diff options
48 files changed, 552 insertions, 173 deletions
diff --git a/CHANGES.txt b/CHANGES.txt index af126c3d3..ae0cdc333 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,3 +1,90 @@ +Version 1.8.5 +(May 15, 2012 from https://github.com/Elgg/Elgg/tree/1.8) + + Contributing Developers: + * Brett Profitt + * Sem + + Security Enhancements: + * Fixed possible XSS vulnerability if using a crafted URL. + * Fixed exploit to bypass new user validation if using a crafted form. + * Fixed incorrect caching of access lists that could allow plugins + to show private entities to non-admin and non-owning users. (Non-exploitable) + + Bugfixes: + * Twitter API: New users are forwarded to the correct page after creating + an account with Twitter. + * Files: PDF files are downloaded as "inline" to display in the browser. + * Fixed possible duplication errors when writing metadata with multiple values. + * Fixed possible upgrade issue if using a plugin uses the system_log hooks. + * Fixed problems when enabling more than 50 metadata or annotations. + + API: + * River entries' timestamps use elgg_view_friendly_time() and can be + overridden with the friendly time output view. + +Version 1.8.4 +(April 24, 2012 from https://github.com/Elgg/Elgg/tree/1.8) + + Contributing Developers: + * Adayth Talavera + * Brett Profitt + * Cash Costello + * Evan Winslow + * Ismayil Khayredinov + * Janek Lasocki-Biczysko + * Jerome Baker + * Sem + * Steve Clay + * Webgalli + + Security Enhancements: + * Fixed an issue in the web services auth.get_token endpoint that + would give valid auth tokens to invalid credentials. Thanks to + Christian for reporting this! + * Fixed an that could show which plugins are loaded on a site. + + Enhancements: + * UI: All bundled plugins' list pages display a no content message if there is nothing to list. + * UI: Site default access is limited to core access levels. + * UI: Showing a system message to the admin if plugins are disabled with the "disabled" + magic file. + * UI: Added transparent backgrounds for files and pages icons. + * External (Site) Pages: If in Wall Garden mode, Site Pages use the Walled Garden + theme when logged out. + * UI: Database errors only show the query to admin users. + * UI: Cannot set the data path to a relative path in installation or site settings. + * UI: Cleaned up notifications for bundled plugins. + * UI: Hiding crop button if no avatar is uploaded. + * UI: Bundled plugins are displayed with a gold border in the plugin admin area. + * UI: Can see all the categories a plugin belongs to. + * Web Services: Multiple tokens allowed for users. + * API: More efficient entity loading. + * API: Added IP address to system log. + * API: Languages are cached. + * API: ElggBatch supports disabling offsets for callbacks that delete entities. + * API: Cleaned up the boot process. + * API: Fixed situation in which the cache isn't properly cleared if a file can't be unlinked. + + Bugfixes: + * UI: Tags display in the case they were saved. + * UI: Friendly titles keep -s. + * UI: Removed pagination in friends widget. + * UI: Profile settings actions correctly displays error messages as errors. + * UI: Tag search works for tags with spaces. + * UI: Fixed river display for friending that happens during registration. + * Groups: Link for managing join requests is restored in the sidebar. + * Walled Garden: Cron and web services endpoints are exposed as public sites. + * The Wire: UTF usernames are correctly linked with @ syntax. + * The Wire: No longer selecting the "Mine" tab for users who aren't you. + * Blogs: Notifications restored. + * Message Board: Fixed delete. + * Groups: Forwarding to correct page if trying to access closed group. + * API: entities loaded via elgg_get_entities_from_relationship() have the correct time_created. + * API: Deleting entities recursively works when code is logged out. + * API: Fixed multiple uses of deprecated functions. + + Version 1.8.3 (January 12, 2012 from https://github.com/Elgg/Elgg/tree/1.8) diff --git a/actions/admin/site/update_advanced.php b/actions/admin/site/update_advanced.php index 23d622a62..897a2f983 100644 --- a/actions/admin/site/update_advanced.php +++ b/actions/admin/site/update_advanced.php @@ -17,7 +17,24 @@ if ($site = elgg_get_site_entity()) { $site->url = get_input('wwwroot'); datalist_set('path', sanitise_filepath(get_input('path'))); - datalist_set('dataroot', sanitise_filepath(get_input('dataroot'))); + $dataroot = sanitise_filepath(get_input('dataroot')); + + // check for relative paths + if (stripos(PHP_OS, 'win') === 0) { + if (strpos($dataroot, ':') !== 1) { + $msg = elgg_echo('admin:configuration:dataroot:relative_path', array($dataroot)); + register_error($msg); + forward(REFERER); + } + } else { + if (strpos($dataroot, '/') !== 0) { + $msg = elgg_echo('admin:configuration:dataroot:relative_path', array($dataroot)); + register_error($msg); + forward(REFERER); + } + } + + datalist_set('dataroot', $dataroot); if (get_input('simplecache_enabled')) { elgg_enable_simplecache(); diff --git a/engine/classes/ElggBatch.php b/engine/classes/ElggBatch.php index 0cb13eb32..c1a77a0d9 100644 --- a/engine/classes/ElggBatch.php +++ b/engine/classes/ElggBatch.php @@ -16,7 +16,7 @@ * * Results from the callback are stored in callbackResult. If the callback * returns only booleans, callbackResults will be the combined result of - * all calls. + * all calls. If no entities are processed, callbackResults will be null. * * If the callback returns anything else, callbackresult will be an indexed * array of whatever the callback returns. If returning error handling diff --git a/engine/classes/ElggEntity.php b/engine/classes/ElggEntity.php index dc38dafbe..164ff3838 100644 --- a/engine/classes/ElggEntity.php +++ b/engine/classes/ElggEntity.php @@ -201,8 +201,11 @@ abstract class ElggEntity extends ElggData implements /** * Sets the value of a property. * - * If $name is defined in $this->attributes that value is set, otherwise it will - * set the appropriate item of metadata. + * If $name is defined in $this->attributes that value is set, otherwise it is + * saved as metadata. + * + * @warning Metadata set this way will inherit the entity's owner and access ID. If you want + * to set metadata with a different owner, use create_metadata(). * * @warning It is important that your class populates $this->attributes with keys * for all base attributes, anything not in their gets set as METADATA. @@ -248,7 +251,12 @@ abstract class ElggEntity extends ElggData implements public function getMetaData($name) { if ((int) ($this->guid) == 0) { if (isset($this->temp_metadata[$name])) { - return $this->temp_metadata[$name]; + // md is returned as an array only if more than 1 entry + if (count($this->temp_metadata[$name]) == 1) { + return $this->temp_metadata[$name][0]; + } else { + return $this->temp_metadata[$name]; + } } else { return null; } @@ -291,80 +299,78 @@ abstract class ElggEntity extends ElggData implements /** * Set a piece of metadata. * - * @tip Plugin authors should use the magic methods. + * Plugin authors should use the magic methods or create_metadata(). + * + * @warning The metadata will inherit the parent entity's owner and access ID. + * If you want to write metadata with a different owner, use create_metadata(). * * @access private * * @param string $name Name of the metadata - * @param mixed $value Value of the metadata + * @param mixed $value Value of the metadata (doesn't support assoc arrays) * @param string $value_type Types supported: integer and string. Will auto-identify if not set * @param bool $multiple Allow multiple values for a single name (doesn't support assoc arrays) * * @return bool */ - public function setMetaData($name, $value, $value_type = "", $multiple = false) { - $delete_first = false; - // if multiple is set that always means don't delete. - // if multiple isn't set it means override. set it to true on arrays for the foreach. - if (!$multiple) { - $delete_first = true; - $multiple = is_array($value); - } - - if (!$this->guid) { - // real metadata only returns as an array if there are multiple elements - if (is_array($value) && count($value) == 1) { - $value = $value[0]; - } - - $value_is_array = is_array($value); - - if (!isset($this->temp_metadata[$name]) || $delete_first) { - // need to remove the indexes because real metadata doesn't have them. - if ($value_is_array) { - $this->temp_metadata[$name] = array_values($value); - } else { - $this->temp_metadata[$name] = $value; - } - } else { - // multiple is always true at this point. - // if we're setting multiple and temp isn't array, it needs to be. - if (!is_array($this->temp_metadata[$name])) { - $this->temp_metadata[$name] = array($this->temp_metadata[$name]); - } + public function setMetaData($name, $value, $value_type = null, $multiple = false) { - if ($value_is_array) { - $this->temp_metadata[$name] = array_merge($this->temp_metadata[$name], array_values($value)); - } else { - $this->temp_metadata[$name][] = $value; - } - } + // normalize value to an array that we will loop over + // remove indexes if value already an array. + if (is_array($value)) { + $value = array_values($value); } else { - if ($delete_first) { + $value = array($value); + } + + // saved entity. persist md to db. + if ($this->guid) { + // if overwriting, delete first. + if (!$multiple) { $options = array( 'guid' => $this->getGUID(), 'metadata_name' => $name, 'limit' => 0 ); - // @todo this doesn't check if it exists so we can't handle failed deletes - // is it worth the overhead of more SQL calls to check? - elgg_delete_metadata($options); - } - // save into real metadata - if (!is_array($value)) { - $value = array($value); + // @todo in 1.9 make this return false if can't add metadata + // http://trac.elgg.org/ticket/4520 + // + // need to remove access restrictions right now to delete + // because this is the expected behavior + $ia = elgg_set_ignore_access(true); + if (false === elgg_delete_metadata($options)) { + return false; + } + elgg_set_ignore_access($ia); } - foreach ($value as $v) { - $result = create_metadata($this->getGUID(), $name, $v, $value_type, - $this->getOwnerGUID(), $this->getAccessId(), $multiple); - if (!$result) { + // add new md + $result = true; + foreach ($value as $value_tmp) { + // at this point $value should be appended because it was cleared above if needed. + $md_id = create_metadata($this->getGUID(), $name, $value_tmp, $value_type, + $this->getOwnerGUID(), $this->getAccessId(), true); + if (!$md_id) { return false; } } + + return $result; } - return true; + // unsaved entity. store in temp array + // returning single entries instead of an array of 1 element is decided in + // getMetaData(), just like pulling from the db. + else { + // if overwrite, delete first + if (!$multiple || !isset($this->temp_metadata[$name])) { + $this->temp_metadata[$name] = array(); + } + + // add new md + $this->temp_metadata[$name] = array_merge($this->temp_metadata[$name], $value); + return true; + } } /** diff --git a/engine/classes/ElggPlugin.php b/engine/classes/ElggPlugin.php index 33f14ae37..8c9093834 100644 --- a/engine/classes/ElggPlugin.php +++ b/engine/classes/ElggPlugin.php @@ -79,6 +79,68 @@ class ElggPlugin extends ElggObject { } /** + * Overridden from ElggEntity and ElggObject::load(). Core always inits plugins with + * a query joined to the objects_entity table, so all the info is there. + * + * @param mixed $guid GUID of an ElggObject or the stdClass object from entities table + * + * @return bool + * @throws InvalidClassException + */ + protected function load($guid) { + + $expected_attributes = $this->attributes; + unset($expected_attributes['tables_split']); + unset($expected_attributes['tables_loaded']); + + // this was loaded with a full join + $needs_loaded = false; + + if ($guid instanceof stdClass) { + $row = (array) $guid; + $missing_attributes = array_diff_key($expected_attributes, $row); + if ($missing_attributes) { + $needs_loaded = true; + $old_guid = $guid; + $guid = $row['guid']; + } else { + $this->attributes = $row; + } + } else { + $needs_loaded = true; + } + + if ($needs_loaded) { + $entity = (array) get_entity_as_row($guid); + $object = (array) get_object_entity_as_row($guid); + + if (!$entity || !$object) { + return false; + } + + $this->attributes = array_merge($this->attributes, $entity, $object); + } + + $this->attributes['tables_loaded'] = 2; + + // Check the type + if ($this->attributes['type'] != 'object') { + $msg = elgg_echo('InvalidClassException:NotValidElggStar', array($guid, get_class())); + throw new InvalidClassException($msg); + } + + // guid needs to be an int http://trac.elgg.org/ticket/4111 + $this->attributes['guid'] = (int)$this->attributes['guid']; + + // cache the entity + if ($this->attributes['guid']) { + cache_entity($this); + } + + return true; + } + + /** * Save the plugin object. Make sure required values exist. * * @see ElggObject::save() diff --git a/engine/classes/ElggSite.php b/engine/classes/ElggSite.php index af3999321..6d07778a9 100644 --- a/engine/classes/ElggSite.php +++ b/engine/classes/ElggSite.php @@ -422,6 +422,7 @@ class ElggSite extends ElggEntity { // default public pages $defaults = array( + 'walled_garden/.*', 'action/login', 'register', 'action/register', diff --git a/engine/lib/access.php b/engine/lib/access.php index 6be252c6a..e8b3b0d52 100644 --- a/engine/lib/access.php +++ b/engine/lib/access.php @@ -31,7 +31,7 @@ function get_access_list($user_id = 0, $site_id = 0, $flush = false) { global $CONFIG, $init_finished; static $access_list; - if (!isset($access_list) || !$init_finished) { + if (!isset($access_list)) { $access_list = array(); } @@ -49,9 +49,16 @@ function get_access_list($user_id = 0, $site_id = 0, $flush = false) { return $access_list[$user_id]; } - $access_list[$user_id] = "(" . implode(",", get_access_array($user_id, $site_id, $flush)) . ")"; + $access = "(" . implode(",", get_access_array($user_id, $site_id, $flush)) . ")"; - return $access_list[$user_id]; + // only cache if done with init and access is enabled (unless admin user) + // session is loaded before init is finished, so don't need to check for user session + if ($init_finished && (elgg_is_admin_logged_in() || !elgg_get_ignore_access())) { + $access_list[$user_id] = $access; + return $access_list[$user_id]; + } else { + return $access; + } } /** @@ -83,7 +90,7 @@ function get_access_array($user_id = 0, $site_id = 0, $flush = false) { // this cache might be redundant. But db cache is flushed on every db write. static $access_array; - if (!isset($access_array) || (!isset($init_finished)) || (!$init_finished)) { + if (!isset($access_array)) { $access_array = array(); } @@ -137,12 +144,12 @@ function get_access_array($user_id = 0, $site_id = 0, $flush = false) { $tmp_access_array[] = ACCESS_PRIVATE; } - $access_array[$user_id] = $tmp_access_array; - } else { - // No user id logged in so we can only access public info - $tmp_return = $tmp_access_array; + // only cache if done with init and access is enabled (unless admin user) + // session is loaded before init is finished, so don't need to check for user session + if ($init_finished && (elgg_is_admin_logged_in() || !elgg_get_ignore_access())) { + $access_array[$user_id] = $tmp_access_array; + } } - } else { $tmp_access_array = $access_array[$user_id]; } @@ -946,7 +953,8 @@ function elgg_get_access_object() { * * @global bool $init_finished * @access private - * @todo investigate why this is needed + * @todo This is required to tell the access system to start caching because + * calls are made while in ignore access mode and before the user is logged in. */ $init_finished = false; @@ -1014,8 +1022,9 @@ function access_test($hook, $type, $value, $params) { return $value; } -// This function will let us know when 'init' has finished -elgg_register_event_handler('init', 'system', 'access_init', 9999); +// Tell the access functions the system has booted, plugins are loaded, +// and the user is logged in so it can start caching +elgg_register_event_handler('ready', 'system', 'access_init'); // For overrided permissions elgg_register_plugin_hook_handler('permissions_check', 'all', 'elgg_override_permissions'); diff --git a/engine/lib/annotations.php b/engine/lib/annotations.php index f32dee0f0..2036ccd61 100644 --- a/engine/lib/annotations.php +++ b/engine/lib/annotations.php @@ -95,8 +95,6 @@ $owner_guid = 0, $access_id = ACCESS_PRIVATE) { $entity = get_entity($entity_guid); if (elgg_trigger_event('annotate', $entity->type, $entity)) { - system_log($entity, 'annotate'); - // If ok then add it $result = insert_data("INSERT into {$CONFIG->dbprefix}annotations (entity_guid, name_id, value_id, value_type, owner_guid, time_created, access_id) VALUES @@ -222,7 +220,7 @@ function elgg_delete_annotations(array $options) { } $options['metastring_type'] = 'annotations'; - return elgg_batch_metastring_based_objects($options, 'elgg_batch_delete_callback'); + return elgg_batch_metastring_based_objects($options, 'elgg_batch_delete_callback', false); } /** @@ -240,7 +238,7 @@ function elgg_disable_annotations(array $options) { } $options['metastring_type'] = 'annotations'; - return elgg_batch_metastring_based_objects($options, 'elgg_batch_disable_callback'); + return elgg_batch_metastring_based_objects($options, 'elgg_batch_disable_callback', false); } /** diff --git a/engine/lib/elgglib.php b/engine/lib/elgglib.php index 11bdc7285..b55958a6c 100644 --- a/engine/lib/elgglib.php +++ b/engine/lib/elgglib.php @@ -2021,8 +2021,14 @@ function elgg_walled_garden_index() { elgg_load_css('elgg.walled_garden'); elgg_load_js('elgg.walled_garden'); - $body = elgg_view('core/walled_garden/body'); + $content = elgg_view('core/walled_garden/login'); + $params = array( + 'content' => $content, + 'class' => 'elgg-walledgarden-double', + 'id' => 'elgg-walledgarden-login', + ); + $body = elgg_view_layout('walled_garden', $params); echo elgg_view_page('', $body, 'walled_garden'); // return true to prevent other plugins from adding a front page @@ -2030,6 +2036,24 @@ function elgg_walled_garden_index() { } /** + * Serve walled garden sections + * + * @param array $page Array of URL segments + * @return string + * @access private + */ +function _elgg_walled_garden_ajax_handler($page) { + $view = $page[0]; + $params = array( + 'content' => elgg_view("core/walled_garden/$view"), + 'class' => 'elgg-walledgarden-single hidden', + 'id' => str_replace('_', '-', "elgg-walledgarden-$view"), + ); + echo elgg_view_layout('walled_garden', $params); + return true; +} + +/** * Checks the status of the Walled Garden and forwards to a login page * if required. * @@ -2049,6 +2073,8 @@ function elgg_walled_garden() { elgg_register_css('elgg.walled_garden', '/css/walled_garden.css'); elgg_register_js('elgg.walled_garden', '/js/walled_garden.js'); + elgg_register_page_handler('walled_garden', '_elgg_walled_garden_ajax_handler'); + // check for external page view if (isset($CONFIG->site) && $CONFIG->site instanceof ElggSite) { $CONFIG->site->checkWalledGarden(); diff --git a/engine/lib/languages.php b/engine/lib/languages.php index bf6829a39..7a508d298 100644 --- a/engine/lib/languages.php +++ b/engine/lib/languages.php @@ -344,7 +344,7 @@ function get_missing_language_keys($language) { */ function elgg_languages_init() { $lang = get_current_language(); - elgg_register_simplecache_view("cache/js/languages/$lang"); + elgg_register_simplecache_view("js/languages/$lang"); } elgg_register_event_handler('init', 'system', 'elgg_languages_init'); diff --git a/engine/lib/metadata.php b/engine/lib/metadata.php index 34a36d86e..0ff3a43dc 100644 --- a/engine/lib/metadata.php +++ b/engine/lib/metadata.php @@ -297,6 +297,8 @@ function elgg_get_metadata(array $options = array()) { * This requires at least one constraint: metadata_owner_guid(s), * metadata_name(s), metadata_value(s), or guid(s) must be set. * + * @warning This returns null on no ops. + * * @param array $options An options array. {@see elgg_get_metadata()} * @return mixed Null if the metadata name is invalid. Bool on success or fail. * @since 1.8.0 @@ -307,8 +309,7 @@ function elgg_delete_metadata(array $options) { } $options['metastring_type'] = 'metadata'; - $result = elgg_batch_metastring_based_objects($options, 'elgg_batch_delete_callback'); - return $result; + return elgg_batch_metastring_based_objects($options, 'elgg_batch_delete_callback', false); } /** @@ -316,6 +317,8 @@ function elgg_delete_metadata(array $options) { * * @warning Unlike elgg_get_metadata() this will not accept an empty options array! * + * @warning This returns null on no ops. + * * @param array $options An options array. {@See elgg_get_metadata()} * @return mixed * @since 1.8.0 @@ -326,7 +329,7 @@ function elgg_disable_metadata(array $options) { } $options['metastring_type'] = 'metadata'; - return elgg_batch_metastring_based_objects($options, 'elgg_batch_disable_callback'); + return elgg_batch_metastring_based_objects($options, 'elgg_batch_disable_callback', false); } /** @@ -334,6 +337,8 @@ function elgg_disable_metadata(array $options) { * * @warning Unlike elgg_get_metadata() this will not accept an empty options array! * + * @warning This returns null on no ops. + * * @param array $options An options array. {@See elgg_get_metadata()} * @return mixed * @since 1.8.0 diff --git a/engine/lib/metastrings.php b/engine/lib/metastrings.php index d7cc4e0bc..cf6dd4d98 100644 --- a/engine/lib/metastrings.php +++ b/engine/lib/metastrings.php @@ -716,22 +716,23 @@ function elgg_set_metastring_based_object_enabled_by_id($id, $enabled, $type) { * @warning Unlike elgg_get_metastring_based_objects() this will not accept an * empty options array! * - * @param array $options An options array. {@See elgg_get_metastring_based_objects()} - * @param string $callback The callback to pass each result through - * @return mixed + * @warning This returns null on no ops. + * + * @param array $options An options array. {@See elgg_get_metastring_based_objects()} + * @param string $callback The callback to pass each result through + * @param bool $inc_offset Increment the offset? Pass false for callbacks that delete / disable + * + * @return bool|null true on success, false on failure, null if no objects are found. * @since 1.8.0 * @access private */ -function elgg_batch_metastring_based_objects(array $options, $callback) { +function elgg_batch_metastring_based_objects(array $options, $callback, $inc_offset = true) { if (!$options || !is_array($options)) { return false; } - // @todo restore once ElggBatch supports callbacks that delete rows. - $batch = new ElggBatch('elgg_get_metastring_based_objects', $options, $callback, 50, false); - $r = $batch->callbackResult; - - return $r; + $batch = new ElggBatch('elgg_get_metastring_based_objects', $options, $callback, 50, $inc_offset); + return $batch->callbackResult; } /** diff --git a/engine/lib/plugins.php b/engine/lib/plugins.php index 123fb18d8..39a76db5d 100644 --- a/engine/lib/plugins.php +++ b/engine/lib/plugins.php @@ -93,10 +93,13 @@ function elgg_get_plugin_ids_in_dir($dir = null) { function elgg_generate_plugin_entities() { $site = get_config('site'); $dir = elgg_get_plugins_path(); + $db_prefix = elgg_get_config('dbprefix'); $options = array( 'type' => 'object', 'subtype' => 'plugin', + 'selects' => array('plugin_oe.*'), + 'joins' => array("JOIN {$db_prefix}objects_entity plugin_oe on plugin_oe.guid = e.guid"), 'limit' => ELGG_ENTITIES_NO_VALUE ); @@ -352,7 +355,11 @@ function elgg_get_plugins($status = 'active', $site_guid = null) { 'type' => 'object', 'subtype' => 'plugin', 'limit' => ELGG_ENTITIES_NO_VALUE, - 'joins' => array("JOIN {$db_prefix}private_settings ps on ps.entity_guid = e.guid"), + 'selects' => array('plugin_oe.*'), + 'joins' => array( + "JOIN {$db_prefix}private_settings ps on ps.entity_guid = e.guid", + "JOIN {$db_prefix}objects_entity plugin_oe on plugin_oe.guid = e.guid" + ), 'wheres' => array("ps.name = '$priority'"), 'order_by' => "CAST(ps.value as unsigned), e.guid" ); diff --git a/engine/lib/relationships.php b/engine/lib/relationships.php index fabe2d2d6..f50c4a485 100644 --- a/engine/lib/relationships.php +++ b/engine/lib/relationships.php @@ -290,7 +290,7 @@ function elgg_get_entities_from_relationship($options) { $options['selects'] = array(); } - $select = array('r.*'); + $select = array('r.id'); $options['selects'] = array_merge($options['selects'], $select); } diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php index 9982d9fe8..419d36707 100644 --- a/engine/lib/sessions.php +++ b/engine/lib/sessions.php @@ -127,6 +127,10 @@ function elgg_is_admin_user($user_guid) { /** * Perform user authentication with a given username and password. * + * @warning This returns an error message on failure. Use the identical operator to check + * for access: if (true === elgg_authenticate()) { ... }. + * + * * @see login * * @param string $username The username diff --git a/engine/lib/users.php b/engine/lib/users.php index f1d42e25e..e209f2c38 100644 --- a/engine/lib/users.php +++ b/engine/lib/users.php @@ -969,8 +969,8 @@ $allow_multiple_emails = false, $friend_guid = 0, $invitecode = '') { $friend_user->addFriend($user->guid); // @todo Should this be in addFriend? - add_to_river('friends/river/create', 'friend', $user->getGUID(), $friend_guid); - add_to_river('friends/river/create', 'friend', $friend_guid, $user->getGUID()); + add_to_river('river/relationship/friend/create', 'friend', $user->getGUID(), $friend_guid); + add_to_river('river/relationship/friend/create', 'friend', $friend_guid, $user->getGUID()); } } } @@ -1551,7 +1551,7 @@ function users_init() { elgg_register_plugin_hook_handler('register', 'menu:user_hover', 'elgg_user_hover_menu'); elgg_register_action('register', '', 'public'); - elgg_register_action('useradd', '', 'public'); + elgg_register_action('useradd', '', 'admin'); elgg_register_action('friends/add'); elgg_register_action('friends/remove'); elgg_register_action('avatar/upload'); diff --git a/engine/lib/views.php b/engine/lib/views.php index ca0ce7196..1b013be6f 100644 --- a/engine/lib/views.php +++ b/engine/lib/views.php @@ -103,7 +103,10 @@ function elgg_get_viewtype() { $viewtype = get_input('view', NULL); if ($viewtype) { - return $viewtype; + // only word characters allowed. + if (!preg_match('[\W]', $viewtype)) { + return $viewtype; + } } if (isset($CONFIG->view) && !empty($CONFIG->view)) { diff --git a/engine/lib/web_services.php b/engine/lib/web_services.php index 07be76ec6..da3ed76a9 100644 --- a/engine/lib/web_services.php +++ b/engine/lib/web_services.php @@ -1165,7 +1165,7 @@ function list_all_apis() { * @access private */ function auth_gettoken($username, $password) { - if (elgg_authenticate($username, $password)) { + if (true === elgg_authenticate($username, $password)) { $token = create_user_token($username); if ($token) { return $token; diff --git a/engine/tests/api/metadata.php b/engine/tests/api/metadata.php index be8ac269c..2461e975e 100644 --- a/engine/tests/api/metadata.php +++ b/engine/tests/api/metadata.php @@ -124,6 +124,80 @@ class ElggCoreMetadataAPITest extends ElggCoreUnitTest { $e->delete(); } + // Make sure metadata with multiple values is correctly deleted when re-written + // by another user + // http://trac.elgg.org/ticket/2776 + public function test_elgg_metadata_multiple_values() { + $u1 = new ElggUser(); + $u1->username = rand(); + $u1->save(); + + $u2 = new ElggUser(); + $u2->username = rand(); + $u2->save(); + + $obj = new ElggObject(); + $obj->owner_guid = $u1->guid; + $obj->container_guid = $u1->guid; + $obj->access_id = ACCESS_PUBLIC; + $obj->save(); + + $md_values = array( + 'one', + 'two', + 'three' + ); + + // need to fake different logins. + // good times without mocking. + $original_user = elgg_get_logged_in_user_entity(); + $_SESSION['user'] = $u1; + + elgg_set_ignore_access(false); + + // add metadata as one user + $obj->test = $md_values; + + // check only these md exists + $db_prefix = elgg_get_config('dbprefix'); + $q = "SELECT * FROM {$db_prefix}metadata WHERE entity_guid = $obj->guid"; + $data = get_data($q); + + $this->assertEqual(count($md_values), count($data)); + foreach ($data as $md_row) { + $md = elgg_get_metadata_from_id($md_row->id); + $this->assertTrue(in_array($md->value, $md_values)); + $this->assertEqual('test', $md->name); + } + + // add md w/ same name as a different user + $_SESSION['user'] = $u2; + $md_values2 = array( + 'four', + 'five', + 'six', + 'seven' + ); + + $obj->test = $md_values2; + + $q = "SELECT * FROM {$db_prefix}metadata WHERE entity_guid = $obj->guid"; + $data = get_data($q); + + $this->assertEqual(count($md_values2), count($data)); + foreach ($data as $md_row) { + $md = elgg_get_metadata_from_id($md_row->id); + $this->assertTrue(in_array($md->value, $md_values2)); + $this->assertEqual('test', $md->name); + } + + $_SESSION['user'] = $original_user; + + $obj->delete(); + $u1->delete(); + $u2->delete(); + } + protected function create_metastring($string) { global $CONFIG, $METASTRINGS_CACHE, $METASTRINGS_DEADNAME_CACHE; diff --git a/engine/tests/objects/entities.php b/engine/tests/objects/entities.php index a4dc7946c..248b85c9e 100644 --- a/engine/tests/objects/entities.php +++ b/engine/tests/objects/entities.php @@ -98,7 +98,7 @@ class ElggCoreEntityTest extends ElggCoreUnitTest { // check internal metadata array $metadata = $this->entity->expose_metadata(); - $this->assertIdentical($metadata['existent'], 'testing'); + $this->assertIdentical($metadata['existent'], array('testing')); } public function testElggEnityGetAndSetAnnotations() { diff --git a/languages/en.php b/languages/en.php index 14df3db34..7b51b0c7d 100644 --- a/languages/en.php +++ b/languages/en.php @@ -562,6 +562,7 @@ $english = array( 'admin:configuration:success' => "Your settings have been saved.", 'admin:configuration:fail' => "Your settings could not be saved.", + 'admin:configuration:dataroot:relative_path' => 'Cannot set "%s" as the dataroot because it is not an absolute path.', 'admin:unknown_section' => 'Invalid Admin Section.', @@ -666,7 +667,7 @@ $english = array( /** * Plugins */ - 'plugins:disabled' => 'Plugins are being loaded because a file named "disabled" is in the mod directory.', + 'plugins:disabled' => 'Plugins are not being loaded because a file named "disabled" is in the mod directory.', 'plugins:settings:save:ok' => "Settings for the %s plugin were saved successfully.", 'plugins:settings:save:fail' => "There was a problem saving settings for the %s plugin.", 'plugins:usersettings:save:ok' => "User settings for the %s plugin were saved successfully.", diff --git a/mod/externalpages/start.php b/mod/externalpages/start.php index 152a8b4d9..74da7f828 100644 --- a/mod/externalpages/start.php +++ b/mod/externalpages/start.php @@ -77,9 +77,16 @@ function expages_page_handler($page, $handler) { } else { $content .= elgg_echo("expages:notset"); } + $content = elgg_view('expages/wrapper', array('content' => $content)); - $body = elgg_view_layout("one_sidebar", array('content' => $content)); - echo elgg_view_page($title, $body); + if (elgg_is_logged_in() || !elgg_get_config('walled_garden')) { + $body = elgg_view_layout('one_sidebar', array('content' => $content)); + echo elgg_view_page($title, $body); + } else { + elgg_load_css('elgg.walled_garden'); + $body = elgg_view_layout('walled_garden', array('content' => $content)); + echo elgg_view_page($title, $body, 'walled_garden'); + } return true; } diff --git a/mod/externalpages/views/default/expages/wrapper.php b/mod/externalpages/views/default/expages/wrapper.php new file mode 100644 index 000000000..8eb0b2f84 --- /dev/null +++ b/mod/externalpages/views/default/expages/wrapper.php @@ -0,0 +1,16 @@ +<?php +/** + * Wrapper for site pages content area + * + * @uses $vars['content'] + */ + +echo $vars['content']; + +echo '<div class="mtm">'; +echo elgg_view('output/url', array( + 'text' => 'Back', + 'href' => $_SERVER['HTTP_REFERER'], + 'class' => 'float-alt' +)); +echo '</div>'; diff --git a/mod/file/pages/file/download.php b/mod/file/pages/file/download.php index 00e6d500e..76c1f1272 100644 --- a/mod/file/pages/file/download.php +++ b/mod/file/pages/file/download.php @@ -26,7 +26,7 @@ $filename = $file->originalfilename; header("Pragma: public"); header("Content-type: $mime"); -if (strpos($mime, "image/") !== false) { +if (strpos($mime, "image/") !== false || $mime == "application/pdf") { header("Content-Disposition: inline; filename=\"$filename\""); } else { header("Content-Disposition: attachment; filename=\"$filename\""); diff --git a/mod/groups/icon.php b/mod/groups/icon.php index 104da4b41..f86f84fa5 100644 --- a/mod/groups/icon.php +++ b/mod/groups/icon.php @@ -35,7 +35,7 @@ if ($filehandler->open("read")) { } if (!$success) { - $location = elgg_get_plugins_path() . "groups/graphics/default{$size}.jpg"; + $location = elgg_get_plugins_path() . "groups/graphics/default{$size}.gif"; $contents = @file_get_contents($location); } diff --git a/mod/groups/views/default/group/default.php b/mod/groups/views/default/group/default.php index 6eae467c6..d9460dff4 100644 --- a/mod/groups/views/default/group/default.php +++ b/mod/groups/views/default/group/default.php @@ -22,10 +22,9 @@ if (elgg_in_context('owner_block') || elgg_in_context('widgets')) { if ($vars['full_view']) { - echo elgg_view("groups/profile/profile_block", $vars); + echo elgg_view('groups/profile/summary', $vars); } else { // brief view - $params = array( 'entity' => $group, 'metadata' => $metadata, diff --git a/mod/pages/actions/pages/delete.php b/mod/pages/actions/pages/delete.php index dfa0de98d..7a314a280 100644 --- a/mod/pages/actions/pages/delete.php +++ b/mod/pages/actions/pages/delete.php @@ -9,8 +9,9 @@ $guid = get_input('guid'); $page = get_entity($guid); -if ($page) { - if ($page->canEdit()) { +if (elgg_instanceof($page, 'object', 'page') || elgg_instanceof($page, 'object', 'page_top')) { + // only allow owners and admin to delete + if (elgg_is_admin_logged_in() || elgg_get_logged_in_user_guid() == $page->getOwnerGuid()) { $container = get_entity($page->container_guid); // Bring all child elements forward diff --git a/mod/pages/actions/pages/edit.php b/mod/pages/actions/pages/edit.php index 6950d4b2f..a32e4a4ba 100644 --- a/mod/pages/actions/pages/edit.php +++ b/mod/pages/actions/pages/edit.php @@ -47,7 +47,19 @@ if ($page_guid) { } if (sizeof($input) > 0) { + // don't change access if not an owner/admin + $user = elgg_get_logged_in_user_entity(); + $can_change_access = true; + + if ($user && $page) { + $can_change_access = $user->isAdmin() || $user->getGUID() == $page->owner_guid; + } + foreach ($input as $name => $value) { + if (($name == 'access_id' || $name == 'write_access_id') && !$can_change_access) { + continue; + } + $page->$name = $value; } } @@ -74,6 +86,6 @@ if ($page->save()) { forward($page->getURL()); } else { - register_error(elgg_echo('pages:error:no_save')); + register_error(elgg_echo('pages:error:notsaved')); forward(REFERER); } diff --git a/mod/pages/lib/pages.php b/mod/pages/lib/pages.php index 5c5323d6f..dbf7b8917 100644 --- a/mod/pages/lib/pages.php +++ b/mod/pages/lib/pages.php @@ -111,4 +111,4 @@ function pages_register_navigation_tree($container) { } } } -} +}
\ No newline at end of file diff --git a/mod/pages/pages/pages/view.php b/mod/pages/pages/pages/view.php index 5dfb76b55..81477a8d4 100644 --- a/mod/pages/pages/pages/view.php +++ b/mod/pages/pages/pages/view.php @@ -32,7 +32,7 @@ elgg_push_breadcrumb($title); $content = elgg_view_entity($page, array('full_view' => true)); $content .= elgg_view_comments($page); -if (elgg_get_logged_in_user_guid() == $page->getOwnerGuid()) { +if (elgg_is_admin_logged_in() || elgg_get_logged_in_user_guid() == $page->getOwnerGuid()) { $url = "pages/add/$page->guid"; elgg_register_menu_item('title', array( 'name' => 'subpage', diff --git a/mod/pages/views/default/forms/pages/edit.php b/mod/pages/views/default/forms/pages/edit.php index 20737a121..9469f5eb9 100644 --- a/mod/pages/views/default/forms/pages/edit.php +++ b/mod/pages/views/default/forms/pages/edit.php @@ -6,7 +6,18 @@ */ $variables = elgg_get_config('pages'); +$user = elgg_get_logged_in_user_entity(); +$entity = elgg_extract('entity', $vars); +$can_change_access = true; +if ($user && $entity) { + $can_change_access = ($user->isAdmin() || $user->getGUID() == $entity->owner_guid); +} + foreach ($variables as $name => $type) { + // don't show read / write access inputs for non-owners or admin when editing + if (($type == 'access' || $type == 'write_access') && !$can_change_access) { + continue; + } ?> <div> <label><?php echo elgg_echo("pages:$name") ?></label> @@ -14,8 +25,8 @@ foreach ($variables as $name => $type) { if ($type != 'longtext') { echo '<br />'; } - ?> - <?php echo elgg_view("input/$type", array( + + echo elgg_view("input/$type", array( 'name' => $name, 'value' => $vars[$name], )); diff --git a/mod/thewire/pages/thewire/owner.php b/mod/thewire/pages/thewire/owner.php index f544aa655..6246c1770 100644 --- a/mod/thewire/pages/thewire/owner.php +++ b/mod/thewire/pages/thewire/owner.php @@ -14,10 +14,12 @@ $title = elgg_echo('thewire:user', array($owner->name)); elgg_push_breadcrumb(elgg_echo('thewire'), "thewire/all"); elgg_push_breadcrumb($owner->name); +$context = ''; if (elgg_get_logged_in_user_guid() == $owner->guid) { $form_vars = array('class' => 'thewire-form'); $content = elgg_view_form('thewire/add', $form_vars); $content .= elgg_view('input/urlshortener'); + $context = 'mine'; } $content .= elgg_list_entities(array( @@ -28,7 +30,7 @@ $content .= elgg_list_entities(array( )); $body = elgg_view_layout('content', array( - 'filter_context' => 'mine', + 'filter_context' => $context, 'content' => $content, 'title' => $title, 'sidebar' => elgg_view('thewire/sidebar'), diff --git a/mod/thewire/start.php b/mod/thewire/start.php index ebfe29538..5d5786e2f 100644 --- a/mod/thewire/start.php +++ b/mod/thewire/start.php @@ -304,7 +304,7 @@ function thewire_save_post($text, $userid, $access_id, $parent_guid = 0, $method */ function thewire_send_response_notification($guid, $parent_guid, $user) { $parent_owner = get_entity($parent_guid)->getOwnerEntity(); - $user = get_loggedin_user(); + $user = elgg_get_logged_in_user_entity(); // check to make sure user is not responding to self if ($parent_owner->guid != $user->guid) { diff --git a/mod/twitter_api/lib/twitter_api.php b/mod/twitter_api/lib/twitter_api.php index 355123992..fbce00d34 100644 --- a/mod/twitter_api/lib/twitter_api.php +++ b/mod/twitter_api/lib/twitter_api.php @@ -109,7 +109,7 @@ function twitter_api_login() { $user = twitter_api_create_user($twitter); $site_name = elgg_get_site_entity()->name; system_message(elgg_echo('twitter_api:login:email', array($site_name))); - $forward = "twitter_api/intersitial"; + $forward = "twitter_api/interstitial"; } // set twitter services tokens diff --git a/upgrade.php b/upgrade.php index 6f7126326..963523200 100644 --- a/upgrade.php +++ b/upgrade.php @@ -20,7 +20,8 @@ define('UPGRADING', 'upgrading'); require_once(dirname(__FILE__) . "/engine/start.php"); if (get_input('upgrade') == 'upgrade') { - // disable the core system log for upgrades to avoid exceptions when the schema changes. + // disable the system log for upgrades to avoid exceptions when the schema changes. + elgg_unregister_event_handler('log', 'systemlog', 'system_log_default_logger'); elgg_unregister_event_handler('all', 'all', 'system_log_listener'); if (elgg_get_unprocessed_upgrades()) { diff --git a/version.php b/version.php index 689306412..c36f4e186 100644 --- a/version.php +++ b/version.php @@ -14,4 +14,4 @@ $version = 2012041801; // Human-friendly version name -$release = '1.8.3'; +$release = '1.8.4'; diff --git a/views/default/core/walled_garden/body.php b/views/default/core/walled_garden/body.php deleted file mode 100644 index 67d8e0c37..000000000 --- a/views/default/core/walled_garden/body.php +++ /dev/null @@ -1,11 +0,0 @@ -<?php -/** - * Walled garden body - */ - -echo elgg_view('core/walled_garden/login'); -echo elgg_view('core/walled_garden/lost_password'); - -if (elgg_get_config('allow_registration')) { - echo elgg_view('core/walled_garden/register'); -} diff --git a/views/default/core/walled_garden/login.php b/views/default/core/walled_garden/login.php index 0a8b4a908..42b79607d 100644 --- a/views/default/core/walled_garden/login.php +++ b/views/default/core/walled_garden/login.php @@ -14,7 +14,7 @@ $menu = elgg_view_menu('walled_garden', array( $login_box = elgg_view('core/account/login_box', array('module' => 'walledgarden-login')); -$content = <<<HTML +echo <<<HTML <div class="elgg-col elgg-col-1of2"> <div class="elgg-inner"> <h1 class="elgg-heading-walledgarden"> @@ -29,9 +29,3 @@ $content = <<<HTML </div> </div> HTML; - -echo elgg_view_module('walledgarden', '', $content, array( - 'class' => 'elgg-walledgarden-double', - 'header' => ' ', - 'footer' => ' ', -)); diff --git a/views/default/core/walled_garden/lost_password.php b/views/default/core/walled_garden/lost_password.php index ce75b558b..82f8caf50 100644 --- a/views/default/core/walled_garden/lost_password.php +++ b/views/default/core/walled_garden/lost_password.php @@ -5,15 +5,9 @@ $title = elgg_echo('user:password:lost'); $body = elgg_view_form('user/requestnewpassword'); -$lost = <<<HTML +echo <<<HTML <div class="elgg-inner"> <h3>$title</h3> $body </div> HTML; - -echo elgg_view_module('walledgarden', '', $lost, array( - 'class' => 'elgg-walledgarden-single elgg-walledgarden-password hidden', - 'header' => ' ', - 'footer' => ' ', -)); diff --git a/views/default/core/walled_garden/register.php b/views/default/core/walled_garden/register.php index 7f6aac99b..1ce2f8716 100644 --- a/views/default/core/walled_garden/register.php +++ b/views/default/core/walled_garden/register.php @@ -9,15 +9,9 @@ $body = elgg_view_form('register', array(), array( 'invitecode' => get_input('invitecode'), )); -$content = <<<__HTML +echo <<<__HTML <div class="elgg-inner"> <h2>$title</h2> $body </div> __HTML; - -echo elgg_view_module('walledgarden', '', $content, array( - 'class' => 'elgg-walledgarden-single elgg-walledgarden-register hidden', - 'header' => ' ', - 'footer' => ' ', -));
\ No newline at end of file diff --git a/views/default/css/walled_garden.php b/views/default/css/walled_garden.php index ea2543587..f6f7f97dc 100644 --- a/views/default/css/walled_garden.php +++ b/views/default/css/walled_garden.php @@ -54,8 +54,8 @@ $url = elgg_get_site_url(); padding: 0 8px; } -.elgg-walledgarden-single > .elgg-body > .elgg-inner { - padding: 0 8px; +.elgg-walledgarden-single > .elgg-body { + padding: 0 18px; } .elgg-module-walledgarden-login { @@ -68,7 +68,14 @@ $url = elgg_get_site_url(); } .elgg-heading-walledgarden { - color: #666666; margin-top: 60px; line-height: 1.1em; } + +h1, h2, h3, h4, h5, h6 { + color: #666; +} + +a { + color: #999; +}
\ No newline at end of file diff --git a/views/default/js/walled_garden.php b/views/default/js/walled_garden.php index 46c2934ff..13ec83c04 100644 --- a/views/default/js/walled_garden.php +++ b/views/default/js/walled_garden.php @@ -2,9 +2,10 @@ /** * Walled garden JavaScript * - * @todo update for new JS lib + * @since 1.8 */ +// note that this assumes the button view is not using single quotes $cancel_button = elgg_view('input/button', array( 'value' => elgg_echo('cancel'), 'class' => 'elgg-button-cancel mlm', @@ -13,28 +14,43 @@ $cancel_button = trim($cancel_button); ?> -$(document).ready(function() { +elgg.provide('elgg.walled_garden'); - // add cancel button to inline forms - $(".elgg-walledgarden-password").find('input.elgg-button-submit').after('<?php echo $cancel_button; ?>'); - $('.elgg-walledgarden-register').find('input.elgg-button-submit').after('<?php echo $cancel_button; ?>'); +elgg.walled_garden.init = function () { - $(".forgot_link").click(function(event) { - event.preventDefault(); - $(".elgg-walledgarden-password").fadeToggle(); - }); + $('.forgot_link').click(elgg.walled_garden.load('lost_password')); + $('.registration_link').click(elgg.walled_garden.load('register')); - $(".registration_link").click(function(event) { + $('input.elgg-button-cancel').live('click', function(event) { + if ($('.elgg-walledgarden-single').is(':visible')) { + $('.elgg-walledgarden-double').fadeToggle(); + $('.elgg-walledgarden-single').fadeToggle(); + $('.elgg-walledgarden-single').remove(); + } event.preventDefault(); - $(".elgg-walledgarden-register").fadeToggle(); }); +}; - $('input.elgg-button-cancel').click(function(event) { - if ($(".elgg-walledgarden-password").is(':visible')) { - $(".forgot_link").click(); - } else if ($('.elgg-walledgarden-register').is(':visible')) { - $(".registration_link").click(); - } +/** + * Creates a closure for loading walled garden content through ajax + * + * @param {String} view Name of the walled garden view + * @return {Object} + */ +elgg.walled_garden.load = function(view) { + return function(event) { + var id = '#elgg-walledgarden-' + view; + id = id.replace('_', '-'); + elgg.get('walled_garden/' + view, { + 'success' : function(data) { + $('.elgg-body-walledgarden').append(data); + $(id).find('input.elgg-button-submit').after('<?php echo $cancel_button; ?>'); + $('#elgg-walledgarden-login').fadeToggle(); + $(id).fadeToggle(); + }, + }); event.preventDefault(); - }); -});
\ No newline at end of file + }; +}; + +elgg.register_hook_handler('init', 'system', elgg.walled_garden.init);
\ No newline at end of file diff --git a/views/default/object/plugin.php b/views/default/object/plugin.php index 2f64cfcc9..5c7138e96 100644 --- a/views/default/object/plugin.php +++ b/views/default/object/plugin.php @@ -7,6 +7,10 @@ * */ +if (!elgg_in_context('admin')) { + forward('/', 403); +} + $plugin = $vars['entity']; if (!$plugin->isValid()) { diff --git a/views/default/output/tagcloud.php b/views/default/output/tagcloud.php index 22b6cf49d..a212becd8 100644 --- a/views/default/output/tagcloud.php +++ b/views/default/output/tagcloud.php @@ -47,9 +47,15 @@ if (!empty($vars['tagcloud']) && is_array($vars['tagcloud'])) { if ($size < 100) { $size = 100; } - $url = elgg_get_site_url()."search?q=". urlencode($tag->tag) . "&search_type=tags$type$subtype"; - $url = elgg_format_url($url); - $cloud .= "<a href=\"$url\" style=\"font-size: $size%\" title=\"".addslashes($tag->tag)." ($tag->total)\">" . htmlspecialchars($tag->tag, ENT_QUOTES, 'UTF-8') . "</a>"; + $url = "search?q=". urlencode($tag->tag) . "&search_type=tags$type$subtype"; + + $cloud .= elgg_view('output/url', array( + 'text' => $tag->tag, + 'href' => $url, + 'style' => "font-size: $size%;", + 'title' => "$tag->tag ($tag->total)", + 'rel' => 'tag' + )); } $cloud .= elgg_view('tagcloud/extend'); diff --git a/views/default/page/elements/comments.php b/views/default/page/elements/comments.php index ebc7d3df5..cf9b5f08b 100644 --- a/views/default/page/elements/comments.php +++ b/views/default/page/elements/comments.php @@ -12,7 +12,7 @@ $show_add_form = elgg_extract('show_add_form', $vars, true); $id = ''; if (isset($vars['id'])) { - $id = "id =\"{$vars['id']}\""; + $id = "id=\"{$vars['id']}\""; } $class = 'elgg-comments'; diff --git a/views/default/page/layouts/walled_garden.php b/views/default/page/layouts/walled_garden.php new file mode 100644 index 000000000..6ecd941ef --- /dev/null +++ b/views/default/page/layouts/walled_garden.php @@ -0,0 +1,16 @@ +<?php +/** + * Walled Garden layout + * + * @uses $vars['content'] Main content + * @uses $vars['class'] CSS classes + * @uses $vars['id'] CSS id + */ + +$class = elgg_extract('class', $vars, 'elgg-walledgarden-single'); +echo elgg_view_module('walledgarden', '', $vars['content'], array( + 'class' => $class, + 'id' => elgg_extract('id', $vars, ''), + 'header' => ' ', + 'footer' => ' ', +)); diff --git a/views/default/river/elements/body.php b/views/default/river/elements/body.php index 6894b81e2..2cd7f2289 100644 --- a/views/default/river/elements/body.php +++ b/views/default/river/elements/body.php @@ -18,7 +18,7 @@ $menu = elgg_view_menu('river', array( )); // river item header -$timestamp = elgg_get_friendly_time($item->getPostedTime()); +$timestamp = elgg_view_friendly_time($item->getPostedTime()); $summary = elgg_extract('summary', $vars, elgg_view('river/elements/summary', array('item' => $vars['item']))); if ($summary === false) { diff --git a/views/default/river/elements/summary.php b/views/default/river/elements/summary.php index 84941131f..4402c6f65 100644 --- a/views/default/river/elements/summary.php +++ b/views/default/river/elements/summary.php @@ -40,5 +40,14 @@ if ($container instanceof ElggGroup) { $group_string = elgg_echo('river:ingroup', array($group_link)); } +// check summary translation keys. +// will use the $type:$subtype if that's defined, otherwise just uses $type +$key = "river:$action:$type:$subtype"; +$summary = elgg_echo($key, array($subject_link, $object_link)); + +if ($summary == $key) { + $key = "river:$action:$type"; + $summary = elgg_echo($key, array($subject_link, $object_link)); +} -echo elgg_echo("river:$action:$type:$subtype", array($subject_link, $object_link));
\ No newline at end of file +echo $summary;
\ No newline at end of file |