diff options
77 files changed, 739 insertions, 276 deletions
diff --git a/.gitignore b/.gitignore index edfede73b..c0bba2c6c 100644 --- a/.gitignore +++ b/.gitignore @@ -1,9 +1,9 @@ +# ignore Elgg configuration /engine/settings.php /.htaccess -/.buildpath -/.settings -/.project /mod/* + +# don't ignore bundled plugins !/mod/blog/ !/mod/bookmarks/ !/mod/categories/ @@ -38,3 +38,17 @@ !/mod/uservalidationbyemail/ !/mod/zaudio/ +# ignore IDE/hidden/OS cache files +.* +*~ +/nbproject +/nb-configuration.xml +Session.vim +*.tmproj +*.tmproject +tmtags +Thumbs.db +Desktop.ini + +# don't ignore travis config +!/.travis.yml diff --git a/CHANGES.txt b/CHANGES.txt index af126c3d3..870c4f57d 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,3 +1,94 @@ +Version 1.8.5 +(May 17, 2012 from https://github.com/Elgg/Elgg/tree/1.8) + + Contributing Developers: + * Brett Profitt + * Evan Winslow + * Sem + * Steve Clay + * Jeroen Dalsem + * Jerome Bakker + + Security Enhancements: + * Fixed possible XSS vulnerability if using a crafted URL. + * Fixed exploit to bypass new user validation if using a crafted form. + * Fixed incorrect caching of access lists that could allow plugins + to show private entities to non-admin and non-owning users. (Non-exploitable) + + Bugfixes: + * Twitter API: New users are forwarded to the correct page after creating + an account with Twitter. + * Files: PDF files are downloaded as "inline" to display in the browser. + * Fixed possible duplication errors when writing metadata with multiple values. + * Fixed possible upgrade issue if using a plugin uses the system_log hooks. + * Fixed problems when enabling more than 50 metadata or annotations. + + API: + * River entries' timestamps use elgg_view_friendly_time() and can be + overridden with the friendly time output view. + +Version 1.8.4 +(April 24, 2012 from https://github.com/Elgg/Elgg/tree/1.8) + + Contributing Developers: + * Adayth Talavera + * Brett Profitt + * Cash Costello + * Evan Winslow + * Ismayil Khayredinov + * Janek Lasocki-Biczysko + * Jerome Baker + * Sem + * Steve Clay + * Webgalli + + Security Enhancements: + * Fixed an issue in the web services auth.get_token endpoint that + would give valid auth tokens to invalid credentials. Thanks to + Christian for reporting this! + * Fixed an that could show which plugins are loaded on a site. + + Enhancements: + * UI: All bundled plugins' list pages display a no content message if there is nothing to list. + * UI: Site default access is limited to core access levels. + * UI: Showing a system message to the admin if plugins are disabled with the "disabled" + magic file. + * UI: Added transparent backgrounds for files and pages icons. + * External (Site) Pages: If in Wall Garden mode, Site Pages use the Walled Garden + theme when logged out. + * UI: Database errors only show the query to admin users. + * UI: Cannot set the data path to a relative path in installation or site settings. + * UI: Cleaned up notifications for bundled plugins. + * UI: Hiding crop button if no avatar is uploaded. + * UI: Bundled plugins are displayed with a gold border in the plugin admin area. + * UI: Can see all the categories a plugin belongs to. + * Web Services: Multiple tokens allowed for users. + * API: More efficient entity loading. + * API: Added IP address to system log. + * API: Languages are cached. + * API: ElggBatch supports disabling offsets for callbacks that delete entities. + * API: Cleaned up the boot process. + * API: Fixed situation in which the cache isn't properly cleared if a file can't be unlinked. + + Bugfixes: + * UI: Tags display in the case they were saved. + * UI: Friendly titles keep -s. + * UI: Removed pagination in friends widget. + * UI: Profile settings actions correctly displays error messages as errors. + * UI: Tag search works for tags with spaces. + * UI: Fixed river display for friending that happens during registration. + * Groups: Link for managing join requests is restored in the sidebar. + * Walled Garden: Cron and web services endpoints are exposed as public sites. + * The Wire: UTF usernames are correctly linked with @ syntax. + * The Wire: No longer selecting the "Mine" tab for users who aren't you. + * Blogs: Notifications restored. + * Message Board: Fixed delete. + * Groups: Forwarding to correct page if trying to access closed group. + * API: entities loaded via elgg_get_entities_from_relationship() have the correct time_created. + * API: Deleting entities recursively works when code is logged out. + * API: Fixed multiple uses of deprecated functions. + + Version 1.8.3 (January 12, 2012 from https://github.com/Elgg/Elgg/tree/1.8) diff --git a/actions/admin/site/update_advanced.php b/actions/admin/site/update_advanced.php index 23d622a62..897a2f983 100644 --- a/actions/admin/site/update_advanced.php +++ b/actions/admin/site/update_advanced.php @@ -17,7 +17,24 @@ if ($site = elgg_get_site_entity()) { $site->url = get_input('wwwroot'); datalist_set('path', sanitise_filepath(get_input('path'))); - datalist_set('dataroot', sanitise_filepath(get_input('dataroot'))); + $dataroot = sanitise_filepath(get_input('dataroot')); + + // check for relative paths + if (stripos(PHP_OS, 'win') === 0) { + if (strpos($dataroot, ':') !== 1) { + $msg = elgg_echo('admin:configuration:dataroot:relative_path', array($dataroot)); + register_error($msg); + forward(REFERER); + } + } else { + if (strpos($dataroot, '/') !== 0) { + $msg = elgg_echo('admin:configuration:dataroot:relative_path', array($dataroot)); + register_error($msg); + forward(REFERER); + } + } + + datalist_set('dataroot', $dataroot); if (get_input('simplecache_enabled')) { elgg_enable_simplecache(); diff --git a/actions/avatar/remove.php b/actions/avatar/remove.php new file mode 100644 index 000000000..cd38e456a --- /dev/null +++ b/actions/avatar/remove.php @@ -0,0 +1,34 @@ +<?php +/** + * Avatar remove action + */ + +$guid = get_input('guid'); +$user = get_entity($guid); +if ($user) { + // Delete all icons from diskspace + $icon_sizes = elgg_get_config('icon_sizes'); + foreach ($icon_sizes as $name => $size_info) { + $file = new ElggFile(); + $file->owner_guid = $guid; + $file->setFilename("profile/{$guid}{$name}.jpg"); + $filepath = $file->getFilenameOnFilestore(); + if (!$file->delete()) { + elgg_log("Avatar file remove failed. Remove $filepath manually, please.", 'WARNING'); + } + } + + // Remove crop coords + unset($user->x1); + unset($user->x2); + unset($user->y1); + unset($user->y2); + + // Remove icon + unset($user->icontime); + system_message(elgg_echo('avatar:remove:success')); +} else { + register_error(elgg_echo('avatar:remove:fail')); +} + +forward(REFERER); diff --git a/actions/avatar/revert.php b/actions/avatar/revert.php deleted file mode 100644 index 8cff40a68..000000000 --- a/actions/avatar/revert.php +++ /dev/null @@ -1,15 +0,0 @@ -<?php -/** - * Avatar revert action - */ - -$guid = get_input('guid'); -$user = get_entity($guid); -if ($user) { - unset($user->icontime); - system_message(elgg_echo('avatar:revert:success')); -} else { - register_error(elgg_echo('avatar:revert:fail')); -} - -forward(REFERER); diff --git a/actions/comments/delete.php b/actions/comments/delete.php index f8458a152..f2c058ff4 100644 --- a/actions/comments/delete.php +++ b/actions/comments/delete.php @@ -12,19 +12,12 @@ if (!elgg_is_logged_in()) { // Make sure we can get the comment in question $annotation_id = (int) get_input('annotation_id'); -if ($comment = elgg_get_annotation_from_id($annotation_id)) { - - $entity = get_entity($comment->entity_guid); - - if ($comment->canEdit()) { - $comment->delete(); - system_message(elgg_echo("generic_comment:deleted")); - forward($entity->getURL()); - } - +$comment = elgg_get_annotation_from_id($annotation_id); +if ($comment && $comment->canEdit()) { + $comment->delete(); + system_message(elgg_echo("generic_comment:deleted")); } else { - $url = ""; + register_error(elgg_echo("generic_comment:notdeleted")); } -register_error(elgg_echo("generic_comment:notdeleted")); forward(REFERER);
\ No newline at end of file diff --git a/actions/login.php b/actions/login.php index 256e78acb..ea7fb3508 100644 --- a/actions/login.php +++ b/actions/login.php @@ -18,9 +18,9 @@ if (isset($_SESSION['last_forward_from']) && $_SESSION['last_forward_from']) { } $username = get_input('username'); -$password = get_input("password"); -$persistent = get_input("persistent", FALSE); -$result = FALSE; +$password = get_input('password', null, false); +$persistent = get_input("persistent", false); +$result = false; if (empty($username) || empty($password)) { register_error(elgg_echo('login:empty')); @@ -28,7 +28,7 @@ if (empty($username) || empty($password)) { } // check if logging in with email address -if (strpos($username, '@') !== FALSE && ($users = get_user_by_email($username))) { +if (strpos($username, '@') !== false && ($users = get_user_by_email($username))) { $username = $users[0]->username; } diff --git a/actions/register.php b/actions/register.php index 360b7cb4b..f23d5b381 100644 --- a/actions/register.php +++ b/actions/register.php @@ -10,8 +10,8 @@ elgg_make_sticky_form('register'); // Get variables $username = get_input('username'); -$password = get_input('password'); -$password2 = get_input('password2'); +$password = get_input('password', null, false); +$password2 = get_input('password2', null, false); $email = get_input('email'); $name = get_input('name'); $friend_guid = (int) get_input('friend_guid', 0); diff --git a/actions/useradd.php b/actions/useradd.php index fdcd7e438..17459021b 100644 --- a/actions/useradd.php +++ b/actions/useradd.php @@ -10,8 +10,8 @@ elgg_make_sticky_form('useradd'); // Get variables $username = get_input('username'); -$password = get_input('password'); -$password2 = get_input('password2'); +$password = get_input('password', null, false); +$password2 = get_input('password2', null, false); $email = get_input('email'); $name = get_input('name'); diff --git a/engine/classes/ElggBatch.php b/engine/classes/ElggBatch.php index 0cb13eb32..c1a77a0d9 100644 --- a/engine/classes/ElggBatch.php +++ b/engine/classes/ElggBatch.php @@ -16,7 +16,7 @@ * * Results from the callback are stored in callbackResult. If the callback * returns only booleans, callbackResults will be the combined result of - * all calls. + * all calls. If no entities are processed, callbackResults will be null. * * If the callback returns anything else, callbackresult will be an indexed * array of whatever the callback returns. If returning error handling diff --git a/engine/classes/ElggEntity.php b/engine/classes/ElggEntity.php index dc38dafbe..77c2bbf4d 100644 --- a/engine/classes/ElggEntity.php +++ b/engine/classes/ElggEntity.php @@ -24,7 +24,6 @@ * * @package Elgg.Core * @subpackage DataModel.Entities - * @link http://docs.elgg.org/DataModel/ElggEntity * * @property string $type object, user, group, or site (read-only after save) * @property string $subtype Further clarifies the nature of the entity (read-only after save) @@ -201,8 +200,11 @@ abstract class ElggEntity extends ElggData implements /** * Sets the value of a property. * - * If $name is defined in $this->attributes that value is set, otherwise it will - * set the appropriate item of metadata. + * If $name is defined in $this->attributes that value is set, otherwise it is + * saved as metadata. + * + * @warning Metadata set this way will inherit the entity's owner and access ID. If you want + * to set metadata with a different owner, use create_metadata(). * * @warning It is important that your class populates $this->attributes with keys * for all base attributes, anything not in their gets set as METADATA. @@ -248,7 +250,12 @@ abstract class ElggEntity extends ElggData implements public function getMetaData($name) { if ((int) ($this->guid) == 0) { if (isset($this->temp_metadata[$name])) { - return $this->temp_metadata[$name]; + // md is returned as an array only if more than 1 entry + if (count($this->temp_metadata[$name]) == 1) { + return $this->temp_metadata[$name][0]; + } else { + return $this->temp_metadata[$name]; + } } else { return null; } @@ -291,80 +298,78 @@ abstract class ElggEntity extends ElggData implements /** * Set a piece of metadata. * - * @tip Plugin authors should use the magic methods. + * Plugin authors should use the magic methods or create_metadata(). + * + * @warning The metadata will inherit the parent entity's owner and access ID. + * If you want to write metadata with a different owner, use create_metadata(). * * @access private * * @param string $name Name of the metadata - * @param mixed $value Value of the metadata + * @param mixed $value Value of the metadata (doesn't support assoc arrays) * @param string $value_type Types supported: integer and string. Will auto-identify if not set * @param bool $multiple Allow multiple values for a single name (doesn't support assoc arrays) * * @return bool */ - public function setMetaData($name, $value, $value_type = "", $multiple = false) { - $delete_first = false; - // if multiple is set that always means don't delete. - // if multiple isn't set it means override. set it to true on arrays for the foreach. - if (!$multiple) { - $delete_first = true; - $multiple = is_array($value); - } - - if (!$this->guid) { - // real metadata only returns as an array if there are multiple elements - if (is_array($value) && count($value) == 1) { - $value = $value[0]; - } + public function setMetaData($name, $value, $value_type = null, $multiple = false) { - $value_is_array = is_array($value); - - if (!isset($this->temp_metadata[$name]) || $delete_first) { - // need to remove the indexes because real metadata doesn't have them. - if ($value_is_array) { - $this->temp_metadata[$name] = array_values($value); - } else { - $this->temp_metadata[$name] = $value; - } - } else { - // multiple is always true at this point. - // if we're setting multiple and temp isn't array, it needs to be. - if (!is_array($this->temp_metadata[$name])) { - $this->temp_metadata[$name] = array($this->temp_metadata[$name]); - } - - if ($value_is_array) { - $this->temp_metadata[$name] = array_merge($this->temp_metadata[$name], array_values($value)); - } else { - $this->temp_metadata[$name][] = $value; - } - } + // normalize value to an array that we will loop over + // remove indexes if value already an array. + if (is_array($value)) { + $value = array_values($value); } else { - if ($delete_first) { + $value = array($value); + } + + // saved entity. persist md to db. + if ($this->guid) { + // if overwriting, delete first. + if (!$multiple) { $options = array( 'guid' => $this->getGUID(), 'metadata_name' => $name, 'limit' => 0 ); - // @todo this doesn't check if it exists so we can't handle failed deletes - // is it worth the overhead of more SQL calls to check? - elgg_delete_metadata($options); - } - // save into real metadata - if (!is_array($value)) { - $value = array($value); + // @todo in 1.9 make this return false if can't add metadata + // http://trac.elgg.org/ticket/4520 + // + // need to remove access restrictions right now to delete + // because this is the expected behavior + $ia = elgg_set_ignore_access(true); + if (false === elgg_delete_metadata($options)) { + return false; + } + elgg_set_ignore_access($ia); } - foreach ($value as $v) { - $result = create_metadata($this->getGUID(), $name, $v, $value_type, - $this->getOwnerGUID(), $this->getAccessId(), $multiple); - if (!$result) { + // add new md + $result = true; + foreach ($value as $value_tmp) { + // at this point $value should be appended because it was cleared above if needed. + $md_id = create_metadata($this->getGUID(), $name, $value_tmp, $value_type, + $this->getOwnerGUID(), $this->getAccessId(), true); + if (!$md_id) { return false; } } + + return $result; } - return true; + // unsaved entity. store in temp array + // returning single entries instead of an array of 1 element is decided in + // getMetaData(), just like pulling from the db. + else { + // if overwrite, delete first + if (!$multiple || !isset($this->temp_metadata[$name])) { + $this->temp_metadata[$name] = array(); + } + + // add new md + $this->temp_metadata[$name] = array_merge($this->temp_metadata[$name], $value); + return true; + } } /** @@ -575,7 +580,6 @@ abstract class ElggEntity extends ElggData implements * @param mixed $value Value of private setting * * @return bool - * @link http://docs.elgg.org/DataModel/Entities/PrivateSettings */ function setPrivateSetting($name, $value) { if ((int) $this->guid > 0) { @@ -734,8 +738,6 @@ abstract class ElggEntity extends ElggData implements * @param string $vartype The type of annotation value * * @return bool - * - * @link http://docs.elgg.org/DataModel/Annotations */ function annotate($name, $value, $access_id = ACCESS_PRIVATE, $owner_id = 0, $vartype = "") { if ((int) $this->guid > 0) { diff --git a/engine/classes/ElggPlugin.php b/engine/classes/ElggPlugin.php index 33f14ae37..8c9093834 100644 --- a/engine/classes/ElggPlugin.php +++ b/engine/classes/ElggPlugin.php @@ -79,6 +79,68 @@ class ElggPlugin extends ElggObject { } /** + * Overridden from ElggEntity and ElggObject::load(). Core always inits plugins with + * a query joined to the objects_entity table, so all the info is there. + * + * @param mixed $guid GUID of an ElggObject or the stdClass object from entities table + * + * @return bool + * @throws InvalidClassException + */ + protected function load($guid) { + + $expected_attributes = $this->attributes; + unset($expected_attributes['tables_split']); + unset($expected_attributes['tables_loaded']); + + // this was loaded with a full join + $needs_loaded = false; + + if ($guid instanceof stdClass) { + $row = (array) $guid; + $missing_attributes = array_diff_key($expected_attributes, $row); + if ($missing_attributes) { + $needs_loaded = true; + $old_guid = $guid; + $guid = $row['guid']; + } else { + $this->attributes = $row; + } + } else { + $needs_loaded = true; + } + + if ($needs_loaded) { + $entity = (array) get_entity_as_row($guid); + $object = (array) get_object_entity_as_row($guid); + + if (!$entity || !$object) { + return false; + } + + $this->attributes = array_merge($this->attributes, $entity, $object); + } + + $this->attributes['tables_loaded'] = 2; + + // Check the type + if ($this->attributes['type'] != 'object') { + $msg = elgg_echo('InvalidClassException:NotValidElggStar', array($guid, get_class())); + throw new InvalidClassException($msg); + } + + // guid needs to be an int http://trac.elgg.org/ticket/4111 + $this->attributes['guid'] = (int)$this->attributes['guid']; + + // cache the entity + if ($this->attributes['guid']) { + cache_entity($this); + } + + return true; + } + + /** * Save the plugin object. Make sure required values exist. * * @see ElggObject::save() diff --git a/engine/classes/ElggSite.php b/engine/classes/ElggSite.php index af3999321..6d07778a9 100644 --- a/engine/classes/ElggSite.php +++ b/engine/classes/ElggSite.php @@ -422,6 +422,7 @@ class ElggSite extends ElggEntity { // default public pages $defaults = array( + 'walled_garden/.*', 'action/login', 'register', 'action/register', diff --git a/engine/lib/access.php b/engine/lib/access.php index 6be252c6a..e8b3b0d52 100644 --- a/engine/lib/access.php +++ b/engine/lib/access.php @@ -31,7 +31,7 @@ function get_access_list($user_id = 0, $site_id = 0, $flush = false) { global $CONFIG, $init_finished; static $access_list; - if (!isset($access_list) || !$init_finished) { + if (!isset($access_list)) { $access_list = array(); } @@ -49,9 +49,16 @@ function get_access_list($user_id = 0, $site_id = 0, $flush = false) { return $access_list[$user_id]; } - $access_list[$user_id] = "(" . implode(",", get_access_array($user_id, $site_id, $flush)) . ")"; + $access = "(" . implode(",", get_access_array($user_id, $site_id, $flush)) . ")"; - return $access_list[$user_id]; + // only cache if done with init and access is enabled (unless admin user) + // session is loaded before init is finished, so don't need to check for user session + if ($init_finished && (elgg_is_admin_logged_in() || !elgg_get_ignore_access())) { + $access_list[$user_id] = $access; + return $access_list[$user_id]; + } else { + return $access; + } } /** @@ -83,7 +90,7 @@ function get_access_array($user_id = 0, $site_id = 0, $flush = false) { // this cache might be redundant. But db cache is flushed on every db write. static $access_array; - if (!isset($access_array) || (!isset($init_finished)) || (!$init_finished)) { + if (!isset($access_array)) { $access_array = array(); } @@ -137,12 +144,12 @@ function get_access_array($user_id = 0, $site_id = 0, $flush = false) { $tmp_access_array[] = ACCESS_PRIVATE; } - $access_array[$user_id] = $tmp_access_array; - } else { - // No user id logged in so we can only access public info - $tmp_return = $tmp_access_array; + // only cache if done with init and access is enabled (unless admin user) + // session is loaded before init is finished, so don't need to check for user session + if ($init_finished && (elgg_is_admin_logged_in() || !elgg_get_ignore_access())) { + $access_array[$user_id] = $tmp_access_array; + } } - } else { $tmp_access_array = $access_array[$user_id]; } @@ -946,7 +953,8 @@ function elgg_get_access_object() { * * @global bool $init_finished * @access private - * @todo investigate why this is needed + * @todo This is required to tell the access system to start caching because + * calls are made while in ignore access mode and before the user is logged in. */ $init_finished = false; @@ -1014,8 +1022,9 @@ function access_test($hook, $type, $value, $params) { return $value; } -// This function will let us know when 'init' has finished -elgg_register_event_handler('init', 'system', 'access_init', 9999); +// Tell the access functions the system has booted, plugins are loaded, +// and the user is logged in so it can start caching +elgg_register_event_handler('ready', 'system', 'access_init'); // For overrided permissions elgg_register_plugin_hook_handler('permissions_check', 'all', 'elgg_override_permissions'); diff --git a/engine/lib/actions.php b/engine/lib/actions.php index c6613e6d6..3a7c02488 100644 --- a/engine/lib/actions.php +++ b/engine/lib/actions.php @@ -273,8 +273,19 @@ function validate_action_token($visibleerrors = TRUE, $token = NULL, $ts = NULL) } else if ($visibleerrors) { register_error(elgg_echo('actiongatekeeper:tokeninvalid')); } - } else if ($visibleerrors) { - register_error(elgg_echo('actiongatekeeper:missingfields')); + } else { + if (! empty($_SERVER['CONTENT_LENGTH']) && empty($_POST)) { + // The size of $_POST or uploaded file has exceed the size limit + $error_msg = elgg_trigger_plugin_hook('action_gatekeeper:upload_exceeded_msg', 'all', array( + 'post_size' => $_SERVER['CONTENT_LENGTH'], + 'visible_errors' => $visibleerrors, + ), elgg_echo('actiongatekeeper:uploadexceeded')); + } else { + $error_msg = elgg_echo('actiongatekeeper:missingfields'); + } + if ($visibleerrors) { + register_error($error_msg); + } } return FALSE; diff --git a/engine/lib/admin.php b/engine/lib/admin.php index 928101fc5..1528d97c5 100644 --- a/engine/lib/admin.php +++ b/engine/lib/admin.php @@ -244,6 +244,7 @@ function admin_init() { elgg_register_action('profile/fields/delete', '', 'admin'); elgg_register_action('profile/fields/reorder', '', 'admin'); + elgg_register_simplecache_view('css/admin'); elgg_register_simplecache_view('js/admin'); $url = elgg_get_simplecache_url('js', 'admin'); elgg_register_js('elgg.admin', $url); diff --git a/engine/lib/annotations.php b/engine/lib/annotations.php index f32dee0f0..2036ccd61 100644 --- a/engine/lib/annotations.php +++ b/engine/lib/annotations.php @@ -95,8 +95,6 @@ $owner_guid = 0, $access_id = ACCESS_PRIVATE) { $entity = get_entity($entity_guid); if (elgg_trigger_event('annotate', $entity->type, $entity)) { - system_log($entity, 'annotate'); - // If ok then add it $result = insert_data("INSERT into {$CONFIG->dbprefix}annotations (entity_guid, name_id, value_id, value_type, owner_guid, time_created, access_id) VALUES @@ -222,7 +220,7 @@ function elgg_delete_annotations(array $options) { } $options['metastring_type'] = 'annotations'; - return elgg_batch_metastring_based_objects($options, 'elgg_batch_delete_callback'); + return elgg_batch_metastring_based_objects($options, 'elgg_batch_delete_callback', false); } /** @@ -240,7 +238,7 @@ function elgg_disable_annotations(array $options) { } $options['metastring_type'] = 'annotations'; - return elgg_batch_metastring_based_objects($options, 'elgg_batch_disable_callback'); + return elgg_batch_metastring_based_objects($options, 'elgg_batch_disable_callback', false); } /** diff --git a/engine/lib/elgglib.php b/engine/lib/elgglib.php index 11bdc7285..db1464bd8 100644 --- a/engine/lib/elgglib.php +++ b/engine/lib/elgglib.php @@ -1053,12 +1053,14 @@ function _elgg_php_exception_handler($exception) { * * @return true * @access private + * @todo Replace error_log calls with elgg_log calls. */ function _elgg_php_error_handler($errno, $errmsg, $filename, $linenum, $vars) { $error = date("Y-m-d H:i:s (T)") . ": \"$errmsg\" in file $filename (line $linenum)"; switch ($errno) { case E_USER_ERROR: + case E_RECOVERABLE_ERROR: // (e.g. type hint violation) error_log("PHP ERROR: $error"); register_error("ERROR: $error"); @@ -1092,8 +1094,8 @@ function _elgg_php_error_handler($errno, $errmsg, $filename, $linenum, $vars) { * * @note No messages will be displayed unless debugging has been enabled. * - * @param str $message User message - * @param str $level NOTICE | WARNING | ERROR | DEBUG + * @param string $message User message + * @param string $level NOTICE | WARNING | ERROR | DEBUG * * @return bool * @since 1.7.0 @@ -2021,8 +2023,14 @@ function elgg_walled_garden_index() { elgg_load_css('elgg.walled_garden'); elgg_load_js('elgg.walled_garden'); - $body = elgg_view('core/walled_garden/body'); + $content = elgg_view('core/walled_garden/login'); + $params = array( + 'content' => $content, + 'class' => 'elgg-walledgarden-double', + 'id' => 'elgg-walledgarden-login', + ); + $body = elgg_view_layout('walled_garden', $params); echo elgg_view_page('', $body, 'walled_garden'); // return true to prevent other plugins from adding a front page @@ -2030,6 +2038,24 @@ function elgg_walled_garden_index() { } /** + * Serve walled garden sections + * + * @param array $page Array of URL segments + * @return string + * @access private + */ +function _elgg_walled_garden_ajax_handler($page) { + $view = $page[0]; + $params = array( + 'content' => elgg_view("core/walled_garden/$view"), + 'class' => 'elgg-walledgarden-single hidden', + 'id' => str_replace('_', '-', "elgg-walledgarden-$view"), + ); + echo elgg_view_layout('walled_garden', $params); + return true; +} + +/** * Checks the status of the Walled Garden and forwards to a login page * if required. * @@ -2049,6 +2075,8 @@ function elgg_walled_garden() { elgg_register_css('elgg.walled_garden', '/css/walled_garden.css'); elgg_register_js('elgg.walled_garden', '/js/walled_garden.js'); + elgg_register_page_handler('walled_garden', '_elgg_walled_garden_ajax_handler'); + // check for external page view if (isset($CONFIG->site) && $CONFIG->site instanceof ElggSite) { $CONFIG->site->checkWalledGarden(); @@ -2111,6 +2139,7 @@ function elgg_init() { elgg_register_js('jquery.easing', 'vendors/jquery/jquery.easing.1.3.packed.js'); elgg_register_js('elgg.avatar_cropper', 'js/lib/ui.avatar_cropper.js'); elgg_register_js('jquery.imgareaselect', 'vendors/jquery/jquery.imgareaselect-0.9.8/scripts/jquery.imgareaselect.min.js'); + elgg_register_js('elgg.ui.river', 'js/lib/ui.river.js'); elgg_register_css('jquery.imgareaselect', 'vendors/jquery/jquery.imgareaselect-0.9.8/css/imgareaselect-deprecated.css'); diff --git a/engine/lib/extender.php b/engine/lib/extender.php index ffd3c1357..43421342c 100644 --- a/engine/lib/extender.php +++ b/engine/lib/extender.php @@ -105,6 +105,7 @@ function import_extender_plugin_hook($hook, $entity_type, $returnvalue, $params) // Save if (!$entity->save()) { + $attr_name = $element->getAttribute('name'); $msg = elgg_echo('ImportException:ProblemUpdatingMeta', array($attr_name, $entity_uuid)); throw new ImportException($msg); } @@ -120,7 +121,7 @@ function import_extender_plugin_hook($hook, $entity_type, $returnvalue, $params) * @param string $type 'metadata' or 'annotation' * @param int $user_guid The GUID of the user * - * @return true|false + * @return bool */ function can_edit_extender($extender_id, $type, $user_guid = 0) { if (!elgg_is_logged_in()) { @@ -155,7 +156,7 @@ function can_edit_extender($extender_id, $type, $user_guid = 0) { } // Trigger plugin hooks - $params = array('entity' => $entity, 'user' => $user); + $params = array('entity' => $extender->getEntity(), 'user' => $user); return elgg_trigger_plugin_hook('permissions_check', $type, $params, false); } diff --git a/engine/lib/languages.php b/engine/lib/languages.php index bf6829a39..7a508d298 100644 --- a/engine/lib/languages.php +++ b/engine/lib/languages.php @@ -344,7 +344,7 @@ function get_missing_language_keys($language) { */ function elgg_languages_init() { $lang = get_current_language(); - elgg_register_simplecache_view("cache/js/languages/$lang"); + elgg_register_simplecache_view("js/languages/$lang"); } elgg_register_event_handler('init', 'system', 'elgg_languages_init'); diff --git a/engine/lib/metadata.php b/engine/lib/metadata.php index 34a36d86e..0ff3a43dc 100644 --- a/engine/lib/metadata.php +++ b/engine/lib/metadata.php @@ -297,6 +297,8 @@ function elgg_get_metadata(array $options = array()) { * This requires at least one constraint: metadata_owner_guid(s), * metadata_name(s), metadata_value(s), or guid(s) must be set. * + * @warning This returns null on no ops. + * * @param array $options An options array. {@see elgg_get_metadata()} * @return mixed Null if the metadata name is invalid. Bool on success or fail. * @since 1.8.0 @@ -307,8 +309,7 @@ function elgg_delete_metadata(array $options) { } $options['metastring_type'] = 'metadata'; - $result = elgg_batch_metastring_based_objects($options, 'elgg_batch_delete_callback'); - return $result; + return elgg_batch_metastring_based_objects($options, 'elgg_batch_delete_callback', false); } /** @@ -316,6 +317,8 @@ function elgg_delete_metadata(array $options) { * * @warning Unlike elgg_get_metadata() this will not accept an empty options array! * + * @warning This returns null on no ops. + * * @param array $options An options array. {@See elgg_get_metadata()} * @return mixed * @since 1.8.0 @@ -326,7 +329,7 @@ function elgg_disable_metadata(array $options) { } $options['metastring_type'] = 'metadata'; - return elgg_batch_metastring_based_objects($options, 'elgg_batch_disable_callback'); + return elgg_batch_metastring_based_objects($options, 'elgg_batch_disable_callback', false); } /** @@ -334,6 +337,8 @@ function elgg_disable_metadata(array $options) { * * @warning Unlike elgg_get_metadata() this will not accept an empty options array! * + * @warning This returns null on no ops. + * * @param array $options An options array. {@See elgg_get_metadata()} * @return mixed * @since 1.8.0 diff --git a/engine/lib/metastrings.php b/engine/lib/metastrings.php index d7cc4e0bc..cf6dd4d98 100644 --- a/engine/lib/metastrings.php +++ b/engine/lib/metastrings.php @@ -716,22 +716,23 @@ function elgg_set_metastring_based_object_enabled_by_id($id, $enabled, $type) { * @warning Unlike elgg_get_metastring_based_objects() this will not accept an * empty options array! * - * @param array $options An options array. {@See elgg_get_metastring_based_objects()} - * @param string $callback The callback to pass each result through - * @return mixed + * @warning This returns null on no ops. + * + * @param array $options An options array. {@See elgg_get_metastring_based_objects()} + * @param string $callback The callback to pass each result through + * @param bool $inc_offset Increment the offset? Pass false for callbacks that delete / disable + * + * @return bool|null true on success, false on failure, null if no objects are found. * @since 1.8.0 * @access private */ -function elgg_batch_metastring_based_objects(array $options, $callback) { +function elgg_batch_metastring_based_objects(array $options, $callback, $inc_offset = true) { if (!$options || !is_array($options)) { return false; } - // @todo restore once ElggBatch supports callbacks that delete rows. - $batch = new ElggBatch('elgg_get_metastring_based_objects', $options, $callback, 50, false); - $r = $batch->callbackResult; - - return $r; + $batch = new ElggBatch('elgg_get_metastring_based_objects', $options, $callback, 50, $inc_offset); + return $batch->callbackResult; } /** diff --git a/engine/lib/plugins.php b/engine/lib/plugins.php index 123fb18d8..39a76db5d 100644 --- a/engine/lib/plugins.php +++ b/engine/lib/plugins.php @@ -93,10 +93,13 @@ function elgg_get_plugin_ids_in_dir($dir = null) { function elgg_generate_plugin_entities() { $site = get_config('site'); $dir = elgg_get_plugins_path(); + $db_prefix = elgg_get_config('dbprefix'); $options = array( 'type' => 'object', 'subtype' => 'plugin', + 'selects' => array('plugin_oe.*'), + 'joins' => array("JOIN {$db_prefix}objects_entity plugin_oe on plugin_oe.guid = e.guid"), 'limit' => ELGG_ENTITIES_NO_VALUE ); @@ -352,7 +355,11 @@ function elgg_get_plugins($status = 'active', $site_guid = null) { 'type' => 'object', 'subtype' => 'plugin', 'limit' => ELGG_ENTITIES_NO_VALUE, - 'joins' => array("JOIN {$db_prefix}private_settings ps on ps.entity_guid = e.guid"), + 'selects' => array('plugin_oe.*'), + 'joins' => array( + "JOIN {$db_prefix}private_settings ps on ps.entity_guid = e.guid", + "JOIN {$db_prefix}objects_entity plugin_oe on plugin_oe.guid = e.guid" + ), 'wheres' => array("ps.name = '$priority'"), 'order_by' => "CAST(ps.value as unsigned), e.guid" ); diff --git a/engine/lib/relationships.php b/engine/lib/relationships.php index fabe2d2d6..f50c4a485 100644 --- a/engine/lib/relationships.php +++ b/engine/lib/relationships.php @@ -290,7 +290,7 @@ function elgg_get_entities_from_relationship($options) { $options['selects'] = array(); } - $select = array('r.*'); + $select = array('r.id'); $options['selects'] = array_merge($options['selects'], $select); } diff --git a/engine/lib/river.php b/engine/lib/river.php index 547d9495e..711832f70 100644 --- a/engine/lib/river.php +++ b/engine/lib/river.php @@ -55,7 +55,7 @@ $posted = 0, $annotation_id = 0) { $posted = sanitise_int($posted); $annotation_id = sanitise_int($annotation_id); - $params = array( + $values = array( 'type' => $type, 'subtype' => $subtype, 'action_type' => $action_type, @@ -68,13 +68,13 @@ $posted = 0, $annotation_id = 0) { ); // return false to stop insert - $params = elgg_trigger_plugin_hook('creating', 'river', null, $params); - if ($params == false) { + $values = elgg_trigger_plugin_hook('creating', 'river', null, $values); + if ($values == false) { // inserting did not fail - it was just prevented return true; } - extract($params); + extract($values); // Attempt to save river item; return success status $id = insert_data("insert into {$CONFIG->dbprefix}river " . diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php index 9982d9fe8..419d36707 100644 --- a/engine/lib/sessions.php +++ b/engine/lib/sessions.php @@ -127,6 +127,10 @@ function elgg_is_admin_user($user_guid) { /** * Perform user authentication with a given username and password. * + * @warning This returns an error message on failure. Use the identical operator to check + * for access: if (true === elgg_authenticate()) { ... }. + * + * * @see login * * @param string $username The username diff --git a/engine/lib/upgrades/2012041800-1.8.3-dont_filter_passwords-c0ca4a18b38ae2bc.php b/engine/lib/upgrades/2012041800-1.8.3-dont_filter_passwords-c0ca4a18b38ae2bc.php new file mode 100644 index 000000000..b82ffbebf --- /dev/null +++ b/engine/lib/upgrades/2012041800-1.8.3-dont_filter_passwords-c0ca4a18b38ae2bc.php @@ -0,0 +1,11 @@ +<?php +/** + * Elgg 1.8.3 upgrade 2012041800 + * dont_filter_passwords + * + * Add admin notice that password handling has changed and if + * users can't login to have them reset their passwords. + */ +elgg_add_admin_notice('dont_filter_passwords', 'Password handling has been updated to be more secure and flexible. ' + . 'This change may prevent a small number of users from logging in with their existing passwords. ' + . 'If a user is unable to log in, please advise him or her to reset their password, or reset it as an admin user.'); diff --git a/engine/lib/upgrades/2012041801-1.8.3-multiple_user_tokens-852225f7fd89f6c5.php b/engine/lib/upgrades/2012041801-1.8.3-multiple_user_tokens-852225f7fd89f6c5.php new file mode 100644 index 000000000..07732f261 --- /dev/null +++ b/engine/lib/upgrades/2012041801-1.8.3-multiple_user_tokens-852225f7fd89f6c5.php @@ -0,0 +1,13 @@ +<?php +/** + * Elgg 1.8.3 upgrade 2012041801 + * multiple_user_tokens + * + * Fixes http://trac.elgg.org/ticket/4291 + * Removes the unique index on users_apisessions for user_guid and site_guid + */ + +$db_prefix = elgg_get_config('dbprefix'); +$q = "ALTER TABLE {$db_prefix}users_apisessions DROP INDEX user_guid, + ADD INDEX user_guid (user_guid, site_guid)"; +update_data($q);
\ No newline at end of file diff --git a/engine/lib/user_settings.php b/engine/lib/user_settings.php index af30d8f0d..e4069fb53 100644 --- a/engine/lib/user_settings.php +++ b/engine/lib/user_settings.php @@ -33,9 +33,9 @@ function users_settings_save() { * @access private */ function elgg_set_user_password() { - $current_password = get_input('current_password'); - $password = get_input('password'); - $password2 = get_input('password2'); + $current_password = get_input('current_password', null, false); + $password = get_input('password', null, false); + $password2 = get_input('password2', null, false); $user_guid = get_input('guid'); if (!$user_guid) { diff --git a/engine/lib/users.php b/engine/lib/users.php index 79a054938..241b524f9 100644 --- a/engine/lib/users.php +++ b/engine/lib/users.php @@ -975,8 +975,8 @@ $allow_multiple_emails = false, $friend_guid = 0, $invitecode = '') { $friend_user->addFriend($user->guid); // @todo Should this be in addFriend? - add_to_river('friends/river/create', 'friend', $user->getGUID(), $friend_guid); - add_to_river('friends/river/create', 'friend', $friend_guid, $user->getGUID()); + add_to_river('river/relationship/friend/create', 'friend', $user->getGUID(), $friend_guid); + add_to_river('river/relationship/friend/create', 'friend', $friend_guid, $user->getGUID()); } } } @@ -1557,12 +1557,12 @@ function users_init() { elgg_register_plugin_hook_handler('register', 'menu:user_hover', 'elgg_user_hover_menu'); elgg_register_action('register', '', 'public'); - elgg_register_action('useradd', '', 'public'); + elgg_register_action('useradd', '', 'admin'); elgg_register_action('friends/add'); elgg_register_action('friends/remove'); elgg_register_action('avatar/upload'); elgg_register_action('avatar/crop'); - elgg_register_action('avatar/revert'); + elgg_register_action('avatar/remove'); elgg_register_action('profile/edit'); elgg_register_action('friends/collections/add'); diff --git a/engine/lib/views.php b/engine/lib/views.php index ca0ce7196..1b013be6f 100644 --- a/engine/lib/views.php +++ b/engine/lib/views.php @@ -103,7 +103,10 @@ function elgg_get_viewtype() { $viewtype = get_input('view', NULL); if ($viewtype) { - return $viewtype; + // only word characters allowed. + if (!preg_match('[\W]', $viewtype)) { + return $viewtype; + } } if (isset($CONFIG->view) && !empty($CONFIG->view)) { diff --git a/engine/lib/web_services.php b/engine/lib/web_services.php index 07be76ec6..da3ed76a9 100644 --- a/engine/lib/web_services.php +++ b/engine/lib/web_services.php @@ -1165,7 +1165,7 @@ function list_all_apis() { * @access private */ function auth_gettoken($username, $password) { - if (elgg_authenticate($username, $password)) { + if (true === elgg_authenticate($username, $password)) { $token = create_user_token($username); if ($token) { return $token; diff --git a/engine/tests/api/metadata.php b/engine/tests/api/metadata.php index be8ac269c..2461e975e 100644 --- a/engine/tests/api/metadata.php +++ b/engine/tests/api/metadata.php @@ -124,6 +124,80 @@ class ElggCoreMetadataAPITest extends ElggCoreUnitTest { $e->delete(); } + // Make sure metadata with multiple values is correctly deleted when re-written + // by another user + // http://trac.elgg.org/ticket/2776 + public function test_elgg_metadata_multiple_values() { + $u1 = new ElggUser(); + $u1->username = rand(); + $u1->save(); + + $u2 = new ElggUser(); + $u2->username = rand(); + $u2->save(); + + $obj = new ElggObject(); + $obj->owner_guid = $u1->guid; + $obj->container_guid = $u1->guid; + $obj->access_id = ACCESS_PUBLIC; + $obj->save(); + + $md_values = array( + 'one', + 'two', + 'three' + ); + + // need to fake different logins. + // good times without mocking. + $original_user = elgg_get_logged_in_user_entity(); + $_SESSION['user'] = $u1; + + elgg_set_ignore_access(false); + + // add metadata as one user + $obj->test = $md_values; + + // check only these md exists + $db_prefix = elgg_get_config('dbprefix'); + $q = "SELECT * FROM {$db_prefix}metadata WHERE entity_guid = $obj->guid"; + $data = get_data($q); + + $this->assertEqual(count($md_values), count($data)); + foreach ($data as $md_row) { + $md = elgg_get_metadata_from_id($md_row->id); + $this->assertTrue(in_array($md->value, $md_values)); + $this->assertEqual('test', $md->name); + } + + // add md w/ same name as a different user + $_SESSION['user'] = $u2; + $md_values2 = array( + 'four', + 'five', + 'six', + 'seven' + ); + + $obj->test = $md_values2; + + $q = "SELECT * FROM {$db_prefix}metadata WHERE entity_guid = $obj->guid"; + $data = get_data($q); + + $this->assertEqual(count($md_values2), count($data)); + foreach ($data as $md_row) { + $md = elgg_get_metadata_from_id($md_row->id); + $this->assertTrue(in_array($md->value, $md_values2)); + $this->assertEqual('test', $md->name); + } + + $_SESSION['user'] = $original_user; + + $obj->delete(); + $u1->delete(); + $u2->delete(); + } + protected function create_metastring($string) { global $CONFIG, $METASTRINGS_CACHE, $METASTRINGS_DEADNAME_CACHE; diff --git a/engine/tests/objects/entities.php b/engine/tests/objects/entities.php index a4dc7946c..248b85c9e 100644 --- a/engine/tests/objects/entities.php +++ b/engine/tests/objects/entities.php @@ -98,7 +98,7 @@ class ElggCoreEntityTest extends ElggCoreUnitTest { // check internal metadata array $metadata = $this->entity->expose_metadata(); - $this->assertIdentical($metadata['existent'], 'testing'); + $this->assertIdentical($metadata['existent'], array('testing')); } public function testElggEnityGetAndSetAnnotations() { diff --git a/js/lib/ui.river.js b/js/lib/ui.river.js new file mode 100644 index 000000000..a56a664a4 --- /dev/null +++ b/js/lib/ui.river.js @@ -0,0 +1,14 @@ +elgg.provide('elgg.ui.river');
+
+elgg.ui.river.init = function() {
+ $('#elgg-river-selector').change(function() {
+ var url = window.location.href;
+ if (window.location.search.length) {
+ url = url.substring(0, url.indexOf('?'));
+ }
+ url += '?' + $(this).val();
+ elgg.forward(url);
+ });
+};
+
+elgg.register_hook_handler('init', 'system', elgg.ui.river.init);
\ No newline at end of file diff --git a/languages/en.php b/languages/en.php index 25edfa149..81852107b 100644 --- a/languages/en.php +++ b/languages/en.php @@ -367,7 +367,7 @@ $english = array( 'avatar:preview' => 'Preview', 'avatar:upload' => 'Upload a new avatar', 'avatar:current' => 'Current avatar', - 'avatar:revert' => 'Revert your avatar to the default icon', + 'avatar:remove' => 'Remove your avatar and set the default icon', 'avatar:crop:title' => 'Avatar cropping tool', 'avatar:upload:instructions' => "Your avatar is displayed throughout the site. You can change it as often as you'd like. (File formats accepted: GIF, JPG or PNG)", 'avatar:create:instructions' => 'Click and drag a square below to match how you want your avatar cropped. A preview will appear in the box on the right. When you are happy with the preview, click \'Create your avatar\'. This cropped version will be used throughout the site as your avatar.', @@ -376,8 +376,8 @@ $english = array( 'avatar:resize:fail' => 'Resize of the avatar failed', 'avatar:crop:success' => 'Cropping the avatar succeeded', 'avatar:crop:fail' => 'Avatar cropping failed', - 'avatar:revert:success' => 'Reverting the avatar succeeded', - 'avatar:revert:fail' => 'Avatar revert failed', + 'avatar:remove:success' => 'Removing the avatar succeeded', + 'avatar:remove:fail' => 'Avatar remove failed', 'profile:edit' => 'Edit profile', 'profile:aboutme' => "About me", @@ -412,6 +412,8 @@ $english = array( 'profile:explainchangefields' => "You can replace the existing profile fields with your own using the form below. \n\n Give the new profile field a label, for example, 'Favorite team', then select the field type (eg. text, url, tags), and click the 'Add' button. To re-order the fields drag on the handle next to the field label. To edit a field label - click on the label's text to make it editable. \n\n At any time you can revert back to the default profile set up, but you will lose any information already entered into custom fields on profile pages.", 'profile:editdefault:success' => 'New profile field added', 'profile:editdefault:fail' => 'Default profile could not be saved', + 'profile:field_too_long' => 'Cannot save your profile information because the "%s" section is too long.', + 'profile:noaccess' => "You do not have permission to edit this profile.", /** @@ -563,6 +565,7 @@ $english = array( 'admin:configuration:success' => "Your settings have been saved.", 'admin:configuration:fail' => "Your settings could not be saved.", + 'admin:configuration:dataroot:relative_path' => 'Cannot set "%s" as the dataroot because it is not an absolute path.', 'admin:unknown_section' => 'Invalid Admin Section.', @@ -667,7 +670,7 @@ $english = array( /** * Plugins */ - 'plugins:disabled' => 'Plugins are being loaded because a file named "disabled" is in the mod directory.', + 'plugins:disabled' => 'Plugins are not being loaded because a file named "disabled" is in the mod directory.', 'plugins:settings:save:ok' => "Settings for the %s plugin were saved successfully.", 'plugins:settings:save:fail' => "There was a problem saving settings for the %s plugin.", 'plugins:usersettings:save:ok' => "User settings for the %s plugin were saved successfully.", @@ -741,6 +744,9 @@ $english = array( 'admin:server:label:mem_avail' => 'Memory available', 'admin:server:label:mem_used' => 'Memory used', 'admin:server:error_log' => "Web server's error log", + 'admin:server:label:post_max_size' => 'POST maximum size', + 'admin:server:label:upload_max_filesize' => 'Upload maximum size', + 'admin:server:warning:post_max_too_small' => '(Note: post_max_size must be larger than this value to support uploads of this size)', 'admin:user:label:search' => "Find users:", 'admin:user:label:searchbutton' => "Search", @@ -808,7 +814,7 @@ $english = array( */ 'river:all' => 'All Site Activity', 'river:mine' => 'My Activity', - 'river:friends' => 'Friends Activty', + 'river:friends' => 'Friends Activity', 'river:select' => 'Show %s', 'river:comments:more' => '+%u more', 'river:generic_comment' => 'commented on %s %s', @@ -861,6 +867,7 @@ $english = array( 'new' => 'New', 'add' => 'Add', 'create' => 'Create', + 'remove' => 'Remove', 'revert' => 'Revert', 'site' => 'Site', @@ -934,6 +941,7 @@ $english = array( */ 'deleteconfirm' => "Are you sure you want to delete this item?", + 'deleteconfirm:plural' => "Are you sure you want to delete these items?", 'fileexists' => "A file has already been uploaded. To replace it, select it below:", /** @@ -1171,6 +1179,7 @@ You cannot reply to this email.", 'actiongatekeeper:tokeninvalid' => "We encountered an error (token mismatch). This probably means that the page you were using expired.", 'actiongatekeeper:timeerror' => 'The page you were using has expired. Please refresh and try again.', 'actiongatekeeper:pluginprevents' => 'A extension has prevented this form from being submitted.', + 'actiongatekeeper:uploadexceeded' => 'The size of file(s) uploaded exceeded the limit set by your site administrator', /** diff --git a/mod/blog/start.php b/mod/blog/start.php index 73056f1c9..9faf1794e 100644 --- a/mod/blog/start.php +++ b/mod/blog/start.php @@ -60,7 +60,7 @@ function blog_init() { elgg_extend_view('groups/tool_latest', 'blog/group_module'); // add a blog widget - elgg_register_widget_type('blog', elgg_echo('blog'), elgg_echo('blog:widget:description'), 'profile'); + elgg_register_widget_type('blog', elgg_echo('blog'), elgg_echo('blog:widget:description')); // register actions $action_path = elgg_get_plugins_path() . 'blog/actions/blog'; diff --git a/mod/blog/views/default/object/blog.php b/mod/blog/views/default/object/blog.php index aa8074a69..4403a6006 100644 --- a/mod/blog/views/default/object/blog.php +++ b/mod/blog/views/default/object/blog.php @@ -27,7 +27,6 @@ $owner_link = elgg_view('output/url', array( 'is_trusted' => true, )); $author_text = elgg_echo('byline', array($owner_link)); -$tags = elgg_view('output/tags', array('tags' => $blog->tags)); $date = elgg_view_friendly_time($blog->time_created); // The "on" status changes for comments, so best to check for !Off @@ -74,7 +73,6 @@ if ($full) { 'title' => false, 'metadata' => $metadata, 'subtitle' => $subtitle, - 'tags' => $tags, ); $params = $params + $vars; $summary = elgg_view('object/elements/summary', $params); @@ -92,7 +90,6 @@ if ($full) { 'entity' => $blog, 'metadata' => $metadata, 'subtitle' => $subtitle, - 'tags' => $tags, 'content' => $excerpt, ); $params = $params + $vars; diff --git a/mod/bookmarks/views/default/object/bookmarks.php b/mod/bookmarks/views/default/object/bookmarks.php index 89a0d03e0..83bae2b13 100644 --- a/mod/bookmarks/views/default/object/bookmarks.php +++ b/mod/bookmarks/views/default/object/bookmarks.php @@ -27,7 +27,6 @@ $owner_link = elgg_view('output/url', array( )); $author_text = elgg_echo('byline', array($owner_link)); -$tags = elgg_view('output/tags', array('tags' => $bookmark->tags)); $date = elgg_view_friendly_time($bookmark->time_created); $comments_count = $bookmark->countComments(); @@ -64,7 +63,6 @@ if ($full && !elgg_in_context('gallery')) { 'title' => false, 'metadata' => $metadata, 'subtitle' => $subtitle, - 'tags' => $tags, ); $params = $params + $vars; $summary = elgg_view('object/elements/summary', $params); @@ -120,7 +118,6 @@ HTML; 'entity' => $bookmark, 'metadata' => $metadata, 'subtitle' => $subtitle, - 'tags' => $tags, 'content' => $content, ); $params = $params + $vars; diff --git a/mod/categories/languages/en.php b/mod/categories/languages/en.php index eaa65b13e..422fe81a4 100644 --- a/mod/categories/languages/en.php +++ b/mod/categories/languages/en.php @@ -9,7 +9,7 @@ $english = array( 'categories:explanation' => 'To set some predefined site-wide categories that will be used throughout your system, enter them below, separated with commas. Compatible tools will then display them when the user creates or edits content.', 'categories:save:success' => 'Site categories were successfully saved.', 'categories:results' => "Results for the site category: %s", - 'categories:on_activate_reminder' => "Site-wide Cateogires won't work until you add categories. <a href=\"%s\">Add categories now.</a>", + 'categories:on_activate_reminder' => "Site-wide Categories won't work until you add categories. <a href=\"%s\">Add categories now.</a>", ); add_translation("en", $english);
\ No newline at end of file diff --git a/mod/embed/manifest.xml b/mod/embed/manifest.xml index 46ab2df9e..81ca9194e 100644 --- a/mod/embed/manifest.xml +++ b/mod/embed/manifest.xml @@ -13,10 +13,10 @@ <type>elgg_release</type> <version>1.8</version> </requires> - <suggests> + <requires> <type>plugin</type> <name>file</name> <version>1.8.1</version> - </suggests> + </requires> <activate_on_install>true</activate_on_install> </plugin_manifest> diff --git a/mod/externalpages/start.php b/mod/externalpages/start.php index 152a8b4d9..74da7f828 100644 --- a/mod/externalpages/start.php +++ b/mod/externalpages/start.php @@ -77,9 +77,16 @@ function expages_page_handler($page, $handler) { } else { $content .= elgg_echo("expages:notset"); } + $content = elgg_view('expages/wrapper', array('content' => $content)); - $body = elgg_view_layout("one_sidebar", array('content' => $content)); - echo elgg_view_page($title, $body); + if (elgg_is_logged_in() || !elgg_get_config('walled_garden')) { + $body = elgg_view_layout('one_sidebar', array('content' => $content)); + echo elgg_view_page($title, $body); + } else { + elgg_load_css('elgg.walled_garden'); + $body = elgg_view_layout('walled_garden', array('content' => $content)); + echo elgg_view_page($title, $body, 'walled_garden'); + } return true; } diff --git a/mod/externalpages/views/default/expages/wrapper.php b/mod/externalpages/views/default/expages/wrapper.php new file mode 100644 index 000000000..8eb0b2f84 --- /dev/null +++ b/mod/externalpages/views/default/expages/wrapper.php @@ -0,0 +1,16 @@ +<?php +/** + * Wrapper for site pages content area + * + * @uses $vars['content'] + */ + +echo $vars['content']; + +echo '<div class="mtm">'; +echo elgg_view('output/url', array( + 'text' => 'Back', + 'href' => $_SERVER['HTTP_REFERER'], + 'class' => 'float-alt' +)); +echo '</div>'; diff --git a/mod/file/pages/file/download.php b/mod/file/pages/file/download.php index 00e6d500e..76c1f1272 100644 --- a/mod/file/pages/file/download.php +++ b/mod/file/pages/file/download.php @@ -26,7 +26,7 @@ $filename = $file->originalfilename; header("Pragma: public"); header("Content-type: $mime"); -if (strpos($mime, "image/") !== false) { +if (strpos($mime, "image/") !== false || $mime == "application/pdf") { header("Content-Disposition: inline; filename=\"$filename\""); } else { header("Content-Disposition: attachment; filename=\"$filename\""); diff --git a/mod/file/views/default/object/file.php b/mod/file/views/default/object/file.php index 1db9863c9..b3f530183 100644 --- a/mod/file/views/default/object/file.php +++ b/mod/file/views/default/object/file.php @@ -28,7 +28,6 @@ $author_text = elgg_echo('byline', array($owner_link)); $file_icon = elgg_view_entity_icon($file, 'small'); -$tags = elgg_view('output/tags', array('tags' => $file->tags)); $date = elgg_view_friendly_time($file->time_created); $comments_count = $file->countComments(); @@ -71,7 +70,6 @@ if ($full && !elgg_in_context('gallery')) { 'entity' => $file, 'metadata' => $metadata, 'subtitle' => $subtitle, - 'tags' => $tags, ); $params = $params + $vars; $summary = elgg_view('object/elements/summary', $params); @@ -100,7 +98,6 @@ if ($full && !elgg_in_context('gallery')) { 'entity' => $file, 'metadata' => $metadata, 'subtitle' => $subtitle, - 'tags' => $tags, 'content' => $excerpt, ); $params = $params + $vars; diff --git a/mod/groups/icon.php b/mod/groups/icon.php index 104da4b41..f86f84fa5 100644 --- a/mod/groups/icon.php +++ b/mod/groups/icon.php @@ -35,7 +35,7 @@ if ($filehandler->open("read")) { } if (!$success) { - $location = elgg_get_plugins_path() . "groups/graphics/default{$size}.jpg"; + $location = elgg_get_plugins_path() . "groups/graphics/default{$size}.gif"; $contents = @file_get_contents($location); } diff --git a/mod/groups/views/default/group/default.php b/mod/groups/views/default/group/default.php index 6eae467c6..d9460dff4 100644 --- a/mod/groups/views/default/group/default.php +++ b/mod/groups/views/default/group/default.php @@ -22,10 +22,9 @@ if (elgg_in_context('owner_block') || elgg_in_context('widgets')) { if ($vars['full_view']) { - echo elgg_view("groups/profile/profile_block", $vars); + echo elgg_view('groups/profile/summary', $vars); } else { // brief view - $params = array( 'entity' => $group, 'metadata' => $metadata, diff --git a/mod/groups/views/default/groups/sidebar/members.php b/mod/groups/views/default/groups/sidebar/members.php index 49f14697c..11273d0e6 100644 --- a/mod/groups/views/default/groups/sidebar/members.php +++ b/mod/groups/views/default/groups/sidebar/members.php @@ -8,7 +8,7 @@ * @uses $vars['limit'] The number of members to display */ -$limit = elgg_extract('limit', $vars, 10); +$limit = elgg_extract('limit', $vars, 14); $all_link = elgg_view('output/url', array( 'href' => 'groups/members/' . $vars['entity']->guid, @@ -24,6 +24,7 @@ $body = elgg_list_entities_from_relationship(array( 'limit' => $limit, 'list_type' => 'gallery', 'gallery_class' => 'elgg-gallery-users', + 'pagination' => false )); $body .= "<div class='center mts'>$all_link</div>"; diff --git a/mod/messages/views/default/forms/messages/process.php b/mod/messages/views/default/forms/messages/process.php index f86c3217a..cb30792e9 100644 --- a/mod/messages/views/default/forms/messages/process.php +++ b/mod/messages/views/default/forms/messages/process.php @@ -19,10 +19,12 @@ echo $messages; echo '</div>'; echo '<div class="elgg-foot messages-buttonbank">'; + echo elgg_view('input/submit', array( 'value' => elgg_echo('delete'), 'name' => 'delete', - 'class' => 'elgg-button-delete', + 'class' => 'elgg-button-delete elgg-requires-confirmation', + 'title' => elgg_echo('deleteconfirm:plural'), )); if ($vars['folder'] == "inbox") { diff --git a/mod/pages/actions/pages/delete.php b/mod/pages/actions/pages/delete.php index dfa0de98d..7a314a280 100644 --- a/mod/pages/actions/pages/delete.php +++ b/mod/pages/actions/pages/delete.php @@ -9,8 +9,9 @@ $guid = get_input('guid'); $page = get_entity($guid); -if ($page) { - if ($page->canEdit()) { +if (elgg_instanceof($page, 'object', 'page') || elgg_instanceof($page, 'object', 'page_top')) { + // only allow owners and admin to delete + if (elgg_is_admin_logged_in() || elgg_get_logged_in_user_guid() == $page->getOwnerGuid()) { $container = get_entity($page->container_guid); // Bring all child elements forward diff --git a/mod/pages/actions/pages/edit.php b/mod/pages/actions/pages/edit.php index 6950d4b2f..a32e4a4ba 100644 --- a/mod/pages/actions/pages/edit.php +++ b/mod/pages/actions/pages/edit.php @@ -47,7 +47,19 @@ if ($page_guid) { } if (sizeof($input) > 0) { + // don't change access if not an owner/admin + $user = elgg_get_logged_in_user_entity(); + $can_change_access = true; + + if ($user && $page) { + $can_change_access = $user->isAdmin() || $user->getGUID() == $page->owner_guid; + } + foreach ($input as $name => $value) { + if (($name == 'access_id' || $name == 'write_access_id') && !$can_change_access) { + continue; + } + $page->$name = $value; } } @@ -74,6 +86,6 @@ if ($page->save()) { forward($page->getURL()); } else { - register_error(elgg_echo('pages:error:no_save')); + register_error(elgg_echo('pages:error:notsaved')); forward(REFERER); } diff --git a/mod/pages/lib/pages.php b/mod/pages/lib/pages.php index 5c5323d6f..dbf7b8917 100644 --- a/mod/pages/lib/pages.php +++ b/mod/pages/lib/pages.php @@ -111,4 +111,4 @@ function pages_register_navigation_tree($container) { } } } -} +}
\ No newline at end of file diff --git a/mod/pages/pages/pages/view.php b/mod/pages/pages/pages/view.php index 5dfb76b55..81477a8d4 100644 --- a/mod/pages/pages/pages/view.php +++ b/mod/pages/pages/pages/view.php @@ -32,7 +32,7 @@ elgg_push_breadcrumb($title); $content = elgg_view_entity($page, array('full_view' => true)); $content .= elgg_view_comments($page); -if (elgg_get_logged_in_user_guid() == $page->getOwnerGuid()) { +if (elgg_is_admin_logged_in() || elgg_get_logged_in_user_guid() == $page->getOwnerGuid()) { $url = "pages/add/$page->guid"; elgg_register_menu_item('title', array( 'name' => 'subpage', diff --git a/mod/pages/views/default/forms/pages/edit.php b/mod/pages/views/default/forms/pages/edit.php index 20737a121..9469f5eb9 100644 --- a/mod/pages/views/default/forms/pages/edit.php +++ b/mod/pages/views/default/forms/pages/edit.php @@ -6,7 +6,18 @@ */ $variables = elgg_get_config('pages'); +$user = elgg_get_logged_in_user_entity(); +$entity = elgg_extract('entity', $vars); +$can_change_access = true; +if ($user && $entity) { + $can_change_access = ($user->isAdmin() || $user->getGUID() == $entity->owner_guid); +} + foreach ($variables as $name => $type) { + // don't show read / write access inputs for non-owners or admin when editing + if (($type == 'access' || $type == 'write_access') && !$can_change_access) { + continue; + } ?> <div> <label><?php echo elgg_echo("pages:$name") ?></label> @@ -14,8 +25,8 @@ foreach ($variables as $name => $type) { if ($type != 'longtext') { echo '<br />'; } - ?> - <?php echo elgg_view("input/$type", array( + + echo elgg_view("input/$type", array( 'name' => $name, 'value' => $vars[$name], )); diff --git a/mod/pages/views/default/object/page_top.php b/mod/pages/views/default/object/page_top.php index e78289f28..945a22eed 100644 --- a/mod/pages/views/default/object/page_top.php +++ b/mod/pages/views/default/object/page_top.php @@ -45,7 +45,6 @@ $editor_link = elgg_view('output/url', array( $date = elgg_view_friendly_time($annotation->time_created); $editor_text = elgg_echo('pages:strapline', array($date, $editor_link)); -$tags = elgg_view('output/tags', array('tags' => $page->tags)); $categories = elgg_view('output/categories', $vars); $comments_count = $page->countComments(); @@ -82,7 +81,6 @@ if ($full) { 'entity' => $page, 'metadata' => $metadata, 'subtitle' => $subtitle, - 'tags' => $tags, ); $params = $params + $vars; $summary = elgg_view('object/elements/summary', $params); @@ -104,7 +102,6 @@ if ($full) { 'entity' => $page, 'metadata' => $metadata, 'subtitle' => $subtitle, - 'tags' => $tags, 'content' => $excerpt, ); $params = $params + $vars; diff --git a/mod/thewire/pages/thewire/owner.php b/mod/thewire/pages/thewire/owner.php index f544aa655..6246c1770 100644 --- a/mod/thewire/pages/thewire/owner.php +++ b/mod/thewire/pages/thewire/owner.php @@ -14,10 +14,12 @@ $title = elgg_echo('thewire:user', array($owner->name)); elgg_push_breadcrumb(elgg_echo('thewire'), "thewire/all"); elgg_push_breadcrumb($owner->name); +$context = ''; if (elgg_get_logged_in_user_guid() == $owner->guid) { $form_vars = array('class' => 'thewire-form'); $content = elgg_view_form('thewire/add', $form_vars); $content .= elgg_view('input/urlshortener'); + $context = 'mine'; } $content .= elgg_list_entities(array( @@ -28,7 +30,7 @@ $content .= elgg_list_entities(array( )); $body = elgg_view_layout('content', array( - 'filter_context' => 'mine', + 'filter_context' => $context, 'content' => $content, 'title' => $title, 'sidebar' => elgg_view('thewire/sidebar'), diff --git a/mod/thewire/start.php b/mod/thewire/start.php index ebfe29538..5d5786e2f 100644 --- a/mod/thewire/start.php +++ b/mod/thewire/start.php @@ -304,7 +304,7 @@ function thewire_save_post($text, $userid, $access_id, $parent_guid = 0, $method */ function thewire_send_response_notification($guid, $parent_guid, $user) { $parent_owner = get_entity($parent_guid)->getOwnerEntity(); - $user = get_loggedin_user(); + $user = elgg_get_logged_in_user_entity(); // check to make sure user is not responding to self if ($parent_owner->guid != $user->guid) { diff --git a/mod/twitter_api/actions/twitter_api/interstitial_settings.php b/mod/twitter_api/actions/twitter_api/interstitial_settings.php index 5f742efd8..880623973 100644 --- a/mod/twitter_api/actions/twitter_api/interstitial_settings.php +++ b/mod/twitter_api/actions/twitter_api/interstitial_settings.php @@ -6,8 +6,8 @@ elgg_make_sticky_form('twitter_api_interstitial'); $display_name = get_input('display_name'); $email = get_input('email'); -$password_1 = get_input('password_1'); -$password_2 = get_input('password_2'); +$password_1 = get_input('password_1', null, false); +$password_2 = get_input('password_2', null, false); if (!$display_name) { register_error(elgg_echo('twitter_api:interstitial:no_display_name')); diff --git a/mod/twitter_api/lib/twitter_api.php b/mod/twitter_api/lib/twitter_api.php index 355123992..fbce00d34 100644 --- a/mod/twitter_api/lib/twitter_api.php +++ b/mod/twitter_api/lib/twitter_api.php @@ -109,7 +109,7 @@ function twitter_api_login() { $user = twitter_api_create_user($twitter); $site_name = elgg_get_site_entity()->name; system_message(elgg_echo('twitter_api:login:email', array($site_name))); - $forward = "twitter_api/intersitial"; + $forward = "twitter_api/interstitial"; } // set twitter services tokens diff --git a/upgrade.php b/upgrade.php index 6f7126326..963523200 100644 --- a/upgrade.php +++ b/upgrade.php @@ -20,7 +20,8 @@ define('UPGRADING', 'upgrading'); require_once(dirname(__FILE__) . "/engine/start.php"); if (get_input('upgrade') == 'upgrade') { - // disable the core system log for upgrades to avoid exceptions when the schema changes. + // disable the system log for upgrades to avoid exceptions when the schema changes. + elgg_unregister_event_handler('log', 'systemlog', 'system_log_default_logger'); elgg_unregister_event_handler('all', 'all', 'system_log_listener'); if (elgg_get_unprocessed_upgrades()) { diff --git a/version.php b/version.php index dc6897c18..4f028bfd6 100644 --- a/version.php +++ b/version.php @@ -11,7 +11,7 @@ // YYYYMMDD = Elgg Date // XX = Interim incrementer -$version = 2012012100; +$version = 2012041801; // Human-friendly version name -$release = '1.8.3'; +$release = '1.8.5'; diff --git a/views/default/admin/statistics/server/php.php b/views/default/admin/statistics/server/php.php index 4a59b95fb..7c6a51383 100644 --- a/views/default/admin/statistics/server/php.php +++ b/views/default/admin/statistics/server/php.php @@ -8,6 +8,15 @@ if (!$php_log) { $php_log = elgg_echo('admin:server:error_log'); } +$post_max_size = elgg_get_ini_setting_in_bytes('post_max_size'); +$upload_max_filesize = elgg_get_ini_setting_in_bytes('upload_max_filesize'); + +$post_max_size_warning = ''; +if ($upload_max_filesize > $post_max_size) { + // @todo show a link to something like http://nigel.mcnie.name/blog/uploadmaxfilesizepostmaxsize-experimentation ? + $post_max_size_warning = elgg_echo('admin:server:warning:post_max_too_small'); +} + ?> <table class="elgg-table-alt"> <tr class="odd"> @@ -30,4 +39,12 @@ if (!$php_log) { <td><b><?php echo elgg_echo('admin:server:label:mem_used'); ?> :</b></td> <td><?php echo number_format(memory_get_peak_usage()); ?></td> </tr> + <tr class="even"> + <td><b><?php echo elgg_echo('admin:server:label:post_max_size'); ?> :</b></td> + <td><?php echo number_format($post_max_size); ?></td> + </tr> + <tr class="odd"> + <td><b><?php echo elgg_echo('admin:server:label:upload_max_filesize'); ?> :</b></td> + <td><?php echo number_format($upload_max_filesize) . ' ' . $post_max_size_warning; ?></td> + </tr> </table> diff --git a/views/default/core/avatar/upload.php b/views/default/core/avatar/upload.php index 29aa59c9c..6f9124192 100644 --- a/views/default/core/avatar/upload.php +++ b/views/default/core/avatar/upload.php @@ -12,12 +12,12 @@ $user_avatar = elgg_view('output/img', array( $current_label = elgg_echo('avatar:current'); -$revert_button = ''; +$remove_button = ''; if ($vars['entity']->icontime) { - $revert_button = elgg_view('output/url', array( - 'text' => elgg_echo('revert'), - 'title' => elgg_echo('avatar:revert'), - 'href' => 'action/avatar/revert?guid=' . elgg_get_page_owner_guid(), + $remove_button = elgg_view('output/url', array( + 'text' => elgg_echo('remove'), + 'title' => elgg_echo('avatar:remove'), + 'href' => 'action/avatar/remove?guid=' . elgg_get_page_owner_guid(), 'is_action' => true, 'class' => 'elgg-button elgg-button-cancel mll', )); @@ -39,7 +39,7 @@ $image = <<<HTML <label>$current_label</label><br /> $user_avatar </div> -$revert_button +$remove_button HTML; $body = <<<HTML diff --git a/views/default/core/river/filter.php b/views/default/core/river/filter.php index 87380b561..9b7fadaa8 100644 --- a/views/default/core/river/filter.php +++ b/views/default/core/river/filter.php @@ -34,17 +34,5 @@ if ($selector) { $params['value'] = $selector; } echo elgg_view('input/dropdown', $params); -?> -<?php //@todo JS 1.8: no ?> -<script type="text/javascript"> -elgg.register_hook_handler('init', 'system', function() { - $('#elgg-river-selector').change(function() { - var url = window.location.href; - if (window.location.search.length) { - url = url.substring(0, url.indexOf('?')); - } - url += '?' + $(this).val(); - elgg.forward(url); - }); -}); -</script> + +elgg_load_js('elgg.ui.river'); diff --git a/views/default/core/walled_garden/body.php b/views/default/core/walled_garden/body.php deleted file mode 100644 index 67d8e0c37..000000000 --- a/views/default/core/walled_garden/body.php +++ /dev/null @@ -1,11 +0,0 @@ -<?php -/** - * Walled garden body - */ - -echo elgg_view('core/walled_garden/login'); -echo elgg_view('core/walled_garden/lost_password'); - -if (elgg_get_config('allow_registration')) { - echo elgg_view('core/walled_garden/register'); -} diff --git a/views/default/core/walled_garden/login.php b/views/default/core/walled_garden/login.php index 0a8b4a908..42b79607d 100644 --- a/views/default/core/walled_garden/login.php +++ b/views/default/core/walled_garden/login.php @@ -14,7 +14,7 @@ $menu = elgg_view_menu('walled_garden', array( $login_box = elgg_view('core/account/login_box', array('module' => 'walledgarden-login')); -$content = <<<HTML +echo <<<HTML <div class="elgg-col elgg-col-1of2"> <div class="elgg-inner"> <h1 class="elgg-heading-walledgarden"> @@ -29,9 +29,3 @@ $content = <<<HTML </div> </div> HTML; - -echo elgg_view_module('walledgarden', '', $content, array( - 'class' => 'elgg-walledgarden-double', - 'header' => ' ', - 'footer' => ' ', -)); diff --git a/views/default/core/walled_garden/lost_password.php b/views/default/core/walled_garden/lost_password.php index ce75b558b..82f8caf50 100644 --- a/views/default/core/walled_garden/lost_password.php +++ b/views/default/core/walled_garden/lost_password.php @@ -5,15 +5,9 @@ $title = elgg_echo('user:password:lost'); $body = elgg_view_form('user/requestnewpassword'); -$lost = <<<HTML +echo <<<HTML <div class="elgg-inner"> <h3>$title</h3> $body </div> HTML; - -echo elgg_view_module('walledgarden', '', $lost, array( - 'class' => 'elgg-walledgarden-single elgg-walledgarden-password hidden', - 'header' => ' ', - 'footer' => ' ', -)); diff --git a/views/default/core/walled_garden/register.php b/views/default/core/walled_garden/register.php index 7f6aac99b..1ce2f8716 100644 --- a/views/default/core/walled_garden/register.php +++ b/views/default/core/walled_garden/register.php @@ -9,15 +9,9 @@ $body = elgg_view_form('register', array(), array( 'invitecode' => get_input('invitecode'), )); -$content = <<<__HTML +echo <<<__HTML <div class="elgg-inner"> <h2>$title</h2> $body </div> __HTML; - -echo elgg_view_module('walledgarden', '', $content, array( - 'class' => 'elgg-walledgarden-single elgg-walledgarden-register hidden', - 'header' => ' ', - 'footer' => ' ', -));
\ No newline at end of file diff --git a/views/default/css/walled_garden.php b/views/default/css/walled_garden.php index ea2543587..f6f7f97dc 100644 --- a/views/default/css/walled_garden.php +++ b/views/default/css/walled_garden.php @@ -54,8 +54,8 @@ $url = elgg_get_site_url(); padding: 0 8px; } -.elgg-walledgarden-single > .elgg-body > .elgg-inner { - padding: 0 8px; +.elgg-walledgarden-single > .elgg-body { + padding: 0 18px; } .elgg-module-walledgarden-login { @@ -68,7 +68,14 @@ $url = elgg_get_site_url(); } .elgg-heading-walledgarden { - color: #666666; margin-top: 60px; line-height: 1.1em; } + +h1, h2, h3, h4, h5, h6 { + color: #666; +} + +a { + color: #999; +}
\ No newline at end of file diff --git a/views/default/js/walled_garden.php b/views/default/js/walled_garden.php index 46c2934ff..13ec83c04 100644 --- a/views/default/js/walled_garden.php +++ b/views/default/js/walled_garden.php @@ -2,9 +2,10 @@ /** * Walled garden JavaScript * - * @todo update for new JS lib + * @since 1.8 */ +// note that this assumes the button view is not using single quotes $cancel_button = elgg_view('input/button', array( 'value' => elgg_echo('cancel'), 'class' => 'elgg-button-cancel mlm', @@ -13,28 +14,43 @@ $cancel_button = trim($cancel_button); ?> -$(document).ready(function() { +elgg.provide('elgg.walled_garden'); - // add cancel button to inline forms - $(".elgg-walledgarden-password").find('input.elgg-button-submit').after('<?php echo $cancel_button; ?>'); - $('.elgg-walledgarden-register').find('input.elgg-button-submit').after('<?php echo $cancel_button; ?>'); +elgg.walled_garden.init = function () { - $(".forgot_link").click(function(event) { - event.preventDefault(); - $(".elgg-walledgarden-password").fadeToggle(); - }); + $('.forgot_link').click(elgg.walled_garden.load('lost_password')); + $('.registration_link').click(elgg.walled_garden.load('register')); - $(".registration_link").click(function(event) { + $('input.elgg-button-cancel').live('click', function(event) { + if ($('.elgg-walledgarden-single').is(':visible')) { + $('.elgg-walledgarden-double').fadeToggle(); + $('.elgg-walledgarden-single').fadeToggle(); + $('.elgg-walledgarden-single').remove(); + } event.preventDefault(); - $(".elgg-walledgarden-register").fadeToggle(); }); +}; - $('input.elgg-button-cancel').click(function(event) { - if ($(".elgg-walledgarden-password").is(':visible')) { - $(".forgot_link").click(); - } else if ($('.elgg-walledgarden-register').is(':visible')) { - $(".registration_link").click(); - } +/** + * Creates a closure for loading walled garden content through ajax + * + * @param {String} view Name of the walled garden view + * @return {Object} + */ +elgg.walled_garden.load = function(view) { + return function(event) { + var id = '#elgg-walledgarden-' + view; + id = id.replace('_', '-'); + elgg.get('walled_garden/' + view, { + 'success' : function(data) { + $('.elgg-body-walledgarden').append(data); + $(id).find('input.elgg-button-submit').after('<?php echo $cancel_button; ?>'); + $('#elgg-walledgarden-login').fadeToggle(); + $(id).fadeToggle(); + }, + }); event.preventDefault(); - }); -});
\ No newline at end of file + }; +}; + +elgg.register_hook_handler('init', 'system', elgg.walled_garden.init);
\ No newline at end of file diff --git a/views/default/object/elements/summary.php b/views/default/object/elements/summary.php index 22db03f51..c0f3ad340 100644 --- a/views/default/object/elements/summary.php +++ b/views/default/object/elements/summary.php @@ -13,7 +13,7 @@ * @uses $vars['title'] Title link (optional) false = no title, '' = default * @uses $vars['metadata'] HTML for entity menu and metadata (optional) * @uses $vars['subtitle'] HTML for the subtitle (optional) - * @uses $vars['tags'] HTML for the tags (optional) + * @uses $vars['tags'] HTML for the tags (default is tags on entity, pass false for no tags) * @uses $vars['content'] HTML for the entity content (optional) */ @@ -39,7 +39,7 @@ $subtitle = elgg_extract('subtitle', $vars, ''); $content = elgg_extract('content', $vars, ''); $tags = elgg_extract('tags', $vars, ''); -if ($tags !== false) { +if ($tags === '') { $tags = elgg_view('output/tags', array('tags' => $entity->tags)); } diff --git a/views/default/object/plugin.php b/views/default/object/plugin.php index 2f64cfcc9..5c7138e96 100644 --- a/views/default/object/plugin.php +++ b/views/default/object/plugin.php @@ -7,6 +7,10 @@ * */ +if (!elgg_in_context('admin')) { + forward('/', 403); +} + $plugin = $vars['entity']; if (!$plugin->isValid()) { diff --git a/views/default/output/tagcloud.php b/views/default/output/tagcloud.php index 22b6cf49d..a212becd8 100644 --- a/views/default/output/tagcloud.php +++ b/views/default/output/tagcloud.php @@ -47,9 +47,15 @@ if (!empty($vars['tagcloud']) && is_array($vars['tagcloud'])) { if ($size < 100) { $size = 100; } - $url = elgg_get_site_url()."search?q=". urlencode($tag->tag) . "&search_type=tags$type$subtype"; - $url = elgg_format_url($url); - $cloud .= "<a href=\"$url\" style=\"font-size: $size%\" title=\"".addslashes($tag->tag)." ($tag->total)\">" . htmlspecialchars($tag->tag, ENT_QUOTES, 'UTF-8') . "</a>"; + $url = "search?q=". urlencode($tag->tag) . "&search_type=tags$type$subtype"; + + $cloud .= elgg_view('output/url', array( + 'text' => $tag->tag, + 'href' => $url, + 'style' => "font-size: $size%;", + 'title' => "$tag->tag ($tag->total)", + 'rel' => 'tag' + )); } $cloud .= elgg_view('tagcloud/extend'); diff --git a/views/default/page/elements/comments.php b/views/default/page/elements/comments.php index ebc7d3df5..cf9b5f08b 100644 --- a/views/default/page/elements/comments.php +++ b/views/default/page/elements/comments.php @@ -12,7 +12,7 @@ $show_add_form = elgg_extract('show_add_form', $vars, true); $id = ''; if (isset($vars['id'])) { - $id = "id =\"{$vars['id']}\""; + $id = "id=\"{$vars['id']}\""; } $class = 'elgg-comments'; diff --git a/views/default/page/layouts/walled_garden.php b/views/default/page/layouts/walled_garden.php new file mode 100644 index 000000000..6ecd941ef --- /dev/null +++ b/views/default/page/layouts/walled_garden.php @@ -0,0 +1,16 @@ +<?php +/** + * Walled Garden layout + * + * @uses $vars['content'] Main content + * @uses $vars['class'] CSS classes + * @uses $vars['id'] CSS id + */ + +$class = elgg_extract('class', $vars, 'elgg-walledgarden-single'); +echo elgg_view_module('walledgarden', '', $vars['content'], array( + 'class' => $class, + 'id' => elgg_extract('id', $vars, ''), + 'header' => ' ', + 'footer' => ' ', +)); diff --git a/views/default/river/elements/body.php b/views/default/river/elements/body.php index 6894b81e2..2cd7f2289 100644 --- a/views/default/river/elements/body.php +++ b/views/default/river/elements/body.php @@ -18,7 +18,7 @@ $menu = elgg_view_menu('river', array( )); // river item header -$timestamp = elgg_get_friendly_time($item->getPostedTime()); +$timestamp = elgg_view_friendly_time($item->getPostedTime()); $summary = elgg_extract('summary', $vars, elgg_view('river/elements/summary', array('item' => $vars['item']))); if ($summary === false) { diff --git a/views/default/river/elements/summary.php b/views/default/river/elements/summary.php index 84941131f..4402c6f65 100644 --- a/views/default/river/elements/summary.php +++ b/views/default/river/elements/summary.php @@ -40,5 +40,14 @@ if ($container instanceof ElggGroup) { $group_string = elgg_echo('river:ingroup', array($group_link)); } +// check summary translation keys. +// will use the $type:$subtype if that's defined, otherwise just uses $type +$key = "river:$action:$type:$subtype"; +$summary = elgg_echo($key, array($subject_link, $object_link)); + +if ($summary == $key) { + $key = "river:$action:$type"; + $summary = elgg_echo($key, array($subject_link, $object_link)); +} -echo elgg_echo("river:$action:$type:$subtype", array($subject_link, $object_link));
\ No newline at end of file +echo $summary;
\ No newline at end of file |