diff options
-rw-r--r-- | actions/admin/site/update_basic.php | 2 | ||||
-rw-r--r-- | actions/friends/collections/add.php | 2 | ||||
-rw-r--r-- | engine/lib/cache.php | 1 | ||||
-rw-r--r-- | engine/lib/elgglib.php | 9 | ||||
-rw-r--r-- | install/ElggInstaller.php | 2 | ||||
-rw-r--r-- | mod/search/search_hooks.php | 19 | ||||
-rw-r--r-- | views/default/output/access.php | 2 |
7 files changed, 28 insertions, 9 deletions
diff --git a/actions/admin/site/update_basic.php b/actions/admin/site/update_basic.php index 97d258b65..9765182cc 100644 --- a/actions/admin/site/update_basic.php +++ b/actions/admin/site/update_basic.php @@ -16,7 +16,7 @@ if ($site = elgg_get_site_entity()) { } $site->description = get_input('sitedescription'); - $site->name = get_input('sitename'); + $site->name = strip_tags(get_input('sitename')); $site->email = get_input('siteemail'); $site->save(); diff --git a/actions/friends/collections/add.php b/actions/friends/collections/add.php index 9dc17b37e..e63a149f7 100644 --- a/actions/friends/collections/add.php +++ b/actions/friends/collections/add.php @@ -6,7 +6,7 @@ * @subpackage Friends.Collections */ -$collection_name = get_input('collection_name'); +$collection_name = htmlspecialchars(get_input('collection_name', '', false), ENT_QUOTES, 'UTF-8'); $friends = get_input('friends_collection'); if (!$collection_name) { diff --git a/engine/lib/cache.php b/engine/lib/cache.php index 59359124e..3116c1a9b 100644 --- a/engine/lib/cache.php +++ b/engine/lib/cache.php @@ -208,6 +208,7 @@ function elgg_get_simplecache_url($type, $view) { global $CONFIG; $lastcache = (int)$CONFIG->lastcache; $viewtype = elgg_get_viewtype(); + elgg_register_simplecache_view("$type/$view");// see #5302 if (elgg_is_simplecache_enabled()) { $url = elgg_get_site_url() . "cache/$type/$viewtype/$view.$lastcache.$type"; } else { diff --git a/engine/lib/elgglib.php b/engine/lib/elgglib.php index a49b620ac..fb652a141 100644 --- a/engine/lib/elgglib.php +++ b/engine/lib/elgglib.php @@ -93,10 +93,17 @@ function elgg_register_library($name, $location) { * @return void * @throws InvalidParameterException * @since 1.8.0 + * @todo return boolean in 1.9 to indicate whether the library has been loaded */ function elgg_load_library($name) { global $CONFIG; + static $loaded_libraries = array(); + + if (in_array($name, $loaded_libraries)) { + return; + } + if (!isset($CONFIG->libraries)) { $CONFIG->libraries = array(); } @@ -113,6 +120,8 @@ function elgg_load_library($name) { ); throw new InvalidParameterException($error); } + + $loaded_libraries[] = $name; } /** diff --git a/install/ElggInstaller.php b/install/ElggInstaller.php index 93716f7cd..78cdde90f 100644 --- a/install/ElggInstaller.php +++ b/install/ElggInstaller.php @@ -1414,7 +1414,7 @@ class ElggInstaller { $submissionVars['wwwroot'] = sanitise_filepath($submissionVars['wwwroot']); $site = new ElggSite(); - $site->name = $submissionVars['sitename']; + $site->name = strip_tags($submissionVars['sitename']); $site->url = $submissionVars['wwwroot']; $site->access_id = ACCESS_PUBLIC; $site->email = $submissionVars['siteemail']; diff --git a/mod/search/search_hooks.php b/mod/search/search_hooks.php index 47351fb8a..92c6d700a 100644 --- a/mod/search/search_hooks.php +++ b/mod/search/search_hooks.php @@ -178,11 +178,20 @@ function search_users_hook($hook, $type, $value, $params) { $entity->setVolatileData('search_matched_title', $title); $matched = ''; - foreach ($profile_fields as $md) { - $text = $entity->$md; - if (stristr($text, $query)) { - $matched .= elgg_echo("profile:{$md}") . ': ' - . search_get_highlighted_relevant_substrings($text, $query); + foreach ($profile_fields as $md_name) { + $metadata = $entity->$md_name; + if (is_array($metadata)) { + foreach ($metadata as $text) { + if (stristr($text, $query)) { + $matched .= elgg_echo("profile:{$md_name}") . ': ' + . search_get_highlighted_relevant_substrings($text, $query); + } + } + } else { + if (stristr($metadata, $query)) { + $matched .= elgg_echo("profile:{$md_name}") . ': ' + . search_get_highlighted_relevant_substrings($metadata, $query); + } } } diff --git a/views/default/output/access.php b/views/default/output/access.php index 91c5c721e..5c8d62c4d 100644 --- a/views/default/output/access.php +++ b/views/default/output/access.php @@ -11,7 +11,7 @@ if (isset($vars['entity']) && elgg_instanceof($vars['entity'])) { $access_id = $vars['entity']->access_id; $access_class = 'elgg-access'; $access_id_string = get_readable_access_level($access_id); - $access_id_string = htmlentities($access_id_string, ENT_QUOTES, 'UTF-8'); + $access_id_string = htmlspecialchars($access_id_string, ENT_QUOTES, 'UTF-8', false); // if within a group or shared access collection display group name and open/closed membership status // @todo have a better way to do this instead of checking against subtype / class. |