Merge branch '1.8' of git://github.com/Elgg/Elgg into lorea-preprod

9 files changed, 36 insertions, 12 deletions

diff --git a/mod/embed/manifest.xml b/mod/embed/manifest.xml
index 46ab2df9e..81ca9194e 100644
--- a/mod/embed/manifest.xml
+++ b/mod/embed/manifest.xml
@@ -13,10 +13,10 @@
 		<type>elgg_release</type>
 		<version>1.8</version>
 	</requires>
-	<suggests>
+	<requires>
 		<type>plugin</type>
 		<name>file</name>
 		<version>1.8.1</version>
-	</suggests>
+	</requires>
 	<activate_on_install>true</activate_on_install>
 </plugin_manifest>
diff --git a/mod/file/pages/file/download.php b/mod/file/pages/file/download.php
index 00e6d500e..76c1f1272 100644
--- a/mod/file/pages/file/download.php
+++ b/mod/file/pages/file/download.php
@@ -26,7 +26,7 @@ $filename = $file->originalfilename;
 header("Pragma: public");
 
 header("Content-type: $mime");
-if (strpos($mime, "image/") !== false) {
+if (strpos($mime, "image/") !== false || $mime == "application/pdf") {
 	header("Content-Disposition: inline; filename=\"$filename\"");
 } else {
 	header("Content-Disposition: attachment; filename=\"$filename\"");
diff --git a/mod/groups/icon.php b/mod/groups/icon.php
index 104da4b41..f86f84fa5 100644
--- a/mod/groups/icon.php
+++ b/mod/groups/icon.php
@@ -35,7 +35,7 @@ if ($filehandler->open("read")) {
 }
 
 if (!$success) {
-	$location = elgg_get_plugins_path() . "groups/graphics/default{$size}.jpg";
+	$location = elgg_get_plugins_path() . "groups/graphics/default{$size}.gif";
 	$contents = @file_get_contents($location);
 }
 
diff --git a/mod/pages/actions/pages/delete.php b/mod/pages/actions/pages/delete.php
index dfa0de98d..7a314a280 100644
--- a/mod/pages/actions/pages/delete.php
+++ b/mod/pages/actions/pages/delete.php
@@ -9,8 +9,9 @@
 
 $guid = get_input('guid');
 $page = get_entity($guid);
-if ($page) {
-	if ($page->canEdit()) {
+if (elgg_instanceof($page, 'object', 'page') || elgg_instanceof($page, 'object', 'page_top')) {
+	// only allow owners and admin to delete
+	if (elgg_is_admin_logged_in() || elgg_get_logged_in_user_guid() == $page->getOwnerGuid()) {
 		$container = get_entity($page->container_guid);
 
 		// Bring all child elements forward
diff --git a/mod/pages/actions/pages/edit.php b/mod/pages/actions/pages/edit.php
index 6950d4b2f..a32e4a4ba 100644
--- a/mod/pages/actions/pages/edit.php
+++ b/mod/pages/actions/pages/edit.php
@@ -47,7 +47,19 @@ if ($page_guid) {
 }
 
 if (sizeof($input) > 0) {
+	// don't change access if not an owner/admin
+	$user = elgg_get_logged_in_user_entity();
+	$can_change_access = true;
+
+	if ($user && $page) {
+		$can_change_access = $user->isAdmin() || $user->getGUID() == $page->owner_guid;
+	}
+	
 	foreach ($input as $name => $value) {
+		if (($name == 'access_id' || $name == 'write_access_id') && !$can_change_access) {
+			continue;
+		}
+
 		$page->$name = $value;
 	}
 }
@@ -74,6 +86,6 @@ if ($page->save()) {
 
 	forward($page->getURL());
 } else {
-	register_error(elgg_echo('pages:error:no_save'));
+	register_error(elgg_echo('pages:error:notsaved'));
 	forward(REFERER);
 }
diff --git a/mod/pages/lib/pages.php b/mod/pages/lib/pages.php
index 5c5323d6f..dbf7b8917 100644
--- a/mod/pages/lib/pages.php
+++ b/mod/pages/lib/pages.php
@@ -111,4 +111,4 @@ function pages_register_navigation_tree($container) {
 			}
 		}
 	}
-}
+}
\ No newline at end of file
diff --git a/mod/pages/pages/pages/view.php b/mod/pages/pages/pages/view.php
index 5dfb76b55..81477a8d4 100644
--- a/mod/pages/pages/pages/view.php
+++ b/mod/pages/pages/pages/view.php
@@ -32,7 +32,7 @@ elgg_push_breadcrumb($title);
 $content = elgg_view_entity($page, array('full_view' => true));
 $content .= elgg_view_comments($page);
 
-if (elgg_get_logged_in_user_guid() == $page->getOwnerGuid()) {
+if (elgg_is_admin_logged_in() || elgg_get_logged_in_user_guid() == $page->getOwnerGuid()) {
 	$url = "pages/add/$page->guid";
 	elgg_register_menu_item('title', array(
 			'name' => 'subpage',
diff --git a/mod/pages/views/default/forms/pages/edit.php b/mod/pages/views/default/forms/pages/edit.php
index 20737a121..9469f5eb9 100644
--- a/mod/pages/views/default/forms/pages/edit.php
+++ b/mod/pages/views/default/forms/pages/edit.php
@@ -6,7 +6,18 @@
  */
 
 $variables = elgg_get_config('pages');
+$user = elgg_get_logged_in_user_entity();
+$entity = elgg_extract('entity', $vars);
+$can_change_access = true;
+if ($user && $entity) {
+	$can_change_access = ($user->isAdmin() || $user->getGUID() == $entity->owner_guid);
+}
+
 foreach ($variables as $name => $type) {
+	// don't show read / write access inputs for non-owners or admin when editing
+	if (($type == 'access' || $type == 'write_access') && !$can_change_access) {
+		continue;
+	}
 ?>
 <div>
 	<label><?php echo elgg_echo("pages:$name") ?></label>
@@ -14,8 +25,8 @@ foreach ($variables as $name => $type) {
 		if ($type != 'longtext') {
 			echo '<br />';
 		}
-	?>
-	<?php echo elgg_view("input/$type", array(
+
+		echo elgg_view("input/$type", array(
 			'name' => $name,
 			'value' => $vars[$name],
 		));
diff --git a/mod/twitter_api/lib/twitter_api.php b/mod/twitter_api/lib/twitter_api.php
index 355123992..fbce00d34 100644
--- a/mod/twitter_api/lib/twitter_api.php
+++ b/mod/twitter_api/lib/twitter_api.php
@@ -109,7 +109,7 @@ function twitter_api_login() {
 			$user = twitter_api_create_user($twitter);
 			$site_name = elgg_get_site_entity()->name;
 			system_message(elgg_echo('twitter_api:login:email', array($site_name)));
-			$forward = "twitter_api/intersitial";
+			$forward = "twitter_api/interstitial";
 		}
 
 		// set twitter services tokens