aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--actions/login.php8
-rw-r--r--actions/register.php4
-rw-r--r--actions/useradd.php4
-rw-r--r--engine/lib/upgrades/2012041800-1.8.3-dont_filter_passwords-c0ca4a18b38ae2bc.php11
-rw-r--r--engine/lib/upgrades/2012041801-1.8.3-multiple_user_tokens-852225f7fd89f6c5.php13
-rw-r--r--engine/lib/user_settings.php6
-rw-r--r--mod/thewire/start.php2
-rw-r--r--mod/twitter_api/actions/twitter_api/interstitial_settings.php4
-rw-r--r--version.php2
9 files changed, 39 insertions, 15 deletions
diff --git a/actions/login.php b/actions/login.php
index 256e78acb..ea7fb3508 100644
--- a/actions/login.php
+++ b/actions/login.php
@@ -18,9 +18,9 @@ if (isset($_SESSION['last_forward_from']) && $_SESSION['last_forward_from']) {
}
$username = get_input('username');
-$password = get_input("password");
-$persistent = get_input("persistent", FALSE);
-$result = FALSE;
+$password = get_input('password', null, false);
+$persistent = get_input("persistent", false);
+$result = false;
if (empty($username) || empty($password)) {
register_error(elgg_echo('login:empty'));
@@ -28,7 +28,7 @@ if (empty($username) || empty($password)) {
}
// check if logging in with email address
-if (strpos($username, '@') !== FALSE && ($users = get_user_by_email($username))) {
+if (strpos($username, '@') !== false && ($users = get_user_by_email($username))) {
$username = $users[0]->username;
}
diff --git a/actions/register.php b/actions/register.php
index 360b7cb4b..f23d5b381 100644
--- a/actions/register.php
+++ b/actions/register.php
@@ -10,8 +10,8 @@ elgg_make_sticky_form('register');
// Get variables
$username = get_input('username');
-$password = get_input('password');
-$password2 = get_input('password2');
+$password = get_input('password', null, false);
+$password2 = get_input('password2', null, false);
$email = get_input('email');
$name = get_input('name');
$friend_guid = (int) get_input('friend_guid', 0);
diff --git a/actions/useradd.php b/actions/useradd.php
index fdcd7e438..17459021b 100644
--- a/actions/useradd.php
+++ b/actions/useradd.php
@@ -10,8 +10,8 @@ elgg_make_sticky_form('useradd');
// Get variables
$username = get_input('username');
-$password = get_input('password');
-$password2 = get_input('password2');
+$password = get_input('password', null, false);
+$password2 = get_input('password2', null, false);
$email = get_input('email');
$name = get_input('name');
diff --git a/engine/lib/upgrades/2012041800-1.8.3-dont_filter_passwords-c0ca4a18b38ae2bc.php b/engine/lib/upgrades/2012041800-1.8.3-dont_filter_passwords-c0ca4a18b38ae2bc.php
new file mode 100644
index 000000000..b82ffbebf
--- /dev/null
+++ b/engine/lib/upgrades/2012041800-1.8.3-dont_filter_passwords-c0ca4a18b38ae2bc.php
@@ -0,0 +1,11 @@
+<?php
+/**
+ * Elgg 1.8.3 upgrade 2012041800
+ * dont_filter_passwords
+ *
+ * Add admin notice that password handling has changed and if
+ * users can't login to have them reset their passwords.
+ */
+elgg_add_admin_notice('dont_filter_passwords', 'Password handling has been updated to be more secure and flexible. '
+ . 'This change may prevent a small number of users from logging in with their existing passwords. '
+ . 'If a user is unable to log in, please advise him or her to reset their password, or reset it as an admin user.');
diff --git a/engine/lib/upgrades/2012041801-1.8.3-multiple_user_tokens-852225f7fd89f6c5.php b/engine/lib/upgrades/2012041801-1.8.3-multiple_user_tokens-852225f7fd89f6c5.php
new file mode 100644
index 000000000..07732f261
--- /dev/null
+++ b/engine/lib/upgrades/2012041801-1.8.3-multiple_user_tokens-852225f7fd89f6c5.php
@@ -0,0 +1,13 @@
+<?php
+/**
+ * Elgg 1.8.3 upgrade 2012041801
+ * multiple_user_tokens
+ *
+ * Fixes http://trac.elgg.org/ticket/4291
+ * Removes the unique index on users_apisessions for user_guid and site_guid
+ */
+
+$db_prefix = elgg_get_config('dbprefix');
+$q = "ALTER TABLE {$db_prefix}users_apisessions DROP INDEX user_guid,
+ ADD INDEX user_guid (user_guid, site_guid)";
+update_data($q); \ No newline at end of file
diff --git a/engine/lib/user_settings.php b/engine/lib/user_settings.php
index af30d8f0d..e4069fb53 100644
--- a/engine/lib/user_settings.php
+++ b/engine/lib/user_settings.php
@@ -33,9 +33,9 @@ function users_settings_save() {
* @access private
*/
function elgg_set_user_password() {
- $current_password = get_input('current_password');
- $password = get_input('password');
- $password2 = get_input('password2');
+ $current_password = get_input('current_password', null, false);
+ $password = get_input('password', null, false);
+ $password2 = get_input('password2', null, false);
$user_guid = get_input('guid');
if (!$user_guid) {
diff --git a/mod/thewire/start.php b/mod/thewire/start.php
index ebfe29538..5d5786e2f 100644
--- a/mod/thewire/start.php
+++ b/mod/thewire/start.php
@@ -304,7 +304,7 @@ function thewire_save_post($text, $userid, $access_id, $parent_guid = 0, $method
*/
function thewire_send_response_notification($guid, $parent_guid, $user) {
$parent_owner = get_entity($parent_guid)->getOwnerEntity();
- $user = get_loggedin_user();
+ $user = elgg_get_logged_in_user_entity();
// check to make sure user is not responding to self
if ($parent_owner->guid != $user->guid) {
diff --git a/mod/twitter_api/actions/twitter_api/interstitial_settings.php b/mod/twitter_api/actions/twitter_api/interstitial_settings.php
index 5f742efd8..880623973 100644
--- a/mod/twitter_api/actions/twitter_api/interstitial_settings.php
+++ b/mod/twitter_api/actions/twitter_api/interstitial_settings.php
@@ -6,8 +6,8 @@ elgg_make_sticky_form('twitter_api_interstitial');
$display_name = get_input('display_name');
$email = get_input('email');
-$password_1 = get_input('password_1');
-$password_2 = get_input('password_2');
+$password_1 = get_input('password_1', null, false);
+$password_2 = get_input('password_2', null, false);
if (!$display_name) {
register_error(elgg_echo('twitter_api:interstitial:no_display_name'));
diff --git a/version.php b/version.php
index dc6897c18..689306412 100644
--- a/version.php
+++ b/version.php
@@ -11,7 +11,7 @@
// YYYYMMDD = Elgg Date
// XX = Interim incrementer
-$version = 2012012100;
+$version = 2012041801;
// Human-friendly version name
$release = '1.8.3';