8 files changed, 134 insertions, 194 deletions

diff --git a/actions/friends/add.php b/actions/friends/add.php
index 63f1e2d94..d1800ee14 100644
--- a/actions/friends/add.php
+++ b/actions/friends/add.php
@@ -1,40 +1,35 @@
 <?php
+/**
+ * Elgg add friend action
+ *
+ * @package Elgg.Core
+ * @subpackage Friends.Management
+ */
 
-	/**
-	 * Elgg add friend action
-	 * 
-	 * @package Elgg
-	 * @subpackage Core
+// Get the GUID of the user to friend
+$friend_guid = get_input('friend');
+$friend = get_entity($friend_guid);
+if (!$friend) {
+	register_error(elgg_echo('error:missing_data'));
+	forward(REFERER);
+}
 
-	 * @author Curverider Ltd
+$errors = false;
 
-	 * @link http://elgg.org/
-	 */
+// Get the user
+try {
+	if (!elgg_get_logged_in_user_entity()->addFriend($friend_guid)) {
+		$errors = true;
+	}
+} catch (Exception $e) {
+	register_error(elgg_echo("friends:add:failure", array($friend->name)));
+	$errors = true;
+}
+if (!$errors) {
+	// add to river
+	add_to_river('river/relationship/friend/create', 'friend', elgg_get_logged_in_user_guid(), $friend_guid);
+	system_message(elgg_echo("friends:add:successful", array($friend->name)));
+}
 
-	// Ensure we are logged in
-		gatekeeper();
-		action_gatekeeper();
-		
-	// Get the GUID of the user to friend
-		$friend_guid = get_input('friend');
-		$friend = get_entity($friend_guid);
-
-		$errors = false;
-		
-	// Get the user
-		try {
-			if (!$_SESSION['user']->addFriend($friend_guid)) $errors = true;
-		} catch (Exception $e) {
-			register_error(sprintf(elgg_echo("friends:add:failure"),$friend->name));
-			$errors = true;
-		}
-		if (!$errors){
-			// add to river
-	        add_to_river('friends/river/create','friend',$_SESSION['user']->guid,$friend_guid);
-			system_message(sprintf(elgg_echo("friends:add:successful"),$friend->name));
-		}
-		
-	// Forward to the user friends page
-		forward("pg/friends/" . $_SESSION['user']->username . "/");
-		
-?>
\ No newline at end of file
+// Forward back to the page you friended the user on
+forward(REFERER);
diff --git a/actions/friends/addcollection.php b/actions/friends/addcollection.php
deleted file mode 100644
index 7dfba1ee7..000000000
--- a/actions/friends/addcollection.php
+++ /dev/null
@@ -1,50 +0,0 @@
-<?php
-
-	/**
-	 * Elgg collection add page
-	 * 
-	 * @package Elgg
-	 * @subpackage Core
-
-	 * @author Curverider Ltd
-
-	 * @link http://elgg.org/
-	 */
-	 
-	 //must be logged in
-	 gatekeeper();
-	 action_gatekeeper();
-	 
-	 $collection_name = get_input('collection_name');
-	 $friends = get_input('friends_collection');
-	 
-    //first check to make sure that a collection name has been set and create the new colection
-    if($collection_name){
-        
-        //create the collection
-        $create_collection = create_access_collection($collection_name, $_SESSION['user']->getGUID());
-        
-        //if the collection was created and the user passed some friends from the form, add them
-        if($create_collection && (!empty($friends))){
-            
-            //add friends to the collection
-            foreach($friends as $friend){
-                add_user_to_access_collection($friend, $create_collection);
-	        }
-	        
-        }
-        
-        // Success message
-		system_message(elgg_echo("friends:collectionadded"));
-		// Forward to the collections page
-		forward("pg/collections/" . $_SESSION['user']->username);
-        
-    } else {
-        
-        register_error(elgg_echo("friends:nocollectionname"));
-        // Forward to the add collection page
-		forward("pg/collections/add");
-		
-    }
-	 
-?>
\ No newline at end of file
diff --git a/actions/friends/collections/add.php b/actions/friends/collections/add.php
new file mode 100644
index 000000000..e63a149f7
--- /dev/null
+++ b/actions/friends/collections/add.php
@@ -0,0 +1,31 @@
+<?php
+/**
+ * Elgg collection add page
+ *
+ * @package Elgg.Core
+ * @subpackage Friends.Collections
+ */
+
+$collection_name = htmlspecialchars(get_input('collection_name', '', false), ENT_QUOTES, 'UTF-8');
+$friends = get_input('friends_collection');
+
+if (!$collection_name) {
+	register_error(elgg_echo("friends:nocollectionname"));
+	forward(REFERER);
+}
+
+$id = create_access_collection($collection_name);
+
+if ($id) {
+	$result = update_access_collection($id, $friends);
+	if ($result) {
+		system_message(elgg_echo("friends:collectionadded"));
+		forward("collections/" . elgg_get_logged_in_user_entity()->username);
+	} else {
+		register_error(elgg_echo("friends:nocollectionname"));
+		forward(REFERER);
+	}
+} else {
+	register_error(elgg_echo("friends:nocollectionname"));
+	forward(REFERER);
+}
\ No newline at end of file
diff --git a/actions/friends/collections/delete.php b/actions/friends/collections/delete.php
new file mode 100644
index 000000000..ff8f1fb55
--- /dev/null
+++ b/actions/friends/collections/delete.php
@@ -0,0 +1,23 @@
+<?php
+/**
+ * Elgg friends: delete collection action
+ *
+ * @package Elgg.Core
+ * @subpackage Friends.Collections
+ */
+
+$collection_id = (int) get_input('collection');
+
+// check the ACL exists and we can edit
+if (!can_edit_access_collection($collection_id)) {
+	register_error(elgg_echo("friends:collectiondeletefailed"));
+	forward(REFERER);
+}
+
+if (delete_access_collection($collection_id)) {
+	system_message(elgg_echo("friends:collectiondeleted"));
+} else {
+	register_error(elgg_echo("friends:collectiondeletefailed"));
+}
+
+forward(REFERER);
diff --git a/actions/friends/collections/edit.php b/actions/friends/collections/edit.php
new file mode 100644
index 000000000..9eb5e1eab
--- /dev/null
+++ b/actions/friends/collections/edit.php
@@ -0,0 +1,23 @@
+<?php
+/**
+ * Friends collection edit action
+ *
+ * @package Elgg.Core
+ * @subpackage Friends.Collections
+ */
+
+$collection_id = get_input('collection_id');
+$friends = get_input('friend');
+
+// check it exists and we can edit
+if (!can_edit_access_collection($collection_id)) {
+	system_message(elgg_echo('friends:collection:edit_failed'));
+}
+
+if (update_access_collection($collection_id, $friends)) {
+	system_message(elgg_echo('friends:collections:edited'));
+} else {
+	system_message(elgg_echo('friends:collection:edit_failed'));
+}
+
+forward(REFERER);
\ No newline at end of file
diff --git a/actions/friends/deletecollection.php b/actions/friends/deletecollection.php
deleted file mode 100644
index bdfcc9b2c..000000000
--- a/actions/friends/deletecollection.php
+++ /dev/null
@@ -1,52 +0,0 @@
-<?php
-
-	/**
-	 * Elgg friends: delete collection action
-	 * 
-	 * @package Elgg
-	 * @subpackage Core
-
-	 * @author Curverider Ltd
-
-	 * @link http://elgg.org/
-	 */
-
-	// Make sure we're logged in (send us to the front page if not)
-		gatekeeper();
-		
-		// Get input data
-		$collection_id = (int) get_input('collection');
-		
-		// Check to see that the access collection exist and grab its owner
-		$get_collection = get_access_collection($collection_id);
-		
-		if($get_collection){
-    		
-    		if($get_collection->owner_guid == $_SESSION['user']->getGUID()){
-		    
-	            $delete_collection = delete_access_collection($collection_id);
-	        
-	            // Success message
-		        if ($delete_collection) 
-		        	system_message(elgg_echo("friends:collectiondeleted"));
-		        else
-		        	register_error(elgg_echo("friends:collectiondeletefailed"));
-		        
-	        } else {
-    	        
-    	        // Failure message
-		        register_error(elgg_echo("friends:collectiondeletefailed"));
-		        
-	        }
-		
-		} else {
-    		
-    		// Failure message
-		    register_error(elgg_echo("friends:collectiondeletefailed"));
-		    
-	    }
-	    
-	     // Forward to the collections page
-		 forward("pg/collections/" . $_SESSION['user']->username);
-		
-?>
\ No newline at end of file
diff --git a/actions/friends/editcollection.php b/actions/friends/editcollection.php
deleted file mode 100644
index ede61b4b0..000000000
--- a/actions/friends/editcollection.php
+++ /dev/null
@@ -1,20 +0,0 @@
-<?php
-
-	/**
-	 * Elgg collection add page
-	 * 
-	 * @package Elgg
-	 * @subpackage Core
-
-	 * @author Curverider Ltd
-
-	 * @link http://elgg.org/
-	 */
-	 
-	 $collection_id = get_input('collection_id');
-	 $friends = get_input('friend');
-	 
-	 //chech the collection exists and the current user owners it
-	 update_access_collection($collection_id, $friends);
-	 
-?>
\ No newline at end of file
diff --git a/actions/friends/remove.php b/actions/friends/remove.php
index 20181bc84..d69d18f31 100644
--- a/actions/friends/remove.php
+++ b/actions/friends/remove.php
@@ -1,42 +1,32 @@
 <?php
+/**
+ * Elgg remove friend action
+ *
+ * @package Elgg.Core
+ * @subpackage Friends.Management
+ */
 
-	/**
-	 * Elgg remove friend action
-	 * 
-	 * @package Elgg
-	 * @subpackage Core
+// Get the GUID of the user to friend
+$friend_guid = get_input('friend');
+$friend = get_entity($friend_guid);
+$errors = false;
 
-	 * @author Curverider Ltd
+// Get the user
+try{
+	if ($friend instanceof ElggUser) {
+		elgg_get_logged_in_user_entity()->removeFriend($friend_guid);
+	} else {
+		register_error(elgg_echo("friends:remove:failure", array($friend->name)));
+		$errors = true;
+	}
+} catch (Exception $e) {
+	register_error(elgg_echo("friends:remove:failure", array($friend->name)));
+	$errors = true;
+}
 
-	 * @link http://elgg.org/
-	 */
+if (!$errors) {
+	system_message(elgg_echo("friends:remove:successful", array($friend->name)));
+}
 
-	// Ensure we are logged in
-		gatekeeper();
-		action_gatekeeper();
-		
-	// Get the GUID of the user to friend
-		$friend_guid = get_input('friend');
-		$friend = get_entity($friend_guid);
-		$errors = false;
-
-	// Get the user
-		try{
-			if ($friend instanceof ElggUser)
-				$_SESSION['user']->removeFriend($friend_guid);
-			else
-			{
-				register_error(sprintf(elgg_echo("friends:remove:failure"),$friend->name));
-				$errors = true;
-			}
-		} catch (Exception $e) {
-			register_error(sprintf(elgg_echo("friends:remove:failure"),$friend->name));
-			$errors = true;
-		}
-		if (!$errors)
-			system_message(sprintf(elgg_echo("friends:remove:successful"),$friend->name));			
-		
-	// Forward to the user friends page
-		forward("pg/friends/" . $_SESSION['user']->username . "/");
-		
-?>
\ No newline at end of file
+// Forward back to the page you made the friend on
+forward(REFERER);