diff options
author | cash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2010-08-31 00:24:09 +0000 |
---|---|---|
committer | cash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2010-08-31 00:24:09 +0000 |
commit | 2f376bfc5fa1e6c7f52a1eb0079409f27ed9b0cd (patch) | |
tree | cc8ee6cfafa0e54325591af933d1c16321d33e73 /mod | |
parent | 6bb6cb7ef6c30f01c5f9e5a75f383eb9d19184ae (diff) | |
download | elgg-2f376bfc5fa1e6c7f52a1eb0079409f27ed9b0cd.tar.gz elgg-2f376bfc5fa1e6c7f52a1eb0079409f27ed9b0cd.tar.bz2 |
Refs #2434 - made the profile plugin more robust to bad urls and did a little code standardization
git-svn-id: http://code.elgg.org/elgg/trunk@6885 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'mod')
-rw-r--r-- | mod/profile/start.php | 12 | ||||
-rwxr-xr-x | mod/profile/views/default/profile/profile_navigation.php | 14 | ||||
-rwxr-xr-x | mod/profile/views/default/profile/profile_ownerblock.php | 49 |
3 files changed, 43 insertions, 32 deletions
diff --git a/mod/profile/start.php b/mod/profile/start.php index adac92aef..80f923cb3 100644 --- a/mod/profile/start.php +++ b/mod/profile/start.php @@ -121,18 +121,18 @@ function profile_fields_setup() { function profile_page_handler($page) { global $CONFIG; - $username = $action = NULL; + $action = NULL; // short circuit if invalid or banned username if (isset($page[0])) { $username = $page[0]; $user = get_user_by_username($username); + set_input('username', $page[0]); + } - if (!$user || ($user->isBanned() && !isadminloggedin())) { - return elgg_echo('profile:notfound'); - } else { - set_input('username', $page[0]); - } + if (!$user || ($user->isBanned() && !isadminloggedin())) { + register_error(elgg_echo('profile:notfound')); + forward(); } if (isset($page[1])) { diff --git a/mod/profile/views/default/profile/profile_navigation.php b/mod/profile/views/default/profile/profile_navigation.php index 5a7283a9c..6750b9c67 100755 --- a/mod/profile/views/default/profile/profile_navigation.php +++ b/mod/profile/views/default/profile/profile_navigation.php @@ -5,13 +5,19 @@ if (isset($vars['section'])) { $section = $vars['section']; } -$profile = $vars['entity']; +$user = $vars['entity']; +if (!$user) { + // no user so no profile + return TRUE; +} + + $activity = ''; $friends = ''; $extend = ''; $twitter = ''; -$url = "{$profile->getURL()}/"; +$url = "{$user->getURL()}/"; //select section switch($section){ @@ -39,7 +45,7 @@ switch($section){ } ?> <div class="elgg_horizontal_tabbed_nav profile"> -<div class="profile_name"><h2><?php echo $profile->name; ?></h2></div> +<div class="profile_name"><h2><?php echo $user->name; ?></h2></div> <ul> <li <?php echo $activity; ?>><a href="<?php echo $url; ?>"><?php echo elgg_echo('activity'); ?></a></li> <li <?php echo $details; ?>><a href="<?php echo $url . 'details'; ?>"><?php echo elgg_echo('Details'); ?></a></li> @@ -55,7 +61,7 @@ switch($section){ } //insert a view which others can extend - echo elgg_view('profilenav/extend', array('profile' => $profile)); + echo elgg_view('profile_navigation/extend', array('entity' => $user)); ?> </ul> </div>
\ No newline at end of file diff --git a/mod/profile/views/default/profile/profile_ownerblock.php b/mod/profile/views/default/profile/profile_ownerblock.php index ee39c197d..c36e22076 100755 --- a/mod/profile/views/default/profile/profile_ownerblock.php +++ b/mod/profile/views/default/profile/profile_ownerblock.php @@ -4,23 +4,29 @@ * A simple owner block which houses info about the user whose 'stuff' you are looking at */ -//get the page owner -if($vars['entity']){ - if($vars['context'] == 'edit') +// get the user who owns this profile +if ($vars['entity']) { + if ($vars['context'] == 'edit') { $user = get_entity($vars['entity']->container_guid); - else + } else { $user = get_entity($vars['entity']->guid); -}else{ + } +} else { $user = page_owner_entity(); + if (!$user) { + // no user so we quit + return TRUE; + } } + $more_info = ''; -//set some variables + $location = elgg_view("output/tags",array('value' => $user->location)); $section = $vars['section']; -if($section == 'details'){ +if ($section == 'details') { $icon = elgg_view("profile/icon",array('entity' => $user, 'size' => 'large', 'override' => 'true')); $icon_class = "large"; -}else{ +} else { $icon = elgg_view("profile/icon",array('entity' => $user, 'size' => 'small')); $more_info = "<div class='owner_block_contents clearfloat'>"; $more_info .= "<h3><a href='{$url}'>{$user->name}</a></h3>"; @@ -29,26 +35,27 @@ if($section == 'details'){ $more_info .= "</div>"; } $profile_actions = ""; -if(isloggedin() && (get_loggedin_user()->getGuid() == page_owner())){ +if (isloggedin() && (get_loggedin_user()->getGuid() == page_owner())) { $profile_actions = "<div class='clearfloat profile_actions'>"; $profile_actions .= "<a href='{$vars['url']}pg/profile/{$user->username}/edit/details' class='action_button'>". elgg_echo('profile:edit') ."</a>"; $profile_actions .= "<a href='{$vars['url']}pg/profile/{$user->username}/edit/icon' class='action_button'>". elgg_echo('profile:editicon') ."</a>"; $profile_actions .= "</div>"; -}else{ +} else { $profile_actions = "<div class='profile_actions'>"; if (isloggedin()) { - if ($_SESSION['user']->getGUID() != $user->getGUID()) { - $ts = time(); - $token = generate_action_token($ts); - + if (get_loggedin_userid() != $user->getGUID()) { if ($user->isFriend()) { - $profile_actions .= "<a href=\"{$vars['url']}action/friends/remove?friend={$user->getGUID()}&__elgg_token=$token&__elgg_ts=$ts\" class='action_button'>" . elgg_echo('friend:remove') . "</a>"; + $url = "{$vars['url']}action/friends/remove?friend={$user->getGUID()}"; + $url = elgg_add_action_tokens_to_url($url); + $profile_actions .= "<a href=\"$url\" class='action_button'>" . elgg_echo('friend:remove') . "</a>"; } else { - $profile_actions .= "<a href=\"{$vars['url']}action/friends/add?friend={$user->getGUID()}&__elgg_token=$token&__elgg_ts=$ts\" class='action_button'>" . elgg_echo('friend:add') . "</a>"; + $url = "{$vars['url']}action/friends/add?friend={$user->getGUID()}"; + $url = elgg_add_action_tokens_to_url($url); + $profile_actions .= "<a href=\"$url\" class='action_button'>" . elgg_echo('friend:add') . "</a>"; } } } - if(is_plugin_enabled('messages') && isloggedin()){ + if (is_plugin_enabled('messages') && isloggedin()) { $profile_actions .= "<a href=\"{$vars['url']}mod/messages/send.php?send_to={$user->guid}\" class='action_button'>". elgg_echo('messages:send') ."</a>"; } $profile_actions .= "</div>"; @@ -57,14 +64,12 @@ if(isloggedin() && (get_loggedin_user()->getGuid() == page_owner())){ $username = $user->username; $email = $user->email; $phone = $user->phone; - -//get correct links -$url = $vars['url']; + //if admin display admin links -if(isadminloggedin()){ +if (isadminloggedin()) { $admin_links = elgg_view('profile/admin_menu'); -}else{ +} else { $admin_links = ''; } |