diff options
-rw-r--r-- | engine/lib/entities.php | 9 | ||||
-rw-r--r-- | mod/bookmarks/actions/add.php | 2 | ||||
-rw-r--r-- | mod/embed/views/default/embed/media.php | 2 | ||||
-rw-r--r-- | mod/embed/views/default/embed/pagination.php | 4 | ||||
-rw-r--r-- | mod/file/actions/save.php | 2 | ||||
-rw-r--r-- | mod/groups/actions/edit.php | 3 | ||||
-rw-r--r-- | mod/groups/actions/forums/addtopic.php | 2 | ||||
-rw-r--r-- | mod/groups/actions/forums/edittopic.php | 2 | ||||
-rw-r--r-- | mod/members/index.php | 11 | ||||
-rw-r--r-- | mod/members/views/default/members/search.php | 2 | ||||
-rw-r--r-- | mod/messages/actions/send.php | 4 | ||||
-rw-r--r-- | mod/pages/actions/pages/edit.php | 3 | ||||
-rw-r--r-- | views/default/output/url.php | 4 | ||||
-rw-r--r-- | views/failsafe/messages/sanitisation/settings.php | 23 |
14 files changed, 49 insertions, 24 deletions
diff --git a/engine/lib/entities.php b/engine/lib/entities.php index e3fa0cb52..3d16e1b3d 100644 --- a/engine/lib/entities.php +++ b/engine/lib/entities.php @@ -146,6 +146,8 @@ abstract class ElggEntity implements $this->attributes['guid'] = ""; + $this->attributes['subtype'] = $orig_entity->getSubtype(); + // copy metadata over to new entity - slightly convoluted due to // handling of metadata arrays if (is_array($metadata_array)) { @@ -204,8 +206,6 @@ abstract class ElggEntity implements * A: Because overload operators cause problems during subclassing, so we put the code here and * create overloads in subclasses. * - * @todo Move "title" logic to applicable extending classes. - * * @param string $name * @param mixed $value */ @@ -216,11 +216,6 @@ abstract class ElggEntity implements return false; } - // strip out tags from title - if ($name == 'title') { - $value = strip_tags($value); - } - $this->attributes[$name] = $value; } else { diff --git a/mod/bookmarks/actions/add.php b/mod/bookmarks/actions/add.php index be2f79f82..6aa3bf889 100644 --- a/mod/bookmarks/actions/add.php +++ b/mod/bookmarks/actions/add.php @@ -12,7 +12,7 @@ gatekeeper(); action_gatekeeper(); //set some required variables -$title = get_input('title'); +$title = strip_tags(get_input('title')); $address = get_input('address'); $notes = get_input('notes'); $access = get_input('access'); diff --git a/mod/embed/views/default/embed/media.php b/mod/embed/views/default/embed/media.php index 25e63ce7d..ff0505466 100644 --- a/mod/embed/views/default/embed/media.php +++ b/mod/embed/views/default/embed/media.php @@ -7,7 +7,7 @@ <?php echo elgg_view('embed/pagination',array( 'offset' => $vars['offset'], - 'baseurl' => $vars['url'] . 'pg/embed/media?internalname=' . $vars['internalname'] . "&simpletype=" . $vars['simpletype'], + 'baseurl' => $vars['url'] . 'pg/embed/media?internalname=' . $vars['internalname'] . "&simpletype=" . $vars['simpletype'], 'limit' => $vars['limit'], 'count' => $vars['count'] )); diff --git a/mod/embed/views/default/embed/pagination.php b/mod/embed/views/default/embed/pagination.php index b5a741fcd..ded9f21e1 100644 --- a/mod/embed/views/default/embed/pagination.php +++ b/mod/embed/views/default/embed/pagination.php @@ -38,6 +38,8 @@ $nonefound = true; } + $baseurl = $vars['baseurl']; + $totalpages = ceil($count / $limit); $currentpage = ceil($offset / $limit) + 1; @@ -97,7 +99,7 @@ } $curoffset = (($i - 1) * $limit); - $counturl = elgg_http_add_url_query_elements($base_url, array($word => $curoffset)); + $counturl = elgg_http_add_url_query_elements($baseurl, array($word => $curoffset)); if ($curoffset != $offset) { echo " <a onclick=\"javascript:$('.popup .content').load('{$counturl}'); return false\" href=\"#\" class=\"pagination_number\">{$i}</a> "; diff --git a/mod/file/actions/save.php b/mod/file/actions/save.php index 038e61d83..e2f401e8d 100644 --- a/mod/file/actions/save.php +++ b/mod/file/actions/save.php @@ -11,7 +11,7 @@ global $CONFIG; // Get variables - $title = get_input("title"); + $title = strip_tags(get_input("title")); $desc = get_input("description"); $tags = get_input("tags"); $access_id = (int) get_input("access_id"); diff --git a/mod/groups/actions/edit.php b/mod/groups/actions/edit.php index b6eb3eb71..72cc66e85 100644 --- a/mod/groups/actions/edit.php +++ b/mod/groups/actions/edit.php @@ -16,6 +16,9 @@ $input = array(); foreach($CONFIG->group as $shortname => $valuetype) { $input[$shortname] = get_input($shortname); + if ($shortname == 'name') { + $input[$shortname] = strip_tags($input[$shortname]); + } if ($valuetype == 'tags') $input[$shortname] = string_to_tag_array($input[$shortname]); } diff --git a/mod/groups/actions/forums/addtopic.php b/mod/groups/actions/forums/addtopic.php index 740ea17aa..085e2196e 100644 --- a/mod/groups/actions/forums/addtopic.php +++ b/mod/groups/actions/forums/addtopic.php @@ -18,7 +18,7 @@ if (!$group_entity->isMember($vars['user'])) forward(); // Get input data - $title = get_input('topictitle'); + $title = strip_tags(get_input('topictitle')); $message = get_input('topicmessage'); $tags = get_input('topictags'); $access = get_input('access_id'); diff --git a/mod/groups/actions/forums/edittopic.php b/mod/groups/actions/forums/edittopic.php index 2898c31dc..10b54ed61 100644 --- a/mod/groups/actions/forums/edittopic.php +++ b/mod/groups/actions/forums/edittopic.php @@ -19,7 +19,7 @@ // Get input data - $title = get_input('topictitle'); + $title = strip_tags(get_input('topictitle')); $message = get_input('topicmessage'); $message_id = get_input('message_id'); $tags = get_input('topictags'); diff --git a/mod/members/index.php b/mod/members/index.php index 5ad37aa70..1f3b984e5 100644 --- a/mod/members/index.php +++ b/mod/members/index.php @@ -60,8 +60,15 @@ switch($filter){ break; // search based on tags case "search_tags": - $filter_content = trigger_plugin_hook('search','',$tag,""); - $filter_content .= list_entities_from_metadata("", $tag, "user", "", "", 10, false, false); + $options = array(); + $options['query'] = $tag; + $options['type'] = "user"; + $options['offset'] = $offset; + $options['limit'] = $limit; + $results = trigger_plugin_hook('search', 'tags', $options, array()); + $count = $results['count']; + $users = $results['entities']; + $filter_content = elgg_view_entity_list($users, $count, $offset, $limit, false, false, true); break; case "newest": case 'default': diff --git a/mod/members/views/default/members/search.php b/mod/members/views/default/members/search.php index 819d8634a..44930ef53 100644 --- a/mod/members/views/default/members/search.php +++ b/mod/members/views/default/members/search.php @@ -14,8 +14,6 @@ <h3><?php echo elgg_echo('members:searchtag'); ?></h3> <form id="memberssearchform" action="<?php echo $vars['url']; ?>mod/members/index.php?" method="get"> <input type="text" name="tag" value="Member tags" onclick="if (this.value=='Member tags') { this.value='' }" class="search_input" /> - <input type="hidden" name="subtype" value="" /> - <input type="hidden" name="object" value="user" /> <input type="hidden" name="filter" value="search_tags" /> <input type="submit" value="<?php echo elgg_echo('go'); ?>" /> </form> diff --git a/mod/messages/actions/send.php b/mod/messages/actions/send.php index cf9de8ba5..314b01809 100644 --- a/mod/messages/actions/send.php +++ b/mod/messages/actions/send.php @@ -13,7 +13,7 @@ if (!isloggedin()) forward(); // Get input data -$title = get_input('title'); // message title +$title = strip_tags(get_input('title')); // message title $message_contents = get_input('message'); // the message $send_to = get_input('send_to'); // this is the user guid to whom the message is going to be sent $reply = get_input('reply',0); // this is the guid of the message replying to @@ -58,4 +58,4 @@ unset($_SESSION['msg_contents']); system_message(elgg_echo("messages:posted")); // Forward to the users inbox -forward('mod/messages/sent.php');
\ No newline at end of file +forward('mod/messages/sent.php'); diff --git a/mod/pages/actions/pages/edit.php b/mod/pages/actions/pages/edit.php index a966232a8..ba6d0acdc 100644 --- a/mod/pages/actions/pages/edit.php +++ b/mod/pages/actions/pages/edit.php @@ -22,6 +22,9 @@ $input = array(); foreach($CONFIG->pages as $shortname => $valuetype) { $input[$shortname] = get_input($shortname); + if ($shortname == 'title') { + $input[$shortname] = strip_tags($input[$shortname]); + } if ($valuetype == 'tags') $input[$shortname] = string_to_tag_array($input[$shortname]); } diff --git a/views/default/output/url.php b/views/default/output/url.php index 734df2c19..7e0281a43 100644 --- a/views/default/output/url.php +++ b/views/default/output/url.php @@ -20,6 +20,10 @@ $url = trim($vars['href']); if (!empty($url)) { + if ((substr_count($url, "http://") == 0) && (substr_count($url, "https://") == 0)) { + $url = "http://" . $url; + } + if (array_key_exists('is_action', $vars) && $vars['is_action']) { $url = elgg_add_action_tokens_to_url($url); } diff --git a/views/failsafe/messages/sanitisation/settings.php b/views/failsafe/messages/sanitisation/settings.php index 9fabe13a1..b4e43a053 100644 --- a/views/failsafe/messages/sanitisation/settings.php +++ b/views/failsafe/messages/sanitisation/settings.php @@ -9,6 +9,19 @@ * @link http://elgg.org/ */ +$dbuser = ''; +$dbpassword = ''; +$dbname = ''; +$dbhost = 'localhost'; +$dbprefix = 'elgg_'; +if (isset($vars['sticky'])) { + $dbuser = $vars['sticky']['CONFIG_DBUSER']; + $dbname = $vars['sticky']['CONFIG_DBNAME']; + $dbhost = $vars['sticky']['CONFIG_DBHOST']; + $dbprefix = $vars['sticky']['CONFIG_DBPREFIX']; +} + + if ($vars['settings.php']) { echo elgg_echo('installation:settings:dbwizard:savefail'); ?> @@ -23,11 +36,11 @@ if ($vars['settings.php']) { <h2><?php echo elgg_echo('installation:settings:dbwizard:prompt'); ?></h2> <form method="post"> <table cellpadding="0" cellspacing="10" style="background:#f1f1f1;"> - <tr><td valign="top"><?php echo elgg_echo('installation:settings:dbwizard:label:user'); ?></td><td valign="top"> <input type="text" name="db_install_vars[CONFIG_DBUSER]" /></td></tr> - <tr><td valign="top"><?php echo elgg_echo('installation:settings:dbwizard:label:pass'); ?></td><td valign="top"> <input type="password" name="db_install_vars[CONFIG_DBPASS]" /></td></tr> - <tr><td valign="top"><?php echo elgg_echo('installation:settings:dbwizard:label:dbname'); ?></td><td valign="top"> <input type="text" name="db_install_vars[CONFIG_DBNAME]" /></td></tr> - <tr><td valign="top"><?php echo elgg_echo('installation:settings:dbwizard:label:host'); ?></td><td valign="top"> <input type="text" name="db_install_vars[CONFIG_DBHOST]" value="localhost" /></td></tr> - <tr><td valign="top"><?php echo elgg_echo('installation:settings:dbwizard:label:prefix'); ?></td><td valign="top"> <input type="text" name="db_install_vars[CONFIG_DBPREFIX]" value="elgg_" /></td></tr> + <tr><td valign="top"><?php echo elgg_echo('installation:settings:dbwizard:label:user'); ?></td><td valign="top"> <input type="text" name="db_install_vars[CONFIG_DBUSER]" value="<?php echo $dbuser; ?>" /></td></tr> + <tr><td valign="top"><?php echo elgg_echo('installation:settings:dbwizard:label:pass'); ?></td><td valign="top"> <input type="password" name="db_install_vars[CONFIG_DBPASS]" value="<?php echo $dbpassword; ?>" /></td></tr> + <tr><td valign="top"><?php echo elgg_echo('installation:settings:dbwizard:label:dbname'); ?></td><td valign="top"> <input type="text" name="db_install_vars[CONFIG_DBNAME]" value="<?php echo $dbname; ?>" /></td></tr> + <tr><td valign="top"><?php echo elgg_echo('installation:settings:dbwizard:label:host'); ?></td><td valign="top"> <input type="text" name="db_install_vars[CONFIG_DBHOST]" value="<?php echo $dbhost; ?>" /></td></tr> + <tr><td valign="top"><?php echo elgg_echo('installation:settings:dbwizard:label:prefix'); ?></td><td valign="top"> <input type="text" name="db_install_vars[CONFIG_DBPREFIX]" value="<?php echo $dbprefix; ?>" /></td></tr> </table> <input type="submit" name="<?php echo elgg_echo('save'); ?>" value="<?php echo elgg_echo('save'); ?>" /> |