diff options
66 files changed, 554 insertions, 206 deletions
diff --git a/.gitignore b/.gitignore index edfede73b..c0bba2c6c 100644 --- a/.gitignore +++ b/.gitignore @@ -1,9 +1,9 @@ +# ignore Elgg configuration /engine/settings.php /.htaccess -/.buildpath -/.settings -/.project /mod/* + +# don't ignore bundled plugins !/mod/blog/ !/mod/bookmarks/ !/mod/categories/ @@ -38,3 +38,17 @@ !/mod/uservalidationbyemail/ !/mod/zaudio/ +# ignore IDE/hidden/OS cache files +.* +*~ +/nbproject +/nb-configuration.xml +Session.vim +*.tmproj +*.tmproject +tmtags +Thumbs.db +Desktop.ini + +# don't ignore travis config +!/.travis.yml diff --git a/CHANGES.txt b/CHANGES.txt index 11060aa2d..870c4f57d 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,3 +1,32 @@ +Version 1.8.5 +(May 17, 2012 from https://github.com/Elgg/Elgg/tree/1.8) + + Contributing Developers: + * Brett Profitt + * Evan Winslow + * Sem + * Steve Clay + * Jeroen Dalsem + * Jerome Bakker + + Security Enhancements: + * Fixed possible XSS vulnerability if using a crafted URL. + * Fixed exploit to bypass new user validation if using a crafted form. + * Fixed incorrect caching of access lists that could allow plugins + to show private entities to non-admin and non-owning users. (Non-exploitable) + + Bugfixes: + * Twitter API: New users are forwarded to the correct page after creating + an account with Twitter. + * Files: PDF files are downloaded as "inline" to display in the browser. + * Fixed possible duplication errors when writing metadata with multiple values. + * Fixed possible upgrade issue if using a plugin uses the system_log hooks. + * Fixed problems when enabling more than 50 metadata or annotations. + + API: + * River entries' timestamps use elgg_view_friendly_time() and can be + overridden with the friendly time output view. + Version 1.8.4 (April 24, 2012 from https://github.com/Elgg/Elgg/tree/1.8) diff --git a/_graphics/ajax_loader.gif b/_graphics/ajax_loader.gif Binary files differindex 5a9af96d2..b55e148bb 100644 --- a/_graphics/ajax_loader.gif +++ b/_graphics/ajax_loader.gif diff --git a/_graphics/ajax_loader_bw.gif b/_graphics/ajax_loader_bw.gif Binary files differindex 95bad9128..e195e1fd8 100644 --- a/_graphics/ajax_loader_bw.gif +++ b/_graphics/ajax_loader_bw.gif diff --git a/actions/avatar/remove.php b/actions/avatar/remove.php new file mode 100644 index 000000000..cd38e456a --- /dev/null +++ b/actions/avatar/remove.php @@ -0,0 +1,34 @@ +<?php +/** + * Avatar remove action + */ + +$guid = get_input('guid'); +$user = get_entity($guid); +if ($user) { + // Delete all icons from diskspace + $icon_sizes = elgg_get_config('icon_sizes'); + foreach ($icon_sizes as $name => $size_info) { + $file = new ElggFile(); + $file->owner_guid = $guid; + $file->setFilename("profile/{$guid}{$name}.jpg"); + $filepath = $file->getFilenameOnFilestore(); + if (!$file->delete()) { + elgg_log("Avatar file remove failed. Remove $filepath manually, please.", 'WARNING'); + } + } + + // Remove crop coords + unset($user->x1); + unset($user->x2); + unset($user->y1); + unset($user->y2); + + // Remove icon + unset($user->icontime); + system_message(elgg_echo('avatar:remove:success')); +} else { + register_error(elgg_echo('avatar:remove:fail')); +} + +forward(REFERER); diff --git a/actions/avatar/revert.php b/actions/avatar/revert.php deleted file mode 100644 index 8cff40a68..000000000 --- a/actions/avatar/revert.php +++ /dev/null @@ -1,15 +0,0 @@ -<?php -/** - * Avatar revert action - */ - -$guid = get_input('guid'); -$user = get_entity($guid); -if ($user) { - unset($user->icontime); - system_message(elgg_echo('avatar:revert:success')); -} else { - register_error(elgg_echo('avatar:revert:fail')); -} - -forward(REFERER); diff --git a/actions/comments/delete.php b/actions/comments/delete.php index f8458a152..f2c058ff4 100644 --- a/actions/comments/delete.php +++ b/actions/comments/delete.php @@ -12,19 +12,12 @@ if (!elgg_is_logged_in()) { // Make sure we can get the comment in question $annotation_id = (int) get_input('annotation_id'); -if ($comment = elgg_get_annotation_from_id($annotation_id)) { - - $entity = get_entity($comment->entity_guid); - - if ($comment->canEdit()) { - $comment->delete(); - system_message(elgg_echo("generic_comment:deleted")); - forward($entity->getURL()); - } - +$comment = elgg_get_annotation_from_id($annotation_id); +if ($comment && $comment->canEdit()) { + $comment->delete(); + system_message(elgg_echo("generic_comment:deleted")); } else { - $url = ""; + register_error(elgg_echo("generic_comment:notdeleted")); } -register_error(elgg_echo("generic_comment:notdeleted")); forward(REFERER);
\ No newline at end of file diff --git a/engine/classes/ElggBatch.php b/engine/classes/ElggBatch.php index 0cb13eb32..c1a77a0d9 100644 --- a/engine/classes/ElggBatch.php +++ b/engine/classes/ElggBatch.php @@ -16,7 +16,7 @@ * * Results from the callback are stored in callbackResult. If the callback * returns only booleans, callbackResults will be the combined result of - * all calls. + * all calls. If no entities are processed, callbackResults will be null. * * If the callback returns anything else, callbackresult will be an indexed * array of whatever the callback returns. If returning error handling diff --git a/engine/classes/ElggEntity.php b/engine/classes/ElggEntity.php index dc38dafbe..77c2bbf4d 100644 --- a/engine/classes/ElggEntity.php +++ b/engine/classes/ElggEntity.php @@ -24,7 +24,6 @@ * * @package Elgg.Core * @subpackage DataModel.Entities - * @link http://docs.elgg.org/DataModel/ElggEntity * * @property string $type object, user, group, or site (read-only after save) * @property string $subtype Further clarifies the nature of the entity (read-only after save) @@ -201,8 +200,11 @@ abstract class ElggEntity extends ElggData implements /** * Sets the value of a property. * - * If $name is defined in $this->attributes that value is set, otherwise it will - * set the appropriate item of metadata. + * If $name is defined in $this->attributes that value is set, otherwise it is + * saved as metadata. + * + * @warning Metadata set this way will inherit the entity's owner and access ID. If you want + * to set metadata with a different owner, use create_metadata(). * * @warning It is important that your class populates $this->attributes with keys * for all base attributes, anything not in their gets set as METADATA. @@ -248,7 +250,12 @@ abstract class ElggEntity extends ElggData implements public function getMetaData($name) { if ((int) ($this->guid) == 0) { if (isset($this->temp_metadata[$name])) { - return $this->temp_metadata[$name]; + // md is returned as an array only if more than 1 entry + if (count($this->temp_metadata[$name]) == 1) { + return $this->temp_metadata[$name][0]; + } else { + return $this->temp_metadata[$name]; + } } else { return null; } @@ -291,80 +298,78 @@ abstract class ElggEntity extends ElggData implements /** * Set a piece of metadata. * - * @tip Plugin authors should use the magic methods. + * Plugin authors should use the magic methods or create_metadata(). + * + * @warning The metadata will inherit the parent entity's owner and access ID. + * If you want to write metadata with a different owner, use create_metadata(). * * @access private * * @param string $name Name of the metadata - * @param mixed $value Value of the metadata + * @param mixed $value Value of the metadata (doesn't support assoc arrays) * @param string $value_type Types supported: integer and string. Will auto-identify if not set * @param bool $multiple Allow multiple values for a single name (doesn't support assoc arrays) * * @return bool */ - public function setMetaData($name, $value, $value_type = "", $multiple = false) { - $delete_first = false; - // if multiple is set that always means don't delete. - // if multiple isn't set it means override. set it to true on arrays for the foreach. - if (!$multiple) { - $delete_first = true; - $multiple = is_array($value); - } - - if (!$this->guid) { - // real metadata only returns as an array if there are multiple elements - if (is_array($value) && count($value) == 1) { - $value = $value[0]; - } + public function setMetaData($name, $value, $value_type = null, $multiple = false) { - $value_is_array = is_array($value); - - if (!isset($this->temp_metadata[$name]) || $delete_first) { - // need to remove the indexes because real metadata doesn't have them. - if ($value_is_array) { - $this->temp_metadata[$name] = array_values($value); - } else { - $this->temp_metadata[$name] = $value; - } - } else { - // multiple is always true at this point. - // if we're setting multiple and temp isn't array, it needs to be. - if (!is_array($this->temp_metadata[$name])) { - $this->temp_metadata[$name] = array($this->temp_metadata[$name]); - } - - if ($value_is_array) { - $this->temp_metadata[$name] = array_merge($this->temp_metadata[$name], array_values($value)); - } else { - $this->temp_metadata[$name][] = $value; - } - } + // normalize value to an array that we will loop over + // remove indexes if value already an array. + if (is_array($value)) { + $value = array_values($value); } else { - if ($delete_first) { + $value = array($value); + } + + // saved entity. persist md to db. + if ($this->guid) { + // if overwriting, delete first. + if (!$multiple) { $options = array( 'guid' => $this->getGUID(), 'metadata_name' => $name, 'limit' => 0 ); - // @todo this doesn't check if it exists so we can't handle failed deletes - // is it worth the overhead of more SQL calls to check? - elgg_delete_metadata($options); - } - // save into real metadata - if (!is_array($value)) { - $value = array($value); + // @todo in 1.9 make this return false if can't add metadata + // http://trac.elgg.org/ticket/4520 + // + // need to remove access restrictions right now to delete + // because this is the expected behavior + $ia = elgg_set_ignore_access(true); + if (false === elgg_delete_metadata($options)) { + return false; + } + elgg_set_ignore_access($ia); } - foreach ($value as $v) { - $result = create_metadata($this->getGUID(), $name, $v, $value_type, - $this->getOwnerGUID(), $this->getAccessId(), $multiple); - if (!$result) { + // add new md + $result = true; + foreach ($value as $value_tmp) { + // at this point $value should be appended because it was cleared above if needed. + $md_id = create_metadata($this->getGUID(), $name, $value_tmp, $value_type, + $this->getOwnerGUID(), $this->getAccessId(), true); + if (!$md_id) { return false; } } + + return $result; } - return true; + // unsaved entity. store in temp array + // returning single entries instead of an array of 1 element is decided in + // getMetaData(), just like pulling from the db. + else { + // if overwrite, delete first + if (!$multiple || !isset($this->temp_metadata[$name])) { + $this->temp_metadata[$name] = array(); + } + + // add new md + $this->temp_metadata[$name] = array_merge($this->temp_metadata[$name], $value); + return true; + } } /** @@ -575,7 +580,6 @@ abstract class ElggEntity extends ElggData implements * @param mixed $value Value of private setting * * @return bool - * @link http://docs.elgg.org/DataModel/Entities/PrivateSettings */ function setPrivateSetting($name, $value) { if ((int) $this->guid > 0) { @@ -734,8 +738,6 @@ abstract class ElggEntity extends ElggData implements * @param string $vartype The type of annotation value * * @return bool - * - * @link http://docs.elgg.org/DataModel/Annotations */ function annotate($name, $value, $access_id = ACCESS_PRIVATE, $owner_id = 0, $vartype = "") { if ((int) $this->guid > 0) { diff --git a/engine/classes/ElggPlugin.php b/engine/classes/ElggPlugin.php index 33f14ae37..8c9093834 100644 --- a/engine/classes/ElggPlugin.php +++ b/engine/classes/ElggPlugin.php @@ -79,6 +79,68 @@ class ElggPlugin extends ElggObject { } /** + * Overridden from ElggEntity and ElggObject::load(). Core always inits plugins with + * a query joined to the objects_entity table, so all the info is there. + * + * @param mixed $guid GUID of an ElggObject or the stdClass object from entities table + * + * @return bool + * @throws InvalidClassException + */ + protected function load($guid) { + + $expected_attributes = $this->attributes; + unset($expected_attributes['tables_split']); + unset($expected_attributes['tables_loaded']); + + // this was loaded with a full join + $needs_loaded = false; + + if ($guid instanceof stdClass) { + $row = (array) $guid; + $missing_attributes = array_diff_key($expected_attributes, $row); + if ($missing_attributes) { + $needs_loaded = true; + $old_guid = $guid; + $guid = $row['guid']; + } else { + $this->attributes = $row; + } + } else { + $needs_loaded = true; + } + + if ($needs_loaded) { + $entity = (array) get_entity_as_row($guid); + $object = (array) get_object_entity_as_row($guid); + + if (!$entity || !$object) { + return false; + } + + $this->attributes = array_merge($this->attributes, $entity, $object); + } + + $this->attributes['tables_loaded'] = 2; + + // Check the type + if ($this->attributes['type'] != 'object') { + $msg = elgg_echo('InvalidClassException:NotValidElggStar', array($guid, get_class())); + throw new InvalidClassException($msg); + } + + // guid needs to be an int http://trac.elgg.org/ticket/4111 + $this->attributes['guid'] = (int)$this->attributes['guid']; + + // cache the entity + if ($this->attributes['guid']) { + cache_entity($this); + } + + return true; + } + + /** * Save the plugin object. Make sure required values exist. * * @see ElggObject::save() diff --git a/engine/lib/access.php b/engine/lib/access.php index 6be252c6a..e8b3b0d52 100644 --- a/engine/lib/access.php +++ b/engine/lib/access.php @@ -31,7 +31,7 @@ function get_access_list($user_id = 0, $site_id = 0, $flush = false) { global $CONFIG, $init_finished; static $access_list; - if (!isset($access_list) || !$init_finished) { + if (!isset($access_list)) { $access_list = array(); } @@ -49,9 +49,16 @@ function get_access_list($user_id = 0, $site_id = 0, $flush = false) { return $access_list[$user_id]; } - $access_list[$user_id] = "(" . implode(",", get_access_array($user_id, $site_id, $flush)) . ")"; + $access = "(" . implode(",", get_access_array($user_id, $site_id, $flush)) . ")"; - return $access_list[$user_id]; + // only cache if done with init and access is enabled (unless admin user) + // session is loaded before init is finished, so don't need to check for user session + if ($init_finished && (elgg_is_admin_logged_in() || !elgg_get_ignore_access())) { + $access_list[$user_id] = $access; + return $access_list[$user_id]; + } else { + return $access; + } } /** @@ -83,7 +90,7 @@ function get_access_array($user_id = 0, $site_id = 0, $flush = false) { // this cache might be redundant. But db cache is flushed on every db write. static $access_array; - if (!isset($access_array) || (!isset($init_finished)) || (!$init_finished)) { + if (!isset($access_array)) { $access_array = array(); } @@ -137,12 +144,12 @@ function get_access_array($user_id = 0, $site_id = 0, $flush = false) { $tmp_access_array[] = ACCESS_PRIVATE; } - $access_array[$user_id] = $tmp_access_array; - } else { - // No user id logged in so we can only access public info - $tmp_return = $tmp_access_array; + // only cache if done with init and access is enabled (unless admin user) + // session is loaded before init is finished, so don't need to check for user session + if ($init_finished && (elgg_is_admin_logged_in() || !elgg_get_ignore_access())) { + $access_array[$user_id] = $tmp_access_array; + } } - } else { $tmp_access_array = $access_array[$user_id]; } @@ -946,7 +953,8 @@ function elgg_get_access_object() { * * @global bool $init_finished * @access private - * @todo investigate why this is needed + * @todo This is required to tell the access system to start caching because + * calls are made while in ignore access mode and before the user is logged in. */ $init_finished = false; @@ -1014,8 +1022,9 @@ function access_test($hook, $type, $value, $params) { return $value; } -// This function will let us know when 'init' has finished -elgg_register_event_handler('init', 'system', 'access_init', 9999); +// Tell the access functions the system has booted, plugins are loaded, +// and the user is logged in so it can start caching +elgg_register_event_handler('ready', 'system', 'access_init'); // For overrided permissions elgg_register_plugin_hook_handler('permissions_check', 'all', 'elgg_override_permissions'); diff --git a/engine/lib/actions.php b/engine/lib/actions.php index c6613e6d6..3a7c02488 100644 --- a/engine/lib/actions.php +++ b/engine/lib/actions.php @@ -273,8 +273,19 @@ function validate_action_token($visibleerrors = TRUE, $token = NULL, $ts = NULL) } else if ($visibleerrors) { register_error(elgg_echo('actiongatekeeper:tokeninvalid')); } - } else if ($visibleerrors) { - register_error(elgg_echo('actiongatekeeper:missingfields')); + } else { + if (! empty($_SERVER['CONTENT_LENGTH']) && empty($_POST)) { + // The size of $_POST or uploaded file has exceed the size limit + $error_msg = elgg_trigger_plugin_hook('action_gatekeeper:upload_exceeded_msg', 'all', array( + 'post_size' => $_SERVER['CONTENT_LENGTH'], + 'visible_errors' => $visibleerrors, + ), elgg_echo('actiongatekeeper:uploadexceeded')); + } else { + $error_msg = elgg_echo('actiongatekeeper:missingfields'); + } + if ($visibleerrors) { + register_error($error_msg); + } } return FALSE; diff --git a/engine/lib/admin.php b/engine/lib/admin.php index 928101fc5..1528d97c5 100644 --- a/engine/lib/admin.php +++ b/engine/lib/admin.php @@ -244,6 +244,7 @@ function admin_init() { elgg_register_action('profile/fields/delete', '', 'admin'); elgg_register_action('profile/fields/reorder', '', 'admin'); + elgg_register_simplecache_view('css/admin'); elgg_register_simplecache_view('js/admin'); $url = elgg_get_simplecache_url('js', 'admin'); elgg_register_js('elgg.admin', $url); diff --git a/engine/lib/annotations.php b/engine/lib/annotations.php index f32dee0f0..2036ccd61 100644 --- a/engine/lib/annotations.php +++ b/engine/lib/annotations.php @@ -95,8 +95,6 @@ $owner_guid = 0, $access_id = ACCESS_PRIVATE) { $entity = get_entity($entity_guid); if (elgg_trigger_event('annotate', $entity->type, $entity)) { - system_log($entity, 'annotate'); - // If ok then add it $result = insert_data("INSERT into {$CONFIG->dbprefix}annotations (entity_guid, name_id, value_id, value_type, owner_guid, time_created, access_id) VALUES @@ -222,7 +220,7 @@ function elgg_delete_annotations(array $options) { } $options['metastring_type'] = 'annotations'; - return elgg_batch_metastring_based_objects($options, 'elgg_batch_delete_callback'); + return elgg_batch_metastring_based_objects($options, 'elgg_batch_delete_callback', false); } /** @@ -240,7 +238,7 @@ function elgg_disable_annotations(array $options) { } $options['metastring_type'] = 'annotations'; - return elgg_batch_metastring_based_objects($options, 'elgg_batch_disable_callback'); + return elgg_batch_metastring_based_objects($options, 'elgg_batch_disable_callback', false); } /** diff --git a/engine/lib/elgglib.php b/engine/lib/elgglib.php index b55958a6c..db1464bd8 100644 --- a/engine/lib/elgglib.php +++ b/engine/lib/elgglib.php @@ -1053,12 +1053,14 @@ function _elgg_php_exception_handler($exception) { * * @return true * @access private + * @todo Replace error_log calls with elgg_log calls. */ function _elgg_php_error_handler($errno, $errmsg, $filename, $linenum, $vars) { $error = date("Y-m-d H:i:s (T)") . ": \"$errmsg\" in file $filename (line $linenum)"; switch ($errno) { case E_USER_ERROR: + case E_RECOVERABLE_ERROR: // (e.g. type hint violation) error_log("PHP ERROR: $error"); register_error("ERROR: $error"); @@ -1092,8 +1094,8 @@ function _elgg_php_error_handler($errno, $errmsg, $filename, $linenum, $vars) { * * @note No messages will be displayed unless debugging has been enabled. * - * @param str $message User message - * @param str $level NOTICE | WARNING | ERROR | DEBUG + * @param string $message User message + * @param string $level NOTICE | WARNING | ERROR | DEBUG * * @return bool * @since 1.7.0 @@ -2137,6 +2139,7 @@ function elgg_init() { elgg_register_js('jquery.easing', 'vendors/jquery/jquery.easing.1.3.packed.js'); elgg_register_js('elgg.avatar_cropper', 'js/lib/ui.avatar_cropper.js'); elgg_register_js('jquery.imgareaselect', 'vendors/jquery/jquery.imgareaselect-0.9.8/scripts/jquery.imgareaselect.min.js'); + elgg_register_js('elgg.ui.river', 'js/lib/ui.river.js'); elgg_register_css('jquery.imgareaselect', 'vendors/jquery/jquery.imgareaselect-0.9.8/css/imgareaselect-deprecated.css'); diff --git a/engine/lib/entities.php b/engine/lib/entities.php index 4875b2c2f..c06e7fb99 100644 --- a/engine/lib/entities.php +++ b/engine/lib/entities.php @@ -1452,6 +1452,7 @@ function enable_entity($guid, $recursive = true) { 'relationship' => 'disabled_with', 'relationship_guid' => $entity->guid, 'inverse_relationship' => true, + 'limit' => 0, )); foreach ($disabled_with_it as $e) { diff --git a/engine/lib/extender.php b/engine/lib/extender.php index ffd3c1357..43421342c 100644 --- a/engine/lib/extender.php +++ b/engine/lib/extender.php @@ -105,6 +105,7 @@ function import_extender_plugin_hook($hook, $entity_type, $returnvalue, $params) // Save if (!$entity->save()) { + $attr_name = $element->getAttribute('name'); $msg = elgg_echo('ImportException:ProblemUpdatingMeta', array($attr_name, $entity_uuid)); throw new ImportException($msg); } @@ -120,7 +121,7 @@ function import_extender_plugin_hook($hook, $entity_type, $returnvalue, $params) * @param string $type 'metadata' or 'annotation' * @param int $user_guid The GUID of the user * - * @return true|false + * @return bool */ function can_edit_extender($extender_id, $type, $user_guid = 0) { if (!elgg_is_logged_in()) { @@ -155,7 +156,7 @@ function can_edit_extender($extender_id, $type, $user_guid = 0) { } // Trigger plugin hooks - $params = array('entity' => $entity, 'user' => $user); + $params = array('entity' => $extender->getEntity(), 'user' => $user); return elgg_trigger_plugin_hook('permissions_check', $type, $params, false); } diff --git a/engine/lib/languages.php b/engine/lib/languages.php index bf6829a39..7a508d298 100644 --- a/engine/lib/languages.php +++ b/engine/lib/languages.php @@ -344,7 +344,7 @@ function get_missing_language_keys($language) { */ function elgg_languages_init() { $lang = get_current_language(); - elgg_register_simplecache_view("cache/js/languages/$lang"); + elgg_register_simplecache_view("js/languages/$lang"); } elgg_register_event_handler('init', 'system', 'elgg_languages_init'); diff --git a/engine/lib/metadata.php b/engine/lib/metadata.php index 34a36d86e..0ff3a43dc 100644 --- a/engine/lib/metadata.php +++ b/engine/lib/metadata.php @@ -297,6 +297,8 @@ function elgg_get_metadata(array $options = array()) { * This requires at least one constraint: metadata_owner_guid(s), * metadata_name(s), metadata_value(s), or guid(s) must be set. * + * @warning This returns null on no ops. + * * @param array $options An options array. {@see elgg_get_metadata()} * @return mixed Null if the metadata name is invalid. Bool on success or fail. * @since 1.8.0 @@ -307,8 +309,7 @@ function elgg_delete_metadata(array $options) { } $options['metastring_type'] = 'metadata'; - $result = elgg_batch_metastring_based_objects($options, 'elgg_batch_delete_callback'); - return $result; + return elgg_batch_metastring_based_objects($options, 'elgg_batch_delete_callback', false); } /** @@ -316,6 +317,8 @@ function elgg_delete_metadata(array $options) { * * @warning Unlike elgg_get_metadata() this will not accept an empty options array! * + * @warning This returns null on no ops. + * * @param array $options An options array. {@See elgg_get_metadata()} * @return mixed * @since 1.8.0 @@ -326,7 +329,7 @@ function elgg_disable_metadata(array $options) { } $options['metastring_type'] = 'metadata'; - return elgg_batch_metastring_based_objects($options, 'elgg_batch_disable_callback'); + return elgg_batch_metastring_based_objects($options, 'elgg_batch_disable_callback', false); } /** @@ -334,6 +337,8 @@ function elgg_disable_metadata(array $options) { * * @warning Unlike elgg_get_metadata() this will not accept an empty options array! * + * @warning This returns null on no ops. + * * @param array $options An options array. {@See elgg_get_metadata()} * @return mixed * @since 1.8.0 diff --git a/engine/lib/metastrings.php b/engine/lib/metastrings.php index d7cc4e0bc..cf6dd4d98 100644 --- a/engine/lib/metastrings.php +++ b/engine/lib/metastrings.php @@ -716,22 +716,23 @@ function elgg_set_metastring_based_object_enabled_by_id($id, $enabled, $type) { * @warning Unlike elgg_get_metastring_based_objects() this will not accept an * empty options array! * - * @param array $options An options array. {@See elgg_get_metastring_based_objects()} - * @param string $callback The callback to pass each result through - * @return mixed + * @warning This returns null on no ops. + * + * @param array $options An options array. {@See elgg_get_metastring_based_objects()} + * @param string $callback The callback to pass each result through + * @param bool $inc_offset Increment the offset? Pass false for callbacks that delete / disable + * + * @return bool|null true on success, false on failure, null if no objects are found. * @since 1.8.0 * @access private */ -function elgg_batch_metastring_based_objects(array $options, $callback) { +function elgg_batch_metastring_based_objects(array $options, $callback, $inc_offset = true) { if (!$options || !is_array($options)) { return false; } - // @todo restore once ElggBatch supports callbacks that delete rows. - $batch = new ElggBatch('elgg_get_metastring_based_objects', $options, $callback, 50, false); - $r = $batch->callbackResult; - - return $r; + $batch = new ElggBatch('elgg_get_metastring_based_objects', $options, $callback, 50, $inc_offset); + return $batch->callbackResult; } /** diff --git a/engine/lib/navigation.php b/engine/lib/navigation.php index a7984ce5a..4ff009bfb 100644 --- a/engine/lib/navigation.php +++ b/engine/lib/navigation.php @@ -230,7 +230,7 @@ function elgg_pop_breadcrumb() { global $CONFIG; if (is_array($CONFIG->breadcrumbs)) { - array_pop($CONFIG->breadcrumbs); + return array_pop($CONFIG->breadcrumbs); } return FALSE; diff --git a/engine/lib/plugins.php b/engine/lib/plugins.php index 123fb18d8..39a76db5d 100644 --- a/engine/lib/plugins.php +++ b/engine/lib/plugins.php @@ -93,10 +93,13 @@ function elgg_get_plugin_ids_in_dir($dir = null) { function elgg_generate_plugin_entities() { $site = get_config('site'); $dir = elgg_get_plugins_path(); + $db_prefix = elgg_get_config('dbprefix'); $options = array( 'type' => 'object', 'subtype' => 'plugin', + 'selects' => array('plugin_oe.*'), + 'joins' => array("JOIN {$db_prefix}objects_entity plugin_oe on plugin_oe.guid = e.guid"), 'limit' => ELGG_ENTITIES_NO_VALUE ); @@ -352,7 +355,11 @@ function elgg_get_plugins($status = 'active', $site_guid = null) { 'type' => 'object', 'subtype' => 'plugin', 'limit' => ELGG_ENTITIES_NO_VALUE, - 'joins' => array("JOIN {$db_prefix}private_settings ps on ps.entity_guid = e.guid"), + 'selects' => array('plugin_oe.*'), + 'joins' => array( + "JOIN {$db_prefix}private_settings ps on ps.entity_guid = e.guid", + "JOIN {$db_prefix}objects_entity plugin_oe on plugin_oe.guid = e.guid" + ), 'wheres' => array("ps.name = '$priority'"), 'order_by' => "CAST(ps.value as unsigned), e.guid" ); diff --git a/engine/lib/river.php b/engine/lib/river.php index 547d9495e..711832f70 100644 --- a/engine/lib/river.php +++ b/engine/lib/river.php @@ -55,7 +55,7 @@ $posted = 0, $annotation_id = 0) { $posted = sanitise_int($posted); $annotation_id = sanitise_int($annotation_id); - $params = array( + $values = array( 'type' => $type, 'subtype' => $subtype, 'action_type' => $action_type, @@ -68,13 +68,13 @@ $posted = 0, $annotation_id = 0) { ); // return false to stop insert - $params = elgg_trigger_plugin_hook('creating', 'river', null, $params); - if ($params == false) { + $values = elgg_trigger_plugin_hook('creating', 'river', null, $values); + if ($values == false) { // inserting did not fail - it was just prevented return true; } - extract($params); + extract($values); // Attempt to save river item; return success status $id = insert_data("insert into {$CONFIG->dbprefix}river " . diff --git a/engine/lib/users.php b/engine/lib/users.php index 6a881777e..241b524f9 100644 --- a/engine/lib/users.php +++ b/engine/lib/users.php @@ -810,6 +810,12 @@ function validate_username($username) { $msg = elgg_echo('registration:usernametooshort', array($CONFIG->minusername)); throw new RegistrationException($msg); } + + // username in the database has a limit of 128 characters + if (strlen($username) > 128) { + $msg = elgg_echo('registration:usernametoolong', array(128)); + throw new RegistrationException($msg); + } // Blacklist for bad characters (partially nicked from mediawiki) $blacklist = '/[' . @@ -1551,12 +1557,12 @@ function users_init() { elgg_register_plugin_hook_handler('register', 'menu:user_hover', 'elgg_user_hover_menu'); elgg_register_action('register', '', 'public'); - elgg_register_action('useradd', '', 'public'); + elgg_register_action('useradd', '', 'admin'); elgg_register_action('friends/add'); elgg_register_action('friends/remove'); elgg_register_action('avatar/upload'); elgg_register_action('avatar/crop'); - elgg_register_action('avatar/revert'); + elgg_register_action('avatar/remove'); elgg_register_action('profile/edit'); elgg_register_action('friends/collections/add'); diff --git a/engine/lib/views.php b/engine/lib/views.php index ca0ce7196..1b013be6f 100644 --- a/engine/lib/views.php +++ b/engine/lib/views.php @@ -103,7 +103,10 @@ function elgg_get_viewtype() { $viewtype = get_input('view', NULL); if ($viewtype) { - return $viewtype; + // only word characters allowed. + if (!preg_match('[\W]', $viewtype)) { + return $viewtype; + } } if (isset($CONFIG->view) && !empty($CONFIG->view)) { diff --git a/engine/tests/api/metadata.php b/engine/tests/api/metadata.php index be8ac269c..2461e975e 100644 --- a/engine/tests/api/metadata.php +++ b/engine/tests/api/metadata.php @@ -124,6 +124,80 @@ class ElggCoreMetadataAPITest extends ElggCoreUnitTest { $e->delete(); } + // Make sure metadata with multiple values is correctly deleted when re-written + // by another user + // http://trac.elgg.org/ticket/2776 + public function test_elgg_metadata_multiple_values() { + $u1 = new ElggUser(); + $u1->username = rand(); + $u1->save(); + + $u2 = new ElggUser(); + $u2->username = rand(); + $u2->save(); + + $obj = new ElggObject(); + $obj->owner_guid = $u1->guid; + $obj->container_guid = $u1->guid; + $obj->access_id = ACCESS_PUBLIC; + $obj->save(); + + $md_values = array( + 'one', + 'two', + 'three' + ); + + // need to fake different logins. + // good times without mocking. + $original_user = elgg_get_logged_in_user_entity(); + $_SESSION['user'] = $u1; + + elgg_set_ignore_access(false); + + // add metadata as one user + $obj->test = $md_values; + + // check only these md exists + $db_prefix = elgg_get_config('dbprefix'); + $q = "SELECT * FROM {$db_prefix}metadata WHERE entity_guid = $obj->guid"; + $data = get_data($q); + + $this->assertEqual(count($md_values), count($data)); + foreach ($data as $md_row) { + $md = elgg_get_metadata_from_id($md_row->id); + $this->assertTrue(in_array($md->value, $md_values)); + $this->assertEqual('test', $md->name); + } + + // add md w/ same name as a different user + $_SESSION['user'] = $u2; + $md_values2 = array( + 'four', + 'five', + 'six', + 'seven' + ); + + $obj->test = $md_values2; + + $q = "SELECT * FROM {$db_prefix}metadata WHERE entity_guid = $obj->guid"; + $data = get_data($q); + + $this->assertEqual(count($md_values2), count($data)); + foreach ($data as $md_row) { + $md = elgg_get_metadata_from_id($md_row->id); + $this->assertTrue(in_array($md->value, $md_values2)); + $this->assertEqual('test', $md->name); + } + + $_SESSION['user'] = $original_user; + + $obj->delete(); + $u1->delete(); + $u2->delete(); + } + protected function create_metastring($string) { global $CONFIG, $METASTRINGS_CACHE, $METASTRINGS_DEADNAME_CACHE; diff --git a/engine/tests/objects/entities.php b/engine/tests/objects/entities.php index a4dc7946c..248b85c9e 100644 --- a/engine/tests/objects/entities.php +++ b/engine/tests/objects/entities.php @@ -98,7 +98,7 @@ class ElggCoreEntityTest extends ElggCoreUnitTest { // check internal metadata array $metadata = $this->entity->expose_metadata(); - $this->assertIdentical($metadata['existent'], 'testing'); + $this->assertIdentical($metadata['existent'], array('testing')); } public function testElggEnityGetAndSetAnnotations() { diff --git a/js/lib/ui.river.js b/js/lib/ui.river.js new file mode 100644 index 000000000..a56a664a4 --- /dev/null +++ b/js/lib/ui.river.js @@ -0,0 +1,14 @@ +elgg.provide('elgg.ui.river');
+
+elgg.ui.river.init = function() {
+ $('#elgg-river-selector').change(function() {
+ var url = window.location.href;
+ if (window.location.search.length) {
+ url = url.substring(0, url.indexOf('?'));
+ }
+ url += '?' + $(this).val();
+ elgg.forward(url);
+ });
+};
+
+elgg.register_hook_handler('init', 'system', elgg.ui.river.init);
\ No newline at end of file diff --git a/languages/en.php b/languages/en.php index e48f992d7..ae874a550 100644 --- a/languages/en.php +++ b/languages/en.php @@ -239,7 +239,7 @@ $english = array( 'pageownerunavailable' => 'Warning: The page owner %d is not accessible!', 'viewfailure' => 'There was an internal failure in the view %s', 'changebookmark' => 'Please change your bookmark for this page', - 'noaccess' => 'This content has been removed, is invalid, or you do not have permission to view it.', + 'noaccess' => 'The content you were trying to view has been removed or you do not have permission to view it.', 'error:missing_data' => 'There was some data missing in your request', 'error:default' => 'Oops...something went wrong.', @@ -367,7 +367,7 @@ $english = array( 'avatar:preview' => 'Preview', 'avatar:upload' => 'Upload a new avatar', 'avatar:current' => 'Current avatar', - 'avatar:revert' => 'Revert your avatar to the default icon', + 'avatar:remove' => 'Remove your avatar and set the default icon', 'avatar:crop:title' => 'Avatar cropping tool', 'avatar:upload:instructions' => "Your avatar is displayed throughout the site. You can change it as often as you'd like. (File formats accepted: GIF, JPG or PNG)", 'avatar:create:instructions' => 'Click and drag a square below to match how you want your avatar cropped. A preview will appear in the box on the right. When you are happy with the preview, click \'Create your avatar\'. This cropped version will be used throughout the site as your avatar.', @@ -376,8 +376,8 @@ $english = array( 'avatar:resize:fail' => 'Resize of the avatar failed', 'avatar:crop:success' => 'Cropping the avatar succeeded', 'avatar:crop:fail' => 'Avatar cropping failed', - 'avatar:revert:success' => 'Reverting the avatar succeeded', - 'avatar:revert:fail' => 'Avatar revert failed', + 'avatar:remove:success' => 'Removing the avatar succeeded', + 'avatar:remove:fail' => 'Avatar remove failed', 'profile:edit' => 'Edit profile', 'profile:aboutme' => "About me", @@ -412,6 +412,8 @@ $english = array( 'profile:explainchangefields' => "You can replace the existing profile fields with your own using the form below. \n\n Give the new profile field a label, for example, 'Favorite team', then select the field type (eg. text, url, tags), and click the 'Add' button. To re-order the fields drag on the handle next to the field label. To edit a field label - click on the label's text to make it editable. \n\n At any time you can revert back to the default profile set up, but you will lose any information already entered into custom fields on profile pages.", 'profile:editdefault:success' => 'New profile field added', 'profile:editdefault:fail' => 'Default profile could not be saved', + 'profile:field_too_long' => 'Cannot save your profile information because the "%s" section is too long.', + 'profile:noaccess' => "You do not have permission to edit this profile.", /** @@ -503,6 +505,7 @@ $english = array( 'registration:notemail' => 'The email address you provided does not appear to be a valid email address.', 'registration:userexists' => 'That username already exists', 'registration:usernametooshort' => 'Your username must be a minimum of %u characters long.', + 'registration:usernametoolong' => 'Your username is too long. It can have a maximum of %u characters.', 'registration:passwordtooshort' => 'The password must be a minimum of %u characters long.', 'registration:dupeemail' => 'This email address has already been registered.', 'registration:invalidchars' => 'Sorry, your username contains the character %s which is invalid. The following characters are invalid: %s', @@ -667,7 +670,7 @@ $english = array( /** * Plugins */ - 'plugins:disabled' => 'Plugins are being loaded because a file named "disabled" is in the mod directory.', + 'plugins:disabled' => 'Plugins are not being loaded because a file named "disabled" is in the mod directory.', 'plugins:settings:save:ok' => "Settings for the %s plugin were saved successfully.", 'plugins:settings:save:fail' => "There was a problem saving settings for the %s plugin.", 'plugins:usersettings:save:ok' => "User settings for the %s plugin were saved successfully.", @@ -741,6 +744,9 @@ $english = array( 'admin:server:label:mem_avail' => 'Memory available', 'admin:server:label:mem_used' => 'Memory used', 'admin:server:error_log' => "Web server's error log", + 'admin:server:label:post_max_size' => 'POST maximum size', + 'admin:server:label:upload_max_filesize' => 'Upload maximum size', + 'admin:server:warning:post_max_too_small' => '(Note: post_max_size must be larger than this value to support uploads of this size)', 'admin:user:label:search' => "Find users:", 'admin:user:label:searchbutton' => "Search", @@ -808,7 +814,7 @@ $english = array( */ 'river:all' => 'All Site Activity', 'river:mine' => 'My Activity', - 'river:friends' => 'Friends Activty', + 'river:friends' => 'Friends Activity', 'river:select' => 'Show %s', 'river:comments:more' => '+%u more', 'river:generic_comment' => 'commented on %s %s', @@ -861,6 +867,7 @@ $english = array( 'new' => 'New', 'add' => 'Add', 'create' => 'Create', + 'remove' => 'Remove', 'revert' => 'Revert', 'site' => 'Site', @@ -934,6 +941,7 @@ $english = array( */ 'deleteconfirm' => "Are you sure you want to delete this item?", + 'deleteconfirm:plural' => "Are you sure you want to delete these items?", 'fileexists' => "A file has already been uploaded. To replace it, select it below:", /** @@ -1171,6 +1179,7 @@ You cannot reply to this email.", 'actiongatekeeper:tokeninvalid' => "We encountered an error (token mismatch). This probably means that the page you were using expired.", 'actiongatekeeper:timeerror' => 'The page you were using has expired. Please refresh and try again.', 'actiongatekeeper:pluginprevents' => 'A extension has prevented this form from being submitted.', + 'actiongatekeeper:uploadexceeded' => 'The size of file(s) uploaded exceeded the limit set by your site administrator', /** diff --git a/mod/blog/languages/en.php b/mod/blog/languages/en.php index e1930b916..5248a6f51 100644 --- a/mod/blog/languages/en.php +++ b/mod/blog/languages/en.php @@ -41,7 +41,6 @@ $english = array( 'blog:message:saved' => 'Blog post saved.', 'blog:error:cannot_save' => 'Cannot save blog post.', 'blog:error:cannot_write_to_container' => 'Insufficient access to save blog to group.', - 'blog:error:post_not_found' => 'This post has been removed, is invalid, or you do not have permission to view it.', 'blog:messages:warning:draft' => 'There is an unsaved draft of this post!', 'blog:edit_revision_notice' => '(Old version)', 'blog:message:deleted_post' => 'Blog post deleted.', diff --git a/mod/blog/lib/blog.php b/mod/blog/lib/blog.php index 286fe1832..9d6cb37e7 100644 --- a/mod/blog/lib/blog.php +++ b/mod/blog/lib/blog.php @@ -22,7 +22,7 @@ function blog_get_page_content_read($guid = NULL) { $return['filter'] = ''; if (!elgg_instanceof($blog, 'object', 'blog')) { - $return['content'] = elgg_echo('blog:error:post_not_found'); + $return['content'] = elgg_echo('noaccess'); return $return; } diff --git a/mod/blog/start.php b/mod/blog/start.php index 73056f1c9..9faf1794e 100644 --- a/mod/blog/start.php +++ b/mod/blog/start.php @@ -60,7 +60,7 @@ function blog_init() { elgg_extend_view('groups/tool_latest', 'blog/group_module'); // add a blog widget - elgg_register_widget_type('blog', elgg_echo('blog'), elgg_echo('blog:widget:description'), 'profile'); + elgg_register_widget_type('blog', elgg_echo('blog'), elgg_echo('blog:widget:description')); // register actions $action_path = elgg_get_plugins_path() . 'blog/actions/blog'; diff --git a/mod/blog/views/default/object/blog.php b/mod/blog/views/default/object/blog.php index aa8074a69..4403a6006 100644 --- a/mod/blog/views/default/object/blog.php +++ b/mod/blog/views/default/object/blog.php @@ -27,7 +27,6 @@ $owner_link = elgg_view('output/url', array( 'is_trusted' => true, )); $author_text = elgg_echo('byline', array($owner_link)); -$tags = elgg_view('output/tags', array('tags' => $blog->tags)); $date = elgg_view_friendly_time($blog->time_created); // The "on" status changes for comments, so best to check for !Off @@ -74,7 +73,6 @@ if ($full) { 'title' => false, 'metadata' => $metadata, 'subtitle' => $subtitle, - 'tags' => $tags, ); $params = $params + $vars; $summary = elgg_view('object/elements/summary', $params); @@ -92,7 +90,6 @@ if ($full) { 'entity' => $blog, 'metadata' => $metadata, 'subtitle' => $subtitle, - 'tags' => $tags, 'content' => $excerpt, ); $params = $params + $vars; diff --git a/mod/bookmarks/pages/bookmarks/view.php b/mod/bookmarks/pages/bookmarks/view.php index 2439d2ee8..c819b8b41 100644 --- a/mod/bookmarks/pages/bookmarks/view.php +++ b/mod/bookmarks/pages/bookmarks/view.php @@ -6,6 +6,10 @@ */ $bookmark = get_entity(get_input('guid')); +if (!$bookmark) { + register_error(elgg_echo('noaccess')); + forward(''); +} $page_owner = elgg_get_page_owner_entity(); diff --git a/mod/bookmarks/views/default/object/bookmarks.php b/mod/bookmarks/views/default/object/bookmarks.php index 89a0d03e0..83bae2b13 100644 --- a/mod/bookmarks/views/default/object/bookmarks.php +++ b/mod/bookmarks/views/default/object/bookmarks.php @@ -27,7 +27,6 @@ $owner_link = elgg_view('output/url', array( )); $author_text = elgg_echo('byline', array($owner_link)); -$tags = elgg_view('output/tags', array('tags' => $bookmark->tags)); $date = elgg_view_friendly_time($bookmark->time_created); $comments_count = $bookmark->countComments(); @@ -64,7 +63,6 @@ if ($full && !elgg_in_context('gallery')) { 'title' => false, 'metadata' => $metadata, 'subtitle' => $subtitle, - 'tags' => $tags, ); $params = $params + $vars; $summary = elgg_view('object/elements/summary', $params); @@ -120,7 +118,6 @@ HTML; 'entity' => $bookmark, 'metadata' => $metadata, 'subtitle' => $subtitle, - 'tags' => $tags, 'content' => $content, ); $params = $params + $vars; diff --git a/mod/categories/languages/en.php b/mod/categories/languages/en.php index eaa65b13e..422fe81a4 100644 --- a/mod/categories/languages/en.php +++ b/mod/categories/languages/en.php @@ -9,7 +9,7 @@ $english = array( 'categories:explanation' => 'To set some predefined site-wide categories that will be used throughout your system, enter them below, separated with commas. Compatible tools will then display them when the user creates or edits content.', 'categories:save:success' => 'Site categories were successfully saved.', 'categories:results' => "Results for the site category: %s", - 'categories:on_activate_reminder' => "Site-wide Cateogires won't work until you add categories. <a href=\"%s\">Add categories now.</a>", + 'categories:on_activate_reminder' => "Site-wide Categories won't work until you add categories. <a href=\"%s\">Add categories now.</a>", ); add_translation("en", $english);
\ No newline at end of file diff --git a/mod/embed/manifest.xml b/mod/embed/manifest.xml index 46ab2df9e..81ca9194e 100644 --- a/mod/embed/manifest.xml +++ b/mod/embed/manifest.xml @@ -13,10 +13,10 @@ <type>elgg_release</type> <version>1.8</version> </requires> - <suggests> + <requires> <type>plugin</type> <name>file</name> <version>1.8.1</version> - </suggests> + </requires> <activate_on_install>true</activate_on_install> </plugin_manifest> diff --git a/mod/file/pages/file/download.php b/mod/file/pages/file/download.php index 00e6d500e..76c1f1272 100644 --- a/mod/file/pages/file/download.php +++ b/mod/file/pages/file/download.php @@ -26,7 +26,7 @@ $filename = $file->originalfilename; header("Pragma: public"); header("Content-type: $mime"); -if (strpos($mime, "image/") !== false) { +if (strpos($mime, "image/") !== false || $mime == "application/pdf") { header("Content-Disposition: inline; filename=\"$filename\""); } else { header("Content-Disposition: attachment; filename=\"$filename\""); diff --git a/mod/file/pages/file/view.php b/mod/file/pages/file/view.php index a571c9d68..ec51b30e6 100644 --- a/mod/file/pages/file/view.php +++ b/mod/file/pages/file/view.php @@ -6,6 +6,10 @@ */ $file = get_entity(get_input('guid')); +if (!$file) { + register_error(elgg_echo('noaccess')); + forward(''); +} $owner = elgg_get_page_owner_entity(); diff --git a/mod/file/views/default/object/file.php b/mod/file/views/default/object/file.php index 1db9863c9..b3f530183 100644 --- a/mod/file/views/default/object/file.php +++ b/mod/file/views/default/object/file.php @@ -28,7 +28,6 @@ $author_text = elgg_echo('byline', array($owner_link)); $file_icon = elgg_view_entity_icon($file, 'small'); -$tags = elgg_view('output/tags', array('tags' => $file->tags)); $date = elgg_view_friendly_time($file->time_created); $comments_count = $file->countComments(); @@ -71,7 +70,6 @@ if ($full && !elgg_in_context('gallery')) { 'entity' => $file, 'metadata' => $metadata, 'subtitle' => $subtitle, - 'tags' => $tags, ); $params = $params + $vars; $summary = elgg_view('object/elements/summary', $params); @@ -100,7 +98,6 @@ if ($full && !elgg_in_context('gallery')) { 'entity' => $file, 'metadata' => $metadata, 'subtitle' => $subtitle, - 'tags' => $tags, 'content' => $excerpt, ); $params = $params + $vars; diff --git a/mod/groups/icon.php b/mod/groups/icon.php index 104da4b41..f86f84fa5 100644 --- a/mod/groups/icon.php +++ b/mod/groups/icon.php @@ -35,7 +35,7 @@ if ($filehandler->open("read")) { } if (!$success) { - $location = elgg_get_plugins_path() . "groups/graphics/default{$size}.jpg"; + $location = elgg_get_plugins_path() . "groups/graphics/default{$size}.gif"; $contents = @file_get_contents($location); } diff --git a/mod/groups/views/default/groups/sidebar/members.php b/mod/groups/views/default/groups/sidebar/members.php index 49f14697c..11273d0e6 100644 --- a/mod/groups/views/default/groups/sidebar/members.php +++ b/mod/groups/views/default/groups/sidebar/members.php @@ -8,7 +8,7 @@ * @uses $vars['limit'] The number of members to display */ -$limit = elgg_extract('limit', $vars, 10); +$limit = elgg_extract('limit', $vars, 14); $all_link = elgg_view('output/url', array( 'href' => 'groups/members/' . $vars['entity']->guid, @@ -24,6 +24,7 @@ $body = elgg_list_entities_from_relationship(array( 'limit' => $limit, 'list_type' => 'gallery', 'gallery_class' => 'elgg-gallery-users', + 'pagination' => false )); $body .= "<div class='center mts'>$all_link</div>"; diff --git a/mod/messages/views/default/forms/messages/process.php b/mod/messages/views/default/forms/messages/process.php index f86c3217a..cb30792e9 100644 --- a/mod/messages/views/default/forms/messages/process.php +++ b/mod/messages/views/default/forms/messages/process.php @@ -19,10 +19,12 @@ echo $messages; echo '</div>'; echo '<div class="elgg-foot messages-buttonbank">'; + echo elgg_view('input/submit', array( 'value' => elgg_echo('delete'), 'name' => 'delete', - 'class' => 'elgg-button-delete', + 'class' => 'elgg-button-delete elgg-requires-confirmation', + 'title' => elgg_echo('deleteconfirm:plural'), )); if ($vars['folder'] == "inbox") { diff --git a/mod/pages/actions/pages/delete.php b/mod/pages/actions/pages/delete.php index dfa0de98d..7a314a280 100644 --- a/mod/pages/actions/pages/delete.php +++ b/mod/pages/actions/pages/delete.php @@ -9,8 +9,9 @@ $guid = get_input('guid'); $page = get_entity($guid); -if ($page) { - if ($page->canEdit()) { +if (elgg_instanceof($page, 'object', 'page') || elgg_instanceof($page, 'object', 'page_top')) { + // only allow owners and admin to delete + if (elgg_is_admin_logged_in() || elgg_get_logged_in_user_guid() == $page->getOwnerGuid()) { $container = get_entity($page->container_guid); // Bring all child elements forward diff --git a/mod/pages/actions/pages/edit.php b/mod/pages/actions/pages/edit.php index 6950d4b2f..a32e4a4ba 100644 --- a/mod/pages/actions/pages/edit.php +++ b/mod/pages/actions/pages/edit.php @@ -47,7 +47,19 @@ if ($page_guid) { } if (sizeof($input) > 0) { + // don't change access if not an owner/admin + $user = elgg_get_logged_in_user_entity(); + $can_change_access = true; + + if ($user && $page) { + $can_change_access = $user->isAdmin() || $user->getGUID() == $page->owner_guid; + } + foreach ($input as $name => $value) { + if (($name == 'access_id' || $name == 'write_access_id') && !$can_change_access) { + continue; + } + $page->$name = $value; } } @@ -74,6 +86,6 @@ if ($page->save()) { forward($page->getURL()); } else { - register_error(elgg_echo('pages:error:no_save')); + register_error(elgg_echo('pages:error:notsaved')); forward(REFERER); } diff --git a/mod/pages/lib/pages.php b/mod/pages/lib/pages.php index 5c5323d6f..dbf7b8917 100644 --- a/mod/pages/lib/pages.php +++ b/mod/pages/lib/pages.php @@ -111,4 +111,4 @@ function pages_register_navigation_tree($container) { } } } -} +}
\ No newline at end of file diff --git a/mod/pages/pages/pages/history.php b/mod/pages/pages/pages/history.php index a63b37a7a..872596179 100644 --- a/mod/pages/pages/pages/history.php +++ b/mod/pages/pages/pages/history.php @@ -30,7 +30,12 @@ elgg_push_breadcrumb(elgg_echo('pages:history')); $title = $page->title . ": " . elgg_echo('pages:history'); -$content = list_annotations($page_guid, 'page', 20, false); +$content = elgg_list_annotations(array( + 'guid' => $page_guid, + 'annotation_name' => 'page', + 'limit' => 20, + 'order_by' => "n_table.time_created desc" +)); $body = elgg_view_layout('content', array( 'filter' => '', diff --git a/mod/pages/pages/pages/view.php b/mod/pages/pages/pages/view.php index 5dfb76b55..6b9d03f49 100644 --- a/mod/pages/pages/pages/view.php +++ b/mod/pages/pages/pages/view.php @@ -8,6 +8,7 @@ $page_guid = get_input('guid'); $page = get_entity($page_guid); if (!$page) { + register_error(elgg_echo('noaccess')); forward(); } @@ -32,7 +33,8 @@ elgg_push_breadcrumb($title); $content = elgg_view_entity($page, array('full_view' => true)); $content .= elgg_view_comments($page); -if (elgg_get_logged_in_user_guid() == $page->getOwnerGuid()) { +// can add subpage if can edit this page and write to container (such as a group) +if ($page->canEdit() && $container->canWriteToContainer(0, 'object', 'page')) { $url = "pages/add/$page->guid"; elgg_register_menu_item('title', array( 'name' => 'subpage', diff --git a/mod/pages/views/default/forms/pages/edit.php b/mod/pages/views/default/forms/pages/edit.php index 20737a121..9469f5eb9 100644 --- a/mod/pages/views/default/forms/pages/edit.php +++ b/mod/pages/views/default/forms/pages/edit.php @@ -6,7 +6,18 @@ */ $variables = elgg_get_config('pages'); +$user = elgg_get_logged_in_user_entity(); +$entity = elgg_extract('entity', $vars); +$can_change_access = true; +if ($user && $entity) { + $can_change_access = ($user->isAdmin() || $user->getGUID() == $entity->owner_guid); +} + foreach ($variables as $name => $type) { + // don't show read / write access inputs for non-owners or admin when editing + if (($type == 'access' || $type == 'write_access') && !$can_change_access) { + continue; + } ?> <div> <label><?php echo elgg_echo("pages:$name") ?></label> @@ -14,8 +25,8 @@ foreach ($variables as $name => $type) { if ($type != 'longtext') { echo '<br />'; } - ?> - <?php echo elgg_view("input/$type", array( + + echo elgg_view("input/$type", array( 'name' => $name, 'value' => $vars[$name], )); diff --git a/mod/pages/views/default/object/page_top.php b/mod/pages/views/default/object/page_top.php index e78289f28..945a22eed 100644 --- a/mod/pages/views/default/object/page_top.php +++ b/mod/pages/views/default/object/page_top.php @@ -45,7 +45,6 @@ $editor_link = elgg_view('output/url', array( $date = elgg_view_friendly_time($annotation->time_created); $editor_text = elgg_echo('pages:strapline', array($date, $editor_link)); -$tags = elgg_view('output/tags', array('tags' => $page->tags)); $categories = elgg_view('output/categories', $vars); $comments_count = $page->countComments(); @@ -82,7 +81,6 @@ if ($full) { 'entity' => $page, 'metadata' => $metadata, 'subtitle' => $subtitle, - 'tags' => $tags, ); $params = $params + $vars; $summary = elgg_view('object/elements/summary', $params); @@ -104,7 +102,6 @@ if ($full) { 'entity' => $page, 'metadata' => $metadata, 'subtitle' => $subtitle, - 'tags' => $tags, 'content' => $excerpt, ); $params = $params + $vars; diff --git a/mod/search/views/default/search/search_box.php b/mod/search/views/default/search/search_box.php index 87d59519c..ff12ae4f0 100644 --- a/mod/search/views/default/search/search_box.php +++ b/mod/search/views/default/search/search_box.php @@ -38,6 +38,7 @@ $display_query = htmlspecialchars($display_query, ENT_QUOTES, 'UTF-8', false); <form class="<?php echo $class; ?>" action="<?php echo elgg_get_site_url(); ?>search" method="get"> <fieldset> <input type="text" class="search-input" size="21" name="q" value="<?php echo elgg_echo('search'); ?>" onblur="if (this.value=='') { this.value='<?php echo elgg_echo('search'); ?>' }" onfocus="if (this.value=='<?php echo elgg_echo('search'); ?>') { this.value='' };" /> + <input type="hidden" name="search_type" value="all" /> <input type="submit" value="<?php echo elgg_echo('search:go'); ?>" class="search-submit-button" /> </fieldset> -</form>
\ No newline at end of file +</form> diff --git a/mod/thewire/pages/thewire/view.php b/mod/thewire/pages/thewire/view.php new file mode 100644 index 000000000..1818e725a --- /dev/null +++ b/mod/thewire/pages/thewire/view.php @@ -0,0 +1,30 @@ +<?php +/** + * View individual wire post + */ + +$post = get_entity(get_input('guid')); +if (!$post) { + register_error(elgg_echo('noaccess')); + forward(''); +} +$owner = $post->getOwnerEntity(); +if (!$owner) { + forward(); +} + +$title = elgg_echo('thewire:by', array($owner->name)); + +elgg_push_breadcrumb(elgg_echo('thewire'), 'thewire/all'); +elgg_push_breadcrumb($owner->name, 'thewire/owner/' . $owner->username); +elgg_push_breadcrumb($title); + +$content = elgg_view_entity($post); + +$body = elgg_view_layout('content', array( + 'filter' => false, + 'content' => $content, + 'title' => $title, +)); + +echo elgg_view_page($title, $body); diff --git a/mod/thewire/start.php b/mod/thewire/start.php index 5d5786e2f..8e3b5224a 100644 --- a/mod/thewire/start.php +++ b/mod/thewire/start.php @@ -77,7 +77,8 @@ function thewire_init() { * thewire/owner/<username> View this user's wire posts * thewire/following/<username> View the posts of those this user follows * thewire/reply/<guid> Reply to a post - * thewire/view/<guid> View a conversation thread + * thewire/view/<guid> View a post + * thewire/thread/<id> View a conversation thread * thewire/tag/<tag> View wire posts tagged with <tag> * * @param array $page From the page_handler function @@ -104,6 +105,12 @@ function thewire_page_handler($page) { include "$base_dir/owner.php"; break; + case "view": + if (isset($page[1])) { + set_input('guid', $page[1]); + } + include "$base_dir/view.php"; + case "thread": if (isset($page[1])) { set_input('thread_id', $page[1]); diff --git a/mod/twitter_api/lib/twitter_api.php b/mod/twitter_api/lib/twitter_api.php index 355123992..fbce00d34 100644 --- a/mod/twitter_api/lib/twitter_api.php +++ b/mod/twitter_api/lib/twitter_api.php @@ -109,7 +109,7 @@ function twitter_api_login() { $user = twitter_api_create_user($twitter); $site_name = elgg_get_site_entity()->name; system_message(elgg_echo('twitter_api:login:email', array($site_name))); - $forward = "twitter_api/intersitial"; + $forward = "twitter_api/interstitial"; } // set twitter services tokens diff --git a/upgrade.php b/upgrade.php index 6f7126326..963523200 100644 --- a/upgrade.php +++ b/upgrade.php @@ -20,7 +20,8 @@ define('UPGRADING', 'upgrading'); require_once(dirname(__FILE__) . "/engine/start.php"); if (get_input('upgrade') == 'upgrade') { - // disable the core system log for upgrades to avoid exceptions when the schema changes. + // disable the system log for upgrades to avoid exceptions when the schema changes. + elgg_unregister_event_handler('log', 'systemlog', 'system_log_default_logger'); elgg_unregister_event_handler('all', 'all', 'system_log_listener'); if (elgg_get_unprocessed_upgrades()) { diff --git a/version.php b/version.php index c36f4e186..4f028bfd6 100644 --- a/version.php +++ b/version.php @@ -14,4 +14,4 @@ $version = 2012041801; // Human-friendly version name -$release = '1.8.4'; +$release = '1.8.5'; diff --git a/views/default/admin/statistics/server/php.php b/views/default/admin/statistics/server/php.php index 4a59b95fb..7c6a51383 100644 --- a/views/default/admin/statistics/server/php.php +++ b/views/default/admin/statistics/server/php.php @@ -8,6 +8,15 @@ if (!$php_log) { $php_log = elgg_echo('admin:server:error_log'); } +$post_max_size = elgg_get_ini_setting_in_bytes('post_max_size'); +$upload_max_filesize = elgg_get_ini_setting_in_bytes('upload_max_filesize'); + +$post_max_size_warning = ''; +if ($upload_max_filesize > $post_max_size) { + // @todo show a link to something like http://nigel.mcnie.name/blog/uploadmaxfilesizepostmaxsize-experimentation ? + $post_max_size_warning = elgg_echo('admin:server:warning:post_max_too_small'); +} + ?> <table class="elgg-table-alt"> <tr class="odd"> @@ -30,4 +39,12 @@ if (!$php_log) { <td><b><?php echo elgg_echo('admin:server:label:mem_used'); ?> :</b></td> <td><?php echo number_format(memory_get_peak_usage()); ?></td> </tr> + <tr class="even"> + <td><b><?php echo elgg_echo('admin:server:label:post_max_size'); ?> :</b></td> + <td><?php echo number_format($post_max_size); ?></td> + </tr> + <tr class="odd"> + <td><b><?php echo elgg_echo('admin:server:label:upload_max_filesize'); ?> :</b></td> + <td><?php echo number_format($upload_max_filesize) . ' ' . $post_max_size_warning; ?></td> + </tr> </table> diff --git a/views/default/core/avatar/upload.php b/views/default/core/avatar/upload.php index 29aa59c9c..6f9124192 100644 --- a/views/default/core/avatar/upload.php +++ b/views/default/core/avatar/upload.php @@ -12,12 +12,12 @@ $user_avatar = elgg_view('output/img', array( $current_label = elgg_echo('avatar:current'); -$revert_button = ''; +$remove_button = ''; if ($vars['entity']->icontime) { - $revert_button = elgg_view('output/url', array( - 'text' => elgg_echo('revert'), - 'title' => elgg_echo('avatar:revert'), - 'href' => 'action/avatar/revert?guid=' . elgg_get_page_owner_guid(), + $remove_button = elgg_view('output/url', array( + 'text' => elgg_echo('remove'), + 'title' => elgg_echo('avatar:remove'), + 'href' => 'action/avatar/remove?guid=' . elgg_get_page_owner_guid(), 'is_action' => true, 'class' => 'elgg-button elgg-button-cancel mll', )); @@ -39,7 +39,7 @@ $image = <<<HTML <label>$current_label</label><br /> $user_avatar </div> -$revert_button +$remove_button HTML; $body = <<<HTML diff --git a/views/default/core/river/filter.php b/views/default/core/river/filter.php index 87380b561..9b7fadaa8 100644 --- a/views/default/core/river/filter.php +++ b/views/default/core/river/filter.php @@ -34,17 +34,5 @@ if ($selector) { $params['value'] = $selector; } echo elgg_view('input/dropdown', $params); -?> -<?php //@todo JS 1.8: no ?> -<script type="text/javascript"> -elgg.register_hook_handler('init', 'system', function() { - $('#elgg-river-selector').change(function() { - var url = window.location.href; - if (window.location.search.length) { - url = url.substring(0, url.indexOf('?')); - } - url += '?' + $(this).val(); - elgg.forward(url); - }); -}); -</script> + +elgg_load_js('elgg.ui.river'); diff --git a/views/default/css/elements/icons.php b/views/default/css/elements/icons.php index f7c789e33..9b12e0a57 100644 --- a/views/default/css/elements/icons.php +++ b/views/default/css/elements/icons.php @@ -288,8 +288,8 @@ .elgg-ajax-loader { background: white url(<?php echo elgg_get_site_url(); ?>_graphics/ajax_loader_bw.gif) no-repeat center center; - min-height: 33px; - min-width: 33px; + min-height: 31px; + min-width: 31px; } /* *************************************** diff --git a/views/default/navigation/pagination.php b/views/default/navigation/pagination.php index e0d355327..04044c51c 100644 --- a/views/default/navigation/pagination.php +++ b/views/default/navigation/pagination.php @@ -113,7 +113,12 @@ foreach ($pages->items as $page) { } else { $page_offset = (($page - 1) * $limit); $url = elgg_http_add_url_query_elements($base_url, array($offset_key => $page_offset)); - echo "<li><a href=\"$url\">$page</a></li>"; + $link = elgg_view('output/url', array( + 'href' => $url, + 'text' => $page, + 'is_trusted' => true, + )); + echo "<li>$link</li>"; } } diff --git a/views/default/object/elements/summary.php b/views/default/object/elements/summary.php index 22db03f51..c0f3ad340 100644 --- a/views/default/object/elements/summary.php +++ b/views/default/object/elements/summary.php @@ -13,7 +13,7 @@ * @uses $vars['title'] Title link (optional) false = no title, '' = default * @uses $vars['metadata'] HTML for entity menu and metadata (optional) * @uses $vars['subtitle'] HTML for the subtitle (optional) - * @uses $vars['tags'] HTML for the tags (optional) + * @uses $vars['tags'] HTML for the tags (default is tags on entity, pass false for no tags) * @uses $vars['content'] HTML for the entity content (optional) */ @@ -39,7 +39,7 @@ $subtitle = elgg_extract('subtitle', $vars, ''); $content = elgg_extract('content', $vars, ''); $tags = elgg_extract('tags', $vars, ''); -if ($tags !== false) { +if ($tags === '') { $tags = elgg_view('output/tags', array('tags' => $entity->tags)); } diff --git a/views/default/output/tagcloud.php b/views/default/output/tagcloud.php index 22b6cf49d..a212becd8 100644 --- a/views/default/output/tagcloud.php +++ b/views/default/output/tagcloud.php @@ -47,9 +47,15 @@ if (!empty($vars['tagcloud']) && is_array($vars['tagcloud'])) { if ($size < 100) { $size = 100; } - $url = elgg_get_site_url()."search?q=". urlencode($tag->tag) . "&search_type=tags$type$subtype"; - $url = elgg_format_url($url); - $cloud .= "<a href=\"$url\" style=\"font-size: $size%\" title=\"".addslashes($tag->tag)." ($tag->total)\">" . htmlspecialchars($tag->tag, ENT_QUOTES, 'UTF-8') . "</a>"; + $url = "search?q=". urlencode($tag->tag) . "&search_type=tags$type$subtype"; + + $cloud .= elgg_view('output/url', array( + 'text' => $tag->tag, + 'href' => $url, + 'style' => "font-size: $size%;", + 'title' => "$tag->tag ($tag->total)", + 'rel' => 'tag' + )); } $cloud .= elgg_view('tagcloud/extend'); diff --git a/views/default/page/default.php b/views/default/page/default.php index 892069fad..3724bffd8 100644 --- a/views/default/page/default.php +++ b/views/default/page/default.php @@ -14,7 +14,9 @@ // backward compatability support for plugins that are not using the new approach // of routing through admin. See reportedcontent plugin for a simple example. if (elgg_get_context() == 'admin') { - elgg_deprecated_notice("admin plugins should route through 'admin'.", 1.8); + if (get_input('handler') != 'admin') { + elgg_deprecated_notice("admin plugins should route through 'admin'.", 1.8); + } elgg_admin_add_plugin_settings_menu(); elgg_unregister_css('elgg'); echo elgg_view('page/admin', $vars); diff --git a/views/default/page/elements/comments.php b/views/default/page/elements/comments.php index ebc7d3df5..cf9b5f08b 100644 --- a/views/default/page/elements/comments.php +++ b/views/default/page/elements/comments.php @@ -12,7 +12,7 @@ $show_add_form = elgg_extract('show_add_form', $vars, true); $id = ''; if (isset($vars['id'])) { - $id = "id =\"{$vars['id']}\""; + $id = "id=\"{$vars['id']}\""; } $class = 'elgg-comments'; diff --git a/views/default/river/elements/body.php b/views/default/river/elements/body.php index 6894b81e2..2cd7f2289 100644 --- a/views/default/river/elements/body.php +++ b/views/default/river/elements/body.php @@ -18,7 +18,7 @@ $menu = elgg_view_menu('river', array( )); // river item header -$timestamp = elgg_get_friendly_time($item->getPostedTime()); +$timestamp = elgg_view_friendly_time($item->getPostedTime()); $summary = elgg_extract('summary', $vars, elgg_view('river/elements/summary', array('item' => $vars['item']))); if ($summary === false) { |