diff options
203 files changed, 2660 insertions, 1071 deletions
diff --git a/CHANGES.txt b/CHANGES.txt index 870c4f57d..7a3422d7d 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,3 +1,72 @@ +Version 1.8.8 +(July 11, 2012 from https://github.com/Elgg/Elgg/tree/1.8) + + Contributing Developers: + * Cash Costello + * Miguel Rodriguez + * Sem + + Enhancements: + * Added a delete button on river items for admins + + Bugfixes: + * Fixed the significant bug with htmlawed plugin that caused duplicate tags + + +Version 1.8.7 +(July 10, 2012 from https://github.com/Elgg/Elgg/tree/1.8) + + Contributing Developers: + * Cash Costello + * Evan Winslow + * Ismayil Khayredinov + * Jeroen Dalsem + * Jerome Bakker + * Matt Beckett + * Miguel Rodriguez + * Paweł Sroka + * Sem + * Steve Clay + + Enhancements: + * Better support for search engine friendly URLs + * Upgraded htmlawed (XSS filtering) + * Internationalization support for TinyMCE + * Public access not available for walled gardens + * Better forwarding and messages when they cannot view content because logged out + + Bugfixes: + * Fatal errors due to type hints downgraded to warnings + * Group discussion reply notifications work again + * Sending user to inbox when deleting a message + * Fixed location profile information when it is an array + * Over 30 other bug fixes. + + +Version 1.8.6 +(June 18, 2012 from https://github.com/Elgg/Elgg/tree/1.8) + + Contributing Developers: + * Cash Costello + * Evan Winslow + * Ismayil Khayredinov + * Jeff Tilson + * Jerome Bakker + * Paweł Sroka + * Sem + * Steve Clay + + Enhancements: + * New ajax spinner + * Detecting docx, xlsx, and pptx files in file plugin + * Showing ajax spinner when uploading file with embed plugin + + Bugfixes: + * Fixed some language caching issues. + * Users can add sub-pages to another user's page in a group. + * Over 30 other bug fixes. + + Version 1.8.5 (May 17, 2012 from https://github.com/Elgg/Elgg/tree/1.8) @@ -27,6 +96,7 @@ Version 1.8.5 * River entries' timestamps use elgg_view_friendly_time() and can be overridden with the friendly time output view. + Version 1.8.4 (April 24, 2012 from https://github.com/Elgg/Elgg/tree/1.8) diff --git a/INSTALL.txt b/INSTALL.txt index f558a26e2..f4ecbffe1 100644 --- a/INSTALL.txt +++ b/INSTALL.txt @@ -11,7 +11,8 @@ TECHNICAL REQUIREMENTS Elgg runs on a combination of the Apache web server, MySQL database system and the PHP interpreted scripting language. This is the most -popular web server environment in the world. +popular web server environment in the world. (Elgg can also run on +other web servers such a nginx and IIS, but requires further configuration). Due to Elgg's advanced functionality, there are some extra configuration requirements: @@ -20,25 +21,17 @@ configuration requirements: modules: o mod_rewrite o PHP - * MySQL 5+ with sql_mode in standard mode (ie not in traditional - or any other mode). - * PHP 5.2+ needs to be installed as an Apache module (not in CGI - mode or safe mode) with the following libraries: - o GD (for graphics processing, eg user icon rescaling) - o JSON (for API functionality) - o XML (not installed/compiled by default on all systems) - o Multibyte String support (for internationalisation) + * MySQL 5+. + * PHP 5.2+ needs to be installed as an Apache module + with the following libraries: + o GD (for graphics processing such as avatar cropping) + o Multibyte String support (for internationalization) It is recommended that you increase the memory available to PHP threads beyond the standard 8 or 12M, and increase the maximum uploaded filesize (which defaults to 2M). In both cases, this can be found in your php.ini. - * The following PHP libraries are also recommended for some - plugins and extra functionality: - o SOAP - o DOM - INSTALLING ELGG @@ -104,7 +97,8 @@ If your web server does not have permission to create these files, you will need to either 1. Change the permissions on the directory where you are installing - Elgg and the engine directory and try again. + Elgg and the engine directory and try again. Remember to change the + permissions back to the original values after installation is complete. 2. Copy engine/settings.example.php to engine/settings.php, open it up in a text editor and fill in your database details. Then diff --git a/README.txt b/README.txt index 3cffcc8c7..5d9261ee4 100644 --- a/README.txt +++ b/README.txt @@ -1,12 +1,12 @@ Elgg -Copyright (c) 2008-2011 See COPYRIGHT.txt +Copyright (c) 2008-2012 See COPYRIGHT.txt See CONTRIBUTORS.txt for development credits. Elgg is managed by the Elgg Foundation, a nonprofit organization that was founded to govern, protect, and promote the Elgg open source social network engine. The Foundation aims to provide a stable, commercially and -individually independent organization that moves in the best interest of Elgg +individually independent organization that operates in the best interest of Elgg as an open source project. The project site can be found at http://elgg.org/ diff --git a/_graphics/ajax_loader.gif b/_graphics/ajax_loader.gif Binary files differindex 5a9af96d2..b55e148bb 100644 --- a/_graphics/ajax_loader.gif +++ b/_graphics/ajax_loader.gif diff --git a/_graphics/ajax_loader_bw.gif b/_graphics/ajax_loader_bw.gif Binary files differindex 95bad9128..e195e1fd8 100644 --- a/_graphics/ajax_loader_bw.gif +++ b/_graphics/ajax_loader_bw.gif diff --git a/actions/admin/plugins/activate.php b/actions/admin/plugins/activate.php index 286cf5a4f..5234a4ca5 100644 --- a/actions/admin/plugins/activate.php +++ b/actions/admin/plugins/activate.php @@ -47,7 +47,8 @@ if (count($activated_guids) === 1) { $url .= "?$query"; } $plugin = get_entity($plugin_guids[0]); - forward("$url#{$plugin->getID()}"); + $id = $css_id = preg_replace('/[^a-z0-9-]/i', '-', $plugin->getID()); + forward("$url#$id"); } else { // forward to top of page with a failure so remove any #foo $url = $_SERVER['HTTP_REFERER']; diff --git a/actions/admin/plugins/deactivate.php b/actions/admin/plugins/deactivate.php index e7ce65625..354f4717d 100644 --- a/actions/admin/plugins/deactivate.php +++ b/actions/admin/plugins/deactivate.php @@ -46,7 +46,8 @@ if (count($plugin_guids) == 1) { $url .= "?$query"; } $plugin = get_entity($plugin_guids[0]); - forward("$url#{$plugin->getID()}"); + $id = preg_replace('/[^a-z0-9-]/i', '-', $plugin->getID()); + forward("$url#$id"); } else { forward(REFERER); } diff --git a/actions/admin/site/update_advanced.php b/actions/admin/site/update_advanced.php index 897a2f983..0fd8d1f35 100644 --- a/actions/admin/site/update_advanced.php +++ b/actions/admin/site/update_advanced.php @@ -53,8 +53,6 @@ if ($site = elgg_get_site_entity()) { $user_default_access = (get_input('allow_user_default_access')) ? 1 : 0; set_config('allow_user_default_access', $user_default_access, $site->getGUID()); - set_config('view', get_input('view'), $site->getGUID()); - $debug = get_input('debug'); if ($debug) { set_config('debug', $debug, $site->getGUID()); diff --git a/actions/avatar/remove.php b/actions/avatar/remove.php new file mode 100644 index 000000000..cd38e456a --- /dev/null +++ b/actions/avatar/remove.php @@ -0,0 +1,34 @@ +<?php +/** + * Avatar remove action + */ + +$guid = get_input('guid'); +$user = get_entity($guid); +if ($user) { + // Delete all icons from diskspace + $icon_sizes = elgg_get_config('icon_sizes'); + foreach ($icon_sizes as $name => $size_info) { + $file = new ElggFile(); + $file->owner_guid = $guid; + $file->setFilename("profile/{$guid}{$name}.jpg"); + $filepath = $file->getFilenameOnFilestore(); + if (!$file->delete()) { + elgg_log("Avatar file remove failed. Remove $filepath manually, please.", 'WARNING'); + } + } + + // Remove crop coords + unset($user->x1); + unset($user->x2); + unset($user->y1); + unset($user->y2); + + // Remove icon + unset($user->icontime); + system_message(elgg_echo('avatar:remove:success')); +} else { + register_error(elgg_echo('avatar:remove:fail')); +} + +forward(REFERER); diff --git a/actions/avatar/revert.php b/actions/avatar/revert.php deleted file mode 100644 index 8cff40a68..000000000 --- a/actions/avatar/revert.php +++ /dev/null @@ -1,15 +0,0 @@ -<?php -/** - * Avatar revert action - */ - -$guid = get_input('guid'); -$user = get_entity($guid); -if ($user) { - unset($user->icontime); - system_message(elgg_echo('avatar:revert:success')); -} else { - register_error(elgg_echo('avatar:revert:fail')); -} - -forward(REFERER); diff --git a/actions/comments/delete.php b/actions/comments/delete.php index f8458a152..f2c058ff4 100644 --- a/actions/comments/delete.php +++ b/actions/comments/delete.php @@ -12,19 +12,12 @@ if (!elgg_is_logged_in()) { // Make sure we can get the comment in question $annotation_id = (int) get_input('annotation_id'); -if ($comment = elgg_get_annotation_from_id($annotation_id)) { - - $entity = get_entity($comment->entity_guid); - - if ($comment->canEdit()) { - $comment->delete(); - system_message(elgg_echo("generic_comment:deleted")); - forward($entity->getURL()); - } - +$comment = elgg_get_annotation_from_id($annotation_id); +if ($comment && $comment->canEdit()) { + $comment->delete(); + system_message(elgg_echo("generic_comment:deleted")); } else { - $url = ""; + register_error(elgg_echo("generic_comment:notdeleted")); } -register_error(elgg_echo("generic_comment:notdeleted")); forward(REFERER);
\ No newline at end of file diff --git a/actions/friends/collections/add.php b/actions/friends/collections/add.php index 1e2bc1d5c..9dc17b37e 100644 --- a/actions/friends/collections/add.php +++ b/actions/friends/collections/add.php @@ -20,8 +20,7 @@ if ($id) { $result = update_access_collection($id, $friends); if ($result) { system_message(elgg_echo("friends:collectionadded")); - // go to the collections page - forward("pg/collections/" . get_loggedin_user()->username); + forward("collections/" . elgg_get_logged_in_user_entity()->username); } else { register_error(elgg_echo("friends:nocollectionname")); forward(REFERER); diff --git a/actions/plugins/settings/save.php b/actions/plugins/settings/save.php index e94127f7c..581a2f9ec 100644 --- a/actions/plugins/settings/save.php +++ b/actions/plugins/settings/save.php @@ -3,7 +3,7 @@ * Saves global plugin settings. * * This action can be overriden for a specific plugin by creating the - * settings/<plugin_id>/save action in that plugin. + * <plugin_id>/settings/save action in that plugin. * * @uses array $_REQUEST['params'] A set of key/value pairs to save to the ElggPlugin entity * @uses int $_REQUEST['plugin_id'] The ID of the plugin diff --git a/actions/plugins/usersettings/save.php b/actions/plugins/usersettings/save.php index 71ad2ad7b..f6b8ab0b6 100644 --- a/actions/plugins/usersettings/save.php +++ b/actions/plugins/usersettings/save.php @@ -3,7 +3,7 @@ * Saves user-specific plugin settings. * * This action can be overriden for a specific plugin by creating the - * settings/<plugin_id>/save action in that plugin. + * <plugin_id>/usersettings/save action in that plugin. * * @uses array $_REQUEST['params'] A set of key/value pairs to save to the ElggPlugin entity * @uses int $_REQUEST['plugin_id'] The id of the plugin diff --git a/actions/river/delete.php b/actions/river/delete.php new file mode 100644 index 000000000..0d8297932 --- /dev/null +++ b/actions/river/delete.php @@ -0,0 +1,21 @@ +<?php +/** + * River item delete action + * + * @package Elgg + * @subpackage Core + */ + +$id = get_input('id', false); + +if ($id !== false && elgg_is_admin_logged_in()) { + if (elgg_delete_river(array('id' => $id))) { + system_message(elgg_echo('river:delete:success')); + } else { + register_error(elgg_echo('river:delete:fail')); + } +} else { + register_error(elgg_echo('river:delete:fail')); +} + +forward(REFERER); diff --git a/actions/widgets/add.php b/actions/widgets/add.php index f65d11134..d7b2f291c 100644 --- a/actions/widgets/add.php +++ b/actions/widgets/add.php @@ -9,6 +9,7 @@ $owner_guid = get_input('owner_guid'); $handler = get_input('handler'); $context = get_input('context'); +$show_access = (bool)get_input('show_access', true); $column = get_input('column', 1); $default_widgets = get_input('default_widgets', 0); @@ -29,7 +30,7 @@ if (!empty($owner_guid)) { $widget->move($column, 0); // send widget html for insertion - echo elgg_view_entity($widget); + echo elgg_view_entity($widget, array('show_access' => $show_access)); //system_message(elgg_echo('widgets:add:success')); forward(REFERER); diff --git a/documentation/info/manifest.xml b/documentation/info/manifest.xml index baa6cc3fa..494158481 100644 --- a/documentation/info/manifest.xml +++ b/documentation/info/manifest.xml @@ -6,6 +6,9 @@ <blurb>A concise description.</blurb> <description>This is a longer, more interesting description of my plugin, its features, and other important information.</description> <website>http://www.elgg.org/</website> + <repository>https://github.com/Elgg/Elgg</repository> + <bugtracker>http://trac.elgg.org</bugtracker> + <donations>http://elgg.org/supporter.php</donations> <copyright>(C) Elgg 2011</copyright> <license>GNU General Public License version 2</license> diff --git a/engine/classes/ElggGroup.php b/engine/classes/ElggGroup.php index f7f67bf41..121186196 100644 --- a/engine/classes/ElggGroup.php +++ b/engine/classes/ElggGroup.php @@ -16,8 +16,6 @@ class ElggGroup extends ElggEntity * Sets the type to group. * * @return void - * - * @deprecated 1.8 Use initializeAttributes */ protected function initializeAttributes() { parent::initializeAttributes(); diff --git a/engine/classes/ElggMemcache.php b/engine/classes/ElggMemcache.php index f27b017d0..d9539b9cb 100644 --- a/engine/classes/ElggMemcache.php +++ b/engine/classes/ElggMemcache.php @@ -40,7 +40,7 @@ class ElggMemcache extends ElggSharedMemoryCache { // Do we have memcache? if (!class_exists('Memcache')) { - throw new ConfigurationException(elgg_echo('memcache:notinstalled')); + throw new ConfigurationException('PHP memcache module not installed, you must install php5-memcache'); } // Create memcache object @@ -48,7 +48,7 @@ class ElggMemcache extends ElggSharedMemoryCache { // Now add servers if (!$CONFIG->memcache_servers) { - throw new ConfigurationException(elgg_echo('memcache:noservers')); + throw new ConfigurationException('No memcache servers defined, please populate the $CONFIG->memcache_servers variable'); } if (is_callable(array($this->memcache, 'addServer'))) { @@ -85,7 +85,7 @@ class ElggMemcache extends ElggSharedMemoryCache { // Get version $this->version = $this->memcache->getVersion(); if (version_compare($this->version, ElggMemcache::$MINSERVERVERSION, '<')) { - $msg = elgg_echo('memcache:versiontoolow', + $msg = vsprintf('Memcache needs at least version %s to run, you are running %s', array(ElggMemcache::$MINSERVERVERSION, $this->version )); diff --git a/engine/classes/ElggPluginManifest.php b/engine/classes/ElggPluginManifest.php index 7aa702d47..a4f5bb95d 100644 --- a/engine/classes/ElggPluginManifest.php +++ b/engine/classes/ElggPluginManifest.php @@ -264,7 +264,7 @@ class ElggPluginManifest { /** * Returns the license * - * @return sting + * @return string */ public function getLicense() { // license vs licence. Use license. @@ -276,6 +276,32 @@ class ElggPluginManifest { } } + /** + * Returns the repository url + * + * @return string + */ + public function getRepositoryURL() { + return $this->parser->getAttribute('repository'); + } + + /** + * Returns the bug tracker page + * + * @return string + */ + public function getBugTrackerURL() { + return $this->parser->getAttribute('bugtracker'); + } + + /** + * Returns the donations page + * + * @return string + */ + public function getDonationsPageURL() { + return $this->parser->getAttribute('donations'); + } /** * Returns the version of the plugin. @@ -319,12 +345,26 @@ class ElggPluginManifest { * @return array */ public function getCategories() { + $bundled_plugins = array('blog', 'bookmarks', 'categories', + 'custom_index', 'dashboard', 'developers', 'diagnostics', + 'embed', 'externalpages', 'file', 'garbagecollector', + 'groups', 'htmlawed', 'invitefriends', 'likes', + 'logbrowser', 'logrotate', 'members', 'messageboard', + 'messages', 'notifications', 'oauth_api', 'pages', 'profile', + 'reportedcontent', 'search', 'tagcloud', 'thewire', 'tinymce', + 'twitter', 'twitter_api', 'uservalidationbyemail', 'zaudio', + ); + $cats = $this->parser->getAttribute('category'); if (!$cats) { $cats = array(); } + if (in_array('bundled', $cats) && !in_array($this->getPluginID(), $bundled_plugins)) { + unset($cats[array_search('bundled', $cats)]); + } + return $cats; } @@ -442,7 +482,7 @@ class ElggPluginManifest { * Normalizes a dependency array using the defined structs. * Can be used with either requires or suggests. * - * @param array $dep An dependency array. + * @param array $dep A dependency array. * @return array The normalized deps array. */ private function normalizeDep($dep) { @@ -486,8 +526,10 @@ class ElggPluginManifest { break; } } - break; + default: + // unrecognized so we just return the raw dependency + return $dep; } $normalized_dep = $this->buildStruct($struct, $dep); diff --git a/engine/classes/ElggPluginManifestParser18.php b/engine/classes/ElggPluginManifestParser18.php index 554e28c02..3b753f17b 100644 --- a/engine/classes/ElggPluginManifestParser18.php +++ b/engine/classes/ElggPluginManifestParser18.php @@ -13,10 +13,10 @@ class ElggPluginManifestParser18 extends ElggPluginManifestParser { * @var array */ protected $validAttributes = array( - 'name', 'author', 'version', 'blurb', 'description', - 'website', 'copyright', 'license', 'requires', 'suggests', - 'screenshot', 'category', 'conflicts', 'provides', - 'activate_on_install' + 'name', 'author', 'version', 'blurb', 'description','website', + 'repository', 'bugtracker', 'donations', 'copyright', 'license', + 'requires', 'suggests', 'conflicts', 'provides', + 'screenshot', 'category', 'activate_on_install' ); /** @@ -46,6 +46,9 @@ class ElggPluginManifestParser18 extends ElggPluginManifestParser { case 'website': case 'copyright': case 'license': + case 'repository': + case 'bugtracker': + case 'donations': case 'activate_on_install': $parsed[$element->name] = $element->content; break; diff --git a/engine/classes/ElggSite.php b/engine/classes/ElggSite.php index 6d07778a9..401939005 100644 --- a/engine/classes/ElggSite.php +++ b/engine/classes/ElggSite.php @@ -381,14 +381,24 @@ class ElggSite extends ElggEntity { public function checkWalledGarden() { global $CONFIG; - if ($CONFIG->walled_garden && !elgg_is_logged_in()) { - // hook into the index system call at the highest priority - elgg_register_plugin_hook_handler('index', 'system', 'elgg_walled_garden_index', 1); - - if (!$this->isPublicPage()) { - $_SESSION['last_forward_from'] = current_page_url(); - register_error(elgg_echo('loggedinrequired')); - forward(); + if ($CONFIG->walled_garden) { + if ($CONFIG->default_access == ACCESS_PUBLIC) { + $CONFIG->default_access = ACCESS_LOGGED_IN; + } + elgg_register_plugin_hook_handler( + 'access:collections:write', + 'user', + '_elgg_walled_garden_remove_public_access'); + + if (!elgg_is_logged_in()) { + // hook into the index system call at the highest priority + elgg_register_plugin_hook_handler('index', 'system', 'elgg_walled_garden_index', 1); + + if (!$this->isPublicPage()) { + $_SESSION['last_forward_from'] = current_page_url(); + register_error(elgg_echo('loggedinrequired')); + forward(); + } } } } @@ -423,6 +433,7 @@ class ElggSite extends ElggEntity { // default public pages $defaults = array( 'walled_garden/.*', + 'login', 'action/login', 'register', 'action/register', diff --git a/engine/classes/ElggTranslit.php b/engine/classes/ElggTranslit.php new file mode 100644 index 000000000..676c59fc8 --- /dev/null +++ b/engine/classes/ElggTranslit.php @@ -0,0 +1,262 @@ +<?php +/** + * Elgg Transliterate + * + * For creating "friendly titles" for URLs + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * This software consists of voluntary contributions made by many individuals + * and is licensed under the LGPL. For more information, see + * <http://www.doctrine-project.org>. + * + * @author Konsta Vesterinen <kvesteri@cc.hut.fi> + * @author Jonathan H. Wage <jonwage@gmail.com> + * + * @author Steve Clay <steve@mrclay.org> + * @package Elgg.Core + * + * @access private Plugin authors should not use this directly + */ +class ElggTranslit { + + /** + * Create a version of a string for embedding in a URL + * @param string $string a UTF-8 string + * @param string $separator + * @return string + */ + static public function urlize($string, $separator = '-') { + // Iñtërnâtiônàlizætiøn, AND 日本語! + + // try to force combined chars because the translit map and others expect it + if (self::hasNormalizerSupport()) { + $nfc = normalizer_normalize($string); + if (is_string($nfc)) { + $string = $nfc; + } + } + // Internationalization, AND 日本語! + $string = self::transliterateAscii($string); + + // more translation + $string = strtr($string, array( + // Euro/GBP + "\xE2\x82\xAC" /* € */ => 'E', "\xC2\xA3" /* £ */ => 'GBP', + )); + + // remove all ASCII except 0-9a-zA-Z, hyphen, underscore, and whitespace + // note: "x" modifier did not work with this pattern. + $string = preg_replace('~[' + . '\x00-\x08' # control chars + . '\x0b\x0c' # vert tab, form feed + . '\x0e-\x1f' # control chars + . '\x21-\x2c' # ! ... , + . '\x2e\x2f' # . slash + . '\x3a-\x40' # : ... @ + . '\x5b-\x5e' # [ ... ^ + . '\x60' # ` + . '\x7b-\x7f' # { ... DEL + . ']~', '', $string); + $string = strtr($string, '', ''); + + // internationalization, and 日本語! + // note: not using elgg_strtolower to keep this class portable + $string = is_callable('mb_strtolower') + ? mb_strtolower($string, 'UTF-8') + : strtolower($string); + + // split by ASCII chars not in 0-9a-zA-Z + // note: we cannot use [^0-9a-zA-Z] because that matches multibyte chars. + // note: "x" modifier did not work with this pattern. + $pattern = '~[' + . '\x00-\x2f' # controls ... slash + . '\x3a-\x40' # : ... @ + . '\x5b-\x60' # [ ... ` + . '\x7b-\x7f' # { ... DEL + . ']+~x'; + + // ['internationalization', 'and', '日本語'] + $words = preg_split($pattern, $string, -1, PREG_SPLIT_NO_EMPTY); + + // ['internationalization', 'and', '%E6%97%A5%E6%9C%AC%E8%AA%9E'] + $words = array_map('urlencode', $words); + + // internationalization-and-%E6%97%A5%E6%9C%AC%E8%AA%9E + return implode($separator, $words); + } + + /** + * Transliterate Western multibyte chars to ASCII + * @param string $utf8 a UTF-8 string + * @return string + */ + static public function transliterateAscii($utf8) { + static $map = null; + if (!preg_match('/[\x80-\xff]/', $utf8)) { + return $utf8; + } + if (null === $map) { + $map = self::getAsciiTranslitMap(); + } + return strtr($utf8, $map); + } + + /** + * Get array of UTF-8 (NFC) character replacements. + * + * @return array + */ + static public function getAsciiTranslitMap() { + return array( + // Decompositions for Latin-1 Supplement + "\xC2\xAA" /* ª */ => 'a', "\xC2\xBA" /* º */ => 'o', "\xC3\x80" /* À */ => 'A', + "\xC3\x81" /* Á */ => 'A', "\xC3\x82" /*  */ => 'A', "\xC3\x83" /* à */ => 'A', + "\xC3\x84" /* Ä */ => 'A', "\xC3\x85" /* Å */ => 'A', "\xC3\x86" /* Æ */ => 'AE', + "\xC3\x87" /* Ç */ => 'C', "\xC3\x88" /* È */ => 'E', "\xC3\x89" /* É */ => 'E', + "\xC3\x8A" /* Ê */ => 'E', "\xC3\x8B" /* Ë */ => 'E', "\xC3\x8C" /* Ì */ => 'I', + "\xC3\x8D" /* Í */ => 'I', "\xC3\x8E" /* Î */ => 'I', "\xC3\x8F" /* Ï */ => 'I', + "\xC3\x90" /* Ð */ => 'D', "\xC3\x91" /* Ñ */ => 'N', "\xC3\x92" /* Ò */ => 'O', + "\xC3\x93" /* Ó */ => 'O', "\xC3\x94" /* Ô */ => 'O', "\xC3\x95" /* Õ */ => 'O', + "\xC3\x96" /* Ö */ => 'O', "\xC3\x99" /* Ù */ => 'U', "\xC3\x9A" /* Ú */ => 'U', + "\xC3\x9B" /* Û */ => 'U', "\xC3\x9C" /* Ü */ => 'U', "\xC3\x9D" /* Ý */ => 'Y', + "\xC3\x9E" /* Þ */ => 'TH', "\xC3\x9F" /* ß */ => 'ss', "\xC3\xA0" /* à */ => 'a', + "\xC3\xA1" /* á */ => 'a', "\xC3\xA2" /* â */ => 'a', "\xC3\xA3" /* ã */ => 'a', + "\xC3\xA4" /* ä */ => 'a', "\xC3\xA5" /* å */ => 'a', "\xC3\xA6" /* æ */ => 'ae', + "\xC3\xA7" /* ç */ => 'c', "\xC3\xA8" /* è */ => 'e', "\xC3\xA9" /* é */ => 'e', + "\xC3\xAA" /* ê */ => 'e', "\xC3\xAB" /* ë */ => 'e', "\xC3\xAC" /* ì */ => 'i', + "\xC3\xAD" /* í */ => 'i', "\xC3\xAE" /* î */ => 'i', "\xC3\xAF" /* ï */ => 'i', + "\xC3\xB0" /* ð */ => 'd', "\xC3\xB1" /* ñ */ => 'n', "\xC3\xB2" /* ò */ => 'o', + "\xC3\xB3" /* ó */ => 'o', "\xC3\xB4" /* ô */ => 'o', "\xC3\xB5" /* õ */ => 'o', + "\xC3\xB6" /* ö */ => 'o', "\xC3\xB8" /* ø */ => 'o', "\xC3\xB9" /* ù */ => 'u', + "\xC3\xBA" /* ú */ => 'u', "\xC3\xBB" /* û */ => 'u', "\xC3\xBC" /* ü */ => 'u', + "\xC3\xBD" /* ý */ => 'y', "\xC3\xBE" /* þ */ => 'th', "\xC3\xBF" /* ÿ */ => 'y', + "\xC3\x98" /* Ø */ => 'O', + // Decompositions for Latin Extended-A + "\xC4\x80" /* Ā */ => 'A', "\xC4\x81" /* ā */ => 'a', "\xC4\x82" /* Ă */ => 'A', + "\xC4\x83" /* ă */ => 'a', "\xC4\x84" /* Ą */ => 'A', "\xC4\x85" /* ą */ => 'a', + "\xC4\x86" /* Ć */ => 'C', "\xC4\x87" /* ć */ => 'c', "\xC4\x88" /* Ĉ */ => 'C', + "\xC4\x89" /* ĉ */ => 'c', "\xC4\x8A" /* Ċ */ => 'C', "\xC4\x8B" /* ċ */ => 'c', + "\xC4\x8C" /* Č */ => 'C', "\xC4\x8D" /* č */ => 'c', "\xC4\x8E" /* Ď */ => 'D', + "\xC4\x8F" /* ď */ => 'd', "\xC4\x90" /* Đ */ => 'D', "\xC4\x91" /* đ */ => 'd', + "\xC4\x92" /* Ē */ => 'E', "\xC4\x93" /* ē */ => 'e', "\xC4\x94" /* Ĕ */ => 'E', + "\xC4\x95" /* ĕ */ => 'e', "\xC4\x96" /* Ė */ => 'E', "\xC4\x97" /* ė */ => 'e', + "\xC4\x98" /* Ę */ => 'E', "\xC4\x99" /* ę */ => 'e', "\xC4\x9A" /* Ě */ => 'E', + "\xC4\x9B" /* ě */ => 'e', "\xC4\x9C" /* Ĝ */ => 'G', "\xC4\x9D" /* ĝ */ => 'g', + "\xC4\x9E" /* Ğ */ => 'G', "\xC4\x9F" /* ğ */ => 'g', "\xC4\xA0" /* Ġ */ => 'G', + "\xC4\xA1" /* ġ */ => 'g', "\xC4\xA2" /* Ģ */ => 'G', "\xC4\xA3" /* ģ */ => 'g', + "\xC4\xA4" /* Ĥ */ => 'H', "\xC4\xA5" /* ĥ */ => 'h', "\xC4\xA6" /* Ħ */ => 'H', + "\xC4\xA7" /* ħ */ => 'h', "\xC4\xA8" /* Ĩ */ => 'I', "\xC4\xA9" /* ĩ */ => 'i', + "\xC4\xAA" /* Ī */ => 'I', "\xC4\xAB" /* ī */ => 'i', "\xC4\xAC" /* Ĭ */ => 'I', + "\xC4\xAD" /* ĭ */ => 'i', "\xC4\xAE" /* Į */ => 'I', "\xC4\xAF" /* į */ => 'i', + "\xC4\xB0" /* İ */ => 'I', "\xC4\xB1" /* ı */ => 'i', "\xC4\xB2" /* IJ */ => 'IJ', + "\xC4\xB3" /* ij */ => 'ij', "\xC4\xB4" /* Ĵ */ => 'J', "\xC4\xB5" /* ĵ */ => 'j', + "\xC4\xB6" /* Ķ */ => 'K', "\xC4\xB7" /* ķ */ => 'k', "\xC4\xB8" /* ĸ */ => 'k', + "\xC4\xB9" /* Ĺ */ => 'L', "\xC4\xBA" /* ĺ */ => 'l', "\xC4\xBB" /* Ļ */ => 'L', + "\xC4\xBC" /* ļ */ => 'l', "\xC4\xBD" /* Ľ */ => 'L', "\xC4\xBE" /* ľ */ => 'l', + "\xC4\xBF" /* Ŀ */ => 'L', "\xC5\x80" /* ŀ */ => 'l', "\xC5\x81" /* Ł */ => 'L', + "\xC5\x82" /* ł */ => 'l', "\xC5\x83" /* Ń */ => 'N', "\xC5\x84" /* ń */ => 'n', + "\xC5\x85" /* Ņ */ => 'N', "\xC5\x86" /* ņ */ => 'n', "\xC5\x87" /* Ň */ => 'N', + "\xC5\x88" /* ň */ => 'n', "\xC5\x89" /* ʼn */ => 'N', "\xC5\x8A" /* Ŋ */ => 'n', + "\xC5\x8B" /* ŋ */ => 'N', "\xC5\x8C" /* Ō */ => 'O', "\xC5\x8D" /* ō */ => 'o', + "\xC5\x8E" /* Ŏ */ => 'O', "\xC5\x8F" /* ŏ */ => 'o', "\xC5\x90" /* Ő */ => 'O', + "\xC5\x91" /* ő */ => 'o', "\xC5\x92" /* Œ */ => 'OE', "\xC5\x93" /* œ */ => 'oe', + "\xC5\x94" /* Ŕ */ => 'R', "\xC5\x95" /* ŕ */ => 'r', "\xC5\x96" /* Ŗ */ => 'R', + "\xC5\x97" /* ŗ */ => 'r', "\xC5\x98" /* Ř */ => 'R', "\xC5\x99" /* ř */ => 'r', + "\xC5\x9A" /* Ś */ => 'S', "\xC5\x9B" /* ś */ => 's', "\xC5\x9C" /* Ŝ */ => 'S', + "\xC5\x9D" /* ŝ */ => 's', "\xC5\x9E" /* Ş */ => 'S', "\xC5\x9F" /* ş */ => 's', + "\xC5\xA0" /* Š */ => 'S', "\xC5\xA1" /* š */ => 's', "\xC5\xA2" /* Ţ */ => 'T', + "\xC5\xA3" /* ţ */ => 't', "\xC5\xA4" /* Ť */ => 'T', "\xC5\xA5" /* ť */ => 't', + "\xC5\xA6" /* Ŧ */ => 'T', "\xC5\xA7" /* ŧ */ => 't', "\xC5\xA8" /* Ũ */ => 'U', + "\xC5\xA9" /* ũ */ => 'u', "\xC5\xAA" /* Ū */ => 'U', "\xC5\xAB" /* ū */ => 'u', + "\xC5\xAC" /* Ŭ */ => 'U', "\xC5\xAD" /* ŭ */ => 'u', "\xC5\xAE" /* Ů */ => 'U', + "\xC5\xAF" /* ů */ => 'u', "\xC5\xB0" /* Ű */ => 'U', "\xC5\xB1" /* ű */ => 'u', + "\xC5\xB2" /* Ų */ => 'U', "\xC5\xB3" /* ų */ => 'u', "\xC5\xB4" /* Ŵ */ => 'W', + "\xC5\xB5" /* ŵ */ => 'w', "\xC5\xB6" /* Ŷ */ => 'Y', "\xC5\xB7" /* ŷ */ => 'y', + "\xC5\xB8" /* Ÿ */ => 'Y', "\xC5\xB9" /* Ź */ => 'Z', "\xC5\xBA" /* ź */ => 'z', + "\xC5\xBB" /* Ż */ => 'Z', "\xC5\xBC" /* ż */ => 'z', "\xC5\xBD" /* Ž */ => 'Z', + "\xC5\xBE" /* ž */ => 'z', "\xC5\xBF" /* ſ */ => 's', + // Decompositions for Latin Extended-B + "\xC8\x98" /* Ș */ => 'S', "\xC8\x99" /* ș */ => 's', + "\xC8\x9A" /* Ț */ => 'T', "\xC8\x9B" /* ț */ => 't', + // unmarked + "\xC6\xA0" /* Ơ */ => 'O', "\xC6\xA1" /* ơ */ => 'o', + "\xC6\xAF" /* Ư */ => 'U', "\xC6\xB0" /* ư */ => 'u', + // grave accent + "\xE1\xBA\xA6" /* Ầ */ => 'A', "\xE1\xBA\xA7" /* ầ */ => 'a', + "\xE1\xBA\xB0" /* Ằ */ => 'A', "\xE1\xBA\xB1" /* ằ */ => 'a', + "\xE1\xBB\x80" /* Ề */ => 'E', "\xE1\xBB\x81" /* ề */ => 'e', + "\xE1\xBB\x92" /* Ồ */ => 'O', "\xE1\xBB\x93" /* ồ */ => 'o', + "\xE1\xBB\x9C" /* Ờ */ => 'O', "\xE1\xBB\x9D" /* ờ */ => 'o', + "\xE1\xBB\xAA" /* Ừ */ => 'U', "\xE1\xBB\xAB" /* ừ */ => 'u', + "\xE1\xBB\xB2" /* Ỳ */ => 'Y', "\xE1\xBB\xB3" /* ỳ */ => 'y', + // hook + "\xE1\xBA\xA2" /* Ả */ => 'A', "\xE1\xBA\xA3" /* ả */ => 'a', + "\xE1\xBA\xA8" /* Ẩ */ => 'A', "\xE1\xBA\xA9" /* ẩ */ => 'a', + "\xE1\xBA\xB2" /* Ẳ */ => 'A', "\xE1\xBA\xB3" /* ẳ */ => 'a', + "\xE1\xBA\xBA" /* Ẻ */ => 'E', "\xE1\xBA\xBB" /* ẻ */ => 'e', + "\xE1\xBB\x82" /* Ể */ => 'E', "\xE1\xBB\x83" /* ể */ => 'e', + "\xE1\xBB\x88" /* Ỉ */ => 'I', "\xE1\xBB\x89" /* ỉ */ => 'i', + "\xE1\xBB\x8E" /* Ỏ */ => 'O', "\xE1\xBB\x8F" /* ỏ */ => 'o', + "\xE1\xBB\x94" /* Ổ */ => 'O', "\xE1\xBB\x95" /* ổ */ => 'o', + "\xE1\xBB\x9E" /* Ở */ => 'O', "\xE1\xBB\x9F" /* ở */ => 'o', + "\xE1\xBB\xA6" /* Ủ */ => 'U', "\xE1\xBB\xA7" /* ủ */ => 'u', + "\xE1\xBB\xAC" /* Ử */ => 'U', "\xE1\xBB\xAD" /* ử */ => 'u', + "\xE1\xBB\xB6" /* Ỷ */ => 'Y', "\xE1\xBB\xB7" /* ỷ */ => 'y', + // tilde + "\xE1\xBA\xAA" /* Ẫ */ => 'A', "\xE1\xBA\xAB" /* ẫ */ => 'a', + "\xE1\xBA\xB4" /* Ẵ */ => 'A', "\xE1\xBA\xB5" /* ẵ */ => 'a', + "\xE1\xBA\xBC" /* Ẽ */ => 'E', "\xE1\xBA\xBD" /* ẽ */ => 'e', + "\xE1\xBB\x84" /* Ễ */ => 'E', "\xE1\xBB\x85" /* ễ */ => 'e', + "\xE1\xBB\x96" /* Ỗ */ => 'O', "\xE1\xBB\x97" /* ỗ */ => 'o', + "\xE1\xBB\xA0" /* Ỡ */ => 'O', "\xE1\xBB\xA1" /* ỡ */ => 'o', + "\xE1\xBB\xAE" /* Ữ */ => 'U', "\xE1\xBB\xAF" /* ữ */ => 'u', + "\xE1\xBB\xB8" /* Ỹ */ => 'Y', "\xE1\xBB\xB9" /* ỹ */ => 'y', + // acute accent + "\xE1\xBA\xA4" /* Ấ */ => 'A', "\xE1\xBA\xA5" /* ấ */ => 'a', + "\xE1\xBA\xAE" /* Ắ */ => 'A', "\xE1\xBA\xAF" /* ắ */ => 'a', + "\xE1\xBA\xBE" /* Ế */ => 'E', "\xE1\xBA\xBF" /* ế */ => 'e', + "\xE1\xBB\x90" /* Ố */ => 'O', "\xE1\xBB\x91" /* ố */ => 'o', + "\xE1\xBB\x9A" /* Ớ */ => 'O', "\xE1\xBB\x9B" /* ớ */ => 'o', + "\xE1\xBB\xA8" /* Ứ */ => 'U', "\xE1\xBB\xA9" /* ứ */ => 'u', + // dot below + "\xE1\xBA\xA0" /* Ạ */ => 'A', "\xE1\xBA\xA1" /* ạ */ => 'a', + "\xE1\xBA\xAC" /* Ậ */ => 'A', "\xE1\xBA\xAD" /* ậ */ => 'a', + "\xE1\xBA\xB6" /* Ặ */ => 'A', "\xE1\xBA\xB7" /* ặ */ => 'a', + "\xE1\xBA\xB8" /* Ẹ */ => 'E', "\xE1\xBA\xB9" /* ẹ */ => 'e', + "\xE1\xBB\x86" /* Ệ */ => 'E', "\xE1\xBB\x87" /* ệ */ => 'e', + "\xE1\xBB\x8A" /* Ị */ => 'I', "\xE1\xBB\x8B" /* ị */ => 'i', + "\xE1\xBB\x8C" /* Ọ */ => 'O', "\xE1\xBB\x8D" /* ọ */ => 'o', + "\xE1\xBB\x98" /* Ộ */ => 'O', "\xE1\xBB\x99" /* ộ */ => 'o', + "\xE1\xBB\xA2" /* Ợ */ => 'O', "\xE1\xBB\xA3" /* ợ */ => 'o', + "\xE1\xBB\xA4" /* Ụ */ => 'U', "\xE1\xBB\xA5" /* ụ */ => 'u', + "\xE1\xBB\xB0" /* Ự */ => 'U', "\xE1\xBB\xB1" /* ự */ => 'u', + "\xE1\xBB\xB4" /* Ỵ */ => 'Y', "\xE1\xBB\xB5" /* ỵ */ => 'y', + ); + } + + /** + * Tests that "normalizer_normalize" exists and works + * @return bool + */ + static public function hasNormalizerSupport() { + static $ret = null; + if (null === $ret) { + $form_c = "\xC3\x85"; // 'LATIN CAPITAL LETTER A WITH RING ABOVE' (U+00C5) + $form_d = "A\xCC\x8A"; // A followed by 'COMBINING RING ABOVE' (U+030A) + $ret = (function_exists('normalizer_normalize') + && $form_c === normalizer_normalize($form_d)); + } + return $ret; + } +} diff --git a/engine/lib/actions.php b/engine/lib/actions.php index c6613e6d6..53b185dea 100644 --- a/engine/lib/actions.php +++ b/engine/lib/actions.php @@ -82,44 +82,28 @@ function action($action, $forwarder = "") { $forwarder = str_replace(elgg_get_site_url(), "", $forwarder); $forwarder = str_replace("http://", "", $forwarder); $forwarder = str_replace("@", "", $forwarder); - if (substr($forwarder, 0, 1) == "/") { $forwarder = substr($forwarder, 1); } - if (isset($CONFIG->actions[$action])) { - if (elgg_is_admin_logged_in() || ($CONFIG->actions[$action]['access'] !== 'admin')) { - if (elgg_is_logged_in() || ($CONFIG->actions[$action]['access'] === 'public')) { - - // Trigger action event - // @todo This is only called before the primary action is called. - $event_result = true; - $event_result = elgg_trigger_plugin_hook('action', $action, null, $event_result); - - // Include action - // Event_result being false doesn't produce an error - // since i assume this will be handled in the hook itself. - // @todo make this better! - if ($event_result) { - if (!include($CONFIG->actions[$action]['file'])) { - register_error(elgg_echo('actionnotfound', array($action))); - } - } - } else { - register_error(elgg_echo('actionloggedout')); + if (!isset($CONFIG->actions[$action])) { + register_error(elgg_echo('actionundefined', array($action))); + } elseif (!elgg_is_admin_logged_in() && ($CONFIG->actions[$action]['access'] === 'admin')) { + register_error(elgg_echo('actionunauthorized')); + } elseif (!elgg_is_logged_in() && ($CONFIG->actions[$action]['access'] !== 'public')) { + register_error(elgg_echo('actionloggedout')); + } else { + // Returning falsy doesn't produce an error + // We assume this will be handled in the hook itself. + if (elgg_trigger_plugin_hook('action', $action, null, true)) { + if (!include($CONFIG->actions[$action]['file'])) { + register_error(elgg_echo('actionnotfound', array($action))); } - } else { - register_error(elgg_echo('actionunauthorized')); } - } else { - register_error(elgg_echo('actionundefined', array($action))); } - if (!empty($forwarder)) { - forward($forwarder); - } else { - forward(REFERER); - } + $forwarder = empty($forwarder) ? REFERER : $forwarder; + forward($forwarder); } /** @@ -273,8 +257,19 @@ function validate_action_token($visibleerrors = TRUE, $token = NULL, $ts = NULL) } else if ($visibleerrors) { register_error(elgg_echo('actiongatekeeper:tokeninvalid')); } - } else if ($visibleerrors) { - register_error(elgg_echo('actiongatekeeper:missingfields')); + } else { + if (! empty($_SERVER['CONTENT_LENGTH']) && empty($_POST)) { + // The size of $_POST or uploaded file has exceed the size limit + $error_msg = elgg_trigger_plugin_hook('action_gatekeeper:upload_exceeded_msg', 'all', array( + 'post_size' => $_SERVER['CONTENT_LENGTH'], + 'visible_errors' => $visibleerrors, + ), elgg_echo('actiongatekeeper:uploadexceeded')); + } else { + $error_msg = elgg_echo('actiongatekeeper:missingfields'); + } + if ($visibleerrors) { + register_error($error_msg); + } } return FALSE; diff --git a/engine/lib/admin.php b/engine/lib/admin.php index 928101fc5..b65d98c95 100644 --- a/engine/lib/admin.php +++ b/engine/lib/admin.php @@ -244,6 +244,7 @@ function admin_init() { elgg_register_action('profile/fields/delete', '', 'admin'); elgg_register_action('profile/fields/reorder', '', 'admin'); + elgg_register_simplecache_view('css/admin'); elgg_register_simplecache_view('js/admin'); $url = elgg_get_simplecache_url('js', 'admin'); elgg_register_js('elgg.admin', $url); @@ -571,7 +572,7 @@ function admin_markdown_page_handler($pages) { if (!$plugin) { $error = elgg_echo('admin:plugins:markdown:unknown_plugin'); $body = elgg_view_layout('admin', array('content' => $error, 'title' => $error)); - echo elgg_view_page($title, $body, 'admin'); + echo elgg_view_page($error, $body, 'admin'); return true; } diff --git a/engine/lib/cache.php b/engine/lib/cache.php index c117b9ec9..be1c43e14 100644 --- a/engine/lib/cache.php +++ b/engine/lib/cache.php @@ -442,6 +442,7 @@ function _elgg_cache_init() { } if ($CONFIG->system_cache_enabled && !$CONFIG->i18n_loaded_from_cache) { + reload_all_translations(); foreach ($CONFIG->translations as $lang => $map) { elgg_save_system_cache("$lang.php", serialize($map)); } diff --git a/engine/lib/configuration.php b/engine/lib/configuration.php index 9bf1529d6..305aa00b6 100644 --- a/engine/lib/configuration.php +++ b/engine/lib/configuration.php @@ -476,10 +476,12 @@ function get_config($name, $site_guid = 0) { break; } + // @todo these haven't really been implemented in Elgg 1.8. Complete in 1.9. // show dep message if ($new_name) { + // $msg = "Config value $name has been renamed as $new_name"; $name = $new_name; - elgg_deprecated_notice($msg, $dep_version); + // elgg_deprecated_notice($msg, $dep_version); } // decide from where to return the value diff --git a/engine/lib/database.php b/engine/lib/database.php index cc2b99f6a..7d90b30b8 100644 --- a/engine/lib/database.php +++ b/engine/lib/database.php @@ -253,6 +253,10 @@ function execute_query($query, $dblink) { throw new DatabaseException(elgg_echo('DatabaseException:InvalidQuery')); } + if (!is_resource($dblink)) { + throw new DatabaseException(elgg_echo('DatabaseException:InvalidDBLink')); + } + $dbcalls++; $result = mysql_query($query, $dblink); diff --git a/engine/lib/elgglib.php b/engine/lib/elgglib.php index b55958a6c..3026a78e3 100644 --- a/engine/lib/elgglib.php +++ b/engine/lib/elgglib.php @@ -1053,6 +1053,7 @@ function _elgg_php_exception_handler($exception) { * * @return true * @access private + * @todo Replace error_log calls with elgg_log calls. */ function _elgg_php_error_handler($errno, $errmsg, $filename, $linenum, $vars) { $error = date("Y-m-d H:i:s (T)") . ": \"$errmsg\" in file $filename (line $linenum)"; @@ -1068,6 +1069,7 @@ function _elgg_php_error_handler($errno, $errmsg, $filename, $linenum, $vars) { case E_WARNING : case E_USER_WARNING : + case E_RECOVERABLE_ERROR: // (e.g. type hint violation) error_log("PHP WARNING: $error"); break; @@ -1092,8 +1094,8 @@ function _elgg_php_error_handler($errno, $errmsg, $filename, $linenum, $vars) { * * @note No messages will be displayed unless debugging has been enabled. * - * @param str $message User message - * @param str $level NOTICE | WARNING | ERROR | DEBUG + * @param string $message User message + * @param string $level NOTICE | WARNING | ERROR | DEBUG * * @return bool * @since 1.7.0 @@ -1263,7 +1265,7 @@ function elgg_deprecated_notice($msg, $dep_version, $backtrace_level = 1) { $msg .= implode("<br /> -> ", $stack); - elgg_dump($msg, elgg_is_admin_logged_in(), 'WARNING'); + elgg_log($msg, 'WARNING'); return true; } @@ -1576,7 +1578,11 @@ function elgg_http_url_is_identical($url1, $url2, $ignore_params = array('offset * @return void * @since 1.8.0 */ -function elgg_extract($key, array $array, $default = NULL, $strict = true) { +function elgg_extract($key, array $array, $default = null, $strict = true) { + if (!is_array($array)) { + return $default; + } + if ($strict) { return (isset($array[$key])) ? $array[$key] : $default; } else { @@ -2014,10 +2020,20 @@ function elgg_is_valid_options_for_batch_operation($options, $type) { * * @link http://docs.elgg.org/Tutorials/WalledGarden * @elgg_plugin_hook index system + * + * @param string $hook The name of the hook + * @param string $type The type of hook + * @param bool $value Has a plugin already rendered an index page? + * @param array $params Array of parameters (should be empty) * @return bool * @access private */ -function elgg_walled_garden_index() { +function elgg_walled_garden_index($hook, $type, $value, $params) { + if ($value) { + // do not create a second index page so return + return; + } + elgg_load_css('elgg.walled_garden'); elgg_load_js('elgg.walled_garden'); @@ -2082,6 +2098,22 @@ function elgg_walled_garden() { } /** + * Remove public access for walled gardens + * + * @param string $hook + * @param string $type + * @param array $accesses + * @return array + * @access private + */ +function _elgg_walled_garden_remove_public_access($hook, $type, $accesses) { + if (isset($accesses[ACCESS_PUBLIC])) { + unset($accesses[ACCESS_PUBLIC]); + } + return $accesses; +} + +/** * Boots the engine * * 1. sets error handlers @@ -2104,11 +2136,13 @@ function _elgg_engine_boot() { _elgg_load_application_config(); - register_translations(dirname(dirname(dirname(__FILE__))) . "/languages/"); - _elgg_load_site_config(); + _elgg_session_boot(); + _elgg_load_cache(); + + _elgg_load_translations(); } /** @@ -2137,6 +2171,7 @@ function elgg_init() { elgg_register_js('jquery.easing', 'vendors/jquery/jquery.easing.1.3.packed.js'); elgg_register_js('elgg.avatar_cropper', 'js/lib/ui.avatar_cropper.js'); elgg_register_js('jquery.imgareaselect', 'vendors/jquery/jquery.imgareaselect-0.9.8/scripts/jquery.imgareaselect.min.js'); + elgg_register_js('elgg.ui.river', 'js/lib/ui.river.js'); elgg_register_css('jquery.imgareaselect', 'vendors/jquery/jquery.imgareaselect-0.9.8/css/imgareaselect-deprecated.css'); diff --git a/engine/lib/entities.php b/engine/lib/entities.php index b8ebbd68a..3896cd58f 100644 --- a/engine/lib/entities.php +++ b/engine/lib/entities.php @@ -326,6 +326,10 @@ function add_subtype($type, $subtype, $class = "") { /** * Removes a registered ElggEntity type, subtype, and classname. * + * @warning You do not want to use this function. If you want to unregister + * a class for a subtype, use update_subtype(). Using this function will + * permanently orphan all the objects created with the specified subtype. + * * @param string $type Type * @param string $subtype Subtype * @@ -344,7 +348,7 @@ function remove_subtype($type, $subtype) { } /** - * Update a registered ElggEntity type, subtype, and classname + * Update a registered ElggEntity type, subtype, and class name * * @param string $type Type * @param string $subtype Subtype @@ -353,7 +357,7 @@ function remove_subtype($type, $subtype) { * @return bool */ function update_subtype($type, $subtype, $class = '') { - global $CONFIG; + global $CONFIG, $SUBTYPE_CACHE; if (!$id = get_subtype_id($type, $subtype)) { return FALSE; @@ -361,10 +365,16 @@ function update_subtype($type, $subtype, $class = '') { $type = sanitise_string($type); $subtype = sanitise_string($subtype); - return update_data("UPDATE {$CONFIG->dbprefix}entity_subtypes + $result = update_data("UPDATE {$CONFIG->dbprefix}entity_subtypes SET type = '$type', subtype = '$subtype', class = '$class' WHERE id = $id "); + + if ($result && isset($SUBTYPE_CACHE[$id])) { + $SUBTYPE_CACHE[$id]->class = $class; + } + + return $result; } /** @@ -943,11 +953,11 @@ function elgg_get_entities(array $options = array()) { } if (!$options['count']) { - if ($options['group_by'] = sanitise_string($options['group_by'])) { + if ($options['group_by']) { $query .= " GROUP BY {$options['group_by']}"; } - if ($options['order_by'] = sanitise_string($options['order_by'])) { + if ($options['order_by']) { $query .= " ORDER BY {$options['order_by']}"; } @@ -1493,6 +1503,7 @@ function enable_entity($guid, $recursive = true) { 'relationship' => 'disabled_with', 'relationship_guid' => $entity->guid, 'inverse_relationship' => true, + 'limit' => 0, )); foreach ($disabled_with_it as $e) { @@ -1808,7 +1819,7 @@ function import_entity_plugin_hook($hook, $entity_type, $returnvalue, $params) { if ($tmp) { // Make sure its saved if (!$tmp->save()) { - elgg_echo('ImportException:ProblemSaving', array($element->getAttribute('uuid'))); + $msg = elgg_echo('ImportException:ProblemSaving', array($element->getAttribute('uuid'))); throw new ImportException($msg); } diff --git a/engine/lib/extender.php b/engine/lib/extender.php index ffd3c1357..43421342c 100644 --- a/engine/lib/extender.php +++ b/engine/lib/extender.php @@ -105,6 +105,7 @@ function import_extender_plugin_hook($hook, $entity_type, $returnvalue, $params) // Save if (!$entity->save()) { + $attr_name = $element->getAttribute('name'); $msg = elgg_echo('ImportException:ProblemUpdatingMeta', array($attr_name, $entity_uuid)); throw new ImportException($msg); } @@ -120,7 +121,7 @@ function import_extender_plugin_hook($hook, $entity_type, $returnvalue, $params) * @param string $type 'metadata' or 'annotation' * @param int $user_guid The GUID of the user * - * @return true|false + * @return bool */ function can_edit_extender($extender_id, $type, $user_guid = 0) { if (!elgg_is_logged_in()) { @@ -155,7 +156,7 @@ function can_edit_extender($extender_id, $type, $user_guid = 0) { } // Trigger plugin hooks - $params = array('entity' => $entity, 'user' => $user); + $params = array('entity' => $extender->getEntity(), 'user' => $user); return elgg_trigger_plugin_hook('permissions_check', $type, $params, false); } diff --git a/engine/lib/filestore.php b/engine/lib/filestore.php index 86f6d9baa..93a127257 100644 --- a/engine/lib/filestore.php +++ b/engine/lib/filestore.php @@ -149,6 +149,12 @@ $x1 = 0, $y1 = 0, $x2 = 0, $y2 = 0, $upscale = FALSE) { return FALSE; } + // color transparencies white (default is black) + imagefilledrectangle( + $new_image, 0, 0, $params['newwidth'], $params['newheight'], + imagecolorallocate($new_image, 255, 255, 255) + ); + $rtn_code = imagecopyresampled( $new_image, $original_image, 0, diff --git a/engine/lib/input.php b/engine/lib/input.php index dda8211b6..6d1646e1a 100644 --- a/engine/lib/input.php +++ b/engine/lib/input.php @@ -283,7 +283,7 @@ function input_livesearch_page_handler($page) { WHERE e.guid = ue.guid AND e.enabled = 'yes' AND ue.banned = 'no' - AND (ue.name LIKE '$q%' OR ue.username LIKE '$q%') + AND (ue.name LIKE '$q%' OR ue.name LIKE '% $q%' OR ue.username LIKE '$q%') LIMIT $limit "; @@ -333,7 +333,7 @@ function input_livesearch_page_handler($page) { WHERE e.guid = ge.guid AND e.enabled = 'yes' $owner_where - AND (ge.name LIKE '$q%' OR ge.description LIKE '%$q%') + AND (ge.name LIKE '$q%' OR ge.name LIKE '% $q%' OR ge.description LIKE '% $q%') LIMIT $limit "; if ($entities = get_data($query)) { @@ -379,7 +379,7 @@ function input_livesearch_page_handler($page) { AND e.guid = ue.guid AND e.enabled = 'yes' AND ue.banned = 'no' - AND (ue.name LIKE '$q%' OR ue.username LIKE '$q%') + AND (ue.name LIKE '$q%' OR ue.name LIKE '% $q%' OR ue.username LIKE '$q%') LIMIT $limit "; diff --git a/engine/lib/languages.php b/engine/lib/languages.php index 7a508d298..98006f7cd 100644 --- a/engine/lib/languages.php +++ b/engine/lib/languages.php @@ -8,6 +8,65 @@ */ /** + * Given a message key, returns an appropriately translated full-text string + * + * @param string $message_key The short message code + * @param array $args An array of arguments to pass through vsprintf(). + * @param string $language Optionally, the standard language code + * (defaults to site/user default, then English) + * + * @return string Either the translated string, the English string, + * or the original language string. + */ +function elgg_echo($message_key, $args = array(), $language = "") { + global $CONFIG; + + static $CURRENT_LANGUAGE; + + // old param order is deprecated + if (!is_array($args)) { + elgg_deprecated_notice( + 'As of Elgg 1.8, the 2nd arg to elgg_echo() is an array of string replacements and the 3rd arg is the language.', + 1.8 + ); + + $language = $args; + $args = array(); + } + + if (!isset($CONFIG->translations)) { + // this means we probably had an exception before translations were initialized + register_translations(dirname(dirname(dirname(__FILE__))) . "/languages/"); + } + + if (!$CURRENT_LANGUAGE) { + $CURRENT_LANGUAGE = get_language(); + } + if (!$language) { + $language = $CURRENT_LANGUAGE; + } + + if (isset($CONFIG->translations[$language][$message_key])) { + $string = $CONFIG->translations[$language][$message_key]; + } else if (isset($CONFIG->translations["en"][$message_key])) { + $string = $CONFIG->translations["en"][$message_key]; + $lang = $CONFIG->translations["en"][$language]; + elgg_log(sprintf('Missing %s translation for "%s" language key', $lang, $message_key), 'NOTICE'); + } else { + $string = $message_key; + elgg_log(sprintf('Missing English translation for "%s" language key', $message_key), 'NOTICE'); + } + + // only pass through if we have arguments to allow backward compatibility + // with manual sprintf() calls. + if ($args) { + $string = vsprintf($string, $args); + } + + return $string; +} + +/** * Add a translation. * * Translations are arrays in the Zend Translation array format, eg: @@ -82,56 +141,34 @@ function get_language() { return false; } -/** - * Given a message shortcode, returns an appropriately translated full-text string - * - * @param string $message_key The short message code - * @param array $args An array of arguments to pass through vsprintf(). - * @param string $language Optionally, the standard language code - * (defaults to site/user default, then English) - * - * @return string Either the translated string, the English string, - * or the original language string. - */ -function elgg_echo($message_key, $args = array(), $language = "") { +function _elgg_load_translations() { global $CONFIG; - static $CURRENT_LANGUAGE; - - // old param order is deprecated - if (!is_array($args)) { - elgg_deprecated_notice( - 'As of Elgg 1.8, the 2nd arg to elgg_echo() is an array of string replacements and the 3rd arg is the language.', - 1.8 - ); - - $language = $args; - $args = array(); - } + if ($CONFIG->system_cache_enabled) { + $loaded = true; + $languages = array_unique(array('en', get_current_language())); + foreach ($languages as $language) { + $data = elgg_load_system_cache("$language.php"); + if ($data) { + add_translation($language, unserialize($data)); + } else { + $loaded = false; + } + } - if (!$CURRENT_LANGUAGE) { - $CURRENT_LANGUAGE = get_language(); - } - if (!$language) { - $language = $CURRENT_LANGUAGE; + if ($loaded) { + $CONFIG->i18n_loaded_from_cache = true; + // this is here to force + $CONFIG->language_paths[dirname(dirname(dirname(__FILE__))) . "/languages/"] = true; + return; + } } - if (isset($CONFIG->translations[$language][$message_key])) { - $string = $CONFIG->translations[$language][$message_key]; - } else if (isset($CONFIG->translations["en"][$message_key])) { - $string = $CONFIG->translations["en"][$message_key]; - } else { - $string = $message_key; - } + // load core translations from languages directory + register_translations(dirname(dirname(dirname(__FILE__))) . "/languages/"); +} - // only pass through if we have arguments to allow backward compatibility - // with manual sprintf() calls. - if ($args) { - $string = vsprintf($string, $args); - } - return $string; -} /** * When given a full path, finds translation files and loads them @@ -145,16 +182,9 @@ function elgg_echo($message_key, $args = array(), $language = "") { function register_translations($path, $load_all = false) { global $CONFIG; - static $load_from_cache; - static $cache_loaded_langs; - if (!isset($load_from_cache)) { - $load_from_cache = $CONFIG->system_cache_enabled; - $cache_loaded_langs = array(); - } - $path = sanitise_filepath($path); - // Make a note of this path just in case we need to register this language later + // Make a note of this path just incase we need to register this language later if (!isset($CONFIG->language_paths)) { $CONFIG->language_paths = array(); } @@ -162,6 +192,7 @@ function register_translations($path, $load_all = false) { // Get the current language based on site defaults and user preference $current_language = get_current_language(); + elgg_log("Translations loaded from: $path"); // only load these files unless $load_all is true. $load_language_files = array( @@ -171,32 +202,6 @@ function register_translations($path, $load_all = false) { $load_language_files = array_unique($load_language_files); - if ($load_from_cache && !$load_all) { - // load language files from cache - $data = array(); - foreach ($load_language_files as $lang_file) { - $lang = substr($lang_file, 0, strpos($lang_file, '.')); - if (!isset($cache_loaded_langs[$lang])) { - $data[$lang] = elgg_load_system_cache($lang_file); - if ($data[$lang]) { - $cache_loaded_langs[$lang] = true; - } else { - // this language file not cached yet - $load_from_cache = false; - } - } - } - - // are we still suppose to load from cache - if ($load_from_cache) { - foreach ($data as $lang => $map) { - add_translation($lang, unserialize($map)); - } - $CONFIG->i18n_loaded_from_cache = true; - return true; - } - } - $handle = opendir($path); if (!$handle) { elgg_log("Could not open language path: $path", 'ERROR'); @@ -218,11 +223,6 @@ function register_translations($path, $load_all = false) { } } - elgg_log("Translations loaded from: $path"); - - // make sure caching code saves language data if system cache is on - $CONFIG->i18n_loaded_from_cache = false; - return $return; } diff --git a/engine/lib/metadata.php b/engine/lib/metadata.php index 0ff3a43dc..77fa30e41 100644 --- a/engine/lib/metadata.php +++ b/engine/lib/metadata.php @@ -361,13 +361,24 @@ function elgg_enable_metadata(array $options) { * options available to elgg_get_entities(). Supports * the singular option shortcut. * - * NB: Using metadata_names and metadata_values results in a + * @note Using metadata_names and metadata_values results in a * "names IN (...) AND values IN (...)" clause. This is subtly * differently than default multiple metadata_name_value_pairs, which use * "(name = value) AND (name = value)" clauses. * * When in doubt, use name_value_pairs. * + * To ask for entities that do not have a metadata value, use a custom + * where clause like this: + * + * $options['wheres'][] = "NOT EXISTS ( + * SELECT 1 FROM {$dbprefix}metadata md + * WHERE md.entity_guid = e.guid + * AND md.name_id = $name_metastring_id + * AND md.value_id = $value_metastring_id)"; + * + * Note the metadata name and value has been denormalized in the above example. + * * @see elgg_get_entities * * @param array $options Array in format: diff --git a/engine/lib/navigation.php b/engine/lib/navigation.php index a7984ce5a..10b11acfe 100644 --- a/engine/lib/navigation.php +++ b/engine/lib/navigation.php @@ -230,7 +230,7 @@ function elgg_pop_breadcrumb() { global $CONFIG; if (is_array($CONFIG->breadcrumbs)) { - array_pop($CONFIG->breadcrumbs); + return array_pop($CONFIG->breadcrumbs); } return FALSE; @@ -335,6 +335,19 @@ function elgg_river_menu_setup($hook, $type, $return, $params) { $return[] = ElggMenuItem::factory($options); } } + + if (elgg_is_admin_logged_in()) { + $options = array( + 'name' => 'delete', + 'href' => "action/river/delete?id=$item->id", + 'text' => elgg_view_icon('delete'), + 'title' => elgg_echo('delete'), + 'confirm' => elgg_echo('deleteconfirm'), + 'is_action' => true, + 'priority' => 200, + ); + $return[] = ElggMenuItem::factory($options); + } } return $return; diff --git a/engine/lib/notification.php b/engine/lib/notification.php index 5a2f5f8ac..18faff27f 100644 --- a/engine/lib/notification.php +++ b/engine/lib/notification.php @@ -480,8 +480,8 @@ function object_notifications($event, $object_type, $object) { } if (isset($CONFIG->register_objects[$object_type][$object_subtype])) { - $descr = $CONFIG->register_objects[$object_type][$object_subtype]; - $string = $descr . ": " . $object->getURL(); + $subject = $CONFIG->register_objects[$object_type][$object_subtype]; + $string = $subject . ": " . $object->getURL(); // Get users interested in content from this person and notify them // (Person defined by container_guid so we can also subscribe to groups if we want) @@ -500,16 +500,16 @@ function object_notifications($event, $object_type, $object) { if ($user instanceof ElggUser && !$user->isBanned()) { if (($user->guid != $SESSION['user']->guid) && has_access_to_entity($object, $user) && $object->access_id != ACCESS_PRIVATE) { - $methodstring = elgg_trigger_plugin_hook('notify:entity:message', $object->getType(), array( + $body = elgg_trigger_plugin_hook('notify:entity:message', $object->getType(), array( 'entity' => $object, 'to_entity' => $user, 'method' => $method), $string); - if (empty($methodstring) && $methodstring !== false) { - $methodstring = $string; + if (empty($body) && $body !== false) { + $body = $string; } - if ($methodstring !== false) { - notify_user($user->guid, $object->container_guid, $descr, $methodstring, - NULL, array($method)); + if ($body !== false) { + notify_user($user->guid, $object->container_guid, $subject, $body, + null, array($method)); } } } diff --git a/engine/lib/output.php b/engine/lib/output.php index b1245a924..7bfc4be6e 100644 --- a/engine/lib/output.php +++ b/engine/lib/output.php @@ -310,19 +310,11 @@ function elgg_get_friendly_title($title) { return $result; } - // @todo not using this because of locale concerns - //$title = iconv('UTF-8', 'ASCII//TRANSLIT', $title); - - // @todo this uses a utf8 character class. can use if - // we want to support utf8 in the url. - //$title = preg_replace('/[^\p{L}\- ]/u', '', $title); - - // use A-Za-z0-9_ instead of \w because \w is locale sensitive - $title = preg_replace("/[^A-Za-z0-9_\- ]/", "", $title); - $title = str_replace(" ", "-", $title); - $title = str_replace("--", "-", $title); - $title = trim($title); - $title = elgg_strtolower($title); + // handle some special cases + $title = str_replace('&', 'and', $title); + + $title = ElggTranslit::urlize($title); + return $title; } diff --git a/engine/lib/pagehandler.php b/engine/lib/pagehandler.php index a675d976a..ba7518a77 100644 --- a/engine/lib/pagehandler.php +++ b/engine/lib/pagehandler.php @@ -31,18 +31,18 @@ function page_handler($handler, $page) { } // return false to stop processing the request (because you handled it) - // return a new $params array if you want to route the request differently - $params = array( + // return a new $request array if you want to route the request differently + $request = array( 'handler' => $handler, 'segments' => $page, ); - $params = elgg_trigger_plugin_hook('route', $handler, NULL, $params); - if ($params === false) { + $request = elgg_trigger_plugin_hook('route', $handler, null, $request); + if ($request === false) { return true; } - $handler = $params['handler']; - $page = $params['segments']; + $handler = $request['handler']; + $page = $request['segments']; $result = false; if (isset($CONFIG->pagehandler) && !empty($handler) && isset($CONFIG->pagehandler[$handler])) { @@ -129,7 +129,7 @@ function elgg_error_page_handler($hook, $type, $result, $params) { $content = elgg_view("errors/default", $params); } $body = elgg_view_layout('error', array('content' => $content)); - echo elgg_view_page($title, $body, 'error'); + echo elgg_view_page('', $body, 'error'); exit; } diff --git a/engine/lib/plugins.php b/engine/lib/plugins.php index 39a76db5d..d5cd4fe76 100644 --- a/engine/lib/plugins.php +++ b/engine/lib/plugins.php @@ -311,6 +311,10 @@ function elgg_load_plugins() { $start_flags = $start_flags & ~ELGG_PLUGIN_REGISTER_VIEWS; } + if (elgg_get_config('i18n_loaded_from_cache')) { + $start_flags = $start_flags & ~ELGG_PLUGIN_REGISTER_LANGUAGES; + } + $return = true; $plugins = elgg_get_plugins('active'); if ($plugins) { diff --git a/engine/lib/relationships.php b/engine/lib/relationships.php index f50c4a485..09d541e22 100644 --- a/engine/lib/relationships.php +++ b/engine/lib/relationships.php @@ -239,6 +239,15 @@ function get_entity_relationships($guid, $inverse_relationship = FALSE) { * Also accepts all options available to elgg_get_entities() and * elgg_get_entities_from_metadata(). * + * To ask for entities that do not have a particulat relationship to an entity, + * use a custom where clause like the following: + * + * $options['wheres'][] = "NOT EXISTS ( + * SELECT 1 FROM {$db_prefix}entity_relationships + * WHERE guid_one = e.guid + * AND relationship = '$relationship' + * )"; + * * @see elgg_get_entities * @see elgg_get_entities_from_metadata * diff --git a/engine/lib/river.php b/engine/lib/river.php index 547d9495e..b717a7756 100644 --- a/engine/lib/river.php +++ b/engine/lib/river.php @@ -55,7 +55,7 @@ $posted = 0, $annotation_id = 0) { $posted = sanitise_int($posted); $annotation_id = sanitise_int($annotation_id); - $params = array( + $values = array( 'type' => $type, 'subtype' => $subtype, 'action_type' => $action_type, @@ -68,13 +68,13 @@ $posted = 0, $annotation_id = 0) { ); // return false to stop insert - $params = elgg_trigger_plugin_hook('creating', 'river', null, $params); - if ($params == false) { + $values = elgg_trigger_plugin_hook('creating', 'river', null, $values); + if ($values == false) { // inserting did not fail - it was just prevented return true; } - extract($params); + extract($values); // Attempt to save river item; return success status $id = insert_data("insert into {$CONFIG->dbprefix}river " . @@ -643,9 +643,11 @@ function elgg_river_init() { elgg_register_page_handler('activity', 'elgg_river_page_handler'); $item = new ElggMenuItem('activity', elgg_echo('activity'), 'activity'); elgg_register_menu_item('site', $item); - + elgg_register_widget_type('river_widget', elgg_echo('river:widget:title'), elgg_echo('river:widget:description')); + elgg_register_action('river/delete', '', 'admin'); + elgg_register_plugin_hook_handler('unit_test', 'system', 'elgg_river_test'); } diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php index 419d36707..72ca0a1c2 100644 --- a/engine/lib/sessions.php +++ b/engine/lib/sessions.php @@ -376,14 +376,10 @@ function logout() { * * @uses $_SESSION * - * @param string $event Event name - * @param string $object_type Object type - * @param mixed $object Object - * * @return bool * @access private */ -function _elgg_session_boot($event, $object_type, $object) { +function _elgg_session_boot() { global $DB_PREFIX, $CONFIG; // Use database for sessions @@ -464,9 +460,6 @@ function _elgg_session_boot($event, $object_type, $object) { return false; } - // Since we have loaded a new user, this user may have different language preferences - register_translations(dirname(dirname(dirname(__FILE__))) . "/languages/"); - return true; } @@ -658,5 +651,3 @@ function _elgg_session_gc($maxlifetime) { return true; } - -elgg_register_event_handler('boot', 'system', '_elgg_session_boot', 2); diff --git a/engine/lib/statistics.php b/engine/lib/statistics.php index e1f95ed97..5ee640549 100644 --- a/engine/lib/statistics.php +++ b/engine/lib/statistics.php @@ -95,8 +95,8 @@ function get_number_users($show_deactivated = false) { * @return string */ function get_online_users() { - $count = find_active_users(600, 10, $offset, true); - $objects = find_active_users(600, 10, $offset); + $count = find_active_users(600, 10, 0, true); + $objects = find_active_users(600, 10); if ($objects) { return elgg_view_entity_list($objects, array( diff --git a/engine/lib/system_log.php b/engine/lib/system_log.php index 28d90be56..53fa24557 100644 --- a/engine/lib/system_log.php +++ b/engine/lib/system_log.php @@ -156,9 +156,8 @@ function get_object_from_log_entry($entry_id) { * This is called by the event system and should not be called directly. * * @param object $object The object you're talking about. - * @param string $event String The event being logged - * - * @return mixed + * @param string $event The event being logged + * @return void */ function system_log($object, $event) { global $CONFIG; @@ -166,6 +165,12 @@ function system_log($object, $event) { static $cache_size = 0; if ($object instanceof Loggable) { + + if (datalist_get('version') < 2012012000) { + // this is a site that doesn't have the ip_address column yet + return; + } + // reset cache if it has grown too large if (!is_array($log_cache) || $cache_size > 500) { $log_cache = array(); @@ -213,8 +218,6 @@ function system_log($object, $event) { $log_cache[$time][$object_id][$event] = true; $cache_size += 1; } - - return true; } } diff --git a/engine/lib/users.php b/engine/lib/users.php index e209f2c38..527eff3cd 100644 --- a/engine/lib/users.php +++ b/engine/lib/users.php @@ -136,7 +136,6 @@ function ban_user($user_guid, $reason = "") { global $CONFIG; $user_guid = (int)$user_guid; - $reason = sanitise_string($reason); $user = get_entity($user_guid); @@ -810,6 +809,12 @@ function validate_username($username) { $msg = elgg_echo('registration:usernametooshort', array($CONFIG->minusername)); throw new RegistrationException($msg); } + + // username in the database has a limit of 128 characters + if (strlen($username) > 128) { + $msg = elgg_echo('registration:usernametoolong', array(128)); + throw new RegistrationException($msg); + } // Blacklist for bad characters (partially nicked from mediawiki) $blacklist = '/[' . @@ -1556,7 +1561,7 @@ function users_init() { elgg_register_action('friends/remove'); elgg_register_action('avatar/upload'); elgg_register_action('avatar/crop'); - elgg_register_action('avatar/revert'); + elgg_register_action('avatar/remove'); elgg_register_action('profile/edit'); elgg_register_action('friends/collections/add'); diff --git a/engine/lib/views.php b/engine/lib/views.php index 1b013be6f..b00334062 100644 --- a/engine/lib/views.php +++ b/engine/lib/views.php @@ -303,7 +303,7 @@ function elgg_set_view_location($view, $location, $viewtype = '') { /** * Returns whether the specified view exists * - * @note If $recurse is strue, also checks if a view exists only as an extension. + * @note If $recurse is true, also checks if a view exists only as an extension. * * @param string $view The view name * @param string $viewtype If set, forces the viewtype @@ -403,7 +403,7 @@ function elgg_view($view, $vars = array(), $bypass = false, $debug = false, $vie $view_orig = $view; // Trigger the pagesetup event - if (!isset($CONFIG->pagesetupdone)) { + if (!isset($CONFIG->pagesetupdone) && $CONFIG->boot_complete) { $CONFIG->pagesetupdone = true; elgg_trigger_event('pagesetup', 'system'); } @@ -1224,12 +1224,12 @@ function elgg_view_image_block($image, $body, $vars = array()) { * @param string $type The type of module (main, info, popup, aside, etc.) * @param string $title A title to put in the header * @param string $body Content of the module - * @param string $vars Additional parameters for the module + * @param array $vars Additional parameters for the module * * @return string * @since 1.8.0 */ -function elgg_view_module($type, $title, $body, $vars = array()) { +function elgg_view_module($type, $title, $body, array $vars = array()) { $vars['class'] = elgg_extract('class', $vars, '') . " elgg-module-$type"; $vars['title'] = $title; diff --git a/engine/start.php b/engine/start.php index 506e27380..55b8ffa5b 100644 --- a/engine/start.php +++ b/engine/start.php @@ -49,6 +49,7 @@ global $CONFIG; if (!isset($CONFIG)) { $CONFIG = new stdClass; } +$CONFIG->boot_complete = false; $lib_dir = dirname(__FILE__) . '/lib/'; @@ -99,11 +100,22 @@ elgg_trigger_event('boot', 'system'); // Load the plugins that are active elgg_load_plugins(); + +// @todo move loading plugins into a single boot function that replaces 'boot', 'system' event +// and then move this code in there. +// This validates the view type - first opportunity to do it is after plugins load. +$view_type = elgg_get_viewtype(); +if (!elgg_is_valid_view_type($view_type)) { + elgg_set_viewtype('default'); +} + // @todo deprecate as plugins can use 'init', 'system' event elgg_trigger_event('plugins_boot', 'system'); // Complete the boot process for both engine and plugins elgg_trigger_event('init', 'system'); +$CONFIG->boot_complete = true; + // System loaded and ready elgg_trigger_event('ready', 'system'); diff --git a/engine/tests/api/metadata.php b/engine/tests/api/metadata.php index 2461e975e..9933263d1 100644 --- a/engine/tests/api/metadata.php +++ b/engine/tests/api/metadata.php @@ -28,6 +28,9 @@ class ElggCoreMetadataAPITest extends ElggCoreUnitTest { public function testGetMetastringById() { foreach (array('metaUnitTest', 'metaunittest', 'METAUNITTEST') as $string) { + // since there is no guarantee that metastrings are garbage collected + // between unit test runs, we delete before testing + $this->delete_metastrings($string); $this->create_metastring($string); } @@ -43,9 +46,6 @@ class ElggCoreMetadataAPITest extends ElggCoreUnitTest { { $this->assertTrue(in_array($string, $this->metastrings)); } - - // clean up - $this->delete_metastrings(); } public function testElggGetEntitiesFromMetadata() { @@ -77,7 +77,6 @@ class ElggCoreMetadataAPITest extends ElggCoreUnitTest { // clean up $this->object->delete(); - $this->delete_metastrings(); } public function testElggGetMetadataCount() { @@ -198,20 +197,20 @@ class ElggCoreMetadataAPITest extends ElggCoreUnitTest { $u2->delete(); } - - protected function create_metastring($string) { + protected function delete_metastrings($string) { global $CONFIG, $METASTRINGS_CACHE, $METASTRINGS_DEADNAME_CACHE; $METASTRINGS_CACHE = $METASTRINGS_DEADNAME_CACHE = array(); - mysql_query("INSERT INTO {$CONFIG->dbprefix}metastrings (string) VALUES ('$string')"); - $this->metastrings[$string] = mysql_insert_id(); + $string = sanitise_string($string); + mysql_query("DELETE FROM {$CONFIG->dbprefix}metastrings WHERE string = BINARY '$string'"); } - protected function delete_metastrings() { + protected function create_metastring($string) { global $CONFIG, $METASTRINGS_CACHE, $METASTRINGS_DEADNAME_CACHE; $METASTRINGS_CACHE = $METASTRINGS_DEADNAME_CACHE = array(); - $strings = implode(', ', $this->metastrings); - mysql_query("DELETE FROM {$CONFIG->dbprefix}metastrings WHERE id IN ($strings)"); + $string = sanitise_string($string); + mysql_query("INSERT INTO {$CONFIG->dbprefix}metastrings (string) VALUES ('$string')"); + $this->metastrings[$string] = mysql_insert_id(); } } diff --git a/engine/tests/api/plugins.php b/engine/tests/api/plugins.php index 8ecb0a46c..114f3991b 100644 --- a/engine/tests/api/plugins.php +++ b/engine/tests/api/plugins.php @@ -68,6 +68,9 @@ class ElggCorePluginsAPITest extends ElggCoreUnitTest { 'blurb' => 'A concise description.', 'description' => 'A longer, more interesting description.', 'website' => 'http://www.elgg.org/', + 'repository' => 'https://github.com/Elgg/Elgg', + 'bugtracker' => 'http://trac.elgg.org', + 'donations' => 'http://elgg.org/supporter.php', 'copyright' => '(C) Elgg Foundation 2011', 'license' => 'GNU General Public License version 2', @@ -164,6 +167,21 @@ class ElggCorePluginsAPITest extends ElggCoreUnitTest { $this->assertEqual($this->manifest18->getWebsite(), 'http://www.elgg.org/'); $this->assertEqual($this->manifest17->getWebsite(), 'http://www.elgg.org/'); } + + public function testElggPluginManifestGetRepository() { + $this->assertEqual($this->manifest18->getRepositoryURL(), 'https://github.com/Elgg/Elgg'); + $this->assertEqual($this->manifest17->getRepositoryURL(), ''); + } + + public function testElggPluginManifestGetBugtracker() { + $this->assertEqual($this->manifest18->getBugTrackerURL(), 'http://trac.elgg.org'); + $this->assertEqual($this->manifest17->getBugTrackerURL(), ''); + } + + public function testElggPluginManifestGetDonationsPage() { + $this->assertEqual($this->manifest18->getDonationsPageURL(), 'http://elgg.org/supporter.php'); + $this->assertEqual($this->manifest17->getDonationsPageURL(), ''); + } public function testElggPluginManifestGetCopyright() { $this->assertEqual($this->manifest18->getCopyright(), '(C) Elgg Foundation 2011'); diff --git a/engine/tests/regression/trac_bugs.php b/engine/tests/regression/trac_bugs.php index 26a45ab6a..691433a41 100644 --- a/engine/tests/regression/trac_bugs.php +++ b/engine/tests/regression/trac_bugs.php @@ -202,16 +202,33 @@ class ElggCoreRegressionBugsTest extends ElggCoreUnitTest { /** * http://trac.elgg.org/ticket/3210 - Don't remove -s in friendly titles - * @todo: http://trac.elgg.org/ticket/2276 - improve char encoding + * http://trac.elgg.org/ticket/2276 - improve char encoding */ public function test_friendly_title() { $cases = array( - 'Simple Test' => 'simple-test', - 'Test top-level page' => 'test-top-level-page', -// 'éclair' => 'éclair', -// 'English, Español, and 日本語' => 'english-español-and-日本語' + // hyphen, underscore and ASCII whitespace replaced by separator, + // other non-alphanumeric ASCII removed + "a-a_a a\na\ra\ta\va!a\"a#a\$a%a&a'a(a)a*a+a,a.a/a:a;a<a=a>a?a@a[a\\a]a^a`a{a|a}a~a" + => "a-a-a-a-a-a-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", + + // separators trimmed + "-_ hello _-" => "hello", + + // accents removed, lower case, other multibyte chars are URL encoded + "I\xC3\xB1t\xC3\xABrn\xC3\xA2ti\xC3\xB4n\xC3\xA0liz\xC3\xA6ti\xC3\xB8n, AND \xE6\x97\xA5\xE6\x9C\xAC\xE8\xAA\x9E" + // Iñtërnâtiônàlizætiøn, AND 日本語 + => 'internationalizaetion-and-%E6%97%A5%E6%9C%AC%E8%AA%9E', + + // some HTML entity replacements + "Me & You" => 'me-and-you', ); + // where available, string is converted to NFC before transliteration + if (ElggTranslit::hasNormalizerSupport()) { + $form_d = "A\xCC\x8A"; // A followed by 'COMBINING RING ABOVE' (U+030A) + $cases[$form_d] = "a"; + } + foreach ($cases as $case => $expected) { $friendly_title = elgg_get_friendly_title($case); $this->assertIdentical($expected, $friendly_title); diff --git a/engine/tests/test_files/plugin_18/manifest.xml b/engine/tests/test_files/plugin_18/manifest.xml index 9654b6422..5d788616a 100644 --- a/engine/tests/test_files/plugin_18/manifest.xml +++ b/engine/tests/test_files/plugin_18/manifest.xml @@ -6,6 +6,9 @@ <blurb>A concise description.</blurb> <description>A longer, more interesting description.</description> <website>http://www.elgg.org/</website> + <repository>https://github.com/Elgg/Elgg</repository> + <bugtracker>http://trac.elgg.org</bugtracker> + <donations>http://elgg.org/supporter.php</donations> <copyright>(C) Elgg Foundation 2011</copyright> <license>GNU General Public License version 2</license> diff --git a/js/lib/languages.js b/js/lib/languages.js index bfa858364..a8ba72c31 100644 --- a/js/lib/languages.js +++ b/js/lib/languages.js @@ -4,8 +4,6 @@ */ elgg.provide('elgg.config.translations'); -elgg.config.language = 'en'; - /** * Analagous to the php version. Merges translations for a * given language into the current translations map. diff --git a/js/lib/ui.river.js b/js/lib/ui.river.js new file mode 100644 index 000000000..a56a664a4 --- /dev/null +++ b/js/lib/ui.river.js @@ -0,0 +1,14 @@ +elgg.provide('elgg.ui.river');
+
+elgg.ui.river.init = function() {
+ $('#elgg-river-selector').change(function() {
+ var url = window.location.href;
+ if (window.location.search.length) {
+ url = url.substring(0, url.indexOf('?'));
+ }
+ url += '?' + $(this).val();
+ elgg.forward(url);
+ });
+};
+
+elgg.register_hook_handler('init', 'system', elgg.ui.river.init);
\ No newline at end of file diff --git a/js/lib/ui.widgets.js b/js/lib/ui.widgets.js index d897564b4..26020bb4b 100644 --- a/js/lib/ui.widgets.js +++ b/js/lib/ui.widgets.js @@ -58,6 +58,7 @@ elgg.ui.widgets.add = function(event) { handler: type, owner_guid: elgg.get_page_owner_guid(), context: $("input[name='widget_context']").val(), + show_access: $("input[name='show_access']").val(), default_widgets: $("input[name='default_widgets']").val() || 0 }, success: function(json) { @@ -107,6 +108,11 @@ elgg.ui.widgets.move = function(event, ui) { * @return void */ elgg.ui.widgets.remove = function(event) { + if (confirm(elgg.echo('deleteconfirm')) == false) { + event.preventDefault(); + return; + } + var $widget = $(this).closest('.elgg-module-widget'); // if widget type is single instance type, enable the add buton diff --git a/languages/en.php b/languages/en.php index 7b51b0c7d..bb5376a44 100644 --- a/languages/en.php +++ b/languages/en.php @@ -56,6 +56,7 @@ $english = array( 'DatabaseException:DBSetupIssues' => "There were a number of issues: ", 'DatabaseException:ScriptNotFound' => "Elgg couldn't find the requested database script at %s.", 'DatabaseException:InvalidQuery' => "Invalid query", + 'DatabaseException:InvalidDBLink' => "Connection to database was lost.", 'IOException:FailedToLoadGUID' => "Failed to load new %s from GUID:%d", 'InvalidParameterException:NonElggObject' => "Passing a non-ElggObject to an ElggObject constructor!", @@ -75,10 +76,10 @@ $english = array( 'ElggPlugin:MissingID' => 'Missing plugin ID (guid %s)', 'ElggPlugin:NoPluginPackagePackage' => 'Missing ElggPluginPackage for plugin ID %s (guid %s)', - 'ElggPluginPackage:InvalidPlugin:MissingFile' => 'Missing file %s in package', - 'ElggPluginPackage:InvalidPlugin:InvalidDependency' => 'Invalid dependency type "%s"', - 'ElggPluginPackage:InvalidPlugin:InvalidProvides' => 'Invalid provides type "%s"', - 'ElggPluginPackage:InvalidPlugin:CircularDep' => 'Invalid %s dependency "%s" in plugin %s. Plugins cannot conflict with or require something they provide!', + 'ElggPluginPackage:InvalidPlugin:MissingFile' => 'The required file "%s" is missing.', + 'ElggPluginPackage:InvalidPlugin:InvalidDependency' => 'Its manifest contains an invalid dependency type "%s".', + 'ElggPluginPackage:InvalidPlugin:InvalidProvides' => 'Its manifest contains an invalid provides type "%s".', + 'ElggPluginPackage:InvalidPlugin:CircularDep' => 'There is an invalid %s dependency "%s" in plugin %s. Plugins cannot conflict with or require something they provide!', 'ElggPlugin:Exception:CannotIncludeFile' => 'Cannot include %s for plugin %s (guid: %s) at %s.', 'ElggPlugin:Exception:CannotRegisterViews' => 'Cannot open views dir for plugin %s (guid: %s) at %s.', @@ -229,17 +230,12 @@ $english = array( 'LoginException:AccountLocked' => 'Your account has been locked for too many log in failures.', 'LoginException:ChangePasswordFailure' => 'Failed current password check.', - 'memcache:notinstalled' => 'PHP memcache module not installed, you must install php5-memcache', - 'memcache:noservers' => 'No memcache servers defined, please populate the $CONFIG->memcache_servers variable', - 'memcache:versiontoolow' => 'Memcache needs at least version %s to run, you are running %s', - 'memcache:noaddserver' => 'Multiple server support disabled, you may need to upgrade your PECL memcache library', - 'deprecatedfunction' => 'Warning: This code uses the deprecated function \'%s\' and is not compatible with this version of Elgg', 'pageownerunavailable' => 'Warning: The page owner %d is not accessible!', 'viewfailure' => 'There was an internal failure in the view %s', 'changebookmark' => 'Please change your bookmark for this page', - 'noaccess' => 'This content has been removed, is invalid, or you do not have permission to view it.', + 'noaccess' => 'You need to login to view this content or the content has been removed or you do not have permission to view it.', 'error:missing_data' => 'There was some data missing in your request', 'error:default' => 'Oops...something went wrong.', @@ -367,7 +363,7 @@ $english = array( 'avatar:preview' => 'Preview', 'avatar:upload' => 'Upload a new avatar', 'avatar:current' => 'Current avatar', - 'avatar:revert' => 'Revert your avatar to the default icon', + 'avatar:remove' => 'Remove your avatar and set the default icon', 'avatar:crop:title' => 'Avatar cropping tool', 'avatar:upload:instructions' => "Your avatar is displayed throughout the site. You can change it as often as you'd like. (File formats accepted: GIF, JPG or PNG)", 'avatar:create:instructions' => 'Click and drag a square below to match how you want your avatar cropped. A preview will appear in the box on the right. When you are happy with the preview, click \'Create your avatar\'. This cropped version will be used throughout the site as your avatar.', @@ -376,8 +372,8 @@ $english = array( 'avatar:resize:fail' => 'Resize of the avatar failed', 'avatar:crop:success' => 'Cropping the avatar succeeded', 'avatar:crop:fail' => 'Avatar cropping failed', - 'avatar:revert:success' => 'Reverting the avatar succeeded', - 'avatar:revert:fail' => 'Avatar revert failed', + 'avatar:remove:success' => 'Removing the avatar succeeded', + 'avatar:remove:fail' => 'Avatar remove failed', 'profile:edit' => 'Edit profile', 'profile:aboutme' => "About me", @@ -412,6 +408,8 @@ $english = array( 'profile:explainchangefields' => "You can replace the existing profile fields with your own using the form below. \n\n Give the new profile field a label, for example, 'Favorite team', then select the field type (eg. text, url, tags), and click the 'Add' button. To re-order the fields drag on the handle next to the field label. To edit a field label - click on the label's text to make it editable. \n\n At any time you can revert back to the default profile set up, but you will lose any information already entered into custom fields on profile pages.", 'profile:editdefault:success' => 'New profile field added', 'profile:editdefault:fail' => 'Default profile could not be saved', + 'profile:field_too_long' => 'Cannot save your profile information because the "%s" section is too long.', + 'profile:noaccess' => "You do not have permission to edit this profile.", /** @@ -439,6 +437,8 @@ $english = array( 'river:ingroup' => 'in the group %s', 'river:none' => 'No activity', 'river:update' => 'Update for %s', + 'river:delete:success' => 'River item has been deleted', + 'river:delete:fail' => 'River item could not be deleted', 'river:widget:title' => "Activity", 'river:widget:description' => "Display latest activity", @@ -450,7 +450,7 @@ $english = array( * Notifications */ 'notifications:usersettings' => "Notification settings", - 'notifications:methods' => "Please specify which methods you want to permit.", + 'notifications:methods' => "Select your notification methods.", 'notification:method:email' => 'Email', 'notifications:usersettings:save:ok' => "Your notification settings were successfully saved.", @@ -503,6 +503,7 @@ $english = array( 'registration:notemail' => 'The email address you provided does not appear to be a valid email address.', 'registration:userexists' => 'That username already exists', 'registration:usernametooshort' => 'Your username must be a minimum of %u characters long.', + 'registration:usernametoolong' => 'Your username is too long. It can have a maximum of %u characters.', 'registration:passwordtooshort' => 'The password must be a minimum of %u characters long.', 'registration:dupeemail' => 'This email address has already been registered.', 'registration:invalidchars' => 'Sorry, your username contains the character %s which is invalid. The following characters are invalid: %s', @@ -687,6 +688,9 @@ $english = array( 'admin:plugins:label:categories' => 'Categories', 'admin:plugins:label:licence' => "Licence", 'admin:plugins:label:website' => "URL", + 'admin:plugins:label:repository' => "Code", + 'admin:plugins:label:bugtracker' => "Report issue", + 'admin:plugins:label:donate' => "Donate", 'admin:plugins:label:moreinfo' => 'more info', 'admin:plugins:label:version' => 'Version', 'admin:plugins:label:location' => 'Location', @@ -694,7 +698,8 @@ $english = array( 'admin:plugins:warning:elgg_version_unknown' => 'This plugin uses a legacy manifest file and does not specify a compatible Elgg version. It probably will not work!', 'admin:plugins:warning:unmet_dependencies' => 'This plugin has unmet dependencies and cannot be activated. Check dependencies under more info.', - 'admin:plugins:warning:invalid' => '%s is not a valid Elgg plugin. Check <a href="http://docs.elgg.org/Invalid_Plugin">the Elgg documentation</a> for troubleshooting tips.', + 'admin:plugins:warning:invalid' => 'This plugin is invalid: %s', + 'admin:plugins:warning:invalid:check_docs' => 'Check <a href="http://docs.elgg.org/Invalid_Plugin">the Elgg documentation</a> for troubleshooting tips.', 'admin:plugins:cannot_activate' => 'cannot activate', 'admin:plugins:set_priority:yes' => "Reordered %s.", @@ -741,6 +746,9 @@ $english = array( 'admin:server:label:mem_avail' => 'Memory available', 'admin:server:label:mem_used' => 'Memory used', 'admin:server:error_log' => "Web server's error log", + 'admin:server:label:post_max_size' => 'POST maximum size', + 'admin:server:label:upload_max_filesize' => 'Upload maximum size', + 'admin:server:warning:post_max_too_small' => '(Note: post_max_size must be larger than this value to support uploads of this size)', 'admin:user:label:search' => "Find users:", 'admin:user:label:searchbutton' => "Search", @@ -808,7 +816,7 @@ $english = array( */ 'river:all' => 'All Site Activity', 'river:mine' => 'My Activity', - 'river:friends' => 'Friends Activty', + 'river:friends' => 'Friends Activity', 'river:select' => 'Show %s', 'river:comments:more' => '+%u more', 'river:generic_comment' => 'commented on %s %s', @@ -861,6 +869,7 @@ $english = array( 'new' => 'New', 'add' => 'Add', 'create' => 'Create', + 'remove' => 'Remove', 'revert' => 'Revert', 'site' => 'Site', @@ -871,6 +880,7 @@ $english = array( 'down' => 'Down', 'top' => 'Top', 'bottom' => 'Bottom', + 'back' => 'Back', 'invite' => "Invite", @@ -934,6 +944,7 @@ $english = array( */ 'deleteconfirm' => "Are you sure you want to delete this item?", + 'deleteconfirm:plural' => "Are you sure you want to delete these items?", 'fileexists' => "A file has already been uploaded. To replace it, select it below:", /** @@ -1071,7 +1082,7 @@ Once you have logged in, we highly recommend that you change your password. 'email:settings' => "Email settings", 'email:address:label' => "Your email address", - 'email:save:success' => "New email address saved. Verification is requested.", + 'email:save:success' => "New email address saved.", 'email:save:fail' => "Your new email address could not be saved.", 'friend:newfriend:subject' => "%s has made you a friend!", @@ -1171,6 +1182,7 @@ You cannot reply to this email.", 'actiongatekeeper:tokeninvalid' => "We encountered an error (token mismatch). This probably means that the page you were using expired.", 'actiongatekeeper:timeerror' => 'The page you were using has expired. Please refresh and try again.', 'actiongatekeeper:pluginprevents' => 'A extension has prevented this form from being submitted.', + 'actiongatekeeper:uploadexceeded' => 'The size of file(s) uploaded exceeded the limit set by your site administrator', /** diff --git a/mod/blog/languages/en.php b/mod/blog/languages/en.php index e1930b916..5248a6f51 100644 --- a/mod/blog/languages/en.php +++ b/mod/blog/languages/en.php @@ -41,7 +41,6 @@ $english = array( 'blog:message:saved' => 'Blog post saved.', 'blog:error:cannot_save' => 'Cannot save blog post.', 'blog:error:cannot_write_to_container' => 'Insufficient access to save blog to group.', - 'blog:error:post_not_found' => 'This post has been removed, is invalid, or you do not have permission to view it.', 'blog:messages:warning:draft' => 'There is an unsaved draft of this post!', 'blog:edit_revision_notice' => '(Old version)', 'blog:message:deleted_post' => 'Blog post deleted.', diff --git a/mod/blog/lib/blog.php b/mod/blog/lib/blog.php index 286fe1832..4622a9e7e 100644 --- a/mod/blog/lib/blog.php +++ b/mod/blog/lib/blog.php @@ -22,11 +22,12 @@ function blog_get_page_content_read($guid = NULL) { $return['filter'] = ''; if (!elgg_instanceof($blog, 'object', 'blog')) { - $return['content'] = elgg_echo('blog:error:post_not_found'); - return $return; + register_error(elgg_echo('noaccess')); + $_SESSION['last_forward_from'] = current_page_url(); + forward(''); } - $return['title'] = htmlspecialchars($blog->title); + $return['title'] = $blog->title; $container = $blog->getContainerEntity(); $crumbs_title = $container->name; @@ -271,7 +272,6 @@ function blog_get_page_content_edit($page, $guid = 0, $revision = NULL) { $vars = array(); $vars['id'] = 'blog-post-edit'; - $vars['name'] = 'blog_post'; $vars['class'] = 'elgg-form-alt'; if ($page == 'edit') { diff --git a/mod/blog/start.php b/mod/blog/start.php index 73056f1c9..9faf1794e 100644 --- a/mod/blog/start.php +++ b/mod/blog/start.php @@ -60,7 +60,7 @@ function blog_init() { elgg_extend_view('groups/tool_latest', 'blog/group_module'); // add a blog widget - elgg_register_widget_type('blog', elgg_echo('blog'), elgg_echo('blog:widget:description'), 'profile'); + elgg_register_widget_type('blog', elgg_echo('blog'), elgg_echo('blog:widget:description')); // register actions $action_path = elgg_get_plugins_path() . 'blog/actions/blog'; diff --git a/mod/blog/views/default/js/blog/save_draft.php b/mod/blog/views/default/js/blog/save_draft.php index 8a994ffb0..8cd07ff5d 100644 --- a/mod/blog/views/default/js/blog/save_draft.php +++ b/mod/blog/views/default/js/blog/save_draft.php @@ -12,7 +12,7 @@ elgg.provide('elgg.blog'); */ elgg.blog.saveDraftCallback = function(data, textStatus, XHR) { if (textStatus == 'success' && data.success == true) { - var form = $('form[name=blog_post]'); + var form = $('form[id=blog-post-edit]'); // update the guid input element for new posts that now have a guid form.find('input[name=guid]').val(data.guid); @@ -36,7 +36,7 @@ elgg.blog.saveDraft = function() { } // only save on changed content - var form = $('form[name=blog_post]'); + var form = $('form[id=blog-post-edit]'); var description = form.find('textarea[name=description]').val(); var title = form.find('input[name=title]').val(); @@ -59,7 +59,7 @@ elgg.blog.saveDraft = function() { elgg.blog.init = function() { // get a copy of the body to compare for auto save - oldDescription = $('form[name=blog_post]').find('textarea[name=description]').val(); + oldDescription = $('form[id=blog-post-edit]').find('textarea[name=description]').val(); setInterval(elgg.blog.saveDraft, 60000); }; diff --git a/mod/blog/views/default/object/blog.php b/mod/blog/views/default/object/blog.php index aa8074a69..4403a6006 100644 --- a/mod/blog/views/default/object/blog.php +++ b/mod/blog/views/default/object/blog.php @@ -27,7 +27,6 @@ $owner_link = elgg_view('output/url', array( 'is_trusted' => true, )); $author_text = elgg_echo('byline', array($owner_link)); -$tags = elgg_view('output/tags', array('tags' => $blog->tags)); $date = elgg_view_friendly_time($blog->time_created); // The "on" status changes for comments, so best to check for !Off @@ -74,7 +73,6 @@ if ($full) { 'title' => false, 'metadata' => $metadata, 'subtitle' => $subtitle, - 'tags' => $tags, ); $params = $params + $vars; $summary = elgg_view('object/elements/summary', $params); @@ -92,7 +90,6 @@ if ($full) { 'entity' => $blog, 'metadata' => $metadata, 'subtitle' => $subtitle, - 'tags' => $tags, 'content' => $excerpt, ); $params = $params + $vars; diff --git a/mod/bookmarks/pages/bookmarks/view.php b/mod/bookmarks/pages/bookmarks/view.php index 2439d2ee8..70a6a5bfe 100644 --- a/mod/bookmarks/pages/bookmarks/view.php +++ b/mod/bookmarks/pages/bookmarks/view.php @@ -6,6 +6,11 @@ */ $bookmark = get_entity(get_input('guid')); +if (!$bookmark) { + register_error(elgg_echo('noaccess')); + $_SESSION['last_forward_from'] = current_page_url(); + forward(''); +} $page_owner = elgg_get_page_owner_entity(); diff --git a/mod/bookmarks/start.php b/mod/bookmarks/start.php index 56bac984a..66e22b565 100644 --- a/mod/bookmarks/start.php +++ b/mod/bookmarks/start.php @@ -86,8 +86,13 @@ function bookmarks_init() { * @return bool */ function bookmarks_page_handler($page) { + elgg_load_library('elgg:bookmarks'); + if (!isset($page[0])) { + $page[0] = 'all'; + } + elgg_push_breadcrumb(elgg_echo('bookmarks'), 'bookmarks/all'); // old group usernames diff --git a/mod/bookmarks/views/default/object/bookmarks.php b/mod/bookmarks/views/default/object/bookmarks.php index 89a0d03e0..83bae2b13 100644 --- a/mod/bookmarks/views/default/object/bookmarks.php +++ b/mod/bookmarks/views/default/object/bookmarks.php @@ -27,7 +27,6 @@ $owner_link = elgg_view('output/url', array( )); $author_text = elgg_echo('byline', array($owner_link)); -$tags = elgg_view('output/tags', array('tags' => $bookmark->tags)); $date = elgg_view_friendly_time($bookmark->time_created); $comments_count = $bookmark->countComments(); @@ -64,7 +63,6 @@ if ($full && !elgg_in_context('gallery')) { 'title' => false, 'metadata' => $metadata, 'subtitle' => $subtitle, - 'tags' => $tags, ); $params = $params + $vars; $summary = elgg_view('object/elements/summary', $params); @@ -120,7 +118,6 @@ HTML; 'entity' => $bookmark, 'metadata' => $metadata, 'subtitle' => $subtitle, - 'tags' => $tags, 'content' => $content, ); $params = $params + $vars; diff --git a/mod/categories/languages/en.php b/mod/categories/languages/en.php index eaa65b13e..422fe81a4 100644 --- a/mod/categories/languages/en.php +++ b/mod/categories/languages/en.php @@ -9,7 +9,7 @@ $english = array( 'categories:explanation' => 'To set some predefined site-wide categories that will be used throughout your system, enter them below, separated with commas. Compatible tools will then display them when the user creates or edits content.', 'categories:save:success' => 'Site categories were successfully saved.', 'categories:results' => "Results for the site category: %s", - 'categories:on_activate_reminder' => "Site-wide Cateogires won't work until you add categories. <a href=\"%s\">Add categories now.</a>", + 'categories:on_activate_reminder' => "Site-wide Categories won't work until you add categories. <a href=\"%s\">Add categories now.</a>", ); add_translation("en", $english);
\ No newline at end of file diff --git a/mod/categories/views/default/input/categories.php b/mod/categories/views/default/input/categories.php index 75960d257..b543cde45 100644 --- a/mod/categories/views/default/input/categories.php +++ b/mod/categories/views/default/input/categories.php @@ -10,6 +10,12 @@ if (isset($vars['entity']) && $vars['entity'] instanceof ElggEntity) { $selected_categories = $vars['entity']->universal_categories; } + +// use sticky values if set +if (isset($vars['universal_categories_list'])) { + $selected_categories = $vars['universal_categories_list']; +} + $categories = elgg_get_site_entity()->categories; if (empty($categories)) { $categories = array(); diff --git a/mod/developers/manifest.xml b/mod/developers/manifest.xml index 93a12945d..e31998872 100644 --- a/mod/developers/manifest.xml +++ b/mod/developers/manifest.xml @@ -8,6 +8,7 @@ <blurb>Developer tools for Elgg</blurb> <description>A set of tools for writing plugins and themes. It is recommended that you have this plugin at the top of the plugin list.</description> <website>http://www.elgg.org/</website> + <bugtracker>http://trac.elgg.org</bugtracker> <copyright>See COPYRIGHT.txt</copyright> <license>GNU General Public License version 2</license> diff --git a/mod/developers/views/default/page/theme_preview.php b/mod/developers/views/default/page/theme_preview.php index 5b31fd789..584387ec1 100644 --- a/mod/developers/views/default/page/theme_preview.php +++ b/mod/developers/views/default/page/theme_preview.php @@ -20,7 +20,7 @@ header("Content-type: text/html; charset=UTF-8"); <div class="elgg-page elgg-page-default"> <div class="elgg-page-header"> <div class="elgg-inner"> - <h1 class="elgg-heading-site">Theme Preview</h1> + <h1 class="elgg-heading-site">Theme Sandbox</h1> </div> </div> <div class="elgg-page-body"> diff --git a/mod/developers/views/default/theme_preview/components.php b/mod/developers/views/default/theme_preview/components.php index 45f520f2c..2f414cd88 100644 --- a/mod/developers/views/default/theme_preview/components.php +++ b/mod/developers/views/default/theme_preview/components.php @@ -15,5 +15,11 @@ echo elgg_view_module('info', 'Table (.elgg-table)', $body); $body = elgg_view('theme_preview/components/table', array('class' => 'elgg-table-alt')); echo elgg_view_module('info', 'Table Alternate (.elgg-table-alt)', $body); +$body = elgg_view('theme_preview/components/tagcloud'); +echo elgg_view_module('info', 'Tag cloud (.elgg-tagcloud)', $body); + +$body = elgg_view('theme_preview/components/tags'); +echo elgg_view_module('info', 'Tags (.elgg-tag)', $body); + $body = elgg_view('theme_preview/components/messages'); echo elgg_view_module('info', 'Messages (.elgg-message)', $body); diff --git a/mod/developers/views/default/theme_preview/components/tagcloud.php b/mod/developers/views/default/theme_preview/components/tagcloud.php new file mode 100644 index 000000000..3cbf34745 --- /dev/null +++ b/mod/developers/views/default/theme_preview/components/tagcloud.php @@ -0,0 +1,17 @@ +<?php + +$tags = array( + (object)array('tag' => 'php', 'total' => 2), + (object)array('tag' => 'elgg', 'total' => 8), + (object)array('tag' => 'javascript', 'total' => 3), + (object)array('tag' => 'css', 'total' => 4), + (object)array('tag' => 'html', 'total' => 1), + (object)array('tag' => 'framework', 'total' => 4), + (object)array('tag' => 'social', 'total' => 3), + (object)array('tag' => 'web', 'total' => 7), + (object)array('tag' => 'code', 'total' => 2), +); + +echo '<div style="width: 200px;">'; +echo elgg_view('output/tagcloud', array('value' => $tags)); +echo '</div>'; diff --git a/mod/developers/views/default/theme_preview/components/tags.php b/mod/developers/views/default/theme_preview/components/tags.php new file mode 100644 index 000000000..04df9511a --- /dev/null +++ b/mod/developers/views/default/theme_preview/components/tags.php @@ -0,0 +1,5 @@ +<?php + +echo elgg_view('output/tags', array( + 'value' => array('one', 'two', 'three', 'four', 'cinco'), +)); diff --git a/mod/developers/views/default/theme_preview/general.php b/mod/developers/views/default/theme_preview/general.php index 35d8ccbfd..629462873 100644 --- a/mod/developers/views/default/theme_preview/general.php +++ b/mod/developers/views/default/theme_preview/general.php @@ -1,12 +1,12 @@ <?php /** - * Quick introduction to the theme preview + * Quick introduction to the theme sandbox * * @todo links to resources? */ ?> -<p>This theme preview provides a visual catalog for many of the theming elements +<p>This theme sandbox provides a visual catalog for many of the theming elements that Elgg uses. The primary css selector is listed with each theme element. The preview is divided into sections that are listed in the page menu (usually in the sidebar but depends on your current theme). diff --git a/mod/developers/views/default/theme_preview/grid.php b/mod/developers/views/default/theme_preview/grid.php index 030e752e7..0c4cbb251 100644 --- a/mod/developers/views/default/theme_preview/grid.php +++ b/mod/developers/views/default/theme_preview/grid.php @@ -4,73 +4,111 @@ */ ?> -<style> -h3 {text-align: center;} -.elgg-col > .elgg-inner {border: 1px solid #cccccc; padding: 5px;} -</style> - -<div class="elgg-col elgg-col-1of5"> - <div class="elgg-inner"> - <h3>1/5</h3> - <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</p> - <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</p> - <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</p> - </div> +<div class="elgg-grid"> + <div class="elgg-col elgg-col-1of1"><div class="elgg-inner"><h3>1/1</h3></div></div> </div> -<div class="elgg-col elgg-col-3of5"> - <div class="elgg-inner clearfix"> - <h3>3/5</h3> - <div class="elgg-col elgg-col-1of2"> - <div class="elgg-inner"> - <h3>1/2</h3> - <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</p> - </div> - </div> - <div class="elgg-col elgg-col-1of2"> - <div class="elgg-inner"> - <h3>1/2</h3> - <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</p> - </div> - </div> - <div class="elgg-col elgg-col-1of3"> - <div class="elgg-inner"> - <h3>1/3</h3> - <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</p> - <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</p> - </div> +<div class="elgg-grid"> + <div class="elgg-col elgg-col-1of2"><div class="elgg-inner"><h3>1/2</h3></div></div> + <div class="elgg-col elgg-col-1of2"><div class="elgg-inner"><h3>1/2</h3></div></div> +</div> +<div class="elgg-grid"> + <div class="elgg-col elgg-col-1of3"><div class="elgg-inner"><h3>1/3</h3></div></div> + <div class="elgg-col elgg-col-2of3"><div class="elgg-inner"><h3>2/3</h3></div></div> +</div> +<div class="elgg-grid"> + <div class="elgg-col elgg-col-3of4"><div class="elgg-inner"><h3>3/4</h3></div></div> + <div class="elgg-col elgg-col-1of4"><div class="elgg-inner"><h3>1/4</h3></div></div> +</div> +<div class="elgg-grid"> + <div class="elgg-col elgg-col-1of5"><div class="elgg-inner"><h3>1/5</h3></div></div> + <div class="elgg-col elgg-col-4of5"><div class="elgg-inner"><h3>4/5</h3></div></div> +</div> +<div class="elgg-grid"> + <div class="elgg-col elgg-col-3of5"><div class="elgg-inner"><h3>3/5</h3></div></div> + <div class="elgg-col elgg-col-2of5"><div class="elgg-inner"><h3>2/5</h3></div></div> +</div> +<div class="elgg-grid"> + <div class="elgg-col elgg-col-1of6"><div class="elgg-inner"><h3>1/6</h3></div></div> + <div class="elgg-col elgg-col-5of6"><div class="elgg-inner"><h3>5/6</h3></div></div> +</div> +<div class="elgg-grid"> + <style> + h3 { text-align: center; } + .elgg-col > .elgg-inner { + border: 1px solid #cccccc; + border-radius: 5px; + padding: 5px; + } + </style> + <div class="elgg-col elgg-col-1of5"> + <div class="elgg-inner"> + <h3>1/5</h3> + <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</p> + <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</p> + <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</p> </div> - <div class="elgg-col elgg-col-2of3"> - <div class="elgg-inner"> - <h3>2/3</h3> + </div> + <div class="elgg-col elgg-col-3of5"> + <div class="elgg-inner clearfix"> + <h3>3/5</h3> + <div class="elgg-grid"> <div class="elgg-col elgg-col-1of2"> <div class="elgg-inner"> <h3>1/2</h3> <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</p> </div> </div> - <div class="elgg-col elgg-col-1of2"> + <div class="elgg-col elgg-col-1of2 elgg-col-last"> <div class="elgg-inner"> <h3>1/2</h3> <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</p> </div> </div> - <div class="elgg-col elgg-col-1of1"> + </div> + <div class="elgg-grid"> + <div class="elgg-col elgg-col-1of3"> <div class="elgg-inner"> - <h3>1</h3> + <h3>1/3</h3> + <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</p> <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</p> </div> </div> + <div class="elgg-col elgg-col-2of3 elgg-col-last"> + <div class="elgg-inner"> + <h3>2/3</h3> + <div class="elgg-grid"> + <div class="elgg-col elgg-col-1of2"> + <div class="elgg-inner"> + <h3>1/2</h3> + <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</p> + </div> + </div> + <div class="elgg-col elgg-col-1of2 elgg-col-last"> + <div class="elgg-inner"> + <h3>1/2</h3> + <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</p> + </div> + </div> + </div> + <div class="elgg-grid"> + <div class="elgg-col elgg-col-1of1"> + <div class="elgg-inner"> + <h3>1</h3> + <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</p> + </div> + </div> + </div> + </div> + </div> </div> </div> </div> -</div> -<div class="elgg-col elgg-col-1of5 elgg-col-last"> - <div class="elgg-inner"> - <h3>1/5</h3> - <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</p> - <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</p> - <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</p> + <div class="elgg-col elgg-col-1of5 elgg-col-last"> + <div class="elgg-inner"> + <h3>1/5</h3> + <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</p> + <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</p> + <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</p> + </div> </div> </div> - -</div> diff --git a/mod/developers/views/default/theme_preview/navigation.php b/mod/developers/views/default/theme_preview/navigation.php index b80634317..5d3060d10 100644 --- a/mod/developers/views/default/theme_preview/navigation.php +++ b/mod/developers/views/default/theme_preview/navigation.php @@ -2,9 +2,9 @@ /** * Navigation CSS */ -echo elgg_view_module('info', "Tabs", elgg_view('theme_preview/navigation/tabs')); +echo elgg_view_module('info', "Tabs (.elgg-tabs)", elgg_view('theme_preview/navigation/tabs')); -echo elgg_view_module('info', "Pagination", elgg_view('theme_preview/navigation/pagination')); +echo elgg_view_module('info', "Pagination (.elgg-pagination)", elgg_view('theme_preview/navigation/pagination')); echo elgg_view_module('info', "Site Menu (.elgg-menu-site)", elgg_view('theme_preview/navigation/site')); @@ -14,8 +14,10 @@ echo elgg_view_module('info', "Page Menu (.elgg-menu-page)", elgg_view('theme_pr echo elgg_view_module('info', "Filter Menu (.elgg-menu-filter)", elgg_view('theme_preview/navigation/filter')); -echo elgg_view_module('info', "Extras Menu (.elgg-menu-extras)", elgg_view('theme_preview/navigation/extras')); +echo elgg_view_module('info', "Extras Menu (.elgg-menu-extras and .elgg-menu-hz)", elgg_view('theme_preview/navigation/extras')); + +echo elgg_view_module('info', "Entity Menu (.elgg-menu-entity and .elgg-menu-hz)", elgg_view('theme_preview/navigation/entity')); echo elgg_view_module('info', "Owner Block Menu (.elgg-menu-owner-block)", elgg_view('theme_preview/navigation/owner_block')); -?> +echo elgg_view_module('info', "Footer Menu (.elgg-menu-footer)", elgg_view('theme_preview/navigation/footer')); diff --git a/mod/developers/views/default/theme_preview/navigation/breadcrumbs.php b/mod/developers/views/default/theme_preview/navigation/breadcrumbs.php index eb3dd47a3..c910b2aa4 100644 --- a/mod/developers/views/default/theme_preview/navigation/breadcrumbs.php +++ b/mod/developers/views/default/theme_preview/navigation/breadcrumbs.php @@ -3,4 +3,8 @@ elgg_push_breadcrumb('First', "#"); elgg_push_breadcrumb('Second', "#");
elgg_push_breadcrumb('Third');
-echo elgg_view('navigation/breadcrumbs');
+echo elgg_view('navigation/breadcrumbs', array('class' => mts));
+
+elgg_pop_breadcrumb();
+elgg_pop_breadcrumb();
+elgg_pop_breadcrumb();
diff --git a/mod/developers/views/default/theme_preview/navigation/default.php b/mod/developers/views/default/theme_preview/navigation/default.php index fd67b8094..bfd26162f 100644 --- a/mod/developers/views/default/theme_preview/navigation/default.php +++ b/mod/developers/views/default/theme_preview/navigation/default.php @@ -4,7 +4,7 @@ $params = array(); $params['menu'] = array();
$params['menu']['default'] = array();
for ($i=1; $i<=5; $i++) {
- $params['menu']['default'][] = new ElggMenuItem($i, "Page $i", "$url#");
+ $params['menu']['default'][] = new ElggMenuItem($i, "Page $i", "#");
}
$params['menu']['default'][2]->setSelected(true);
diff --git a/mod/developers/views/default/theme_preview/navigation/entity.php b/mod/developers/views/default/theme_preview/navigation/entity.php new file mode 100644 index 000000000..465585b00 --- /dev/null +++ b/mod/developers/views/default/theme_preview/navigation/entity.php @@ -0,0 +1,12 @@ +<?php +$params = array(); +$params['menu'] = array(); +$params['menu']['default'] = array(); +$params['menu']['default'][] = new ElggMenuItem(1, "Public", false); +$params['menu']['default'][] = new ElggMenuItem(2, "Edit", "#"); +$params['menu']['default'][] = new ElggMenuItem(3, elgg_view_icon('thumbs-up'), "#"); +$params['name'] = 'entity'; +$params['class'] = 'elgg-menu-hz'; + +echo elgg_view('navigation/menu/default', $params); + diff --git a/mod/developers/views/default/theme_preview/navigation/extras.php b/mod/developers/views/default/theme_preview/navigation/extras.php index 6982cf57d..43b19f8e3 100644 --- a/mod/developers/views/default/theme_preview/navigation/extras.php +++ b/mod/developers/views/default/theme_preview/navigation/extras.php @@ -3,11 +3,11 @@ $params = array();
$params['menu'] = array();
$params['menu']['default'] = array();
-for ($i=1; $i<=5; $i++) {
- $params['menu']['default'][] = new ElggMenuItem($i, "Page $i", "$url#");
-}
-$params['class'] = 'elgg-menu-extras';
-
+$params['menu']['default'][] = new ElggMenuItem(1, elgg_view_icon('push-pin-alt'), "#");
+$params['menu']['default'][] = new ElggMenuItem(2, elgg_view_icon('rss'), "#");
+$params['menu']['default'][] = new ElggMenuItem(3, elgg_view_icon('star-alt'), "#");
+$params['name'] = 'extras';
+$params['class'] = 'elgg-menu-hz';
?>
diff --git a/mod/developers/views/default/theme_preview/navigation/filter.php b/mod/developers/views/default/theme_preview/navigation/filter.php index f27edf150..ea1c8b033 100644 --- a/mod/developers/views/default/theme_preview/navigation/filter.php +++ b/mod/developers/views/default/theme_preview/navigation/filter.php @@ -4,7 +4,7 @@ $params = array(); $params['menu'] = array();
$params['menu']['default'] = array();
for ($i=1; $i<=5; $i++) {
- $params['menu']['default'][] = new ElggMenuItem($i, "Page $i", "$url#");
+ $params['menu']['default'][] = new ElggMenuItem($i, "Page $i", "#");
}
$params['menu']['default'][2]->setSelected(true);
diff --git a/mod/developers/views/default/theme_preview/navigation/footer.php b/mod/developers/views/default/theme_preview/navigation/footer.php new file mode 100644 index 000000000..92a1bb43c --- /dev/null +++ b/mod/developers/views/default/theme_preview/navigation/footer.php @@ -0,0 +1,10 @@ +<?php +$params = array(); +$params['menu'] = array(); +$params['menu']['default'] = array(); +for ($i=1; $i<=5; $i++) { + $params['menu']['default'][] = new ElggMenuItem($i, "Page $i", "#"); +} +$params['name'] = 'footer'; + +echo elgg_view('navigation/menu/default', $params); diff --git a/mod/developers/views/default/theme_preview/navigation/horizontal.php b/mod/developers/views/default/theme_preview/navigation/horizontal.php index 69e75c063..f404f42c0 100644 --- a/mod/developers/views/default/theme_preview/navigation/horizontal.php +++ b/mod/developers/views/default/theme_preview/navigation/horizontal.php @@ -4,7 +4,7 @@ $params = array(); $params['menu'] = array();
$params['menu']['default'] = array();
for ($i=1; $i<=5; $i++) {
- $params['menu']['default'][] = new ElggMenuItem($i, "Page $i", "$url#");
+ $params['menu']['default'][] = new ElggMenuItem($i, "Page $i", "#");
}
$params['menu']['default'][2]->setSelected(true);
$params['class'] = 'elgg-menu-hz';
diff --git a/mod/developers/views/default/theme_preview/navigation/owner_block.php b/mod/developers/views/default/theme_preview/navigation/owner_block.php index 6bf79fe7e..20b93d166 100644 --- a/mod/developers/views/default/theme_preview/navigation/owner_block.php +++ b/mod/developers/views/default/theme_preview/navigation/owner_block.php @@ -3,9 +3,11 @@ $params = array(); $params['menu'] = array();
$params['menu']['default'] = array();
for ($i=1; $i<=5; $i++) {
- $params['menu']['default'][] = new ElggMenuItem($i, "Page $i", "$url#");
+ $params['menu']['default'][] = new ElggMenuItem($i, "Page $i", "#");
}
$params['menu']['default'][2]->setSelected(true);
-$params['class'] = 'elgg-menu-owner-block';
+$params['name'] = 'owner-block';
-echo elgg_view('navigation/menu/default', $params);
\ No newline at end of file +echo '<div class="elgg-sidebar">';
+echo elgg_view('navigation/menu/default', $params);
+echo '</div>';
diff --git a/mod/developers/views/default/theme_preview/navigation/page.php b/mod/developers/views/default/theme_preview/navigation/page.php index fb3f075dc..a57edc2e2 100644 --- a/mod/developers/views/default/theme_preview/navigation/page.php +++ b/mod/developers/views/default/theme_preview/navigation/page.php @@ -5,11 +5,10 @@ $params['menu'] = array(); $params['menu']['default'] = array();
for ($i=1; $i<=5; $i++) {
$params['menu']['default'][] = new ElggMenuItem($i, "Page $i", "#");
- $params['menu']['alt'][] = new ElggMenuItem($i, "Page $i", "#");
}
$params['menu']['default'][2]->setSelected(true);
-$m = new ElggMenuItem(10, "Child", "$url#");
+$m = new ElggMenuItem(10, "Child", "#");
$m->setParent($params['menu']['default'][1]);
$params['menu']['default'][1]->addChild($m);
?>
diff --git a/mod/developers/views/default/theme_preview/navigation/site.php b/mod/developers/views/default/theme_preview/navigation/site.php index df8dc1b70..329036b80 100644 --- a/mod/developers/views/default/theme_preview/navigation/site.php +++ b/mod/developers/views/default/theme_preview/navigation/site.php @@ -4,7 +4,7 @@ $params = array(); $params['menu'] = array();
$params['menu']['default'] = array();
for ($i=1; $i<=5; $i++) {
- $params['menu']['default'][] = new ElggMenuItem($i, "Page $i", "$url#");
+ $params['menu']['default'][] = new ElggMenuItem($i, "Page $i", "#");
}
$params['menu']['default'][2]->setSelected(true);
?>
diff --git a/mod/developers/views/default/theme_preview/navigation/tabs.php b/mod/developers/views/default/theme_preview/navigation/tabs.php index b2638bb37..81fe4e669 100644 --- a/mod/developers/views/default/theme_preview/navigation/tabs.php +++ b/mod/developers/views/default/theme_preview/navigation/tabs.php @@ -1,9 +1,9 @@ <?php
$params = array(
'tabs' => array(
- array('title' => 'First', 'url' => "$url#"),
- array('title' => 'Second', 'url' => "$url#", 'selected' => true),
- array('title' => 'Third', 'url' => "$url#"),
+ array('title' => 'First', 'url' => "#"),
+ array('title' => 'Second', 'url' => "#", 'selected' => true),
+ array('title' => 'Third', 'url' => "#"),
)
);
diff --git a/mod/developers/views/default/theme_preview/typography.php b/mod/developers/views/default/theme_preview/typography.php index 6662a9a46..7a6328cf9 100644 --- a/mod/developers/views/default/theme_preview/typography.php +++ b/mod/developers/views/default/theme_preview/typography.php @@ -5,6 +5,8 @@ echo elgg_view_module('info', "Headings", elgg_view('theme_preview/typography/headings')); +echo elgg_view_module('info', "Fonts", elgg_view('theme_preview/typography/fonts')); + echo elgg_view_module('info', "Paragraph", elgg_view('theme_preview/typography/paragraph')); echo elgg_view_module('info', "Misc", elgg_view('theme_preview/typography/misc'));
\ No newline at end of file diff --git a/mod/developers/views/default/theme_preview/typography/fonts.php b/mod/developers/views/default/theme_preview/typography/fonts.php new file mode 100644 index 000000000..dd3c53f00 --- /dev/null +++ b/mod/developers/views/default/theme_preview/typography/fonts.php @@ -0,0 +1,7 @@ +<ul> + <li>Lorem ipsum dolor sit amet (body)</li> + <li><span class="elgg-text-help" style="display: inline;">Lorem ipsum dolor sit amet</span> (.elgg-text-help)</li> + <li><span class="elgg-quiet">Lorem ipsum dolor sit amet</span> (.elgg-quiet)</li> + <li><span class="elgg-loud">Lorem ipsum dolor sit amet</span> (.elgg-loud)</li> + <li><span class="elgg-monospace">Lorem ipsum dolor sit amet</span> (.elgg-monospace)</li> +</ul>
\ No newline at end of file diff --git a/mod/embed/views/default/embed/layout.php b/mod/embed/views/default/embed/layout.php index e906160b1..1ca263037 100644 --- a/mod/embed/views/default/embed/layout.php +++ b/mod/embed/views/default/embed/layout.php @@ -21,6 +21,9 @@ if ($selected->getData('view')) { } } +$tab .= elgg_view('graphics/ajax_loader', array( + 'class' => 'embed-throbber mtl', +)); $container_info = elgg_view('input/hidden', array( 'name' => 'embed_container_guid', diff --git a/mod/embed/views/default/js/embed/embed.php b/mod/embed/views/default/js/embed/embed.php index 5fd534a09..0c8442292 100644 --- a/mod/embed/views/default/js/embed/embed.php +++ b/mod/embed/views/default/js/embed/embed.php @@ -85,11 +85,14 @@ elgg.embed.submit = function(event) { } } }, - error: function(xhr, status) { - // nothing for now + error : function(xhr, status) { + // @todo nothing for now } }); + $('.elgg-form-file-upload').hide(); + $('.embed-throbber').show(); + // this was bubbling up the DOM causing a submission event.preventDefault(); event.stopPropagation(); diff --git a/mod/externalpages/views/default/expages/wrapper.php b/mod/externalpages/views/default/expages/wrapper.php index 8eb0b2f84..c579da1ba 100644 --- a/mod/externalpages/views/default/expages/wrapper.php +++ b/mod/externalpages/views/default/expages/wrapper.php @@ -9,7 +9,7 @@ echo $vars['content']; echo '<div class="mtm">'; echo elgg_view('output/url', array( - 'text' => 'Back', + 'text' => elgg_echo('back'), 'href' => $_SERVER['HTTP_REFERER'], 'class' => 'float-alt' )); diff --git a/mod/file/actions/file/upload.php b/mod/file/actions/file/upload.php index 5242cbda2..d72d04eb7 100644 --- a/mod/file/actions/file/upload.php +++ b/mod/file/actions/file/upload.php @@ -94,8 +94,31 @@ if (isset($_FILES['upload']['name']) && !empty($_FILES['upload']['name'])) { $filestorename = elgg_strtolower(time().$_FILES['upload']['name']); } - $mime_type = $file->detectMimeType($_FILES['upload']['tmp_name'], $_FILES['upload']['type']); $file->setFilename($prefix . $filestorename); + $mime_type = ElggFile::detectMimeType($_FILES['upload']['tmp_name'], $_FILES['upload']['type']); + + // hack for Microsoft zipped formats + $info = pathinfo($_FILES['upload']['name']); + $office_formats = array('docx', 'xlsx', 'pptx'); + if ($mime_type == "application/zip" && in_array($info['extension'], $office_formats)) { + switch ($info['extension']) { + case 'docx': + $mime_type = "application/vnd.openxmlformats-officedocument.wordprocessingml.document"; + break; + case 'xlsx': + $mime_type = "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet"; + break; + case 'pptx': + $mime_type = "application/vnd.openxmlformats-officedocument.presentationml.presentation"; + break; + } + } + + // check for bad ppt detection + if ($mime_type == "application/vnd.ms-office" && $info['extension'] == "ppt") { + $mime_type = "application/vnd.ms-powerpoint"; + } + $file->setMimeType($mime_type); $file->originalfilename = $_FILES['upload']['name']; $file->simpletype = file_get_simple_type($mime_type); diff --git a/mod/file/pages/file/view.php b/mod/file/pages/file/view.php index a571c9d68..6c9566a89 100644 --- a/mod/file/pages/file/view.php +++ b/mod/file/pages/file/view.php @@ -6,6 +6,11 @@ */ $file = get_entity(get_input('guid')); +if (!$file) { + register_error(elgg_echo('noaccess')); + $_SESSION['last_forward_from'] = current_page_url(); + forward(''); +} $owner = elgg_get_page_owner_entity(); diff --git a/mod/file/start.php b/mod/file/start.php index 120129276..172042332 100644 --- a/mod/file/start.php +++ b/mod/file/start.php @@ -240,11 +240,15 @@ function file_get_simple_type($mimetype) { switch ($mimetype) { case "application/msword": + case "application/vnd.openxmlformats-officedocument.wordprocessingml.document": return "document"; break; case "application/pdf": return "document"; break; + case "application/ogg": + return "audio"; + break; } if (substr_count($mimetype, 'text/')) { @@ -357,11 +361,15 @@ function file_icon_url_override($hook, $type, $returnvalue, $params) { $mapping = array( 'application/excel' => 'excel', 'application/msword' => 'word', + 'application/ogg' => 'music', 'application/pdf' => 'pdf', 'application/powerpoint' => 'ppt', 'application/vnd.ms-excel' => 'excel', 'application/vnd.ms-powerpoint' => 'ppt', 'application/vnd.oasis.opendocument.text' => 'openoffice', + 'application/vnd.openxmlformats-officedocument.wordprocessingml.document' => 'word', + 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet' => 'excel', + 'application/vnd.openxmlformats-officedocument.presentationml.presentation' => 'ppt', 'application/x-gzip' => 'archive', 'application/x-rar-compressed' => 'archive', 'application/x-stuffit' => 'archive', diff --git a/mod/file/views/default/object/file.php b/mod/file/views/default/object/file.php index 1db9863c9..b3f530183 100644 --- a/mod/file/views/default/object/file.php +++ b/mod/file/views/default/object/file.php @@ -28,7 +28,6 @@ $author_text = elgg_echo('byline', array($owner_link)); $file_icon = elgg_view_entity_icon($file, 'small'); -$tags = elgg_view('output/tags', array('tags' => $file->tags)); $date = elgg_view_friendly_time($file->time_created); $comments_count = $file->countComments(); @@ -71,7 +70,6 @@ if ($full && !elgg_in_context('gallery')) { 'entity' => $file, 'metadata' => $metadata, 'subtitle' => $subtitle, - 'tags' => $tags, ); $params = $params + $vars; $summary = elgg_view('object/elements/summary', $params); @@ -100,7 +98,6 @@ if ($full && !elgg_in_context('gallery')) { 'entity' => $file, 'metadata' => $metadata, 'subtitle' => $subtitle, - 'tags' => $tags, 'content' => $excerpt, ); $params = $params + $vars; diff --git a/mod/groups/actions/groups/edit.php b/mod/groups/actions/groups/edit.php index b513a6098..df2464a65 100644 --- a/mod/groups/actions/groups/edit.php +++ b/mod/groups/actions/groups/edit.php @@ -15,6 +15,8 @@ function profile_array_decoder(&$v) { $v = html_entity_decode($v, ENT_COMPAT, 'UTF-8'); } +elgg_make_sticky_form('groups'); + // Get group fields $input = array(); foreach ($CONFIG->group as $shortname => $valuetype) { @@ -39,10 +41,14 @@ $user = elgg_get_logged_in_user_entity(); $group_guid = (int)get_input('group_guid'); $new_group_flag = $group_guid == 0; +if ($new_group_flag && elgg_get_plugin_setting('limited_groups', 'groups') == 'yes' && !elgg_is_admin_logged_in()) { + register_error(elgg_echo("groups:cantcreate")); + forward(REFERER); +} + $group = new ElggGroup($group_guid); // load if present, if not create a new group if (($group_guid) && (!$group->canEdit())) { register_error(elgg_echo("groups:cantedit")); - forward(REFERER); } @@ -106,6 +112,9 @@ if (elgg_get_plugin_setting('hidden_groups', 'groups') == 'yes') { $group->save(); +// group saved so clear sticky form +elgg_clear_sticky_form('groups'); + // group creator needs to be member of new group and river entry created if ($new_group_flag) { elgg_set_page_owner_guid($group->guid); diff --git a/mod/groups/icon.php b/mod/groups/icon.php index f86f84fa5..1bd240ea6 100644 --- a/mod/groups/icon.php +++ b/mod/groups/icon.php @@ -8,7 +8,13 @@ require_once(dirname(dirname(dirname(__FILE__))) . "/engine/start.php"); $group_guid = get_input('group_guid'); + +/* @var ElggGroup $group */ $group = get_entity($group_guid); +if (!($group instanceof ElggGroup)) { + header("HTTP/1.1 404 Not Found"); + exit; +} // If is the same ETag, content didn't changed. $etag = $group->icontime . $group_guid; diff --git a/mod/groups/languages/en.php b/mod/groups/languages/en.php index e51e51a14..0ca980108 100644 --- a/mod/groups/languages/en.php +++ b/mod/groups/languages/en.php @@ -12,6 +12,7 @@ $english = array( */ 'groups' => "Groups", 'groups:owned' => "Groups I own", + 'groups:owned:user' => 'Groups %s owns', 'groups:yours' => "My groups", 'groups:user' => "%s's groups", 'groups:all' => "All groups", @@ -40,6 +41,7 @@ $english = array( 'groups:noaccess' => 'No access to group', 'groups:permissions:error' => 'You do not have the permissions for this', 'groups:ingroup' => 'in the group', + 'groups:cantcreate' => 'You can not create a group. Only admins can.', 'groups:cantedit' => 'You can not edit this group', 'groups:saved' => 'Group saved', 'groups:featured' => 'Featured groups', @@ -64,6 +66,7 @@ $english = array( 'groups:search_in_group' => "Search in this group", 'groups:acl' => "Group: %s", + 'discussion:notification:topic:subject' => 'New group discussion post', 'groups:notification' => '%s added a new discussion topic to %s: @@ -74,6 +77,15 @@ View and reply to the discussion: %s ', + 'discussion:notification:reply:body' => +'%s replied to the discussion topic %s in the group %s: + +%s + +View and reply to the discussion: +%s +', + 'groups:activity' => "Group activity", 'groups:enableactivity' => 'Enable group activity', 'groups:activity:none' => "There is no group activity yet", @@ -248,6 +260,7 @@ or click below to view the group's join requests: 'groups:forumtopic:edited' => 'Forum topic successfully edited.', 'groups:allowhiddengroups' => 'Do you want to allow private (invisible) groups?', + 'groups:whocancreate' => 'Who can create new groups?', /** * Action messages @@ -274,4 +287,4 @@ or click below to view the group's join requests: ); -add_translation("en", $english);
\ No newline at end of file +add_translation("en", $english); diff --git a/mod/groups/lib/discussion.php b/mod/groups/lib/discussion.php index 55642644d..ab2fe4849 100644 --- a/mod/groups/lib/discussion.php +++ b/mod/groups/lib/discussion.php @@ -15,7 +15,7 @@ function discussion_handle_all_page() { 'type' => 'object', 'subtype' => 'groupforumtopic', 'order_by' => 'e.last_action desc', - 'limit' => 40, + 'limit' => 20, 'full_view' => false, )); @@ -149,8 +149,9 @@ function discussion_handle_view_page($guid) { $topic = get_entity($guid); if (!$topic) { - register_error(elgg_echo('discussion:topic:notfound')); - forward(); + register_error(elgg_echo('noaccess')); + $_SESSION['last_forward_from'] = current_page_url(); + forward(''); } $group = $topic->getContainerEntity(); diff --git a/mod/groups/lib/groups.php b/mod/groups/lib/groups.php index 2fe9ae8e0..dfbb1154b 100644 --- a/mod/groups/lib/groups.php +++ b/mod/groups/lib/groups.php @@ -12,7 +12,9 @@ function groups_handle_all_page() { elgg_pop_breadcrumb(); elgg_push_breadcrumb(elgg_echo('groups')); - elgg_register_title_button(); + if (elgg_get_plugin_setting('limited_groups', 'groups') != 'yes' || elgg_is_admin_logged_in()) { + elgg_register_title_button(); + } $selected_tab = get_input('filter', 'newest'); @@ -106,7 +108,11 @@ function groups_handle_owned_page() { $page_owner = elgg_get_page_owner_entity(); - $title = elgg_echo('groups:owned'); + if ($page_owner->guid == elgg_get_logged_in_user_guid()) { + $title = elgg_echo('groups:owned'); + } else { + $title = elgg_echo('groups:owned:user', array($page_owner->name)); + } elgg_push_breadcrumb($title); elgg_register_title_button(); @@ -137,7 +143,11 @@ function groups_handle_mine_page() { $page_owner = elgg_get_page_owner_entity(); - $title = elgg_echo('groups:yours'); + if ($page_owner->guid == elgg_get_logged_in_user_guid()) { + $title = elgg_echo('groups:yours'); + } else { + $title = elgg_echo('groups:user', array($page_owner->name)); + } elgg_push_breadcrumb($title); elgg_register_title_button(); @@ -176,7 +186,11 @@ function groups_handle_edit_page($page, $guid = 0) { elgg_set_page_owner_guid(elgg_get_logged_in_user_guid()); $title = elgg_echo('groups:add'); elgg_push_breadcrumb($title); - $content = elgg_view('groups/edit'); + if (elgg_get_plugin_setting('limited_groups', 'groups') != 'yes' || elgg_is_admin_logged_in()) { + $content = elgg_view('groups/edit'); + } else { + $content = elgg_echo('groups:cantcreate'); + } } else { $title = elgg_echo("groups:edit"); $group = get_entity($guid); @@ -238,6 +252,8 @@ function groups_handle_profile_page($guid) { global $autofeed; $autofeed = true; + elgg_push_context('group_profile'); + $group = get_entity($guid); if (!$group) { forward('groups/all'); @@ -245,6 +261,8 @@ function groups_handle_profile_page($guid) { elgg_push_breadcrumb($group->name); + groups_register_profile_buttons($group); + $content = elgg_view('groups/profile/layout', array('entity' => $group)); if (group_gatekeeper(false)) { $sidebar = ''; @@ -256,8 +274,6 @@ function groups_handle_profile_page($guid) { $sidebar = ''; } - groups_register_profile_buttons($group); - $params = array( 'content' => $content, 'sidebar' => $sidebar, diff --git a/mod/groups/start.php b/mod/groups/start.php index aeab0649a..c591410c5 100644 --- a/mod/groups/start.php +++ b/mod/groups/start.php @@ -93,7 +93,6 @@ function groups_init() { elgg_register_event_handler('join', 'group', 'groups_user_join_event_listener'); elgg_register_event_handler('leave', 'group', 'groups_user_leave_event_listener'); elgg_register_event_handler('pagesetup', 'system', 'groups_setup_sidebar_menus'); - elgg_register_event_handler('annotate', 'all', 'group_object_notifications'); elgg_register_plugin_hook_handler('access:collections:add_user', 'collection', 'groups_access_collection_override'); @@ -142,35 +141,34 @@ function groups_setup_sidebar_menus() { // Get the page owner entity $page_owner = elgg_get_page_owner_entity(); - if (elgg_get_context() == 'groups') { - if ($page_owner instanceof ElggGroup) { - if (elgg_is_logged_in() && $page_owner->canEdit() && !$page_owner->isPublicMembership()) { - $url = elgg_get_site_url() . "groups/requests/{$page_owner->getGUID()}"; - elgg_register_menu_item('page', array( - 'name' => 'membership_requests', - 'text' => elgg_echo('groups:membershiprequests'), - 'href' => $url, - )); - } - } else { + if (elgg_in_context('group_profile')) { + if (elgg_is_logged_in() && $page_owner->canEdit() && !$page_owner->isPublicMembership()) { + $url = elgg_get_site_url() . "groups/requests/{$page_owner->getGUID()}"; elgg_register_menu_item('page', array( - 'name' => 'groups:all', - 'text' => elgg_echo('groups:all'), - 'href' => 'groups/all', + 'name' => 'membership_requests', + 'text' => elgg_echo('groups:membershiprequests'), + 'href' => $url, )); + } + } + if (elgg_get_context() == 'groups' && !elgg_instanceof($page_owner, 'group')) { + elgg_register_menu_item('page', array( + 'name' => 'groups:all', + 'text' => elgg_echo('groups:all'), + 'href' => 'groups/all', + )); - $user = elgg_get_logged_in_user_entity(); - if ($user) { - $url = "groups/owner/$user->username"; - $item = new ElggMenuItem('groups:owned', elgg_echo('groups:owned'), $url); - elgg_register_menu_item('page', $item); - $url = "groups/member/$user->username"; - $item = new ElggMenuItem('groups:member', elgg_echo('groups:yours'), $url); - elgg_register_menu_item('page', $item); - $url = "groups/invitations/$user->username"; - $item = new ElggMenuItem('groups:user:invites', elgg_echo('groups:invitations'), $url); - elgg_register_menu_item('page', $item); - } + $user = elgg_get_logged_in_user_entity(); + if ($user) { + $url = "groups/owner/$user->username"; + $item = new ElggMenuItem('groups:owned', elgg_echo('groups:owned'), $url); + elgg_register_menu_item('page', $item); + $url = "groups/member/$user->username"; + $item = new ElggMenuItem('groups:member', elgg_echo('groups:yours'), $url); + elgg_register_menu_item('page', $item); + $url = "groups/invitations/$user->username"; + $item = new ElggMenuItem('groups:user:invites', elgg_echo('groups:invitations'), $url); + elgg_register_menu_item('page', $item); } } } @@ -198,6 +196,10 @@ function groups_page_handler($page) { elgg_load_library('elgg:groups'); + if (!isset($page[0])) { + $page[0] = 'all'; + } + elgg_push_breadcrumb(elgg_echo('groups'), "groups/all"); switch ($page[0]) { @@ -284,12 +286,21 @@ function groups_url($entity) { * @return string Relative URL */ function groups_icon_url_override($hook, $type, $returnvalue, $params) { + /* @var ElggGroup $group */ $group = $params['entity']; $size = $params['size']; - if (isset($group->icontime)) { + $icontime = $group->icontime; + // handle missing metadata (pre 1.7 installations) + if (null === $icontime) { + $file = new ElggFile(); + $file->owner_guid = $group->owner_guid; + $file->setFilename("groups/" . $group->guid . "large.jpg"); + $icontime = $file->exists() ? time() : 0; + create_metadata($group->guid, 'icontime', $icontime, 'integer', $group->owner_guid, ACCESS_PUBLIC); + } + if ($icontime) { // return thumbnail - $icontime = $group->icontime; return "groupicon/$group->guid/$size/$icontime.jpg"; } @@ -714,6 +725,7 @@ function discussion_init() { elgg_register_library('elgg:discussion', elgg_get_plugins_path() . 'groups/lib/discussion.php'); elgg_register_page_handler('discussion', 'discussion_page_handler'); + elgg_register_page_handler('forum', 'discussion_forum_page_handler'); elgg_register_entity_url_handler('object', 'groupforumtopic', 'discussion_override_topic_url'); @@ -740,8 +752,24 @@ function discussion_init() { elgg_extend_view('groups/tool_latest', 'discussion/group_module'); // notifications - register_notification_object('object', 'groupforumtopic', elgg_echo('groupforumtopic:new')); + register_notification_object('object', 'groupforumtopic', elgg_echo('discussion:notification:topic:subject')); elgg_register_plugin_hook_handler('notify:entity:message', 'object', 'groupforumtopic_notify_message'); + elgg_register_event_handler('create', 'annotation', 'discussion_reply_notifications'); + elgg_register_plugin_hook_handler('notify:annotation:message', 'group_topic_post', 'discussion_create_reply_notification'); +} + +/** + * Exists for backwards compatibility for Elgg 1.7 + */ +function discussion_forum_page_handler($page) { + switch ($page[0]) { + case 'topic': + header('Status: 301 Moved Permanently'); + forward("/discussion/view/{$page[1]}/{$page[2]}"); + break; + default: + return false; + } } /** @@ -761,6 +789,10 @@ function discussion_page_handler($page) { elgg_load_library('elgg:discussion'); + if (!isset($page[0])) { + $page[0] = 'all'; + } + elgg_push_breadcrumb(elgg_echo('discussion'), 'discussion/all'); switch ($page[0]) { @@ -792,7 +824,7 @@ function discussion_page_handler($page) { * @return string */ function discussion_override_topic_url($entity) { - return 'discussion/view/' . $entity->guid; + return 'discussion/view/' . $entity->guid . '/' . elgg_get_friendly_title($entity->title); } /** @@ -848,36 +880,16 @@ function discussion_add_to_river_menu($hook, $type, $return, $params) { } /** - * Event handler for group forum posts + * Create discussion notification body * - */ -function group_object_notifications($event, $object_type, $object) { - - static $flag; - if (!isset($flag)) { - $flag = 0; - } - - if (is_callable('object_notifications')) - if ($object instanceof ElggObject) { - if ($object->getSubtype() == 'groupforumtopic') { - if ($flag == 0) { - $flag = 1; - object_notifications($event, $object_type, $object); - } - } - } -} - -/** - * Returns a more meaningful message + * @todo namespace method with 'discussion' * - * @param unknown_type $hook - * @param unknown_type $entity_type - * @param unknown_type $returnvalue - * @param unknown_type $params + * @param string $hook + * @param string $type + * @param string $message + * @param array $params */ -function groupforumtopic_notify_message($hook, $entity_type, $returnvalue, $params) { +function groupforumtopic_notify_message($hook, $type, $message, $params) { $entity = $params['entity']; $to_entity = $params['to_entity']; $method = $params['method']; @@ -897,11 +909,103 @@ function groupforumtopic_notify_message($hook, $entity_type, $returnvalue, $para $entity->getURL() )); } - + return null; } /** + * Create discussion reply notification body + * + * @param string $hook + * @param string $type + * @param string $message + * @param array $params + */ +function discussion_create_reply_notification($hook, $type, $message, $params) { + $reply = $params['annotation']; + $method = $params['method']; + $topic = $reply->getEntity(); + $poster = $reply->getOwnerEntity(); + $group = $topic->getContainerEntity(); + + return elgg_echo('discussion:notification:reply:body', array( + $poster->name, + $topic->title, + $group->name, + $reply->value, + $topic->getURL(), + )); +} + +/** + * Catch reply to discussion topic and generate notifications + * + * @todo this will be replaced in Elgg 1.9 and is a clone of object_notifications() + * + * @param string $event + * @param string $type + * @param ElggAnnotation $annotation + * @return void + */ +function discussion_reply_notifications($event, $type, $annotation) { + global $CONFIG, $NOTIFICATION_HANDLERS; + + if ($annotation->name !== 'group_topic_post') { + return; + } + + // Have we registered notifications for this type of entity? + $object_type = 'object'; + $object_subtype = 'groupforumtopic'; + + $topic = $annotation->getEntity(); + if (!$topic) { + return; + } + + $poster = $annotation->getOwnerEntity(); + if (!$poster) { + return; + } + + if (isset($CONFIG->register_objects[$object_type][$object_subtype])) { + $subject = $CONFIG->register_objects[$object_type][$object_subtype]; + $string = $subject . ": " . $topic->getURL(); + + // Get users interested in content from this person and notify them + // (Person defined by container_guid so we can also subscribe to groups if we want) + foreach ($NOTIFICATION_HANDLERS as $method => $foo) { + $interested_users = elgg_get_entities_from_relationship(array( + 'relationship' => 'notify' . $method, + 'relationship_guid' => $topic->getContainerGUID(), + 'inverse_relationship' => true, + 'types' => 'user', + 'limit' => 0, + )); + + if ($interested_users && is_array($interested_users)) { + foreach ($interested_users as $user) { + if ($user instanceof ElggUser && !$user->isBanned()) { + if (($user->guid != $poster->guid) && has_access_to_entity($topic, $user) && $topic->access_id != ACCESS_PRIVATE) { + $body = elgg_trigger_plugin_hook('notify:annotation:message', $annotation->getSubtype(), array( + 'annotation' => $annotation, + 'to_entity' => $user, + 'method' => $method), $string); + if (empty($body) && $body !== false) { + $body = $string; + } + if ($body !== false) { + notify_user($user->guid, $topic->getContainerGUID(), $subject, $body, null, array($method)); + } + } + } + } + } + } + } +} + +/** * A simple function to see who can edit a group discussion post * @param the comment $entity * @param user who owns the group $group_owner diff --git a/mod/groups/topicposts.php b/mod/groups/topicposts.php index f9dd3344b..d0137e2f5 100644 --- a/mod/groups/topicposts.php +++ b/mod/groups/topicposts.php @@ -10,10 +10,10 @@ // Load Elgg engine require_once(dirname(dirname(dirname(__FILE__))) . "/engine/start.php"); -elgg_load_library('elgg:topic'); +elgg_load_library('elgg:discussion'); $guid = get_input('topic'); register_error(elgg_echo('changebookmark')); -topic_handle_view_page($guid); +forward("/discussion/view/$guid"); diff --git a/mod/groups/views/default/forms/groups/edit.php b/mod/groups/views/default/forms/groups/edit.php index 26436ef01..7540d1bf9 100644 --- a/mod/groups/views/default/forms/groups/edit.php +++ b/mod/groups/views/default/forms/groups/edit.php @@ -5,8 +5,16 @@ * @package ElggGroups */ +if (elgg_is_sticky_form('groups')) { + $sticky_values = elgg_get_sticky_values('groups'); + elgg_clear_sticky_form('groups'); +} + // new groups default to open membership -if (isset($vars['entity'])) { +if (isset($sticky_values)) { + $membership = $sticky_values['membership']; + $access = $sticky_values['access_id']; +} elseif (isset($vars['entity'])) { $membership = $vars['entity']->membership; $access = $vars['entity']->access_id; if ($access != ACCESS_PUBLIC && $access != ACCESS_LOGGED_IN) { @@ -27,7 +35,7 @@ if (isset($vars['entity'])) { <label><?php echo elgg_echo("groups:name"); ?></label><br /> <?php echo elgg_view("input/text", array( 'name' => 'name', - 'value' => $vars['entity']->name, + 'value' => isset($sticky_values['name']) ? $sticky_values['name'] : $vars['entity']->name, )); ?> </div> @@ -45,7 +53,7 @@ if ($group_profile_fields > 0) { echo "</label>$line_break"; echo elgg_view("input/{$valtype}", array( 'name' => $shortname, - 'value' => $vars['entity']->$shortname, + 'value' => isset($sticky_values[$shortname]) ? $sticky_values[$shortname] : $vars['entity']->$shortname, )); echo '</div>'; } @@ -55,7 +63,7 @@ if ($group_profile_fields > 0) { <div> <label> <?php echo elgg_echo('groups:membership'); ?><br /> - <?php echo elgg_view('input/access', array( + <?php echo elgg_view('input/dropdown', array( 'name' => 'membership', 'value' => $membership, 'options_values' => array( diff --git a/mod/groups/views/default/groups/sidebar/members.php b/mod/groups/views/default/groups/sidebar/members.php index 49f14697c..11273d0e6 100644 --- a/mod/groups/views/default/groups/sidebar/members.php +++ b/mod/groups/views/default/groups/sidebar/members.php @@ -8,7 +8,7 @@ * @uses $vars['limit'] The number of members to display */ -$limit = elgg_extract('limit', $vars, 10); +$limit = elgg_extract('limit', $vars, 14); $all_link = elgg_view('output/url', array( 'href' => 'groups/members/' . $vars['entity']->guid, @@ -24,6 +24,7 @@ $body = elgg_list_entities_from_relationship(array( 'limit' => $limit, 'list_type' => 'gallery', 'gallery_class' => 'elgg-gallery-users', + 'pagination' => false )); $body .= "<div class='center mts'>$all_link</div>"; diff --git a/mod/groups/views/default/plugins/groups/settings.php b/mod/groups/views/default/plugins/groups/settings.php index 7197dcb37..41ea146db 100644 --- a/mod/groups/views/default/plugins/groups/settings.php +++ b/mod/groups/views/default/plugins/groups/settings.php @@ -8,6 +8,11 @@ if (!isset($vars['entity']->hidden_groups)) { $vars['entity']->hidden_groups = 'no'; } +// set default value +if (!isset($vars['entity']->limited_groups)) { + $vars['entity']->limited_groups = 'no'; +} + echo '<div>'; echo elgg_echo('groups:allowhiddengroups'); echo ' '; @@ -20,3 +25,16 @@ echo elgg_view('input/dropdown', array( 'value' => $vars['entity']->hidden_groups, )); echo '</div>'; + +echo '<div>'; +echo elgg_echo('groups:whocancreate'); +echo ' '; +echo elgg_view('input/dropdown', array( + 'name' => 'params[limited_groups]', + 'options_values' => array( + 'no' => elgg_echo('LOGGED_IN'), + 'yes' => elgg_echo('admin') + ), + 'value' => $vars['entity']->limited_groups, +)); +echo '</div>'; diff --git a/mod/htmlawed/manifest.xml b/mod/htmlawed/manifest.xml index 5c1f14cb5..6807e96a4 100644 --- a/mod/htmlawed/manifest.xml +++ b/mod/htmlawed/manifest.xml @@ -2,13 +2,13 @@ <plugin_manifest xmlns="http://www.elgg.org/plugin_manifest/1.8"> <name>HTMLawed</name> <author>Core developers</author> - <version>1.5</version> + <version>1.8</version> <category>bundled</category> <category>security</category> - <description>Provides security filtering. Disabling this plugin is extremely insecure. DO NOT DISABLE.</description> + <description>Provides security filtering. Running a site with this plugin disabled is extremely insecure. DO NOT DISABLE.</description> <website>http://www.elgg.org/</website> <copyright>See COPYRIGHT.txt</copyright> - <license>GNU General Public License version 3</license> + <license>GNU General Public License version 2</license> <requires> <type>elgg_release</type> <version>1.8</version> diff --git a/mod/htmlawed/start.php b/mod/htmlawed/start.php index 10bea2a52..12b6470a3 100644 --- a/mod/htmlawed/start.php +++ b/mod/htmlawed/start.php @@ -18,6 +18,8 @@ function htmlawed_init() { $lib = elgg_get_plugins_path() . "htmlawed/vendors/htmLawed/htmLawed.php"; elgg_register_library('htmlawed', $lib); + + elgg_register_plugin_hook_handler('unit_test', 'system', 'htmlawed_test'); } /** @@ -90,7 +92,13 @@ function htmLawedArray(&$v, $k, $htmlawed_config) { * @param array $attributes An array of attributes * @return string */ -function htmlawed_tag_post_processor($element, $attributes) { +function htmlawed_tag_post_processor($element, $attributes = false) { + if ($attributes === false) { + // This is a closing tag. Prevent further processing to avoid inserting a duplicate tag + + return "</${element}>"; + } + // these are the default styles used by tinymce. $allowed_styles = array( 'color', 'cursor', 'text-align', 'vertical-align', 'font-size', @@ -143,3 +151,15 @@ function htmlawed_tag_post_processor($element, $attributes) { $r = "<$element$string>"; return $r; } + +/** + * Runs unit tests for htmlawed + * + * @return array + * */ +function htmlawed_test($hook, $type, $value, $params) { + global $CONFIG; + + $value[] = dirname(__FILE__) . '/tests/tags.php'; + return $value; +} diff --git a/mod/htmlawed/tests/tags.php b/mod/htmlawed/tests/tags.php new file mode 100644 index 000000000..b3914a9d6 --- /dev/null +++ b/mod/htmlawed/tests/tags.php @@ -0,0 +1,45 @@ +<?php +/** + * Dupplicated tags in htmlawed + */ +class HtmLawedDuplicateTagsTest extends ElggCoreUnitTest { + + /** + * Called before each test object. + */ + public function __construct() { + parent::__construct(); + } + + /** + * Called before each test method. + */ + public function setUp() { + } + + /** + * Called after each test method. + */ + public function tearDown() { + // do not allow SimpleTest to interpret Elgg notices as exceptions + $this->swallowErrors(); + } + + /** + * Called after each test object. + */ + public function __destruct() { + elgg_set_ignore_access($this->ia); + // all __destruct() code should go above here + parent::__destruct(); + } + + public function testNotDuplicateTags() { + $filter_html = '<ul><li>item</li></ul>'; + set_input('test', $filter_html); + + $expected = $filter_html; + $result = get_input('test'); + $this->assertEqual($result, $expected); + } +}
\ No newline at end of file diff --git a/mod/htmlawed/vendors/htmLawed/htmLawed.php b/mod/htmlawed/vendors/htmLawed/htmLawed.php index 2556fdcf2..0d9624961 100644..100755 --- a/mod/htmlawed/vendors/htmLawed/htmLawed.php +++ b/mod/htmlawed/vendors/htmLawed/htmLawed.php @@ -1,9 +1,9 @@ <?php /* -htmLawed 1.1.9, 22 December 2009 +htmLawed 1.1.11, 5 June 2012 Copyright Santosh Patnaik -GPL v3 license +Dual licensed with LGPL 3 and GPL 2 or later A PHP Labware internal utility; www.bioinformatics.org/phplabware/internal_utilities/htmLawed See htmLawed_README.txt/htm @@ -51,7 +51,7 @@ foreach(explode(';', str_replace(array(' ', "\t", "\r", "\n"), '', $x)) as $v){ if($x2){$C['schemes'][$x] = array_flip(explode(',', $x2));} } if(!isset($C['schemes']['*'])){$C['schemes']['*'] = array('file'=>1, 'http'=>1, 'https'=>1,);} -if(!empty($C['safe']) && empty($C['schemes']['style'])){$C['schemes']['style'] = array('nil'=>1);} +if(!empty($C['safe']) && empty($C['schemes']['style'])){$C['schemes']['style'] = array('!'=>1);} $C['abs_url'] = isset($C['abs_url']) ? $C['abs_url'] : 0; if(!isset($C['base_url']) or !preg_match('`^[a-zA-Z\d.+\-]+://[^/]+/(.+?/)?$`', $C['base_url'])){ $C['base_url'] = $C['abs_url'] = 0; @@ -65,6 +65,7 @@ $C['cdata'] = isset($C['cdata']) ? $C['cdata'] : (empty($C['safe']) ? 3 : 0); $C['clean_ms_char'] = empty($C['clean_ms_char']) ? 0 : $C['clean_ms_char']; $C['comment'] = isset($C['comment']) ? $C['comment'] : (empty($C['safe']) ? 3 : 0); $C['css_expression'] = empty($C['css_expression']) ? 0 : 1; +$C['direct_list_nest'] = empty($C['direct_list_nest']) ? 0 : 1; $C['hexdec_entity'] = isset($C['hexdec_entity']) ? $C['hexdec_entity'] : 1; $C['hook'] = (!empty($C['hook']) && function_exists($C['hook'])) ? $C['hook'] : 0; $C['hook_tag'] = (!empty($C['hook_tag']) && function_exists($C['hook_tag'])) ? $C['hook_tag'] : 0; @@ -149,14 +150,15 @@ $cI = array('a'=>1, 'abbr'=>1, 'acronym'=>1, 'address'=>1, 'b'=>1, 'bdo'=>1, 'bi $cN = array('a'=>array('a'=>1), 'button'=>array('a'=>1, 'button'=>1, 'fieldset'=>1, 'form'=>1, 'iframe'=>1, 'input'=>1, 'label'=>1, 'select'=>1, 'textarea'=>1), 'fieldset'=>array('fieldset'=>1), 'form'=>array('form'=>1), 'label'=>array('label'=>1), 'noscript'=>array('script'=>1), 'pre'=>array('big'=>1, 'font'=>1, 'img'=>1, 'object'=>1, 'script'=>1, 'small'=>1, 'sub'=>1, 'sup'=>1), 'rb'=>array('ruby'=>1), 'rt'=>array('ruby'=>1)); // Illegal $cN2 = array_keys($cN); $cR = array('blockquote'=>1, 'dir'=>1, 'dl'=>1, 'form'=>1, 'map'=>1, 'menu'=>1, 'noscript'=>1, 'ol'=>1, 'optgroup'=>1, 'rbc'=>1, 'rtc'=>1, 'ruby'=>1, 'select'=>1, 'table'=>1, 'tbody'=>1, 'tfoot'=>1, 'thead'=>1, 'tr'=>1, 'ul'=>1); -$cS = array('colgroup'=>array('col'=>1), 'dir'=>array('li'), 'dl'=>array('dd'=>1, 'dt'=>1), 'menu'=>array('li'=>1), 'ol'=>array('li'=>1), 'optgroup'=>array('option'=>1), 'option'=>array('#pcdata'=>1), 'rbc'=>array('rb'=>1), 'rp'=>array('#pcdata'=>1), 'rtc'=>array('rt'=>1), 'ruby'=>array('rb'=>1, 'rbc'=>1, 'rp'=>1, 'rt'=>1, 'rtc'=>1), 'select'=>array('optgroup'=>1, 'option'=>1), 'script'=>array('#pcdata'=>1), 'table'=>array('caption'=>1, 'col'=>1, 'colgroup'=>1, 'tfoot'=>1, 'tbody'=>1, 'tr'=>1, 'thead'=>1), 'tbody'=>array('tr'=>1), 'tfoot'=>array('tr'=>1), 'textarea'=>array('#pcdata'=>1), 'thead'=>array('tr'=>1), 'tr'=>array('td'=>1, 'th'=>1), 'ul'=>array('li'=>1)); // Specific - immediate parent-child +$cS = array('colgroup'=>array('col'=>1), 'dir'=>array('li'=>1), 'dl'=>array('dd'=>1, 'dt'=>1), 'menu'=>array('li'=>1), 'ol'=>array('li'=>1), 'optgroup'=>array('option'=>1), 'option'=>array('#pcdata'=>1), 'rbc'=>array('rb'=>1), 'rp'=>array('#pcdata'=>1), 'rtc'=>array('rt'=>1), 'ruby'=>array('rb'=>1, 'rbc'=>1, 'rp'=>1, 'rt'=>1, 'rtc'=>1), 'select'=>array('optgroup'=>1, 'option'=>1), 'script'=>array('#pcdata'=>1), 'table'=>array('caption'=>1, 'col'=>1, 'colgroup'=>1, 'tfoot'=>1, 'tbody'=>1, 'tr'=>1, 'thead'=>1), 'tbody'=>array('tr'=>1), 'tfoot'=>array('tr'=>1), 'textarea'=>array('#pcdata'=>1), 'thead'=>array('tr'=>1), 'tr'=>array('td'=>1, 'th'=>1), 'ul'=>array('li'=>1)); // Specific - immediate parent-child +if($GLOBALS['C']['direct_list_nest']){$cS['ol'] = $cS['ul'] += array('ol'=>1, 'ul'=>1);} $cO = array('address'=>array('p'=>1), 'applet'=>array('param'=>1), 'blockquote'=>array('script'=>1), 'fieldset'=>array('legend'=>1, '#pcdata'=>1), 'form'=>array('script'=>1), 'map'=>array('area'=>1), 'object'=>array('param'=>1, 'embed'=>1)); // Other $cT = array('colgroup'=>1, 'dd'=>1, 'dt'=>1, 'li'=>1, 'option'=>1, 'p'=>1, 'td'=>1, 'tfoot'=>1, 'th'=>1, 'thead'=>1, 'tr'=>1); // Omitable closing // block/inline type; ins & del both type; #pcdata: text $eB = array('address'=>1, 'blockquote'=>1, 'center'=>1, 'del'=>1, 'dir'=>1, 'dl'=>1, 'div'=>1, 'fieldset'=>1, 'form'=>1, 'ins'=>1, 'h1'=>1, 'h2'=>1, 'h3'=>1, 'h4'=>1, 'h5'=>1, 'h6'=>1, 'hr'=>1, 'isindex'=>1, 'menu'=>1, 'noscript'=>1, 'ol'=>1, 'p'=>1, 'pre'=>1, 'table'=>1, 'ul'=>1); -$eI = array('#pcdata'=>1, 'a'=>1, 'abbr'=>1, 'acronym'=>1, 'applet'=>1, 'b'=>1, 'bdo'=>1, 'big'=>1, 'br'=>1, 'button'=>1, 'cite'=>1, 'code'=>1, 'del'=>1, 'dfn'=>1, 'em'=>1, 'embed'=>1, 'font'=>1, 'i'=>1, 'iframe'=>1, 'img'=>1, 'input'=>1, 'ins'=>1, 'kbd'=>1, 'label'=>1, 'map'=>1, 'object'=>1, 'param'=>1, 'q'=>1, 'ruby'=>1, 's'=>1, 'samp'=>1, 'select'=>1, 'script'=>1, 'small'=>1, 'span'=>1, 'strike'=>1, 'strong'=>1, 'sub'=>1, 'sup'=>1, 'textarea'=>1, 'tt'=>1, 'u'=>1, 'var'=>1); +$eI = array('#pcdata'=>1, 'a'=>1, 'abbr'=>1, 'acronym'=>1, 'applet'=>1, 'b'=>1, 'bdo'=>1, 'big'=>1, 'br'=>1, 'button'=>1, 'cite'=>1, 'code'=>1, 'del'=>1, 'dfn'=>1, 'em'=>1, 'embed'=>1, 'font'=>1, 'i'=>1, 'iframe'=>1, 'img'=>1, 'input'=>1, 'ins'=>1, 'kbd'=>1, 'label'=>1, 'map'=>1, 'object'=>1, 'q'=>1, 'ruby'=>1, 's'=>1, 'samp'=>1, 'select'=>1, 'script'=>1, 'small'=>1, 'span'=>1, 'strike'=>1, 'strong'=>1, 'sub'=>1, 'sup'=>1, 'textarea'=>1, 'tt'=>1, 'u'=>1, 'var'=>1); $eN = array('a'=>1, 'big'=>1, 'button'=>1, 'fieldset'=>1, 'font'=>1, 'form'=>1, 'iframe'=>1, 'img'=>1, 'input'=>1, 'label'=>1, 'object'=>1, 'ruby'=>1, 'script'=>1, 'select'=>1, 'small'=>1, 'sub'=>1, 'sup'=>1, 'textarea'=>1); // Exclude from specific ele; $cN values -$eO = array('area'=>1, 'caption'=>1, 'col'=>1, 'colgroup'=>1, 'dd'=>1, 'dt'=>1, 'legend'=>1, 'li'=>1, 'optgroup'=>1, 'option'=>1, 'rb'=>1, 'rbc'=>1, 'rp'=>1, 'rt'=>1, 'rtc'=>1, 'script'=>1, 'tbody'=>1, 'td'=>1, 'tfoot'=>1, 'thead'=>1, 'th'=>1, 'tr'=>1); // Missing in $eB & $eI +$eO = array('area'=>1, 'caption'=>1, 'col'=>1, 'colgroup'=>1, 'dd'=>1, 'dt'=>1, 'legend'=>1, 'li'=>1, 'optgroup'=>1, 'option'=>1, 'param'=>1, 'rb'=>1, 'rbc'=>1, 'rp'=>1, 'rt'=>1, 'rtc'=>1, 'script'=>1, 'tbody'=>1, 'td'=>1, 'tfoot'=>1, 'thead'=>1, 'th'=>1, 'tr'=>1); // Missing in $eB & $eI $eF = $eB + $eI; // $in sets allowed child @@ -295,20 +297,14 @@ function hl_cmtcd($t){ // comment/CDATA sec handler $t = $t[0]; global $C; -if($t[3] == '-'){ - if(!$C['comment']){return $t;} - if($C['comment'] == 1){return '';} +if(!($v = $C[$n = $t[3] == '-' ? 'comment' : 'cdata'])){return $t;} +if($v == 1){return '';} +if($n == 'comment'){ if(substr(($t = preg_replace('`--+`', '-', substr($t, 4, -3))), -1) != ' '){$t .= ' ';} - $t = $C['comment'] == 2 ? str_replace(array('&', '<', '>'), array('&', '<', '>'), $t) : $t; - $t = "\x01\x02\x04!--$t--\x05\x02\x01"; -}else{ // CDATA - if(!$C['cdata']){return $t;} - if($C['cdata'] == 1){return '';} - $t = substr($t, 1, -1); - $t = $C['cdata'] == 2 ? str_replace(array('&', '<', '>'), array('&', '<', '>'), $t) : $t; - $t = "\x01\x01\x04$t\x05\x01\x01"; -} -return str_replace(array('&', '<', '>'), array("\x03", "\x04", "\x05"), $t); +} +else{$t = substr($t, 1, -1);} +$t = $v == 2 ? str_replace(array('&', '<', '>'), array('&', '<', '>'), $t) : $t; +return str_replace(array('&', '<', '>'), array("\x03", "\x04", "\x05"), ($n == 'comment' ? "\x01\x02\x04!--$t--\x05\x02\x01" : "\x01\x01\x04$t\x05\x01\x01")); // eof } @@ -334,9 +330,11 @@ global $C; $b = $a = ''; if($c == null){$c = 'style'; $b = $p[1]; $a = $p[3]; $p = trim($p[2]);} $c = isset($C['schemes'][$c]) ? $C['schemes'][$c] : $C['schemes']['*']; -if(isset($c['*']) or !strcspn($p, '#?;')){return "{$b}{$p}{$a}";} // All ok, frag, query, param +static $d = 'denied:'; +if(isset($c['!']) && substr($p, 0, 7) != $d){$p = "$d$p";} +if(isset($c['*']) or !strcspn($p, '#?;') or (substr($p, 0, 7) == $d)){return "{$b}{$p}{$a}";} // All ok, frag, query, param if(preg_match('`^([a-z\d\-+.&#; ]+?)(:|&#(58|x3a);|%3a|\\\\0{0,4}3a).`i', $p, $m) && !isset($c[strtolower($m[1])])){ // Denied prot - return "{$b}denied:{$p}{$a}"; + return "{$b}{$d}{$p}{$a}"; } if($C['abs_url']){ if($C['abs_url'] == -1 && strpos($p, $C['base_url']) === 0){ // Make url rel @@ -429,11 +427,11 @@ if($C['make_tag_strict'] && isset($eD[$e])){ // close tag static $eE = array('area'=>1, 'br'=>1, 'col'=>1, 'embed'=>1, 'hr'=>1, 'img'=>1, 'input'=>1, 'isindex'=>1, 'param'=>1); // Empty ele if(!empty($m[1])){ - return (!isset($eE[$e]) ? "</$e>" : (($C['keep_bad'])%2 ? str_replace(array('<', '>'), array('<', '>'), $t) : '')); + return (!isset($eE[$e]) ? (empty($C['hook_tag']) ? "</$e>" : $C['hook_tag']($e)) : (($C['keep_bad'])%2 ? str_replace(array('<', '>'), array('<', '>'), $t) : '')); } // open tag & attr -static $aN = array('abbr'=>array('td'=>1, 'th'=>1), 'accept-charset'=>array('form'=>1), 'accept'=>array('form'=>1, 'input'=>1), 'accesskey'=>array('a'=>1, 'area'=>1, 'button'=>1, 'input'=>1, 'label'=>1, 'legend'=>1, 'textarea'=>1), 'action'=>array('form'=>1), 'align'=>array('caption'=>1, 'embed'=>1, 'applet'=>1, 'iframe'=>1, 'img'=>1, 'input'=>1, 'object'=>1, 'legend'=>1, 'table'=>1, 'hr'=>1, 'div'=>1, 'h1'=>1, 'h2'=>1, 'h3'=>1, 'h4'=>1, 'h5'=>1, 'h6'=>1, 'p'=>1, 'col'=>1, 'colgroup'=>1, 'tbody'=>1, 'td'=>1, 'tfoot'=>1, 'th'=>1, 'thead'=>1, 'tr'=>1), 'alt'=>array('applet'=>1, 'area'=>1, 'img'=>1, 'input'=>1), 'archive'=>array('applet'=>1, 'object'=>1), 'axis'=>array('td'=>1, 'th'=>1), 'bgcolor'=>array('embed'=>1, 'table'=>1, 'tr'=>1, 'td'=>1, 'th'=>1), 'border'=>array('table'=>1, 'img'=>1, 'object'=>1), 'bordercolor'=>array('table'=>1, 'td'=>1, 'tr'=>1), 'cellpadding'=>array('table'=>1), 'cellspacing'=>array('table'=>1), 'char'=>array('col'=>1, 'colgroup'=>1, 'tbody'=>1, 'td'=>1, 'tfoot'=>1, 'th'=>1, 'thead'=>1, 'tr'=>1), 'charoff'=>array('col'=>1, 'colgroup'=>1, 'tbody'=>1, 'td'=>1, 'tfoot'=>1, 'th'=>1, 'thead'=>1, 'tr'=>1), 'charset'=>array('a'=>1, 'script'=>1), 'checked'=>array('input'=>1), 'cite'=>array('blockquote'=>1, 'q'=>1, 'del'=>1, 'ins'=>1), 'classid'=>array('object'=>1), 'clear'=>array('br'=>1), 'code'=>array('applet'=>1), 'codebase'=>array('object'=>1, 'applet'=>1), 'codetype'=>array('object'=>1), 'color'=>array('font'=>1), 'cols'=>array('textarea'=>1), 'colspan'=>array('td'=>1, 'th'=>1), 'compact'=>array('dir'=>1, 'dl'=>1, 'menu'=>1, 'ol'=>1, 'ul'=>1), 'coords'=>array('area'=>1, 'a'=>1), 'data'=>array('object'=>1), 'datetime'=>array('del'=>1, 'ins'=>1), 'declare'=>array('object'=>1), 'defer'=>array('script'=>1), 'dir'=>array('bdo'=>1), 'disabled'=>array('button'=>1, 'input'=>1, 'optgroup'=>1, 'option'=>1, 'select'=>1, 'textarea'=>1), 'enctype'=>array('form'=>1), 'face'=>array('font'=>1), 'for'=>array('label'=>1), 'frame'=>array('table'=>1), 'frameborder'=>array('iframe'=>1), 'headers'=>array('td'=>1, 'th'=>1), 'height'=>array('embed'=>1, 'iframe'=>1, 'td'=>1, 'th'=>1, 'img'=>1, 'object'=>1, 'applet'=>1), 'href'=>array('a'=>1, 'area'=>1), 'hreflang'=>array('a'=>1), 'hspace'=>array('applet'=>1, 'img'=>1, 'object'=>1), 'ismap'=>array('img'=>1, 'input'=>1), 'label'=>array('option'=>1, 'optgroup'=>1), 'language'=>array('script'=>1), 'longdesc'=>array('img'=>1, 'iframe'=>1), 'marginheight'=>array('iframe'=>1), 'marginwidth'=>array('iframe'=>1), 'maxlength'=>array('input'=>1), 'method'=>array('form'=>1), 'model'=>array('embed'=>1), 'multiple'=>array('select'=>1), 'name'=>array('button'=>1, 'embed'=>1, 'textarea'=>1, 'applet'=>1, 'select'=>1, 'form'=>1, 'iframe'=>1, 'img'=>1, 'a'=>1, 'input'=>1, 'object'=>1, 'map'=>1, 'param'=>1), 'nohref'=>array('area'=>1), 'noshade'=>array('hr'=>1), 'nowrap'=>array('td'=>1, 'th'=>1), 'object'=>array('applet'=>1), 'onblur'=>array('a'=>1, 'area'=>1, 'button'=>1, 'input'=>1, 'label'=>1, 'select'=>1, 'textarea'=>1), 'onchange'=>array('input'=>1, 'select'=>1, 'textarea'=>1), 'onfocus'=>array('a'=>1, 'area'=>1, 'button'=>1, 'input'=>1, 'label'=>1, 'select'=>1, 'textarea'=>1), 'onreset'=>array('form'=>1), 'onselect'=>array('input'=>1, 'textarea'=>1), 'onsubmit'=>array('form'=>1), 'pluginspage'=>array('embed'=>1), 'pluginurl'=>array('embed'=>1), 'prompt'=>array('isindex'=>1), 'readonly'=>array('textarea'=>1, 'input'=>1), 'rel'=>array('a'=>1), 'rev'=>array('a'=>1), 'rows'=>array('textarea'=>1), 'rowspan'=>array('td'=>1, 'th'=>1), 'rules'=>array('table'=>1), 'scope'=>array('td'=>1, 'th'=>1), 'scrolling'=>array('iframe'=>1), 'selected'=>array('option'=>1), 'shape'=>array('area'=>1, 'a'=>1), 'size'=>array('hr'=>1, 'font'=>1, 'input'=>1, 'select'=>1), 'span'=>array('col'=>1, 'colgroup'=>1), 'src'=>array('embed'=>1, 'script'=>1, 'input'=>1, 'iframe'=>1, 'img'=>1), 'standby'=>array('object'=>1), 'start'=>array('ol'=>1), 'summary'=>array('table'=>1), 'tabindex'=>array('a'=>1, 'area'=>1, 'button'=>1, 'input'=>1, 'object'=>1, 'select'=>1, 'textarea'=>1), 'target'=>array('a'=>1, 'area'=>1, 'form'=>1), 'type'=>array('a'=>1, 'embed'=>1, 'object'=>1, 'param'=>1, 'script'=>1, 'input'=>1, 'li'=>1, 'ol'=>1, 'ul'=>1, 'button'=>1), 'usemap'=>array('img'=>1, 'input'=>1, 'object'=>1), 'valign'=>array('col'=>1, 'colgroup'=>1, 'tbody'=>1, 'td'=>1, 'tfoot'=>1, 'th'=>1, 'thead'=>1, 'tr'=>1), 'value'=>array('input'=>1, 'option'=>1, 'param'=>1, 'button'=>1, 'li'=>1), 'valuetype'=>array('param'=>1), 'vspace'=>array('applet'=>1, 'img'=>1, 'object'=>1), 'width'=>array('embed'=>1, 'hr'=>1, 'iframe'=>1, 'img'=>1, 'object'=>1, 'table'=>1, 'td'=>1, 'th'=>1, 'applet'=>1, 'col'=>1, 'colgroup'=>1, 'pre'=>1), 'wmode'=>array('embed'=>1), 'xml:space'=>array('pre'=>1, 'script'=>1, 'style'=>1)); // Ele-specific +static $aN = array('abbr'=>array('td'=>1, 'th'=>1), 'accept-charset'=>array('form'=>1), 'accept'=>array('form'=>1, 'input'=>1), 'accesskey'=>array('a'=>1, 'area'=>1, 'button'=>1, 'input'=>1, 'label'=>1, 'legend'=>1, 'textarea'=>1), 'action'=>array('form'=>1), 'align'=>array('caption'=>1, 'embed'=>1, 'applet'=>1, 'iframe'=>1, 'img'=>1, 'input'=>1, 'object'=>1, 'legend'=>1, 'table'=>1, 'hr'=>1, 'div'=>1, 'h1'=>1, 'h2'=>1, 'h3'=>1, 'h4'=>1, 'h5'=>1, 'h6'=>1, 'p'=>1, 'col'=>1, 'colgroup'=>1, 'tbody'=>1, 'td'=>1, 'tfoot'=>1, 'th'=>1, 'thead'=>1, 'tr'=>1), 'alt'=>array('applet'=>1, 'area'=>1, 'img'=>1, 'input'=>1), 'archive'=>array('applet'=>1, 'object'=>1), 'axis'=>array('td'=>1, 'th'=>1), 'bgcolor'=>array('embed'=>1, 'table'=>1, 'tr'=>1, 'td'=>1, 'th'=>1), 'border'=>array('table'=>1, 'img'=>1, 'object'=>1), 'bordercolor'=>array('table'=>1, 'td'=>1, 'tr'=>1), 'cellpadding'=>array('table'=>1), 'cellspacing'=>array('table'=>1), 'char'=>array('col'=>1, 'colgroup'=>1, 'tbody'=>1, 'td'=>1, 'tfoot'=>1, 'th'=>1, 'thead'=>1, 'tr'=>1), 'charoff'=>array('col'=>1, 'colgroup'=>1, 'tbody'=>1, 'td'=>1, 'tfoot'=>1, 'th'=>1, 'thead'=>1, 'tr'=>1), 'charset'=>array('a'=>1, 'script'=>1), 'checked'=>array('input'=>1), 'cite'=>array('blockquote'=>1, 'q'=>1, 'del'=>1, 'ins'=>1), 'classid'=>array('object'=>1), 'clear'=>array('br'=>1), 'code'=>array('applet'=>1), 'codebase'=>array('object'=>1, 'applet'=>1), 'codetype'=>array('object'=>1), 'color'=>array('font'=>1), 'cols'=>array('textarea'=>1), 'colspan'=>array('td'=>1, 'th'=>1), 'compact'=>array('dir'=>1, 'dl'=>1, 'menu'=>1, 'ol'=>1, 'ul'=>1), 'coords'=>array('area'=>1, 'a'=>1), 'data'=>array('object'=>1), 'datetime'=>array('del'=>1, 'ins'=>1), 'declare'=>array('object'=>1), 'defer'=>array('script'=>1), 'dir'=>array('bdo'=>1), 'disabled'=>array('button'=>1, 'input'=>1, 'optgroup'=>1, 'option'=>1, 'select'=>1, 'textarea'=>1), 'enctype'=>array('form'=>1), 'face'=>array('font'=>1), 'flashvars'=>array('embed'=>1), 'for'=>array('label'=>1), 'frame'=>array('table'=>1), 'frameborder'=>array('iframe'=>1), 'headers'=>array('td'=>1, 'th'=>1), 'height'=>array('embed'=>1, 'iframe'=>1, 'td'=>1, 'th'=>1, 'img'=>1, 'object'=>1, 'applet'=>1), 'href'=>array('a'=>1, 'area'=>1), 'hreflang'=>array('a'=>1), 'hspace'=>array('applet'=>1, 'img'=>1, 'object'=>1), 'ismap'=>array('img'=>1, 'input'=>1), 'label'=>array('option'=>1, 'optgroup'=>1), 'language'=>array('script'=>1), 'longdesc'=>array('img'=>1, 'iframe'=>1), 'marginheight'=>array('iframe'=>1), 'marginwidth'=>array('iframe'=>1), 'maxlength'=>array('input'=>1), 'method'=>array('form'=>1), 'model'=>array('embed'=>1), 'multiple'=>array('select'=>1), 'name'=>array('button'=>1, 'embed'=>1, 'textarea'=>1, 'applet'=>1, 'select'=>1, 'form'=>1, 'iframe'=>1, 'img'=>1, 'a'=>1, 'input'=>1, 'object'=>1, 'map'=>1, 'param'=>1), 'nohref'=>array('area'=>1), 'noshade'=>array('hr'=>1), 'nowrap'=>array('td'=>1, 'th'=>1), 'object'=>array('applet'=>1), 'onblur'=>array('a'=>1, 'area'=>1, 'button'=>1, 'input'=>1, 'label'=>1, 'select'=>1, 'textarea'=>1), 'onchange'=>array('input'=>1, 'select'=>1, 'textarea'=>1), 'onfocus'=>array('a'=>1, 'area'=>1, 'button'=>1, 'input'=>1, 'label'=>1, 'select'=>1, 'textarea'=>1), 'onreset'=>array('form'=>1), 'onselect'=>array('input'=>1, 'textarea'=>1), 'onsubmit'=>array('form'=>1), 'pluginspage'=>array('embed'=>1), 'pluginurl'=>array('embed'=>1), 'prompt'=>array('isindex'=>1), 'readonly'=>array('textarea'=>1, 'input'=>1), 'rel'=>array('a'=>1), 'rev'=>array('a'=>1), 'rows'=>array('textarea'=>1), 'rowspan'=>array('td'=>1, 'th'=>1), 'rules'=>array('table'=>1), 'scope'=>array('td'=>1, 'th'=>1), 'scrolling'=>array('iframe'=>1), 'selected'=>array('option'=>1), 'shape'=>array('area'=>1, 'a'=>1), 'size'=>array('hr'=>1, 'font'=>1, 'input'=>1, 'select'=>1), 'span'=>array('col'=>1, 'colgroup'=>1), 'src'=>array('embed'=>1, 'script'=>1, 'input'=>1, 'iframe'=>1, 'img'=>1), 'standby'=>array('object'=>1), 'start'=>array('ol'=>1), 'summary'=>array('table'=>1), 'tabindex'=>array('a'=>1, 'area'=>1, 'button'=>1, 'input'=>1, 'object'=>1, 'select'=>1, 'textarea'=>1), 'target'=>array('a'=>1, 'area'=>1, 'form'=>1), 'type'=>array('a'=>1, 'embed'=>1, 'object'=>1, 'param'=>1, 'script'=>1, 'input'=>1, 'li'=>1, 'ol'=>1, 'ul'=>1, 'button'=>1), 'usemap'=>array('img'=>1, 'input'=>1, 'object'=>1), 'valign'=>array('col'=>1, 'colgroup'=>1, 'tbody'=>1, 'td'=>1, 'tfoot'=>1, 'th'=>1, 'thead'=>1, 'tr'=>1), 'value'=>array('input'=>1, 'option'=>1, 'param'=>1, 'button'=>1, 'li'=>1), 'valuetype'=>array('param'=>1), 'vspace'=>array('applet'=>1, 'img'=>1, 'object'=>1), 'width'=>array('embed'=>1, 'hr'=>1, 'iframe'=>1, 'img'=>1, 'object'=>1, 'table'=>1, 'td'=>1, 'th'=>1, 'applet'=>1, 'col'=>1, 'colgroup'=>1, 'pre'=>1), 'wmode'=>array('embed'=>1), 'xml:space'=>array('pre'=>1, 'script'=>1, 'style'=>1)); // Ele-specific static $aNE = array('checked'=>1, 'compact'=>1, 'declare'=>1, 'defer'=>1, 'disabled'=>1, 'ismap'=>1, 'multiple'=>1, 'nohref'=>1, 'noresize'=>1, 'noshade'=>1, 'nowrap'=>1, 'readonly'=>1, 'selected'=>1); // Empty static $aNP = array('action'=>1, 'cite'=>1, 'classid'=>1, 'codebase'=>1, 'data'=>1, 'href'=>1, 'longdesc'=>1, 'model'=>1, 'pluginspage'=>1, 'pluginurl'=>1, 'usemap'=>1); // Need scheme check; excludes style, on* & src static $aNU = array('class'=>array('param'=>1, 'script'=>1), 'dir'=>array('applet'=>1, 'bdo'=>1, 'br'=>1, 'iframe'=>1, 'param'=>1, 'script'=>1), 'id'=>array('script'=>1), 'lang'=>array('applet'=>1, 'br'=>1, 'iframe'=>1, 'param'=>1, 'script'=>1), 'xml:lang'=>array('applet'=>1, 'br'=>1, 'iframe'=>1, 'param'=>1, 'script'=>1), 'onclick'=>array('applet'=>1, 'bdo'=>1, 'br'=>1, 'font'=>1, 'iframe'=>1, 'isindex'=>1, 'param'=>1, 'script'=>1), 'ondblclick'=>array('applet'=>1, 'bdo'=>1, 'br'=>1, 'font'=>1, 'iframe'=>1, 'isindex'=>1, 'param'=>1, 'script'=>1), 'onkeydown'=>array('applet'=>1, 'bdo'=>1, 'br'=>1, 'font'=>1, 'iframe'=>1, 'isindex'=>1, 'param'=>1, 'script'=>1), 'onkeypress'=>array('applet'=>1, 'bdo'=>1, 'br'=>1, 'font'=>1, 'iframe'=>1, 'isindex'=>1, 'param'=>1, 'script'=>1), 'onkeyup'=>array('applet'=>1, 'bdo'=>1, 'br'=>1, 'font'=>1, 'iframe'=>1, 'isindex'=>1, 'param'=>1, 'script'=>1), 'onmousedown'=>array('applet'=>1, 'bdo'=>1, 'br'=>1, 'font'=>1, 'iframe'=>1, 'isindex'=>1, 'param'=>1, 'script'=>1), 'onmousemove'=>array('applet'=>1, 'bdo'=>1, 'br'=>1, 'font'=>1, 'iframe'=>1, 'isindex'=>1, 'param'=>1, 'script'=>1), 'onmouseout'=>array('applet'=>1, 'bdo'=>1, 'br'=>1, 'font'=>1, 'iframe'=>1, 'isindex'=>1, 'param'=>1, 'script'=>1), 'onmouseover'=>array('applet'=>1, 'bdo'=>1, 'br'=>1, 'font'=>1, 'iframe'=>1, 'isindex'=>1, 'param'=>1, 'script'=>1), 'onmouseup'=>array('applet'=>1, 'bdo'=>1, 'br'=>1, 'font'=>1, 'iframe'=>1, 'isindex'=>1, 'param'=>1, 'script'=>1), 'style'=>array('param'=>1, 'script'=>1), 'title'=>array('param'=>1, 'script'=>1)); // Univ & exceptions @@ -472,8 +470,8 @@ while(strlen($a)){ $aA[$nm] = ''; } break; case 2: // Val - if(preg_match('`^"[^"]*"`', $a, $m) or preg_match("`^'[^']*'`", $a, $m) or preg_match("`^\s*[^\s\"']+`", $a, $m)){ - $m = $m[0]; $w = 1; $mode = 0; $a = ltrim(substr_replace($a, '', 0, strlen($m))); + if(preg_match('`^((?:"[^"]*")|(?:\'[^\']*\')|(?:\s*[^\s"\']+))(.*)`', $a, $m)){ + $a = ltrim($m[2]); $m = $m[1]; $w = 1; $mode = 0; $aA[$nm] = trim(($m[0] == '"' or $m[0] == '\'') ? substr($m, 1, -1) : $m); } break; @@ -500,7 +498,7 @@ foreach($aA as $k=>$v){ static $sC = array(' '=>' ', ' '=>' ', 'E'=>'e', 'E'=>'e', 'e'=>'e', 'e'=>'e', 'X'=>'x', 'X'=>'x', 'x'=>'x', 'x'=>'x', 'P'=>'p', 'P'=>'p', 'p'=>'p', 'p'=>'p', 'S'=>'s', 'S'=>'s', 's'=>'s', 's'=>'s', 'I'=>'i', 'I'=>'i', 'i'=>'i', 'i'=>'i', 'O'=>'o', 'O'=>'o', 'o'=>'o', 'o'=>'o', 'N'=>'n', 'N'=>'n', 'n'=>'n', 'n'=>'n', 'U'=>'u', 'U'=>'u', 'u'=>'u', 'u'=>'u', 'R'=>'r', 'R'=>'r', 'r'=>'r', 'r'=>'r', 'L'=>'l', 'L'=>'l', 'l'=>'l', 'l'=>'l', '('=>'(', '('=>'(', ')'=>')', ')'=>')', ' '=>':', ' '=>':', '"'=>'"', '"'=>'"', '''=>"'", '''=>"'", '/'=>'/', '/'=>'/', '*'=>'*', '*'=>'*', '\'=>'\\', '\'=>'\\'); $v = strtr($v, $sC); } - $v = preg_replace_callback('`(url(?:\()(?: )*(?:\'|"|&(?:quot|apos);)?)(.+)((?:\'|"|&(?:quot|apos);)?(?: )*(?:\)))`iS', 'hl_prot', $v); + $v = preg_replace_callback('`(url(?:\()(?: )*(?:\'|"|&(?:quot|apos);)?)(.+?)((?:\'|"|&(?:quot|apos);)?(?: )*(?:\)))`iS', 'hl_prot', $v); $v = !$C['css_expression'] ? preg_replace('`expression`i', ' ', preg_replace('`\\\\\S|(/|(%2f))(\*|(%2a))`i', ' ', $v)) : $v; }elseif(isset($aNP[$k]) or strpos($k, 'src') !== false or $k[0] == 'o'){ $v = str_replace("\xad", ' ', (strpos($v, '&') !== false ? str_replace(array('­', '­', '­'), ' ', $v) : $v)); @@ -643,7 +641,7 @@ return ''; function hl_tidy($t, $w, $p){ // Tidy/compact HTM if(strpos(' pre,script,textarea', "$p,")){return $t;} -$t = str_replace(' </', '</', preg_replace(array('`(<\w[^>]*(?<!/)>)\s+`', '`\s+`', '`(<\w[^>]*(?<!/)>) `'), array(' $1', ' ', '$1'), preg_replace_callback(array('`(<(!\[CDATA\[))(.+?)(\]\]>)`sm', '`(<(!--))(.+?)(-->)`sm', '`(<(pre|script|textarea).*?>)(.+?)(</\2>)`sm'), create_function('$m', 'return $m[1]. str_replace(array("<", ">", "\n", "\r", "\t", " "), array("\x01", "\x02", "\x03", "\x04", "\x05", "\x07"), $m[3]). $m[4];'), $t))); +$t = str_replace(' </', '</', preg_replace(array('`(<\w[^>]*(?<!/)>)\s+`', '`\s+`', '`(<\w[^>]*(?<!/)>) `'), array(' $1', ' ', '$1'), preg_replace_callback(array('`(<(!\[CDATA\[))(.+?)(\]\]>)`sm', '`(<(!--))(.+?)(-->)`sm', '`(<(pre|script|textarea)[^>]*?>)(.+?)(</\2>)`sm'), create_function('$m', 'return $m[1]. str_replace(array("<", ">", "\n", "\r", "\t", " "), array("\x01", "\x02", "\x03", "\x04", "\x05", "\x07"), $m[3]). $m[4];'), $t))); if(($w = strtolower($w)) == -1){ return str_replace(array("\x01", "\x02", "\x03", "\x04", "\x05", "\x07"), array('<', '>', "\n", "\r", "\t", ' '), $t); } @@ -688,7 +686,7 @@ return str_replace(array("\x01", "\x02", "\x03", "\x04", "\x05", "\x07"), array( function hl_version(){ // rel -return '1.1.9'; +return '1.1.11'; // eof } diff --git a/mod/htmlawed/vendors/htmLawed/htmLawedTest.php b/mod/htmlawed/vendors/htmLawed/htmLawedTest.php index 160bd012d..806aa4641 100644..100755 --- a/mod/htmlawed/vendors/htmLawed/htmLawedTest.php +++ b/mod/htmlawed/vendors/htmLawed/htmLawedTest.php @@ -1,10 +1,10 @@ <?php /* -htmLawedTest.php, 16 July 2009 -htmLawed 1.1.9, 22 December 2009 +htmLawedTest.php, 22 October 2011 +htmLawed 1.1.11, 5 June 2012 Copyright Santosh Patnaik -GPL v3 license +Dual licensed with LGPL 3 and GPL 2 or later A PHP Labware internal utility - http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed Test htmLawed; user provides text input; input and processed input are shown as highlighted code and rendered HTML; also shown are execution time and peak memory usage @@ -44,7 +44,9 @@ if(get_magic_quotes_gpc()){ } ini_set('magic_quotes_gpc', 0); } -set_magic_quotes_runtime(0); +if(get_magic_quotes_runtime()){ + set_magic_quotes_runtime(0); +} $_POST['enc'] = (isset($_POST['enc']) and preg_match('`^[-\w]+$`', $_POST['enc'])) ? $_POST['enc'] : 'utf-8'; @@ -328,7 +330,7 @@ tRs = { a.appendChild(document.createTextNode("\u2195")); a.style.cursor = 'n-resize'; a.className= 'resizer'; - a.title = 'click-drag to resize' + a.title = 'click-drag to resize textarea' tRs.adEv(a, 'mousedown', tRs.initResize); textareas[i].parentNode.appendChild(a); } @@ -420,7 +422,7 @@ else{ } ?> -<span style="float:right;" class="help"><span style="font-size: 85%;">Encoding: </span><input type="text" size="8" id="enc" name="enc" style="vertical-align: middle;" value="<?php echo htmlspecialchars($_POST['enc']); ?>" title="IANA-recognized name of the input character-set; can be multiple ;- or space-separated values; may not work in some browsers" /></span> +<span style="float:right;" class="help" title="IANA-recognized name of the input character-set; can be multiple ;- or space-separated values; may not work in some browsers"><span style="font-size: 85%;">Encoding: </span><input type="text" size="8" id="enc" name="enc" style="vertical-align: middle;" value="<?php echo htmlspecialchars($_POST['enc']); ?>" /></span> </div> <br style="clear:both;" /> @@ -454,6 +456,7 @@ $cfg = array( 'comment'=>array('4', 'nil', 'allow HTML comments', 'nil'), 'css_expression'=>array('2', 'nil', 'allow dynamic expressions in CSS style properties', 'nil'), 'deny_attribute'=>array('1', '0', 'denied attributes', '0', '50', '', 'these'), +'direct_list_nest'=>array('2', 'nil', 'allow direct nesting of a list within another without requiring it to be a list item', 'nil'), 'elements'=>array('', '', 'allowed elements', '50'), 'hexdec_entity'=>array('3', '1', 'convert hexadecimal numeric entities to decimal ones, or vice versa', '0'), 'hook'=>array('', '', 'name of hook function', '25'), @@ -516,23 +519,23 @@ if($do){ } } - if($cfg['anti_link_spam'] && (!empty($cfg['anti_link_spam11']) or !empty($cfg['anti_link_spam12']))){ + if(isset($cfg['anti_link_spam']) && $cfg['anti_link_spam'] && (!empty($cfg['anti_link_spam11']) or !empty($cfg['anti_link_spam12']))){ $cfg['anti_link_spam'] = array($cfg['anti_link_spam11'], $cfg['anti_link_spam12']); } unset($cfg['anti_link_spam11'], $cfg['anti_link_spam12']); - if($cfg['anti_mail_spam'] == 1){ + if(isset($cfg['anti_mail_spam']) && $cfg['anti_mail_spam'] == 1){ $cfg['anti_mail_spam'] = isset($cfg['anti_mail_spam1'][0]) ? $cfg['anti_mail_spam1'] : 0; } unset($cfg['anti_mail_spam11']); - if($cfg['deny_attribute'] == 1){ + if(isset($cfg['deny_attribute']) && $cfg['deny_attribute'] == 1){ $cfg['deny_attribute'] = isset($cfg['deny_attribute1'][0]) ? $cfg['deny_attribute1'] : 0; } unset($cfg['deny_attribute1']); - if($cfg['tidy'] == 2){ + if(isset($cfg['tidy']) && $cfg['tidy'] == 2){ $cfg['tidy'] = isset($cfg['tidy2'][0]) ? $cfg['tidy2'] : 0; } unset($cfg['tidy2']); - if($cfg['unique_ids'] == 2){ + if(isset($cfg['unique_ids']) && $cfg['unique_ids'] == 2){ $cfg['unique_ids'] = isset($cfg['unique_ids2'][0]) ? $cfg['unique_ids2'] : 1; } unset($cfg['unique_ids2']); @@ -540,9 +543,9 @@ if($do){ $cfg['show_setting'] = 'hlcfg'; $st = microtime(); - $out = htmLawed($_POST['text'], $cfg, str_replace(array('$', '{'), '', $_POST['spec'])); + $out = htmLawed($_POST['text'], $cfg, $_POST['spec']); $et = microtime(); - echo '<br /><a href="htmLawedTest.php" title="[toggle visibility] syntax-highlighted" onclick="javascript:toggle(\'inputR\'); return false;"><span class="notice">Input code »</span></a> <span class="help" title="tags estimated as half of total > and < chars; values may be inaccurate for non-ASCII text"><small><big>', strlen($_POST['text']), '</big> chars, ~<big>', round((substr_count($_POST['text'], '>') + substr_count($_POST['text'], '<'))/2), '</big> tags</small> </span><div id="inputR" style="display: none;">', format($_POST['text']), '</div><script type="text/javascript">hl(\'inputR\');</script>', (!isset($_POST['text'][$_hlimit]) ? ' <a href="htmLawedTest.php" title="[toggle visibility] hexdump; non-viewable characters like line-returns are shown as dots" onclick="javascript:toggle(\'inputD\'); return false;"><span class="notice">Input binary » </span></a><div id="inputD" style="display: none;">'. hexdump($_POST['text']). '</div>' : ''), ' <a href="htmLawedTest.php" title="[toggle visibility] finalized internal settings as interpreted by htmLawed; for developers" onclick="javascript:toggle(\'settingF\'); return false;"><span class="notice">Finalized internal settings » </span></a> <div id="settingF" style="display: none;">', str_replace(array(' ', "\t", ' '), array(' ', ' ', ' '), nl2br(htmlspecialchars(print_r($GLOBALS['hlcfg']['config'], true)))), '</div><script type="text/javascript">hl(\'settingF\');</script>', '<br /><a href="htmLawedTest.php" title="[toggle visibility] suitable for copy-paste" onclick="javascript:toggle(\'outputF\'); return false;"><span class="notice">Output »</span></a> <span class="help" title="approx., server-specific value excluding the \'include()\' call"><small>htmLawed processing time <big>', number_format(((substr($et,0,9)) + (substr($et,-10)) - (substr($st,0,9)) - (substr($st,-10))),4), '</big> s</small></span>', (($mem = memory_get_peak_usage()) !== false ? '<span class="help"><small>, peak memory usage <big>'. round(($mem-$pre_mem)/1048576, 2). '</big> <small>MB</small>' : ''), '</small></span><div id="outputF" style="display: block;"><div><textarea id="text2" class="textarea" name="text2" rows="5" cols="100" style="width: 100%;">', htmlspecialchars($out), '</textarea></div><button type="button" onclick="javascript:document.getElementById(\'text2\').focus();document.getElementById(\'text2\').select()" title="select all to copy" style="float:right;">Select all</button>'; + echo '<br /><a href="htmLawedTest.php" title="[toggle visibility] syntax-highlighted" onclick="javascript:toggle(\'inputR\'); return false;"><span class="notice">Input code »</span></a> <span class="help" title="tags estimated as half of total > and < chars; values may be inaccurate for non-ASCII text"><small><big>', strlen($_POST['text']), '</big> chars, ~<big>', ($tag = round((substr_count($_POST['text'], '>') + substr_count($_POST['text'], '<'))/2)), '</big> tag', ($tag > 1 ? 's' : ''), '</small> </span><div id="inputR" style="display: none;">', format($_POST['text']), '</div><script type="text/javascript">hl(\'inputR\');</script>', (!isset($_POST['text'][$_hlimit]) ? ' <a href="htmLawedTest.php" title="[toggle visibility] hexdump; non-viewable characters like line-returns are shown as dots" onclick="javascript:toggle(\'inputD\'); return false;"><span class="notice">Input binary » </span></a><div id="inputD" style="display: none;">'. hexdump($_POST['text']). '</div>' : ''), ' <a href="htmLawedTest.php" title="[toggle visibility] finalized internal settings as interpreted by htmLawed; for developers" onclick="javascript:toggle(\'settingF\'); return false;"><span class="notice">Finalized internal settings » </span></a> <div id="settingF" style="display: none;">', str_replace(array(' ', "\t", ' '), array(' ', ' ', ' '), nl2br(htmlspecialchars(print_r($GLOBALS['hlcfg']['config'], true)))), '</div><script type="text/javascript">hl(\'settingF\');</script>', '<br /><a href="htmLawedTest.php" title="[toggle visibility] suitable for copy-paste" onclick="javascript:toggle(\'outputF\'); return false;"><span class="notice">Output »</span></a> <span class="help" title="approx., server-specific value excluding the \'include()\' call"><small>htmLawed processing time <big>', number_format(((substr($et,0,9)) + (substr($et,-10)) - (substr($st,0,9)) - (substr($st,-10))),4), '</big> s</small></span>', (($mem = memory_get_peak_usage()) !== false ? '<span class="help"><small>, peak memory usage <big>'. round(($mem-$pre_mem)/1048576, 2). '</big> <small>MB</small>' : ''), '</small></span><div id="outputF" style="display: block;"><div><textarea id="text2" class="textarea" name="text2" rows="5" cols="100" style="width: 100%;">', htmlspecialchars($out), '</textarea></div><button type="button" onclick="javascript:document.getElementById(\'text2\').focus();document.getElementById(\'text2\').select()" title="select all to copy" style="float:right;">Select all</button>'; if($_w3c_validate && $validation) { ?> diff --git a/mod/htmlawed/vendors/htmLawed/htmLawed_README.htm b/mod/htmlawed/vendors/htmLawed/htmLawed_README.htm index 7138ee9c0..6dd78fb2e 100644 --- a/mod/htmlawed/vendors/htmLawed/htmLawed_README.htm +++ b/mod/htmlawed/vendors/htmLawed/htmLawed_README.htm @@ -7,40 +7,74 @@ <meta name="keywords" content="htmLawed, HTM, HTML, HTML Tidy, converter, filter, formatter, purifier, sanitizer, XSS, input, PHP, software, code, script, security, cross-site scripting, hack, sanitize, remove, standards, tags, attributes, elements, htmLawed_README.txt, rTxt2htm, PHP Labware" /> <style type="text/css" media="all"> <!--/*--><![CDATA[/*><!--*/ -a {text-decoration:none; color: blue;}
-a:hover {color: red;}
-a:visited {color: blue;}
-body {margin: 0; padding: 0;}
-body, div, html, p {font-family: Georgia, 'Times new roman', Times;}
-code.code {font-family: 'Bitstream vera sans mono', 'Courier New', 'Courier', monospace;}
-div.comment {padding: 5px; color: #999999; font-size: 80%;}
-div.comment a {color: #6699cc;}
-div#body {width: 70%; margin: 5px; padding: 5px;} /* holds non-toc content */
-div#toc {position: fixed; top: 5px; left: 73%; z-index: 2; margin-top: 5px; margin-left: 5px; border: 1px solid gray; padding: 5px; background-color: #ededed; width: 23%; overflow: auto; max-height:94%; font-size: 90%;} /* holds content table (toc) */
-div#top {font-size: 14px; margin: 5px; padding: 5px;} /* holds all content */
-div.monospace {overflow: auto; font-family: 'Bitstream vera sans mono', 'Courier New', 'Courier', monospace;}
-div.sub-section {padding-left: 15px;}
-div.sub-sub-section {padding-left: 30px;}
-h1 {font-size: 22px; margin-top: 5px; margin-bottom: 5px;}
-h2 {font-size: 20px; float: left; margin-top: 15px; margin-bottom: 5px;}
-h3 {font-size: 18px; float: left; margin-top: 15px; margin-bottom: 5px;}
-h4 {font-size: 16px; float: left; margin-top: 15px; margin-bottom: 5px;}
-hr {margin-top: 15px; margin-bottom: 5px;}
-input, textarea {font-family: 'Bitstream vera sans mono', 'Courier New', 'Courier', monospace;}
-p.subtle {color: gray; padding: 0; padding-top: 10px; margin: 0;}
-p.subtle a, p.subtle a:visited {color: #6699cc;}
-span.item-no {color: black;}
-span.subtle {color: gray; margin: 0; padding:0;}
-span.subtle a, span.subtle a:visited {color: #6699cc;}
-span.term {font-family: 'Bitstream vera sans mono', 'Courier New', 'Courier', monospace;}
-span.toc-item {color: black;}
-span.totop {float: right; margin-top: 15px; margin-bottom: 5px;}
-span.totop a, span.totop a:visited {color: #6699cc;}
-@media screen { /* fixes for old IE */
- * html, * html body {overflow-y: auto!important; height: 100%; margin: 0; padding: 0;}
- * html div#body {height: 100%; overflow-y: auto; position: relative;}
- * html div#toc {position: absolute;}
-}
+a {text-decoration:none; color: blue;} + +a:hover {color: red;} + +a:visited {color: blue;} + +body {margin: 0; padding: 0;} + +body, div, html, p {font-family: Georgia, 'Times new roman', Times;} + +code.code {font-family: 'Bitstream vera sans mono', 'Courier New', 'Courier', monospace;} + +div.comment {padding: 5px; color: #999999; font-size: 80%;} + +div.comment a {color: #6699cc;} + +div#body {width: 70%; margin: 5px; padding: 5px;} /* holds non-toc content */ + +div#toc {position: fixed; top: 5px; left: 73%; z-index: 2; margin-top: 5px; margin-left: 5px; border: 1px solid gray; padding: 5px; background-color: #ededed; width: 23%; overflow: auto; max-height:94%; font-size: 90%;} /* holds content table (toc) */ + +div#top {font-size: 14px; margin: 5px; padding: 5px;} /* holds all content */ + +div.monospace {overflow: auto; font-family: 'Bitstream vera sans mono', 'Courier New', 'Courier', monospace;} + +div.sub-section {padding-left: 15px;} + +div.sub-sub-section {padding-left: 30px;} + +h1 {font-size: 22px; margin-top: 5px; margin-bottom: 5px;} + +h2 {font-size: 20px; float: left; margin-top: 15px; margin-bottom: 5px;} + +h3 {font-size: 18px; float: left; margin-top: 15px; margin-bottom: 5px;} + +h4 {font-size: 16px; float: left; margin-top: 15px; margin-bottom: 5px;} + +hr {margin-top: 15px; margin-bottom: 5px;} + +input, textarea {font-family: 'Bitstream vera sans mono', 'Courier New', 'Courier', monospace;} + +p.subtle {color: gray; padding: 0; padding-top: 10px; margin: 0;} + +p.subtle a, p.subtle a:visited {color: #6699cc;} + +span.item-no {color: black;} + +span.subtle {color: gray; margin: 0; padding:0;} + +span.subtle a, span.subtle a:visited {color: #6699cc;} + +span.term {font-family: 'Bitstream vera sans mono', 'Courier New', 'Courier', monospace;} + +span.toc-item {color: black;} + +span.totop {float: right; margin-top: 15px; margin-bottom: 5px;} + +span.totop a, span.totop a:visited {color: #6699cc;} + +@media screen { /* fixes for old IE */ + + * html, * html body {overflow-y: auto!important; height: 100%; margin: 0; padding: 0;} + + * html div#body {height: 100%; overflow-y: auto; position: relative;} + + * html div#toc {position: absolute;} + +} + /*]]>*/--> </style> <title>htmLawed documentation | htmLawed PHP software is a free, open-source, customizable HTML input purifier and filter</title> @@ -110,10 +144,10 @@ span.totop a, span.totop a:visited {color: #6699cc;} <div id="body"> <br /> -<div class="comment">htmLawed_README.txt, 22 December 2009<br /> -htmLawed 1.1.9, 22 December 2009<br /> +<div class="comment">htmLawed_README.txt, 8 June 2012<br /> +htmLawed 1.1.11, 5 June 2012<br /> Copyright Santosh Patnaik<br /> -GPL v3 license<br /> +Dual licensed with LGPL 3 and GPL 2 or later<br /> A PHP Labware internal utility - <a href="http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed">http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed</a> </div> <br /> @@ -222,7 +256,7 @@ A PHP Labware internal utility - <a href="http://www.bioinformatics.org/phpl <a name="s1.4" id="s1.4"></a><span class="item-no">1.4</span>  License & copyright </h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" /> <br /> -  htmLawed is free and open-source software licensed under GPL license version <a href="http://www.gnu.org/licenses/gpl-3.0.txt">3</a>, and copyrighted by Santosh Patnaik, MD, PhD.<br /> +  htmLawed is free and open-source software dual licensed under LGPL license version <a href="http://www.gnu.org/licenses/lgpl-3.0.txt">3</a> and GPL license version <a href="http://www.gnu.org/licenses/gpl-2.0.txt">2</a> or later, and copyrighted by Santosh Patnaik, MD, PhD.<br /> </div> <div class="sub-section"><h3> @@ -254,9 +288,11 @@ A PHP Labware internal utility - <a href="http://www.bioinformatics.org/phpl <a name="s2" id="s2"></a><span class="item-no">2</span>  Usage </h2><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" /> <br /> -  htmLawed should work with PHP 4.3 and higher. Either <span class="term">include()</span> the <span class="term">htmLawed.php</span> file or copy-paste the entire code.<br /> +  htmLawed should work with PHP 4.4 and higher. Either <span class="term">include()</span> the <span class="term">htmLawed.php</span> file or copy-paste the entire code.<br /> <br />   To easily <strong>test</strong> htmLawed using a form-based interface, use the provided <a href="htmLawedTest.php">demo</a> (<span class="term">htmLawed.php</span> and <span class="term">htmLawedTest.php</span> should be in the same directory on the web-server).<br /> +<br /> +  <strong>Note</strong>: For code for usage of the htmLawed class (for htmLawed in OOP), please refer to the <a href="http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed">htmLawed</a> website; the filtering itself can be configured, etc., as described here.<br /> <div class="sub-section"><h3> <a name="s2.1" id="s2.1"></a><span class="item-no">2.1</span>  Simple @@ -371,6 +407,12 @@ A PHP Labware internal utility - <a href="http://www.bioinformatics.org/phpl   <span class="term">string</span> - dictated by values in <span class="term">string</span><br />   <span class="term">on*</span> (like <span class="term">onfocus</span>) attributes not allowed - "<br /> <br /> +  <strong>direct_nest_list</strong><br /> +  Allow direct nesting of a list within another without requiring it to be a list item; see <a href="#s3.3.4">section 3.3.4</a><br /> +<br /> +  <span class="term">0</span> - no  *<br /> +  <span class="term">1</span> - yes<br /> +<br />   <strong>elements</strong><br />   Allowed HTML elements; see <a href="#s3.3">section 3.3</a><br /> <br /> @@ -441,11 +483,11 @@ A PHP Labware internal utility - <a href="http://www.bioinformatics.org/phpl   <span class="term">1</span> - will auto-adjust other relevant <span class="term">$config</span> parameters (indicated by <span class="term">"</span> in this list)<br /> <br />   <strong>schemes</strong><br /> -  Array of attribute-specific, comma-separated, lower-cased list of schemes (protocols) allowed in attributes accepting URLs; <span class="term">*</span> covers all unspecified attributes; see <a href="#s3.4.3">section 3.4.3</a><br /> +  Array of attribute-specific, comma-separated, lower-cased list of schemes (protocols) allowed in attributes accepting URLs (or <span class="term">!</span> to <em>deny</em> any URL); <span class="term">*</span> covers all unspecified attributes; see <a href="#s3.4.3">section 3.4.3</a><br /> <br />   <span class="term">href: aim, feed, file, ftp, gopher, http, https, irc, mailto, news, nntp, sftp, ssh, telnet; *:file, http, https</span>  *<br />   <span class="term">*: ftp, gopher, http, https, mailto, news, nntp, telnet</span>  ^<br /> -  <span class="term">href: aim, feed, file, ftp, gopher, http, https, irc, mailto, news, nntp, sftp, ssh, telnet; style: nil; *:file, http, https</span>  "<br /> +  <span class="term">href: aim, feed, file, ftp, gopher, http, https, irc, mailto, news, nntp, sftp, ssh, telnet; style: !; *:file, http, https</span>  "<br /> <br />   <strong>show_setting</strong><br />   Name of a PHP variable to assign the <em>finalized</em> <span class="term">$config</span> and <span class="term">$spec</span> values; see <a href="#s3.8">section 3.8</a><br /> @@ -541,7 +583,7 @@ A PHP Labware internal utility - <a href="http://www.bioinformatics.org/phpl   <em>Rule</em>: <span class="term">input=title(), value(maxval=8/default=6)</span><br />   <em>Output</em>: <span class="term"><input title="WIDTH" value="6" /><input title="length" value="5" /></span><br /> <br /> -  <em>Rule</em>: <span class="term">input=title(nomatch=$w.d$i), value(match=$em$/default=6em)</span><br /> +  <em>Rule</em>: <span class="term">input=title(nomatch=%w.d%i), value(match=%em%/default=6em)</span><br />   <em>Output</em>: <span class="term"><input value="10em" /><input title="length" value="6em" /></span><br /> <br />   <em>Rule</em>: <span class="term">input=title(oneof=height|depth/default=depth), value(noneof=5|6)</span><br /> @@ -565,9 +607,9 @@ A PHP Labware internal utility - <a href="http://www.bioinformatics.org/phpl <a name="s2.5" id="s2.5"></a><span class="item-no">2.5</span>  Some security risks to keep in mind </h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" /> <br /> -  When setting the parameters/arguments (like those to allow certain HTML elements) for use with htmLawed, one should bear in mind that the setting may let through potentially <em>dangerous</em> HTML code. (This may not be a problem if the authors are trusted.)<br /> +  When setting the parameters/arguments (like those to allow certain HTML elements) for use with htmLawed, one should bear in mind that the setting may let through potentially <em>dangerous</em> HTML code which is meant to steal user-data, deface a website, render a page non-functional, etc.<br /> <br /> -  For example, following increase security risks:<br /> +  Unless end-users, either people or software, supplying the content are completely trusted, security issues arising from the degree of HTML usage permission has to be kept in mind. For example, following increase security risks:<br /> <br />   *  Allowing <span class="term">script</span>, <span class="term">applet</span>, <span class="term">embed</span>, <span class="term">iframe</span> or <span class="term">object</span> elements, or certain of their attributes like <span class="term">allowscriptaccess</span><br /> <br /> @@ -575,7 +617,13 @@ A PHP Labware internal utility - <a href="http://www.bioinformatics.org/phpl <br />   *  Allowing dynamic CSS expressions (a feature of the IE browser)<br /> <br /> -  <em>Unsafe</em> HTML can be removed by setting <span class="term">$config</span> appropriately. E.g., <span class="term">$config["elements"] = "* -script"</span> (<a href="#s3.3">section 3.3</a>), <span class="term">$config["safe"] = 1</span> (<a href="#s3.6">section 3.6</a>), etc.<br /> +  *  Allowing the <span class="term">style</span> attribute<br /> +<br /> +  To remove <em>unsecure</em> HTML, code-developers using htmLawed must set <span class="term">$config</span> appropriately. E.g., <span class="term">$config["elements"] = "* -script"</span> to deny the <span class="term">script</span> element (<a href="#s3.3">section 3.3</a>), <span class="term">$config["safe"] = 1</span> to auto-configure ceratin htmLawed parameters for maximizing security (<a href="#s3.6">section 3.6</a>), etc.<br /> +<br /> +  Permitting the <span class="term">*style*</span> attribute brings in risks of <em>click-jacking</em>, <em>phishing</em>, web-page overlays, etc., <em>even</em> when the <span class="term">safe</span> parameter is enabled (see <a href="#s3.6">section 3.6</a>). Except for URLs and a few other things like CSS dynamic expressions, htmLawed currently does not check every CSS style property. It does provide ways for the code-developer implementing htmLawed to do such checks through htmLawed's <span class="term">$spec</span> argument, and through the <span class="term">hook_tag</span> parameter (see <a href="#s3.4.8">section 3.4.8</a> for more). Disallowing <span class="term">style</span> completely and relying on CSS classes and stylesheet files is recommended.<br /> +<br /> +  htmLawed does not check or correct the character <strong>encoding</strong> of the input it receives. In conjunction with permitting circumstances such as when the character encoding is left undefined through HTTP headers or HTML <span class="term">meta</span> tags, this can permit an exploit (like Google's UTF-7/XSS vulnerability of the past).<br /> </div> <div class="sub-section"><h3> @@ -722,6 +770,8 @@ A PHP Labware internal utility - <a href="http://www.bioinformatics.org/phpl <br />   *  Because of poor Unicode support in PHP, htmLawed does not remove the <em>high value</em> HTML-invalid characters with multi-byte code-points. Such characters however are extremely unlikely to be in the input. (see <a href="#s3.1">section 3.1</a>).<br /> <br /> +  *  htmLawed does not check or correct the character encoding of the input it receives. In conjunction with permitting circumstances such as when the character encoding is left undefined through HTTP headers or HTML <span class="term">meta</span> tags, this can permit an exploit (like Google's UTF-7/XSS vulnerability of the past).<br /> +<br />   *  Like any script using PHP's PCRE regex functions, PHP setup-specific low PCRE limit values can cause htmLawed to at least partially fail with very long input texts.<br /> </div> @@ -1162,6 +1212,8 @@ A PHP Labware internal utility - <a href="http://www.bioinformatics.org/phpl   In some cases, the specs stipulate the number and/or the ordering of the child elements. A <span class="term">table</span> can have 0 or 1 <span class="term">caption</span>, <span class="term">tbody</span>, <span class="term">tfoot</span>, and <span class="term">thead</span>, but they must be in this order: <span class="term">caption</span>, <span class="term">thead</span>, <span class="term">tfoot</span>, <span class="term">tbody</span>.<br /> <br />   htmLawed currently does not check for conformance to these rules. Note that any non-compliance in this regard will not introduce security vulnerabilities, crash browser applications, or affect the rendering of web-pages.<br /> +<br /> +  With <span class="term">$config["direct_list_nest"]</span> set to <span class="term">1</span>, htmLawed will allow direct nesting of an <span class="term">ol</span> or <span class="term">ul</span> list within another <span class="term">ol</span> or <span class="term">ul</span> without requiring the child list to be within an <span class="term">li</span> of the parent list. While this is not standard-compliant, directly nested lists are rendered properly by almost all browsers. The parameter <span class="term">$config["direct_list_nest"]</span> has no effect if tag-balancing (<a href="#s3.3.3">section 3.3.3</a>) is turned off.<br /> </div> <div class="sub-section"><h3> @@ -1271,6 +1323,8 @@ A PHP Labware internal utility - <a href="http://www.bioinformatics.org/phpl <br />   As a side-note, one may find <span class="term">style: *</span> useful as URLs in <span class="term">style</span> attributes can be specified in a variety of ways, and the patterns that htmLawed uses to identify URLs may mistakenly identify non-URL text.<br /> <br /> +  <span class="term">!</span> can be put in the list of schemes to disallow all protocols as well as <em>local</em> URLs. Thus, with <span class="term">href: http, style: !</span>, '<a href="http://cnn.com" style="background-image: url('local.jpg');">CNN</a>' will become '<a href="http://cnn.com" style="background-image: url('denied:local.jpg');">CNN</a>'.<br /> +<br />   <strong>Note</strong>: If URL-accepting attributes other than those listed above are being allowed, then the scheme will not be checked unless the attribute name contains the string <span class="term">src</span> (e.g., <span class="term">dynsrc</span>) or starts with <span class="term">o</span> (e.g., <span class="term">onbeforecopy</span>).<br /> <br />   With <span class="term">$config["safe"] = 1</span>, all URLs are disallowed in the <span class="term">style</span> attribute values.<br /> @@ -1488,7 +1542,7 @@ A PHP Labware internal utility - <a href="http://www.bioinformatics.org/phpl <a name="s3.4.8" id="s3.4.8"></a><span class="item-no">3.4.8</span>  Inline style properties </h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" /> <br /> -  htmLawed can check URL schemes and dynamic expressions (to guard against Javascript, etc., script-based insecurities) in inline CSS style property values in the <span class="term">style</span> attributes. (CSS properties like <span class="term">background-image</span> that accept URLs in their values are noted in <a href="#s5.3">section 5.3</a>.) Dynamic CSS expressions that allow scripting in the IE browser, and can be a vulnerability, can be removed from property values by setting <span class="term">$config["css_expression"]</span> to <span class="term">1</span> (default setting).<br /> +  htmLawed can check URL schemes and dynamic expressions (to guard against Javascript, etc., script-based insecurities) in inline CSS style property values in the <span class="term">style</span> attributes. (CSS properties like <span class="term">background-image</span> that accept URLs in their values are noted in <a href="#s5.3">section 5.3</a>.) Dynamic CSS expressions that allow scripting in the IE browser, and can be a vulnerability, can be removed from property values by setting <span class="term">$config["css_expression"]</span> to <span class="term">1</span> (default setting). Note that when <span class="term">$config["css_expression"]</span> is set to <span class="term">1</span>, htmLawed will remove <span class="term">/*</span> from the <span class="term">style</span> values.<br /> <br />   <strong>Note</strong>: Because of the various ways of representing characters in attribute values (URL-escapement, entitification, etc.), htmLawed might alter the values of the <span class="term">style</span> attribute values, and may even falsely identify dynamic CSS expressions and URL schemes in them. If this is an important issue, checking of URLs and dynamic expressions can be turned off (<span class="term">$config["schemes"] = "...style:*..."</span>, see <a href="#s3.4.3">section 3.4.3</a>, and <span class="term">$config["css_expression"] = 0</span>). Alternately, admins can use their own custom function for finer handling of <span class="term">style</span> values through the <span class="term">hook_tag</span> parameter (see <a href="#s3.4.9">section 3.4.9</a>).<br /> <br /> @@ -1503,14 +1557,30 @@ A PHP Labware internal utility - <a href="http://www.bioinformatics.org/phpl <br />   It is possible to utilize a custom hook function to alter the tag content htmLawed has finalized (i.e., after it has checked/corrected for required attributes, transformed attributes, lower-cased attribute names, etc.).<br /> <br /> -  When <span class="term">$config</span> parameter <span class="term">hook_tag</span> is set to the name of a function, htmLawed (function <span class="term">hl_tag()</span>) will pass on the element name, and the <em>finalized</em> attribute name-value pairs as array elements to the function. The function is expected to return the full opening tag string like <span class="term"><element_name attribute_1_name="attribute_1_value"...></span> (for empty elements like <span class="term">img</span> and <span class="term">input</span>, the element-closing slash <span class="term">/</span> should also be included).<br /> +  When <span class="term">$config</span> parameter <span class="term">hook_tag</span> is set to the name of a function, htmLawed (function <span class="term">hl_tag()</span>) will pass on the element name, and, in the case of an opening tag, the <em>finalized</em> attribute name-value pairs as array elements to the function. The function, after completing a task such as filtering or tag transformation, will typically return an empty string, the full opening tag string like <span class="term"><element_name attribute_1_name="attribute_1_value"...></span> (for empty elements like <span class="term">img</span> and <span class="term">input</span>, the element-closing slash <span class="term">/</span> should also be included), etc.<br /> +<br /> +  Any <span class="term">hook_tag</span> function, since htmLawed version 1.1.11, also receives names of elements in closing tags, such as <span class="term">a</span> in the closing <span class="term"></a></span> tag of the element <span class="term"><a href="http://cnn.com">CNN</a></span>. Unlike for opening tags, no other value (i.e., the attribute name-value array) is passed to the function since a closing tag contains only element names. Typically, the function will return an empty string or a full closing tag (like <span class="term"></a></span>).<br /> <br />   This is a <strong>powerful functionality</strong> that can be exploited for various objectives: consolidate-and-convert inline <span class="term">style</span> attributes to <span class="term">class</span>, convert <span class="term">embed</span> elements to <span class="term">object</span>, permit only one <span class="term">caption</span> element in a <span class="term">table</span> element, disallow embedding of certain types of media, <strong>inject HTML</strong>, use <a href="http://csstidy.sourceforge.net">CSSTidy</a> to sanitize <span class="term">style</span> attribute values, etc.<br /> <br />   As an example, the custom hook code below can be used to force a series of specifically ordered <span class="term">id</span> attributes on all elements, and a specific <span class="term">param</span> element inside all <span class="term">object</span> elements:<br /> <br /> -<code class="code">    function my_tag_function($element, $attribute_array){</code> +<code class="code">    function my_tag_function($element, $attribute_array=0){</code> +<br /> +<br /> + +<code class="code">      // If second argument is not received, it means a closing tag is being handled</code> +<br /> + +<code class="code">      if(is_numeric($attribute_array)){</code> +<br /> + +<code class="code">        return "</$element>";</code> +<br /> + +<code class="code">      }</code> +<br /> <br /> <code class="code">      static $id = 0;</code> @@ -1570,6 +1640,11 @@ A PHP Labware internal utility - <a href="http://www.bioinformatics.org/phpl <code class="code">      }</code> <br /> +<br /> + +<code class="code">      static $empty_elements = array('area'=>1, 'br'=>1, 'col'=>1, 'embed'=>1, 'hr'=>1, 'img'=>1, 'input'=>1, 'isindex'=>1, 'param'=>1);</code> +<br /> +<br /> <code class="code">      return "<{$element}{$string}". (isset($in_array($element, $empty_elements) ? ' /' : ''). '>'. $new_element;</code> <br /> @@ -1598,7 +1673,7 @@ A PHP Labware internal utility - <a href="http://www.bioinformatics.org/phpl <br />   htmLawed allows an admin to use <span class="term">$config["safe"]</span> to auto-adjust multiple <span class="term">$config</span> parameters (such as <span class="term">elements</span> which declares the allowed element-set), which otherwise would have to be manually set. The relevant parameters are indicated by <span class="term">"</span> in <a href="#s2.2">section 2.2</a>). Thus, one can pass the <span class="term">$config</span> argument with a simpler value.<br /> <br /> -  With the value of <span class="term">1</span>, htmLawed considers <span class="term">CDATA</span> sections and HTML comments as plain text, and prohibits the <span class="term">applet</span>, <span class="term">embed</span>, <span class="term">iframe</span>, <span class="term">object</span> and <span class="term">script</span> elements, and the <span class="term">on*</span> attributes like <span class="term">onclick</span>. ( There are <span class="term">$config</span> parameters like <span class="term">css_expression</span> that are not affected by the value set for <span class="term">safe</span> but whose default values still contribute towards a more <em>safe</em> output.) Further, URLs with schemes (see <a href="#s3.4.3">section 3.4.3</a>) are neutralized so that, e.g., <span class="term">style="moz-binding:url(http://danger)"</span> becomes <span class="term">style="moz-binding:url(denied:http://danger)"</span> while <span class="term">style="moz-binding:url(ok)"</span> remains intact.<br /> +  With the value of <span class="term">1</span>, htmLawed considers <span class="term">CDATA</span> sections and HTML comments as plain text, and prohibits the <span class="term">applet</span>, <span class="term">embed</span>, <span class="term">iframe</span>, <span class="term">object</span> and <span class="term">script</span> elements, and the <span class="term">on*</span> attributes like <span class="term">onclick</span>. ( There are <span class="term">$config</span> parameters like <span class="term">css_expression</span> that are not affected by the value set for <span class="term">safe</span> but whose default values still contribute towards a more <em>safe</em> output.) Further, URLs with schemes (see <a href="#s3.4.3">section 3.4.3</a>) are neutralized so that, e.g., <span class="term">style="moz-binding:url(http://danger)"</span> becomes <span class="term">style="moz-binding:url(denied:http://danger)"</span>.<br /> <br />   Admins, however, may still want to completely deny the <span class="term">style</span> attribute, e.g., with code like<br /> <br /> @@ -1606,6 +1681,8 @@ A PHP Labware internal utility - <a href="http://www.bioinformatics.org/phpl <code class="code">    $processed = htmLawed($text, array('safe'=>1, 'deny_attribute'=>'style'));</code> <br /> <br /> +  Permitting the <span class="term">style</span> attribute brings in risks of <em>click-jacking</em>, etc. CSS property values can render a page non-functional or be used to deface it. Except for URLs, dynamic expressions, and some other things, htmLawed does not completely check <span class="term">style</span> values. It does provide ways for the code-developer implementing htmLawed to do such checks through the <span class="term">$spec</span> argument, and through the <span class="term">hook_tag</span> parameter (see <a href="#s3.4.8">section 3.4.8</a> for more). Disallowing style completely and relying on CSS classes and stylesheet files is recommended.<br /> +<br />   If a value for a parameter auto-set through <span class="term">safe</span> is still manually provided, then that value can over-ride the auto-set value. E.g., with <span class="term">$config["safe"] = 1</span> and <span class="term">$config["elements"] = "*+script"</span>, <span class="term">script</span>, but not <span class="term">applet</span>, is allowed.<br /> <br />   A page illustrating the efficacy of htmLawed's anti-XSS abilities with <span class="term">safe</span> set to <span class="term">1</span> against XSS vectors listed by <a href="http://ha.ckers.org/xss.html">RSnake</a> may be available <a href="http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed/rsnake/RSnakeXSSTest.htm">here</a>.<br /> @@ -1688,6 +1765,20 @@ A PHP Labware internal utility - <a href="http://www.bioinformatics.org/phpl <br />   <em>Version number - Release date. Notes</em><br /> <br /> +  1.1.11 - 5 June 2012. Fix for possible problem with handling of multi-byte characters in attribute values in an mbstring.func_overload enviroment. <span class="term">$config["hook_tag"]</span>, if specified, now receives names of elements in closing tags.<br /> +<br /> +  1.1.10 - 22 October 2011. Fix for a bug in the <span class="term">tidy</span> functionality that caused the entire input to be replaced with a single space; new parameter, <span class="term">$config["direct_list_nest"]</span> to allow direct descendance of a list in a list. (5 April 2012. Dual licensing from LGPLv3 to LGPLv3 and GPLv2+.)<br /> +<br /> +  1.1.9.5 - 6 July 2011. Minor correction of a rule for nesting of <span class="term">li</span> within <span class="term">dir</span><br /> +<br /> +  1.1.9.4 - 3 July 2010. Parameter <span class="term">schemes</span> now accepts <span class="term">!</span> so any URL, even a local one, can be <em>denied</em>. An issue in which a second URL value in <span class="term">style</span> properties was not checked was fixed.<br /> +<br /> +  1.1.9.3 - 17 May 2010. Checks for correct nesting of <span class="term">param</span><br /> +<br /> +  1.1.9.2 - 26 April 2010. Minor fix regarding rendering of denied URL schemes<br /> +<br /> +  1.1.9.1 - 26 February 2010. htmLawed now uses the LGPL version 3 license; support for <span class="term">flashvars</span> attribute for <span class="term">embed</span><br /> +<br />   1.1.9 - 22 December 2009. Soft-hyphens are now removed only from URL-accepting attribute values<br /> <br />   1.1.8.1 - 16 July 2009. Minor code-change to fix a PHP error notice<br /> @@ -1738,6 +1829,10 @@ A PHP Labware internal utility - <a href="http://www.bioinformatics.org/phpl <br />   Upgrading is as simple as replacing the previous version of <span class="term">htmLawed.php</span> (assuming it was not modified for customized features). As htmLawed output is almost always used in static documents, upgrading should not affect old, finalized content.<br /> <br /> +  <strong>Important</strong>  The following upgrades may affect the functionality of a specific htmLawed as indicated by their corresponding notes:<br /> +<br /> +  (1) From version 1.1-1.1.10 to 1.1.11, if a <span class="term">hook_tag</span> function is in use: In version 1.1.11, elements in closing tags (and not just the opening tags) are also passed to the function. There are no attribute names/values to pass, so a <span class="term">hook_tag</span> function receives only the element name. The <span class="term">hook_tag</span> function therefore may have to be edited. See <a href="#s3.4.9">section 3.4.9</a>.<br /> +<br />   Old versions of htmLawed may be available online. E.g., for version 1.0, check <a href="http://www.bioinformatics.org/phplabware/downloads/htmLawed1.zip">http://www.bioinformatics.org/phplabware/downloads/htmLawed1.zip</a>, for 1.1.1, htmLawed111.zip, and for 1.1.10, htmLawed1110.zip.<br /> </div> @@ -1789,7 +1884,7 @@ A PHP Labware internal utility - <a href="http://www.bioinformatics.org/phpl <a name="s4.10" id="s4.10"></a><span class="item-no">4.10</span>  Acknowledgements </h3><span class="totop"><a href="#peak">(to top)</a></span><br style="clear: both;" /> <br /> -  Bryan Blakey, Ulf Harnhammer, Gareth Heyes, Lukasz Pilorz, Shelley Powers, Edward Yang, and many anonymous users.<br /> +  Nicholas Alipaz, Bryan Blakey, Pádraic Brady, Ulf Harnhammer, Gareth Heyes, Klaus Leithoff, Lukasz Pilorz, Shelley Powers, Edward Yang, and many anonymous users.<br /> <br />   Thank you!<br /> @@ -1856,6 +1951,7 @@ A PHP Labware internal utility - <a href="http://www.bioinformatics.org/phpl   disabled - button, input, optgroup, option, select, textarea<br />   enctype - form<br />   face - font<br /> +  flashvars* - embed<br />   for - label<br />   frame - table<br />   frameborder - iframe<br /> @@ -2057,7 +2153,7 @@ A PHP Labware internal utility - <a href="http://www.bioinformatics.org/phpl </div> </div> <br /> -<hr /><br /><br /><span class="subtle"><small>HTM version of <em><a href="htmLawed_README.txt">htmLawed_README.txt</a></em> generated on 22 Dec, 2009 using <a href="http://www.bioinformatics.org/phplabware/internal_utilities">rTxt2htm</a> from PHP Labware</small></span> +<hr /><br /><br /><span class="subtle"><small>HTM version of <em><a href="htmLawed_README.txt">htmLawed_README.txt</a></em> generated on 06 Jun, 2012 using <a href="http://www.bioinformatics.org/phplabware/internal_utilities">rTxt2htm</a> from PHP Labware</small></span> </div><!-- ended div body --> </div><!-- ended div top --> </body> diff --git a/mod/htmlawed/vendors/htmLawed/htmLawed_README.txt b/mod/htmlawed/vendors/htmLawed/htmLawed_README.txt index 48a67009b..e4027e465 100644..100755 --- a/mod/htmlawed/vendors/htmLawed/htmLawed_README.txt +++ b/mod/htmlawed/vendors/htmLawed/htmLawed_README.txt @@ -1,8 +1,8 @@ /* -htmLawed_README.txt, 22 December 2009 -htmLawed 1.1.9, 22 December 2009 +htmLawed_README.txt, 8 June 2012 +htmLawed 1.1.11, 5 June 2012 Copyright Santosh Patnaik -GPL v3 license +Dual licensed with LGPL 3 and GPL 2 or later A PHP Labware internal utility - http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed */ @@ -171,7 +171,7 @@ A PHP Labware internal utility - http://www.bioinformatics.org/phplabware/intern -- 1.4 License & copyright ----------------------------------------o - htmLawed is free and open-source software licensed under GPL license version 3:- http://www.gnu.org/licenses/gpl-3.0.txt, and copyrighted by Santosh Patnaik, MD, PhD. + htmLawed is free and open-source software dual licensed under LGPL license version 3:- http://www.gnu.org/licenses/lgpl-3.0.txt and GPL license version 2:- http://www.gnu.org/licenses/gpl-2.0.txt or later, and copyrighted by Santosh Patnaik, MD, PhD. -- 1.5 Terms used here --------------------------------------------o @@ -200,9 +200,11 @@ A PHP Labware internal utility - http://www.bioinformatics.org/phplabware/intern == 2 Usage ========================================================oo - htmLawed should work with PHP 4.3 and higher. Either 'include()' the 'htmLawed.php' file or copy-paste the entire code. + htmLawed should work with PHP 4.4 and higher. Either 'include()' the 'htmLawed.php' file or copy-paste the entire code. To easily *test* htmLawed using a form-based interface, use the provided demo:- htmLawedTest.php ('htmLawed.php' and 'htmLawedTest.php' should be in the same directory on the web-server). + + *Note*: For code for usage of the htmLawed class (for htmLawed in OOP), please refer to the htmLawed:- http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed website; the filtering itself can be configured, etc., as described here. -- 2.1 Simple ------------------------------------------------------ @@ -305,6 +307,12 @@ A PHP Labware internal utility - http://www.bioinformatics.org/phplabware/intern '0' - none * 'string' - dictated by values in 'string' 'on*' (like 'onfocus') attributes not allowed - " + + *direct_nest_list* + Allow direct nesting of a list within another without requiring it to be a list item; see section:- #3.3.4 + + '0' - no * + '1' - yes *elements* Allowed HTML elements; see section:- #3.3 @@ -376,11 +384,11 @@ A PHP Labware internal utility - http://www.bioinformatics.org/phplabware/intern '1' - will auto-adjust other relevant '$config' parameters (indicated by '"' in this list) *schemes* - Array of attribute-specific, comma-separated, lower-cased list of schemes (protocols) allowed in attributes accepting URLs; '*' covers all unspecified attributes; see section:- #3.4.3 + Array of attribute-specific, comma-separated, lower-cased list of schemes (protocols) allowed in attributes accepting URLs (or '!' to `deny` any URL); '*' covers all unspecified attributes; see section:- #3.4.3 'href: aim, feed, file, ftp, gopher, http, https, irc, mailto, news, nntp, sftp, ssh, telnet; *:file, http, https' * '*: ftp, gopher, http, https, mailto, news, nntp, telnet' ^ - 'href: aim, feed, file, ftp, gopher, http, https, irc, mailto, news, nntp, sftp, ssh, telnet; style: nil; *:file, http, https' " + 'href: aim, feed, file, ftp, gopher, http, https, irc, mailto, news, nntp, sftp, ssh, telnet; style: !; *:file, http, https' " *show_setting* Name of a PHP variable to assign the `finalized` '$config' and '$spec' values; see section:- #3.8 @@ -469,7 +477,7 @@ A PHP Labware internal utility - http://www.bioinformatics.org/phplabware/intern `Rule`: 'input=title(), value(maxval=8/default=6)' `Output`: '<input title="WIDTH" value="6" /><input title="length" value="5" />' - `Rule`: 'input=title(nomatch=$w.d$i), value(match=$em$/default=6em)' + `Rule`: 'input=title(nomatch=%w.d%i), value(match=%em%/default=6em)' `Output`: '<input value="10em" /><input title="length" value="6em" />' `Rule`: 'input=title(oneof=height|depth/default=depth), value(noneof=5|6)' @@ -491,17 +499,23 @@ A PHP Labware internal utility - http://www.bioinformatics.org/phplabware/intern -- 2.5 Some security risks to keep in mind ------------------------o - When setting the parameters/arguments (like those to allow certain HTML elements) for use with htmLawed, one should bear in mind that the setting may let through potentially `dangerous` HTML code. (This may not be a problem if the authors are trusted.) + When setting the parameters/arguments (like those to allow certain HTML elements) for use with htmLawed, one should bear in mind that the setting may let through potentially `dangerous` HTML code which is meant to steal user-data, deface a website, render a page non-functional, etc. - For example, following increase security risks: + Unless end-users, either people or software, supplying the content are completely trusted, security issues arising from the degree of HTML usage permission has to be kept in mind. For example, following increase security risks: * Allowing 'script', 'applet', 'embed', 'iframe' or 'object' elements, or certain of their attributes like 'allowscriptaccess' * Allowing HTML comments (some Internet Explorer versions are vulnerable with, e.g., '<!--[if gte IE 4]><script>alert("xss");</script><![endif]-->' * Allowing dynamic CSS expressions (a feature of the IE browser) + + * Allowing the 'style' attribute - `Unsafe` HTML can be removed by setting '$config' appropriately. E.g., '$config["elements"] = "* -script"' (section:- #3.3), '$config["safe"] = 1' (section:- #3.6), etc. + To remove `unsecure` HTML, code-developers using htmLawed must set '$config' appropriately. E.g., '$config["elements"] = "* -script"' to deny the 'script' element (section:- #3.3), '$config["safe"] = 1' to auto-configure ceratin htmLawed parameters for maximizing security (section:- #3.6), etc. + + Permitting the '*style*' attribute brings in risks of `click-jacking`, `phishing`, web-page overlays, etc., `even` when the 'safe' parameter is enabled (see section:- #3.6). Except for URLs and a few other things like CSS dynamic expressions, htmLawed currently does not check every CSS style property. It does provide ways for the code-developer implementing htmLawed to do such checks through htmLawed's '$spec' argument, and through the 'hook_tag' parameter (see section:- #3.4.8 for more). Disallowing 'style' completely and relying on CSS classes and stylesheet files is recommended. + + htmLawed does not check or correct the character *encoding* of the input it receives. In conjunction with permitting circumstances such as when the character encoding is left undefined through HTTP headers or HTML 'meta' tags, this can permit an exploit (like Google's UTF-7/XSS vulnerability of the past). -- 2.6 Use without modifying old 'kses()' code --------------------o @@ -614,6 +628,8 @@ A PHP Labware internal utility - http://www.bioinformatics.org/phplabware/intern * htmLawed does not correct certain possible attribute-based security vulnerabilities (e.g., '<a href="http://x%22+style=%22background-image:xss">x</a>'). These arise when browsers mis-identify markup in `escaped` text, defeating the very purpose of escaping text (a bad browser will read the given example as '<a href="http://x" style="background-image:xss">x</a>'). * Because of poor Unicode support in PHP, htmLawed does not remove the `high value` HTML-invalid characters with multi-byte code-points. Such characters however are extremely unlikely to be in the input. (see section:- #3.1). + + * htmLawed does not check or correct the character encoding of the input it receives. In conjunction with permitting circumstances such as when the character encoding is left undefined through HTTP headers or HTML 'meta' tags, this can permit an exploit (like Google's UTF-7/XSS vulnerability of the past). * Like any script using PHP's PCRE regex functions, PHP setup-specific low PCRE limit values can cause htmLawed to at least partially fail with very long input texts. @@ -925,6 +941,8 @@ A PHP Labware internal utility - http://www.bioinformatics.org/phplabware/intern In some cases, the specs stipulate the number and/or the ordering of the child elements. A 'table' can have 0 or 1 'caption', 'tbody', 'tfoot', and 'thead', but they must be in this order: 'caption', 'thead', 'tfoot', 'tbody'. htmLawed currently does not check for conformance to these rules. Note that any non-compliance in this regard will not introduce security vulnerabilities, crash browser applications, or affect the rendering of web-pages. + + With '$config["direct_list_nest"]' set to '1', htmLawed will allow direct nesting of an 'ol' or 'ul' list within another 'ol' or 'ul' without requiring the child list to be within an 'li' of the parent list. While this is not standard-compliant, directly nested lists are rendered properly by almost all browsers. The parameter '$config["direct_list_nest"]' has no effect if tag-balancing (section:- #3.3.3) is turned off. -- 3.3.5 Beautify or compact HTML ---------------------------------o @@ -1020,6 +1038,8 @@ A PHP Labware internal utility - http://www.bioinformatics.org/phplabware/intern Thus, `to allow Javascript`, one can set '$config["schemes"]' as 'href: mailto, http, https; *: http, https, javascript', or 'href: mailto, http, https, javascript; *: http, https, javascript', or '*: *', and so on. As a side-note, one may find 'style: *' useful as URLs in 'style' attributes can be specified in a variety of ways, and the patterns that htmLawed uses to identify URLs may mistakenly identify non-URL text. + + '!' can be put in the list of schemes to disallow all protocols as well as `local` URLs. Thus, with 'href: http, style: !', '<a href="http://cnn.com" style="background-image: url('local.jpg');">CNN</a>' will become '<a href="http://cnn.com" style="background-image: url('denied:local.jpg');">CNN</a>'. *Note*: If URL-accepting attributes other than those listed above are being allowed, then the scheme will not be checked unless the attribute name contains the string 'src' (e.g., 'dynsrc') or starts with 'o' (e.g., 'onbeforecopy'). @@ -1149,7 +1169,7 @@ A PHP Labware internal utility - http://www.bioinformatics.org/phplabware/intern -- 3.4.8 Inline style properties ----------------------------------o - htmLawed can check URL schemes and dynamic expressions (to guard against Javascript, etc., script-based insecurities) in inline CSS style property values in the 'style' attributes. (CSS properties like 'background-image' that accept URLs in their values are noted in section:- #5.3.) Dynamic CSS expressions that allow scripting in the IE browser, and can be a vulnerability, can be removed from property values by setting '$config["css_expression"]' to '1' (default setting). + htmLawed can check URL schemes and dynamic expressions (to guard against Javascript, etc., script-based insecurities) in inline CSS style property values in the 'style' attributes. (CSS properties like 'background-image' that accept URLs in their values are noted in section:- #5.3.) Dynamic CSS expressions that allow scripting in the IE browser, and can be a vulnerability, can be removed from property values by setting '$config["css_expression"]' to '1' (default setting). Note that when '$config["css_expression"]' is set to '1', htmLawed will remove '/*' from the 'style' values. *Note*: Because of the various ways of representing characters in attribute values (URL-escapement, entitification, etc.), htmLawed might alter the values of the 'style' attribute values, and may even falsely identify dynamic CSS expressions and URL schemes in them. If this is an important issue, checking of URLs and dynamic expressions can be turned off ('$config["schemes"] = "...style:*..."', see section:- #3.4.3, and '$config["css_expression"] = 0'). Alternately, admins can use their own custom function for finer handling of 'style' values through the 'hook_tag' parameter (see section:- #3.4.9). @@ -1163,13 +1183,21 @@ A PHP Labware internal utility - http://www.bioinformatics.org/phplabware/intern It is possible to utilize a custom hook function to alter the tag content htmLawed has finalized (i.e., after it has checked/corrected for required attributes, transformed attributes, lower-cased attribute names, etc.). - When '$config' parameter 'hook_tag' is set to the name of a function, htmLawed (function 'hl_tag()') will pass on the element name, and the `finalized` attribute name-value pairs as array elements to the function. The function is expected to return the full opening tag string like '<element_name attribute_1_name="attribute_1_value"...>' (for empty elements like 'img' and 'input', the element-closing slash '/' should also be included). + When '$config' parameter 'hook_tag' is set to the name of a function, htmLawed (function 'hl_tag()') will pass on the element name, and, in the case of an opening tag, the `finalized` attribute name-value pairs as array elements to the function. The function, after completing a task such as filtering or tag transformation, will typically return an empty string, the full opening tag string like '<element_name attribute_1_name="attribute_1_value"...>' (for empty elements like 'img' and 'input', the element-closing slash '/' should also be included), etc. + + Any 'hook_tag' function, since htmLawed version 1.1.11, also receives names of elements in closing tags, such as 'a' in the closing '</a>' tag of the element '<a href="http://cnn.com">CNN</a>'. Unlike for opening tags, no other value (i.e., the attribute name-value array) is passed to the function since a closing tag contains only element names. Typically, the function will return an empty string or a full closing tag (like '</a>'). This is a *powerful functionality* that can be exploited for various objectives: consolidate-and-convert inline 'style' attributes to 'class', convert 'embed' elements to 'object', permit only one 'caption' element in a 'table' element, disallow embedding of certain types of media, *inject HTML*, use CSSTidy:- http://csstidy.sourceforge.net to sanitize 'style' attribute values, etc. As an example, the custom hook code below can be used to force a series of specifically ordered 'id' attributes on all elements, and a specific 'param' element inside all 'object' elements: - function my_tag_function($element, $attribute_array){ + function my_tag_function($element, $attribute_array=0){ + + // If second argument is not received, it means a closing tag is being handled + if(is_numeric($attribute_array)){ + return "</$element>"; + } + static $id = 0; // Remove any duplicate element if($element == 'param' && isset($attribute_array['allowscriptaccess'])){ @@ -1192,6 +1220,9 @@ A PHP Labware internal utility - http://www.bioinformatics.org/phplabware/intern foreach($attribute_array as $k=>$v){ $string .= " {$k}=\"{$v}\""; } + + static $empty_elements = array('area'=>1, 'br'=>1, 'col'=>1, 'embed'=>1, 'hr'=>1, 'img'=>1, 'input'=>1, 'isindex'=>1, 'param'=>1); + return "<{$element}{$string}". (isset($in_array($element, $empty_elements) ? ' /' : ''). '>'. $new_element; } @@ -1213,12 +1244,14 @@ A PHP Labware internal utility - http://www.bioinformatics.org/phplabware/intern htmLawed allows an admin to use '$config["safe"]' to auto-adjust multiple '$config' parameters (such as 'elements' which declares the allowed element-set), which otherwise would have to be manually set. The relevant parameters are indicated by '"' in section:- #2.2). Thus, one can pass the '$config' argument with a simpler value. - With the value of '1', htmLawed considers 'CDATA' sections and HTML comments as plain text, and prohibits the 'applet', 'embed', 'iframe', 'object' and 'script' elements, and the 'on*' attributes like 'onclick'. ( There are '$config' parameters like 'css_expression' that are not affected by the value set for 'safe' but whose default values still contribute towards a more `safe` output.) Further, URLs with schemes (see section:- #3.4.3) are neutralized so that, e.g., 'style="moz-binding:url(http://danger)"' becomes 'style="moz-binding:url(denied:http://danger)"' while 'style="moz-binding:url(ok)"' remains intact. + With the value of '1', htmLawed considers 'CDATA' sections and HTML comments as plain text, and prohibits the 'applet', 'embed', 'iframe', 'object' and 'script' elements, and the 'on*' attributes like 'onclick'. ( There are '$config' parameters like 'css_expression' that are not affected by the value set for 'safe' but whose default values still contribute towards a more `safe` output.) Further, URLs with schemes (see section:- #3.4.3) are neutralized so that, e.g., 'style="moz-binding:url(http://danger)"' becomes 'style="moz-binding:url(denied:http://danger)"'. Admins, however, may still want to completely deny the 'style' attribute, e.g., with code like $processed = htmLawed($text, array('safe'=>1, 'deny_attribute'=>'style')); + Permitting the 'style' attribute brings in risks of `click-jacking`, etc. CSS property values can render a page non-functional or be used to deface it. Except for URLs, dynamic expressions, and some other things, htmLawed does not completely check 'style' values. It does provide ways for the code-developer implementing htmLawed to do such checks through the '$spec' argument, and through the 'hook_tag' parameter (see section:- #3.4.8 for more). Disallowing style completely and relying on CSS classes and stylesheet files is recommended. + If a value for a parameter auto-set through 'safe' is still manually provided, then that value can over-ride the auto-set value. E.g., with '$config["safe"] = 1' and '$config["elements"] = "*+script"', 'script', but not 'applet', is allowed. A page illustrating the efficacy of htmLawed's anti-XSS abilities with 'safe' set to '1' against XSS vectors listed by RSnake:- http://ha.ckers.org/xss.html may be available here:- http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed/rsnake/RSnakeXSSTest.htm. @@ -1288,6 +1321,20 @@ A PHP Labware internal utility - http://www.bioinformatics.org/phplabware/intern `Version number - Release date. Notes` + 1.1.11 - 5 June 2012. Fix for possible problem with handling of multi-byte characters in attribute values in an mbstring.func_overload enviroment. '$config["hook_tag"]', if specified, now receives names of elements in closing tags. + + 1.1.10 - 22 October 2011. Fix for a bug in the 'tidy' functionality that caused the entire input to be replaced with a single space; new parameter, '$config["direct_list_nest"]' to allow direct descendance of a list in a list. (5 April 2012. Dual licensing from LGPLv3 to LGPLv3 and GPLv2+.) + + 1.1.9.5 - 6 July 2011. Minor correction of a rule for nesting of 'li' within 'dir' + + 1.1.9.4 - 3 July 2010. Parameter 'schemes' now accepts '!' so any URL, even a local one, can be `denied`. An issue in which a second URL value in 'style' properties was not checked was fixed. + + 1.1.9.3 - 17 May 2010. Checks for correct nesting of 'param' + + 1.1.9.2 - 26 April 2010. Minor fix regarding rendering of denied URL schemes + + 1.1.9.1 - 26 February 2010. htmLawed now uses the LGPL version 3 license; support for 'flashvars' attribute for 'embed' + 1.1.9 - 22 December 2009. Soft-hyphens are now removed only from URL-accepting attribute values 1.1.8.1 - 16 July 2009. Minor code-change to fix a PHP error notice @@ -1336,6 +1383,10 @@ A PHP Labware internal utility - http://www.bioinformatics.org/phplabware/intern Upgrading is as simple as replacing the previous version of 'htmLawed.php' (assuming it was not modified for customized features). As htmLawed output is almost always used in static documents, upgrading should not affect old, finalized content. + *Important* The following upgrades may affect the functionality of a specific htmLawed as indicated by their corresponding notes: + + (1) From version 1.1-1.1.10 to 1.1.11, if a 'hook_tag' function is in use: In version 1.1.11, elements in closing tags (and not just the opening tags) are also passed to the function. There are no attribute names/values to pass, so a 'hook_tag' function receives only the element name. The 'hook_tag' function therefore may have to be edited. See section:- #3.4.9. + Old versions of htmLawed may be available online. E.g., for version 1.0, check http://www.bioinformatics.org/phplabware/downloads/htmLawed1.zip, for 1.1.1, htmLawed111.zip, and for 1.1.10, htmLawed1110.zip. @@ -1382,7 +1433,7 @@ A PHP Labware internal utility - http://www.bioinformatics.org/phplabware/intern -- 4.10 Acknowledgements ------------------------------------------o - Bryan Blakey, Ulf Harnhammer, Gareth Heyes, Lukasz Pilorz, Shelley Powers, Edward Yang, and many anonymous users. + Nicholas Alipaz, Bryan Blakey, Pádraic Brady, Ulf Harnhammer, Gareth Heyes, Klaus Leithoff, Lukasz Pilorz, Shelley Powers, Edward Yang, and many anonymous users. Thank you! @@ -1446,6 +1497,7 @@ A PHP Labware internal utility - http://www.bioinformatics.org/phplabware/intern disabled - button, input, optgroup, option, select, textarea enctype - form face - font + flashvars* - embed for - label frame - table frameborder - iframe diff --git a/mod/htmlawed/vendors/htmLawed/htmLawed_TESTCASE.txt b/mod/htmlawed/vendors/htmLawed/htmLawed_TESTCASE.txt index ea24b1839..793a5a6a7 100644..100755 --- a/mod/htmlawed/vendors/htmLawed/htmLawed_TESTCASE.txt +++ b/mod/htmlawed/vendors/htmLawed/htmLawed_TESTCASE.txt @@ -1,8 +1,8 @@ /* -htmLawed_TESTCASE.txt, 22 December 2009 -htmLawed 1.1.9, 22 December 2009 +htmLawed_TESTCASE.txt, 22 October 2011 +htmLawed 1.1.11, 5 June 2012 Copyright Santosh Patnaik -GPL v3 license +Dual licensed with LGPL 3 and GPL 2 or later A PHP Labware internal utility - http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed */ @@ -94,6 +94,15 @@ The PHP <s>software</s> script used for this <strike>web-page</strike> webpage i <area href="5" shape="Rect" coords="0,0,118,28"> </map></object> +<param name="name">value</param> + +<object id="obj1"> + <param name="param1"> + <object id="obj2"> + <param name="param2"> + </object> +</object> + <h6>Complex-4: nested and other tables</h6> <table border="1" bgcolor="red"> <tr> <td> Cell </td> <td colspan="2" rowspan="2"> <table border="1" bgcolor="green"> <tr> <td> Cell </td> <td colspan="2" rowspan="2"> </td> </tr> <tr> <td> Cell </td> </tr> <tr> <td> Cell </td> <td> Cell </td> <td> Cell </td> </tr> </table> </td> </tr> <tr> <td> Cell </td> </tr> <tr> <td> Cell </td> <td> Cell </td> <td> Cell </td> </tr> </table><br /> @@ -181,10 +190,13 @@ text <img src="none" alt="none" /> <b>t<em> e <strong> x </strong> t</em></b> <h6>HTML comments (also CDATA)</h6> -Special characters inside: <!-- <![CDATA check ]]> -->, <!-- 3 < 4 > 3.5, & 4 > 4 -->, <!-- che--ck -->, <!--[if !IE]> <--><a>c</a><!--> <![endif]--><br /> -Normal: <!-- check -->, <!--check -->, <em>comment:<!-- check --></em><!-- check -->, <table><!-- check --><tr><td>text not allowed</td></tr></table><br /> -Malformed: <![cdata check ]]>, < ![CDATA check ]]>, < ![CDATA check ] ]><br /> -Invalid: <em <!-- check -->>comment in tag content</em>, <!--check--> +<strong>Script inside:</strong> <!--[if gte IE 4]> +<SCRIPT>alert('XSS');</SCRIPT> +<![endif]--><br /> +<strong>Special characters inside: <!-- <![CDATA check ]]> -->, <!-- 3 < 4 > 3.5, & 4 > 4 -->, <!-- che--ck -->, <!--[if !IE]> <--><a>c</a><!--> <![endif]--><br /> +<strong>Normal:</strong> <!-- check -->, <!--check -->, <em>comment:<!-- check --></em><!-- check -->, <table><!-- check --><tr><td>text not allowed</td></tr></table><br /> +<strong>Malformed:</strong> <![cdata check ]]>, < ![CDATA check ]]>, < ![CDATA check ] ]><br /> +Invalid:</strong> <em <!-- check -->>comment in tag content</em>, <!--check--> <h6>Ins-Del</h6> @@ -224,6 +236,11 @@ Invalid: <em <!-- check -->>comment in tag content</em>, <!--check--> <li>l3</li> <li>l4<ol><li>lo3</li><li>lo4<ol><li>lo5</li></ol></li></ol></li> </ul><br /> +<strong>Nested, directly</strong>: <ul> + <li>l1</li> + <ol>l2</ol> + <li>l3</li> +</ul><br /> <strong>Nested, close-tags omitted</strong>: <ul> <li>l1</li> <li>l2<ol><li>lo1<li>lo2</ol> @@ -242,6 +259,13 @@ Invalid: <em <!-- check -->>comment in tag content</em>, <!--check--> </li></ul> </td></tr></table></li></ol> +<h6>Microdata</h6> + +<div itemscope itemtype="http://data-vocabulary.org/Person"> +I am <span itemprop="name">X</span> but people call me <span itemprop="nickname">Y</span>. +Find me at <a href="http://www.xy.com" itemprop="url">www.xy.com</a> +</div> + <h6>Non-English text-1</h6> Inscrieţi-vă acum la a Zecea Conferinţă Internaţională<br /> @@ -320,7 +344,8 @@ na Alemanha. <strong>Relative and absolute:</strong> <a href="mailto:x"></a>, <a href="http://a.com/b/c/d.f"></a>, <a href="./../d.f"></a>, <a href="./d.f"></a>, <a href="d.f"></a>, <a href="#s"></a>, <a href="./../../d.f#s"></a><br /> (try base URL value of 'http://a.com/b/')<br /> <strong>CSS URLs:</strong> <div style="background-image: url('a.gif');"></div>, <div style="background-image: URL("a.gif");"></div>, <div style="background-image: url('http://a.com/a.gif');"></div>, <div style="background-image: url('./../a.gif');"></div>, <div style="background-image: url('js:xss')"></div><br /> -<strong>Anti-spam:</strong> (try regex for 'http://a.com', etc.) <a href="mailto:x@y.com"></a>, <a href="http://a.com/b@d.f"></a>, <a href="a.com/d.f" rel="nofollow"></a>, <a href="a.com/d.f" rel="1, 2"></a>, <a href="a.com/d.f"></a>, <a href="b.com/d.f"></a>, <a href="c.com/d.f"></a><br /> +<strong>Double URLs:</strong> <a style="behaviour: url(foo) url(http://example.com/xss.htc)">b</a><br /> +<strong>Anti-spam:</strong> (try regex for 'http://a.com', etc.) <a href="mailto:x@y.com"></a>, <a href="http://a.com/b@d.f"></a>, <a href="a.com/d.f" rel="nofollow"></a>, <a href="a.com/d.f" rel="1, 2"></a>, <a href="a.com/d.f"></a>, <a href="b.com/d.f"></a>, <a href="c.com/d.f">, <a href="denied:http://c.com/d.f"></a><br /> <h6>XSS</h6> diff --git a/mod/likes/actions/likes/delete.php b/mod/likes/actions/likes/delete.php index db3036bb4..322d512e8 100644 --- a/mod/likes/actions/likes/delete.php +++ b/mod/likes/actions/likes/delete.php @@ -4,17 +4,27 @@ * */ -$likes = elgg_get_annotations(array( - 'guid' => (int) get_input('guid'), - 'annotation_owner_guid' => elgg_get_logged_in_user_guid(), - 'annotation_name' => 'likes', -)); -if ($likes) { - if ($likes[0]->canEdit()) { - $likes[0]->delete(); - system_message(elgg_echo("likes:deleted")); - forward(REFERER); - } +// Support deleting by id in case we're deleting another user's likes +$id = (int) get_input('id'); + +$like = NULL; +if ($id) { + $like = elgg_get_annotation_from_id($id); +} + +if (!$like) { + $likes = elgg_get_annotations(array( + 'guid' => (int) get_input('guid'), + 'annotation_owner_guid' => elgg_get_logged_in_user_guid(), + 'annotation_name' => 'likes', + )); + $like = $likes[0]; +} + +if ($like && $like->canEdit()) { + $like->delete(); + system_message(elgg_echo("likes:deleted")); + forward(REFERER); } register_error(elgg_echo("likes:notdeleted")); diff --git a/mod/likes/languages/en.php b/mod/likes/languages/en.php index 4a98d7cfe..bdbd2a963 100644 --- a/mod/likes/languages/en.php +++ b/mod/likes/languages/en.php @@ -17,6 +17,7 @@ $english = array( 'likes:userlikedthis' => '%s like', 'likes:userslikedthis' => '%s likes', 'likes:river:annotate' => 'likes', + 'likes:delete:confirm' => 'Are you sure you want to delete this like?', 'river:likes' => 'likes %s %s', diff --git a/mod/likes/views/default/annotation/likes.php b/mod/likes/views/default/annotation/likes.php index d41522fc4..2b5acc520 100644 --- a/mod/likes/views/default/annotation/likes.php +++ b/mod/likes/views/default/annotation/likes.php @@ -29,11 +29,11 @@ $friendlytime = elgg_view_friendly_time($like->time_created); if ($like->canEdit()) { $delete_button = elgg_view("output/confirmlink",array( - 'href' => "action/likes/delete?annotation_id={$like->id}", - 'text' => "<span class=\"elgg-icon elgg-icon-delete float-alt\"></span>", - 'confirm' => elgg_echo('deleteconfirm'), - 'encode_text' => false, - )); + 'href' => "action/likes/delete?id={$like->id}", + 'text' => "<span class=\"elgg-icon elgg-icon-delete float-alt\"></span>", + 'confirm' => elgg_echo('likes:delete:confirm'), + 'encode_text' => false, + )); } $body = <<<HTML diff --git a/mod/logbrowser/languages/en.php b/mod/logbrowser/languages/en.php index f36b4bc6b..b1d2681dd 100644 --- a/mod/logbrowser/languages/en.php +++ b/mod/logbrowser/languages/en.php @@ -23,6 +23,8 @@ $english = array( 'logbrowser:object' => 'Object type', 'logbrowser:object:guid' => 'Object GUID', 'logbrowser:action' => 'Action', + + 'logbrowser:no_result' => 'No results', ); add_translation("en", $english);
\ No newline at end of file diff --git a/mod/logbrowser/views/default/admin/administer_utilities/logbrowser.php b/mod/logbrowser/views/default/admin/administer_utilities/logbrowser.php index 89894e3d2..9506c9d9f 100644 --- a/mod/logbrowser/views/default/admin/administer_utilities/logbrowser.php +++ b/mod/logbrowser/views/default/admin/administer_utilities/logbrowser.php @@ -15,11 +15,17 @@ if ($search_username) { $user = get_user_by_username($search_username); if ($user) { $user_guid = $user->guid; + } else { + $user_guid = null; } } else { $user_guid = get_input('user_guid', null); if ($user_guid) { $user_guid = (int) $user_guid; + $user = get_entity($user_guid); + if ($user) { + $search_username = $user->username; + } } else { $user_guid = null; } @@ -38,9 +44,10 @@ if ($timeupper) { $ip_address = get_input('ip_address'); $refine = elgg_view('logbrowser/refine', array( - 'user_guid' => $user_guid, 'timeupper' => $timeupper, 'timelower' => $timelower, + 'ip_address' => $ip_address, + 'username' => $search_username, )); // Get log entries @@ -49,6 +56,12 @@ $log = get_system_log($user_guid, "", "", "","", $limit, $offset, false, $timeup $count = get_system_log($user_guid, "", "", "","", $limit, $offset, true, $timeupper, $timelower, 0, $ip_address); +// if user does not exist, we have no results +if ($search_username && is_null($user_guid)) { + $log = false; + $count = 0; +} + $table = elgg_view('logbrowser/table', array('log_entries' => $log)); $nav = elgg_view('navigation/pagination',array( diff --git a/mod/logbrowser/views/default/forms/logbrowser/refine.php b/mod/logbrowser/views/default/forms/logbrowser/refine.php index 6ec5907b6..ebf7f10ed 100644 --- a/mod/logbrowser/views/default/forms/logbrowser/refine.php +++ b/mod/logbrowser/views/default/forms/logbrowser/refine.php @@ -3,35 +3,29 @@ * Form body for refining the log browser search. * Look for a particular person or in a time window. * - * @uses $vars['user_guid'] + * @uses $vars['username'] + * @uses $vars['ip_address'] * @uses $vars['timelower'] * @uses $vars['timeupper'] */ if (isset($vars['timelower'])) { - $lowerval = date('r',$vars['timelower']); + $lowerval = date('r', $vars['timelower']); } else { $lowerval = ""; } if (isset($vars['timeupper'])) { - $upperval = date('r',$vars['timeupper']); + $upperval = date('r', $vars['timeupper']); } else { $upperval = ""; } -if (isset($vars['user_guid'])) { - $user = get_entity($vars['user_guid']); - if ($user) { - $userval = $user->username; - } -} else { - $userval = ""; -} -$ip_address = elgg_extract('ip_address', ''); +$ip_address = elgg_extract('ip_address', $vars); +$username = elgg_extract('username', $vars); $form = "<div>" . elgg_echo('logbrowser:user'); $form .= elgg_view('input/text', array( 'name' => 'search_username', - 'value' => $userval, + 'value' => $username, )) . "</div>"; $form .= "<div>" . elgg_echo('logbrowser:ip_address'); diff --git a/mod/logbrowser/views/default/logbrowser/table.php b/mod/logbrowser/views/default/logbrowser/table.php index 9a867e080..1223c1456 100644 --- a/mod/logbrowser/views/default/logbrowser/table.php +++ b/mod/logbrowser/views/default/logbrowser/table.php @@ -82,4 +82,9 @@ $log_entries = $vars['log_entries']; $alt = $alt ? '' : 'class="alt"'; } ?> -</table>
\ No newline at end of file +</table> +<?php +if (!$log_entries) { + echo elgg_echo('logbrowser:no_result'); + return true; +} diff --git a/mod/messages/manifest.xml b/mod/messages/manifest.xml index 73a58d9d4..6e3462901 100644 --- a/mod/messages/manifest.xml +++ b/mod/messages/manifest.xml @@ -6,8 +6,8 @@ <category>bundled</category> <category>communication</category> <description>Elgg internal messages plugin. This plugin lets user send each other messages.</description> - <copyright>See COPYRIGHT.txt</copyright> <website>http://www.elgg.org/</website> + <copyright>See COPYRIGHT.txt</copyright> <license>GNU General Public License version 2</license> <requires> <type>elgg_release</type> diff --git a/mod/messages/pages/messages/read.php b/mod/messages/pages/messages/read.php index d41551be4..19e3ecdd7 100644 --- a/mod/messages/pages/messages/read.php +++ b/mod/messages/pages/messages/read.php @@ -9,7 +9,7 @@ gatekeeper(); $message = get_entity(get_input('guid')); if (!$message) { - forward(); + forward('messages/inbox'); } // mark the message as read diff --git a/mod/messages/start.php b/mod/messages/start.php index 1a2709324..2e61d6e21 100644 --- a/mod/messages/start.php +++ b/mod/messages/start.php @@ -356,16 +356,10 @@ function messages_count_unread() { "msg_msg.name_id='{$map['msg']}' AND msg_msg.value_id='{$map[1]}'", ), 'owner_guid' => $user_guid, - 'limit' => 0 + 'count' => true, ); - $num_messages = elgg_get_entities_from_metadata($options); - - if (is_array($num_messages)) { - return sizeof($num_messages); - } - - return 0; + return elgg_get_entities_from_metadata($options); } /** diff --git a/mod/messages/views/default/forms/messages/process.php b/mod/messages/views/default/forms/messages/process.php index f86c3217a..cb30792e9 100644 --- a/mod/messages/views/default/forms/messages/process.php +++ b/mod/messages/views/default/forms/messages/process.php @@ -19,10 +19,12 @@ echo $messages; echo '</div>'; echo '<div class="elgg-foot messages-buttonbank">'; + echo elgg_view('input/submit', array( 'value' => elgg_echo('delete'), 'name' => 'delete', - 'class' => 'elgg-button-delete', + 'class' => 'elgg-button-delete elgg-requires-confirmation', + 'title' => elgg_echo('deleteconfirm:plural'), )); if ($vars['folder'] == "inbox") { diff --git a/mod/notifications/actions/groupsave.php b/mod/notifications/actions/groupsave.php index c304cb856..7838f7e63 100644 --- a/mod/notifications/actions/groupsave.php +++ b/mod/notifications/actions/groupsave.php @@ -6,27 +6,42 @@ * @package ElggNotifications */ -// Load important global vars -global $NOTIFICATION_HANDLERS; +$current_user = elgg_get_logged_in_user_entity(); + +$guid = (int) get_input('guid', 0); +if (!$guid || !($user = get_entity($guid))) { + forward(); +} +if (($user->guid != $current_user->guid) && !$current_user->isAdmin()) { + forward(); +} // Get group memberships and condense them down to an array of guids $groups = array(); -if ($groupmemberships = elgg_get_entities_from_relationship(array('relationship' => 'member', 'relationship_guid' => elgg_get_logged_in_user_guid(), 'types' => 'group', 'limit' => 9999))) { +$options = array( + 'relationship' => 'member', + 'relationship_guid' => $user->guid, + 'types' => 'group', + 'limit' => 9999, +); +if ($groupmemberships = elgg_get_entities_from_relationship($options)) { foreach($groupmemberships as $groupmembership) { $groups[] = $groupmembership->guid; } -} +} +// Load important global vars +global $NOTIFICATION_HANDLERS; foreach($NOTIFICATION_HANDLERS as $method => $foo) { $subscriptions[$method] = get_input($method.'subscriptions'); $personal[$method] = get_input($method.'personal'); $collections[$method] = get_input($method.'collections'); if (!empty($groups)) { foreach($groups as $group) { - if (in_array($group,$subscriptions[$method])) { - add_entity_relationship(elgg_get_logged_in_user_guid(), 'notify'.$method, $group); + if (in_array($group, $subscriptions[$method])) { + add_entity_relationship($user->guid, 'notify'.$method, $group); } else { - remove_entity_relationship(elgg_get_logged_in_user_guid(), 'notify'.$method, $group); + remove_entity_relationship($user->guid, 'notify'.$method, $group); } } } diff --git a/mod/notifications/actions/save.php b/mod/notifications/actions/save.php index 163b656aa..3fe0001a3 100644 --- a/mod/notifications/actions/save.php +++ b/mod/notifications/actions/save.php @@ -6,9 +6,18 @@ * @package ElggNotifications */ -$user = elgg_get_logged_in_user_entity(); +$current_user = elgg_get_logged_in_user_entity(); + +$guid = (int) get_input('guid', 0); +if (!$guid || !($user = get_entity($guid))) { + forward(); +} +if (($user->guid != $current_user->guid) && !$current_user->isAdmin()) { + forward(); +} global $NOTIFICATION_HANDLERS; +$subscriptions = array(); foreach($NOTIFICATION_HANDLERS as $method => $foo) { $subscriptions[$method] = get_input($method.'subscriptions'); $personal[$method] = get_input($method.'personal'); diff --git a/mod/notifications/groups.php b/mod/notifications/groups.php index 45fb94e83..3347d4054 100644 --- a/mod/notifications/groups.php +++ b/mod/notifications/groups.php @@ -3,16 +3,16 @@ * Elgg notifications plugin group index * * @package ElggNotifications + * + * @uses $user ElggUser */ -// Load Elgg framework -require_once(dirname(dirname(dirname(__FILE__))) . '/engine/start.php'); - -// Ensure only logged-in users can see this page -gatekeeper(); +if (!isset($user) || !($user instanceof ElggUser)) { + $url = 'notifications/group/' . elgg_get_logged_in_user_entity()->username; + forward($url); +} -elgg_set_page_owner_guid(elgg_get_logged_in_user_guid()); -$user = elgg_get_page_owner_entity(); +elgg_set_page_owner_guid($user->guid); // Set the context to settings elgg_set_context('settings'); @@ -27,12 +27,15 @@ $people = array(); $groupmemberships = elgg_get_entities_from_relationship(array( 'relationship' => 'member', - 'relationship_guid' => elgg_get_logged_in_user_guid(), + 'relationship_guid' => $user->guid, 'types' => 'group', 'limit' => 9999, )); -$body = elgg_view_form('notificationsettings/groupsave', array(), array('groups' => $groupmemberships)); +$body = elgg_view_form('notificationsettings/groupsave', array(), array( + 'groups' => $groupmemberships, + 'user' => $user, +)); $params = array( 'content' => $body, diff --git a/mod/notifications/index.php b/mod/notifications/index.php index 882389fde..cd1857f04 100644 --- a/mod/notifications/index.php +++ b/mod/notifications/index.php @@ -3,16 +3,16 @@ * Elgg notifications plugin index * * @package ElggNotifications + * + * @uses $user ElggUser */ -// Load Elgg framework -require_once(dirname(dirname(dirname(__FILE__))) . '/engine/start.php'); - -// Ensure only logged-in users can see this page -gatekeeper(); +if (!isset($user) || !($user instanceof ElggUser)) { + $url = 'notifications/personal/' . elgg_get_logged_in_user_entity()->username; + forward($url); +} -elgg_set_page_owner_guid(elgg_get_logged_in_user_guid()); -$user = elgg_get_page_owner_entity(); +elgg_set_page_owner_guid($user->guid); // Set the context to settings elgg_set_context('settings'); @@ -26,7 +26,7 @@ elgg_push_breadcrumb($title); $people = array(); if ($people_ents = elgg_get_entities_from_relationship(array( 'relationship' => 'notify', - 'relationship_guid' => elgg_get_logged_in_user_guid(), + 'relationship_guid' => $user->guid, 'types' => 'user', 'limit' => 99999, ))) { @@ -36,7 +36,10 @@ if ($people_ents = elgg_get_entities_from_relationship(array( } } -$body = elgg_view('notifications/subscriptions/form', array('people' => $people)); +$body = elgg_view('notifications/subscriptions/form', array( + 'people' => $people, + 'user' => $user, +)); $params = array( 'content' => $body, diff --git a/mod/notifications/languages/en.php b/mod/notifications/languages/en.php index b29c9df25..0f2ba2304 100644 --- a/mod/notifications/languages/en.php +++ b/mod/notifications/languages/en.php @@ -8,7 +8,7 @@ $english = array( 'notifications:subscriptions:personal:title' => 'Personal notifications', 'notifications:subscriptions:friends:title' => 'Friends', - 'notifications:subscriptions:friends:description' => 'The following is an automatic collection made up of your friends. To receive updates select below. This will affect the corresponding users in the main notification settings panel at the bottom of the page. ', + 'notifications:subscriptions:friends:description' => 'Below are collections of your friends. Selecting a collection turns on notifications for the users in that collection.', 'notifications:subscriptions:collections:edit' => 'To edit your shared access notifications, click here.', 'notifications:subscriptions:changesettings' => 'Notifications', diff --git a/mod/notifications/start.php b/mod/notifications/start.php index 761f17e40..b76b0aa1e 100644 --- a/mod/notifications/start.php +++ b/mod/notifications/start.php @@ -25,7 +25,7 @@ function notifications_plugin_init() { // update notifications when new friend or access collection membership elgg_register_event_handler('create', 'friend', 'notifications_update_friend_notify'); - elgg_register_plugin_hook_handler('access:collections:add-user', 'collection', 'notifications_update_collection_notify'); + elgg_register_plugin_hook_handler('access:collections:add_user', 'collection', 'notifications_update_collection_notify'); $actions_base = elgg_get_plugins_path() . 'notifications/actions'; elgg_register_action("notificationsettings/save", "$actions_base/save.php"); @@ -40,13 +40,25 @@ function notifications_plugin_init() { */ function notifications_page_handler($page) { + gatekeeper(); + $current_user = elgg_get_logged_in_user_entity(); + // default to personal notifications if (!isset($page[0])) { $page[0] = 'personal'; } + if (!isset($page[1])) { + forward("notifications/{$page[0]}/{$current_user->username}"); + } + + $user = get_user_by_username($page[1]); + if (($user->guid != $current_user->guid) && !$current_user->isAdmin()) { + forward(); + } $base = elgg_get_plugins_path() . 'notifications'; + // note: $user passed in switch ($page[0]) { case 'group': require "$base/groups.php"; @@ -66,12 +78,16 @@ function notifications_page_handler($page) { */ function notifications_plugin_pagesetup() { if (elgg_get_context() == "settings" && elgg_get_logged_in_user_guid()) { - $user = elgg_get_logged_in_user_entity(); + + $user = elgg_get_page_owner_entity(); + if (!$user) { + $user = elgg_get_logged_in_user_entity(); + } $params = array( 'name' => '2_a_user_notify', 'text' => elgg_echo('notifications:subscriptions:changesettings'), - 'href' => "notifications/personal", + 'href' => "notifications/personal/{$user->username}", ); elgg_register_menu_item('page', $params); @@ -79,7 +95,7 @@ function notifications_plugin_pagesetup() { $params = array( 'name' => '2_group_notify', 'text' => elgg_echo('notifications:subscriptions:changesettings:groups'), - 'href' => "notifications/group", + 'href' => "notifications/group/{$user->username}", ); elgg_register_menu_item('page', $params); } @@ -178,7 +194,7 @@ function notifications_update_collection_notify($event, $object_type, $returnval } if (in_array($collection_id, $collections_preferences)) { // notifications are on for this collection so we add/remove - if ($event == 'access:collections:add-user') { + if ($event == 'access:collections:add_user') { add_entity_relationship($user->guid, "notify$method", $member_guid); } elseif ($event == 'access:collections:remove_user') { // removing someone from an access collection is not a guarantee diff --git a/mod/notifications/views/default/forms/notificationsettings/groupsave.php b/mod/notifications/views/default/forms/notificationsettings/groupsave.php index 61b94ff8b..168639ab2 100644 --- a/mod/notifications/views/default/forms/notificationsettings/groupsave.php +++ b/mod/notifications/views/default/forms/notificationsettings/groupsave.php @@ -3,13 +3,18 @@ * Elgg notifications groups subscription form * * @package ElggNotifications + * + * @uses $vars['user'] ElggUser */ +/* @var ElggUser $user */ +$user = $vars['user']; + global $NOTIFICATION_HANDLERS; foreach ($NOTIFICATION_HANDLERS as $method => $foo) { $subsbig[$method] = elgg_get_entities_from_relationship(array( 'relationship' => 'notify' . $method, - 'relationship_guid' => elgg_get_logged_in_user_guid(), + 'relationship_guid' => $user->guid, 'types' => 'group', 'limit' => 99999, )); @@ -97,6 +102,7 @@ END; <?php } echo '<div class="elgg-foot mtm">'; + echo elgg_view('input/hidden', array('name' => 'guid', 'value' => $user->guid)); echo elgg_view('input/submit', array('value' => elgg_echo('save'))); echo '</div>'; diff --git a/mod/notifications/views/default/forms/notificationsettings/save.php b/mod/notifications/views/default/forms/notificationsettings/save.php index ff32d8558..9470256ca 100644 --- a/mod/notifications/views/default/forms/notificationsettings/save.php +++ b/mod/notifications/views/default/forms/notificationsettings/save.php @@ -1,13 +1,21 @@ <?php /** * Personal notifications form body + * + * @uses $vars['user'] ElggUser */ -echo elgg_view('notifications/subscriptions/personal'); -echo elgg_view('notifications/subscriptions/collections'); -echo elgg_view('notifications/subscriptions/forminternals'); +/* @var ElggUser $user */ +$user = $vars['user']; + +echo elgg_view('notifications/subscriptions/personal', $vars); +echo elgg_view('notifications/subscriptions/collections', $vars); +echo elgg_view('notifications/subscriptions/forminternals', $vars); ?> <div class="elgg-foot"> -<?php echo elgg_view('input/submit', array('value' => elgg_echo('save'))); ?> +<?php +echo elgg_view('input/hidden', array('name' => 'guid', 'value' => $user->guid)); +echo elgg_view('input/submit', array('value' => elgg_echo('save'))); +?> </div> diff --git a/mod/notifications/views/default/notifications/subscriptions/collections.php b/mod/notifications/views/default/notifications/subscriptions/collections.php index 28d9fb5b8..207b2e3b9 100644 --- a/mod/notifications/views/default/notifications/subscriptions/collections.php +++ b/mod/notifications/views/default/notifications/subscriptions/collections.php @@ -1,4 +1,12 @@ -<?php //@todo JS 1.8: no ?> +<?php +/** + * @uses $vars['user'] ElggUser + */ + +/* @var ElggUser $user */ +$user = $vars['user']; + +//@todo JS 1.8: no ?> <script type="text/javascript"> function setCollection(members, method, id) { @@ -42,7 +50,7 @@ </tr> <?php $members = array(); - if ($friends = get_user_friends(elgg_get_logged_in_user_guid(), '', 9999, 0)) { + if ($friends = get_user_friends($user->guid, '', 9999, 0)) { foreach($friends as $friend) { $members[] = $friend->guid; } @@ -63,7 +71,7 @@ $i = 0; foreach($NOTIFICATION_HANDLERS as $method => $foo) { $metaname = 'collections_notifications_preferences_' . $method; - if ($collections_preferences = elgg_get_logged_in_user_entity()->$metaname) { + if ($collections_preferences = $user->$metaname) { if (!empty($collections_preferences) && !is_array($collections_preferences)) { $collections_preferences = array($collections_preferences); } @@ -91,15 +99,18 @@ END; <td> </td> </tr> <?php -/* - @todo - collections removed from notifications - they are no longer used and will be replaced with shared access collections - - if ($collections = get_user_access_collections(elgg_get_logged_in_user_guid())) { - foreach($collections as $collection) { + + if ($collections = get_user_access_collections($user->guid)) { + foreach ($collections as $collection) { $members = get_members_of_access_collection($collection->id, true); - $memberno = sizeof($members); - $members = implode(',', $members); + $memberno = 0; + if ($members) { + $memberno = sizeof($members); + $members = implode(',', $members); + } else { + $members = ''; + } + ?> <tr> @@ -115,7 +126,7 @@ END; $i = 0; foreach($NOTIFICATION_HANDLERS as $method => $foo) { $metaname = 'collections_notifications_preferences_' . $method; - if ($collections_preferences = elgg_get_logged_in_user_entity()->$metaname) { + if ($collections_preferences = $user->$metaname) { if (!empty($collections_preferences) && !is_array($collections_preferences)) { $collections_preferences = array($collections_preferences); } @@ -148,7 +159,6 @@ END; } } -*/ ?> </table> </div> diff --git a/mod/notifications/views/default/notifications/subscriptions/form.php b/mod/notifications/views/default/notifications/subscriptions/form.php index f2f6238f9..559354eff 100644 --- a/mod/notifications/views/default/notifications/subscriptions/form.php +++ b/mod/notifications/views/default/notifications/subscriptions/form.php @@ -1,11 +1,12 @@ <?php /** * Elgg personal notifications + * + * @uses $vars['user'] ElggUser that owns the notification settings */ - -echo elgg_view('subscriptions/form/additions',$vars); - -// Display a description +// @todo is this a view for extensions? +echo elgg_view('subscriptions/form/additions', $vars); -echo elgg_view_form('notificationsettings/save', array('class' => 'elgg-form-alt')); +$form_vars = array('class' => 'elgg-form-alt'); +echo elgg_view_form('notificationsettings/save', $form_vars, $vars); diff --git a/mod/notifications/views/default/notifications/subscriptions/forminternals.php b/mod/notifications/views/default/notifications/subscriptions/forminternals.php index e89ce02be..11f266303 100644 --- a/mod/notifications/views/default/notifications/subscriptions/forminternals.php +++ b/mod/notifications/views/default/notifications/subscriptions/forminternals.php @@ -1,8 +1,13 @@ <?php /** * Hacked up friends picker that needs to be replaced + * + * @uses $vars['user'] ElggUser */ +/* @var ElggUser $user */ +$user = $vars['user']; + elgg_load_js('elgg.friendspicker'); elgg_load_js('jquery.easing'); @@ -19,11 +24,16 @@ elgg_load_js('jquery.easing'); <?php // Get friends and subscriptions -$friends = get_user_friends(elgg_get_logged_in_user_guid(),'',9999,0); +$friends = get_user_friends($user->guid, '', 9999, 0); global $NOTIFICATION_HANDLERS; foreach($NOTIFICATION_HANDLERS as $method => $foo) { - $subsbig[$method] = elgg_get_entities_from_relationship(array('relationship' => 'notify' . $method, 'relationship_guid' => elgg_get_logged_in_user_guid(), 'types' => 'user', 'limit' => 99999)); + $subsbig[$method] = elgg_get_entities_from_relationship(array( + 'relationship' => 'notify' . $method, + 'relationship_guid' => $user->guid, + 'types' => 'user', + 'limit' => 99999, + )); } $subs = array(); @@ -88,9 +98,9 @@ if (isset($vars['formtarget'])) { // Sort users by letter if (is_array($friends) && sizeof($friends)) { - foreach($friends as $user) { + foreach($friends as $friend) { - $letter = elgg_substr($user->name,0,1); + $letter = elgg_substr($friend->name,0,1); $letter = elgg_strtoupper($letter); if (!elgg_substr_count($chararray,$letter)) { $letter = "*"; @@ -98,7 +108,7 @@ if (is_array($friends) && sizeof($friends)) { if (!isset($users[$letter])) { $users[$letter] = array(); } - $users[$letter][$user->guid] = $user; + $users[$letter][$friend->guid] = $friend; } } diff --git a/mod/notifications/views/default/notifications/subscriptions/personal.php b/mod/notifications/views/default/notifications/subscriptions/personal.php index 7dac908fc..cf05426e2 100644 --- a/mod/notifications/views/default/notifications/subscriptions/personal.php +++ b/mod/notifications/views/default/notifications/subscriptions/personal.php @@ -1,4 +1,10 @@ <?php +/** + * @uses $vars['user'] ElggUser + */ + +/* @var ElggUser $user */ +$user = $vars['user']; global $NOTIFICATION_HANDLERS; @@ -40,7 +46,7 @@ foreach($NOTIFICATION_HANDLERS as $method => $foo) { $fields = ''; $i = 0; foreach($NOTIFICATION_HANDLERS as $method => $foo) { - if ($notification_settings = get_user_notification_settings(elgg_get_logged_in_user_guid())) { + if ($notification_settings = get_user_notification_settings($user->guid)) { if ($notification_settings->$method) { $personalchecked[$method] = 'checked="checked"'; } else { diff --git a/mod/pages/lib/pages.php b/mod/pages/lib/pages.php index dbf7b8917..9a9ba12e9 100644 --- a/mod/pages/lib/pages.php +++ b/mod/pages/lib/pages.php @@ -81,6 +81,10 @@ function pages_register_navigation_tree($container) { 'limit' => 0, )); + if (!$top_pages) { + return; + } + foreach ($top_pages as $page) { elgg_register_menu_item('pages_nav', array( 'name' => $page->getGUID(), @@ -99,16 +103,18 @@ function pages_register_navigation_tree($container) { 'metadata_value' => $parent->getGUID(), 'limit' => 0, )); - - foreach ($children as $child) { - elgg_register_menu_item('pages_nav', array( - 'name' => $child->getGUID(), - 'text' => $child->title, - 'href' => $child->getURL(), - 'parent_name' => $parent->getGUID(), - )); - array_push($stack, $child); + + if ($children) { + foreach ($children as $child) { + elgg_register_menu_item('pages_nav', array( + 'name' => $child->getGUID(), + 'text' => $child->title, + 'href' => $child->getURL(), + 'parent_name' => $parent->getGUID(), + )); + array_push($stack, $child); + } } } } -}
\ No newline at end of file +} diff --git a/mod/pages/pages/pages/history.php b/mod/pages/pages/pages/history.php index a63b37a7a..872596179 100644 --- a/mod/pages/pages/pages/history.php +++ b/mod/pages/pages/pages/history.php @@ -30,7 +30,12 @@ elgg_push_breadcrumb(elgg_echo('pages:history')); $title = $page->title . ": " . elgg_echo('pages:history'); -$content = list_annotations($page_guid, 'page', 20, false); +$content = elgg_list_annotations(array( + 'guid' => $page_guid, + 'annotation_name' => 'page', + 'limit' => 20, + 'order_by' => "n_table.time_created desc" +)); $body = elgg_view_layout('content', array( 'filter' => '', diff --git a/mod/pages/pages/pages/view.php b/mod/pages/pages/pages/view.php index 81477a8d4..e1c3fdbfd 100644 --- a/mod/pages/pages/pages/view.php +++ b/mod/pages/pages/pages/view.php @@ -8,7 +8,9 @@ $page_guid = get_input('guid'); $page = get_entity($page_guid); if (!$page) { - forward(); + register_error(elgg_echo('noaccess')); + $_SESSION['last_forward_from'] = current_page_url(); + forward(''); } elgg_set_page_owner_guid($page->getContainerGUID()); @@ -32,7 +34,8 @@ elgg_push_breadcrumb($title); $content = elgg_view_entity($page, array('full_view' => true)); $content .= elgg_view_comments($page); -if (elgg_is_admin_logged_in() || elgg_get_logged_in_user_guid() == $page->getOwnerGuid()) { +// can add subpage if can edit this page and write to container (such as a group) +if ($page->canEdit() && $container->canWriteToContainer(0, 'object', 'page')) { $url = "pages/add/$page->guid"; elgg_register_menu_item('title', array( 'name' => 'subpage', diff --git a/mod/pages/start.php b/mod/pages/start.php index 834e98870..6b0ad38b0 100644 --- a/mod/pages/start.php +++ b/mod/pages/start.php @@ -30,7 +30,6 @@ function pages_init() { // Register some actions $action_base = elgg_get_plugins_path() . 'pages/actions/pages'; elgg_register_action("pages/edit", "$action_base/edit.php"); - elgg_register_action("pages/editwelcome", "$action_base/editwelcome.php"); elgg_register_action("pages/delete", "$action_base/delete.php"); // Extend the main css view @@ -106,10 +105,6 @@ function pages_page_handler($page) { elgg_load_library('elgg:pages'); - // add the jquery treeview files for navigation - elgg_load_js('jquery-treeview'); - elgg_load_css('jquery-treeview'); - if (!isset($page[0])) { $page[0] = 'all'; } diff --git a/mod/pages/views/default/object/page_top.php b/mod/pages/views/default/object/page_top.php index e78289f28..945a22eed 100644 --- a/mod/pages/views/default/object/page_top.php +++ b/mod/pages/views/default/object/page_top.php @@ -45,7 +45,6 @@ $editor_link = elgg_view('output/url', array( $date = elgg_view_friendly_time($annotation->time_created); $editor_text = elgg_echo('pages:strapline', array($date, $editor_link)); -$tags = elgg_view('output/tags', array('tags' => $page->tags)); $categories = elgg_view('output/categories', $vars); $comments_count = $page->countComments(); @@ -82,7 +81,6 @@ if ($full) { 'entity' => $page, 'metadata' => $metadata, 'subtitle' => $subtitle, - 'tags' => $tags, ); $params = $params + $vars; $summary = elgg_view('object/elements/summary', $params); @@ -104,7 +102,6 @@ if ($full) { 'entity' => $page, 'metadata' => $metadata, 'subtitle' => $subtitle, - 'tags' => $tags, 'content' => $excerpt, ); $params = $params + $vars; diff --git a/mod/pages/views/default/pages/sidebar/navigation.php b/mod/pages/views/default/pages/sidebar/navigation.php index fe017b1a7..65eb500c8 100644 --- a/mod/pages/views/default/pages/sidebar/navigation.php +++ b/mod/pages/views/default/pages/sidebar/navigation.php @@ -5,6 +5,11 @@ * @uses $vars['page'] Page object if manually setting selected item */ +// add the jquery treeview files for navigation +elgg_load_js('jquery-treeview'); +elgg_load_css('jquery-treeview'); + + $selected_page = elgg_extract('page', $vars, false); if ($selected_page) { $url = $selected_page->getURL(); @@ -51,4 +56,3 @@ if ($selected_page) { }); </script> - diff --git a/mod/profile/icondirect.php b/mod/profile/icondirect.php index 6c3148f2b..c4439f78c 100644 --- a/mod/profile/icondirect.php +++ b/mod/profile/icondirect.php @@ -11,6 +11,12 @@ require_once(dirname(dirname(dirname(__FILE__))). '/engine/settings.php'); global $CONFIG; +// won't be able to serve anything if no joindate or guid +if (!isset($_GET['joindate']) || !isset($_GET['guid'])) { + header("HTTP/1.1 404 Not Found"); + exit; +} + $join_date = (int)$_GET['joindate']; $last_cache = (int)$_GET['lastcache']; // icontime $guid = (int)$_GET['guid']; diff --git a/mod/profile/start.php b/mod/profile/start.php index abe044632..ab596f235 100644 --- a/mod/profile/start.php +++ b/mod/profile/start.php @@ -56,6 +56,8 @@ function profile_page_handler($page) { $username = $page[0]; $user = get_user_by_username($username); elgg_set_page_owner_guid($user->guid); + } elseif (elgg_is_logged_in()) { + forward(elgg_get_logged_in_user_entity()->getURL()); } // short circuit if invalid or banned username diff --git a/mod/reportedcontent/views/default/widgets/reportedcontent/content.php b/mod/reportedcontent/views/default/widgets/reportedcontent/content.php index 4f8906ef2..4c6595653 100644 --- a/mod/reportedcontent/views/default/widgets/reportedcontent/content.php +++ b/mod/reportedcontent/views/default/widgets/reportedcontent/content.php @@ -7,6 +7,7 @@ $list = elgg_list_entities(array( 'types' => 'object', 'subtypes' => 'reported_content', 'limit' => $vars['entity']->num_display, + 'pagination' => false, )); if (!$list) { $list = '<p class="mtm">' . elgg_echo('reportedcontent:none') . '</p>'; diff --git a/mod/search/views/default/search/search_box.php b/mod/search/views/default/search/search_box.php index 87d59519c..ff12ae4f0 100644 --- a/mod/search/views/default/search/search_box.php +++ b/mod/search/views/default/search/search_box.php @@ -38,6 +38,7 @@ $display_query = htmlspecialchars($display_query, ENT_QUOTES, 'UTF-8', false); <form class="<?php echo $class; ?>" action="<?php echo elgg_get_site_url(); ?>search" method="get"> <fieldset> <input type="text" class="search-input" size="21" name="q" value="<?php echo elgg_echo('search'); ?>" onblur="if (this.value=='') { this.value='<?php echo elgg_echo('search'); ?>' }" onfocus="if (this.value=='<?php echo elgg_echo('search'); ?>') { this.value='' };" /> + <input type="hidden" name="search_type" value="all" /> <input type="submit" value="<?php echo elgg_echo('search:go'); ?>" class="search-submit-button" /> </fieldset> -</form>
\ No newline at end of file +</form> diff --git a/mod/thewire/actions/delete.php b/mod/thewire/actions/delete.php index 58502a7e7..38355d25e 100644 --- a/mod/thewire/actions/delete.php +++ b/mod/thewire/actions/delete.php @@ -24,7 +24,7 @@ if ($thewire->getSubtype() == "thewire" && $thewire->canEdit()) { } // Get owning user - $owner = get_entity($thewire->getOwner()); + $owner = get_entity($thewire->getOwnerGUID()); // Delete it $rowsaffected = $thewire->delete(); diff --git a/mod/thewire/pages/thewire/view.php b/mod/thewire/pages/thewire/view.php new file mode 100644 index 000000000..1709e5e9a --- /dev/null +++ b/mod/thewire/pages/thewire/view.php @@ -0,0 +1,31 @@ +<?php +/** + * View individual wire post + */ + +$post = get_entity(get_input('guid')); +if (!$post) { + register_error(elgg_echo('noaccess')); + $_SESSION['last_forward_from'] = current_page_url(); + forward(''); +} +$owner = $post->getOwnerEntity(); +if (!$owner) { + forward(); +} + +$title = elgg_echo('thewire:by', array($owner->name)); + +elgg_push_breadcrumb(elgg_echo('thewire'), 'thewire/all'); +elgg_push_breadcrumb($owner->name, 'thewire/owner/' . $owner->username); +elgg_push_breadcrumb($title); + +$content = elgg_view_entity($post); + +$body = elgg_view_layout('content', array( + 'filter' => false, + 'content' => $content, + 'title' => $title, +)); + +echo elgg_view_page($title, $body); diff --git a/mod/thewire/start.php b/mod/thewire/start.php index 5d5786e2f..1ba48263a 100644 --- a/mod/thewire/start.php +++ b/mod/thewire/start.php @@ -37,7 +37,7 @@ function thewire_init() { elgg_register_plugin_hook_handler('register', 'menu:entity', 'thewire_setup_entity_menu_items'); // Extend system CSS with our own styles, which are defined in the thewire/css view - elgg_extend_view('css', 'thewire/css'); + elgg_extend_view('css/elgg', 'thewire/css'); //extend views elgg_extend_view('activity/thewire', 'thewire/activity_view'); @@ -77,7 +77,8 @@ function thewire_init() { * thewire/owner/<username> View this user's wire posts * thewire/following/<username> View the posts of those this user follows * thewire/reply/<guid> Reply to a post - * thewire/view/<guid> View a conversation thread + * thewire/view/<guid> View a post + * thewire/thread/<id> View a conversation thread * thewire/tag/<tag> View wire posts tagged with <tag> * * @param array $page From the page_handler function @@ -104,6 +105,13 @@ function thewire_page_handler($page) { include "$base_dir/owner.php"; break; + case "view": + if (isset($page[1])) { + set_input('guid', $page[1]); + } + include "$base_dir/view.php"; + break; + case "thread": if (isset($page[1])) { set_input('thread_id', $page[1]); diff --git a/mod/thewire/views/default/js/thewire.php b/mod/thewire/views/default/js/thewire.php index 0a6eba134..ba8f35050 100644 --- a/mod/thewire/views/default/js/thewire.php +++ b/mod/thewire/views/default/js/thewire.php @@ -34,11 +34,11 @@ elgg.thewire.textCounter = function(textarea, status, limit) { status.html(remaining_chars); if (remaining_chars < 0) { - status.parent().css("color", "#D40D12"); + status.parent().addClass("thewire-characters-remaining-warning"); $("#thewire-submit-button").attr('disabled', 'disabled'); $("#thewire-submit-button").addClass('elgg-state-disabled'); } else { - status.parent().css("color", ""); + status.parent().removeClass("thewire-characters-remaining-warning"); $("#thewire-submit-button").removeAttr('disabled', 'disabled'); $("#thewire-submit-button").removeClass('elgg-state-disabled'); } @@ -57,16 +57,16 @@ elgg.thewire.viewPrevious = function(event) { var postGuid = $link.attr("href").split("/").pop(); var $previousDiv = $("#thewire-previous-" + postGuid); - if ($link.html() == "<?php echo elgg_echo('thewire:hide'); ?>") { - $link.html("<?php echo elgg_echo('thewire:previous'); ?>"); - $link.attr("title", "<?php echo elgg_echo('thewire:previous:help'); ?>"); + if ($link.html() == elgg.echo('thewire:hide')) { + $link.html(elgg.echo('thewire:previous')); + $link.attr("title", elgg.echo('thewire:previous:help')); $previousDiv.slideUp(400); } else { - $link.html("<?php echo elgg_echo('thewire:hide'); ?>"); - $link.attr("title", "<?php echo elgg_echo('thewire:hide:help'); ?>"); + $link.html(elgg.echo('thewire:hide')); + $link.attr("title", elgg.echo('thewire:hide:help')); $.ajax({type: "GET", - url: "<?php echo $site_url . "ajax/view/thewire/previous"; ?>", + url: elgg.config.wwwroot + "ajax/view/thewire/previous", dataType: "html", cache: false, data: {guid: postGuid}, diff --git a/mod/thewire/views/default/thewire/css.php b/mod/thewire/views/default/thewire/css.php index d1ef31993..d11cce74a 100644 --- a/mod/thewire/views/default/thewire/css.php +++ b/mod/thewire/views/default/thewire/css.php @@ -27,6 +27,9 @@ The Wire text-align: right; background: white; } +.thewire-characters-remaining-warning { + color: #D40D12 !important; +} .thewire-parent { margin-left: 40px; } diff --git a/mod/tinymce/README.txt b/mod/tinymce/README.txt new file mode 100644 index 000000000..2814e9390 --- /dev/null +++ b/mod/tinymce/README.txt @@ -0,0 +1,10 @@ +Adding a language +====================== +1. Download the language pack from [TinyMCE][1] +2. Extract the files from the zip file. +3. Copy the langs, plugins, and themes directories into mod/tinymce/vendor/tinymce/jscripts/tiny_mce/. +There are already directories with those names. You do not want to delete those directories. +Instead, copy the new directories on top of the old ones. +4. Flush the Elgg caches. + +[1]: http://www.tinymce.com/i18n/index.php?ctrl=lang&act=download "TinyMCE" diff --git a/mod/tinymce/activate.php b/mod/tinymce/activate.php new file mode 100644 index 000000000..6f5cc8d50 --- /dev/null +++ b/mod/tinymce/activate.php @@ -0,0 +1,14 @@ +<?php +/** + * Prompt the user to install a tinymce language after activating + */ + +if (elgg_get_config('language') != tinymce_get_site_language()) { + $message = elgg_echo('tinymce:lang_notice', array( + elgg_echo(elgg_get_config('language')), + "http://www.tinymce.com/i18n/index.php?ctrl=lang&act=download", + elgg_get_plugins_path() . "tinymce/vendor/tinymce/jscripts/tiny_mce/", + elgg_add_action_tokens_to_url(elgg_normalize_url('action/admin/site/flush_cache')), + )); + elgg_add_admin_notice('tinymce_admin_notice_no_lang', $message); +} diff --git a/mod/tinymce/languages/en.php b/mod/tinymce/languages/en.php index 811e93492..b2702549c 100644 --- a/mod/tinymce/languages/en.php +++ b/mod/tinymce/languages/en.php @@ -9,6 +9,7 @@ $english = array( 'tinymce:remove' => "Remove editor", 'tinymce:add' => "Add editor", 'tinymce:word_count' => 'Word count: ', + 'tinymce:lang_notice' => "Your site language is %s but it isn't installed for TinyMCE. Get it <a target=\"_blank\" href=\"%s\">here</a> and copy it to %s. Then, <a href=\"%s\">flush the caches</a>. See the TinyMCE README for more details.", ); -add_translation("en", $english);
\ No newline at end of file +add_translation("en", $english); diff --git a/mod/tinymce/start.php b/mod/tinymce/start.php index 48625f456..6aba837e0 100644 --- a/mod/tinymce/start.php +++ b/mod/tinymce/start.php @@ -33,3 +33,15 @@ function tinymce_longtext_menu($hook, $type, $items, $vars) { return $items; } + +function tinymce_get_site_language() { + + if ($site_language = elgg_get_config('language')) { + $path = elgg_get_plugins_path() . "tinymce/vendor/tinymce/jscripts/tiny_mce/langs"; + if (file_exists("$path/$site_language.js")) { + return $site_language; + } + } + + return 'en'; +} diff --git a/mod/tinymce/views/default/js/tinymce.php b/mod/tinymce/views/default/js/tinymce.php index e6e2865a5..51e99c223 100644 --- a/mod/tinymce/views/default/js/tinymce.php +++ b/mod/tinymce/views/default/js/tinymce.php @@ -38,6 +38,7 @@ elgg.tinymce.init = function() { mode : "specific_textareas", editor_selector : "elgg-input-longtext", theme : "advanced", + language : "<?php echo tinymce_get_site_language(); ?>", plugins : "lists,spellchecker,autosave,fullscreen,paste", relative_urls : false, remove_script_host : false, @@ -86,4 +87,4 @@ elgg.tinymce.init = function() { } } -elgg.register_hook_handler('init', 'system', elgg.tinymce.init);
\ No newline at end of file +elgg.register_hook_handler('init', 'system', elgg.tinymce.init); diff --git a/mod/uservalidationbyemail/start.php b/mod/uservalidationbyemail/start.php index ea59a2e7b..f98f57faf 100644 --- a/mod/uservalidationbyemail/start.php +++ b/mod/uservalidationbyemail/start.php @@ -184,7 +184,11 @@ function uservalidationbyemail_page_handler($page) { $user->enable(); elgg_pop_context(); - login($user); + try { + login($user); + } catch(LoginException $e){ + register_error($e->getMessage()); + } } else { register_error(elgg_echo('email:confirm:fail')); } diff --git a/upgrade.php b/upgrade.php index 963523200..60764ba93 100644 --- a/upgrade.php +++ b/upgrade.php @@ -27,6 +27,9 @@ if (get_input('upgrade') == 'upgrade') { if (elgg_get_unprocessed_upgrades()) { version_upgrade(); } + + // turn off time limit so plugins that have upgrade scripts aren't interrupted + set_time_limit(0); elgg_trigger_event('upgrade', 'system', null); elgg_invalidate_simplecache(); elgg_reset_system_cache(); diff --git a/version.php b/version.php index 4f028bfd6..dda087c52 100644 --- a/version.php +++ b/version.php @@ -11,7 +11,7 @@ // YYYYMMDD = Elgg Date // XX = Interim incrementer -$version = 2012041801; +$version = 2012071100; // Human-friendly version name -$release = '1.8.5'; +$release = '1.8.8'; diff --git a/views/default/admin/statistics/server/php.php b/views/default/admin/statistics/server/php.php index 4a59b95fb..7c6a51383 100644 --- a/views/default/admin/statistics/server/php.php +++ b/views/default/admin/statistics/server/php.php @@ -8,6 +8,15 @@ if (!$php_log) { $php_log = elgg_echo('admin:server:error_log'); } +$post_max_size = elgg_get_ini_setting_in_bytes('post_max_size'); +$upload_max_filesize = elgg_get_ini_setting_in_bytes('upload_max_filesize'); + +$post_max_size_warning = ''; +if ($upload_max_filesize > $post_max_size) { + // @todo show a link to something like http://nigel.mcnie.name/blog/uploadmaxfilesizepostmaxsize-experimentation ? + $post_max_size_warning = elgg_echo('admin:server:warning:post_max_too_small'); +} + ?> <table class="elgg-table-alt"> <tr class="odd"> @@ -30,4 +39,12 @@ if (!$php_log) { <td><b><?php echo elgg_echo('admin:server:label:mem_used'); ?> :</b></td> <td><?php echo number_format(memory_get_peak_usage()); ?></td> </tr> + <tr class="even"> + <td><b><?php echo elgg_echo('admin:server:label:post_max_size'); ?> :</b></td> + <td><?php echo number_format($post_max_size); ?></td> + </tr> + <tr class="odd"> + <td><b><?php echo elgg_echo('admin:server:label:upload_max_filesize'); ?> :</b></td> + <td><?php echo number_format($upload_max_filesize) . ' ' . $post_max_size_warning; ?></td> + </tr> </table> diff --git a/views/default/core/avatar/upload.php b/views/default/core/avatar/upload.php index 29aa59c9c..6f9124192 100644 --- a/views/default/core/avatar/upload.php +++ b/views/default/core/avatar/upload.php @@ -12,12 +12,12 @@ $user_avatar = elgg_view('output/img', array( $current_label = elgg_echo('avatar:current'); -$revert_button = ''; +$remove_button = ''; if ($vars['entity']->icontime) { - $revert_button = elgg_view('output/url', array( - 'text' => elgg_echo('revert'), - 'title' => elgg_echo('avatar:revert'), - 'href' => 'action/avatar/revert?guid=' . elgg_get_page_owner_guid(), + $remove_button = elgg_view('output/url', array( + 'text' => elgg_echo('remove'), + 'title' => elgg_echo('avatar:remove'), + 'href' => 'action/avatar/remove?guid=' . elgg_get_page_owner_guid(), 'is_action' => true, 'class' => 'elgg-button elgg-button-cancel mll', )); @@ -39,7 +39,7 @@ $image = <<<HTML <label>$current_label</label><br /> $user_avatar </div> -$revert_button +$remove_button HTML; $body = <<<HTML diff --git a/views/default/core/friends/collection.php b/views/default/core/friends/collection.php index b7913da5f..1a330af01 100644 --- a/views/default/core/friends/collection.php +++ b/views/default/core/friends/collection.php @@ -43,7 +43,7 @@ if ($friends) { echo elgg_view('input/friendspicker', array( 'entities' => $friends, - 'value' => $members, + 'value' => $vars['collection']->members, 'content' => $content, 'replacement' => '', 'friendspicker' => $vars['friendspicker'], diff --git a/views/default/core/river/filter.php b/views/default/core/river/filter.php index 87380b561..9b7fadaa8 100644 --- a/views/default/core/river/filter.php +++ b/views/default/core/river/filter.php @@ -34,17 +34,5 @@ if ($selector) { $params['value'] = $selector; } echo elgg_view('input/dropdown', $params); -?> -<?php //@todo JS 1.8: no ?> -<script type="text/javascript"> -elgg.register_hook_handler('init', 'system', function() { - $('#elgg-river-selector').change(function() { - var url = window.location.href; - if (window.location.search.length) { - url = url.substring(0, url.indexOf('?')); - } - url += '?' + $(this).val(); - elgg.forward(url); - }); -}); -</script> + +elgg_load_js('elgg.ui.river'); diff --git a/views/default/core/settings/account/default_access.php b/views/default/core/settings/account/default_access.php index e33211460..690f2714a 100644 --- a/views/default/core/settings/account/default_access.php +++ b/views/default/core/settings/account/default_access.php @@ -12,22 +12,14 @@ if (elgg_get_config('allow_user_default_access')) { if (false === ($default_access = $user->getPrivateSetting('elgg_default_access'))) { $default_access = elgg_get_config('default_access'); } -?> -<div class="elgg-module elgg-module-info"> - <div class="elgg-head"> - <h3><?php echo elgg_echo('default_access:settings'); ?></h3> - </div> - <div class="elgg-body"> - <p> - <?php echo elgg_echo('default_access:label'); ?>: - <?php - echo elgg_view('input/access', array('name' => 'default_access', 'value' => $default_access)); + $title = elgg_echo('default_access:settings'); + $content = elgg_echo('default_access:label') . ': '; + $content .= elgg_view('input/access', array( + 'name' => 'default_access', + 'value' => $default_access, + )); - ?> - </p> - </div> -</div> -<?php + echo elgg_view_module('info', $title, $content); } -}
\ No newline at end of file +} diff --git a/views/default/core/settings/account/email.php b/views/default/core/settings/account/email.php index fda83e795..4bcdbb100 100644 --- a/views/default/core/settings/account/email.php +++ b/views/default/core/settings/account/email.php @@ -9,19 +9,11 @@ $user = elgg_get_page_owner_entity(); if ($user) { -?> -<div class="elgg-module elgg-module-info"> - <div class="elgg-head"> - <h3><?php echo elgg_echo('email:settings'); ?></h3> - </div> - <div class="elgg-body"> - <p> - <?php echo elgg_echo('email:address:label'); ?>: - <?php - echo elgg_view('input/email',array('name' => 'email', 'value' => $user->email)); - ?> - </p> - </div> -</div> -<?php -}
\ No newline at end of file + $title = elgg_echo('email:settings'); + $content = elgg_echo('email:address:label') . ': '; + $content .= elgg_view('input/email', array( + 'name' => 'email', + 'value' => $user->email, + )); + echo elgg_view_module('info', $title, $content); +} diff --git a/views/default/core/settings/account/language.php b/views/default/core/settings/account/language.php index 3a992966f..b36057422 100644 --- a/views/default/core/settings/account/language.php +++ b/views/default/core/settings/account/language.php @@ -9,23 +9,12 @@ $user = elgg_get_page_owner_entity(); if ($user) { -?> -<div class="elgg-module elgg-module-info"> - <div class="elgg-head"> - <h3><?php echo elgg_echo('user:set:language'); ?></h3> - </div> - <div class="elgg-body"> - <p> - <?php echo elgg_echo('user:language:label'); ?>: - <?php - echo elgg_view("input/dropdown", array( - 'name' => 'language', - 'value' => $user->language, - 'options_values' => get_installed_translations() - )); - ?> - </p> - </div> -</div> -<?php -}
\ No newline at end of file + $title = elgg_echo('user:set:language'); + $content = elgg_echo('user:language:label') . ': '; + $content .= elgg_view("input/dropdown", array( + 'name' => 'language', + 'value' => $user->language, + 'options_values' => get_installed_translations() + )); + echo elgg_view_module('info', $title, $content); +} diff --git a/views/default/core/settings/account/name.php b/views/default/core/settings/account/name.php index f719a84de..e356146a3 100644 --- a/views/default/core/settings/account/name.php +++ b/views/default/core/settings/account/name.php @@ -7,20 +7,15 @@ */ $user = elgg_get_page_owner_entity(); -?> -<div class="elgg-module elgg-module-info"> - <div class="elgg-head"> - <h3><?php echo elgg_echo('user:name:label'); ?></h3> - </div> - <div class="elgg-body"> - <p> - <?php echo elgg_echo('name'); ?>: - <?php - echo elgg_view('input/text', array('name' => 'name', 'value' => $user->name)); - ?> - </p> - </div> -</div> -<?php -// need the user's guid to make sure the correct user gets updated -echo elgg_view('input/hidden', array('name' => 'guid', 'value' => $user->guid)); +if ($user) { + $title = elgg_echo('user:name:label'); + $content = elgg_echo('name') . ': '; + $content .= elgg_view('input/text', array( + 'name' => 'name', + 'value' => $user->name, + )); + echo elgg_view_module('info', $title, $content); + + // need the user's guid to make sure the correct user gets updated + echo elgg_view('input/hidden', array('name' => 'guid', 'value' => $user->guid)); +} diff --git a/views/default/core/settings/account/notifications.php b/views/default/core/settings/account/notifications.php index 51292b2c9..c212b3886 100644 --- a/views/default/core/settings/account/notifications.php +++ b/views/default/core/settings/account/notifications.php @@ -9,33 +9,20 @@ global $NOTIFICATION_HANDLERS; $notification_settings = get_user_notification_settings(elgg_get_page_owner_guid()); -?> -<div class="elgg-module elgg-module-info"> - <div class="elgg-head"> - <h3><?php echo elgg_echo('notifications:usersettings'); ?></h3> - </div> - <div class="elgg-body"> +$title = elgg_echo('notifications:usersettings'); -<p><?php echo elgg_echo('notifications:methods'); ?> +$rows = ''; -<table> -<?php - // Loop through options - foreach ($NOTIFICATION_HANDLERS as $k => $v) { -?> - <tr> - <td><?php echo elgg_echo("notification:method:$k"); ?>: </td> - - <td> -<?php +// Loop through options +foreach ($NOTIFICATION_HANDLERS as $k => $v) { if ($notification_settings->$k) { $val = "yes"; } else { $val = "no"; } - - echo elgg_view('input/radio', array( + + $radio = elgg_view('input/radio', array( 'name' => "method[$k]", 'value' => $val, 'options' => array( @@ -44,12 +31,14 @@ $notification_settings = get_user_notification_settings(elgg_get_page_owner_guid ), )); -?> - </td> - </tr> -<?php - } -?> -</table> - </div> -</div>
\ No newline at end of file + $cells = '<td class="prm pbl">' . elgg_echo("notification:method:$k") . ': </td>'; + $cells .= "<td>$radio</td>"; + + $rows .= "<tr>$cells</tr>"; +} + + +$content = elgg_echo('notifications:methods'); +$content .= "<table>$rows</table>"; + +echo elgg_view_module('info', $title, $content); diff --git a/views/default/core/settings/account/password.php b/views/default/core/settings/account/password.php index a80f3df6b..4857034b2 100644 --- a/views/default/core/settings/account/password.php +++ b/views/default/core/settings/account/password.php @@ -1,45 +1,33 @@ <?php + /** * Provide a way of setting your password * * @package Elgg * @subpackage Core */ - $user = elgg_get_page_owner_entity(); if ($user) { -?> -<div class="elgg-module elgg-module-info"> - <div class="elgg-head"> - <h3><?php echo elgg_echo('user:set:password'); ?></h3> - </div> - <div class="elgg-body"> - <?php - // only make the admin user enter current password for changing his own password. - if (!elgg_is_admin_logged_in() || elgg_is_admin_logged_in() && $user->guid == elgg_get_logged_in_user_guid()) { - ?> - <p> - <?php echo elgg_echo('user:current_password:label'); ?>: - <?php - echo elgg_view('input/password', array('name' => 'current_password')); - ?> - </p> - <?php } ?> + $title = elgg_echo('user:set:password'); - <p> - <?php echo elgg_echo('user:password:label'); ?>: - <?php - echo elgg_view('input/password', array('name' => 'password')); - ?> - </p> + // only make the admin user enter current password for changing his own password. + $admin = ''; + if (!elgg_is_admin_logged_in() || elgg_is_admin_logged_in() && $user->guid == elgg_get_logged_in_user_guid()) { + $admin .= elgg_echo('user:current_password:label') . ': '; + $admin .= elgg_view('input/password', array('name' => 'current_password')); + $admin = "<p>$admin</p>"; + } - <p> - <?php echo elgg_echo('user:password2:label'); ?>: <?php - echo elgg_view('input/password', array('name' => 'password2')); - ?> - </p> - </div> -</div> -<?php -}
\ No newline at end of file + $password = elgg_echo('user:password:label') . ': '; + $password .= elgg_view('input/password', array('name' => 'password')); + $password = "<p>$password</p>"; + + $password2 = elgg_echo('user:password2:label') . ': '; + $password2 .= elgg_view('input/password', array('name' => 'password2')); + $password2 = "<p>$password2</p>"; + + $content = $admin . $password . $password2; + + echo elgg_view_module('info', $title, $content); +} diff --git a/views/default/core/settings/statistics/numentities.php b/views/default/core/settings/statistics/numentities.php index 245fd67be..ce1705a2e 100644 --- a/views/default/core/settings/statistics/numentities.php +++ b/views/default/core/settings/statistics/numentities.php @@ -10,42 +10,35 @@ $entity_stats = get_entity_statistics(elgg_get_logged_in_user_guid()); if ($entity_stats) { -?> -<div class="elgg-module elgg-module-info"> - <div class="elgg-head"> - <h3><?php echo elgg_echo('usersettings:statistics:label:numentities'); ?></h3> - </div> - <div class="elgg-body"> - <table class="elgg-table-alt"> - <?php - foreach ($entity_stats as $k => $entry) { - foreach ($entry as $a => $b) { + $rows = ''; + foreach ($entity_stats as $k => $entry) { + foreach ($entry as $a => $b) { - //This function controls the alternating class - $even_odd = ( 'odd' != $even_odd ) ? 'odd' : 'even'; + // This function controls the alternating class + $even_odd = ( 'odd' != $even_odd ) ? 'odd' : 'even'; - if ($a == "__base__") { - $a = elgg_echo("item:{$k}"); - if (empty($a)) { - $a = $k; - } - } else { - $a = elgg_echo("item:{$k}:{$a}"); - if (empty($a)) { - $a = "$k $a"; - } - } - echo <<< END - <tr class="{$even_odd}"> - <td class="column-one"><b>{$a}:</b></td> - <td>{$b}</td> - </tr> -END; + if ($a == "__base__") { + $a = elgg_echo("item:{$k}"); + if (empty($a)) { + $a = $k; + } + } else { + $a = elgg_echo("item:{$k}:{$a}"); + if (empty($a)) { + $a = "$k $a"; } } - ?> - </table> - </div> -</div> -<?php -}
\ No newline at end of file + $rows .= <<< END + <tr class="{$even_odd}"> + <td class="column-one"><b>{$a}:</b></td> + <td>{$b}</td> + </tr> +END; + } + } + + $title = elgg_echo('usersettings:statistics:label:numentities'); + $content = "<table class=\"elgg-table-alt\">$rows</table>"; + + echo elgg_view_module('info', $title, $content); +} diff --git a/views/default/core/settings/statistics/online.php b/views/default/core/settings/statistics/online.php index 65db42cb1..ce7ff35fb 100644 --- a/views/default/core/settings/statistics/online.php +++ b/views/default/core/settings/statistics/online.php @@ -1,6 +1,6 @@ <?php /** - * Elgg statistics screen showing online users. + * Statistics about this user. * * @package Elgg * @subpackage Core @@ -15,17 +15,35 @@ if ($log) { $logged_in = $log[0]->time_created; } -?> -<div class="elgg-module elgg-module-info"> - <div class="elgg-head"> - <h3><?php echo elgg_echo('usersettings:statistics:yourdetails'); ?></h3> - </div> - <div class="elgg-body"> - <table class="elgg-table-alt"> - <tr class="odd"><td class="column-one"><?php echo elgg_echo('usersettings:statistics:label:name'); ?></td><td><?php echo $user->name; ?></td></tr> - <tr class="even"><td class="column-one"><?php echo elgg_echo('usersettings:statistics:label:email'); ?></td><td><?php echo $user->email; ?></td></tr> - <tr class="odd"><td class="column-one"><?php echo elgg_echo('usersettings:statistics:label:membersince'); ?></td><td><?php echo date("r",$user->time_created); ?></td></tr> - <tr class="even"><td class="column-one"><?php echo elgg_echo('usersettings:statistics:label:lastlogin'); ?></td><td><?php echo date("r",$logged_in); ?></td></tr> - </table> - </div> -</div>
\ No newline at end of file +$label_name = elgg_echo('usersettings:statistics:label:name'); +$label_email = elgg_echo('usersettings:statistics:label:email'); +$label_member_since = elgg_echo('usersettings:statistics:label:membersince'); +$label_last_login = elgg_echo('usersettings:statistics:label:lastlogin'); + +$time_created = date("r", $user->time_created); +$last_login = date("r", $logged_in); + +$title = elgg_echo('usersettings:statistics:yourdetails'); + +$content = <<<__HTML +<table class="elgg-table-alt"> + <tr class="odd"> + <td class="column-one">$label_name</td> + <td>$user->name</td> + </tr> + <tr class="even"> + <td class="column-one">$label_email</td> + <td>$user->email</td> + </tr> + <tr class="odd"> + <td class="column-one">$label_member_since</td> + <td>$time_created</td> + </tr> + <tr class="even"> + <td class="column-one">$label_last_login</td> + <td>$last_login</td> + </tr> +</table> +__HTML; + +echo elgg_view_module('info', $title, $content); diff --git a/views/default/css/admin.php b/views/default/css/admin.php index e3205ca4e..b996e5636 100644 --- a/views/default/css/admin.php +++ b/views/default/css/admin.php @@ -25,7 +25,6 @@ table, caption, tbody, tfoot, thead, tr, th, td { margin: 0; padding: 0; border: 0; - outline: 0; font-weight: inherit; font-style: inherit; font-size: 100%; @@ -41,9 +40,6 @@ img { border-width: 0; border-color: transparent; } -:focus { - outline: 0 none; -} ol, ul { list-style: none; } @@ -127,14 +123,23 @@ p { } /* Clearfix! */ +.clearfix:after, .elgg-grid:after, -.clearfix:after { +.elgg-layout:after, +.elgg-inner:after, +.elgg-page-header:after, +.elgg-page-footer:after, +.elgg-head:after, +.elgg-foot:after, +.elgg-col:after, +.elgg-image-block:after { content: "."; display: block; height: 0; clear: both; visibility: hidden; } + .elgg-body { width: auto; word-wrap: break-word; @@ -287,14 +292,6 @@ p { .elgg-main h2 { color: #333333; } -<?php // elgg-layout gets clearfix ?> -.elgg-layout:after { - content: "."; - display: block; - height: 0; - clear: both; - visibility: hidden; -} /* *************************************** FOOTER @@ -358,6 +355,8 @@ p { .elgg-table td, .elgg-table th { background: white; border: 1px solid #ccc; + padding: 4px 8px; + vertical-align: middle; } .elgg-table th { background-color: #ddd; @@ -365,10 +364,10 @@ p { .elgg-table .alt td { background: #eee; } -.elgg-table td { - padding: 4px 8px; - border-bottom: 1px solid #ccc; +.elgg-table input[type=checkbox] { + margin-top: 3px; } + .elgg-table-alt { width: 100%; border-top: 1px solid #ccc; @@ -440,7 +439,9 @@ input { -webkit-border-radius: 5px; -moz-border-radius: 5px; border-radius: 5px; + margin: 0; } + /* default elgg core input field classes */ .elgg-input-text, .elgg-input-tags, @@ -470,7 +471,6 @@ textarea { width: auto; padding: 2px 4px; cursor: pointer; - outline: none; } a.elgg-button { padding: 3px 6px; @@ -537,20 +537,20 @@ a.elgg-button { -webkit-border-radius: 5px; } .ui-datepicker-prev, .ui-datepicker-next { - position: absolute; - top: 9px; + position: absolute; + top: 9px; cursor: pointer; } .ui-datepicker-prev { - left: 6px; + left: 6px; } .ui-datepicker-next { - right: 6px; + right: 6px; } .ui-datepicker-title { - line-height: 1.8em; - margin: 0 30px; - text-align: center; + line-height: 1.8em; + margin: 0 30px; + text-align: center; font-weight: bold; } .ui-datepicker-calendar { @@ -558,39 +558,237 @@ a.elgg-button { } .ui-datepicker th { border: none; - font-weight: bold; - padding: 5px 6px; - text-align: center; + font-weight: bold; + padding: 5px 6px; + text-align: center; } .ui-datepicker td { padding: 1px; } .ui-datepicker td span, .ui-datepicker td a { - display: block; - padding: 2px; + display: block; + padding: 2px; line-height: 1.2em; - text-align: right; - text-decoration: none; + text-align: right; + text-decoration: none; } .ui-datepicker-calendar .ui-state-default { border: 1px solid #ccc; - color: #555; + color: #555; background: #fafafa; } .ui-datepicker-calendar .ui-state-hover { border: 1px solid #aaa; - color: #333; + color: #333; background: #ccc; } .ui-datepicker-calendar .ui-state-active, .ui-datepicker-calendar .ui-state-active.ui-state-hover { font-weight: bold; - border: 1px solid #999; - color: #333; + border: 1px solid #999; + color: #333; background: #ddd; } /* *************************************** + AUTOCOMPLETE +*************************************** */ +<?php //autocomplete will expand to fullscreen without max-width ?> +.ui-autocomplete { + position: absolute; + cursor: default; +} +.elgg-autocomplete-item .elgg-body { + max-width: 600px; +} +.ui-autocomplete { + background-color: white; + border: 1px solid #ccc; + overflow: hidden; + + -webkit-border-radius: 5px; + -moz-border-radius: 5px; + border-radius: 5px; +} +.ui-autocomplete .ui-menu-item { + padding: 0px 4px; + + -webkit-border-radius: 5px; + -moz-border-radius: 5px; + border-radius: 5px; +} +.ui-autocomplete .ui-menu-item:hover { + background-color: #eee; +} +.ui-autocomplete a:hover { + text-decoration: none; + color: #4690D6; +} + +/* *************************************** + USER PICKER +*************************************** */ +.elgg-user-picker-list li:first-child { + border-top: 1px dotted #ccc; + margin-top: 5px; +} +.elgg-user-picker-list > li { + border-bottom: 1px dotted #ccc; +} + +/* *************************************** + FRIENDS PICKER +*************************************** */ +.friends-picker-main-wrapper { + margin-bottom: 15px; +} +.friends-picker-container h3 { + font-size:4em !important; + text-align: left; + margin:10px 0 20px !important; + color:#999 !important; + background: none !important; + padding:0 !important; +} +.friends-picker .friends-picker-container .panel ul { + text-align: left; + margin: 0; + padding:0; +} +.friends-picker-wrapper { + margin: 0; + padding:0; + position: relative; + width: 730px; +} +.friends-picker { + position: relative; + overflow: hidden; + margin: 0; + padding:0; + width: 730px; + height: auto; + background-color: #dedede; + + -webkit-border-radius: 8px; + -moz-border-radius: 8px; + border-radius: 8px; +} +.friendspicker-savebuttons { + background: white; + + -webkit-border-radius: 8px; + -moz-border-radius: 8px; + border-radius: 8px; + + margin:0 10px 10px; +} +.friends-picker .friends-picker-container { /* long container used to house end-to-end panels. Width is calculated in JS */ + position: relative; + left: 0; + top: 0; + width: 100%; + list-style-type: none; +} +.friends-picker .friends-picker-container .panel { + float:left; + height: 100%; + position: relative; + width: 730px; + margin: 0; + padding:0; +} +.friends-picker .friends-picker-container .panel .wrapper { + margin: 0; + padding:4px 10px 10px 10px; + min-height: 230px; +} +.friends-picker-navigation { + margin: 0 0 10px; + padding:0 0 10px; + border-bottom:1px solid #ccc; +} +.friends-picker-navigation ul { + list-style: none; + padding-left: 0; +} +.friends-picker-navigation ul li { + float: left; + margin:0; + background:white; +} +.friends-picker-navigation a { + font-weight: bold; + text-align: center; + background: white; + color: #999; + text-decoration: none; + display: block; + padding: 0; + width:20px; + + -webkit-border-radius: 4px; + -moz-border-radius: 4px; + border-radius: 4px; +} +.tabHasContent { + background: white; + color:#333 !important; +} +.friends-picker-navigation li a:hover { + background: #333; + color:white !important; +} +.friends-picker-navigation li a.current { + background: #4690D6; + color:white !important; +} +.friends-picker-navigation-l, .friends-picker-navigation-r { + position: absolute; + top: 46px; + text-indent: -9000em; +} +.friends-picker-navigation-l a, .friends-picker-navigation-r a { + display: block; + height: 40px; + width: 40px; +} +.friends-picker-navigation-l { + right: 48px; + z-index:1; +} +.friends-picker-navigation-r { + right: 0; + z-index:1; +} +.friends-picker-navigation-l { + background: url("<?php echo elgg_get_site_url(); ?>_graphics/friendspicker.png") no-repeat left top; +} +.friends-picker-navigation-r { + background: url("<?php echo elgg_get_site_url(); ?>_graphics/friendspicker.png") no-repeat -60px top; +} +.friends-picker-navigation-l:hover { + background: url("<?php echo elgg_get_site_url(); ?>_graphics/friendspicker.png") no-repeat left -44px; +} +.friends-picker-navigation-r:hover { + background: url("<?php echo elgg_get_site_url(); ?>_graphics/friendspicker.png") no-repeat -60px -44px; +} +.friendspicker-savebuttons .elgg-button-submit, +.friendspicker-savebuttons .elgg-button-cancel { + margin:5px 20px 5px 5px; +} +.friendspicker-members-table { + background: #dedede; + + -webkit-border-radius: 8px; + -moz-border-radius: 8px; + border-radius: 8px; + + margin:10px 0 0; + padding:10px 10px 0; +} + +/* *************************************** PAGINATION *************************************** */ .elgg-pagination { @@ -1262,12 +1460,13 @@ a.elgg-widget-collapsed:before { padding: 5px 10px; margin: 4px 0; } -ul.elgg-plugin-categories, ul.elgg-plugin-categories > li { +ul.elgg-plugin-categories, ul.elgg-plugin-categories > li, +ul.elgg-plugin-resources, ul.elgg-plugin-resources > li { display: inline; } .elgg-plugin-category-bundled { border-width: 2px; - border-color: #DAA520; + border-color: #0054A7; } /**************************************** @@ -1312,6 +1511,12 @@ ul.elgg-plugin-categories, ul.elgg-plugin-categories > li { margin-bottom: 5px; } +.elgg-text-help { + display: block; + font-size: 85%; + font-style: italic; +} + .elgg-longtext-control { margin-left: 14px; font-size: 80%; diff --git a/views/default/css/elements/forms.php b/views/default/css/elements/forms.php index 81db81747..2fc156447 100644 --- a/views/default/css/elements/forms.php +++ b/views/default/css/elements/forms.php @@ -104,7 +104,7 @@ input[type="radio"] { margin: 0; padding:0; position: relative; - width: 100%; + width: 730px; } .friends-picker { position: relative; @@ -315,20 +315,20 @@ input[type="radio"] { color: white; } .ui-datepicker-prev, .ui-datepicker-next { - position: absolute; - top: 5px; + position: absolute; + top: 5px; cursor: pointer; } .ui-datepicker-prev { - left: 6px; + left: 6px; } .ui-datepicker-next { - right: 6px; + right: 6px; } .ui-datepicker-title { - line-height: 1.8em; - margin: 0 30px; - text-align: center; + line-height: 1.8em; + margin: 0 30px; + text-align: center; font-weight: bold; } .ui-datepicker-calendar { @@ -337,34 +337,34 @@ input[type="radio"] { .ui-datepicker th { color: #0054A7; border: none; - font-weight: bold; - padding: 5px 6px; - text-align: center; + font-weight: bold; + padding: 5px 6px; + text-align: center; } .ui-datepicker td { padding: 1px; } .ui-datepicker td span, .ui-datepicker td a { - display: block; - padding: 2px; + display: block; + padding: 2px; line-height: 1.2em; - text-align: right; - text-decoration: none; + text-align: right; + text-decoration: none; } .ui-datepicker-calendar .ui-state-default { border: 1px solid #ccc; - color: #4690D6;; + color: #4690D6;; background: #fafafa; } .ui-datepicker-calendar .ui-state-hover { border: 1px solid #aaa; - color: #0054A7; + color: #0054A7; background: #eee; } .ui-datepicker-calendar .ui-state-active, .ui-datepicker-calendar .ui-state-active.ui-state-hover { font-weight: bold; - border: 1px solid #0054A7; - color: #0054A7; + border: 1px solid #0054A7; + color: #0054A7; background: #E4ECF5; } diff --git a/views/default/css/elements/icons.php b/views/default/css/elements/icons.php index f7c789e33..9b12e0a57 100644 --- a/views/default/css/elements/icons.php +++ b/views/default/css/elements/icons.php @@ -288,8 +288,8 @@ .elgg-ajax-loader { background: white url(<?php echo elgg_get_site_url(); ?>_graphics/ajax_loader_bw.gif) no-repeat center center; - min-height: 33px; - min-width: 33px; + min-height: 31px; + min-width: 31px; } /* *************************************** diff --git a/views/default/forms/admin/site/update_advanced.php b/views/default/forms/admin/site/update_advanced.php index b935090f0..14b74e4f9 100644 --- a/views/default/forms/admin/site/update_advanced.php +++ b/views/default/forms/admin/site/update_advanced.php @@ -30,21 +30,21 @@ $form_body .= elgg_view('input/access', array( )) . "</div>"; $form_body .= "<div>" . elgg_echo('installation:allow_user_default_access:description') . "<br />"; $form_body .= elgg_view("input/checkboxes", array( - 'options' => array(elgg_echo('installation:allow_user_default_access:label') => elgg_echo('installation:allow_user_default_access:label')), + 'options' => array(elgg_echo('installation:allow_user_default_access:label') => 1), 'name' => 'allow_user_default_access', - 'value' => (elgg_get_config('allow_user_default_access') ? elgg_echo('installation:allow_user_default_access:label') : ""), + 'value' => (elgg_get_config('allow_user_default_access') ? 1 : 0), )) . "</div>"; $form_body .= "<div>" . elgg_echo('installation:simplecache:description') . "<br />"; $form_body .= elgg_view("input/checkboxes", array( - 'options' => array(elgg_echo('installation:simplecache:label') => elgg_echo('installation:simplecache:label')), + 'options' => array(elgg_echo('installation:simplecache:label') => 1), 'name' => 'simplecache_enabled', - 'value' => (elgg_get_config('simplecache_enabled') ? elgg_echo('installation:simplecache:label') : ""), + 'value' => (elgg_get_config('simplecache_enabled') ? 1 : 0), )) . "</div>"; $form_body .= "<div>" . elgg_echo('installation:systemcache:description') . "<br />"; $form_body .= elgg_view("input/checkboxes", array( - 'options' => array(elgg_echo('installation:systemcache:label') => elgg_echo('installation:systemcache:label')), + 'options' => array(elgg_echo('installation:systemcache:label') => 1), 'name' => 'system_cache_enabled', - 'value' => (elgg_get_config('system_cache_enabled') ? elgg_echo('installation:systemcache:label') : ""), + 'value' => (elgg_get_config('system_cache_enabled') ? 1 : 0), )) . "</div>"; $debug_options = array('0' => elgg_echo('installation:debug:none'), 'ERROR' => elgg_echo('installation:debug:error'), 'WARNING' => elgg_echo('installation:debug:warning'), 'NOTICE' => elgg_echo('installation:debug:notice')); @@ -58,9 +58,9 @@ $form_body .= '</div>'; // control new user registration $options = array( - 'options' => array(elgg_echo('installation:registration:label') => elgg_echo('installation:registration:label')), + 'options' => array(elgg_echo('installation:registration:label') => 1), 'name' => 'allow_registration', - 'value' => elgg_get_config('allow_registration') ? elgg_echo('installation:registration:label') : '', + 'value' => elgg_get_config('allow_registration') ? 1 : 0, ); $form_body .= '<div>' . elgg_echo('installation:registration:description'); $form_body .= '<br />' .elgg_view('input/checkboxes', $options) . '</div>'; @@ -68,28 +68,25 @@ $form_body .= '<br />' .elgg_view('input/checkboxes', $options) . '</div>'; // control walled garden $walled_garden = elgg_get_config(walled_garden); $options = array( - 'options' => array(elgg_echo('installation:walled_garden:label') => elgg_echo('installation:walled_garden:label')), + 'options' => array(elgg_echo('installation:walled_garden:label') => 1), 'name' => 'walled_garden', - 'value' => $walled_garden ? elgg_echo('installation:walled_garden:label') : '', + 'value' => $walled_garden ? 1 : 0, ); $form_body .= '<div>' . elgg_echo('installation:walled_garden:description'); $form_body .= '<br />' . elgg_view('input/checkboxes', $options) . '</div>'; $form_body .= "<div>" . elgg_echo('installation:httpslogin') . "<br />"; $form_body .= elgg_view("input/checkboxes", array( - 'options' => array(elgg_echo('installation:httpslogin:label') => elgg_echo('installation:httpslogin:label')), + 'options' => array(elgg_echo('installation:httpslogin:label') => 1), 'name' => 'https_login', - 'value' => (elgg_get_config('https_login') ? elgg_echo('installation:httpslogin:label') : "") + 'value' => (elgg_get_config('https_login') ? 1 : 0) )) . "</div>"; $form_body .= "<div>" . elgg_echo('installation:disableapi') . "<br />"; -$on = elgg_echo('installation:disableapi:label'); $disable_api = elgg_get_config('disable_api'); -if ($disable_api) { - $on = (disable_api ? "" : elgg_echo('installation:disableapi:label')); -} +$on = $disable_api ? 0 : 1; $form_body .= elgg_view("input/checkboxes", array( - 'options' => array(elgg_echo('installation:disableapi:label') => elgg_echo('installation:disableapi:label')), + 'options' => array(elgg_echo('installation:disableapi:label') => 1), 'name' => 'api', 'value' => $on, )); diff --git a/views/default/input/friendspicker.php b/views/default/input/friendspicker.php index b41449fbf..40708c890 100644 --- a/views/default/input/friendspicker.php +++ b/views/default/input/friendspicker.php @@ -9,6 +9,10 @@ * @subpackage Core * * @uses $vars['entities'] The array of ElggUser objects + * @uses $vars['name'] + * @uses $vars['value'] + * @uses $vars['highlight'] + * @uses $vars['callback'] */ elgg_load_js('elgg.friendspicker'); @@ -74,13 +78,9 @@ if (isset($vars['formtarget'])) { // Sort users by letter if (is_array($vars['entities']) && sizeof($vars['entities'])) { foreach($vars['entities'] as $user) { - if (is_callable('mb_substr')) { - $letter = strtoupper(mb_substr($user->name,0,1)); - } else { - $letter = strtoupper(substr($user->name,0,1)); - } + $letter = elgg_strtoupper(elgg_substr($user->name, 0, 1)); - if (!substr_count($chararray,$letter)) { + if (!elgg_substr_count($chararray, $letter)) { $letter = "*"; } if (!isset($users[$letter])) { @@ -162,11 +162,7 @@ if (!isset($vars['replacement'])) { // Initialise letters $chararray .= "*"; - if (is_callable('mb_substr')) { - $letter = mb_substr($chararray,0,1); - } else { - $letter = substr($chararray,0,1); - } + $letter = elgg_substr($chararray, 0, 1); $letpos = 0; while (1 == 1) { ?> @@ -190,9 +186,7 @@ if (!isset($vars['replacement'])) { $label = elgg_view_entity_icon($friend, 'tiny', array('use_hover' => false)); $options[$label] = $friend->getGUID(); - if ($vars['highlight'] == 'all' - && !in_array($letter,$activeletters)) { - + if ($vars['highlight'] == 'all' && !in_array($letter,$activeletters)) { $activeletters[] = $letter; } @@ -243,23 +237,14 @@ if (!isset($vars['replacement'])) { </div> </div> <?php - //if ($letter == 'Z') break; - if (is_callable('mb_substr')) { - $substr = mb_substr($chararray,strlen($chararray) - 1,1); - } else { - $substr = substr($chararray,strlen($chararray) - 1,1); - } + $substr = elgg_substr($chararray, elgg_strlen($chararray) - 1, 1); if ($letter == $substr) { break; } //$letter++; $letpos++; - if (is_callable('mb_substr')) { - $letter = mb_substr($chararray,$letpos,1); - } else { - $letter = substr($chararray,$letpos,1); - } + $letter = elgg_substr($chararray, $letpos, 1); } ?> @@ -319,7 +304,7 @@ $(document).ready(function () { if (sizeof($activeletters) > 0) //$chararray = elgg_echo('friendspicker:chararray'); foreach($activeletters as $letter) { - $tab = strpos($chararray, $letter) + 1; + $tab = elgg_strpos($chararray, $letter) + 1; ?> $("div#friends-picker-navigation<?php echo $friendspicker; ?> li.tab<?php echo $tab; ?> a").addClass("tabHasContent"); <?php diff --git a/views/default/input/longtext.php b/views/default/input/longtext.php index 2b1462635..61dc7ca19 100644 --- a/views/default/input/longtext.php +++ b/views/default/input/longtext.php @@ -19,6 +19,8 @@ if (isset($vars['class'])) { $defaults = array( 'value' => '', + 'rows' => '10', + 'cols' => '50', 'id' => 'elgg-input-' . rand(), //@todo make this more robust ); diff --git a/views/default/input/plaintext.php b/views/default/input/plaintext.php index cd0aaafcf..e92c61ced 100644 --- a/views/default/input/plaintext.php +++ b/views/default/input/plaintext.php @@ -20,6 +20,8 @@ if (isset($vars['class'])) { $defaults = array( 'value' => '', + 'rows' => '10', + 'cols' => '50', 'disabled' => false, ); diff --git a/views/default/input/text.php b/views/default/input/text.php index 707a50179..07ce5c710 100644 --- a/views/default/input/text.php +++ b/views/default/input/text.php @@ -23,5 +23,4 @@ $defaults = array( $vars = array_merge($defaults, $vars); ?> - <input type="text" <?php echo elgg_format_attributes($vars); ?> />
\ No newline at end of file diff --git a/views/default/js/elgg.php b/views/default/js/elgg.php index 133e128a4..6460e93d6 100644 --- a/views/default/js/elgg.php +++ b/views/default/js/elgg.php @@ -57,6 +57,7 @@ elgg.release = '<?php echo get_version(true); ?>'; elgg.config.wwwroot = '<?php echo elgg_get_site_url(); ?>'; elgg.security.interval = 5 * 60 * 1000; <?php //@todo make this configurable ?> elgg.config.domReady = false; +elgg.config.language = '<?php echo isset($CONFIG->language) ? $CONFIG->language : 'en'; ?>'; elgg.config.languageReady = false; //After the DOM is ready diff --git a/views/default/js/languages.php b/views/default/js/languages.php index 009e8159c..c51d7bcb2 100644 --- a/views/default/js/languages.php +++ b/views/default/js/languages.php @@ -6,4 +6,10 @@ global $CONFIG; $language = $vars['language']; -echo json_encode($CONFIG->translations[$language]);
\ No newline at end of file +$translations = $CONFIG->translations['en']; + +if ($language != 'en') { + $translations = array_merge($translations, $CONFIG->translations[$language]); +} + +echo json_encode($translations);
\ No newline at end of file diff --git a/views/default/navigation/menu/elements/item.php b/views/default/navigation/menu/elements/item.php index 22383ce0b..fd9738826 100644 --- a/views/default/navigation/menu/elements/item.php +++ b/views/default/navigation/menu/elements/item.php @@ -13,7 +13,8 @@ $item = $vars['item']; $link_class = 'elgg-menu-closed'; if ($item->getSelected()) { - $item->setItemClass('elgg-state-selected'); + // @todo switch to addItemClass when that is implemented + //$item->setItemClass('elgg-state-selected'); $link_class = 'elgg-menu-opened'; } @@ -24,6 +25,9 @@ if ($children) { } $item_class = $item->getItemClass(); +if ($item->getSelected()) { + $item_class = "$item_class elgg-state-selected"; +} if (isset($vars['item_class']) && $vars['item_class']) { $item_class .= ' ' . $vars['item_class']; } diff --git a/views/default/navigation/pagination.php b/views/default/navigation/pagination.php index e0d355327..04044c51c 100644 --- a/views/default/navigation/pagination.php +++ b/views/default/navigation/pagination.php @@ -113,7 +113,12 @@ foreach ($pages->items as $page) { } else { $page_offset = (($page - 1) * $limit); $url = elgg_http_add_url_query_elements($base_url, array($offset_key => $page_offset)); - echo "<li><a href=\"$url\">$page</a></li>"; + $link = elgg_view('output/url', array( + 'href' => $url, + 'text' => $page, + 'is_trusted' => true, + )); + echo "<li>$link</li>"; } } diff --git a/views/default/object/elements/summary.php b/views/default/object/elements/summary.php index 22db03f51..c0f3ad340 100644 --- a/views/default/object/elements/summary.php +++ b/views/default/object/elements/summary.php @@ -13,7 +13,7 @@ * @uses $vars['title'] Title link (optional) false = no title, '' = default * @uses $vars['metadata'] HTML for entity menu and metadata (optional) * @uses $vars['subtitle'] HTML for the subtitle (optional) - * @uses $vars['tags'] HTML for the tags (optional) + * @uses $vars['tags'] HTML for the tags (default is tags on entity, pass false for no tags) * @uses $vars['content'] HTML for the entity content (optional) */ @@ -39,7 +39,7 @@ $subtitle = elgg_extract('subtitle', $vars, ''); $content = elgg_extract('content', $vars, ''); $tags = elgg_extract('tags', $vars, ''); -if ($tags !== false) { +if ($tags === '') { $tags = elgg_view('output/tags', array('tags' => $entity->tags)); } diff --git a/views/default/object/plugin/full.php b/views/default/object/plugin/full.php index db0a52416..2de65b555 100644 --- a/views/default/object/plugin/full.php +++ b/views/default/object/plugin/full.php @@ -172,6 +172,26 @@ $website = elgg_view('output/url', array( 'is_trusted' => true, )); +$resources = array( + 'repository' => $plugin->getManifest()->getRepositoryURL(), + 'bugtracker' => $plugin->getManifest()->getBugTrackerURL(), + 'donate' => $plugin->getManifest()->getDonationsPageURL(), +); + +$resources_html = "<ul class=\"elgg-plugin-resources\">"; +foreach ($resources as $id => $href) { + if ($href) { + $resources_html .= "<li class=\"prm\">"; + $resources_html .= elgg_view('output/url', array( + 'href' => $href, + 'text' => elgg_echo("admin:plugins:label:$id"), + 'is_trusted' => true, + )); + $resources_html .= "</li>"; + } +} +$resources_html .= "</ul>"; + $copyright = elgg_view('output/text', array('value' => $plugin->getManifest()->getCopyright())); $license = elgg_view('output/text', array('value' => $plugin->getManifest()->getLicense())); @@ -242,7 +262,11 @@ if (elgg_view_exists($settings_view_old) || elgg_view_exists($settings_view_new) <div><?php echo $description; ?></div> <p><?php echo $author . ' - ' . $website; ?></p> - <?php echo $docs; ?> + + <?php + echo $resources_html; + echo $docs; + ?> <div class="pts"> <?php @@ -281,4 +305,4 @@ if (elgg_view_exists($settings_view_old) || elgg_view_exists($settings_view_new) ?> </div> </div> -</div>
\ No newline at end of file +</div> diff --git a/views/default/object/plugin/invalid.php b/views/default/object/plugin/invalid.php index f24e1836c..828bceaba 100644 --- a/views/default/object/plugin/invalid.php +++ b/views/default/object/plugin/invalid.php @@ -14,8 +14,7 @@ $plugin = $vars['entity']; $id = $plugin->getID(); $path = htmlspecialchars($plugin->getPath()); -$message = elgg_echo('admin:plugins:warning:invalid', array($id)); -$error = $plugin->getError(); +$message = elgg_echo('admin:plugins:warning:invalid', array($plugin->getError())); $css_id = preg_replace('/[^a-z0-9-]/i', '-', $plugin->getID()); ?> @@ -23,7 +22,8 @@ $css_id = preg_replace('/[^a-z0-9-]/i', '-', $plugin->getID()); <div class="elgg-state-draggable elgg-plugin elgg-state-inactive elgg-state-error" id="elgg-plugin-<?php echo $plugin->guid; ?>"> <div class="elgg-head"><h3><?php echo $id; ?></h3></div> <div class="elgg-body"> - <p><?php echo $message; ?></p> + <p class="elgg-state-error"><?php echo $message; ?></p> + <p><?php echo elgg_echo('admin:plugins:warning:invalid:check_docs'); ?></p> <div class="pts"> <?php @@ -37,7 +37,6 @@ $css_id = preg_replace('/[^a-z0-9-]/i', '-', $plugin->getID()); <div class="hidden elgg-plugin-more" id="elgg-plugin-manifest-<?php echo $css_id; ?>"> <p><?php echo elgg_echo('admin:plugins:label:location') . ": " . $path; ?></p> - <p><?php echo $error; ?></p> </div> </div> </div>
\ No newline at end of file diff --git a/views/default/object/widget/elements/controls.php b/views/default/object/widget/elements/controls.php index d1d630c4f..57a935f62 100644 --- a/views/default/object/widget/elements/controls.php +++ b/views/default/object/widget/elements/controls.php @@ -8,9 +8,7 @@ echo elgg_view_menu('widget', array( 'entity' => elgg_extract('widget', $vars), - 'params' => array( - 'show_edit' => elgg_extract('show_edit', $vars, true) - ), + 'show_edit' => elgg_extract('show_edit', $vars, true), 'sort_by' => 'priority', 'class' => 'elgg-menu-hz', )); diff --git a/views/default/object/widget/elements/settings.php b/views/default/object/widget/elements/settings.php index 5afe56ed8..25cda58c9 100644 --- a/views/default/object/widget/elements/settings.php +++ b/views/default/object/widget/elements/settings.php @@ -6,8 +6,20 @@ */ $widget = elgg_extract('widget', $vars); + +// not using elgg_view_form() so that we can detect if the form is empty +$form_body = elgg_view('forms/widgets/save', $vars); +if (!$form_body) { + return true; +} + +$form = elgg_view('input/form', array( + 'action' => 'action/widgets/save', + 'body' => $form_body, + 'class' => 'elgg-form-widgets-save', +)); ?> <div class="elgg-widget-edit" id="widget-edit-<?php echo $widget->guid; ?>"> - <?php echo elgg_view_form('widgets/save', array(), $vars); ?> + <?php echo $form; ?> </div> diff --git a/views/default/output/location.php b/views/default/output/location.php index e3619d2e1..e1009f17d 100644 --- a/views/default/output/location.php +++ b/views/default/output/location.php @@ -11,4 +11,9 @@ if (isset($vars['entity'])) { unset($vars['entity']); } +// Fixes #4566 we used to allow arrays of strings for location +if (is_array($vars['value'])) { + $vars['value'] = implode(', ', $vars['value']); +} + echo elgg_view('output/tag', $vars); diff --git a/views/default/page/components/list.php b/views/default/page/components/list.php index 28c907ab6..0cf7d507c 100644 --- a/views/default/page/components/list.php +++ b/views/default/page/components/list.php @@ -6,7 +6,7 @@ * * @uses $vars['items'] Array of ElggEntity or ElggAnnotation objects * @uses $vars['offset'] Index of the first list item in complete list - * @uses $vars['limit'] Number of items per page + * @uses $vars['limit'] Number of items per page. Only used as input to pagination. * @uses $vars['count'] Number of items in the complete list * @uses $vars['base_url'] Base URL of list (optional) * @uses $vars['pagination'] Show pagination? (default: true) diff --git a/views/default/page/default.php b/views/default/page/default.php index 892069fad..3724bffd8 100644 --- a/views/default/page/default.php +++ b/views/default/page/default.php @@ -14,7 +14,9 @@ // backward compatability support for plugins that are not using the new approach // of routing through admin. See reportedcontent plugin for a simple example. if (elgg_get_context() == 'admin') { - elgg_deprecated_notice("admin plugins should route through 'admin'.", 1.8); + if (get_input('handler') != 'admin') { + elgg_deprecated_notice("admin plugins should route through 'admin'.", 1.8); + } elgg_admin_add_plugin_settings_menu(); elgg_unregister_css('elgg'); echo elgg_view('page/admin', $vars); diff --git a/views/default/page/elements/comments.php b/views/default/page/elements/comments.php index cf9b5f08b..97cb9574e 100644 --- a/views/default/page/elements/comments.php +++ b/views/default/page/elements/comments.php @@ -36,8 +36,7 @@ if ($html) { } if ($show_add_form) { - $form_vars = array('name' => 'elgg_add_comment'); - echo elgg_view_form('comments/add', $form_vars, $vars); + echo elgg_view_form('comments/add', array(), $vars); } echo '</div>'; diff --git a/views/default/page/elements/head.php b/views/default/page/elements/head.php index e968e95ce..1eb2be088 100644 --- a/views/default/page/elements/head.php +++ b/views/default/page/elements/head.php @@ -66,7 +66,9 @@ $release = get_version(true); <?php } ?> <script type="text/javascript"> +// <![CDATA[ <?php echo elgg_view('js/initialize_elgg'); ?> +// ]]> </script> <?php @@ -76,4 +78,4 @@ $metatags = elgg_view('metatags', $vars); if ($metatags) { elgg_deprecated_notice("The metatags view has been deprecated. Extend page/elements/head instead", 1.8); echo $metatags; -}
\ No newline at end of file +} diff --git a/views/default/page/layouts/widgets.php b/views/default/page/layouts/widgets.php index e3819cc20..c6b162516 100644 --- a/views/default/page/layouts/widgets.php +++ b/views/default/page/layouts/widgets.php @@ -31,6 +31,7 @@ if (elgg_can_edit_widget_layout($context)) { 'widgets' => $widgets, 'context' => $context, 'exact_match' => $exact_match, + 'show_access' => $show_access, ); echo elgg_view('page/layouts/widgets/add_panel', $params); } diff --git a/views/default/page/layouts/widgets/add_panel.php b/views/default/page/layouts/widgets/add_panel.php index 9eb78cdb6..d9b11342a 100644 --- a/views/default/page/layouts/widgets/add_panel.php +++ b/views/default/page/layouts/widgets/add_panel.php @@ -50,10 +50,13 @@ foreach ($widgets as $column_widgets) { ?> </ul> <?php - $params = array( + echo elgg_view('input/hidden', array( 'name' => 'widget_context', 'value' => $context - ); - echo elgg_view('input/hidden', $params); + )); + echo elgg_view('input/hidden', array( + 'name' => 'show_access', + 'value' => (int)$vars['show_access'] + )); ?> </div> diff --git a/views/default/river/elements/summary.php b/views/default/river/elements/summary.php index 4402c6f65..416bc708b 100644 --- a/views/default/river/elements/summary.php +++ b/views/default/river/elements/summary.php @@ -41,12 +41,12 @@ if ($container instanceof ElggGroup) { } // check summary translation keys. -// will use the $type:$subtype if that's defined, otherwise just uses $type +// will use the $type:$subtype if that's defined, otherwise just uses $type:default $key = "river:$action:$type:$subtype"; $summary = elgg_echo($key, array($subject_link, $object_link)); if ($summary == $key) { - $key = "river:$action:$type"; + $key = "river:$action:$type:default"; $summary = elgg_echo($key, array($subject_link, $object_link)); } diff --git a/views/default/widgets/new_users/content.php b/views/default/widgets/new_users/content.php index 207a67a9d..ba85e7421 100644 --- a/views/default/widgets/new_users/content.php +++ b/views/default/widgets/new_users/content.php @@ -6,5 +6,6 @@ echo elgg_list_entities(array( 'type' => 'user', 'subtype'=> null, - 'full_view' => FALSE + 'full_view' => false, + 'pagination' => false, ));
\ No newline at end of file diff --git a/views/default/widgets/online_users/content.php b/views/default/widgets/online_users/content.php index d81ff3705..6e0cc7abb 100644 --- a/views/default/widgets/online_users/content.php +++ b/views/default/widgets/online_users/content.php @@ -3,4 +3,13 @@ * Online users widget */ -echo $users_online = get_online_users();
\ No newline at end of file +$count = find_active_users(600, 10, 0, true); +$objects = find_active_users(600, 10); + +if ($objects) { + echo elgg_view_entity_list($objects, array( + 'count' => $count, + 'limit' => 10, + 'pagination' => false, + )); +} diff --git a/views/installation/forms/install/template.php b/views/installation/forms/install/template.php index 385168fe4..a01914f12 100644 --- a/views/installation/forms/install/template.php +++ b/views/installation/forms/install/template.php @@ -23,7 +23,7 @@ foreach ($variables as $field => $params) { } $submit_params = array( - 'value' => elgg_echo('next'), + 'value' => elgg_echo('install:next'), ); $form_body .= elgg_view('input/submit', $submit_params); diff --git a/views/json/export/entity.php b/views/json/export/entity.php index 52cd9d244..36af5eaef 100644 --- a/views/json/export/entity.php +++ b/views/json/export/entity.php @@ -19,4 +19,7 @@ foreach ($exportable_values as $v) { $export->url = $entity->getURL(); global $jsonexport; -$jsonexport[$entity->getType()][$entity->getSubtype()][] = $export;
\ No newline at end of file +$jsonexport[$entity->getType()][$entity->getSubtype()][] = $export; + +// @todo hack to fix #4504 +echo "Fix for bug #4504"; diff --git a/views/json/group/default.php b/views/json/group/default.php index 0b168fdb2..dd190d402 100644 --- a/views/json/group/default.php +++ b/views/json/group/default.php @@ -6,4 +6,4 @@ * @subpackage Core */ -elgg_view('export/entity', $vars);
\ No newline at end of file +echo elgg_view('export/entity', $vars); diff --git a/views/json/object/default.php b/views/json/object/default.php index d2e807621..8b88b3010 100644 --- a/views/json/object/default.php +++ b/views/json/object/default.php @@ -6,4 +6,4 @@ * @subpackage Core */ -elgg_view('export/entity', $vars);
\ No newline at end of file +echo elgg_view('export/entity', $vars); diff --git a/views/json/site/default.php b/views/json/site/default.php index 7efd46939..ee4eda489 100644 --- a/views/json/site/default.php +++ b/views/json/site/default.php @@ -6,4 +6,4 @@ * @subpackage Core */ -elgg_view('export/entity', $vars);
\ No newline at end of file +echo elgg_view('export/entity', $vars); diff --git a/views/json/user/default.php b/views/json/user/default.php index e23472252..4d44692c9 100644 --- a/views/json/user/default.php +++ b/views/json/user/default.php @@ -6,4 +6,4 @@ * @subpackage Core */ -elgg_view('export/entity', $vars);
\ No newline at end of file +echo elgg_view('export/entity', $vars); |
