshot's description through elgg_echo. * @return array */ - public function getScreenshots($elgg_echo = true) { + public function getScreenshots() { $ss = $this->parser->getAttribute('screenshot'); if (!$ss) { @@ -360,13 +342,7 @@ class ElggPluginManifest { $normalized = array(); foreach ($ss as $s) { - $normalized_s = $this->buildStruct($this->screenshotStruct, $s); - - if ($elgg_echo) { - $normalized_s['description'] = elgg_echo($normalized_s['description']); - } - - $normalized[] = $normalized_s; + $normalized[] = $this->buildStruct($this->screenshotStruct, $s); } return $normalized; @@ -579,24 +555,6 @@ class ElggPluginManifest { /** * Returns the admin interface to use. * - * @return string simple or advanced - */ - public function getAdminInterface() { - $interface = $this->parser->getAttribute('admin_interface'); - - switch ($interface) { - case 'simple': - case 'advanced': - return $interface; - - default: - return 'advanced'; - } - } - - /** - * Returns the admin interface to use. - * * @return bool */ public function getActivateOnInstall() { diff --git a/engine/classes/ElggPluginManifestParser18.php b/engine/classes/ElggPluginManifestParser18.php index db8b3dc6a..554e28c02 100644 --- a/engine/classes/ElggPluginManifestParser18.php +++ b/engine/classes/ElggPluginManifestParser18.php @@ -16,7 +16,7 @@ class ElggPluginManifestParser18 extends ElggPluginManifestParser { 'name', 'author', 'version', 'blurb', 'description', 'website', 'copyright', 'license', 'requires', 'suggests', 'screenshot', 'category', 'conflicts', 'provides', - 'admin_interface', 'activate_on_install' + 'activate_on_install' ); /** @@ -46,7 +46,6 @@ class ElggPluginManifestParser18 extends ElggPluginManifestParser { case 'website': case 'copyright': case 'license': - case 'admin_interface': case 'activate_on_install': $parsed[$element->name] = $element->content; break; diff --git a/engine/classes/ElggPluginPackage.php b/engine/classes/ElggPluginPackage.php index 02b985285..d240af477 100644 --- a/engine/classes/ElggPluginPackage.php +++ b/engine/classes/ElggPluginPackage.php @@ -33,7 +33,9 @@ class ElggPluginPackage { */ private $textFiles = array( 'README.txt', 'CHANGES.txt', - 'INSTALL.txt', 'COPYRIGHT.txt', 'LICENSE.txt' + 'INSTALL.txt', 'COPYRIGHT.txt', 'LICENSE.txt', + + 'README', 'README.md', 'README.markdown' ); /** @@ -347,6 +349,7 @@ class ElggPluginPackage { $conflict['name'] = $plugin->getManifest()->getName(); if (!$full_report && !$result['status']) { + $this->errorMsg = "Conflicts with plugin \"{$plugin->getManifest()->getName()}\"."; return $result['status']; } else { $report[] = array( @@ -399,6 +402,7 @@ class ElggPluginPackage { // unless we're doing a full report, break as soon as we fail. if (!$full_report && !$result['status']) { + $this->errorMsg = "Missing dependencies."; return $result['status']; } else { // build report element and comment diff --git a/engine/classes/ElggPriorityList.php b/engine/classes/ElggPriorityList.php index aa33831ff..8a3b836a8 100644 --- a/engine/classes/ElggPriorityList.php +++ b/engine/classes/ElggPriorityList.php @@ -303,7 +303,7 @@ class ElggPriorityList */ public function rewind() { $this->sortIfUnsorted(); - return rewind($this->elements); + return reset($this->elements); } /** diff --git a/engine/classes/ElggRelationship.php b/engine/classes/ElggRelationship.php index a0826689d..2d9a32cbd 100644 --- a/engine/classes/ElggRelationship.php +++ b/engine/classes/ElggRelationship.php @@ -10,9 +10,9 @@ class ElggRelationship extends ElggData implements { /** - * Construct a new site object, optionally from a given id value or row. + * Create a relationship object, optionally from a given id value or row. * - * @param mixed $id ElggRelationship id + * @param mixed $id ElggRelationship id, database row, or null for new relationship */ function __construct($id = null) { $this->initializeAttributes(); diff --git a/engine/classes/ElggRiverItem.php b/engine/classes/ElggRiverItem.php index cdb22239d..fcc8f9c85 100644 --- a/engine/classes/ElggRiverItem.php +++ b/engine/classes/ElggRiverItem.php @@ -28,8 +28,14 @@ class ElggRiverItem // throw exception } + // the casting is to support typed serialization like json + $int_types = array('id', 'subject_guid', 'object_guid', 'annotation_id', 'access_id', 'posted'); foreach ($object as $key => $value) { - $this->$key = $value; + if (in_array($key, $int_types)) { + $this->$key = (int)$value; + } else { + $this->$key = $value; + } } } diff --git a/engine/classes/ElggSite.php b/engine/classes/ElggSite.php index 40bfca060..16b80b9d3 100644 --- a/engine/classes/ElggSite.php +++ b/engine/classes/ElggSite.php @@ -190,18 +190,19 @@ class ElggSite extends ElggEntity { * @note You cannot disable the current site. * * @param string $reason Optional reason for disabling + * @param bool $recursive Recursively disable all contained entities? * * @return bool * @throws SecurityException */ - public function disable($reason = "") { + public function disable($reason = "", $recursive = true) { global $CONFIG; if ($CONFIG->site->getGUID() == $this->guid) { throw new SecurityException('SecurityException:deletedisablecurrentsite'); } - return parent::disable($reason); + return parent::disable($reason, $recursive); } /** @@ -225,7 +226,7 @@ class ElggSite extends ElggEntity { 'offset' => $offset, ); } - + $defaults = array( 'relationship' => 'member_of_site', 'relationship_guid' => $this->getGUID(), @@ -371,6 +372,7 @@ class ElggSite extends ElggEntity { elgg_register_plugin_hook_handler('index', 'system', 'elgg_walled_garden_index', 1); if (!$this->isPublicPage()) { + $_SESSION['last_forward_from'] = current_page_url(); register_error(elgg_echo('loggedinrequired')); forward(); } @@ -413,6 +415,8 @@ class ElggSite extends ElggEntity { 'resetpassword', 'action/user/requestnewpassword', 'action/user/passwordreset', + 'action/security/refreshtoken', + 'ajax/view/js/languages', 'upgrade\.php', 'xml-rpc\.php', 'mt/mt-xmlrpc\.cgi', diff --git a/engine/classes/Locatable.php b/engine/classes/Locatable.php index 0977dde99..7287d9798 100644 --- a/engine/classes/Locatable.php +++ b/engine/classes/Locatable.php @@ -13,7 +13,7 @@ interface Locatable { * @param string $location Textual representation of location * * @return bool - **/ + */ public function setLocation($location); /** diff --git a/engine/handlers/cache_handler.php b/engine/handlers/cache_handler.php index 7d6f42dc3..94a0e64e9 100644 --- a/engine/handlers/cache_handler.php +++ b/engine/handlers/cache_handler.php @@ -64,7 +64,7 @@ $view = $matches[3]; switch ($type) { case 'css': header("Content-type: text/css", true); - header('Expires: ' . date('r', time() + 86400000), true); + header('Expires: ' . date('r', strtotime("+6 months")), true); header("Pragma: public", true); header("Cache-Control: public", true); @@ -72,7 +72,7 @@ switch ($type) { break; case 'js': header('Content-type: text/javascript', true); - header('Expires: ' . date('r', time() + 864000000), true); + header('Expires: ' . date('r', strtotime("+6 months")), true); header("Pragma: public", true); header("Cache-Control: public", true); diff --git a/engine/lib/access.php b/engine/lib/access.php index 6da747463..97f744fb9 100644 --- a/engine/lib/access.php +++ b/engine/lib/access.php @@ -1,9 +1,9 @@ <?php /** - * Primary function for Elgg's entity and metadata access systems. + * Functions for Elgg's access system for entities, metadata, and annotations. * * Access is generally saved in the database as access_id. This corresponds to - * one of the ACCESS_* constants defined in {@link elgglib.php}, or the ID of an + * one of the ACCESS_* constants defined in {@link elgglib.php} or the ID of an * access collection. * * @package Elgg.Core @@ -16,15 +16,16 @@ * * @uses get_access_array * - * @return string A list of access collections suitable for injection in an SQL call * @link http://docs.elgg.org/Access * @see get_access_array() * * @param int $user_id User ID; defaults to currently logged in user * @param int $site_id Site ID; defaults to current site - * @param bool $flush If set to true, will refresh the access list from the database + * @param bool $flush If set to true, will refresh the access list from the + * database rather than using this function's cache. * - * @return string + * @return string A list of access collections suitable for using in an SQL call + * @access private */ function get_access_list($user_id = 0, $site_id = 0, $flush = false) { global $CONFIG, $init_finished; @@ -56,20 +57,30 @@ function get_access_list($user_id = 0, $site_id = 0, $flush = false) { /** * Returns an array of access IDs a user is permitted to see. * - * Can be overridden with the access:collections:read, user plugin hook. + * Can be overridden with the 'access:collections:read', 'user' plugin hook. + * + * This returns a list of all the collection ids a user owns or belongs + * to plus public and logged in access levels. If the user is an admin, it includes + * the private access level. + * + * @internal this is only used in core for creating the SQL where clause when + * retrieving content from the database. The friends access level is handled by + * get_access_sql_suffix(). * - * @param int $user_id User ID; defaults to currently logged in user - * @param int $site_id Site ID; defaults to current site - * @param boolean $flush If set to true, will refresh the access list from the database + * @see get_write_access_array() for the access levels that a user can write to. + * + * @param int $user_id User ID; defaults to currently logged in user + * @param int $site_id Site ID; defaults to current site + * @param bool $flush If set to true, will refresh the access ids from the + * database rather than using this function's cache. * * @return array An array of access collections ids - * @see get_access_list() */ function get_access_array($user_id = 0, $site_id = 0, $flush = false) { global $CONFIG, $init_finished; // @todo everything from the db is cached. - // this cache might be redundant. But cache is flushed on every db write. + // this cache might be redundant. But db cache is flushed on every db write. static $access_array; if (!isset($access_array) || (!isset($init_finished)) || (!$init_finished)) { @@ -103,7 +114,7 @@ function get_access_array($user_id = 0, $site_id = 0, $flush = false) { if ($collections = get_data($query)) { foreach ($collections as $collection) { if (!empty($collection->access_collection_id)) { - $tmp_access_array[] = $collection->access_collection_id; + $tmp_access_array[] = (int)$collection->access_collection_id; } } } @@ -115,7 +126,7 @@ function get_access_array($user_id = 0, $site_id = 0, $flush = false) { if ($collections = get_data($query)) { foreach ($collections as $collection) { if (!empty($collection->id)) { - $tmp_access_array[] = $collection->id; + $tmp_access_array[] = (int)$collection->id; } } } @@ -180,11 +191,9 @@ $ENTITY_SHOW_HIDDEN_OVERRIDE = false; /** * Show or hide disabled entities. * - * @access private - * * @param bool $show_hidden Show disabled entities. - * * @return void + * @access private */ function access_show_hidden_entities($show_hidden) { global $ENTITY_SHOW_HIDDEN_OVERRIDE; @@ -194,8 +203,8 @@ function access_show_hidden_entities($show_hidden) { /** * Return current status of showing disabled entities. * - * @access private * @return bool + * @access private */ function access_get_show_hidden_status() { global $ENTITY_SHOW_HIDDEN_OVERRIDE; @@ -203,48 +212,11 @@ function access_get_show_hidden_status() { } /** - * Add annotation restriction - * - * Returns an SQL fragment that is true (or optionally false) if the given user has - * added an annotation with the given name to the given entity. - * - * @todo This is fairly generic so perhaps it could be moved to annotations.php - * - * @param string $annotation_name Name of the annotation - * @param string $entity_guid SQL GUID of entity the annotation is attached to. - * @param string $owner_guid SQL string that evaluates to the GUID of the annotation owner - * @param boolean $exists If true, returns BOOL if the annotation exists - * - * @return string An SQL fragment suitable for inserting into a WHERE clause - * @todo Document and maybe even remove. At least rename to something that makes sense. - */ -function get_annotation_sql($annotation_name, $entity_guid, $owner_guid, $exists) { - global $CONFIG; - - if ($exists) { - $not = ''; - } else { - $not = 'NOT'; - } - - $sql = <<<END -$not EXISTS (SELECT * FROM {$CONFIG->dbprefix}annotations a -INNER JOIN {$CONFIG->dbprefix}metastrings ms ON (a.name_id = ms.id) -WHERE ms.string = '$annotation_name' -AND a.entity_guid = $entity_guid -AND a.owner_guid = $owner_guid) -END; - return $sql; -} - -/** * Returns the SQL where clause for a table with a access_id and enabled columns. * - * This handles returning where clauses for ACCESS_FRIENDS, and the currently - * unused block and filter lists. - * - * @warning If an admin is logged in or {@link elgg_set_ignore_access()} is true, - * this will return blank. + * This handles returning where clauses for ACCESS_FRIENDS and the currently + * unused block and filter lists in addition to using get_access_list() for + * access collections and the standard access levels. * * @param string $table_prefix Optional table. prefix for the access code. * @param int $owner The guid to check access for. Defaults to logged in user. @@ -260,7 +232,7 @@ function get_access_sql_suffix($table_prefix = '', $owner = null) { $enemies_bit = ""; if ($table_prefix) { - $table_prefix = sanitise_string($table_prefix) . "."; + $table_prefix = sanitise_string($table_prefix) . "."; } if (!isset($owner)) { @@ -277,6 +249,7 @@ function get_access_sql_suffix($table_prefix = '', $owner = null) { if ($ignore_access) { $sql = " (1 = 1) "; } else if ($owner != -1) { + // we have an entity's guid and auto check for friend relationships $friends_bit = "{$table_prefix}access_id = " . ACCESS_FRIENDS . " AND {$table_prefix}owner_guid IN ( SELECT guid_one FROM {$CONFIG->dbprefix}entity_relationships @@ -285,14 +258,15 @@ function get_access_sql_suffix($table_prefix = '', $owner = null) { $friends_bit = '(' . $friends_bit . ') OR '; + // @todo untested and unsupported at present if ((isset($CONFIG->user_block_and_filter_enabled)) && ($CONFIG->user_block_and_filter_enabled)) { // check to see if the user is in the entity owner's block list // or if the entity owner is in the user's filter list // if so, disallow access - $enemies_bit = get_annotation_sql('elgg_block_list', "{$table_prefix}owner_guid", $owner, false); + $enemies_bit = get_access_restriction_sql('elgg_block_list', "{$table_prefix}owner_guid", $owner, false); $enemies_bit = '(' . $enemies_bit - . ' AND ' . get_annotation_sql('elgg_filter_list', $owner, "{$table_prefix}owner_guid", false) + . ' AND ' . get_access_restriction_sql('elgg_filter_list', $owner, "{$table_prefix}owner_guid", false) . ')'; } } @@ -319,19 +293,59 @@ function get_access_sql_suffix($table_prefix = '', $owner = null) { } /** - * Can $user access $entity. + * Get the where clause for an access restriction based on annotations + * + * Returns an SQL fragment that is true (or optionally false) if the given user has + * added an annotation with the given name to the given entity. + * + * @warning this is a private function for an untested capability and will likely + * be removed from a future version of Elgg. + * + * @param string $annotation_name Name of the annotation + * @param string $entity_guid SQL GUID of entity the annotation is attached to. + * @param string $owner_guid SQL string that evaluates to the GUID of the annotation owner + * @param boolean $exists If true, returns BOOL if the annotation exists + * + * @return string An SQL fragment suitable for inserting into a WHERE clause + * @access private + */ +function get_access_restriction_sql($annotation_name, $entity_guid, $owner_guid, $exists) { + global $CONFIG; + + if ($exists) { + $not = ''; + } else { + $not = 'NOT'; + } + + $sql = <<<END +$not EXISTS (SELECT * FROM {$CONFIG->dbprefix}annotations a +INNER JOIN {$CONFIG->dbprefix}metastrings ms ON (a.name_id = ms.id) +WHERE ms.string = '$annotation_name' +AND a.entity_guid = $entity_guid +AND a.owner_guid = $owner_guid) +END; + return $sql; +} + +/** + * Can a user access an entity. * * @warning If a logged in user doesn't have access to an entity, the * core engine will not load that entity. * - * @tip This is mostly useful for checking if a 3rd user has access - * to an entity that is currently loaded. + * @tip This is mostly useful for checking if a user other than the logged in + * user has access to an entity that is currently loaded. + * + * @todo This function would be much more useful if we could pass the guid of the + * entity to test access for. We need to be able to tell whether the entity exists + * and whether the user has access to the entity. * * @param ElggEntity $entity The entity to check access for. * @param ElggUser $user Optionally user to check access for. Defaults to - * logged in user (which doesn't make sense). + * logged in user (which is a useless default). * - * @return boolean True if the user can access the entity + * @return bool * @link http://docs.elgg.org/Access */ function has_access_to_entity($entity, $user = null) { @@ -354,12 +368,27 @@ function has_access_to_entity($entity, $user = null) { } /** - * Returns an array of access permissions that the user is allowed to save objects with. - * Permissions are of the form ('id' => 'Description') + * Returns an array of access permissions that the user is allowed to save content with. + * Permissions returned are of the form (id => 'name'). + * + * Example return value in English: + * array( + * 0 => 'Private', + * -2 => 'Friends', + * 1 => 'Logged in users', + * 2 => 'Public', + * 34 => 'My favorite friends', + * ); + * + * Plugin hook of 'access:collections:write', 'user' + * + * @warning this only returns access collections that the user owns plus the + * standard access levels. It does not return access collections that the user + * belongs to such as the access collection for a group. * * @param int $user_id The user's GUID. * @param int $site_id The current site. - * @param bool $flush If this is set to true, this will ignore any cached version + * @param bool $flush If this is set to true, this will ignore a cached access array * * @return array List of access permissions * @link http://docs.elgg.org/Access @@ -384,15 +413,18 @@ function get_write_access_array($user_id = 0, $site_id = 0, $flush = false) { $query = "SELECT ag.* FROM {$CONFIG->dbprefix}access_collections ag "; $query .= " WHERE (ag.site_guid = {$site_id} OR ag.site_guid = 0)"; $query .= " AND (ag.owner_guid = {$user_id})"; + // ACCESS_PRIVATE through ACCESS_PUBLIC take 0 through 2 + // @todo this AND clause is unnecessary because of id starts at 3 for table $query .= " AND ag.id >= 3"; $tmp_access_array = array( - ACCESS_PRIVATE => elgg_echo("PRIVATE"), - ACCESS_FRIENDS => elgg_echo("access:friends:label"), - ACCESS_LOGGED_IN => elgg_echo("LOGGED_IN"), - ACCESS_PUBLIC => elgg_echo("PUBLIC") - ); - if ($collections = get_data($query)) { + ACCESS_PRIVATE => elgg_echo("PRIVATE"), + ACCESS_FRIENDS => elgg_echo("access:friends:label"), + ACCESS_LOGGED_IN => elgg_echo("LOGGED_IN"), + ACCESS_PUBLIC => elgg_echo("PUBLIC") + ); + $collections = get_data($query); + if ($collections) { foreach ($collections as $collection) { $tmp_access_array[$collection->id] = $collection->name; } @@ -410,11 +442,11 @@ function get_write_access_array($user_id = 0, $site_id = 0, $flush = false) { return $tmp_access_array; } - /** - * Can the user write to the access collection? + * Can the user change this access collection? * - * Hook into the access:collections:write, user to change this. + * Use the plugin hook of 'access:collections:write', 'user' to change this. + * @see get_write_access_array() for details on the hook. * * Respects access control disabling for admin users and {@see elgg_set_ignore_access()} * @@ -428,7 +460,7 @@ function can_edit_access_collection($collection_id, $user_guid = null) { if ($user_guid) { $user = get_entity((int) $user_guid); } else { - $user = get_loggedin_user(); + $user = elgg_get_logged_in_user_entity(); } $collection = get_access_collection($collection_id); @@ -453,6 +485,8 @@ function can_edit_access_collection($collection_id, $user_guid = null) { * Access colletions allow plugins and users to create granular access * for entities. * + * Triggers plugin hook 'access:collections:addcollection', 'collection' + * * @internal Access collections are stored in the access_collections table. * Memberships to collections are in access_collections_membership. * @@ -460,7 +494,7 @@ function can_edit_access_collection($collection_id, $user_guid = null) { * @param int $owner_guid The GUID of the owner (default: currently logged in user). * @param int $site_guid The GUID of the site (default: current site). * - * @return int|false Depending on success (the collection ID if successful). + * @return int|false The collection ID if successful and false on failure. * @link http://docs.elgg.org/Access/Collections * @see update_access_collection() * @see delete_access_collection() @@ -485,7 +519,8 @@ function create_access_collection($name, $owner_guid = 0, $site_guid = 0) { SET name = '{$name}', owner_guid = {$owner_guid}, site_guid = {$site_guid}"; - if (!$id = insert_data($q)) { + $id = insert_data($q); + if (!$id) { return false; } @@ -504,7 +539,7 @@ function create_access_collection($name, $owner_guid = 0, $site_guid = 0) { * Updates the membership in an access collection. * * @warning Expects a full list of all members that should - * be part o the access collection + * be part of the access collection * * @note This will run all hooks associated with adding or removing * members to access collections. @@ -512,7 +547,7 @@ function create_access_collection($name, $owner_guid = 0, $site_guid = 0) { * @param int $collection_id The ID of the collection. * @param array $members Array of member GUIDs * - * @return true|false Depending on success + * @return bool * @link http://docs.elgg.org/Access/Collections * @see add_user_to_access_collection() * @see remove_user_from_access_collection() @@ -585,6 +620,8 @@ function delete_access_collection($collection_id) { * @note This doesn't return the members of an access collection, * just the database row of the actual collection. * + * @see get_members_of_access_collection() + * * @param int $collection_id The collection ID * * @return object|false @@ -602,15 +639,15 @@ function get_access_collection($collection_id) { /** * Adds a user to an access collection. * - * Emits the access:collections:add_user, collection plugin hook. + * Triggers the 'access:collections:add_user', 'collection' plugin hook. * * @param int $user_guid The GUID of the user to add * @param int $collection_id The ID of the collection to add them to * - * @return true|false Depending on success - * @link http://docs.elgg.org/Access/Collections + * @return bool * @see update_access_collection() * @see remove_user_from_access_collection() + * @link http://docs.elgg.org/Access/Collections */ function add_user_to_access_collection($user_guid, $collection_id) { global $CONFIG; @@ -635,27 +672,25 @@ function add_user_to_access_collection($user_guid, $collection_id) { return false; } - try { - $q = "INSERT INTO {$CONFIG->dbprefix}access_collection_membership - SET access_collection_id = {$collection_id}, - user_guid = {$user_guid}"; - insert_data($q); - } catch (DatabaseException $e) { - return false; - } + $q = "INSERT INTO {$CONFIG->dbprefix}access_collection_membership + SET access_collection_id = {$collection_id}, user_guid = {$user_guid}"; + $result = insert_data($q); - return true; + return $result !== false; } /** * Removes a user from an access collection. * - * Emits the access:collections:remove_user, collection plugin hook. + * Triggers the 'access:collections:remove_user', 'collection' plugin hook. * * @param int $user_guid The user GUID * @param int $collection_id The access collection ID * - * @return true|false Depending on success + * @return bool + * @see update_access_collection() + * @see remove_user_from_access_collection() + * @link http://docs.elgg.org/Access/Collections */ function remove_user_from_access_collection($user_guid, $collection_id) { global $CONFIG; @@ -751,32 +786,13 @@ function get_members_of_access_collection($collection, $idonly = FALSE) { } /** - * Displays a user's access collections, using the core/friends/collections view - * - * @param int $owner_guid The GUID of the owning user - * - * @return string A formatted rendition of the collections - * @todo Move to the friends/collection.php page. - */ -function elgg_view_access_collections($owner_guid) { - if ($collections = get_user_access_collections($owner_guid)) { - foreach ($collections as $key => $collection) { - $collections[$key]->members = get_members_of_access_collection($collection->id, true); - $collections[$key]->entities = get_user_friends($owner_guid, "", 9999); - } - } - - return elgg_view('core/friends/collections', array('collections' => $collections)); -} - -/** * Return entities based upon access id. * - * @param array $options Any options accepted by {@link elgg_get_entities()} and: + * @param array $options Any options accepted by {@link elgg_get_entities()} and * access_id => int The access ID of the entity. * * @see elgg_get_entities() - * @return array + * @return mixed If count, int. If not count, array. false on errors. * @since 1.7.0 */ function elgg_get_entities_from_access_id(array $options = array()) { @@ -809,7 +825,7 @@ function elgg_get_entities_from_access_id(array $options = array()) { * @see elgg_list_entities() * @see elgg_get_entities_from_access_id() * - * @return str + * @return string */ function elgg_list_entities_from_access_id(array $options = array()) { return elgg_list_entities($options, 'elgg_get_entities_from_access_id'); @@ -821,15 +837,15 @@ function elgg_list_entities_from_access_id(array $options = array()) { * * @warning This function probably doesn't work how it's meant to. * - * @param int $entity_accessid The entity's access id + * @param int $entity_access_id The entity's access id * - * @return string e.g. Public, Private etc + * @return string 'Public', 'Private', etc. or false if error. * @since 1.7.0 * @todo I think this probably wants get_access_array() instead of get_write_access_array(), * but those two functions return different types of arrays. */ -function get_readable_access_level($entity_accessid) { - $access = (int) $entity_accessid; +function get_readable_access_level($entity_access_id) { + $access = (int) $entity_access_id; //get the access level for object in readable string $options = get_write_access_array(); @@ -851,13 +867,13 @@ function get_readable_access_level($entity_accessid) { * The access system will not return entities in any getter * functions if the user doesn't have access. * - * @internal For performance reasons this is done at the database level. + * @internal For performance reasons this is done at the database access clause level. * * @tip Use this to access entities in automated scripts * when no user is logged in. * - * @warning This will not show disabled entities. Use {@link $ENTITY_SHOW_HIDDEN_OVERRIDE} - * for that. + * @warning This will not show disabled entities. + * Use {@link access_show_hidden_entities()} to access disabled entities. * * @param bool $ignore If true, disables all access checks. * @@ -884,17 +900,20 @@ function elgg_get_ignore_access() { } /** - * Decides if the access system is being ignored. + * Decides if the access system should be ignored for a user. * - * The access system can be ignored if 1) an admin user is logged in - * or 2) {@link elgg_set_ignore_access()} was called with true. + * Returns true (meaning ignore access) if either of these 2 conditions are true: + * 1) an admin user guid is passed to this function. + * 2) {@link elgg_get_ignore_access()} returns true. * - * @param mixed $user_guid The user to check against. Defaults to logged in. + * @see elgg_set_ignore_access() + * + * @param int $user_guid The user to check against. * * @return bool * @since 1.7.0 */ -function elgg_check_access_overrides($user_guid = null) { +function elgg_check_access_overrides($user_guid = 0) { if (!$user_guid || $user_guid <= 0) { $is_admin = false; } else { @@ -907,6 +926,7 @@ function elgg_check_access_overrides($user_guid = null) { /** * Returns the ElggAccess object. * + * // @todo comment is incomplete * This is used to * * @return ElggAccess @@ -946,28 +966,32 @@ function access_init() { } /** - * Check if the access system should be overridden. + * Overrides the access system if appropriate. * * Allows admin users and calls after {@link elgg_set_ignore_access} to - * by pass the access system. + * bypass the access system. + * + * Registered for the 'permissions_check', 'all' and the + * 'container_permissions_check', 'all' plugin hooks. + * + * Returns true to override the access system or null if no change is needed. * * @return true|null - * @since 1.7.0 - * @elgg_event_handler permissions_check all + * @access private */ -function elgg_override_permissions_hook($hook, $type, $value, $params) { +function elgg_override_permissions($hook, $type, $value, $params) { $user = elgg_extract('user', $params); - if (!$user) { - $user = elgg_get_logged_in_user_entity(); + if ($user) { + $user_guid = $user->getGUID(); + } else { + $user_guid = elgg_get_logged_in_user_guid(); } - // don't do this so ignore access still works. + // don't do this so ignore access still works with no one logged in // if (!$user instanceof ElggUser) { // return false; // } - $user_guid = $user->guid; - // check for admin if ($user_guid && elgg_is_admin_user($user_guid)) { return true; @@ -984,6 +1008,7 @@ function elgg_override_permissions_hook($hook, $type, $value, $params) { /** * Runs unit tests for the entities object. + * @access private */ function access_test($hook, $type, $value, $params) { global $CONFIG; @@ -995,7 +1020,7 @@ function access_test($hook, $type, $value, $params) { elgg_register_event_handler('init', 'system', 'access_init', 9999); // For overrided permissions -elgg_register_plugin_hook_handler('permissions_check', 'all', 'elgg_override_permissions_hook'); -elgg_register_plugin_hook_handler('container_permissions_check', 'all', 'elgg_override_permissions_hook'); +elgg_register_plugin_hook_handler('permissions_check', 'all', 'elgg_override_permissions'); +elgg_register_plugin_hook_handler('container_permissions_check', 'all', 'elgg_override_permissions'); elgg_register_plugin_hook_handler('unit_test', 'system', 'access_test');
\ No newline at end of file diff --git a/engine/lib/actions.php b/engine/lib/actions.php index 99e22e104..f415842ab 100644 --- a/engine/lib/actions.php +++ b/engine/lib/actions.php @@ -2,21 +2,23 @@ /** * Elgg Actions * - * Actions are the primary controllers (The C in MVC) in Elgg. They are - * registered by {@link register_elgg_action()} and are called either by URL - * http://elggsite.org/action/action_name or {@link action($action_name}. For - * URLs, a rewrite rule in .htaccess passes the action name to - * engine/handlers/action_handler.php, which dispatches the action. + * Actions are one of the primary controllers (The C in MVC) in Elgg. They are + * registered by {@link register_elgg_action()} and are called by URL + * http://elggsite.org/action/action_name. For URLs, a rewrite rule in + * .htaccess passes the action name to engine/handlers/action_handler.php, + * which dispatches the request for the action. * - * An action name should be registered to exactly one file in the system, usually under - * the actions/ directory. + * An action name must be registered to a file in the system. Core actions are + * found in /actions/ and plugin actions are usually under /mod/<plugin>/actions/. + * It is recommended that actions be namespaced to avoid collisions. * * All actions require security tokens. Using the {@elgg_view input/form} view - * will automatically add tokens as hidden inputs. To manually add hidden inputs, - * use the {@elgg_view input/securitytoken} view. + * will automatically add tokens as hidden inputs as will the elgg_view_form() + * function. To manually add hidden inputs, use the {@elgg_view input/securitytoken} view. * * To include security tokens for actions called via GET, use - * {@link elgg_add_security_tokens_to_url()}. + * {@link elgg_add_security_tokens_to_url()} or specify is_action as true when + * using {@lgg_view output/url}. * * Action tokens can be manually generated by using {@link generate_action_token()}. * @@ -31,30 +33,30 @@ */ /** -* Perform an action. -* -* This function executes the action with name $action as -* registered by {@link elgg_register_action()}. -* -* The plugin hook action, $action_name will be emitted before -* the action is executed. If a handler returns false, it will -* prevent the action from being called. -* -* @note If an action isn't registered in the system or is registered -* to an unavailable file the user will be forwarded to the site front -* page and an error will be emitted via {@link register_error()}. -* -* @warning All actions require {@link http://docs.elgg.org/Actions/Tokens Action Tokens}. -* @warning Most plugin shouldn't call this manually. -* -* @param string $action The requested action -* @param string $forwarder Optionally, the location to forward to -* -* @link http://docs.elgg.org/Actions -* @see elgg_register_action() -* -* @return void -*/ + * Perform an action. + * + * This function executes the action with name $action as registered + * by {@link elgg_register_action()}. + * + * The plugin hook 'action', $action_name will be triggered before the action + * is executed. If a handler returns false, it will prevent the action script + * from being called. + * + * @note If an action isn't registered in the system or is registered + * to an unavailable file the user will be forwarded to the site front + * page and an error will be emitted via {@link register_error()}. + * + * @warning All actions require {@link http://docs.elgg.org/Actions/Tokens Action Tokens}. + * + * @param string $action The requested action + * @param string $forwarder Optionally, the location to forward to + * + * @link http://docs.elgg.org/Actions + * @see elgg_register_action() + * + * @return void + * @access private + */ function action($action, $forwarder = "") { global $CONFIG; @@ -123,9 +125,8 @@ function action($action, $forwarder = "") { /** * Registers an action. * - * Actions are registered to a single file in the system and are executed - * either by the URL http://elggsite.org/action/action_name or by calling - * {@link action()}. + * Actions are registered to a script in the system and are executed + * either by the URL http://elggsite.org/action/action_name/. * * $filename must be the full path of the file to register, or a path relative * to the core actions/ dir. @@ -137,8 +138,7 @@ function action($action, $forwarder = "") { * * @tip Put action files under the actions/<plugin_name> directory of your plugin. * - * @tip You don't need to include engine/start.php, call {@link gatekeeper()}, - * or call {@link admin_gatekeeper()}. + * @tip You don't need to include engine/start.php in your action files. * * @internal Actions are saved in $CONFIG->actions as an array in the form: * <code> @@ -151,13 +151,13 @@ function action($action, $forwarder = "") { * @param string $action The name of the action (eg "register", "account/settings/save") * @param string $filename Optionally, the filename where this action is located. If not specified, * will assume the action is in elgg/actions/<action>.php - * @param string $access Who is allowed to execute this action: admin, public, or logged_in. + * @param string $access Who is allowed to execute this action: public, logged_in, admin. * (default: logged_in) * * @see action() * @see http://docs.elgg.org/Actions * - * @return true + * @return bool */ function elgg_register_action($action, $filename = "", $access = 'logged_in') { global $CONFIG; @@ -187,16 +187,31 @@ function elgg_register_action($action, $filename = "", $access = 'logged_in') { } /** + * Unregisters an action + * + * @param string $action Action name + * @return bool + * @since 1.8.1 + */ +function elgg_unregister_action($action) { + global $CONFIG; + + if (isset($CONFIG->actions[$action])) { + unset($CONFIG->actions[$action]); + return true; + } else { + return false; + } +} + +/** * Validate an action token. * - * Calls to actions will automatically validate tokens. - * If tokens are not present or invalid, the action will be - * denied and the user will be redirected to the front page. + * Calls to actions will automatically validate tokens. If tokens are not + * present or invalid, the action will be denied and the user will be redirected. * * Plugin authors should never have to manually validate action tokens. * - * @access private - * * @param bool $visibleerrors Emit {@link register_error()} errors on failure? * @param mixed $token The token to test against. Default: $_REQUEST['__elgg_token'] * @param mixed $ts The time stamp to test against. Default: $_REQUEST['__elgg_ts'] @@ -204,6 +219,7 @@ function elgg_register_action($action, $filename = "", $access = 'logged_in') { * @return bool * @see generate_action_token() * @link http://docs.elgg.org/Actions/Tokens + * @access private */ function validate_action_token($visibleerrors = TRUE, $token = NULL, $ts = NULL) { global $CONFIG; @@ -265,17 +281,17 @@ function validate_action_token($visibleerrors = TRUE, $token = NULL, $ts = NULL) } /** -* Validates the presence of action tokens. -* -* This function is called for all actions. If action tokens are missing, -* the user will be forwarded to the site front page and an error emitted. -* -* This function verifies form input for security features (like a generated token), and forwards -* the page if they are invalid. -* -* @access private -* @return mixed True if valid, or redirects to front page and exists. -*/ + * Validates the presence of action tokens. + * + * This function is called for all actions. If action tokens are missing, + * the user will be forwarded to the site front page and an error emitted. + * + * This function verifies form input for security features (like a generated token), + * and forwards if they are invalid. + * + * @return mixed True if valid or redirects. + * @access private + */ function action_gatekeeper() { if (validate_action_token()) { return TRUE; @@ -301,6 +317,7 @@ function action_gatekeeper() { * @example actions/manual_tokens.php * * @return string|false + * @access private */ function generate_action_token($timestamp) { $site_secret = get_site_secret(); @@ -352,7 +369,7 @@ function get_site_secret() { } /** - * Check if an action is registered and its file exists. + * Check if an action is registered and its script exists. * * @param string $action Action name * @@ -366,21 +383,10 @@ function elgg_action_exists($action) { } /** - * Initialize some ajaxy actions features - */ -function actions_init() { - elgg_register_action('security/refreshtoken', '', 'public'); - - elgg_register_simplecache_view('js/languages/en'); - - elgg_register_plugin_hook_handler('action', 'all', 'ajax_action_hook'); - elgg_register_plugin_hook_handler('forward', 'all', 'ajax_forward_hook'); -} - -/** * Checks whether the request was requested via ajax * * @return bool whether page was requested via ajax + * @since 1.8.0 */ function elgg_is_xhr() { return isset($_SERVER['HTTP_X_REQUESTED_WITH']) @@ -409,7 +415,8 @@ function elgg_is_xhr() { * @param string $type * @param string $reason * @param array $params - * + * @return void + * @access private */ function ajax_forward_hook($hook, $type, $reason, $params) { if (elgg_is_xhr()) { @@ -464,6 +471,8 @@ function ajax_forward_hook($hook, $type, $reason, $params) { /** * Buffer all output echo'd directly in the action for inclusion in the returned JSON. + * @return void + * @access private */ function ajax_action_hook() { if (elgg_is_xhr()) { @@ -471,4 +480,17 @@ function ajax_action_hook() { } } +/** + * Initialize some ajaxy actions features + * @access private + */ +function actions_init() { + elgg_register_action('security/refreshtoken', '', 'public'); + + elgg_register_simplecache_view('js/languages/en'); + + elgg_register_plugin_hook_handler('action', 'all', 'ajax_action_hook'); + elgg_register_plugin_hook_handler('forward', 'all', 'ajax_forward_hook'); +} + elgg_register_event_handler('init', 'system', 'actions_init'); diff --git a/engine/lib/admin.php b/engine/lib/admin.php index 93ee43008..3baf2ff61 100644 --- a/engine/lib/admin.php +++ b/engine/lib/admin.php @@ -212,8 +212,8 @@ function elgg_register_admin_menu_item($section, $menu_id, $parent_id = NULL, $p /** * Initialize the admin backend. - * * @return void + * @access private */ function admin_init() { elgg_register_action('admin/user/ban', '', 'admin'); @@ -230,8 +230,6 @@ function admin_init() { elgg_register_action('admin/delete_admin_notice', '', 'admin'); - elgg_register_action('admin/plugins/simple_update_states', '', 'admin'); - elgg_register_action('profile/fields/reset', '', 'admin'); elgg_register_action('profile/fields/add', '', 'admin'); elgg_register_action('profile/fields/edit', '', 'admin'); @@ -316,7 +314,7 @@ function admin_init() { // automatic adding of widgets for admin elgg_register_event_handler('make_admin', 'user', 'elgg_add_admin_widgets'); - elgg_register_page_handler('admin', 'admin_settings_page_handler'); + elgg_register_page_handler('admin', 'admin_page_handler'); elgg_register_page_handler('admin_plugin_screenshot', 'admin_plugin_screenshot_page_handler'); elgg_register_page_handler('admin_plugin_text_file', 'admin_markdown_page_handler'); } @@ -366,6 +364,7 @@ function elgg_admin_add_plugin_settings_menu() { * * @return void * @since 1.8.0 + * @access private */ function elgg_admin_sort_page_menu($hook, $type, $return, $params) { $configure_items = $return['configure']; @@ -428,9 +427,10 @@ function admin_pagesetup() { * * @param array $page Array of pages * - * @return void + * @return bool + * @access private */ -function admin_settings_page_handler($page) { +function admin_page_handler($page) { admin_gatekeeper(); elgg_admin_add_plugin_settings_menu(); @@ -478,6 +478,7 @@ function admin_settings_page_handler($page) { $body = elgg_view_layout('admin', array('content' => $content, 'title' => $title)); echo elgg_view_page($title, $body, 'admin'); + return true; } /** @@ -485,7 +486,8 @@ function admin_settings_page_handler($page) { * admin_plugin_screenshot/<plugin_id>/<size>/<ss_name>.<ext> * * @param array $pages The pages array - * @return true + * @return bool + * @access private */ function admin_plugin_screenshot_page_handler($pages) { // only admins can use this for security @@ -523,7 +525,6 @@ function admin_plugin_screenshot_page_handler($pages) { echo file_get_contents($file); break; } - return true; } @@ -540,6 +541,8 @@ function admin_plugin_screenshot_page_handler($pages) { * * LICENSE.txt * * @param type $page + * @return bool + * @access private */ function admin_markdown_page_handler($pages) { admin_gatekeeper(); @@ -594,12 +597,14 @@ function admin_markdown_page_handler($pages) { )); echo elgg_view_page($title, $body, 'admin'); + return true; } /** * Adds default admin widgets to the admin dashboard. * * @return void + * @access private */ function elgg_add_admin_widgets($event, $type, $user) { elgg_set_ignore_access(true); diff --git a/engine/lib/annotations.php b/engine/lib/annotations.php index 80ffbe74e..e40ab2e39 100644 --- a/engine/lib/annotations.php +++ b/engine/lib/annotations.php @@ -13,6 +13,7 @@ * @param stdClass $row Db row result object * * @return ElggAnnotation + * @access private */ function row_to_elggannotation($row) { if (!($row instanceof stdClass)) { @@ -55,14 +56,14 @@ function elgg_delete_annotation_by_id($id) { * @param int $entity_guid Entity Guid * @param string $name Name of annotation * @param string $value Value of annotation - * @param string $value_type Type of value - * @param int $owner_guid Owner of annotation + * @param string $value_type Type of value (default is auto detection) + * @param int $owner_guid Owner of annotation (default is logged in user) * @param int $access_id Access level of annotation * * @return int|bool id on success or false on failure */ -function create_annotation($entity_guid, $name, $value, $value_type, -$owner_guid, $access_id = ACCESS_PRIVATE) { +function create_annotation($entity_guid, $name, $value, $value_type = '', +$owner_guid = 0, $access_id = ACCESS_PRIVATE) { global $CONFIG; $result = false; @@ -213,7 +214,7 @@ function elgg_get_annotations(array $options = array()) { * * @param array $options An options array. {@See elgg_get_annotations()} * @return mixed - * @since 1.8 + * @since 1.8.0 */ function elgg_delete_annotations(array $options) { if (!elgg_is_valid_options_for_batch_operation($options, 'annotations')) { @@ -231,7 +232,7 @@ function elgg_delete_annotations(array $options) { * * @param array $options An options array. {@See elgg_get_annotations()} * @return mixed - * @since 1.8 + * @since 1.8.0 */ function elgg_disable_annotations(array $options) { if (!elgg_is_valid_options_for_batch_operation($options, 'annotations')) { @@ -249,7 +250,7 @@ function elgg_disable_annotations(array $options) { * * @param array $options An options array. {@See elgg_get_annotations()} * @return mixed - * @since 1.8 + * @since 1.8.0 */ function elgg_enable_annotations(array $options) { if (!$options || !is_array($options)) { @@ -267,7 +268,7 @@ function elgg_enable_annotations(array $options) { * {@see elgg_get_annotations()} and {@see elgg_list_entities()}. * * @return string The list of entities - * @since 1.8 + * @since 1.8.0 */ function elgg_list_annotations($options) { $defaults = array( @@ -285,14 +286,12 @@ function elgg_list_annotations($options) { */ /** - * Returns entities based upon annotations. Accepts the same values as - * elgg_get_entities_from_metadata() but uses the annotations table. + * Returns entities based upon annotations. Also accepts all options available + * to elgg_get_entities() and elgg_get_entities_from_metadata(). * - * NB: Entity creation time is selected as max_time. To sort based upon + * Entity creation time is selected as maxtime. To sort based upon * this, pass 'order_by' => 'maxtime asc' || 'maxtime desc' * - * time_created in this case will be the time the annotation was created. - * * @see elgg_get_entities * @see elgg_get_entities_from_metadata * @@ -321,7 +320,7 @@ function elgg_list_annotations($options) { * * annotation_ids => NULL|ARR Annotation IDs * - * @return array + * @return mixed If count, int. If not count, array. false on errors. * @since 1.7.0 */ function elgg_get_entities_from_annotations(array $options = array()) { @@ -379,7 +378,7 @@ function elgg_get_entities_from_annotations(array $options = array()) { * @see elgg_get_entities_from_annotations() * @see elgg_list_entities() * - * @return str + * @return string */ function elgg_list_entities_from_annotations($options = array()) { return elgg_list_entities($options, 'elgg_get_entities_from_annotations'); @@ -398,7 +397,7 @@ function elgg_list_entities_from_annotations($options = array()) { * 'metadata_names' => The name of metadata on the entity. * 'metadata_values' => The value of metadata on the entitiy. * - * @return mixed + * @return mixed If count, int. If not count, array. false on errors. */ function elgg_get_entities_from_annotation_calculation($options) { $db_prefix = elgg_get_config('dbprefix'); @@ -451,6 +450,7 @@ function elgg_list_entities_from_annotation_calculation($options) { * @elgg_plugin_hook export all * * @return mixed + * @access private */ function export_annotation_plugin_hook($hook, $entity_type, $returnvalue, $params) { // Sanity check values @@ -547,6 +547,7 @@ elgg_register_plugin_hook_handler('unit_test', 'system', 'annotations_test'); /** * Register annotation unit tests + * @access private */ function annotations_test($hook, $type, $value, $params) { global $CONFIG; diff --git a/engine/lib/cache.php b/engine/lib/cache.php index 11c95e78a..a6ebe2a30 100644 --- a/engine/lib/cache.php +++ b/engine/lib/cache.php @@ -89,7 +89,7 @@ function elgg_filepath_cache_load($type) { * Uses the 'viewpath_cache_enabled' datalist with a boolean value. * Resets the views paths cache. * - * @return null + * @return void */ function elgg_enable_filepath_cache() { global $CONFIG; @@ -105,7 +105,7 @@ function elgg_enable_filepath_cache() { * Uses the 'viewpath_cache_enabled' datalist with a boolean value. * Resets the views paths cache. * - * @return null + * @return void */ function elgg_disable_filepath_cache() { global $CONFIG; @@ -129,7 +129,11 @@ function elgg_disable_filepath_cache() { * @warning Simple cached views must take no parameters and return * the same content no matter who is logged in. * - * @note CSS and the basic JS views are cached by the engine. + * @example + * $blog_js = elgg_get_simplecache_url('js', 'blog/save_draft'); + * elgg_register_simplecache_view('js/blog/save_draft'); + * elgg_register_js('elgg.blog', $blog_js); + * elgg_load_js('elgg.blog'); * * @param string $viewname View name * @@ -155,6 +159,9 @@ function elgg_register_simplecache_view($viewname) { /** * Get the URL for the cached file * + * @warning You must register the view with elgg_register_simplecache_view() + * for caching to work. See elgg_register_simplecache_view() for a full example. + * * @param string $type The file type: css or js * @param string $view The view name * @return string @@ -180,7 +187,7 @@ function elgg_get_simplecache_url($type, $view) { * * @warning This does not invalidate the cache, but actively resets it. * - * @param string $viewtype Optional viewtype to regenerate + * @param string $viewtype Optional viewtype to regenerate. Defaults to all valid viewtypes. * * @return void * @see elgg_register_simplecache_view() @@ -302,7 +309,8 @@ function elgg_disable_simplecache() { } /** - * Invalidates all cached views in the simplecache + * Deletes all cached views in the simplecache and sets the lastcache and + * lastupdate time to 0 for every valid viewtype. * * @return bool * @since 1.7.4 @@ -310,19 +318,36 @@ function elgg_disable_simplecache() { function elgg_invalidate_simplecache() { global $CONFIG; - $return = TRUE; + if (!isset($CONFIG->views->simplecache) || !is_array($CONFIG->views->simplecache)) { + return false; + } - if ($handle = opendir($CONFIG->dataroot . 'views_simplecache')) { - while (false !== ($file = readdir($handle))) { - if ($file != "." && $file != "..") { - $return = $return && unlink($CONFIG->dataroot . 'views_simplecache/' . $file); - } + $handle = opendir($CONFIG->dataroot . 'views_simplecache'); + + if (!$handle) { + return false; + } + + // remove files. + $return = true; + while (false !== ($file = readdir($handle))) { + if ($file != "." && $file != "..") { + $return = $return && unlink($CONFIG->dataroot . 'views_simplecache/' . $file); } - closedir($handle); - } else { - $return = FALSE; + } + closedir($handle); + + // reset cache times + $viewtypes = $CONFIG->view_types; + + if (!is_array($viewtypes)) { + return false; + } + + foreach ($viewtypes as $viewtype) { + $return = $return && datalist_set("simplecache_lastupdate_$viewtype", 0); + $return = $return && datalist_set("simplecache_lastcached_$viewtype", 0); } return $return; } - diff --git a/engine/lib/calendar.php b/engine/lib/calendar.php index a882aedbe..9a06c5292 100644 --- a/engine/lib/calendar.php +++ b/engine/lib/calendar.php @@ -16,6 +16,7 @@ * @param int $year Year * * @return int + * @access private */ function get_day_start($day = null, $month = null, $year = null) { return mktime(0, 0, 0, $month, $day, $year); @@ -29,6 +30,7 @@ function get_day_start($day = null, $month = null, $year = null) { * @param int $year Year * * @return int + * @access private */ function get_day_end($day = null, $month = null, $year = null) { return mktime(23, 59, 59, $month, $day, $year); @@ -50,6 +52,7 @@ function get_day_end($day = null, $month = null, $year = null) { * @param mixed $container_guid Container or containers to get entities from (default: any). * * @return array|false + * @access private */ function get_notable_entities($start_time, $end_time, $type = "", $subtype = "", $owner_guid = 0, $order_by = "asc", $limit = 10, $offset = 0, $count = false, $site_guid = 0, @@ -197,6 +200,7 @@ $container_guid = null) { * @param bool $count If true, returns count instead of entities. (Default: false) * * @return int|array A list of entities, or a count if $count is set to true + * @access private */ function get_notable_entities_from_metadata($start_time, $end_time, $meta_name, $meta_value = "", $entity_type = "", $entity_subtype = "", $owner_guid = 0, $limit = 10, $offset = 0, $order_by = "", @@ -326,6 +330,7 @@ $site_guid = 0, $count = false) { * @param int $site_guid Site to get entities for. Default 0 = current site. -1 = any * * @return array|int|false An array of entities, or the number of entities, or false on failure + * @access private */ function get_noteable_entities_from_relationship($start_time, $end_time, $relationship, $relationship_guid, $inverse_relationship = false, $type = "", $subtype = "", $owner_guid = 0, @@ -435,6 +440,7 @@ $order_by = "", $limit = 10, $offset = 0, $count = false, $site_guid = 0) { * @param mixed $container_guid Container(s) to get entities from (default: any). * * @return array|false + * @access private */ function get_todays_entities($type = "", $subtype = "", $owner_guid = 0, $order_by = "", $limit = 10, $offset = 0, $count = false, $site_guid = 0, $container_guid = null) { @@ -461,6 +467,7 @@ $limit = 10, $offset = 0, $count = false, $site_guid = 0, $container_guid = null * @param bool $count If true, returns count instead of entities. (Default: false) * * @return int|array A list of entities, or a count if $count is set to true + * @access private */ function get_todays_entities_from_metadata($meta_name, $meta_value = "", $entity_type = "", $entity_subtype = "", $owner_guid = 0, $limit = 10, $offset = 0, $order_by = "", $site_guid = 0, @@ -491,6 +498,7 @@ $count = false) { * @param int $site_guid Site to get entities for. Default 0 = current site. -1 = any * * @return array|int|false An array of entities, or the number of entities, or false on failure + * @access private */ function get_todays_entities_from_relationship($relationship, $relationship_guid, $inverse_relationship = false, $type = "", $subtype = "", $owner_guid = 0, @@ -520,6 +528,7 @@ $order_by = "", $limit = 10, $offset = 0, $count = false, $site_guid = 0) { * @param boolean $navigation Display pagination? Default: true * * @return string A viewable list of entities + * @access private */ function list_notable_entities($start_time, $end_time, $type= "", $subtype = "", $owner_guid = 0, $limit = 10, $fullview = true, $listtypetoggle = false, $navigation = true) { @@ -549,6 +558,7 @@ $limit = 10, $fullview = true, $listtypetoggle = false, $navigation = true) { * @param boolean $navigation Display pagination? Default: true * * @return string A viewable list of entities + * @access private */ function list_todays_entities($type= "", $subtype = "", $owner_guid = 0, $limit = 10, $fullview = true, $listtypetoggle = false, $navigation = true) { diff --git a/engine/lib/configuration.php b/engine/lib/configuration.php index b756d2e70..615063f3d 100644 --- a/engine/lib/configuration.php +++ b/engine/lib/configuration.php @@ -168,6 +168,7 @@ function elgg_save_config($name, $value, $site_guid = 0) { * * @throws InstallationException * @return void + * @access private */ function verify_installation() { global $CONFIG; @@ -212,6 +213,7 @@ $DATALIST_CACHE = array(); * * @param string $name The name of the datalist * @return string|null|false String if value exists, null if doesn't, false on error + * @access private */ function datalist_get($name) { global $CONFIG, $DATALIST_CACHE; @@ -272,6 +274,7 @@ function datalist_get($name) { * @param string $value The new value * * @return bool + * @access private */ function datalist_set($name, $value) { global $CONFIG, $DATALIST_CACHE; @@ -402,6 +405,7 @@ function unset_config($name, $site_guid = 0) { * @todo Use "INSERT ... ON DUPLICATE KEY UPDATE" instead of trying to delete then add. * @see unset_config() * @see get_config() + * @access private */ function set_config($name, $value, $site_guid = 0) { global $CONFIG; @@ -443,6 +447,7 @@ function set_config($name, $value, $site_guid = 0) { * @return mixed|null * @see set_config() * @see unset_config() + * @access private */ function get_config($name, $site_guid = 0) { global $CONFIG; @@ -464,11 +469,6 @@ function get_config($name, $site_guid = 0) { $dep_version = 1.8; break; - case 'wwwroot': - $new_name = 'www_root'; - $dep_version = 1.8; - break; - case 'sitename': $new_name = 'site_name'; $dep_version = 1.8; @@ -509,6 +509,7 @@ function get_config($name, $site_guid = 0) { * @param int $site_guid Optionally, the GUID of the site (current site is assumed by default) * * @return bool + * @access private */ function get_all_config($site_guid = 0) { global $CONFIG; @@ -536,6 +537,7 @@ function get_all_config($site_guid = 0) { * loads them into $CONFIG. * * @return true + * @access private */ function set_default_config() { global $CONFIG; @@ -553,7 +555,7 @@ function set_default_config() { 'path' => "$install_root/", 'view_path' => "$install_root/views/", 'plugins_path' => "$install_root/mod/", - 'www_root' => $www_root, + 'wwwroot' => $www_root, 'url' => $www_root, 'site_name' => 'New Elgg site', 'language' => 'en', @@ -561,8 +563,6 @@ function set_default_config() { // compatibility with old names for ppl not using get_config() 'viewpath' => "$install_root/views/", 'pluginspath' => "$install_root/mod/", - 'wwwroot' => $www_root, - 'url' => $www_root, 'sitename' => 'New Elgg site', ); @@ -572,6 +572,8 @@ function set_default_config() { } } + $CONFIG->context = array(); + return true; } @@ -584,6 +586,7 @@ function set_default_config() { * * @elgg_event boot system * @return true|null + * @access private */ function configuration_boot() { global $CONFIG; diff --git a/engine/lib/cron.php b/engine/lib/cron.php index 2a0b1d665..f7a032f4a 100644 --- a/engine/lib/cron.php +++ b/engine/lib/cron.php @@ -10,6 +10,7 @@ * Cron initialization * * @return void + * @access private */ function cron_init() { // Register a pagehandler for cron @@ -24,7 +25,8 @@ function cron_init() { * * @param array $page Pages * - * @return void + * @return bool + * @access private */ function cron_page_handler($page) { global $CONFIG; @@ -48,10 +50,6 @@ function cron_page_handler($page) { $params = array(); $params['time'] = time(); - foreach ($CONFIG->input as $k => $v) { - $params[$k] = $v; - } - // Data to return to $std_out = ""; $old_stdout = ""; @@ -61,6 +59,7 @@ function cron_page_handler($page) { $std_out = ob_get_clean(); echo $std_out . $old_stdout; + return true; } /** @@ -72,6 +71,7 @@ function cron_page_handler($page) { * @param mixed $params Params * * @return array + * @access private */ function cron_public_pages($hook, $type, $return_value, $params) { $return_value[] = 'cron/minute'; diff --git a/engine/lib/database.php b/engine/lib/database.php index 7747eb0d5..c44fdf1fd 100644 --- a/engine/lib/database.php +++ b/engine/lib/database.php @@ -72,6 +72,7 @@ $dbcalls = 0; * resource. eg "read", "write", or "readwrite". * * @return void + * @access private */ function establish_db_link($dblinkname = "readwrite") { // Get configuration, and globalise database link @@ -130,6 +131,7 @@ function establish_db_link($dblinkname = "readwrite") { * links up separately; otherwise just create the one database link. * * @return void + * @access private */ function setup_db_connections() { global $CONFIG, $dblink; @@ -146,6 +148,7 @@ function setup_db_connections() { * Display profiling information about db at NOTICE debug level upon shutdown. * * @return void + * @access private */ function db_profiling_shutdown_hook() { global $dbcalls; @@ -158,15 +161,23 @@ function db_profiling_shutdown_hook() { * Execute any delayed queries upon shutdown. * * @return void + * @access private */ function db_delayedexecution_shutdown_hook() { global $DB_DELAYED_QUERIES; foreach ($DB_DELAYED_QUERIES as $query_details) { - // use one of our db functions so it is included in profiling. - $result = execute_query($query_details['q'], $query_details['l']); - try { + $link = $query_details['l']; + + if ($link == 'read' || $link == 'write') { + $link = get_db_link($link); + } elseif (!is_resource($link)) { + elgg_log("Link for delayed query not valid resource or db_link type. Query: {$query_details['q']}", 'WARNING'); + } + + $result = execute_query($query_details['q'], $link); + if ((isset($query_details['h'])) && (is_callable($query_details['h']))) { $query_details['h']($result); } @@ -184,6 +195,7 @@ function db_delayedexecution_shutdown_hook() { * * @return true * @elgg_event_handler boot system + * @access private */ function init_db() { register_shutdown_function('db_delayedexecution_shutdown_hook'); @@ -202,6 +214,7 @@ function init_db() { * @param string $dblinktype The type of link we want: "read", "write" or "readwrite". * * @return object Database link + * @access private */ function get_db_link($dblinktype) { global $dblink; @@ -223,6 +236,7 @@ function get_db_link($dblinktype) { * @param mixed $link The database link resource to user. * * @return mixed An object of the query's result, or FALSE + * @access private */ function explain_query($query, $link) { if ($result = execute_query("explain " . $query, $link)) { @@ -246,6 +260,7 @@ function explain_query($query, $link) { * * @return The result of mysql_query() * @throws DatabaseException + * @access private */ function execute_query($query, $dblink) { global $CONFIG, $dbcalls; @@ -272,10 +287,11 @@ function execute_query($query, $dblink) { * the raw result from {@link mysql_query()}. * * @param string $query The query to execute - * @param resource $dblink The database link to use + * @param resource $dblink The database link to use or the link type (read | write) * @param string $handler A callback function to pass the results array to * * @return true + * @access private */ function execute_delayed_query($query, $dblink, $handler = "") { global $DB_DELAYED_QUERIES; @@ -284,6 +300,10 @@ function execute_delayed_query($query, $dblink, $handler = "") { $DB_DELAYED_QUERIES = array(); } + if (!is_resource($dblink) && $dblink != 'read' && $dblink != 'write') { + return false; + } + // Construct delayed query $delayed_query = array(); $delayed_query['q'] = $query; @@ -304,9 +324,10 @@ function execute_delayed_query($query, $dblink, $handler = "") { * @return true * @uses execute_delayed_query() * @uses get_db_link() + * @access private */ function execute_delayed_write_query($query, $handler = "") { - return execute_delayed_query($query, get_db_link('write'), $handler); + return execute_delayed_query($query, 'write', $handler); } /** @@ -318,9 +339,10 @@ function execute_delayed_write_query($query, $handler = "") { * @return true * @uses execute_delayed_query() * @uses get_db_link() + * @access private */ function execute_delayed_read_query($query, $handler = "") { - return execute_delayed_query($query, get_db_link('read'), $handler); + return execute_delayed_query($query, 'read', $handler); } /** @@ -337,6 +359,7 @@ function execute_delayed_read_query($query, $handler = "") { * * @return array An array of database result objects or callback function results. If the query * returned nothing, an empty array. + * @access private */ function get_data($query, $callback = "") { return elgg_query_runner($query, $callback, false); @@ -353,6 +376,7 @@ function get_data($query, $callback = "") { * @param string $callback A callback function * * @return mixed A single database result object or the result of the callback function. + * @access private */ function get_data_row($query, $callback = "") { return elgg_query_runner($query, $callback, true); @@ -371,15 +395,15 @@ function get_data_row($query, $callback = "") { * @return array An array of database result objects or callback function results. If the query * returned nothing, an empty array. * @since 1.8.0 + * @access private */ function elgg_query_runner($query, $callback = null, $single = false) { global $CONFIG, $DB_QUERY_CACHE; - $query = elgg_format_query($query); - - // since we want to cache results of running the callback, we need to - // need to namespace the query with the callback, and single result request. - $hash = (string)$callback . (string)$single . $query; + // Since we want to cache results of running the callback, we need to + // need to namespace the query with the callback and single result request. + // http://trac.elgg.org/ticket/4049 + $hash = (string)$callback . (int)$single . $query; // Is cached? if ($DB_QUERY_CACHE) { @@ -436,11 +460,11 @@ function elgg_query_runner($query, $callback = null, $single = false) { * * @return int|false The database id of the inserted row if a AUTO_INCREMENT field is * defined, 0 if not, and false on failure. + * @access private */ function insert_data($query) { global $CONFIG, $DB_QUERY_CACHE; - $query = elgg_format_query($query); elgg_log("DB query $query", 'NOTICE'); $dblink = get_db_link('write'); @@ -466,12 +490,12 @@ function insert_data($query) { * * @param string $query The query to run. * - * @return Bool + * @return bool + * @access private */ function update_data($query) { global $CONFIG, $DB_QUERY_CACHE; - $query = elgg_format_query($query); elgg_log("DB query $query", 'NOTICE'); $dblink = get_db_link('write'); @@ -497,11 +521,11 @@ function update_data($query) { * @param string $query The SQL query to run * * @return int|false The number of affected rows or false on failure + * @access private */ function delete_data($query) { global $CONFIG, $DB_QUERY_CACHE; - $query = elgg_format_query($query); elgg_log("DB query $query", 'NOTICE'); $dblink = get_db_link('write'); @@ -526,6 +550,7 @@ function delete_data($query) { * * @return array|false List of tables or false on failure * @static array $tables Tables found matching the database prefix + * @access private */ function get_db_tables() { global $CONFIG; @@ -568,6 +593,7 @@ function get_db_tables() { * @param string $table The name of the table to optimise * * @return bool + * @access private */ function optimize_table($table) { $table = sanitise_string($table); @@ -580,6 +606,7 @@ function optimize_table($table) { * @param resource $dblink The DB link * * @return string Database error message + * @access private */ function get_db_error($dblink) { return mysql_error($dblink); @@ -604,6 +631,7 @@ function get_db_error($dblink) { * * @return void * @throws DatabaseException + * @access private */ function run_sql_script($scriptlocation) { if ($script = file_get_contents($scriptlocation)) { @@ -648,6 +676,7 @@ function run_sql_script($scriptlocation) { * * @param string $query Query string * @return string + * @access private */ function elgg_format_query($query) { // remove newlines and extra spaces so logs are easier to read diff --git a/engine/lib/deprecated-1.8.php b/engine/lib/deprecated-1.8.php index f0f4bd9dc..e1866498b 100644 --- a/engine/lib/deprecated-1.8.php +++ b/engine/lib/deprecated-1.8.php @@ -2424,7 +2424,7 @@ $posted_max = 0, $pagination = true) { 'offset' => $offset, 'limit' => $limit, 'pagination' => $pagination, - 'list-class' => 'elgg-river-list', + 'list-class' => 'elgg-list-river', ); return elgg_view('page/components/list', $params); @@ -4735,3 +4735,40 @@ function remove_from_river_by_id($id) { return elgg_delete_river(array('id' => $id)); } + +/** + * A default page handler + * Tries to locate a suitable file to include. Only works for core pages, not plugins. + * + * @param array $page The page URL elements + * @param string $handler The base handler + * + * @return true|false Depending on success + * @deprecated 1.8 + */ +function default_page_handler($page, $handler) { + global $CONFIG; + + elgg_deprecated_notice("default_page_handler is deprecated", "1.8"); + + $page = implode('/', $page); + + // protect against including arbitary files + $page = str_replace("..", "", $page); + + $callpath = $CONFIG->path . $handler . "/" . $page; + if (is_dir($callpath)) { + $callpath = sanitise_filepath($callpath); + $callpath .= "index.php"; + if (file_exists($callpath)) { + if (include($callpath)) { + return TRUE; + } + } + } else if (file_exists($callpath)) { + include($callpath); + return TRUE; + } + + return FALSE; +} diff --git a/engine/lib/elgglib.php b/engine/lib/elgglib.php index 198ffe60c..08b346960 100644 --- a/engine/lib/elgglib.php +++ b/engine/lib/elgglib.php @@ -18,6 +18,7 @@ elgg_register_classes(dirname(dirname(__FILE__)) . '/classes'); * * @return void * @throws Exception + * @access private */ function _elgg_autoload($class) { global $CONFIG; @@ -143,9 +144,9 @@ function forward($location = "", $reason = 'system') { } else if ($location === '') { exit; } + } else { + throw new SecurityException(elgg_echo('SecurityException:ForwardFailedToRedirect')); } - - return false; } /** @@ -278,7 +279,7 @@ function elgg_get_loaded_css() { * @return bool * @since 1.8.0 */ -function elgg_register_external_file($type, $name, $url, $location, $priority = null) { +function elgg_register_external_file($type, $name, $url, $location, $priority = 500) { global $CONFIG; if (empty($name) || empty($url)) { @@ -291,7 +292,15 @@ function elgg_register_external_file($type, $name, $url, $location, $priority = elgg_bootstrap_externals_data_structure($type); $name = trim(strtolower($name)); + + // normalize bogus priorities, but allow empty, null, and false to be defaults. + if (!is_numeric($priority)) { + $priority = 500; + } + + // no negative priorities right now. $priority = max((int)$priority, 0); + $item = elgg_extract($name, $CONFIG->externals_map[$type]); if ($item) { @@ -406,6 +415,7 @@ function elgg_get_loaded_external_files($type, $location) { * Bootstraps the externals data structure in $CONFIG. * * @param string $type The type of external, js or css. + * @access private */ function elgg_bootstrap_externals_data_structure($type) { global $CONFIG; @@ -414,7 +424,7 @@ function elgg_bootstrap_externals_data_structure($type) { $CONFIG->externals = array(); } - if (!$CONFIG->externals[$type] instanceof ElggPriorityList) { + if (!isset($CONFIG->externals[$type]) || !$CONFIG->externals[$type] instanceof ElggPriorityList) { $CONFIG->externals[$type] = new ElggPriorityList(); } @@ -979,6 +989,7 @@ function elgg_trigger_plugin_hook($hook, $type, $params = null, $returnvalue = n * @param Exception $exception The exception being handled * * @return void + * @access private */ function _elgg_php_exception_handler($exception) { error_log("*** FATAL EXCEPTION *** : " . $exception); @@ -1027,6 +1038,7 @@ function _elgg_php_exception_handler($exception) { * @param array $vars An array that points to the active symbol table where error occurred * * @return true + * @access private */ function _elgg_php_error_handler($errno, $errmsg, $filename, $linenum, $vars) { $error = date("Y-m-d H:i:s (T)") . ": \"$errmsg\" in file $filename (line $linenum)"; @@ -1463,8 +1475,12 @@ function elgg_http_url_is_identical($url1, $url2, $ignore_params = array('offset $url1_info = parse_url($url1); $url2_info = parse_url($url2); - $url1_info['path'] = trim($url1_info['path'], '/'); - $url2_info['path'] = trim($url2_info['path'], '/'); + if (isset($url1_info['path'])) { + $url1_info['path'] = trim($url1_info['path'], '/'); + } + if (isset($url2_info['path'])) { + $url2_info['path'] = trim($url2_info['path'], '/'); + } // compare basic bits $parts = array('scheme', 'host', 'path'); @@ -1661,9 +1677,9 @@ function is_not_null($string) { * @param array $options The options array. $options['keys'] = 'values'; * @param array $singulars A list of singular words to pluralize by adding 's'. * - * @access private * @return array * @since 1.7.0 + * @access private */ function elgg_normalise_plural_options_array($options, $singulars) { foreach ($singulars as $singular) { @@ -1701,6 +1717,7 @@ function elgg_normalise_plural_options_array($options, $singulars) { * * @return void * @see register_shutdown_hook() + * @access private */ function _elgg_shutdown_hook() { global $START_MICROTIME; @@ -1727,8 +1744,9 @@ function _elgg_shutdown_hook() { * * @param array $page The page array * - * @return void + * @return bool * @elgg_pagehandler js + * @access private */ function elgg_js_page_handler($page) { return elgg_cacheable_view_page_handler($page, 'js'); @@ -1741,8 +1759,9 @@ function elgg_js_page_handler($page) { * * @param array $page The page array * - * @return void + * @return bool * @elgg_pagehandler ajax + * @access private */ function elgg_ajax_page_handler($page) { if (is_array($page) && sizeof($page)) { @@ -1761,9 +1780,9 @@ function elgg_ajax_page_handler($page) { } echo elgg_view($view, $vars); + return true; } - - return true; + return false; } /** @@ -1775,6 +1794,7 @@ function elgg_ajax_page_handler($page) { * * @return void * @elgg_pagehandler css + * @access private */ function elgg_css_page_handler($page) { if (!isset($page[0])) { @@ -1793,7 +1813,8 @@ function elgg_css_page_handler($page) { * @param array $page The page array * @param string $type The type: js or css * - * @return mixed + * @return bool + * @access private */ function elgg_cacheable_view_page_handler($page, $type) { @@ -1833,9 +1854,8 @@ function elgg_cacheable_view_page_handler($page, $type) { //header("Content-Length: " . strlen($return)); echo $return; + return true; } - - return true; } /** @@ -1847,6 +1867,7 @@ function elgg_cacheable_view_page_handler($page, $type) { * @param string $order_by An order by clause * @access private * @return string + * @access private */ function elgg_sql_reverse_order_by_clause($order_by) { $order_by = strtolower($order_by); @@ -1868,9 +1889,11 @@ function elgg_sql_reverse_order_by_clause($order_by) { * * Used as a callback for ElggBatch. * + * @todo why aren't these static methods on ElggBatch? + * * @param object $object The object to enable - * @access private * @return bool + * @access private */ function elgg_batch_enable_callback($object) { // our db functions return the number of rows affected... @@ -1883,8 +1906,8 @@ function elgg_batch_enable_callback($object) { * Used as a callback for ElggBatch. * * @param object $object The object to disable - * @access private * @return bool + * @access private */ function elgg_batch_disable_callback($object) { // our db functions return the number of rows affected... @@ -1897,8 +1920,8 @@ function elgg_batch_disable_callback($object) { * Used as a callback for ElggBatch. * * @param object $object The object to disable - * @access private * @return bool + * @access private */ function elgg_batch_delete_callback($object) { // our db functions return the number of rows affected... @@ -1912,6 +1935,7 @@ function elgg_batch_delete_callback($object) { * @param array $options Options array * @param string $type Options type: metadata or annotations * @return bool + * @access private */ function elgg_is_valid_options_for_batch_operation($options, $type) { if (!$options || !is_array($options)) { @@ -1965,15 +1989,18 @@ function elgg_is_valid_options_for_batch_operation($options, $type) { * * @link http://docs.elgg.org/Tutorials/WalledGarden * @elgg_plugin_hook index system - * @return boolean + * @return bool + * @access private */ function elgg_walled_garden_index() { elgg_register_css('elgg.walled_garden', '/css/walled_garden.css'); elgg_load_css('elgg.walled_garden'); + elgg_register_js('elgg.walled_garden', '/js/walled_garden.js'); + elgg_load_js('elgg.walled_garden'); - $login = elgg_view('core/account/login_walled_garden'); + $body = elgg_view('core/walled_garden/body'); - echo elgg_view_page('', $login, 'walled_garden'); + echo elgg_view_page('', $body, 'walled_garden'); // return true to prevent other plugins from adding a front page return true; @@ -1991,6 +2018,7 @@ function elgg_walled_garden_index() { * @elgg_event_handler init system * @link http://docs.elgg.org/Tutorials/WalledGarden * @return void + * @access private */ function elgg_walled_garden() { global $CONFIG; @@ -2008,6 +2036,7 @@ function elgg_walled_garden() { * * @elgg_event_handler init system * @return void + * @access private */ function elgg_init() { global $CONFIG; @@ -2019,11 +2048,16 @@ function elgg_init() { elgg_register_page_handler('css', 'elgg_css_page_handler'); elgg_register_page_handler('ajax', 'elgg_ajax_page_handler'); - elgg_register_js('elgg.autocomplete', 'js/lib/autocomplete.js'); - elgg_register_js('elgg.userpicker', 'js/lib/userpicker.js'); - elgg_register_js('elgg.friendspicker', 'js/lib/friends_picker.js'); + elgg_register_js('elgg.autocomplete', 'js/lib/ui.autocomplete.js'); + elgg_register_js('jquery.ui.autocomplete.html', 'vendors/jquery/jquery.ui.autocomplete.html.js'); + elgg_register_js('elgg.userpicker', 'js/lib/ui.userpicker.js'); + elgg_register_js('elgg.friendspicker', 'js/lib/ui.friends_picker.js'); elgg_register_js('jquery.easing', 'vendors/jquery/jquery.easing.1.3.packed.js'); + elgg_register_js('elgg.avatar_cropper', 'js/lib/ui.avatar_cropper.js'); + elgg_register_js('jquery.imgareaselect', 'vendors/jquery/jquery.imgareaselect-0.9.8/scripts/jquery.imgareaselect.min.js'); + elgg_register_css('jquery.imgareaselect', 'vendors/jquery/jquery.imgareaselect-0.9.8/css/imgareaselect-deprecated.css'); + // Trigger the shutdown:system event upon PHP shutdown. register_shutdown_function('_elgg_shutdown_hook'); @@ -2058,6 +2092,7 @@ function elgg_init() { * * @elgg_plugin_hook unit_tests system * @return void + * @access private */ function elgg_api_test($hook, $type, $value, $params) { global $CONFIG; diff --git a/engine/lib/entities.php b/engine/lib/entities.php index cea8af1da..fd2b0e9f9 100644 --- a/engine/lib/entities.php +++ b/engine/lib/entities.php @@ -410,7 +410,7 @@ function update_entity($guid, $owner_guid, $access_id, $container_guid = null, $ $newentity_cache = new ElggMemcache('new_entity_cache'); } if ($newentity_cache) { - $new_entity = $newentity_cache->delete($guid); + $newentity_cache->delete($guid); } // Handle cases where there was no error BUT no rows were updated! @@ -452,8 +452,10 @@ function can_write_to_container($user_guid = 0, $container_guid = 0, $type = 'al $container_guid = elgg_get_page_owner_guid(); } + $return = false; + if (!$container_guid) { - $return = TRUE; + $return = true; } $container = get_entity($container_guid); @@ -461,16 +463,14 @@ function can_write_to_container($user_guid = 0, $container_guid = 0, $type = 'al if ($container) { // If the user can edit the container, they can also write to it if ($container->canEdit($user_guid)) { - $return = TRUE; + $return = true; } - // Basics, see if the user is a member of the group. + // If still not approved, see if the user is a member of the group // @todo this should be moved to the groups plugin/library - if ($user && $container instanceof ElggGroup) { - if (!$container->isMember($user)) { - $return = FALSE; - } else { - $return = TRUE; + if (!$return && $user && $container instanceof ElggGroup) { + if ($container->isMember($user)) { + $return = true; } } } @@ -507,8 +507,8 @@ function can_write_to_container($user_guid = 0, $container_guid = 0, $type = 'al * * @return int|false The new entity's GUID, or false on failure * @throws InvalidParameterException - * @access private * @link http://docs.elgg.org/DataModel/Entities + * @access private */ function create_entity($type, $subtype, $owner_guid, $access_id, $site_guid = 0, $container_guid = 0) { @@ -528,12 +528,12 @@ $container_guid = 0) { $container_guid = $owner_guid; } - $user = elgg_get_logged_in_user_entity(); - if (!can_write_to_container($user->guid, $owner_guid, $type, $subtype)) { + $user_guid = elgg_get_logged_in_user_guid(); + if (!can_write_to_container($user_guid, $owner_guid, $type, $subtype)) { return false; } if ($owner_guid != $container_guid) { - if (!can_write_to_container($user->guid, $container_guid, $type, $subtype)) { + if (!can_write_to_container($user_guid, $container_guid, $type, $subtype)) { return false; } } @@ -772,7 +772,7 @@ function elgg_entity_exists($guid) { * * callback => string A callback function to pass each row through * - * @return mixed int if count is true, an array of entity objects, or false on failure + * @return mixed If count, int. If not count, array. false on errors. * @since 1.7.0 * @see elgg_get_entities_from_metadata() * @see elgg_get_entities_from_relationship() @@ -846,9 +846,6 @@ function elgg_get_entities(array $options = array()) { $wheres[] = elgg_get_entity_time_where_sql('e', $options['created_time_upper'], $options['created_time_lower'], $options['modified_time_upper'], $options['modified_time_lower']); - // remove identical where clauses - $wheres = array_unique($wheres); - // see if any functions failed // remove empty strings on successful functions foreach ($wheres as $i => $where) { @@ -859,6 +856,9 @@ function elgg_get_entities(array $options = array()) { } } + // remove identical where clauses + $wheres = array_unique($wheres); + // evaluate join clauses if (!is_array($options['joins'])) { $options['joins'] = array($options['joins']); @@ -985,7 +985,7 @@ function elgg_get_entity_type_subtype_where_sql($table, $types, $subtypes, $pair foreach ($types as $type) { if (!in_array($type, $valid_types)) { $valid_types_count--; - unset ($types[array_search($type, $types)]); + unset($types[array_search($type, $types)]); } else { // do the checking (and decrementing) in the subtype section. $valid_subtypes_count += count($subtypes); @@ -1037,7 +1037,7 @@ function elgg_get_entity_type_subtype_where_sql($table, $types, $subtypes, $pair foreach ($pairs as $paired_type => $paired_subtypes) { if (!in_array($paired_type, $valid_types)) { $valid_pairs_count--; - unset ($pairs[array_search($paired_type, $pairs)]); + unset($pairs[array_search($paired_type, $pairs)]); } else { if ($paired_subtypes && !is_array($paired_subtypes)) { $pairs[$paired_type] = array($paired_subtypes); @@ -1358,9 +1358,9 @@ $order_by = 'time_created') { * @param bool $recursive Recursively disable all entities owned or contained by $guid? * * @return bool - * @access private * @see access_show_hidden_entities() * @link http://docs.elgg.org/Entities + * @access private */ function disable_entity($guid, $reason = "", $recursive = true) { global $CONFIG; @@ -1472,8 +1472,8 @@ function enable_entity($guid) { * @param bool $recursive If true (default) then all entities which are * owned or contained by $guid will also be deleted. * - * @access private * @return bool + * @access private */ function delete_entity($guid, $recursive = true) { global $CONFIG, $ENTITY_CACHE; @@ -1487,6 +1487,15 @@ function delete_entity($guid, $recursive = true) { if (isset($ENTITY_CACHE[$guid])) { invalidate_cache_for_entity($guid); } + + // If memcache is available then delete this entry from the cache + static $newentity_cache; + if ((!$newentity_cache) && (is_memcache_available())) { + $newentity_cache = new ElggMemcache('new_entity_cache'); + } + if ($newentity_cache) { + $newentity_cache->delete($guid); + } // Delete contained owned and otherwise releated objects (depth first) if ($recursive) { @@ -1505,7 +1514,11 @@ function delete_entity($guid, $recursive = true) { or site_guid=$guid", 'entity_row_to_elggstar'); if ($sub_entities) { foreach ($sub_entities as $e) { - $e->delete(true); + // check for equality so that an entity that is its own + // owner or container does not cause infinite loop + if ($e->guid != $guid) { + $e->delete(true); + } } } @@ -1521,8 +1534,8 @@ function delete_entity($guid, $recursive = true) { $entity->deleteOwnedAnnotations(); $entity->deleteRelationships(); - remove_from_river_by_subject($guid); - remove_from_river_by_object($guid); + elgg_delete_river(array('subject_guid' => $guid)); + elgg_delete_river(array('object_guid' => $guid)); remove_all_private_settings($guid); $res = delete_data("DELETE from {$CONFIG->dbprefix}entities where guid={$guid}"); @@ -1566,7 +1579,7 @@ function delete_entity($guid, $recursive = true) { * @param string $returnvalue Return value from previous hook * @param array $params The parameters, passed 'guid' and 'varname' * - * @return null + * @return void * @elgg_plugin_hook_handler volatile metadata * @todo investigate more. * @access private @@ -1610,6 +1623,7 @@ function volatile_data_export_plugin_hook($hook, $entity_type, $returnvalue, $pa * * @elgg_event_handler export all * @return mixed + * @access private */ function export_entity_plugin_hook($hook, $entity_type, $returnvalue, $params) { // Sanity check values @@ -1651,6 +1665,7 @@ function export_entity_plugin_hook($hook, $entity_type, $returnvalue, $params) { * * @return ElggEntity the unsaved entity which should be populated by items. * @todo Remove this. + * @access private */ function oddentity_to_elggentity(ODDEntity $element) { $class = $element->getAttribute('class'); @@ -1721,7 +1736,7 @@ function oddentity_to_elggentity(ODDEntity $element) { * @return mixed * @elgg_plugin_hook_handler import all * @todo document - * + * @access private */ function import_entity_plugin_hook($hook, $entity_type, $returnvalue, $params) { $element = $params['element']; @@ -1829,7 +1844,12 @@ function can_edit_entity_metadata($entity_guid, $user_guid = 0, $metadata = null $return = can_edit_entity($entity_guid, $user_guid); } - $user = get_entity($user_guid); + if ($user_guid) { + $user = get_entity($user_guid); + } else { + $user = elgg_get_logged_in_user_entity(); + } + $params = array('entity' => $entity, 'user' => $user, 'metadata' => $metadata); $return = elgg_trigger_plugin_hook('permissions_check:metadata', $entity->type, $params, $return); return $return; @@ -2056,15 +2076,18 @@ function is_registered_entity_type($type, $subtype = null) { * * @param array $page Page elements from pain page handler * - * @return void + * @return bool * @elgg_page_handler view + * @access private */ function entities_page_handler($page) { if (isset($page[0])) { global $CONFIG; set_input('guid', $page[0]); include($CONFIG->path . "pages/entities/index.php"); + return true; } + return false; } /** @@ -2138,10 +2161,10 @@ function elgg_list_registered_entities(array $options = array()) { * If an entity is deleted recursively, a permissions override is required to allow * contained or owned entities to be removed. * - * @access private * @return bool * @elgg_plugin_hook_handler permissions_check all * @elgg_plugin_hook_handler permissions_check:metadata all + * @access private */ function recursive_delete_permissions_check() { static $__RECURSIVE_DELETE_TOKEN; @@ -2190,8 +2213,6 @@ function elgg_instanceof($entity, $type = NULL, $subtype = NULL, $class = NULL) /** * Update the last_action column in the entities table for $guid. * - * This determines the sort order of 1.8's default river. - * * @warning This is different to time_updated. Time_updated is automatically set, * while last_action is only set when explicitly called. * @@ -2199,7 +2220,8 @@ function elgg_instanceof($entity, $type = NULL, $subtype = NULL, $class = NULL) * @param int $posted Timestamp of last action * * @return bool - **/ + * @access private + */ function update_entity_last_action($guid, $posted = NULL) { global $CONFIG; $guid = (int)$guid; @@ -2228,6 +2250,7 @@ function update_entity_last_action($guid, $posted = NULL) { * * @return void * @elgg_plugin_hook_handler gc system + * @access private */ function entities_gc() { global $CONFIG; @@ -2249,6 +2272,7 @@ function entities_gc() { * @param mixed $params Params * * @return array + * @access private */ function entities_test($hook, $type, $value, $params) { global $CONFIG; @@ -2261,6 +2285,7 @@ function entities_test($hook, $type, $value, $params) { * * @return void * @elgg_event_handler init system + * @access private */ function entities_init() { elgg_register_page_handler('view', 'entities_page_handler'); diff --git a/engine/lib/export.php b/engine/lib/export.php index f81bee2fe..ae9be95ce 100644 --- a/engine/lib/export.php +++ b/engine/lib/export.php @@ -111,6 +111,7 @@ $IMPORTED_OBJECT_COUNTER = 0; * @param ODD $odd The odd element to process * * @return bool + * @access private */ function _process_element(ODD $odd) { global $IMPORTED_DATA, $IMPORTED_OBJECT_COUNTER; @@ -140,6 +141,7 @@ function _process_element(ODD $odd) { * * @return array * @throws ExportException + * @access private */ function exportAsArray($guid) { $guid = (int)$guid; @@ -167,6 +169,7 @@ function exportAsArray($guid) { * * @return xml * @see ElggEntity for an example of its usage. + * @access private */ function export($guid) { $odd = new ODDDocument(exportAsArray($guid)); @@ -182,6 +185,7 @@ function export($guid) { * * @return bool * @throws Exception if there was a problem importing the data. + * @access private */ function import($xml) { global $IMPORTED_DATA, $IMPORTED_OBJECT_COUNTER; @@ -210,6 +214,7 @@ function import($xml) { * Register the OpenDD import action * * @return void + * @access private */ function export_init() { global $CONFIG; diff --git a/engine/lib/extender.php b/engine/lib/extender.php index 50b05579b..51fc62c30 100644 --- a/engine/lib/extender.php +++ b/engine/lib/extender.php @@ -44,6 +44,7 @@ function detect_extender_valuetype($value, $value_type = "") { * @param ODDMetaData $element The OpenDD element * * @return bool + * @access private */ function oddmetadata_to_elggextender(ElggEntity $entity, ODDMetaData $element) { // Get the type of extender (metadata, type, attribute etc) diff --git a/engine/lib/filestore.php b/engine/lib/filestore.php index 1e257c8b0..a13d8aa27 100644 --- a/engine/lib/filestore.php +++ b/engine/lib/filestore.php @@ -465,6 +465,7 @@ function set_default_filestore(ElggFilestore $filestore) { * ElggFile. * * @return void + * @access private */ function filestore_run_once() { // Register a class @@ -473,16 +474,19 @@ function filestore_run_once() { /** * Initialise the file modules. - * Listens to system boot and registers any appropriate file types and classes + * Listens to system init and configures the default filestore * * @return void + * @access private */ function filestore_init() { global $CONFIG; // Now register a default filestore - set_default_filestore(new ElggDiskFilestore($CONFIG->dataroot)); - + if (isset($CONFIG->dataroot)) { + set_default_filestore(new ElggDiskFilestore($CONFIG->dataroot)); + } + // Now run this stuff, but only once run_function_once("filestore_run_once"); } @@ -496,6 +500,7 @@ function filestore_init() { * @param mixed $params Params * * @return array + * @access private */ function filestore_test($hook, $type, $value, $params) { global $CONFIG; diff --git a/engine/lib/group.php b/engine/lib/group.php index e7b70fd10..29330eeca 100644 --- a/engine/lib/group.php +++ b/engine/lib/group.php @@ -14,6 +14,7 @@ * @param int $guid GUID for a group * * @return array|false + * @access private */ function get_group_entity_as_row($guid) { global $CONFIG; @@ -276,9 +277,7 @@ function group_gatekeeper($forward = true) { if ($forward && $allowed == false) { register_error(elgg_echo('membershiprequired')); - if (!forward($url, 'member')) { - throw new SecurityException(elgg_echo('SecurityException:UnexpectedOutputInGatekeeper')); - } + forward($url, 'member'); } return $allowed; diff --git a/engine/lib/input.php b/engine/lib/input.php index 56ec214dc..b6fead1db 100644 --- a/engine/lib/input.php +++ b/engine/lib/input.php @@ -8,7 +8,7 @@ */ /** - * Get some input from variables passed on the GET or POST line. + * Get some input from variables passed submitted through GET or POST. * * If using any data obtained from get_input() in a web page, please be aware that * it is a possible vector for a reflected XSS attack. If you are expecting an @@ -16,43 +16,43 @@ * * Note: this function does not handle nested arrays (ex: form input of param[m][n]) * because of the filtering done in htmlawed from the filter_tags call. - * @todo Is this ^ still? + * @todo Is this ^ still true? * - * @param string $variable The variable we want to return. + * @param string $variable The variable name we want. * @param mixed $default A default value for the variable if it is not found. - * @param bool $filter_result If true then the result is filtered for bad tags. + * @param bool $filter_result If true, then the result is filtered for bad tags. * - * @return string + * @return mixed */ function get_input($variable, $default = NULL, $filter_result = TRUE) { global $CONFIG; + $result = $default; + + elgg_push_context('input'); + if (isset($CONFIG->input[$variable])) { - $var = $CONFIG->input[$variable]; + $result = $CONFIG->input[$variable]; if ($filter_result) { - $var = filter_tags($var); + $result = filter_tags($result); } - - return $var; - } - - if (isset($_REQUEST[$variable])) { + } elseif (isset($_REQUEST[$variable])) { if (is_array($_REQUEST[$variable])) { - $var = $_REQUEST[$variable]; + $result = $_REQUEST[$variable]; } else { - $var = trim($_REQUEST[$variable]); + $result = trim($_REQUEST[$variable]); } if ($filter_result) { - $var = filter_tags($var); + $result = filter_tags($result); } - - return $var; } - return $default; + elgg_pop_context(); + + return $result; } /** @@ -229,14 +229,16 @@ function elgg_clear_sticky_value($form_name, $variable) { * /livesearch?q=<query> * * Other options include: - * match_on string all|array(groups|users|friends|subtype) + * match_on string all or array(groups|users|friends) * match_owner int 0/1 * limit int default is 10 * * @return string JSON string is returned and then exit + * @access private */ function input_livesearch_page_handler($page) { global $CONFIG; + // only return results to logged in users. if (!$user = elgg_get_logged_in_user_entity()) { exit; @@ -252,14 +254,16 @@ function input_livesearch_page_handler($page) { $q = str_replace(array('_', '%'), array('\_', '\%'), $q); $match_on = get_input('match_on', 'all'); - if ($match_on == 'all' || $match_on[0] == 'all') { - $match_on = array('users', 'groups'); - } if (!is_array($match_on)) { $match_on = array($match_on); } + // all = users and groups + if (in_array('all', $match_on)) { + $match_on = array('users', 'groups'); + } + if (get_input('match_owner', false)) { $owner_guid = $user->getGUID(); $owner_where = 'AND e.owner_guid = ' . $user->getGUID(); @@ -268,21 +272,12 @@ function input_livesearch_page_handler($page) { $owner_where = ''; } - $limit = get_input('limit', 10); + $limit = sanitise_int(get_input('limit', 10)); // grab a list of entities and send them in json. $results = array(); - foreach ($match_on as $type) { - switch ($type) { - case 'all': - // only need to pull up title from objects. - - $options = array('owner_guid' => $owner_guid, 'limit' => $limit); - if (!$entities = elgg_get_entities($options) AND is_array($entities)) { - $results = array_merge($results, $entities); - } - break; - + foreach ($match_on as $match_type) { + switch ($match_type) { case 'users': $query = "SELECT * FROM {$CONFIG->dbprefix}users_entity as ue, {$CONFIG->dbprefix}entities as e WHERE e.guid = ue.guid @@ -294,6 +289,7 @@ function input_livesearch_page_handler($page) { if ($entities = get_data($query)) { foreach ($entities as $entity) { +<<<<<<< HEAD $json = json_encode(array( 'type' => 'user', 'name' => $entity->name, @@ -303,6 +299,39 @@ function input_livesearch_page_handler($page) { 'guid' => $entity->guid )); $results[$entity->name . rand(1, 100)] = $json; +======= + $entity = get_entity($entity->guid); + if (!$entity) { + continue; + } + + if (in_array('groups', $match_on)) { + $value = $entity->guid; + } else { + $value = $entity->username; + } + + $output = elgg_view_list_item($entity, array( + 'use_hover' => false, + 'class' => 'elgg-autocomplete-item', + )); + + $icon = elgg_view_entity_icon($entity, 'tiny', array( + 'use_hover' => false, + )); + + $result = array( + 'type' => 'user', + 'name' => $entity->name, + 'desc' => $entity->username, + 'guid' => $entity->guid, + 'label' => $output, + 'value' => $value, + 'icon' => $icon, + 'url' => $entity->getURL(), + ); + $results[$entity->name . rand(1, 100)] = $result; +>>>>>>> 08a962c98e2923724f8013d6eaae89101243752a } } break; @@ -321,6 +350,7 @@ function input_livesearch_page_handler($page) { "; if ($entities = get_data($query)) { foreach ($entities as $entity) { +<<<<<<< HEAD $json = json_encode(array( 'type' => 'group', 'name' => $entity->name, @@ -329,6 +359,32 @@ function input_livesearch_page_handler($page) { . get_entity($entity->guid)->getIcon('tiny') . '" />', 'guid' => $entity->guid )); +======= + $entity = get_entity($entity->guid); + if (!$entity) { + continue; + } + + $output = elgg_view_list_item($entity, array( + 'use_hover' => false, + 'class' => 'elgg-autocomplete-item', + )); + + $icon = elgg_view_entity_icon($entity, 'tiny', array( + 'use_hover' => false, + )); + + $result = array( + 'type' => 'group', + 'name' => $entity->name, + 'desc' => strip_tags($entity->description), + 'guid' => $entity->guid, + 'label' => $output, + 'value' => $entity->guid, + 'icon' => $icon, + 'url' => $entity->getURL(), + ); +>>>>>>> 08a962c98e2923724f8013d6eaae89101243752a $results[$entity->name . rand(1, 100)] = $json; } @@ -336,7 +392,6 @@ function input_livesearch_page_handler($page) { break; case 'friends': - $access = get_access_sql_suffix(); $query = "SELECT * FROM {$CONFIG->dbprefix}users_entity as ue, {$CONFIG->dbprefix}entity_relationships as er, @@ -353,6 +408,7 @@ function input_livesearch_page_handler($page) { if ($entities = get_data($query)) { foreach ($entities as $entity) { +<<<<<<< HEAD $json = json_encode(array( 'type' => 'user', 'name' => $entity->name, @@ -362,21 +418,52 @@ function input_livesearch_page_handler($page) { 'guid' => $entity->guid )); $results[$entity->name . rand(1, 100)] = $json; +======= + $entity = get_entity($entity->guid); + if (!$entity) { + continue; + } + + $output = elgg_view_list_item($entity, array( + 'use_hover' => false, + 'class' => 'elgg-autocomplete-item', + )); + + $icon = elgg_view_entity_icon($entity, 'tiny', array( + 'use_hover' => false, + )); + + $result = array( + 'type' => 'user', + 'name' => $entity->name, + 'desc' => $entity->username, + 'guid' => $entity->guid, + 'label' => $output, + 'value' => $entity->username, + 'icon' => $icon, + 'url' => $entity->getURL(), + ); + $results[$entity->name . rand(1, 100)] = $result; +>>>>>>> 08a962c98e2923724f8013d6eaae89101243752a } } break; default: - // arbitrary subtype. - //@todo you cannot specify a subtype without a type. - // did this ever work? - elgg_get_entities(array('subtype' => $type, 'owner_guid' => $owner_guid)); + header("HTTP/1.0 400 Bad Request", true); + echo "livesearch: unknown match_on of $match_type"; + exit; break; } } ksort($results); +<<<<<<< HEAD echo implode($results, "\n"); +======= + header("Content-Type: application/json"); + echo json_encode(array_values($results)); +>>>>>>> 08a962c98e2923724f8013d6eaae89101243752a exit; } @@ -384,6 +471,7 @@ function input_livesearch_page_handler($page) { * Register input functions and sanitize input * * @return void + * @access private */ function input_init() { // register an endpoint for live search / autocomplete. diff --git a/engine/lib/location.php b/engine/lib/location.php index 7e2c38fc8..5b889509b 100644 --- a/engine/lib/location.php +++ b/engine/lib/location.php @@ -74,7 +74,7 @@ function elgg_geocode_location($location) { * * @see ElggEntity::setLatLong() * - * @return array + * @return mixed If count, int. If not count, array. false on errors. * @since 1.8.0 */ function elgg_get_entities_from_location(array $options = array()) { diff --git a/engine/lib/metadata.php b/engine/lib/metadata.php index a6b1bb43a..050e69526 100644 --- a/engine/lib/metadata.php +++ b/engine/lib/metadata.php @@ -13,6 +13,7 @@ * @param stdClass $row An object from the database * * @return stdClass or ElggMetadata + * @access private */ function row_to_elggmetadata($row) { if (!($row instanceof stdClass)) { @@ -302,7 +303,7 @@ function elgg_get_metadata(array $options = array()) { * * @param array $options An options array. {@See elgg_get_metadata()} * @return mixed - * @since 1.8 + * @since 1.8.0 */ function elgg_delete_metadata(array $options) { if (!elgg_is_valid_options_for_batch_operation($options, 'metadata')) { @@ -320,7 +321,7 @@ function elgg_delete_metadata(array $options) { * * @param array $options An options array. {@See elgg_get_metadata()} * @return mixed - * @since 1.8 + * @since 1.8.0 */ function elgg_disable_metadata(array $options) { if (!elgg_is_valid_options_for_batch_operation($options, 'metadata')) { @@ -338,7 +339,7 @@ function elgg_disable_metadata(array $options) { * * @param array $options An options array. {@See elgg_get_metadata()} * @return mixed - * @since 1.8 + * @since 1.8.0 */ function elgg_enable_metadata(array $options) { if (!$options || !is_array($options)) { @@ -366,7 +367,6 @@ function elgg_enable_metadata(array $options) { * When in doubt, use name_value_pairs. * * @see elgg_get_entities - * @see elgg_get_entities_from_annotations * * @param array $options Array in format: * @@ -398,7 +398,7 @@ function elgg_enable_metadata(array $options) { * * metadata_owner_guids => NULL|ARR guids for metadata owners * - * @return array + * @return mixed If count, int. If not count, array. false on errors. * @since 1.7.0 */ function elgg_get_entities_from_metadata(array $options = array()) { @@ -449,6 +449,7 @@ function elgg_get_entities_from_metadata(array $options = array()) { * * @return FALSE|array False on fail, array('joins', 'wheres') * @since 1.7.0 + * @access private */ function elgg_get_entity_metadata_where_sql($e_table, $n_table, $names = NULL, $values = NULL, $pairs = NULL, $pair_operator = 'AND', $case_sensitive = TRUE, $order_by_metadata = NULL, @@ -717,6 +718,7 @@ function elgg_list_entities_from_metadata($options) { * @param mixed $params Params * * @return array + * @access private */ function export_metadata_plugin_hook($hook, $entity_type, $returnvalue, $params) { // Sanity check values @@ -897,6 +899,7 @@ elgg_register_plugin_hook_handler('unit_test', 'system', 'metadata_test'); * @param mixed $params Params * * @return array + * @access private */ function metadata_test($hook, $type, $value, $params) { global $CONFIG; diff --git a/engine/lib/metastrings.php b/engine/lib/metastrings.php index d444121d0..9dccec700 100644 --- a/engine/lib/metastrings.php +++ b/engine/lib/metastrings.php @@ -161,6 +161,7 @@ function add_metastring($string, $case_sensitive = true) { * Delete any orphaned entries in metastrings. This is run by the garbage collector. * * @return bool + * @access private */ function delete_orphaned_metastrings() { global $CONFIG; @@ -360,9 +361,6 @@ function elgg_get_metastring_based_objects($options) { $wheres[] = elgg_get_guid_based_where_sql('n_table.owner_guid', $options['metastring_owner_guids']); - // remove identical where clauses - $wheres = array_unique($wheres); - // see if any functions failed // remove empty strings on successful functions foreach ($wheres as $i => $where) { @@ -373,6 +371,9 @@ function elgg_get_metastring_based_objects($options) { } } + // remove identical where clauses + $wheres = array_unique($wheres); + // evaluate join clauses if (!is_array($options['joins'])) { $options['joins'] = array($options['joins']); @@ -504,6 +505,7 @@ function elgg_get_metastring_based_objects($options) { * @param bool $case_sensitive Should name and values be case sensitive? * * @return array + * @access private */ function elgg_get_metastring_sql($table, $names = null, $values = null, $pairs = null, $ids = null, $case_sensitive = false) { @@ -611,9 +613,9 @@ function elgg_get_metastring_sql($table, $names = null, $values = null, * corresponding metastrings name. * * @param array $options An options array - * @since 1.8 - * @access private + * @since 1.8.0 * @return array + * @access private */ function elgg_normalize_metastrings_options(array $options = array()) { @@ -665,7 +667,7 @@ function elgg_normalize_metastrings_options(array $options = array()) { * @param string $type The type of table to use: metadata or anntations * * @return bool - * @since 1.8 + * @since 1.8.0 * @access private */ function elgg_set_metastring_based_object_enabled_by_id($id, $enabled, $type) { @@ -718,8 +720,8 @@ function elgg_set_metastring_based_object_enabled_by_id($id, $enabled, $type) { * @param array $options An options array. {@See elgg_get_metastring_based_objects()} * @param string $callback The callback to pass each result through * @return mixed + * @since 1.8.0 * @access private - * @since 1.8 */ function elgg_batch_metastring_based_objects(array $options, $callback) { if (!$options || !is_array($options)) { @@ -739,7 +741,7 @@ function elgg_batch_metastring_based_objects(array $options, $callback) { * @param string $type The type: annotation or metadata * @return mixed * - * @since 1.8 + * @since 1.8.0 * @access private */ function elgg_get_metastring_based_object_from_id($id, $type) { @@ -769,7 +771,7 @@ function elgg_get_metastring_based_object_from_id($id, $type) { * @param string $type The object's metastring type: annotation or metadata * @return bool * - * @since 1.8 + * @since 1.8.0 * @access private */ function elgg_delete_metastring_based_object_by_id($id, $type) { @@ -827,6 +829,7 @@ function elgg_delete_metastring_based_object_by_id($id, $type) { * * @return array * @since 1.7.0 + * @access private */ function elgg_entities_get_metastrings_options($type, $options) { $valid_types = array('metadata', 'annotation'); @@ -891,6 +894,7 @@ elgg_register_plugin_hook_handler('unit_test', 'system', 'metastrings_test'); * @param mixed $params Params * * @return array + * @access private */ function metastrings_test($hook, $type, $value, $params) { global $CONFIG; diff --git a/engine/lib/navigation.php b/engine/lib/navigation.php index cefe40ecf..176790188 100644 --- a/engine/lib/navigation.php +++ b/engine/lib/navigation.php @@ -20,20 +20,20 @@ * Menus * Elgg uses a single interface to manage its menus. Menu items are added with * {@link elgg_register_menu_item()}. This is generally used for menus that - * appear only once per page. For context-sensitive menus (such as the hover + * appear only once per page. For dynamic menus (such as the hover * menu for user's avatar), a plugin hook is emitted when the menu is being * created. The hook is 'register', 'menu:<menu_name>'. For more details on this, * @see elgg_view_menu(). * * Menus supported by the Elgg core * Standard menus: - * site Site navihgation shown on every page. + * site Site navigation shown on every page. * page Page menu usually shown in a sidebar. Uses Elgg's context. * topbar Topbar menu shown on every page. The default has two sections. * footer Like the topbar but in the footer. * extras Links about content on the page. The RSS link is added to this. * - * Context-sensitive (also called just-in-time menus): + * Dynamic menus (also called just-in-time menus): * user_hover Avatar hover menu. The user entity is passed as a parameter. * entity The set of links shown in the summary of an entity. * river Links shown on river items. @@ -51,7 +51,10 @@ * * @warning Generally you should not use this in response to the plugin hook: * 'register', 'menu:<menu_name>'. If you do, you may end up with many incorrect - * links on a context-sensitive menu. + * links on a dynamic menu. + * + * @warning A menu item's name must be unique per menu. If more than one menu + * item with the same name are registered, the last menu item takes priority. * * @see elgg_view_menu() for the plugin hooks available for modifying a menu as * it is being rendered. @@ -204,7 +207,7 @@ function elgg_register_title_button($handler = null, $name = 'add') { */ function elgg_push_breadcrumb($title, $link = NULL) { global $CONFIG; - if (!is_array($CONFIG->breadcrumbs)) { + if (!isset($CONFIG->breadcrumbs)) { $CONFIG->breadcrumbs = array(); } @@ -239,7 +242,11 @@ function elgg_pop_breadcrumb() { function elgg_get_breadcrumbs() { global $CONFIG; - return (is_array($CONFIG->breadcrumbs)) ? $CONFIG->breadcrumbs : array(); + if (isset($CONFIG->breadcrumbs) && is_array($CONFIG->breadcrumbs)) { + return $CONFIG->breadcrumbs; + } + + return array(); } /** @@ -252,6 +259,7 @@ function elgg_get_breadcrumbs() { * @param array $return Menu array * @param array $params * @return array + * @access private */ function elgg_site_menu_setup($hook, $type, $return, $params) { @@ -282,7 +290,9 @@ function elgg_site_menu_setup($hook, $type, $return, $params) { } $return['default'] = $featured; - $return['more'] = $registered; + if (count($registered) > 0) { + $return['more'] = $registered; + } } else { // no featured menu items set $max_display_items = 5; @@ -300,6 +310,7 @@ function elgg_site_menu_setup($hook, $type, $return, $params) { /** * Add the comment and like links to river actions menu + * @access private */ function elgg_river_menu_setup($hook, $type, $return, $params) { if (elgg_is_logged_in()) { @@ -327,6 +338,7 @@ function elgg_river_menu_setup($hook, $type, $return, $params) { /** * Entity menu is list of links and info on any entity + * @access private */ function elgg_entity_menu_setup($hook, $type, $return, $params) { if (elgg_in_context('widgets')) { @@ -374,6 +386,7 @@ function elgg_entity_menu_setup($hook, $type, $return, $params) { /** * Adds a delete link to "generic_comment" annotations + * @access private */ function elgg_annotation_menu_setup($hook, $type, $return, $params) { $annotation = $params['annotation']; @@ -388,7 +401,7 @@ function elgg_annotation_menu_setup($hook, $type, $return, $params) { 'href' => $url, 'text' => "<span class=\"elgg-icon elgg-icon-delete\"></span>", 'confirm' => elgg_echo('deleteconfirm'), - 'text_encode' => false + 'encode_text' => false ); $return[] = ElggMenuItem::factory($options); } @@ -399,6 +412,7 @@ function elgg_annotation_menu_setup($hook, $type, $return, $params) { /** * Navigation initialization + * @access private */ function elgg_nav_init() { elgg_register_plugin_hook_handler('prepare', 'menu:site', 'elgg_site_menu_setup'); diff --git a/engine/lib/notification.php b/engine/lib/notification.php index 0754d683a..eb7e594c6 100644 --- a/engine/lib/notification.php +++ b/engine/lib/notification.php @@ -236,6 +236,7 @@ function set_user_notification_setting($user_guid, $method, $value) { * @param array $params Optional parameters (none taken in this instance) * * @return bool + * @access private */ function email_notify_handler(ElggEntity $from, ElggUser $to, $subject, $message, array $params = NULL) { @@ -359,6 +360,7 @@ function elgg_send_email($from, $to, $subject, $body, array $params = NULL) { * Correctly initialise notifications and register the email handler. * * @return void + * @access private */ function notification_init() { // Register a notification handler for the default email method @@ -375,6 +377,7 @@ function notification_init() { * * @return void * @todo why can't this call action(...)? + * @access private */ function notification_user_settings_save() { global $CONFIG; @@ -447,6 +450,7 @@ function remove_notification_interest($user_guid, $author_guid) { * @param mixed $object The object created * * @return void + * @access private */ function object_notifications($event, $object_type, $object) { // We only want to trigger notification events for ElggEntities diff --git a/engine/lib/objects.php b/engine/lib/objects.php index b138d6888..63d0f5cef 100644 --- a/engine/lib/objects.php +++ b/engine/lib/objects.php @@ -13,6 +13,7 @@ * @param int $guid The guid to retreive * * @return bool + * @access private */ function get_object_entity_as_row($guid) { global $CONFIG; @@ -109,6 +110,7 @@ function get_object_sites($object_guid, $limit = 10, $offset = 0) { * @param mixed $params Params * * @return array + * @access private */ function objects_test($hook, $type, $value, $params) { global $CONFIG; diff --git a/engine/lib/opendd.php b/engine/lib/opendd.php index 69977d1d9..f00ea6aab 100644 --- a/engine/lib/opendd.php +++ b/engine/lib/opendd.php @@ -13,6 +13,7 @@ * @param XmlElement $element The element(s) * * @return mixed An ODD object if the element can be handled, or false. + * @access private */ function ODD_factory (XmlElement $element) { $name = $element->name; @@ -57,6 +58,7 @@ function ODD_factory (XmlElement $element) { * @param string $xml The XML ODD. * * @return ODDDocument + * @access private */ function ODD_Import($xml) { // Parse XML to an array @@ -96,6 +98,7 @@ function ODD_Import($xml) { * @param ODDDocument $document The Document. * * @return string + * @access private */ function ODD_Export(ODDDocument $document) { return "$document"; diff --git a/engine/lib/output.php b/engine/lib/output.php index 04c737062..60bcc72cd 100644 --- a/engine/lib/output.php +++ b/engine/lib/output.php @@ -34,7 +34,7 @@ function parse_urls($text) { $url = trim($url, \'.\'); } $urltext = str_replace("/", "/<wbr />", $url); - return "<a href=\"$url\" style=\"text-decoration:underline;\">$urltext</a>$period"; + return "<a href=\"$url\">$urltext</a>$period"; ' ), $text); @@ -198,6 +198,7 @@ function elgg_format_attributes(array $attrs) { * @param array $vars The raw $vars array with all it's dirtiness (config, url, etc.) * * @return array The array, ready to be used in elgg_format_attributes(). + * @access private */ function elgg_clean_vars(array $vars = array()) { unset($vars['config']); @@ -215,6 +216,14 @@ function elgg_clean_vars(array $vars = array()) { unset($vars['internalid']); } + if (isset($vars['__ignoreInternalid'])) { + unset($vars['__ignoreInternalid']); + } + + if (isset($vars['__ignoreInternalname'])) { + unset($vars['__ignoreInternalname']); + } + return $vars; } @@ -234,13 +243,32 @@ function elgg_clean_vars(array $vars = array()) { * @return string The absolute url */ function elgg_normalize_url($url) { - // 'http://example.com', 'https://example.com', '//example.com' - // '#target', '?query=string' - if (preg_match("#^(\#|\?|(https?:)?//)#i", $url)) { + // see https://bugs.php.net/bug.php?id=51192 + // from the bookmarks save action. + $php_5_2_13_and_below = version_compare(PHP_VERSION, '5.2.14', '<'); + $php_5_3_0_to_5_3_2 = version_compare(PHP_VERSION, '5.3.0', '>=') && + version_compare(PHP_VERSION, '5.3.3', '<'); + + $validated = false; + if ($php_5_2_13_and_below || $php_5_3_0_to_5_3_2) { + $tmp_address = str_replace("-", "", $url); + $validated = filter_var($tmp_address, FILTER_VALIDATE_URL); + } else { + $validated = filter_var($url, FILTER_VALIDATE_URL); + } + + if ($validated) { + // all normal URLs including mailto: return $url; + } elseif (preg_match("#^(\#|\?|//)#i", $url)) { + // '//example.com' (Shortcut for protocol.) + // '?query=test', #target + return $url; + } elseif (stripos($url, 'javascript:') === 0) { // 'javascript:' + // Not covered in FILTER_VALIDATE_URL return $url; } elseif (preg_match("#^[^/]*\.php(\?.*)?$#i", $url)) { diff --git a/engine/lib/pagehandler.php b/engine/lib/pagehandler.php index 31d73b18c..aba921416 100644 --- a/engine/lib/pagehandler.php +++ b/engine/lib/pagehandler.php @@ -7,14 +7,17 @@ */ /** - * Turns the current page over to the page handler, allowing registered handlers to take over. + * Routes the request to a registered page handler * - * If a page handler returns FALSE, the request is handed over to the default_page_handler. + * This function sets the context based on the handler name (first segment of the + * URL). It also triggers a plugin hook 'route', $handler so that plugins can + * modify the routing or handle a request. * * @param string $handler The name of the handler type (eg 'blog') * @param array $page The parameters to the page, as an array (exploded by '/' slashes) * - * @return true|false Depending on whether a registered page handler was found + * @return bool + * @access private */ function page_handler($handler, $page) { global $CONFIG; @@ -41,26 +44,13 @@ function page_handler($handler, $page) { $handler = $params['handler']; $page = $params['segments']; - if (!isset($CONFIG->pagehandler) || empty($handler)) { - $result = false; - } else if (isset($CONFIG->pagehandler[$handler]) && is_callable($CONFIG->pagehandler[$handler])) { + $result = false; + if (isset($CONFIG->pagehandler) && !empty($handler) && isset($CONFIG->pagehandler[$handler])) { $function = $CONFIG->pagehandler[$handler]; $result = call_user_func($function, $page, $handler); - if ($result !== false) { - $result = true; - } - } else { - $result = false; } - if (!$result) { - $result = default_page_handler($page, $handler); - } - if ($result !== false) { - $result = true; - } - - return $result; + return $result || headers_sent(); } /** @@ -73,14 +63,16 @@ function page_handler($handler, $page) { * For example, the URL http://yoururl/blog/username/friends/ would result in the call: * blog_page_handler(array('username','friends'), blog); * - * Page handler functions should return true or the default page handler will be called. - * * A request to register a page handler with the same identifier as previously registered * handler will replace the previous one. * * The context is set to the page handler identifier before the registered * page handler function is called. For the above example, the context is set to 'blog'. * + * Page handlers should return true to indicate that they handled the request. + * Requests not handled are forwarded to the front page with a reason of 404. + * Plugins can register for the 'forward', '404' plugin hook. @see forward() + * * @param string $handler The page type to handle * @param string $function Your function name * @@ -118,37 +110,3 @@ function elgg_unregister_page_handler($handler) { unset($CONFIG->pagehandler[$handler]); } - -/** - * A default page handler - * Tries to locate a suitable file to include. Only works for core pages, not plugins. - * - * @param array $page The page URL elements - * @param string $handler The base handler - * - * @return true|false Depending on success - */ -function default_page_handler($page, $handler) { - global $CONFIG; - - $page = implode('/', $page); - - // protect against including arbitary files - $page = str_replace("..", "", $page); - - $callpath = $CONFIG->path . $handler . "/" . $page; - if (is_dir($callpath)) { - $callpath = sanitise_filepath($callpath); - $callpath .= "index.php"; - if (file_exists($callpath)) { - if (include($callpath)) { - return TRUE; - } - } - } else if (file_exists($callpath)) { - include($callpath); - return TRUE; - } - - return FALSE; -} diff --git a/engine/lib/pageowner.php b/engine/lib/pageowner.php index 504d34a4e..9d41d74c1 100644 --- a/engine/lib/pageowner.php +++ b/engine/lib/pageowner.php @@ -82,6 +82,7 @@ function elgg_set_page_owner_guid($guid) { * @param array $params no parameters * * @return int GUID + * @access private */ function default_page_owner_handler($hook, $entity_type, $returnvalue, $params) { @@ -259,14 +260,15 @@ function elgg_in_context($context) { * @note This is on the 'boot, system' event so that the context is set up quickly. * * @return void + * @access private */ function page_owner_boot() { - global $CONFIG; elgg_register_plugin_hook_handler('page_owner', 'system', 'default_page_owner_handler'); - $CONFIG->context = array(); - // @todo Ew... hacky + // Bootstrap the context stack by setting its first entry to the handler. + // This is the first segment of the URL and the handler is set by the rewrite rules. + // @todo this does not work for actions $handler = get_input('handler', FALSE); if ($handler) { elgg_set_context($handler); diff --git a/engine/lib/pam.php b/engine/lib/pam.php index e335b7e52..4f9f44278 100644 --- a/engine/lib/pam.php +++ b/engine/lib/pam.php @@ -71,4 +71,3 @@ function unregister_pam_handler($handler, $policy = "user") { unset($_PAM_HANDLERS[$policy][$handler]); } - diff --git a/engine/lib/plugins.php b/engine/lib/plugins.php index fd85ed9f0..be871d025 100644 --- a/engine/lib/plugins.php +++ b/engine/lib/plugins.php @@ -54,6 +54,8 @@ define('ELGG_PLUGIN_INTERNAL_PREFIX', 'elgg:internal:'); * @param string $dir A dir to scan for plugins. Defaults to config's plugins_path. * * @return array + * @since 1.8.0 + * @access private */ function elgg_get_plugin_ids_in_dir($dir = null) { if (!$dir) { @@ -85,6 +87,8 @@ function elgg_get_plugin_ids_in_dir($dir = null) { * * @todo Crappy name? * @return bool + * @since 1.8.0 + * @access private */ function elgg_generate_plugin_entities() { $site = get_config('site'); @@ -173,6 +177,7 @@ function elgg_generate_plugin_entities() { * * @param string $plugin_id The id (dir name) of the plugin. NOT the guid. * @return mixed ElggPlugin or false. + * @since 1.8.0 */ function elgg_get_plugin_from_id($plugin_id) { $plugin_id = sanitize_string($plugin_id); @@ -203,6 +208,7 @@ function elgg_get_plugin_from_id($plugin_id) { * {@link elgg_generate_plugin_objects()} first. * * @param string $id The plugin ID. + * @since 1.8.0 * @return bool */ function elgg_plugin_exists($id) { @@ -215,6 +221,8 @@ function elgg_plugin_exists($id) { * Returns the highest priority of the plugins * * @return int + * @since 1.8.0 + * @access private */ function elgg_get_max_plugin_priority() { $db_prefix = get_config('dbprefix'); @@ -241,6 +249,7 @@ function elgg_get_max_plugin_priority() { * * @param string $plugin_id The plugin ID * @param int $site_guid The site guid + * @since 1.8.0 * @return bool */ function elgg_is_active_plugin($plugin_id, $site_guid = null) { @@ -271,6 +280,8 @@ function elgg_is_active_plugin($plugin_id, $site_guid = null) { * that was too slow. * * @return bool + * @since 1.8.0 + * @access private */ function elgg_load_plugins() { global $CONFIG; @@ -313,7 +324,7 @@ function elgg_load_plugins() { $plugin->deactivate(); $msg = elgg_echo('PluginException:CannotStart', array($plugin->getID(), $plugin->guid, $e->getMessage())); - register_error($msg); + elgg_add_admin_notice('cannot_start' . $plugin->getID(), $msg); $return = false; continue; @@ -336,6 +347,8 @@ function elgg_load_plugins() { * @param string $status The status of the plugins. active, inactive, or all. * @param mixed $site_guid Optional site guid * @return array + * @since 1.8.0 + * @access private */ function elgg_get_plugins($status = 'active', $site_guid = null) { $db_prefix = get_config('dbprefix'); @@ -393,6 +406,8 @@ function elgg_get_plugins($status = 'active', $site_guid = null) { * * @param array $order An array of plugin ids in the order to set them * @return bool + * @since 1.8.0 + * @access private */ function elgg_set_plugin_priorities(array $order) { $name = elgg_namespace_plugin_private_setting('internal', 'priority'); @@ -446,6 +461,8 @@ function elgg_set_plugin_priorities(array $order) { * * @todo Can this be done in a single sql command? * @return bool + * @since 1.8.0 + * @access private */ function elgg_reindex_plugin_priorities() { return elgg_set_plugin_priorities(array()); @@ -458,6 +475,8 @@ function elgg_reindex_plugin_priorities() { * @param string $name The name to namespace. * @param string $id The plugin's ID to namespace with. Required for user_setting. * @return string + * @since 1.8.0 + * @access private */ function elgg_namespace_plugin_private_setting($type, $name, $id = null) { switch ($type) { @@ -490,9 +509,9 @@ function elgg_namespace_plugin_private_setting($type, $name, $id = null) { * context from the main script filename called by * the browser. Default = false. * - * @since 1.8 - * * @return string|false Plugin name, or false if no plugin name was called + * @since 1.8.0 + * @access private */ function elgg_get_calling_plugin_id($mainfilename = false) { if (!$mainfilename) { @@ -538,7 +557,8 @@ function elgg_get_calling_plugin_id($mainfilename = false) { * @param string $name A specific provided name to return. Requires $provide_type. * * @return array - * @since 1.8 + * @since 1.8.0 + * @access private */ function elgg_get_plugins_provides($type = null, $name = null) { static $provides = null; @@ -557,7 +577,7 @@ function elgg_get_plugins_provides($type = null, $name = null) { foreach ($plugin_provides as $provided) { $provides[$provided['type']][$provided['name']] = array( 'version' => $provided['version'], - 'provided_by' => $plugin_id + 'provided_by' => $plugin->getID() ); } } @@ -594,7 +614,8 @@ function elgg_get_plugins_provides($type = null, $name = null) { * 'status' => bool Does the provide exist?, * 'value' => string The version provided * ) - * @since 1.8 + * @since 1.8.0 + * @access private */ function elgg_check_plugins_provides($type, $name, $version = null, $comparison = 'ge') { if (!$provided = elgg_get_plugins_provides($type, $name)) { @@ -630,6 +651,8 @@ function elgg_check_plugins_provides($type, $name, $version = null, $comparison * * @param array $dep An ElggPluginPackage dependency array * @return array + * @since 1.8.0 + * @access private */ function elgg_get_plugin_dependency_strings($dep) { $dep_system = elgg_extract('type', $dep); @@ -739,7 +762,8 @@ function elgg_get_plugin_dependency_strings($dep) { * Returns the ElggPlugin entity of the last plugin called. * * @return mixed ElggPlugin or false - * @since 1.8 + * @since 1.8.0 + * @access private */ function elgg_get_calling_plugin_entity() { $plugin_id = elgg_get_calling_plugin_id(); @@ -759,8 +783,7 @@ function elgg_get_calling_plugin_entity() { * @param bool $return_obj Return settings as an object? This can be used to in reusable * views where the settings are passed as $vars['entity']. * @return array - * - * @since 1.8 + * @since 1.8.0 */ function elgg_get_all_plugin_user_settings($user_guid = null, $plugin_id = null, $return_obj = false) { if ($plugin_id) { @@ -798,6 +821,7 @@ function elgg_get_all_plugin_user_settings($user_guid = null, $plugin_id = null, * is detected from where you are calling from. * * @return bool + * @since 1.8.0 */ function elgg_set_plugin_user_setting($name, $value, $user_guid = null, $plugin_id = null) { if ($plugin_id) { @@ -820,7 +844,8 @@ function elgg_set_plugin_user_setting($name, $value, $user_guid = null, $plugin_ * @param int $user_guid Defaults to logged in user * @param str $plugin_id Defaults to contextual plugin name * - * @return bool Success + * @return bool + * @since 1.8.0 */ function elgg_unset_plugin_user_setting($name, $user_guid = null, $plugin_id = null) { if ($plugin_id) { @@ -845,6 +870,7 @@ function elgg_unset_plugin_user_setting($name, $user_guid = null, $plugin_id = n * it is detected from where you are calling. * * @return mixed + * @since 1.8.0 */ function elgg_get_plugin_user_setting($name, $user_guid = null, $plugin_id = null) { if ($plugin_id) { @@ -868,7 +894,8 @@ function elgg_get_plugin_user_setting($name, $user_guid = null, $plugin_id = nul * @param string $plugin_id Optional plugin name, if not specified * then it is detected from where you are calling from. * - * @return int|false + * @return bool + * @since 1.8.0 */ function elgg_set_plugin_setting($name, $value, $plugin_id = null) { if ($plugin_id) { @@ -892,6 +919,7 @@ function elgg_set_plugin_setting($name, $value, $plugin_id = null) { * then it is detected from where you are calling from. * * @return mixed + * @since 1.8.0 */ function elgg_get_plugin_setting($name, $plugin_id = null) { if ($plugin_id) { @@ -915,6 +943,7 @@ function elgg_get_plugin_setting($name, $plugin_id = null) { * then it is detected from where you are calling from. * * @return bool + * @since 1.8.0 */ function elgg_unset_plugin_setting($name, $plugin_id = null) { if ($plugin_id) { @@ -937,7 +966,7 @@ function elgg_unset_plugin_setting($name, $plugin_id = null) { * then it is detected from where you are calling from. * * @return bool - * @since 1.8 + * @since 1.8.0 */ function elgg_unset_all_plugin_settings($plugin_id = null) { if ($plugin_id) { @@ -978,7 +1007,7 @@ function elgg_unset_all_plugin_settings($plugin_id = null) { * plugin_user_setting_name_value_pairs_operator => NULL|STR The operator to use for combining * (name = value) OPERATOR (name = value); default AND * - * @return mixed + * @return mixed int If count, int. If not count, array. false on errors. */ function elgg_get_entities_from_plugin_user_settings(array $options = array()) { // if they're passing it don't bother @@ -1026,7 +1055,8 @@ function elgg_get_entities_from_plugin_user_settings(array $options = array()) { /** * Register object, plugin entities as ElggPlugin classes * - * @return void + * @return void + * @access private */ function plugin_run_once() { add_subtype("object", "plugin", "ElggPlugin"); @@ -1041,6 +1071,7 @@ function plugin_run_once() { * @param mixed $params Params * * @return array + * @access private */ function plugins_test($hook, $type, $value, $params) { global $CONFIG; @@ -1049,10 +1080,11 @@ function plugins_test($hook, $type, $value, $params) { } /** - * Initialise the file modules. - * Listens to system boot and registers any appropriate file types and classes + * Initialize the plugin system + * Listens to system init and registers actions * * @return void + * @access private */ function plugin_init() { run_function_once("plugin_run_once"); diff --git a/engine/lib/private_settings.php b/engine/lib/private_settings.php index e5e7b2213..386af5279 100644 --- a/engine/lib/private_settings.php +++ b/engine/lib/private_settings.php @@ -38,7 +38,7 @@ * their own settings. * * - * @return array + * @return mixed int If count, int. If not count, array. false on errors. * @since 1.8.0 */ function elgg_get_entities_from_private_settings(array $options = array()) { @@ -95,6 +95,7 @@ function elgg_get_entities_from_private_settings(array $options = array()) { * @param string $name_prefix A string to prefix all names with * @return array * @since 1.8.0 + * @access private */ function elgg_get_entity_private_settings_where_sql($table, $names = NULL, $values = NULL, $pairs = NULL, $pair_operator = 'AND', $name_prefix = '') { @@ -334,7 +335,7 @@ function get_all_private_settings($entity_guid) { * @param string $name The name of the setting * @param string $value The value of the setting * - * @return mixed The setting ID, or false on failure + * @return bool * @see get_private_setting() * @see get_all_private_settings() * @see remove_private_setting() @@ -357,10 +358,8 @@ function set_private_setting($entity_guid, $name, $value) { (entity_guid, name, value) VALUES ($entity_guid, '$name', '$value') ON DUPLICATE KEY UPDATE value='$value'"); - if ($result === 0) { - return true; - } - return $result; + + return $result !== false; } /** @@ -369,7 +368,7 @@ function set_private_setting($entity_guid, $name, $value) { * @param int $entity_guid The Entity GUID * @param string $name The name of the setting * - * @return true|false depending on success + * @return bool * @see get_private_setting() * @see get_all_private_settings() * @see set_private_setting() @@ -389,8 +388,8 @@ function remove_private_setting($entity_guid, $name) { $name = sanitise_string($name); return delete_data("DELETE from {$CONFIG->dbprefix}private_settings - where name = '{$name}' - and entity_guid = {$entity_guid}"); + WHERE name = '{$name}' + AND entity_guid = {$entity_guid}"); } /** @@ -398,7 +397,7 @@ function remove_private_setting($entity_guid, $name) { * * @param int $entity_guid The Entity GUID * - * @return true|false depending on success + * @return bool * @see get_private_setting() * @see get_all_private_settings() * @see set_private_setting() @@ -416,5 +415,5 @@ function remove_all_private_settings($entity_guid) { } return delete_data("DELETE from {$CONFIG->dbprefix}private_settings - where entity_guid = {$entity_guid}"); + WHERE entity_guid = {$entity_guid}"); } diff --git a/engine/lib/relationships.php b/engine/lib/relationships.php index 9d5fd39b6..3578f0cb8 100644 --- a/engine/lib/relationships.php +++ b/engine/lib/relationships.php @@ -13,6 +13,7 @@ * @param stdClass $row Database row from the relationship table * * @return stdClass or ElggMetadata + * @access private */ function row_to_elggrelationship($row) { if (!($row instanceof stdClass)) { @@ -122,7 +123,7 @@ function check_entity_relationship($guid_one, $relationship, $guid_two) { AND relationship='$relationship' AND guid_two=$guid_two limit 1"; - $row = $row = get_data_row($query); + $row = get_data_row($query); if ($row) { return $row; } @@ -235,6 +236,11 @@ function get_entity_relationships($guid, $inverse_relationship = FALSE) { /** * Return entities matching a given query joining against a relationship. + * Also accepts all options available to elgg_get_entities() and + * elgg_get_entities_from_metadata(). + * + * @see elgg_get_entities + * @see elgg_get_entities_from_metadata * * @param array $options Array in format: * @@ -244,7 +250,7 @@ function get_entity_relationships($guid, $inverse_relationship = FALSE) { * * inverse_relationship => BOOL Inverse the relationship * - * @return array + * @return mixed If count, int. If not count, array. false on errors. * @since 1.7.0 */ function elgg_get_entities_from_relationship($options) { @@ -305,6 +311,7 @@ function elgg_get_entities_from_relationship($options) { * * @return mixed * @since 1.7.0 + * @access private */ function elgg_get_entity_relationship_where_sql($column, $relationship = NULL, $relationship_guid = NULL, $inverse_relationship = FALSE) { @@ -365,7 +372,7 @@ function elgg_list_entities_from_relationship(array $options = array()) { * * @param array $options An options array compatible with * elgg_get_entities_from_relationship() - * @return array + * @return mixed int If count, int. If not count, array. false on errors. * @since 1.8.0 */ function elgg_get_entities_from_relationship_count(array $options = array()) { @@ -467,7 +474,8 @@ function get_relationship_url($id) { * @param int $guid_two This is the object trying to attach to $guid_one * * @return bool - **/ + * @access private + */ function already_attached($guid_one, $guid_two) { if ($attached = check_entity_relationship($guid_one, "attached", $guid_two)) { return true; @@ -483,7 +491,8 @@ function already_attached($guid_one, $guid_two) { * @param string $type The type of object to return e.g. 'file', 'friend_of' etc * * @return an array of objects -**/ + * @access private + */ function get_attachments($guid, $type = "") { $options = array( 'relationship' => 'attached', @@ -509,7 +518,8 @@ function get_attachments($guid, $type = "") { * @param int $guid_two This is the object to remove from $guid_one * * @return void -**/ + * @access private + */ function remove_attachment($guid_one, $guid_two) { if (already_attached($guid_one, $guid_two)) { remove_entity_relationship($guid_one, "attached", $guid_two); @@ -523,7 +533,8 @@ function remove_attachment($guid_one, $guid_two) { * @param int $guid_two This is the object trying to attach to $guid_one * * @return true|void -**/ + * @access private + */ function make_attachment($guid_one, $guid_two) { if (!(already_attached($guid_one, $guid_two))) { if (add_entity_relationship($guid_one, "attached", $guid_two)) { @@ -541,7 +552,7 @@ function make_attachment($guid_one, $guid_two) { * @param mixed $params Array of params * * @return mixed - * + * @access private */ function import_relationship_plugin_hook($hook, $entity_type, $returnvalue, $params) { $element = $params['element']; @@ -566,6 +577,7 @@ function import_relationship_plugin_hook($hook, $entity_type, $returnvalue, $par * * @elgg_event_handler export all * @return mixed + * @access private */ function export_relationship_plugin_hook($hook, $entity_type, $returnvalue, $params) { global $CONFIG; @@ -600,6 +612,7 @@ function export_relationship_plugin_hook($hook, $entity_type, $returnvalue, $par * @param mixed $object Object * * @return bool + * @access private */ function relationship_notification_hook($event, $type, $object) { diff --git a/engine/lib/river.php b/engine/lib/river.php index 64ddcfdc1..466eca253 100644 --- a/engine/lib/river.php +++ b/engine/lib/river.php @@ -170,9 +170,6 @@ function elgg_delete_river(array $options = array()) { $wheres[] = "rv.posted <= {$options['posted_time_upper']}"; } - // remove identical where clauses - $wheres = array_unique($wheres); - // see if any functions failed // remove empty strings on successful functions foreach ($wheres as $i => $where) { @@ -183,6 +180,9 @@ function elgg_delete_river(array $options = array()) { } } + // remove identical where clauses + $wheres = array_unique($wheres); + $query = "DELETE rv.* FROM {$CONFIG->dbprefix}river rv "; // remove identical join clauses @@ -304,9 +304,6 @@ function elgg_get_river(array $options = array()) { } } - // remove identical where clauses - $wheres = array_unique($wheres); - // see if any functions failed // remove empty strings on successful functions foreach ($wheres as $i => $where) { @@ -317,6 +314,9 @@ function elgg_get_river(array $options = array()) { } } + // remove identical where clauses + $wheres = array_unique($wheres); + if (!$options['count']) { $query = "SELECT DISTINCT rv.* FROM {$CONFIG->dbprefix}river rv "; } else { @@ -378,7 +378,7 @@ function elgg_list_river(array $options = array()) { 'offset' => (int) max(get_input('offset', 0), 0), 'limit' => (int) max(get_input('limit', 20), 0), 'pagination' => TRUE, - 'list_class' => 'elgg-river', + 'list_class' => 'elgg-list-river elgg-river', // @todo remove elgg-river in Elgg 1.9 ); $options = array_merge($defaults, $options); @@ -586,6 +586,8 @@ function update_river_access_by_object($object_guid, $access_id) { * Page handler for activiy * * @param array $page + * @return bool + * @access private */ function elgg_river_page_handler($page) { global $CONFIG; @@ -605,10 +607,12 @@ function elgg_river_page_handler($page) { $entity_subtype = ''; require_once("{$CONFIG->path}pages/river.php"); + return true; } /** * Initialize river library + * @access private */ function elgg_river_init() { elgg_register_page_handler('activity', 'elgg_river_page_handler'); diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php index 407bb69c5..97a05e2e8 100644 --- a/engine/lib/sessions.php +++ b/engine/lib/sessions.php @@ -133,6 +133,7 @@ function elgg_is_admin_user($user_guid) { * @param string $password The password * * @return true|string True or an error message on failure + * @access private */ function elgg_authenticate($username, $password) { $pam = new ElggPAM('user'); @@ -154,6 +155,7 @@ function elgg_authenticate($username, $password) { * * @return bool * @throws LoginException + * @access private */ function pam_auth_userpass(array $credentials = array()) { @@ -183,7 +185,7 @@ function pam_auth_userpass(array $credentials = array()) { * * @param int $user_guid User GUID * - * @return bool on success + * @return bool */ function log_login_failure($user_guid) { $user_guid = (int)$user_guid; @@ -375,6 +377,7 @@ function logout() { * @param mixed $object Object * * @return bool + * @access private */ function session_init($event, $object_type, $object) { global $DB_PREFIX, $CONFIG; @@ -472,10 +475,7 @@ function gatekeeper() { if (!elgg_is_logged_in()) { $_SESSION['last_forward_from'] = current_page_url(); register_error(elgg_echo('loggedinrequired')); - - if (!forward('', 'login')) { - throw new SecurityException(elgg_echo('SecurityException:UnexpectedOutputInGatekeeper')); - } + forward('', 'login'); } } @@ -490,9 +490,7 @@ function admin_gatekeeper() { if (!elgg_is_admin_logged_in()) { $_SESSION['last_forward_from'] = current_page_url(); register_error(elgg_echo('adminrequired')); - if (!forward('', 'admin')) { - throw new SecurityException(elgg_echo('SecurityException:UnexpectedOutputInGatekeeper')); - } + forward('', 'admin'); } } @@ -504,6 +502,7 @@ function admin_gatekeeper() { * * @return true * @todo Document + * @access private */ function _elgg_session_open($save_path, $session_name) { global $sess_save_path; @@ -519,6 +518,7 @@ function _elgg_session_open($save_path, $session_name) { * @todo document * * @return true + * @access private */ function _elgg_session_close() { return true; @@ -530,6 +530,7 @@ function _elgg_session_close() { * @param string $id The session ID * * @return string + * @access private */ function _elgg_session_read($id) { global $DB_PREFIX; @@ -563,6 +564,7 @@ function _elgg_session_read($id) { * @param mixed $sess_data Session data * * @return bool + * @access private */ function _elgg_session_write($id, $sess_data) { global $DB_PREFIX; @@ -602,6 +604,7 @@ function _elgg_session_write($id, $sess_data) { * @param string $id Session ID * * @return bool + * @access private */ function _elgg_session_destroy($id) { global $DB_PREFIX; @@ -628,6 +631,7 @@ function _elgg_session_destroy($id) { * @param int $maxlifetime Max age of a session * * @return bool + * @access private */ function _elgg_session_gc($maxlifetime) { global $DB_PREFIX; diff --git a/engine/lib/sites.php b/engine/lib/sites.php index 5fed29822..337b2d180 100644 --- a/engine/lib/sites.php +++ b/engine/lib/sites.php @@ -31,6 +31,7 @@ function elgg_get_site_entity($site_guid = 0) { * @param int $guid The site GUID * * @return mixed + * @access private */ function get_site_entity_as_row($guid) { global $CONFIG; @@ -204,7 +205,7 @@ function get_site_by_url($url) { $row = get_data_row("SELECT * from {$CONFIG->dbprefix}sites_entity where url='$url'"); if ($row) { - return new ElggSite($row); + return get_entity($row->guid); } return false; @@ -243,6 +244,7 @@ function get_site_domain($guid) { * @param null $object Event API required parameter * * @return true + * @access private */ function sites_boot($event, $object_type, $object) { global $CONFIG; @@ -274,6 +276,7 @@ elgg_register_plugin_hook_handler('unit_test', 'system', 'sites_test'); * @param mixed $params Params * * @return array + * @access private */ function sites_test($hook, $type, $value, $params) { global $CONFIG; diff --git a/engine/lib/statistics.php b/engine/lib/statistics.php index 1232c6128..7c170f3bb 100644 --- a/engine/lib/statistics.php +++ b/engine/lib/statistics.php @@ -112,6 +112,7 @@ function get_online_users() { * Initialise the statistics admin page. * * @return void + * @access private */ function statistics_init() { elgg_extend_view('core/settings/statistics', 'core/settings/statistics/online'); diff --git a/engine/lib/system_log.php b/engine/lib/system_log.php index d6c746af1..fd5644135 100644 --- a/engine/lib/system_log.php +++ b/engine/lib/system_log.php @@ -270,6 +270,7 @@ function system_log_default_logger($event, $object_type, $object) { * @param Loggable $object Object to log * * @return true + * @access private */ function system_log_listener($event, $object_type, $object) { if (($object_type != 'systemlog') && ($event != 'log')) { diff --git a/engine/lib/tags.php b/engine/lib/tags.php index 1116d63f3..a0887d0f3 100644 --- a/engine/lib/tags.php +++ b/engine/lib/tags.php @@ -17,6 +17,7 @@ * @param int $buckets The number of buckets * * @return int + * @access private */ function calculate_tag_size($min, $max, $number_of_tags, $buckets = 6) { $delta = (($max - $min) / $buckets); @@ -48,6 +49,7 @@ function calculate_tag_size($min, $max, $number_of_tags, $buckets = 6) { * @param int $buckets The number of buckets * * @return An associated array of tags with a weighting, this can then be mapped to a display class. + * @access private */ function generate_tag_cloud(array $tags, $buckets = 6) { $cloud = array(); @@ -184,9 +186,6 @@ function elgg_get_tags(array $options = array()) { $wheres[] = elgg_get_entity_time_where_sql('e', $options['created_time_upper'], $options['created_time_lower'], $options['modified_time_upper'], $options['modified_time_lower']); - // remove identical where clauses - $wheres = array_unique($wheres); - // see if any functions failed // remove empty strings on successful functions foreach ($wheres as $i => $where) { @@ -197,6 +196,8 @@ function elgg_get_tags(array $options = array()) { } } + // remove identical where clauses + $wheres = array_unique($wheres); $joins = $options['joins']; @@ -320,26 +321,28 @@ function elgg_get_registered_tag_metadata_names() { * * @param array $page Page array * - * @return void + * @return bool + * @access private */ function elgg_tagcloud_page_handler($page) { - switch ($page[0]) { - default: - $title = elgg_view_title(elgg_echo('tags:site_cloud')); - $options = array( - 'threshold' => 0, - 'limit' => 100, - 'tag_name' => 'tags', - ); - $tags = elgg_view_tagcloud($options); - $content = $title . $tags; - $body = elgg_view_layout('one_sidebar', array('content' => $content)); - - echo elgg_view_page(elgg_echo('tags:site_cloud'), $body); - break; - } + + $title = elgg_view_title(elgg_echo('tags:site_cloud')); + $options = array( + 'threshold' => 0, + 'limit' => 100, + 'tag_name' => 'tags', + ); + $tags = elgg_view_tagcloud($options); + $content = $title . $tags; + $body = elgg_view_layout('one_sidebar', array('content' => $content)); + + echo elgg_view_page(elgg_echo('tags:site_cloud'), $body); + return true; } +/** + * @access private + */ function elgg_tags_init() { // register the standard tags metadata name elgg_register_tag_metadata_name('tags'); diff --git a/engine/lib/upgrade.php b/engine/lib/upgrade.php index dc3911062..f0874a483 100644 --- a/engine/lib/upgrade.php +++ b/engine/lib/upgrade.php @@ -14,6 +14,7 @@ * @param bool $quiet Suppress errors. Don't use this. * * @return bool + * @access private */ function upgrade_code($version, $quiet = FALSE) { global $CONFIG; @@ -89,6 +90,7 @@ function upgrade_code($version, $quiet = FALSE) { * @param array $processed_upgrades An array of processed upgrade filenames * (not the path, just the file) * @return bool + * @access private */ function elgg_set_processed_upgrades(array $processed_upgrades) { $processed_upgrades = array_unique($processed_upgrades); @@ -99,6 +101,7 @@ function elgg_set_processed_upgrades(array $processed_upgrades) { * Gets a list of processes upgrades * * @return mixed Array of processed upgrade filenames or false + * @access private */ function elgg_get_processed_upgrades() { $upgrades = datalist_get('processed_upgrades'); @@ -111,7 +114,8 @@ function elgg_get_processed_upgrades() { * * @param string $filename The upgrade filename. No full path. * @return int|false - * @since 1.8 + * @since 1.8.0 + * @access private */ function elgg_get_upgrade_file_version($filename) { preg_match('/^([0-9]{10})([\.a-z0-9-_]+)?\.(php)$/i', $filename, $matches); @@ -128,6 +132,7 @@ function elgg_get_upgrade_file_version($filename) { * * @param string $upgrade_path The up * @return array|false + * @access private */ function elgg_get_upgrade_files($upgrade_path = null) { if (!$upgrade_path) { @@ -160,7 +165,7 @@ function elgg_get_upgrade_files($upgrade_path = null) { } /** - * Get the current version information + * Get the current Elgg version information * * @param bool $humanreadable Whether to return a human readable version (default: false) * @@ -169,13 +174,18 @@ function elgg_get_upgrade_files($upgrade_path = null) { function get_version($humanreadable = false) { global $CONFIG; + static $version, $release; + if (isset($CONFIG->path)) { - if (include($CONFIG->path . "version.php")) { - return (!$humanreadable) ? $version : $release; + if (!isset($version) || !isset($release)) { + if (!include($CONFIG->path . "version.php")) { + return false; + } } + return (!$humanreadable) ? $version : $release; } - return FALSE; + return false; } /** @@ -184,7 +194,8 @@ function get_version($humanreadable = false) { * @param null|array $upgrade_files Optional upgrade files * @param null|array $processed_upgrades Optional processed upgrades * - * @return array() + * @return array + * @access private */ function elgg_get_unprocessed_upgrades($upgrade_files = null, $processed_upgrades = null) { if ($upgrade_files === null) { @@ -205,7 +216,8 @@ function elgg_get_unprocessed_upgrades($upgrade_files = null, $processed_upgrade /** * Determines whether or not the database needs to be upgraded. * - * @return true|false Depending on whether or not the db version matches the code version + * @return bool Depending on whether or not the db version matches the code version + * @access private */ function version_upgrade_check() { $dbversion = (int) datalist_get('version'); @@ -222,7 +234,7 @@ function version_upgrade_check() { * Upgrades Elgg Database and code * * @return bool - * + * @access private */ function version_upgrade() { // It's possible large upgrades could exceed the max execution time. @@ -264,6 +276,7 @@ function version_upgrade() { * 1.8 upgrades, regardless of filename convention. * * @return bool + * @access private */ function elgg_upgrade_bootstrap_17_to_18() { $db_version = (int) datalist_get('version'); diff --git a/engine/lib/upgrades/2011092500-1.8.0.1-forum_reply_river_view-5758ce8d86ac56ce.php b/engine/lib/upgrades/2011092500-1.8.0.1-forum_reply_river_view-5758ce8d86ac56ce.php new file mode 100644 index 000000000..3a9200b51 --- /dev/null +++ b/engine/lib/upgrades/2011092500-1.8.0.1-forum_reply_river_view-5758ce8d86ac56ce.php @@ -0,0 +1,12 @@ +<?php +/** + * Elgg 1.8.0.1 upgrade 2011092500 + * forum_reply_river_view + * + * The forum reply river view is in a new location in Elgg 1.8 + */ + +$query = "UPDATE {$CONFIG->dbprefix}river SET view='river/annotation/group_topic_post/reply', + action_type='reply' + WHERE view='river/forum/create' AND action_type='create'"; +update_data($query); diff --git a/engine/lib/user_settings.php b/engine/lib/user_settings.php index 29415f6ba..1e2d6db10 100644 --- a/engine/lib/user_settings.php +++ b/engine/lib/user_settings.php @@ -15,6 +15,7 @@ * @note This is a handler for the 'usersettings:save', 'user' plugin hook * * @return void + * @access private */ function users_settings_save() { elgg_set_user_language(); @@ -29,20 +30,21 @@ function users_settings_save() { * * @return bool * @since 1.8.0 + * @access private */ function elgg_set_user_password() { $current_password = get_input('current_password'); $password = get_input('password'); $password2 = get_input('password2'); - $user_id = get_input('guid'); + $user_guid = get_input('guid'); - if (!$user_id) { + if (!$user_guid) { $user = elgg_get_logged_in_user_entity(); } else { - $user = get_entity($user_id); + $user = get_entity($user_guid); } - if (($user) && ($password != "")) { + if ($user && $password) { // let admin user change anyone's password without knowing it except his own. if (!elgg_is_admin_logged_in() || elgg_is_admin_logged_in() && $user->guid == elgg_get_logged_in_user_guid()) { $credentials = array( @@ -50,13 +52,22 @@ function elgg_set_user_password() { 'password' => $current_password ); - if (!pam_auth_userpass($credentials)) { - register_error(elgg_echo('user:password:fail:incorrect_current_password')); + try { + pam_auth_userpass($credentials); + } catch (LoginException $e) { + register_error(elgg_echo('LoginException:ChangePasswordFailure')); return false; } } - if (strlen($password) >= 4) { + try { + $result = validate_password($password); + } catch (RegistrationException $e) { + register_error($e->getMessage()); + return false; + } + + if ($result) { if ($password == $password2) { $user->salt = generate_random_cleartext_password(); // Reset the salt $user->password = generate_user_password($user, $password); @@ -76,6 +87,7 @@ function elgg_set_user_password() { // no change return null; } + return false; } @@ -84,6 +96,7 @@ function elgg_set_user_password() { * * @return bool * @since 1.8.0 + * @access private */ function elgg_set_user_name() { $name = strip_tags(get_input('name')); @@ -124,6 +137,7 @@ function elgg_set_user_name() { * * @return bool * @since 1.8.0 + * @access private */ function elgg_set_user_language() { $language = get_input('language'); @@ -159,6 +173,7 @@ function elgg_set_user_language() { * * @return bool * @since 1.8.0 + * @access private */ function elgg_set_user_email() { $email = get_input('email'); @@ -206,6 +221,7 @@ function elgg_set_user_email() { * * @return bool * @since 1.8.0 + * @access private */ function elgg_set_user_default_access() { @@ -246,6 +262,7 @@ function elgg_set_user_default_access() { * Set up the menu for user settings * * @return void + * @access private */ function usersettings_pagesetup() { if (elgg_get_context() == "settings" && elgg_get_logged_in_user_guid()) { @@ -277,7 +294,8 @@ function usersettings_pagesetup() { * * @param array $page Pages array * - * @return void + * @return bool + * @access private */ function usersettings_page_handler($page) { global $CONFIG; @@ -286,7 +304,7 @@ function usersettings_page_handler($page) { $page[0] = 'user'; } - if ($page[1]) { + if (isset($page[1])) { $user = get_user_by_username($page[1]); elgg_set_page_owner_guid($user->guid); } else { @@ -306,18 +324,21 @@ function usersettings_page_handler($page) { $path = $CONFIG->path . "pages/settings/tools.php"; break; case 'user': - default: $path = $CONFIG->path . "pages/settings/account.php"; break; } - require($path); + if (isset($path)) { + require $path; + return true; + } } /** * Initialize the user settings library * * @return void + * @access private */ function usersettings_init() { elgg_register_page_handler('settings', 'usersettings_page_handler'); @@ -327,6 +348,5 @@ function usersettings_init() { elgg_register_action("usersettings/save"); } -/// Register init function elgg_register_event_handler('init', 'system', 'usersettings_init'); elgg_register_event_handler('pagesetup', 'system', 'usersettings_pagesetup'); diff --git a/engine/lib/users.php b/engine/lib/users.php index 36e137876..9cb8ddfa7 100644 --- a/engine/lib/users.php +++ b/engine/lib/users.php @@ -21,6 +21,7 @@ $CODE_TO_GUID_MAP_CACHE = array(); * @param int $guid The ElggUser guid * * @return mixed + * @access private */ function get_user_entity_as_row($guid) { global $CONFIG; @@ -741,7 +742,9 @@ function execute_new_password_request($user_guid, $conf_code) { if (force_user_password_reset($user_guid, $password)) { remove_private_setting($user_guid, 'passwd_conf_code'); - + // clean the logins failures + reset_login_failure_count($user_guid); + $email = elgg_echo('email:resetpassword:body', array($user->name, $password)); return notify_user($user->guid, $CONFIG->site->guid, @@ -813,6 +816,7 @@ function validate_username($username) { if ( preg_match($blacklist, $username) ) { + // @todo error message needs work throw new RegistrationException(elgg_echo('registration:invalidchars')); } @@ -823,6 +827,7 @@ function validate_username($username) { for ($n = 0; $n < strlen($blacklist2); $n++) { if (strpos($username, $blacklist2[$n]) !== false) { $msg = elgg_echo('registration:invalidchars', array($blacklist2[$n], $blacklist2)); + $msg = htmlentities($msg, ENT_COMPAT, 'UTF-8'); throw new RegistrationException($msg); } } @@ -1025,6 +1030,7 @@ function elgg_get_user_validation_status($user_guid) { * Adds collection submenu items * * @return void + * @access private */ function collections_submenu_items() { @@ -1038,38 +1044,35 @@ function collections_submenu_items() { } /** - * Page handler for friends + * Page handler for friends-related pages * - * @param array $page_elements Page elements + * @param array $segments URL segments + * @param string $handler The first segment in URL used for routing * - * @return void + * @return bool + * @access private */ -function friends_page_handler($page_elements) { +function friends_page_handler($page_elements, $handler) { + elgg_set_context('friends'); + if (isset($page_elements[0]) && $user = get_user_by_username($page_elements[0])) { elgg_set_page_owner_guid($user->getGUID()); } if (elgg_get_logged_in_user_guid() == elgg_get_page_owner_guid()) { collections_submenu_items(); } - require_once(dirname(dirname(dirname(__FILE__))) . "/pages/friends/index.php"); -} -/** - * Page handler for friends of - * - * @param array $page_elements Page elements - * - * @return void - */ -function friends_of_page_handler($page_elements) { - elgg_set_context('friends'); - if (isset($page_elements[0]) && $user = get_user_by_username($page_elements[0])) { - set_page_owner($user->getGUID()); - } - if (elgg_get_logged_in_user_guid() == elgg_get_page_owner_guid()) { - collections_submenu_items(); + switch ($handler) { + case 'friends': + require_once(dirname(dirname(dirname(__FILE__))) . "/pages/friends/index.php"); + break; + case 'friendsof': + require_once(dirname(dirname(dirname(__FILE__))) . "/pages/friends/of.php"); + break; + default: + return false; } - require_once(dirname(dirname(dirname(__FILE__))) . "/pages/friends/of.php"); + return true; } /** @@ -1077,27 +1080,31 @@ function friends_of_page_handler($page_elements) { * * @param array $page_elements Page elements * - * @return void + * @return bool + * @access private */ function collections_page_handler($page_elements) { elgg_set_context('friends'); $base = elgg_get_config('path'); if (isset($page_elements[0])) { if ($page_elements[0] == "add") { - set_page_owner(elgg_get_logged_in_user_guid()); + elgg_set_page_owner_guid(elgg_get_logged_in_user_guid()); collections_submenu_items(); require_once "{$base}pages/friends/collections/add.php"; + return true; } else { $user = get_user_by_username($page_elements[0]); if ($user) { - set_page_owner($user->getGUID()); + elgg_set_page_owner_guid($user->getGUID()); if (elgg_get_logged_in_user_guid() == elgg_get_page_owner_guid()) { collections_submenu_items(); } require_once "{$base}pages/friends/collections/view.php"; + return true; } } } + return false; } /** @@ -1106,12 +1113,16 @@ function collections_page_handler($page_elements) { * @param array $page_elements Page elements * @param string $handler The handler string * - * @return void + * @return bool + * @access private */ function elgg_user_account_page_handler($page_elements, $handler) { $base_dir = elgg_get_root_path() . 'pages/account'; switch ($handler) { + case 'login': + require_once("$base_dir/login.php"); + break; case 'forgotpassword': require_once("$base_dir/forgotten_password.php"); break; @@ -1121,22 +1132,10 @@ function elgg_user_account_page_handler($page_elements, $handler) { case 'register': require_once("$base_dir/register.php"); break; + default: + return false; } -} - -/** - * Display a login box. - * - * This is a fallback for non-JS users who click on the - * dropdown login link. - * - * @return void - * @todo finish - */ -function elgg_user_login_page_handler() { - $login_box = elgg_view('core/account/login_box'); - $content = elgg_view_layout('one_column', array('content' => $login_box)); - echo elgg_view_page(elgg_echo('login'), $content); + return true; } /** @@ -1163,7 +1162,7 @@ function set_last_action($user_guid) { * * @param int $user_guid The user GUID * - * @return boid + * @return void */ function set_last_login($user_guid) { $user_guid = (int) $user_guid; @@ -1184,6 +1183,7 @@ function set_last_login($user_guid) { * @param ElggUser $object User object * * @return bool + * @access private */ function user_create_hook_add_site_relationship($event, $object_type, $object) { global $CONFIG; @@ -1199,6 +1199,7 @@ function user_create_hook_add_site_relationship($event, $object_type, $object) { * @param string $returnvalue * @param array $params * @return string + * @access private */ function user_avatar_hook($hook, $entity_type, $returnvalue, $params) { $user = $params['entity']; @@ -1213,6 +1214,7 @@ function user_avatar_hook($hook, $entity_type, $returnvalue, $params) { /** * Setup the default user hover menu + * @access private */ function elgg_user_hover_menu($hook, $type, $return, $params) { $user = $params['entity']; @@ -1222,12 +1224,14 @@ function elgg_user_hover_menu($hook, $type, $return, $params) { if ($user->isFriend()) { $url = "action/friends/remove?friend={$user->guid}"; $text = elgg_echo('friend:remove'); + $name = 'remove_friend'; } else { $url = "action/friends/add?friend={$user->guid}"; $text = elgg_echo('friend:add'); + $name = 'add_friend'; } $url = elgg_add_action_tokens_to_url($url); - $item = new ElggMenuItem('addfriend', $text, $url); + $item = new ElggMenuItem($name, $text, $url); $item->setSection('action'); $return[] = $item; } else { @@ -1282,6 +1286,12 @@ function elgg_user_hover_menu($hook, $type, $return, $params) { return $return; } +/** + * Setup the menu shown with an entity + * + * @return array + * @access private + */ function elgg_users_setup_entity_menu($hook, $type, $return, $params) { if (elgg_in_context('widgets')) { return $return; @@ -1323,6 +1333,7 @@ function elgg_users_setup_entity_menu($hook, $type, $return, $params) { * * Note: This is a secondary system:init call and is run at a super low priority to guarantee that it is called after all * other plugins have initialised. + * @access private */ function elgg_profile_fields_setup() { global $CONFIG; @@ -1340,11 +1351,10 @@ function elgg_profile_fields_setup() { 'twitter' => 'text' ); - $loaded_default = array(); + $loaded_defaults = array(); if ($fieldlist = elgg_get_config('profile_custom_fields')) { if (!empty($fieldlist)) { $fieldlistarray = explode(',', $fieldlist); - $loaded_defaults = array(); foreach ($fieldlistarray as $listitem) { if ($translation = elgg_get_config("admin_defined_profile_{$listitem}")) { $type = elgg_get_config("admin_defined_profile_type_{$listitem}"); @@ -1379,6 +1389,8 @@ function elgg_profile_fields_setup() { * /avatar/view/<username>/<size>/<icontime> * * @param array $page + * @return bool + * @access private */ function elgg_avatar_page_handler($page) { global $CONFIG; @@ -1390,16 +1402,21 @@ function elgg_avatar_page_handler($page) { if ($page[0] == 'edit') { require_once("{$CONFIG->path}pages/avatar/edit.php"); + return true; } else { set_input('size', $page[2]); require_once("{$CONFIG->path}pages/avatar/view.php"); + return true; } + return false; } /** * Profile page handler * * @param array $page + * @return bool + * @access private */ function elgg_profile_page_handler($page) { global $CONFIG; @@ -1409,13 +1426,16 @@ function elgg_profile_page_handler($page) { if ($page[1] == 'edit') { require_once("{$CONFIG->path}pages/profile/edit.php"); + return true; } + return false; } /** * Sets up user-related menu items * * @return void + * @access private */ function users_pagesetup() { @@ -1456,14 +1476,15 @@ function users_pagesetup() { // topbar if ($viewer) { - - $icon_url = $viewer->getIconURL('topbar'); - $class = 'elgg-border-plain elgg-transition'; - $title = elgg_echo('profile'); elgg_register_menu_item('topbar', array( 'name' => 'profile', 'href' => $viewer->getURL(), - 'text' => "<img src=\"$icon_url\" alt=\"$viewer->name\" title=\"$title\" class=\"$class\" />", + 'text' => elgg_view('output/img', array( + 'src' => $viewer->getIconURL('topbar'), + 'alt' => $viewer->name, + 'title' => elgg_echo('profile'), + 'class' => 'elgg-border-plain elgg-transition', + )), 'priority' => 100, 'link_class' => 'elgg-topbar-avatar', )); @@ -1499,15 +1520,16 @@ function users_pagesetup() { * Users initialisation function, which establishes the page handler * * @return void + * @access private */ function users_init() { elgg_register_page_handler('friends', 'friends_page_handler'); - elgg_register_page_handler('friendsof', 'friends_of_page_handler'); + elgg_register_page_handler('friendsof', 'friends_page_handler'); elgg_register_page_handler('register', 'elgg_user_account_page_handler'); elgg_register_page_handler('forgotpassword', 'elgg_user_account_page_handler'); elgg_register_page_handler('resetpassword', 'elgg_user_account_page_handler'); - elgg_register_page_handler('login', 'elgg_user_login_page_handler'); + elgg_register_page_handler('login', 'elgg_user_account_page_handler'); elgg_register_page_handler('avatar', 'elgg_avatar_page_handler'); elgg_register_page_handler('profile', 'elgg_profile_page_handler'); elgg_register_page_handler('collections', 'collections_page_handler'); @@ -1557,6 +1579,7 @@ function users_init() { * @param mixed $params Params * * @return array + * @access private */ function users_test($hook, $type, $value, $params) { global $CONFIG; diff --git a/engine/lib/views.php b/engine/lib/views.php index 0646851f0..0f806b8be 100644 --- a/engine/lib/views.php +++ b/engine/lib/views.php @@ -140,6 +140,7 @@ function elgg_register_viewtype($view_type) { * * @return bool * @since 1.7.2 + * @access private */ function elgg_is_valid_view_type($view_type) { global $CONFIG; @@ -411,19 +412,25 @@ function elgg_view($view, $vars = array(), $bypass = false, $debug = false, $vie } // internalname => name (1.8) - if (isset($vars['internalname']) && !isset($vars['name'])) { + if (isset($vars['internalname']) && !isset($vars['__ignoreInternalname']) && !isset($vars['name'])) { elgg_deprecated_notice('You should pass $vars[\'name\'] now instead of $vars[\'internalname\']', 1.8, 2); $vars['name'] = $vars['internalname']; $test=false; } elseif (isset($vars['name'])) { + if (!isset($vars['internalname'])) { + $vars['__ignoreInternalname'] = ''; + } $vars['internalname'] = $vars['name']; } // internalid => id (1.8) - if (isset($vars['internalid']) && !isset($vars['name'])) { + if (isset($vars['internalid']) && !isset($vars['__ignoreInternalid']) && !isset($vars['name'])) { elgg_deprecated_notice('You should pass $vars[\'id\'] now instead of $vars[\'internalid\']', 1.8, 2); $vars['id'] = $vars['internalid']; } elseif (isset($vars['id'])) { + if (!isset($vars['internalid'])) { + $vars['__ignoreInternalid'] = ''; + } $vars['internalid'] = $vars['id']; } @@ -703,9 +710,9 @@ function elgg_view_layout($layout_name, $vars = array()) { * * This function triggers a 'register', 'menu:<menu name>' plugin hook that enables * plugins to add menu items just before a menu is rendered. This is used by - * context-sensitive menus (menus that are specific to a particular entity such - * as the user hover menu). Using elgg_register_menu_item() in response to the hook - * can cause incorrect links to show up. See the blog plugin's blog_owner_block_menu() + * dynamic menus (menus that change based on some input such as the user hover + * menu). Using elgg_register_menu_item() in response to the hook can cause + * incorrect links to show up. See the blog plugin's blog_owner_block_menu() * for an example of using this plugin hook. * * An additional hook is the 'prepare', 'menu:<menu name>' which enables plugins @@ -718,8 +725,9 @@ function elgg_view_layout($layout_name, $vars = array()) { * @param array $vars An associative array of display options for the menu. * Options include: * sort_by => string or php callback - * string options: 'name', 'priority', 'title' (default), 'register' (registration order) - * php callback: a compare function for usort + * string options: 'name', 'priority', 'title' (default), + * 'register' (registration order) or a + * php callback (a compare function for usort) * handler: string the page handler to build action URLs * entity: ElggEntity to use to build action URLs * class: string the class for the entire menu. @@ -735,10 +743,14 @@ function elgg_view_menu($menu_name, array $vars = array()) { $sort_by = elgg_extract('sort_by', $vars, 'text'); - $menu = $CONFIG->menus[$menu_name]; + if (isset($CONFIG->menus[$menu_name])) { + $menu = $CONFIG->menus[$menu_name]; + } else { + $menu = array(); + } // Give plugins a chance to add menu items just before creation. - // This supports context sensitive menus (ex. user_hover). + // This supports dynamic menus (example: user_hover). $menu = elgg_trigger_plugin_hook('register', "menu:$menu_name", $vars, $menu); $builder = new ElggMenuBuilder($menu); @@ -852,7 +864,9 @@ function elgg_view_entity(ElggEntity $entity, $vars = array(), $bypass = true, $ * * @param ElggEntity $entity The entity to display * @param string $size The size: tiny, small, medium, large - * @param array $vars An array of variables to pass to the view + * @param array $vars An array of variables to pass to the view. Some possible + * variables are img_class and link_class. See the + * specific icon view for more parameters. * * @return string HTML to display or false */ @@ -1038,7 +1052,7 @@ $list_type_toggle = true, $pagination = true) { function elgg_view_annotation_list($annotations, array $vars = array()) { $defaults = array( 'items' => $annotations, - 'list_class' => 'elgg-annotation-list', + 'list_class' => 'elgg-list-annotation elgg-annotation-list', // @todo remove elgg-annotation-list in Elgg 1.9 'full_view' => true, 'offset_key' => 'annoff', ); @@ -1188,7 +1202,8 @@ function elgg_view_image_block($image, $body, $vars = array()) { * @since 1.8.0 */ function elgg_view_module($type, $title, $body, $vars = array()) { - $vars['class'] .= " elgg-module-$type"; //@todo this will probably cause errors? + + $vars['class'] = elgg_extract('class', $vars, '') . " elgg-module-$type"; $vars['title'] = $title; $vars['body'] = $body; return elgg_view('page/components/module', $vars); @@ -1217,7 +1232,7 @@ function elgg_view_river_item($item, array $vars = array()) { $vars['item'] = $item; - return elgg_view($item->getView(), $vars); + return elgg_view('river/item', $vars); } /** @@ -1308,15 +1323,36 @@ function elgg_view_list_item($item, array $vars = array()) { * Shorthand for <span class="elgg-icon elgg-icon-$name"></span> * * @param string $name The specific icon to display - * @param bool $float Whether to float the icon + * @param string $class Additional class: float, float-alt, or custom class * * @return string The html for displaying an icon */ -function elgg_view_icon($name, $float = false) { - if ($float) { - $float = 'float'; +function elgg_view_icon($name, $class = '') { + // @todo deprecate boolean in Elgg 1.9 + if (is_bool($class) && $class === true) { + $class = 'float'; + } + return "<span class=\"elgg-icon elgg-icon-$name $class\"></span>"; +} + +/** + * Displays a user's access collections, using the core/friends/collections view + * + * @param int $owner_guid The GUID of the owning user + * + * @return string A formatted rendition of the collections + * @todo Move to the friends/collection.php page. + * @access private + */ +function elgg_view_access_collections($owner_guid) { + if ($collections = get_user_access_collections($owner_guid)) { + foreach ($collections as $key => $collection) { + $collections[$key]->members = get_members_of_access_collection($collection->id, true); + $collections[$key]->entities = get_user_friends($owner_guid, "", 9999); + } } - return "<span class=\"elgg-icon elgg-icon-$name $float\"></span>"; + + return elgg_view('core/friends/collections', array('collections' => $collections)); } /** @@ -1361,6 +1397,7 @@ function set_template_handler($function_name) { * @since 1.7.0 * @todo Why isn't this used anywhere else but in elgg_view_tree()? * Seems like a useful function for autodiscovery. + * @access private */ function elgg_get_views($dir, $base) { $return = array(); @@ -1396,6 +1433,7 @@ function elgg_get_views($dir, $base) { * * @return array A list of view names underneath that root view * @todo This is used once in the deprecated get_activity_stream_data() function. + * @access private */ function elgg_view_tree($view_root, $viewtype = "") { global $CONFIG; @@ -1457,6 +1495,7 @@ function elgg_view_tree($view_root, $viewtype = "") { * @since 1.7.0 * @see elgg_set_view_location() * @todo This seems overly complicated. + * @access private */ function autoregister_views($view_base, $folder, $base_location_path, $viewtype) { if (!isset($i)) { @@ -1498,6 +1537,7 @@ function autoregister_views($view_base, $folder, $base_location_path, $viewtype) * Add the rss link to the extras when if needed * * @return void + * @access private */ function elgg_views_add_rss_link() { global $autofeed; @@ -1523,7 +1563,7 @@ function elgg_views_add_rss_link() { * Registers deprecated views to avoid making some pages from older plugins * completely empty. * - * @private + * @access private */ function elgg_views_handle_deprecated_views() { $location = elgg_get_view_location('page_elements/contentwrapper'); @@ -1546,9 +1586,10 @@ function elgg_views_boot() { elgg_register_simplecache_view('css/elgg'); elgg_register_simplecache_view('css/ie'); elgg_register_simplecache_view('css/ie6'); + elgg_register_simplecache_view('css/ie7'); elgg_register_simplecache_view('js/elgg'); - elgg_register_js('jquery', '/vendors/jquery/jquery-1.6.2.min.js', 'head'); + elgg_register_js('jquery', '/vendors/jquery/jquery-1.6.4.min.js', 'head'); elgg_register_js('jquery-ui', '/vendors/jquery/jquery-ui-1.8.16.min.js', 'head'); elgg_register_js('jquery.form', '/vendors/jquery/jquery.form.js'); @@ -1567,7 +1608,7 @@ function elgg_views_boot() { elgg_register_css('lightbox', $lightbox_css_url); $elgg_css_url = elgg_get_simplecache_url('css', 'elgg'); - elgg_register_css('elgg', $elgg_css_url, 1); + elgg_register_css('elgg', $elgg_css_url); elgg_load_css('elgg'); elgg_register_plugin_hook_handler('output:before', 'layout', 'elgg_views_add_rss_link'); @@ -1583,6 +1624,19 @@ function elgg_views_boot() { elgg_register_viewtype($view); } } + + // set default icon sizes - can be overridden in settings.php or with plugin + if (!elgg_get_config('icon_sizes')) { + $icon_sizes = array( + 'topbar' => array('w'=>16, 'h'=>16, 'square'=>TRUE, 'upscale'=>TRUE), + 'tiny' => array('w'=>25, 'h'=>25, 'square'=>TRUE, 'upscale'=>TRUE), + 'small' => array('w'=>40, 'h'=>40, 'square'=>TRUE, 'upscale'=>TRUE), + 'medium' => array('w'=>100, 'h'=>100, 'square'=>TRUE, 'upscale'=>TRUE), + 'large' => array('w'=>200, 'h'=>200, 'square'=>FALSE, 'upscale'=>FALSE), + 'master' => array('w'=>550, 'h'=>550, 'square'=>FALSE, 'upscale'=>FALSE), + ); + elgg_set_config('icon_sizes', $icon_sizes); + } } elgg_register_event_handler('boot', 'system', 'elgg_views_boot', 1000); diff --git a/engine/lib/web_services.php b/engine/lib/web_services.php index 8e312209b..1c77b757e 100644 --- a/engine/lib/web_services.php +++ b/engine/lib/web_services.php @@ -154,6 +154,7 @@ function unexpose_function($method) { * @return true or throws an exception * @throws APIException * @since 1.7.0 + * @access private */ function authenticate_method($method) { global $API_METHODS; @@ -192,6 +193,7 @@ function authenticate_method($method) { * * @return GenericResult The result of the execution. * @throws APIException, CallException + * @access private */ function execute_method($method) { global $API_METHODS, $CONFIG; @@ -257,6 +259,7 @@ function execute_method($method) { * Get the request method. * * @return string HTTP request method + * @access private */ function get_call_method() { return $_SERVER['REQUEST_METHOD']; @@ -271,6 +274,7 @@ function get_call_method() { * @param string $method The method * * @return array containing parameters as key => value + * @access private */ function get_parameters_for_method($method) { global $API_METHODS; @@ -300,6 +304,7 @@ function get_parameters_for_method($method) { * Since this is called through a handler, we need to manually get the post data * * @return POST data as string encoded as multipart/form-data + * @access private */ function get_post_data() { @@ -317,6 +322,7 @@ function get_post_data() { * @return true on success or exception * @throws APIException * @since 1.7.0 + * @access private */ function verify_parameters($method, $parameters) { global $API_METHODS; @@ -354,6 +360,7 @@ function verify_parameters($method, $parameters) { * @return string or exception * @throws APIException * @since 1.7.0 + * @access private */ function serialise_parameters($method, $parameters) { global $API_METHODS; @@ -438,6 +445,7 @@ function serialise_parameters($method, $parameters) { * @return mixed * @throws APIException * @since 1.7.0 + * @access private */ function api_auth_key() { global $CONFIG; @@ -468,6 +476,7 @@ function api_auth_key() { * * @throws SecurityException * @since 1.7.0 + * @access private */ function api_auth_hmac() { global $CONFIG; @@ -532,6 +541,7 @@ function api_auth_hmac() { * * @return stdClass Containing all the values. * @throws APIException Detailing any error. + * @access private */ function get_and_validate_api_headers() { $result = new stdClass; @@ -604,6 +614,7 @@ function get_and_validate_api_headers() { * * @return string The php algorithm * @throws APIException if an algorithm is not supported. + * @access private */ function map_api_hash($algo) { $algo = strtolower(sanitise_string($algo)); @@ -636,6 +647,7 @@ function map_api_hash($algo) { * @param string $post_hash Optional sha1 hash of the post data. * * @return string The HMAC signature + * @access private */ function calculate_hmac($algo, $time, $nonce, $api_key, $secret_key, $get_variables, $post_hash = "") { @@ -666,6 +678,7 @@ $get_variables, $post_hash = "") { * @param string $algo The algorithm used. * * @return string The hash. + * @access private */ function calculate_posthash($postdata, $algo) { $ctx = hash_init(map_api_hash($algo)); @@ -682,6 +695,7 @@ function calculate_posthash($postdata, $algo) { * @param string $hmac The hmac string. * * @return bool True if replay detected, false if not. + * @access private */ function cache_hmac_check_replay($hmac) { // cache lifetime is 25 hours (this should be related to the time drift @@ -779,6 +793,7 @@ function remove_api_user($site_guid, $api_key) { * session code of Elgg, that user will be logged out of all other sessions. * * @return bool + * @access private */ function pam_auth_usertoken() { global $CONFIG; @@ -823,6 +838,7 @@ function pam_auth_usertoken() { * See if the user has a valid login sesson * * @return bool + * @access private */ function pam_auth_session() { return elgg_is_logged_in(); @@ -968,6 +984,7 @@ function remove_expired_user_tokens() { * @param array $headers The array of headers "key" => "value" * * @return string + * @access private */ function serialise_api_headers(array $headers) { $headers_str = ""; @@ -1123,6 +1140,7 @@ function get_standard_api_key_array($secret_key, $api_key) { * Simple api to return a list of all api's installed on the system. * * @return array + * @access private */ function list_all_apis() { global $API_METHODS; @@ -1144,6 +1162,7 @@ function list_all_apis() { * * @return string Token string or exception * @throws SecurityException + * @access private */ function auth_gettoken($username, $password) { if (authenticate($username, $password)) { @@ -1174,6 +1193,7 @@ $ERRORS = array(); * @param array $vars Vars * * @return void + * @access private */ function _php_api_error_handler($errno, $errmsg, $filename, $linenum, $vars) { global $ERRORS; @@ -1211,6 +1231,7 @@ function _php_api_error_handler($errno, $errmsg, $filename, $linenum, $vars) { * @param Exception $exception Exception * * @return void + * @access private */ function _php_api_exception_handler($exception) { @@ -1233,6 +1254,7 @@ function _php_api_exception_handler($exception) { * @param array $request Request string * * @return void + * @access private */ function service_handler($handler, $request) { global $CONFIG; @@ -1310,6 +1332,7 @@ function unregister_service_handler($handler) { * REST API handler * * @return void + * @access private */ function rest_handler() { global $CONFIG; @@ -1370,6 +1393,7 @@ function rest_handler() { * @param mixed $params Params * * @return array + * @access private */ function api_unit_test($hook, $type, $value, $params) { global $CONFIG; @@ -1381,6 +1405,7 @@ function api_unit_test($hook, $type, $value, $params) { * Initialise the API subsystem. * * @return void + * @access private */ function api_init() { // Register a page handler, so we can have nice URLs diff --git a/engine/lib/widgets.php b/engine/lib/widgets.php index cc3cf20e4..5d18a16b0 100644 --- a/engine/lib/widgets.php +++ b/engine/lib/widgets.php @@ -257,6 +257,7 @@ function elgg_get_widget_types($context = "", $exact = false) { * Regsiter entity of object, widget as ElggWidget objects * * @return void + * @access private */ function elgg_widget_run_once() { add_subtype("object", "widget", "ElggWidget"); @@ -266,6 +267,7 @@ function elgg_widget_run_once() { * Function to initialize widgets functionality * * @return void + * @access private */ function elgg_widgets_init() { elgg_register_action('widgets/save'); @@ -281,7 +283,26 @@ function elgg_widgets_init() { * Gets a list of events to create default widgets for and * register menu items for default widgets with the admin section. * + * A plugin that wants to register a new context for default widgets should + * register for the plugin hook 'get_list', 'default_widgets'. The handler + * can register the new type of default widgets by adding an associate array to + * the return value array like this: + * array( + * 'name' => elgg_echo('profile'), + * 'widget_context' => 'profile', + * 'widget_columns' => 3, + * + * 'event' => 'create', + * 'entity_type' => 'user', + * 'entity_subtype' => ELGG_ENTITIES_ANY_VALUE, + * ); + * + * The first set of keys define information about the new type of default + * widgets and the second set determine what event triggers the creation of the + * new widgets. + * * @return void + * @access private */ function elgg_default_widgets_init() { global $CONFIG; @@ -296,35 +317,42 @@ function elgg_default_widgets_init() { elgg_register_plugin_hook_handler('container_permissions_check', 'object', 'elgg_default_widgets_permissions_override'); foreach ($default_widgets as $info) { - elgg_register_event_handler($info['event'], $info['entity_type'], 'elgg_default_widgets_hook'); + elgg_register_event_handler($info['event'], $info['entity_type'], 'elgg_create_default_widgets'); } } } /** - * Checks for plugins who have registered default widgets and - * hooks into events to save. + * Creates default widgets + * + * This plugin hook handler is registered for events based on what kinds of + * default widgets have been registered. See elgg_default_widgets_init() for + * information on registering new default widget contexts. * * @param string $event The event * @param string $type The type of object - * @param object $object The object + * @param object $entity The entity being created * @return null + * @access private */ -function elgg_default_widgets_hook($event, $type, $object) { +function elgg_create_default_widgets($event, $type, $entity) { $default_widget_info = elgg_get_config('default_widget_info'); - if (!$default_widget_info) { + if (!$default_widget_info || !$entity) { return null; } - $subtype = $object->getSubtype(); + $type = $entity->getType(); + $subtype = $entity->getSubtype(); // event is already guaranteed by the hook registration. // need to check subtype and type. foreach ($default_widget_info as $temp) { - if ($temp['entity_type'] == $type && $temp['entity_subtype'] == $subtype) { - $info = $temp; - break; + if ($temp['entity_type'] == $type) { + if ($temp['entity_subtype'] == ELGG_ENTITIES_ANY_VALUE || $temp['entity_subtype'] == $subtype) { + $info = $temp; + break; + } } } @@ -339,7 +367,7 @@ function elgg_default_widgets_hook($event, $type, $object) { 'subtype' => 'widget', 'owner_guid' => elgg_get_site_entity()->guid, 'private_setting_name' => 'context', - 'private_setting_value' => $info['context'], + 'private_setting_value' => $info['widget_context'], 'limit' => 0 ); @@ -348,8 +376,8 @@ function elgg_default_widgets_hook($event, $type, $object) { foreach ($widgets as $widget) { // change the container and owner $new_widget = clone $widget; - $new_widget->container_guid = $object->guid; - $new_widget->owner_guid = $object->guid; + $new_widget->container_guid = $entity->guid; + $new_widget->owner_guid = $entity->guid; // pull in settings $settings = get_all_private_settings($widget->guid); @@ -376,6 +404,7 @@ function elgg_default_widgets_hook($event, $type, $object) { * @param string $return Value * @param mixed $params Params * @return true|null + * @access private */ function elgg_default_widgets_permissions_override($hook, $type, $return, $params) { if ($type == 'object' && $params['subtype'] == 'widget') { @@ -387,4 +416,4 @@ function elgg_default_widgets_permissions_override($hook, $type, $return, $param elgg_register_event_handler('init', 'system', 'elgg_widgets_init'); // register default widget hooks from plugins -elgg_register_event_handler('ready', 'system', 'elgg_default_widgets_init');
\ No newline at end of file +elgg_register_event_handler('ready', 'system', 'elgg_default_widgets_init'); diff --git a/engine/lib/xml-rpc.php b/engine/lib/xml-rpc.php index b63d626df..bfe1a8645 100644 --- a/engine/lib/xml-rpc.php +++ b/engine/lib/xml-rpc.php @@ -15,6 +15,7 @@ * @param array $parameters An array of params * * @return array + * @access private */ function xmlrpc_parse_params($parameters) { $result = array(); @@ -32,6 +33,7 @@ function xmlrpc_parse_params($parameters) { * @param XMLObject $object And object * * @return mixed + * @access private */ function xmlrpc_scalar_value($object) { if ($object->name == 'param') { @@ -110,6 +112,7 @@ function register_xmlrpc_handler($method, $handler) { * @param XMLRPCCall $parameters The call and parameters. * * @return XMLRPCCall + * @access private */ function trigger_xmlrpc_handler(XMLRPCCall $parameters) { global $XML_RPC_HANDLERS; @@ -148,6 +151,7 @@ function trigger_xmlrpc_handler(XMLRPCCall $parameters) { * @param array $vars Vars * * @return void + * @access private */ function _php_xmlrpc_error_handler($errno, $errmsg, $filename, $linenum, $vars) { $error = date("Y-m-d H:i:s (T)") . ": \"" . $errmsg . "\" in file " @@ -177,6 +181,7 @@ function _php_xmlrpc_error_handler($errno, $errmsg, $filename, $linenum, $vars) * @param Exception $exception The exception * * @return void + * @access private */ function _php_xmlrpc_exception_handler($exception) { diff --git a/engine/start.php b/engine/start.php index 132c060b4..00bdc3197 100644 --- a/engine/start.php +++ b/engine/start.php @@ -60,7 +60,8 @@ $lib_dir = dirname(__FILE__) . '/lib/'; */ $required_files = array( 'elgglib.php', 'views.php', 'access.php', 'system_log.php', 'export.php', - 'sessions.php', 'languages.php', 'input.php', 'cache.php', 'output.php' + 'sessions.php', 'languages.php', 'pageowner.php', 'input.php', 'cache.php', + 'output.php' ); // include bootstraping libs @@ -96,7 +97,7 @@ $lib_files = array( 'extender.php', 'filestore.php', 'group.php', 'location.php', 'mb_wrapper.php', 'memcache.php', 'metadata.php', 'metastrings.php', 'navigation.php', 'notification.php', 'objects.php', - 'opendd.php', 'pagehandler.php', 'pageowner.php', 'pam.php', 'plugins.php', + 'opendd.php', 'pagehandler.php', 'pam.php', 'plugins.php', 'private_settings.php', 'relationships.php', 'river.php', 'sites.php', 'statistics.php', 'tags.php', 'user_settings.php', 'users.php', 'upgrade.php', 'web_services.php', 'widgets.php', 'xml.php', 'xml-rpc.php', @@ -114,6 +115,9 @@ foreach ($lib_files as $file) { } } +// connect to db +setup_db_connections(); + // confirm that the installation completed successfully verify_installation(); diff --git a/engine/tests/api/access_collections.php b/engine/tests/api/access_collections.php index 1e61c45bb..0c37fa779 100644 --- a/engine/tests/api/access_collections.php +++ b/engine/tests/api/access_collections.php @@ -194,7 +194,7 @@ class ElggCoreAccessCollectionsTest extends ElggCoreUnitTest { return $value; } - register_plugin_hook('access:collections:write', 'all', 'test_acl_access_hook'); + elgg_register_plugin_hook_handler('access:collections:write', 'all', 'test_acl_access_hook'); // enable security since we usually run as admin $ia = elgg_set_ignore_access(false); @@ -202,14 +202,16 @@ class ElggCoreAccessCollectionsTest extends ElggCoreUnitTest { $this->assertTrue($result); $ia = elgg_set_ignore_access($ia); - unregister_plugin_hook('access:collections:write', 'all', 'test_acl_access_hook'); + elgg_unregister_plugin_hook_handler('access:collections:write', 'all', 'test_acl_access_hook'); + + delete_access_collection($acl_id); } // groups interface // only runs if the groups plugin is enabled because implementation is split between // core and the plugin. public function testCreateDeleteGroupACL() { - if (!is_plugin_enabled('groups')) { + if (!elgg_is_active_plugin('groups')) { return; } @@ -231,7 +233,7 @@ class ElggCoreAccessCollectionsTest extends ElggCoreUnitTest { } public function testJoinLeaveGroupACL() { - if (!is_plugin_enabled('groups')) { + if (!elgg_is_active_plugin('groups')) { return; } diff --git a/engine/tests/api/entity_getter_functions.php b/engine/tests/api/entity_getter_functions.php index aef7a991e..e7906d3c8 100644 --- a/engine/tests/api/entity_getter_functions.php +++ b/engine/tests/api/entity_getter_functions.php @@ -855,7 +855,7 @@ class ElggCoreEntityGetterFunctionsTest extends ElggCoreUnitTest { public function testElggApiGettersEntityNoSubtype() { // create an entity we can later delete. - // order by time created and limit by 1 should == this entity. + // order by guid and limit by 1 should == this entity. $e = new ElggObject(); $e->save(); @@ -2789,4 +2789,13 @@ class ElggCoreEntityGetterFunctionsTest extends ElggCoreUnitTest { $this->assertEqual($a_e_map[$a->id], $a->owner_guid); } } + + public function testElggGetEntitiesBadWheres() { + $options = array( + 'container_guid' => 'abc' + ); + + $entities = elgg_get_entities($options); + $this->assertFalse($entities); + } } diff --git a/engine/tests/api/helpers.php b/engine/tests/api/helpers.php index ee2e64cfe..f48f91faf 100644 --- a/engine/tests/api/helpers.php +++ b/engine/tests/api/helpers.php @@ -63,6 +63,8 @@ class ElggCoreHelpersTest extends ElggCoreUnitTest { $this->assertFalse(elgg_instanceof($bad_entity)); $this->assertFalse(elgg_instanceof($bad_entity, 'object')); $this->assertFalse(elgg_instanceof($bad_entity, 'object', 'test_subtype')); + + remove_subtype('object', 'test_subtype'); } /** @@ -72,7 +74,13 @@ class ElggCoreHelpersTest extends ElggCoreUnitTest { $conversions = array( 'http://example.com' => 'http://example.com', 'https://example.com' => 'https://example.com', + 'http://example-time.com' => 'http://example-time.com', + '//example.com' => '//example.com', + 'ftp://example.com/file' => 'ftp://example.com/file', + 'mailto:brett@elgg.org' => 'mailto:brett@elgg.org', + 'javascript:alert("test")' => 'javascript:alert("test")', + 'app://endpoint' => 'app://endpoint', 'example.com' => 'http://example.com', 'example.com/subpage' => 'http://example.com/subpage', @@ -166,7 +174,9 @@ class ElggCoreHelpersTest extends ElggCoreUnitTest { $this->assertFalse(isset($CONFIG->externals_map['js']['id1'])); foreach ($elements as $element) { - $this->assertFalse($element->name == 'id1'); + if (isset($element->name)) { + $this->assertFalse($element->name == 'id1'); + } } $result = elgg_unregister_js('id1'); @@ -180,7 +190,9 @@ class ElggCoreHelpersTest extends ElggCoreUnitTest { $this->assertFalse(isset($CONFIG->externals_map['js']['id2'])); foreach ($elements as $element) { - $this->assertFalse($element->name == 'id2'); + if (isset($element->name)) { + $this->assertFalse($element->name == 'id2'); + } } $this->assertTrue(isset($CONFIG->externals_map['js']['id3'])); @@ -204,7 +216,7 @@ class ElggCoreHelpersTest extends ElggCoreUnitTest { $this->assertTrue($result); $js_urls = elgg_get_loaded_js('footer'); - $this->assertIdentical(array('http://test1.com'), $js_urls); + $this->assertIdentical(array(500 => 'http://test1.com'), $js_urls); } /** @@ -227,9 +239,10 @@ class ElggCoreHelpersTest extends ElggCoreUnitTest { } $js_urls = elgg_get_loaded_js('head'); - $this->assertIdentical($js_urls[0], $urls['id1']); - $this->assertIdentical($js_urls[1], $urls['id2']); - $this->assertIdentical($js_urls[2], $urls['id3']); + + $this->assertIdentical($js_urls[500], $urls['id1']); + $this->assertIdentical($js_urls[501], $urls['id2']); + $this->assertIdentical($js_urls[502], $urls['id3']); $js_urls = elgg_get_loaded_js('footer'); $this->assertIdentical(array(), $js_urls); diff --git a/engine/tests/api/metadata.php b/engine/tests/api/metadata.php index d9113b68a..7897b8d47 100644 --- a/engine/tests/api/metadata.php +++ b/engine/tests/api/metadata.php @@ -75,16 +75,9 @@ class ElggCoreMetadataAPITest extends ElggCoreUnitTest { $this->assertIdentical($case_true, $case_false); - // check deprecated get_entities_from_metadata() function - $deprecated = get_entities_from_metadata('metaUnitTest', 'tested', '', '', 0, 10, 0, '', 0, FALSE, TRUE); - $this->assertIdentical($deprecated, $case_true); - - // check entity list - //$this->dump(list_entities_from_metadata('metaUnitTest', 'Tested', '', '', 0, 10, TRUE, TRUE, TRUE, FALSE)); - // clean up - $this->delete_metastrings(); $this->object->delete(); + $this->delete_metastrings(); } public function testElggGetMetadataCount() { diff --git a/engine/tests/api/plugins.php b/engine/tests/api/plugins.php index 00b0d4513..a0faaff0e 100644 --- a/engine/tests/api/plugins.php +++ b/engine/tests/api/plugins.php @@ -68,8 +68,8 @@ class ElggCorePluginsAPITest extends ElggCoreUnitTest { 'blurb' => 'A concise description.', 'description' => 'A longer, more interesting description.', 'website' => 'http://www.elgg.org/', - 'copyright' => '(C) Elgg 2010', - 'license' => 'GNU Public License version 2', + 'copyright' => '(C) Elgg Foundation 2011', + 'license' => 'GNU General Public License version 2', 'requires' => array( array('type' => 'elgg_version', 'version' => '3009030802', 'comparison' => 'lt'), @@ -105,7 +105,6 @@ class ElggCorePluginsAPITest extends ElggCoreUnitTest { array('type' => 'plugin', 'name' => 'facebook_connect', 'version' => 1.0), ), - 'admin_interface' => 'simple', 'activate_on_install' => true ); @@ -118,8 +117,8 @@ class ElggCorePluginsAPITest extends ElggCoreUnitTest { 'version' => '1.0', 'description' => 'A 1.7-style manifest.', 'website' => 'http://www.elgg.org/', - 'copyright' => '(C) Elgg 2010', - 'license' => 'GNU Public License version 2', + 'copyright' => '(C) Elgg Foundation 2011', + 'license' => 'GNU General Public License version 2', 'elgg_version' => '2009030702', 'name' => 'Plugin Test 17', ); @@ -166,13 +165,13 @@ class ElggCorePluginsAPITest extends ElggCoreUnitTest { } public function testElggPluginManifestGetCopyright() { - $this->assertEqual($this->manifest18->getCopyright(), '(C) Elgg 2010'); - $this->assertEqual($this->manifest18->getCopyright(), '(C) Elgg 2010'); + $this->assertEqual($this->manifest18->getCopyright(), '(C) Elgg Foundation 2011'); + $this->assertEqual($this->manifest18->getCopyright(), '(C) Elgg Foundation 2011'); } public function testElggPluginManifestGetLicense() { - $this->assertEqual($this->manifest18->getLicense(), 'GNU Public License version 2'); - $this->assertEqual($this->manifest17->getLicense(), 'GNU Public License version 2'); + $this->assertEqual($this->manifest18->getLicense(), 'GNU General Public License version 2'); + $this->assertEqual($this->manifest17->getLicense(), 'GNU General Public License version 2'); } @@ -215,18 +214,6 @@ class ElggCorePluginsAPITest extends ElggCoreUnitTest { $this->assertEqual($this->package17->getManifest()->getDescription(), 'A 1.7-style manifest.'); } - public function testElggPluginManifestGetDescriptionTranslated() { - $en = array( - $this->package18->getManifest()->getDescription() => 'A translated 1.8 description!', - $this->package17->getManifest()->getDescription() => 'A translated 1.7 description!', - ); - - add_translation('en', $en); - - $this->assertEqual($this->package18->getManifest()->getDescription(), 'A translated 1.8 description!'); - $this->assertEqual($this->package17->getManifest()->getDescription(), 'A translated 1.7 description!'); - } - public function testElggPluginManifestGetCategories() { $categories = array( 'Admin', 'ServiceAPI' @@ -277,10 +264,6 @@ class ElggCorePluginsAPITest extends ElggCoreUnitTest { $this->assertEqual($this->manifest17->getConflicts(), array()); } - public function testElggPluginManifestGetAdminInterface() { - $this->assertEqual($this->manifest18->getAdminInterface(), 'simple'); - } - public function testElggPluginManifestGetActivateOnInstall() { $this->assertEqual($this->manifest18->getActivateOnInstall(), true); } diff --git a/engine/tests/objects/entities.php b/engine/tests/objects/entities.php index c04bc60ff..c13b4c731 100644 --- a/engine/tests/objects/entities.php +++ b/engine/tests/objects/entities.php @@ -125,7 +125,7 @@ class ElggCoreEntityTest extends ElggCoreUnitTest { $this->assertIdentical(FALSE, elgg_get_annotations(array('guid' => $this->entity->getGUID(), 'type' => 'site', 'subtype' => 'fail'))); // clear annotation - $this->assertTrue($this->entity->clearAnnotations()); + $this->assertTrue($this->entity->deleteAnnotations()); $this->assertEqual($this->entity->countAnnotations('non_existent'), 0); $this->assertIdentical(array(), elgg_get_annotations(array('guid' => $this->entity->getGUID()))); @@ -134,6 +134,7 @@ class ElggCoreEntityTest extends ElggCoreUnitTest { // clean up $this->assertTrue($this->entity->delete()); + remove_subtype('site', 'testing'); } public function testElggEntityCache() { @@ -226,8 +227,8 @@ class ElggCoreEntityTest extends ElggCoreUnitTest { } public function testElggEntityMetadata() { - // let's delte a non-existent metadata - $this->assertFalse($this->entity->clearMetaData('important')); + // let's delete a non-existent metadata + $this->assertFalse($this->entity->deleteMetadata('important')); // let's add the meatadata $this->assertTrue($this->entity->important = 'indeed!'); @@ -236,16 +237,16 @@ class ElggCoreEntityTest extends ElggCoreUnitTest { // test deleting incorrectly // @link http://trac.elgg.org/ticket/2273 - $this->assertFalse($this->entity->clearMetaData('impotent')); + $this->assertFalse($this->entity->deleteMetadata('impotent')); $this->assertEqual($this->entity->important, 'indeed!'); // get rid of one metadata $this->assertEqual($this->entity->important, 'indeed!'); - $this->assertTrue($this->entity->clearMetaData('important')); + $this->assertTrue($this->entity->deleteMetadata('important')); $this->assertEqual($this->entity->important, ''); // get rid of all metadata - $this->assertTrue($this->entity->clearMetaData()); + $this->assertTrue($this->entity->deleteMetadata()); $this->assertEqual($this->entity->less_important, ''); // clean up database @@ -278,6 +279,10 @@ class ElggCoreEntityTest extends ElggCoreUnitTest { $this->entity->$name = $md; $this->assertEqual($md, $this->entity->$name); + + if ($save) { + $this->assertTrue($this->entity->delete()); + } } } @@ -292,6 +297,10 @@ class ElggCoreEntityTest extends ElggCoreUnitTest { $this->entity->$name = $md; $this->assertEqual($md[0], $this->entity->$name); + + if ($save) { + $this->assertTrue($this->entity->delete()); + } } } @@ -307,6 +316,10 @@ class ElggCoreEntityTest extends ElggCoreUnitTest { $this->entity->setMetaData($name, 'test2', '', true); $this->assertEqual(array('test', 'test2'), $this->entity->$name); + + if ($save) { + $this->assertTrue($this->entity->delete()); + } } } @@ -322,6 +335,10 @@ class ElggCoreEntityTest extends ElggCoreUnitTest { $this->entity->setMetaData($name, array('test2'), '', true); $this->assertEqual(array('test', 'test2'), $this->entity->$name); + + if ($save) { + $this->assertTrue($this->entity->delete()); + } } } @@ -338,11 +355,14 @@ class ElggCoreEntityTest extends ElggCoreUnitTest { $this->entity->setMetaData($name, $md2, '', true); $this->assertEqual(array_merge($md, $md2), $this->entity->$name); + + if ($save) { + $this->assertTrue($this->entity->delete()); + } } } - protected function save_entity($type='site') - { + protected function save_entity($type='site') { $this->entity->type = $type; $this->assertNotEqual($this->entity->save(), 0); } diff --git a/engine/tests/objects/sites.php b/engine/tests/objects/sites.php index d0d61dcab..e5acbb3f9 100644 --- a/engine/tests/objects/sites.php +++ b/engine/tests/objects/sites.php @@ -18,7 +18,7 @@ class ElggCoreSiteTest extends ElggCoreUnitTest { * Called before each test method. */ public function setUp() { - $this->site = new ElggSiteTest; + $this->site = new ElggSiteTest(); } /** diff --git a/engine/tests/objects/users.php b/engine/tests/objects/users.php index ba93c2439..d1533c3d2 100644 --- a/engine/tests/objects/users.php +++ b/engine/tests/objects/users.php @@ -220,29 +220,6 @@ class ElggCoreUserTest extends ElggCoreUnitTest { $this->user->delete(); } - // remove in 1.9 - public function testElggUserIsAdminLegacy() { - $this->user->save(); - $this->user->makeAdmin(); - - $this->assertTrue($this->user->admin); - $this->assertTrue($this->user->siteadmin); - - $this->user->removeAdmin(); - $this->user->delete(); - } - - public function testElggUserIsNotAdminLegacy() { - $this->user->save(); - $this->user->removeAdmin(); - - $this->assertFalse($this->user->admin); - $this->assertFalse($this->user->siteadmin); - - $this->user->removeAdmin(); - $this->user->delete(); - } - protected function fetchUser($guid) { global $CONFIG; diff --git a/engine/tests/regression/trac_bugs.php b/engine/tests/regression/trac_bugs.php index 6f98c67bd..2bfc37558 100644 --- a/engine/tests/regression/trac_bugs.php +++ b/engine/tests/regression/trac_bugs.php @@ -112,4 +112,91 @@ class ElggCoreRegressionBugsTest extends ElggCoreUnitTest { $this->assertEqual($params['xoffset'], $options['x1']); $this->assertEqual($params['yoffset'], $options['y1']); } + + // #3722 Check canEdit() works for contains regardless of groups + function test_can_write_to_container() { + $user = new ElggUser(); + $user->username = 'test_user_' . rand(); + $user->name = 'test_user_name_' . rand(); + $user->email = 'test@user.net'; + $user->container_guid = 0; + $user->owner_guid = 0; + $user->save(); + + $object = new ElggObject(); + $object->save(); + + $group = new ElggGroup(); + $group->save(); + + // disable access overrides because we're admin. + $ia = elgg_set_ignore_access(false); + + $this->assertFalse(can_write_to_container($user->guid, $object->guid)); + + global $elgg_test_user; + $elgg_test_user = $user; + + // register hook to allow access + function can_write_to_container_test_hook($hook, $type, $value, $params) { + global $elgg_test_user; + + if ($params['user']->getGUID() == $elgg_test_user->getGUID()) { + return true; + } + } + + elgg_register_plugin_hook_handler('container_permissions_check', 'all', 'can_write_to_container_test_hook'); + $this->assertTrue(can_write_to_container($user->guid, $object->guid)); + elgg_unregister_plugin_hook_handler('container_permissions_check', 'all', 'can_write_to_container_test_hook'); + + $this->assertFalse(can_write_to_container($user->guid, $group->guid)); + $group->join($user); + $this->assertTrue(can_write_to_container($user->guid, $group->guid)); + + elgg_set_ignore_access($ia); + + $user->delete(); + $object->delete(); + $group->delete(); + } + + function test_db_shutdown_links() { + global $DB_DELAYED_QUERIES, $test_results; + $DB_DELAYED_QUERIES = array(); + + function test_delayed_results($results) { + global $test_results; + $test_results = $results; + } + + $q = 'SELECT 1 as test'; + + $links = array('read', 'write', get_db_link('read'), get_db_link('write')); + + foreach ($links as $link) { + $DB_DELAYED_QUERIES = array(); + + $result = execute_delayed_query($q, $link, 'test_delayed_results'); + + $this->assertTrue($result, "Failed with link = $link"); + $this->assertEqual(count($DB_DELAYED_QUERIES), 1); + $this->assertEqual($DB_DELAYED_QUERIES[0]['q'], $q); + $this->assertEqual($DB_DELAYED_QUERIES[0]['l'], $link); + $this->assertEqual($DB_DELAYED_QUERIES[0]['h'], 'test_delayed_results'); + + db_delayedexecution_shutdown_hook(); + + $num_rows = mysql_num_rows($test_results); + $this->assertEqual($num_rows, 1); + $row = mysql_fetch_assoc($test_results); + $this->assertEqual($row['test'], 1); + } + + // test bad case + $DB_DELAYED_QUERIES = array(); + $result = execute_delayed_query($q, 'not_a_link', 'test_delayed_results'); + $this->assertFalse($result); + $this->assertEqual(array(), $DB_DELAYED_QUERIES); + } } diff --git a/engine/tests/suite.php b/engine/tests/suite.php index 8f2eb41a3..4203bc5d6 100644 --- a/engine/tests/suite.php +++ b/engine/tests/suite.php @@ -9,6 +9,8 @@ require_once(dirname( __FILE__ ) . '/../start.php'); +admin_gatekeeper(); + $vendor_path = "$CONFIG->path/vendors/simpletest"; $test_path = "$CONFIG->path/engine/tests"; diff --git a/engine/tests/test_files/plugin_17/manifest.xml b/engine/tests/test_files/plugin_17/manifest.xml index bb178ab93..706734265 100644 --- a/engine/tests/test_files/plugin_17/manifest.xml +++ b/engine/tests/test_files/plugin_17/manifest.xml @@ -4,7 +4,7 @@ <field key="version" value="1.0" /> <field key="description" value="A 1.7-style manifest." /> <field key="website" value="http://www.elgg.org/" /> - <field key="copyright" value="(C) Elgg 2010" /> - <field key="license" value="GNU Public License version 2" /> + <field key="copyright" value="(C) Elgg Foundation 2011" /> + <field key="license" value="GNU General Public License version 2" /> <field key="elgg_version" value="2009030702" /> </plugin_manifest>
\ No newline at end of file diff --git a/engine/tests/test_files/plugin_18/manifest.xml b/engine/tests/test_files/plugin_18/manifest.xml index 23f0fa0bf..e0776ffc1 100644 --- a/engine/tests/test_files/plugin_18/manifest.xml +++ b/engine/tests/test_files/plugin_18/manifest.xml @@ -6,8 +6,8 @@ <blurb>A concise description.</blurb> <description>A longer, more interesting description.</description> <website>http://www.elgg.org/</website> - <copyright>(C) Elgg 2010</copyright> - <license>GNU Public License version 2</license> + <copyright>(C) Elgg Foundation 2011</copyright> + <license>GNU General Public License version 2</license> <requires> <type>elgg_version</type> @@ -34,7 +34,6 @@ <category>ServiceAPI</category> - <admin_interface>simple</admin_interface> <activate_on_install>true</activate_on_install> <requires> diff --git a/engine/tests/ui/submenu.php b/engine/tests/ui/submenu.php deleted file mode 100644 index b401620f6..000000000 --- a/engine/tests/ui/submenu.php +++ /dev/null @@ -1,103 +0,0 @@ -<?php -/** - * 1.8 submenu test. - * - * Submenu needs to be able to support being added out of order. - * Children can be added before parents. - * Children of parents never defined are never shown. - * - * Test against: - * different contexts - * different groups - * old add_submenu_item() wrapper. - * - */ - -/* - * Tests need to be ported to new menu system - * - -require_once('../../start.php'); - -$url = "engine/tests/ui/submenu.php"; - -$items = array( - array( - 'text' => 'Upper level 1', - 'href' => "$url?upper_level_1", - 'id' => 'ul1' - ), - array( - 'text' => 'CD (No link)', - 'parent_id' => 'cup', - 'id' => 'cd', - ), - array( - 'text' => 'Sub CD', - 'href' => "$url?sub_cd", - 'parent_id' => 'cd' - ), - array( - 'text' => 'Cup', - 'href' => "$url?cup", - 'id' => 'cup' - ), - array( - 'text' => 'Phone', - 'href' => "$url?phone", - 'id' => 'phone', - 'parent_id' => 'cup' - ), - array( - 'text' => 'Wallet', - 'href' => "$url?wallet", - 'id' => 'wallet', - 'parent_id' => 'phone' - ), - array( - 'text' => 'Upper level', - 'href' => "$url?upper_level", - 'id' => 'ul' - ), - array( - 'text' => 'Sub Upper level', - 'href' => "$url?sub_upper_level", - 'parent_id' => 'ul' - ), - array( - 'text' => 'Root', - 'href' => $url, - ), - - array( - 'text' => 'I am an orphan', - 'href' => 'http://google.com', - 'parent_id' => 'missing_parent' - ), - - array( - 'text' => 'JS Test', - 'href' => 'http://elgg.org', - 'vars' => array('js' => 'onclick="alert(\'Link to \' + $(this).attr(\'href\') + \'!\'); return false;"') - ) -); - -foreach ($items as $item) { - elgg_add_submenu_item($item, 'main'); -} - -add_submenu_item('Old Onclick Test', 'http://elgg.com', NULL, TRUE); -add_submenu_item('Old Selected Test', 'http://elgg.com', NULL, '', TRUE); - - -elgg_add_submenu_item(array('text' => 'Not Main Test', 'href' => "$url?not_main_test"), 'not_main', 'new_menu'); -elgg_add_submenu_item(array('text' => 'Not Main C Test', 'href' => "$url?not_main_c_test"), 'not_main', 'new_menu'); - -elgg_add_submenu_item(array('text' => 'All test', 'href' => "$url?all"), 'all'); - -//elgg_set_context('not_main'); - -$body = elgg_view_layout('one_sidebar', array('content' => 'Look right.')); -echo elgg_view_page('Submenu Test', $body); - -*/ |