diff options
Diffstat (limited to 'actions/profile/edit.php')
-rw-r--r-- | actions/profile/edit.php | 109 |
1 files changed, 109 insertions, 0 deletions
diff --git a/actions/profile/edit.php b/actions/profile/edit.php new file mode 100644 index 000000000..219474f2c --- /dev/null +++ b/actions/profile/edit.php @@ -0,0 +1,109 @@ +<?php +/** + * Elgg profile edit action + * + */ + +$guid = get_input('guid'); +$owner = get_entity($guid); + +if (!$owner || !($owner instanceof ElggUser) || !$owner->canEdit()) { + register_error(elgg_echo('profile:edit:fail')); + forward(REFERER); +} + +// grab the defined profile field names and their load the values from POST. +// each field can have its own access, so sort that too. +$input = array(); +$accesslevel = get_input('accesslevel'); + +if (!is_array($accesslevel)) { + $accesslevel = array(); +} + +/** + * wrapper for recursive array walk decoding + */ +function profile_array_decoder(&$v) { + $v = html_entity_decode($v, ENT_COMPAT, 'UTF-8'); +} + +$profile_fields = elgg_get_config('profile'); +foreach ($profile_fields as $shortname => $valuetype) { + // the decoding is a stop gag to prevent && showing up in profile fields + // because it is escaped on both input (get_input()) and output (view:output/text). see #561 and #1405. + // must decode in utf8 or string corruption occurs. see #1567. + $value = get_input($shortname); + if (is_array($value)) { + array_walk_recursive($value, 'profile_array_decoder'); + } else { + $value = html_entity_decode($value, ENT_COMPAT, 'UTF-8'); + } + + // limit to reasonable sizes + // @todo - throwing away changes due to this is dumb! + if (!is_array($value) && $valuetype != 'longtext' && elgg_strlen($value) > 250) { + $error = elgg_echo('profile:field_too_long', array(elgg_echo("profile:{$shortname}"))); + register_error($error); + forward(REFERER); + } + + if ($valuetype == 'tags') { + $value = string_to_tag_array($value); + } + + $input[$shortname] = $value; +} + +// display name is handled separately +$name = strip_tags(get_input('name')); +if ($name) { + if (elgg_strlen($name) > 50) { + register_error(elgg_echo('user:name:fail')); + } elseif ($owner->name != $name) { + $owner->name = $name; + // @todo this is weird...giving two notifications? + if ($owner->save()) { + system_message(elgg_echo('user:name:success')); + } else { + register_error(elgg_echo('user:name:fail')); + } + } +} + +// go through custom fields +if (sizeof($input) > 0) { + foreach ($input as $shortname => $value) { + remove_metadata($owner->guid, $shortname); + if (isset($accesslevel[$shortname])) { + $access_id = (int) $accesslevel[$shortname]; + } else { + // this should never be executed since the access level should always be set + $access_id = ACCESS_DEFAULT; + } + if (is_array($value)) { + $i = 0; + foreach ($value as $interval) { + $i++; + $multiple = ($i > 1) ? TRUE : FALSE; + create_metadata($owner->guid, $shortname, $interval, 'text', $owner->guid, $access_id, $multiple); + } + } else { + create_metadata($owner->getGUID(), $shortname, $value, 'text', $owner->getGUID(), $access_id); + } + } + + $owner->save(); + + // Notify of profile update + elgg_trigger_event('profileupdate', $user->type, $user); + + //add to river if edited by self + if (get_loggedin_userid() == $user->guid) { + add_to_river('river/user/default/profileupdate', 'update', get_loggedin_userid(), get_loggedin_userid(), get_default_access(get_loggedin_user())); + } + + system_message(elgg_echo("profile:saved")); +} + +forward($owner->getUrl()); |