aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--CHANGES.txt87
-rw-r--r--actions/admin/site/update_advanced.php19
-rw-r--r--engine/classes/ElggBatch.php2
-rw-r--r--engine/classes/ElggEntity.php114
-rw-r--r--engine/classes/ElggPlugin.php62
-rw-r--r--engine/classes/ElggSite.php1
-rw-r--r--engine/lib/access.php33
-rw-r--r--engine/lib/annotations.php6
-rw-r--r--engine/lib/elgglib.php28
-rw-r--r--engine/lib/languages.php2
-rw-r--r--engine/lib/metadata.php11
-rw-r--r--engine/lib/metastrings.php19
-rw-r--r--engine/lib/plugins.php9
-rw-r--r--engine/lib/relationships.php2
-rw-r--r--engine/lib/sessions.php4
-rw-r--r--engine/lib/users.php6
-rw-r--r--engine/lib/views.php5
-rw-r--r--engine/lib/web_services.php2
-rw-r--r--engine/tests/api/metadata.php74
-rw-r--r--engine/tests/objects/entities.php2
-rw-r--r--languages/en.php3
-rw-r--r--mod/externalpages/start.php11
-rw-r--r--mod/externalpages/views/default/expages/wrapper.php16
-rw-r--r--mod/file/pages/file/download.php2
-rw-r--r--mod/groups/icon.php2
-rw-r--r--mod/groups/views/default/group/default.php3
-rw-r--r--mod/pages/actions/pages/delete.php5
-rw-r--r--mod/pages/actions/pages/edit.php14
-rw-r--r--mod/pages/lib/pages.php2
-rw-r--r--mod/pages/pages/pages/view.php2
-rw-r--r--mod/pages/views/default/forms/pages/edit.php15
-rw-r--r--mod/thewire/pages/thewire/owner.php4
-rw-r--r--mod/thewire/start.php2
-rw-r--r--mod/twitter_api/lib/twitter_api.php2
-rw-r--r--upgrade.php3
-rw-r--r--version.php2
-rw-r--r--views/default/core/walled_garden/body.php11
-rw-r--r--views/default/core/walled_garden/login.php8
-rw-r--r--views/default/core/walled_garden/lost_password.php8
-rw-r--r--views/default/core/walled_garden/register.php8
-rw-r--r--views/default/css/walled_garden.php13
-rw-r--r--views/default/js/walled_garden.php54
-rw-r--r--views/default/object/plugin.php4
-rw-r--r--views/default/output/tagcloud.php12
-rw-r--r--views/default/page/elements/comments.php2
-rw-r--r--views/default/page/layouts/walled_garden.php16
-rw-r--r--views/default/river/elements/body.php2
-rw-r--r--views/default/river/elements/summary.php11
48 files changed, 552 insertions, 173 deletions
diff --git a/CHANGES.txt b/CHANGES.txt
index af126c3d3..ae0cdc333 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -1,3 +1,90 @@
+Version 1.8.5
+(May 15, 2012 from https://github.com/Elgg/Elgg/tree/1.8)
+
+ Contributing Developers:
+ * Brett Profitt
+ * Sem
+
+ Security Enhancements:
+ * Fixed possible XSS vulnerability if using a crafted URL.
+ * Fixed exploit to bypass new user validation if using a crafted form.
+ * Fixed incorrect caching of access lists that could allow plugins
+ to show private entities to non-admin and non-owning users. (Non-exploitable)
+
+ Bugfixes:
+ * Twitter API: New users are forwarded to the correct page after creating
+ an account with Twitter.
+ * Files: PDF files are downloaded as "inline" to display in the browser.
+ * Fixed possible duplication errors when writing metadata with multiple values.
+ * Fixed possible upgrade issue if using a plugin uses the system_log hooks.
+ * Fixed problems when enabling more than 50 metadata or annotations.
+
+ API:
+ * River entries' timestamps use elgg_view_friendly_time() and can be
+ overridden with the friendly time output view.
+
+Version 1.8.4
+(April 24, 2012 from https://github.com/Elgg/Elgg/tree/1.8)
+
+ Contributing Developers:
+ * Adayth Talavera
+ * Brett Profitt
+ * Cash Costello
+ * Evan Winslow
+ * Ismayil Khayredinov
+ * Janek Lasocki-Biczysko
+ * Jerome Baker
+ * Sem
+ * Steve Clay
+ * Webgalli
+
+ Security Enhancements:
+ * Fixed an issue in the web services auth.get_token endpoint that
+ would give valid auth tokens to invalid credentials. Thanks to
+ Christian for reporting this!
+ * Fixed an that could show which plugins are loaded on a site.
+
+ Enhancements:
+ * UI: All bundled plugins' list pages display a no content message if there is nothing to list.
+ * UI: Site default access is limited to core access levels.
+ * UI: Showing a system message to the admin if plugins are disabled with the "disabled"
+ magic file.
+ * UI: Added transparent backgrounds for files and pages icons.
+ * External (Site) Pages: If in Wall Garden mode, Site Pages use the Walled Garden
+ theme when logged out.
+ * UI: Database errors only show the query to admin users.
+ * UI: Cannot set the data path to a relative path in installation or site settings.
+ * UI: Cleaned up notifications for bundled plugins.
+ * UI: Hiding crop button if no avatar is uploaded.
+ * UI: Bundled plugins are displayed with a gold border in the plugin admin area.
+ * UI: Can see all the categories a plugin belongs to.
+ * Web Services: Multiple tokens allowed for users.
+ * API: More efficient entity loading.
+ * API: Added IP address to system log.
+ * API: Languages are cached.
+ * API: ElggBatch supports disabling offsets for callbacks that delete entities.
+ * API: Cleaned up the boot process.
+ * API: Fixed situation in which the cache isn't properly cleared if a file can't be unlinked.
+
+ Bugfixes:
+ * UI: Tags display in the case they were saved.
+ * UI: Friendly titles keep -s.
+ * UI: Removed pagination in friends widget.
+ * UI: Profile settings actions correctly displays error messages as errors.
+ * UI: Tag search works for tags with spaces.
+ * UI: Fixed river display for friending that happens during registration.
+ * Groups: Link for managing join requests is restored in the sidebar.
+ * Walled Garden: Cron and web services endpoints are exposed as public sites.
+ * The Wire: UTF usernames are correctly linked with @ syntax.
+ * The Wire: No longer selecting the "Mine" tab for users who aren't you.
+ * Blogs: Notifications restored.
+ * Message Board: Fixed delete.
+ * Groups: Forwarding to correct page if trying to access closed group.
+ * API: entities loaded via elgg_get_entities_from_relationship() have the correct time_created.
+ * API: Deleting entities recursively works when code is logged out.
+ * API: Fixed multiple uses of deprecated functions.
+
+
Version 1.8.3
(January 12, 2012 from https://github.com/Elgg/Elgg/tree/1.8)
diff --git a/actions/admin/site/update_advanced.php b/actions/admin/site/update_advanced.php
index 23d622a62..897a2f983 100644
--- a/actions/admin/site/update_advanced.php
+++ b/actions/admin/site/update_advanced.php
@@ -17,7 +17,24 @@ if ($site = elgg_get_site_entity()) {
$site->url = get_input('wwwroot');
datalist_set('path', sanitise_filepath(get_input('path')));
- datalist_set('dataroot', sanitise_filepath(get_input('dataroot')));
+ $dataroot = sanitise_filepath(get_input('dataroot'));
+
+ // check for relative paths
+ if (stripos(PHP_OS, 'win') === 0) {
+ if (strpos($dataroot, ':') !== 1) {
+ $msg = elgg_echo('admin:configuration:dataroot:relative_path', array($dataroot));
+ register_error($msg);
+ forward(REFERER);
+ }
+ } else {
+ if (strpos($dataroot, '/') !== 0) {
+ $msg = elgg_echo('admin:configuration:dataroot:relative_path', array($dataroot));
+ register_error($msg);
+ forward(REFERER);
+ }
+ }
+
+ datalist_set('dataroot', $dataroot);
if (get_input('simplecache_enabled')) {
elgg_enable_simplecache();
diff --git a/engine/classes/ElggBatch.php b/engine/classes/ElggBatch.php
index 0cb13eb32..c1a77a0d9 100644
--- a/engine/classes/ElggBatch.php
+++ b/engine/classes/ElggBatch.php
@@ -16,7 +16,7 @@
*
* Results from the callback are stored in callbackResult. If the callback
* returns only booleans, callbackResults will be the combined result of
- * all calls.
+ * all calls. If no entities are processed, callbackResults will be null.
*
* If the callback returns anything else, callbackresult will be an indexed
* array of whatever the callback returns. If returning error handling
diff --git a/engine/classes/ElggEntity.php b/engine/classes/ElggEntity.php
index dc38dafbe..164ff3838 100644
--- a/engine/classes/ElggEntity.php
+++ b/engine/classes/ElggEntity.php
@@ -201,8 +201,11 @@ abstract class ElggEntity extends ElggData implements
/**
* Sets the value of a property.
*
- * If $name is defined in $this->attributes that value is set, otherwise it will
- * set the appropriate item of metadata.
+ * If $name is defined in $this->attributes that value is set, otherwise it is
+ * saved as metadata.
+ *
+ * @warning Metadata set this way will inherit the entity's owner and access ID. If you want
+ * to set metadata with a different owner, use create_metadata().
*
* @warning It is important that your class populates $this->attributes with keys
* for all base attributes, anything not in their gets set as METADATA.
@@ -248,7 +251,12 @@ abstract class ElggEntity extends ElggData implements
public function getMetaData($name) {
if ((int) ($this->guid) == 0) {
if (isset($this->temp_metadata[$name])) {
- return $this->temp_metadata[$name];
+ // md is returned as an array only if more than 1 entry
+ if (count($this->temp_metadata[$name]) == 1) {
+ return $this->temp_metadata[$name][0];
+ } else {
+ return $this->temp_metadata[$name];
+ }
} else {
return null;
}
@@ -291,80 +299,78 @@ abstract class ElggEntity extends ElggData implements
/**
* Set a piece of metadata.
*
- * @tip Plugin authors should use the magic methods.
+ * Plugin authors should use the magic methods or create_metadata().
+ *
+ * @warning The metadata will inherit the parent entity's owner and access ID.
+ * If you want to write metadata with a different owner, use create_metadata().
*
* @access private
*
* @param string $name Name of the metadata
- * @param mixed $value Value of the metadata
+ * @param mixed $value Value of the metadata (doesn't support assoc arrays)
* @param string $value_type Types supported: integer and string. Will auto-identify if not set
* @param bool $multiple Allow multiple values for a single name (doesn't support assoc arrays)
*
* @return bool
*/
- public function setMetaData($name, $value, $value_type = "", $multiple = false) {
- $delete_first = false;
- // if multiple is set that always means don't delete.
- // if multiple isn't set it means override. set it to true on arrays for the foreach.
- if (!$multiple) {
- $delete_first = true;
- $multiple = is_array($value);
- }
-
- if (!$this->guid) {
- // real metadata only returns as an array if there are multiple elements
- if (is_array($value) && count($value) == 1) {
- $value = $value[0];
- }
-
- $value_is_array = is_array($value);
-
- if (!isset($this->temp_metadata[$name]) || $delete_first) {
- // need to remove the indexes because real metadata doesn't have them.
- if ($value_is_array) {
- $this->temp_metadata[$name] = array_values($value);
- } else {
- $this->temp_metadata[$name] = $value;
- }
- } else {
- // multiple is always true at this point.
- // if we're setting multiple and temp isn't array, it needs to be.
- if (!is_array($this->temp_metadata[$name])) {
- $this->temp_metadata[$name] = array($this->temp_metadata[$name]);
- }
+ public function setMetaData($name, $value, $value_type = null, $multiple = false) {
- if ($value_is_array) {
- $this->temp_metadata[$name] = array_merge($this->temp_metadata[$name], array_values($value));
- } else {
- $this->temp_metadata[$name][] = $value;
- }
- }
+ // normalize value to an array that we will loop over
+ // remove indexes if value already an array.
+ if (is_array($value)) {
+ $value = array_values($value);
} else {
- if ($delete_first) {
+ $value = array($value);
+ }
+
+ // saved entity. persist md to db.
+ if ($this->guid) {
+ // if overwriting, delete first.
+ if (!$multiple) {
$options = array(
'guid' => $this->getGUID(),
'metadata_name' => $name,
'limit' => 0
);
- // @todo this doesn't check if it exists so we can't handle failed deletes
- // is it worth the overhead of more SQL calls to check?
- elgg_delete_metadata($options);
- }
- // save into real metadata
- if (!is_array($value)) {
- $value = array($value);
+ // @todo in 1.9 make this return false if can't add metadata
+ // http://trac.elgg.org/ticket/4520
+ //
+ // need to remove access restrictions right now to delete
+ // because this is the expected behavior
+ $ia = elgg_set_ignore_access(true);
+ if (false === elgg_delete_metadata($options)) {
+ return false;
+ }
+ elgg_set_ignore_access($ia);
}
- foreach ($value as $v) {
- $result = create_metadata($this->getGUID(), $name, $v, $value_type,
- $this->getOwnerGUID(), $this->getAccessId(), $multiple);
- if (!$result) {
+ // add new md
+ $result = true;
+ foreach ($value as $value_tmp) {
+ // at this point $value should be appended because it was cleared above if needed.
+ $md_id = create_metadata($this->getGUID(), $name, $value_tmp, $value_type,
+ $this->getOwnerGUID(), $this->getAccessId(), true);
+ if (!$md_id) {
return false;
}
}
+
+ return $result;
}
- return true;
+ // unsaved entity. store in temp array
+ // returning single entries instead of an array of 1 element is decided in
+ // getMetaData(), just like pulling from the db.
+ else {
+ // if overwrite, delete first
+ if (!$multiple || !isset($this->temp_metadata[$name])) {
+ $this->temp_metadata[$name] = array();
+ }
+
+ // add new md
+ $this->temp_metadata[$name] = array_merge($this->temp_metadata[$name], $value);
+ return true;
+ }
}
/**
diff --git a/engine/classes/ElggPlugin.php b/engine/classes/ElggPlugin.php
index 33f14ae37..8c9093834 100644
--- a/engine/classes/ElggPlugin.php
+++ b/engine/classes/ElggPlugin.php
@@ -79,6 +79,68 @@ class ElggPlugin extends ElggObject {
}
/**
+ * Overridden from ElggEntity and ElggObject::load(). Core always inits plugins with
+ * a query joined to the objects_entity table, so all the info is there.
+ *
+ * @param mixed $guid GUID of an ElggObject or the stdClass object from entities table
+ *
+ * @return bool
+ * @throws InvalidClassException
+ */
+ protected function load($guid) {
+
+ $expected_attributes = $this->attributes;
+ unset($expected_attributes['tables_split']);
+ unset($expected_attributes['tables_loaded']);
+
+ // this was loaded with a full join
+ $needs_loaded = false;
+
+ if ($guid instanceof stdClass) {
+ $row = (array) $guid;
+ $missing_attributes = array_diff_key($expected_attributes, $row);
+ if ($missing_attributes) {
+ $needs_loaded = true;
+ $old_guid = $guid;
+ $guid = $row['guid'];
+ } else {
+ $this->attributes = $row;
+ }
+ } else {
+ $needs_loaded = true;
+ }
+
+ if ($needs_loaded) {
+ $entity = (array) get_entity_as_row($guid);
+ $object = (array) get_object_entity_as_row($guid);
+
+ if (!$entity || !$object) {
+ return false;
+ }
+
+ $this->attributes = array_merge($this->attributes, $entity, $object);
+ }
+
+ $this->attributes['tables_loaded'] = 2;
+
+ // Check the type
+ if ($this->attributes['type'] != 'object') {
+ $msg = elgg_echo('InvalidClassException:NotValidElggStar', array($guid, get_class()));
+ throw new InvalidClassException($msg);
+ }
+
+ // guid needs to be an int http://trac.elgg.org/ticket/4111
+ $this->attributes['guid'] = (int)$this->attributes['guid'];
+
+ // cache the entity
+ if ($this->attributes['guid']) {
+ cache_entity($this);
+ }
+
+ return true;
+ }
+
+ /**
* Save the plugin object. Make sure required values exist.
*
* @see ElggObject::save()
diff --git a/engine/classes/ElggSite.php b/engine/classes/ElggSite.php
index af3999321..6d07778a9 100644
--- a/engine/classes/ElggSite.php
+++ b/engine/classes/ElggSite.php
@@ -422,6 +422,7 @@ class ElggSite extends ElggEntity {
// default public pages
$defaults = array(
+ 'walled_garden/.*',
'action/login',
'register',
'action/register',
diff --git a/engine/lib/access.php b/engine/lib/access.php
index 6be252c6a..e8b3b0d52 100644
--- a/engine/lib/access.php
+++ b/engine/lib/access.php
@@ -31,7 +31,7 @@ function get_access_list($user_id = 0, $site_id = 0, $flush = false) {
global $CONFIG, $init_finished;
static $access_list;
- if (!isset($access_list) || !$init_finished) {
+ if (!isset($access_list)) {
$access_list = array();
}
@@ -49,9 +49,16 @@ function get_access_list($user_id = 0, $site_id = 0, $flush = false) {
return $access_list[$user_id];
}
- $access_list[$user_id] = "(" . implode(",", get_access_array($user_id, $site_id, $flush)) . ")";
+ $access = "(" . implode(",", get_access_array($user_id, $site_id, $flush)) . ")";
- return $access_list[$user_id];
+ // only cache if done with init and access is enabled (unless admin user)
+ // session is loaded before init is finished, so don't need to check for user session
+ if ($init_finished && (elgg_is_admin_logged_in() || !elgg_get_ignore_access())) {
+ $access_list[$user_id] = $access;
+ return $access_list[$user_id];
+ } else {
+ return $access;
+ }
}
/**
@@ -83,7 +90,7 @@ function get_access_array($user_id = 0, $site_id = 0, $flush = false) {
// this cache might be redundant. But db cache is flushed on every db write.
static $access_array;
- if (!isset($access_array) || (!isset($init_finished)) || (!$init_finished)) {
+ if (!isset($access_array)) {
$access_array = array();
}
@@ -137,12 +144,12 @@ function get_access_array($user_id = 0, $site_id = 0, $flush = false) {
$tmp_access_array[] = ACCESS_PRIVATE;
}
- $access_array[$user_id] = $tmp_access_array;
- } else {
- // No user id logged in so we can only access public info
- $tmp_return = $tmp_access_array;
+ // only cache if done with init and access is enabled (unless admin user)
+ // session is loaded before init is finished, so don't need to check for user session
+ if ($init_finished && (elgg_is_admin_logged_in() || !elgg_get_ignore_access())) {
+ $access_array[$user_id] = $tmp_access_array;
+ }
}
-
} else {
$tmp_access_array = $access_array[$user_id];
}
@@ -946,7 +953,8 @@ function elgg_get_access_object() {
*
* @global bool $init_finished
* @access private
- * @todo investigate why this is needed
+ * @todo This is required to tell the access system to start caching because
+ * calls are made while in ignore access mode and before the user is logged in.
*/
$init_finished = false;
@@ -1014,8 +1022,9 @@ function access_test($hook, $type, $value, $params) {
return $value;
}
-// This function will let us know when 'init' has finished
-elgg_register_event_handler('init', 'system', 'access_init', 9999);
+// Tell the access functions the system has booted, plugins are loaded,
+// and the user is logged in so it can start caching
+elgg_register_event_handler('ready', 'system', 'access_init');
// For overrided permissions
elgg_register_plugin_hook_handler('permissions_check', 'all', 'elgg_override_permissions');
diff --git a/engine/lib/annotations.php b/engine/lib/annotations.php
index f32dee0f0..2036ccd61 100644
--- a/engine/lib/annotations.php
+++ b/engine/lib/annotations.php
@@ -95,8 +95,6 @@ $owner_guid = 0, $access_id = ACCESS_PRIVATE) {
$entity = get_entity($entity_guid);
if (elgg_trigger_event('annotate', $entity->type, $entity)) {
- system_log($entity, 'annotate');
-
// If ok then add it
$result = insert_data("INSERT into {$CONFIG->dbprefix}annotations
(entity_guid, name_id, value_id, value_type, owner_guid, time_created, access_id) VALUES
@@ -222,7 +220,7 @@ function elgg_delete_annotations(array $options) {
}
$options['metastring_type'] = 'annotations';
- return elgg_batch_metastring_based_objects($options, 'elgg_batch_delete_callback');
+ return elgg_batch_metastring_based_objects($options, 'elgg_batch_delete_callback', false);
}
/**
@@ -240,7 +238,7 @@ function elgg_disable_annotations(array $options) {
}
$options['metastring_type'] = 'annotations';
- return elgg_batch_metastring_based_objects($options, 'elgg_batch_disable_callback');
+ return elgg_batch_metastring_based_objects($options, 'elgg_batch_disable_callback', false);
}
/**
diff --git a/engine/lib/elgglib.php b/engine/lib/elgglib.php
index 11bdc7285..b55958a6c 100644
--- a/engine/lib/elgglib.php
+++ b/engine/lib/elgglib.php
@@ -2021,8 +2021,14 @@ function elgg_walled_garden_index() {
elgg_load_css('elgg.walled_garden');
elgg_load_js('elgg.walled_garden');
- $body = elgg_view('core/walled_garden/body');
+ $content = elgg_view('core/walled_garden/login');
+ $params = array(
+ 'content' => $content,
+ 'class' => 'elgg-walledgarden-double',
+ 'id' => 'elgg-walledgarden-login',
+ );
+ $body = elgg_view_layout('walled_garden', $params);
echo elgg_view_page('', $body, 'walled_garden');
// return true to prevent other plugins from adding a front page
@@ -2030,6 +2036,24 @@ function elgg_walled_garden_index() {
}
/**
+ * Serve walled garden sections
+ *
+ * @param array $page Array of URL segments
+ * @return string
+ * @access private
+ */
+function _elgg_walled_garden_ajax_handler($page) {
+ $view = $page[0];
+ $params = array(
+ 'content' => elgg_view("core/walled_garden/$view"),
+ 'class' => 'elgg-walledgarden-single hidden',
+ 'id' => str_replace('_', '-', "elgg-walledgarden-$view"),
+ );
+ echo elgg_view_layout('walled_garden', $params);
+ return true;
+}
+
+/**
* Checks the status of the Walled Garden and forwards to a login page
* if required.
*
@@ -2049,6 +2073,8 @@ function elgg_walled_garden() {
elgg_register_css('elgg.walled_garden', '/css/walled_garden.css');
elgg_register_js('elgg.walled_garden', '/js/walled_garden.js');
+ elgg_register_page_handler('walled_garden', '_elgg_walled_garden_ajax_handler');
+
// check for external page view
if (isset($CONFIG->site) && $CONFIG->site instanceof ElggSite) {
$CONFIG->site->checkWalledGarden();
diff --git a/engine/lib/languages.php b/engine/lib/languages.php
index bf6829a39..7a508d298 100644
--- a/engine/lib/languages.php
+++ b/engine/lib/languages.php
@@ -344,7 +344,7 @@ function get_missing_language_keys($language) {
*/
function elgg_languages_init() {
$lang = get_current_language();
- elgg_register_simplecache_view("cache/js/languages/$lang");
+ elgg_register_simplecache_view("js/languages/$lang");
}
elgg_register_event_handler('init', 'system', 'elgg_languages_init');
diff --git a/engine/lib/metadata.php b/engine/lib/metadata.php
index 34a36d86e..0ff3a43dc 100644
--- a/engine/lib/metadata.php
+++ b/engine/lib/metadata.php
@@ -297,6 +297,8 @@ function elgg_get_metadata(array $options = array()) {
* This requires at least one constraint: metadata_owner_guid(s),
* metadata_name(s), metadata_value(s), or guid(s) must be set.
*
+ * @warning This returns null on no ops.
+ *
* @param array $options An options array. {@see elgg_get_metadata()}
* @return mixed Null if the metadata name is invalid. Bool on success or fail.
* @since 1.8.0
@@ -307,8 +309,7 @@ function elgg_delete_metadata(array $options) {
}
$options['metastring_type'] = 'metadata';
- $result = elgg_batch_metastring_based_objects($options, 'elgg_batch_delete_callback');
- return $result;
+ return elgg_batch_metastring_based_objects($options, 'elgg_batch_delete_callback', false);
}
/**
@@ -316,6 +317,8 @@ function elgg_delete_metadata(array $options) {
*
* @warning Unlike elgg_get_metadata() this will not accept an empty options array!
*
+ * @warning This returns null on no ops.
+ *
* @param array $options An options array. {@See elgg_get_metadata()}
* @return mixed
* @since 1.8.0
@@ -326,7 +329,7 @@ function elgg_disable_metadata(array $options) {
}
$options['metastring_type'] = 'metadata';
- return elgg_batch_metastring_based_objects($options, 'elgg_batch_disable_callback');
+ return elgg_batch_metastring_based_objects($options, 'elgg_batch_disable_callback', false);
}
/**
@@ -334,6 +337,8 @@ function elgg_disable_metadata(array $options) {
*
* @warning Unlike elgg_get_metadata() this will not accept an empty options array!
*
+ * @warning This returns null on no ops.
+ *
* @param array $options An options array. {@See elgg_get_metadata()}
* @return mixed
* @since 1.8.0
diff --git a/engine/lib/metastrings.php b/engine/lib/metastrings.php
index d7cc4e0bc..cf6dd4d98 100644
--- a/engine/lib/metastrings.php
+++ b/engine/lib/metastrings.php
@@ -716,22 +716,23 @@ function elgg_set_metastring_based_object_enabled_by_id($id, $enabled, $type) {
* @warning Unlike elgg_get_metastring_based_objects() this will not accept an
* empty options array!
*
- * @param array $options An options array. {@See elgg_get_metastring_based_objects()}
- * @param string $callback The callback to pass each result through
- * @return mixed
+ * @warning This returns null on no ops.
+ *
+ * @param array $options An options array. {@See elgg_get_metastring_based_objects()}
+ * @param string $callback The callback to pass each result through
+ * @param bool $inc_offset Increment the offset? Pass false for callbacks that delete / disable
+ *
+ * @return bool|null true on success, false on failure, null if no objects are found.
* @since 1.8.0
* @access private
*/
-function elgg_batch_metastring_based_objects(array $options, $callback) {
+function elgg_batch_metastring_based_objects(array $options, $callback, $inc_offset = true) {
if (!$options || !is_array($options)) {
return false;
}
- // @todo restore once ElggBatch supports callbacks that delete rows.
- $batch = new ElggBatch('elgg_get_metastring_based_objects', $options, $callback, 50, false);
- $r = $batch->callbackResult;
-
- return $r;
+ $batch = new ElggBatch('elgg_get_metastring_based_objects', $options, $callback, 50, $inc_offset);
+ return $batch->callbackResult;
}
/**
diff --git a/engine/lib/plugins.php b/engine/lib/plugins.php
index 123fb18d8..39a76db5d 100644
--- a/engine/lib/plugins.php
+++ b/engine/lib/plugins.php
@@ -93,10 +93,13 @@ function elgg_get_plugin_ids_in_dir($dir = null) {
function elgg_generate_plugin_entities() {
$site = get_config('site');
$dir = elgg_get_plugins_path();
+ $db_prefix = elgg_get_config('dbprefix');
$options = array(
'type' => 'object',
'subtype' => 'plugin',
+ 'selects' => array('plugin_oe.*'),
+ 'joins' => array("JOIN {$db_prefix}objects_entity plugin_oe on plugin_oe.guid = e.guid"),
'limit' => ELGG_ENTITIES_NO_VALUE
);
@@ -352,7 +355,11 @@ function elgg_get_plugins($status = 'active', $site_guid = null) {
'type' => 'object',
'subtype' => 'plugin',
'limit' => ELGG_ENTITIES_NO_VALUE,
- 'joins' => array("JOIN {$db_prefix}private_settings ps on ps.entity_guid = e.guid"),
+ 'selects' => array('plugin_oe.*'),
+ 'joins' => array(
+ "JOIN {$db_prefix}private_settings ps on ps.entity_guid = e.guid",
+ "JOIN {$db_prefix}objects_entity plugin_oe on plugin_oe.guid = e.guid"
+ ),
'wheres' => array("ps.name = '$priority'"),
'order_by' => "CAST(ps.value as unsigned), e.guid"
);
diff --git a/engine/lib/relationships.php b/engine/lib/relationships.php
index fabe2d2d6..f50c4a485 100644
--- a/engine/lib/relationships.php
+++ b/engine/lib/relationships.php
@@ -290,7 +290,7 @@ function elgg_get_entities_from_relationship($options) {
$options['selects'] = array();
}
- $select = array('r.*');
+ $select = array('r.id');
$options['selects'] = array_merge($options['selects'], $select);
}
diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php
index 9982d9fe8..419d36707 100644
--- a/engine/lib/sessions.php
+++ b/engine/lib/sessions.php
@@ -127,6 +127,10 @@ function elgg_is_admin_user($user_guid) {
/**
* Perform user authentication with a given username and password.
*
+ * @warning This returns an error message on failure. Use the identical operator to check
+ * for access: if (true === elgg_authenticate()) { ... }.
+ *
+ *
* @see login
*
* @param string $username The username
diff --git a/engine/lib/users.php b/engine/lib/users.php
index f1d42e25e..e209f2c38 100644
--- a/engine/lib/users.php
+++ b/engine/lib/users.php
@@ -969,8 +969,8 @@ $allow_multiple_emails = false, $friend_guid = 0, $invitecode = '') {
$friend_user->addFriend($user->guid);
// @todo Should this be in addFriend?
- add_to_river('friends/river/create', 'friend', $user->getGUID(), $friend_guid);
- add_to_river('friends/river/create', 'friend', $friend_guid, $user->getGUID());
+ add_to_river('river/relationship/friend/create', 'friend', $user->getGUID(), $friend_guid);
+ add_to_river('river/relationship/friend/create', 'friend', $friend_guid, $user->getGUID());
}
}
}
@@ -1551,7 +1551,7 @@ function users_init() {
elgg_register_plugin_hook_handler('register', 'menu:user_hover', 'elgg_user_hover_menu');
elgg_register_action('register', '', 'public');
- elgg_register_action('useradd', '', 'public');
+ elgg_register_action('useradd', '', 'admin');
elgg_register_action('friends/add');
elgg_register_action('friends/remove');
elgg_register_action('avatar/upload');
diff --git a/engine/lib/views.php b/engine/lib/views.php
index ca0ce7196..1b013be6f 100644
--- a/engine/lib/views.php
+++ b/engine/lib/views.php
@@ -103,7 +103,10 @@ function elgg_get_viewtype() {
$viewtype = get_input('view', NULL);
if ($viewtype) {
- return $viewtype;
+ // only word characters allowed.
+ if (!preg_match('[\W]', $viewtype)) {
+ return $viewtype;
+ }
}
if (isset($CONFIG->view) && !empty($CONFIG->view)) {
diff --git a/engine/lib/web_services.php b/engine/lib/web_services.php
index 07be76ec6..da3ed76a9 100644
--- a/engine/lib/web_services.php
+++ b/engine/lib/web_services.php
@@ -1165,7 +1165,7 @@ function list_all_apis() {
* @access private
*/
function auth_gettoken($username, $password) {
- if (elgg_authenticate($username, $password)) {
+ if (true === elgg_authenticate($username, $password)) {
$token = create_user_token($username);
if ($token) {
return $token;
diff --git a/engine/tests/api/metadata.php b/engine/tests/api/metadata.php
index be8ac269c..2461e975e 100644
--- a/engine/tests/api/metadata.php
+++ b/engine/tests/api/metadata.php
@@ -124,6 +124,80 @@ class ElggCoreMetadataAPITest extends ElggCoreUnitTest {
$e->delete();
}
+ // Make sure metadata with multiple values is correctly deleted when re-written
+ // by another user
+ // http://trac.elgg.org/ticket/2776
+ public function test_elgg_metadata_multiple_values() {
+ $u1 = new ElggUser();
+ $u1->username = rand();
+ $u1->save();
+
+ $u2 = new ElggUser();
+ $u2->username = rand();
+ $u2->save();
+
+ $obj = new ElggObject();
+ $obj->owner_guid = $u1->guid;
+ $obj->container_guid = $u1->guid;
+ $obj->access_id = ACCESS_PUBLIC;
+ $obj->save();
+
+ $md_values = array(
+ 'one',
+ 'two',
+ 'three'
+ );
+
+ // need to fake different logins.
+ // good times without mocking.
+ $original_user = elgg_get_logged_in_user_entity();
+ $_SESSION['user'] = $u1;
+
+ elgg_set_ignore_access(false);
+
+ // add metadata as one user
+ $obj->test = $md_values;
+
+ // check only these md exists
+ $db_prefix = elgg_get_config('dbprefix');
+ $q = "SELECT * FROM {$db_prefix}metadata WHERE entity_guid = $obj->guid";
+ $data = get_data($q);
+
+ $this->assertEqual(count($md_values), count($data));
+ foreach ($data as $md_row) {
+ $md = elgg_get_metadata_from_id($md_row->id);
+ $this->assertTrue(in_array($md->value, $md_values));
+ $this->assertEqual('test', $md->name);
+ }
+
+ // add md w/ same name as a different user
+ $_SESSION['user'] = $u2;
+ $md_values2 = array(
+ 'four',
+ 'five',
+ 'six',
+ 'seven'
+ );
+
+ $obj->test = $md_values2;
+
+ $q = "SELECT * FROM {$db_prefix}metadata WHERE entity_guid = $obj->guid";
+ $data = get_data($q);
+
+ $this->assertEqual(count($md_values2), count($data));
+ foreach ($data as $md_row) {
+ $md = elgg_get_metadata_from_id($md_row->id);
+ $this->assertTrue(in_array($md->value, $md_values2));
+ $this->assertEqual('test', $md->name);
+ }
+
+ $_SESSION['user'] = $original_user;
+
+ $obj->delete();
+ $u1->delete();
+ $u2->delete();
+ }
+
protected function create_metastring($string) {
global $CONFIG, $METASTRINGS_CACHE, $METASTRINGS_DEADNAME_CACHE;
diff --git a/engine/tests/objects/entities.php b/engine/tests/objects/entities.php
index a4dc7946c..248b85c9e 100644
--- a/engine/tests/objects/entities.php
+++ b/engine/tests/objects/entities.php
@@ -98,7 +98,7 @@ class ElggCoreEntityTest extends ElggCoreUnitTest {
// check internal metadata array
$metadata = $this->entity->expose_metadata();
- $this->assertIdentical($metadata['existent'], 'testing');
+ $this->assertIdentical($metadata['existent'], array('testing'));
}
public function testElggEnityGetAndSetAnnotations() {
diff --git a/languages/en.php b/languages/en.php
index 14df3db34..7b51b0c7d 100644
--- a/languages/en.php
+++ b/languages/en.php
@@ -562,6 +562,7 @@ $english = array(
'admin:configuration:success' => "Your settings have been saved.",
'admin:configuration:fail' => "Your settings could not be saved.",
+ 'admin:configuration:dataroot:relative_path' => 'Cannot set "%s" as the dataroot because it is not an absolute path.',
'admin:unknown_section' => 'Invalid Admin Section.',
@@ -666,7 +667,7 @@ $english = array(
/**
* Plugins
*/
- 'plugins:disabled' => 'Plugins are being loaded because a file named "disabled" is in the mod directory.',
+ 'plugins:disabled' => 'Plugins are not being loaded because a file named "disabled" is in the mod directory.',
'plugins:settings:save:ok' => "Settings for the %s plugin were saved successfully.",
'plugins:settings:save:fail' => "There was a problem saving settings for the %s plugin.",
'plugins:usersettings:save:ok' => "User settings for the %s plugin were saved successfully.",
diff --git a/mod/externalpages/start.php b/mod/externalpages/start.php
index 152a8b4d9..74da7f828 100644
--- a/mod/externalpages/start.php
+++ b/mod/externalpages/start.php
@@ -77,9 +77,16 @@ function expages_page_handler($page, $handler) {
} else {
$content .= elgg_echo("expages:notset");
}
+ $content = elgg_view('expages/wrapper', array('content' => $content));
- $body = elgg_view_layout("one_sidebar", array('content' => $content));
- echo elgg_view_page($title, $body);
+ if (elgg_is_logged_in() || !elgg_get_config('walled_garden')) {
+ $body = elgg_view_layout('one_sidebar', array('content' => $content));
+ echo elgg_view_page($title, $body);
+ } else {
+ elgg_load_css('elgg.walled_garden');
+ $body = elgg_view_layout('walled_garden', array('content' => $content));
+ echo elgg_view_page($title, $body, 'walled_garden');
+ }
return true;
}
diff --git a/mod/externalpages/views/default/expages/wrapper.php b/mod/externalpages/views/default/expages/wrapper.php
new file mode 100644
index 000000000..8eb0b2f84
--- /dev/null
+++ b/mod/externalpages/views/default/expages/wrapper.php
@@ -0,0 +1,16 @@
+<?php
+/**
+ * Wrapper for site pages content area
+ *
+ * @uses $vars['content']
+ */
+
+echo $vars['content'];
+
+echo '<div class="mtm">';
+echo elgg_view('output/url', array(
+ 'text' => 'Back',
+ 'href' => $_SERVER['HTTP_REFERER'],
+ 'class' => 'float-alt'
+));
+echo '</div>';
diff --git a/mod/file/pages/file/download.php b/mod/file/pages/file/download.php
index 00e6d500e..76c1f1272 100644
--- a/mod/file/pages/file/download.php
+++ b/mod/file/pages/file/download.php
@@ -26,7 +26,7 @@ $filename = $file->originalfilename;
header("Pragma: public");
header("Content-type: $mime");
-if (strpos($mime, "image/") !== false) {
+if (strpos($mime, "image/") !== false || $mime == "application/pdf") {
header("Content-Disposition: inline; filename=\"$filename\"");
} else {
header("Content-Disposition: attachment; filename=\"$filename\"");
diff --git a/mod/groups/icon.php b/mod/groups/icon.php
index 104da4b41..f86f84fa5 100644
--- a/mod/groups/icon.php
+++ b/mod/groups/icon.php
@@ -35,7 +35,7 @@ if ($filehandler->open("read")) {
}
if (!$success) {
- $location = elgg_get_plugins_path() . "groups/graphics/default{$size}.jpg";
+ $location = elgg_get_plugins_path() . "groups/graphics/default{$size}.gif";
$contents = @file_get_contents($location);
}
diff --git a/mod/groups/views/default/group/default.php b/mod/groups/views/default/group/default.php
index 6eae467c6..d9460dff4 100644
--- a/mod/groups/views/default/group/default.php
+++ b/mod/groups/views/default/group/default.php
@@ -22,10 +22,9 @@ if (elgg_in_context('owner_block') || elgg_in_context('widgets')) {
if ($vars['full_view']) {
- echo elgg_view("groups/profile/profile_block", $vars);
+ echo elgg_view('groups/profile/summary', $vars);
} else {
// brief view
-
$params = array(
'entity' => $group,
'metadata' => $metadata,
diff --git a/mod/pages/actions/pages/delete.php b/mod/pages/actions/pages/delete.php
index dfa0de98d..7a314a280 100644
--- a/mod/pages/actions/pages/delete.php
+++ b/mod/pages/actions/pages/delete.php
@@ -9,8 +9,9 @@
$guid = get_input('guid');
$page = get_entity($guid);
-if ($page) {
- if ($page->canEdit()) {
+if (elgg_instanceof($page, 'object', 'page') || elgg_instanceof($page, 'object', 'page_top')) {
+ // only allow owners and admin to delete
+ if (elgg_is_admin_logged_in() || elgg_get_logged_in_user_guid() == $page->getOwnerGuid()) {
$container = get_entity($page->container_guid);
// Bring all child elements forward
diff --git a/mod/pages/actions/pages/edit.php b/mod/pages/actions/pages/edit.php
index 6950d4b2f..a32e4a4ba 100644
--- a/mod/pages/actions/pages/edit.php
+++ b/mod/pages/actions/pages/edit.php
@@ -47,7 +47,19 @@ if ($page_guid) {
}
if (sizeof($input) > 0) {
+ // don't change access if not an owner/admin
+ $user = elgg_get_logged_in_user_entity();
+ $can_change_access = true;
+
+ if ($user && $page) {
+ $can_change_access = $user->isAdmin() || $user->getGUID() == $page->owner_guid;
+ }
+
foreach ($input as $name => $value) {
+ if (($name == 'access_id' || $name == 'write_access_id') && !$can_change_access) {
+ continue;
+ }
+
$page->$name = $value;
}
}
@@ -74,6 +86,6 @@ if ($page->save()) {
forward($page->getURL());
} else {
- register_error(elgg_echo('pages:error:no_save'));
+ register_error(elgg_echo('pages:error:notsaved'));
forward(REFERER);
}
diff --git a/mod/pages/lib/pages.php b/mod/pages/lib/pages.php
index 5c5323d6f..dbf7b8917 100644
--- a/mod/pages/lib/pages.php
+++ b/mod/pages/lib/pages.php
@@ -111,4 +111,4 @@ function pages_register_navigation_tree($container) {
}
}
}
-}
+} \ No newline at end of file
diff --git a/mod/pages/pages/pages/view.php b/mod/pages/pages/pages/view.php
index 5dfb76b55..81477a8d4 100644
--- a/mod/pages/pages/pages/view.php
+++ b/mod/pages/pages/pages/view.php
@@ -32,7 +32,7 @@ elgg_push_breadcrumb($title);
$content = elgg_view_entity($page, array('full_view' => true));
$content .= elgg_view_comments($page);
-if (elgg_get_logged_in_user_guid() == $page->getOwnerGuid()) {
+if (elgg_is_admin_logged_in() || elgg_get_logged_in_user_guid() == $page->getOwnerGuid()) {
$url = "pages/add/$page->guid";
elgg_register_menu_item('title', array(
'name' => 'subpage',
diff --git a/mod/pages/views/default/forms/pages/edit.php b/mod/pages/views/default/forms/pages/edit.php
index 20737a121..9469f5eb9 100644
--- a/mod/pages/views/default/forms/pages/edit.php
+++ b/mod/pages/views/default/forms/pages/edit.php
@@ -6,7 +6,18 @@
*/
$variables = elgg_get_config('pages');
+$user = elgg_get_logged_in_user_entity();
+$entity = elgg_extract('entity', $vars);
+$can_change_access = true;
+if ($user && $entity) {
+ $can_change_access = ($user->isAdmin() || $user->getGUID() == $entity->owner_guid);
+}
+
foreach ($variables as $name => $type) {
+ // don't show read / write access inputs for non-owners or admin when editing
+ if (($type == 'access' || $type == 'write_access') && !$can_change_access) {
+ continue;
+ }
?>
<div>
<label><?php echo elgg_echo("pages:$name") ?></label>
@@ -14,8 +25,8 @@ foreach ($variables as $name => $type) {
if ($type != 'longtext') {
echo '<br />';
}
- ?>
- <?php echo elgg_view("input/$type", array(
+
+ echo elgg_view("input/$type", array(
'name' => $name,
'value' => $vars[$name],
));
diff --git a/mod/thewire/pages/thewire/owner.php b/mod/thewire/pages/thewire/owner.php
index f544aa655..6246c1770 100644
--- a/mod/thewire/pages/thewire/owner.php
+++ b/mod/thewire/pages/thewire/owner.php
@@ -14,10 +14,12 @@ $title = elgg_echo('thewire:user', array($owner->name));
elgg_push_breadcrumb(elgg_echo('thewire'), "thewire/all");
elgg_push_breadcrumb($owner->name);
+$context = '';
if (elgg_get_logged_in_user_guid() == $owner->guid) {
$form_vars = array('class' => 'thewire-form');
$content = elgg_view_form('thewire/add', $form_vars);
$content .= elgg_view('input/urlshortener');
+ $context = 'mine';
}
$content .= elgg_list_entities(array(
@@ -28,7 +30,7 @@ $content .= elgg_list_entities(array(
));
$body = elgg_view_layout('content', array(
- 'filter_context' => 'mine',
+ 'filter_context' => $context,
'content' => $content,
'title' => $title,
'sidebar' => elgg_view('thewire/sidebar'),
diff --git a/mod/thewire/start.php b/mod/thewire/start.php
index ebfe29538..5d5786e2f 100644
--- a/mod/thewire/start.php
+++ b/mod/thewire/start.php
@@ -304,7 +304,7 @@ function thewire_save_post($text, $userid, $access_id, $parent_guid = 0, $method
*/
function thewire_send_response_notification($guid, $parent_guid, $user) {
$parent_owner = get_entity($parent_guid)->getOwnerEntity();
- $user = get_loggedin_user();
+ $user = elgg_get_logged_in_user_entity();
// check to make sure user is not responding to self
if ($parent_owner->guid != $user->guid) {
diff --git a/mod/twitter_api/lib/twitter_api.php b/mod/twitter_api/lib/twitter_api.php
index 355123992..fbce00d34 100644
--- a/mod/twitter_api/lib/twitter_api.php
+++ b/mod/twitter_api/lib/twitter_api.php
@@ -109,7 +109,7 @@ function twitter_api_login() {
$user = twitter_api_create_user($twitter);
$site_name = elgg_get_site_entity()->name;
system_message(elgg_echo('twitter_api:login:email', array($site_name)));
- $forward = "twitter_api/intersitial";
+ $forward = "twitter_api/interstitial";
}
// set twitter services tokens
diff --git a/upgrade.php b/upgrade.php
index 6f7126326..963523200 100644
--- a/upgrade.php
+++ b/upgrade.php
@@ -20,7 +20,8 @@ define('UPGRADING', 'upgrading');
require_once(dirname(__FILE__) . "/engine/start.php");
if (get_input('upgrade') == 'upgrade') {
- // disable the core system log for upgrades to avoid exceptions when the schema changes.
+ // disable the system log for upgrades to avoid exceptions when the schema changes.
+ elgg_unregister_event_handler('log', 'systemlog', 'system_log_default_logger');
elgg_unregister_event_handler('all', 'all', 'system_log_listener');
if (elgg_get_unprocessed_upgrades()) {
diff --git a/version.php b/version.php
index 689306412..c36f4e186 100644
--- a/version.php
+++ b/version.php
@@ -14,4 +14,4 @@
$version = 2012041801;
// Human-friendly version name
-$release = '1.8.3';
+$release = '1.8.4';
diff --git a/views/default/core/walled_garden/body.php b/views/default/core/walled_garden/body.php
deleted file mode 100644
index 67d8e0c37..000000000
--- a/views/default/core/walled_garden/body.php
+++ /dev/null
@@ -1,11 +0,0 @@
-<?php
-/**
- * Walled garden body
- */
-
-echo elgg_view('core/walled_garden/login');
-echo elgg_view('core/walled_garden/lost_password');
-
-if (elgg_get_config('allow_registration')) {
- echo elgg_view('core/walled_garden/register');
-}
diff --git a/views/default/core/walled_garden/login.php b/views/default/core/walled_garden/login.php
index 0a8b4a908..42b79607d 100644
--- a/views/default/core/walled_garden/login.php
+++ b/views/default/core/walled_garden/login.php
@@ -14,7 +14,7 @@ $menu = elgg_view_menu('walled_garden', array(
$login_box = elgg_view('core/account/login_box', array('module' => 'walledgarden-login'));
-$content = <<<HTML
+echo <<<HTML
<div class="elgg-col elgg-col-1of2">
<div class="elgg-inner">
<h1 class="elgg-heading-walledgarden">
@@ -29,9 +29,3 @@ $content = <<<HTML
</div>
</div>
HTML;
-
-echo elgg_view_module('walledgarden', '', $content, array(
- 'class' => 'elgg-walledgarden-double',
- 'header' => ' ',
- 'footer' => ' ',
-));
diff --git a/views/default/core/walled_garden/lost_password.php b/views/default/core/walled_garden/lost_password.php
index ce75b558b..82f8caf50 100644
--- a/views/default/core/walled_garden/lost_password.php
+++ b/views/default/core/walled_garden/lost_password.php
@@ -5,15 +5,9 @@
$title = elgg_echo('user:password:lost');
$body = elgg_view_form('user/requestnewpassword');
-$lost = <<<HTML
+echo <<<HTML
<div class="elgg-inner">
<h3>$title</h3>
$body
</div>
HTML;
-
-echo elgg_view_module('walledgarden', '', $lost, array(
- 'class' => 'elgg-walledgarden-single elgg-walledgarden-password hidden',
- 'header' => ' ',
- 'footer' => ' ',
-));
diff --git a/views/default/core/walled_garden/register.php b/views/default/core/walled_garden/register.php
index 7f6aac99b..1ce2f8716 100644
--- a/views/default/core/walled_garden/register.php
+++ b/views/default/core/walled_garden/register.php
@@ -9,15 +9,9 @@ $body = elgg_view_form('register', array(), array(
'invitecode' => get_input('invitecode'),
));
-$content = <<<__HTML
+echo <<<__HTML
<div class="elgg-inner">
<h2>$title</h2>
$body
</div>
__HTML;
-
-echo elgg_view_module('walledgarden', '', $content, array(
- 'class' => 'elgg-walledgarden-single elgg-walledgarden-register hidden',
- 'header' => ' ',
- 'footer' => ' ',
-)); \ No newline at end of file
diff --git a/views/default/css/walled_garden.php b/views/default/css/walled_garden.php
index ea2543587..f6f7f97dc 100644
--- a/views/default/css/walled_garden.php
+++ b/views/default/css/walled_garden.php
@@ -54,8 +54,8 @@ $url = elgg_get_site_url();
padding: 0 8px;
}
-.elgg-walledgarden-single > .elgg-body > .elgg-inner {
- padding: 0 8px;
+.elgg-walledgarden-single > .elgg-body {
+ padding: 0 18px;
}
.elgg-module-walledgarden-login {
@@ -68,7 +68,14 @@ $url = elgg_get_site_url();
}
.elgg-heading-walledgarden {
- color: #666666;
margin-top: 60px;
line-height: 1.1em;
}
+
+h1, h2, h3, h4, h5, h6 {
+ color: #666;
+}
+
+a {
+ color: #999;
+} \ No newline at end of file
diff --git a/views/default/js/walled_garden.php b/views/default/js/walled_garden.php
index 46c2934ff..13ec83c04 100644
--- a/views/default/js/walled_garden.php
+++ b/views/default/js/walled_garden.php
@@ -2,9 +2,10 @@
/**
* Walled garden JavaScript
*
- * @todo update for new JS lib
+ * @since 1.8
*/
+// note that this assumes the button view is not using single quotes
$cancel_button = elgg_view('input/button', array(
'value' => elgg_echo('cancel'),
'class' => 'elgg-button-cancel mlm',
@@ -13,28 +14,43 @@ $cancel_button = trim($cancel_button);
?>
-$(document).ready(function() {
+elgg.provide('elgg.walled_garden');
- // add cancel button to inline forms
- $(".elgg-walledgarden-password").find('input.elgg-button-submit').after('<?php echo $cancel_button; ?>');
- $('.elgg-walledgarden-register').find('input.elgg-button-submit').after('<?php echo $cancel_button; ?>');
+elgg.walled_garden.init = function () {
- $(".forgot_link").click(function(event) {
- event.preventDefault();
- $(".elgg-walledgarden-password").fadeToggle();
- });
+ $('.forgot_link').click(elgg.walled_garden.load('lost_password'));
+ $('.registration_link').click(elgg.walled_garden.load('register'));
- $(".registration_link").click(function(event) {
+ $('input.elgg-button-cancel').live('click', function(event) {
+ if ($('.elgg-walledgarden-single').is(':visible')) {
+ $('.elgg-walledgarden-double').fadeToggle();
+ $('.elgg-walledgarden-single').fadeToggle();
+ $('.elgg-walledgarden-single').remove();
+ }
event.preventDefault();
- $(".elgg-walledgarden-register").fadeToggle();
});
+};
- $('input.elgg-button-cancel').click(function(event) {
- if ($(".elgg-walledgarden-password").is(':visible')) {
- $(".forgot_link").click();
- } else if ($('.elgg-walledgarden-register').is(':visible')) {
- $(".registration_link").click();
- }
+/**
+ * Creates a closure for loading walled garden content through ajax
+ *
+ * @param {String} view Name of the walled garden view
+ * @return {Object}
+ */
+elgg.walled_garden.load = function(view) {
+ return function(event) {
+ var id = '#elgg-walledgarden-' + view;
+ id = id.replace('_', '-');
+ elgg.get('walled_garden/' + view, {
+ 'success' : function(data) {
+ $('.elgg-body-walledgarden').append(data);
+ $(id).find('input.elgg-button-submit').after('<?php echo $cancel_button; ?>');
+ $('#elgg-walledgarden-login').fadeToggle();
+ $(id).fadeToggle();
+ },
+ });
event.preventDefault();
- });
-}); \ No newline at end of file
+ };
+};
+
+elgg.register_hook_handler('init', 'system', elgg.walled_garden.init); \ No newline at end of file
diff --git a/views/default/object/plugin.php b/views/default/object/plugin.php
index 2f64cfcc9..5c7138e96 100644
--- a/views/default/object/plugin.php
+++ b/views/default/object/plugin.php
@@ -7,6 +7,10 @@
*
*/
+if (!elgg_in_context('admin')) {
+ forward('/', 403);
+}
+
$plugin = $vars['entity'];
if (!$plugin->isValid()) {
diff --git a/views/default/output/tagcloud.php b/views/default/output/tagcloud.php
index 22b6cf49d..a212becd8 100644
--- a/views/default/output/tagcloud.php
+++ b/views/default/output/tagcloud.php
@@ -47,9 +47,15 @@ if (!empty($vars['tagcloud']) && is_array($vars['tagcloud'])) {
if ($size < 100) {
$size = 100;
}
- $url = elgg_get_site_url()."search?q=". urlencode($tag->tag) . "&search_type=tags$type$subtype";
- $url = elgg_format_url($url);
- $cloud .= "<a href=\"$url\" style=\"font-size: $size%\" title=\"".addslashes($tag->tag)." ($tag->total)\">" . htmlspecialchars($tag->tag, ENT_QUOTES, 'UTF-8') . "</a>";
+ $url = "search?q=". urlencode($tag->tag) . "&search_type=tags$type$subtype";
+
+ $cloud .= elgg_view('output/url', array(
+ 'text' => $tag->tag,
+ 'href' => $url,
+ 'style' => "font-size: $size%;",
+ 'title' => "$tag->tag ($tag->total)",
+ 'rel' => 'tag'
+ ));
}
$cloud .= elgg_view('tagcloud/extend');
diff --git a/views/default/page/elements/comments.php b/views/default/page/elements/comments.php
index ebc7d3df5..cf9b5f08b 100644
--- a/views/default/page/elements/comments.php
+++ b/views/default/page/elements/comments.php
@@ -12,7 +12,7 @@ $show_add_form = elgg_extract('show_add_form', $vars, true);
$id = '';
if (isset($vars['id'])) {
- $id = "id =\"{$vars['id']}\"";
+ $id = "id=\"{$vars['id']}\"";
}
$class = 'elgg-comments';
diff --git a/views/default/page/layouts/walled_garden.php b/views/default/page/layouts/walled_garden.php
new file mode 100644
index 000000000..6ecd941ef
--- /dev/null
+++ b/views/default/page/layouts/walled_garden.php
@@ -0,0 +1,16 @@
+<?php
+/**
+ * Walled Garden layout
+ *
+ * @uses $vars['content'] Main content
+ * @uses $vars['class'] CSS classes
+ * @uses $vars['id'] CSS id
+ */
+
+$class = elgg_extract('class', $vars, 'elgg-walledgarden-single');
+echo elgg_view_module('walledgarden', '', $vars['content'], array(
+ 'class' => $class,
+ 'id' => elgg_extract('id', $vars, ''),
+ 'header' => ' ',
+ 'footer' => ' ',
+));
diff --git a/views/default/river/elements/body.php b/views/default/river/elements/body.php
index 6894b81e2..2cd7f2289 100644
--- a/views/default/river/elements/body.php
+++ b/views/default/river/elements/body.php
@@ -18,7 +18,7 @@ $menu = elgg_view_menu('river', array(
));
// river item header
-$timestamp = elgg_get_friendly_time($item->getPostedTime());
+$timestamp = elgg_view_friendly_time($item->getPostedTime());
$summary = elgg_extract('summary', $vars, elgg_view('river/elements/summary', array('item' => $vars['item'])));
if ($summary === false) {
diff --git a/views/default/river/elements/summary.php b/views/default/river/elements/summary.php
index 84941131f..4402c6f65 100644
--- a/views/default/river/elements/summary.php
+++ b/views/default/river/elements/summary.php
@@ -40,5 +40,14 @@ if ($container instanceof ElggGroup) {
$group_string = elgg_echo('river:ingroup', array($group_link));
}
+// check summary translation keys.
+// will use the $type:$subtype if that's defined, otherwise just uses $type
+$key = "river:$action:$type:$subtype";
+$summary = elgg_echo($key, array($subject_link, $object_link));
+
+if ($summary == $key) {
+ $key = "river:$action:$type";
+ $summary = elgg_echo($key, array($subject_link, $object_link));
+}
-echo elgg_echo("river:$action:$type:$subtype", array($subject_link, $object_link)); \ No newline at end of file
+echo $summary; \ No newline at end of file