aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--.gitignore20
-rw-r--r--CHANGES.txt91
-rw-r--r--actions/admin/site/update_advanced.php19
-rw-r--r--actions/avatar/remove.php34
-rw-r--r--actions/avatar/revert.php15
-rw-r--r--actions/comments/delete.php17
-rw-r--r--actions/login.php8
-rw-r--r--actions/register.php4
-rw-r--r--actions/useradd.php4
-rw-r--r--engine/classes/ElggBatch.php2
-rw-r--r--engine/classes/ElggEntity.php118
-rw-r--r--engine/classes/ElggPlugin.php62
-rw-r--r--engine/classes/ElggSite.php3
-rw-r--r--engine/lib/access.php33
-rw-r--r--engine/lib/actions.php15
-rw-r--r--engine/lib/admin.php1
-rw-r--r--engine/lib/annotations.php6
-rw-r--r--engine/lib/elgglib.php28
-rw-r--r--engine/lib/extender.php5
-rw-r--r--engine/lib/languages.php2
-rw-r--r--engine/lib/metadata.php11
-rw-r--r--engine/lib/metastrings.php19
-rw-r--r--engine/lib/plugins.php9
-rw-r--r--engine/lib/relationships.php2
-rw-r--r--engine/lib/sessions.php4
-rw-r--r--engine/lib/upgrades/2012041800-1.8.3-dont_filter_passwords-c0ca4a18b38ae2bc.php11
-rw-r--r--engine/lib/upgrades/2012041801-1.8.3-multiple_user_tokens-852225f7fd89f6c5.php13
-rw-r--r--engine/lib/user_settings.php6
-rw-r--r--engine/lib/users.php8
-rw-r--r--engine/lib/views.php5
-rw-r--r--engine/lib/web_services.php2
-rw-r--r--engine/tests/api/metadata.php74
-rw-r--r--engine/tests/objects/entities.php2
-rw-r--r--languages/en.php15
-rw-r--r--mod/embed/manifest.xml4
-rw-r--r--mod/externalpages/start.php11
-rw-r--r--mod/externalpages/views/default/expages/wrapper.php16
-rw-r--r--mod/file/pages/file/download.php2
-rw-r--r--mod/groups/icon.php2
-rw-r--r--mod/groups/views/default/group/default.php3
-rw-r--r--mod/likes/views/default/likes/button.php5
-rw-r--r--mod/messages/views/default/forms/messages/process.php4
-rw-r--r--mod/pages/actions/pages/delete.php5
-rw-r--r--mod/pages/actions/pages/edit.php14
-rw-r--r--mod/pages/lib/pages.php2
-rw-r--r--mod/pages/pages/pages/view.php2
-rw-r--r--mod/pages/start.php4
-rw-r--r--mod/pages/views/default/forms/pages/edit.php15
-rw-r--r--mod/thewire/pages/thewire/owner.php4
-rw-r--r--mod/thewire/start.php2
-rw-r--r--mod/twitter_api/actions/twitter_api/interstitial_settings.php4
-rw-r--r--mod/twitter_api/lib/twitter_api.php2
-rw-r--r--upgrade.php3
-rw-r--r--version.php4
-rw-r--r--views/default/admin/statistics/server/php.php17
-rw-r--r--views/default/core/avatar/upload.php12
-rw-r--r--views/default/core/walled_garden/body.php11
-rw-r--r--views/default/core/walled_garden/login.php8
-rw-r--r--views/default/core/walled_garden/lost_password.php8
-rw-r--r--views/default/core/walled_garden/register.php8
-rw-r--r--views/default/css/walled_garden.php13
-rw-r--r--views/default/icon/default.php5
-rw-r--r--views/default/js/walled_garden.php54
-rw-r--r--views/default/object/plugin.php4
-rw-r--r--views/default/output/tagcloud.php12
-rw-r--r--views/default/page/elements/comments.php2
-rw-r--r--views/default/page/layouts/walled_garden.php16
-rw-r--r--views/default/river/elements/body.php2
-rw-r--r--views/default/river/elements/summary.php11
69 files changed, 715 insertions, 244 deletions
diff --git a/.gitignore b/.gitignore
index edfede73b..c0bba2c6c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,9 +1,9 @@
+# ignore Elgg configuration
/engine/settings.php
/.htaccess
-/.buildpath
-/.settings
-/.project
/mod/*
+
+# don't ignore bundled plugins
!/mod/blog/
!/mod/bookmarks/
!/mod/categories/
@@ -38,3 +38,17 @@
!/mod/uservalidationbyemail/
!/mod/zaudio/
+# ignore IDE/hidden/OS cache files
+.*
+*~
+/nbproject
+/nb-configuration.xml
+Session.vim
+*.tmproj
+*.tmproject
+tmtags
+Thumbs.db
+Desktop.ini
+
+# don't ignore travis config
+!/.travis.yml
diff --git a/CHANGES.txt b/CHANGES.txt
index af126c3d3..870c4f57d 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -1,3 +1,94 @@
+Version 1.8.5
+(May 17, 2012 from https://github.com/Elgg/Elgg/tree/1.8)
+
+ Contributing Developers:
+ * Brett Profitt
+ * Evan Winslow
+ * Sem
+ * Steve Clay
+ * Jeroen Dalsem
+ * Jerome Bakker
+
+ Security Enhancements:
+ * Fixed possible XSS vulnerability if using a crafted URL.
+ * Fixed exploit to bypass new user validation if using a crafted form.
+ * Fixed incorrect caching of access lists that could allow plugins
+ to show private entities to non-admin and non-owning users. (Non-exploitable)
+
+ Bugfixes:
+ * Twitter API: New users are forwarded to the correct page after creating
+ an account with Twitter.
+ * Files: PDF files are downloaded as "inline" to display in the browser.
+ * Fixed possible duplication errors when writing metadata with multiple values.
+ * Fixed possible upgrade issue if using a plugin uses the system_log hooks.
+ * Fixed problems when enabling more than 50 metadata or annotations.
+
+ API:
+ * River entries' timestamps use elgg_view_friendly_time() and can be
+ overridden with the friendly time output view.
+
+Version 1.8.4
+(April 24, 2012 from https://github.com/Elgg/Elgg/tree/1.8)
+
+ Contributing Developers:
+ * Adayth Talavera
+ * Brett Profitt
+ * Cash Costello
+ * Evan Winslow
+ * Ismayil Khayredinov
+ * Janek Lasocki-Biczysko
+ * Jerome Baker
+ * Sem
+ * Steve Clay
+ * Webgalli
+
+ Security Enhancements:
+ * Fixed an issue in the web services auth.get_token endpoint that
+ would give valid auth tokens to invalid credentials. Thanks to
+ Christian for reporting this!
+ * Fixed an that could show which plugins are loaded on a site.
+
+ Enhancements:
+ * UI: All bundled plugins' list pages display a no content message if there is nothing to list.
+ * UI: Site default access is limited to core access levels.
+ * UI: Showing a system message to the admin if plugins are disabled with the "disabled"
+ magic file.
+ * UI: Added transparent backgrounds for files and pages icons.
+ * External (Site) Pages: If in Wall Garden mode, Site Pages use the Walled Garden
+ theme when logged out.
+ * UI: Database errors only show the query to admin users.
+ * UI: Cannot set the data path to a relative path in installation or site settings.
+ * UI: Cleaned up notifications for bundled plugins.
+ * UI: Hiding crop button if no avatar is uploaded.
+ * UI: Bundled plugins are displayed with a gold border in the plugin admin area.
+ * UI: Can see all the categories a plugin belongs to.
+ * Web Services: Multiple tokens allowed for users.
+ * API: More efficient entity loading.
+ * API: Added IP address to system log.
+ * API: Languages are cached.
+ * API: ElggBatch supports disabling offsets for callbacks that delete entities.
+ * API: Cleaned up the boot process.
+ * API: Fixed situation in which the cache isn't properly cleared if a file can't be unlinked.
+
+ Bugfixes:
+ * UI: Tags display in the case they were saved.
+ * UI: Friendly titles keep -s.
+ * UI: Removed pagination in friends widget.
+ * UI: Profile settings actions correctly displays error messages as errors.
+ * UI: Tag search works for tags with spaces.
+ * UI: Fixed river display for friending that happens during registration.
+ * Groups: Link for managing join requests is restored in the sidebar.
+ * Walled Garden: Cron and web services endpoints are exposed as public sites.
+ * The Wire: UTF usernames are correctly linked with @ syntax.
+ * The Wire: No longer selecting the "Mine" tab for users who aren't you.
+ * Blogs: Notifications restored.
+ * Message Board: Fixed delete.
+ * Groups: Forwarding to correct page if trying to access closed group.
+ * API: entities loaded via elgg_get_entities_from_relationship() have the correct time_created.
+ * API: Deleting entities recursively works when code is logged out.
+ * API: Fixed multiple uses of deprecated functions.
+
+
Version 1.8.3
(January 12, 2012 from https://github.com/Elgg/Elgg/tree/1.8)
diff --git a/actions/admin/site/update_advanced.php b/actions/admin/site/update_advanced.php
index 23d622a62..897a2f983 100644
--- a/actions/admin/site/update_advanced.php
+++ b/actions/admin/site/update_advanced.php
@@ -17,7 +17,24 @@ if ($site = elgg_get_site_entity()) {
$site->url = get_input('wwwroot');
datalist_set('path', sanitise_filepath(get_input('path')));
- datalist_set('dataroot', sanitise_filepath(get_input('dataroot')));
+ $dataroot = sanitise_filepath(get_input('dataroot'));
+
+ // check for relative paths
+ if (stripos(PHP_OS, 'win') === 0) {
+ if (strpos($dataroot, ':') !== 1) {
+ $msg = elgg_echo('admin:configuration:dataroot:relative_path', array($dataroot));
+ register_error($msg);
+ forward(REFERER);
+ }
+ } else {
+ if (strpos($dataroot, '/') !== 0) {
+ $msg = elgg_echo('admin:configuration:dataroot:relative_path', array($dataroot));
+ register_error($msg);
+ forward(REFERER);
+ }
+ }
+
+ datalist_set('dataroot', $dataroot);
if (get_input('simplecache_enabled')) {
elgg_enable_simplecache();
diff --git a/actions/avatar/remove.php b/actions/avatar/remove.php
new file mode 100644
index 000000000..cd38e456a
--- /dev/null
+++ b/actions/avatar/remove.php
@@ -0,0 +1,34 @@
+<?php
+/**
+ * Avatar remove action
+ */
+
+$guid = get_input('guid');
+$user = get_entity($guid);
+if ($user) {
+ // Delete all icons from diskspace
+ $icon_sizes = elgg_get_config('icon_sizes');
+ foreach ($icon_sizes as $name => $size_info) {
+ $file = new ElggFile();
+ $file->owner_guid = $guid;
+ $file->setFilename("profile/{$guid}{$name}.jpg");
+ $filepath = $file->getFilenameOnFilestore();
+ if (!$file->delete()) {
+ elgg_log("Avatar file remove failed. Remove $filepath manually, please.", 'WARNING');
+ }
+ }
+
+ // Remove crop coords
+ unset($user->x1);
+ unset($user->x2);
+ unset($user->y1);
+ unset($user->y2);
+
+ // Remove icon
+ unset($user->icontime);
+ system_message(elgg_echo('avatar:remove:success'));
+} else {
+ register_error(elgg_echo('avatar:remove:fail'));
+}
+
+forward(REFERER);
diff --git a/actions/avatar/revert.php b/actions/avatar/revert.php
deleted file mode 100644
index 8cff40a68..000000000
--- a/actions/avatar/revert.php
+++ /dev/null
@@ -1,15 +0,0 @@
-<?php
-/**
- * Avatar revert action
- */
-
-$guid = get_input('guid');
-$user = get_entity($guid);
-if ($user) {
- unset($user->icontime);
- system_message(elgg_echo('avatar:revert:success'));
-} else {
- register_error(elgg_echo('avatar:revert:fail'));
-}
-
-forward(REFERER);
diff --git a/actions/comments/delete.php b/actions/comments/delete.php
index f8458a152..f2c058ff4 100644
--- a/actions/comments/delete.php
+++ b/actions/comments/delete.php
@@ -12,19 +12,12 @@ if (!elgg_is_logged_in()) {
// Make sure we can get the comment in question
$annotation_id = (int) get_input('annotation_id');
-if ($comment = elgg_get_annotation_from_id($annotation_id)) {
-
- $entity = get_entity($comment->entity_guid);
-
- if ($comment->canEdit()) {
- $comment->delete();
- system_message(elgg_echo("generic_comment:deleted"));
- forward($entity->getURL());
- }
-
+$comment = elgg_get_annotation_from_id($annotation_id);
+if ($comment && $comment->canEdit()) {
+ $comment->delete();
+ system_message(elgg_echo("generic_comment:deleted"));
} else {
- $url = "";
+ register_error(elgg_echo("generic_comment:notdeleted"));
}
-register_error(elgg_echo("generic_comment:notdeleted"));
forward(REFERER); \ No newline at end of file
diff --git a/actions/login.php b/actions/login.php
index 256e78acb..ea7fb3508 100644
--- a/actions/login.php
+++ b/actions/login.php
@@ -18,9 +18,9 @@ if (isset($_SESSION['last_forward_from']) && $_SESSION['last_forward_from']) {
}
$username = get_input('username');
-$password = get_input("password");
-$persistent = get_input("persistent", FALSE);
-$result = FALSE;
+$password = get_input('password', null, false);
+$persistent = get_input("persistent", false);
+$result = false;
if (empty($username) || empty($password)) {
register_error(elgg_echo('login:empty'));
@@ -28,7 +28,7 @@ if (empty($username) || empty($password)) {
}
// check if logging in with email address
-if (strpos($username, '@') !== FALSE && ($users = get_user_by_email($username))) {
+if (strpos($username, '@') !== false && ($users = get_user_by_email($username))) {
$username = $users[0]->username;
}
diff --git a/actions/register.php b/actions/register.php
index 360b7cb4b..f23d5b381 100644
--- a/actions/register.php
+++ b/actions/register.php
@@ -10,8 +10,8 @@ elgg_make_sticky_form('register');
// Get variables
$username = get_input('username');
-$password = get_input('password');
-$password2 = get_input('password2');
+$password = get_input('password', null, false);
+$password2 = get_input('password2', null, false);
$email = get_input('email');
$name = get_input('name');
$friend_guid = (int) get_input('friend_guid', 0);
diff --git a/actions/useradd.php b/actions/useradd.php
index fdcd7e438..17459021b 100644
--- a/actions/useradd.php
+++ b/actions/useradd.php
@@ -10,8 +10,8 @@ elgg_make_sticky_form('useradd');
// Get variables
$username = get_input('username');
-$password = get_input('password');
-$password2 = get_input('password2');
+$password = get_input('password', null, false);
+$password2 = get_input('password2', null, false);
$email = get_input('email');
$name = get_input('name');
diff --git a/engine/classes/ElggBatch.php b/engine/classes/ElggBatch.php
index 0cb13eb32..c1a77a0d9 100644
--- a/engine/classes/ElggBatch.php
+++ b/engine/classes/ElggBatch.php
@@ -16,7 +16,7 @@
*
* Results from the callback are stored in callbackResult. If the callback
* returns only booleans, callbackResults will be the combined result of
- * all calls.
+ * all calls. If no entities are processed, callbackResults will be null.
*
* If the callback returns anything else, callbackresult will be an indexed
* array of whatever the callback returns. If returning error handling
diff --git a/engine/classes/ElggEntity.php b/engine/classes/ElggEntity.php
index dc38dafbe..77c2bbf4d 100644
--- a/engine/classes/ElggEntity.php
+++ b/engine/classes/ElggEntity.php
@@ -24,7 +24,6 @@
*
* @package Elgg.Core
* @subpackage DataModel.Entities
- * @link http://docs.elgg.org/DataModel/ElggEntity
*
* @property string $type object, user, group, or site (read-only after save)
* @property string $subtype Further clarifies the nature of the entity (read-only after save)
@@ -201,8 +200,11 @@ abstract class ElggEntity extends ElggData implements
/**
* Sets the value of a property.
*
- * If $name is defined in $this->attributes that value is set, otherwise it will
- * set the appropriate item of metadata.
+ * If $name is defined in $this->attributes that value is set, otherwise it is
+ * saved as metadata.
+ *
+ * @warning Metadata set this way will inherit the entity's owner and access ID. If you want
+ * to set metadata with a different owner, use create_metadata().
*
* @warning It is important that your class populates $this->attributes with keys
* for all base attributes, anything not in their gets set as METADATA.
@@ -248,7 +250,12 @@ abstract class ElggEntity extends ElggData implements
public function getMetaData($name) {
if ((int) ($this->guid) == 0) {
if (isset($this->temp_metadata[$name])) {
- return $this->temp_metadata[$name];
+ // md is returned as an array only if more than 1 entry
+ if (count($this->temp_metadata[$name]) == 1) {
+ return $this->temp_metadata[$name][0];
+ } else {
+ return $this->temp_metadata[$name];
+ }
} else {
return null;
}
@@ -291,80 +298,78 @@ abstract class ElggEntity extends ElggData implements
/**
* Set a piece of metadata.
*
- * @tip Plugin authors should use the magic methods.
+ * Plugin authors should use the magic methods or create_metadata().
+ *
+ * @warning The metadata will inherit the parent entity's owner and access ID.
+ * If you want to write metadata with a different owner, use create_metadata().
*
* @access private
*
* @param string $name Name of the metadata
- * @param mixed $value Value of the metadata
+ * @param mixed $value Value of the metadata (doesn't support assoc arrays)
* @param string $value_type Types supported: integer and string. Will auto-identify if not set
* @param bool $multiple Allow multiple values for a single name (doesn't support assoc arrays)
*
* @return bool
*/
- public function setMetaData($name, $value, $value_type = "", $multiple = false) {
- $delete_first = false;
- // if multiple is set that always means don't delete.
- // if multiple isn't set it means override. set it to true on arrays for the foreach.
- if (!$multiple) {
- $delete_first = true;
- $multiple = is_array($value);
- }
-
- if (!$this->guid) {
- // real metadata only returns as an array if there are multiple elements
- if (is_array($value) && count($value) == 1) {
- $value = $value[0];
- }
+ public function setMetaData($name, $value, $value_type = null, $multiple = false) {
- $value_is_array = is_array($value);
-
- if (!isset($this->temp_metadata[$name]) || $delete_first) {
- // need to remove the indexes because real metadata doesn't have them.
- if ($value_is_array) {
- $this->temp_metadata[$name] = array_values($value);
- } else {
- $this->temp_metadata[$name] = $value;
- }
- } else {
- // multiple is always true at this point.
- // if we're setting multiple and temp isn't array, it needs to be.
- if (!is_array($this->temp_metadata[$name])) {
- $this->temp_metadata[$name] = array($this->temp_metadata[$name]);
- }
-
- if ($value_is_array) {
- $this->temp_metadata[$name] = array_merge($this->temp_metadata[$name], array_values($value));
- } else {
- $this->temp_metadata[$name][] = $value;
- }
- }
+ // normalize value to an array that we will loop over
+ // remove indexes if value already an array.
+ if (is_array($value)) {
+ $value = array_values($value);
} else {
- if ($delete_first) {
+ $value = array($value);
+ }
+
+ // saved entity. persist md to db.
+ if ($this->guid) {
+ // if overwriting, delete first.
+ if (!$multiple) {
$options = array(
'guid' => $this->getGUID(),
'metadata_name' => $name,
'limit' => 0
);
- // @todo this doesn't check if it exists so we can't handle failed deletes
- // is it worth the overhead of more SQL calls to check?
- elgg_delete_metadata($options);
- }
- // save into real metadata
- if (!is_array($value)) {
- $value = array($value);
+ // @todo in 1.9 make this return false if can't add metadata
+ // http://trac.elgg.org/ticket/4520
+ //
+ // need to remove access restrictions right now to delete
+ // because this is the expected behavior
+ $ia = elgg_set_ignore_access(true);
+ if (false === elgg_delete_metadata($options)) {
+ return false;
+ }
+ elgg_set_ignore_access($ia);
}
- foreach ($value as $v) {
- $result = create_metadata($this->getGUID(), $name, $v, $value_type,
- $this->getOwnerGUID(), $this->getAccessId(), $multiple);
- if (!$result) {
+ // add new md
+ $result = true;
+ foreach ($value as $value_tmp) {
+ // at this point $value should be appended because it was cleared above if needed.
+ $md_id = create_metadata($this->getGUID(), $name, $value_tmp, $value_type,
+ $this->getOwnerGUID(), $this->getAccessId(), true);
+ if (!$md_id) {
return false;
}
}
+
+ return $result;
}
- return true;
+ // unsaved entity. store in temp array
+ // returning single entries instead of an array of 1 element is decided in
+ // getMetaData(), just like pulling from the db.
+ else {
+ // if overwrite, delete first
+ if (!$multiple || !isset($this->temp_metadata[$name])) {
+ $this->temp_metadata[$name] = array();
+ }
+
+ // add new md
+ $this->temp_metadata[$name] = array_merge($this->temp_metadata[$name], $value);
+ return true;
+ }
}
/**
@@ -575,7 +580,6 @@ abstract class ElggEntity extends ElggData implements
* @param mixed $value Value of private setting
*
* @return bool
- * @link http://docs.elgg.org/DataModel/Entities/PrivateSettings
*/
function setPrivateSetting($name, $value) {
if ((int) $this->guid > 0) {
@@ -734,8 +738,6 @@ abstract class ElggEntity extends ElggData implements
* @param string $vartype The type of annotation value
*
* @return bool
- *
- * @link http://docs.elgg.org/DataModel/Annotations
*/
function annotate($name, $value, $access_id = ACCESS_PRIVATE, $owner_id = 0, $vartype = "") {
if ((int) $this->guid > 0) {
diff --git a/engine/classes/ElggPlugin.php b/engine/classes/ElggPlugin.php
index 33f14ae37..8c9093834 100644
--- a/engine/classes/ElggPlugin.php
+++ b/engine/classes/ElggPlugin.php
@@ -79,6 +79,68 @@ class ElggPlugin extends ElggObject {
}
/**
+ * Overridden from ElggEntity and ElggObject::load(). Core always inits plugins with
+ * a query joined to the objects_entity table, so all the info is there.
+ *
+ * @param mixed $guid GUID of an ElggObject or the stdClass object from entities table
+ *
+ * @return bool
+ * @throws InvalidClassException
+ */
+ protected function load($guid) {
+
+ $expected_attributes = $this->attributes;
+ unset($expected_attributes['tables_split']);
+ unset($expected_attributes['tables_loaded']);
+
+ // this was loaded with a full join
+ $needs_loaded = false;
+
+ if ($guid instanceof stdClass) {
+ $row = (array) $guid;
+ $missing_attributes = array_diff_key($expected_attributes, $row);
+ if ($missing_attributes) {
+ $needs_loaded = true;
+ $old_guid = $guid;
+ $guid = $row['guid'];
+ } else {
+ $this->attributes = $row;
+ }
+ } else {
+ $needs_loaded = true;
+ }
+
+ if ($needs_loaded) {
+ $entity = (array) get_entity_as_row($guid);
+ $object = (array) get_object_entity_as_row($guid);
+
+ if (!$entity || !$object) {
+ return false;
+ }
+
+ $this->attributes = array_merge($this->attributes, $entity, $object);
+ }
+
+ $this->attributes['tables_loaded'] = 2;
+
+ // Check the type
+ if ($this->attributes['type'] != 'object') {
+ $msg = elgg_echo('InvalidClassException:NotValidElggStar', array($guid, get_class()));
+ throw new InvalidClassException($msg);
+ }
+
+ // guid needs to be an int http://trac.elgg.org/ticket/4111
+ $this->attributes['guid'] = (int)$this->attributes['guid'];
+
+ // cache the entity
+ if ($this->attributes['guid']) {
+ cache_entity($this);
+ }
+
+ return true;
+ }
+
+ /**
* Save the plugin object. Make sure required values exist.
*
* @see ElggObject::save()
diff --git a/engine/classes/ElggSite.php b/engine/classes/ElggSite.php
index 49616f1be..6d07778a9 100644
--- a/engine/classes/ElggSite.php
+++ b/engine/classes/ElggSite.php
@@ -422,6 +422,7 @@ class ElggSite extends ElggEntity {
// default public pages
$defaults = array(
+ 'walled_garden/.*',
'action/login',
'register',
'action/register',
@@ -438,6 +439,8 @@ class ElggSite extends ElggEntity {
'js/.*',
'cache/css/.*',
'cache/js/.*',
+ 'cron/.*',
+ 'services/.*',
);
// include a hook for plugin authors to include public pages
diff --git a/engine/lib/access.php b/engine/lib/access.php
index 6be252c6a..e8b3b0d52 100644
--- a/engine/lib/access.php
+++ b/engine/lib/access.php
@@ -31,7 +31,7 @@ function get_access_list($user_id = 0, $site_id = 0, $flush = false) {
global $CONFIG, $init_finished;
static $access_list;
- if (!isset($access_list) || !$init_finished) {
+ if (!isset($access_list)) {
$access_list = array();
}
@@ -49,9 +49,16 @@ function get_access_list($user_id = 0, $site_id = 0, $flush = false) {
return $access_list[$user_id];
}
- $access_list[$user_id] = "(" . implode(",", get_access_array($user_id, $site_id, $flush)) . ")";
+ $access = "(" . implode(",", get_access_array($user_id, $site_id, $flush)) . ")";
- return $access_list[$user_id];
+ // only cache if done with init and access is enabled (unless admin user)
+ // session is loaded before init is finished, so don't need to check for user session
+ if ($init_finished && (elgg_is_admin_logged_in() || !elgg_get_ignore_access())) {
+ $access_list[$user_id] = $access;
+ return $access_list[$user_id];
+ } else {
+ return $access;
+ }
}
/**
@@ -83,7 +90,7 @@ function get_access_array($user_id = 0, $site_id = 0, $flush = false) {
// this cache might be redundant. But db cache is flushed on every db write.
static $access_array;
- if (!isset($access_array) || (!isset($init_finished)) || (!$init_finished)) {
+ if (!isset($access_array)) {
$access_array = array();
}
@@ -137,12 +144,12 @@ function get_access_array($user_id = 0, $site_id = 0, $flush = false) {
$tmp_access_array[] = ACCESS_PRIVATE;
}
- $access_array[$user_id] = $tmp_access_array;
- } else {
- // No user id logged in so we can only access public info
- $tmp_return = $tmp_access_array;
+ // only cache if done with init and access is enabled (unless admin user)
+ // session is loaded before init is finished, so don't need to check for user session
+ if ($init_finished && (elgg_is_admin_logged_in() || !elgg_get_ignore_access())) {
+ $access_array[$user_id] = $tmp_access_array;
+ }
}
-
} else {
$tmp_access_array = $access_array[$user_id];
}
@@ -946,7 +953,8 @@ function elgg_get_access_object() {
*
* @global bool $init_finished
* @access private
- * @todo investigate why this is needed
+ * @todo This is required to tell the access system to start caching because
+ * calls are made while in ignore access mode and before the user is logged in.
*/
$init_finished = false;
@@ -1014,8 +1022,9 @@ function access_test($hook, $type, $value, $params) {
return $value;
}
-// This function will let us know when 'init' has finished
-elgg_register_event_handler('init', 'system', 'access_init', 9999);
+// Tell the access functions the system has booted, plugins are loaded,
+// and the user is logged in so it can start caching
+elgg_register_event_handler('ready', 'system', 'access_init');
// For overrided permissions
elgg_register_plugin_hook_handler('permissions_check', 'all', 'elgg_override_permissions');
diff --git a/engine/lib/actions.php b/engine/lib/actions.php
index c6613e6d6..3a7c02488 100644
--- a/engine/lib/actions.php
+++ b/engine/lib/actions.php
@@ -273,8 +273,19 @@ function validate_action_token($visibleerrors = TRUE, $token = NULL, $ts = NULL)
} else if ($visibleerrors) {
register_error(elgg_echo('actiongatekeeper:tokeninvalid'));
}
- } else if ($visibleerrors) {
- register_error(elgg_echo('actiongatekeeper:missingfields'));
+ } else {
+ if (! empty($_SERVER['CONTENT_LENGTH']) && empty($_POST)) {
+ // The size of $_POST or uploaded file has exceed the size limit
+ $error_msg = elgg_trigger_plugin_hook('action_gatekeeper:upload_exceeded_msg', 'all', array(
+ 'post_size' => $_SERVER['CONTENT_LENGTH'],
+ 'visible_errors' => $visibleerrors,
+ ), elgg_echo('actiongatekeeper:uploadexceeded'));
+ } else {
+ $error_msg = elgg_echo('actiongatekeeper:missingfields');
+ }
+ if ($visibleerrors) {
+ register_error($error_msg);
+ }
}
return FALSE;
diff --git a/engine/lib/admin.php b/engine/lib/admin.php
index 928101fc5..1528d97c5 100644
--- a/engine/lib/admin.php
+++ b/engine/lib/admin.php
@@ -244,6 +244,7 @@ function admin_init() {
elgg_register_action('profile/fields/delete', '', 'admin');
elgg_register_action('profile/fields/reorder', '', 'admin');
+ elgg_register_simplecache_view('css/admin');
elgg_register_simplecache_view('js/admin');
$url = elgg_get_simplecache_url('js', 'admin');
elgg_register_js('elgg.admin', $url);
diff --git a/engine/lib/annotations.php b/engine/lib/annotations.php
index f32dee0f0..2036ccd61 100644
--- a/engine/lib/annotations.php
+++ b/engine/lib/annotations.php
@@ -95,8 +95,6 @@ $owner_guid = 0, $access_id = ACCESS_PRIVATE) {
$entity = get_entity($entity_guid);
if (elgg_trigger_event('annotate', $entity->type, $entity)) {
- system_log($entity, 'annotate');
-
// If ok then add it
$result = insert_data("INSERT into {$CONFIG->dbprefix}annotations
(entity_guid, name_id, value_id, value_type, owner_guid, time_created, access_id) VALUES
@@ -222,7 +220,7 @@ function elgg_delete_annotations(array $options) {
}
$options['metastring_type'] = 'annotations';
- return elgg_batch_metastring_based_objects($options, 'elgg_batch_delete_callback');
+ return elgg_batch_metastring_based_objects($options, 'elgg_batch_delete_callback', false);
}
/**
@@ -240,7 +238,7 @@ function elgg_disable_annotations(array $options) {
}
$options['metastring_type'] = 'annotations';
- return elgg_batch_metastring_based_objects($options, 'elgg_batch_disable_callback');
+ return elgg_batch_metastring_based_objects($options, 'elgg_batch_disable_callback', false);
}
/**
diff --git a/engine/lib/elgglib.php b/engine/lib/elgglib.php
index 720e69906..3a9230a0a 100644
--- a/engine/lib/elgglib.php
+++ b/engine/lib/elgglib.php
@@ -2021,8 +2021,14 @@ function elgg_walled_garden_index() {
elgg_load_css('elgg.walled_garden');
elgg_load_js('elgg.walled_garden');
- $body = elgg_view('core/walled_garden/body');
+ $content = elgg_view('core/walled_garden/login');
+ $params = array(
+ 'content' => $content,
+ 'class' => 'elgg-walledgarden-double',
+ 'id' => 'elgg-walledgarden-login',
+ );
+ $body = elgg_view_layout('walled_garden', $params);
echo elgg_view_page('', $body, 'walled_garden');
// return true to prevent other plugins from adding a front page
@@ -2030,6 +2036,24 @@ function elgg_walled_garden_index() {
}
/**
+ * Serve walled garden sections
+ *
+ * @param array $page Array of URL segments
+ * @return string
+ * @access private
+ */
+function _elgg_walled_garden_ajax_handler($page) {
+ $view = $page[0];
+ $params = array(
+ 'content' => elgg_view("core/walled_garden/$view"),
+ 'class' => 'elgg-walledgarden-single hidden',
+ 'id' => str_replace('_', '-', "elgg-walledgarden-$view"),
+ );
+ echo elgg_view_layout('walled_garden', $params);
+ return true;
+}
+
+/**
* Checks the status of the Walled Garden and forwards to a login page
* if required.
*
@@ -2049,6 +2073,8 @@ function elgg_walled_garden() {
elgg_register_css('elgg.walled_garden', '/css/walled_garden.css');
elgg_register_js('elgg.walled_garden', '/js/walled_garden.js');
+ elgg_register_page_handler('walled_garden', '_elgg_walled_garden_ajax_handler');
+
// check for external page view
if (isset($CONFIG->site) && $CONFIG->site instanceof ElggSite) {
$CONFIG->site->checkWalledGarden();
diff --git a/engine/lib/extender.php b/engine/lib/extender.php
index ffd3c1357..43421342c 100644
--- a/engine/lib/extender.php
+++ b/engine/lib/extender.php
@@ -105,6 +105,7 @@ function import_extender_plugin_hook($hook, $entity_type, $returnvalue, $params)
// Save
if (!$entity->save()) {
+ $attr_name = $element->getAttribute('name');
$msg = elgg_echo('ImportException:ProblemUpdatingMeta', array($attr_name, $entity_uuid));
throw new ImportException($msg);
}
@@ -120,7 +121,7 @@ function import_extender_plugin_hook($hook, $entity_type, $returnvalue, $params)
* @param string $type 'metadata' or 'annotation'
* @param int $user_guid The GUID of the user
*
- * @return true|false
+ * @return bool
*/
function can_edit_extender($extender_id, $type, $user_guid = 0) {
if (!elgg_is_logged_in()) {
@@ -155,7 +156,7 @@ function can_edit_extender($extender_id, $type, $user_guid = 0) {
}
// Trigger plugin hooks
- $params = array('entity' => $entity, 'user' => $user);
+ $params = array('entity' => $extender->getEntity(), 'user' => $user);
return elgg_trigger_plugin_hook('permissions_check', $type, $params, false);
}
diff --git a/engine/lib/languages.php b/engine/lib/languages.php
index bf6829a39..7a508d298 100644
--- a/engine/lib/languages.php
+++ b/engine/lib/languages.php
@@ -344,7 +344,7 @@ function get_missing_language_keys($language) {
*/
function elgg_languages_init() {
$lang = get_current_language();
- elgg_register_simplecache_view("cache/js/languages/$lang");
+ elgg_register_simplecache_view("js/languages/$lang");
}
elgg_register_event_handler('init', 'system', 'elgg_languages_init');
diff --git a/engine/lib/metadata.php b/engine/lib/metadata.php
index 34a36d86e..0ff3a43dc 100644
--- a/engine/lib/metadata.php
+++ b/engine/lib/metadata.php
@@ -297,6 +297,8 @@ function elgg_get_metadata(array $options = array()) {
* This requires at least one constraint: metadata_owner_guid(s),
* metadata_name(s), metadata_value(s), or guid(s) must be set.
*
+ * @warning This returns null on no ops.
+ *
* @param array $options An options array. {@see elgg_get_metadata()}
* @return mixed Null if the metadata name is invalid. Bool on success or fail.
* @since 1.8.0
@@ -307,8 +309,7 @@ function elgg_delete_metadata(array $options) {
}
$options['metastring_type'] = 'metadata';
- $result = elgg_batch_metastring_based_objects($options, 'elgg_batch_delete_callback');
- return $result;
+ return elgg_batch_metastring_based_objects($options, 'elgg_batch_delete_callback', false);
}
/**
@@ -316,6 +317,8 @@ function elgg_delete_metadata(array $options) {
*
* @warning Unlike elgg_get_metadata() this will not accept an empty options array!
*
+ * @warning This returns null on no ops.
+ *
* @param array $options An options array. {@See elgg_get_metadata()}
* @return mixed
* @since 1.8.0
@@ -326,7 +329,7 @@ function elgg_disable_metadata(array $options) {
}
$options['metastring_type'] = 'metadata';
- return elgg_batch_metastring_based_objects($options, 'elgg_batch_disable_callback');
+ return elgg_batch_metastring_based_objects($options, 'elgg_batch_disable_callback', false);
}
/**
@@ -334,6 +337,8 @@ function elgg_disable_metadata(array $options) {
*
* @warning Unlike elgg_get_metadata() this will not accept an empty options array!
*
+ * @warning This returns null on no ops.
+ *
* @param array $options An options array. {@See elgg_get_metadata()}
* @return mixed
* @since 1.8.0
diff --git a/engine/lib/metastrings.php b/engine/lib/metastrings.php
index d7cc4e0bc..cf6dd4d98 100644
--- a/engine/lib/metastrings.php
+++ b/engine/lib/metastrings.php
@@ -716,22 +716,23 @@ function elgg_set_metastring_based_object_enabled_by_id($id, $enabled, $type) {
* @warning Unlike elgg_get_metastring_based_objects() this will not accept an
* empty options array!
*
- * @param array $options An options array. {@See elgg_get_metastring_based_objects()}
- * @param string $callback The callback to pass each result through
- * @return mixed
+ * @warning This returns null on no ops.
+ *
+ * @param array $options An options array. {@See elgg_get_metastring_based_objects()}
+ * @param string $callback The callback to pass each result through
+ * @param bool $inc_offset Increment the offset? Pass false for callbacks that delete / disable
+ *
+ * @return bool|null true on success, false on failure, null if no objects are found.
* @since 1.8.0
* @access private
*/
-function elgg_batch_metastring_based_objects(array $options, $callback) {
+function elgg_batch_metastring_based_objects(array $options, $callback, $inc_offset = true) {
if (!$options || !is_array($options)) {
return false;
}
- // @todo restore once ElggBatch supports callbacks that delete rows.
- $batch = new ElggBatch('elgg_get_metastring_based_objects', $options, $callback, 50, false);
- $r = $batch->callbackResult;
-
- return $r;
+ $batch = new ElggBatch('elgg_get_metastring_based_objects', $options, $callback, 50, $inc_offset);
+ return $batch->callbackResult;
}
/**
diff --git a/engine/lib/plugins.php b/engine/lib/plugins.php
index 123fb18d8..39a76db5d 100644
--- a/engine/lib/plugins.php
+++ b/engine/lib/plugins.php
@@ -93,10 +93,13 @@ function elgg_get_plugin_ids_in_dir($dir = null) {
function elgg_generate_plugin_entities() {
$site = get_config('site');
$dir = elgg_get_plugins_path();
+ $db_prefix = elgg_get_config('dbprefix');
$options = array(
'type' => 'object',
'subtype' => 'plugin',
+ 'selects' => array('plugin_oe.*'),
+ 'joins' => array("JOIN {$db_prefix}objects_entity plugin_oe on plugin_oe.guid = e.guid"),
'limit' => ELGG_ENTITIES_NO_VALUE
);
@@ -352,7 +355,11 @@ function elgg_get_plugins($status = 'active', $site_guid = null) {
'type' => 'object',
'subtype' => 'plugin',
'limit' => ELGG_ENTITIES_NO_VALUE,
- 'joins' => array("JOIN {$db_prefix}private_settings ps on ps.entity_guid = e.guid"),
+ 'selects' => array('plugin_oe.*'),
+ 'joins' => array(
+ "JOIN {$db_prefix}private_settings ps on ps.entity_guid = e.guid",
+ "JOIN {$db_prefix}objects_entity plugin_oe on plugin_oe.guid = e.guid"
+ ),
'wheres' => array("ps.name = '$priority'"),
'order_by' => "CAST(ps.value as unsigned), e.guid"
);
diff --git a/engine/lib/relationships.php b/engine/lib/relationships.php
index fabe2d2d6..f50c4a485 100644
--- a/engine/lib/relationships.php
+++ b/engine/lib/relationships.php
@@ -290,7 +290,7 @@ function elgg_get_entities_from_relationship($options) {
$options['selects'] = array();
}
- $select = array('r.*');
+ $select = array('r.id');
$options['selects'] = array_merge($options['selects'], $select);
}
diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php
index 9982d9fe8..419d36707 100644
--- a/engine/lib/sessions.php
+++ b/engine/lib/sessions.php
@@ -127,6 +127,10 @@ function elgg_is_admin_user($user_guid) {
/**
* Perform user authentication with a given username and password.
*
+ * @warning This returns an error message on failure. Use the identical operator to check
+ * for access: if (true === elgg_authenticate()) { ... }.
+ *
+ *
* @see login
*
* @param string $username The username
diff --git a/engine/lib/upgrades/2012041800-1.8.3-dont_filter_passwords-c0ca4a18b38ae2bc.php b/engine/lib/upgrades/2012041800-1.8.3-dont_filter_passwords-c0ca4a18b38ae2bc.php
new file mode 100644
index 000000000..b82ffbebf
--- /dev/null
+++ b/engine/lib/upgrades/2012041800-1.8.3-dont_filter_passwords-c0ca4a18b38ae2bc.php
@@ -0,0 +1,11 @@
+<?php
+/**
+ * Elgg 1.8.3 upgrade 2012041800
+ * dont_filter_passwords
+ *
+ * Add admin notice that password handling has changed and if
+ * users can't login to have them reset their passwords.
+ */
+elgg_add_admin_notice('dont_filter_passwords', 'Password handling has been updated to be more secure and flexible. '
+ . 'This change may prevent a small number of users from logging in with their existing passwords. '
+ . 'If a user is unable to log in, please advise him or her to reset their password, or reset it as an admin user.');
diff --git a/engine/lib/upgrades/2012041801-1.8.3-multiple_user_tokens-852225f7fd89f6c5.php b/engine/lib/upgrades/2012041801-1.8.3-multiple_user_tokens-852225f7fd89f6c5.php
new file mode 100644
index 000000000..07732f261
--- /dev/null
+++ b/engine/lib/upgrades/2012041801-1.8.3-multiple_user_tokens-852225f7fd89f6c5.php
@@ -0,0 +1,13 @@
+<?php
+/**
+ * Elgg 1.8.3 upgrade 2012041801
+ * multiple_user_tokens
+ *
+ * Fixes http://trac.elgg.org/ticket/4291
+ * Removes the unique index on users_apisessions for user_guid and site_guid
+ */
+
+$db_prefix = elgg_get_config('dbprefix');
+$q = "ALTER TABLE {$db_prefix}users_apisessions DROP INDEX user_guid,
+ ADD INDEX user_guid (user_guid, site_guid)";
+update_data($q); \ No newline at end of file
diff --git a/engine/lib/user_settings.php b/engine/lib/user_settings.php
index af30d8f0d..e4069fb53 100644
--- a/engine/lib/user_settings.php
+++ b/engine/lib/user_settings.php
@@ -33,9 +33,9 @@ function users_settings_save() {
* @access private
*/
function elgg_set_user_password() {
- $current_password = get_input('current_password');
- $password = get_input('password');
- $password2 = get_input('password2');
+ $current_password = get_input('current_password', null, false);
+ $password = get_input('password', null, false);
+ $password2 = get_input('password2', null, false);
$user_guid = get_input('guid');
if (!$user_guid) {
diff --git a/engine/lib/users.php b/engine/lib/users.php
index f1d42e25e..7d427e743 100644
--- a/engine/lib/users.php
+++ b/engine/lib/users.php
@@ -969,8 +969,8 @@ $allow_multiple_emails = false, $friend_guid = 0, $invitecode = '') {
$friend_user->addFriend($user->guid);
// @todo Should this be in addFriend?
- add_to_river('friends/river/create', 'friend', $user->getGUID(), $friend_guid);
- add_to_river('friends/river/create', 'friend', $friend_guid, $user->getGUID());
+ add_to_river('river/relationship/friend/create', 'friend', $user->getGUID(), $friend_guid);
+ add_to_river('river/relationship/friend/create', 'friend', $friend_guid, $user->getGUID());
}
}
}
@@ -1551,12 +1551,12 @@ function users_init() {
elgg_register_plugin_hook_handler('register', 'menu:user_hover', 'elgg_user_hover_menu');
elgg_register_action('register', '', 'public');
- elgg_register_action('useradd', '', 'public');
+ elgg_register_action('useradd', '', 'admin');
elgg_register_action('friends/add');
elgg_register_action('friends/remove');
elgg_register_action('avatar/upload');
elgg_register_action('avatar/crop');
- elgg_register_action('avatar/revert');
+ elgg_register_action('avatar/remove');
elgg_register_action('profile/edit');
elgg_register_action('friends/collections/add');
diff --git a/engine/lib/views.php b/engine/lib/views.php
index ca0ce7196..1b013be6f 100644
--- a/engine/lib/views.php
+++ b/engine/lib/views.php
@@ -103,7 +103,10 @@ function elgg_get_viewtype() {
$viewtype = get_input('view', NULL);
if ($viewtype) {
- return $viewtype;
+ // only word characters allowed.
+ if (!preg_match('[\W]', $viewtype)) {
+ return $viewtype;
+ }
}
if (isset($CONFIG->view) && !empty($CONFIG->view)) {
diff --git a/engine/lib/web_services.php b/engine/lib/web_services.php
index 07be76ec6..da3ed76a9 100644
--- a/engine/lib/web_services.php
+++ b/engine/lib/web_services.php
@@ -1165,7 +1165,7 @@ function list_all_apis() {
* @access private
*/
function auth_gettoken($username, $password) {
- if (elgg_authenticate($username, $password)) {
+ if (true === elgg_authenticate($username, $password)) {
$token = create_user_token($username);
if ($token) {
return $token;
diff --git a/engine/tests/api/metadata.php b/engine/tests/api/metadata.php
index be8ac269c..2461e975e 100644
--- a/engine/tests/api/metadata.php
+++ b/engine/tests/api/metadata.php
@@ -124,6 +124,80 @@ class ElggCoreMetadataAPITest extends ElggCoreUnitTest {
$e->delete();
}
+ // Make sure metadata with multiple values is correctly deleted when re-written
+ // by another user
+ // http://trac.elgg.org/ticket/2776
+ public function test_elgg_metadata_multiple_values() {
+ $u1 = new ElggUser();
+ $u1->username = rand();
+ $u1->save();
+
+ $u2 = new ElggUser();
+ $u2->username = rand();
+ $u2->save();
+
+ $obj = new ElggObject();
+ $obj->owner_guid = $u1->guid;
+ $obj->container_guid = $u1->guid;
+ $obj->access_id = ACCESS_PUBLIC;
+ $obj->save();
+
+ $md_values = array(
+ 'one',
+ 'two',
+ 'three'
+ );
+
+ // need to fake different logins.
+ // good times without mocking.
+ $original_user = elgg_get_logged_in_user_entity();
+ $_SESSION['user'] = $u1;
+
+ elgg_set_ignore_access(false);
+
+ // add metadata as one user
+ $obj->test = $md_values;
+
+ // check only these md exists
+ $db_prefix = elgg_get_config('dbprefix');
+ $q = "SELECT * FROM {$db_prefix}metadata WHERE entity_guid = $obj->guid";
+ $data = get_data($q);
+
+ $this->assertEqual(count($md_values), count($data));
+ foreach ($data as $md_row) {
+ $md = elgg_get_metadata_from_id($md_row->id);
+ $this->assertTrue(in_array($md->value, $md_values));
+ $this->assertEqual('test', $md->name);
+ }
+
+ // add md w/ same name as a different user
+ $_SESSION['user'] = $u2;
+ $md_values2 = array(
+ 'four',
+ 'five',
+ 'six',
+ 'seven'
+ );
+
+ $obj->test = $md_values2;
+
+ $q = "SELECT * FROM {$db_prefix}metadata WHERE entity_guid = $obj->guid";
+ $data = get_data($q);
+
+ $this->assertEqual(count($md_values2), count($data));
+ foreach ($data as $md_row) {
+ $md = elgg_get_metadata_from_id($md_row->id);
+ $this->assertTrue(in_array($md->value, $md_values2));
+ $this->assertEqual('test', $md->name);
+ }
+
+ $_SESSION['user'] = $original_user;
+
+ $obj->delete();
+ $u1->delete();
+ $u2->delete();
+ }
+
protected function create_metastring($string) {
global $CONFIG, $METASTRINGS_CACHE, $METASTRINGS_DEADNAME_CACHE;
diff --git a/engine/tests/objects/entities.php b/engine/tests/objects/entities.php
index a4dc7946c..248b85c9e 100644
--- a/engine/tests/objects/entities.php
+++ b/engine/tests/objects/entities.php
@@ -98,7 +98,7 @@ class ElggCoreEntityTest extends ElggCoreUnitTest {
// check internal metadata array
$metadata = $this->entity->expose_metadata();
- $this->assertIdentical($metadata['existent'], 'testing');
+ $this->assertIdentical($metadata['existent'], array('testing'));
}
public function testElggEnityGetAndSetAnnotations() {
diff --git a/languages/en.php b/languages/en.php
index 14df3db34..1865f6ecd 100644
--- a/languages/en.php
+++ b/languages/en.php
@@ -367,7 +367,7 @@ $english = array(
'avatar:preview' => 'Preview',
'avatar:upload' => 'Upload a new avatar',
'avatar:current' => 'Current avatar',
- 'avatar:revert' => 'Revert your avatar to the default icon',
+ 'avatar:remove' => 'Remove your avatar and set the default icon',
'avatar:crop:title' => 'Avatar cropping tool',
'avatar:upload:instructions' => "Your avatar is displayed throughout the site. You can change it as often as you'd like. (File formats accepted: GIF, JPG or PNG)",
'avatar:create:instructions' => 'Click and drag a square below to match how you want your avatar cropped. A preview will appear in the box on the right. When you are happy with the preview, click \'Create your avatar\'. This cropped version will be used throughout the site as your avatar.',
@@ -376,8 +376,8 @@ $english = array(
'avatar:resize:fail' => 'Resize of the avatar failed',
'avatar:crop:success' => 'Cropping the avatar succeeded',
'avatar:crop:fail' => 'Avatar cropping failed',
- 'avatar:revert:success' => 'Reverting the avatar succeeded',
- 'avatar:revert:fail' => 'Avatar revert failed',
+ 'avatar:remove:success' => 'Removing the avatar succeeded',
+ 'avatar:remove:fail' => 'Avatar remove failed',
'profile:edit' => 'Edit profile',
'profile:aboutme' => "About me",
@@ -562,6 +562,7 @@ $english = array(
'admin:configuration:success' => "Your settings have been saved.",
'admin:configuration:fail' => "Your settings could not be saved.",
+ 'admin:configuration:dataroot:relative_path' => 'Cannot set "%s" as the dataroot because it is not an absolute path.',
'admin:unknown_section' => 'Invalid Admin Section.',
@@ -666,7 +667,7 @@ $english = array(
/**
* Plugins
*/
- 'plugins:disabled' => 'Plugins are being loaded because a file named "disabled" is in the mod directory.',
+ 'plugins:disabled' => 'Plugins are not being loaded because a file named "disabled" is in the mod directory.',
'plugins:settings:save:ok' => "Settings for the %s plugin were saved successfully.",
'plugins:settings:save:fail' => "There was a problem saving settings for the %s plugin.",
'plugins:usersettings:save:ok' => "User settings for the %s plugin were saved successfully.",
@@ -740,6 +741,9 @@ $english = array(
'admin:server:label:mem_avail' => 'Memory available',
'admin:server:label:mem_used' => 'Memory used',
'admin:server:error_log' => "Web server's error log",
+ 'admin:server:label:post_max_size' => 'POST maximum size',
+ 'admin:server:label:upload_max_filesize' => 'Upload maximum size',
+ 'admin:server:warning:post_max_too_small' => '(Note: post_max_size must be larger than this value to support uploads of this size)',
'admin:user:label:search' => "Find users:",
'admin:user:label:searchbutton' => "Search",
@@ -860,6 +864,7 @@ $english = array(
'new' => 'New',
'add' => 'Add',
'create' => 'Create',
+ 'remove' => 'Remove',
'revert' => 'Revert',
'site' => 'Site',
@@ -933,6 +938,7 @@ $english = array(
*/
'deleteconfirm' => "Are you sure you want to delete this item?",
+ 'deleteconfirm:plural' => "Are you sure you want to delete these items?",
'fileexists' => "A file has already been uploaded. To replace it, select it below:",
/**
@@ -1170,6 +1176,7 @@ You cannot reply to this email.",
'actiongatekeeper:tokeninvalid' => "We encountered an error (token mismatch). This probably means that the page you were using expired.",
'actiongatekeeper:timeerror' => 'The page you were using has expired. Please refresh and try again.',
'actiongatekeeper:pluginprevents' => 'A extension has prevented this form from being submitted.',
+ 'actiongatekeeper:uploadexceeded' => 'The size of file(s) uploaded exceeded the limit set by your site administrator',
/**
diff --git a/mod/embed/manifest.xml b/mod/embed/manifest.xml
index 46ab2df9e..81ca9194e 100644
--- a/mod/embed/manifest.xml
+++ b/mod/embed/manifest.xml
@@ -13,10 +13,10 @@
<type>elgg_release</type>
<version>1.8</version>
</requires>
- <suggests>
+ <requires>
<type>plugin</type>
<name>file</name>
<version>1.8.1</version>
- </suggests>
+ </requires>
<activate_on_install>true</activate_on_install>
</plugin_manifest>
diff --git a/mod/externalpages/start.php b/mod/externalpages/start.php
index 152a8b4d9..74da7f828 100644
--- a/mod/externalpages/start.php
+++ b/mod/externalpages/start.php
@@ -77,9 +77,16 @@ function expages_page_handler($page, $handler) {
} else {
$content .= elgg_echo("expages:notset");
}
+ $content = elgg_view('expages/wrapper', array('content' => $content));
- $body = elgg_view_layout("one_sidebar", array('content' => $content));
- echo elgg_view_page($title, $body);
+ if (elgg_is_logged_in() || !elgg_get_config('walled_garden')) {
+ $body = elgg_view_layout('one_sidebar', array('content' => $content));
+ echo elgg_view_page($title, $body);
+ } else {
+ elgg_load_css('elgg.walled_garden');
+ $body = elgg_view_layout('walled_garden', array('content' => $content));
+ echo elgg_view_page($title, $body, 'walled_garden');
+ }
return true;
}
diff --git a/mod/externalpages/views/default/expages/wrapper.php b/mod/externalpages/views/default/expages/wrapper.php
new file mode 100644
index 000000000..8eb0b2f84
--- /dev/null
+++ b/mod/externalpages/views/default/expages/wrapper.php
@@ -0,0 +1,16 @@
+<?php
+/**
+ * Wrapper for site pages content area
+ *
+ * @uses $vars['content']
+ */
+
+echo $vars['content'];
+
+echo '<div class="mtm">';
+echo elgg_view('output/url', array(
+ 'text' => 'Back',
+ 'href' => $_SERVER['HTTP_REFERER'],
+ 'class' => 'float-alt'
+));
+echo '</div>';
diff --git a/mod/file/pages/file/download.php b/mod/file/pages/file/download.php
index 00e6d500e..76c1f1272 100644
--- a/mod/file/pages/file/download.php
+++ b/mod/file/pages/file/download.php
@@ -26,7 +26,7 @@ $filename = $file->originalfilename;
header("Pragma: public");
header("Content-type: $mime");
-if (strpos($mime, "image/") !== false) {
+if (strpos($mime, "image/") !== false || $mime == "application/pdf") {
header("Content-Disposition: inline; filename=\"$filename\"");
} else {
header("Content-Disposition: attachment; filename=\"$filename\"");
diff --git a/mod/groups/icon.php b/mod/groups/icon.php
index 104da4b41..f86f84fa5 100644
--- a/mod/groups/icon.php
+++ b/mod/groups/icon.php
@@ -35,7 +35,7 @@ if ($filehandler->open("read")) {
}
if (!$success) {
- $location = elgg_get_plugins_path() . "groups/graphics/default{$size}.jpg";
+ $location = elgg_get_plugins_path() . "groups/graphics/default{$size}.gif";
$contents = @file_get_contents($location);
}
diff --git a/mod/groups/views/default/group/default.php b/mod/groups/views/default/group/default.php
index 6eae467c6..d9460dff4 100644
--- a/mod/groups/views/default/group/default.php
+++ b/mod/groups/views/default/group/default.php
@@ -22,10 +22,9 @@ if (elgg_in_context('owner_block') || elgg_in_context('widgets')) {
if ($vars['full_view']) {
- echo elgg_view("groups/profile/profile_block", $vars);
+ echo elgg_view('groups/profile/summary', $vars);
} else {
// brief view
-
$params = array(
'entity' => $group,
'metadata' => $metadata,
diff --git a/mod/likes/views/default/likes/button.php b/mod/likes/views/default/likes/button.php
index 3f2f073cc..bc7c8fd8a 100644
--- a/mod/likes/views/default/likes/button.php
+++ b/mod/likes/views/default/likes/button.php
@@ -24,11 +24,6 @@ if (elgg_is_logged_in() && $vars['entity']->canAnnotate(0, 'likes')) {
);
$likes_button = elgg_view('output/url', $params);
} else {
- $options = array(
- 'guid' => $guid,
- 'annotation_name' => 'likes',
- 'owner_guid' => elgg_get_logged_in_user_guid()
- );
$url = elgg_get_site_url() . "action/likes/delete?guid={$guid}";
$params = array(
'href' => $url,
diff --git a/mod/messages/views/default/forms/messages/process.php b/mod/messages/views/default/forms/messages/process.php
index f86c3217a..cb30792e9 100644
--- a/mod/messages/views/default/forms/messages/process.php
+++ b/mod/messages/views/default/forms/messages/process.php
@@ -19,10 +19,12 @@ echo $messages;
echo '</div>';
echo '<div class="elgg-foot messages-buttonbank">';
+
echo elgg_view('input/submit', array(
'value' => elgg_echo('delete'),
'name' => 'delete',
- 'class' => 'elgg-button-delete',
+ 'class' => 'elgg-button-delete elgg-requires-confirmation',
+ 'title' => elgg_echo('deleteconfirm:plural'),
));
if ($vars['folder'] == "inbox") {
diff --git a/mod/pages/actions/pages/delete.php b/mod/pages/actions/pages/delete.php
index dfa0de98d..7a314a280 100644
--- a/mod/pages/actions/pages/delete.php
+++ b/mod/pages/actions/pages/delete.php
@@ -9,8 +9,9 @@
$guid = get_input('guid');
$page = get_entity($guid);
-if ($page) {
- if ($page->canEdit()) {
+if (elgg_instanceof($page, 'object', 'page') || elgg_instanceof($page, 'object', 'page_top')) {
+ // only allow owners and admin to delete
+ if (elgg_is_admin_logged_in() || elgg_get_logged_in_user_guid() == $page->getOwnerGuid()) {
$container = get_entity($page->container_guid);
// Bring all child elements forward
diff --git a/mod/pages/actions/pages/edit.php b/mod/pages/actions/pages/edit.php
index 6950d4b2f..a32e4a4ba 100644
--- a/mod/pages/actions/pages/edit.php
+++ b/mod/pages/actions/pages/edit.php
@@ -47,7 +47,19 @@ if ($page_guid) {
}
if (sizeof($input) > 0) {
+ // don't change access if not an owner/admin
+ $user = elgg_get_logged_in_user_entity();
+ $can_change_access = true;
+
+ if ($user && $page) {
+ $can_change_access = $user->isAdmin() || $user->getGUID() == $page->owner_guid;
+ }
+
foreach ($input as $name => $value) {
+ if (($name == 'access_id' || $name == 'write_access_id') && !$can_change_access) {
+ continue;
+ }
+
$page->$name = $value;
}
}
@@ -74,6 +86,6 @@ if ($page->save()) {
forward($page->getURL());
} else {
- register_error(elgg_echo('pages:error:no_save'));
+ register_error(elgg_echo('pages:error:notsaved'));
forward(REFERER);
}
diff --git a/mod/pages/lib/pages.php b/mod/pages/lib/pages.php
index 5c5323d6f..dbf7b8917 100644
--- a/mod/pages/lib/pages.php
+++ b/mod/pages/lib/pages.php
@@ -111,4 +111,4 @@ function pages_register_navigation_tree($container) {
}
}
}
-}
+} \ No newline at end of file
diff --git a/mod/pages/pages/pages/view.php b/mod/pages/pages/pages/view.php
index 5dfb76b55..81477a8d4 100644
--- a/mod/pages/pages/pages/view.php
+++ b/mod/pages/pages/pages/view.php
@@ -32,7 +32,7 @@ elgg_push_breadcrumb($title);
$content = elgg_view_entity($page, array('full_view' => true));
$content .= elgg_view_comments($page);
-if (elgg_get_logged_in_user_guid() == $page->getOwnerGuid()) {
+if (elgg_is_admin_logged_in() || elgg_get_logged_in_user_guid() == $page->getOwnerGuid()) {
$url = "pages/add/$page->guid";
elgg_register_menu_item('title', array(
'name' => 'subpage',
diff --git a/mod/pages/start.php b/mod/pages/start.php
index 4b230a93d..834e98870 100644
--- a/mod/pages/start.php
+++ b/mod/pages/start.php
@@ -189,10 +189,12 @@ function pages_icon_url_override($hook, $type, $returnvalue, $params) {
if (elgg_instanceof($entity, 'object', 'page_top') ||
elgg_instanceof($entity, 'object', 'page')) {
switch ($params['size']) {
+ case 'topbar':
+ case 'tiny':
case 'small':
return 'mod/pages/images/pages.gif';
break;
- case 'medium':
+ default:
return 'mod/pages/images/pages_lrg.gif';
break;
}
diff --git a/mod/pages/views/default/forms/pages/edit.php b/mod/pages/views/default/forms/pages/edit.php
index 20737a121..9469f5eb9 100644
--- a/mod/pages/views/default/forms/pages/edit.php
+++ b/mod/pages/views/default/forms/pages/edit.php
@@ -6,7 +6,18 @@
*/
$variables = elgg_get_config('pages');
+$user = elgg_get_logged_in_user_entity();
+$entity = elgg_extract('entity', $vars);
+$can_change_access = true;
+if ($user && $entity) {
+ $can_change_access = ($user->isAdmin() || $user->getGUID() == $entity->owner_guid);
+}
+
foreach ($variables as $name => $type) {
+ // don't show read / write access inputs for non-owners or admin when editing
+ if (($type == 'access' || $type == 'write_access') && !$can_change_access) {
+ continue;
+ }
?>
<div>
<label><?php echo elgg_echo("pages:$name") ?></label>
@@ -14,8 +25,8 @@ foreach ($variables as $name => $type) {
if ($type != 'longtext') {
echo '<br />';
}
- ?>
- <?php echo elgg_view("input/$type", array(
+
+ echo elgg_view("input/$type", array(
'name' => $name,
'value' => $vars[$name],
));
diff --git a/mod/thewire/pages/thewire/owner.php b/mod/thewire/pages/thewire/owner.php
index f544aa655..6246c1770 100644
--- a/mod/thewire/pages/thewire/owner.php
+++ b/mod/thewire/pages/thewire/owner.php
@@ -14,10 +14,12 @@ $title = elgg_echo('thewire:user', array($owner->name));
elgg_push_breadcrumb(elgg_echo('thewire'), "thewire/all");
elgg_push_breadcrumb($owner->name);
+$context = '';
if (elgg_get_logged_in_user_guid() == $owner->guid) {
$form_vars = array('class' => 'thewire-form');
$content = elgg_view_form('thewire/add', $form_vars);
$content .= elgg_view('input/urlshortener');
+ $context = 'mine';
}
$content .= elgg_list_entities(array(
@@ -28,7 +30,7 @@ $content .= elgg_list_entities(array(
));
$body = elgg_view_layout('content', array(
- 'filter_context' => 'mine',
+ 'filter_context' => $context,
'content' => $content,
'title' => $title,
'sidebar' => elgg_view('thewire/sidebar'),
diff --git a/mod/thewire/start.php b/mod/thewire/start.php
index ebfe29538..5d5786e2f 100644
--- a/mod/thewire/start.php
+++ b/mod/thewire/start.php
@@ -304,7 +304,7 @@ function thewire_save_post($text, $userid, $access_id, $parent_guid = 0, $method
*/
function thewire_send_response_notification($guid, $parent_guid, $user) {
$parent_owner = get_entity($parent_guid)->getOwnerEntity();
- $user = get_loggedin_user();
+ $user = elgg_get_logged_in_user_entity();
// check to make sure user is not responding to self
if ($parent_owner->guid != $user->guid) {
diff --git a/mod/twitter_api/actions/twitter_api/interstitial_settings.php b/mod/twitter_api/actions/twitter_api/interstitial_settings.php
index 5f742efd8..880623973 100644
--- a/mod/twitter_api/actions/twitter_api/interstitial_settings.php
+++ b/mod/twitter_api/actions/twitter_api/interstitial_settings.php
@@ -6,8 +6,8 @@ elgg_make_sticky_form('twitter_api_interstitial');
$display_name = get_input('display_name');
$email = get_input('email');
-$password_1 = get_input('password_1');
-$password_2 = get_input('password_2');
+$password_1 = get_input('password_1', null, false);
+$password_2 = get_input('password_2', null, false);
if (!$display_name) {
register_error(elgg_echo('twitter_api:interstitial:no_display_name'));
diff --git a/mod/twitter_api/lib/twitter_api.php b/mod/twitter_api/lib/twitter_api.php
index 355123992..fbce00d34 100644
--- a/mod/twitter_api/lib/twitter_api.php
+++ b/mod/twitter_api/lib/twitter_api.php
@@ -109,7 +109,7 @@ function twitter_api_login() {
$user = twitter_api_create_user($twitter);
$site_name = elgg_get_site_entity()->name;
system_message(elgg_echo('twitter_api:login:email', array($site_name)));
- $forward = "twitter_api/intersitial";
+ $forward = "twitter_api/interstitial";
}
// set twitter services tokens
diff --git a/upgrade.php b/upgrade.php
index 6f7126326..963523200 100644
--- a/upgrade.php
+++ b/upgrade.php
@@ -20,7 +20,8 @@ define('UPGRADING', 'upgrading');
require_once(dirname(__FILE__) . "/engine/start.php");
if (get_input('upgrade') == 'upgrade') {
- // disable the core system log for upgrades to avoid exceptions when the schema changes.
+ // disable the system log for upgrades to avoid exceptions when the schema changes.
+ elgg_unregister_event_handler('log', 'systemlog', 'system_log_default_logger');
elgg_unregister_event_handler('all', 'all', 'system_log_listener');
if (elgg_get_unprocessed_upgrades()) {
diff --git a/version.php b/version.php
index dc6897c18..4f028bfd6 100644
--- a/version.php
+++ b/version.php
@@ -11,7 +11,7 @@
// YYYYMMDD = Elgg Date
// XX = Interim incrementer
-$version = 2012012100;
+$version = 2012041801;
// Human-friendly version name
-$release = '1.8.3';
+$release = '1.8.5';
diff --git a/views/default/admin/statistics/server/php.php b/views/default/admin/statistics/server/php.php
index 4a59b95fb..7c6a51383 100644
--- a/views/default/admin/statistics/server/php.php
+++ b/views/default/admin/statistics/server/php.php
@@ -8,6 +8,15 @@ if (!$php_log) {
$php_log = elgg_echo('admin:server:error_log');
}
+$post_max_size = elgg_get_ini_setting_in_bytes('post_max_size');
+$upload_max_filesize = elgg_get_ini_setting_in_bytes('upload_max_filesize');
+
+$post_max_size_warning = '';
+if ($upload_max_filesize > $post_max_size) {
+ // @todo show a link to something like http://nigel.mcnie.name/blog/uploadmaxfilesizepostmaxsize-experimentation ?
+ $post_max_size_warning = elgg_echo('admin:server:warning:post_max_too_small');
+}
+
?>
<table class="elgg-table-alt">
<tr class="odd">
@@ -30,4 +39,12 @@ if (!$php_log) {
<td><b><?php echo elgg_echo('admin:server:label:mem_used'); ?> :</b></td>
<td><?php echo number_format(memory_get_peak_usage()); ?></td>
</tr>
+ <tr class="even">
+ <td><b><?php echo elgg_echo('admin:server:label:post_max_size'); ?> :</b></td>
+ <td><?php echo number_format($post_max_size); ?></td>
+ </tr>
+ <tr class="odd">
+ <td><b><?php echo elgg_echo('admin:server:label:upload_max_filesize'); ?> :</b></td>
+ <td><?php echo number_format($upload_max_filesize) . '&nbsp; ' . $post_max_size_warning; ?></td>
+ </tr>
</table>
diff --git a/views/default/core/avatar/upload.php b/views/default/core/avatar/upload.php
index 29aa59c9c..6f9124192 100644
--- a/views/default/core/avatar/upload.php
+++ b/views/default/core/avatar/upload.php
@@ -12,12 +12,12 @@ $user_avatar = elgg_view('output/img', array(
$current_label = elgg_echo('avatar:current');
-$revert_button = '';
+$remove_button = '';
if ($vars['entity']->icontime) {
- $revert_button = elgg_view('output/url', array(
- 'text' => elgg_echo('revert'),
- 'title' => elgg_echo('avatar:revert'),
- 'href' => 'action/avatar/revert?guid=' . elgg_get_page_owner_guid(),
+ $remove_button = elgg_view('output/url', array(
+ 'text' => elgg_echo('remove'),
+ 'title' => elgg_echo('avatar:remove'),
+ 'href' => 'action/avatar/remove?guid=' . elgg_get_page_owner_guid(),
'is_action' => true,
'class' => 'elgg-button elgg-button-cancel mll',
));
@@ -39,7 +39,7 @@ $image = <<<HTML
<label>$current_label</label><br />
$user_avatar
</div>
-$revert_button
+$remove_button
HTML;
$body = <<<HTML
diff --git a/views/default/core/walled_garden/body.php b/views/default/core/walled_garden/body.php
deleted file mode 100644
index 67d8e0c37..000000000
--- a/views/default/core/walled_garden/body.php
+++ /dev/null
@@ -1,11 +0,0 @@
-<?php
-/**
- * Walled garden body
- */
-
-echo elgg_view('core/walled_garden/login');
-echo elgg_view('core/walled_garden/lost_password');
-
-if (elgg_get_config('allow_registration')) {
- echo elgg_view('core/walled_garden/register');
-}
diff --git a/views/default/core/walled_garden/login.php b/views/default/core/walled_garden/login.php
index 0a8b4a908..42b79607d 100644
--- a/views/default/core/walled_garden/login.php
+++ b/views/default/core/walled_garden/login.php
@@ -14,7 +14,7 @@ $menu = elgg_view_menu('walled_garden', array(
$login_box = elgg_view('core/account/login_box', array('module' => 'walledgarden-login'));
-$content = <<<HTML
+echo <<<HTML
<div class="elgg-col elgg-col-1of2">
<div class="elgg-inner">
<h1 class="elgg-heading-walledgarden">
@@ -29,9 +29,3 @@ $content = <<<HTML
</div>
</div>
HTML;
-
-echo elgg_view_module('walledgarden', '', $content, array(
- 'class' => 'elgg-walledgarden-double',
- 'header' => ' ',
- 'footer' => ' ',
-));
diff --git a/views/default/core/walled_garden/lost_password.php b/views/default/core/walled_garden/lost_password.php
index ce75b558b..82f8caf50 100644
--- a/views/default/core/walled_garden/lost_password.php
+++ b/views/default/core/walled_garden/lost_password.php
@@ -5,15 +5,9 @@
$title = elgg_echo('user:password:lost');
$body = elgg_view_form('user/requestnewpassword');
-$lost = <<<HTML
+echo <<<HTML
<div class="elgg-inner">
<h3>$title</h3>
$body
</div>
HTML;
-
-echo elgg_view_module('walledgarden', '', $lost, array(
- 'class' => 'elgg-walledgarden-single elgg-walledgarden-password hidden',
- 'header' => ' ',
- 'footer' => ' ',
-));
diff --git a/views/default/core/walled_garden/register.php b/views/default/core/walled_garden/register.php
index 7f6aac99b..1ce2f8716 100644
--- a/views/default/core/walled_garden/register.php
+++ b/views/default/core/walled_garden/register.php
@@ -9,15 +9,9 @@ $body = elgg_view_form('register', array(), array(
'invitecode' => get_input('invitecode'),
));
-$content = <<<__HTML
+echo <<<__HTML
<div class="elgg-inner">
<h2>$title</h2>
$body
</div>
__HTML;
-
-echo elgg_view_module('walledgarden', '', $content, array(
- 'class' => 'elgg-walledgarden-single elgg-walledgarden-register hidden',
- 'header' => ' ',
- 'footer' => ' ',
-)); \ No newline at end of file
diff --git a/views/default/css/walled_garden.php b/views/default/css/walled_garden.php
index ea2543587..f6f7f97dc 100644
--- a/views/default/css/walled_garden.php
+++ b/views/default/css/walled_garden.php
@@ -54,8 +54,8 @@ $url = elgg_get_site_url();
padding: 0 8px;
}
-.elgg-walledgarden-single > .elgg-body > .elgg-inner {
- padding: 0 8px;
+.elgg-walledgarden-single > .elgg-body {
+ padding: 0 18px;
}
.elgg-module-walledgarden-login {
@@ -68,7 +68,14 @@ $url = elgg_get_site_url();
}
.elgg-heading-walledgarden {
- color: #666666;
margin-top: 60px;
line-height: 1.1em;
}
+
+h1, h2, h3, h4, h5, h6 {
+ color: #666;
+}
+
+a {
+ color: #999;
+} \ No newline at end of file
diff --git a/views/default/icon/default.php b/views/default/icon/default.php
index 22c20b3a7..087c7eae9 100644
--- a/views/default/icon/default.php
+++ b/views/default/icon/default.php
@@ -34,10 +34,15 @@ if (isset($vars['href'])) {
$url = $vars['href'];
}
+$icon_sizes = elgg_get_config('icon_sizes');
+$size = $vars['size'];
+
$img = elgg_view('output/img', array(
'src' => $entity->getIconURL($vars['size']),
'alt' => $title,
'class' => $class,
+ 'width' => $size != 'master' ? $icon_sizes[$size]['w'] : NULL,
+ 'height' => $size != 'master' ? $icon_sizes[$size]['h'] : NULL,
));
if ($url) {
diff --git a/views/default/js/walled_garden.php b/views/default/js/walled_garden.php
index 46c2934ff..13ec83c04 100644
--- a/views/default/js/walled_garden.php
+++ b/views/default/js/walled_garden.php
@@ -2,9 +2,10 @@
/**
* Walled garden JavaScript
*
- * @todo update for new JS lib
+ * @since 1.8
*/
+// note that this assumes the button view is not using single quotes
$cancel_button = elgg_view('input/button', array(
'value' => elgg_echo('cancel'),
'class' => 'elgg-button-cancel mlm',
@@ -13,28 +14,43 @@ $cancel_button = trim($cancel_button);
?>
-$(document).ready(function() {
+elgg.provide('elgg.walled_garden');
- // add cancel button to inline forms
- $(".elgg-walledgarden-password").find('input.elgg-button-submit').after('<?php echo $cancel_button; ?>');
- $('.elgg-walledgarden-register').find('input.elgg-button-submit').after('<?php echo $cancel_button; ?>');
+elgg.walled_garden.init = function () {
- $(".forgot_link").click(function(event) {
- event.preventDefault();
- $(".elgg-walledgarden-password").fadeToggle();
- });
+ $('.forgot_link').click(elgg.walled_garden.load('lost_password'));
+ $('.registration_link').click(elgg.walled_garden.load('register'));
- $(".registration_link").click(function(event) {
+ $('input.elgg-button-cancel').live('click', function(event) {
+ if ($('.elgg-walledgarden-single').is(':visible')) {
+ $('.elgg-walledgarden-double').fadeToggle();
+ $('.elgg-walledgarden-single').fadeToggle();
+ $('.elgg-walledgarden-single').remove();
+ }
event.preventDefault();
- $(".elgg-walledgarden-register").fadeToggle();
});
+};
- $('input.elgg-button-cancel').click(function(event) {
- if ($(".elgg-walledgarden-password").is(':visible')) {
- $(".forgot_link").click();
- } else if ($('.elgg-walledgarden-register').is(':visible')) {
- $(".registration_link").click();
- }
+/**
+ * Creates a closure for loading walled garden content through ajax
+ *
+ * @param {String} view Name of the walled garden view
+ * @return {Object}
+ */
+elgg.walled_garden.load = function(view) {
+ return function(event) {
+ var id = '#elgg-walledgarden-' + view;
+ id = id.replace('_', '-');
+ elgg.get('walled_garden/' + view, {
+ 'success' : function(data) {
+ $('.elgg-body-walledgarden').append(data);
+ $(id).find('input.elgg-button-submit').after('<?php echo $cancel_button; ?>');
+ $('#elgg-walledgarden-login').fadeToggle();
+ $(id).fadeToggle();
+ },
+ });
event.preventDefault();
- });
-}); \ No newline at end of file
+ };
+};
+
+elgg.register_hook_handler('init', 'system', elgg.walled_garden.init); \ No newline at end of file
diff --git a/views/default/object/plugin.php b/views/default/object/plugin.php
index 2f64cfcc9..5c7138e96 100644
--- a/views/default/object/plugin.php
+++ b/views/default/object/plugin.php
@@ -7,6 +7,10 @@
*
*/
+if (!elgg_in_context('admin')) {
+ forward('/', 403);
+}
+
$plugin = $vars['entity'];
if (!$plugin->isValid()) {
diff --git a/views/default/output/tagcloud.php b/views/default/output/tagcloud.php
index 22b6cf49d..a212becd8 100644
--- a/views/default/output/tagcloud.php
+++ b/views/default/output/tagcloud.php
@@ -47,9 +47,15 @@ if (!empty($vars['tagcloud']) && is_array($vars['tagcloud'])) {
if ($size < 100) {
$size = 100;
}
- $url = elgg_get_site_url()."search?q=". urlencode($tag->tag) . "&search_type=tags$type$subtype";
- $url = elgg_format_url($url);
- $cloud .= "<a href=\"$url\" style=\"font-size: $size%\" title=\"".addslashes($tag->tag)." ($tag->total)\">" . htmlspecialchars($tag->tag, ENT_QUOTES, 'UTF-8') . "</a>";
+ $url = "search?q=". urlencode($tag->tag) . "&search_type=tags$type$subtype";
+
+ $cloud .= elgg_view('output/url', array(
+ 'text' => $tag->tag,
+ 'href' => $url,
+ 'style' => "font-size: $size%;",
+ 'title' => "$tag->tag ($tag->total)",
+ 'rel' => 'tag'
+ ));
}
$cloud .= elgg_view('tagcloud/extend');
diff --git a/views/default/page/elements/comments.php b/views/default/page/elements/comments.php
index ebc7d3df5..cf9b5f08b 100644
--- a/views/default/page/elements/comments.php
+++ b/views/default/page/elements/comments.php
@@ -12,7 +12,7 @@ $show_add_form = elgg_extract('show_add_form', $vars, true);
$id = '';
if (isset($vars['id'])) {
- $id = "id =\"{$vars['id']}\"";
+ $id = "id=\"{$vars['id']}\"";
}
$class = 'elgg-comments';
diff --git a/views/default/page/layouts/walled_garden.php b/views/default/page/layouts/walled_garden.php
new file mode 100644
index 000000000..6ecd941ef
--- /dev/null
+++ b/views/default/page/layouts/walled_garden.php
@@ -0,0 +1,16 @@
+<?php
+/**
+ * Walled Garden layout
+ *
+ * @uses $vars['content'] Main content
+ * @uses $vars['class'] CSS classes
+ * @uses $vars['id'] CSS id
+ */
+
+$class = elgg_extract('class', $vars, 'elgg-walledgarden-single');
+echo elgg_view_module('walledgarden', '', $vars['content'], array(
+ 'class' => $class,
+ 'id' => elgg_extract('id', $vars, ''),
+ 'header' => ' ',
+ 'footer' => ' ',
+));
diff --git a/views/default/river/elements/body.php b/views/default/river/elements/body.php
index 6894b81e2..2cd7f2289 100644
--- a/views/default/river/elements/body.php
+++ b/views/default/river/elements/body.php
@@ -18,7 +18,7 @@ $menu = elgg_view_menu('river', array(
));
// river item header
-$timestamp = elgg_get_friendly_time($item->getPostedTime());
+$timestamp = elgg_view_friendly_time($item->getPostedTime());
$summary = elgg_extract('summary', $vars, elgg_view('river/elements/summary', array('item' => $vars['item'])));
if ($summary === false) {
diff --git a/views/default/river/elements/summary.php b/views/default/river/elements/summary.php
index 84941131f..4402c6f65 100644
--- a/views/default/river/elements/summary.php
+++ b/views/default/river/elements/summary.php
@@ -40,5 +40,14 @@ if ($container instanceof ElggGroup) {
$group_string = elgg_echo('river:ingroup', array($group_link));
}
+// check summary translation keys.
+// will use the $type:$subtype if that's defined, otherwise just uses $type
+$key = "river:$action:$type:$subtype";
+$summary = elgg_echo($key, array($subject_link, $object_link));
+
+if ($summary == $key) {
+ $key = "river:$action:$type";
+ $summary = elgg_echo($key, array($subject_link, $object_link));
+}
-echo elgg_echo("river:$action:$type:$subtype", array($subject_link, $object_link)); \ No newline at end of file
+echo $summary; \ No newline at end of file