aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--CHANGES.txt31
-rw-r--r--actions/admin/user/makeadmin.php7
-rw-r--r--actions/admin/user/removeadmin.php7
-rw-r--r--actions/register.php4
-rw-r--r--actions/useradd.php7
-rw-r--r--engine/lib/actions.php4
-rw-r--r--engine/lib/annotations.php292
-rw-r--r--engine/lib/database.php3
-rw-r--r--engine/lib/elgglib.php74
-rw-r--r--engine/lib/entities.php2
-rw-r--r--engine/lib/group.php1
-rw-r--r--engine/lib/metadata.php133
-rw-r--r--engine/lib/notification.php18
-rw-r--r--engine/lib/river2.php4
-rw-r--r--engine/lib/sessions.php83
-rw-r--r--engine/lib/upgrades/2010033101.php65
-rw-r--r--engine/lib/upgrades/2010040201.php40
-rw-r--r--engine/lib/users.php153
-rw-r--r--engine/lib/widgets.php22
-rw-r--r--engine/schema/upgrades/2009100701.sql29
-rw-r--r--engine/tests/api/entity_getter_functions.php311
-rw-r--r--engine/tests/objects/users.php131
-rw-r--r--languages/en.php2
-rw-r--r--mod/bookmarks/index.php3
-rw-r--r--mod/bookmarks/start.php2
-rw-r--r--mod/bookmarks/views/default/widgets/bookmarks/edit.php21
-rw-r--r--mod/file/index.php5
-rw-r--r--mod/file/start.php5
-rw-r--r--mod/file/views/default/widgets/filerepo/edit.php35
-rw-r--r--mod/file/views/default/widgets/filerepo/view.php5
-rw-r--r--mod/groups/discussions.php5
-rw-r--r--mod/pages/index.php3
-rw-r--r--mod/pages/views/default/widgets/pages/edit.php24
-rw-r--r--mod/pages/views/default/widgets/pages/view.php12
-rw-r--r--mod/profile/actions/edit.php11
-rw-r--r--mod/profile/icondirect.php147
-rw-r--r--mod/profile/views/default/profile/menu/adminlinks.php4
-rw-r--r--mod/search/index.php7
-rw-r--r--mod/thewire/actions/add.php102
-rw-r--r--mod/thewire/everyone.php4
-rw-r--r--mod/thewire/languages/en.php5
-rw-r--r--mod/thewire/start.php6
-rw-r--r--mod/thewire/views/default/thewire/activity_view.php48
-rw-r--r--mod/thewire/views/default/thewire/css.php1
-rw-r--r--mod/thewire/views/default/widgets/thewire/edit.php30
-rw-r--r--mod/thewire/views/default/widgets/thewire/view.php40
-rw-r--r--mod/thewire/views/rss/search/object/thewire/entity.php28
-rw-r--r--version.php2
-rw-r--r--views/default/account/forms/register.php2
-rw-r--r--views/default/account/forms/useradd.php2
-rw-r--r--views/default/output/friendlytime.php54
-rw-r--r--views/default/output/friendlytitle.php18
-rw-r--r--views/default/output/url.php16
-rw-r--r--views/default/page_elements/elgg_topbar.php4
54 files changed, 1268 insertions, 806 deletions
diff --git a/CHANGES.txt b/CHANGES.txt
index ed844f018..8a4288035 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -15,6 +15,37 @@ Version 1.8.0
elgg_clear_sticky_form(), elgg_is_sticky_form(), and elgg_get_sticky_value().
+Version 1.7.1
+(??? from http://code.elgg.org/elgg/branches/1.7)
+
+ UI changes:
+ * (Unused) tags field removed from external pages.
+ * Languages fixes in groups.
+ * Installation checks database settings before writing settings.php.
+ * Made the widgets more consistent in their UI
+
+ Bugfixes:
+ * Pagination fixed.
+ * Profile icons fixed for CGI users who were seeing incorrect avatars.
+ * Tag search works in groups and members.
+ * Tag clouds correctly link to tag search.
+ * RSS views added to search.
+ * Wrapper function for get_entities() correctly rewrites container_guid to
+ owner_guid.
+ * output/url correctly appends http:// again.
+
+ API changes:
+ * Moved admin flag to users_entity table and added ElggUser->isAdmin(),
+ ->makeAdmin(), and ->removeAdmin() to replace the metadata.
+ * Plugin hook for reported content includes the report object.
+ * UTF8 upgrade checks server defaults before running to avoid
+ corrupted strings.
+ * Tags lib updated to elgg_get_*() interface.
+ * Can get entities based upon annotation/metadata owner_guid.
+ * Moved friendly time and friendly title into overridable views.
+ * Added unregister_notification_handler()
+ * Added remove_widget_type()
+
Version 1.7.0
(March 2, 2010 from http://code.elgg.org/elgg/trunk/)
diff --git a/actions/admin/user/makeadmin.php b/actions/admin/user/makeadmin.php
index 580e7df05..dc5c508fb 100644
--- a/actions/admin/user/makeadmin.php
+++ b/actions/admin/user/makeadmin.php
@@ -15,11 +15,10 @@ admin_gatekeeper();
// Get the user
$guid = get_input('guid');
-$obj = get_entity($guid);
+$user = get_entity($guid);
-if (($obj instanceof ElggUser) && ($obj->canEdit())) {
- $obj->admin = 'yes';
- if ($obj->admin) {
+if (($user instanceof ElggUser) && ($user->canEdit())) {
+ if ($user->makeAdmin()) {
system_message(elgg_echo('admin:user:makeadmin:yes'));
} else {
register_error(elgg_echo('admin:user:makeadmin:no'));
diff --git a/actions/admin/user/removeadmin.php b/actions/admin/user/removeadmin.php
index 445596331..b5872e592 100644
--- a/actions/admin/user/removeadmin.php
+++ b/actions/admin/user/removeadmin.php
@@ -15,11 +15,10 @@ admin_gatekeeper();
// Get the user
$guid = get_input('guid');
-$obj = get_entity($guid);
+$user = get_entity($guid);
-if (($obj instanceof ElggUser) && ($obj->canEdit())) {
- $obj->admin = '';
- if (!$obj->admin) {
+if (($user instanceof ElggUser) && ($user->canEdit())) {
+ if ($user->removeAdmin()) {
system_message(elgg_echo('admin:user:removeadmin:yes'));
} else {
register_error(elgg_echo('admin:user:removeadmin:no'));
diff --git a/actions/register.php b/actions/register.php
index c515d27ee..efbc3def3 100644
--- a/actions/register.php
+++ b/actions/register.php
@@ -33,7 +33,7 @@ if (!$CONFIG->disable_registration) {
if (($guid) && ($admin)) {
// Only admins can make someone an admin
admin_gatekeeper();
- $new_user->admin = 'yes';
+ $new_user->makeAdmin();
}
// Send user validation request on register only
@@ -42,7 +42,7 @@ if (!$CONFIG->disable_registration) {
request_user_validation($guid);
}
- if (!$new_user->admin) {
+ if (!$new_user->isAdmin()) {
// Now disable if not an admin
// Don't do a recursive disable. Any entities owned by the user at this point
// are products of plugins that hook into create user and might need
diff --git a/actions/useradd.php b/actions/useradd.php
index 71fc3cd63..e92845cbb 100644
--- a/actions/useradd.php
+++ b/actions/useradd.php
@@ -25,15 +25,15 @@ if (is_array($admin)) {
// For now, just try and register the user
try {
- $guid = register_user($username, $password, $name, $email, true);
+ $guid = register_user($username, $password, $name, $email, TRUE);
if (((trim($password) != "") && (strcmp($password, $password2)==0)) && ($guid)) {
$new_user = get_entity($guid);
if (($guid) && ($admin)) {
- $new_user->admin = 'yes';
+ $new_user->makeAdmin();
}
- $new_user->admin_created = true;
+ $new_user->admin_created = TRUE;
$new_user->created_by_guid = get_loggedin_userid();
set_user_validation_status($new_user->getGUID(), TRUE, 'admin_created');
@@ -48,4 +48,3 @@ try {
}
forward($_SERVER['HTTP_REFERER']);
-exit;
diff --git a/engine/lib/actions.php b/engine/lib/actions.php
index 25ef411f6..7e8e43f40 100644
--- a/engine/lib/actions.php
+++ b/engine/lib/actions.php
@@ -30,11 +30,13 @@ function action($action, $forwarder = "") {
// Installation cannot use tokens because it requires site secret to be
// working. (#1462)
// Login and logout are for convenience.
+ // file/download (see #2010)
$exceptions = array(
'systemsettings/install',
'admin/plugins/disable',
'logout',
- 'login'
+ 'login',
+ 'file/download',
);
if (!in_array($action, $exceptions)) {
diff --git a/engine/lib/annotations.php b/engine/lib/annotations.php
index c545682d5..6fdb69dc0 100644
--- a/engine/lib/annotations.php
+++ b/engine/lib/annotations.php
@@ -409,274 +409,62 @@ $value = "", $owner_guid = 0, $limit = 10, $offset = 0, $order_by = "asc", $time
/**
+ * Returns entities based upon annotations. Accepts the same values as
+ * elgg_get_entities_from_metadata() but uses the annotations table.
*
- * @todo Add support for arrays of names and values
+ * @see elgg_get_entities
+ * @see elgg_get_entities_from_metadata
+ * @param array $options Array in format:
*
- * @param $options
- * @return unknown_type
+ * annotation_names => NULL|ARR annotations names
+ *
+ * annotation_values => NULL|ARR annotations values
+ *
+ * annotation_name_value_pairs => NULL|ARR (name = 'name', value => 'value', 'operand' => '=', 'case_sensitive' => TRUE) entries.
+ * Currently if multiple values are sent via an array (value => array('value1', 'value2') the pair's operand will be forced to "IN".
+ *
+ * annotation_name_value_pairs_operator => NULL|STR The operator to use for combining (name = value) OPERATOR (name = value); default AND
+ *
+ * annotation_case_sensitive => BOOL Overall Case sensitive
+ *
+ * order_by_annotation => NULL|ARR (array('name' => 'annotation_text1', 'direction' => ASC|DESC, 'as' => text|integer),
+ * Also supports array('name' => 'annotation_text1')
+ *
+ * annotation_owner_guids => NULL|ARR guids for annotaiton owners
+ *
+ * @return array
*/
function elgg_get_entities_from_annotations(array $options = array()) {
$defaults = array(
- 'annotation_names' => NULL,
- 'annotation_name' => NULL,
- 'annotation_values' => NULL,
- 'annotation_value' => NULL,
- 'annotation_name_value_pair' => NULL,
- 'annotation_name_value_pairs' => NULL,
- 'annotation_name_value_pairs_operator' => 'AND',
- 'annotation_case_sensitive' => TRUE,
- 'order_by' => 'maxtime desc',
- 'group_by' => 'a.entity_guid'
- );
-
- $options = array_merge($defaults, $options);
-
- $singulars = array('annotation_name', 'annotation_value', 'annotation_name_value_pair');
- $options = elgg_normalise_plural_options_array($options, $singulars);
-
- $clauses = elgg_get_entity_annotation_where_sql('e', $options['annotation_names'], $options['annotation_values'],
- $options['annotation_name_value_pairs'], $options['annotation_name_value_pairs_operator'], $options['annotation_case_sensitive']);
-
- if ($clauses) {
- // merge wheres to pass to get_entities()
- if (isset($options['wheres']) && !is_array($options['wheres'])) {
- $options['wheres'] = array($options['wheres']);
- } elseif (!isset($options['wheres'])) {
- $options['wheres'] = array();
- }
-
- $options['wheres'] = array_merge($options['wheres'], $clauses['wheres']);
-
- // merge joins to pass to get_entities()
- if (isset($options['joins']) && !is_array($options['joins'])) {
- $options['joins'] = array($options['joins']);
- } elseif (!isset($options['joins'])) {
- $options['joins'] = array();
- }
-
- $options['joins'] = array_merge($options['joins'], $clauses['joins']);
-
- // merge selects to pass to get_entities()
- if (isset($options['selects']) && !is_array($options['selects'])) {
- $options['selects'] = array($options['selects']);
- } elseif (!isset($options['selects'])) {
- $options['selects'] = array();
- }
-
- $options['selects'] = array_merge($options['selects'], $clauses['selects']);
-
- /* @todo overwrites the current order and group bys
- if ($clauses['order_by']) {
- $options['order_by'] = $clauses['order_by'];
- }
- if ($clauses['group_by']) {
- $options['group_by'] = $clauses['group_by'];
- }
- */
- }
-
- return elgg_get_entities($options);
-}
+ 'annotation_names' => ELGG_ENTITIES_ANY_VALUE,
+ 'annotation_values' => ELGG_ENTITIES_ANY_VALUE,
+ 'annotation_name_value_pairs' => ELGG_ENTITIES_ANY_VALUE,
-/**
- * Returns annotation name and value SQL where for entities.
- * nb: $names and $values are not paired. Use $pairs for this.
- * Pairs default to '=' operand.
- *
- * @param $prefix
- * @param ARR|NULL $names
- * @param ARR|NULL $values
- * @param ARR|NULL $pairs array of names / values / operands
- * @param AND|OR $pair_operator Operator to use to join the where clauses for pairs
- * @param BOOL $case_sensitive
- * @return FALSE|array False on fail, array('joins', 'wheres')
- */
-function elgg_get_entity_annotation_where_sql($table, $names = NULL, $values = NULL, $pairs = NULL, $pair_operator = 'AND', $case_sensitive = TRUE) {
- global $CONFIG;
-
- // short circuit if nothing requested
- // 0 is a valid (if not ill-conceived) annotation name.
- // 0 is also a valid annotation value for FALSE, NULL, or 0
- if ((!$names && $names !== 0)
- && (!$values && $values !== 0)
- && (!$pairs && $pairs !== 0)) {
- return '';
- }
+ 'annotation_name_value_pairs_operator' => 'AND',
+ 'annotation_case_sensitive' => TRUE,
+ 'order_by_annotation' => array(),
- // binary forces byte-to-byte comparision of strings, making
- // it case- and diacritical-mark- sensitive.
- // only supported on values.
- $binary = ($case_sensitive) ? ' BINARY ' : '';
+ 'annotation_owner_guids' => ELGG_ENTITIES_ANY_VALUE,
- $access = get_access_sql_suffix('a');
-
- $return = array (
- 'joins' => array (),
- 'wheres' => array(),
- 'selects' => array()
+ 'order_by' => 'maxtime desc',
+ 'group_by' => 'a.entity_guid'
);
- $wheres = array();
-
- // get names wheres and joins
- $names_where = '';
- if ($names !== NULL) {
- $return['joins'][] = "JOIN {$CONFIG->dbprefix}annotations a on {$table}.guid = a.entity_guid";
- if (!is_array($names)) {
- $names = array($names);
- }
-
- $sanitised_names = array();
- foreach ($names as $name) {
- // normalise to 0.
- if (!$name) {
- $name = '0';
- }
- $sanitised_names[] = "'$name'";
- }
-
- if ($names_str = implode(',', $sanitised_names)) {
- $return['joins'][] = "JOIN {$CONFIG->dbprefix}metastrings msn on a.name_id = msn.id";
- $names_where = "(msn.string IN ($names_str))";
- }
- }
-
- // get values wheres and joins
- $values_where = '';
- if ($values !== NULL) {
- $return['joins'][] = "JOIN {$CONFIG->dbprefix}annotations a on {$table}.guid = a.entity_guid";
-
- if (!is_array($values)) {
- $values = array($values);
- }
-
- $sanitised_values = array();
- foreach ($values as $value) {
- // normalize to 0
- if (!$value) {
- $value = 0;
- }
- $sanitised_values[] = "'$value'";
- }
-
- if ($values_str = implode(',', $sanitised_values)) {
- $return['joins'][] = "JOIN {$CONFIG->dbprefix}metastrings msv on a.value_id = msv.id";
- $values_where = "({$binary}msv.string IN ($values_str))";
- }
- }
-
- if ($names_where && $values_where) {
- $wheres[] = "($names_where AND $values_where AND $access)";
- } elseif ($names_where) {
- $wheres[] = "($names_where AND $access)";
- } elseif ($values_where) {
- $wheres[] = "($values_where AND $access)";
- }
-
- // add pairs
- // pairs must be in arrays.
- if (is_array($pairs)) {
- $array = array(
- 'name' => 'test',
- 'value' => 5
- );
-
- $array = array('test' => 5);
-
- // check if this is an array of pairs or just a single pair.
- if (isset($pairs['name']) || isset($pairs['value'])) {
- $pairs = array($pairs);
- }
-
- $pair_wheres = array();
-
- // @todo when the pairs are > 3 should probably split the query up to
- // denormalize the strings table.
- $i = 1;
- foreach ($pairs as $index => $pair) {
- // @todo move this elsewhere?
- // support shortcut 'n' => 'v' method.
- if (!is_array($pair)) {
- $pair = array(
- 'name' => $index,
- 'value' => $pair
- );
- }
-
- // @todo The multiple joins are only needed when the operator is AND
- $return['joins'][] = "JOIN {$CONFIG->dbprefix}annotations a{$i} on {$table}.guid = a{$i}.entity_guid";
- $return['joins'][] = "JOIN {$CONFIG->dbprefix}metastrings msn{$i} on a{$i}.name_id = msn{$i}.id";
- $return['joins'][] = "JOIN {$CONFIG->dbprefix}metastrings msv{$i} on a{$i}.value_id = msv{$i}.id";
-
- // must have at least a name and value
- if (!isset($pair['name']) || !isset($pair['value'])) {
- // @todo should probably return false.
- continue;
- }
-
- // case sensitivity can be specified per pair.
- // default to higher level setting.
- if (isset($pair['case_sensitive'])) {
- $pair_binary = ($pair['case_sensitive']) ? ' BINARY ' : '';
- } else {
- $pair_binary = $binary;
- }
-
- if (isset($pair['operand'])) {
- $operand = sanitise_string($pair['operand']);
- } else {
- $operand = ' = ';
- }
-
- // if the value is an int, don't quote it because str '15' < str '5'
- // if the operand is IN don't quote it because quoting should be done already.
- //$value = trim(strtolower($operand)) == 'in' ? $pair['value'] : "'{$pair['value']}'";
- if (trim(strtolower($operand)) == 'in' || sanitise_int($pair['value'])) {
- $value = $pair['value'];
- } else {
- $value = "'{$pair['value']}'";
- }
-
- $access = get_access_sql_suffix("a{$i}");
- $pair_wheres[] = "(msn{$i}.string = '{$pair['name']}' AND {$pair_binary}msv{$i}.string $operand $value AND $access)";
- $i++;
- }
+ $options = array_merge($defaults, $options);
- if ($where = implode (" $pair_operator ", $pair_wheres)) {
- $wheres[] = "($where)";
- }
+ if (!$options = elgg_entities_get_metastrings_options('annotation', $options)) {
+ return FALSE;
}
- if ($where = implode(' OR ', $wheres)) {
- $return['selects'][] = "max(a.time_created) as maxtime";
- $return['wheres'][] = "($where)";
- $return['group_by'] = 'a.entity_guid';
- $return['order_by'] = 'maxtime asc';
- }
+ // special sorting for annotations
+ //@todo overrides other sorting
+ $options['selects'][] = "max(n_table.time_created) as maxtime";
+ $options['group_by'] = 'n_table.entity_guid';
- return $return;
+ return elgg_get_entities($options);
}
/**
- * Return a list of entities which are annotated with a specific annotation.
- * These can be ordered by when the annotation was created/updated.
- *
- * @param string $entity_type Type of entity.
- * @param string $entity_subtype Subtype of entity.
- * @param string $name Name of annotation.
- * @param string $value Value of annotation.
- * @param int $owner_guid Owner.
- * @param int $group_guid Group container. Currently this is only supported if $entity_type == 'object'
- * @param int $limit Maximum number of results to return.
- * @param int $offset Place to start.
- * @param string $order_by How to order results.
- * @param boolean $count Whether to count entities rather than return them
- * @param int $timelower The earliest time the annotation can have been created. Default: all
- * @param int $timeupper The latest time the annotation can have been created. Default: all
- */
-
-
-/**
* @deprecated 1.7 Use elgg_get_entities_from_annotations()
* @param $entity_type
* @param $entity_subtype
@@ -714,7 +502,7 @@ $timelower = 0, $timeupper = 0) {
}
if ($owner_guid) {
- $options['owner_guid'] = $owner_guid;
+ $options['annotation_owner_guid'] = $owner_guid;
}
if ($group_guid) {
diff --git a/engine/lib/database.php b/engine/lib/database.php
index ec703992d..58685bb82 100644
--- a/engine/lib/database.php
+++ b/engine/lib/database.php
@@ -98,7 +98,8 @@ function setup_db_connections() {
function db_profiling_shutdown_hook() {
global $dbcalls;
- elgg_log("DB Queries for this page: $dbcalls", 'DEBUG');
+ // demoted to NOTICE as it corrupts javasript at DEBUG
+ elgg_log("DB Queries for this page: $dbcalls", 'NOTICE');
}
/**
diff --git a/engine/lib/elgglib.php b/engine/lib/elgglib.php
index f106e4ded..9587bf1e4 100644
--- a/engine/lib/elgglib.php
+++ b/engine/lib/elgglib.php
@@ -14,10 +14,10 @@
*/
/**
- * Adds messages to the session so they'll be carried over, and forwards the browser.
+ * Forwards the browser.
* Returns false if headers have already been sent and the browser cannot be moved.
*
- * @param string $location URL to forward to browser to
+ * @param string $location URL to forward to browser to. Can be relative path.
* @return nothing|false
*/
function forward($location = "") {
@@ -25,10 +25,6 @@ function forward($location = "") {
if (!headers_sent()) {
$current_page = current_page_url();
- // What is this meant to do?
- //if (strpos($current_page, $CONFIG->wwwroot . "action") ===false)
-
- $_SESSION['msg'] = array_merge($_SESSION['msg'], system_messages());
if ((substr_count($location, 'http://') == 0) && (substr_count($location, 'https://') == 0)) {
$location = $CONFIG->url . $location;
}
@@ -1255,51 +1251,7 @@ function page_draw($title, $body, $sidebar = "") {
* @return string The friendly time
*/
function friendly_time($time) {
- $diff = time() - ((int) $time);
-
- $minute = 60;
- $hour = $minute * 60;
- $day = $hour * 24;
-
- if ($diff < $minute) {
- $friendly_time = elgg_echo("friendlytime:justnow");
- } else if ($diff < $hour) {
- $diff = round($diff / $minute);
- if ($diff == 0) {
- $diff = 1;
- }
-
- if ($diff > 1) {
- $friendly_time = sprintf(elgg_echo("friendlytime:minutes"), $diff);
- } else {
- $friendly_time = sprintf(elgg_echo("friendlytime:minutes:singular"), $diff);
- }
- } else if ($diff < $day) {
- $diff = round($diff / $hour);
- if ($diff == 0) {
- $diff = 1;
- }
-
- if ($diff > 1) {
- $friendly_time = sprintf(elgg_echo("friendlytime:hours"), $diff);
- } else {
- $friendly_time = sprintf(elgg_echo("friendlytime:hours:singular"), $diff);
- }
- } else {
- $diff = round($diff / $day);
- if ($diff == 0) {
- $diff = 1;
- }
-
- if ($diff > 1) {
- $friendly_time = sprintf(elgg_echo("friendlytime:days"), $diff);
- } else {
- $friendly_time = sprintf(elgg_echo("friendlytime:days:singular"), $diff);
- }
- }
-
- $timestamp = htmlentities(date(elgg_echo('friendlytime:date_format'), $time));
- return "<acronym title=\"$timestamp\">$friendly_time</acronym>";
+ return elgg_view('output/friendlytime', array('time' => $time));
}
/**
@@ -1309,12 +1261,7 @@ function friendly_time($time) {
* @return string The optimised title
*/
function friendly_title($title) {
- $title = trim($title);
- $title = strtolower($title);
- $title = preg_replace("/[^\w ]/","",$title);
- $title = str_replace(" ","-",$title);
- $title = str_replace("--","-",$title);
- return $title;
+ return elgg_view('output/friendlytitle', array('title' => $title));
}
/**
@@ -1990,7 +1937,8 @@ function elgg_log($message, $level='NOTICE') {
* @return void
*/
function elgg_dump($value, $to_screen = TRUE, $level = 'NOTICE') {
-
+ global $CONFIG;
+
// plugin can return false to stop the default logging method
$params = array('level' => $level,
'msg' => $value,
@@ -1999,6 +1947,13 @@ function elgg_dump($value, $to_screen = TRUE, $level = 'NOTICE') {
return;
}
+ // Do not want to write to screen before page creation has started.
+ // This is not fool-proof but probably fixes 95% of the cases when logging
+ // results in data sent to the browser before the page is begun.
+ if (!isset($CONFIG->pagesetupdone)) {
+ $to_screen = FALSE;
+ }
+
if ($to_screen == TRUE) {
echo '<pre>';
print_r($value);
@@ -2932,7 +2887,8 @@ function __elgg_shutdown_hook() {
trigger_elgg_event('shutdown', 'system');
$time = (float)(microtime(TRUE) - $START_MICROTIME);
- elgg_log("Page {$_SERVER['REQUEST_URI']} generated in $time seconds", 'DEBUG');
+ // demoted to NOTICE from DEBUG so javascript is not corrupted
+ elgg_log("Page {$_SERVER['REQUEST_URI']} generated in $time seconds", 'NOTICE');
}
/**
diff --git a/engine/lib/entities.php b/engine/lib/entities.php
index 3d16e1b3d..987328adc 100644
--- a/engine/lib/entities.php
+++ b/engine/lib/entities.php
@@ -2863,7 +2863,7 @@ function can_edit_entity($entity_guid, $user_guid = 0) {
$return = true;
}
if ($container_entity = get_entity($entity->container_guid)) {
- if ($container_entity->canEdit()) {
+ if ($container_entity->canEdit($user->getGUID())) {
$return = true;
}
}
diff --git a/engine/lib/group.php b/engine/lib/group.php
index 362f45402..68829dafb 100644
--- a/engine/lib/group.php
+++ b/engine/lib/group.php
@@ -842,6 +842,7 @@ function group_gatekeeper($forward = true) {
}
if ($forward && $allowed == false) {
+ register_error(elgg_echo('membershiprequired'));
forward($url);
exit;
}
diff --git a/engine/lib/metadata.php b/engine/lib/metadata.php
index 5c248e0f6..bab919ca2 100644
--- a/engine/lib/metadata.php
+++ b/engine/lib/metadata.php
@@ -532,8 +532,6 @@ function find_metadata($meta_name = "", $meta_value = "", $entity_type = "", $en
return get_data($query, "row_to_elggmetadata");
}
-
-
/**
* Returns entities based upon metadata. Also accepts all
* options available to elgg_get_entities(). Supports
@@ -547,6 +545,7 @@ function find_metadata($meta_name = "", $meta_value = "", $entity_type = "", $en
* When in doubt, use name_value_pairs.
*
* @see elgg_get_entities
+ * @see elgg_get_entities_from_annotations
* @param array $options Array in format:
*
* metadata_names => NULL|ARR metadata names
@@ -560,30 +559,59 @@ function find_metadata($meta_name = "", $meta_value = "", $entity_type = "", $en
*
* metadata_case_sensitive => BOOL Overall Case sensitive
*
- * order_by_metadata => NULL|ARR (array('name' => 'metadata_text1', 'direction' => ASC|DESC, 'as' => text|integer),
- * Also supports array('name' => 'metadata_text1')
+ * order_by_metadata => NULL|ARR (array('name' => 'metadata_text1', 'direction' => ASC|DESC, 'as' => text|integer),
+ * Also supports array('name' => 'metadata_text1')
+ *
+ * metadata_owner_guids => NULL|ARR guids for metadata owners
*
* @return array
*/
function elgg_get_entities_from_metadata(array $options = array()) {
$defaults = array(
- 'metadata_names' => ELGG_ENTITIES_ANY_VALUE,
- 'metadata_values' => ELGG_ENTITIES_ANY_VALUE,
- 'metadata_name_value_pairs' => ELGG_ENTITIES_ANY_VALUE,
+ 'metadata_names' => ELGG_ENTITIES_ANY_VALUE,
+ 'metadata_values' => ELGG_ENTITIES_ANY_VALUE,
+ 'metadata_name_value_pairs' => ELGG_ENTITIES_ANY_VALUE,
- 'metadata_name_value_pairs_operator' => 'AND',
- 'metadata_case_sensitive' => TRUE,
- 'order_by_metadata' => array(),
+ 'metadata_name_value_pairs_operator'=> 'AND',
+ 'metadata_case_sensitive' => TRUE,
+ 'order_by_metadata' => array(),
+
+ 'metadata_owner_guids' => ELGG_ENTITIES_ANY_VALUE,
);
$options = array_merge($defaults, $options);
- $singulars = array('metadata_name', 'metadata_value', 'metadata_name_value_pair');
+ if (!$options = elgg_entities_get_metastrings_options('metadata', $options)) {
+ return FALSE;
+ }
+
+ return elgg_get_entities($options);
+}
+
+/**
+ * Returns options to pass to elgg_get_entities() for metastrings operations.
+ *
+ * @param string $type Metastring type: annotations or metadata
+ * @param array $options Options
+ *
+ * @return array
+ */
+function elgg_entities_get_metastrings_options($type, $options) {
+ $valid_types = array('metadata', 'annotation');
+ if (!in_array($type, $valid_types)) {
+ return FALSE;
+ }
+
+ // the options for annotations are singular (annotation_name) but the table
+ // is plural (elgg_annotations) so rewrite for the table name.
+ $n_table = ($type == 'annotation') ? 'annotations' : $type;
+
+ $singulars = array("{$type}_name", "{$type}_value", "{$type}_name_value_pair", "{$type}_owner_guid");
$options = elgg_normalise_plural_options_array($options, $singulars);
- $clauses = elgg_get_entity_metadata_where_sql('e', $options['metadata_names'], $options['metadata_values'],
- $options['metadata_name_value_pairs'], $options['metadata_name_value_pairs_operator'], $options['metadata_case_sensitive'],
- $options['order_by_metadata']);
+ $clauses = elgg_get_entity_metadata_where_sql('e', $n_table, $options["{$type}_names"], $options["{$type}_values"],
+ $options["{$type}_name_value_pairs"], $options["{$type}_name_value_pairs_operator"], $options["{$type}_case_sensitive"],
+ $options["order_by_{$type}"], $options["{$type}_owner_guids"]);
if ($clauses) {
// merge wheres to pass to get_entities()
@@ -614,15 +642,19 @@ function elgg_get_entities_from_metadata(array $options = array()) {
}
}
- return elgg_get_entities($options);
+ return $options;
}
/**
* Returns metadata name and value SQL where for entities.
- * nb: $names and $values are not paired. Use $pairs for this.
+ * NB: $names and $values are not paired. Use $pairs for this.
* Pairs default to '=' operand.
*
- * @param $prefix
+ * This function is reused for annotations because the tables are
+ * exactly the same.
+ *
+ * @param string $e_table Entities table name
+ * @param string $n_table Normalized metastrings table name (Where entities, values, and names are joined. annotations / metadata)
* @param ARR|NULL $names
* @param ARR|NULL $values
* @param ARR|NULL $pairs array of names / values / operands
@@ -631,25 +663,30 @@ function elgg_get_entities_from_metadata(array $options = array()) {
* @param ARR|NULL $order_by_metadata array of names / direction
* @return FALSE|array False on fail, array('joins', 'wheres')
*/
-function elgg_get_entity_metadata_where_sql($table, $names = NULL, $values = NULL, $pairs = NULL, $pair_operator = 'AND', $case_sensitive = TRUE, $order_by_metadata = NULL) {
+function elgg_get_entity_metadata_where_sql($e_table, $n_table, $names = NULL, $values = NULL, $pairs = NULL, $pair_operator = 'AND', $case_sensitive = TRUE, $order_by_metadata = NULL, $owner_guids = NULL) {
global $CONFIG;
// short circuit if nothing requested
// 0 is a valid (if not ill-conceived) metadata name.
// 0 is also a valid metadata value for FALSE, NULL, or 0
+ // 0 is also a valid(ish) owner_guid
if ((!$names && $names !== 0)
&& (!$values && $values !== 0)
&& (!$pairs && $pairs !== 0)
+ && (!$owner_guids && $owner_guids !== 0)
&& !isset($order_by_metadata)) {
return '';
}
+ // join counter for incremental joins.
+ $i = 1;
+
// binary forces byte-to-byte comparision of strings, making
// it case- and diacritical-mark- sensitive.
// only supported on values.
$binary = ($case_sensitive) ? ' BINARY ' : '';
- $access = get_access_sql_suffix('md');
+ $access = get_access_sql_suffix('n_table');
$return = array (
'joins' => array (),
@@ -657,12 +694,14 @@ function elgg_get_entity_metadata_where_sql($table, $names = NULL, $values = NUL
'orders' => array()
);
+ // will always want to join these tables if pulling metastrings.
+ $return['joins'][] = "JOIN {$CONFIG->dbprefix}{$n_table} n_table on {$e_table}.guid = n_table.entity_guid";
+
$wheres = array();
// get names wheres and joins
$names_where = '';
if ($names !== NULL) {
- $return['joins'][] = "JOIN {$CONFIG->dbprefix}metadata md on {$table}.guid = md.entity_guid";
if (!is_array($names)) {
$names = array($names);
}
@@ -677,7 +716,7 @@ function elgg_get_entity_metadata_where_sql($table, $names = NULL, $values = NUL
}
if ($names_str = implode(',', $sanitised_names)) {
- $return['joins'][] = "JOIN {$CONFIG->dbprefix}metastrings msn on md.name_id = msn.id";
+ $return['joins'][] = "JOIN {$CONFIG->dbprefix}metastrings msn on n_table.name_id = msn.id";
$names_where = "(msn.string IN ($names_str))";
}
}
@@ -685,8 +724,6 @@ function elgg_get_entity_metadata_where_sql($table, $names = NULL, $values = NUL
// get values wheres and joins
$values_where = '';
if ($values !== NULL) {
- $return['joins'][] = "JOIN {$CONFIG->dbprefix}metadata md on {$table}.guid = md.entity_guid";
-
if (!is_array($values)) {
$values = array($values);
}
@@ -701,7 +738,7 @@ function elgg_get_entity_metadata_where_sql($table, $names = NULL, $values = NUL
}
if ($values_str = implode(',', $sanitised_values)) {
- $return['joins'][] = "JOIN {$CONFIG->dbprefix}metastrings msv on md.value_id = msv.id";
+ $return['joins'][] = "JOIN {$CONFIG->dbprefix}metastrings msv on n_table.value_id = msv.id";
$values_where = "({$binary}msv.string IN ($values_str))";
}
}
@@ -714,8 +751,6 @@ function elgg_get_entity_metadata_where_sql($table, $names = NULL, $values = NUL
$wheres[] = "($values_where AND $access)";
}
- $i = 1;
-
// add pairs
// pairs must be in arrays.
if (is_array($pairs)) {
@@ -739,11 +774,6 @@ function elgg_get_entity_metadata_where_sql($table, $names = NULL, $values = NUL
);
}
- // @todo The multiple joins are only needed when the operator is AND
- $return['joins'][] = "JOIN {$CONFIG->dbprefix}metadata md{$i} on {$table}.guid = md{$i}.entity_guid";
- $return['joins'][] = "JOIN {$CONFIG->dbprefix}metastrings msn{$i} on md{$i}.name_id = msn{$i}.id";
- $return['joins'][] = "JOIN {$CONFIG->dbprefix}metastrings msv{$i} on md{$i}.value_id = msv{$i}.id";
-
// must have at least a name and value
if (!isset($pair['name']) || !isset($pair['value'])) {
// @todo should probably return false.
@@ -764,6 +794,10 @@ function elgg_get_entity_metadata_where_sql($table, $names = NULL, $values = NUL
$operand = ' = ';
}
+ // for comparing
+ $trimmed_operand = trim(strtolower($operand));
+
+ $access = get_access_sql_suffix("n_table{$i}");
// if the value is an int, don't quote it because str '15' < str '5'
// if the operand is IN don't quote it because quoting should be done already.
if (is_numeric($pair['value'])) {
@@ -772,10 +806,10 @@ function elgg_get_entity_metadata_where_sql($table, $names = NULL, $values = NUL
$values_array = array();
foreach ($pair['value'] as $pair_value) {
- if (is_numeric($v)) {
+ if (is_numeric($pair_value)) {
$values_array[] = sanitise_string($pair_value);
} else {
- $values_array[] = '\'' . sanitise_string($pair_value) . '\'';
+ $values_array[] = "'" . sanitise_string($pair_value) . "'";
}
}
@@ -786,16 +820,21 @@ function elgg_get_entity_metadata_where_sql($table, $names = NULL, $values = NUL
// @todo allow support for non IN operands with array of values.
// will have to do more silly joins.
$operand = 'IN';
- } else if (trim(strtolower($operand)) == 'in') {
+ } else if ($trimmed_operand == 'in') {
$value = "({$pair['value']})";
} else {
- $value = '\'' . sanitise_string($pair['value']) . '\'';
+ $value = "'" . sanitise_string($pair['value']) . "'";
}
$name = sanitise_string($pair['name']);
- $access = get_access_sql_suffix("md{$i}");
+ // @todo The multiple joins are only needed when the operator is AND
+ $return['joins'][] = "JOIN {$CONFIG->dbprefix}{$n_table} n_table{$i} on {$e_table}.guid = n_table{$i}.entity_guid";
+ $return['joins'][] = "JOIN {$CONFIG->dbprefix}metastrings msn{$i} on n_table{$i}.name_id = msn{$i}.id";
+ $return['joins'][] = "JOIN {$CONFIG->dbprefix}metastrings msv{$i} on n_table{$i}.value_id = msv{$i}.id";
+
$pair_wheres[] = "(msn{$i}.string = '$name' AND {$pair_binary}msv{$i}.string $operand $value AND $access)";
+
$i++;
}
@@ -804,7 +843,19 @@ function elgg_get_entity_metadata_where_sql($table, $names = NULL, $values = NUL
}
}
- if ($where = implode(' OR ', $wheres)) {
+ // add owner_guids
+ if ($owner_guids) {
+ if (is_array($owner_guids)) {
+ $sanitised = array_map('sanitise_int', $owner_guids);
+ $owner_str = implode(',', $sanitised);
+ } else {
+ $owner_str = sanitise_int($owner_guids);
+ }
+
+ $wheres[] = "(n_table.owner_guid IN ($owner_str))";
+ }
+
+ if ($where = implode(' AND ', $wheres)) {
$return['wheres'][] = "($where)";
}
@@ -821,11 +872,11 @@ function elgg_get_entity_metadata_where_sql($table, $names = NULL, $values = NUL
} else {
$direction = 'ASC';
}
- $return['joins'][] = "JOIN {$CONFIG->dbprefix}metadata md{$i} on {$table}.guid = md{$i}.entity_guid";
- $return['joins'][] = "JOIN {$CONFIG->dbprefix}metastrings msn{$i} on md{$i}.name_id = msn{$i}.id";
- $return['joins'][] = "JOIN {$CONFIG->dbprefix}metastrings msv{$i} on md{$i}.value_id = msv{$i}.id";
+ $return['joins'][] = "JOIN {$CONFIG->dbprefix}{$n_table} n_table{$i} on {$e_table}.guid = n_table{$i}.entity_guid";
+ $return['joins'][] = "JOIN {$CONFIG->dbprefix}metastrings msn{$i} on n_table{$i}.name_id = msn{$i}.id";
+ $return['joins'][] = "JOIN {$CONFIG->dbprefix}metastrings msv{$i} on n_table{$i}.value_id = msv{$i}.id";
- $access = get_access_sql_suffix("md{$i}");
+ $access = get_access_sql_suffix("n_table{$i}");
$return['wheres'][] = "(msn{$i}.string = '$name' AND $access)";
if (isset($order_by['as']) && $order_by['as'] == 'integer') {
diff --git a/engine/lib/notification.php b/engine/lib/notification.php
index adc4ebace..024881e0f 100644
--- a/engine/lib/notification.php
+++ b/engine/lib/notification.php
@@ -51,6 +51,19 @@ function register_notification_handler($method, $handler, $params = NULL) {
}
/**
+ * This function unregisters a handler for a given notification type (eg "email")
+ *
+ * @param string $method The method
+ */
+function unregister_notification_handler($method) {
+ global $NOTIFICATION_HANDLERS;
+
+ if (isset($NOTIFICATION_HANDLERS[$method])) {
+ unset($NOTIFICATION_HANDLERS[$method]);
+ }
+}
+
+/**
* Notify a user via their preferences.
*
* @param mixed $to Either a guid or an array of guid's to notify.
@@ -101,6 +114,11 @@ function notify_user($to, $from, $subject, $message, array $params = NULL, $meth
if ($methods) {
// Deliver
foreach ($methods as $method) {
+
+ if (!isset($NOTIFICATION_HANDLERS[$method])) {
+ continue;
+ }
+
// Extract method details from list
$details = $NOTIFICATION_HANDLERS[$method];
$handler = $details->handler;
diff --git a/engine/lib/river2.php b/engine/lib/river2.php
index 7793ea192..3d826f517 100644
--- a/engine/lib/river2.php
+++ b/engine/lib/river2.php
@@ -21,8 +21,8 @@
* @return true|false Depending on success
*/
function add_to_river($view,$action_type,$subject_guid,$object_guid,$access_id = "",$posted = 0, $annotation_id = 0) {
- // Sanitise variables
- if (!elgg_view_exists($view)) {
+ // use default viewtype for when called from REST api
+ if (!elgg_view_exists($view, 'default')) {
return false;
}
if (!($subject = get_entity($subject_guid))) {
diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php
index fdc6d1806..f4b1fc69b 100644
--- a/engine/lib/sessions.php
+++ b/engine/lib/sessions.php
@@ -92,17 +92,17 @@ class ElggSession implements ArrayAccess {
return true;
}
}
-
-
+
+
// Alias functions
function get($key) {
return $this->offsetGet($key);
}
-
+
function set($key, $value) {
return $this->offsetSet($key, $value);
}
-
+
function del($key) {
return $this->offsetUnset($key);
}
@@ -166,16 +166,16 @@ function isloggedin() {
*/
function isadminloggedin() {
if (!is_installed()) {
- return false;
+ return FALSE;
}
$user = get_loggedin_user();
- if ((isloggedin()) && (($user->admin || $user->siteadmin))) {
- return true;
+ if ((isloggedin()) && $user->isAdmin()) {
+ return TRUE;
}
- return false;
+ return FALSE;
}
/**
@@ -187,40 +187,41 @@ function isadminloggedin() {
*/
function elgg_is_admin_user($user_guid) {
global $CONFIG;
-
- // cannot use metadata here because of recursion
-
- // caching is done at the db level so no need to here.
- $query = "SELECT * FROM {$CONFIG->dbprefix}users_entity as e,
- {$CONFIG->dbprefix}metastrings as ms1,
- {$CONFIG->dbprefix}metastrings as ms2,
- {$CONFIG->dbprefix}metadata as md
- WHERE (
- (
- (ms1.string = 'admin' AND ms2.string = 'yes')
- OR (ms1.string = 'admin' AND ms2.string = '1')
- )
- AND md.name_id = ms1.id AND md.value_id = ms2.id
- AND e.guid = md.entity_guid
- AND e.guid = {$user_guid}
- AND e.banned = 'no'
+ // cannot use magic metadata here because of recursion
+
+ // must support the old way of getting admin from metadata
+ // in order to run the upgrade to move it into the users table.
+ $version = (int) datalist_get('version');
+
+ if ($version < 2010040201) {
+ $admin = get_metastring_id('admin');
+ $yes = get_metastring_id('yes');
+ $one = get_metastring_id('1');
+
+ $query = "SELECT * FROM {$CONFIG->dbprefix}users_entity as e,
+ {$CONFIG->dbprefix}metadata as md
+ WHERE (
+ md.name_id = '$admin'
+ AND md.value_id IN ('$yes', '$one')
+ AND e.guid = md.entity_guid
+ AND e.guid = {$user_guid}
+ AND e.banned = 'no'
)";
-// OR (
-// ms1.string = 'admin' AND ms2.string = '1'
-// AND md.name_id = ms1.id AND md.value_id = ms2.id
-// AND e.guid = md.entity_guid
-// AND e.guid = {$user_guid}
-// AND e.banned = 'no'
-// )";
-
+ } else {
+ $query = "SELECT * FROM {$CONFIG->dbprefix}users_entity as e
+ WHERE (
+ e.guid = {$user_guid}
+ AND e.admin = 'yes'
+ )";
+ }
// normalizing the results from get_data()
// See #1242
$info = get_data($query);
- if (!((is_array($info) && count($info) < 1) || $info === false)) {
- return true;
+ if (!((is_array($info) && count($info) < 1) || $info === FALSE)) {
+ return TRUE;
}
- return false;
+ return FALSE;
}
/**
@@ -254,7 +255,7 @@ function pam_auth_userpass($credentials = NULL) {
if ($user = get_user_by_username($credentials['username'])) {
// Let admins log in without validating their email, but normal users must have validated their email or been admin created
- if ((!$user->admin) && (!$user->validated) && (!$user->admin_created)) {
+ if ((!$user->isAdmin()) && (!$user->validated) && (!$user->admin_created)) {
return false;
}
@@ -335,7 +336,7 @@ function reset_login_failure_count($user_guid) {
* @return bool on exceeded limit.
*/
function check_rate_limit_exceeded($user_guid) {
- // 5 failures in 5 minutes causes temporary block on logins
+ // 5 failures in 5 minutes causes temporary block on logins
$limit = 5;
$user_guid = (int)$user_guid;
$user = get_entity($user_guid);
@@ -434,7 +435,7 @@ function login(ElggUser $user, $persistent = false) {
function logout() {
global $CONFIG;
- if (isset($_SESSION['user'])) {
+ if (isset($_SESSION['user'])) {
if (!trigger_elgg_event('logout','user',$_SESSION['user'])) {
return false;
}
@@ -532,7 +533,7 @@ function session_init($event, $object_type, $object) {
unset($_SESSION['id']);
unset($_SESSION['guid']);
unset($_SESSION['code']);
-
+
// is there a remember me cookie
if (isset($_COOKIE['elggperm'])) {
// we have a cookie, so try to log the user in
@@ -545,7 +546,7 @@ function session_init($event, $object_type, $object) {
$_SESSION['guid'] = $_SESSION['id'];
$_SESSION['code'] = $_COOKIE['elggperm'];
}
- }
+ }
} else {
// we have a session and we have already checked the fingerprint
// reload the user object from database in case it has changed during the session
diff --git a/engine/lib/upgrades/2010033101.php b/engine/lib/upgrades/2010033101.php
new file mode 100644
index 000000000..b137e0285
--- /dev/null
+++ b/engine/lib/upgrades/2010033101.php
@@ -0,0 +1,65 @@
+<?php
+/*
+ * Conditional upgrade for UTF8 as described in http://trac.elgg.org/ticket/1928
+ */
+
+// get_version() returns the code version.
+// we want the DB version.
+$dbversion = (int) datalist_get('version');
+
+// 2009100701 was the utf8 upgrade for 1.7.
+// if we've already upgraded, don't try again.
+if ($dbversion < 2009100701) {
+ // if the default client connection is utf8 there is no reason
+ // to run this upgrade because the strings are already stored correctly.
+
+ // start a new link to the DB to see what its defaults are.
+ $link = mysql_connect($CONFIG->dbhost, $CONFIG->dbuser, $CONFIG->dbpass, TRUE);
+ mysql_select_db($CONFIG->dbname, $link);
+
+ $q = "SHOW VARIABLES LIKE 'character_set_client'";
+ $r = mysql_query($q);
+ $client = mysql_fetch_assoc($r);
+
+ $q = "SHOW VARIABLES LIKE 'character_set_connection'";
+ $r = mysql_query($q);
+ $connection = mysql_fetch_assoc($r);
+
+ // only run upgrade if not already talking utf8.
+ if ($client['Value'] != 'utf8' && $connection['Value'] != 'utf8') {
+ $qs = array();
+ $qs[] = "SET NAMES utf8";
+
+ $qs[] = "ALTER TABLE {$CONFIG->dbprefix}metastrings DISABLE KEYS";
+ $qs[] = "REPLACE INTO {$CONFIG->dbprefix}metastrings (id, string)
+ SELECT id, unhex(hex(convert(string using latin1)))
+ FROM {$CONFIG->dbprefix}metastrings";
+ $qs[] = "ALTER TABLE {$CONFIG->dbprefix}metastrings ENABLE KEYS";
+
+ $qs[] = "ALTER TABLE {$CONFIG->dbprefix}groups_entity DISABLE KEYS";
+ $qs[] = "REPLACE INTO {$CONFIG->dbprefix}groups_entity (guid, name, description)
+ SELECT guid, unhex(hex(convert(name using latin1))), unhex(hex(convert(description using latin1)))
+ FROM {$CONFIG->dbprefix}groups_entity";
+ $qs[] = "ALTER TABLE {$CONFIG->dbprefix}groups_entity ENABLE KEYS";
+
+ $qs[] = "ALTER TABLE {$CONFIG->dbprefix}objects_entity DISABLE KEYS";
+ $qs[] = "REPLACE INTO {$CONFIG->dbprefix}objects_entity (guid, title, description)
+ SELECT guid, unhex(hex(convert(title using latin1))), unhex(hex(convert(description using latin1)))
+ FROM {$CONFIG->dbprefix}objects_entity";
+ $qs[] = "ALTER TABLE {$CONFIG->dbprefix}objects_entity ENABLE KEYS";
+
+ $qs[] = "ALTER TABLE {$CONFIG->dbprefix}users_entity DISABLE KEYS";
+ $qs[] = "REPLACE INTO {$CONFIG->dbprefix}users_entity (guid, name, username, password, salt, email, language, code,
+ banned, last_action, prev_last_action, last_login, prev_last_login)
+ SELECT guid, unhex(hex(convert(name using latin1))), username, password, salt, email, language, code,
+ banned, last_action, prev_last_action, last_login, prev_last_login
+ FROM {$CONFIG->dbprefix}users_entity";
+ $qs[] = "ALTER TABLE {$CONFIG->dbprefix}users_entity ENABLE KEYS";
+
+ foreach ($qs as $q) {
+ if (!update_data($q)) {
+ throw new Exception('Couldn\'t execute upgrade query: ' . $q);
+ }
+ }
+ }
+} \ No newline at end of file
diff --git a/engine/lib/upgrades/2010040201.php b/engine/lib/upgrades/2010040201.php
new file mode 100644
index 000000000..22eee15f8
--- /dev/null
+++ b/engine/lib/upgrades/2010040201.php
@@ -0,0 +1,40 @@
+<?php
+/**
+ * Pull admin metadata setting into users_entity table column
+ */
+
+$siteadmin = get_metastring_id('siteadmin');
+$admin = get_metastring_id('admin');
+$yes = get_metastring_id('yes');
+$one = get_metastring_id('1');
+
+$qs = array();
+
+$qs[] = "ALTER TABLE {$CONFIG->dbprefix}users_entity DISABLE KEYS";
+
+$qs[] = "ALTER TABLE {$CONFIG->dbprefix}users_entity
+ ADD admin ENUM('yes', 'no') NOT NULL DEFAULT 'no' AFTER `banned`";
+
+$qs[] = "UPDATE {$CONFIG->dbprefix}users_entity SET admin = 'yes' where guid IN (select x.guid FROM(
+SELECT * FROM {$CONFIG->dbprefix}users_entity as e,
+ {$CONFIG->dbprefix}metadata as md
+ WHERE (
+ md.name_id IN ('$admin', '$siteadmin')
+ AND md.value_id IN ('$yes', '$one')
+ AND e.guid = md.entity_guid
+ AND e.banned = 'no'
+ )) as x)";
+
+$qs[] = "ALTER TABLE {$CONFIG->dbprefix}users_entity ADD KEY admin (admin)";
+
+$qs[] = "ALTER TABLE {$CONFIG->dbprefix}users_entity ENABLE KEYS";
+
+$qs[] = "DELETE FROM {$CONFIG->dbprefix}metadata
+ WHERE (
+ name_id IN ('$admin', '$siteadmin')
+ AND value_id IN ('$yes', '$one')
+ )";
+
+foreach ($qs as $q) {
+ update_data($q);
+} \ No newline at end of file
diff --git a/engine/lib/users.php b/engine/lib/users.php
index 45c281d23..778b072a1 100644
--- a/engine/lib/users.php
+++ b/engine/lib/users.php
@@ -43,6 +43,7 @@ class ElggUser extends ElggEntity
$this->attributes['language'] = "";
$this->attributes['code'] = "";
$this->attributes['banned'] = "no";
+ $this->attributes['admin'] = 'no';
$this->attributes['tables_split'] = 2;
}
@@ -200,6 +201,46 @@ class ElggUser extends ElggEntity
}
/**
+ * Is this user admin?
+ *
+ * @return bool
+ */
+ public function isAdmin() {
+
+ // for backward compatibility we need to pull this directly
+ // from the attributes instead of using the magic methods.
+ // this can be removed in 1.9
+ // return $this->admin == 'yes';
+ return $this->attributes['admin'] == 'yes';
+ }
+
+ /**
+ * Make the user an admin
+ *
+ * @return bool
+ */
+ public function makeAdmin() {
+ if (make_user_admin($this->guid)) {
+ $this->attributes['admin'] = 'yes';
+ return TRUE;
+ }
+ return FALSE;
+ }
+
+ /**
+ * Remove the admin flag for user
+ *
+ * @return bool
+ */
+ public function removeAdmin() {
+ if (remove_user_admin($this->guid)) {
+ $this->attributes['admin'] = 'no';
+ return TRUE;
+ }
+ return FALSE;
+ }
+
+ /**
* Get sites that this user is a member of
*
* @param string $subtype Optionally, the subtype of result we want to limit to
@@ -375,6 +416,30 @@ class ElggUser extends ElggEntity
'language',
));
}
+
+ // backward compatibility with admin flag
+ // remove for 1.9
+ public function __set($name, $value) {
+ if ($name == 'admin' || $name == 'siteadmin') {
+ elgg_deprecated_notice('The admin/siteadmin metadata are not longer used. Use ElggUser->makeAdmin() and ElggUser->removeAdmin().', '1.7.1');
+
+ if ($value == 'yes' || $value == '1') {
+ $this->makeAdmin();
+ } else {
+ $this->removeAdmin();
+ }
+ }
+ return parent::__set($name, $value);
+ }
+
+ public function __get($name) {
+ if ($name == 'admin' || $name == 'siteadmin') {
+ elgg_deprecated_notice('The admin/siteadmin metadata are not longer used. Use ElggUser->isAdmin().', '1.7.1');
+ return $this->isAdmin();
+ }
+
+ return parent::__get($name);
+ }
}
/**
@@ -501,9 +566,11 @@ function ban_user($user_guid, $reason = "") {
// Set ban flag
return update_data("UPDATE {$CONFIG->dbprefix}users_entity set banned='yes' where guid=$user_guid");
}
+
+ return FALSE;
}
- return false;
+ return FALSE;
}
/**
@@ -534,9 +601,81 @@ function unban_user($user_guid) {
return update_data("UPDATE {$CONFIG->dbprefix}users_entity set banned='no' where guid=$user_guid");
}
+
+ return FALSE;
}
- return false;
+ return FALSE;
+}
+
+/**
+ * Makes user $guid an admin.
+ *
+ * @param int $guid
+ * @return bool
+ */
+function make_user_admin($user_guid) {
+ global $CONFIG;
+
+ $user = get_entity((int)$user_guid);
+
+ if (($user) && ($user instanceof ElggUser) && ($user->canEdit())) {
+ if (trigger_elgg_event('make_admin', 'user', $user)) {
+
+ // invalidate memcache for this user
+ static $newentity_cache;
+ if ((!$newentity_cache) && (is_memcache_available())) {
+ $newentity_cache = new ElggMemcache('new_entity_cache');
+ }
+
+ if ($newentity_cache) {
+ $newentity_cache->delete($user_guid);
+ }
+
+ $r = update_data("UPDATE {$CONFIG->dbprefix}users_entity set admin='yes' where guid=$user_guid");
+ invalidate_cache_for_entity($user_guid);
+ return $r;
+ }
+
+ return FALSE;
+ }
+
+ return FALSE;
+}
+
+/**
+ * Removes user $guid's admin flag.
+ *
+ * @param int $guid
+ * @return bool
+ */
+function remove_user_admin($user_guid) {
+ global $CONFIG;
+
+ $user = get_entity((int)$user_guid);
+
+ if (($user) && ($user instanceof ElggUser) && ($user->canEdit())) {
+ if (trigger_elgg_event('remove_admin', 'user', $user)) {
+
+ // invalidate memcache for this user
+ static $newentity_cache;
+ if ((!$newentity_cache) && (is_memcache_available())) {
+ $newentity_cache = new ElggMemcache('new_entity_cache');
+ }
+
+ if ($newentity_cache) {
+ $newentity_cache->delete($user_guid);
+ }
+
+ $r = update_data("UPDATE {$CONFIG->dbprefix}users_entity set admin='no' where guid=$user_guid");
+ invalidate_cache_for_entity($user_guid);
+ return $r;
+ }
+
+ return FALSE;
+ }
+
+ return FALSE;
}
/**
@@ -1398,10 +1537,6 @@ function register_user($username, $password, $name, $email, $allow_multiple_emai
access_show_hidden_entities($access_status);
- // Check to see if we've registered the first admin yet.
- // If not, this is the first admin user!
- $have_admin = datalist_get('admin_registered');
-
// Otherwise ...
$user = new ElggUser();
$user->username = $username;
@@ -1428,9 +1563,13 @@ function register_user($username, $password, $name, $email, $allow_multiple_emai
}
}
+ // Check to see if we've registered the first admin yet.
+ // If not, this is the first admin user!
+ $have_admin = datalist_get('admin_registered');
global $registering_admin;
+
if (!$have_admin) {
- $user->admin = true;
+ $user->makeAdmin();
set_user_validation_status($user->getGUID(), TRUE, 'first_run');
datalist_set('admin_registered', 1);
$registering_admin = true;
diff --git a/engine/lib/widgets.php b/engine/lib/widgets.php
index a450d6223..7884f263a 100644
--- a/engine/lib/widgets.php
+++ b/engine/lib/widgets.php
@@ -254,7 +254,6 @@ function add_widget($user_guid, $handler, $context, $order = 0, $column = 1, $ac
* @param string $position A comma-separated list of positions on the page (side or main) where this widget is allowed (default: "side,main")
* @return true|false Depending on success
*/
-
function add_widget_type($handler, $name, $description, $context = "all", $multiple = false, $positions = "side,main") {
if (!empty($handler) && !empty($name)) {
global $CONFIG;
@@ -283,6 +282,27 @@ function add_widget_type($handler, $name, $description, $context = "all", $multi
}
/**
+ * Remove a widget type
+ *
+ * @param string $handler The identifier for the widget handler
+ */
+function remove_widget_type($handler) {
+ global $CONFIG;
+
+ if (!isset($CONFIG->widgets)) {
+ return;
+ }
+
+ if (!isset($CONFIG->widgets->handlers)) {
+ return;
+ }
+
+ if (isset($CONFIG->widgets->handlers[$handler])) {
+ unset($CONFIG->widgets->handlers[$handler]);
+ }
+}
+
+/**
* Determines whether or not widgets with the specified handler have been defined
*
* @param string $handler The widget handler identifying string
diff --git a/engine/schema/upgrades/2009100701.sql b/engine/schema/upgrades/2009100701.sql
index 0c89441d4..dbf52b4da 100644
--- a/engine/schema/upgrades/2009100701.sql
+++ b/engine/schema/upgrades/2009100701.sql
@@ -1,27 +1,2 @@
-SET NAMES utf8;
-
-ALTER TABLE `prefix_metastrings` DISABLE KEYS;
-REPLACE INTO `prefix_metastrings` (id, string)
- SELECT id, unhex(hex(convert(string using latin1)))
- FROM `prefix_metastrings`;
-ALTER TABLE `prefix_metastrings` ENABLE KEYS;
-
-ALTER TABLE `prefix_groups_entity` DISABLE KEYS;
-REPLACE INTO `prefix_groups_entity` (guid, name, description)
- SELECT guid, unhex(hex(convert(name using latin1))), unhex(hex(convert(description using latin1)))
- FROM `prefix_groups_entity`;
-ALTER TABLE `prefix_groups_entity` ENABLE KEYS;
-
-ALTER TABLE `prefix_objects_entity` DISABLE KEYS;
-REPLACE INTO `prefix_objects_entity` (guid, title, description)
- SELECT guid, unhex(hex(convert(title using latin1))), unhex(hex(convert(description using latin1)))
- FROM `prefix_objects_entity`;
-ALTER TABLE `prefix_objects_entity` ENABLE KEYS;
-
-ALTER TABLE `prefix_users_entity` DISABLE KEYS;
-REPLACE INTO `prefix_users_entity` (guid, name, username, password, salt, email, language, code,
- banned, last_action, prev_last_action, last_login, prev_last_login)
- SELECT guid, unhex(hex(convert(name using latin1))), username, password, salt, email, language, code,
- banned, last_action, prev_last_action, last_login, prev_last_login
- FROM `prefix_users_entity`;
-ALTER TABLE `prefix_users_entity` ENABLE KEYS;
+-- Previously was the UTF8 migration that is now in code at 2010033101.
+-- Keeping this file to force an overwrite and to avoid confusion with missing migrations.
diff --git a/engine/tests/api/entity_getter_functions.php b/engine/tests/api/entity_getter_functions.php
index 49fd4ec0d..1d7261c0d 100644
--- a/engine/tests/api/entity_getter_functions.php
+++ b/engine/tests/api/entity_getter_functions.php
@@ -1365,6 +1365,262 @@ class ElggCoreEntityGetterFunctionsTest extends ElggCoreUnitTest {
}
}
+ function testElggApiGettersEntityMetadataNVPValidNValidVEqualsTriple() {
+ $subtypes = $this->getRandomValidSubtypes(array('object'), 1);
+ $subtype = $subtypes[0];
+ $md_name = 'test_metadata_name_' . rand();
+ $md_value = 'test_metadata_value_' . rand();
+
+ $md_name2 = 'test_metadata_name_' . rand();
+ $md_value2 = 'test_metadata_value_' . rand();
+
+ $md_name3 = 'test_metadata_name_' . rand();
+ $md_value3 = 'test_metadata_value_' . rand();
+
+ $guids = array();
+
+ // our target
+ $valid = new ElggObject();
+ $valid->subtype = $subtype;
+ $valid->$md_name = $md_value;
+ $valid->$md_name2 = $md_value2;
+ $valid->$md_name3 = $md_value3;
+ $valid->save();
+ $guids[] = $valid->getGUID();
+
+ // make some bad ones
+ $invalid_md_name = 'test_metadata_name_' . rand();
+ $e = new ElggObject();
+ $e->subtype = $subtype;
+ $e->$md_name = $invalid_md_value;
+ $e->$md_name2 = $invalid_md_value;
+ $e->$md_name3 = $invalid_md_value;
+ $e->save();
+ $guids[] = $e->getGUID();
+
+ $invalid_md_value = 'test_metadata_value_' . rand();
+ $e = new ElggObject();
+ $e->subtype = $subtype;
+ $e->$md_name = $invalid_md_value;
+ $e->$md_name2 = $invalid_md_value;
+ $e->$md_name3 = $invalid_md_value;
+ $e->save();
+ $guids[] = $e->getGUID();
+
+ $md_invalid_names = array();
+
+ $options = array(
+ 'type' => 'object',
+ 'subtype' => $subtype,
+ 'metadata_name_value_pairs' => array(
+ array(
+ 'name' => $md_name,
+ 'value' => $md_value
+ ),
+ array(
+ 'name' => $md_name2,
+ 'value' => $md_value2
+ ),
+ array(
+ 'name' => $md_name3,
+ 'value' => $md_value3
+ )
+ )
+ );
+
+ $entities = elgg_get_entities_from_metadata($options);
+
+ $this->assertIsa($entities, 'array');
+ $this->assertEqual(count($entities), 1);
+
+ foreach ($entities as $entity) {
+ $this->assertEqual($entity->getGUID(), $valid->getGUID());
+ $this->assertEqual($entity->$md_name, $md_value);
+ $entity->delete();
+ }
+
+ foreach ($guids as $guid) {
+ if ($e = get_entity($guid)) {
+ $e->delete();
+ }
+ }
+ }
+
+ function testElggApiGettersEntityMetadataNVPValidNValidVEqualsDouble() {
+ $subtypes = $this->getRandomValidSubtypes(array('object'), 1);
+ $subtype = $subtypes[0];
+ $md_name = 'test_metadata_name_' . rand();
+ $md_value = 'test_metadata_value_' . rand();
+
+ $md_name2 = 'test_metadata_name_' . rand();
+ $md_value2 = 'test_metadata_value_' . rand();
+
+ $guids = array();
+
+ // our target
+ $valid = new ElggObject();
+ $valid->subtype = $subtype;
+ $valid->$md_name = $md_value;
+ $valid->$md_name2 = $md_value2;
+ $valid->save();
+ $guids[] = $valid->getGUID();
+
+ // make some bad ones
+ $invalid_md_name = 'test_metadata_name_' . rand();
+ $e = new ElggObject();
+ $e->subtype = $subtype;
+ $e->$md_name = $invalid_md_value;
+ $e->$md_name2 = $invalid_md_value;
+ $e->save();
+ $guids[] = $e->getGUID();
+
+ $invalid_md_value = 'test_metadata_value_' . rand();
+ $e = new ElggObject();
+ $e->subtype = $subtype;
+ $e->$md_name = $invalid_md_value;
+ $e->$md_name2 = $invalid_md_value;
+ $e->save();
+ $guids[] = $e->getGUID();
+
+ $md_invalid_names = array();
+
+ $options = array(
+ 'type' => 'object',
+ 'subtype' => $subtype,
+ 'metadata_name_value_pairs' => array(
+ array(
+ 'name' => $md_name,
+ 'value' => $md_value
+ ),
+ array(
+ 'name' => $md_name2,
+ 'value' => $md_value2
+ )
+ )
+ );
+
+ $entities = elgg_get_entities_from_metadata($options);
+
+ $this->assertIsa($entities, 'array');
+ $this->assertEqual(count($entities), 1);
+
+ foreach ($entities as $entity) {
+ $this->assertEqual($entity->getGUID(), $valid->getGUID());
+ $this->assertEqual($entity->$md_name, $md_value);
+ $entity->delete();
+ }
+
+ foreach ($guids as $guid) {
+ if ($e = get_entity($guid)) {
+ $e->delete();
+ }
+ }
+ }
+
+ function testElggApiGettersEntityMetadataNVPValidNValidVEqualsStupid() {
+ $subtypes = $this->getRandomValidSubtypes(array('object'), 1);
+ $subtype = $subtypes[0];
+ $md_name = 'test_metadata_name_' . rand();
+ $md_value = 'test_metadata_value_' . rand();
+
+ $md_name2 = 'test_metadata_name_' . rand();
+ $md_value2 = 'test_metadata_value_' . rand();
+
+ $md_name3 = 'test_metadata_name_' . rand();
+ $md_value3 = 'test_metadata_value_' . rand();
+
+ $md_name3 = 'test_metadata_name_' . rand();
+ $md_value3 = 'test_metadata_value_' . rand();
+
+ $md_name4 = 'test_metadata_name_' . rand();
+ $md_value4 = 'test_metadata_value_' . rand();
+
+ $md_name5 = 'test_metadata_name_' . rand();
+ $md_value5 = 'test_metadata_value_' . rand();
+
+ $guids = array();
+
+ // our target
+ $valid = new ElggObject();
+ $valid->subtype = $subtype;
+ $valid->$md_name = $md_value;
+ $valid->$md_name2 = $md_value2;
+ $valid->$md_name3 = $md_value3;
+ $valid->$md_name4 = $md_value4;
+ $valid->$md_name5 = $md_value5;
+ $valid->save();
+ $guids[] = $valid->getGUID();
+
+ // make some bad ones
+ $invalid_md_name = 'test_metadata_name_' . rand();
+ $e = new ElggObject();
+ $e->subtype = $subtype;
+ $e->$md_name = $invalid_md_value;
+ $e->$md_name2 = $invalid_md_value;
+ $e->$md_name3 = $invalid_md_value;
+ $e->$md_name4 = $invalid_md_value;
+ $e->$md_name5 = $invalid_md_value;
+ $e->save();
+ $guids[] = $e->getGUID();
+
+ $invalid_md_value = 'test_metadata_value_' . rand();
+ $e = new ElggObject();
+ $e->subtype = $subtype;
+ $e->$md_name = $invalid_md_value;
+ $e->$md_name2 = $invalid_md_value;
+ $e->$md_name3 = $invalid_md_value;
+ $e->$md_name4 = $invalid_md_value;
+ $e->$md_name5 = $invalid_md_value;
+ $e->save();
+ $guids[] = $e->getGUID();
+
+ $md_invalid_names = array();
+
+ $options = array(
+ 'type' => 'object',
+ 'subtype' => $subtype,
+ 'metadata_name_value_pairs' => array(
+ array(
+ 'name' => $md_name,
+ 'value' => $md_value
+ ),
+ array(
+ 'name' => $md_name2,
+ 'value' => $md_value2
+ ),
+ array(
+ 'name' => $md_name3,
+ 'value' => $md_value3
+ ),
+ array(
+ 'name' => $md_name4,
+ 'value' => $md_value4
+ ),
+ array(
+ 'name' => $md_name5,
+ 'value' => $md_value5
+ ),
+ )
+ );
+
+ $entities = elgg_get_entities_from_metadata($options);
+
+ $this->assertIsa($entities, 'array');
+ $this->assertEqual(count($entities), 1);
+
+ foreach ($entities as $entity) {
+ $this->assertEqual($entity->getGUID(), $valid->getGUID());
+ $this->assertEqual($entity->$md_name, $md_value);
+ $entity->delete();
+ }
+
+ foreach ($guids as $guid) {
+ if ($e = get_entity($guid)) {
+ $e->delete();
+ }
+ }
+ }
+
function testElggApiGettersEntityMetadataNVPValidNInvalidV() {
$subtypes = $this->getRandomValidSubtypes(array('object'), 1);
$subtype = $subtypes[0];
@@ -1730,4 +1986,59 @@ class ElggCoreEntityGetterFunctionsTest extends ElggCoreUnitTest {
}
}
}
+
+ /**
+ * Annotations
+ */
+ public function testElggApiGettersEntitiesFromAnnotation() {
+
+ // grab a few different users to annotation
+ // there will always be at least 2 here because of the construct.
+ $users = elgg_get_entities(array('type' => 'user', 'limit' => 2));
+
+ // create some test annotations
+ $subtypes = $this->getRandomValidSubtypes(array('object'), 1);
+ $subtype = $subtypes[0];
+ $annotation_name = 'test_annotation_name_' . rand();
+ $annotation_value = rand(1000, 9999);
+ $annotation_name2 = 'test_annotation_name_' . rand();
+ $annotation_value2 = rand(1000, 9999);
+ $guids = array();
+
+ // our targets
+ $valid = new ElggObject();
+ $valid->subtype = $subtype;
+ $valid->save();
+ $guids[] = $valid->getGUID();
+ create_annotation($valid->getGUID(), $annotation_name, $annotation_value, 'integer', $users[0]->getGUID());
+
+ $valid2 = new ElggObject();
+ $valid2->subtype = $subtype;
+ $valid2->save();
+ $guids[] = $valid2->getGUID();
+ create_annotation($valid2->getGUID(), $annotation_name2, $annotation_value2, 'integer', $users[1]->getGUID());
+
+ $options = array(
+ 'annotation_owner_guid' => $users[0]->getGUID(),
+ 'annotation_name' => $annotation_name
+ );
+
+ $entities = elgg_get_entities_from_annotations($options);
+
+ foreach ($entities as $entity) {
+ $this->assertTrue(in_array($entity->getGUID(), $guids));
+ $annotations = $entity->getAnnotations($annotation_name);
+ $this->assertEqual(count($annotations), 1);
+
+ $this->assertEqual($annotations[0]->name, $annotation_name);
+ $this->assertEqual($annotations[0]->value, $annotation_value);
+ $this->assertEqual($annotations[0]->owner_guid, $users[0]->getGUID());
+ }
+
+ foreach ($guids as $guid) {
+ if ($e = get_entity($guid)) {
+ $e->delete();
+ }
+ }
+ }
}
diff --git a/engine/tests/objects/users.php b/engine/tests/objects/users.php
index c03091a91..d6d73a37b 100644
--- a/engine/tests/objects/users.php
+++ b/engine/tests/objects/users.php
@@ -14,7 +14,7 @@ class ElggCoreUserTest extends ElggCoreUnitTest {
*/
public function __construct() {
parent::__construct();
-
+
// all code should come after here
}
@@ -31,7 +31,7 @@ class ElggCoreUserTest extends ElggCoreUnitTest {
public function tearDown() {
// do not allow SimpleTest to interpret Elgg notices as exceptions
$this->swallowErrors();
-
+
unset($this->user);
}
@@ -68,17 +68,18 @@ class ElggCoreUserTest extends ElggCoreUnitTest {
$attributes['language'] = '';
$attributes['code'] = '';
$attributes['banned'] = 'no';
-
+ $attributes['admin'] = 'no';
+
$this->assertIdentical($this->user->expose_attributes(), $attributes);
}
-
+
public function testElggUserLoad() {
// new object
$object = new ElggObject();
$this->AssertEqual($object->getGUID(), 0);
$guid = $object->save();
$this->AssertNotEqual($guid, 0);
-
+
// fail on wrong type
try {
$error = new ElggUserTest($guid);
@@ -88,15 +89,15 @@ class ElggCoreUserTest extends ElggCoreUnitTest {
$message = sprintf(elgg_echo('InvalidClassException:NotValidElggStar'), $guid, 'ElggUser');
$this->assertIdentical($e->getMessage(), $message);
}
-
+
// clean up
$object->delete();
}
-
+
public function testElggUserConstructorByGuid() {
$user = new ElggUser(get_loggedin_userid());
$this->assertIdentical($user, $_SESSION['user']);
-
+
// fail with garbage
try {
$error = new ElggUserTest(array('invalid'));
@@ -107,57 +108,141 @@ class ElggCoreUserTest extends ElggCoreUnitTest {
$this->assertIdentical($e->getMessage(), $message);
}
}
-
+
public function testElggUserConstructorByDbRow() {
$row = $this->fetchUser(get_loggedin_userid());
$user = new ElggUser($row);
$this->assertIdentical($user, $_SESSION['user']);
}
-
+
public function testElggUserConstructorByUsername() {
$row = $this->fetchUser(get_loggedin_userid());
$user = new ElggUser($row->username);
$this->assertIdentical($user, $_SESSION['user']);
}
-
+
public function testElggUserSave() {
// new object
$this->AssertEqual($this->user->getGUID(), 0);
$guid = $this->user->save();
$this->AssertNotEqual($guid, 0);
-
+
// clean up
$this->user->delete();
}
-
+
public function testElggUserDelete() {
$guid = $this->user->save();
-
+
// delete object
$this->assertTrue($this->user->delete());
-
+
// check GUID not in database
$this->assertFalse($this->fetchUser($guid));
}
-
+
public function testElggUserNameCache() {
// Trac #1305
-
+
// very unlikely a user would have this username
$name = (string)time();
$this->user->username = $name;
-
+
$guid = $this->user->save();
-
- $user = get_user_by_username($name);
- $user->delete();
+
+ $user = get_user_by_username($name);
+ $user->delete();
$user = get_user_by_username($name);
$this->assertFalse($user);
}
-
+
+
+ public function testElggUserMakeAdmin() {
+ global $CONFIG;
+
+ // need to save user to have a guid
+ $guid = $this->user->save();
+
+ $this->assertTrue($this->user->makeAdmin());
+
+ $q = "SELECT admin FROM {$CONFIG->dbprefix}users_entity WHERE guid = $guid";
+ $r = mysql_query($q);
+
+ $admin = mysql_fetch_assoc($r);
+ $this->assertEqual($admin['admin'], 'yes');
+
+ $this->user->delete();
+ }
+
+ public function testElggUserRemoveAdmin() {
+ global $CONFIG;
+
+ // need to save user to have a guid
+ $guid = $this->user->save();
+
+ $this->assertTrue($this->user->removeAdmin());
+
+ $q = "SELECT admin FROM {$CONFIG->dbprefix}users_entity WHERE guid = $guid";
+ $r = mysql_query($q);
+
+ $admin = mysql_fetch_assoc($r);
+ $this->assertEqual($admin['admin'], 'no');
+
+ $this->user->delete();
+ }
+
+ public function testElggUserIsAdmin() {
+ // need to grab a real user with a guid and everything.
+ $guid = $this->user->save();
+
+ $this->assertTrue($this->user->makeAdmin());
+
+ // this is testing the function, not the SQL.
+ // that's been tested above.
+ $this->assertTrue($this->user->isAdmin());
+
+ $this->user->delete();
+ }
+
+ public function testElggUserIsNotAdmin() {
+ // need to grab a real user with a guid and everything.
+ $guid = $this->user->save();
+
+ $this->assertTrue($this->user->removeAdmin());
+
+ // this is testing the function, not the SQL.
+ // that's been tested above.
+ $this->assertFalse($this->user->isAdmin());
+
+ $this->user->delete();
+ }
+
+ // remove in 1.9
+ public function testElggUserIsAdminLegacy() {
+ $this->user->save();
+ $this->user->makeAdmin();
+
+ $this->assertTrue($this->user->admin);
+ $this->assertTrue($this->user->siteadmin);
+
+ $this->user->removeAdmin();
+ $this->user->delete();
+ }
+
+ public function testElggUserIsNotAdminLegacy() {
+ $this->user->save();
+ $this->user->removeAdmin();
+
+ $this->assertFalse($this->user->admin);
+ $this->assertFalse($this->user->siteadmin);
+
+ $this->user->removeAdmin();
+ $this->user->delete();
+ }
+
protected function fetchUser($guid) {
global $CONFIG;
-
+
return get_data_row("SELECT * FROM {$CONFIG->dbprefix}users_entity WHERE guid = '$guid'");
}
}
diff --git a/languages/en.php b/languages/en.php
index 5bc18c5cb..c3a76c6d1 100644
--- a/languages/en.php
+++ b/languages/en.php
@@ -30,6 +30,8 @@ $english = array(
'loggedinrequired' => "You must be logged in to view that page.",
'adminrequired' => "You must be an administrator to view that page.",
+ 'membershiprequired' => "You must be a member of this group to view that page.",
+
/**
* Errors
diff --git a/mod/bookmarks/index.php b/mod/bookmarks/index.php
index 0b8508cc9..187ee3fcf 100644
--- a/mod/bookmarks/index.php
+++ b/mod/bookmarks/index.php
@@ -14,6 +14,9 @@ global $CONFIG;
// Start engine
require_once(dirname(dirname(dirname(__FILE__))) . "/engine/start.php");
+// access check for closed groups
+group_gatekeeper();
+
$page_owner = page_owner_entity();
if ($page_owner === false || is_null($page_owner)) {
$page_owner = $_SESSION['user'];
diff --git a/mod/bookmarks/start.php b/mod/bookmarks/start.php
index 9588f7a8a..c37899034 100644
--- a/mod/bookmarks/start.php
+++ b/mod/bookmarks/start.php
@@ -35,7 +35,7 @@ function bookmarks_init() {
register_entity_url_handler('bookmark_url','object','bookmarks');
// Shares widget
- add_widget_type('bookmarks',elgg_echo("bookmarks:recent"),elgg_echo("bookmarks:widget:description"));
+ add_widget_type('bookmarks',elgg_echo("bookmarks"),elgg_echo("bookmarks:widget:description"));
// Register entity type
register_entity_type('object','bookmarks');
diff --git a/mod/bookmarks/views/default/widgets/bookmarks/edit.php b/mod/bookmarks/views/default/widgets/bookmarks/edit.php
index 2ae8af6e4..2098b200b 100644
--- a/mod/bookmarks/views/default/widgets/bookmarks/edit.php
+++ b/mod/bookmarks/views/default/widgets/bookmarks/edit.php
@@ -13,15 +13,16 @@
<p>
<?php echo elgg_echo('bookmarks:numbertodisplay'); ?>:
<select name="params[num_display]">
- <option value="1" <?php if($vars['entity']->num_display == 1) echo "SELECTED"; ?>>1</option>
- <option value="2" <?php if($vars['entity']->num_display == 2) echo "SELECTED"; ?>>2</option>
- <option value="3" <?php if($vars['entity']->num_display == 3) echo "SELECTED"; ?>>3</option>
- <option value="4" <?php if($vars['entity']->num_display == 4) echo "SELECTED"; ?>>4</option>
- <option value="5" <?php if($vars['entity']->num_display == 5) echo "SELECTED"; ?>>5</option>
- <option value="6" <?php if($vars['entity']->num_display == 6) echo "SELECTED"; ?>>6</option>
- <option value="7" <?php if($vars['entity']->num_display == 7) echo "SELECTED"; ?>>7</option>
- <option value="8" <?php if($vars['entity']->num_display == 8) echo "SELECTED"; ?>>8</option>
- <option value="9" <?php if($vars['entity']->num_display == 9) echo "SELECTED"; ?>>9</option>
- <option value="10" <?php if($vars['entity']->num_display == 10) echo "SELECTED"; ?>>10</option>
+<?php
+
+for ($i=1; $i<=10; $i++) {
+ $selected = '';
+ if ($vars['entity']->num_display == $i) {
+ $selected = "selected='selected'";
+ }
+
+ echo " <option value='{$i}' $selected >{$i}</option>\n";
+}
+?>
</select>
</p> \ No newline at end of file
diff --git a/mod/file/index.php b/mod/file/index.php
index 6a418ac6a..848de9e53 100644
--- a/mod/file/index.php
+++ b/mod/file/index.php
@@ -13,9 +13,8 @@
require_once(dirname(dirname(dirname(__FILE__))) . "/engine/start.php");
- if (is_callable('group_gatekeeper')) {
- group_gatekeeper();
- }
+ // access check for closed groups
+ group_gatekeeper();
//set the title
if (page_owner() == get_loggedin_userid()) {
diff --git a/mod/file/start.php b/mod/file/start.php
index 1345dec44..b8a26fab5 100644
--- a/mod/file/start.php
+++ b/mod/file/start.php
@@ -43,7 +43,7 @@
register_page_handler('file','file_page_handler');
// Add a new file widget
- add_widget_type('filerepo',elgg_echo("file:widget"),elgg_echo("file:widget:description"));
+ add_widget_type('filerepo',elgg_echo("file"),elgg_echo("file:widget:description"));
// Register a URL handler for files
register_entity_url_handler('file_url','object','file');
@@ -235,5 +235,8 @@
register_action("file/upload", false, $CONFIG->pluginspath . "file/actions/upload.php");
register_action("file/save", false, $CONFIG->pluginspath . "file/actions/save.php");
register_action("file/delete", false, $CONFIG->pluginspath. "file/actions/delete.php");
+
+ // temporary - see #2010
+ register_action("file/download", false, $CONFIG->pluginspath. "file/actions/download.php");
?>
diff --git a/mod/file/views/default/widgets/filerepo/edit.php b/mod/file/views/default/widgets/filerepo/edit.php
index 35d633058..0d1901662 100644
--- a/mod/file/views/default/widgets/filerepo/edit.php
+++ b/mod/file/views/default/widgets/filerepo/edit.php
@@ -1,19 +1,24 @@
+<?php
+// set default value
+if (!isset($vars['entity']->num_display)) {
+ $vars['entity']->num_display = 4;
+}
+?>
<p>
- <?php echo elgg_echo("file:num_files"); ?>:
- <select name="params[num_display]">
- <option value="1" <?php if($vars['entity']->num_display == 1) echo "SELECTED"; ?>>1</option>
- <option value="2" <?php if($vars['entity']->num_display == 2) echo "SELECTED"; ?>>2</option>
- <option value="3" <?php if($vars['entity']->num_display == 3) echo "SELECTED"; ?>>3</option>
- <option value="4" <?php if($vars['entity']->num_display == 4) echo "SELECTED"; ?>>4</option>
- <option value="5" <?php if($vars['entity']->num_display == 5) echo "SELECTED"; ?>>5</option>
- <option value="6" <?php if($vars['entity']->num_display == 6) echo "SELECTED"; ?>>6</option>
- <option value="7" <?php if($vars['entity']->num_display == 7) echo "SELECTED"; ?>>7</option>
- <option value="8" <?php if($vars['entity']->num_display == 8) echo "SELECTED"; ?>>8</option>
- <option value="9" <?php if($vars['entity']->num_display == 9) echo "SELECTED"; ?>>9</option>
- <option value="10" <?php if($vars['entity']->num_display == 10) echo "SELECTED"; ?>>10</option>
- <option value="15" <?php if($vars['entity']->num_display == 15) echo "SELECTED"; ?>>15</option>
- <option value="20" <?php if($vars['entity']->num_display == 20) echo "SELECTED"; ?>>20</option>
- </select>
+ <?php echo elgg_echo("file:num_files"); ?>:
+ <select name="params[num_display]">
+<?php
+$options = array(1,2,3,4,5,6,7,8,9,10,15,20);
+foreach ($options as $option) {
+ $selected = '';
+ if ($vars['entity']->num_display == $option) {
+ $selected = "selected='selected'";
+ }
+
+ echo " <option value='{$option}' $selected >{$option}</option>\n";
+}
+?>
+ </select>
</p>
<p>
diff --git a/mod/file/views/default/widgets/filerepo/view.php b/mod/file/views/default/widgets/filerepo/view.php
index 01fdefa48..276ece053 100644
--- a/mod/file/views/default/widgets/filerepo/view.php
+++ b/mod/file/views/default/widgets/filerepo/view.php
@@ -17,8 +17,9 @@ $('a.show_file_desc').click(function () {
//the number of files to display
$number = (int) $vars['entity']->num_display;
- if (!$number)
- $number = 1;
+ if (!$number) {
+ $number = 4;
+ }
//get the layout view which is set by the user in the edit panel
$get_view = (int) $vars['entity']->gallery_list;
diff --git a/mod/groups/discussions.php b/mod/groups/discussions.php
index d4478039e..c3166dc95 100644
--- a/mod/groups/discussions.php
+++ b/mod/groups/discussions.php
@@ -14,8 +14,9 @@
// Load Elgg engine
require_once(dirname(dirname(dirname(__FILE__))) . "/engine/start.php");
-
- group_gatekeeper();
+
+ // access check for closed groups
+ group_gatekeeper();
// Display them
$area1 = elgg_view_title(elgg_echo("groups:latestdiscussion"));
diff --git a/mod/pages/index.php b/mod/pages/index.php
index 5b31c6347..ad8aaaad2 100644
--- a/mod/pages/index.php
+++ b/mod/pages/index.php
@@ -24,7 +24,8 @@
if ($owner instanceof ElggUser) add_submenu_item(elgg_echo('pages:welcome'), $CONFIG->url . "pg/pages/welcome/", 'pagesactions');
}
- if (is_callable('group_gatekeeper')) group_gatekeeper();
+ // access check for closed groups
+ group_gatekeeper();
$limit = get_input("limit", 10);
$offset = get_input("offset", 0);
diff --git a/mod/pages/views/default/widgets/pages/edit.php b/mod/pages/views/default/widgets/pages/edit.php
index 8fb2511f7..9504d5fdb 100644
--- a/mod/pages/views/default/widgets/pages/edit.php
+++ b/mod/pages/views/default/widgets/pages/edit.php
@@ -10,8 +10,24 @@
* @link http://elgg.com/
*/
+if (!isset($vars['entity']->pages_num)) {
+ $vars['entity']->pages_num = 4;
+}
+
+?>
+<p>
+ <?php echo elgg_echo("pages:num"); ?>:
+ <select name="params[pages_num]">
+<?php
+
+for ($i=1; $i<=10; $i++) {
+ $selected = '';
+ if ($vars['entity']->pages_num == $i) {
+ $selected = "selected='selected'";
+ }
+
+ echo " <option value='{$i}' $selected >{$i}</option>\n";
+}
?>
- <p>
- <?php echo elgg_echo("pages:num"); ?>
- <input type="text" name="params[pages_num]" value="<?php echo htmlentities($vars['entity']->pages_num); ?>" />
- </p> \ No newline at end of file
+ </select>
+</p> \ No newline at end of file
diff --git a/mod/pages/views/default/widgets/pages/view.php b/mod/pages/views/default/widgets/pages/view.php
index 2ca32b284..425e4f501 100644
--- a/mod/pages/views/default/widgets/pages/view.php
+++ b/mod/pages/views/default/widgets/pages/view.php
@@ -16,11 +16,17 @@
*/
$num_display = (int) $vars['entity']->pages_num;
+ if (!$num_display) {
+ $num_display = 4;
+ }
$pages = elgg_list_entities(array('types' => 'object', 'subtypes' => 'page_top', 'container_guid' => page_owner(), 'limit' => $num_display, 'full_view' => FALSE));
- $pagesurl = $vars['url'] . "pg/pages/owned/" . page_owner_entity()->username;
- $pages .= "<div class=\"pages_widget_singleitem_more\"><a href=\"{$pagesurl}\">" . elgg_echo('pages:more') . "</a></div>";
-
+
+ if ($pages) {
+ $pagesurl = $vars['url'] . "pg/pages/owned/" . page_owner_entity()->username;
+ $pages .= "<div class=\"pages_widget_singleitem_more\"><a href=\"{$pagesurl}\">" . elgg_echo('pages:more') . "</a></div>";
+ }
+
echo "<div id=\"pages_widget\">" . $pages . "</div>";
?> \ No newline at end of file
diff --git a/mod/profile/actions/edit.php b/mod/profile/actions/edit.php
index 4afe4cd47..207559334 100644
--- a/mod/profile/actions/edit.php
+++ b/mod/profile/actions/edit.php
@@ -33,10 +33,17 @@ foreach($CONFIG->profile as $shortname => $valuetype) {
// the decoding is a stop gag to prevent &amp;&amp; showing up in profile fields
// because it is escaped on both input (get_input()) and output (view:output/text). see #561 and #1405.
// must decode in utf8 or string corruption occurs. see #1567.
- $value = html_entity_decode(get_input($shortname), ENT_COMPAT, 'UTF-8');
+ $value = get_input($shortname);
+ if (is_array($value)) {
+ foreach ($value as $k => $v) {
+ $value[$k] = html_entity_decode($v, ENT_COMPAT, 'UTF-8');
+ }
+ } else {
+ $value = html_entity_decode($value, ENT_COMPAT, 'UTF-8');
+ }
// limit to reasonable sizes.
- if ($valuetype != 'longtext' && elgg_strlen($value) > 250) {
+ if (!is_array($value) && $valuetype != 'longtext' && elgg_strlen($value) > 250) {
$error = sprintf(elgg_echo('profile:field_too_long'), elgg_echo("profile:{$shortname}"));
register_error($error);
forward($_SERVER['HTTP_REFERER']);
diff --git a/mod/profile/icondirect.php b/mod/profile/icondirect.php
index a9aed2eea..353ce389c 100644
--- a/mod/profile/icondirect.php
+++ b/mod/profile/icondirect.php
@@ -1,125 +1,28 @@
<?php
-/**
- * Elgg profile icon
- *
- * @package ElggProfile
- * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
- * @author Curverider Ltd <info@elgg.com>
- * @copyright Curverider Ltd 2008-2010
- * @link http://elgg.com/
-*/
-require_once(dirname(dirname(dirname(__FILE__))). '/engine/settings.php');
+ /**
+ * Elgg profile icon cache/bypass
+ *
+ * @package ElggProfile
+ * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
+ * @author Curverider Ltd <info@elgg.com>
+ * @copyright Curverider Ltd 2008-2010
+ * @link http://elgg.com/
+ */
-/**
- * UTF safe str_split.
- * This is only used here since we don't have access to the file store code.
- * TODO: This is a horrible hack, so clean this up!
- */
-function __id_mb_str_split($string, $charset = 'UTF8'){
- if (is_callable('mb_substr')){
- $length = mb_strlen($string);
- $array = array();
-
- while ($length){
- $array[] = mb_substr($string, 0, 1, $charset);
- $string = mb_substr($string, 1, $length, $charset);
- $length = mb_strlen($string);
- }
-
- return $array;
- } else {
- return str_split($string);
- }
-
- return FALSE;
-}
-
-global $CONFIG;
-$contents = '';
-
-if ($mysql_dblink = @mysql_connect($CONFIG->dbhost,$CONFIG->dbuser,$CONFIG->dbpass, true)) {
- $username = $_GET['username'];
- //$username = preg_replace('/[^A-Za-z0-9\_\-]/i','',$username);
- $blacklist = '/[' .
- '\x{0080}-\x{009f}' . # iso-8859-1 control chars
- '\x{00a0}' . # non-breaking space
- '\x{2000}-\x{200f}' . # various whitespace
- '\x{2028}-\x{202f}' . # breaks and control chars
- '\x{3000}' . # ideographic space
- '\x{e000}-\x{f8ff}' . # private use
- ']/u';
- if (
- preg_match($blacklist, $username) ||
- (strpos($username, '/')!==false) ||
- (strpos($username, '\\')!==false) ||
- (strpos($username, '"')!==false) ||
- (strpos($username, '\'')!==false) ||
- (strpos($username, '*')!==false) ||
- (strpos($username, '&')!==false) ||
- (strpos($username, ' ')!==false)
- ) exit;
-
- $userarray = __id_mb_str_split($username);
-
- $matrix = '';
- $length = 5;
- if (sizeof($userarray) < $length) $length = sizeof($userarray);
- for ($n = 0; $n < $length; $n++) {
- $matrix .= $userarray[$n] . "/";
- }
-
- // Get the size
- $size = strtolower($_GET['size']);
- if (!in_array($size,array('large','medium','small','tiny','master','topbar')))
- $size = "medium";
-
- // Try and get the icon
- if (@mysql_select_db($CONFIG->dbname,$mysql_dblink)) {
- // get dataroot and simplecache_enabled in one select for efficiency
- if ($result = mysql_query("select name, value from {$CONFIG->dbprefix}datalists where name in ('dataroot','simplecache_enabled')",$mysql_dblink)) {
- $simplecache_enabled = true;
- $row = mysql_fetch_object($result);
- while ($row) {
- if ($row->name == 'dataroot') {
- $dataroot = $row->value;
- } else if ($row->name == 'simplecache_enabled') {
- $simplecache_enabled = $row->value;
- }
- $row = mysql_fetch_object($result);
- }
- }
- }
-}
- //@todo forcing through the framework to ensure the matrix
- // is created the same way.
- //if ($simplecache_enabled) {
- if (false) {
- $filename = $dataroot . $matrix . "{$username}/profile/" . $username . $size . ".jpg";
- $contents = @file_get_contents($filename);
- if (empty($contents)) {
- global $viewinput;
- $viewinput['view'] = 'icon/user/default/'.$size;
- ob_start();
- include(dirname(dirname(dirname(__FILE__))).'/simplecache/view.php');
- $loc = ob_get_clean();
- header('Location: ' . $loc);
- exit;
- //$contents = @file_get_contents(dirname(__FILE__) . "/graphics/default{$size}.jpg");
- } else {
- header("Content-type: image/jpeg");
- header('Expires: ' . date('r',time() + 864000));
- header("Pragma: public");
- header("Cache-Control: public");
- header("Content-Length: " . strlen($contents));
- $splitString = str_split($contents, 1024);
- foreach($splitString as $chunk)
- echo $chunk;
- }
- } else {
- mysql_close($mysql_dblink);
- require_once(dirname(dirname(dirname(__FILE__))) . "/engine/start.php");
- set_input('username',$username);
- set_input('size',$size);
- require_once(dirname(__FILE__).'/icon.php');
- } \ No newline at end of file
+ // This should provide faster access to profile icons by not loading the
+ // engine but directly grabbing the file from the user's profile directory.
+ // The speedup was broken in Elgg 1.7 because of a change in directory structure.
+ // The link to this script is provided in profile_usericon_hook(). To work
+ // in 1.7 forward, the link has to be updated to provide more information.
+ // The profile icon filename should also be changed to not use username.
+
+ // To see previous code, see svn history.
+
+ // At the moment, this does not serve much of a purpose other than provide
+ // continuity. It currently just includes icon.php which uses the engine.
+
+ // see #1989 and #2035
+
+ require_once(dirname(dirname(dirname(__FILE__))) . "/engine/start.php");
+ require_once(dirname(__FILE__).'/icon.php');
diff --git a/mod/profile/views/default/profile/menu/adminlinks.php b/mod/profile/views/default/profile/menu/adminlinks.php
index a88f96816..d2a36397d 100644
--- a/mod/profile/views/default/profile/menu/adminlinks.php
+++ b/mod/profile/views/default/profile/menu/adminlinks.php
@@ -23,10 +23,10 @@ if (isadminloggedin()){
}
echo elgg_view('output/confirmlink', array('text' => elgg_echo("delete"), 'href' => "{$vars['url']}action/admin/user/delete?guid={$vars['entity']->guid}"));
echo elgg_view('output/confirmlink', array('text' => elgg_echo("resetpassword"), 'href' => "{$vars['url']}action/admin/user/resetpassword?guid={$vars['entity']->guid}"));
- if (!$vars['entity']->admin) {
+ if (!$vars['entity']->isAdmin()) {
echo elgg_view('output/confirmlink', array('text' => elgg_echo("makeadmin"), 'href' => "{$vars['url']}action/admin/user/makeadmin?guid={$vars['entity']->guid}"));
} else {
echo elgg_view('output/confirmlink', array('text' => elgg_echo("removeadmin"), 'href' => "{$vars['url']}action/admin/user/removeadmin?guid={$vars['entity']->guid}"));
}
}
- } \ No newline at end of file
+ }
diff --git a/mod/search/index.php b/mod/search/index.php
index a09c688ed..8ee44d9e7 100644
--- a/mod/search/index.php
+++ b/mod/search/index.php
@@ -8,11 +8,16 @@
* @link http://elgg.org/
*/
+// Search supports RSS
+global $autofeed;
+$autofeed = true;
+
// $search_type == all || entities || trigger plugin hook
$search_type = get_input('search_type', 'all');
// @todo there is a bug in get_input that makes variables have slashes sometimes.
-$query = stripslashes(get_input('q', get_input('tag', '', FALSE), FALSE));
+// XSS protection is more important that searching for HTML.
+$query = stripslashes(get_input('q', get_input('tag', '')));
// get limit and offset. override if on search dashboard, where only 2
// of each most recent entity types will be shown.
diff --git a/mod/thewire/actions/add.php b/mod/thewire/actions/add.php
index 1a59a979f..de2538e1e 100644
--- a/mod/thewire/actions/add.php
+++ b/mod/thewire/actions/add.php
@@ -1,63 +1,45 @@
<?php
- /**
- * Elgg thewire: add shout action
- *
- * @package Elggthewire
- * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
- * @author Curverider <info@elgg.com>
- * @copyright Curverider Ltd 2008-2010
- * @link http://elgg.org/
- */
-
- // Make sure we're logged in (send us to the front page if not)
- if (!isloggedin()) forward();
-
- // Get input data
- $body = get_input('new_post_textarea');
- $tags = get_input('thewiretags');
- $access_id = (int)get_default_access();
- if ($access_id == ACCESS_PRIVATE)
- $access_id = ACCESS_LOGGED_IN; // Private wire messages are pointless
- $location = get_input('location');
- $method = get_input('method');
- $parent = (int)get_input('parent', 0);
- if(!$parent)
- $parent = 0;
-
- // convert the shout body into tags
- $tagarray = filter_string($body);
-
- // Make sure the title / description aren't blank
- if (empty($body)) {
- register_error(elgg_echo("thewire:blank"));
- forward("mod/thewire/add.php");
-
- // Otherwise, save the thewire post
- } else {
-
- if (!thewire_save_post($body, $access_id, $parent, $method)) {
- register_error(elgg_echo("thewire:error"));
- if($location == "activity")
- forward("mod/riverdashboard/");
- else
- forward("mod/thewire/add.php");
- }
-
- // Now let's add tags. We can pass an array directly to the object property! Easy.
- if (is_array($tagarray)) {
- $thewire->tags = $tagarray;
- }
-
- // Success message
- system_message(elgg_echo("thewire:posted"));
-
- // Forward
- if($location == "activity")
- forward("mod/riverdashboard/");
- else
- forward("mod/thewire/everyone.php");
-
- }
-
+/**
+ * Elgg thewire: add shout action
+ *
+ * @package Elggthewire
+ * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
+ * @author Curverider <info@elgg.com>
+ * @copyright Curverider Ltd 2008-2010
+ * @link http://elgg.org/
+ */
+
+// Make sure we're logged in (send us to the front page if not)
+if (!isloggedin()) forward();
+
+// Get input data
+$body = get_input('note');
+$access_id = (int)get_default_access();
+if ($access_id == ACCESS_PRIVATE) {
+ $access_id = ACCESS_LOGGED_IN; // Private wire messages are pointless
+}
+$method = get_input('method');
+$parent = (int)get_input('parent', 0);
+if (!$parent) {
+ $parent = 0;
+}
+// Make sure the body isn't blank
+if (empty($body)) {
+ register_error(elgg_echo("thewire:blank"));
+ forward("mod/thewire/add.php");
+}
+
+if (!thewire_save_post($body, $access_id, $parent, $method)) {
+ register_error(elgg_echo("thewire:error"));
+ forward("mod/thewire/add.php");
+}
+
+
+// Success message
+system_message(elgg_echo("thewire:posted"));
+
+// Forward
+forward("mod/thewire/everyone.php");
+
?> \ No newline at end of file
diff --git a/mod/thewire/everyone.php b/mod/thewire/everyone.php
index 030a9ece3..f2f557ee9 100644
--- a/mod/thewire/everyone.php
+++ b/mod/thewire/everyone.php
@@ -16,7 +16,9 @@
$area2 = elgg_view_title(elgg_echo("thewire:everyone"));
//add form
- $area2 .= elgg_view("thewire/forms/add");
+ if (isloggedin()) {
+ $area2 .= elgg_view("thewire/forms/add");
+ }
$offset = (int)get_input('offset', 0);
$area2 .= elgg_list_entities(array('types' => 'object', 'subtypes' => 'thewire', 'offset' => $offset));
diff --git a/mod/thewire/languages/en.php b/mod/thewire/languages/en.php
index 3540cef78..0fb114028 100644
--- a/mod/thewire/languages/en.php
+++ b/mod/thewire/languages/en.php
@@ -27,6 +27,7 @@
'thewire:doing' => "What are you doing? Tell everyone on the wire:",
'thewire:newpost' => 'New wire post',
'thewire:addpost' => 'Post to the wire',
+ 'thewire:by' => "Wire post by %s",
/**
@@ -44,11 +45,11 @@
**/
'thewire:sitedesc' => 'This widget shows the latest site notes posted to the wire',
- 'thewire:yourdesc' => 'This widget shows your latest notes posted to the wire',
+ 'thewire:yourdesc' => 'This widget displays your latest wire posts',
'thewire:friendsdesc' => 'This widget will show the latest from your friends on the wire',
'thewire:friends' => 'Your friends on the wire',
'thewire:num' => 'Number of items to display',
-
+ 'thewire:moreposts' => 'More wire posts',
/**
diff --git a/mod/thewire/start.php b/mod/thewire/start.php
index ef6564678..9e078fa58 100644
--- a/mod/thewire/start.php
+++ b/mod/thewire/start.php
@@ -94,7 +94,7 @@
}
// If the URL is just 'thewire/username', or just 'thewire/', load the standard thewire index
} else {
- @include(dirname(__FILE__) . "/index.php");
+ require(dirname(__FILE__) . "/index.php");
return true;
}
@@ -165,10 +165,6 @@
// Set its description appropriately
$thewire->description = elgg_substr(strip_tags($post), 0, 160);
- /*if (is_callable('mb_substr'))
- $thewire->description = mb_substr(strip_tags($post), 0, 160);
- else
- $thewire->description = substr(strip_tags($post), 0, 160);*/
// add some metadata
$thewire->method = $method; //method, e.g. via site, sms etc
diff --git a/mod/thewire/views/default/thewire/activity_view.php b/mod/thewire/views/default/thewire/activity_view.php
deleted file mode 100644
index 7edd64680..000000000
--- a/mod/thewire/views/default/thewire/activity_view.php
+++ /dev/null
@@ -1,48 +0,0 @@
-<?php
-
- /**
- * New wire post view for the activity stream
- */
-
- //grab the users latest from the wire
- $latest_wire = elgg_list_entities(array('types' => 'object', 'subtypes' => 'thewire', 'owner_guid' => $_SESSION['user']->getGUID(), 'limit' => 1, 'full_view' => TRUE, 'view_type_toggle' => FALSE, 'pagination' => FALSE));
-
-?>
-
-<script>
-function textCounter(field,cntfield,maxlimit) {
- // if too long...trim it!
- if (field.value.length > maxlimit) {
- field.value = field.value.substring(0, maxlimit);
- } else {
- // otherwise, update 'characters left' counter
- cntfield.value = maxlimit - field.value.length;
- }
-}
-</script>
-
-<div class="sidebarBox">
-
- <form action="<?php echo $vars['url']; ?>action/thewire/add" method="post" name="noteForm">
-
- <?php
- $display .= "<h3>" . elgg_echo('thewire:newpost') . "</h3><textarea name='note' value='' onKeyDown=\"textCounter(document.noteForm.note,document.noteForm.remLen1,140)\" onKeyUp=\"textCounter(document.noteForm.note,document.noteForm.remLen1,140)\" id=\"thewire_sidebarInputBox\">{$msg}</textarea><br />";
- $display .= "<div class='thewire_characters_remaining'><input readonly type=\"text\" name=\"remLen1\" size=\"3\" maxlength=\"3\" value=\"140\" class=\"thewire_characters_remaining_field\">";
- echo $display;
- echo elgg_echo("thewire:charleft") . "</div>";
- ?>
- <input type="hidden" name="method" value="site" />
- <input type="hidden" name="location" value="activity" />
- <input type="hidden" name="access_id" value="2" />
- <input type="submit" value="<?php echo elgg_echo('save'); ?>" id="thewire_submit_button" />
- </form>
-
- <div class="last_wirepost">
- <?php
- echo $latest_wire;
- ?>
- </div>
-
- <img src="<?php echo $vars['url']; ?>mod/thewire/graphics/river_icon_thewire.gif" alt="the wire" align="left" style="margin-right:5px;"/><a href="<?php echo $vars['url']; ?>mod/thewire/everyone.php" />Read the wire</a>
-
-</div> \ No newline at end of file
diff --git a/mod/thewire/views/default/thewire/css.php b/mod/thewire/views/default/thewire/css.php
index 8b46f4b18..30959e5d3 100644
--- a/mod/thewire/views/default/thewire/css.php
+++ b/mod/thewire/views/default/thewire/css.php
@@ -75,6 +75,7 @@
margin-top:-3px;
float:left;
width:620px;
+ overflow: hidden;
}
.wire_post_options {
float:right;
diff --git a/mod/thewire/views/default/widgets/thewire/edit.php b/mod/thewire/views/default/widgets/thewire/edit.php
index 32a5c8bf7..969015ab8 100644
--- a/mod/thewire/views/default/widgets/thewire/edit.php
+++ b/mod/thewire/views/default/widgets/thewire/edit.php
@@ -1,14 +1,22 @@
<?php
+// set default value
+if (!isset($vars['entity']->num_display)) {
+ $vars['entity']->num_display = 4;
+}
+?>
+<p>
+ <?php echo elgg_echo("thewire:num"); ?>
+ <select name="params[num_display]">
+<?php
+$options = array(1,2,3,4,5,6);
+foreach ($options as $option) {
+ $selected = '';
+ if ($vars['entity']->num_display == $option) {
+ $selected = "selected='selected'";
+ }
+ echo " <option value='{$option}' $selected >{$option}</option>\n";
+}
?>
- <p>
- <?php echo elgg_echo("thewire:num"); ?>
- <select name="params[num_display]">
- <option value="1" <?php if($vars['entity']->num_display == 1) echo "SELECTED"; ?>>1</option>
- <option value="2" <?php if($vars['entity']->num_display == 2) echo "SELECTED"; ?>>2</option>
- <option value="3" <?php if($vars['entity']->num_display == 3) echo "SELECTED"; ?>>3</option>
- <option value="4" <?php if($vars['entity']->num_display == 4) echo "SELECTED"; ?>>4</option>
- <option value="5" <?php if($vars['entity']->num_display == 5) echo "SELECTED"; ?>>5</option>
- <option value="6" <?php if($vars['entity']->num_display == 6) echo "SELECTED"; ?>>6</option>
- </select>
- </p> \ No newline at end of file
+ </select>
+</p> \ No newline at end of file
diff --git a/mod/thewire/views/default/widgets/thewire/view.php b/mod/thewire/views/default/widgets/thewire/view.php
index 4821b854b..39fe368d0 100644
--- a/mod/thewire/views/default/widgets/thewire/view.php
+++ b/mod/thewire/views/default/widgets/thewire/view.php
@@ -1,29 +1,15 @@
+<?php
+
+$num = $vars['entity']->num_display;
+if (!$num) {
+ $num = 4;
+}
- <?php
+$content = elgg_list_entities(array('types' => 'object', 'subtypes' => 'thewire', 'container_guid' => $vars['entity']->owner_guid, 'limit' => $num, 'full_view' => FALSE, 'pagination' => FALSE));
- // Get any wire notes to display
- // Get the current page's owner
- $page_owner = page_owner_entity();
- if ($page_owner === false || is_null($page_owner)) {
- $page_owner = $_SESSION['user'];
- set_page_owner($page_owner->getGUID());
- }
-
- $num = $vars['entity']->num_display;
- if(!$num)
- $num = 4;
-
- $thewire = $page_owner->getObjects('thewire', $num);
-
- // If there are any thewire to view, view them
- if (is_array($thewire) && sizeof($thewire) > 0) {
-
- foreach($thewire as $shout) {
-
- echo elgg_view_entity($shout);
-
- }
-
- }
-
- ?>
+echo $content;
+
+if ($content) {
+ $blogurl = $vars['url'] . "pg/thewire/" . page_owner_entity()->username;
+ echo "<div class=\"shares_widget_wrapper\"><a href=\"{$blogurl}\">".elgg_echo('thewire:moreposts')."</a></div>";
+}
diff --git a/mod/thewire/views/rss/search/object/thewire/entity.php b/mod/thewire/views/rss/search/object/thewire/entity.php
new file mode 100644
index 000000000..ff0b5b480
--- /dev/null
+++ b/mod/thewire/views/rss/search/object/thewire/entity.php
@@ -0,0 +1,28 @@
+<?php
+/**
+ * Elgg thewire.
+ * Search entity view for RSS feeds.
+ *
+ * @package ElggTheWire
+ * @link http://elgg.org/
+ */
+
+if (!array_key_exists('entity', $vars)) {
+ return FALSE;
+}
+
+$owner = $vars['entity']->getOwnerEntity();
+if ($owner) {
+ $title = sprintf(elgg_echo('thewire:by'), $owner->name);
+}
+$description = $vars['entity']->getVolatileData('search_matched_description');
+
+?>
+
+<item>
+ <guid isPermaLink='false'><?php echo $vars['entity']->getGUID(); ?></guid>
+ <pubDate><?php echo date("r", $vars['entity']->time_created) ?></pubDate>
+ <link><?php echo htmlspecialchars($vars['entity']->getURL()); ?></link>
+ <title><![CDATA[<?php echo $title; ?>]]></title>
+ <description><![CDATA[<?php echo $description; ?>]]></description>
+</item>
diff --git a/version.php b/version.php
index 517fecff7..20d459ee5 100644
--- a/version.php
+++ b/version.php
@@ -12,7 +12,7 @@
// YYYYMMDD = Elgg Date
// XX = Interim incrementer
-$version = 2010030101;
+$version = 2010040201;
// Human-friendly version name
$release = '1.8-svn';
diff --git a/views/default/account/forms/register.php b/views/default/account/forms/register.php
index 756efbb7e..b46e9df0b 100644
--- a/views/default/account/forms/register.php
+++ b/views/default/account/forms/register.php
@@ -13,7 +13,7 @@ $email = get_input('e');
$name = get_input('n');
$admin_option = false;
-if (($_SESSION['user']->admin) && ($vars['show_admin'])) {
+if (($_SESSION['user']->isAdmin()) && ($vars['show_admin'])) {
$admin_option = true;
}
diff --git a/views/default/account/forms/useradd.php b/views/default/account/forms/useradd.php
index 734854d08..cf0dcd7ca 100644
--- a/views/default/account/forms/useradd.php
+++ b/views/default/account/forms/useradd.php
@@ -9,7 +9,7 @@
*/
$admin_option = false;
-if (($_SESSION['user']->admin) && ($vars['show_admin'])) {
+if (($_SESSION['user']->isAdmin()) && ($vars['show_admin'])) {
$admin_option = true;
}
diff --git a/views/default/output/friendlytime.php b/views/default/output/friendlytime.php
new file mode 100644
index 000000000..282d94c41
--- /dev/null
+++ b/views/default/output/friendlytime.php
@@ -0,0 +1,54 @@
+<?php
+/**
+ * Friendly time
+ * Translates an epoch time into a human-readable time.
+ *
+ * @uses string $vars['time'] Unix-style epoch timestamp
+ */
+
+$diff = time() - ((int) $vars['time']);
+
+$minute = 60;
+$hour = $minute * 60;
+$day = $hour * 24;
+
+if ($diff < $minute) {
+ $friendly_time = elgg_echo("friendlytime:justnow");
+} else if ($diff < $hour) {
+ $diff = round($diff / $minute);
+ if ($diff == 0) {
+ $diff = 1;
+ }
+
+ if ($diff > 1) {
+ $friendly_time = sprintf(elgg_echo("friendlytime:minutes"), $diff);
+ } else {
+ $friendly_time = sprintf(elgg_echo("friendlytime:minutes:singular"), $diff);
+ }
+} else if ($diff < $day) {
+ $diff = round($diff / $hour);
+ if ($diff == 0) {
+ $diff = 1;
+ }
+
+ if ($diff > 1) {
+ $friendly_time = sprintf(elgg_echo("friendlytime:hours"), $diff);
+ } else {
+ $friendly_time = sprintf(elgg_echo("friendlytime:hours:singular"), $diff);
+ }
+} else {
+ $diff = round($diff / $day);
+ if ($diff == 0) {
+ $diff = 1;
+ }
+
+ if ($diff > 1) {
+ $friendly_time = sprintf(elgg_echo("friendlytime:days"), $diff);
+ } else {
+ $friendly_time = sprintf(elgg_echo("friendlytime:days:singular"), $diff);
+ }
+}
+
+$timestamp = htmlentities(date(elgg_echo('friendlytime:date_format'), $vars['time']));
+
+echo "<acronym title=\"$timestamp\">$friendly_time</acronym>";
diff --git a/views/default/output/friendlytitle.php b/views/default/output/friendlytitle.php
new file mode 100644
index 000000000..a92726f69
--- /dev/null
+++ b/views/default/output/friendlytitle.php
@@ -0,0 +1,18 @@
+<?php
+/**
+ * Friendly title
+ * Makes a URL-friendly title.
+ *
+ * @uses string $vars['title'] Title to create from.
+ */
+
+
+$title = $vars['title'];
+
+$title = trim($title);
+$title = strtolower($title);
+$title = preg_replace("/[^\w ]/","",$title);
+$title = str_replace(" ","-",$title);
+$title = str_replace("--","-",$title);
+
+echo $title;
diff --git a/views/default/output/url.php b/views/default/output/url.php
index 7e0281a43..87d3a68a1 100644
--- a/views/default/output/url.php
+++ b/views/default/output/url.php
@@ -20,14 +20,6 @@
$url = trim($vars['href']);
if (!empty($url)) {
- if ((substr_count($url, "http://") == 0) && (substr_count($url, "https://") == 0)) {
- $url = "http://" . $url;
- }
-
- if (array_key_exists('is_action', $vars) && $vars['is_action']) {
- $url = elgg_add_action_tokens_to_url($url);
- }
-
if (array_key_exists('target', $vars) && $vars['target']) {
$target = "target = \"{$vars['target']}\"";
} else {
@@ -52,5 +44,13 @@ if (!empty($url)) {
$text = htmlentities($url, ENT_QUOTES, 'UTF-8');
}
+ if ((substr_count($url, "http://") == 0) && (substr_count($url, "https://") == 0)) {
+ $url = "http://" . $url;
+ }
+
+ if (array_key_exists('is_action', $vars) && $vars['is_action']) {
+ $url = elgg_add_action_tokens_to_url($url);
+ }
+
echo "<a href=\"{$url}\" $target $class $js>$text</a>";
} \ No newline at end of file
diff --git a/views/default/page_elements/elgg_topbar.php b/views/default/page_elements/elgg_topbar.php
index f0808fb28..7db5940cd 100644
--- a/views/default/page_elements/elgg_topbar.php
+++ b/views/default/page_elements/elgg_topbar.php
@@ -31,7 +31,7 @@
<?php
// The administration link is for admin or site admin users only
- if ($vars['user']->admin || $vars['user']->siteadmin) {
+ if ($vars['user']->isAdmin()) {
?>
<a href="<?php echo $vars['url']; ?>pg/admin/" class="admin"><?php echo elgg_echo("admin"); ?></a>
@@ -55,4 +55,4 @@
</div>
<?php
}
-?> \ No newline at end of file
+?>