Merged 5530:5604 from 1.7 to trunk.

git-svn-id: http://code.elgg.org/elgg/trunk@5622 36083f99-b078-4883-b0ff-0f9b5a30f544

3 files changed, 36 insertions, 126 deletions

diff --git a/mod/profile/actions/edit.php b/mod/profile/actions/edit.php
index 4afe4cd47..207559334 100644
--- a/mod/profile/actions/edit.php
+++ b/mod/profile/actions/edit.php
@@ -33,10 +33,17 @@ foreach($CONFIG->profile as $shortname => $valuetype) {
 	// the decoding is a stop gag to prevent && showing up in profile fields
 	// because it is escaped on both input (get_input()) and output (view:output/text). see #561 and #1405.
 	// must decode in utf8 or string corruption occurs. see #1567.
-	$value = html_entity_decode(get_input($shortname), ENT_COMPAT, 'UTF-8');
+	$value = get_input($shortname);
+	if (is_array($value)) {
+		foreach ($value as $k => $v) {
+			$value[$k] = html_entity_decode($v, ENT_COMPAT, 'UTF-8');
+		}
+	} else {
+		$value = html_entity_decode($value, ENT_COMPAT, 'UTF-8');
+	}
 
 	// limit to reasonable sizes.
-	if ($valuetype != 'longtext' && elgg_strlen($value) > 250) {
+	if (!is_array($value) && $valuetype != 'longtext' && elgg_strlen($value) > 250) {
 		$error = sprintf(elgg_echo('profile:field_too_long'), elgg_echo("profile:{$shortname}"));
 		register_error($error);
 		forward($_SERVER['HTTP_REFERER']);
diff --git a/mod/profile/icondirect.php b/mod/profile/icondirect.php
index a9aed2eea..353ce389c 100644
--- a/mod/profile/icondirect.php
+++ b/mod/profile/icondirect.php
@@ -1,125 +1,28 @@
 <?php
-/**
- * Elgg profile icon
- * 
- * @package ElggProfile
- * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
- * @author Curverider Ltd <info@elgg.com>
- * @copyright Curverider Ltd 2008-2010
- * @link http://elgg.com/
-*/
 
-require_once(dirname(dirname(dirname(__FILE__))). '/engine/settings.php');
+	/**
+	 * Elgg profile icon cache/bypass
+	 * 
+	 * @package ElggProfile
+	 * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
+	 * @author Curverider Ltd <info@elgg.com>
+	 * @copyright Curverider Ltd 2008-2010
+	 * @link http://elgg.com/
+	 */
 
-/**
- * UTF safe str_split.
- * This is only used here since we don't have access to the file store code.
- * TODO: This is a horrible hack, so clean this up!
- */
-function __id_mb_str_split($string, $charset = 'UTF8'){
-	if (is_callable('mb_substr')){
-		$length = mb_strlen($string);
-		$array = array();
-				
-		while ($length){
-			$array[] = mb_substr($string, 0, 1, $charset);
-			$string = mb_substr($string, 1, $length, $charset);
-			$length = mb_strlen($string);
-		}
-		
-		return $array;
-	} else {
-		return str_split($string);
-	}
-			
-	return FALSE;
-}
-		
-global $CONFIG;
-$contents = '';
-		
-if ($mysql_dblink = @mysql_connect($CONFIG->dbhost,$CONFIG->dbuser,$CONFIG->dbpass, true)) {
-	$username = $_GET['username'];
-	//$username = preg_replace('/[^A-Za-z0-9\_\-]/i','',$username);
-	$blacklist = '/[' .
-	'\x{0080}-\x{009f}' . # iso-8859-1 control chars
-	'\x{00a0}' .          # non-breaking space
-	'\x{2000}-\x{200f}' . # various whitespace
-	'\x{2028}-\x{202f}' . # breaks and control chars
-	'\x{3000}' .          # ideographic space
-	'\x{e000}-\x{f8ff}' . # private use
-	']/u';
-	if (
-		preg_match($blacklist, $username) ||	
-		(strpos($username, '/')!==false) ||
-		(strpos($username, '\\')!==false) ||
-		(strpos($username, '"')!==false) ||
-		(strpos($username, '\'')!==false) ||
-		(strpos($username, '*')!==false) ||
-		(strpos($username, '&')!==false) ||
-		(strpos($username, ' ')!==false)
-	) exit;
-			
-	$userarray = __id_mb_str_split($username);
-				
-	$matrix = '';
-	$length = 5;
-	if (sizeof($userarray) < $length) $length = sizeof($userarray);
-	for ($n = 0; $n < $length; $n++) {
-		$matrix .= $userarray[$n] . "/";
-	}	
-		
-	// Get the size
-	$size = strtolower($_GET['size']);
-	if (!in_array($size,array('large','medium','small','tiny','master','topbar')))
-		$size = "medium";
-			
-	// Try and get the icon
-	if (@mysql_select_db($CONFIG->dbname,$mysql_dblink)) {
-		// get dataroot and simplecache_enabled in one select for efficiency
-		if ($result = mysql_query("select name, value from {$CONFIG->dbprefix}datalists where name in ('dataroot','simplecache_enabled')",$mysql_dblink)) {
-			$simplecache_enabled = true;
-			$row = mysql_fetch_object($result);
-			while ($row) {
-				if ($row->name == 'dataroot') {
-					$dataroot = $row->value;
-				} else if ($row->name == 'simplecache_enabled') {
-					$simplecache_enabled = $row->value;
-				}
-				$row = mysql_fetch_object($result);
-			}
-		}
-	}
-}
-	//@todo forcing through the framework to ensure the matrix
-	// is created the same way.
-	//if ($simplecache_enabled) {
-	if (false) {
-		$filename = $dataroot . $matrix . "{$username}/profile/" . $username . $size . ".jpg";
-		$contents = @file_get_contents($filename);
-		if (empty($contents)) {			
-			global $viewinput;
-			$viewinput['view'] = 'icon/user/default/'.$size;
-			ob_start();
-			include(dirname(dirname(dirname(__FILE__))).'/simplecache/view.php');
-			$loc = ob_get_clean();
-			header('Location: ' . $loc);
-			exit;
-			//$contents = @file_get_contents(dirname(__FILE__) . "/graphics/default{$size}.jpg");
-		}	else {		
-			header("Content-type: image/jpeg");
-			header('Expires: ' . date('r',time() + 864000));
-			header("Pragma: public");
-			header("Cache-Control: public");
-			header("Content-Length: " . strlen($contents));
-			$splitString = str_split($contents, 1024);
-			foreach($splitString as $chunk)
-				echo $chunk;
-		}
-	} else {
-			mysql_close($mysql_dblink);
-			require_once(dirname(dirname(dirname(__FILE__))) . "/engine/start.php");
-			set_input('username',$username);
-			set_input('size',$size);
-			require_once(dirname(__FILE__).'/icon.php');
-	}
\ No newline at end of file
+	// This should provide faster access to profile icons by not loading the
+	// engine but directly grabbing the file from the user's profile directory.
+	// The speedup was broken in Elgg 1.7 because of a change in directory structure.
+	// The link to this script is provided in profile_usericon_hook(). To work
+	// in 1.7 forward, the link has to be updated to provide more information.
+	// The profile icon filename should also be changed to not use username.
+
+	// To see previous code, see svn history.
+
+	// At the moment, this does not serve much of a purpose other than provide
+	// continuity. It currently just includes icon.php which uses the engine.
+
+	// see #1989 and #2035
+
+	require_once(dirname(dirname(dirname(__FILE__))) . "/engine/start.php");
+	require_once(dirname(__FILE__).'/icon.php');
diff --git a/mod/profile/views/default/profile/menu/adminlinks.php b/mod/profile/views/default/profile/menu/adminlinks.php
index a88f96816..d2a36397d 100644
--- a/mod/profile/views/default/profile/menu/adminlinks.php
+++ b/mod/profile/views/default/profile/menu/adminlinks.php
@@ -23,10 +23,10 @@ if (isadminloggedin()){
 			}
 			echo elgg_view('output/confirmlink', array('text' => elgg_echo("delete"), 'href' => "{$vars['url']}action/admin/user/delete?guid={$vars['entity']->guid}"));
 			echo elgg_view('output/confirmlink', array('text' => elgg_echo("resetpassword"), 'href' => "{$vars['url']}action/admin/user/resetpassword?guid={$vars['entity']->guid}"));
-			if (!$vars['entity']->admin) { 
+			if (!$vars['entity']->isAdmin()) { 
 				echo elgg_view('output/confirmlink', array('text' => elgg_echo("makeadmin"), 'href' => "{$vars['url']}action/admin/user/makeadmin?guid={$vars['entity']->guid}"));
 			} else {
 				echo elgg_view('output/confirmlink', array('text' => elgg_echo("removeadmin"), 'href' => "{$vars['url']}action/admin/user/removeadmin?guid={$vars['entity']->guid}"));
 			}
 		}
-	}
\ No newline at end of file
+	}