6 files changed, 236 insertions, 0 deletions

diff --git a/actions/profile/edit.php b/actions/profile/edit.php
new file mode 100644
index 000000000..e1f066e82
--- /dev/null
+++ b/actions/profile/edit.php
@@ -0,0 +1,116 @@
+<?php
+/**
+ * Elgg profile edit action
+ *
+ */
+
+elgg_make_sticky_form('profile:edit');
+
+$guid = get_input('guid');
+$owner = get_entity($guid);
+
+if (!$owner || !($owner instanceof ElggUser) || !$owner->canEdit()) {
+	register_error(elgg_echo('profile:edit:fail'));
+	forward(REFERER);
+}
+
+// grab the defined profile field names and their load the values from POST.
+// each field can have its own access, so sort that too.
+$input = array();
+$accesslevel = get_input('accesslevel');
+
+if (!is_array($accesslevel)) {
+	$accesslevel = array();
+}
+
+/**
+ * wrapper for recursive array walk decoding
+ */
+function profile_array_decoder(&$v) {
+	$v = _elgg_html_decode($v);
+}
+
+$profile_fields = elgg_get_config('profile_fields');
+foreach ($profile_fields as $shortname => $valuetype) {
+	// the decoding is a stop gap to prevent &amp;&amp; showing up in profile fields
+	// because it is escaped on both input (get_input()) and output (view:output/text). see #561 and #1405.
+	// must decode in utf8 or string corruption occurs. see #1567.
+	$value = get_input($shortname);
+	if (is_array($value)) {
+		array_walk_recursive($value, 'profile_array_decoder');
+	} else {
+		$value = _elgg_html_decode($value);
+	}
+
+	// limit to reasonable sizes
+	// @todo - throwing away changes due to this is dumb!
+	if (!is_array($value) && $valuetype != 'longtext' && elgg_strlen($value) > 250) {
+		$error = elgg_echo('profile:field_too_long', array(elgg_echo("profile:{$shortname}")));
+		register_error($error);
+		forward(REFERER);
+	}
+
+	if ($value && $valuetype == 'url' && !preg_match('~^https?\://~i', $value)) {
+		$value = "http://$value";
+	}
+
+	if ($valuetype == 'tags') {
+		$value = string_to_tag_array($value);
+	}
+	
+	$input[$shortname] = $value;
+}
+
+// display name is handled separately
+$name = strip_tags(get_input('name'));
+if ($name) {
+	if (elgg_strlen($name) > 50) {
+		register_error(elgg_echo('user:name:fail'));
+	} elseif ($owner->name != $name) {
+		$owner->name = $name;
+		$owner->save();
+	}
+}
+
+// go through custom fields
+if (sizeof($input) > 0) {
+	foreach ($input as $shortname => $value) {
+		$options = array(
+			'guid' => $owner->guid,
+			'metadata_name' => $shortname,
+			'limit' => false
+		);
+		elgg_delete_metadata($options);
+		
+		if (!is_null($value) && ($value !== '')) {
+			// only create metadata for non empty values (0 is allowed) to prevent metadata records with empty string values #4858
+			
+			if (isset($accesslevel[$shortname])) {
+				$access_id = (int) $accesslevel[$shortname];
+			} else {
+				// this should never be executed since the access level should always be set
+				$access_id = ACCESS_DEFAULT;
+			}
+			if (is_array($value)) {
+				$i = 0;
+				foreach ($value as $interval) {
+					$i++;
+					$multiple = ($i > 1) ? TRUE : FALSE;
+					create_metadata($owner->guid, $shortname, $interval, 'text', $owner->guid, $access_id, $multiple);
+				}
+			} else {
+				create_metadata($owner->getGUID(), $shortname, $value, 'text', $owner->getGUID(), $access_id);
+			}
+		}
+	}
+
+	$owner->save();
+
+	// Notify of profile update
+	elgg_trigger_event('profileupdate', $owner->type, $owner);
+
+	elgg_clear_sticky_form('profile:edit');
+	system_message(elgg_echo("profile:saved"));
+}
+
+forward($owner->getUrl());
diff --git a/actions/profile/fields/add.php b/actions/profile/fields/add.php
new file mode 100644
index 000000000..fce783092
--- /dev/null
+++ b/actions/profile/fields/add.php
@@ -0,0 +1,40 @@
+<?php
+/**
+ * Elgg profile plugin edit default profile action
+ *
+ */
+
+$label = get_input('label');
+$type = get_input('type');
+
+$fieldlist = elgg_get_config('profile_custom_fields');
+if (!$fieldlist) {
+	$fieldlist = '';
+	$id = 1;
+} else {
+	$fieldlistarray = explode(',', $fieldlist);
+	foreach ($fieldlistarray as $key => $value) {
+		$fieldlistarray[$key] = (int)$value;
+	}
+	$id = max($fieldlistarray) + 1;
+}
+
+if (($label) && ($type)) {
+	if (!empty($fieldlist)) {
+		$fieldlist .= ',';
+	}
+	$fieldlist .= "$id";
+
+	if (elgg_save_config("admin_defined_profile_$id", $label) &&
+		elgg_save_config("admin_defined_profile_type_$id", $type) &&
+		elgg_save_config('profile_custom_fields', $fieldlist)) {
+
+		system_message(elgg_echo('profile:editdefault:success'));
+	} else {
+		register_error(elgg_echo('profile:editdefault:fail'));
+	}
+} else {
+	register_error(elgg_echo('profile:editdefault:fail'));
+}
+
+forward(REFERER);
\ No newline at end of file
diff --git a/actions/profile/fields/delete.php b/actions/profile/fields/delete.php
new file mode 100644
index 000000000..9879feb3f
--- /dev/null
+++ b/actions/profile/fields/delete.php
@@ -0,0 +1,28 @@
+<?php
+/**
+ * Elgg profile plugin edit default profile action removal
+ *
+ */
+
+$id = get_input('id');
+
+$fieldlist = elgg_get_config('profile_custom_fields');
+if (!$fieldlist) {
+	$fieldlist = '';
+}
+
+$fieldlist = str_replace("{$id},", "", $fieldlist);
+$fieldlist = str_replace(",{$id}", "", $fieldlist);
+$fieldlist = str_replace("{$id}", "", $fieldlist);
+
+if ($id &&
+	unset_config("admin_defined_profile_$id") &&
+	unset_config("admin_defined_profile_type_$id") &&
+	elgg_save_config('profile_custom_fields', $fieldlist)) {
+	
+	system_message(elgg_echo('profile:editdefault:delete:success'));
+} else {
+	register_error(elgg_echo('profile:editdefault:delete:fail'));
+}
+
+forward(REFERER);
\ No newline at end of file
diff --git a/actions/profile/fields/edit.php b/actions/profile/fields/edit.php
new file mode 100644
index 000000000..5fc84ff11
--- /dev/null
+++ b/actions/profile/fields/edit.php
@@ -0,0 +1,20 @@
+<?php
+/**
+ * Edit a custom profile field
+ */
+
+$id = get_input('id');
+$label = get_input('label');
+
+if (!elgg_get_config("admin_defined_profile_$id")) {
+	register_error(elgg_echo('profile:editdefault:fail'));
+	forward(REFERER);
+}
+
+if (elgg_save_config("admin_defined_profile_$id", $label)) {
+	system_message(elgg_echo('profile:editdefault:success'));
+} else {
+	register_error(elgg_echo('profile:editdefault:fail'));
+}
+
+forward(REFERER);
\ No newline at end of file
diff --git a/actions/profile/fields/reorder.php b/actions/profile/fields/reorder.php
new file mode 100644
index 000000000..27c716749
--- /dev/null
+++ b/actions/profile/fields/reorder.php
@@ -0,0 +1,12 @@
+<?php
+/**
+ * Elgg profile plugin reorder fields
+ *
+ */
+
+$ordering = get_input('fieldorder');
+
+$result = elgg_save_config('profile_custom_fields', $ordering);
+
+// called by ajax so we exit
+exit;
diff --git a/actions/profile/fields/reset.php b/actions/profile/fields/reset.php
new file mode 100644
index 000000000..19efae479
--- /dev/null
+++ b/actions/profile/fields/reset.php
@@ -0,0 +1,20 @@
+<?php
+/**
+ * Reset profile fields action
+ *
+ */
+
+$fieldlist = elgg_get_config('profile_custom_fields');
+if ($fieldlist) {
+	$fieldlistarray = explode(',', $fieldlist);
+	foreach ($fieldlistarray as $listitem) {
+		unset_config("admin_defined_profile_{$listitem}");
+		unset_config("admin_defined_profile_type_{$listitem}");
+	}
+}
+
+unset_config('profile_custom_fields');
+
+system_message(elgg_echo('profile:defaultprofile:reset'));
+
+forward(REFERER);
\ No newline at end of file