diff options
61 files changed, 960 insertions, 467 deletions
diff --git a/CHANGES.txt b/CHANGES.txt index 7a3422d7d..ca1bdc675 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -1,3 +1,80 @@ +Version 1.8.11 +(December 5th, 2012 from https://github.com/Elgg/Elgg/tree/1.8) + + Bugfix: + * Fixed fatal error in group creation form + + +Version 1.8.10 +(December 4th, 2012 from https://github.com/Elgg/Elgg/tree/1.8) + + Contributing Developers: + * Krzysztof Różalski + * Lars Hærvig + * Paweł Sroka + * RiverVanRain + * Sem + * Steve Clay + + Security Enhancements: + * Cached metadata respects access restrictions to fix problems with profile + field display. + * Group RSS feeds are restricted to valid entities + + Enhancements: + * UX: Added a list of Administrators in the admin area + * UX: Limiting message board activity stream entries to excerpts + * Performance: Prefetching river entries + * Performance: Plugin entities are cached + + Bugfixes: + * Removed superfluous commas in JS files to fix IE compatibility. + * API: Fixed Twitter API. + * Performance: Outputting valid ETags and expires headers. + + +Version 1.8.9 +(November 11, 2012 from https://github.com/Elgg/Elgg/tree/1.8) + + Contributing Developers: + * Brett Profitt + * Cash Costello + * Evan Winslow + * Jeroen Dalsem + * Jerome Bakker + * Matt Beckett + * Paweł Sroka + * Sem + * Steve Clay + + Security Enhancements: + * Sample CLI installer cannot break site + * Removed XSS vulnerabilities in titles and user profiles + + Enhancements: + * UX: A group's owner can transfer ownership to another member + * UX: Search queries persist in the search box + * Several (X)HTML validation improvements + * Improved performance via more aggressive entity and metadata caching + * BC: 1.7 group profile URLs forward correctly + + Bugfixes: + * UX: Titles containing HTML tokens are never mangled + * UX: Empty user profile values saved properly + * UX: Blog creator always mentioned in activity stream (not user who published it) + * UI: Fixed ordering of registered menu items in some cases + * UI: Embed dialog does not break file inputs + * UI: Datepicker now respects language + * UI: More reliable display of access input in widgets + * UI: Group edit form is sticky + * UI: Site categories are sticky in forms + * API: Language fallback works in Javascript + * API: Fallback to default viewtype if invalid one given + * API: Notices reported for missing language keys + * Memcache now safe to use; never bypasses access control + * BC: upgrade shows comments consistently in activity stream + + Version 1.8.8 (July 11, 2012 from https://github.com/Elgg/Elgg/tree/1.8) diff --git a/CONTRIBUTORS.txt b/CONTRIBUTORS.txt index 0163757e7..a8e74d3a4 100644 --- a/CONTRIBUTORS.txt +++ b/CONTRIBUTORS.txt @@ -1,6 +1,7 @@ The following have made notable contributions to the Elgg Project. (List in alphabetical order.) +Steve Clay - http://www.mrclay.org/, https://twitter.com/mrclay_org Cash Costello - cash@elgg.org, http://cashcostello.com/ @@ -20,10 +21,10 @@ Tom Read - MITRE http://mitre.org/ Justin Richer - MITRE http://mitre.org/ -Dave Tosh - davidgtosh@gmail.com, http://twitter.com/davetosh +Dave Tosh - davidgtosh@gmail.com, http://twitter.com/davetosh Ben Werdmuller - http://benwerd.com/ -Nicholas Whitt - nick.whitt@gmail.com, http://twitter.com/nogoodnick +Nicholas Whitt - nick.whitt@gmail.com, http://twitter.com/nogoodnick Evan Winslow - evan@elgg.org, http://evanwinslow.com/ diff --git a/actions/profile/edit.php b/actions/profile/edit.php index b6d73ff2d..89bf2bc0b 100644 --- a/actions/profile/edit.php +++ b/actions/profile/edit.php @@ -25,7 +25,7 @@ if (!is_array($accesslevel)) { * wrapper for recursive array walk decoding */ function profile_array_decoder(&$v) { - $v = html_entity_decode($v, ENT_COMPAT, 'UTF-8'); + $v = _elgg_html_decode($v); } $profile_fields = elgg_get_config('profile_fields'); @@ -37,7 +37,7 @@ foreach ($profile_fields as $shortname => $valuetype) { if (is_array($value)) { array_walk_recursive($value, 'profile_array_decoder'); } else { - $value = html_entity_decode($value, ENT_COMPAT, 'UTF-8'); + $value = _elgg_html_decode($value); } // limit to reasonable sizes diff --git a/actions/register.php b/actions/register.php index f23d5b381..810ceaf27 100644 --- a/actions/register.php +++ b/actions/register.php @@ -30,8 +30,6 @@ if (elgg_get_config('allow_registration')) { $guid = register_user($username, $password, $name, $email, false, $friend_guid, $invitecode); if ($guid) { - elgg_clear_sticky_form('register'); - $new_user = get_entity($guid); // allow plugins to respond to self registration @@ -54,6 +52,7 @@ if (elgg_get_config('allow_registration')) { throw new RegistrationException(elgg_echo('registerbad')); } + elgg_clear_sticky_form('register'); system_message(elgg_echo("registerok", array(elgg_get_site_entity()->name))); // if exception thrown, this probably means there is a validation @@ -76,4 +75,4 @@ if (elgg_get_config('allow_registration')) { register_error(elgg_echo('registerdisabled')); } -forward(REFERER);
\ No newline at end of file +forward(REFERER); diff --git a/engine/classes/ElggPAM.php b/engine/classes/ElggPAM.php index 0681a909b..f07095fc1 100644 --- a/engine/classes/ElggPAM.php +++ b/engine/classes/ElggPAM.php @@ -53,11 +53,17 @@ class ElggPAM { foreach ($_PAM_HANDLERS[$this->policy] as $k => $v) { $handler = $v->handler; + if (!is_callable($handler)) { + continue; + } + /* @var callable $handler */ + $importance = $v->importance; try { // Execute the handler - $result = $handler($credentials); + // @todo don't assume $handler is a global function + $result = call_user_func($handler, $credentials); if ($result) { $authenticated = true; } elseif ($result === false) { diff --git a/engine/classes/ElggPlugin.php b/engine/classes/ElggPlugin.php index 3e43c8e81..c6ce2905f 100644 --- a/engine/classes/ElggPlugin.php +++ b/engine/classes/ElggPlugin.php @@ -36,8 +36,9 @@ class ElggPlugin extends ElggObject { * @warning Unlike other ElggEntity objects, you cannot null instantiate * ElggPlugin. You must point it to an actual plugin GUID or location. * - * @param mixed $plugin The GUID of the ElggPlugin object or the path of - * the plugin to load. + * @param mixed $plugin The GUID of the ElggPlugin object or the path of the plugin to load. + * + * @throws PluginException */ public function __construct($plugin) { if (!$plugin) { @@ -76,6 +77,8 @@ class ElggPlugin extends ElggObject { // load the rest of the plugin parent::__construct($existing_guid); } + + _elgg_cache_plugin_by_id($this); } /** diff --git a/engine/classes/ElggPluginManifest.php b/engine/classes/ElggPluginManifest.php index a4f5bb95d..6912c2b08 100644 --- a/engine/classes/ElggPluginManifest.php +++ b/engine/classes/ElggPluginManifest.php @@ -130,7 +130,7 @@ class ElggPluginManifest { } // see if we need to construct the xml object. - if ($manifest instanceof XmlElement) { + if ($manifest instanceof ElggXMLElement) { $manifest_obj = $manifest; } else { if (substr(trim($manifest), 0, 1) == '<') { diff --git a/engine/classes/ElggVolatileMetadataCache.php b/engine/classes/ElggVolatileMetadataCache.php index 24ae58d42..8a33c198d 100644 --- a/engine/classes/ElggVolatileMetadataCache.php +++ b/engine/classes/ElggVolatileMetadataCache.php @@ -279,6 +279,9 @@ class ElggVolatileMetadataCache { ), 'selects' => array('n.string AS name', 'v.string AS value'), 'order_by' => 'n_table.entity_guid, n_table.time_created ASC', + + // @todo don't know why this is necessary + 'wheres' => array(get_access_sql_suffix('n_table')), ); $data = elgg_get_metadata($options); diff --git a/engine/classes/ElggXMLElement.php b/engine/classes/ElggXMLElement.php new file mode 100644 index 000000000..65a13912c --- /dev/null +++ b/engine/classes/ElggXMLElement.php @@ -0,0 +1,115 @@ +<?php +/** + * A parser for XML that uses SimpleXMLElement + * + * @package Elgg.Core + * @subpackage XML + */ +class ElggXMLElement { + /** + * @var SimpleXMLElement + */ + private $_element; + + /** + * Creates an ElggXMLParser from a string or existing SimpleXMLElement + * + * @param string|SimpleXMLElement $xml The XML to parse + */ + public function __construct($xml) { + if ($xml instanceof SimpleXMLElement) { + $this->_element = $xml; + } else { + $this->_element = new SimpleXMLElement($xml); + } + } + + /** + * @return string The name of the element + */ + public function getName() { + return $this->_element->getName(); + } + + /** + * @return array:string The attributes + */ + public function getAttributes() { + //include namespace declarations as attributes + $xmlnsRaw = $this->_element->getNamespaces(); + $xmlns = array(); + foreach ($xmlnsRaw as $key => $val) { + $label = 'xmlns' . ($key ? ":$key" : $key); + $xmlns[$label] = $val; + } + //get attributes and merge with namespaces + $attrRaw = $this->_element->attributes(); + $attr = array(); + foreach ($attrRaw as $key => $val) { + $attr[$key] = $val; + } + $attr = array_merge((array) $xmlns, (array) $attr); + $result = array(); + foreach ($attr as $key => $val) { + $result[$key] = (string) $val; + } + return $result; + } + + /** + * @return string CData + */ + public function getContent() { + return (string) $this->_element; + } + + /** + * @return array:ElggXMLElement Child elements + */ + public function getChildren() { + $children = $this->_element->children(); + $result = array(); + foreach ($children as $val) { + $result[] = new ElggXMLElement($val); + } + + return $result; + } + + function __get($name) { + switch ($name) { + case 'name': + return $this->getName(); + break; + case 'attributes': + return $this->getAttributes(); + break; + case 'content': + return $this->getContent(); + break; + case 'children': + return $this->getChildren(); + break; + } + return null; + } + + function __isset($name) { + switch ($name) { + case 'name': + return $this->getName() !== null; + break; + case 'attributes': + return $this->getAttributes() !== null; + break; + case 'content': + return $this->getContent() !== null; + break; + case 'children': + return $this->getChildren() !== null; + break; + } + return false; + } + +}
\ No newline at end of file diff --git a/engine/handlers/cache_handler.php b/engine/handlers/cache_handler.php index b332ec379..7706c2c92 100644 --- a/engine/handlers/cache_handler.php +++ b/engine/handlers/cache_handler.php @@ -64,7 +64,7 @@ $ts = $matches[4]; // If is the same ETag, content didn't changed. $etag = $ts; -if (isset($_SERVER['HTTP_IF_NONE_MATCH']) && trim($_SERVER['HTTP_IF_NONE_MATCH']) == $etag) { +if (isset($_SERVER['HTTP_IF_NONE_MATCH']) && trim($_SERVER['HTTP_IF_NONE_MATCH']) == "\"$etag\"") { header("HTTP/1.1 304 Not Modified"); exit; } @@ -80,10 +80,10 @@ switch ($type) { break; } -header('Expires: ' . date('r', strtotime("+6 months")), true); +header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', strtotime("+6 months")), true); header("Pragma: public", true); header("Cache-Control: public", true); -header("ETag: $etag"); +header("ETag: \"$etag\""); $filename = $dataroot . 'views_simplecache/' . md5($viewtype . $view); diff --git a/engine/lib/access.php b/engine/lib/access.php index e8b3b0d52..3b2b7aeaa 100644 --- a/engine/lib/access.php +++ b/engine/lib/access.php @@ -88,11 +88,7 @@ function get_access_array($user_id = 0, $site_id = 0, $flush = false) { // @todo everything from the db is cached. // this cache might be redundant. But db cache is flushed on every db write. - static $access_array; - - if (!isset($access_array)) { - $access_array = array(); - } + static $access_array = array(); if ($user_id == 0) { $user_id = elgg_get_logged_in_user_guid(); @@ -476,7 +472,7 @@ function can_edit_access_collection($collection_id, $user_guid = null) { return false; } - $write_access = get_write_access_array($user->getGUID(), null, true); + $write_access = get_write_access_array($user->getGUID(), 0, true); // don't ignore access when checking users. if ($user_guid) { @@ -560,8 +556,6 @@ function create_access_collection($name, $owner_guid = 0, $site_guid = 0) { * @see remove_user_from_access_collection() */ function update_access_collection($collection_id, $members) { - global $CONFIG; - $acl = get_access_collection($collection_id); if (!$acl) { @@ -1018,6 +1012,7 @@ function elgg_override_permissions($hook, $type, $value, $params) { */ function access_test($hook, $type, $value, $params) { global $CONFIG; + $value[] = $CONFIG->path . 'engine/tests/api/access_collections.php'; return $value; } diff --git a/engine/lib/admin.php b/engine/lib/admin.php index b65d98c95..3f23f079c 100644 --- a/engine/lib/admin.php +++ b/engine/lib/admin.php @@ -268,8 +268,9 @@ function admin_init() { // users elgg_register_admin_menu_item('administer', 'users', null, 20); elgg_register_admin_menu_item('administer', 'online', 'users', 10); - elgg_register_admin_menu_item('administer', 'newest', 'users', 20); - elgg_register_admin_menu_item('administer', 'add', 'users', 30); + elgg_register_admin_menu_item('administer', 'admins', 'users', 20); + elgg_register_admin_menu_item('administer', 'newest', 'users', 30); + elgg_register_admin_menu_item('administer', 'add', 'users', 40); // configure // plugins diff --git a/engine/lib/configuration.php b/engine/lib/configuration.php index 305aa00b6..b10e51130 100644 --- a/engine/lib/configuration.php +++ b/engine/lib/configuration.php @@ -91,23 +91,29 @@ function elgg_get_config($name, $site_guid = 0) { return $CONFIG->$name; } - if ($site_guid === NULL) { + if ($site_guid === null) { // installation wide setting $value = datalist_get($name); } else { - // site specific setting - if ($site_guid == 0) { - $site_guid = (int) $CONFIG->site_id; + // hit DB only if we're not sure if value exists or not + if (!isset($CONFIG->site_config_loaded)) { + // site specific setting + if ($site_guid == 0) { + $site_guid = (int) $CONFIG->site_id; + } + $value = get_config($name, $site_guid); + } else { + $value = null; } - $value = get_config($name, $site_guid); } - if ($value !== false) { - $CONFIG->$name = $value; - return $value; + // @todo document why we don't cache false + if ($value === false) { + return null; } - return null; + $CONFIG->$name = $value; + return $value; } /** @@ -558,6 +564,8 @@ function _elgg_load_site_config() { $CONFIG->url = $CONFIG->wwwroot; get_all_config(); + // gives hint to elgg_get_config function how to approach missing values + $CONFIG->site_config_loaded = true; } /** diff --git a/engine/lib/elgglib.php b/engine/lib/elgglib.php index 26c1cccfd..dd3cba25d 100644 --- a/engine/lib/elgglib.php +++ b/engine/lib/elgglib.php @@ -671,7 +671,7 @@ function elgg_register_event_handler($event, $object_type, $callback, $priority global $CONFIG; if (empty($event) || empty($object_type)) { - return FALSE; + return false; } if (!isset($CONFIG->events)) { @@ -684,8 +684,8 @@ function elgg_register_event_handler($event, $object_type, $callback, $priority $CONFIG->events[$event][$object_type] = array(); } - if (!is_callable($callback)) { - return FALSE; + if (!is_callable($callback, true)) { + return false; } $priority = max((int) $priority, 0); @@ -695,7 +695,7 @@ function elgg_register_event_handler($event, $object_type, $callback, $priority } $CONFIG->events[$event][$object_type][$priority] = $callback; ksort($CONFIG->events[$event][$object_type]); - return TRUE; + return true; } /** @@ -770,14 +770,14 @@ function elgg_trigger_event($event, $object_type, $object = null) { foreach ($events as $callback_list) { if (is_array($callback_list)) { foreach ($callback_list as $callback) { - if (call_user_func_array($callback, $args) === FALSE) { - return FALSE; + if (is_callable($callback) && (call_user_func_array($callback, $args) === false)) { + return false; } } } } - return TRUE; + return true; } /** @@ -850,7 +850,7 @@ function elgg_register_plugin_hook_handler($hook, $type, $callback, $priority = global $CONFIG; if (empty($hook) || empty($type)) { - return FALSE; + return false; } if (!isset($CONFIG->hooks)) { @@ -863,8 +863,8 @@ function elgg_register_plugin_hook_handler($hook, $type, $callback, $priority = $CONFIG->hooks[$hook][$type] = array(); } - if (!is_callable($callback)) { - return FALSE; + if (!is_callable($callback, true)) { + return false; } $priority = max((int) $priority, 0); @@ -874,7 +874,7 @@ function elgg_register_plugin_hook_handler($hook, $type, $callback, $priority = } $CONFIG->hooks[$hook][$type][$priority] = $callback; ksort($CONFIG->hooks[$hook][$type]); - return TRUE; + return true; } /** @@ -970,10 +970,12 @@ function elgg_trigger_plugin_hook($hook, $type, $params = null, $returnvalue = n foreach ($hooks as $callback_list) { if (is_array($callback_list)) { foreach ($callback_list as $hookcallback) { - $args = array($hook, $type, $returnvalue, $params); - $temp_return_value = call_user_func_array($hookcallback, $args); - if (!is_null($temp_return_value)) { - $returnvalue = $temp_return_value; + if (is_callable($hookcallback)) { + $args = array($hook, $type, $returnvalue, $params); + $temp_return_value = call_user_func_array($hookcallback, $args); + if (!is_null($temp_return_value)) { + $returnvalue = $temp_return_value; + } } } } @@ -1883,7 +1885,7 @@ function elgg_cacheable_view_page_handler($page, $type) { header("Content-type: $content_type"); // @todo should js be cached when simple cache turned off - //header('Expires: ' . date('r', time() + 864000)); + //header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', strtotime("+10 days")), true); //header("Pragma: public"); //header("Cache-Control: public"); //header("Content-Length: " . strlen($return)); diff --git a/engine/lib/entities.php b/engine/lib/entities.php index a50567d9f..fda554388 100644 --- a/engine/lib/entities.php +++ b/engine/lib/entities.php @@ -17,13 +17,13 @@ global $ENTITY_CACHE; $ENTITY_CACHE = array(); /** - * Cache subtypes and related class names once loaded. + * Cache subtypes and related class names. * - * @global array $SUBTYPE_CACHE + * @global array|null $SUBTYPE_CACHE array once populated from DB, initially null * @access private */ global $SUBTYPE_CACHE; -$SUBTYPE_CACHE = NULL; +$SUBTYPE_CACHE = null; /** * Invalidate this class's entry in the cache. @@ -59,16 +59,24 @@ function invalidate_cache_for_entity($guid) { function cache_entity(ElggEntity $entity) { global $ENTITY_CACHE; - // Don't cache entities while access control is off, otherwise they could be + // Don't cache non-plugin entities while access control is off, otherwise they could be // exposed to users who shouldn't see them when control is re-enabled. - if (elgg_get_ignore_access()) { + if (!($entity instanceof ElggPlugin) && elgg_get_ignore_access()) { return; } // Don't store too many or we'll have memory problems // TODO(evan): Pick a less arbitrary limit if (count($ENTITY_CACHE) > 256) { - unset($ENTITY_CACHE[array_rand($ENTITY_CACHE)]); + $random_guid = array_rand($ENTITY_CACHE); + + unset($ENTITY_CACHE[$random_guid]); + + // Purge separate metadata cache. Original idea was to do in entity destructor, but that would + // have caused a bunch of unnecessary purges at every shutdown. Doing it this way we have no way + // to know that the expunged entity will be GCed (might be another reference living), but that's + // OK; the metadata will reload if necessary. + elgg_get_metadata_cache()->clear($random_guid); } $ENTITY_CACHE[$entity->guid] = $entity; @@ -87,8 +95,6 @@ function cache_entity(ElggEntity $entity) { function retrieve_cached_entity($guid) { global $ENTITY_CACHE; - $guid = (int)$guid; - if (isset($ENTITY_CACHE[$guid])) { if ($ENTITY_CACHE[$guid]->isFullyLoaded()) { return $ENTITY_CACHE[$guid]; @@ -148,29 +154,23 @@ function retrieve_cached_entity_row($guid) { * @access private */ function get_subtype_id($type, $subtype) { - global $CONFIG, $SUBTYPE_CACHE; + global $SUBTYPE_CACHE; - $type = sanitise_string($type); - $subtype = sanitise_string($subtype); - - if ($subtype == "") { - return FALSE; + if (!$subtype) { + return false; } - // @todo use the cache before hitting database - $result = get_data_row("SELECT * from {$CONFIG->dbprefix}entity_subtypes - where type='$type' and subtype='$subtype'"); - - if ($result) { - if (!$SUBTYPE_CACHE) { - $SUBTYPE_CACHE = array(); - } + if ($SUBTYPE_CACHE === null) { + _elgg_populate_subtype_cache(); + } - $SUBTYPE_CACHE[$result->id] = $result; + // use the cache before hitting database + $result = _elgg_retrieve_cached_subtype($type, $subtype); + if ($result !== null) { return $result->id; } - return FALSE; + return false; } /** @@ -178,35 +178,67 @@ function get_subtype_id($type, $subtype) { * * @param int $subtype_id Subtype ID * - * @return string Subtype name + * @return string|false Subtype name, false if subtype not found * @link http://docs.elgg.org/DataModel/Entities/Subtypes * @see get_subtype_from_id() * @access private */ function get_subtype_from_id($subtype_id) { - global $CONFIG, $SUBTYPE_CACHE; - - $subtype_id = (int)$subtype_id; + global $SUBTYPE_CACHE; if (!$subtype_id) { return false; } + if ($SUBTYPE_CACHE === null) { + _elgg_populate_subtype_cache(); + } + if (isset($SUBTYPE_CACHE[$subtype_id])) { return $SUBTYPE_CACHE[$subtype_id]->subtype; } - $result = get_data_row("SELECT * from {$CONFIG->dbprefix}entity_subtypes where id=$subtype_id"); - if ($result) { - if (!$SUBTYPE_CACHE) { - $SUBTYPE_CACHE = array(); - } + return false; +} + +/** + * Retrieve subtype from the cache. + * + * @param string $type + * @param string $subtype + * @return stdClass|null + * + * @access private + */ +function _elgg_retrieve_cached_subtype($type, $subtype) { + global $SUBTYPE_CACHE; - $SUBTYPE_CACHE[$subtype_id] = $result; - return $result->subtype; + if ($SUBTYPE_CACHE === null) { + _elgg_populate_subtype_cache(); } - return false; + foreach ($SUBTYPE_CACHE as $obj) { + if ($obj->type === $type && $obj->subtype === $subtype) { + return $obj; + } + } + return null; +} + +/** + * Fetch all suptypes from DB to local cache. + * + * @access private + */ +function _elgg_populate_subtype_cache() { + global $CONFIG, $SUBTYPE_CACHE; + + $results = get_data("SELECT * FROM {$CONFIG->dbprefix}entity_subtypes"); + + $SUBTYPE_CACHE = array(); + foreach ($results as $row) { + $SUBTYPE_CACHE[$row->id] = $row; + } } /** @@ -225,25 +257,19 @@ function get_subtype_from_id($subtype_id) { * @access private */ function get_subtype_class($type, $subtype) { - global $CONFIG, $SUBTYPE_CACHE; - - $type = sanitise_string($type); - $subtype = sanitise_string($subtype); - - // @todo use the cache before going to the database - $result = get_data_row("SELECT * from {$CONFIG->dbprefix}entity_subtypes - where type='$type' and subtype='$subtype'"); + global $SUBTYPE_CACHE; - if ($result) { - if (!$SUBTYPE_CACHE) { - $SUBTYPE_CACHE = array(); - } - - $SUBTYPE_CACHE[$result->id] = $result; - return $result->class; + if ($SUBTYPE_CACHE === null) { + _elgg_populate_subtype_cache(); + } + + // use the cache before going to the database + $obj = _elgg_retrieve_cached_subtype($type, $subtype); + if ($obj) { + return $obj->class; } - return NULL; + return null; } /** @@ -257,29 +283,21 @@ function get_subtype_class($type, $subtype) { * @access private */ function get_subtype_class_from_id($subtype_id) { - global $CONFIG, $SUBTYPE_CACHE; - - $subtype_id = (int)$subtype_id; + global $SUBTYPE_CACHE; if (!$subtype_id) { - return false; + return null; } + if ($SUBTYPE_CACHE === null) { + _elgg_populate_subtype_cache(); + } + if (isset($SUBTYPE_CACHE[$subtype_id])) { return $SUBTYPE_CACHE[$subtype_id]->class; } - $result = get_data_row("SELECT * from {$CONFIG->dbprefix}entity_subtypes where id=$subtype_id"); - - if ($result) { - if (!$SUBTYPE_CACHE) { - $SUBTYPE_CACHE = array(); - } - $SUBTYPE_CACHE[$subtype_id] = $result; - return $result->class; - } - - return NULL; + return null; } /** @@ -305,21 +323,32 @@ function get_subtype_class_from_id($subtype_id) { * @see get_entity() */ function add_subtype($type, $subtype, $class = "") { - global $CONFIG; - $type = sanitise_string($type); - $subtype = sanitise_string($subtype); - $class = sanitise_string($class); + global $CONFIG, $SUBTYPE_CACHE; - // Short circuit if no subtype is given - if ($subtype == "") { + if (!$subtype) { return 0; } $id = get_subtype_id($type, $subtype); - if ($id == 0) { - return insert_data("insert into {$CONFIG->dbprefix}entity_subtypes" - . " (type, subtype, class) values ('$type','$subtype','$class')"); + if (!$id) { + // In cache we store non-SQL-escaped strings because that's what's returned by query + $cache_obj = (object) array( + 'type' => $type, + 'subtype' => $subtype, + 'class' => $class, + ); + + $type = sanitise_string($type); + $subtype = sanitise_string($subtype); + $class = sanitise_string($class); + + $id = insert_data("INSERT INTO {$CONFIG->dbprefix}entity_subtypes" + . " (type, subtype, class) VALUES ('$type', '$subtype', '$class')"); + + // add entry to cache + $cache_obj->id = $id; + $SUBTYPE_CACHE[$id] = $cache_obj; } return $id; @@ -361,22 +390,31 @@ function remove_subtype($type, $subtype) { function update_subtype($type, $subtype, $class = '') { global $CONFIG, $SUBTYPE_CACHE; - if (!$id = get_subtype_id($type, $subtype)) { - return FALSE; + $id = get_subtype_id($type, $subtype); + if (!$id) { + return false; } + + if ($SUBTYPE_CACHE === null) { + _elgg_populate_subtype_cache(); + } + + $unescaped_class = $class; + $type = sanitise_string($type); $subtype = sanitise_string($subtype); - - $result = update_data("UPDATE {$CONFIG->dbprefix}entity_subtypes + $class = sanitise_string($class); + + $success = update_data("UPDATE {$CONFIG->dbprefix}entity_subtypes SET type = '$type', subtype = '$subtype', class = '$class' WHERE id = $id "); - if ($result && isset($SUBTYPE_CACHE[$id])) { - $SUBTYPE_CACHE[$id]->class = $class; + if ($success && isset($SUBTYPE_CACHE[$id])) { + $SUBTYPE_CACHE[$id]->class = $unescaped_class; } - return $result; + return $success; } /** @@ -1772,7 +1810,7 @@ function oddentity_to_elggentity(ODDEntity $element) { if (!$tmp) { // Construct new class with owner from session $classname = get_subtype_class($class, $subclass); - if ($classname != "") { + if ($classname) { if (class_exists($classname)) { $tmp = new $classname(); @@ -1838,7 +1876,7 @@ function oddentity_to_elggentity(ODDEntity $element) { function import_entity_plugin_hook($hook, $entity_type, $returnvalue, $params) { $element = $params['element']; - $tmp = NULL; + $tmp = null; if ($element instanceof ODDEntity) { $tmp = oddentity_to_elggentity($element); @@ -2011,7 +2049,7 @@ function get_entity_url($entity_guid) { function elgg_register_entity_url_handler($entity_type, $entity_subtype, $function_name) { global $CONFIG; - if (!is_callable($function_name)) { + if (!is_callable($function_name, true)) { return false; } diff --git a/engine/lib/extender.php b/engine/lib/extender.php index 43421342c..538f601e1 100644 --- a/engine/lib/extender.php +++ b/engine/lib/extender.php @@ -136,14 +136,15 @@ function can_edit_extender($extender_id, $type, $user_guid = 0) { $functionname = "elgg_get_{$type}_from_id"; if (is_callable($functionname)) { - $extender = $functionname($extender_id); + $extender = call_user_func($functionname, $extender_id); } else { return false; } - if (!is_a($extender, "ElggExtender")) { + if (!($extender instanceof ElggExtender)) { return false; } + /* @var ElggExtender $extender */ // If the owner is the specified user, great! They can edit. if ($extender->getOwnerGUID() == $user->getGUID()) { @@ -175,7 +176,7 @@ function elgg_register_extender_url_handler($extender_type, $extender_name, $fun global $CONFIG; - if (!is_callable($function_name)) { + if (!is_callable($function_name, true)) { return false; } @@ -228,7 +229,7 @@ function get_extender_url(ElggExtender $extender) { if ($url == "") { $nameid = $extender->id; if ($type == 'volatile') { - $nameid == $extender->name; + $nameid = $extender->name; } $url = "export/$view/$guid/$type/$nameid/"; } diff --git a/engine/lib/notification.php b/engine/lib/notification.php index 18faff27f..9e3c075a8 100644 --- a/engine/lib/notification.php +++ b/engine/lib/notification.php @@ -38,7 +38,7 @@ $NOTIFICATION_HANDLERS = array(); function register_notification_handler($method, $handler, $params = NULL) { global $NOTIFICATION_HANDLERS; - if (is_callable($handler)) { + if (is_callable($handler, true)) { $NOTIFICATION_HANDLERS[$method] = new stdClass; $NOTIFICATION_HANDLERS[$method]->handler = $handler; @@ -131,8 +131,9 @@ function notify_user($to, $from, $subject, $message, array $params = NULL, $meth // Extract method details from list $details = $NOTIFICATION_HANDLERS[$method]; $handler = $details->handler; + /* @var callable $handler */ - if ((!$NOTIFICATION_HANDLERS[$method]) || (!$handler)) { + if ((!$NOTIFICATION_HANDLERS[$method]) || (!$handler) || (!is_callable($handler))) { error_log(elgg_echo('NotificationException:NoHandlerFound', array($method))); } @@ -140,7 +141,7 @@ function notify_user($to, $from, $subject, $message, array $params = NULL, $meth // Trigger handler and retrieve result. try { - $result[$guid][$method] = $handler( + $result[$guid][$method] = call_user_func($handler, $from ? get_entity($from) : NULL, // From entity get_entity($guid), // To entity $subject, // The subject diff --git a/engine/lib/output.php b/engine/lib/output.php index d50576b44..cce1c7cba 100644 --- a/engine/lib/output.php +++ b/engine/lib/output.php @@ -373,31 +373,73 @@ function elgg_strip_tags($string) { return $string; } -/**
- * Unit tests for Output
- *
- * @param sting $hook unit_test
- * @param string $type system
- * @param mixed $value Array of tests
- * @param mixed $params Params
- *
- * @return array
- * @access private
- */
-function output_unit_test($hook, $type, $value, $params) {
- global $CONFIG;
- $value[] = $CONFIG->path . 'engine/tests/api/output.php';
- return $value;
+/** + * Apply html_entity_decode() to a string while re-entitising HTML + * special char entities to prevent them from being decoded back to their + * unsafe original forms. + * + * This relies on html_entity_decode() not translating entities when + * doing so leaves behind another entity, e.g. &gt; if decoded would + * create > which is another entity itself. This seems to escape the + * usual behaviour where any two paired entities creating a HTML tag are + * usually decoded, i.e. a lone > is not decoded, but <foo> would + * be decoded to <foo> since it creates a full tag. + * + * Note: This function is poorly explained in the manual - which is really + * bad given its potential for misuse on user input already escaped elsewhere. + * Stackoverflow is littered with advice to use this function in the precise + * way that would lead to user input being capable of injecting arbitrary HTML. + * + * @param string $string + * + * @return string + * + * @author Pádraic Brady + * @copyright Copyright (c) 2010 Pádraic Brady (http://blog.astrumfutura.com) + * @license Released under dual-license GPL2/MIT by explicit permission of Pádraic Brady + * + * @access private + */ +function _elgg_html_decode($string) { + $string = str_replace( + array('>', '<', '&', '"', '''), + array('&gt;', '&lt;', '&amp;', '&quot;', '&#039;'), + $string + ); + $string = html_entity_decode($string, ENT_NOQUOTES, 'UTF-8'); + $string = str_replace( + array('&gt;', '&lt;', '&amp;', '&quot;', '&#039;'), + array('>', '<', '&', '"', '''), + $string + ); + return $string; } -/**
- * Initialise the Output subsystem.
- *
- * @return void
- * @access private
- */
+/** + * Unit tests for Output + * + * @param sting $hook unit_test + * @param string $type system + * @param mixed $value Array of tests + * @param mixed $params Params + * + * @return array + * @access private + */ +function output_unit_test($hook, $type, $value, $params) { + global $CONFIG; + $value[] = $CONFIG->path . 'engine/tests/api/output.php'; + return $value; +} + +/** + * Initialise the Output subsystem. + * + * @return void + * @access private + */ function output_init() { elgg_register_plugin_hook_handler('unit_test', 'system', 'output_unit_test'); -}
+} elgg_register_event_handler('init', 'system', 'output_init'); diff --git a/engine/lib/pagehandler.php b/engine/lib/pagehandler.php index ba7518a77..0cf99b6fe 100644 --- a/engine/lib/pagehandler.php +++ b/engine/lib/pagehandler.php @@ -45,7 +45,10 @@ function page_handler($handler, $page) { $page = $request['segments']; $result = false; - if (isset($CONFIG->pagehandler) && !empty($handler) && isset($CONFIG->pagehandler[$handler])) { + if (isset($CONFIG->pagehandler) + && !empty($handler) + && isset($CONFIG->pagehandler[$handler]) + && is_callable($CONFIG->pagehandler[$handler])) { $function = $CONFIG->pagehandler[$handler]; $result = call_user_func($function, $page, $handler); } @@ -76,14 +79,15 @@ function page_handler($handler, $page) { * @param string $handler The page type to handle * @param string $function Your function name * - * @return true|false Depending on success + * @return bool Depending on success */ function elgg_register_page_handler($handler, $function) { global $CONFIG; + if (!isset($CONFIG->pagehandler)) { $CONFIG->pagehandler = array(); } - if (is_callable($function)) { + if (is_callable($function, true)) { $CONFIG->pagehandler[$handler] = $function; return true; } diff --git a/engine/lib/pam.php b/engine/lib/pam.php index 4f9f44278..1c9c3bfe1 100644 --- a/engine/lib/pam.php +++ b/engine/lib/pam.php @@ -30,7 +30,9 @@ $_PAM_HANDLERS = array(); * failure, return false or throw an exception. Returning nothing indicates that * the handler wants to be skipped. * - * @param string $handler The handler function in the format + * Note, $handler must be string callback (not an array/Closure). + * + * @param string $handler Callable global handler function in the format () * pam_handler($credentials = NULL); * @param string $importance The importance - "sufficient" (default) or "required" * @param string $policy The policy type, default is "user" @@ -45,7 +47,8 @@ function register_pam_handler($handler, $importance = "sufficient", $policy = "u $_PAM_HANDLERS[$policy] = array(); } - if (is_callable($handler)) { + // @todo remove requirement that $handle be a global function + if (is_string($handler) && is_callable($handler, true)) { $_PAM_HANDLERS[$policy][$handler] = new stdClass; $_PAM_HANDLERS[$policy][$handler]->handler = $handler; diff --git a/engine/lib/plugins.php b/engine/lib/plugins.php index d5cd4fe76..ca4a957f4 100644 --- a/engine/lib/plugins.php +++ b/engine/lib/plugins.php @@ -176,6 +176,19 @@ function elgg_generate_plugin_entities() { } /** + * Cache a reference to this plugin by its ID + * + * @param ElggPlugin $plugin + * + * @access private + */ +function _elgg_cache_plugin_by_id(ElggPlugin $plugin) { + $map = (array) elgg_get_config('plugins_by_id_map'); + $map[$plugin->getID()] = $plugin; + elgg_set_config('plugins_by_id_map', $map); +} + +/** * Returns an ElggPlugin object with the path $path. * * @param string $plugin_id The id (dir name) of the plugin. NOT the guid. @@ -183,6 +196,11 @@ function elgg_generate_plugin_entities() { * @since 1.8.0 */ function elgg_get_plugin_from_id($plugin_id) { + $map = (array) elgg_get_config('plugins_by_id_map'); + if (isset($map[$plugin_id])) { + return $map[$plugin_id]; + } + $plugin_id = sanitize_string($plugin_id); $db_prefix = get_config('dbprefix'); @@ -512,6 +530,8 @@ function elgg_namespace_plugin_private_setting($type, $name, $id = null) { * @return string|false Plugin name, or false if no plugin name was called * @since 1.8.0 * @access private + * + * @todo get rid of this */ function elgg_get_calling_plugin_id($mainfilename = false) { if (!$mainfilename) { @@ -920,6 +940,7 @@ function elgg_set_plugin_setting($name, $value, $plugin_id = null) { * * @return mixed * @since 1.8.0 + * @todo make $plugin_id required in future version */ function elgg_get_plugin_setting($name, $plugin_id = null) { if ($plugin_id) { diff --git a/engine/lib/relationships.php b/engine/lib/relationships.php index 09d541e22..01654b1ce 100644 --- a/engine/lib/relationships.php +++ b/engine/lib/relationships.php @@ -416,7 +416,7 @@ function elgg_list_entities_from_relationship_count($options) { function elgg_register_relationship_url_handler($relationship_type, $function_name) { global $CONFIG; - if (!is_callable($function_name)) { + if (!is_callable($function_name, true)) { return false; } diff --git a/engine/lib/river.php b/engine/lib/river.php index b717a7756..33f34360e 100644 --- a/engine/lib/river.php +++ b/engine/lib/river.php @@ -361,6 +361,7 @@ function elgg_get_river(array $options = array()) { } $river_items = get_data($query, 'elgg_row_to_elgg_river_item'); + _elgg_prefetch_river_entities($river_items); return $river_items; } else { @@ -370,11 +371,56 @@ function elgg_get_river(array $options = array()) { } /** + * Prefetch entities that will be displayed in the river. + * + * @param ElggRiverItem[] $river_items + * @access private + */ +function _elgg_prefetch_river_entities(array $river_items) { + // prefetch objects and subjects + $guids = array(); + foreach ($river_items as $item) { + if ($item->subject_guid && !retrieve_cached_entity($item->subject_guid)) { + $guids[$item->subject_guid] = true; + } + if ($item->object_guid && !retrieve_cached_entity($item->object_guid)) { + $guids[$item->object_guid] = true; + } + } + if ($guids) { + // avoid creating oversized query + // @todo how to better handle this? + $guids = array_slice($guids, 0, 300, true); + // return value unneeded, just priming cache + elgg_get_entities(array( + 'guids' => array_keys($guids), + 'limit' => 0, + )); + } + + // prefetch object containers + $guids = array(); + foreach ($river_items as $item) { + $object = $item->getObjectEntity(); + if ($object->container_guid && !retrieve_cached_entity($object->container_guid)) { + $guids[$object->container_guid] = true; + } + } + if ($guids) { + $guids = array_slice($guids, 0, 300, true); + elgg_get_entities(array( + 'guids' => array_keys($guids), + 'limit' => 0, + )); + } +} + +/** * List river items * * @param array $options Any options from elgg_get_river() plus: * pagination => BOOL Display pagination links (true) - + * * @return string * @since 1.8.0 */ diff --git a/engine/lib/upgrades/2010052601.php b/engine/lib/upgrades/2010052601.php index 5b477910f..a9cca6dc5 100644 --- a/engine/lib/upgrades/2010052601.php +++ b/engine/lib/upgrades/2010052601.php @@ -9,14 +9,14 @@ $params = array('type' => 'group', $groups = elgg_get_entities($params); if ($groups) { foreach ($groups as $group) { - $group->name = html_entity_decode($group->name, ENT_COMPAT, 'UTF-8'); - $group->description = html_entity_decode($group->description, ENT_COMPAT, 'UTF-8'); - $group->briefdescription = html_entity_decode($group->briefdescription, ENT_COMPAT, 'UTF-8'); - $group->website = html_entity_decode($group->website, ENT_COMPAT, 'UTF-8'); + $group->name = _elgg_html_decode($group->name); + $group->description = _elgg_html_decode($group->description); + $group->briefdescription = _elgg_html_decode($group->briefdescription); + $group->website = _elgg_html_decode($group->website); if ($group->interests) { $tags = $group->interests; - foreach ($tags as $index=>$tag) { - $tags[$index] = html_entity_decode($tag, ENT_COMPAT, 'UTF-8'); + foreach ($tags as $index => $tag) { + $tags[$index] = _elgg_html_decode($tag); } $group->interests = $tags; } diff --git a/engine/lib/views.php b/engine/lib/views.php index 6135026a7..69bceabf5 100644 --- a/engine/lib/views.php +++ b/engine/lib/views.php @@ -101,15 +101,15 @@ function elgg_get_viewtype() { return $CURRENT_SYSTEM_VIEWTYPE; } - $viewtype = get_input('view', NULL); - if ($viewtype) { + $viewtype = get_input('view', '', false); + if (is_string($viewtype) && $viewtype !== '') { // only word characters allowed. - if (!preg_match('[\W]', $viewtype)) { + if (!preg_match('/\W/', $viewtype)) { return $viewtype; } } - if (isset($CONFIG->view) && !empty($CONFIG->view)) { + if (!empty($CONFIG->view)) { return $CONFIG->view; } @@ -258,8 +258,6 @@ function elgg_get_view_location($view, $viewtype = '') { } else { return $CONFIG->views->locations[$viewtype][$view]; } - - return false; } /** @@ -329,7 +327,7 @@ function elgg_view_exists($view, $viewtype = '', $recurse = true) { $location = $CONFIG->views->locations[$viewtype][$view]; } - if (file_exists($location . "{$viewtype}/{$view}.php")) { + if (file_exists("{$location}{$viewtype}/{$view}.php")) { return true; } @@ -378,7 +376,7 @@ function elgg_view_exists($view, $viewtype = '', $recurse = true) { * @param boolean $bypass If set to true, elgg_view will bypass any specified * alternative template handler; by default, it will * hand off to this if requested (see set_template_handler) - * @param boolean $debug If set to true, the viewer will complain if it can't find a view + * @param boolean $ignored This argument is ignored and will be removed eventually * @param string $viewtype If set, forces the viewtype for the elgg_view call to be * this value (default: standard detection) * @@ -386,18 +384,30 @@ function elgg_view_exists($view, $viewtype = '', $recurse = true) { * @see set_template_handler() * @example views/elgg_view.php * @link http://docs.elgg.org/View - * @todo $debug isn't used. - * @todo $usercache is redundant. */ -function elgg_view($view, $vars = array(), $bypass = false, $debug = false, $viewtype = '') { +function elgg_view($view, $vars = array(), $bypass = false, $ignored = false, $viewtype = '') { global $CONFIG; - static $usercache; - - $view = (string)$view; + if (!is_string($view) || !is_string($viewtype)) { + elgg_log("View and Viewtype in views must be a strings: $view", 'NOTICE'); + return ''; + } // basic checking for bad paths if (strpos($view, '..') !== false) { - return false; + return ''; + } + + if (!is_array($vars)) { + elgg_log("Vars in views must be an array: $view", 'ERROR'); + $vars = array(); + } + + // Get the current viewtype + if ($viewtype === '') { + $viewtype = elgg_get_viewtype(); + } elseif (preg_match('/\W/', $viewtype)) { + // Viewtypes can only be alphanumeric + return ''; } $view_orig = $view; @@ -408,19 +418,6 @@ function elgg_view($view, $vars = array(), $bypass = false, $debug = false, $vie elgg_trigger_event('pagesetup', 'system'); } - if (!is_array($usercache)) { - $usercache = array(); - } - - if (!is_array($vars)) { - elgg_log("Vars in views must be an array: $view", 'ERROR'); - $vars = array(); - } - - if (empty($vars)) { - $vars = array(); - } - // @warning - plugin authors: do not expect user, config, and url to be // set by elgg_view() in the future. Instead, use elgg_get_logged_in_user_entity(), // elgg_get_config(), and elgg_get_site_url() in your views. @@ -475,16 +472,6 @@ function elgg_view($view, $vars = array(), $bypass = false, $debug = false, $vie } } - // Get the current viewtype - if (empty($viewtype)) { - $viewtype = elgg_get_viewtype(); - } - - // Viewtypes can only be alphanumeric - if (preg_match('[\W]', $viewtype)) { - return ''; - } - // Set up any extensions to the requested view if (isset($CONFIG->views->extensions[$view])) { $viewlist = $CONFIG->views->extensions[$view]; @@ -496,19 +483,21 @@ function elgg_view($view, $vars = array(), $bypass = false, $debug = false, $vie ob_start(); foreach ($viewlist as $priority => $view) { + $view_location = elgg_get_view_location($view, $viewtype); $view_file = "$view_location$viewtype/$view.php"; - $default_location = elgg_get_view_location($view, 'default'); - $default_view_file = "{$default_location}default/$view.php"; - // try to include view if (!file_exists($view_file) || !include($view_file)) { // requested view does not exist $error = "$viewtype/$view view does not exist."; // attempt to load default view - if ($viewtype != 'default' && elgg_does_viewtype_fallback($viewtype)) { + if ($viewtype !== 'default' && elgg_does_viewtype_fallback($viewtype)) { + + $default_location = elgg_get_view_location($view, 'default'); + $default_view_file = "{$default_location}default/$view.php"; + if (file_exists($default_view_file) && include($default_view_file)) { // default view found $error .= " Using default/$view instead."; @@ -533,7 +522,7 @@ function elgg_view($view, $vars = array(), $bypass = false, $debug = false, $vie // backward compatibility with less granular hook will be gone in 2.0 $content_tmp = elgg_trigger_plugin_hook('display', 'view', $params, $content); - if ($content_tmp != $content) { + if ($content_tmp !== $content) { $content = $content_tmp; elgg_deprecated_notice('The display:view plugin hook is deprecated by view:view_name', 1.8); } @@ -559,33 +548,32 @@ function elgg_view($view, $vars = array(), $bypass = false, $debug = false, $vie * @param string $view_extension This view is added to $view * @param int $priority The priority, from 0 to 1000, * to add at (lowest numbers displayed first) - * @param string $viewtype Not used * * @return void * @since 1.7.0 * @link http://docs.elgg.org/Views/Extend * @example views/extend.php */ -function elgg_extend_view($view, $view_extension, $priority = 501, $viewtype = '') { +function elgg_extend_view($view, $view_extension, $priority = 501) { global $CONFIG; if (!isset($CONFIG->views)) { - $CONFIG->views = new stdClass; - } - - if (!isset($CONFIG->views->extensions)) { - $CONFIG->views->extensions = array(); - } - - if (!isset($CONFIG->views->extensions[$view])) { - $CONFIG->views->extensions[$view][500] = "{$view}"; + $CONFIG->views = (object) array( + 'extensions' => array(), + ); + $CONFIG->views->extensions[$view][500] = (string)$view; + } else { + if (!isset($CONFIG->views->extensions[$view])) { + $CONFIG->views->extensions[$view][500] = (string)$view; + } } + // raise priority until it doesn't match one already registered while (isset($CONFIG->views->extensions[$view][$priority])) { $priority++; } - $CONFIG->views->extensions[$view][$priority] = "{$view_extension}"; + $CONFIG->views->extensions[$view][$priority] = (string)$view_extension; ksort($CONFIG->views->extensions[$view]); } @@ -601,14 +589,6 @@ function elgg_extend_view($view, $view_extension, $priority = 501, $viewtype = ' function elgg_unextend_view($view, $view_extension) { global $CONFIG; - if (!isset($CONFIG->views)) { - return FALSE; - } - - if (!isset($CONFIG->views->extensions)) { - return FALSE; - } - if (!isset($CONFIG->views->extensions[$view])) { return FALSE; } @@ -1105,10 +1085,6 @@ function elgg_view_annotation_list($annotations, array $vars = array()) { * @todo Change the hook name. */ function elgg_view_entity_annotations(ElggEntity $entity, $full_view = true) { - if (!$entity) { - return false; - } - if (!($entity instanceof ElggEntity)) { return false; } @@ -1131,7 +1107,7 @@ function elgg_view_entity_annotations(ElggEntity $entity, $full_view = true) { * This is a shortcut for {@elgg_view page/elements/title}. * * @param string $title The page title - * @param string $vars View variables (was submenu be displayed? (deprecated)) + * @param array $vars View variables (was submenu be displayed? (deprecated)) * * @return string The HTML (etc) */ @@ -1203,7 +1179,7 @@ function elgg_view_comments($entity, $add_comment = true, array $vars = array()) * * @param string $image The icon and other information * @param string $body Description content - * @param string $vars Additional parameters for the view + * @param array $vars Additional parameters for the view * * @return string * @since 1.8.0 @@ -1230,7 +1206,6 @@ function elgg_view_image_block($image, $body, $vars = array()) { * @since 1.8.0 */ function elgg_view_module($type, $title, $body, array $vars = array()) { - $vars['class'] = elgg_extract('class', $vars, '') . " elgg-module-$type"; $vars['title'] = $title; $vars['body'] = $body; @@ -1243,11 +1218,15 @@ function elgg_view_module($type, $title, $body, array $vars = array()) { * @param ElggRiverItem $item A river item object * @param array $vars An array of variables for the view * - * @return string|false Depending on success + * @return string returns empty string if could not be rendered */ function elgg_view_river_item($item, array $vars = array()) { + if (!($item instanceof ElggRiverItem)) { + return ''; + } // checking default viewtype since some viewtypes do not have unique views per item (rss) - if (!$item || !$item->getView() || !elgg_view_exists($item->getView(), 'default')) { + $view = $item->getView(); + if (!$view || !elgg_view_exists($view, 'default')) { return ''; } @@ -1339,7 +1318,7 @@ function elgg_view_list_item($item, array $vars = array()) { return elgg_view_river_item($item, $vars); } - return false; + return ''; } /** @@ -1354,7 +1333,7 @@ function elgg_view_list_item($item, array $vars = array()) { */ function elgg_view_icon($name, $class = '') { // @todo deprecate boolean in Elgg 1.9 - if (is_bool($class) && $class === true) { + if ($class === true) { $class = 'float'; } return "<span class=\"elgg-icon elgg-icon-$name $class\"></span>"; @@ -1403,7 +1382,8 @@ function elgg_view_access_collections($owner_guid) { */ function set_template_handler($function_name) { global $CONFIG; - if (!empty($function_name) && is_callable($function_name)) { + + if (is_callable($function_name)) { $CONFIG->template_handler = $function_name; return true; } @@ -1516,17 +1496,13 @@ function elgg_view_tree($view_root, $viewtype = "") { * @param string $base_location_path The base views directory to use with elgg_set_view_location() * @param string $viewtype The type of view we're looking at (default, rss, etc) * - * @return void + * @return bool returns false if folder can't be read * @since 1.7.0 * @see elgg_set_view_location() * @todo This seems overly complicated. * @access private */ function autoregister_views($view_base, $folder, $base_location_path, $viewtype) { - if (!isset($i)) { - $i = 0; - } - if ($handle = opendir($folder)) { while ($view = readdir($handle)) { if (!in_array($view, array('.', '..', '.svn', 'CVS')) && !is_dir($folder . "/" . $view)) { @@ -1608,16 +1584,15 @@ function elgg_views_handle_deprecated_views() { function elgg_views_boot() { global $CONFIG; - elgg_register_simplecache_view('css/elgg'); elgg_register_simplecache_view('css/ie'); elgg_register_simplecache_view('css/ie6'); elgg_register_simplecache_view('css/ie7'); - elgg_register_simplecache_view('js/elgg'); elgg_register_js('jquery', '/vendors/jquery/jquery-1.6.4.min.js', 'head'); elgg_register_js('jquery-ui', '/vendors/jquery/jquery-ui-1.8.16.min.js', 'head'); elgg_register_js('jquery.form', '/vendors/jquery/jquery.form.js'); - + + elgg_register_simplecache_view('js/elgg'); $elgg_js_url = elgg_get_simplecache_url('js', 'elgg'); elgg_register_js('elgg', $elgg_js_url, 'head'); @@ -1626,14 +1601,17 @@ function elgg_views_boot() { elgg_load_js('elgg'); elgg_register_simplecache_view('js/lightbox'); - elgg_register_simplecache_view('css/lightbox'); $lightbox_js_url = elgg_get_simplecache_url('js', 'lightbox'); elgg_register_js('lightbox', $lightbox_js_url); + + elgg_register_simplecache_view('css/lightbox'); $lightbox_css_url = elgg_get_simplecache_url('css', 'lightbox'); elgg_register_css('lightbox', $lightbox_css_url); + elgg_register_simplecache_view('css/elgg'); $elgg_css_url = elgg_get_simplecache_url('css', 'elgg'); elgg_register_css('elgg', $elgg_css_url); + elgg_load_css('elgg'); elgg_register_ajax_view('js/languages'); @@ -1647,7 +1625,7 @@ function elgg_views_boot() { $views = scandir($view_path); foreach ($views as $view) { - if ('.' !== substr($view, 0, 1) && is_dir($view_path . $view)) { + if ($view[0] !== '.' && is_dir($view_path . $view)) { elgg_register_viewtype($view); } } diff --git a/engine/lib/web_services.php b/engine/lib/web_services.php index da3ed76a9..c8e4a13cc 100644 --- a/engine/lib/web_services.php +++ b/engine/lib/web_services.php @@ -232,6 +232,7 @@ function execute_method($method) { $function = $API_METHODS[$method]["function"]; $serialised_parameters = trim($serialised_parameters, ", "); + // @todo document why we cannot use call_user_func_array here $result = eval("return $function($serialised_parameters);"); // Sanity check result @@ -1194,6 +1195,8 @@ $ERRORS = array(); * * @return void * @access private + * + * @throws Exception */ function _php_api_error_handler($errno, $errmsg, $filename, $linenum, $vars) { global $ERRORS; @@ -1278,11 +1281,9 @@ function service_handler($handler, $request) { // no handlers set or bad url header("HTTP/1.0 404 Not Found"); exit; - } else if (isset($CONFIG->servicehandler[$handler]) - && is_callable($CONFIG->servicehandler[$handler])) { - + } else if (isset($CONFIG->servicehandler[$handler]) && is_callable($CONFIG->servicehandler[$handler])) { $function = $CONFIG->servicehandler[$handler]; - $function($request, $handler); + call_user_func($function, $request, $handler); } else { // no handler for this web service header("HTTP/1.0 404 Not Found"); @@ -1301,10 +1302,11 @@ function service_handler($handler, $request) { */ function register_service_handler($handler, $function) { global $CONFIG; + if (!isset($CONFIG->servicehandler)) { $CONFIG->servicehandler = array(); } - if (is_callable($function)) { + if (is_callable($function, true)) { $CONFIG->servicehandler[$handler] = $function; return true; } @@ -1319,11 +1321,13 @@ function register_service_handler($handler, $function) { * * @param string $handler web services type * - * @return 1.7.0 + * @return void + * @since 1.7.0 */ function unregister_service_handler($handler) { global $CONFIG; - if (isset($CONFIG->servicehandler) && isset($CONFIG->servicehandler[$handler])) { + + if (isset($CONFIG->servicehandler, $CONFIG->servicehandler[$handler])) { unset($CONFIG->servicehandler[$handler]); } } @@ -1333,6 +1337,8 @@ function unregister_service_handler($handler) { * * @return void * @access private + * + * @throws SecurityException|APIException */ function rest_handler() { global $CONFIG; @@ -1387,7 +1393,7 @@ function rest_handler() { /** * Unit tests for API * - * @param sting $hook unit_test + * @param string $hook unit_test * @param string $type system * @param mixed $value Array of tests * @param mixed $params Params @@ -1397,6 +1403,7 @@ function rest_handler() { */ function api_unit_test($hook, $type, $value, $params) { global $CONFIG; + $value[] = $CONFIG->path . 'engine/tests/services/api.php'; return $value; } @@ -1418,15 +1425,18 @@ function api_init() { elgg_echo("system.api.list"), "GET", false, false); // The authentication token api - expose_function("auth.gettoken", - "auth_gettoken", array( - 'username' => array ('type' => 'string'), - 'password' => array ('type' => 'string'), - ), - elgg_echo('auth.gettoken'), - 'POST', - false, - false); + expose_function( + "auth.gettoken", + "auth_gettoken", + array( + 'username' => array ('type' => 'string'), + 'password' => array ('type' => 'string'), + ), + elgg_echo('auth.gettoken'), + 'POST', + false, + false + ); } diff --git a/engine/lib/xml.php b/engine/lib/xml.php index 813bc4ee0..ff82d7e8a 100644 --- a/engine/lib/xml.php +++ b/engine/lib/xml.php @@ -101,47 +101,11 @@ function serialise_array_to_xml(array $data, $n = 0) { /** * Parse an XML file into an object. - * Based on code from http://de.php.net/manual/en/function.xml-parse-into-struct.php by - * efredricksen at gmail dot com * * @param string $xml The XML * * @return object */ function xml_to_object($xml) { - $parser = xml_parser_create(); - - // Parse $xml into a structure - xml_parser_set_option($parser, XML_OPTION_SKIP_WHITE, 1); - xml_parser_set_option($parser, XML_OPTION_CASE_FOLDING, 0); - xml_parse_into_struct($parser, $xml, $tags); - - xml_parser_free($parser); - - $elements = array(); - $stack = array(); - - foreach ($tags as $tag) { - $index = count($elements); - - if ($tag['type'] == "complete" || $tag['type'] == "open") { - $elements[$index] = new XmlElement; - $elements[$index]->name = $tag['tag']; - $elements[$index]->attributes = elgg_extract('attributes', $tag, ''); - $elements[$index]->content = elgg_extract('value', $tag, ''); - - if ($tag['type'] == "open") { - $elements[$index]->children = array(); - $stack[count($stack)] = &$elements; - $elements = &$elements[$index]->children; - } - } - - if ($tag['type'] == "close") { - $elements = &$stack[count($stack) - 1]; - unset($stack[count($stack) - 1]); - } - } - - return $elements[0]; + return new ElggXMLElement($xml); } diff --git a/engine/tests/api/metadata.php b/engine/tests/api/metadata.php index 9933263d1..825290d80 100644 --- a/engine/tests/api/metadata.php +++ b/engine/tests/api/metadata.php @@ -102,14 +102,14 @@ class ElggCoreMetadataAPITest extends ElggCoreUnitTest { $e = new ElggObject(); $e->save(); - for ($i=0; $i<30; $i++) { - $name = "test_metadata" . rand(0, 10000); + for ($i = 0; $i < 30; $i++) { + $name = "test_metadata$i"; $e->$name = rand(0, 10000); } $options = array( 'guid' => $e->getGUID(), - 'limit' => 0 + 'limit' => 0, ); $md = elgg_get_metadata($options); diff --git a/install/ElggInstaller.php b/install/ElggInstaller.php index 03c84a43e..934b38d28 100644 --- a/install/ElggInstaller.php +++ b/install/ElggInstaller.php @@ -157,7 +157,7 @@ class ElggInstaller { 'password', ); foreach ($requiredParams as $key) { - if (!array_key_exists($key, $params)) { + if (empty($params[$key])) { $msg = elgg_echo('install:error:requiredfield', array($key)); throw new InstallationException($msg); } diff --git a/install/cli/sample_installer.php b/install/cli/sample_installer.php index 954169a6a..0bae0cd23 100644 --- a/install/cli/sample_installer.php +++ b/install/cli/sample_installer.php @@ -3,10 +3,27 @@ * Sample cli installer script */ +$enabled = false; + +// Do not edit below this line. ////////////////////////////// + + +if (!$enabled) { + echo "To enable this script, change \$enabled to true.\n"; + echo "You *must* disable this script after a successful installation.\n"; + exit; +} + +if (PHP_SAPI !== 'cli') { + echo "You must use the command line to run this script."; + exit; +} + require_once(dirname(dirname(__FILE__)) . "/ElggInstaller.php"); $installer = new ElggInstaller(); +// none of the following may be empty $params = array( // database parameters 'dbuser' => '', @@ -28,3 +45,21 @@ $params = array( // install and create the .htaccess file $installer->batchInstall($params, TRUE); + +// at this point installation has completed (otherwise an exception halted execution). + +// try to rewrite the script to disable it. +if (is_writable(__FILE__)) { + $code = file_get_contents(__FILE__); + if (preg_match('~\\$enabled\\s*=\\s*(true|1)\\s*;~i', $code)) { + // looks safe to rewrite + $code = preg_replace('~\\$enabled\\s*=\\s*(true|1)\\s*;~i', '$enabled = false;', $code); + file_put_contents(__FILE__, $code); + + echo "\nNote: This script has been disabled for your safety.\n"; + exit; + } +} + +echo "\nWarning: You *must* disable this script by setting \$enabled = false;.\n"; +echo "Leaving this script enabled could endanger your installation.\n"; diff --git a/js/lib/ui.js b/js/lib/ui.js index 616e71d54..2a4d269d6 100644 --- a/js/lib/ui.js +++ b/js/lib/ui.js @@ -283,7 +283,7 @@ elgg.ui.initDatePicker = function() { dataType: "script", cache: true, success: loadDatePicker, - error: loadDatePicker, // english language is already loaded. + error: loadDatePicker // english language is already loaded. }); } }; diff --git a/js/tests/ElggLibTest.js b/js/tests/ElggLibTest.js index a29ebf743..2a676e22a 100644 --- a/js/tests/ElggLibTest.js +++ b/js/tests/ElggLibTest.js @@ -99,7 +99,7 @@ ElggLibTest.prototype.testNormalizeUrl = function() { ['/mod/plugin/file.php', elgg.config.wwwroot + 'mod/plugin/file.php'], ['/mod/plugin/file.php?p=v&p2=v2', elgg.config.wwwroot + 'mod/plugin/file.php?p=v&p2=v2'], ['/rootfile.php', elgg.config.wwwroot + 'rootfile.php'], - ['/rootfile.php?p=v&p2=v2', elgg.config.wwwroot + 'rootfile.php?p=v&p2=v2'], + ['/rootfile.php?p=v&p2=v2', elgg.config.wwwroot + 'rootfile.php?p=v&p2=v2'] ].forEach(function(args) { assertEquals(args[1], elgg.normalize_url(args[0])); diff --git a/languages/en.php b/languages/en.php index bb5376a44..2b5ba00fd 100644 --- a/languages/en.php +++ b/languages/en.php @@ -229,6 +229,7 @@ $english = array( 'LoginException:PasswordFailure' => 'We could not log you in. Please check your username/email and password.', 'LoginException:AccountLocked' => 'Your account has been locked for too many log in failures.', 'LoginException:ChangePasswordFailure' => 'Failed current password check.', + 'LoginException:Unknown' => 'We could not log you in due to an unknown error.', 'deprecatedfunction' => 'Warning: This code uses the deprecated function \'%s\' and is not compatible with this version of Elgg', @@ -581,6 +582,7 @@ $english = array( 'admin:users' => "Users", 'admin:users:online' => 'Currently Online', 'admin:users:newest' => 'Newest', + 'admin:users:admins' => 'Administrators', 'admin:users:add' => 'Add New User', 'admin:users:description' => "This admin panel allows you to control user settings for your site. Choose an option below to get started.", 'admin:users:adduser:label' => "Click here to add a new user...", @@ -732,6 +734,7 @@ $english = array( 'admin:statistics:label:numusers' => "Number of users", 'admin:statistics:label:numonline' => "Number of users online", 'admin:statistics:label:onlineusers' => "Users online now", + 'admin:statistics:label:admins'=>"Admins", 'admin:statistics:label:version' => "Elgg version", 'admin:statistics:label:version:release' => "Release", 'admin:statistics:label:version:version' => "Version", diff --git a/mod/blog/lib/blog.php b/mod/blog/lib/blog.php index 4622a9e7e..3c71dfbab 100644 --- a/mod/blog/lib/blog.php +++ b/mod/blog/lib/blog.php @@ -50,7 +50,7 @@ function blog_get_page_content_read($guid = NULL) { /** * Get page components to list a user's or all blogs. * - * @param int $owner_guid The GUID of the page owner or NULL for all blogs + * @param int $container_guid The GUID of the page owner or NULL for all blogs * @return array */ function blog_get_page_content_list($container_guid = NULL) { @@ -62,10 +62,11 @@ function blog_get_page_content_list($container_guid = NULL) { $options = array( 'type' => 'object', 'subtype' => 'blog', - 'full_view' => FALSE, + 'full_view' => false, ); - $loggedin_userid = elgg_get_logged_in_user_guid(); + $current_user = elgg_get_logged_in_user_entity(); + if ($container_guid) { // access check for closed groups group_gatekeeper(); @@ -80,7 +81,7 @@ function blog_get_page_content_list($container_guid = NULL) { $crumbs_title = $container->name; elgg_push_breadcrumb($crumbs_title); - if ($container_guid == $loggedin_userid) { + if ($current_user && ($container_guid == $current_user->guid)) { $return['filter_context'] = 'mine'; } else if (elgg_instanceof($container, 'group')) { $return['filter'] = false; @@ -99,7 +100,13 @@ function blog_get_page_content_list($container_guid = NULL) { // show all posts for admin or users looking at their own blogs // show only published posts for other users. - if (!(elgg_is_admin_logged_in() || (elgg_is_logged_in() && $container_guid == $loggedin_userid))) { + $show_only_published = true; + if ($current_user) { + if (($current_user->guid == $container_guid) || $current_user->isAdmin()) { + $show_only_published = false; + } + } + if ($show_only_published) { $options['metadata_name_value_pairs'] = array( array('name' => 'status', 'value' => 'published'), ); @@ -155,11 +162,14 @@ function blog_get_page_content_friends($user_guid) { // admin / owners can see any posts // everyone else can only see published posts - if (!(elgg_is_admin_logged_in() || (elgg_is_logged_in() && $owner_guid == elgg_get_logged_in_user_guid()))) { - if ($upper > $now) { - $upper = $now; + $show_only_published = true; + $current_user = elgg_get_logged_in_user_entity(); + if ($current_user) { + if (($user_guid == $current_user->guid) || $current_user->isAdmin()) { + $show_only_published = false; } - + } + if ($show_only_published) { $options['metadata_name_value_pairs'][] = array( array('name' => 'status', 'value' => 'published') ); @@ -240,9 +250,9 @@ function blog_get_page_content_archive($owner_guid, $lower = 0, $upper = 0) { $list = elgg_list_entities_from_metadata($options); if (!$list) { - $content .= elgg_echo('blog:none'); + $content = elgg_echo('blog:none'); } else { - $content .= $list; + $content = $list; } $title = elgg_echo('date:month:' . date('m', $lower), array(date('Y', $lower))); @@ -274,6 +284,7 @@ function blog_get_page_content_edit($page, $guid = 0, $revision = NULL) { $vars['id'] = 'blog-post-edit'; $vars['class'] = 'elgg-form-alt'; + $sidebar = ''; if ($page == 'edit') { $blog = get_entity((int)$guid); @@ -310,14 +321,8 @@ function blog_get_page_content_edit($page, $guid = 0, $revision = NULL) { $content = elgg_echo('blog:error:cannot_edit_post'); } } else { - if (!$guid) { - $container = elgg_get_logged_in_user_entity(); - } else { - $container = get_entity($guid); - } - elgg_push_breadcrumb(elgg_echo('blog:add')); - $body_vars = blog_prepare_form_vars($blog); + $body_vars = blog_prepare_form_vars(null); $title = elgg_echo('blog:add'); $content = elgg_view_form('blog/save', $vars, $body_vars); @@ -384,7 +389,7 @@ function blog_prepare_form_vars($post = NULL, $revision = NULL) { if ($auto_save_annotations = $post->getAnnotations('blog_auto_save', 1)) { $auto_save = $auto_save_annotations[0]; } else { - $auto_save == FALSE; + $auto_save = false; } if ($auto_save && $auto_save->id != $revision->id) { @@ -396,52 +401,74 @@ function blog_prepare_form_vars($post = NULL, $revision = NULL) { /** * Forward to the new style of URLs + * + * Pre-1.7.5 + * Group blogs page: /blog/group:<container_guid>/ + * Group blog view: /blog/group:<container_guid>/read/<guid>/<title> + * 1.7.5-1.8 + * Group blogs page: /blog/owner/group:<container_guid>/ + * Group blog view: /blog/read/<guid> + * * * @param string $page */ function blog_url_forwarder($page) { - global $CONFIG; + + $viewtype = elgg_get_viewtype(); + $qs = ($viewtype === 'default') ? "" : "?view=$viewtype"; + + $url = "blog/all"; + + // easier to work with & no notices + $page = array_pad($page, 4, ""); // group usernames - if (substr_count($page[0], 'group:')) { - preg_match('/group\:([0-9]+)/i', $page[0], $matches); + if (preg_match('~/group\:([0-9]+)/~', "/{$page[0]}/{$page[1]}/", $matches)) { $guid = $matches[1]; $entity = get_entity($guid); - if ($entity) { - $url = "{$CONFIG->wwwroot}blog/group/$guid/all"; + if (elgg_instanceof($entity, 'group')) { + if (!empty($page[2])) { + $url = "blog/view/$page[2]/"; + } else { + $url = "blog/group/$guid/all"; + } register_error(elgg_echo("changebookmark")); - forward($url); + forward($url . $qs); } } + if (empty($page[0])) { + return; + } + // user usernames $user = get_user_by_username($page[0]); if (!$user) { return; } - if (!isset($page[1])) { + if (empty($page[1])) { $page[1] = 'owner'; } switch ($page[1]) { case "read": - $url = "{$CONFIG->wwwroot}blog/view/{$page[2]}/{$page[3]}"; + $url = "blog/view/{$page[2]}/{$page[3]}"; break; case "archive": - $url = "{$CONFIG->wwwroot}blog/archive/{$page[0]}/{$page[2]}/{$page[3]}"; + $url = "blog/archive/{$page[0]}/{$page[2]}/{$page[3]}"; break; case "friends": - $url = "{$CONFIG->wwwroot}blog/friends/{$page[0]}"; + $url = "blog/friends/{$page[0]}"; break; case "new": - $url = "{$CONFIG->wwwroot}blog/add/$user->guid"; + $url = "blog/add/$user->guid"; break; case "owner": - $url = "{$CONFIG->wwwroot}blog/owner/{$page[0]}"; + $url = "blog/owner/{$page[0]}"; break; } register_error(elgg_echo("changebookmark")); - forward($url); + forward($url . $qs); } diff --git a/mod/blog/start.php b/mod/blog/start.php index 9faf1794e..8cbaf5cca 100644 --- a/mod/blog/start.php +++ b/mod/blog/start.php @@ -99,8 +99,7 @@ function blog_page_handler($page) { elgg_load_library('elgg:blog'); - // @todo remove the forwarder in 1.9 - // forward to correct URL for blog pages pre-1.7.5 + // forward to correct URL for blog pages pre-1.8 blog_url_forwarder($page); // push all blogs breadcrumb diff --git a/mod/blog/views/default/forms/blog/save.php b/mod/blog/views/default/forms/blog/save.php index 0aefae0d9..36fa2e0e8 100644 --- a/mod/blog/views/default/forms/blog/save.php +++ b/mod/blog/views/default/forms/blog/save.php @@ -23,7 +23,7 @@ if ($vars['guid']) { $delete_link = elgg_view('output/confirmlink', array( 'href' => $delete_url, 'text' => elgg_echo('delete'), - 'class' => 'elgg-button elgg-button-delete elgg-state-disabled float-alt' + 'class' => 'elgg-button elgg-button-delete float-alt' )); } @@ -53,7 +53,7 @@ $excerpt_label = elgg_echo('blog:excerpt'); $excerpt_input = elgg_view('input/text', array( 'name' => 'excerpt', 'id' => 'blog_excerpt', - 'value' => html_entity_decode($vars['excerpt'], ENT_COMPAT, 'UTF-8') + 'value' => _elgg_html_decode($vars['excerpt']) )); $body_label = elgg_echo('blog:body'); diff --git a/mod/file/thumbnail.php b/mod/file/thumbnail.php index 35bf8c7f7..851f13a8f 100644 --- a/mod/file/thumbnail.php +++ b/mod/file/thumbnail.php @@ -46,7 +46,7 @@ if ($simpletype == "image") { // caching images for 10 days header("Content-type: $mime"); - header('Expires: ' . date('r',time() + 864000)); + header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', strtotime("+10 days")), true); header("Pragma: public", true); header("Cache-Control: public", true); header("Content-Length: " . strlen($contents)); diff --git a/mod/groups/actions/groups/edit.php b/mod/groups/actions/groups/edit.php index a4169461a..d0689be2e 100644 --- a/mod/groups/actions/groups/edit.php +++ b/mod/groups/actions/groups/edit.php @@ -5,27 +5,25 @@ * @package ElggGroups */ -// Load configuration -global $CONFIG; +elgg_make_sticky_form('groups'); /** * wrapper for recursive array walk decoding */ function profile_array_decoder(&$v) { - $v = html_entity_decode($v, ENT_COMPAT, 'UTF-8'); + $v = _elgg_html_decode($v); } -elgg_make_sticky_form('groups'); - // Get group fields $input = array(); -foreach ($CONFIG->group as $shortname => $valuetype) { - // another work around for Elgg's encoding problems: #561, #1963 +foreach (elgg_get_config('group') as $shortname => $valuetype) { $input[$shortname] = get_input($shortname); + + // @todo treat profile fields as unescaped: don't filter, encode on output if (is_array($input[$shortname])) { array_walk_recursive($input[$shortname], 'profile_array_decoder'); } else { - $input[$shortname] = html_entity_decode($input[$shortname], ENT_COMPAT, 'UTF-8'); + $input[$shortname] = _elgg_html_decode($input[$shortname]); } if ($valuetype == 'tags') { @@ -38,15 +36,17 @@ $input['name'] = htmlspecialchars(get_input('name', '', false), ENT_QUOTES, 'UTF $user = elgg_get_logged_in_user_entity(); $group_guid = (int)get_input('group_guid'); -$new_group_flag = $group_guid == 0; +$is_new_group = $group_guid == 0; -if ($new_group_flag && elgg_get_plugin_setting('limited_groups', 'groups') == 'yes' && !elgg_is_admin_logged_in()) { +if ($is_new_group + && (elgg_get_plugin_setting('limited_groups', 'groups') == 'yes') + && !$user->isAdmin()) { register_error(elgg_echo("groups:cantcreate")); forward(REFERER); } $group = new ElggGroup($group_guid); // load if present, if not create a new group -if (($group_guid) && (!$group->canEdit())) { +if ($group_guid && !$group->canEdit()) { register_error(elgg_echo("groups:cantedit")); forward(REFERER); } @@ -61,37 +61,46 @@ if (sizeof($input) > 0) { // Validate create if (!$group->name) { register_error(elgg_echo("groups:notitle")); - forward(REFERER); } // Set group tool options -if (isset($CONFIG->group_tool_options)) { - foreach ($CONFIG->group_tool_options as $group_option) { - $group_option_toggle_name = $group_option->name . "_enable"; - if ($group_option->default_on) { - $group_option_default_value = 'yes'; - } else { - $group_option_default_value = 'no'; - } - $group->$group_option_toggle_name = get_input($group_option_toggle_name, $group_option_default_value); +$tool_options = elgg_get_config('group_tool_options'); +if ($tool_options) { + foreach ($tool_options as $group_option) { + $option_toggle_name = $group_option->name . "_enable"; + $option_default = $group_option->default_on ? 'yes' : 'no'; + $group->$option_toggle_name = get_input($option_toggle_name, $option_default); } } // Group membership - should these be treated with same constants as access permissions? -switch (get_input('membership')) { - case ACCESS_PUBLIC: - $group->membership = ACCESS_PUBLIC; - break; - default: - $group->membership = ACCESS_PRIVATE; -} +$is_public_membership = (get_input('membership') == ACCESS_PUBLIC); +$group->membership = $is_public_membership ? ACCESS_PUBLIC : ACCESS_PRIVATE; -if ($new_group_flag) { +if ($is_new_group) { $group->access_id = ACCESS_PUBLIC; } +$old_owner_guid = $is_new_group ? 0 : $group->owner_guid; +$new_owner_guid = (int) get_input('owner_guid'); + +$owner_has_changed = false; +$old_icontime = null; +if (!$is_new_group && $new_owner_guid && $new_owner_guid != $old_owner_guid) { + // verify new owner is member and old owner/admin is logged in + if (is_group_member($group_guid, $new_owner_guid) && ($old_owner_guid == $user->guid || $user->isAdmin())) { + $group->owner_guid = $new_owner_guid; + + // @todo Remove this when #4683 fixed + $owner_has_changed = true; + $old_icontime = $group->icontime; + } +} + +$must_move_icons = ($owner_has_changed && $old_icontime); + $group->save(); // Invisible group support @@ -115,14 +124,18 @@ $group->save(); elgg_clear_sticky_form('groups'); // group creator needs to be member of new group and river entry created -if ($new_group_flag) { +if ($is_new_group) { + + // @todo this should not be necessary... elgg_set_page_owner_guid($group->guid); + $group->join($user); add_to_river('river/group/create', 'create', $user->guid, $group->guid, $group->access_id); } -// Now see if we have a file icon -if ((isset($_FILES['icon'])) && (substr_count($_FILES['icon']['type'],'image/'))) { +$has_uploaded_icon = (!empty($_FILES['icon']['type']) && substr_count($_FILES['icon']['type'], 'image/')); + +if ($has_uploaded_icon) { $icon_sizes = elgg_get_config('icon_sizes'); @@ -134,38 +147,58 @@ if ((isset($_FILES['icon'])) && (substr_count($_FILES['icon']['type'],'image/')) $filehandler->open("write"); $filehandler->write(get_uploaded_file('icon')); $filehandler->close(); + $filename = $filehandler->getFilenameOnFilestore(); + + $sizes = array('tiny', 'small', 'medium', 'large'); + + $thumbs = array(); + foreach ($sizes as $size) { + $thumbs[$size] = get_resized_image_from_existing_file( + $filename, + $icon_sizes[$size]['w'], + $icon_sizes[$size]['h'], + $icon_sizes[$size]['square'] + ); + } - $thumbtiny = get_resized_image_from_existing_file($filehandler->getFilenameOnFilestore(), $icon_sizes['tiny']['w'], $icon_sizes['tiny']['h'], $icon_sizes['tiny']['square']); - $thumbsmall = get_resized_image_from_existing_file($filehandler->getFilenameOnFilestore(), $icon_sizes['small']['w'], $icon_sizes['small']['h'], $icon_sizes['small']['square']); - $thumbmedium = get_resized_image_from_existing_file($filehandler->getFilenameOnFilestore(), $icon_sizes['medium']['w'], $icon_sizes['medium']['h'], $icon_sizes['medium']['square']); - $thumblarge = get_resized_image_from_existing_file($filehandler->getFilenameOnFilestore(), $icon_sizes['large']['w'], $icon_sizes['large']['h'], $icon_sizes['large']['square']); - if ($thumbtiny) { - + if ($thumbs['tiny']) { // just checking if resize successful $thumb = new ElggFile(); $thumb->owner_guid = $group->owner_guid; $thumb->setMimeType('image/jpeg'); - $thumb->setFilename($prefix."tiny.jpg"); - $thumb->open("write"); - $thumb->write($thumbtiny); - $thumb->close(); + foreach ($sizes as $size) { + $thumb->setFilename("{$prefix}{$size}.jpg"); + $thumb->open("write"); + $thumb->write($thumbs[$size]); + $thumb->close(); + } - $thumb->setFilename($prefix."small.jpg"); - $thumb->open("write"); - $thumb->write($thumbsmall); - $thumb->close(); + $group->icontime = time(); + } +} - $thumb->setFilename($prefix."medium.jpg"); - $thumb->open("write"); - $thumb->write($thumbmedium); - $thumb->close(); +// @todo Remove this when #4683 fixed +if ($must_move_icons) { + $filehandler = new ElggFile(); + $filehandler->setFilename('groups'); + $filehandler->owner_guid = $old_owner_guid; + $old_path = $filehandler->getFilenameOnFilestore(); - $thumb->setFilename($prefix."large.jpg"); - $thumb->open("write"); - $thumb->write($thumblarge); - $thumb->close(); + $sizes = array('', 'tiny', 'small', 'medium', 'large'); - $group->icontime = time(); + if ($has_uploaded_icon) { + // delete those under old owner + foreach ($sizes as $size) { + unlink("$old_path/{$group_guid}{$size}.jpg"); + } + } else { + // move existing to new owner + $filehandler->owner_guid = $group->owner_guid; + $new_path = $filehandler->getFilenameOnFilestore(); + + foreach ($sizes as $size) { + rename("$old_path/{$group_guid}{$size}.jpg", "$new_path/{$group_guid}{$size}.jpg"); + } } } diff --git a/mod/groups/icon.php b/mod/groups/icon.php index 1bd240ea6..ebdc1eb6d 100644 --- a/mod/groups/icon.php +++ b/mod/groups/icon.php @@ -18,7 +18,7 @@ if (!($group instanceof ElggGroup)) { // If is the same ETag, content didn't changed. $etag = $group->icontime . $group_guid; -if (isset($_SERVER['HTTP_IF_NONE_MATCH']) && trim($_SERVER['HTTP_IF_NONE_MATCH']) == $etag) { +if (isset($_SERVER['HTTP_IF_NONE_MATCH']) && trim($_SERVER['HTTP_IF_NONE_MATCH']) == "\"$etag\"") { header("HTTP/1.1 304 Not Modified"); exit; } @@ -46,9 +46,9 @@ if (!$success) { } header("Content-type: image/jpeg"); -header('Expires: ' . date('r',time() + 864000)); +header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', strtotime("+10 days")), true); header("Pragma: public"); header("Cache-Control: public"); header("Content-Length: " . strlen($contents)); -header("ETag: $etag"); +header("ETag: \"$etag\""); echo $contents; diff --git a/mod/groups/languages/en.php b/mod/groups/languages/en.php index 0ca980108..0d57f1680 100644 --- a/mod/groups/languages/en.php +++ b/mod/groups/languages/en.php @@ -35,6 +35,7 @@ $english = array( 'groups:membership' => "Group membership permissions", 'groups:access' => "Access permissions", 'groups:owner' => "Owner", + 'groups:owner:warning' => "Warning: if you change this value, you will no longer be the owner of this group.", 'groups:widget:num_display' => 'Number of groups to display', 'groups:widget:membership' => 'Group membership', 'groups:widgets:description' => 'Display the groups you are a member of on your profile', diff --git a/mod/groups/views/default/forms/groups/edit.php b/mod/groups/views/default/forms/groups/edit.php index 532e89c35..41d97e6c3 100644 --- a/mod/groups/views/default/forms/groups/edit.php +++ b/mod/groups/views/default/forms/groups/edit.php @@ -83,6 +83,42 @@ if (elgg_get_plugin_setting('hidden_groups', 'groups') == 'yes') { <?php } +if (isset($vars['entity'])) { + $entity = $vars['entity']; + $owner_guid = $vars['entity']->owner_guid; +} else { + $entity = false; +} + +if ($entity && ($owner_guid == elgg_get_logged_in_user_guid() || elgg_is_admin_logged_in())) { + $owner_guid = $vars['entity']->owner_guid; + $members = array(); + foreach ($vars['entity']->getMembers(0) as $member) { + $members[$member->guid] = "$member->name (@$member->username)"; + } +?> + +<div> + <label> + <?php echo elgg_echo('groups:owner'); ?><br /> + <?php echo elgg_view('input/dropdown', array( + 'name' => 'owner_guid', + 'value' => $owner_guid, + 'options_values' => $members, + 'class' => 'groups-owner-input', + )); + ?> + </label> + <?php + if ($owner_guid == elgg_get_logged_in_user_guid()) { + echo '<span class="elgg-text-help">' . elgg_echo('groups:owner:warning') . '</span>'; + } + ?> +</div> + +<?php +} + $tools = elgg_get_config('group_tool_options'); if ($tools) { usort($tools, create_function('$a,$b', 'return strcmp($a->label,$b->label);')); @@ -111,7 +147,7 @@ if ($tools) { <div class="elgg-foot"> <?php -if (isset($entity)) { +if ($entity) { echo elgg_view('input/hidden', array( 'name' => 'group_guid', 'value' => $entity->getGUID(), @@ -120,7 +156,7 @@ if (isset($entity)) { echo elgg_view('input/submit', array('value' => elgg_echo('save'))); -if (isset($entity)) { +if ($entity) { $delete_url = 'action/groups/delete?guid=' . $entity->getGUID(); echo elgg_view('output/confirmlink', array( 'text' => elgg_echo('groups:delete'), diff --git a/mod/groups/views/default/groups/js.php b/mod/groups/views/default/groups/js.php index 1b4d33f32..0319be14a 100644 --- a/mod/groups/views/default/groups/js.php +++ b/mod/groups/views/default/groups/js.php @@ -1,3 +1,10 @@ +<?php +/** + * Javascript for Groups forms + * + * @package ElggGroups + */ +?> // this adds a class to support IE8 and older elgg.register_hook_handler('init', 'system', function() { diff --git a/mod/groups/views/rss/groups/profile/layout.php b/mod/groups/views/rss/groups/profile/layout.php index 3eeb9eaf2..0dafe78ad 100644 --- a/mod/groups/views/rss/groups/profile/layout.php +++ b/mod/groups/views/rss/groups/profile/layout.php @@ -7,7 +7,12 @@ * @uses $vars['entity'] ElggGroup object */ -echo elgg_list_entities(array( - 'type' => 'object', - 'container_guid' => $vars['entity']->getGUID(), -)); +$entities = elgg_get_config('registered_entities'); + +if (!empty($entities['object'])) { + echo elgg_list_entities(array( + 'type' => 'object', + 'subtypes' => $entities['object'], + 'container_guid' => $vars['entity']->getGUID(), + )); +} diff --git a/mod/messageboard/views/default/river/object/messageboard/create.php b/mod/messageboard/views/default/river/object/messageboard/create.php index 7ce7f6b4e..ac10a55c1 100644 --- a/mod/messageboard/views/default/river/object/messageboard/create.php +++ b/mod/messageboard/views/default/river/object/messageboard/create.php @@ -1,11 +1,12 @@ -<?php -/** - * Messageboard river view - */ - -$messageboard = $vars['item']->getAnnotation(); - -echo elgg_view('river/elements/layout', array( - 'item' => $vars['item'], - 'message' => $messageboard->value, -)); +<?php
+/**
+ * Messageboard river view
+ */
+
+$messageboard = $vars['item']->getAnnotation();
+$excerpt = elgg_get_excerpt($messageboard->value);
+
+echo elgg_view('river/elements/layout', array(
+ 'item' => $vars['item'],
+ 'message' => $excerpt,
+));
diff --git a/mod/messages/pages/messages/read.php b/mod/messages/pages/messages/read.php index eb36eaa4b..4223c6bac 100644 --- a/mod/messages/pages/messages/read.php +++ b/mod/messages/pages/messages/read.php @@ -38,9 +38,9 @@ if ($inbox) { ); $body_params = array('message' => $message); $content .= elgg_view_form('messages/reply', $form_params, $body_params); - $from_user = get_user($message->fromID); + $from_user = get_user($message->fromId); - if (elgg_get_logged_in_user_guid() == elgg_get_page_owner_guid() && $from_user) { + if ((elgg_get_logged_in_user_guid() == elgg_get_page_owner_guid()) && $from_user) { elgg_register_menu_item('title', array( 'name' => 'reply', 'href' => '#messages-reply-form', diff --git a/mod/profile/icondirect.php b/mod/profile/icondirect.php index c4439f78c..dbab5d31f 100644 --- a/mod/profile/icondirect.php +++ b/mod/profile/icondirect.php @@ -23,7 +23,7 @@ $guid = (int)$_GET['guid']; // If is the same ETag, content didn't changed. $etag = $last_cache . $guid; -if (isset($_SERVER['HTTP_IF_NONE_MATCH']) && trim($_SERVER['HTTP_IF_NONE_MATCH']) == $etag) { +if (isset($_SERVER['HTTP_IF_NONE_MATCH']) && trim($_SERVER['HTTP_IF_NONE_MATCH']) == "\"$etag\"") { header("HTTP/1.1 304 Not Modified"); exit; } @@ -55,19 +55,15 @@ if ($mysql_dblink) { $user_path = date('Y/m/d/', $join_date) . $guid; $filename = "$data_root$user_path/profile/{$guid}{$size}.jpg"; - $contents = @file_get_contents($filename); - if (!empty($contents)) { + $size = @filesize($filename); + if ($size) { header("Content-type: image/jpeg"); - header('Expires: ' . date('r', strtotime("+6 months")), true); + header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', strtotime("+6 months")), true); header("Pragma: public"); header("Cache-Control: public"); - header("Content-Length: " . strlen($contents)); - header("ETag: $etag"); - // this chunking is done for supposedly better performance - $split_string = str_split($contents, 1024); - foreach ($split_string as $chunk) { - echo $chunk; - } + header("Content-Length: $size"); + header("ETag: \"$etag\""); + readfile($filename); exit; } } diff --git a/mod/profile/views/default/profile/details.php b/mod/profile/views/default/profile/details.php index 3af5cb756..7b05b0e15 100644 --- a/mod/profile/views/default/profile/details.php +++ b/mod/profile/views/default/profile/details.php @@ -28,7 +28,7 @@ if (is_array($profile_fields) && sizeof($profile_fields) > 0) { <div class="<?php echo $even_odd; ?>"> <b><?php echo elgg_echo("profile:{$shortname}"); ?>: </b> <?php - echo elgg_view("output/{$valtype}", array('value' => $user->$shortname)); + echo elgg_view("output/{$valtype}", array('value' => $value)); ?> </div> <?php diff --git a/mod/twitter/views/default/widgets/twitter/content.php b/mod/twitter/views/default/widgets/twitter/content.php index e429d0103..c616d944c 100644 --- a/mod/twitter/views/default/widgets/twitter/content.php +++ b/mod/twitter/views/default/widgets/twitter/content.php @@ -20,7 +20,7 @@ if ($username) { <ul id="twitter_update_list"></ul> <p class="visit_twitter"><a href="http://twitter.com/<?php echo $username; ?>"><?php echo elgg_echo("twitter:visit"); ?></a></p> <script type="text/javascript" src="http://twitter.com/javascripts/blogger.js"></script> - <script type="text/javascript" src="http://twitter.com/statuses/user_timeline/<?php echo $username; ?>.json?callback=twitterCallback2&count=<?php echo $num; ?>"></script> + <script type="text/javascript" src="https://api.twitter.com/1/statuses/user_timeline/<?php echo $username; ?>.json?callback=twitterCallback2&count=<?php echo $num; ?>"></script> </div> <?php diff --git a/mod/twitter_api/vendors/twitteroauth/OAuth.php b/mod/twitter_api/vendors/twitteroauth/OAuth.php index b0e3cfd5e..e132a5bc8 100644 --- a/mod/twitter_api/vendors/twitteroauth/OAuth.php +++ b/mod/twitter_api/vendors/twitteroauth/OAuth.php @@ -78,6 +78,7 @@ class twitterOAuthRequest extends OAuthRequest { private $http_url; // for debug purposes public $base_string; + public static $version = '1.0'; public static $POST_INPUT = 'php://input'; function __construct($http_method, $http_url, $parameters=NULL) { @@ -145,7 +146,7 @@ class twitterOAuthRequest extends OAuthRequest { */ public static function from_consumer_and_token($consumer, $token, $http_method, $http_url, $parameters=NULL) { @$parameters or $parameters = array(); - $defaults = array("oauth_version" => '1.0', + $defaults = array("oauth_version" => twitterOAuthRequest::$version, "oauth_nonce" => twitterOAuthRequest::generate_nonce(), "oauth_timestamp" => twitterOAuthRequest::generate_timestamp(), "oauth_consumer_key" => $consumer->key); diff --git a/mod/twitter_api/vendors/twitteroauth/twitterOAuth.php b/mod/twitter_api/vendors/twitteroauth/twitterOAuth.php index a1021ce6f..f36e6158d 100644 --- a/mod/twitter_api/vendors/twitteroauth/twitterOAuth.php +++ b/mod/twitter_api/vendors/twitteroauth/twitterOAuth.php @@ -43,8 +43,8 @@ class TwitterOAuth { * Set API URLS */ function accessTokenURL() { return 'https://api.twitter.com/oauth/access_token'; } - function authenticateURL() { return 'https://twitter.com/oauth/authenticate'; } - function authorizeURL() { return 'https://twitter.com/oauth/authorize'; } + function authenticateURL() { return 'https://api.twitter.com/oauth/authenticate'; } + function authorizeURL() { return 'https://api.twitter.com/oauth/authorize'; } function requestTokenURL() { return 'https://api.twitter.com/oauth/request_token'; } /** diff --git a/mod/uservalidationbyemail/start.php b/mod/uservalidationbyemail/start.php index f98f57faf..f44d2ab50 100644 --- a/mod/uservalidationbyemail/start.php +++ b/mod/uservalidationbyemail/start.php @@ -233,15 +233,23 @@ function uservalidationbyemail_public_pages($hook, $type, $return_value, $params * @param string $type * @param ElggUser $user * @return bool + * + * @throws LoginException */ function uservalidationbyemail_check_manual_login($event, $type, $user) { $access_status = access_get_show_hidden_status(); access_show_hidden_entities(TRUE); - // @todo register_error()? - $return = ($user instanceof ElggUser && !$user->isEnabled() && !$user->validated) ? FALSE : NULL; + if (($user instanceof ElggUser) && !$user->isEnabled() && !$user->validated) { + // send new validation email + uservalidationbyemail_request_validation($user->getGUID()); + + // restore hidden entities settings + access_show_hidden_entities($access_status); + + // throw error so we get a nice error message + throw new LoginException(elgg_echo('uservalidationbyemail:login:fail')); + } access_show_hidden_entities($access_status); - - return $return; } diff --git a/pages/avatar/view.php b/pages/avatar/view.php index bd6c95821..10d81fef1 100644 --- a/pages/avatar/view.php +++ b/pages/avatar/view.php @@ -46,7 +46,7 @@ if (!$success) { } header("Content-type: image/jpeg", true); -header('Expires: ' . date('r', strtotime("+6 months")), true); +header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', strtotime("+6 months")), true); header("Pragma: public", true); header("Cache-Control: public", true); header("Content-Length: " . strlen($contents)); diff --git a/version.php b/version.php index dda087c52..77d151bb6 100644 --- a/version.php +++ b/version.php @@ -11,7 +11,7 @@ // YYYYMMDD = Elgg Date // XX = Interim incrementer -$version = 2012071100; +$version = 2012120500; // Human-friendly version name -$release = '1.8.8'; +$release = '1.8.11'; diff --git a/views/default/admin/users/admins.php b/views/default/admin/users/admins.php new file mode 100644 index 000000000..9b175d437 --- /dev/null +++ b/views/default/admin/users/admins.php @@ -0,0 +1,12 @@ +<?php +$admins = elgg_list_entities(array(), 'elgg_get_admins'); + +?> +<div class="elgg-module elgg-module-inline"> + <div class="elgg-head"> + <h3><?php echo elgg_echo('admin:statistics:label:admins'); ?></h3> + </div> + <div class="elgg-body"> + <?php echo $admins; ?> + </div> +</div> diff --git a/views/default/css/admin.php b/views/default/css/admin.php index b996e5636..059e51dd6 100644 --- a/views/default/css/admin.php +++ b/views/default/css/admin.php @@ -1238,6 +1238,10 @@ a.elgg-widget-collapsed:before { height: 16px; display: inline-block; margin: 0 2px; + vertical-align: text-bottom; +} +.elgg-module .elgg-head .elgg-icon { + vertical-align: baseline; } .elgg-icon-delete:hover, .elgg-icon-delete-alt:hover { diff --git a/views/default/js/admin.php b/views/default/js/admin.php index 5cefba512..e8aa0d2ed 100644 --- a/views/default/js/admin.php +++ b/views/default/js/admin.php @@ -4,8 +4,9 @@ * * @since 1.8 */ + +if (0) { ?><script><?php } ?> -//<script> elgg.provide('elgg.admin'); elgg.admin.init = function () { @@ -47,7 +48,7 @@ elgg.admin.init = function () { // admin notices delete ajax $('a.elgg-admin-notice').click(elgg.admin.deleteNotice); -} +}; /** * Save the plugin order after a move event. @@ -88,7 +89,7 @@ elgg.admin.editProfileField = function(value, settings) { elgg.action('profile/fields/edit', data); return value; -} +}; /** * Save the plugin profile order after a move event. @@ -104,7 +105,7 @@ elgg.admin.moveProfileField = function(e, ui) { elgg.action('profile/fields/reorder', { fieldorder: orderStr }); -} +}; /** * Fires the ajax action to delete the admin notice then hides the notice. @@ -120,6 +121,6 @@ elgg.admin.deleteNotice = function(e) { $container.slideUp('medium'); } }); -} +}; elgg.register_hook_handler('init', 'system', elgg.admin.init, 1000);
\ No newline at end of file diff --git a/views/default/js/elgg.php b/views/default/js/elgg.php index 6460e93d6..b82d98ce4 100644 --- a/views/default/js/elgg.php +++ b/views/default/js/elgg.php @@ -50,6 +50,7 @@ foreach ($libs as $file) { /** * Set some values that are cacheable */ +if (0) { ?><script><?php } ?> elgg.version = '<?php echo get_version(); ?>'; diff --git a/views/default/js/initialize_elgg.php b/views/default/js/initialize_elgg.php index f8234f84f..b45c33463 100644 --- a/views/default/js/initialize_elgg.php +++ b/views/default/js/initialize_elgg.php @@ -3,6 +3,7 @@ * Initialize Elgg's js lib with the uncacheable data */ +if (0) { ?><script><?php } ?> /** * Don't want to cache these -- they could change for every request diff --git a/views/default/js/lightbox.php b/views/default/js/lightbox.php index c45d46098..d2bceaf90 100644 --- a/views/default/js/lightbox.php +++ b/views/default/js/lightbox.php @@ -16,6 +16,7 @@ * @todo add support for passing options: $('#myplugin-lightbox').elgg.ui.lightbox(options); */ +if (0) { ?><script><?php } ?> /** diff --git a/views/default/js/walled_garden.php b/views/default/js/walled_garden.php index 13ec83c04..7a482fe23 100644 --- a/views/default/js/walled_garden.php +++ b/views/default/js/walled_garden.php @@ -12,6 +12,7 @@ $cancel_button = elgg_view('input/button', array( )); $cancel_button = trim($cancel_button); +if (0) { ?><script><?php } ?> elgg.provide('elgg.walled_garden'); @@ -47,10 +48,10 @@ elgg.walled_garden.load = function(view) { $(id).find('input.elgg-button-submit').after('<?php echo $cancel_button; ?>'); $('#elgg-walledgarden-login').fadeToggle(); $(id).fadeToggle(); - }, + } }); event.preventDefault(); - }; + }; }; elgg.register_hook_handler('init', 'system', elgg.walled_garden.init);
\ No newline at end of file diff --git a/views/default/output/email.php b/views/default/output/email.php index 00eefad1f..f5a8bc4b8 100644 --- a/views/default/output/email.php +++ b/views/default/output/email.php @@ -10,6 +10,8 @@ * */ +$encoded_value = htmlspecialchars($vars['value'], ENT_QUOTES, 'UTF-8'); + if (!empty($vars['value'])) { - echo "<a href=\"mailto:" . $vars['value'] . "\">". htmlspecialchars($vars['value'], ENT_QUOTES, 'UTF-8', false) ."</a>"; + echo "<a href=\"mailto:$encoded_value\">$encoded_value</a>"; }
\ No newline at end of file |