diff options
160 files changed, 3950 insertions, 1009 deletions
diff --git a/CHANGES.txt b/CHANGES.txt index 7a3422d7d..ca1bdc675 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,3 +1,80 @@ +Version 1.8.11 +(December 5th, 2012 from https://github.com/Elgg/Elgg/tree/1.8) + + Bugfix: + * Fixed fatal error in group creation form + + +Version 1.8.10 +(December 4th, 2012 from https://github.com/Elgg/Elgg/tree/1.8) + + Contributing Developers: + * Krzysztof Różalski + * Lars Hærvig + * Paweł Sroka + * RiverVanRain + * Sem + * Steve Clay + + Security Enhancements: + * Cached metadata respects access restrictions to fix problems with profile + field display. + * Group RSS feeds are restricted to valid entities + + Enhancements: + * UX: Added a list of Administrators in the admin area + * UX: Limiting message board activity stream entries to excerpts + * Performance: Prefetching river entries + * Performance: Plugin entities are cached + + Bugfixes: + * Removed superfluous commas in JS files to fix IE compatibility. + * API: Fixed Twitter API. + * Performance: Outputting valid ETags and expires headers. + + +Version 1.8.9 +(November 11, 2012 from https://github.com/Elgg/Elgg/tree/1.8) + + Contributing Developers: + * Brett Profitt + * Cash Costello + * Evan Winslow + * Jeroen Dalsem + * Jerome Bakker + * Matt Beckett + * Paweł Sroka + * Sem + * Steve Clay + + Security Enhancements: + * Sample CLI installer cannot break site + * Removed XSS vulnerabilities in titles and user profiles + + Enhancements: + * UX: A group's owner can transfer ownership to another member + * UX: Search queries persist in the search box + * Several (X)HTML validation improvements + * Improved performance via more aggressive entity and metadata caching + * BC: 1.7 group profile URLs forward correctly + + Bugfixes: + * UX: Titles containing HTML tokens are never mangled + * UX: Empty user profile values saved properly + * UX: Blog creator always mentioned in activity stream (not user who published it) + * UI: Fixed ordering of registered menu items in some cases + * UI: Embed dialog does not break file inputs + * UI: Datepicker now respects language + * UI: More reliable display of access input in widgets + * UI: Group edit form is sticky + * UI: Site categories are sticky in forms + * API: Language fallback works in Javascript + * API: Fallback to default viewtype if invalid one given + * API: Notices reported for missing language keys + * Memcache now safe to use; never bypasses access control + * BC: upgrade shows comments consistently in activity stream + + Version 1.8.8 (July 11, 2012 from https://github.com/Elgg/Elgg/tree/1.8) diff --git a/CONTRIBUTORS.txt b/CONTRIBUTORS.txt index 0163757e7..a8e74d3a4 100644 --- a/CONTRIBUTORS.txt +++ b/CONTRIBUTORS.txt @@ -1,6 +1,7 @@ The following have made notable contributions to the Elgg Project. (List in alphabetical order.) +Steve Clay - http://www.mrclay.org/, https://twitter.com/mrclay_org Cash Costello - cash@elgg.org, http://cashcostello.com/ @@ -20,10 +21,10 @@ Tom Read - MITRE http://mitre.org/ Justin Richer - MITRE http://mitre.org/ -Dave Tosh - davidgtosh@gmail.com, http://twitter.com/davetosh +Dave Tosh - davidgtosh@gmail.com, http://twitter.com/davetosh Ben Werdmuller - http://benwerd.com/ -Nicholas Whitt - nick.whitt@gmail.com, http://twitter.com/nogoodnick +Nicholas Whitt - nick.whitt@gmail.com, http://twitter.com/nogoodnick Evan Winslow - evan@elgg.org, http://evanwinslow.com/ diff --git a/actions/admin/site/unlock_upgrade.php b/actions/admin/site/unlock_upgrade.php new file mode 100644 index 000000000..b625b1d26 --- /dev/null +++ b/actions/admin/site/unlock_upgrade.php @@ -0,0 +1,10 @@ +<?php +/** + * Unlocks the upgrade script + */ + +if (_elgg_upgrade_is_locked()) { + _elgg_upgrade_unlock(); +} +system_message(elgg_echo('upgrade:unlock:success')); +forward(REFERER); diff --git a/actions/login.php b/actions/login.php index ea7fb3508..1e5e92ede 100644 --- a/actions/login.php +++ b/actions/login.php @@ -7,7 +7,7 @@ */ // set forward url -if (isset($_SESSION['last_forward_from']) && $_SESSION['last_forward_from']) { +if (!empty($_SESSION['last_forward_from'])) { $forward_url = $_SESSION['last_forward_from']; unset($_SESSION['last_forward_from']); } elseif (get_input('returntoreferer')) { @@ -19,7 +19,7 @@ if (isset($_SESSION['last_forward_from']) && $_SESSION['last_forward_from']) { $username = get_input('username'); $password = get_input('password', null, false); -$persistent = get_input("persistent", false); +$persistent = (bool) get_input("persistent"); $result = false; if (empty($username) || empty($password)) { diff --git a/actions/profile/edit.php b/actions/profile/edit.php index 8ca60f246..89bf2bc0b 100644 --- a/actions/profile/edit.php +++ b/actions/profile/edit.php @@ -25,7 +25,7 @@ if (!is_array($accesslevel)) { * wrapper for recursive array walk decoding */ function profile_array_decoder(&$v) { - $v = html_entity_decode($v, ENT_COMPAT, 'UTF-8'); + $v = _elgg_html_decode($v); } $profile_fields = elgg_get_config('profile_fields'); @@ -37,7 +37,7 @@ foreach ($profile_fields as $shortname => $valuetype) { if (is_array($value)) { array_walk_recursive($value, 'profile_array_decoder'); } else { - $value = html_entity_decode($value, ENT_COMPAT, 'UTF-8'); + $value = _elgg_html_decode($value); } // limit to reasonable sizes @@ -51,7 +51,7 @@ foreach ($profile_fields as $shortname => $valuetype) { if ($valuetype == 'tags') { $value = string_to_tag_array($value); } - + $input[$shortname] = $value; } @@ -71,24 +71,30 @@ if (sizeof($input) > 0) { foreach ($input as $shortname => $value) { $options = array( 'guid' => $owner->guid, - 'metadata_name' => $shortname + 'metadata_name' => $shortname, + 'limit' => false ); elgg_delete_metadata($options); - if (isset($accesslevel[$shortname])) { - $access_id = (int) $accesslevel[$shortname]; - } else { - // this should never be executed since the access level should always be set - $access_id = ACCESS_DEFAULT; - } - if (is_array($value)) { - $i = 0; - foreach ($value as $interval) { - $i++; - $multiple = ($i > 1) ? TRUE : FALSE; - create_metadata($owner->guid, $shortname, $interval, 'text', $owner->guid, $access_id, $multiple); + + if(!is_null($value) && ($value !== '')){ + // only create metadata for non empty values (0 is allowed) to prevent metadata records with empty string values #4858 + + if (isset($accesslevel[$shortname])) { + $access_id = (int) $accesslevel[$shortname]; + } else { + // this should never be executed since the access level should always be set + $access_id = ACCESS_DEFAULT; + } + if (is_array($value)) { + $i = 0; + foreach ($value as $interval) { + $i++; + $multiple = ($i > 1) ? TRUE : FALSE; + create_metadata($owner->guid, $shortname, $interval, 'text', $owner->guid, $access_id, $multiple); + } + } else { + create_metadata($owner->getGUID(), $shortname, $value, 'text', $owner->getGUID(), $access_id); } - } else { - create_metadata($owner->getGUID(), $shortname, $value, 'text', $owner->getGUID(), $access_id); } } diff --git a/actions/register.php b/actions/register.php index f23d5b381..810ceaf27 100644 --- a/actions/register.php +++ b/actions/register.php @@ -30,8 +30,6 @@ if (elgg_get_config('allow_registration')) { $guid = register_user($username, $password, $name, $email, false, $friend_guid, $invitecode); if ($guid) { - elgg_clear_sticky_form('register'); - $new_user = get_entity($guid); // allow plugins to respond to self registration @@ -54,6 +52,7 @@ if (elgg_get_config('allow_registration')) { throw new RegistrationException(elgg_echo('registerbad')); } + elgg_clear_sticky_form('register'); system_message(elgg_echo("registerok", array(elgg_get_site_entity()->name))); // if exception thrown, this probably means there is a validation @@ -76,4 +75,4 @@ if (elgg_get_config('allow_registration')) { register_error(elgg_echo('registerdisabled')); } -forward(REFERER);
\ No newline at end of file +forward(REFERER); diff --git a/engine/classes/ElggAttributeLoader.php b/engine/classes/ElggAttributeLoader.php new file mode 100644 index 000000000..602bb8bae --- /dev/null +++ b/engine/classes/ElggAttributeLoader.php @@ -0,0 +1,199 @@ +<?php + +/** + * Loads ElggEntity attributes from DB or validates those passed in via constructor + * + * @access private + */ +class ElggAttributeLoader { + + /** + * @var array names of attributes in all entities + */ + protected static $primary_attr_names = array( + 'guid', + 'type', + 'subtype', + 'owner_guid', + 'container_guid', + 'site_guid', + 'access_id', + 'time_created', + 'time_updated', + 'last_action', + 'enabled' + ); + + /** + * @var array names of secondary attributes required for the entity + */ + protected $secondary_attr_names = array(); + + /** + * @var string entity type (not class) required for fetched primaries + */ + protected $required_type; + + /** + * @var array + */ + protected $initialized_attributes; + + /** + * @var string class of object being loaded + */ + protected $class; + + /** + * @var bool should access control be considered when fetching entity? + */ + public $requires_access_control = true; + + /** + * @var callable function used to load attributes from {prefix}entities table + */ + public $primary_loader = 'get_entity_as_row'; + + /** + * @var callable function used to load attributes from secondary table + */ + public $secondary_loader = ''; + + /** + * @var callable function used to load all necessary attributes + */ + public $full_loader = ''; + + /** + * @param string $class class of object being loaded + * @param string $required_type entity type this is being used to populate + * @param array $initialized_attrs attributes after initializeAttributes() has been run + * @throws InvalidArgumentException + */ + public function __construct($class, $required_type, array $initialized_attrs) { + if (!is_string($class)) { + throw new InvalidArgumentException('$class must be a class name.'); + } + $this->class = $class; + + if (!is_string($required_type)) { + throw new InvalidArgumentException('$requiredType must be a system entity type.'); + } + $this->required_type = $required_type; + + $this->initialized_attributes = $initialized_attrs; + unset($initialized_attrs['tables_split'], $initialized_attrs['tables_loaded']); + $all_attr_names = array_keys($initialized_attrs); + $this->secondary_attr_names = array_diff($all_attr_names, self::$primary_attr_names); + } + + protected function isMissingPrimaries($row) { + return array_diff(self::$primary_attr_names, array_keys($row)) !== array(); + } + + protected function isMissingSecondaries($row) { + return array_diff($this->secondary_attr_names, array_keys($row)) !== array(); + } + + protected function checkType($row) { + if ($row['type'] !== $this->required_type) { + $msg = elgg_echo('InvalidClassException:NotValidElggStar', array($row['guid'], $this->class)); + throw new InvalidClassException($msg); + } + } + + /** + * Get all required attributes for the entity, validating any that are passed in. Returns empty array + * if can't be loaded (Check $failure_reason). + * + * This function splits loading between "primary" attributes (those in {prefix}entities table) and + * "secondary" attributes (e.g. those in {prefix}objects_entity), but can load all at once if a + * combined loader is available. + * + * @param mixed $row a row loaded from DB (array or stdClass) or a GUID + * @return array will be empty if failed to load all attributes (access control or entity doesn't exist) + * + * @throws InvalidArgumentException|LogicException|IncompleteEntityException + */ + public function getRequiredAttributes($row) { + if (!is_array($row) && !($row instanceof stdClass)) { + // assume row is the GUID + $row = array('guid' => $row); + } + $row = (array) $row; + if (empty($row['guid'])) { + throw new InvalidArgumentException('$row must be or contain a GUID'); + } + + // these must be present to support isFullyLoaded() + foreach (array('tables_split', 'tables_loaded') as $key) { + if (isset($this->initialized_attributes[$key])) { + $row[$key] = $this->initialized_attributes[$key]; + } + } + + $was_missing_primaries = $this->isMissingPrimaries($row); + $was_missing_secondaries = $this->isMissingSecondaries($row); + + // some types have a function to load all attributes at once, it should be faster + if (($was_missing_primaries || $was_missing_secondaries) && is_callable($this->full_loader)) { + $fetched = (array) call_user_func($this->full_loader, $row['guid']); + if (!$fetched) { + return array(); + } + $row = array_merge($row, $fetched); + $this->checkType($row); + } else { + if ($was_missing_primaries) { + if (!is_callable($this->primary_loader)) { + throw new LogicException('Primary attribute loader must be callable'); + } + if (!$this->requires_access_control) { + $ignoring_access = elgg_set_ignore_access(); + } + $fetched = (array) call_user_func($this->primary_loader, $row['guid']); + if (!$this->requires_access_control) { + elgg_set_ignore_access($ignoring_access); + } + if (!$fetched) { + return array(); + } + $row = array_merge($row, $fetched); + } + + // We must test type before trying to load the secondaries so that InvalidClassException + // gets thrown. Otherwise the secondary loader will fail and return false. + $this->checkType($row); + + if ($was_missing_secondaries) { + if (!is_callable($this->secondary_loader)) { + throw new LogicException('Secondary attribute loader must be callable'); + } + $fetched = (array) call_user_func($this->secondary_loader, $row['guid']); + if (!$fetched) { + if ($row['type'] === 'site') { + // A special case is needed for sites: When vanilla ElggEntities are created and + // saved, these are stored w/ type "site", but with no sites_entity row. These + // are probably only created in the unit tests. + // @todo Don't save vanilla ElggEntities with type "site" + $row['guid'] = (int) $row['guid']; + return $row; + } + throw new IncompleteEntityException("Secondary loader failed to return row for {$row['guid']}"); + } + $row = array_merge($row, $fetched); + } + } + + // loading complete: re-check missing and check type + if (($was_missing_primaries && $this->isMissingPrimaries($row)) + || ($was_missing_secondaries && $this->isMissingSecondaries($row))) { + throw new LogicException('Attribute loaders failed to return proper attributes'); + } + + // guid needs to be an int http://trac.elgg.org/ticket/4111 + $row['guid'] = (int) $row['guid']; + + return $row; + } +} diff --git a/engine/classes/ElggAutoP.php b/engine/classes/ElggAutoP.php new file mode 100644 index 000000000..89d77e583 --- /dev/null +++ b/engine/classes/ElggAutoP.php @@ -0,0 +1,309 @@ +<?php + +/** + * Create wrapper P and BR elements in HTML depending on newlines. Useful when + * users use newlines to signal line and paragraph breaks. In all cases output + * should be well-formed markup. + * + * In DIV elements, Ps are only added when there would be at + * least two of them. + */ +class ElggAutoP { + + public $encoding = 'UTF-8'; + + /** + * @var DOMDocument + */ + protected $_doc = null; + + /** + * @var DOMXPath + */ + protected $_xpath = null; + + protected $_blocks = 'address article area aside blockquote caption col colgroup dd + details div dl dt fieldset figure figcaption footer form h1 h2 h3 h4 h5 h6 header + hr hgroup legend map math menu nav noscript p pre section select style summary + table tbody td tfoot th thead tr ul ol option li'; + + /** + * @var array + */ + protected $_inlines = 'a abbr audio b button canvas caption cite code command datalist + del dfn em embed i iframe img input ins kbd keygen label map mark meter object + output progress q rp rt ruby s samp script select small source span strong style + sub sup textarea time var video wbr'; + + /** + * Descend into these elements to add Ps + * + * @var array + */ + protected $_descendList = 'article aside blockquote body details div footer form + header section'; + + /** + * Add Ps inside these elements + * + * @var array + */ + protected $_alterList = 'article aside blockquote body details div footer header + section'; + + protected $_unique = ''; + + public function __construct() { + $this->_blocks = preg_split('@\\s+@', $this->_blocks); + $this->_descendList = preg_split('@\\s+@', $this->_descendList); + $this->_alterList = preg_split('@\\s+@', $this->_alterList); + $this->_inlines = preg_split('@\\s+@', $this->_inlines); + $this->_unique = md5(__FILE__); + } + + /** + * Intance of class for singleton pattern. + * @var ElggAutoP + */ + private static $instance; + + /** + * Singleton pattern. + * @return ElggAutoP + */ + public static function getInstance() { + $className = __CLASS__; + if (!(self::$instance instanceof $className)) { + self::$instance = new $className(); + } + return self::$instance; + } + + /** + * Create wrapper P and BR elements in HTML depending on newlines. Useful when + * users use newlines to signal line and paragraph breaks. In all cases output + * should be well-formed markup. + * + * In DIV, LI, TD, and TH elements, Ps are only added when their would be at + * least two of them. + * + * @param string $html snippet + * @return string|false output or false if parse error occurred + */ + public function process($html) { + // normalize whitespace + $html = str_replace(array("\r\n", "\r"), "\n", $html); + + // allows preserving entities untouched + $html = str_replace('&', $this->_unique . 'AMP', $html); + + $this->_doc = new DOMDocument(); + + // parse to DOM, suppressing loadHTML warnings + // http://www.php.net/manual/en/domdocument.loadhtml.php#95463 + libxml_use_internal_errors(true); + + if (!$this->_doc->loadHTML("<html><meta http-equiv='content-type' " + . "content='text/html; charset={$this->encoding}'><body>{$html}</body>" + . "</html>")) { + return false; + } + + $this->_xpath = new DOMXPath($this->_doc); + // start processing recursively at the BODY element + $nodeList = $this->_xpath->query('//body[1]'); + $this->_addParagraphs($nodeList->item(0)); + + // serialize back to HTML + $html = $this->_doc->saveHTML(); + + // split AUTOPs into multiples at /\n\n+/ + $html = preg_replace('/(' . $this->_unique . 'NL){2,}/', '</autop><autop>', $html); + $html = str_replace(array($this->_unique . 'BR', $this->_unique . 'NL', '<br>'), + '<br />', + $html); + $html = str_replace('<br /></autop>', '</autop>', $html); + + // re-parse so we can handle new AUTOP elements + + if (!$this->_doc->loadHTML($html)) { + return false; + } + // must re-create XPath object after DOM load + $this->_xpath = new DOMXPath($this->_doc); + + // strip AUTOPs that only have comments/whitespace + foreach ($this->_xpath->query('//autop') as $autop) { + $hasContent = false; + if (trim($autop->textContent) !== '') { + $hasContent = true; + } else { + foreach ($autop->childNodes as $node) { + if ($node->nodeType === XML_ELEMENT_NODE) { + $hasContent = true; + break; + } + } + } + if (!$hasContent) { + // strip w/ preg_replace later (faster than moving nodes out) + $autop->setAttribute("r", "1"); + } + } + + // remove a single AUTOP inside certain elements + foreach ($this->_xpath->query('//div') as $el) { + $autops = $this->_xpath->query('./autop', $el); + if ($autops->length === 1) { + // strip w/ preg_replace later (faster than moving nodes out) + $autops->item(0)->setAttribute("r", "1"); + } + } + + $html = $this->_doc->saveHTML(); + + // trim to the contents of BODY + $bodyStart = strpos($html, '<body>'); + $bodyEnd = strpos($html, '</body>', $bodyStart + 6); + $html = substr($html, $bodyStart + 6, $bodyEnd - $bodyStart - 6); + + // strip AUTOPs that should be removed + $html = preg_replace('@<autop r="1">(.*?)</autop>@', '\\1', $html); + + // commit to converting AUTOPs to Ps + $html = str_replace('<autop>', "\n<p>", $html); + $html = str_replace('</autop>', "</p>\n", $html); + + $html = str_replace('<br>', '<br />', $html); + $html = str_replace($this->_unique . 'AMP', '&', $html); + return $html; + } + + /** + * Add P and BR elements as necessary + * + * @param DOMElement $el + */ + protected function _addParagraphs(DOMElement $el) { + // no need to recurse, just queue up + $elsToProcess = array($el); + $inlinesToProcess = array(); + while ($el = array_shift($elsToProcess)) { + // if true, we can alter all child nodes, if not, we'll just call + // _addParagraphs on each element in the descendInto list + $alterInline = in_array($el->nodeName, $this->_alterList); + + // inside affected elements, we want to trim leading whitespace from + // the first text node + $ltrimFirstTextNode = true; + + // should we open a new AUTOP element to move inline elements into? + $openP = true; + $autop = null; + + // after BR, ignore a newline + $isFollowingBr = false; + + $node = $el->firstChild; + while (null !== $node) { + if ($alterInline) { + if ($openP) { + $openP = false; + // create a P to move inline content into (this may be removed later) + $autop = $el->insertBefore($this->_doc->createElement('autop'), $node); + } + } + + $isElement = ($node->nodeType === XML_ELEMENT_NODE); + if ($isElement) { + $elName = $node->nodeName; + } + $isBlock = ($isElement && in_array($elName, $this->_blocks)); + + if ($alterInline) { + $isInline = $isElement && ! $isBlock; + $isText = ($node->nodeType === XML_TEXT_NODE); + $isLastInline = (! $node->nextSibling + || ($node->nextSibling->nodeType === XML_ELEMENT_NODE + && in_array($node->nextSibling->nodeName, $this->_blocks))); + if ($isElement) { + $isFollowingBr = ($node->nodeName === 'br'); + } + + if ($isText) { + $nodeText = $node->nodeValue; + if ($ltrimFirstTextNode) { + $nodeText = ltrim($nodeText); + $ltrimFirstTextNode = false; + } + if ($isFollowingBr && preg_match('@^[ \\t]*\\n[ \\t]*@', $nodeText, $m)) { + // if a user ends a line with <br>, don't add a second BR + $nodeText = substr($nodeText, strlen($m[0])); + } + if ($isLastInline) { + $nodeText = rtrim($nodeText); + } + $nodeText = str_replace("\n", $this->_unique . 'NL', $nodeText); + $tmpNode = $node; + $node = $node->nextSibling; // move loop to next node + + // alter node in place, then move into AUTOP + $tmpNode->nodeValue = $nodeText; + $autop->appendChild($tmpNode); + + continue; + } + } + if ($isBlock || ! $node->nextSibling) { + if ($isBlock) { + if (in_array($node->nodeName, $this->_descendList)) { + $elsToProcess[] = $node; + //$this->_addParagraphs($node); + } + } + $openP = true; + $ltrimFirstTextNode = true; + } + if ($alterInline) { + if (! $isBlock) { + $tmpNode = $node; + if ($isElement && false !== strpos($tmpNode->textContent, "\n")) { + $inlinesToProcess[] = $tmpNode; + } + $node = $node->nextSibling; + $autop->appendChild($tmpNode); + continue; + } + } + + $node = $node->nextSibling; + } + } + + // handle inline nodes + // no need to recurse, just queue up + while ($el = array_shift($inlinesToProcess)) { + $ignoreLeadingNewline = false; + foreach ($el->childNodes as $node) { + if ($node->nodeType === XML_ELEMENT_NODE) { + if ($node->nodeValue === 'BR') { + $ignoreLeadingNewline = true; + } else { + $ignoreLeadingNewline = false; + if (false !== strpos($node->textContent, "\n")) { + $inlinesToProcess[] = $node; + } + } + continue; + } elseif ($node->nodeType === XML_TEXT_NODE) { + $text = $node->nodeValue; + if ($text[0] === "\n" && $ignoreLeadingNewline) { + $text = substr($text, 1); + $ignoreLeadingNewline = false; + } + $node->nodeValue = str_replace("\n", $this->_unique . 'BR', $text); + } + } + } + } +} diff --git a/engine/classes/ElggEntity.php b/engine/classes/ElggEntity.php index 77c2bbf4d..929abceb2 100644 --- a/engine/classes/ElggEntity.php +++ b/engine/classes/ElggEntity.php @@ -248,7 +248,9 @@ abstract class ElggEntity extends ElggData implements * @return mixed The value, or NULL if not found. */ public function getMetaData($name) { - if ((int) ($this->guid) == 0) { + $guid = $this->getGUID(); + + if (! $guid) { if (isset($this->temp_metadata[$name])) { // md is returned as an array only if more than 1 entry if (count($this->temp_metadata[$name]) == 1) { @@ -261,21 +263,38 @@ abstract class ElggEntity extends ElggData implements } } + // upon first cache miss, just load/cache all the metadata and retry. + // if this works, the rest of this function may not be needed! + $cache = elgg_get_metadata_cache(); + if ($cache->isKnown($guid, $name)) { + return $cache->load($guid, $name); + } else { + $cache->populateFromEntities(array($guid)); + // in case ignore_access was on, we have to check again... + if ($cache->isKnown($guid, $name)) { + return $cache->load($guid, $name); + } + } + $md = elgg_get_metadata(array( - 'guid' => $this->getGUID(), + 'guid' => $guid, 'metadata_name' => $name, 'limit' => 0, )); + $value = null; + if ($md && !is_array($md)) { - return $md->value; + $value = $md->value; } elseif (count($md) == 1) { - return $md[0]->value; + $value = $md[0]->value; } else if ($md && is_array($md)) { - return metadata_array_to_values($md); + $value = metadata_array_to_values($md); } - return null; + $cache->save($guid, $name, $value); + + return $value; } /** @@ -1007,7 +1026,7 @@ abstract class ElggEntity extends ElggData implements /** * Returns the guid. * - * @return int GUID + * @return int|null GUID */ public function getGUID() { return $this->get('guid'); @@ -1245,16 +1264,16 @@ abstract class ElggEntity extends ElggData implements /** * Save an entity. * - * @return bool/int + * @return bool|int * @throws IOException */ public function save() { - $guid = (int) $this->guid; + $guid = $this->getGUID(); if ($guid > 0) { cache_entity($this); return update_entity( - $this->get('guid'), + $guid, $this->get('owner_guid'), $this->get('access_id'), $this->get('container_guid'), @@ -1301,10 +1320,7 @@ abstract class ElggEntity extends ElggData implements $this->attributes['subtype'] = get_subtype_id($this->attributes['type'], $this->attributes['subtype']); - // Cache object handle - if ($this->attributes['guid']) { - cache_entity($this); - } + cache_entity($this); return $this->attributes['guid']; } diff --git a/engine/classes/ElggGroup.php b/engine/classes/ElggGroup.php index 121186196..ea257f368 100644 --- a/engine/classes/ElggGroup.php +++ b/engine/classes/ElggGroup.php @@ -324,37 +324,18 @@ class ElggGroup extends ElggEntity * @return bool */ protected function load($guid) { - // Test to see if we have the generic stuff - if (!parent::load($guid)) { - return false; - } + $attr_loader = new ElggAttributeLoader(get_class(), 'group', $this->attributes); + $attr_loader->requires_access_control = !($this instanceof ElggPlugin); + $attr_loader->secondary_loader = 'get_group_entity_as_row'; - // Only work with GUID from here - if ($guid instanceof stdClass) { - $guid = $guid->guid; - } - - // Check the type - if ($this->attributes['type'] != 'group') { - $msg = elgg_echo('InvalidClassException:NotValidElggStar', array($guid, get_class())); - throw new InvalidClassException($msg); - } - - // Load missing data - $row = get_group_entity_as_row($guid); - if (($row) && (!$this->isFullyLoaded())) { - // If $row isn't a cached copy then increment the counter - $this->attributes['tables_loaded']++; - } - - // Now put these into the attributes array as core values - $objarray = (array) $row; - foreach ($objarray as $key => $value) { - $this->attributes[$key] = $value; + $attrs = $attr_loader->getRequiredAttributes($guid); + if (!$attrs) { + return false; } - // guid needs to be an int http://trac.elgg.org/ticket/4111 - $this->attributes['guid'] = (int)$this->attributes['guid']; + $this->attributes = $attrs; + $this->attributes['tables_loaded'] = 2; + cache_entity($this); return true; } diff --git a/engine/classes/ElggGroupItemVisibility.php b/engine/classes/ElggGroupItemVisibility.php new file mode 100644 index 000000000..2c7e2abb4 --- /dev/null +++ b/engine/classes/ElggGroupItemVisibility.php @@ -0,0 +1,93 @@ +<?php + +/** + * Determines if otherwise visible items should be hidden from a user due to group + * policy or visibility. + * + * @class ElggGroupItemVisibility + * @package Elgg.Core + * @subpackage Groups + * + * @access private + */ +class ElggGroupItemVisibility { + + const REASON_MEMBERSHIP = 'membershiprequired'; + const REASON_LOGGEDOUT = 'loggedinrequired'; + const REASON_NOACCESS = 'noaccess'; + + /** + * @var bool + */ + public $shouldHideItems = false; + + /** + * @var string + */ + public $reasonHidden = ''; + + /** + * Determine visibility of items within a container for the current user + * + * @param int $container_guid GUID of a container (may/may not be a group) + * + * @return ElggGroupItemVisibility + * + * @todo Make this faster, considering it must run for every river item. + */ + static public function factory($container_guid) { + // cache because this may be called repeatedly during river display, and + // due to need to check group visibility, cache will be disabled for some + // get_entity() calls + static $cache = array(); + + $ret = new ElggGroupItemVisibility(); + + if (!$container_guid) { + return $ret; + } + + $user = elgg_get_logged_in_user_entity(); + $user_guid = $user ? $user->guid : 0; + + $container_guid = (int) $container_guid; + + $cache_key = "$container_guid|$user_guid"; + if (empty($cache[$cache_key])) { + // compute + + $container = get_entity($container_guid); + $is_visible = (bool) $container; + + if (!$is_visible) { + // see if it *really* exists... + $prev_access = elgg_set_ignore_access(); + $container = get_entity($container_guid); + elgg_set_ignore_access($prev_access); + } + + if ($container && $container instanceof ElggGroup) { + /* @var ElggGroup $container */ + + if ($is_visible) { + if (!$container->isPublicMembership()) { + if ($user) { + if (!$container->isMember($user) && !$user->isAdmin()) { + $ret->shouldHideItems = true; + $ret->reasonHidden = self::REASON_MEMBERSHIP; + } + } else { + $ret->shouldHideItems = true; + $ret->reasonHidden = self::REASON_LOGGEDOUT; + } + } + } else { + $ret->shouldHideItems = true; + $ret->reasonHidden = self::REASON_NOACCESS; + } + } + $cache[$cache_key] = $ret; + } + return $cache[$cache_key]; + } +} diff --git a/engine/classes/ElggMenuBuilder.php b/engine/classes/ElggMenuBuilder.php index de0017599..d7f85685c 100644 --- a/engine/classes/ElggMenuBuilder.php +++ b/engine/classes/ElggMenuBuilder.php @@ -204,6 +204,9 @@ class ElggMenuBuilder { // sort each section foreach ($this->menu as $index => $section) { + foreach ($section as $key => $node) { + $section[$key]->setData('original_order', $key); + } usort($section, $sort_callback); $this->menu[$index] = $section; @@ -232,10 +235,14 @@ class ElggMenuBuilder { * @return bool */ public static function compareByText($a, $b) { - $a = $a->getText(); - $b = $b->getText(); + $at = $a->getText(); + $bt = $b->getText(); - return strnatcmp($a, $b); + $result = strnatcmp($at, $bt); + if ($result === 0) { + return $a->getData('original_order') - $b->getData('original_order'); + } + return $result; } /** @@ -246,10 +253,14 @@ class ElggMenuBuilder { * @return bool */ public static function compareByName($a, $b) { - $a = $a->getName(); - $b = $b->getName(); + $an = $a->getName(); + $bn = $b->getName(); - return strcmp($a, $b); + $result = strcmp($an, $bn); + if ($result === 0) { + return $a->getData('original_order') - $b->getData('original_order'); + } + return $result; } /** @@ -260,9 +271,12 @@ class ElggMenuBuilder { * @return bool */ public static function compareByWeight($a, $b) { - $a = $a->getWeight(); - $b = $b->getWeight(); + $aw = $a->getWeight(); + $bw = $b->getWeight(); - return $a > $b; + if ($aw == $bw) { + return $a->getData('original_order') - $b->getData('original_order'); + } + return $aw - $bw; } } diff --git a/engine/classes/ElggMenuItem.php b/engine/classes/ElggMenuItem.php index 4bc9144d4..81ce6c099 100644 --- a/engine/classes/ElggMenuItem.php +++ b/engine/classes/ElggMenuItem.php @@ -542,6 +542,9 @@ class ElggMenuItem { * @return void */ public function sortChildren($sortFunction) { + foreach ($this->data['children'] as $key => $node) { + $this->data['children'][$key]->data['original_order'] = $key; + } usort($this->data['children'], $sortFunction); } diff --git a/engine/classes/ElggMetadata.php b/engine/classes/ElggMetadata.php index 634a122e5..7f45dc3ea 100644 --- a/engine/classes/ElggMetadata.php +++ b/engine/classes/ElggMetadata.php @@ -26,8 +26,6 @@ class ElggMetadata extends ElggExtender { * Construct a metadata object * * @param mixed $id ID of metadata or a database row as stdClass object - * - * @return void */ function __construct($id = null) { $this->initializeAttributes(); @@ -54,7 +52,7 @@ class ElggMetadata extends ElggExtender { * * @param int $user_guid The GUID of the user (defaults to currently logged in user) * - * @return true|false Depending on permissions + * @return bool Depending on permissions */ function canEdit($user_guid = 0) { if ($entity = get_entity($this->get('entity_guid'))) { @@ -64,9 +62,11 @@ class ElggMetadata extends ElggExtender { } /** - * Save matadata object + * Save metadata object * - * @return int the metadata object id + * @return int|bool the metadata object id or true if updated + * + * @throws IOException */ function save() { if ($this->id > 0) { @@ -89,7 +89,13 @@ class ElggMetadata extends ElggExtender { * @return bool */ function delete() { - return elgg_delete_metastring_based_object_by_id($this->id, 'metadata'); + $success = elgg_delete_metastring_based_object_by_id($this->id, 'metadata'); + if ($success) { + // we mark unknown here because this deletes only one value + // under this name, and there may be others remaining. + elgg_get_metadata_cache()->markUnknown($this->entity_guid, $this->name); + } + return $success; } /** @@ -99,17 +105,27 @@ class ElggMetadata extends ElggExtender { * @since 1.8 */ function disable() { - return elgg_set_metastring_based_object_enabled_by_id($this->id, 'no', 'metadata'); + $success = elgg_set_metastring_based_object_enabled_by_id($this->id, 'no', 'metadata'); + if ($success) { + // we mark unknown here because this disables only one value + // under this name, and there may be others remaining. + elgg_get_metadata_cache()->markUnknown($this->entity_guid, $this->name); + } + return $success; } /** - * Disable the metadata + * Enable the metadata * * @return bool * @since 1.8 */ function enable() { - return elgg_set_metastring_based_object_enabled_by_id($this->id, 'yes', 'metadata'); + $success = elgg_set_metastring_based_object_enabled_by_id($this->id, 'yes', 'metadata'); + if ($success) { + elgg_get_metadata_cache()->markUnknown($this->entity_guid, $this->name); + } + return $success; } /** diff --git a/engine/classes/ElggObject.php b/engine/classes/ElggObject.php index b4bae6825..6263f84f6 100644 --- a/engine/classes/ElggObject.php +++ b/engine/classes/ElggObject.php @@ -99,37 +99,18 @@ class ElggObject extends ElggEntity { * @throws InvalidClassException */ protected function load($guid) { - // Load data from entity table if needed - if (!parent::load($guid)) { - return false; - } + $attr_loader = new ElggAttributeLoader(get_class(), 'object', $this->attributes); + $attr_loader->requires_access_control = !($this instanceof ElggPlugin); + $attr_loader->secondary_loader = 'get_object_entity_as_row'; - // Only work with GUID from here - if ($guid instanceof stdClass) { - $guid = $guid->guid; - } - - // Check the type - if ($this->attributes['type'] != 'object') { - $msg = elgg_echo('InvalidClassException:NotValidElggStar', array($guid, get_class())); - throw new InvalidClassException($msg); - } - - // Load missing data - $row = get_object_entity_as_row($guid); - if (($row) && (!$this->isFullyLoaded())) { - // If $row isn't a cached copy then increment the counter - $this->attributes['tables_loaded']++; - } - - // Now put these into the attributes array as core values - $objarray = (array) $row; - foreach ($objarray as $key => $value) { - $this->attributes[$key] = $value; + $attrs = $attr_loader->getRequiredAttributes($guid); + if (!$attrs) { + return false; } - // guid needs to be an int http://trac.elgg.org/ticket/4111 - $this->attributes['guid'] = (int)$this->attributes['guid']; + $this->attributes = $attrs; + $this->attributes['tables_loaded'] = 2; + cache_entity($this); return true; } @@ -149,7 +130,7 @@ class ElggObject extends ElggEntity { // Save ElggObject-specific attributes return create_object_entity($this->get('guid'), $this->get('title'), - $this->get('description'), $this->get('container_guid')); + $this->get('description')); } /** @@ -223,7 +204,7 @@ class ElggObject extends ElggEntity { // must be member of group if (elgg_instanceof($this->getContainerEntity(), 'group')) { - if (!$this->getContainerEntity()->canWriteToContainer(get_user($user_guid))) { + if (!$this->getContainerEntity()->canWriteToContainer($user_guid)) { return false; } } diff --git a/engine/classes/ElggPAM.php b/engine/classes/ElggPAM.php index 0681a909b..f07095fc1 100644 --- a/engine/classes/ElggPAM.php +++ b/engine/classes/ElggPAM.php @@ -53,11 +53,17 @@ class ElggPAM { foreach ($_PAM_HANDLERS[$this->policy] as $k => $v) { $handler = $v->handler; + if (!is_callable($handler)) { + continue; + } + /* @var callable $handler */ + $importance = $v->importance; try { // Execute the handler - $result = $handler($credentials); + // @todo don't assume $handler is a global function + $result = call_user_func($handler, $credentials); if ($result) { $authenticated = true; } elseif ($result === false) { diff --git a/engine/classes/ElggPlugin.php b/engine/classes/ElggPlugin.php index 8c9093834..32b5f952a 100644 --- a/engine/classes/ElggPlugin.php +++ b/engine/classes/ElggPlugin.php @@ -36,8 +36,9 @@ class ElggPlugin extends ElggObject { * @warning Unlike other ElggEntity objects, you cannot null instantiate * ElggPlugin. You must point it to an actual plugin GUID or location. * - * @param mixed $plugin The GUID of the ElggPlugin object or the path of - * the plugin to load. + * @param mixed $plugin The GUID of the ElggPlugin object or the path of the plugin to load. + * + * @throws PluginException */ public function __construct($plugin) { if (!$plugin) { @@ -76,68 +77,8 @@ class ElggPlugin extends ElggObject { // load the rest of the plugin parent::__construct($existing_guid); } - } - - /** - * Overridden from ElggEntity and ElggObject::load(). Core always inits plugins with - * a query joined to the objects_entity table, so all the info is there. - * - * @param mixed $guid GUID of an ElggObject or the stdClass object from entities table - * - * @return bool - * @throws InvalidClassException - */ - protected function load($guid) { - - $expected_attributes = $this->attributes; - unset($expected_attributes['tables_split']); - unset($expected_attributes['tables_loaded']); - - // this was loaded with a full join - $needs_loaded = false; - - if ($guid instanceof stdClass) { - $row = (array) $guid; - $missing_attributes = array_diff_key($expected_attributes, $row); - if ($missing_attributes) { - $needs_loaded = true; - $old_guid = $guid; - $guid = $row['guid']; - } else { - $this->attributes = $row; - } - } else { - $needs_loaded = true; - } - if ($needs_loaded) { - $entity = (array) get_entity_as_row($guid); - $object = (array) get_object_entity_as_row($guid); - - if (!$entity || !$object) { - return false; - } - - $this->attributes = array_merge($this->attributes, $entity, $object); - } - - $this->attributes['tables_loaded'] = 2; - - // Check the type - if ($this->attributes['type'] != 'object') { - $msg = elgg_echo('InvalidClassException:NotValidElggStar', array($guid, get_class())); - throw new InvalidClassException($msg); - } - - // guid needs to be an int http://trac.elgg.org/ticket/4111 - $this->attributes['guid'] = (int)$this->attributes['guid']; - - // cache the entity - if ($this->attributes['guid']) { - cache_entity($this); - } - - return true; + _elgg_cache_plugin_by_id($this); } /** diff --git a/engine/classes/ElggPluginManifest.php b/engine/classes/ElggPluginManifest.php index a4f5bb95d..6912c2b08 100644 --- a/engine/classes/ElggPluginManifest.php +++ b/engine/classes/ElggPluginManifest.php @@ -130,7 +130,7 @@ class ElggPluginManifest { } // see if we need to construct the xml object. - if ($manifest instanceof XmlElement) { + if ($manifest instanceof ElggXMLElement) { $manifest_obj = $manifest; } else { if (substr(trim($manifest), 0, 1) == '<') { diff --git a/engine/classes/ElggPluginManifestParser.php b/engine/classes/ElggPluginManifestParser.php index b0480d4d8..af152b561 100644 --- a/engine/classes/ElggPluginManifestParser.php +++ b/engine/classes/ElggPluginManifestParser.php @@ -53,10 +53,10 @@ abstract class ElggPluginManifestParser { /** * Loads the manifest XML to be parsed. * - * @param XmlElement $xml The Manifest XML object to be parsed - * @param object $caller The object calling this parser. + * @param ElggXmlElement $xml The Manifest XML object to be parsed + * @param object $caller The object calling this parser. */ - public function __construct(XmlElement $xml, $caller) { + public function __construct(ElggXMLElement $xml, $caller) { $this->manifestObject = $xml; $this->caller = $caller; } diff --git a/engine/classes/ElggSession.php b/engine/classes/ElggSession.php index 13a33736c..9750f063e 100644 --- a/engine/classes/ElggSession.php +++ b/engine/classes/ElggSession.php @@ -54,7 +54,7 @@ class ElggSession implements ArrayAccess { * * @param mixed $key Name * - * @return void + * @return mixed */ function offsetGet($key) { if (!ElggSession::$__localcache) { @@ -98,7 +98,7 @@ class ElggSession implements ArrayAccess { * * @param int $offset Offset * - * @return int + * @return bool */ function offsetExists($offset) { if (isset(ElggSession::$__localcache[$offset])) { @@ -112,6 +112,8 @@ class ElggSession implements ArrayAccess { if ($this->offsetGet($offset)) { return true; } + + return false; } @@ -132,10 +134,10 @@ class ElggSession implements ArrayAccess { * @param string $key Name * @param mixed $value Value * - * @return mixed + * @return void */ function set($key, $value) { - return $this->offsetSet($key, $value); + $this->offsetSet($key, $value); } /** @@ -143,9 +145,9 @@ class ElggSession implements ArrayAccess { * * @param string $key Name * - * @return bool + * @return void */ function del($key) { - return $this->offsetUnset($key); + $this->offsetUnset($key); } } diff --git a/engine/classes/ElggSite.php b/engine/classes/ElggSite.php index 401939005..f7f5b68ea 100644 --- a/engine/classes/ElggSite.php +++ b/engine/classes/ElggSite.php @@ -117,37 +117,18 @@ class ElggSite extends ElggEntity { * @throws InvalidClassException */ protected function load($guid) { - // Test to see if we have the generic stuff - if (!parent::load($guid)) { - return false; - } + $attr_loader = new ElggAttributeLoader(get_class(), 'site', $this->attributes); + $attr_loader->requires_access_control = !($this instanceof ElggPlugin); + $attr_loader->secondary_loader = 'get_site_entity_as_row'; - // Only work with GUID from here - if ($guid instanceof stdClass) { - $guid = $guid->guid; - } - - // Check the type - if ($this->attributes['type'] != 'site') { - $msg = elgg_echo('InvalidClassException:NotValidElggStar', array($guid, get_class())); - throw new InvalidClassException($msg); - } - - // Load missing data - $row = get_site_entity_as_row($guid); - if (($row) && (!$this->isFullyLoaded())) { - // If $row isn't a cached copy then increment the counter - $this->attributes['tables_loaded']++; - } - - // Now put these into the attributes array as core values - $objarray = (array) $row; - foreach ($objarray as $key => $value) { - $this->attributes[$key] = $value; + $attrs = $attr_loader->getRequiredAttributes($guid); + if (!$attrs) { + return false; } - // guid needs to be an int http://trac.elgg.org/ticket/4111 - $this->attributes['guid'] = (int)$this->attributes['guid']; + $this->attributes = $attrs; + $this->attributes['tables_loaded'] = 2; + cache_entity($this); return true; } diff --git a/engine/classes/ElggStaticVariableCache.php b/engine/classes/ElggStaticVariableCache.php index 787d35a32..17d849400 100644 --- a/engine/classes/ElggStaticVariableCache.php +++ b/engine/classes/ElggStaticVariableCache.php @@ -21,8 +21,8 @@ class ElggStaticVariableCache extends ElggSharedMemoryCache { * This function creates a variable cache in a static variable in * memory, optionally with a given namespace (to avoid overlap). * - * @param string $namespace The namespace for this cache to write to - * note, namespaces of the same name are shared! + * @param string $namespace The namespace for this cache to write to. + * @note namespaces of the same name are shared! */ function __construct($namespace = 'default') { $this->setNamespace($namespace); diff --git a/engine/classes/ElggUser.php b/engine/classes/ElggUser.php index d7bb89265..6c1cdc1de 100644 --- a/engine/classes/ElggUser.php +++ b/engine/classes/ElggUser.php @@ -106,37 +106,17 @@ class ElggUser extends ElggEntity * @return bool */ protected function load($guid) { - // Test to see if we have the generic stuff - if (!parent::load($guid)) { - return false; - } + $attr_loader = new ElggAttributeLoader(get_class(), 'user', $this->attributes); + $attr_loader->secondary_loader = 'get_user_entity_as_row'; - // Only work with GUID from here - if ($guid instanceof stdClass) { - $guid = $guid->guid; - } - - // Check the type - if ($this->attributes['type'] != 'user') { - $msg = elgg_echo('InvalidClassException:NotValidElggStar', array($guid, get_class())); - throw new InvalidClassException($msg); - } - - // Load missing data - $row = get_user_entity_as_row($guid); - if (($row) && (!$this->isFullyLoaded())) { - // If $row isn't a cached copy then increment the counter - $this->attributes['tables_loaded']++; - } - - // Now put these into the attributes array as core values - $objarray = (array) $row; - foreach ($objarray as $key => $value) { - $this->attributes[$key] = $value; + $attrs = $attr_loader->getRequiredAttributes($guid); + if (!$attrs) { + return false; } - // guid needs to be an int http://trac.elgg.org/ticket/4111 - $this->attributes['guid'] = (int)$this->attributes['guid']; + $this->attributes = $attrs; + $this->attributes['tables_loaded'] = 2; + cache_entity($this); return true; } diff --git a/engine/classes/ElggVolatileMetadataCache.php b/engine/classes/ElggVolatileMetadataCache.php new file mode 100644 index 000000000..8a33c198d --- /dev/null +++ b/engine/classes/ElggVolatileMetadataCache.php @@ -0,0 +1,347 @@ +<?php +/** + * ElggVolatileMetadataCache + * In memory cache of known metadata values stored by entity. + * + * @package Elgg.Core + * @subpackage Cache + * + * @access private + */ +class ElggVolatileMetadataCache { + + /** + * The cached values (or null for known to be empty). If the portion of the cache + * is synchronized, missing values are assumed to indicate that values do not + * exist in storage, otherwise, we don't know what's there. + * + * @var array + */ + protected $values = array(); + + /** + * Does the cache know that it contains all names fetch-able from storage? + * The keys are entity GUIDs and either the value exists (true) or it's not set. + * + * @var array + */ + protected $isSynchronized = array(); + + /** + * @var null|bool + */ + protected $ignoreAccess = null; + + /** + * @param int $entity_guid + * + * @param array $values + */ + public function saveAll($entity_guid, array $values) { + if (!$this->getIgnoreAccess()) { + $this->values[$entity_guid] = $values; + $this->isSynchronized[$entity_guid] = true; + } + } + + /** + * @param int $entity_guid + * + * @return array + */ + public function loadAll($entity_guid) { + if (isset($this->values[$entity_guid])) { + return $this->values[$entity_guid]; + } else { + return array(); + } + } + + /** + * Declare that there may be fetch-able metadata names in storage that this + * cache doesn't know about + * + * @param int $entity_guid + */ + public function markOutOfSync($entity_guid) { + unset($this->isSynchronized[$entity_guid]); + } + + /** + * @param $entity_guid + * + * @return bool + */ + public function isSynchronized($entity_guid) { + return isset($this->isSynchronized[$entity_guid]); + } + + /** + * @param int $entity_guid + * + * @param string $name + * + * @param array|int|string|null $value null means it is known that there is no + * fetch-able metadata under this name + * @param bool $allow_multiple + */ + public function save($entity_guid, $name, $value, $allow_multiple = false) { + if ($this->getIgnoreAccess()) { + // we don't know if what gets saves here will be available to user once + // access control returns, hence it's best to forget :/ + $this->markUnknown($entity_guid, $name); + } else { + if ($allow_multiple) { + if ($this->isKnown($entity_guid, $name)) { + $existing = $this->load($entity_guid, $name); + if ($existing !== null) { + $existing = (array) $existing; + $existing[] = $value; + $value = $existing; + } + } else { + // we don't know whether there are unknown values, so it's + // safest to leave that assumption + $this->markUnknown($entity_guid, $name); + return; + } + } + $this->values[$entity_guid][$name] = $value; + } + } + + /** + * Warning: You should always call isKnown() beforehand to verify that this + * function's return value should be trusted (otherwise a null return value + * is ambiguous). + * + * @param int $entity_guid + * + * @param string $name + * + * @return array|string|int|null null = value does not exist + */ + public function load($entity_guid, $name) { + if (isset($this->values[$entity_guid]) && array_key_exists($name, $this->values[$entity_guid])) { + return $this->values[$entity_guid][$name]; + } else { + return null; + } + } + + /** + * Forget about this metadata entry. We don't want to try to guess what the + * next fetch from storage will return + * + * @param int $entity_guid + * + * @param string $name + */ + public function markUnknown($entity_guid, $name) { + unset($this->values[$entity_guid][$name]); + $this->markOutOfSync($entity_guid); + } + + /** + * If true, load() will return an accurate value for this name + * + * @param int $entity_guid + * + * @param string $name + * + * @return bool + */ + public function isKnown($entity_guid, $name) { + if (isset($this->isSynchronized[$entity_guid])) { + return true; + } else { + return (isset($this->values[$entity_guid]) && array_key_exists($name, $this->values[$entity_guid])); + } + + } + + /** + * Declare that metadata under this name is known to be not fetch-able from storage + * + * @param int $entity_guid + * + * @param string $name + * + * @return array + */ + public function markEmpty($entity_guid, $name) { + $this->values[$entity_guid][$name] = null; + } + + /** + * Forget about all metadata for an entity + * + * @param int $entity_guid + */ + public function clear($entity_guid) { + $this->values[$entity_guid] = array(); + $this->markOutOfSync($entity_guid); + } + + /** + * Clear entire cache and mark all entities as out of sync + */ + public function flush() { + $this->values = array(); + $this->isSynchronized = array(); + } + + /** + * Use this value instead of calling elgg_get_ignore_access(). By default that + * function will be called. + * + * This setting makes this component a little more loosely-coupled. + * + * @param bool $ignore + */ + public function setIgnoreAccess($ignore) { + $this->ignoreAccess = (bool) $ignore; + } + + /** + * Tell the cache to call elgg_get_ignore_access() to determing access status. + */ + public function unsetIgnoreAccess() { + $this->ignoreAccess = null; + } + + /** + * @return bool + */ + protected function getIgnoreAccess() { + if (null === $this->ignoreAccess) { + return elgg_get_ignore_access(); + } else { + return $this->ignoreAccess; + } + } + + /** + * Invalidate based on options passed to the global *_metadata functions + * + * @param string $action Action performed on metadata. "delete", "disable", or "enable" + * + * @param array $options Options passed to elgg_(delete|disable|enable)_metadata + * + * "guid" if given, invalidation will be limited to this entity + * + * "metadata_name" if given, invalidation will be limited to metadata with this name + */ + public function invalidateByOptions($action, array $options) { + // remove as little as possible, optimizing for common cases + if (empty($options['guid'])) { + // safest to clear everything unless we want to make this even more complex :( + $this->flush(); + } else { + if (empty($options['metadata_name'])) { + // safest to clear the whole entity + $this->clear($options['guid']); + } else { + switch ($action) { + case 'delete': + $this->markEmpty($options['guid'], $options['metadata_name']); + break; + default: + $this->markUnknown($options['guid'], $options['metadata_name']); + } + } + } + } + + /** + * @param int|array $guids + */ + public function populateFromEntities($guids) { + if (empty($guids)) { + return; + } + if (!is_array($guids)) { + $guids = array($guids); + } + $guids = array_unique($guids); + + // could be useful at some point in future + //$guids = $this->filterMetadataHeavyEntities($guids); + + $db_prefix = elgg_get_config('dbprefix'); + $options = array( + 'guids' => $guids, + 'limit' => 0, + 'callback' => false, + 'joins' => array( + "JOIN {$db_prefix}metastrings v ON n_table.value_id = v.id", + "JOIN {$db_prefix}metastrings n ON n_table.name_id = n.id", + ), + 'selects' => array('n.string AS name', 'v.string AS value'), + 'order_by' => 'n_table.entity_guid, n_table.time_created ASC', + + // @todo don't know why this is necessary + 'wheres' => array(get_access_sql_suffix('n_table')), + ); + $data = elgg_get_metadata($options); + + // build up metadata for each entity, save when GUID changes (or data ends) + $last_guid = null; + $metadata = array(); + $last_row_idx = count($data) - 1; + foreach ($data as $i => $row) { + $name = $row->name; + $value = ($row->value_type === 'text') ? $row->value : (int) $row->value; + $guid = $row->entity_guid; + if ($guid !== $last_guid) { + if ($last_guid) { + $this->saveAll($last_guid, $metadata); + } + $metadata = array(); + } + if (isset($metadata[$name])) { + $metadata[$name] = (array) $metadata[$name]; + $metadata[$name][] = $value; + } else { + $metadata[$name] = $value; + } + if (($i == $last_row_idx)) { + $this->saveAll($guid, $metadata); + } + $last_guid = $guid; + } + } + + /** + * Filter out entities whose concatenated metadata values (INTs casted as string) + * exceed a threshold in characters. This could be used to avoid overpopulating the + * cache if RAM usage becomes an issue. + * + * @param array $guids GUIDs of entities to examine + * + * @param int $limit Limit in characters of all metadata (with ints casted to strings) + * + * @return array + */ + public function filterMetadataHeavyEntities(array $guids, $limit = 1024000) { + $db_prefix = elgg_get_config('dbprefix'); + + $options = array( + 'guids' => $guids, + 'limit' => 0, + 'callback' => false, + 'joins' => "JOIN {$db_prefix}metastrings v ON n_table.value_id = v.id", + 'selects' => array('SUM(LENGTH(v.string)) AS bytes'), + 'order_by' => 'n_table.entity_guid, n_table.time_created ASC', + 'group_by' => 'n_table.entity_guid', + ); + $data = elgg_get_metadata($options); + // don't cache if metadata for entity is over 10MB (or rolled INT) + foreach ($data as $row) { + if ($row->bytes > $limit || $row->bytes < 0) { + array_splice($guids, array_search($row->entity_guid, $guids), 1); + } + } + return $guids; + } +} diff --git a/engine/classes/ElggXMLElement.php b/engine/classes/ElggXMLElement.php new file mode 100644 index 000000000..65a13912c --- /dev/null +++ b/engine/classes/ElggXMLElement.php @@ -0,0 +1,115 @@ +<?php +/** + * A parser for XML that uses SimpleXMLElement + * + * @package Elgg.Core + * @subpackage XML + */ +class ElggXMLElement { + /** + * @var SimpleXMLElement + */ + private $_element; + + /** + * Creates an ElggXMLParser from a string or existing SimpleXMLElement + * + * @param string|SimpleXMLElement $xml The XML to parse + */ + public function __construct($xml) { + if ($xml instanceof SimpleXMLElement) { + $this->_element = $xml; + } else { + $this->_element = new SimpleXMLElement($xml); + } + } + + /** + * @return string The name of the element + */ + public function getName() { + return $this->_element->getName(); + } + + /** + * @return array:string The attributes + */ + public function getAttributes() { + //include namespace declarations as attributes + $xmlnsRaw = $this->_element->getNamespaces(); + $xmlns = array(); + foreach ($xmlnsRaw as $key => $val) { + $label = 'xmlns' . ($key ? ":$key" : $key); + $xmlns[$label] = $val; + } + //get attributes and merge with namespaces + $attrRaw = $this->_element->attributes(); + $attr = array(); + foreach ($attrRaw as $key => $val) { + $attr[$key] = $val; + } + $attr = array_merge((array) $xmlns, (array) $attr); + $result = array(); + foreach ($attr as $key => $val) { + $result[$key] = (string) $val; + } + return $result; + } + + /** + * @return string CData + */ + public function getContent() { + return (string) $this->_element; + } + + /** + * @return array:ElggXMLElement Child elements + */ + public function getChildren() { + $children = $this->_element->children(); + $result = array(); + foreach ($children as $val) { + $result[] = new ElggXMLElement($val); + } + + return $result; + } + + function __get($name) { + switch ($name) { + case 'name': + return $this->getName(); + break; + case 'attributes': + return $this->getAttributes(); + break; + case 'content': + return $this->getContent(); + break; + case 'children': + return $this->getChildren(); + break; + } + return null; + } + + function __isset($name) { + switch ($name) { + case 'name': + return $this->getName() !== null; + break; + case 'attributes': + return $this->getAttributes() !== null; + break; + case 'content': + return $this->getContent() !== null; + break; + case 'children': + return $this->getChildren() !== null; + break; + } + return false; + } + +}
\ No newline at end of file diff --git a/engine/classes/IncompleteEntityException.php b/engine/classes/IncompleteEntityException.php new file mode 100644 index 000000000..8c86edcc6 --- /dev/null +++ b/engine/classes/IncompleteEntityException.php @@ -0,0 +1,10 @@ +<?php +/** + * IncompleteEntityException + * Thrown when constructing an entity that is missing its secondary entity table + * + * @package Elgg.Core + * @subpackage Exception + * @access private + */ +class IncompleteEntityException extends Exception {} diff --git a/engine/handlers/cache_handler.php b/engine/handlers/cache_handler.php index b332ec379..7706c2c92 100644 --- a/engine/handlers/cache_handler.php +++ b/engine/handlers/cache_handler.php @@ -64,7 +64,7 @@ $ts = $matches[4]; // If is the same ETag, content didn't changed. $etag = $ts; -if (isset($_SERVER['HTTP_IF_NONE_MATCH']) && trim($_SERVER['HTTP_IF_NONE_MATCH']) == $etag) { +if (isset($_SERVER['HTTP_IF_NONE_MATCH']) && trim($_SERVER['HTTP_IF_NONE_MATCH']) == "\"$etag\"") { header("HTTP/1.1 304 Not Modified"); exit; } @@ -80,10 +80,10 @@ switch ($type) { break; } -header('Expires: ' . date('r', strtotime("+6 months")), true); +header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', strtotime("+6 months")), true); header("Pragma: public", true); header("Cache-Control: public", true); -header("ETag: $etag"); +header("ETag: \"$etag\""); $filename = $dataroot . 'views_simplecache/' . md5($viewtype . $view); diff --git a/engine/lib/access.php b/engine/lib/access.php index e8b3b0d52..f7d3bf7ea 100644 --- a/engine/lib/access.php +++ b/engine/lib/access.php @@ -12,6 +12,26 @@ */ /** + * Return an ElggCache static variable cache for the access caches + * + * @staticvar ElggStaticVariableCache $access_cache + * @return \ElggStaticVariableCache + * @access private + */ +function _elgg_get_access_cache() { + /** + * A default filestore cache using the dataroot. + */ + static $access_cache; + + if (!$access_cache) { + $access_cache = new ElggStaticVariableCache('access'); + } + + return $access_cache; +} + +/** * Return a string of access_ids for $user_id appropriate for inserting into an SQL IN clause. * * @uses get_access_array @@ -29,10 +49,10 @@ */ function get_access_list($user_id = 0, $site_id = 0, $flush = false) { global $CONFIG, $init_finished; - static $access_list; - - if (!isset($access_list)) { - $access_list = array(); + $cache = _elgg_get_access_cache(); + + if ($flush) { + $cache->clear(); } if ($user_id == 0) { @@ -45,20 +65,20 @@ function get_access_list($user_id = 0, $site_id = 0, $flush = false) { $user_id = (int) $user_id; $site_id = (int) $site_id; - if (isset($access_list[$user_id]) && $flush == false) { - return $access_list[$user_id]; - } + $hash = $user_id . $site_id . 'get_access_list'; - $access = "(" . implode(",", get_access_array($user_id, $site_id, $flush)) . ")"; + if ($cache[$hash]) { + return $cache[$hash]; + } + + $access_array = get_access_array($user_id, $site_id, $flush); + $access = "(" . implode(",", $access_array) . ")"; - // only cache if done with init and access is enabled (unless admin user) - // session is loaded before init is finished, so don't need to check for user session - if ($init_finished && (elgg_is_admin_logged_in() || !elgg_get_ignore_access())) { - $access_list[$user_id] = $access; - return $access_list[$user_id]; - } else { - return $access; + if ($init_finished) { + $cache[$hash] = $access; } + + return $access; } /** @@ -86,12 +106,10 @@ function get_access_list($user_id = 0, $site_id = 0, $flush = false) { function get_access_array($user_id = 0, $site_id = 0, $flush = false) { global $CONFIG, $init_finished; - // @todo everything from the db is cached. - // this cache might be redundant. But db cache is flushed on every db write. - static $access_array; + $cache = _elgg_get_access_cache(); - if (!isset($access_array)) { - $access_array = array(); + if ($flush) { + $cache->clear(); } if ($user_id == 0) { @@ -105,35 +123,41 @@ function get_access_array($user_id = 0, $site_id = 0, $flush = false) { $user_id = (int) $user_id; $site_id = (int) $site_id; - if (empty($access_array[$user_id]) || $flush == true) { - $tmp_access_array = array(ACCESS_PUBLIC); + $hash = $user_id . $site_id . 'get_access_array'; + + if ($cache[$hash]) { + $access_array = $cache[$hash]; + } else { + $access_array = array(ACCESS_PUBLIC); // The following can only return sensible data if the user is logged in. if (elgg_is_logged_in()) { - $tmp_access_array[] = ACCESS_LOGGED_IN; + $access_array[] = ACCESS_LOGGED_IN; // Get ACL memberships $query = "SELECT am.access_collection_id" . " FROM {$CONFIG->dbprefix}access_collection_membership am" . " LEFT JOIN {$CONFIG->dbprefix}access_collections ag ON ag.id = am.access_collection_id" - . " WHERE am.user_guid = {$user_id} AND (ag.site_guid = {$site_id} OR ag.site_guid = 0)"; + . " WHERE am.user_guid = $user_id AND (ag.site_guid = $site_id OR ag.site_guid = 0)"; - if ($collections = get_data($query)) { + $collections = get_data($query); + if ($collections) { foreach ($collections as $collection) { if (!empty($collection->access_collection_id)) { - $tmp_access_array[] = (int)$collection->access_collection_id; + $access_array[] = (int)$collection->access_collection_id; } } } // Get ACLs owned. $query = "SELECT ag.id FROM {$CONFIG->dbprefix}access_collections ag "; - $query .= "WHERE ag.owner_guid = {$user_id} AND (ag.site_guid = {$site_id} OR ag.site_guid = 0)"; + $query .= "WHERE ag.owner_guid = $user_id AND (ag.site_guid = $site_id OR ag.site_guid = 0)"; - if ($collections = get_data($query)) { + $collections = get_data($query); + if ($collections) { foreach ($collections as $collection) { if (!empty($collection->id)) { - $tmp_access_array[] = (int)$collection->id; + $access_array[] = (int)$collection->id; } } } @@ -141,21 +165,21 @@ function get_access_array($user_id = 0, $site_id = 0, $flush = false) { $ignore_access = elgg_check_access_overrides($user_id); if ($ignore_access == true) { - $tmp_access_array[] = ACCESS_PRIVATE; + $access_array[] = ACCESS_PRIVATE; } + } - // only cache if done with init and access is enabled (unless admin user) - // session is loaded before init is finished, so don't need to check for user session - if ($init_finished && (elgg_is_admin_logged_in() || !elgg_get_ignore_access())) { - $access_array[$user_id] = $tmp_access_array; - } + if ($init_finished) { + $cache[$hash] = $access_array; } - } else { - $tmp_access_array = $access_array[$user_id]; } - $options = array('user_id' => $user_id, 'site_id' => $site_id); - return elgg_trigger_plugin_hook('access:collections:read', 'user', $options, $tmp_access_array); + $options = array( + 'user_id' => $user_id, + 'site_id' => $site_id + ); + + return elgg_trigger_plugin_hook('access:collections:read', 'user', $options, $access_array); } /** @@ -401,9 +425,12 @@ function has_access_to_entity($entity, $user = null) { * @link http://docs.elgg.org/Access */ function get_write_access_array($user_id = 0, $site_id = 0, $flush = false) { - global $CONFIG; - //@todo this is probably not needed since caching happens at the DB level. - static $access_array; + global $CONFIG, $init_finished; + $cache = _elgg_get_access_cache(); + + if ($flush) { + $cache->clear(); + } if ($user_id == 0) { $user_id = elgg_get_logged_in_user_guid(); @@ -416,37 +443,41 @@ function get_write_access_array($user_id = 0, $site_id = 0, $flush = false) { $user_id = (int) $user_id; $site_id = (int) $site_id; - if (empty($access_array[$user_id]) || $flush == true) { - $query = "SELECT ag.* FROM {$CONFIG->dbprefix}access_collections ag "; - $query .= " WHERE (ag.site_guid = {$site_id} OR ag.site_guid = 0)"; - $query .= " AND (ag.owner_guid = {$user_id})"; - // ACCESS_PRIVATE through ACCESS_PUBLIC take 0 through 2 - // @todo this AND clause is unnecessary because of id starts at 3 for table - $query .= " AND ag.id >= 3"; + $hash = $user_id . $site_id . 'get_write_access_array'; - $tmp_access_array = array( + if ($cache[$hash]) { + $access_array = $cache[$hash]; + } else { + // @todo is there such a thing as public write access? + $access_array = array( ACCESS_PRIVATE => elgg_echo("PRIVATE"), ACCESS_FRIENDS => elgg_echo("access:friends:label"), ACCESS_LOGGED_IN => elgg_echo("LOGGED_IN"), ACCESS_PUBLIC => elgg_echo("PUBLIC") ); + + $query = "SELECT ag.* FROM {$CONFIG->dbprefix}access_collections ag "; + $query .= " WHERE (ag.site_guid = $site_id OR ag.site_guid = 0)"; + $query .= " AND (ag.owner_guid = $user_id)"; + $collections = get_data($query); if ($collections) { foreach ($collections as $collection) { - $tmp_access_array[$collection->id] = $collection->name; + $access_array[$collection->id] = $collection->name; } } - $access_array[$user_id] = $tmp_access_array; - } else { - $tmp_access_array = $access_array[$user_id]; + if ($init_finished) { + $cache[$hash] = $access_array; + } } - $options = array('user_id' => $user_id, 'site_id' => $site_id); - $tmp_access_array = elgg_trigger_plugin_hook('access:collections:write', 'user', - $options, $tmp_access_array); - - return $tmp_access_array; + $options = array( + 'user_id' => $user_id, + 'site_id' => $site_id + ); + return elgg_trigger_plugin_hook('access:collections:write', 'user', + $options, $access_array); } /** @@ -476,7 +507,7 @@ function can_edit_access_collection($collection_id, $user_guid = null) { return false; } - $write_access = get_write_access_array($user->getGUID(), null, true); + $write_access = get_write_access_array($user->getGUID(), 0, true); // don't ignore access when checking users. if ($user_guid) { @@ -560,8 +591,6 @@ function create_access_collection($name, $owner_guid = 0, $site_guid = 0) { * @see remove_user_from_access_collection() */ function update_access_collection($collection_id, $members) { - global $CONFIG; - $acl = get_access_collection($collection_id); if (!$acl) { @@ -877,6 +906,8 @@ function get_readable_access_level($entity_access_id) { * @tip Use this to access entities in automated scripts * when no user is logged in. * + * @note This clears the access cache. + * * @warning This will not show disabled entities. * Use {@link access_show_hidden_entities()} to access disabled entities. * @@ -888,6 +919,8 @@ function get_readable_access_level($entity_access_id) { * @see elgg_get_ignore_access() */ function elgg_set_ignore_access($ignore = true) { + $cache = _elgg_get_access_cache(); + $cache->clear(); $elgg_access = elgg_get_access_object(); return $elgg_access->setIgnoreAccess($ignore); } @@ -1018,6 +1051,7 @@ function elgg_override_permissions($hook, $type, $value, $params) { */ function access_test($hook, $type, $value, $params) { global $CONFIG; + $value[] = $CONFIG->path . 'engine/tests/api/access_collections.php'; return $value; } diff --git a/engine/lib/admin.php b/engine/lib/admin.php index b65d98c95..cb9524f11 100644 --- a/engine/lib/admin.php +++ b/engine/lib/admin.php @@ -233,6 +233,7 @@ function admin_init() { elgg_register_action('admin/site/update_basic', '', 'admin'); elgg_register_action('admin/site/update_advanced', '', 'admin'); elgg_register_action('admin/site/flush_cache', '', 'admin'); + elgg_register_action('admin/site/unlock_upgrade', '', 'admin'); elgg_register_action('admin/menu/save', '', 'admin'); @@ -268,8 +269,9 @@ function admin_init() { // users elgg_register_admin_menu_item('administer', 'users', null, 20); elgg_register_admin_menu_item('administer', 'online', 'users', 10); - elgg_register_admin_menu_item('administer', 'newest', 'users', 20); - elgg_register_admin_menu_item('administer', 'add', 'users', 30); + elgg_register_admin_menu_item('administer', 'admins', 'users', 20); + elgg_register_admin_menu_item('administer', 'newest', 'users', 30); + elgg_register_admin_menu_item('administer', 'add', 'users', 40); // configure // plugins diff --git a/engine/lib/annotations.php b/engine/lib/annotations.php index 2036ccd61..3b9f84703 100644 --- a/engine/lib/annotations.php +++ b/engine/lib/annotations.php @@ -316,8 +316,6 @@ function elgg_list_annotations($options) { * * annotation_owner_guids => NULL|ARR guids for annotaiton owners * - * annotation_ids => NULL|ARR Annotation IDs - * * @return mixed If count, int. If not count, array. false on errors. * @since 1.7.0 */ @@ -336,8 +334,6 @@ function elgg_get_entities_from_annotations(array $options = array()) { 'annotation_owner_guids' => ELGG_ENTITIES_ANY_VALUE, - 'annotation_ids' => ELGG_ENTITIES_ANY_VALUE, - 'order_by' => 'maxtime desc', 'group_by' => 'a.entity_guid' ); @@ -345,12 +341,13 @@ function elgg_get_entities_from_annotations(array $options = array()) { $options = array_merge($defaults, $options); $singulars = array('annotation_name', 'annotation_value', - 'annotation_name_value_pair', 'annotation_owner_guid', 'annotation_id'); + 'annotation_name_value_pair', 'annotation_owner_guid'); $options = elgg_normalise_plural_options_array($options, $singulars); + $options = elgg_entities_get_metastrings_options('annotation', $options); - if (!$options = elgg_entities_get_metastrings_options('annotation', $options)) { - return FALSE; + if (!$options) { + return false; } // special sorting for annotations diff --git a/engine/lib/configuration.php b/engine/lib/configuration.php index 305aa00b6..b10e51130 100644 --- a/engine/lib/configuration.php +++ b/engine/lib/configuration.php @@ -91,23 +91,29 @@ function elgg_get_config($name, $site_guid = 0) { return $CONFIG->$name; } - if ($site_guid === NULL) { + if ($site_guid === null) { // installation wide setting $value = datalist_get($name); } else { - // site specific setting - if ($site_guid == 0) { - $site_guid = (int) $CONFIG->site_id; + // hit DB only if we're not sure if value exists or not + if (!isset($CONFIG->site_config_loaded)) { + // site specific setting + if ($site_guid == 0) { + $site_guid = (int) $CONFIG->site_id; + } + $value = get_config($name, $site_guid); + } else { + $value = null; } - $value = get_config($name, $site_guid); } - if ($value !== false) { - $CONFIG->$name = $value; - return $value; + // @todo document why we don't cache false + if ($value === false) { + return null; } - return null; + $CONFIG->$name = $value; + return $value; } /** @@ -558,6 +564,8 @@ function _elgg_load_site_config() { $CONFIG->url = $CONFIG->wwwroot; get_all_config(); + // gives hint to elgg_get_config function how to approach missing values + $CONFIG->site_config_loaded = true; } /** diff --git a/engine/lib/elgglib.php b/engine/lib/elgglib.php index 554b0561f..540605876 100644 --- a/engine/lib/elgglib.php +++ b/engine/lib/elgglib.php @@ -671,7 +671,7 @@ function elgg_register_event_handler($event, $object_type, $callback, $priority global $CONFIG; if (empty($event) || empty($object_type)) { - return FALSE; + return false; } if (!isset($CONFIG->events)) { @@ -684,8 +684,8 @@ function elgg_register_event_handler($event, $object_type, $callback, $priority $CONFIG->events[$event][$object_type] = array(); } - if (!is_callable($callback)) { - return FALSE; + if (!is_callable($callback, true)) { + return false; } $priority = max((int) $priority, 0); @@ -695,7 +695,7 @@ function elgg_register_event_handler($event, $object_type, $callback, $priority } $CONFIG->events[$event][$object_type][$priority] = $callback; ksort($CONFIG->events[$event][$object_type]); - return TRUE; + return true; } /** @@ -710,9 +710,12 @@ function elgg_register_event_handler($event, $object_type, $callback, $priority */ function elgg_unregister_event_handler($event, $object_type, $callback) { global $CONFIG; - foreach ($CONFIG->events[$event][$object_type] as $key => $event_callback) { - if ($event_callback == $callback) { - unset($CONFIG->events[$event][$object_type][$key]); + + if (isset($CONFIG->events[$event]) && isset($CONFIG->events[$event][$object_type])) { + foreach ($CONFIG->events[$event][$object_type] as $key => $event_callback) { + if ($event_callback == $callback) { + unset($CONFIG->events[$event][$object_type][$key]); + } } } } @@ -770,14 +773,14 @@ function elgg_trigger_event($event, $object_type, $object = null) { foreach ($events as $callback_list) { if (is_array($callback_list)) { foreach ($callback_list as $callback) { - if (call_user_func_array($callback, $args) === FALSE) { - return FALSE; + if (is_callable($callback) && (call_user_func_array($callback, $args) === false)) { + return false; } } } } - return TRUE; + return true; } /** @@ -850,7 +853,7 @@ function elgg_register_plugin_hook_handler($hook, $type, $callback, $priority = global $CONFIG; if (empty($hook) || empty($type)) { - return FALSE; + return false; } if (!isset($CONFIG->hooks)) { @@ -863,8 +866,8 @@ function elgg_register_plugin_hook_handler($hook, $type, $callback, $priority = $CONFIG->hooks[$hook][$type] = array(); } - if (!is_callable($callback)) { - return FALSE; + if (!is_callable($callback, true)) { + return false; } $priority = max((int) $priority, 0); @@ -874,7 +877,7 @@ function elgg_register_plugin_hook_handler($hook, $type, $callback, $priority = } $CONFIG->hooks[$hook][$type][$priority] = $callback; ksort($CONFIG->hooks[$hook][$type]); - return TRUE; + return true; } /** @@ -889,9 +892,12 @@ function elgg_register_plugin_hook_handler($hook, $type, $callback, $priority = */ function elgg_unregister_plugin_hook_handler($hook, $entity_type, $callback) { global $CONFIG; - foreach ($CONFIG->hooks[$hook][$entity_type] as $key => $hook_callback) { - if ($hook_callback == $callback) { - unset($CONFIG->hooks[$hook][$entity_type][$key]); + + if (isset($CONFIG->hooks[$hook]) && isset($CONFIG->hooks[$hook][$entity_type])) { + foreach ($CONFIG->hooks[$hook][$entity_type] as $key => $hook_callback) { + if ($hook_callback == $callback) { + unset($CONFIG->hooks[$hook][$entity_type][$key]); + } } } } @@ -970,10 +976,12 @@ function elgg_trigger_plugin_hook($hook, $type, $params = null, $returnvalue = n foreach ($hooks as $callback_list) { if (is_array($callback_list)) { foreach ($callback_list as $hookcallback) { - $args = array($hook, $type, $returnvalue, $params); - $temp_return_value = call_user_func_array($hookcallback, $args); - if (!is_null($temp_return_value)) { - $returnvalue = $temp_return_value; + if (is_callable($hookcallback)) { + $args = array($hook, $type, $returnvalue, $params); + $temp_return_value = call_user_func_array($hookcallback, $args); + if (!is_null($temp_return_value)) { + $returnvalue = $temp_return_value; + } } } } @@ -1070,7 +1078,11 @@ function _elgg_php_error_handler($errno, $errmsg, $filename, $linenum, $vars) { case E_WARNING : case E_USER_WARNING : case E_RECOVERABLE_ERROR: // (e.g. type hint violation) - error_log("PHP WARNING: $error"); + + // check if the error wasn't suppressed by the error control operator (@) + if (error_reporting()) { + error_log("PHP WARNING: $error"); + } break; default: @@ -1879,7 +1891,7 @@ function elgg_cacheable_view_page_handler($page, $type) { header("Content-type: $content_type"); // @todo should js be cached when simple cache turned off - //header('Expires: ' . date('r', time() + 864000)); + //header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', strtotime("+10 days")), true); //header("Pragma: public"); //header("Cache-Control: public"); //header("Content-Length: " . strlen($return)); diff --git a/engine/lib/entities.php b/engine/lib/entities.php index 3896cd58f..ce736ce05 100644 --- a/engine/lib/entities.php +++ b/engine/lib/entities.php @@ -17,13 +17,13 @@ global $ENTITY_CACHE; $ENTITY_CACHE = array(); /** - * Cache subtypes and related class names once loaded. + * Cache subtypes and related class names. * - * @global array $SUBTYPE_CACHE + * @global array|null $SUBTYPE_CACHE array once populated from DB, initially null * @access private */ global $SUBTYPE_CACHE; -$SUBTYPE_CACHE = NULL; +$SUBTYPE_CACHE = null; /** * Invalidate this class's entry in the cache. @@ -39,6 +39,8 @@ function invalidate_cache_for_entity($guid) { $guid = (int)$guid; unset($ENTITY_CACHE[$guid]); + + elgg_get_metadata_cache()->clear($guid); } /** @@ -57,16 +59,24 @@ function invalidate_cache_for_entity($guid) { function cache_entity(ElggEntity $entity) { global $ENTITY_CACHE; - // Don't cache entities while access control is off, otherwise they could be + // Don't cache non-plugin entities while access control is off, otherwise they could be // exposed to users who shouldn't see them when control is re-enabled. - if (elgg_get_ignore_access()) { + if (!($entity instanceof ElggPlugin) && elgg_get_ignore_access()) { return; } // Don't store too many or we'll have memory problems // TODO(evan): Pick a less arbitrary limit if (count($ENTITY_CACHE) > 256) { - unset($ENTITY_CACHE[array_rand($ENTITY_CACHE)]); + $random_guid = array_rand($ENTITY_CACHE); + + unset($ENTITY_CACHE[$random_guid]); + + // Purge separate metadata cache. Original idea was to do in entity destructor, but that would + // have caused a bunch of unnecessary purges at every shutdown. Doing it this way we have no way + // to know that the expunged entity will be GCed (might be another reference living), but that's + // OK; the metadata will reload if necessary. + elgg_get_metadata_cache()->clear($random_guid); } $ENTITY_CACHE[$entity->guid] = $entity; @@ -85,8 +95,6 @@ function cache_entity(ElggEntity $entity) { function retrieve_cached_entity($guid) { global $ENTITY_CACHE; - $guid = (int)$guid; - if (isset($ENTITY_CACHE[$guid])) { if ($ENTITY_CACHE[$guid]->isFullyLoaded()) { return $ENTITY_CACHE[$guid]; @@ -146,29 +154,23 @@ function retrieve_cached_entity_row($guid) { * @access private */ function get_subtype_id($type, $subtype) { - global $CONFIG, $SUBTYPE_CACHE; - - $type = sanitise_string($type); - $subtype = sanitise_string($subtype); + global $SUBTYPE_CACHE; - if ($subtype == "") { - return FALSE; + if (!$subtype) { + return false; } - // @todo use the cache before hitting database - $result = get_data_row("SELECT * from {$CONFIG->dbprefix}entity_subtypes - where type='$type' and subtype='$subtype'"); - - if ($result) { - if (!$SUBTYPE_CACHE) { - $SUBTYPE_CACHE = array(); - } + if ($SUBTYPE_CACHE === null) { + _elgg_populate_subtype_cache(); + } - $SUBTYPE_CACHE[$result->id] = $result; + // use the cache before hitting database + $result = _elgg_retrieve_cached_subtype($type, $subtype); + if ($result !== null) { return $result->id; } - return FALSE; + return false; } /** @@ -176,35 +178,67 @@ function get_subtype_id($type, $subtype) { * * @param int $subtype_id Subtype ID * - * @return string Subtype name + * @return string|false Subtype name, false if subtype not found * @link http://docs.elgg.org/DataModel/Entities/Subtypes * @see get_subtype_from_id() * @access private */ function get_subtype_from_id($subtype_id) { - global $CONFIG, $SUBTYPE_CACHE; - - $subtype_id = (int)$subtype_id; + global $SUBTYPE_CACHE; if (!$subtype_id) { return false; } + if ($SUBTYPE_CACHE === null) { + _elgg_populate_subtype_cache(); + } + if (isset($SUBTYPE_CACHE[$subtype_id])) { return $SUBTYPE_CACHE[$subtype_id]->subtype; } - $result = get_data_row("SELECT * from {$CONFIG->dbprefix}entity_subtypes where id=$subtype_id"); - if ($result) { - if (!$SUBTYPE_CACHE) { - $SUBTYPE_CACHE = array(); - } + return false; +} + +/** + * Retrieve subtype from the cache. + * + * @param string $type + * @param string $subtype + * @return stdClass|null + * + * @access private + */ +function _elgg_retrieve_cached_subtype($type, $subtype) { + global $SUBTYPE_CACHE; - $SUBTYPE_CACHE[$subtype_id] = $result; - return $result->subtype; + if ($SUBTYPE_CACHE === null) { + _elgg_populate_subtype_cache(); } - return false; + foreach ($SUBTYPE_CACHE as $obj) { + if ($obj->type === $type && $obj->subtype === $subtype) { + return $obj; + } + } + return null; +} + +/** + * Fetch all suptypes from DB to local cache. + * + * @access private + */ +function _elgg_populate_subtype_cache() { + global $CONFIG, $SUBTYPE_CACHE; + + $results = get_data("SELECT * FROM {$CONFIG->dbprefix}entity_subtypes"); + + $SUBTYPE_CACHE = array(); + foreach ($results as $row) { + $SUBTYPE_CACHE[$row->id] = $row; + } } /** @@ -223,25 +257,19 @@ function get_subtype_from_id($subtype_id) { * @access private */ function get_subtype_class($type, $subtype) { - global $CONFIG, $SUBTYPE_CACHE; - - $type = sanitise_string($type); - $subtype = sanitise_string($subtype); + global $SUBTYPE_CACHE; - // @todo use the cache before going to the database - $result = get_data_row("SELECT * from {$CONFIG->dbprefix}entity_subtypes - where type='$type' and subtype='$subtype'"); - - if ($result) { - if (!$SUBTYPE_CACHE) { - $SUBTYPE_CACHE = array(); - } - - $SUBTYPE_CACHE[$result->id] = $result; - return $result->class; + if ($SUBTYPE_CACHE === null) { + _elgg_populate_subtype_cache(); + } + + // use the cache before going to the database + $obj = _elgg_retrieve_cached_subtype($type, $subtype); + if ($obj) { + return $obj->class; } - return NULL; + return null; } /** @@ -255,29 +283,21 @@ function get_subtype_class($type, $subtype) { * @access private */ function get_subtype_class_from_id($subtype_id) { - global $CONFIG, $SUBTYPE_CACHE; - - $subtype_id = (int)$subtype_id; + global $SUBTYPE_CACHE; if (!$subtype_id) { - return false; + return null; } + if ($SUBTYPE_CACHE === null) { + _elgg_populate_subtype_cache(); + } + if (isset($SUBTYPE_CACHE[$subtype_id])) { return $SUBTYPE_CACHE[$subtype_id]->class; } - $result = get_data_row("SELECT * from {$CONFIG->dbprefix}entity_subtypes where id=$subtype_id"); - - if ($result) { - if (!$SUBTYPE_CACHE) { - $SUBTYPE_CACHE = array(); - } - $SUBTYPE_CACHE[$subtype_id] = $result; - return $result->class; - } - - return NULL; + return null; } /** @@ -303,21 +323,32 @@ function get_subtype_class_from_id($subtype_id) { * @see get_entity() */ function add_subtype($type, $subtype, $class = "") { - global $CONFIG; - $type = sanitise_string($type); - $subtype = sanitise_string($subtype); - $class = sanitise_string($class); + global $CONFIG, $SUBTYPE_CACHE; - // Short circuit if no subtype is given - if ($subtype == "") { + if (!$subtype) { return 0; } $id = get_subtype_id($type, $subtype); - if ($id == 0) { - return insert_data("insert into {$CONFIG->dbprefix}entity_subtypes" - . " (type, subtype, class) values ('$type','$subtype','$class')"); + if (!$id) { + // In cache we store non-SQL-escaped strings because that's what's returned by query + $cache_obj = (object) array( + 'type' => $type, + 'subtype' => $subtype, + 'class' => $class, + ); + + $type = sanitise_string($type); + $subtype = sanitise_string($subtype); + $class = sanitise_string($class); + + $id = insert_data("INSERT INTO {$CONFIG->dbprefix}entity_subtypes" + . " (type, subtype, class) VALUES ('$type', '$subtype', '$class')"); + + // add entry to cache + $cache_obj->id = $id; + $SUBTYPE_CACHE[$id] = $cache_obj; } return $id; @@ -359,22 +390,31 @@ function remove_subtype($type, $subtype) { function update_subtype($type, $subtype, $class = '') { global $CONFIG, $SUBTYPE_CACHE; - if (!$id = get_subtype_id($type, $subtype)) { - return FALSE; + $id = get_subtype_id($type, $subtype); + if (!$id) { + return false; } + + if ($SUBTYPE_CACHE === null) { + _elgg_populate_subtype_cache(); + } + + $unescaped_class = $class; + $type = sanitise_string($type); $subtype = sanitise_string($subtype); - - $result = update_data("UPDATE {$CONFIG->dbprefix}entity_subtypes + $class = sanitise_string($class); + + $success = update_data("UPDATE {$CONFIG->dbprefix}entity_subtypes SET type = '$type', subtype = '$subtype', class = '$class' WHERE id = $id "); - if ($result && isset($SUBTYPE_CACHE[$id])) { - $SUBTYPE_CACHE[$id]->class = $class; + if ($success && isset($SUBTYPE_CACHE[$id])) { + $SUBTYPE_CACHE[$id]->class = $unescaped_class; } - return $result; + return $success; } /** @@ -606,12 +646,14 @@ function get_entity_as_row($guid) { * * @param stdClass $row The row of the entry in the entities table. * - * @return object|false + * @return ElggEntity|false * @link http://docs.elgg.org/DataModel/Entities * @see get_entity_as_row() * @see add_subtype() * @see get_entity() * @access private + * + * @throws ClassException|InstallationException */ function entity_row_to_elggstar($row) { if (!($row instanceof stdClass)) { @@ -698,7 +740,7 @@ function get_entity($guid) { // but that evaluates to a false positive for $guid = TRUE. // This is a bit slower, but more thorough. if (!is_numeric($guid) || $guid === 0 || $guid === '0') { - return FALSE; + return false; } // Check local cache first @@ -715,14 +757,29 @@ function get_entity($guid) { $shared_cache = false; } } + + // until ACLs in memcache, DB query is required to determine access + $entity_row = get_entity_as_row($guid); + if (!$entity_row) { + return false; + } + if ($shared_cache) { - $new_entity = $shared_cache->load($guid); - if ($new_entity) { - return $new_entity; + $cached_entity = $shared_cache->load($guid); + // @todo store ACLs in memcache http://trac.elgg.org/ticket/3018#comment:3 + if ($cached_entity) { + // @todo use ACL and cached entity access_id to determine if user can see it + return $cached_entity; } } - $new_entity = entity_row_to_elggstar(get_entity_as_row($guid)); + // don't let incomplete entities cause fatal exceptions + try { + $new_entity = entity_row_to_elggstar($entity_row); + } catch (IncompleteEntityException $e) { + return false; + } + if ($new_entity) { cache_entity($new_entity); } @@ -967,19 +1024,32 @@ function elgg_get_entities(array $options = array()) { $query .= " LIMIT $offset, $limit"; } - $dt = get_data($query, $options['callback']); + if ($options['callback'] === 'entity_row_to_elggstar') { + $dt = _elgg_fetch_entities_from_sql($query); + } else { + $dt = get_data($query, $options['callback']); + } + if ($dt) { - foreach ($dt as $entity) { - // If a custom callback is provided, it could return something other than ElggEntity, - // so we have to do an explicit check here. - if ($entity instanceof ElggEntity) { - cache_entity($entity); + // populate entity and metadata caches + $guids = array(); + foreach ($dt as $item) { + // A custom callback could result in items that aren't ElggEntity's, so check for them + if ($item instanceof ElggEntity) { + cache_entity($item); + // plugins usually have only settings + if (!$item instanceof ElggPlugin) { + $guids[] = $item->guid; + } } } // @todo Without this, recursive delete fails. See #4568 reset($dt); - } + if ($guids) { + elgg_get_metadata_cache()->populateFromEntities($guids); + } + } return $dt; } else { $total = get_data_row($query); @@ -988,6 +1058,97 @@ function elgg_get_entities(array $options = array()) { } /** + * Return entities from an SQL query generated by elgg_get_entities. + * + * @param string $sql + * @return ElggEntity[] + * + * @access private + * @throws LogicException + */ +function _elgg_fetch_entities_from_sql($sql) { + static $plugin_subtype; + if (null === $plugin_subtype) { + $plugin_subtype = get_subtype_id('object', 'plugin'); + } + + // Keys are types, values are columns that, if present, suggest that the secondary + // table is already JOINed + $types_to_optimize = array( + 'object' => 'title', + 'user' => 'password', + 'group' => 'name', + ); + + $rows = get_data($sql); + + // guids to look up in each type + $lookup_types = array(); + // maps GUIDs to the $rows key + $guid_to_key = array(); + + if (isset($rows[0]->type, $rows[0]->subtype) + && $rows[0]->type === 'object' + && $rows[0]->subtype == $plugin_subtype) { + // Likely the entire resultset is plugins, which have already been optimized + // to JOIN the secondary table. In this case we allow retrieving from cache, + // but abandon the extra queries. + $types_to_optimize = array(); + } + + // First pass: use cache where possible, gather GUIDs that we're optimizing + foreach ($rows as $i => $row) { + if (empty($row->guid) || empty($row->type)) { + throw new LogicException('Entity row missing guid or type'); + } + if ($entity = retrieve_cached_entity($row->guid)) { + $rows[$i] = $entity; + continue; + } + if (isset($types_to_optimize[$row->type])) { + // check if row already looks JOINed. + if (isset($row->{$types_to_optimize[$row->type]})) { + // Row probably already contains JOINed secondary table. Don't make another query just + // to pull data that's already there + continue; + } + $lookup_types[$row->type][] = $row->guid; + $guid_to_key[$row->guid] = $i; + } + } + // Do secondary queries and merge rows + if ($lookup_types) { + $dbprefix = elgg_get_config('dbprefix'); + } + foreach ($lookup_types as $type => $guids) { + $set = "(" . implode(',', $guids) . ")"; + $sql = "SELECT * FROM {$dbprefix}{$type}s_entity WHERE guid IN $set"; + $secondary_rows = get_data($sql); + if ($secondary_rows) { + foreach ($secondary_rows as $secondary_row) { + $key = $guid_to_key[$secondary_row->guid]; + // cast to arrays to merge then cast back + $rows[$key] = (object)array_merge((array)$rows[$key], (array)$secondary_row); + } + } + } + // Second pass to finish conversion + foreach ($rows as $i => $row) { + if ($row instanceof ElggEntity) { + continue; + } else { + try { + $rows[$i] = entity_row_to_elggstar($row); + } catch (IncompleteEntityException $e) { + // don't let incomplete entities throw fatal errors + unset($rows[$i]); + } + } + } + return $rows; +} + +/** * Returns SQL where clause for type and subtype on main entity table * * @param string $table Entity table prefix as defined in SELECT...FROM entities $table @@ -1153,7 +1314,7 @@ function elgg_get_entity_type_subtype_where_sql($table, $types, $subtypes, $pair * best to provide in table.column format. * @param NULL|array $guids Array of GUIDs. * - * @return false|str + * @return false|string * @since 1.8.0 * @access private */ @@ -1202,7 +1363,7 @@ function elgg_get_guid_based_where_sql($column, $guids) { * @param NULL|int $time_updated_upper Time updated upper limit * @param NULL|int $time_updated_lower Time updated lower limit * - * @return FALSE|str FALSE on fail, string on success. + * @return FALSE|string FALSE on fail, string on success. * @since 1.7.0 * @access private */ @@ -1304,7 +1465,7 @@ function elgg_list_entities(array $options = array(), $getter = 'elgg_get_entiti * @param string $subtype The subtype of entity * @param int $container_guid The container GUID that the entinties belong to * @param int $site_guid The site GUID - * @param str $order_by Order_by SQL order by clause + * @param string $order_by Order_by SQL order by clause * * @return array|false Either an array months as YYYYMM, or false on failure */ @@ -1649,7 +1810,7 @@ function delete_entity($guid, $recursive = true) { * @param string $returnvalue Return value from previous hook * @param array $params The parameters, passed 'guid' and 'varname' * - * @return void + * @return ElggMetadata|null * @elgg_plugin_hook_handler volatile metadata * @todo investigate more. * @access private @@ -1694,6 +1855,8 @@ function volatile_data_export_plugin_hook($hook, $entity_type, $returnvalue, $pa * @elgg_event_handler export all * @return mixed * @access private + * + * @throws InvalidParameterException|InvalidClassException */ function export_entity_plugin_hook($hook, $entity_type, $returnvalue, $params) { // Sanity check values @@ -1736,6 +1899,8 @@ function export_entity_plugin_hook($hook, $entity_type, $returnvalue, $params) { * @return ElggEntity the unsaved entity which should be populated by items. * @todo Remove this. * @access private + * + * @throws ClassException|InstallationException|ImportException */ function oddentity_to_elggentity(ODDEntity $element) { $class = $element->getAttribute('class'); @@ -1747,7 +1912,7 @@ function oddentity_to_elggentity(ODDEntity $element) { if (!$tmp) { // Construct new class with owner from session $classname = get_subtype_class($class, $subclass); - if ($classname != "") { + if ($classname) { if (class_exists($classname)) { $tmp = new $classname(); @@ -1807,11 +1972,13 @@ function oddentity_to_elggentity(ODDEntity $element) { * @elgg_plugin_hook_handler import all * @todo document * @access private + * + * @throws ImportException */ function import_entity_plugin_hook($hook, $entity_type, $returnvalue, $params) { $element = $params['element']; - $tmp = NULL; + $tmp = null; if ($element instanceof ODDEntity) { $tmp = oddentity_to_elggentity($element); @@ -1853,8 +2020,6 @@ function import_entity_plugin_hook($hook, $entity_type, $returnvalue, $params) { * @link http://docs.elgg.org/Entities/AccessControl */ function can_edit_entity($entity_guid, $user_guid = 0) { - global $CONFIG; - $user_guid = (int)$user_guid; $user = get_entity($user_guid); if (!$user) { @@ -1978,7 +2143,7 @@ function get_entity_url($entity_guid) { * @param string $entity_subtype The entity subtype * @param string $function_name The function to register * - * @return true|false Depending on success + * @return bool Depending on success * @see get_entity_url() * @see ElggEntity::getURL() * @since 1.8.0 @@ -1986,7 +2151,7 @@ function get_entity_url($entity_guid) { function elgg_register_entity_url_handler($entity_type, $entity_subtype, $function_name) { global $CONFIG; - if (!is_callable($function_name)) { + if (!is_callable($function_name, true)) { return false; } @@ -2014,7 +2179,7 @@ function elgg_register_entity_url_handler($entity_type, $entity_subtype, $functi * @param string $type The type of entity (object, site, user, group) * @param string $subtype The subtype to register (may be blank) * - * @return true|false Depending on success + * @return bool Depending on success * @see get_registered_entity_types() * @link http://docs.elgg.org/Search * @link http://docs.elgg.org/Tutorials/Search @@ -2051,7 +2216,7 @@ function elgg_register_entity_type($type, $subtype = null) { * @param string $type The type of entity (object, site, user, group) * @param string $subtype The subtype to register (may be blank) * - * @return true|false Depending on success + * @return bool Depending on success * @see elgg_register_entity_type() */ function unregister_entity_type($type, $subtype) { @@ -2118,7 +2283,7 @@ function get_registered_entity_types($type = null) { * @param string $type The type of entity (object, site, user, group) * @param string $subtype The subtype (may be blank) * - * @return true|false Depending on whether or not the type has been registered + * @return bool Depending on whether or not the type has been registered */ function is_registered_entity_type($type, $subtype = null) { global $CONFIG; @@ -2318,7 +2483,7 @@ function entities_gc() { /** * Runs unit tests for the entity objects. * - * @param sting $hook unit_test + * @param string $hook unit_test * @param string $type system * @param mixed $value Array of tests * @param mixed $params Params diff --git a/engine/lib/extender.php b/engine/lib/extender.php index 43421342c..538f601e1 100644 --- a/engine/lib/extender.php +++ b/engine/lib/extender.php @@ -136,14 +136,15 @@ function can_edit_extender($extender_id, $type, $user_guid = 0) { $functionname = "elgg_get_{$type}_from_id"; if (is_callable($functionname)) { - $extender = $functionname($extender_id); + $extender = call_user_func($functionname, $extender_id); } else { return false; } - if (!is_a($extender, "ElggExtender")) { + if (!($extender instanceof ElggExtender)) { return false; } + /* @var ElggExtender $extender */ // If the owner is the specified user, great! They can edit. if ($extender->getOwnerGUID() == $user->getGUID()) { @@ -175,7 +176,7 @@ function elgg_register_extender_url_handler($extender_type, $extender_name, $fun global $CONFIG; - if (!is_callable($function_name)) { + if (!is_callable($function_name, true)) { return false; } @@ -228,7 +229,7 @@ function get_extender_url(ElggExtender $extender) { if ($url == "") { $nameid = $extender->id; if ($type == 'volatile') { - $nameid == $extender->name; + $nameid = $extender->name; } $url = "export/$view/$guid/$type/$nameid/"; } diff --git a/engine/lib/group.php b/engine/lib/group.php index feb1f1e7f..5a38e1ea6 100644 --- a/engine/lib/group.php +++ b/engine/lib/group.php @@ -33,6 +33,7 @@ function get_group_entity_as_row($guid) { * @param string $description Description * * @return bool + * @access private */ function create_group_entity($guid, $name, $description) { global $CONFIG; @@ -247,48 +248,42 @@ function get_users_membership($user_guid) { } /** - * Checks access to a group. + * May the current user access item(s) on this page? If the page owner is a group, + * membership, visibility, and logged in status are taken into account. * * @param boolean $forward If set to true (default), will forward the page; * if set to false, will return true or false. * - * @return true|false If $forward is set to false. + * @return bool If $forward is set to false. */ function group_gatekeeper($forward = true) { - $allowed = true; - $url = ''; - - if ($group = elgg_get_page_owner_entity()) { - if ($group instanceof ElggGroup) { - $url = $group->getURL(); - if (!$group->isPublicMembership()) { - // closed group so must be member or an admin - - if (!elgg_is_logged_in()) { - $allowed = false; - if ($forward == true) { - $_SESSION['last_forward_from'] = current_page_url(); - register_error(elgg_echo('loggedinrequired')); - forward('', 'login'); - } - } else if (!$group->isMember(elgg_get_logged_in_user_entity())) { - $allowed = false; - } - // Admin override - if (elgg_is_admin_logged_in()) { - $allowed = true; - } - } - } + $page_owner_guid = elgg_get_page_owner_guid(); + if (!$page_owner_guid) { + return true; } + $visibility = ElggGroupItemVisibility::factory($page_owner_guid); - if ($forward && $allowed == false) { - register_error(elgg_echo('membershiprequired')); - forward($url, 'member'); + if (!$visibility->shouldHideItems) { + return true; + } + if ($forward) { + // only forward to group if user can see it + $group = get_entity($page_owner_guid); + $forward_url = $group ? $group->getURL() : ''; + + if (!elgg_is_logged_in()) { + $_SESSION['last_forward_from'] = current_page_url(); + $forward_reason = 'login'; + } else { + $forward_reason = 'member'; + } + + register_error(elgg_echo($visibility->reasonHidden)); + forward($forward_url, $forward_reason); } - return $allowed; + return false; } /** diff --git a/engine/lib/metadata.php b/engine/lib/metadata.php index 77fa30e41..f76c20f24 100644 --- a/engine/lib/metadata.php +++ b/engine/lib/metadata.php @@ -12,7 +12,7 @@ * * @param stdClass $row An object from the database * - * @return stdClass or ElggMetadata + * @return stdClass|ElggMetadata * @access private */ function row_to_elggmetadata($row) { @@ -30,7 +30,7 @@ function row_to_elggmetadata($row) { * * @param int $id The id of the metadata object being retrieved. * - * @return false|ElggMetadata + * @return ElggMetadata|false FALSE if not found */ function elgg_get_metadata_from_id($id) { return elgg_get_metastring_based_object_from_id($id, 'metadata'); @@ -64,7 +64,7 @@ function elgg_delete_metadata_by_id($id) { * @param int $access_id Default is ACCESS_PRIVATE * @param bool $allow_multiple Allow multiple values for one key. Default is FALSE * - * @return int/bool id of metadata or FALSE if failure + * @return int|false id of metadata or FALSE if failure */ function create_metadata($entity_guid, $name, $value, $value_type = '', $owner_guid = 0, $access_id = ACCESS_PRIVATE, $allow_multiple = false) { @@ -90,8 +90,6 @@ function create_metadata($entity_guid, $name, $value, $value_type = '', $owner_g $access_id = (int)$access_id; - $id = false; - $query = "SELECT * from {$CONFIG->dbprefix}metadata" . " WHERE entity_guid = $entity_guid and name_id=" . add_metastring($name) . " limit 1"; @@ -106,34 +104,33 @@ function create_metadata($entity_guid, $name, $value, $value_type = '', $owner_g } else { // Support boolean types if (is_bool($value)) { - if ($value) { - $value = 1; - } else { - $value = 0; - } + $value = (int) $value; } // Add the metastrings - $value = add_metastring($value); - if (!$value) { + $value_id = add_metastring($value); + if (!$value_id) { return false; } - $name = add_metastring($name); - if (!$name) { + $name_id = add_metastring($name); + if (!$name_id) { return false; } // If ok then add it $query = "INSERT into {$CONFIG->dbprefix}metadata" . " (entity_guid, name_id, value_id, value_type, owner_guid, time_created, access_id)" - . " VALUES ($entity_guid, '$name','$value','$value_type', $owner_guid, $time, $access_id)"; + . " VALUES ($entity_guid, '$name_id','$value_id','$value_type', $owner_guid, $time, $access_id)"; $id = insert_data($query); if ($id !== false) { $obj = elgg_get_metadata_from_id($id); if (elgg_trigger_event('create', 'metadata', $obj)) { + + elgg_get_metadata_cache()->save($entity_guid, $name, $value, $allow_multiple); + return $id; } else { elgg_delete_metadata_by_id($id); @@ -175,6 +172,7 @@ function update_metadata($id, $name, $value, $value_type, $owner_guid, $access_i } if ($metabyname_memcache) { + // @todo fix memcache (name_id is not a property of ElggMetadata) $metabyname_memcache->delete("{$md->entity_guid}:{$md->name_id}"); } @@ -187,15 +185,9 @@ function update_metadata($id, $name, $value, $value_type, $owner_guid, $access_i $access_id = (int)$access_id; - $access = get_access_sql_suffix(); - // Support boolean types (as integers) if (is_bool($value)) { - if ($value) { - $value = 1; - } else { - $value = 0; - } + $value = (int) $value; } // Add the metastring @@ -216,6 +208,9 @@ function update_metadata($id, $name, $value, $value_type, $owner_guid, $access_i $result = update_data($query); if ($result !== false) { + + elgg_get_metadata_cache()->save($md->entity_guid, $name, $value); + // @todo this event tells you the metadata has been updated, but does not // let you do anything about it. What is needed is a plugin hook before // the update that passes old and new values. @@ -234,7 +229,7 @@ function update_metadata($id, $name, $value, $value_type, $owner_guid, $access_i * associative arrays and there is no guarantee on the ordering in the array. * * @param int $entity_guid The entity to attach the metadata to - * @param string $name_and_values Associative array - a value can be a string, number, bool + * @param array $name_and_values Associative array - a value can be a string, number, bool * @param string $value_type 'text', 'integer', or '' for automatic detection * @param int $owner_guid GUID of entity that owns the metadata * @param int $access_id Default is ACCESS_PRIVATE @@ -308,6 +303,8 @@ function elgg_delete_metadata(array $options) { return false; } + elgg_get_metadata_cache()->invalidateByOptions('delete', $options); + $options['metastring_type'] = 'metadata'; return elgg_batch_metastring_based_objects($options, 'elgg_batch_delete_callback', false); } @@ -328,6 +325,8 @@ function elgg_disable_metadata(array $options) { return false; } + elgg_get_metadata_cache()->invalidateByOptions('disable', $options); + $options['metastring_type'] = 'metadata'; return elgg_batch_metastring_based_objects($options, 'elgg_batch_disable_callback', false); } @@ -348,6 +347,8 @@ function elgg_enable_metadata(array $options) { return false; } + elgg_get_metadata_cache()->invalidateByOptions('enable', $options); + $options['metastring_type'] = 'metadata'; return elgg_batch_metastring_based_objects($options, 'elgg_batch_enable_callback'); } @@ -449,16 +450,16 @@ function elgg_get_entities_from_metadata(array $options = array()) { * This function is reused for annotations because the tables are * exactly the same. * - * @param string $e_table Entities table name - * @param string $n_table Normalized metastrings table name (Where entities, + * @param string $e_table Entities table name + * @param string $n_table Normalized metastrings table name (Where entities, * values, and names are joined. annotations / metadata) - * @param arr|null $names Array of names - * @param arr|null $values Array of values - * @param arr|null $pairs Array of names / values / operands - * @param and|or $pair_operator Operator to use to join the where clauses for pairs - * @param bool $case_sensitive Case sensitive metadata names? - * @param arr|null $order_by_metadata Array of names / direction - * @param arr|null $owner_guids Array of owner GUIDs + * @param array|null $names Array of names + * @param array|null $values Array of values + * @param array|null $pairs Array of names / values / operands + * @param string $pair_operator ("AND" or "OR") Operator to use to join the where clauses for pairs + * @param bool $case_sensitive Case sensitive metadata names? + * @param array|null $order_by_metadata Array of names / direction + * @param array|null $owner_guids Array of owner GUIDs * * @return FALSE|array False on fail, array('joins', 'wheres') * @since 1.7.0 @@ -732,6 +733,8 @@ function elgg_list_entities_from_metadata($options) { * * @return array * @access private + * + * @throws InvalidParameterException */ function export_metadata_plugin_hook($hook, $entity_type, $returnvalue, $params) { // Sanity check values @@ -743,15 +746,13 @@ function export_metadata_plugin_hook($hook, $entity_type, $returnvalue, $params) throw new InvalidParameterException(elgg_echo('InvalidParameterException:NonArrayReturnValue')); } - $guid = (int)$params['guid']; - $name = $params['name']; - $result = elgg_get_metadata(array( - 'guid' => $guid, - 'limit' => 0 + 'guid' => (int)$params['guid'], + 'limit' => 0, )); if ($result) { + /* @var ElggMetadata[] $result */ foreach ($result as $r) { $returnvalue[] = $r->export(); } @@ -889,6 +890,50 @@ function elgg_register_metadata_url_handler($extender_name, $function) { return elgg_register_extender_url_handler('metadata', $extender_name, $function); } +/** + * Get the global metadata cache instance + * + * @return ElggVolatileMetadataCache + * + * @access private + */ +function elgg_get_metadata_cache() { + global $CONFIG; + if (empty($CONFIG->local_metadata_cache)) { + $CONFIG->local_metadata_cache = new ElggVolatileMetadataCache(); + } + return $CONFIG->local_metadata_cache; +} + +/** + * Invalidate the metadata cache based on options passed to various *_metadata functions + * + * @param string $action Action performed on metadata. "delete", "disable", or "enable" + * + * @param array $options Options passed to elgg_(delete|disable|enable)_metadata + */ +function elgg_invalidate_metadata_cache($action, array $options) { + // remove as little as possible, optimizing for common cases + $cache = elgg_get_metadata_cache(); + if (empty($options['guid'])) { + // safest to clear everything unless we want to make this even more complex :( + $cache->flush(); + } else { + if (empty($options['metadata_name'])) { + // safest to clear the whole entity + $cache->clear($options['guid']); + } else { + switch ($action) { + case 'delete': + $cache->markEmpty($options['guid'], $options['metadata_name']); + break; + default: + $cache->markUnknown($options['guid'], $options['metadata_name']); + } + } + } +} + /** Register the hook */ elgg_register_plugin_hook_handler("export", "all", "export_metadata_plugin_hook", 2); @@ -912,5 +957,6 @@ elgg_register_plugin_hook_handler('unit_test', 'system', 'metadata_test'); function metadata_test($hook, $type, $value, $params) { global $CONFIG; $value[] = $CONFIG->path . 'engine/tests/api/metadata.php'; + $value[] = $CONFIG->path . 'engine/tests/api/metadata_cache.php'; return $value; -}
\ No newline at end of file +} diff --git a/engine/lib/navigation.php b/engine/lib/navigation.php index 8c3952594..86624cd7c 100644 --- a/engine/lib/navigation.php +++ b/engine/lib/navigation.php @@ -308,6 +308,32 @@ function elgg_site_menu_setup($hook, $type, $return, $params) { $return['more'] = array_splice($return['default'], $max_display_items); } } + + // check if we have anything selected + $selected = false; + foreach ($return as $section_name => $section) { + foreach ($section as $key => $item) { + if ($item->getSelected()) { + $selected = true; + break 2; + } + } + } + + if (!$selected) { + // nothing selected, match name to context + foreach ($return as $section_name => $section) { + foreach ($section as $key => $item) { + // only highlight internal links + if (strpos($item->getHref(), elgg_get_site_url()) === 0) { + if ($item->getName() == elgg_get_context()) { + $return[$section_name][$key]->setSelected(true); + break 2; + } + } + } + } + } return $return; } diff --git a/engine/lib/notification.php b/engine/lib/notification.php index 18faff27f..9e3c075a8 100644 --- a/engine/lib/notification.php +++ b/engine/lib/notification.php @@ -38,7 +38,7 @@ $NOTIFICATION_HANDLERS = array(); function register_notification_handler($method, $handler, $params = NULL) { global $NOTIFICATION_HANDLERS; - if (is_callable($handler)) { + if (is_callable($handler, true)) { $NOTIFICATION_HANDLERS[$method] = new stdClass; $NOTIFICATION_HANDLERS[$method]->handler = $handler; @@ -131,8 +131,9 @@ function notify_user($to, $from, $subject, $message, array $params = NULL, $meth // Extract method details from list $details = $NOTIFICATION_HANDLERS[$method]; $handler = $details->handler; + /* @var callable $handler */ - if ((!$NOTIFICATION_HANDLERS[$method]) || (!$handler)) { + if ((!$NOTIFICATION_HANDLERS[$method]) || (!$handler) || (!is_callable($handler))) { error_log(elgg_echo('NotificationException:NoHandlerFound', array($method))); } @@ -140,7 +141,7 @@ function notify_user($to, $from, $subject, $message, array $params = NULL, $meth // Trigger handler and retrieve result. try { - $result[$guid][$method] = $handler( + $result[$guid][$method] = call_user_func($handler, $from ? get_entity($from) : NULL, // From entity get_entity($guid), // To entity $subject, // The subject diff --git a/engine/lib/objects.php b/engine/lib/objects.php index f186c66cb..e5e8f67c4 100644 --- a/engine/lib/objects.php +++ b/engine/lib/objects.php @@ -31,6 +31,7 @@ function get_object_entity_as_row($guid) { * @param string $description The object's description * * @return bool + * @access private */ function create_object_entity($guid, $title, $description) { global $CONFIG; diff --git a/engine/lib/output.php b/engine/lib/output.php index 7bfc4be6e..bff0bf6e9 100644 --- a/engine/lib/output.php +++ b/engine/lib/output.php @@ -16,7 +16,7 @@ **/ function parse_urls($text) { // @todo this causes problems with <attr = "val"> - // must be ing <attr="val"> format (no space). + // must be in <attr="val"> format (no space). // By default htmlawed rewrites tags to this format. // if PHP supported conditional negative lookbehinds we could use this: // $r = preg_replace_callback('/(?<!=)(?<![ ])?(?<!["\'])((ht|f)tps?:\/\/[^\s\r\n\t<>"\'\!\(\),]+)/i', @@ -43,51 +43,26 @@ function parse_urls($text) { /** * Create paragraphs from text with line spacing - * Borrowed from Wordpress. * * @param string $pee The string - * @param bool $br Add BRs? + * @deprecated Use elgg_autop instead + * @todo Add deprecation warning in 1.9 * - * @todo Rewrite * @return string **/ -function autop($pee, $br = 1) { - $pee = $pee . "\n"; // just to make things a little easier, pad the end - $pee = preg_replace('|<br />\s*<br />|', "\n\n", $pee); - // Space things out a little - $allblocks = '(?:table|thead|tfoot|caption|colgroup|tbody|tr|td|th|div|dl|dd|dt|ul|ol|li|pre|select|form|map|area|blockquote|address|math|style|input|p|h[1-6]|hr)'; - $pee = preg_replace('!(<' . $allblocks . '[^>]*>)!', "\n$1", $pee); - $pee = preg_replace('!(</' . $allblocks . '>)!', "$1\n\n", $pee); - $pee = str_replace(array("\r\n", "\r"), "\n", $pee); // cross-platform newlines - if (strpos($pee, '<object') !== false) { - $pee = preg_replace('|\s*<param([^>]*)>\s*|', "<param$1>", $pee); // no pee inside object/embed - $pee = preg_replace('|\s*</embed>\s*|', '</embed>', $pee); - } - $pee = preg_replace("/\n\n+/", "\n\n", $pee); // take care of duplicates - $pee = preg_replace('/\n?(.+?)(?:\n\s*\n|\z)/s', "<p>$1</p>\n", $pee); // make paragraphs, including one at the end - $pee = preg_replace('|<p>\s*?</p>|', '', $pee); // under certain strange conditions it could create a P of entirely whitespace - $pee = preg_replace('!<p>([^<]+)\s*?(</(?:div|address|form)[^>]*>)!', "<p>$1</p>$2", $pee); - $pee = preg_replace('|<p>|', "$1<p>", $pee); - $pee = preg_replace('!<p>\s*(</?' . $allblocks . '[^>]*>)\s*</p>!', "$1", $pee); // don't pee all over a tag - $pee = preg_replace("|<p>(<li.+?)</p>|", "$1", $pee); // problem with nested lists - $pee = preg_replace('|<p><blockquote([^>]*)>|i', "<blockquote$1><p>", $pee); - $pee = str_replace('</blockquote></p>', '</p></blockquote>', $pee); - $pee = preg_replace('!<p>\s*(</?' . $allblocks . '[^>]*>)!', "$1", $pee); - $pee = preg_replace('!(</?' . $allblocks . '[^>]*>)\s*</p>!', "$1", $pee); - if ($br) { - $pee = preg_replace_callback('/<(script|style).*?<\/\\1>/s', create_function('$matches', 'return str_replace("\n", "<WPPreserveNewline />", $matches[0]);'), $pee); - $pee = preg_replace('|(?<!<br />)\s*\n|', "<br />\n", $pee); // optionally make line breaks - $pee = str_replace('<WPPreserveNewline />', "\n", $pee); - } - $pee = preg_replace('!(</?' . $allblocks . '[^>]*>)\s*<br />!', "$1", $pee); - $pee = preg_replace('!<br />(\s*</?(?:p|li|div|dl|dd|dt|th|pre|td|ul|ol)[^>]*>)!', '$1', $pee); - //if (strpos($pee, '<pre') !== false) { - // mind the space between the ? and >. Only there because of the comment. - // $pee = preg_replace_callback('!(<pre.*? >)(.*?)</pre>!is', 'clean_pre', $pee ); - //} - $pee = preg_replace("|\n</p>$|", '</p>', $pee); - - return $pee; +function autop($pee) { + return elgg_autop($pee); +} + +/** + * Create paragraphs from text with line spacing + * + * @param string $string The string + * + * @return string + **/ +function elgg_autop($string) { + return ElggAutoP::getInstance()->process($string); } /** @@ -271,8 +246,8 @@ function elgg_normalize_url($url) { // '?query=test', #target return $url; - } elseif (stripos($url, 'javascript:') === 0) { - // 'javascript:' + } elseif (stripos($url, 'javascript:') === 0 || stripos($url, 'mailto:') === 0) { + // 'javascript:' and 'mailto:' // Not covered in FILTER_VALIDATE_URL return $url; @@ -384,7 +359,7 @@ function elgg_get_friendly_time($time) { /** * Strip tags and offer plugins the chance. * Plugins register for output:strip_tags plugin hook. - * Original string included in $params['original_string'] + * Original string included in $params['original_string'] * * @param string $string Formatted string * @@ -398,3 +373,74 @@ function elgg_strip_tags($string) { return $string; } + +/** + * Apply html_entity_decode() to a string while re-entitising HTML + * special char entities to prevent them from being decoded back to their + * unsafe original forms. + * + * This relies on html_entity_decode() not translating entities when + * doing so leaves behind another entity, e.g. &gt; if decoded would + * create > which is another entity itself. This seems to escape the + * usual behaviour where any two paired entities creating a HTML tag are + * usually decoded, i.e. a lone > is not decoded, but <foo> would + * be decoded to <foo> since it creates a full tag. + * + * Note: This function is poorly explained in the manual - which is really + * bad given its potential for misuse on user input already escaped elsewhere. + * Stackoverflow is littered with advice to use this function in the precise + * way that would lead to user input being capable of injecting arbitrary HTML. + * + * @param string $string + * + * @return string + * + * @author Pádraic Brady + * @copyright Copyright (c) 2010 Pádraic Brady (http://blog.astrumfutura.com) + * @license Released under dual-license GPL2/MIT by explicit permission of Pádraic Brady + * + * @access private + */ +function _elgg_html_decode($string) { + $string = str_replace( + array('>', '<', '&', '"', '''), + array('&gt;', '&lt;', '&amp;', '&quot;', '&#039;'), + $string + ); + $string = html_entity_decode($string, ENT_NOQUOTES, 'UTF-8'); + $string = str_replace( + array('&gt;', '&lt;', '&amp;', '&quot;', '&#039;'), + array('>', '<', '&', '"', '''), + $string + ); + return $string; +} + +/** + * Unit tests for Output + * + * @param sting $hook unit_test + * @param string $type system + * @param mixed $value Array of tests + * @param mixed $params Params + * + * @return array + * @access private + */ +function output_unit_test($hook, $type, $value, $params) { + global $CONFIG; + $value[] = $CONFIG->path . 'engine/tests/api/output.php'; + return $value; +} + +/** + * Initialise the Output subsystem. + * + * @return void + * @access private + */ +function output_init() { + elgg_register_plugin_hook_handler('unit_test', 'system', 'output_unit_test'); +} + +elgg_register_event_handler('init', 'system', 'output_init'); diff --git a/engine/lib/pagehandler.php b/engine/lib/pagehandler.php index ba7518a77..0cf99b6fe 100644 --- a/engine/lib/pagehandler.php +++ b/engine/lib/pagehandler.php @@ -45,7 +45,10 @@ function page_handler($handler, $page) { $page = $request['segments']; $result = false; - if (isset($CONFIG->pagehandler) && !empty($handler) && isset($CONFIG->pagehandler[$handler])) { + if (isset($CONFIG->pagehandler) + && !empty($handler) + && isset($CONFIG->pagehandler[$handler]) + && is_callable($CONFIG->pagehandler[$handler])) { $function = $CONFIG->pagehandler[$handler]; $result = call_user_func($function, $page, $handler); } @@ -76,14 +79,15 @@ function page_handler($handler, $page) { * @param string $handler The page type to handle * @param string $function Your function name * - * @return true|false Depending on success + * @return bool Depending on success */ function elgg_register_page_handler($handler, $function) { global $CONFIG; + if (!isset($CONFIG->pagehandler)) { $CONFIG->pagehandler = array(); } - if (is_callable($function)) { + if (is_callable($function, true)) { $CONFIG->pagehandler[$handler] = $function; return true; } diff --git a/engine/lib/pageowner.php b/engine/lib/pageowner.php index 0cf0e0625..94765feee 100644 --- a/engine/lib/pageowner.php +++ b/engine/lib/pageowner.php @@ -37,6 +37,8 @@ function elgg_get_page_owner_guid($guid = 0) { /** * Gets the owner entity for the current page. * + * @note Access is disabled when getting the page owner entity. + * * @return ElggEntity|false The current page owner or false if none. * * @since 1.8.0 @@ -44,10 +46,14 @@ function elgg_get_page_owner_guid($guid = 0) { function elgg_get_page_owner_entity() { $guid = elgg_get_page_owner_guid(); if ($guid > 0) { - return get_entity($guid); + $ia = elgg_set_ignore_access(true); + $owner = get_entity($guid); + elgg_set_ignore_access($ia); + + return $owner; } - return FALSE; + return false; } /** @@ -75,6 +81,8 @@ function elgg_set_page_owner_guid($guid) { * <handler>/edit/<entity guid> * <handler>/group/<group guid> * + * @note Access is disabled while finding the page owner for the group gatekeeper functions. + * * * @param string $hook 'page_owner' * @param string $entity_type 'system' @@ -90,6 +98,8 @@ function default_page_owner_handler($hook, $entity_type, $returnvalue, $params) return $returnvalue; } + $ia = elgg_set_ignore_access(true); + $username = get_input("username"); if ($username) { // @todo using a username of group:<guid> is deprecated @@ -97,6 +107,7 @@ function default_page_owner_handler($hook, $entity_type, $returnvalue, $params) preg_match('/group\:([0-9]+)/i', $username, $matches); $guid = $matches[1]; if ($entity = get_entity($guid)) { + elgg_set_ignore_access($ia); return $entity->getGUID(); } } @@ -109,6 +120,7 @@ function default_page_owner_handler($hook, $entity_type, $returnvalue, $params) $owner = get_input("owner_guid"); if ($owner) { if ($user = get_entity($owner)) { + elgg_set_ignore_access($ia); return $user->getGUID(); } } @@ -130,6 +142,7 @@ function default_page_owner_handler($hook, $entity_type, $returnvalue, $params) case 'friends': $user = get_user_by_username($segments[2]); if ($user) { + elgg_set_ignore_access($ia); return $user->getGUID(); } break; @@ -137,6 +150,7 @@ function default_page_owner_handler($hook, $entity_type, $returnvalue, $params) case 'edit': $entity = get_entity($segments[2]); if ($entity) { + elgg_set_ignore_access($ia); return $entity->getContainerGUID(); } break; @@ -144,6 +158,7 @@ function default_page_owner_handler($hook, $entity_type, $returnvalue, $params) case 'group': $entity = get_entity($segments[2]); if ($entity) { + elgg_set_ignore_access($ia); return $entity->getGUID(); } break; @@ -151,7 +166,7 @@ function default_page_owner_handler($hook, $entity_type, $returnvalue, $params) } } - return $returnvalue; + elgg_set_ignore_access($ia); } /** diff --git a/engine/lib/pam.php b/engine/lib/pam.php index 4f9f44278..1c9c3bfe1 100644 --- a/engine/lib/pam.php +++ b/engine/lib/pam.php @@ -30,7 +30,9 @@ $_PAM_HANDLERS = array(); * failure, return false or throw an exception. Returning nothing indicates that * the handler wants to be skipped. * - * @param string $handler The handler function in the format + * Note, $handler must be string callback (not an array/Closure). + * + * @param string $handler Callable global handler function in the format () * pam_handler($credentials = NULL); * @param string $importance The importance - "sufficient" (default) or "required" * @param string $policy The policy type, default is "user" @@ -45,7 +47,8 @@ function register_pam_handler($handler, $importance = "sufficient", $policy = "u $_PAM_HANDLERS[$policy] = array(); } - if (is_callable($handler)) { + // @todo remove requirement that $handle be a global function + if (is_string($handler) && is_callable($handler, true)) { $_PAM_HANDLERS[$policy][$handler] = new stdClass; $_PAM_HANDLERS[$policy][$handler]->handler = $handler; diff --git a/engine/lib/plugins.php b/engine/lib/plugins.php index d5cd4fe76..94aff277e 100644 --- a/engine/lib/plugins.php +++ b/engine/lib/plugins.php @@ -176,6 +176,19 @@ function elgg_generate_plugin_entities() { } /** + * Cache a reference to this plugin by its ID + * + * @param ElggPlugin $plugin + * + * @access private + */ +function _elgg_cache_plugin_by_id(ElggPlugin $plugin) { + $map = (array) elgg_get_config('plugins_by_id_map'); + $map[$plugin->getID()] = $plugin; + elgg_set_config('plugins_by_id_map', $map); +} + +/** * Returns an ElggPlugin object with the path $path. * * @param string $plugin_id The id (dir name) of the plugin. NOT the guid. @@ -183,6 +196,11 @@ function elgg_generate_plugin_entities() { * @since 1.8.0 */ function elgg_get_plugin_from_id($plugin_id) { + $map = (array) elgg_get_config('plugins_by_id_map'); + if (isset($map[$plugin_id])) { + return $map[$plugin_id]; + } + $plugin_id = sanitize_string($plugin_id); $db_prefix = get_config('dbprefix'); @@ -190,6 +208,7 @@ function elgg_get_plugin_from_id($plugin_id) { 'type' => 'object', 'subtype' => 'plugin', 'joins' => array("JOIN {$db_prefix}objects_entity oe on oe.guid = e.guid"), + 'selects' => array("oe.title", "oe.description"), 'wheres' => array("oe.title = '$plugin_id'"), 'limit' => 1 ); @@ -512,6 +531,8 @@ function elgg_namespace_plugin_private_setting($type, $name, $id = null) { * @return string|false Plugin name, or false if no plugin name was called * @since 1.8.0 * @access private + * + * @todo get rid of this */ function elgg_get_calling_plugin_id($mainfilename = false) { if (!$mainfilename) { @@ -920,6 +941,7 @@ function elgg_set_plugin_setting($name, $value, $plugin_id = null) { * * @return mixed * @since 1.8.0 + * @todo make $plugin_id required in future version */ function elgg_get_plugin_setting($name, $plugin_id = null) { if ($plugin_id) { diff --git a/engine/lib/relationships.php b/engine/lib/relationships.php index 09d541e22..01654b1ce 100644 --- a/engine/lib/relationships.php +++ b/engine/lib/relationships.php @@ -416,7 +416,7 @@ function elgg_list_entities_from_relationship_count($options) { function elgg_register_relationship_url_handler($relationship_type, $function_name) { global $CONFIG; - if (!is_callable($function_name)) { + if (!is_callable($function_name, true)) { return false; } diff --git a/engine/lib/river.php b/engine/lib/river.php index b717a7756..33f34360e 100644 --- a/engine/lib/river.php +++ b/engine/lib/river.php @@ -361,6 +361,7 @@ function elgg_get_river(array $options = array()) { } $river_items = get_data($query, 'elgg_row_to_elgg_river_item'); + _elgg_prefetch_river_entities($river_items); return $river_items; } else { @@ -370,11 +371,56 @@ function elgg_get_river(array $options = array()) { } /** + * Prefetch entities that will be displayed in the river. + * + * @param ElggRiverItem[] $river_items + * @access private + */ +function _elgg_prefetch_river_entities(array $river_items) { + // prefetch objects and subjects + $guids = array(); + foreach ($river_items as $item) { + if ($item->subject_guid && !retrieve_cached_entity($item->subject_guid)) { + $guids[$item->subject_guid] = true; + } + if ($item->object_guid && !retrieve_cached_entity($item->object_guid)) { + $guids[$item->object_guid] = true; + } + } + if ($guids) { + // avoid creating oversized query + // @todo how to better handle this? + $guids = array_slice($guids, 0, 300, true); + // return value unneeded, just priming cache + elgg_get_entities(array( + 'guids' => array_keys($guids), + 'limit' => 0, + )); + } + + // prefetch object containers + $guids = array(); + foreach ($river_items as $item) { + $object = $item->getObjectEntity(); + if ($object->container_guid && !retrieve_cached_entity($object->container_guid)) { + $guids[$object->container_guid] = true; + } + } + if ($guids) { + $guids = array_slice($guids, 0, 300, true); + elgg_get_entities(array( + 'guids' => array_keys($guids), + 'limit' => 0, + )); + } +} + +/** * List river items * * @param array $options Any options from elgg_get_river() plus: * pagination => BOOL Display pagination links (true) - + * * @return string * @since 1.8.0 */ diff --git a/engine/lib/sites.php b/engine/lib/sites.php index 850092cad..d9eb2d25e 100644 --- a/engine/lib/sites.php +++ b/engine/lib/sites.php @@ -18,11 +18,19 @@ function elgg_get_site_entity($site_guid = 0) { global $CONFIG; + $result = false; + if ($site_guid == 0) { - return $CONFIG->site; + $site = $CONFIG->site; + } else { + $site = get_entity($site_guid); + } + + if($site instanceof ElggSite){ + $result = $site; } - return get_entity($site_guid); + return $result; } /** @@ -50,6 +58,7 @@ function get_site_entity_as_row($guid) { * @param string $url URL of the site * * @return bool + * @access private */ function create_site_entity($guid, $name, $description, $url) { global $CONFIG; diff --git a/engine/lib/upgrade.php b/engine/lib/upgrade.php index f0874a483..f4f4b16f5 100644 --- a/engine/lib/upgrade.php +++ b/engine/lib/upgrade.php @@ -311,3 +311,58 @@ function elgg_upgrade_bootstrap_17_to_18() { return elgg_set_processed_upgrades($processed_upgrades); } + +/** + * Creates a table {prefix}upgrade_lock that is used as a mutex for upgrades. + * + * @see _elgg_upgrade_lock() + * + * @return bool + * @access private + */ +function _elgg_upgrade_lock() { + global $CONFIG; + + if (!_elgg_upgrade_is_locked()) { + // lock it + insert_data("create table {$CONFIG->dbprefix}upgrade_lock (id INT)"); + elgg_log('Locked for upgrade.', 'NOTICE'); + return true; + } + + elgg_log('Cannot lock for upgrade: already locked.', 'WARNING'); + return false; +} + +/** + * Unlocks upgrade. + * + * @see _elgg_upgrade_lock() + * + * @access private + */ +function _elgg_upgrade_unlock() { + global $CONFIG; + delete_data("drop table {$CONFIG->dbprefix}upgrade_lock"); + elgg_log('Upgrade unlocked.', 'NOTICE'); +} + +/** + * Checks if upgrade is locked + * + * @return bool + * @access private + */ +function _elgg_upgrade_is_locked() { + global $CONFIG, $DB_QUERY_CACHE; + + $is_locked = count(get_data("show tables like '{$CONFIG->dbprefix}upgrade_lock'")); + + // Invalidate query cache + if ($DB_QUERY_CACHE) { + $DB_QUERY_CACHE->clear(); + elgg_log("Query cache invalidated", 'NOTICE'); + } + + return $is_locked; +} diff --git a/engine/lib/upgrades/2010052601.php b/engine/lib/upgrades/2010052601.php index 5b477910f..a9cca6dc5 100644 --- a/engine/lib/upgrades/2010052601.php +++ b/engine/lib/upgrades/2010052601.php @@ -9,14 +9,14 @@ $params = array('type' => 'group', $groups = elgg_get_entities($params); if ($groups) { foreach ($groups as $group) { - $group->name = html_entity_decode($group->name, ENT_COMPAT, 'UTF-8'); - $group->description = html_entity_decode($group->description, ENT_COMPAT, 'UTF-8'); - $group->briefdescription = html_entity_decode($group->briefdescription, ENT_COMPAT, 'UTF-8'); - $group->website = html_entity_decode($group->website, ENT_COMPAT, 'UTF-8'); + $group->name = _elgg_html_decode($group->name); + $group->description = _elgg_html_decode($group->description); + $group->briefdescription = _elgg_html_decode($group->briefdescription); + $group->website = _elgg_html_decode($group->website); if ($group->interests) { $tags = $group->interests; - foreach ($tags as $index=>$tag) { - $tags[$index] = html_entity_decode($tag, ENT_COMPAT, 'UTF-8'); + foreach ($tags as $index => $tag) { + $tags[$index] = _elgg_html_decode($tag); } $group->interests = $tags; } diff --git a/engine/lib/users.php b/engine/lib/users.php index 527eff3cd..95ef9d176 100644 --- a/engine/lib/users.php +++ b/engine/lib/users.php @@ -44,6 +44,7 @@ function get_user_entity_as_row($guid) { * @param string $code A code * * @return bool + * @access private */ function create_user_entity($guid, $name, $username, $password, $salt, $email, $language, $code) { global $CONFIG; diff --git a/engine/lib/views.php b/engine/lib/views.php index b00334062..8618c2997 100644 --- a/engine/lib/views.php +++ b/engine/lib/views.php @@ -101,15 +101,15 @@ function elgg_get_viewtype() { return $CURRENT_SYSTEM_VIEWTYPE; } - $viewtype = get_input('view', NULL); - if ($viewtype) { + $viewtype = get_input('view', '', false); + if (is_string($viewtype) && $viewtype !== '') { // only word characters allowed. - if (!preg_match('[\W]', $viewtype)) { + if (!preg_match('/\W/', $viewtype)) { return $viewtype; } } - if (isset($CONFIG->view) && !empty($CONFIG->view)) { + if (!empty($CONFIG->view)) { return $CONFIG->view; } @@ -258,8 +258,6 @@ function elgg_get_view_location($view, $viewtype = '') { } else { return $CONFIG->views->locations[$viewtype][$view]; } - - return false; } /** @@ -329,7 +327,7 @@ function elgg_view_exists($view, $viewtype = '', $recurse = true) { $location = $CONFIG->views->locations[$viewtype][$view]; } - if (file_exists($location . "{$viewtype}/{$view}.php")) { + if (file_exists("{$location}{$viewtype}/{$view}.php")) { return true; } @@ -378,7 +376,7 @@ function elgg_view_exists($view, $viewtype = '', $recurse = true) { * @param boolean $bypass If set to true, elgg_view will bypass any specified * alternative template handler; by default, it will * hand off to this if requested (see set_template_handler) - * @param boolean $debug If set to true, the viewer will complain if it can't find a view + * @param boolean $ignored This argument is ignored and will be removed eventually * @param string $viewtype If set, forces the viewtype for the elgg_view call to be * this value (default: standard detection) * @@ -386,18 +384,30 @@ function elgg_view_exists($view, $viewtype = '', $recurse = true) { * @see set_template_handler() * @example views/elgg_view.php * @link http://docs.elgg.org/View - * @todo $debug isn't used. - * @todo $usercache is redundant. */ -function elgg_view($view, $vars = array(), $bypass = false, $debug = false, $viewtype = '') { +function elgg_view($view, $vars = array(), $bypass = false, $ignored = false, $viewtype = '') { global $CONFIG; - static $usercache; - - $view = (string)$view; + if (!is_string($view) || !is_string($viewtype)) { + elgg_log("View and Viewtype in views must be a strings: $view", 'NOTICE'); + return ''; + } // basic checking for bad paths if (strpos($view, '..') !== false) { - return false; + return ''; + } + + if (!is_array($vars)) { + elgg_log("Vars in views must be an array: $view", 'ERROR'); + $vars = array(); + } + + // Get the current viewtype + if ($viewtype === '') { + $viewtype = elgg_get_viewtype(); + } elseif (preg_match('/\W/', $viewtype)) { + // Viewtypes can only be alphanumeric + return ''; } $view_orig = $view; @@ -408,19 +418,6 @@ function elgg_view($view, $vars = array(), $bypass = false, $debug = false, $vie elgg_trigger_event('pagesetup', 'system'); } - if (!is_array($usercache)) { - $usercache = array(); - } - - if (!is_array($vars)) { - elgg_log("Vars in views must be an array: $view", 'ERROR'); - $vars = array(); - } - - if (empty($vars)) { - $vars = array(); - } - // @warning - plugin authors: do not expect user, config, and url to be // set by elgg_view() in the future. Instead, use elgg_get_logged_in_user_entity(), // elgg_get_config(), and elgg_get_site_url() in your views. @@ -475,16 +472,6 @@ function elgg_view($view, $vars = array(), $bypass = false, $debug = false, $vie } } - // Get the current viewtype - if (empty($viewtype)) { - $viewtype = elgg_get_viewtype(); - } - - // Viewtypes can only be alphanumeric - if (preg_match('[\W]', $viewtype)) { - return ''; - } - // Set up any extensions to the requested view if (isset($CONFIG->views->extensions[$view])) { $viewlist = $CONFIG->views->extensions[$view]; @@ -496,19 +483,21 @@ function elgg_view($view, $vars = array(), $bypass = false, $debug = false, $vie ob_start(); foreach ($viewlist as $priority => $view) { + $view_location = elgg_get_view_location($view, $viewtype); $view_file = "$view_location$viewtype/$view.php"; - $default_location = elgg_get_view_location($view, 'default'); - $default_view_file = "{$default_location}default/$view.php"; - // try to include view if (!file_exists($view_file) || !include($view_file)) { // requested view does not exist $error = "$viewtype/$view view does not exist."; // attempt to load default view - if ($viewtype != 'default' && elgg_does_viewtype_fallback($viewtype)) { + if ($viewtype !== 'default' && elgg_does_viewtype_fallback($viewtype)) { + + $default_location = elgg_get_view_location($view, 'default'); + $default_view_file = "{$default_location}default/$view.php"; + if (file_exists($default_view_file) && include($default_view_file)) { // default view found $error .= " Using default/$view instead."; @@ -533,7 +522,7 @@ function elgg_view($view, $vars = array(), $bypass = false, $debug = false, $vie // backward compatibility with less granular hook will be gone in 2.0 $content_tmp = elgg_trigger_plugin_hook('display', 'view', $params, $content); - if ($content_tmp != $content) { + if ($content_tmp !== $content) { $content = $content_tmp; elgg_deprecated_notice('The display:view plugin hook is deprecated by view:view_name', 1.8); } @@ -559,33 +548,32 @@ function elgg_view($view, $vars = array(), $bypass = false, $debug = false, $vie * @param string $view_extension This view is added to $view * @param int $priority The priority, from 0 to 1000, * to add at (lowest numbers displayed first) - * @param string $viewtype Not used * * @return void * @since 1.7.0 * @link http://docs.elgg.org/Views/Extend * @example views/extend.php */ -function elgg_extend_view($view, $view_extension, $priority = 501, $viewtype = '') { +function elgg_extend_view($view, $view_extension, $priority = 501) { global $CONFIG; if (!isset($CONFIG->views)) { - $CONFIG->views = new stdClass; - } - - if (!isset($CONFIG->views->extensions)) { - $CONFIG->views->extensions = array(); - } - - if (!isset($CONFIG->views->extensions[$view])) { - $CONFIG->views->extensions[$view][500] = "{$view}"; + $CONFIG->views = (object) array( + 'extensions' => array(), + ); + $CONFIG->views->extensions[$view][500] = (string)$view; + } else { + if (!isset($CONFIG->views->extensions[$view])) { + $CONFIG->views->extensions[$view][500] = (string)$view; + } } + // raise priority until it doesn't match one already registered while (isset($CONFIG->views->extensions[$view][$priority])) { $priority++; } - $CONFIG->views->extensions[$view][$priority] = "{$view_extension}"; + $CONFIG->views->extensions[$view][$priority] = (string)$view_extension; ksort($CONFIG->views->extensions[$view]); } @@ -601,14 +589,6 @@ function elgg_extend_view($view, $view_extension, $priority = 501, $viewtype = ' function elgg_unextend_view($view, $view_extension) { global $CONFIG; - if (!isset($CONFIG->views)) { - return FALSE; - } - - if (!isset($CONFIG->views->extensions)) { - return FALSE; - } - if (!isset($CONFIG->views->extensions[$view])) { return FALSE; } @@ -1105,10 +1085,6 @@ function elgg_view_annotation_list($annotations, array $vars = array()) { * @todo Change the hook name. */ function elgg_view_entity_annotations(ElggEntity $entity, $full_view = true) { - if (!$entity) { - return false; - } - if (!($entity instanceof ElggEntity)) { return false; } @@ -1131,7 +1107,7 @@ function elgg_view_entity_annotations(ElggEntity $entity, $full_view = true) { * This is a shortcut for {@elgg_view page/elements/title}. * * @param string $title The page title - * @param string $vars View variables (was submenu be displayed? (deprecated)) + * @param array $vars View variables (was submenu be displayed? (deprecated)) * * @return string The HTML (etc) */ @@ -1203,7 +1179,7 @@ function elgg_view_comments($entity, $add_comment = true, array $vars = array()) * * @param string $image The icon and other information * @param string $body Description content - * @param string $vars Additional parameters for the view + * @param array $vars Additional parameters for the view * * @return string * @since 1.8.0 @@ -1230,7 +1206,6 @@ function elgg_view_image_block($image, $body, $vars = array()) { * @since 1.8.0 */ function elgg_view_module($type, $title, $body, array $vars = array()) { - $vars['class'] = elgg_extract('class', $vars, '') . " elgg-module-$type"; $vars['title'] = $title; $vars['body'] = $body; @@ -1243,11 +1218,15 @@ function elgg_view_module($type, $title, $body, array $vars = array()) { * @param ElggRiverItem $item A river item object * @param array $vars An array of variables for the view * - * @return string|false Depending on success + * @return string returns empty string if could not be rendered */ function elgg_view_river_item($item, array $vars = array()) { + if (!($item instanceof ElggRiverItem)) { + return ''; + } // checking default viewtype since some viewtypes do not have unique views per item (rss) - if (!$item || !$item->getView() || !elgg_view_exists($item->getView(), 'default')) { + $view = $item->getView(); + if (!$view || !elgg_view_exists($view, 'default')) { return ''; } @@ -1257,6 +1236,15 @@ function elgg_view_river_item($item, array $vars = array()) { // subject is disabled or subject/object deleted return ''; } + // Don't hide objects in closed groups that a user can see. + // see http://trac.elgg.org/ticket/4789 +// else { +// // hide based on object's container +// $visibility = ElggGroupItemVisibility::factory($object->container_guid); +// if ($visibility->shouldHideItems) { +// return ''; +// } +// } $vars['item'] = $item; @@ -1339,7 +1327,7 @@ function elgg_view_list_item($item, array $vars = array()) { return elgg_view_river_item($item, $vars); } - return false; + return ''; } /** @@ -1354,7 +1342,7 @@ function elgg_view_list_item($item, array $vars = array()) { */ function elgg_view_icon($name, $class = '') { // @todo deprecate boolean in Elgg 1.9 - if (is_bool($class) && $class === true) { + if ($class === true) { $class = 'float'; } return "<span class=\"elgg-icon elgg-icon-$name $class\"></span>"; @@ -1403,7 +1391,8 @@ function elgg_view_access_collections($owner_guid) { */ function set_template_handler($function_name) { global $CONFIG; - if (!empty($function_name) && is_callable($function_name)) { + + if (is_callable($function_name)) { $CONFIG->template_handler = $function_name; return true; } @@ -1516,17 +1505,13 @@ function elgg_view_tree($view_root, $viewtype = "") { * @param string $base_location_path The base views directory to use with elgg_set_view_location() * @param string $viewtype The type of view we're looking at (default, rss, etc) * - * @return void + * @return bool returns false if folder can't be read * @since 1.7.0 * @see elgg_set_view_location() * @todo This seems overly complicated. * @access private */ function autoregister_views($view_base, $folder, $base_location_path, $viewtype) { - if (!isset($i)) { - $i = 0; - } - if ($handle = opendir($folder)) { while ($view = readdir($handle)) { if (!in_array($view, array('.', '..', '.svn', 'CVS')) && !is_dir($folder . "/" . $view)) { @@ -1608,16 +1593,15 @@ function elgg_views_handle_deprecated_views() { function elgg_views_boot() { global $CONFIG; - elgg_register_simplecache_view('css/elgg'); elgg_register_simplecache_view('css/ie'); elgg_register_simplecache_view('css/ie6'); elgg_register_simplecache_view('css/ie7'); - elgg_register_simplecache_view('js/elgg'); elgg_register_js('jquery', '/vendors/jquery/jquery-1.6.4.min.js', 'head'); elgg_register_js('jquery-ui', '/vendors/jquery/jquery-ui-1.8.16.min.js', 'head'); elgg_register_js('jquery.form', '/vendors/jquery/jquery.form.js'); - + + elgg_register_simplecache_view('js/elgg'); $elgg_js_url = elgg_get_simplecache_url('js', 'elgg'); elgg_register_js('elgg', $elgg_js_url, 'head'); @@ -1626,14 +1610,17 @@ function elgg_views_boot() { elgg_load_js('elgg'); elgg_register_simplecache_view('js/lightbox'); - elgg_register_simplecache_view('css/lightbox'); $lightbox_js_url = elgg_get_simplecache_url('js', 'lightbox'); elgg_register_js('lightbox', $lightbox_js_url); + + elgg_register_simplecache_view('css/lightbox'); $lightbox_css_url = elgg_get_simplecache_url('css', 'lightbox'); elgg_register_css('lightbox', $lightbox_css_url); + elgg_register_simplecache_view('css/elgg'); $elgg_css_url = elgg_get_simplecache_url('css', 'elgg'); elgg_register_css('elgg', $elgg_css_url); + elgg_load_css('elgg'); elgg_register_ajax_view('js/languages'); @@ -1647,13 +1634,13 @@ function elgg_views_boot() { $views = scandir($view_path); foreach ($views as $view) { - if ('.' !== substr($view, 0, 1) && is_dir($view_path . $view)) { + if ($view[0] !== '.' && is_dir($view_path . $view)) { elgg_register_viewtype($view); } } // set default icon sizes - can be overridden in settings.php or with plugin - if (!elgg_get_config('icon_sizes')) { + if (!$CONFIG->icon_sizes) { $icon_sizes = array( 'topbar' => array('w' => 16, 'h' => 16, 'square' => TRUE, 'upscale' => TRUE), 'tiny' => array('w' => 25, 'h' => 25, 'square' => TRUE, 'upscale' => TRUE), diff --git a/engine/lib/web_services.php b/engine/lib/web_services.php index da3ed76a9..c8e4a13cc 100644 --- a/engine/lib/web_services.php +++ b/engine/lib/web_services.php @@ -232,6 +232,7 @@ function execute_method($method) { $function = $API_METHODS[$method]["function"]; $serialised_parameters = trim($serialised_parameters, ", "); + // @todo document why we cannot use call_user_func_array here $result = eval("return $function($serialised_parameters);"); // Sanity check result @@ -1194,6 +1195,8 @@ $ERRORS = array(); * * @return void * @access private + * + * @throws Exception */ function _php_api_error_handler($errno, $errmsg, $filename, $linenum, $vars) { global $ERRORS; @@ -1278,11 +1281,9 @@ function service_handler($handler, $request) { // no handlers set or bad url header("HTTP/1.0 404 Not Found"); exit; - } else if (isset($CONFIG->servicehandler[$handler]) - && is_callable($CONFIG->servicehandler[$handler])) { - + } else if (isset($CONFIG->servicehandler[$handler]) && is_callable($CONFIG->servicehandler[$handler])) { $function = $CONFIG->servicehandler[$handler]; - $function($request, $handler); + call_user_func($function, $request, $handler); } else { // no handler for this web service header("HTTP/1.0 404 Not Found"); @@ -1301,10 +1302,11 @@ function service_handler($handler, $request) { */ function register_service_handler($handler, $function) { global $CONFIG; + if (!isset($CONFIG->servicehandler)) { $CONFIG->servicehandler = array(); } - if (is_callable($function)) { + if (is_callable($function, true)) { $CONFIG->servicehandler[$handler] = $function; return true; } @@ -1319,11 +1321,13 @@ function register_service_handler($handler, $function) { * * @param string $handler web services type * - * @return 1.7.0 + * @return void + * @since 1.7.0 */ function unregister_service_handler($handler) { global $CONFIG; - if (isset($CONFIG->servicehandler) && isset($CONFIG->servicehandler[$handler])) { + + if (isset($CONFIG->servicehandler, $CONFIG->servicehandler[$handler])) { unset($CONFIG->servicehandler[$handler]); } } @@ -1333,6 +1337,8 @@ function unregister_service_handler($handler) { * * @return void * @access private + * + * @throws SecurityException|APIException */ function rest_handler() { global $CONFIG; @@ -1387,7 +1393,7 @@ function rest_handler() { /** * Unit tests for API * - * @param sting $hook unit_test + * @param string $hook unit_test * @param string $type system * @param mixed $value Array of tests * @param mixed $params Params @@ -1397,6 +1403,7 @@ function rest_handler() { */ function api_unit_test($hook, $type, $value, $params) { global $CONFIG; + $value[] = $CONFIG->path . 'engine/tests/services/api.php'; return $value; } @@ -1418,15 +1425,18 @@ function api_init() { elgg_echo("system.api.list"), "GET", false, false); // The authentication token api - expose_function("auth.gettoken", - "auth_gettoken", array( - 'username' => array ('type' => 'string'), - 'password' => array ('type' => 'string'), - ), - elgg_echo('auth.gettoken'), - 'POST', - false, - false); + expose_function( + "auth.gettoken", + "auth_gettoken", + array( + 'username' => array ('type' => 'string'), + 'password' => array ('type' => 'string'), + ), + elgg_echo('auth.gettoken'), + 'POST', + false, + false + ); } diff --git a/engine/lib/xml.php b/engine/lib/xml.php index 813bc4ee0..ff82d7e8a 100644 --- a/engine/lib/xml.php +++ b/engine/lib/xml.php @@ -101,47 +101,11 @@ function serialise_array_to_xml(array $data, $n = 0) { /** * Parse an XML file into an object. - * Based on code from http://de.php.net/manual/en/function.xml-parse-into-struct.php by - * efredricksen at gmail dot com * * @param string $xml The XML * * @return object */ function xml_to_object($xml) { - $parser = xml_parser_create(); - - // Parse $xml into a structure - xml_parser_set_option($parser, XML_OPTION_SKIP_WHITE, 1); - xml_parser_set_option($parser, XML_OPTION_CASE_FOLDING, 0); - xml_parse_into_struct($parser, $xml, $tags); - - xml_parser_free($parser); - - $elements = array(); - $stack = array(); - - foreach ($tags as $tag) { - $index = count($elements); - - if ($tag['type'] == "complete" || $tag['type'] == "open") { - $elements[$index] = new XmlElement; - $elements[$index]->name = $tag['tag']; - $elements[$index]->attributes = elgg_extract('attributes', $tag, ''); - $elements[$index]->content = elgg_extract('value', $tag, ''); - - if ($tag['type'] == "open") { - $elements[$index]->children = array(); - $stack[count($stack)] = &$elements; - $elements = &$elements[$index]->children; - } - } - - if ($tag['type'] == "close") { - $elements = &$stack[count($stack) - 1]; - unset($stack[count($stack) - 1]); - } - } - - return $elements[0]; + return new ElggXMLElement($xml); } diff --git a/engine/tests/api/access_collections.php b/engine/tests/api/access_collections.php index bea995a6e..ebcd7d318 100644 --- a/engine/tests/api/access_collections.php +++ b/engine/tests/api/access_collections.php @@ -268,4 +268,26 @@ class ElggCoreAccessCollectionsTest extends ElggCoreUnitTest { $group->delete(); } + + public function testAccessCaching() { + // create a new user to check against + $user = new ElggUser(); + $user->username = 'access_test_user'; + $user->save(); + + foreach (array('get_access_list', 'get_access_array') as $func) { + $cache = _elgg_get_access_cache(); + $cache->clear(); + + // admin users run tests, so disable access + elgg_set_ignore_access(true); + $access = $func($user->getGUID()); + + elgg_set_ignore_access(false); + $access2 = $func($user->getGUID()); + $this->assertNotEqual($access, $access2, "Access test for $func"); + } + + $user->delete(); + } } diff --git a/engine/tests/api/metadata.php b/engine/tests/api/metadata.php index 9933263d1..825290d80 100644 --- a/engine/tests/api/metadata.php +++ b/engine/tests/api/metadata.php @@ -102,14 +102,14 @@ class ElggCoreMetadataAPITest extends ElggCoreUnitTest { $e = new ElggObject(); $e->save(); - for ($i=0; $i<30; $i++) { - $name = "test_metadata" . rand(0, 10000); + for ($i = 0; $i < 30; $i++) { + $name = "test_metadata$i"; $e->$name = rand(0, 10000); } $options = array( 'guid' => $e->getGUID(), - 'limit' => 0 + 'limit' => 0, ); $md = elgg_get_metadata($options); diff --git a/engine/tests/api/metadata_cache.php b/engine/tests/api/metadata_cache.php new file mode 100644 index 000000000..846116a7b --- /dev/null +++ b/engine/tests/api/metadata_cache.php @@ -0,0 +1,169 @@ +<?php +/** + * Elgg Test metadata cache + * + * @package Elgg + * @subpackage Test + */ +class ElggCoreMetadataCacheTest extends ElggCoreUnitTest { + + /** + * @var ElggVolatileMetadataCache + */ + protected $cache; + + /** + * @var ElggObject + */ + protected $obj1; + + /** + * @var int + */ + protected $guid1; + + /** + * @var ElggObject + */ + protected $obj2; + + /** + * @var int + */ + protected $guid2; + + protected $name = 'test'; + protected $value = 'test'; + protected $ignoreAccess; + + /** + * Called before each test method. + */ + public function setUp() { + $this->ignoreAccess = elgg_set_ignore_access(false); + + $this->cache = elgg_get_metadata_cache(); + + $this->obj1 = new ElggObject(); + $this->obj1->save(); + $this->guid1 = $this->obj1->guid; + + $this->obj2 = new ElggObject(); + $this->obj2->save(); + $this->guid2 = $this->obj2->guid; + } + + /** + * Called after each test method. + */ + public function tearDown() { + $this->obj1->delete(); + $this->obj2->delete(); + + elgg_set_ignore_access($this->ignoreAccess); + } + + public function testBasicApi() { + // test de-coupled instance + $cache = new ElggVolatileMetadataCache(); + $cache->setIgnoreAccess(false); + $guid = 1; + + $this->assertFalse($cache->isKnown($guid, $this->name)); + + $cache->markEmpty($guid, $this->name); + $this->assertTrue($cache->isKnown($guid, $this->name)); + $this->assertNull($cache->load($guid, $this->name)); + + $cache->markUnknown($guid, $this->name); + $this->assertFalse($cache->isKnown($guid, $this->name)); + + $cache->save($guid, $this->name, $this->value); + $this->assertIdentical($cache->load($guid, $this->name), $this->value); + + $cache->save($guid, $this->name, 1, true); + $this->assertIdentical($cache->load($guid, $this->name), array($this->value, 1)); + + $cache->clear($guid); + $this->assertFalse($cache->isKnown($guid, $this->name)); + } + + public function testReadsAreCached() { + // test that reads fill cache + $this->obj1->setMetaData($this->name, $this->value); + $this->cache->flush(); + + $this->obj1->getMetaData($this->name); + $this->assertIdentical($this->cache->load($this->guid1, $this->name), $this->value); + } + + public function testWritesAreCached() { + // delete should mark cache as known to be empty + $this->obj1->deleteMetadata($this->name); + $this->assertTrue($this->cache->isKnown($this->guid1, $this->name)); + $this->assertNull($this->cache->load($this->guid1, $this->name)); + + // without name, delete should invalidate the entire entity + $this->cache->save($this->guid1, $this->name, $this->value); + elgg_delete_metadata(array( + 'guid' => $this->guid1, + )); + $this->assertFalse($this->cache->isKnown($this->guid1, $this->name)); + + // test set + $this->obj1->setMetaData($this->name, $this->value); + $this->assertIdentical($this->cache->load($this->guid1, $this->name), $this->value); + + // test set multiple + $this->obj1->setMetaData($this->name, 1, 'integer', true); + $this->assertIdentical($this->cache->load($this->guid1, $this->name), array($this->value, 1)); + + // writes when access is ignore should invalidate + $tmp_ignore = elgg_set_ignore_access(true); + $this->obj1->setMetaData($this->name, $this->value); + $this->assertFalse($this->cache->isKnown($this->guid1, $this->name)); + elgg_set_ignore_access($tmp_ignore); + } + + public function testDisableAndEnable() { + // both should mark cache unknown + $this->obj1->setMetaData($this->name, $this->value); + $this->obj1->disableMetadata($this->name); + $this->assertFalse($this->cache->isKnown($this->guid1, $this->name)); + + $this->cache->save($this->guid1, $this->name, $this->value); + $this->obj1->enableMetadata($this->name); + $this->assertFalse($this->cache->isKnown($this->guid1, $this->name)); + } + + public function testPopulateFromEntities() { + // test populating cache from set of entities + $this->obj1->setMetaData($this->name, $this->value); + $this->obj1->setMetaData($this->name, 4, 'integer', true); + $this->obj1->setMetaData("{$this->name}-2", "{$this->value}-2"); + $this->obj2->setMetaData($this->name, $this->value); + + $this->cache->flush(); + $this->cache->populateFromEntities(array($this->guid1, $this->guid2)); + + $expected = array(); + $expected[$this->name][] = $this->value; + $expected[$this->name][] = 4; + $expected["{$this->name}-2"] = "{$this->value}-2"; + $this->assertIdentical($this->cache->loadAll($this->guid1), $expected); + + $expected = array(); + $expected[$this->name] = $this->value; + $this->assertIdentical($this->cache->loadAll($this->guid2), $expected); + } + + public function testFilterHeavyEntities() { + $big_str = str_repeat('-', 5000); + $this->obj2->setMetaData($this->name, array($big_str, $big_str)); + + $guids = array($this->guid1, $this->guid2); + $expected = array($this->guid1); + $actual = $this->cache->filterMetadataHeavyEntities($guids, 6000); + $this->assertIdentical($actual, $expected); + } +} diff --git a/engine/tests/api/output.php b/engine/tests/api/output.php new file mode 100644 index 000000000..c3d5aa8c6 --- /dev/null +++ b/engine/tests/api/output.php @@ -0,0 +1,74 @@ +<?php +/** + * Test case for ElggAutoP functionality. + */ +class ElggCoreOutputAutoPTest extends ElggCoreUnitTest { + + /** + * @var ElggAutoP + */ + protected $_autop; + + public function setUp() { + $this->_autop = new ElggAutoP(); + } + + public function testDomRoundtrip() { + $d = dir(dirname(dirname(__FILE__)) . '/test_files/output/autop'); + $in = file_get_contents($d->path . "/domdoc_in.html"); + $exp = file_get_contents($d->path . "/domdoc_exp.html"); + $exp = $this->flattenString($exp); + + $doc = new DOMDocument(); + libxml_use_internal_errors(true); + $doc->loadHTML("<html><meta http-equiv='content-type' content='text/html; charset=utf-8'><body>" + . $in . '</body></html>'); + $serialized = $doc->saveHTML(); + list(,$out) = explode('<body>', $serialized, 2); + list($out) = explode('</body>', $out, 2); + $out = $this->flattenString($out); + + $this->assertEqual($exp, $out, "DOMDocument's parsing/serialization roundtrip"); + } + + public function testProcess() { + $data = $this->provider(); + foreach ($data as $row) { + list($test, $in, $exp) = $row; + $exp = $this->flattenString($exp); + $out = $this->_autop->process($in); + $out = $this->flattenString($out); + + $this->assertEqual($exp, $out, "Equality case {$test}"); + } + } + + public function provider() { + $d = dir(dirname(dirname(__FILE__)) . '/test_files/output/autop'); + $tests = array(); + while (false !== ($entry = $d->read())) { + if (preg_match('/^([a-z\\-]+)\.in\.html$/i', $entry, $m)) { + $tests[] = $m[1]; + } + } + + $data = array(); + foreach ($tests as $test) { + $data[] = array( + $test, + file_get_contents($d->path . '/' . "{$test}.in.html"), + file_get_contents($d->path . '/' . "{$test}.exp.html"), + ); + } + return $data; + } + + /** + * Different versions of PHP return different whitespace between tags. + * Removing all line breaks normalizes that. + */ + public function flattenString($string) { + $r = preg_replace('/[\n\r]+/', '', $string); + return $r; + } +}
\ No newline at end of file diff --git a/engine/tests/test_files/output/autop/block-a.exp.norun.html b/engine/tests/test_files/output/autop/block-a.exp.norun.html new file mode 100644 index 000000000..addf29dec --- /dev/null +++ b/engine/tests/test_files/output/autop/block-a.exp.norun.html @@ -0,0 +1,6 @@ + +<p>HTML5 allows A to contain block-level content</p> +<a href="foo"><h3>A treated as block</h3> +<p>Read more</p> +</a> +<p><a href="foo">A treated as<br /> inline</a></p> diff --git a/engine/tests/test_files/output/autop/block-a.in.norun.html b/engine/tests/test_files/output/autop/block-a.in.norun.html new file mode 100644 index 000000000..fc2dac43a --- /dev/null +++ b/engine/tests/test_files/output/autop/block-a.in.norun.html @@ -0,0 +1,9 @@ +HTML5 allows A to contain block-level content +<a href="foo"> + + <h3>A treated as block</h3> + + Read more +</a> +<a href="foo">A treated as + inline</a> diff --git a/engine/tests/test_files/output/autop/domdoc_exp.html b/engine/tests/test_files/output/autop/domdoc_exp.html new file mode 100644 index 000000000..8480c1083 --- /dev/null +++ b/engine/tests/test_files/output/autop/domdoc_exp.html @@ -0,0 +1,46 @@ +› + +Vietnamese - Tiếng Việt + +<h1>h1</h1> +<p>Paragraph <a href="http://google.com/">link</a> <strong>Bold</strong> <em>italic</em> <em><strong>bolditalic</strong></em> <span style="background-color: #ffff00; "></span></p> +<h2>h2</h2> +<p>Paragraph <span style="font-size: xx-small;">size1</span> <span style="font-size: x-small;">size2</span> <span style="font-size: medium;">size4</span></p> +<h3>h3</h3> +<p>Paragraph <span style="text-decoration: underline;">underline</span> <span style="text-decoration: line-through;">strikethrough</span> <span style="color: #ff0000;">color</span> <span style="background-color: #ffff00; ">background</span></p> +<blockquote> + <p>Blockquoted paragraph</p> +</blockquote> +<p>Paragraph following blockquote</p> +<ul><li>Unordered</li> + <li>List</li> +</ul><p>Paragraph between lists</p> +<ol><li>Ordered</li> + <li>List</li> +</ol><p>Paragraph between lists</p> +<ul><li>OL list</li> + <li>nested<ol><li>inside a</li> + <li>UL list</li> + </ol></li> +</ul><p>Paragraph between lists</p> +<table border="0"><tbody><tr><td>Table with</td> + <td></td> + </tr><tr><td></td> + <td>border=0</td> + </tr></tbody></table><p>Paragraph</p> +<ol><li>UL list</li> + <li>nested + <ul><li>inside a</li> + <li>OL list</li> + </ul></li> +</ol><p>Paragraph between tables</p> +<table border="1" cellpadding="5"><tbody><tr><td>Table with border=1</td> + <td></td> + </tr><tr><td></td> + <td>cellpadding = 5</td> + </tr></tbody></table><p>Paragraph between tables</p> +<table border="2"><tbody><tr><td>Table with</td> + <td></td> + </tr><tr><td></td> + <td>border=2</td> + </tr></tbody></table>
\ No newline at end of file diff --git a/engine/tests/test_files/output/autop/domdoc_in.html b/engine/tests/test_files/output/autop/domdoc_in.html new file mode 100644 index 000000000..4c465b435 --- /dev/null +++ b/engine/tests/test_files/output/autop/domdoc_in.html @@ -0,0 +1,80 @@ +› + +Vietnamese - Tiếng Việt + +<h1>h1</h1> +<p>Paragraph <a href="http://google.com/">link</a> <strong>Bold</strong> <em>italic</em> <em><strong>bolditalic</strong></em> <span style="background-color: #ffff00; "></span></p> +<h2>h2</h2> +<p>Paragraph <span style="font-size: xx-small;">size1</span> <span style="font-size: x-small;">size2</span> <span style="font-size: medium;">size4</span></p> +<h3>h3</h3> +<p>Paragraph <span style="text-decoration: underline;">underline</span> <span style="text-decoration: line-through;">strikethrough</span> <span style="color: #ff0000;">color</span> <span style="background-color: #ffff00; ">background</span></p> +<blockquote> + <p>Blockquoted paragraph</p> +</blockquote> +<p>Paragraph following blockquote</p> +<ul> + <li>Unordered</li> + <li>List</li> +</ul> +<p>Paragraph between lists</p> +<ol> + <li>Ordered</li> + <li>List</li> +</ol> +<p>Paragraph between lists</p> +<ul> + <li>OL list</li> + <li>nested<ol> + <li>inside a</li> + <li>UL list</li> + </ol></li> +</ul> +<p>Paragraph between lists</p> +<table border="0"> + <tbody> + <tr> + <td>Table with</td> + <td></td> + </tr> + <tr> + <td></td> + <td>border=0</td> + </tr> + </tbody> +</table> +<p>Paragraph</p> +<ol> + <li>UL list</li> + <li>nested + <ul> + <li>inside a</li> + <li>OL list</li> + </ul> + </li> +</ol> +<p>Paragraph between tables</p> +<table border="1" cellpadding="5"> + <tbody> + <tr> + <td>Table with border=1</td> + <td></td> + </tr> + <tr> + <td></td> + <td>cellpadding = 5</td> + </tr> + </tbody> +</table> +<p>Paragraph between tables</p> +<table border="2"> + <tbody> + <tr> + <td>Table with</td> + <td></td> + </tr> + <tr> + <td></td> + <td>border=2</td> + </tr> + </tbody> +</table>
\ No newline at end of file diff --git a/engine/tests/test_files/output/autop/typical-post.exp.html b/engine/tests/test_files/output/autop/typical-post.exp.html new file mode 100644 index 000000000..f9d75a114 --- /dev/null +++ b/engine/tests/test_files/output/autop/typical-post.exp.html @@ -0,0 +1,84 @@ +<h2>Lorem ipsum dolor sit amet, consectetur adipiscing elit.</h2> +<p><img class="alignright size-thumbnail wp-image-905" title="Surest Things mixing session in Adobe Audition" src="http://www.mrclay.org/wp-content/uploads/2010/09/surestThings_audition-150x150.png" alt="screenshot of Audition mixing session" width="150" height="150">Vivamus enim ante, <em>mattis eget imperdiet nec, pharetra vel velit.</em> Sed at euismod nibh. Praesent lacus tellus, <a href="http://google.com/">posuere et convallis</a> a, <strong>mollis et tellus. Suspendisse potenti</strong>. Phasellus tincidunt dignissim est eget mattis. Vestibulum lacinia <del>condimentum tellus, non vestibulum erat dapibus</del> quis. Aliquam arcu nibh, viverra adipiscing eleifend quis, pretium vitae ipsum.</p> + +<p>Curabitur turpis ante, <span style="color: #993300;">congue ac dapibus quis, vehicula ac orci.</span> Nunc luctus neque non massa porta sed pharetra ante accumsan. <a href="http://google.com/">Nam suscipit</a> risus quis libero convallis viverra. Ut at arcu enim, vel pharetra dolor.</p> +<h3>Donec at massa ante, sagittis fermentum urna.</h3><blockquote> +<p>Mauris volutpat est id massa volutpat lacinia. Class aptent taciti sociosqu ad litora torquent per conubia nostra, per inceptos himenaeos. In in nisl mauris. In aliquet pretium nisl, vel convallis neque cursus vitae. Curabitur id mauris in urna gravida ornare.</p> + +<p>[caption id="attachment_719" align="alignleft" width="150" caption="Ibanez AGB140 Bass"]<img class="size-thumbnail wp-image-719" title="Ibanez AGB140 Bass" src="http://www.mrclay.org/wp-content/uploads/2010/04/agb140-e1271773766573-150x150.jpg" alt="Ibanez AGB140 Bass" width="150" height="150">[/caption]</p> + +<p>Aenean <a href="http://google.com/">aliquet cursus purus sed gravida. Cras auctor euismod justo, ac dictum purus facilisis dignissim.</a> Quisque facilisis porta sem, ac suscipit quam molestie nec. Pellentesque quis hendrerit enim. Vivamus tempor erat diam. Sed eu felis nunc. Cras posuere lorem commodo turpis mollis sagittis. Mauris lobortis nunc felis.</p> + +<p>Maecenas elit lorem, varius sed condimentum ac, cursus et magna. Nam ut massa id augue consectetur porttitor eleifend in nunc. Curabitur cursus varius dictum. Vestibulum vel justo et neque tempus placerat a vel sapien.</p> +</blockquote> +<p>Lorem ipsum dolor sit amet, consectetur adipiscing elit. Vivamus enim ante, mattis eget imperdiet nec, <a href="http://google.com/">pharetra </a>vel velit. Sed at euismod nibh. Praesent lacus tellus, posuere et convallis a, mollis et tellus.</p> +<pre><code><?php +class DataTest extends PHPUnit_Framework_TestCase +{ + /** + * @dataProvider provider + */ + public function testAdd($a, $b, $c) + { + $this->assertEquals($c, $a + $b); + } + + public function provider() + { + return array( + array(0, 0, 0), + array(0, 1, 1), + array(1, 0, 1), + array(1, 1, 3) + ); + } +}</code></pre><ul><li>Suspendisse potenti. Phasellus tincidunt dignissim est eget mattis.</li> + <li>Vestibulum lacinia condimentum tellus, non vestibulum erat dapibus quis.</li> + <li>Aliquam arcu nibh, <a href="http://google.com/">viverra</a> adipiscing eleifend quis, pretium vitae ipsum.</li> + <li>Curabitur turpis ante, congue ac <a href="http://google.com/">dapibus quis</a>, vehicula ac orci.</li> +</ul> +<p>Nunc luctus neque non massa porta sed pharetra ante accumsan. Nam suscipit risus quis libero convallis viverra. Ut at arcu enim, vel pharetra dolor. Donec at massa ante, sagittis fermentum urna.</p> + +<p><object width="480" height="390"><param name="movie" value="http://www.youtube.com/v/zW9YOMaVTFI?fs=1&hl=en_US"><param name="allowFullScreen" value="true"><param name="allowscriptaccess" value="always"><embed type="application/x-shockwave-flash" width="480" height="390" src="http://www.youtube.com/v/zW9YOMaVTFI?fs=1&hl=en_US" allowfullscreen="true" allowscriptaccess="always"></embed></object></p> +<h2>Lorem ipsum dolor sit amet, consectetur adipiscing elit.</h2> +<p><img class="alignright size-thumbnail wp-image-905" title="Surest Things mixing session in Adobe Audition" src="http://www.mrclay.org/wp-content/uploads/2010/09/surestThings_audition-150x150.png" alt="screenshot of Audition mixing session" width="150" height="150">Vivamus enim ante, <em>mattis eget imperdiet nec, pharetra vel velit.</em> Sed at euismod nibh. Praesent lacus tellus, <a href="http://google.com/">posuere et convallis</a> a, <strong>mollis et tellus. Suspendisse potenti</strong>. Phasellus tincidunt dignissim est eget mattis. Vestibulum lacinia <del>condimentum tellus, non vestibulum erat dapibus</del> quis. Aliquam arcu nibh, viverra adipiscing eleifend quis, pretium vitae ipsum.</p> + +<p>Curabitur turpis ante, <span style="color: #993300;">congue ac dapibus quis, vehicula ac orci.</span> Nunc luctus neque non massa porta sed pharetra ante accumsan. <a href="http://google.com/">Nam suscipit</a> risus quis libero convallis viverra. Ut at arcu enim, vel pharetra dolor.</p> +<h3>Donec at massa ante, sagittis fermentum urna.</h3><blockquote> +<p>Mauris volutpat est id massa volutpat lacinia. Class aptent taciti sociosqu ad litora torquent per conubia nostra, per inceptos himenaeos. In in nisl mauris. In aliquet pretium nisl, vel convallis neque cursus vitae. Curabitur id mauris in urna gravida ornare.</p> + +<p>[caption id="attachment_719" align="alignleft" width="150" caption="Ibanez AGB140 Bass"]<img class="size-thumbnail wp-image-719" title="Ibanez AGB140 Bass" src="http://www.mrclay.org/wp-content/uploads/2010/04/agb140-e1271773766573-150x150.jpg" alt="Ibanez AGB140 Bass" width="150" height="150">[/caption]</p> + +<p>Aenean <a href="http://google.com/">aliquet cursus purus sed gravida. Cras auctor euismod justo, ac dictum purus facilisis dignissim.</a> Quisque facilisis porta sem, ac suscipit quam molestie nec. Pellentesque quis hendrerit enim. Vivamus tempor erat diam. Sed eu felis nunc. Cras posuere lorem commodo turpis mollis sagittis. Mauris lobortis nunc felis.</p> + +<p>Maecenas elit lorem, varius sed condimentum ac, cursus et magna. Nam ut massa id augue consectetur porttitor eleifend in nunc. Curabitur cursus varius dictum. Vestibulum vel justo et neque tempus placerat a vel sapien.</p> +</blockquote> +<p>Lorem ipsum dolor sit amet, consectetur adipiscing elit. Vivamus enim ante, mattis eget imperdiet nec, <a href="http://google.com/">pharetra </a>vel velit. Sed at euismod nibh. Praesent lacus tellus, posuere et convallis a, mollis et tellus.</p> +<pre><code><?php +class DataTest extends PHPUnit_Framework_TestCase +{ + /** + * @dataProvider provider + */ + public function testAdd($a, $b, $c) + { + $this->assertEquals($c, $a + $b); + } + + public function provider() + { + return array( + array(0, 0, 0), + array(0, 1, 1), + array(1, 0, 1), + array(1, 1, 3) + ); + } +}</code></pre><ul><li>Suspendisse potenti. Phasellus tincidunt dignissim est eget mattis.</li> + <li>Vestibulum lacinia condimentum tellus, non vestibulum erat dapibus quis.</li> + <li>Aliquam arcu nibh, <a href="http://google.com/">viverra</a> adipiscing eleifend quis, pretium vitae ipsum.</li> + <li>Curabitur turpis ante, congue ac <a href="http://google.com/">dapibus quis</a>, vehicula ac orci.</li> +</ul> +<p>Nunc luctus neque non massa porta sed pharetra ante accumsan. Nam suscipit risus quis libero convallis viverra. Ut at arcu enim, vel pharetra dolor. Donec at massa ante, sagittis fermentum urna.</p> + +<p><object width="480" height="390"><param name="movie" value="http://www.youtube.com/v/zW9YOMaVTFI?fs=1&hl=en_US"><param name="allowFullScreen" value="true"><param name="allowscriptaccess" value="always"><embed type="application/x-shockwave-flash" width="480" height="390" src="http://www.youtube.com/v/zW9YOMaVTFI?fs=1&hl=en_US" allowfullscreen="true" allowscriptaccess="always"></embed></object></p> diff --git a/engine/tests/test_files/output/autop/typical-post.in.html b/engine/tests/test_files/output/autop/typical-post.in.html new file mode 100644 index 000000000..6e4984cc4 --- /dev/null +++ b/engine/tests/test_files/output/autop/typical-post.in.html @@ -0,0 +1,89 @@ +<h2>Lorem ipsum dolor sit amet, consectetur adipiscing elit.</h2> +<img class="alignright size-thumbnail wp-image-905" title="Surest Things mixing session in Adobe Audition" src="http://www.mrclay.org/wp-content/uploads/2010/09/surestThings_audition-150x150.png" alt="screenshot of Audition mixing session" width="150" height="150" />Vivamus enim ante, <em>mattis eget imperdiet nec, pharetra vel velit.</em> Sed at euismod nibh. Praesent lacus tellus, <a href="http://google.com/">posuere et convallis</a> a, <strong>mollis et tellus. Suspendisse potenti</strong>. Phasellus tincidunt dignissim est eget mattis. Vestibulum lacinia <del>condimentum tellus, non vestibulum erat dapibus</del> quis. Aliquam arcu nibh, viverra adipiscing eleifend quis, pretium vitae ipsum. + +Curabitur turpis ante, <span style="color: #993300;">congue ac dapibus quis, vehicula ac orci.</span> Nunc luctus neque non massa porta sed pharetra ante accumsan. <a href="http://google.com/">Nam suscipit</a> risus quis libero convallis viverra. Ut at arcu enim, vel pharetra dolor. +<h3>Donec at massa ante, sagittis fermentum urna.</h3> +<blockquote>Mauris volutpat est id massa volutpat lacinia. Class aptent taciti sociosqu ad litora torquent per conubia nostra, per inceptos himenaeos. In in nisl mauris. In aliquet pretium nisl, vel convallis neque cursus vitae. Curabitur id mauris in urna gravida ornare. + +[caption id="attachment_719" align="alignleft" width="150" caption="Ibanez AGB140 Bass"]<img class="size-thumbnail wp-image-719" title="Ibanez AGB140 Bass" src="http://www.mrclay.org/wp-content/uploads/2010/04/agb140-e1271773766573-150x150.jpg" alt="Ibanez AGB140 Bass" width="150" height="150" />[/caption] + +Aenean <a href="http://google.com/">aliquet cursus purus sed gravida. Cras auctor euismod justo, ac dictum purus facilisis dignissim.</a> Quisque facilisis porta sem, ac suscipit quam molestie nec. Pellentesque quis hendrerit enim. Vivamus tempor erat diam. Sed eu felis nunc. Cras posuere lorem commodo turpis mollis sagittis. Mauris lobortis nunc felis. + +Maecenas elit lorem, varius sed condimentum ac, cursus et magna. Nam ut massa id augue consectetur porttitor eleifend in nunc. Curabitur cursus varius dictum. Vestibulum vel justo et neque tempus placerat a vel sapien.</blockquote> +Lorem ipsum dolor sit amet, consectetur adipiscing elit. Vivamus enim ante, mattis eget imperdiet nec, <a href="http://google.com/">pharetra </a>vel velit. Sed at euismod nibh. Praesent lacus tellus, posuere et convallis a, mollis et tellus. + +<pre><code><?php +class DataTest extends PHPUnit_Framework_TestCase +{ + /** + * @dataProvider provider + */ + public function testAdd($a, $b, $c) + { + $this->assertEquals($c, $a + $b); + } + + public function provider() + { + return array( + array(0, 0, 0), + array(0, 1, 1), + array(1, 0, 1), + array(1, 1, 3) + ); + } +}</code></pre> +<ul> + <li>Suspendisse potenti. Phasellus tincidunt dignissim est eget mattis.</li> + <li>Vestibulum lacinia condimentum tellus, non vestibulum erat dapibus quis.</li> + <li>Aliquam arcu nibh, <a href="http://google.com/">viverra</a> adipiscing eleifend quis, pretium vitae ipsum.</li> + <li>Curabitur turpis ante, congue ac <a href="http://google.com/">dapibus quis</a>, vehicula ac orci.</li> +</ul> +Nunc luctus neque non massa porta sed pharetra ante accumsan. Nam suscipit risus quis libero convallis viverra. Ut at arcu enim, vel pharetra dolor. Donec at massa ante, sagittis fermentum urna. + +<object width="480" height="390"><param name="movie" value="http://www.youtube.com/v/zW9YOMaVTFI?fs=1&hl=en_US" /><param name="allowFullScreen" value="true" /><param name="allowscriptaccess" value="always" /><embed type="application/x-shockwave-flash" width="480" height="390" src="http://www.youtube.com/v/zW9YOMaVTFI?fs=1&hl=en_US" allowfullscreen="true" allowscriptaccess="always"></embed></object> + +<h2>Lorem ipsum dolor sit amet, consectetur adipiscing elit.</h2> +<img class="alignright size-thumbnail wp-image-905" title="Surest Things mixing session in Adobe Audition" src="http://www.mrclay.org/wp-content/uploads/2010/09/surestThings_audition-150x150.png" alt="screenshot of Audition mixing session" width="150" height="150" />Vivamus enim ante, <em>mattis eget imperdiet nec, pharetra vel velit.</em> Sed at euismod nibh. Praesent lacus tellus, <a href="http://google.com/">posuere et convallis</a> a, <strong>mollis et tellus. Suspendisse potenti</strong>. Phasellus tincidunt dignissim est eget mattis. Vestibulum lacinia <del>condimentum tellus, non vestibulum erat dapibus</del> quis. Aliquam arcu nibh, viverra adipiscing eleifend quis, pretium vitae ipsum. + +Curabitur turpis ante, <span style="color: #993300;">congue ac dapibus quis, vehicula ac orci.</span> Nunc luctus neque non massa porta sed pharetra ante accumsan. <a href="http://google.com/">Nam suscipit</a> risus quis libero convallis viverra. Ut at arcu enim, vel pharetra dolor. +<h3>Donec at massa ante, sagittis fermentum urna.</h3> +<blockquote>Mauris volutpat est id massa volutpat lacinia. Class aptent taciti sociosqu ad litora torquent per conubia nostra, per inceptos himenaeos. In in nisl mauris. In aliquet pretium nisl, vel convallis neque cursus vitae. Curabitur id mauris in urna gravida ornare. + +[caption id="attachment_719" align="alignleft" width="150" caption="Ibanez AGB140 Bass"]<img class="size-thumbnail wp-image-719" title="Ibanez AGB140 Bass" src="http://www.mrclay.org/wp-content/uploads/2010/04/agb140-e1271773766573-150x150.jpg" alt="Ibanez AGB140 Bass" width="150" height="150" />[/caption] + +Aenean <a href="http://google.com/">aliquet cursus purus sed gravida. Cras auctor euismod justo, ac dictum purus facilisis dignissim.</a> Quisque facilisis porta sem, ac suscipit quam molestie nec. Pellentesque quis hendrerit enim. Vivamus tempor erat diam. Sed eu felis nunc. Cras posuere lorem commodo turpis mollis sagittis. Mauris lobortis nunc felis. + +Maecenas elit lorem, varius sed condimentum ac, cursus et magna. Nam ut massa id augue consectetur porttitor eleifend in nunc. Curabitur cursus varius dictum. Vestibulum vel justo et neque tempus placerat a vel sapien.</blockquote> +Lorem ipsum dolor sit amet, consectetur adipiscing elit. Vivamus enim ante, mattis eget imperdiet nec, <a href="http://google.com/">pharetra </a>vel velit. Sed at euismod nibh. Praesent lacus tellus, posuere et convallis a, mollis et tellus. + +<pre><code><?php +class DataTest extends PHPUnit_Framework_TestCase +{ + /** + * @dataProvider provider + */ + public function testAdd($a, $b, $c) + { + $this->assertEquals($c, $a + $b); + } + + public function provider() + { + return array( + array(0, 0, 0), + array(0, 1, 1), + array(1, 0, 1), + array(1, 1, 3) + ); + } +}</code></pre> +<ul> + <li>Suspendisse potenti. Phasellus tincidunt dignissim est eget mattis.</li> + <li>Vestibulum lacinia condimentum tellus, non vestibulum erat dapibus quis.</li> + <li>Aliquam arcu nibh, <a href="http://google.com/">viverra</a> adipiscing eleifend quis, pretium vitae ipsum.</li> + <li>Curabitur turpis ante, congue ac <a href="http://google.com/">dapibus quis</a>, vehicula ac orci.</li> +</ul> +Nunc luctus neque non massa porta sed pharetra ante accumsan. Nam suscipit risus quis libero convallis viverra. Ut at arcu enim, vel pharetra dolor. Donec at massa ante, sagittis fermentum urna. + +<object width="480" height="390"><param name="movie" value="http://www.youtube.com/v/zW9YOMaVTFI?fs=1&hl=en_US" /><param name="allowFullScreen" value="true" /><param name="allowscriptaccess" value="always" /><embed type="application/x-shockwave-flash" width="480" height="390" src="http://www.youtube.com/v/zW9YOMaVTFI?fs=1&hl=en_US" allowfullscreen="true" allowscriptaccess="always"></embed></object>
\ No newline at end of file diff --git a/engine/tests/test_files/output/autop/wp-welcome.exp.html b/engine/tests/test_files/output/autop/wp-welcome.exp.html new file mode 100644 index 000000000..2f612e3dd --- /dev/null +++ b/engine/tests/test_files/output/autop/wp-welcome.exp.html @@ -0,0 +1,22 @@ + +<p>Welcome to WordPress! This post contains important information. After you read it, you can make it private to hide it from visitors but still have the information handy for future reference.</p> + +<p>First things first:</p> +<ul><li><a href="%1%24s" title="Subscribe to the WordPress mailing list for Release Notifications">Subscribe to the WordPress mailing list for release notifications</a></li> +</ul> +<p>As a subscriber, you will receive an email every time an update is available (and only then). This will make it easier to keep your site up to date, and secure from evildoers.<br />When a new version is released, <a href="%2%24s" title="If you are already logged in, this will take you directly to the Dashboard">log in to the Dashboard</a> and follow the instructions.<br />Upgrading is a couple of clicks!</p> + +<p>Then you can start enjoying the WordPress experience:</p> +<ul><li>Edit your personal information at <a href="%3%24s" title="Edit settings like your password, your display name and your contact information">Users › Your Profile</a></li> + <li>Start publishing at <a href="%4%24s" title="Create a new post">Posts › Add New</a> and at <a href="%5%24s" title="Create a new page">Pages › Add New</a></li> + <li>Browse and install plugins at <a href="%6%24s" title="Browse and install plugins at the official WordPress repository directly from your Dashboard">Plugins › Add New</a></li> + <li>Browse and install themes at <a href="%7%24s" title="Browse and install themes at the official WordPress repository directly from your Dashboard">Appearance › Add New Themes</a></li> + <li>Modify and prettify your website’s links at <a href="%8%24s" title="For example, select a link structure like: http://example.com/1999/12/post-name">Settings › Permalinks</a></li> + <li>Import content from another system or WordPress site at <a href="%9%24s" title="WordPress comes with importers for the most common publishing systems">Tools › Import</a></li> + <li>Find answers to your questions at the <a href="%10%24s" title="The official WordPress documentation, maintained by the WordPress community">WordPress Codex</a></li> +</ul> +<p>To keep this post for reference, <a href="%11%24s" title="Click to edit the content and settings of this post">click to edit it</a>, go to the Publish box and change its Visibility from Public to Private.</p> + +<p>Thank you for selecting WordPress. We wish you happy publishing!</p> + +<p>PS. Not yet subscribed for update notifications? <a href="%1%24s" title="Subscribe to the WordPress mailing list for Release Notifications">Do it now!</a></p> diff --git a/engine/tests/test_files/output/autop/wp-welcome.in.html b/engine/tests/test_files/output/autop/wp-welcome.in.html new file mode 100644 index 000000000..338ede73f --- /dev/null +++ b/engine/tests/test_files/output/autop/wp-welcome.in.html @@ -0,0 +1,25 @@ +Welcome to WordPress! This post contains important information. After you read it, you can make it private to hide it from visitors but still have the information handy for future reference. + +First things first: +<ul> + <li><a href="%1$s" title="Subscribe to the WordPress mailing list for Release Notifications">Subscribe to the WordPress mailing list for release notifications</a></li> +</ul> +As a subscriber, you will receive an email every time an update is available (and only then). This will make it easier to keep your site up to date, and secure from evildoers. +When a new version is released, <a href="%2$s" title="If you are already logged in, this will take you directly to the Dashboard">log in to the Dashboard</a> and follow the instructions. +Upgrading is a couple of clicks! + +Then you can start enjoying the WordPress experience: +<ul> + <li>Edit your personal information at <a href="%3$s" title="Edit settings like your password, your display name and your contact information">Users › Your Profile</a></li> + <li>Start publishing at <a href="%4$s" title="Create a new post">Posts › Add New</a> and at <a href="%5$s" title="Create a new page">Pages › Add New</a></li> + <li>Browse and install plugins at <a href="%6$s" title="Browse and install plugins at the official WordPress repository directly from your Dashboard">Plugins › Add New</a></li> + <li>Browse and install themes at <a href="%7$s" title="Browse and install themes at the official WordPress repository directly from your Dashboard">Appearance › Add New Themes</a></li> + <li>Modify and prettify your website’s links at <a href="%8$s" title="For example, select a link structure like: http://example.com/1999/12/post-name">Settings › Permalinks</a></li> + <li>Import content from another system or WordPress site at <a href="%9$s" title="WordPress comes with importers for the most common publishing systems">Tools › Import</a></li> + <li>Find answers to your questions at the <a href="%10$s" title="The official WordPress documentation, maintained by the WordPress community">WordPress Codex</a></li> +</ul> +To keep this post for reference, <a href="%11$s" title="Click to edit the content and settings of this post">click to edit it</a>, go to the Publish box and change its Visibility from Public to Private. + +Thank you for selecting WordPress. We wish you happy publishing! + +PS. Not yet subscribed for update notifications? <a href="%1$s" title="Subscribe to the WordPress mailing list for Release Notifications">Do it now!</a> diff --git a/engine/tests/test_files/output/autop/wpautop-fails.exp.html b/engine/tests/test_files/output/autop/wpautop-fails.exp.html new file mode 100644 index 000000000..d018db4ff --- /dev/null +++ b/engine/tests/test_files/output/autop/wpautop-fails.exp.html @@ -0,0 +1,31 @@ + +<p>paragraph</p> + +<p>paragraph</p> +<div class="whatever"><blockquote> +<p>paragraph</p> +</blockquote> +<p>line</p> +</div> +<p>paragraph</p> +<ul><li>line</li> +<li>paragraph + +paragraph</li> +</ul> +<p>paragraph<br />line<br />line</p> +<pre>Honor +this whitespace +</pre> +<p>paragraph</p> +<style><!-- +Do not alter! +--></style> +<p>paragraph <!-- do not alter --></p> +<dl><dt>term</dt> <dd>paragraph + +<a href="xx"> <img src="yy"></a> + +paragraph</dd> </dl><div><a href="xx"> <img src="yy"></a></div> +<p>Hello <a href="link"><br /><br />World</a></p> +<p id="abc">Paragraph</p><div>Line</div>
\ No newline at end of file diff --git a/engine/tests/test_files/output/autop/wpautop-fails.in.html b/engine/tests/test_files/output/autop/wpautop-fails.in.html new file mode 100644 index 000000000..9aa24be59 --- /dev/null +++ b/engine/tests/test_files/output/autop/wpautop-fails.in.html @@ -0,0 +1,41 @@ + +paragraph + +paragraph <div class="whatever"><blockquote> + paragraph + </blockquote> + line +</div> + +paragraph +<ul> +<li>line</li> +<li>paragraph + +paragraph</li> +</ul> +paragraph +line<br> + line +<pre>Honor +this whitespace +</pre> +paragraph +<style><!-- +Do not alter! +--></style> +paragraph <!-- do not alter --> +<dl> <dt>term</dt> <dd>paragraph + +<a href="xx"> <img src="yy" /> </a> + +paragraph</dd> </dl> +<div><a href="xx"> <img src="yy" /> </a></div> + +Hello <a href="link"> + +World</a> + +<p id="abc">Paragraph</p> + +<div>Line</div>
\ No newline at end of file diff --git a/engine/tests/test_files/output/autop/wysiwyg-test.exp.html b/engine/tests/test_files/output/autop/wysiwyg-test.exp.html new file mode 100644 index 000000000..1f23d6154 --- /dev/null +++ b/engine/tests/test_files/output/autop/wysiwyg-test.exp.html @@ -0,0 +1,51 @@ + +<p>&nbps;<br />≴</p> +<h1>h1</h1> +<p>Paragraph <a href="http://google.com/">link</a> <strong>Bold</strong> <em>italic</em> <em><strong>bolditalic</strong></em> <span style="background-color: #ffff00; "></span></p> +<h2>h2</h2> +<p>Paragraph <span style="font-size: xx-small;">size1</span> <span style="font-size: x-small;">size2</span> <span style="font-size: medium;">size4</span></p> +<h3>h3</h3> +<p>Paragraph <span style="text-decoration: underline;">underline</span> <span style="text-decoration: line-through;">strikethrough</span> <span style="color: #ff0000;">color</span> <span style="background-color: #ffff00; ">background</span></p> +<blockquote> +<p>Blockquoted paragraph</p> +</blockquote> +<p>Paragraph following blockquote</p> +<ul><li>Unordered</li> + <li>List</li> +</ul> +<p>Paragraph between lists</p> +<ol><li>Ordered</li> + <li>List</li> +</ol> +<p>Paragraph between lists</p> +<ul><li>OL list</li> + <li>nested + <ol><li>inside a</li> + <li>UL list</li> + </ol></li> +</ul> +<p>Paragraph between lists</p> +<table border="0"><tbody><tr></tr><tr><td>Table with</td> + <td></td> + </tr><tr><td></td> + <td>border=0</td> + </tr></tbody></table> +<p>Paragraph</p> +<ol><li>UL list</li> + <li>nested + <ul><li>inside a</li> + <li>OL list</li> + </ul></li> +</ol> +<p>Paragraph between tables</p> +<table border="1" cellpadding="5"><tbody><tr><td>Table with border=1</td> + <td></td> + </tr><tr><td></td> + <td>cellpadding = 5</td> + </tr></tbody></table> +<p>Paragraph between tables</p> +<table border="2"><tbody><tr><td>Table with</td> + <td></td> + </tr><tr><td></td> + <td>border=2</td> + </tr></tbody></table>
\ No newline at end of file diff --git a/engine/tests/test_files/output/autop/wysiwyg-test.in.html b/engine/tests/test_files/output/autop/wysiwyg-test.in.html new file mode 100644 index 000000000..733b0e2ec --- /dev/null +++ b/engine/tests/test_files/output/autop/wysiwyg-test.in.html @@ -0,0 +1,79 @@ +&nbps; +≴ +<h1>h1</h1> +Paragraph <a href="http://google.com/">link</a> <strong>Bold</strong> <em>italic</em> <em><strong>bolditalic</strong></em> <span style="background-color: #ffff00; "></span> +<h2>h2</h2> +Paragraph <span style="font-size: xx-small;">size1</span> <span style="font-size: x-small;">size2</span> <span style="font-size: medium;">size4</span> +<h3>h3</h3> +Paragraph <span style="text-decoration: underline;">underline</span> <span style="text-decoration: line-through;">strikethrough</span> <span style="color: #ff0000;">color</span> <span style="background-color: #ffff00; ">background</span> +<blockquote>Blockquoted paragraph</blockquote> +Paragraph following blockquote +<ul> + <li>Unordered</li> + <li>List</li> +</ul> +Paragraph between lists +<ol> + <li>Ordered</li> + <li>List</li> +</ol> +Paragraph between lists +<ul> + <li>OL list</li> + <li>nested + <ol> + <li>inside a</li> + <li>UL list</li> + </ol></li> +</ul> +Paragraph between lists +<table border="0"> + <tbody> + <tr> + </tr> + <tr> + <td>Table with</td> + <td></td> + </tr> + <tr> + <td></td> + <td>border=0</td> + </tr> + </tbody> +</table> +Paragraph +<ol> + <li>UL list</li> + <li>nested + <ul> + <li>inside a</li> + <li>OL list</li> + </ul> + </li> +</ol> +Paragraph between tables +<table border="1" cellpadding="5"> + <tbody> + <tr> + <td>Table with border=1</td> + <td></td> + </tr> + <tr> + <td></td> + <td>cellpadding = 5</td> + </tr> + </tbody> +</table> +Paragraph between tables +<table border="2"> + <tbody> + <tr> + <td>Table with</td> + <td></td> + </tr> + <tr> + <td></td> + <td>border=2</td> + </tr> + </tbody> +</table>
\ No newline at end of file diff --git a/install/ElggInstaller.php b/install/ElggInstaller.php index 03c84a43e..775bbf5b6 100644 --- a/install/ElggInstaller.php +++ b/install/ElggInstaller.php @@ -157,7 +157,7 @@ class ElggInstaller { 'password', ); foreach ($requiredParams as $key) { - if (!array_key_exists($key, $params)) { + if (empty($params[$key])) { $msg = elgg_echo('install:error:requiredfield', array($key)); throw new InstallationException($msg); } @@ -1519,22 +1519,27 @@ class ElggInstaller { protected function createAdminAccount($submissionVars, $login = FALSE) { global $CONFIG; - $guid = register_user( - $submissionVars['username'], - $submissionVars['password1'], - $submissionVars['displayname'], - $submissionVars['email'] - ); + try { + $guid = register_user( + $submissionVars['username'], + $submissionVars['password1'], + $submissionVars['displayname'], + $submissionVars['email'] + ); + } catch (Exception $e) { + register_error($e->getMessage()); + return false; + } if (!$guid) { register_error(elgg_echo('install:admin:cannot_create')); - return FALSE; + return false; } $user = get_entity($guid); if (!$user) { register_error(elgg_echo('install:error:loadadmin')); - return FALSE; + return false; } elgg_set_ignore_access(TRUE); @@ -1543,7 +1548,7 @@ class ElggInstaller { } else { datalist_set('admin_registered', 1); } - elgg_set_ignore_access(FALSE); + elgg_set_ignore_access(false); // add validation data to satisfy user validation plugins create_metadata($guid, 'validated', TRUE, '', 0, ACCESS_PUBLIC); diff --git a/install/ElggRewriteTester.php b/install/ElggRewriteTester.php index c01510f60..ab68da2b7 100644 --- a/install/ElggRewriteTester.php +++ b/install/ElggRewriteTester.php @@ -154,6 +154,8 @@ class ElggRewriteTester { if ($this->serverSupportsRemoteRead == FALSE) { $msg = elgg_echo('install:warning:rewrite:unknown', array($url)); + $msg .= elgg_view('install/js_rewrite_check', array('url' => $url)); + return array( 'severity' => 'warning', 'message' => $msg, @@ -165,6 +167,8 @@ class ElggRewriteTester { $msg = "$serverString\n\n"; if (!isset($this->htaccessIssue)) { $msg .= elgg_echo('install:error:rewrite:allowoverride'); + $msg .= elgg_view('install/js_rewrite_check', array('url' => $url)); + return array( 'severity' => 'failure', 'message' => $msg, diff --git a/install/cli/sample_installer.php b/install/cli/sample_installer.php index 954169a6a..0bae0cd23 100644 --- a/install/cli/sample_installer.php +++ b/install/cli/sample_installer.php @@ -3,10 +3,27 @@ * Sample cli installer script */ +$enabled = false; + +// Do not edit below this line. ////////////////////////////// + + +if (!$enabled) { + echo "To enable this script, change \$enabled to true.\n"; + echo "You *must* disable this script after a successful installation.\n"; + exit; +} + +if (PHP_SAPI !== 'cli') { + echo "You must use the command line to run this script."; + exit; +} + require_once(dirname(dirname(__FILE__)) . "/ElggInstaller.php"); $installer = new ElggInstaller(); +// none of the following may be empty $params = array( // database parameters 'dbuser' => '', @@ -28,3 +45,21 @@ $params = array( // install and create the .htaccess file $installer->batchInstall($params, TRUE); + +// at this point installation has completed (otherwise an exception halted execution). + +// try to rewrite the script to disable it. +if (is_writable(__FILE__)) { + $code = file_get_contents(__FILE__); + if (preg_match('~\\$enabled\\s*=\\s*(true|1)\\s*;~i', $code)) { + // looks safe to rewrite + $code = preg_replace('~\\$enabled\\s*=\\s*(true|1)\\s*;~i', '$enabled = false;', $code); + file_put_contents(__FILE__, $code); + + echo "\nNote: This script has been disabled for your safety.\n"; + exit; + } +} + +echo "\nWarning: You *must* disable this script by setting \$enabled = false;.\n"; +echo "Leaving this script enabled could endanger your installation.\n"; diff --git a/install/js/install.js b/install/js/install.js index 49b2be10c..37e5b0dc3 100644 --- a/install/js/install.js +++ b/install/js/install.js @@ -19,3 +19,24 @@ $(function() { } }); }); + +elgg = { + installer: {} +}; + +/** + * Check the rewrite address for "success" and then allows the installation to proceed. + */ +elgg.installer.rewriteTest = function(url, success_msg, nextURL) { + $.ajax(url, { + success: function(data, status, xhr) { + if (data == 'success') { + $('.elgg-require-rewrite li').attr('class', 'pass'); + $('.elgg-require-rewrite li').html('<p>' + success_msg + '</p>'); + $('.elgg-install-nav a.elgg-state-disabled') + .removeClass('elgg-state-disabled') + .attr('href', nextURL); + } + } + }); +} diff --git a/install/languages/en.php b/install/languages/en.php index 3a692e020..b2583fbc9 100644 --- a/install/languages/en.php +++ b/install/languages/en.php @@ -154,7 +154,7 @@ If you are ready to proceed, click the Next button.", 'install:error:rewrite:htaccess:cannot_copy' => 'A unknown error occurred while creating the .htaccess file. You need to manually copy htaccess_dist to .htaccess in Elgg\'s directory.', 'install:error:rewrite:altserver' => 'The rewrite rules test failed. You need to configure your web server with Elgg\'s rewrite rules and try again.', 'install:error:rewrite:unknown' => 'Oof. We couldn\'t figure out what kind of web server is running on your server and it failed the rewrite rules. We cannot offer any specific advice. Please check the troubleshooting link.', - 'install:warning:rewrite:unknown' => 'Your server does not support automatic testing of the rewrite rules. You can continue the installation, but you may experience problems with your site. You can manually test the rewrite rules by clicking this link: <a href="%s" target="_blank">test</a>. You will see the word success if the rules are working.', + 'install:warning:rewrite:unknown' => 'Your server does not support automatic testing of the rewrite rules and your browser does not support checking via JavaScript. You can continue the installation, but you may experience problems with your site. You can manually test the rewrite rules by clicking this link: <a href="%s" target="_blank">test</a>. You will see the word success if the rules are working.', ); add_translation("en", $english); diff --git a/js/lib/elgglib.js b/js/lib/elgglib.js index 81209ebd0..af2c94000 100644 --- a/js/lib/elgglib.js +++ b/js/lib/elgglib.js @@ -283,7 +283,7 @@ elgg.normalize_url = function(url) { } // 'javascript:' - else if (url.indexOf('javascript:') === 0) { + else if (url.indexOf('javascript:') === 0 || url.indexOf('mailto:') === 0 ) { return url; } @@ -347,8 +347,12 @@ elgg.system_messages = function(msgs, delay, type) { msgs.forEach(appendMessage); - $(messages_html.join('')).appendTo(systemMessages) - .animate({opacity: '1.0'}, delay).fadeOut('slow'); + if (type != 'error') { + $(messages_html.join('')).appendTo(systemMessages) + .animate({opacity: '1.0'}, delay).fadeOut('slow'); + } else { + $(messages_html.join('')).appendTo(systemMessages); + } }; /** diff --git a/js/lib/ui.js b/js/lib/ui.js index 616e71d54..413078b4f 100644 --- a/js/lib/ui.js +++ b/js/lib/ui.js @@ -10,7 +10,7 @@ elgg.ui.init = function () { }); $('.elgg-system-messages li').animate({opacity: 0.9}, 6000); - $('.elgg-system-messages li').fadeOut('slow'); + $('.elgg-system-messages li.elgg-state-success').fadeOut('slow'); $('[rel=toggle]').live('click', elgg.ui.toggles); @@ -283,7 +283,7 @@ elgg.ui.initDatePicker = function() { dataType: "script", cache: true, success: loadDatePicker, - error: loadDatePicker, // english language is already loaded. + error: loadDatePicker // english language is already loaded. }); } }; diff --git a/js/tests/ElggLibTest.js b/js/tests/ElggLibTest.js index a29ebf743..2a676e22a 100644 --- a/js/tests/ElggLibTest.js +++ b/js/tests/ElggLibTest.js @@ -99,7 +99,7 @@ ElggLibTest.prototype.testNormalizeUrl = function() { ['/mod/plugin/file.php', elgg.config.wwwroot + 'mod/plugin/file.php'], ['/mod/plugin/file.php?p=v&p2=v2', elgg.config.wwwroot + 'mod/plugin/file.php?p=v&p2=v2'], ['/rootfile.php', elgg.config.wwwroot + 'rootfile.php'], - ['/rootfile.php?p=v&p2=v2', elgg.config.wwwroot + 'rootfile.php?p=v&p2=v2'], + ['/rootfile.php?p=v&p2=v2', elgg.config.wwwroot + 'rootfile.php?p=v&p2=v2'] ].forEach(function(args) { assertEquals(args[1], elgg.normalize_url(args[0])); diff --git a/languages/en.php b/languages/en.php index bb5376a44..f3acc50ee 100644 --- a/languages/en.php +++ b/languages/en.php @@ -229,6 +229,7 @@ $english = array( 'LoginException:PasswordFailure' => 'We could not log you in. Please check your username/email and password.', 'LoginException:AccountLocked' => 'Your account has been locked for too many log in failures.', 'LoginException:ChangePasswordFailure' => 'Failed current password check.', + 'LoginException:Unknown' => 'We could not log you in due to an unknown error.', 'deprecatedfunction' => 'Warning: This code uses the deprecated function \'%s\' and is not compatible with this version of Elgg', @@ -581,6 +582,7 @@ $english = array( 'admin:users' => "Users", 'admin:users:online' => 'Currently Online', 'admin:users:newest' => 'Newest', + 'admin:users:admins' => 'Administrators', 'admin:users:add' => 'Add New User', 'admin:users:description' => "This admin panel allows you to control user settings for your site. Choose an option below to get started.", 'admin:users:adduser:label' => "Click here to add a new user...", @@ -732,6 +734,7 @@ $english = array( 'admin:statistics:label:numusers' => "Number of users", 'admin:statistics:label:numonline' => "Number of users online", 'admin:statistics:label:onlineusers' => "Users online now", + 'admin:statistics:label:admins'=>"Admins", 'admin:statistics:label:version' => "Elgg version", 'admin:statistics:label:version:release' => "Release", 'admin:statistics:label:version:version' => "Version", @@ -1052,6 +1055,10 @@ Once you have logged in, we highly recommend that you change your password. 'upgrading' => 'Upgrading...', 'upgrade:db' => 'Your database was upgraded.', 'upgrade:core' => 'Your Elgg installation was upgraded.', + 'upgrade:unlock' => 'Unlock upgrade', + 'upgrade:unlock:confirm' => "The database is locked for another upgrade. Running concurrent upgrades is dangerous. You should only continue if you know there is not another upgrade running. Unlock?", + 'upgrade:locked' => "Cannot upgrade. Another upgrade is running. To clear the upgrade lock, visit the Admin section.", + 'upgrade:unlock:success' => "Upgrade unlocked suscessfully.", 'upgrade:unable_to_upgrade' => 'Unable to upgrade.', 'upgrade:unable_to_upgrade_info' => 'This installation cannot be upgraded because legacy views diff --git a/mod/blog/actions/blog/auto_save_revision.php b/mod/blog/actions/blog/auto_save_revision.php index 66b65c5fd..e33edfaab 100644 --- a/mod/blog/actions/blog/auto_save_revision.php +++ b/mod/blog/actions/blog/auto_save_revision.php @@ -7,7 +7,7 @@ $guid = get_input('guid'); $user = elgg_get_logged_in_user_entity(); -$title = get_input('title'); +$title = htmlspecialchars(get_input('title', '', false), ENT_QUOTES, 'UTF-8'); $description = get_input('description'); $excerpt = get_input('excerpt'); diff --git a/mod/blog/actions/blog/save.php b/mod/blog/actions/blog/save.php index 048bc00be..070c96398 100644 --- a/mod/blog/actions/blog/save.php +++ b/mod/blog/actions/blog/save.php @@ -57,7 +57,11 @@ $required = array('title', 'description'); // load from POST and do sanity and access checking foreach ($values as $name => $default) { - $value = get_input($name, $default); + if ($name === 'title') { + $value = htmlspecialchars(get_input('title', $default, false), ENT_QUOTES, 'UTF-8'); + } else { + $value = get_input($name, $default); + } if (in_array($name, $required) && empty($value)) { $error = elgg_echo("blog:error:missing:$name"); diff --git a/mod/blog/lib/blog.php b/mod/blog/lib/blog.php index 4622a9e7e..3c71dfbab 100644 --- a/mod/blog/lib/blog.php +++ b/mod/blog/lib/blog.php @@ -50,7 +50,7 @@ function blog_get_page_content_read($guid = NULL) { /** * Get page components to list a user's or all blogs. * - * @param int $owner_guid The GUID of the page owner or NULL for all blogs + * @param int $container_guid The GUID of the page owner or NULL for all blogs * @return array */ function blog_get_page_content_list($container_guid = NULL) { @@ -62,10 +62,11 @@ function blog_get_page_content_list($container_guid = NULL) { $options = array( 'type' => 'object', 'subtype' => 'blog', - 'full_view' => FALSE, + 'full_view' => false, ); - $loggedin_userid = elgg_get_logged_in_user_guid(); + $current_user = elgg_get_logged_in_user_entity(); + if ($container_guid) { // access check for closed groups group_gatekeeper(); @@ -80,7 +81,7 @@ function blog_get_page_content_list($container_guid = NULL) { $crumbs_title = $container->name; elgg_push_breadcrumb($crumbs_title); - if ($container_guid == $loggedin_userid) { + if ($current_user && ($container_guid == $current_user->guid)) { $return['filter_context'] = 'mine'; } else if (elgg_instanceof($container, 'group')) { $return['filter'] = false; @@ -99,7 +100,13 @@ function blog_get_page_content_list($container_guid = NULL) { // show all posts for admin or users looking at their own blogs // show only published posts for other users. - if (!(elgg_is_admin_logged_in() || (elgg_is_logged_in() && $container_guid == $loggedin_userid))) { + $show_only_published = true; + if ($current_user) { + if (($current_user->guid == $container_guid) || $current_user->isAdmin()) { + $show_only_published = false; + } + } + if ($show_only_published) { $options['metadata_name_value_pairs'] = array( array('name' => 'status', 'value' => 'published'), ); @@ -155,11 +162,14 @@ function blog_get_page_content_friends($user_guid) { // admin / owners can see any posts // everyone else can only see published posts - if (!(elgg_is_admin_logged_in() || (elgg_is_logged_in() && $owner_guid == elgg_get_logged_in_user_guid()))) { - if ($upper > $now) { - $upper = $now; + $show_only_published = true; + $current_user = elgg_get_logged_in_user_entity(); + if ($current_user) { + if (($user_guid == $current_user->guid) || $current_user->isAdmin()) { + $show_only_published = false; } - + } + if ($show_only_published) { $options['metadata_name_value_pairs'][] = array( array('name' => 'status', 'value' => 'published') ); @@ -240,9 +250,9 @@ function blog_get_page_content_archive($owner_guid, $lower = 0, $upper = 0) { $list = elgg_list_entities_from_metadata($options); if (!$list) { - $content .= elgg_echo('blog:none'); + $content = elgg_echo('blog:none'); } else { - $content .= $list; + $content = $list; } $title = elgg_echo('date:month:' . date('m', $lower), array(date('Y', $lower))); @@ -274,6 +284,7 @@ function blog_get_page_content_edit($page, $guid = 0, $revision = NULL) { $vars['id'] = 'blog-post-edit'; $vars['class'] = 'elgg-form-alt'; + $sidebar = ''; if ($page == 'edit') { $blog = get_entity((int)$guid); @@ -310,14 +321,8 @@ function blog_get_page_content_edit($page, $guid = 0, $revision = NULL) { $content = elgg_echo('blog:error:cannot_edit_post'); } } else { - if (!$guid) { - $container = elgg_get_logged_in_user_entity(); - } else { - $container = get_entity($guid); - } - elgg_push_breadcrumb(elgg_echo('blog:add')); - $body_vars = blog_prepare_form_vars($blog); + $body_vars = blog_prepare_form_vars(null); $title = elgg_echo('blog:add'); $content = elgg_view_form('blog/save', $vars, $body_vars); @@ -384,7 +389,7 @@ function blog_prepare_form_vars($post = NULL, $revision = NULL) { if ($auto_save_annotations = $post->getAnnotations('blog_auto_save', 1)) { $auto_save = $auto_save_annotations[0]; } else { - $auto_save == FALSE; + $auto_save = false; } if ($auto_save && $auto_save->id != $revision->id) { @@ -396,52 +401,74 @@ function blog_prepare_form_vars($post = NULL, $revision = NULL) { /** * Forward to the new style of URLs + * + * Pre-1.7.5 + * Group blogs page: /blog/group:<container_guid>/ + * Group blog view: /blog/group:<container_guid>/read/<guid>/<title> + * 1.7.5-1.8 + * Group blogs page: /blog/owner/group:<container_guid>/ + * Group blog view: /blog/read/<guid> + * * * @param string $page */ function blog_url_forwarder($page) { - global $CONFIG; + + $viewtype = elgg_get_viewtype(); + $qs = ($viewtype === 'default') ? "" : "?view=$viewtype"; + + $url = "blog/all"; + + // easier to work with & no notices + $page = array_pad($page, 4, ""); // group usernames - if (substr_count($page[0], 'group:')) { - preg_match('/group\:([0-9]+)/i', $page[0], $matches); + if (preg_match('~/group\:([0-9]+)/~', "/{$page[0]}/{$page[1]}/", $matches)) { $guid = $matches[1]; $entity = get_entity($guid); - if ($entity) { - $url = "{$CONFIG->wwwroot}blog/group/$guid/all"; + if (elgg_instanceof($entity, 'group')) { + if (!empty($page[2])) { + $url = "blog/view/$page[2]/"; + } else { + $url = "blog/group/$guid/all"; + } register_error(elgg_echo("changebookmark")); - forward($url); + forward($url . $qs); } } + if (empty($page[0])) { + return; + } + // user usernames $user = get_user_by_username($page[0]); if (!$user) { return; } - if (!isset($page[1])) { + if (empty($page[1])) { $page[1] = 'owner'; } switch ($page[1]) { case "read": - $url = "{$CONFIG->wwwroot}blog/view/{$page[2]}/{$page[3]}"; + $url = "blog/view/{$page[2]}/{$page[3]}"; break; case "archive": - $url = "{$CONFIG->wwwroot}blog/archive/{$page[0]}/{$page[2]}/{$page[3]}"; + $url = "blog/archive/{$page[0]}/{$page[2]}/{$page[3]}"; break; case "friends": - $url = "{$CONFIG->wwwroot}blog/friends/{$page[0]}"; + $url = "blog/friends/{$page[0]}"; break; case "new": - $url = "{$CONFIG->wwwroot}blog/add/$user->guid"; + $url = "blog/add/$user->guid"; break; case "owner": - $url = "{$CONFIG->wwwroot}blog/owner/{$page[0]}"; + $url = "blog/owner/{$page[0]}"; break; } register_error(elgg_echo("changebookmark")); - forward($url); + forward($url . $qs); } diff --git a/mod/blog/start.php b/mod/blog/start.php index 9faf1794e..8cbaf5cca 100644 --- a/mod/blog/start.php +++ b/mod/blog/start.php @@ -99,8 +99,7 @@ function blog_page_handler($page) { elgg_load_library('elgg:blog'); - // @todo remove the forwarder in 1.9 - // forward to correct URL for blog pages pre-1.7.5 + // forward to correct URL for blog pages pre-1.8 blog_url_forwarder($page); // push all blogs breadcrumb diff --git a/mod/blog/views/default/forms/blog/save.php b/mod/blog/views/default/forms/blog/save.php index a805541bd..36fa2e0e8 100644 --- a/mod/blog/views/default/forms/blog/save.php +++ b/mod/blog/views/default/forms/blog/save.php @@ -23,7 +23,7 @@ if ($vars['guid']) { $delete_link = elgg_view('output/confirmlink', array( 'href' => $delete_url, 'text' => elgg_echo('delete'), - 'class' => 'elgg-button elgg-button-delete elgg-state-disabled float-alt' + 'class' => 'elgg-button elgg-button-delete float-alt' )); } @@ -53,7 +53,7 @@ $excerpt_label = elgg_echo('blog:excerpt'); $excerpt_input = elgg_view('input/text', array( 'name' => 'excerpt', 'id' => 'blog_excerpt', - 'value' => html_entity_decode($vars['excerpt'], ENT_COMPAT, 'UTF-8') + 'value' => _elgg_html_decode($vars['excerpt']) )); $body_label = elgg_echo('blog:body'); @@ -125,9 +125,10 @@ $draft_warning $excerpt_input </div> -<label for="blog_description">$body_label</label> -$body_input -<br /> +<div> + <label for="blog_description">$body_label</label> + $body_input +</div> <div> <label for="blog_tags">$tags_label</label> diff --git a/mod/bookmarks/actions/bookmarks/save.php b/mod/bookmarks/actions/bookmarks/save.php index 3ca6bef32..46090b115 100644 --- a/mod/bookmarks/actions/bookmarks/save.php +++ b/mod/bookmarks/actions/bookmarks/save.php @@ -5,7 +5,7 @@ * @package Bookmarks */ -$title = strip_tags(get_input('title')); +$title = htmlspecialchars(get_input('title', '', false), ENT_QUOTES, 'UTF-8'); $description = get_input('description'); $address = get_input('address'); $access_id = get_input('access_id'); diff --git a/mod/file/actions/file/upload.php b/mod/file/actions/file/upload.php index d72d04eb7..d6dce2528 100644 --- a/mod/file/actions/file/upload.php +++ b/mod/file/actions/file/upload.php @@ -6,7 +6,7 @@ */ // Get variables -$title = get_input("title"); +$title = htmlspecialchars(get_input('title', '', false), ENT_QUOTES, 'UTF-8'); $desc = get_input("description"); $access_id = (int) get_input("access_id"); $container_guid = (int) get_input('container_guid', 0); @@ -44,7 +44,7 @@ if ($new_file) { // if no title on new upload, grab filename if (empty($title)) { - $title = $_FILES['upload']['name']; + $title = htmlspecialchars($_FILES['upload']['name'], ENT_QUOTES, 'UTF-8'); } } else { diff --git a/mod/file/thumbnail.php b/mod/file/thumbnail.php index 35bf8c7f7..851f13a8f 100644 --- a/mod/file/thumbnail.php +++ b/mod/file/thumbnail.php @@ -46,7 +46,7 @@ if ($simpletype == "image") { // caching images for 10 days header("Content-type: $mime"); - header('Expires: ' . date('r',time() + 864000)); + header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', strtotime("+10 days")), true); header("Pragma: public", true); header("Cache-Control: public", true); header("Content-Length: " . strlen($contents)); diff --git a/mod/groups/actions/discussion/save.php b/mod/groups/actions/discussion/save.php index de4afadfb..b3e9da654 100644 --- a/mod/groups/actions/discussion/save.php +++ b/mod/groups/actions/discussion/save.php @@ -4,7 +4,7 @@ */ // Get variables -$title = get_input("title"); +$title = htmlspecialchars(get_input('title', '', false), ENT_QUOTES, 'UTF-8'); $desc = get_input("description"); $status = get_input("status"); $access_id = (int) get_input("access_id"); diff --git a/mod/groups/actions/groups/edit.php b/mod/groups/actions/groups/edit.php index df2464a65..d0689be2e 100644 --- a/mod/groups/actions/groups/edit.php +++ b/mod/groups/actions/groups/edit.php @@ -5,27 +5,25 @@ * @package ElggGroups */ -// Load configuration -global $CONFIG; +elgg_make_sticky_form('groups'); /** * wrapper for recursive array walk decoding */ function profile_array_decoder(&$v) { - $v = html_entity_decode($v, ENT_COMPAT, 'UTF-8'); + $v = _elgg_html_decode($v); } -elgg_make_sticky_form('groups'); - // Get group fields $input = array(); -foreach ($CONFIG->group as $shortname => $valuetype) { - // another work around for Elgg's encoding problems: #561, #1963 +foreach (elgg_get_config('group') as $shortname => $valuetype) { $input[$shortname] = get_input($shortname); + + // @todo treat profile fields as unescaped: don't filter, encode on output if (is_array($input[$shortname])) { array_walk_recursive($input[$shortname], 'profile_array_decoder'); } else { - $input[$shortname] = html_entity_decode($input[$shortname], ENT_COMPAT, 'UTF-8'); + $input[$shortname] = _elgg_html_decode($input[$shortname]); } if ($valuetype == 'tags') { @@ -33,21 +31,22 @@ foreach ($CONFIG->group as $shortname => $valuetype) { } } -$input['name'] = get_input('name'); -$input['name'] = html_entity_decode($input['name'], ENT_COMPAT, 'UTF-8'); +$input['name'] = htmlspecialchars(get_input('name', '', false), ENT_QUOTES, 'UTF-8'); $user = elgg_get_logged_in_user_entity(); $group_guid = (int)get_input('group_guid'); -$new_group_flag = $group_guid == 0; +$is_new_group = $group_guid == 0; -if ($new_group_flag && elgg_get_plugin_setting('limited_groups', 'groups') == 'yes' && !elgg_is_admin_logged_in()) { +if ($is_new_group + && (elgg_get_plugin_setting('limited_groups', 'groups') == 'yes') + && !$user->isAdmin()) { register_error(elgg_echo("groups:cantcreate")); forward(REFERER); } $group = new ElggGroup($group_guid); // load if present, if not create a new group -if (($group_guid) && (!$group->canEdit())) { +if ($group_guid && !$group->canEdit()) { register_error(elgg_echo("groups:cantedit")); forward(REFERER); } @@ -62,37 +61,46 @@ if (sizeof($input) > 0) { // Validate create if (!$group->name) { register_error(elgg_echo("groups:notitle")); - forward(REFERER); } // Set group tool options -if (isset($CONFIG->group_tool_options)) { - foreach ($CONFIG->group_tool_options as $group_option) { - $group_option_toggle_name = $group_option->name . "_enable"; - if ($group_option->default_on) { - $group_option_default_value = 'yes'; - } else { - $group_option_default_value = 'no'; - } - $group->$group_option_toggle_name = get_input($group_option_toggle_name, $group_option_default_value); +$tool_options = elgg_get_config('group_tool_options'); +if ($tool_options) { + foreach ($tool_options as $group_option) { + $option_toggle_name = $group_option->name . "_enable"; + $option_default = $group_option->default_on ? 'yes' : 'no'; + $group->$option_toggle_name = get_input($option_toggle_name, $option_default); } } // Group membership - should these be treated with same constants as access permissions? -switch (get_input('membership')) { - case ACCESS_PUBLIC: - $group->membership = ACCESS_PUBLIC; - break; - default: - $group->membership = ACCESS_PRIVATE; -} +$is_public_membership = (get_input('membership') == ACCESS_PUBLIC); +$group->membership = $is_public_membership ? ACCESS_PUBLIC : ACCESS_PRIVATE; -if ($new_group_flag) { +if ($is_new_group) { $group->access_id = ACCESS_PUBLIC; } +$old_owner_guid = $is_new_group ? 0 : $group->owner_guid; +$new_owner_guid = (int) get_input('owner_guid'); + +$owner_has_changed = false; +$old_icontime = null; +if (!$is_new_group && $new_owner_guid && $new_owner_guid != $old_owner_guid) { + // verify new owner is member and old owner/admin is logged in + if (is_group_member($group_guid, $new_owner_guid) && ($old_owner_guid == $user->guid || $user->isAdmin())) { + $group->owner_guid = $new_owner_guid; + + // @todo Remove this when #4683 fixed + $owner_has_changed = true; + $old_icontime = $group->icontime; + } +} + +$must_move_icons = ($owner_has_changed && $old_icontime); + $group->save(); // Invisible group support @@ -116,14 +124,18 @@ $group->save(); elgg_clear_sticky_form('groups'); // group creator needs to be member of new group and river entry created -if ($new_group_flag) { +if ($is_new_group) { + + // @todo this should not be necessary... elgg_set_page_owner_guid($group->guid); + $group->join($user); add_to_river('river/group/create', 'create', $user->guid, $group->guid, $group->access_id); } -// Now see if we have a file icon -if ((isset($_FILES['icon'])) && (substr_count($_FILES['icon']['type'],'image/'))) { +$has_uploaded_icon = (!empty($_FILES['icon']['type']) && substr_count($_FILES['icon']['type'], 'image/')); + +if ($has_uploaded_icon) { $icon_sizes = elgg_get_config('icon_sizes'); @@ -135,38 +147,58 @@ if ((isset($_FILES['icon'])) && (substr_count($_FILES['icon']['type'],'image/')) $filehandler->open("write"); $filehandler->write(get_uploaded_file('icon')); $filehandler->close(); + $filename = $filehandler->getFilenameOnFilestore(); + + $sizes = array('tiny', 'small', 'medium', 'large'); + + $thumbs = array(); + foreach ($sizes as $size) { + $thumbs[$size] = get_resized_image_from_existing_file( + $filename, + $icon_sizes[$size]['w'], + $icon_sizes[$size]['h'], + $icon_sizes[$size]['square'] + ); + } - $thumbtiny = get_resized_image_from_existing_file($filehandler->getFilenameOnFilestore(), $icon_sizes['tiny']['w'], $icon_sizes['tiny']['h'], $icon_sizes['tiny']['square']); - $thumbsmall = get_resized_image_from_existing_file($filehandler->getFilenameOnFilestore(), $icon_sizes['small']['w'], $icon_sizes['small']['h'], $icon_sizes['small']['square']); - $thumbmedium = get_resized_image_from_existing_file($filehandler->getFilenameOnFilestore(), $icon_sizes['medium']['w'], $icon_sizes['medium']['h'], $icon_sizes['medium']['square']); - $thumblarge = get_resized_image_from_existing_file($filehandler->getFilenameOnFilestore(), $icon_sizes['large']['w'], $icon_sizes['large']['h'], $icon_sizes['large']['square']); - if ($thumbtiny) { - + if ($thumbs['tiny']) { // just checking if resize successful $thumb = new ElggFile(); $thumb->owner_guid = $group->owner_guid; $thumb->setMimeType('image/jpeg'); - $thumb->setFilename($prefix."tiny.jpg"); - $thumb->open("write"); - $thumb->write($thumbtiny); - $thumb->close(); + foreach ($sizes as $size) { + $thumb->setFilename("{$prefix}{$size}.jpg"); + $thumb->open("write"); + $thumb->write($thumbs[$size]); + $thumb->close(); + } - $thumb->setFilename($prefix."small.jpg"); - $thumb->open("write"); - $thumb->write($thumbsmall); - $thumb->close(); + $group->icontime = time(); + } +} - $thumb->setFilename($prefix."medium.jpg"); - $thumb->open("write"); - $thumb->write($thumbmedium); - $thumb->close(); +// @todo Remove this when #4683 fixed +if ($must_move_icons) { + $filehandler = new ElggFile(); + $filehandler->setFilename('groups'); + $filehandler->owner_guid = $old_owner_guid; + $old_path = $filehandler->getFilenameOnFilestore(); - $thumb->setFilename($prefix."large.jpg"); - $thumb->open("write"); - $thumb->write($thumblarge); - $thumb->close(); + $sizes = array('', 'tiny', 'small', 'medium', 'large'); - $group->icontime = time(); + if ($has_uploaded_icon) { + // delete those under old owner + foreach ($sizes as $size) { + unlink("$old_path/{$group_guid}{$size}.jpg"); + } + } else { + // move existing to new owner + $filehandler->owner_guid = $group->owner_guid; + $new_path = $filehandler->getFilenameOnFilestore(); + + foreach ($sizes as $size) { + rename("$old_path/{$group_guid}{$size}.jpg", "$new_path/{$group_guid}{$size}.jpg"); + } } } diff --git a/mod/groups/icon.php b/mod/groups/icon.php index 1bd240ea6..ebdc1eb6d 100644 --- a/mod/groups/icon.php +++ b/mod/groups/icon.php @@ -18,7 +18,7 @@ if (!($group instanceof ElggGroup)) { // If is the same ETag, content didn't changed. $etag = $group->icontime . $group_guid; -if (isset($_SERVER['HTTP_IF_NONE_MATCH']) && trim($_SERVER['HTTP_IF_NONE_MATCH']) == $etag) { +if (isset($_SERVER['HTTP_IF_NONE_MATCH']) && trim($_SERVER['HTTP_IF_NONE_MATCH']) == "\"$etag\"") { header("HTTP/1.1 304 Not Modified"); exit; } @@ -46,9 +46,9 @@ if (!$success) { } header("Content-type: image/jpeg"); -header('Expires: ' . date('r',time() + 864000)); +header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', strtotime("+10 days")), true); header("Pragma: public"); header("Cache-Control: public"); header("Content-Length: " . strlen($contents)); -header("ETag: $etag"); +header("ETag: \"$etag\""); echo $contents; diff --git a/mod/groups/languages/en.php b/mod/groups/languages/en.php index 0ca980108..9e0799b3a 100644 --- a/mod/groups/languages/en.php +++ b/mod/groups/languages/en.php @@ -20,7 +20,9 @@ $english = array( 'groups:edit' => "Edit group", 'groups:delete' => 'Delete group', 'groups:membershiprequests' => 'Manage join requests', + 'groups:membershiprequests:pending' => 'Manage join requests (%s)', 'groups:invitations' => 'Group invitations', + 'groups:invitations:pending' => 'Group invitations (%s)', 'groups:icon' => 'Group icon (leave blank to leave unchanged)', 'groups:name' => 'Group name', @@ -30,11 +32,18 @@ $english = array( 'groups:interests' => 'Tags', 'groups:website' => 'Website', 'groups:members' => 'Group members', + 'groups:my_status' => 'My status', + 'groups:my_status:group_owner' => 'You own this group', + 'groups:my_status:group_member' => 'You are in this group', + 'groups:subscribed' => 'Group notifications on', + 'groups:unsubscribed' => 'Group notifications off', + 'groups:members:title' => 'Members of %s', 'groups:members:more' => "View all members", 'groups:membership' => "Group membership permissions", 'groups:access' => "Access permissions", 'groups:owner' => "Owner", + 'groups:owner:warning' => "Warning: if you change this value, you will no longer be the owner of this group.", 'groups:widget:num_display' => 'Number of groups to display', 'groups:widget:membership' => 'Group membership', 'groups:widgets:description' => 'Display the groups you are a member of on your profile', @@ -210,7 +219,7 @@ View and reply to the discussion: 'groups:updated' => "Last reply by %s %s", 'groups:started' => "Started by %s", 'groups:joinrequest:remove:check' => 'Are you sure you want to remove this join request?', - 'groups:invite:remove:check' => 'Are you sure you want to remove this invite?', + 'groups:invite:remove:check' => 'Are you sure you want to remove this invitation?', 'groups:invite:body' => "Hi %s, %s invited you to join the '%s' group. Click below to view your invitations: diff --git a/mod/groups/lib/groups.php b/mod/groups/lib/groups.php index 505cacd01..ea7308d39 100644 --- a/mod/groups/lib/groups.php +++ b/mod/groups/lib/groups.php @@ -264,14 +264,33 @@ function groups_handle_profile_page($guid) { groups_register_profile_buttons($group); $content = elgg_view('groups/profile/layout', array('entity' => $group)); - if (group_gatekeeper(false)) { - $sidebar = ''; + $sidebar = ''; + + if (group_gatekeeper(false)) { if (elgg_is_active_plugin('search')) { $sidebar .= elgg_view('groups/sidebar/search', array('entity' => $group)); } $sidebar .= elgg_view('groups/sidebar/members', array('entity' => $group)); - } else { - $sidebar = ''; + + $subscribed = false; + if (elgg_is_active_plugin('notifications')) { + global $NOTIFICATION_HANDLERS; + + foreach ($NOTIFICATION_HANDLERS as $method => $foo) { + $relationship = check_entity_relationship(elgg_get_logged_in_user_guid(), + 'notify' . $method, $guid); + + if ($relationship) { + $subscribed = true; + break; + } + } + } + + $sidebar .= elgg_view('groups/sidebar/my_status', array( + 'entity' => $group, + 'subscribed' => $subscribed + )); } $params = array( diff --git a/mod/groups/start.php b/mod/groups/start.php index c591410c5..4e49d9e55 100644 --- a/mod/groups/start.php +++ b/mod/groups/start.php @@ -144,9 +144,24 @@ function groups_setup_sidebar_menus() { if (elgg_in_context('group_profile')) { if (elgg_is_logged_in() && $page_owner->canEdit() && !$page_owner->isPublicMembership()) { $url = elgg_get_site_url() . "groups/requests/{$page_owner->getGUID()}"; + + $count = elgg_get_entities_from_relationship(array( + 'type' => 'user', + 'relationship' => 'membership_request', + 'relationship_guid' => $guid, + 'inverse_relationship' => true, + 'count' => true, + )); + + if ($count) { + $text = elgg_echo('groups:membershiprequests:pending', array($count)); + } else { + $text = elgg_echo('groups:membershiprequests'); + } + elgg_register_menu_item('page', array( 'name' => 'membership_requests', - 'text' => elgg_echo('groups:membershiprequests'), + 'text' => $text, 'href' => $url, )); } @@ -163,11 +178,21 @@ function groups_setup_sidebar_menus() { $url = "groups/owner/$user->username"; $item = new ElggMenuItem('groups:owned', elgg_echo('groups:owned'), $url); elgg_register_menu_item('page', $item); + $url = "groups/member/$user->username"; $item = new ElggMenuItem('groups:member', elgg_echo('groups:yours'), $url); elgg_register_menu_item('page', $item); + $url = "groups/invitations/$user->username"; - $item = new ElggMenuItem('groups:user:invites', elgg_echo('groups:invitations'), $url); + $invitations = groups_get_invited_groups($user->getGUID()); + if (is_array($invitations) && !empty($invitations)) { + $invitation_count = count($invitations); + $text = elgg_echo('groups:invitations:pending', array($invitation_count)); + } else { + $text = elgg_echo('groups:invitations'); + } + + $item = new ElggMenuItem('groups:user:invites', $text, $url); elgg_register_menu_item('page', $item); } } @@ -194,6 +219,15 @@ function groups_setup_sidebar_menus() { */ function groups_page_handler($page) { + // forward old profile urls + if (is_numeric($page[0])) { + $group = get_entity($page[0]); + if (elgg_instanceof($group, 'group', '', 'ElggGroup')) { + system_message(elgg_echo('changebookmark')); + forward($group->getURL()); + } + } + elgg_load_library('elgg:groups'); if (!isset($page[0])) { diff --git a/mod/groups/views/default/forms/groups/edit.php b/mod/groups/views/default/forms/groups/edit.php index 532e89c35..41d97e6c3 100644 --- a/mod/groups/views/default/forms/groups/edit.php +++ b/mod/groups/views/default/forms/groups/edit.php @@ -83,6 +83,42 @@ if (elgg_get_plugin_setting('hidden_groups', 'groups') == 'yes') { <?php } +if (isset($vars['entity'])) { + $entity = $vars['entity']; + $owner_guid = $vars['entity']->owner_guid; +} else { + $entity = false; +} + +if ($entity && ($owner_guid == elgg_get_logged_in_user_guid() || elgg_is_admin_logged_in())) { + $owner_guid = $vars['entity']->owner_guid; + $members = array(); + foreach ($vars['entity']->getMembers(0) as $member) { + $members[$member->guid] = "$member->name (@$member->username)"; + } +?> + +<div> + <label> + <?php echo elgg_echo('groups:owner'); ?><br /> + <?php echo elgg_view('input/dropdown', array( + 'name' => 'owner_guid', + 'value' => $owner_guid, + 'options_values' => $members, + 'class' => 'groups-owner-input', + )); + ?> + </label> + <?php + if ($owner_guid == elgg_get_logged_in_user_guid()) { + echo '<span class="elgg-text-help">' . elgg_echo('groups:owner:warning') . '</span>'; + } + ?> +</div> + +<?php +} + $tools = elgg_get_config('group_tool_options'); if ($tools) { usort($tools, create_function('$a,$b', 'return strcmp($a->label,$b->label);')); @@ -111,7 +147,7 @@ if ($tools) { <div class="elgg-foot"> <?php -if (isset($entity)) { +if ($entity) { echo elgg_view('input/hidden', array( 'name' => 'group_guid', 'value' => $entity->getGUID(), @@ -120,7 +156,7 @@ if (isset($entity)) { echo elgg_view('input/submit', array('value' => elgg_echo('save'))); -if (isset($entity)) { +if ($entity) { $delete_url = 'action/groups/delete?guid=' . $entity->getGUID(); echo elgg_view('output/confirmlink', array( 'text' => elgg_echo('groups:delete'), diff --git a/mod/groups/views/default/groups/css.php b/mod/groups/views/default/groups/css.php index 9c65d1602..20cd947f8 100644 --- a/mod/groups/views/default/groups/css.php +++ b/mod/groups/views/default/groups/css.php @@ -54,3 +54,24 @@ .groups-latest-reply { float: right; } + +.elgg-menu-groups-my-status li a { + display: block; + + -webkit-border-radius: 8px; + -moz-border-radius: 8px; + border-radius: 8px; + + background-color: white; + margin: 3px 0 5px 0; + padding: 2px 4px 2px 8px; +} +.elgg-menu-groups-my-status li a:hover { + background-color: #0054A7; + color: white; + text-decoration: none; +} +.elgg-menu-groups-my-status li.elgg-state-selected > a { + background-color: #4690D6; + color: white; +}
\ No newline at end of file diff --git a/mod/groups/views/default/groups/js.php b/mod/groups/views/default/groups/js.php index 1b4d33f32..0319be14a 100644 --- a/mod/groups/views/default/groups/js.php +++ b/mod/groups/views/default/groups/js.php @@ -1,3 +1,10 @@ +<?php +/** + * Javascript for Groups forms + * + * @package ElggGroups + */ +?> // this adds a class to support IE8 and older elgg.register_hook_handler('init', 'system', function() { diff --git a/mod/groups/views/default/groups/sidebar/my_status.php b/mod/groups/views/default/groups/sidebar/my_status.php new file mode 100644 index 000000000..4c36c0213 --- /dev/null +++ b/mod/groups/views/default/groups/sidebar/my_status.php @@ -0,0 +1,62 @@ +<?php +/** + * Group status for logged in user + * + * @package ElggGroups + * + * @uses $vars['entity'] Group entity + */ + +$group = elgg_extract('entity', $vars); +$user = elgg_get_logged_in_user_entity(); +$subscribed = elgg_extract('subscribed', $vars); + +if (!elgg_is_logged_in()) { + return true; +} +$t = new ElggMenuItem(); +// membership status +$is_member = $group->isMember($user); +$is_owner = $group->getOwnerEntity() == $user; + +if ($is_owner) { + elgg_register_menu_item('groups:my_status', array( + 'name' => 'membership_status', + 'text' => '<a>' . elgg_echo('groups:my_status:group_owner') . '</a>', + 'href' => false + )); +} elseif ($is_member) { + elgg_register_menu_item('groups:my_status', array( + 'name' => 'membership_status', + 'text' => '<a>' . elgg_echo('groups:my_status:group_member') . '</a>', + 'href' => false + )); +} else { + elgg_register_menu_item('groups:my_status', array( + 'name' => 'membership_status', + 'text' => elgg_echo('groups:join'), + 'href' => "/action/groups/join?group_guid={$group->getGUID()}", + 'is_action' => true + )); +} + +// notification info +if (elgg_is_active_plugin('notifications')) { + if ($subscribed) { + elgg_register_menu_item('groups:my_status', array( + 'name' => 'subscription_status', + 'text' => elgg_echo('groups:subscribed'), + 'href' => "notifications/group/$user->username", + 'is_action' => true + )); + } else { + elgg_register_menu_item('groups:my_status', array( + 'name' => 'subscription_status', + 'text' => elgg_echo('groups:unsubscribed'), + 'href' => "notifications/group/$user->username" + )); + } +} + +$body = elgg_view_menu('groups:my_status'); +echo elgg_view_module('aside', elgg_echo('groups:my_status'), $body); diff --git a/mod/groups/views/rss/groups/profile/layout.php b/mod/groups/views/rss/groups/profile/layout.php index 3eeb9eaf2..0dafe78ad 100644 --- a/mod/groups/views/rss/groups/profile/layout.php +++ b/mod/groups/views/rss/groups/profile/layout.php @@ -7,7 +7,12 @@ * @uses $vars['entity'] ElggGroup object */ -echo elgg_list_entities(array( - 'type' => 'object', - 'container_guid' => $vars['entity']->getGUID(), -)); +$entities = elgg_get_config('registered_entities'); + +if (!empty($entities['object'])) { + echo elgg_list_entities(array( + 'type' => 'object', + 'subtypes' => $entities['object'], + 'container_guid' => $vars['entity']->getGUID(), + )); +} diff --git a/mod/groups/views/rss/object/groupforumtopic.php b/mod/groups/views/rss/object/groupforumtopic.php index d730ef796..b2d05d488 100644 --- a/mod/groups/views/rss/object/groupforumtopic.php +++ b/mod/groups/views/rss/object/groupforumtopic.php @@ -14,7 +14,7 @@ if (empty($title)) { $permalink = htmlspecialchars($vars['entity']->getURL(), ENT_NOQUOTES, 'UTF-8'); $pubdate = date('r', $vars['entity']->getTimeCreated()); -$description = autop($vars['entity']->description); +$description = elgg_autop($vars['entity']->description); $creator = elgg_view('page/components/creator', $vars); $georss = elgg_view('page/components/georss', $vars); diff --git a/mod/messageboard/views/default/river/object/messageboard/create.php b/mod/messageboard/views/default/river/object/messageboard/create.php index 7ce7f6b4e..ac10a55c1 100644 --- a/mod/messageboard/views/default/river/object/messageboard/create.php +++ b/mod/messageboard/views/default/river/object/messageboard/create.php @@ -1,11 +1,12 @@ -<?php -/** - * Messageboard river view - */ - -$messageboard = $vars['item']->getAnnotation(); - -echo elgg_view('river/elements/layout', array( - 'item' => $vars['item'], - 'message' => $messageboard->value, -)); +<?php
+/**
+ * Messageboard river view
+ */
+
+$messageboard = $vars['item']->getAnnotation();
+$excerpt = elgg_get_excerpt($messageboard->value);
+
+echo elgg_view('river/elements/layout', array(
+ 'item' => $vars['item'],
+ 'message' => $excerpt,
+));
diff --git a/mod/messages/pages/messages/inbox.php b/mod/messages/pages/messages/inbox.php index fdfc20c43..de5b8b231 100644 --- a/mod/messages/pages/messages/inbox.php +++ b/mod/messages/pages/messages/inbox.php @@ -8,8 +8,13 @@ gatekeeper(); $page_owner = elgg_get_page_owner_entity(); -if (!$page_owner) { - register_error(elgg_echo()); + +if (!$page_owner || !$page_owner->canEdit()) { + $guid = 0; + if($page_owner){ + $guid = $page_owner->getGUID(); + } + register_error(elgg_echo("pageownerunavailable", array($guid))); forward(); } diff --git a/mod/messages/pages/messages/read.php b/mod/messages/pages/messages/read.php index 19e3ecdd7..4223c6bac 100644 --- a/mod/messages/pages/messages/read.php +++ b/mod/messages/pages/messages/read.php @@ -8,8 +8,8 @@ gatekeeper(); $message = get_entity(get_input('guid')); -if (!$message) { - forward('messages/inbox'); +if (!$message || !elgg_instanceof($message, "object", "messages")) { + forward('messages/inbox/' . elgg_get_logged_in_user_entity()->username); } // mark the message as read @@ -38,8 +38,9 @@ if ($inbox) { ); $body_params = array('message' => $message); $content .= elgg_view_form('messages/reply', $form_params, $body_params); - - if (elgg_get_logged_in_user_guid() == elgg_get_page_owner_guid()) { + $from_user = get_user($message->fromId); + + if ((elgg_get_logged_in_user_guid() == elgg_get_page_owner_guid()) && $from_user) { elgg_register_menu_item('title', array( 'name' => 'reply', 'href' => '#messages-reply-form', diff --git a/mod/messages/pages/messages/sent.php b/mod/messages/pages/messages/sent.php index af06ab273..3d08cd5ee 100644 --- a/mod/messages/pages/messages/sent.php +++ b/mod/messages/pages/messages/sent.php @@ -8,8 +8,13 @@ gatekeeper(); $page_owner = elgg_get_page_owner_entity(); -if (!$page_owner) { - register_error(elgg_echo()); + +if (!$page_owner || !$page_owner->canEdit()) { + $guid = 0; + if($page_owner){ + $guid = $page_owner->getGUID(); + } + register_error(elgg_echo("pageownerunavailable", array($guid))); forward(); } diff --git a/mod/pages/actions/pages/edit.php b/mod/pages/actions/pages/edit.php index a32e4a4ba..40215e02e 100644 --- a/mod/pages/actions/pages/edit.php +++ b/mod/pages/actions/pages/edit.php @@ -8,9 +8,10 @@ $variables = elgg_get_config('pages'); $input = array(); foreach ($variables as $name => $type) { - $input[$name] = get_input($name); if ($name == 'title') { - $input[$name] = strip_tags($input[$name]); + $input[$name] = htmlspecialchars(get_input($name, '', false), ENT_QUOTES, 'UTF-8'); + } else { + $input[$name] = get_input($name); } if ($type == 'tags') { $input[$name] = string_to_tag_array($input[$name]); @@ -59,6 +60,9 @@ if (sizeof($input) > 0) { if (($name == 'access_id' || $name == 'write_access_id') && !$can_change_access) { continue; } + if ($name == 'parent_guid') { + continue; + } $page->$name = $value; } @@ -67,7 +71,27 @@ if (sizeof($input) > 0) { // need to add check to make sure user can write to container $page->container_guid = $container_guid; -if ($parent_guid) { +if ($parent_guid && $parent_guid != $page_guid) { + // Check if parent isn't below the page in the tree + if ($page_guid) { + $tree_page = get_entity($parent_guid); + while ($tree_page->parent_guid > 0 && $page_guid != $tree_page->guid) { + $tree_page = get_entity($tree_page->parent_guid); + } + // If is below, bring all child elements forward + if ($page_guid == $tree_page->guid) { + $previous_parent = $page->parent_guid; + $children = elgg_get_entities_from_metadata(array( + 'metadata_name' => 'parent_guid', + 'metadata_value' => $page->getGUID() + )); + if ($children) { + foreach ($children as $child) { + $child->parent_guid = $previous_parent; + } + } + } + } $page->parent_guid = $parent_guid; } diff --git a/mod/pages/languages/en.php b/mod/pages/languages/en.php index eb9d22708..930676b3e 100644 --- a/mod/pages/languages/en.php +++ b/mod/pages/languages/en.php @@ -61,6 +61,7 @@ View and comment on the new page: 'pages:title' => 'Page title', 'pages:description' => 'Page text', 'pages:tags' => 'Tags', + 'pages:parent_guid' => 'Parent page', 'pages:access_id' => 'Read access', 'pages:write_access_id' => 'Write access', @@ -110,4 +111,4 @@ View and comment on the new page: 'pages:backtoparent' => "Back to '%s'", ); -add_translation("en", $english);
\ No newline at end of file +add_translation("en", $english); diff --git a/mod/pages/lib/pages.php b/mod/pages/lib/pages.php index 9a9ba12e9..afe42b68f 100644 --- a/mod/pages/lib/pages.php +++ b/mod/pages/lib/pages.php @@ -65,11 +65,11 @@ function pages_prepare_parent_breadcrumbs($page) { } /** - * Register the navigation menu + * Produce the navigation tree * * @param ElggEntity $container Container entity for the pages */ -function pages_register_navigation_tree($container) { +function pages_get_navigation_tree($container) { if (!$container) { return; } @@ -84,13 +84,18 @@ function pages_register_navigation_tree($container) { if (!$top_pages) { return; } + + $tree = array(); + $depths = array(); foreach ($top_pages as $page) { - elgg_register_menu_item('pages_nav', array( - 'name' => $page->getGUID(), - 'text' => $page->title, - 'href' => $page->getURL(), - )); + $tree[] = array( + 'guid' => $page->getGUID(), + 'title' => $page->title, + 'url' => $page->getURL(), + 'depth' => 0, + ); + $depths[$page->guid] = 0; $stack = array(); array_push($stack, $page); @@ -106,15 +111,37 @@ function pages_register_navigation_tree($container) { if ($children) { foreach ($children as $child) { - elgg_register_menu_item('pages_nav', array( - 'name' => $child->getGUID(), - 'text' => $child->title, - 'href' => $child->getURL(), - 'parent_name' => $parent->getGUID(), - )); + $tree[] = array( + 'guid' => $child->getGUID(), + 'title' => $child->title, + 'url' => $child->getURL(), + 'parent_guid' => $parent->getGUID(), + 'depth' => $depths[$parent->guid] + 1, + ); + $depths[$child->guid] = $depths[$parent->guid] + 1; array_push($stack, $child); } } } } + return $tree; +} + +/** + * Register the navigation menu + * + * @param ElggEntity $container Container entity for the pages + */ +function pages_register_navigation_tree($container) { + $pages = pages_get_navigation_tree($container); + if ($pages) { + foreach ($pages as $page) { + elgg_register_menu_item('pages_nav', array( + 'name' => $page['guid'], + 'text' => $page['title'], + 'href' => $page['url'], + 'parent_name' => $page['parent_guid'], + )); + } + } } diff --git a/mod/pages/start.php b/mod/pages/start.php index 6b0ad38b0..6d974f122 100644 --- a/mod/pages/start.php +++ b/mod/pages/start.php @@ -63,6 +63,7 @@ function pages_init() { 'title' => 'text', 'description' => 'longtext', 'tags' => 'tags', + 'parent_guid' => 'parent', 'access_id' => 'access', 'write_access_id' => 'write_access', )); diff --git a/mod/pages/views/default/forms/pages/edit.php b/mod/pages/views/default/forms/pages/edit.php index 9469f5eb9..e14ff19ec 100644 --- a/mod/pages/views/default/forms/pages/edit.php +++ b/mod/pages/views/default/forms/pages/edit.php @@ -18,6 +18,18 @@ foreach ($variables as $name => $type) { if (($type == 'access' || $type == 'write_access') && !$can_change_access) { continue; } + + // don't show parent picker input for top or new pages. + if ($name == 'parent_guid' && (!$vars['parent_guid'] || !$vars['guid'])) { + continue; + } + + if ($type == 'parent') { + $input_view = "pages/input/$type"; + } else { + $input_view = "input/$type"; + } + ?> <div> <label><?php echo elgg_echo("pages:$name") ?></label> @@ -26,9 +38,10 @@ foreach ($variables as $name => $type) { echo '<br />'; } - echo elgg_view("input/$type", array( + echo elgg_view($input_view, array( 'name' => $name, 'value' => $vars[$name], + 'entity' => ($name == 'parent_guid') ? $vars['entity'] : null, )); ?> </div> @@ -52,7 +65,7 @@ echo elgg_view('input/hidden', array( 'name' => 'container_guid', 'value' => $vars['container_guid'], )); -if ($vars['parent_guid']) { +if (!$vars['guid']) { echo elgg_view('input/hidden', array( 'name' => 'parent_guid', 'value' => $vars['parent_guid'], diff --git a/mod/pages/views/default/pages/input/parent.php b/mod/pages/views/default/pages/input/parent.php new file mode 100644 index 000000000..c5ee3c3fb --- /dev/null +++ b/mod/pages/views/default/pages/input/parent.php @@ -0,0 +1,37 @@ +<?php +/** + * Parent picker + * + * @uses $vars['value'] The current value, if any + * @uses $vars['options_values'] + * @uses $vars['name'] The name of the input field + * @uses $vars['entity'] Optional. The child entity (uses container_guid) + */ + +elgg_load_library('elgg:pages'); + +if (empty($vars['entity'])) { + $container = elgg_get_page_owner_entity(); +} else { + $container = $vars['entity']->getContainerEntity(); +} + +$pages = pages_get_navigation_tree($container); +$options = array(); + +foreach ($pages as $page) { + $spacing = ""; + for ($i = 0; $i < $page['depth']; $i++) { + $spacing .= "--"; + } + $options[$page['guid']] = "$spacing " . $page['title']; +} + +$defaults = array( + 'class' => 'elgg-pages-input-parent-picker', + 'options_values' => $options, +); + +$vars = array_merge($defaults, $vars); + +echo elgg_view('input/dropdown', $vars); diff --git a/mod/profile/icondirect.php b/mod/profile/icondirect.php index c4439f78c..dbab5d31f 100644 --- a/mod/profile/icondirect.php +++ b/mod/profile/icondirect.php @@ -23,7 +23,7 @@ $guid = (int)$_GET['guid']; // If is the same ETag, content didn't changed. $etag = $last_cache . $guid; -if (isset($_SERVER['HTTP_IF_NONE_MATCH']) && trim($_SERVER['HTTP_IF_NONE_MATCH']) == $etag) { +if (isset($_SERVER['HTTP_IF_NONE_MATCH']) && trim($_SERVER['HTTP_IF_NONE_MATCH']) == "\"$etag\"") { header("HTTP/1.1 304 Not Modified"); exit; } @@ -55,19 +55,15 @@ if ($mysql_dblink) { $user_path = date('Y/m/d/', $join_date) . $guid; $filename = "$data_root$user_path/profile/{$guid}{$size}.jpg"; - $contents = @file_get_contents($filename); - if (!empty($contents)) { + $size = @filesize($filename); + if ($size) { header("Content-type: image/jpeg"); - header('Expires: ' . date('r', strtotime("+6 months")), true); + header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', strtotime("+6 months")), true); header("Pragma: public"); header("Cache-Control: public"); - header("Content-Length: " . strlen($contents)); - header("ETag: $etag"); - // this chunking is done for supposedly better performance - $split_string = str_split($contents, 1024); - foreach ($split_string as $chunk) { - echo $chunk; - } + header("Content-Length: $size"); + header("ETag: \"$etag\""); + readfile($filename); exit; } } diff --git a/mod/profile/views/default/profile/details.php b/mod/profile/views/default/profile/details.php index 3af5cb756..7b05b0e15 100644 --- a/mod/profile/views/default/profile/details.php +++ b/mod/profile/views/default/profile/details.php @@ -28,7 +28,7 @@ if (is_array($profile_fields) && sizeof($profile_fields) > 0) { <div class="<?php echo $even_odd; ?>"> <b><?php echo elgg_echo("profile:{$shortname}"); ?>: </b> <?php - echo elgg_view("output/{$valtype}", array('value' => $user->$shortname)); + echo elgg_view("output/{$valtype}", array('value' => $value)); ?> </div> <?php diff --git a/mod/search/start.php b/mod/search/start.php index d2d7ed3c2..f493508d8 100644 --- a/mod/search/start.php +++ b/mod/search/start.php @@ -94,6 +94,8 @@ function search_get_highlighted_relevant_substrings($haystack, $query, $min_matc if (!$tag_match) { $words = search_remove_ignored_words($query, 'array'); + } else { + $words = array(); } // if haystack < $max_length return the entire haystack w/formatting immediately @@ -142,7 +144,7 @@ function search_get_highlighted_relevant_substrings($haystack, $query, $min_matc $total_length = array_sum($offsets); $add_length = 0; - if ($total_length < $max_length) { + if ($total_length < $max_length && $offsets) { $add_length = floor((($max_length - $total_length) / count($offsets)) / 2); $starts = array(); diff --git a/mod/search/views/default/search/no_results.php b/mod/search/views/default/search/no_results.php index 74b5b2cfa..0e9a5e295 100644 --- a/mod/search/views/default/search/no_results.php +++ b/mod/search/views/default/search/no_results.php @@ -3,4 +3,4 @@ * No results from search */ -echo autop(elgg_echo('search:no_results')); +echo elgg_autop(elgg_echo('search:no_results')); diff --git a/mod/search/views/default/search/search_box.php b/mod/search/views/default/search/search_box.php index ff12ae4f0..7474a280c 100644 --- a/mod/search/views/default/search/search_box.php +++ b/mod/search/views/default/search/search_box.php @@ -32,12 +32,11 @@ if (function_exists('mb_convert_encoding')) { } $display_query = htmlspecialchars($display_query, ENT_QUOTES, 'UTF-8', false); - ?> <form class="<?php echo $class; ?>" action="<?php echo elgg_get_site_url(); ?>search" method="get"> <fieldset> - <input type="text" class="search-input" size="21" name="q" value="<?php echo elgg_echo('search'); ?>" onblur="if (this.value=='') { this.value='<?php echo elgg_echo('search'); ?>' }" onfocus="if (this.value=='<?php echo elgg_echo('search'); ?>') { this.value='' };" /> + <input type="text" class="search-input" size="21" name="q" value="<?php echo $display_query; ?>" onblur="if (this.value=='') { this.value='<?php echo elgg_echo('search'); ?>' }" onfocus="if (this.value=='<?php echo elgg_echo('search'); ?>') { this.value='' };" /> <input type="hidden" name="search_type" value="all" /> <input type="submit" value="<?php echo elgg_echo('search:go'); ?>" class="search-submit-button" /> </fieldset> diff --git a/mod/thewire/views/rss/object/thewire.php b/mod/thewire/views/rss/object/thewire.php index 494c2c8dc..8fddb8aa8 100644 --- a/mod/thewire/views/rss/object/thewire.php +++ b/mod/thewire/views/rss/object/thewire.php @@ -15,7 +15,7 @@ $title = elgg_echo('thewire:by', array($owner->name)); $permalink = htmlspecialchars($vars['entity']->getURL(), ENT_NOQUOTES, 'UTF-8'); $pubdate = date('r', $vars['entity']->getTimeCreated()); -$description = autop($vars['entity']->description); +$description = elgg_autop($vars['entity']->description); $creator = elgg_view('page/components/creator', $vars); $georss = elgg_view('page/components/georss', $vars); diff --git a/mod/twitter/views/default/widgets/twitter/content.php b/mod/twitter/views/default/widgets/twitter/content.php index e429d0103..c616d944c 100644 --- a/mod/twitter/views/default/widgets/twitter/content.php +++ b/mod/twitter/views/default/widgets/twitter/content.php @@ -20,7 +20,7 @@ if ($username) { <ul id="twitter_update_list"></ul> <p class="visit_twitter"><a href="http://twitter.com/<?php echo $username; ?>"><?php echo elgg_echo("twitter:visit"); ?></a></p> <script type="text/javascript" src="http://twitter.com/javascripts/blogger.js"></script> - <script type="text/javascript" src="http://twitter.com/statuses/user_timeline/<?php echo $username; ?>.json?callback=twitterCallback2&count=<?php echo $num; ?>"></script> + <script type="text/javascript" src="https://api.twitter.com/1/statuses/user_timeline/<?php echo $username; ?>.json?callback=twitterCallback2&count=<?php echo $num; ?>"></script> </div> <?php diff --git a/mod/twitter_api/lib/twitter_api.php b/mod/twitter_api/lib/twitter_api.php index fbce00d34..e163d2b3e 100644 --- a/mod/twitter_api/lib/twitter_api.php +++ b/mod/twitter_api/lib/twitter_api.php @@ -29,6 +29,8 @@ function twitter_api_allow_sign_on_with_twitter() { * This includes the login URL as the callback */ function twitter_api_forward() { + global $SESSION; + // sanity check if (!twitter_api_allow_sign_on_with_twitter()) { forward(); @@ -37,6 +39,20 @@ function twitter_api_forward() { $callback = elgg_normalize_url("twitter_api/login"); $request_link = twitter_api_get_authorize_url($callback); + // capture metadata about login to persist through redirects + $login_metadata = array( + 'persistent' => (bool) get_input("persistent"), + ); + // capture referrer if in site, but not the twitter_api + if (!empty($SESSION['last_forward_from'])) { + $login_metadata['forward'] = $SESSION['last_forward_from']; + } elseif (!empty($_SERVER['HTTP_REFERER']) + && 0 === strpos($_SERVER['HTTP_REFERER'], elgg_get_site_url()) + && 0 !== strpos($_SERVER['HTTP_REFERER'], elgg_get_site_url() . 'twitter_api/')) { + $login_metadata['forward'] = $_SERVER['HTTP_REFERER']; + } + $SESSION['twitter_api_login_metadata'] = $login_metadata; + forward($request_link, 'twitter_api'); } @@ -55,6 +71,8 @@ function twitter_api_forward() { * the Twitter OAuth data. */ function twitter_api_login() { + /* @var ElggSession $SESSION */ + global $SESSION; // sanity check if (!twitter_api_allow_sign_on_with_twitter()) { @@ -62,6 +80,20 @@ function twitter_api_login() { } $token = twitter_api_get_access_token(get_input('oauth_verifier')); + + $persistent = false; + $forward = ''; + + // fetch login metadata from session + $login_metadata = $SESSION['twitter_api_login_metadata']; + unset($SESSION['twitter_api_login_metadata']); + if (!empty($login_metadata['persistent'])) { + $persistent = true; + } + if (!empty($login_metadata['forward'])) { + $forward = $login_metadata['forward']; + } + if (!isset($token['oauth_token']) or !isset($token['oauth_token_secret'])) { register_error(elgg_echo('twitter_api:login:error')); forward(); @@ -81,13 +113,13 @@ function twitter_api_login() { $users = elgg_get_entities_from_plugin_user_settings($options); if ($users) { - if (count($users) == 1 && login($users[0])) { - system_message(elgg_echo('twitter_api:login:success')); + if (count($users) == 1 && login($users[0], $persistent)) { + system_message(elgg_echo('twitter_api:login:success')); + forward($forward); } else { register_error(elgg_echo('twitter_api:login:error')); + forward(); } - - forward(elgg_get_site_url()); } else { $consumer_key = elgg_get_plugin_setting('consumer_key', 'twitter_api'); $consumer_secret = elgg_get_plugin_setting('consumer_secret', 'twitter_api'); @@ -301,9 +333,11 @@ function twitter_api_get_authorize_url($callback = NULL, $login = true) { /** * Returns the access token to use in twitter calls. * - * @param unknown_type $oauth_verifier + * @param bool $oauth_verifier + * @return array */ function twitter_api_get_access_token($oauth_verifier = FALSE) { + /* @var ElggSession $SESSION */ global $SESSION; $consumer_key = elgg_get_plugin_setting('consumer_key', 'twitter_api'); @@ -312,7 +346,7 @@ function twitter_api_get_access_token($oauth_verifier = FALSE) { // retrieve stored tokens $oauth_token = $SESSION['twitter_api']['oauth_token']; $oauth_token_secret = $SESSION['twitter_api']['oauth_token_secret']; - $SESSION->offsetUnset('twitter_api'); + unset($SESSION['twitter_api']); // fetch an access token $api = new TwitterOAuth($consumer_key, $consumer_secret, $oauth_token, $oauth_token_secret); diff --git a/mod/twitter_api/start.php b/mod/twitter_api/start.php index 08bce5479..e6221de6b 100644 --- a/mod/twitter_api/start.php +++ b/mod/twitter_api/start.php @@ -20,6 +20,7 @@ function twitter_api_init() { //elgg_extend_view('metatags', 'twitter_api/metatags'); elgg_extend_view('css/elgg', 'twitter_api/css'); elgg_extend_view('css/admin', 'twitter_api/css'); + elgg_extend_view('js/elgg', 'twitter_api/js'); // sign on with twitter if (twitter_api_allow_sign_on_with_twitter()) { @@ -60,7 +61,7 @@ function twitter_api_pagehandler_deprecated($page) { * Serves pages for twitter. * * @param array $page - * @return void + * @return bool */ function twitter_api_pagehandler($page) { if (!isset($page[0])) { @@ -131,14 +132,15 @@ function twitter_api_tweet($hook, $type, $returnvalue, $params) { // send tweet $api = new TwitterOAuth($consumer_key, $consumer_secret, $access_key, $access_secret); - $response = $api->post('statuses/update', array('status' => $params['message'])); + $api->post('statuses/update', array('status' => $params['message'])); } /** * Get tweets for a user. * - * @param int $user_id The Elgg user GUID + * @param int $user_guid The Elgg user GUID * @param array $options + * @return array */ function twitter_api_fetch_tweets($user_guid, $options = array()) { // check admin settings @@ -167,6 +169,7 @@ function twitter_api_fetch_tweets($user_guid, $options = array()) { * @param string $type * @param array $return_value * @param array $params + * @return array */ function twitter_api_public_pages($hook, $type, $return_value, $params) { $return_value[] = 'twitter_api/forward'; diff --git a/mod/twitter_api/vendors/twitteroauth/OAuth.php b/mod/twitter_api/vendors/twitteroauth/OAuth.php index b0e3cfd5e..e132a5bc8 100644 --- a/mod/twitter_api/vendors/twitteroauth/OAuth.php +++ b/mod/twitter_api/vendors/twitteroauth/OAuth.php @@ -78,6 +78,7 @@ class twitterOAuthRequest extends OAuthRequest { private $http_url; // for debug purposes public $base_string; + public static $version = '1.0'; public static $POST_INPUT = 'php://input'; function __construct($http_method, $http_url, $parameters=NULL) { @@ -145,7 +146,7 @@ class twitterOAuthRequest extends OAuthRequest { */ public static function from_consumer_and_token($consumer, $token, $http_method, $http_url, $parameters=NULL) { @$parameters or $parameters = array(); - $defaults = array("oauth_version" => '1.0', + $defaults = array("oauth_version" => twitterOAuthRequest::$version, "oauth_nonce" => twitterOAuthRequest::generate_nonce(), "oauth_timestamp" => twitterOAuthRequest::generate_timestamp(), "oauth_consumer_key" => $consumer->key); diff --git a/mod/twitter_api/vendors/twitteroauth/twitterOAuth.php b/mod/twitter_api/vendors/twitteroauth/twitterOAuth.php index a1021ce6f..f36e6158d 100644 --- a/mod/twitter_api/vendors/twitteroauth/twitterOAuth.php +++ b/mod/twitter_api/vendors/twitteroauth/twitterOAuth.php @@ -43,8 +43,8 @@ class TwitterOAuth { * Set API URLS */ function accessTokenURL() { return 'https://api.twitter.com/oauth/access_token'; } - function authenticateURL() { return 'https://twitter.com/oauth/authenticate'; } - function authorizeURL() { return 'https://twitter.com/oauth/authorize'; } + function authenticateURL() { return 'https://api.twitter.com/oauth/authenticate'; } + function authorizeURL() { return 'https://api.twitter.com/oauth/authorize'; } function requestTokenURL() { return 'https://api.twitter.com/oauth/request_token'; } /** diff --git a/mod/twitter_api/views/default/twitter_api/css.php b/mod/twitter_api/views/default/twitter_api/css.php index 04bbed668..2d081d361 100644 --- a/mod/twitter_api/views/default/twitter_api/css.php +++ b/mod/twitter_api/views/default/twitter_api/css.php @@ -4,7 +4,7 @@ */ ?> -#login_with_twitter { +.login_with_twitter { padding: 10px 0 0 0; } diff --git a/mod/twitter_api/views/default/twitter_api/js.php b/mod/twitter_api/views/default/twitter_api/js.php new file mode 100644 index 000000000..3d2905a44 --- /dev/null +++ b/mod/twitter_api/views/default/twitter_api/js.php @@ -0,0 +1,16 @@ +<?php if (0): ?><script><?php endif; ?> + +// add ?persistent to login link +elgg.register_hook_handler('init', 'system', function() { + $('form.elgg-form-login').each(function () { + var link = $('.login_with_twitter a', this).get(0), + $input = $('input[name="persistent"]', this); + function sync() { + link.href = link.href.replace(/\?.*/, '') + ($input[0].checked ? '?persistent' : ''); + } + if (link && $input.length) { + sync(); + $input.change(sync); + } + }); +}); diff --git a/mod/twitter_api/views/default/twitter_api/login.php b/mod/twitter_api/views/default/twitter_api/login.php index 17bd76d56..7b4b4ecb1 100644 --- a/mod/twitter_api/views/default/twitter_api/login.php +++ b/mod/twitter_api/views/default/twitter_api/login.php @@ -7,7 +7,7 @@ $url = elgg_get_site_url() . 'twitter_api/forward'; $img_url = elgg_get_site_url() . 'mod/twitter_api/graphics/sign-in-with-twitter-d.png'; $login = <<<__HTML -<div id="login_with_twitter"> +<div class="login_with_twitter"> <a href="$url"> <img src="$img_url" alt="Twitter" /> </a> diff --git a/mod/uservalidationbyemail/start.php b/mod/uservalidationbyemail/start.php index f98f57faf..f44d2ab50 100644 --- a/mod/uservalidationbyemail/start.php +++ b/mod/uservalidationbyemail/start.php @@ -233,15 +233,23 @@ function uservalidationbyemail_public_pages($hook, $type, $return_value, $params * @param string $type * @param ElggUser $user * @return bool + * + * @throws LoginException */ function uservalidationbyemail_check_manual_login($event, $type, $user) { $access_status = access_get_show_hidden_status(); access_show_hidden_entities(TRUE); - // @todo register_error()? - $return = ($user instanceof ElggUser && !$user->isEnabled() && !$user->validated) ? FALSE : NULL; + if (($user instanceof ElggUser) && !$user->isEnabled() && !$user->validated) { + // send new validation email + uservalidationbyemail_request_validation($user->getGUID()); + + // restore hidden entities settings + access_show_hidden_entities($access_status); + + // throw error so we get a nice error message + throw new LoginException(elgg_echo('uservalidationbyemail:login:fail')); + } access_show_hidden_entities($access_status); - - return $return; } diff --git a/mod/uservalidationbyemail/views/default/forms/uservalidationbyemail/bulk_action.php b/mod/uservalidationbyemail/views/default/forms/uservalidationbyemail/bulk_action.php index cbd13a709..9199922d6 100644 --- a/mod/uservalidationbyemail/views/default/forms/uservalidationbyemail/bulk_action.php +++ b/mod/uservalidationbyemail/views/default/forms/uservalidationbyemail/bulk_action.php @@ -27,7 +27,7 @@ if (!$count) { access_show_hidden_entities($hidden_entities); elgg_set_ignore_access($ia); - echo autop(elgg_echo('uservalidationbyemail:admin:no_unvalidated_users')); + echo elgg_autop(elgg_echo('uservalidationbyemail:admin:no_unvalidated_users')); return TRUE; } diff --git a/pages/avatar/view.php b/pages/avatar/view.php index bd6c95821..10d81fef1 100644 --- a/pages/avatar/view.php +++ b/pages/avatar/view.php @@ -46,7 +46,7 @@ if (!$success) { } header("Content-type: image/jpeg", true); -header('Expires: ' . date('r', strtotime("+6 months")), true); +header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', strtotime("+6 months")), true); header("Pragma: public", true); header("Cache-Control: public", true); header("Content-Length: " . strlen($contents)); diff --git a/upgrade.php b/upgrade.php index 60764ba93..c5f158c61 100644 --- a/upgrade.php +++ b/upgrade.php @@ -9,6 +9,8 @@ * new version of the script. Deleting the script is not a requirement and * leaving it behind does not affect the security of the site. * + * Upgrades use a table {db_prefix}upgrade_lock as a mutex to prevent concurrent upgrades. + * * @package Elgg.Core * @subpackage Upgrade */ @@ -20,6 +22,12 @@ define('UPGRADING', 'upgrading'); require_once(dirname(__FILE__) . "/engine/start.php"); if (get_input('upgrade') == 'upgrade') { + // prevent someone from running the upgrade script in parallel (see #4643) + if (!_elgg_upgrade_lock()) { + register_error(elgg_echo('upgrade:locked')); + forward(); + } + // disable the system log for upgrades to avoid exceptions when the schema changes. elgg_unregister_event_handler('log', 'systemlog', 'system_log_default_logger'); elgg_unregister_event_handler('all', 'all', 'system_log_listener'); @@ -33,6 +41,9 @@ if (get_input('upgrade') == 'upgrade') { elgg_trigger_event('upgrade', 'system', null); elgg_invalidate_simplecache(); elgg_reset_system_cache(); + + _elgg_upgrade_unlock(); + } else { // if upgrading from < 1.8.0, check for the core view 'welcome' and bail if it's found. // see http://trac.elgg.org/ticket/3064 @@ -53,4 +64,4 @@ if (get_input('upgrade') == 'upgrade') { exit; } -forward();
\ No newline at end of file +forward(); diff --git a/version.php b/version.php index dda087c52..77d151bb6 100644 --- a/version.php +++ b/version.php @@ -11,7 +11,7 @@ // YYYYMMDD = Elgg Date // XX = Interim incrementer -$version = 2012071100; +$version = 2012120500; // Human-friendly version name -$release = '1.8.8'; +$release = '1.8.11'; diff --git a/views/default/admin/users/admins.php b/views/default/admin/users/admins.php new file mode 100644 index 000000000..9b175d437 --- /dev/null +++ b/views/default/admin/users/admins.php @@ -0,0 +1,12 @@ +<?php +$admins = elgg_list_entities(array(), 'elgg_get_admins'); + +?> +<div class="elgg-module elgg-module-inline"> + <div class="elgg-head"> + <h3><?php echo elgg_echo('admin:statistics:label:admins'); ?></h3> + </div> + <div class="elgg-body"> + <?php echo $admins; ?> + </div> +</div> diff --git a/views/default/core/settings/statistics/numentities.php b/views/default/core/settings/statistics/numentities.php index ce1705a2e..3782fd8bc 100644 --- a/views/default/core/settings/statistics/numentities.php +++ b/views/default/core/settings/statistics/numentities.php @@ -7,7 +7,7 @@ */ // Get entity statistics -$entity_stats = get_entity_statistics(elgg_get_logged_in_user_guid()); +$entity_stats = get_entity_statistics(elgg_get_page_owner_guid()); if ($entity_stats) { $rows = ''; diff --git a/views/default/core/settings/statistics/online.php b/views/default/core/settings/statistics/online.php index ce7ff35fb..f50ad9acc 100644 --- a/views/default/core/settings/statistics/online.php +++ b/views/default/core/settings/statistics/online.php @@ -6,7 +6,7 @@ * @subpackage Core */ -$user = elgg_get_logged_in_user_entity(); +$user = elgg_get_page_owner_entity(); $logged_in = 0; $log = get_system_log($user->guid, "login", "", 'user', '', 1); diff --git a/views/default/css/admin.php b/views/default/css/admin.php index b996e5636..059e51dd6 100644 --- a/views/default/css/admin.php +++ b/views/default/css/admin.php @@ -1238,6 +1238,10 @@ a.elgg-widget-collapsed:before { height: 16px; display: inline-block; margin: 0 2px; + vertical-align: text-bottom; +} +.elgg-module .elgg-head .elgg-icon { + vertical-align: baseline; } .elgg-icon-delete:hover, .elgg-icon-delete-alt:hover { diff --git a/views/default/forms/profile/edit.php b/views/default/forms/profile/edit.php index 222935344..9538b779e 100644 --- a/views/default/forms/profile/edit.php +++ b/views/default/forms/profile/edit.php @@ -18,7 +18,8 @@ if (is_array($profile_fields) && count($profile_fields) > 0) { foreach ($profile_fields as $shortname => $valtype) { $metadata = elgg_get_metadata(array( 'guid' => $vars['entity']->guid, - 'metadata_name' => $shortname + 'metadata_name' => $shortname, + 'limit' => false )); if ($metadata) { if (is_array($metadata)) { diff --git a/views/default/forms/profile/fields/add.php b/views/default/forms/profile/fields/add.php index 1ea9c57a9..2087ec299 100644 --- a/views/default/forms/profile/fields/add.php +++ b/views/default/forms/profile/fields/add.php @@ -25,5 +25,5 @@ $formbody = <<< END $submit_control</div> END; -echo autop(elgg_echo('profile:explainchangefields')); +echo elgg_autop(elgg_echo('profile:explainchangefields')); echo $formbody; diff --git a/views/default/forms/user/passwordreset.php b/views/default/forms/user/passwordreset.php index 3c89776f6..5946fa7c0 100644 --- a/views/default/forms/user/passwordreset.php +++ b/views/default/forms/user/passwordreset.php @@ -3,7 +3,7 @@ * Reset user password form */ -echo autop(elgg_echo('user:resetpassword:reset_password_confirm')); +echo elgg_autop(elgg_echo('user:resetpassword:reset_password_confirm')); echo elgg_view('input/hidden', array( 'name' => 'u', diff --git a/views/default/js/admin.php b/views/default/js/admin.php index 5cefba512..e8aa0d2ed 100644 --- a/views/default/js/admin.php +++ b/views/default/js/admin.php @@ -4,8 +4,9 @@ * * @since 1.8 */ + +if (0) { ?><script><?php } ?> -//<script> elgg.provide('elgg.admin'); elgg.admin.init = function () { @@ -47,7 +48,7 @@ elgg.admin.init = function () { // admin notices delete ajax $('a.elgg-admin-notice').click(elgg.admin.deleteNotice); -} +}; /** * Save the plugin order after a move event. @@ -88,7 +89,7 @@ elgg.admin.editProfileField = function(value, settings) { elgg.action('profile/fields/edit', data); return value; -} +}; /** * Save the plugin profile order after a move event. @@ -104,7 +105,7 @@ elgg.admin.moveProfileField = function(e, ui) { elgg.action('profile/fields/reorder', { fieldorder: orderStr }); -} +}; /** * Fires the ajax action to delete the admin notice then hides the notice. @@ -120,6 +121,6 @@ elgg.admin.deleteNotice = function(e) { $container.slideUp('medium'); } }); -} +}; elgg.register_hook_handler('init', 'system', elgg.admin.init, 1000);
\ No newline at end of file diff --git a/views/default/js/elgg.php b/views/default/js/elgg.php index 6460e93d6..b82d98ce4 100644 --- a/views/default/js/elgg.php +++ b/views/default/js/elgg.php @@ -50,6 +50,7 @@ foreach ($libs as $file) { /** * Set some values that are cacheable */ +if (0) { ?><script><?php } ?> elgg.version = '<?php echo get_version(); ?>'; diff --git a/views/default/js/initialize_elgg.php b/views/default/js/initialize_elgg.php index f8234f84f..b45c33463 100644 --- a/views/default/js/initialize_elgg.php +++ b/views/default/js/initialize_elgg.php @@ -3,6 +3,7 @@ * Initialize Elgg's js lib with the uncacheable data */ +if (0) { ?><script><?php } ?> /** * Don't want to cache these -- they could change for every request diff --git a/views/default/js/lightbox.php b/views/default/js/lightbox.php index c45d46098..d2bceaf90 100644 --- a/views/default/js/lightbox.php +++ b/views/default/js/lightbox.php @@ -16,6 +16,7 @@ * @todo add support for passing options: $('#myplugin-lightbox').elgg.ui.lightbox(options); */ +if (0) { ?><script><?php } ?> /** diff --git a/views/default/js/walled_garden.php b/views/default/js/walled_garden.php index 13ec83c04..7a482fe23 100644 --- a/views/default/js/walled_garden.php +++ b/views/default/js/walled_garden.php @@ -12,6 +12,7 @@ $cancel_button = elgg_view('input/button', array( )); $cancel_button = trim($cancel_button); +if (0) { ?><script><?php } ?> elgg.provide('elgg.walled_garden'); @@ -47,10 +48,10 @@ elgg.walled_garden.load = function(view) { $(id).find('input.elgg-button-submit').after('<?php echo $cancel_button; ?>'); $('#elgg-walledgarden-login').fadeToggle(); $(id).fadeToggle(); - }, + } }); event.preventDefault(); - }; + }; }; elgg.register_hook_handler('init', 'system', elgg.walled_garden.init);
\ No newline at end of file diff --git a/views/default/object/plugin/elements/dependencies.php b/views/default/object/plugin/elements/dependencies.php index 8abd61692..d8daedd33 100644 --- a/views/default/object/plugin/elements/dependencies.php +++ b/views/default/object/plugin/elements/dependencies.php @@ -29,6 +29,8 @@ foreach ($deps as $dep) { if ($dep['status']) { $class = "elgg-state-success elgg-dependency elgg-dependency-$type"; + } elseif ($dep['type'] == 'suggests') { + $class = "elgg-state-warning elgg-dependency elgg-dependency-$type"; } else { $class = "elgg-state-error elgg-dependency elgg-dependency-$type"; } diff --git a/views/default/output/email.php b/views/default/output/email.php index 00eefad1f..f5a8bc4b8 100644 --- a/views/default/output/email.php +++ b/views/default/output/email.php @@ -10,6 +10,8 @@ * */ +$encoded_value = htmlspecialchars($vars['value'], ENT_QUOTES, 'UTF-8'); + if (!empty($vars['value'])) { - echo "<a href=\"mailto:" . $vars['value'] . "\">". htmlspecialchars($vars['value'], ENT_QUOTES, 'UTF-8', false) ."</a>"; + echo "<a href=\"mailto:$encoded_value\">$encoded_value</a>"; }
\ No newline at end of file diff --git a/views/default/output/longtext.php b/views/default/output/longtext.php index 200f27de5..589100c4f 100644 --- a/views/default/output/longtext.php +++ b/views/default/output/longtext.php @@ -31,7 +31,7 @@ if ($parse_urls) { $text = filter_tags($text); -$text = autop($text); +$text = elgg_autop($text); $attributes = elgg_format_attributes($vars); diff --git a/views/default/page/components/list.php b/views/default/page/components/list.php index 0cf7d507c..28ed58ddf 100644 --- a/views/default/page/components/list.php +++ b/views/default/page/components/list.php @@ -51,14 +51,15 @@ if ($pagination && $count) { if (is_array($items) && count($items) > 0) { $html .= "<ul class=\"$list_class\">"; foreach ($items as $item) { - if (elgg_instanceof($item)) { - $id = "elgg-{$item->getType()}-{$item->getGUID()}"; - } else { - $id = "item-{$item->getType()}-{$item->id}"; + $li = elgg_view_list_item($item, $vars); + if ($li) { + if (elgg_instanceof($item)) { + $id = "elgg-{$item->getType()}-{$item->getGUID()}"; + } else { + $id = "item-{$item->getType()}-{$item->id}"; + } + $html .= "<li id=\"$id\" class=\"$item_class\">$li</li>"; } - $html .= "<li id=\"$id\" class=\"$item_class\">"; - $html .= elgg_view_list_item($item, $vars); - $html .= '</li>'; } $html .= '</ul>'; } diff --git a/views/default/page/default.php b/views/default/page/default.php index 3724bffd8..567494d0c 100644 --- a/views/default/page/default.php +++ b/views/default/page/default.php @@ -33,9 +33,11 @@ $footer = elgg_view('page/elements/footer', $vars); // Set the content type header("Content-type: text/html; charset=UTF-8"); +$lang = get_current_language(); + ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> -<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="<?php echo $lang; ?>" lang="<?php echo $lang; ?>"> <head> <?php echo elgg_view('page/elements/head', $vars); ?> </head> @@ -45,13 +47,13 @@ header("Content-type: text/html; charset=UTF-8"); <?php echo $messages; ?> </div> - <?php if (elgg_is_logged_in()): ?> + <?php if (elgg_is_logged_in()){ ?> <div class="elgg-page-topbar"> <div class="elgg-inner"> <?php echo $topbar; ?> </div> </div> - <?php endif; ?> + <?php } ?> <div class="elgg-page-header"> <div class="elgg-inner"> diff --git a/views/default/page/elements/messages.php b/views/default/page/elements/messages.php index a35a48586..edd40d71e 100644 --- a/views/default/page/elements/messages.php +++ b/views/default/page/elements/messages.php @@ -18,7 +18,7 @@ if (isset($vars['object']) && is_array($vars['object']) && sizeof($vars['object' foreach ($vars['object'] as $type => $list ) { foreach ($list as $message) { echo "<li class=\"elgg-message elgg-state-$type\">"; - echo autop($message); + echo elgg_autop($message); echo '</li>'; } } diff --git a/views/default/river/elements/image.php b/views/default/river/elements/image.php index 9caa44b36..6f6aeae65 100644 --- a/views/default/river/elements/image.php +++ b/views/default/river/elements/image.php @@ -9,4 +9,8 @@ $subject = $vars['item']->getSubjectEntity(); -echo elgg_view_entity_icon($subject, 'small'); +if (elgg_in_context('widgets')) { + echo elgg_view_entity_icon($subject, 'tiny'); +} else { + echo elgg_view_entity_icon($subject, 'small'); +} diff --git a/views/default/widgets/control_panel/content.php b/views/default/widgets/control_panel/content.php index d2db54bc6..a348d612f 100644 --- a/views/default/widgets/control_panel/content.php +++ b/views/default/widgets/control_panel/content.php @@ -11,12 +11,26 @@ elgg_register_menu_item('admin_control_panel', array( 'link_class' => 'elgg-button elgg-button-action', )); -elgg_register_menu_item('admin_control_panel', array( - 'name' => 'upgrade', - 'text' => elgg_echo('upgrade'), - 'href' => 'upgrade.php', - 'link_class' => 'elgg-button elgg-button-action', -)); +// @todo Move in this in ElggUpgradeManager::isLocked() when #4682 fixed +$is_locked = _elgg_upgrade_is_locked(); + +if (!$is_locked) { + elgg_register_menu_item('admin_control_panel', array( + 'name' => 'upgrade', + 'text' => elgg_echo('upgrade'), + 'href' => 'upgrade.php', + 'link_class' => 'elgg-button elgg-button-action', + )); +} else { + elgg_register_menu_item('admin_control_panel', array( + 'name' => 'unlock_upgrade', + 'text' => elgg_echo('upgrade:unlock'), + 'href' => 'action/admin/site/unlock_upgrade', + 'is_action' => true, + 'link_class' => 'elgg-button elgg-button-action', + 'confirm' => elgg_echo('upgrade:unlock:confirm'), + )); +} echo elgg_view_menu('admin_control_panel', array( 'class' => 'elgg-menu-hz', diff --git a/views/installation/install/js_rewrite_check.php b/views/installation/install/js_rewrite_check.php new file mode 100644 index 000000000..04d81171d --- /dev/null +++ b/views/installation/install/js_rewrite_check.php @@ -0,0 +1,12 @@ +<?php +/** + * Some servers don't allow PHP to check the rewrite, so try via AJAX + */ +?> +<script type="text/javascript"> + elgg.installer.rewriteTest( + '<?php echo $vars['url'];?>', + '<?php echo elgg_echo('install:check:rewrite:success'); ?>', + '<?php echo $vars['config']->wwwroot; ?>install.php?step=database' + ); +</script>
\ No newline at end of file diff --git a/views/installation/install/pages/admin.php b/views/installation/install/pages/admin.php index 9456e682f..e810aa701 100644 --- a/views/installation/install/pages/admin.php +++ b/views/installation/install/pages/admin.php @@ -3,7 +3,7 @@ * Install create admin account page */ -echo autop(elgg_echo('install:admin:instructions')); +echo elgg_autop(elgg_echo('install:admin:instructions')); $vars['type'] = 'admin'; diff --git a/views/installation/install/pages/complete.php b/views/installation/install/pages/complete.php index 2f5a04854..80f8e7434 100644 --- a/views/installation/install/pages/complete.php +++ b/views/installation/install/pages/complete.php @@ -3,7 +3,7 @@ * Install completion page */ -echo autop(elgg_echo('install:complete:instructions')); +echo elgg_autop(elgg_echo('install:complete:instructions')); ?> diff --git a/views/installation/install/pages/database.php b/views/installation/install/pages/database.php index d3011c9e3..d24b4f57b 100644 --- a/views/installation/install/pages/database.php +++ b/views/installation/install/pages/database.php @@ -6,12 +6,12 @@ */ if (isset($vars['failure']) && $vars['failure']) { - echo autop(elgg_echo('install:database:error')); + echo elgg_autop(elgg_echo('install:database:error')); $vars['refresh'] = TRUE; $vars['advance'] = FALSE; echo elgg_view('install/nav', $vars); } else { - echo autop(elgg_echo('install:database:instructions')); + echo elgg_autop(elgg_echo('install:database:instructions')); $vars['type'] = 'database'; diff --git a/views/installation/install/pages/requirements.php b/views/installation/install/pages/requirements.php index e3689e761..3f0941c95 100644 --- a/views/installation/install/pages/requirements.php +++ b/views/installation/install/pages/requirements.php @@ -14,7 +14,7 @@ if ($vars['num_failures'] != 0) { $instruct_text = elgg_echo('install:requirements:instructions:success'); } -echo autop($instruct_text); +echo elgg_autop($instruct_text); $report = $vars['report']; foreach ($report as $category => $checks) { @@ -23,17 +23,17 @@ foreach ($report as $category => $checks) { echo "<ul class=\"elgg-require-$category\">"; foreach ($checks as $check) { echo "<li class=\"{$check['severity']}\">"; - echo autop($check['message']); + echo elgg_autop($check['message']); echo "</li>"; } echo "</ul>"; } -$vars['refresh'] = TRUE; +$vars['refresh'] = true; // cannot advance to next step with a failure if ($vars['num_failures'] != 0) { - $vars['advance'] = FALSE; + $vars['advance'] = false; } echo elgg_view('install/nav', $vars); diff --git a/views/installation/install/pages/settings.php b/views/installation/install/pages/settings.php index 30a1deb5a..04f23c0ea 100644 --- a/views/installation/install/pages/settings.php +++ b/views/installation/install/pages/settings.php @@ -1,6 +1,6 @@ <?php -echo autop(elgg_echo('install:settings:instructions')); +echo elgg_autop(elgg_echo('install:settings:instructions')); $vars['type'] = 'settings'; diff --git a/views/installation/install/pages/welcome.php b/views/installation/install/pages/welcome.php index f069e4ba7..f370c15f3 100644 --- a/views/installation/install/pages/welcome.php +++ b/views/installation/install/pages/welcome.php @@ -3,6 +3,6 @@ * Install welcome page */ -echo autop(elgg_echo('install:welcome:instructions')); +echo elgg_autop(elgg_echo('install:welcome:instructions')); echo elgg_view('install/nav', $vars); diff --git a/views/installation/page/elements/messages.php b/views/installation/page/elements/messages.php index 2a06a7b1e..46261dca4 100644 --- a/views/installation/page/elements/messages.php +++ b/views/installation/page/elements/messages.php @@ -12,7 +12,7 @@ if (isset($vars['object']) && is_array($vars['object']) && sizeof($vars['object' foreach ($vars['object'] as $type => $list ) { foreach ($list as $message) { echo "<li class=\"elgg-state-$type\">"; - echo autop($message); + echo elgg_autop($message); echo '</li>'; } } diff --git a/views/opendd/messages/exceptions/exception.php b/views/opendd/messages/exceptions/exception.php index 54868f1f4..dc0f48a8d 100644 --- a/views/opendd/messages/exceptions/exception.php +++ b/views/opendd/messages/exceptions/exception.php @@ -11,7 +11,7 @@ ?> <!-- -<?php echo get_class($vars['object']); ?>: <?php echo autop($vars['object']->getMessage()); ?> +<?php echo get_class($vars['object']); ?>: <?php echo elgg_autop($vars['object']->getMessage()); ?> <?php if (elgg_get_config('debug')) { ?> <?php echo print_r($vars['object'], true); diff --git a/views/rss/group/default.php b/views/rss/group/default.php index f57c7f82c..7fef4d434 100644 --- a/views/rss/group/default.php +++ b/views/rss/group/default.php @@ -11,9 +11,9 @@ $pubdate = date('r', $vars['entity']->getTimeCreated()); $title = htmlspecialchars($vars['entity']->name, ENT_NOQUOTES, 'UTF-8'); if ($vars['entity']->description) { - $description = autop($vars['entity']->description); + $description = elgg_autop($vars['entity']->description); } elseif ($vars['entity']->briefdescription) { - $description = autop($vars['entity']->briefdescription); + $description = elgg_autop($vars['entity']->briefdescription); } else { $description = ''; } diff --git a/views/rss/object/default.php b/views/rss/object/default.php index be8025953..8c7d5d8e0 100644 --- a/views/rss/object/default.php +++ b/views/rss/object/default.php @@ -15,7 +15,7 @@ if (empty($title)) { $permalink = htmlspecialchars($vars['entity']->getURL(), ENT_NOQUOTES, 'UTF-8'); $pubdate = date('r', $vars['entity']->getTimeCreated()); -$description = autop($vars['entity']->description); +$description = elgg_autop($vars['entity']->description); $creator = elgg_view('page/components/creator', $vars); $georss = elgg_view('page/components/georss', $vars); diff --git a/views/rss/user/default.php b/views/rss/user/default.php index 1c7bf75e7..92c9427b2 100644 --- a/views/rss/user/default.php +++ b/views/rss/user/default.php @@ -11,7 +11,7 @@ $pubdate = date('r', $vars['entity']->getTimeCreated()); $title = htmlspecialchars($vars['entity']->name, ENT_NOQUOTES, 'UTF-8'); if ($vars['entity']->description) { - $description = autop($vars['entity']->description); + $description = elgg_autop($vars['entity']->description); } else { $description = ''; } diff --git a/views/xml/messages/exceptions/exception.php b/views/xml/messages/exceptions/exception.php index 3e4e1c376..66a0f2b96 100644 --- a/views/xml/messages/exceptions/exception.php +++ b/views/xml/messages/exceptions/exception.php @@ -11,7 +11,7 @@ ?> <!-- -<?php echo get_class($vars['object']); ?>: <?php echo autop($vars['object']->getMessage()); ?> +<?php echo get_class($vars['object']); ?>: <?php echo elgg_autop($vars['object']->getMessage()); ?> <?php if (elgg_get_config('debug')) { ?> |