aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--engine/lib/entities.php9
-rw-r--r--mod/bookmarks/actions/add.php2
-rw-r--r--mod/embed/views/default/embed/media.php2
-rw-r--r--mod/embed/views/default/embed/pagination.php4
-rw-r--r--mod/file/actions/save.php2
-rw-r--r--mod/groups/actions/edit.php3
-rw-r--r--mod/groups/actions/forums/addtopic.php2
-rw-r--r--mod/groups/actions/forums/edittopic.php2
-rw-r--r--mod/members/index.php11
-rw-r--r--mod/members/views/default/members/search.php2
-rw-r--r--mod/messages/actions/send.php4
-rw-r--r--mod/pages/actions/pages/edit.php3
-rw-r--r--views/default/output/url.php4
-rw-r--r--views/failsafe/messages/sanitisation/settings.php23
14 files changed, 49 insertions, 24 deletions
diff --git a/engine/lib/entities.php b/engine/lib/entities.php
index e3fa0cb52..3d16e1b3d 100644
--- a/engine/lib/entities.php
+++ b/engine/lib/entities.php
@@ -146,6 +146,8 @@ abstract class ElggEntity implements
$this->attributes['guid'] = "";
+ $this->attributes['subtype'] = $orig_entity->getSubtype();
+
// copy metadata over to new entity - slightly convoluted due to
// handling of metadata arrays
if (is_array($metadata_array)) {
@@ -204,8 +206,6 @@ abstract class ElggEntity implements
* A: Because overload operators cause problems during subclassing, so we put the code here and
* create overloads in subclasses.
*
- * @todo Move "title" logic to applicable extending classes.
- *
* @param string $name
* @param mixed $value
*/
@@ -216,11 +216,6 @@ abstract class ElggEntity implements
return false;
}
- // strip out tags from title
- if ($name == 'title') {
- $value = strip_tags($value);
- }
-
$this->attributes[$name] = $value;
}
else {
diff --git a/mod/bookmarks/actions/add.php b/mod/bookmarks/actions/add.php
index be2f79f82..6aa3bf889 100644
--- a/mod/bookmarks/actions/add.php
+++ b/mod/bookmarks/actions/add.php
@@ -12,7 +12,7 @@
gatekeeper();
action_gatekeeper();
//set some required variables
-$title = get_input('title');
+$title = strip_tags(get_input('title'));
$address = get_input('address');
$notes = get_input('notes');
$access = get_input('access');
diff --git a/mod/embed/views/default/embed/media.php b/mod/embed/views/default/embed/media.php
index 25e63ce7d..ff0505466 100644
--- a/mod/embed/views/default/embed/media.php
+++ b/mod/embed/views/default/embed/media.php
@@ -7,7 +7,7 @@
<?php
echo elgg_view('embed/pagination',array(
'offset' => $vars['offset'],
- 'baseurl' => $vars['url'] . 'pg/embed/media?internalname=' . $vars['internalname'] . "&amp;simpletype=" . $vars['simpletype'],
+ 'baseurl' => $vars['url'] . 'pg/embed/media?internalname=' . $vars['internalname'] . "&simpletype=" . $vars['simpletype'],
'limit' => $vars['limit'],
'count' => $vars['count']
));
diff --git a/mod/embed/views/default/embed/pagination.php b/mod/embed/views/default/embed/pagination.php
index b5a741fcd..ded9f21e1 100644
--- a/mod/embed/views/default/embed/pagination.php
+++ b/mod/embed/views/default/embed/pagination.php
@@ -38,6 +38,8 @@
$nonefound = true;
}
+ $baseurl = $vars['baseurl'];
+
$totalpages = ceil($count / $limit);
$currentpage = ceil($offset / $limit) + 1;
@@ -97,7 +99,7 @@
}
$curoffset = (($i - 1) * $limit);
- $counturl = elgg_http_add_url_query_elements($base_url, array($word => $curoffset));
+ $counturl = elgg_http_add_url_query_elements($baseurl, array($word => $curoffset));
if ($curoffset != $offset) {
echo " <a onclick=\"javascript:$('.popup .content').load('{$counturl}'); return false\" href=\"#\" class=\"pagination_number\">{$i}</a> ";
diff --git a/mod/file/actions/save.php b/mod/file/actions/save.php
index 038e61d83..e2f401e8d 100644
--- a/mod/file/actions/save.php
+++ b/mod/file/actions/save.php
@@ -11,7 +11,7 @@
global $CONFIG;
// Get variables
- $title = get_input("title");
+ $title = strip_tags(get_input("title"));
$desc = get_input("description");
$tags = get_input("tags");
$access_id = (int) get_input("access_id");
diff --git a/mod/groups/actions/edit.php b/mod/groups/actions/edit.php
index b6eb3eb71..72cc66e85 100644
--- a/mod/groups/actions/edit.php
+++ b/mod/groups/actions/edit.php
@@ -16,6 +16,9 @@
$input = array();
foreach($CONFIG->group as $shortname => $valuetype) {
$input[$shortname] = get_input($shortname);
+ if ($shortname == 'name') {
+ $input[$shortname] = strip_tags($input[$shortname]);
+ }
if ($valuetype == 'tags')
$input[$shortname] = string_to_tag_array($input[$shortname]);
}
diff --git a/mod/groups/actions/forums/addtopic.php b/mod/groups/actions/forums/addtopic.php
index 740ea17aa..085e2196e 100644
--- a/mod/groups/actions/forums/addtopic.php
+++ b/mod/groups/actions/forums/addtopic.php
@@ -18,7 +18,7 @@
if (!$group_entity->isMember($vars['user'])) forward();
// Get input data
- $title = get_input('topictitle');
+ $title = strip_tags(get_input('topictitle'));
$message = get_input('topicmessage');
$tags = get_input('topictags');
$access = get_input('access_id');
diff --git a/mod/groups/actions/forums/edittopic.php b/mod/groups/actions/forums/edittopic.php
index 2898c31dc..10b54ed61 100644
--- a/mod/groups/actions/forums/edittopic.php
+++ b/mod/groups/actions/forums/edittopic.php
@@ -19,7 +19,7 @@
// Get input data
- $title = get_input('topictitle');
+ $title = strip_tags(get_input('topictitle'));
$message = get_input('topicmessage');
$message_id = get_input('message_id');
$tags = get_input('topictags');
diff --git a/mod/members/index.php b/mod/members/index.php
index 5ad37aa70..1f3b984e5 100644
--- a/mod/members/index.php
+++ b/mod/members/index.php
@@ -60,8 +60,15 @@ switch($filter){
break;
// search based on tags
case "search_tags":
- $filter_content = trigger_plugin_hook('search','',$tag,"");
- $filter_content .= list_entities_from_metadata("", $tag, "user", "", "", 10, false, false);
+ $options = array();
+ $options['query'] = $tag;
+ $options['type'] = "user";
+ $options['offset'] = $offset;
+ $options['limit'] = $limit;
+ $results = trigger_plugin_hook('search', 'tags', $options, array());
+ $count = $results['count'];
+ $users = $results['entities'];
+ $filter_content = elgg_view_entity_list($users, $count, $offset, $limit, false, false, true);
break;
case "newest":
case 'default':
diff --git a/mod/members/views/default/members/search.php b/mod/members/views/default/members/search.php
index 819d8634a..44930ef53 100644
--- a/mod/members/views/default/members/search.php
+++ b/mod/members/views/default/members/search.php
@@ -14,8 +14,6 @@
<h3><?php echo elgg_echo('members:searchtag'); ?></h3>
<form id="memberssearchform" action="<?php echo $vars['url']; ?>mod/members/index.php?" method="get">
<input type="text" name="tag" value="Member tags" onclick="if (this.value=='Member tags') { this.value='' }" class="search_input" />
- <input type="hidden" name="subtype" value="" />
- <input type="hidden" name="object" value="user" />
<input type="hidden" name="filter" value="search_tags" />
<input type="submit" value="<?php echo elgg_echo('go'); ?>" />
</form>
diff --git a/mod/messages/actions/send.php b/mod/messages/actions/send.php
index cf9de8ba5..314b01809 100644
--- a/mod/messages/actions/send.php
+++ b/mod/messages/actions/send.php
@@ -13,7 +13,7 @@
if (!isloggedin()) forward();
// Get input data
-$title = get_input('title'); // message title
+$title = strip_tags(get_input('title')); // message title
$message_contents = get_input('message'); // the message
$send_to = get_input('send_to'); // this is the user guid to whom the message is going to be sent
$reply = get_input('reply',0); // this is the guid of the message replying to
@@ -58,4 +58,4 @@ unset($_SESSION['msg_contents']);
system_message(elgg_echo("messages:posted"));
// Forward to the users inbox
-forward('mod/messages/sent.php'); \ No newline at end of file
+forward('mod/messages/sent.php');
diff --git a/mod/pages/actions/pages/edit.php b/mod/pages/actions/pages/edit.php
index a966232a8..ba6d0acdc 100644
--- a/mod/pages/actions/pages/edit.php
+++ b/mod/pages/actions/pages/edit.php
@@ -22,6 +22,9 @@
$input = array();
foreach($CONFIG->pages as $shortname => $valuetype) {
$input[$shortname] = get_input($shortname);
+ if ($shortname == 'title') {
+ $input[$shortname] = strip_tags($input[$shortname]);
+ }
if ($valuetype == 'tags')
$input[$shortname] = string_to_tag_array($input[$shortname]);
}
diff --git a/views/default/output/url.php b/views/default/output/url.php
index 734df2c19..7e0281a43 100644
--- a/views/default/output/url.php
+++ b/views/default/output/url.php
@@ -20,6 +20,10 @@
$url = trim($vars['href']);
if (!empty($url)) {
+ if ((substr_count($url, "http://") == 0) && (substr_count($url, "https://") == 0)) {
+ $url = "http://" . $url;
+ }
+
if (array_key_exists('is_action', $vars) && $vars['is_action']) {
$url = elgg_add_action_tokens_to_url($url);
}
diff --git a/views/failsafe/messages/sanitisation/settings.php b/views/failsafe/messages/sanitisation/settings.php
index 9fabe13a1..b4e43a053 100644
--- a/views/failsafe/messages/sanitisation/settings.php
+++ b/views/failsafe/messages/sanitisation/settings.php
@@ -9,6 +9,19 @@
* @link http://elgg.org/
*/
+$dbuser = '';
+$dbpassword = '';
+$dbname = '';
+$dbhost = 'localhost';
+$dbprefix = 'elgg_';
+if (isset($vars['sticky'])) {
+ $dbuser = $vars['sticky']['CONFIG_DBUSER'];
+ $dbname = $vars['sticky']['CONFIG_DBNAME'];
+ $dbhost = $vars['sticky']['CONFIG_DBHOST'];
+ $dbprefix = $vars['sticky']['CONFIG_DBPREFIX'];
+}
+
+
if ($vars['settings.php']) {
echo elgg_echo('installation:settings:dbwizard:savefail');
?>
@@ -23,11 +36,11 @@ if ($vars['settings.php']) {
<h2><?php echo elgg_echo('installation:settings:dbwizard:prompt'); ?></h2>
<form method="post">
<table cellpadding="0" cellspacing="10" style="background:#f1f1f1;">
- <tr><td valign="top"><?php echo elgg_echo('installation:settings:dbwizard:label:user'); ?></td><td valign="top"> <input type="text" name="db_install_vars[CONFIG_DBUSER]" /></td></tr>
- <tr><td valign="top"><?php echo elgg_echo('installation:settings:dbwizard:label:pass'); ?></td><td valign="top"> <input type="password" name="db_install_vars[CONFIG_DBPASS]" /></td></tr>
- <tr><td valign="top"><?php echo elgg_echo('installation:settings:dbwizard:label:dbname'); ?></td><td valign="top"> <input type="text" name="db_install_vars[CONFIG_DBNAME]" /></td></tr>
- <tr><td valign="top"><?php echo elgg_echo('installation:settings:dbwizard:label:host'); ?></td><td valign="top"> <input type="text" name="db_install_vars[CONFIG_DBHOST]" value="localhost" /></td></tr>
- <tr><td valign="top"><?php echo elgg_echo('installation:settings:dbwizard:label:prefix'); ?></td><td valign="top"> <input type="text" name="db_install_vars[CONFIG_DBPREFIX]" value="elgg_" /></td></tr>
+ <tr><td valign="top"><?php echo elgg_echo('installation:settings:dbwizard:label:user'); ?></td><td valign="top"> <input type="text" name="db_install_vars[CONFIG_DBUSER]" value="<?php echo $dbuser; ?>" /></td></tr>
+ <tr><td valign="top"><?php echo elgg_echo('installation:settings:dbwizard:label:pass'); ?></td><td valign="top"> <input type="password" name="db_install_vars[CONFIG_DBPASS]" value="<?php echo $dbpassword; ?>" /></td></tr>
+ <tr><td valign="top"><?php echo elgg_echo('installation:settings:dbwizard:label:dbname'); ?></td><td valign="top"> <input type="text" name="db_install_vars[CONFIG_DBNAME]" value="<?php echo $dbname; ?>" /></td></tr>
+ <tr><td valign="top"><?php echo elgg_echo('installation:settings:dbwizard:label:host'); ?></td><td valign="top"> <input type="text" name="db_install_vars[CONFIG_DBHOST]" value="<?php echo $dbhost; ?>" /></td></tr>
+ <tr><td valign="top"><?php echo elgg_echo('installation:settings:dbwizard:label:prefix'); ?></td><td valign="top"> <input type="text" name="db_install_vars[CONFIG_DBPREFIX]" value="<?php echo $dbprefix; ?>" /></td></tr>
</table>
<input type="submit" name="<?php echo elgg_echo('save'); ?>" value="<?php echo elgg_echo('save'); ?>" />