diff options
Diffstat (limited to 'actions')
| -rw-r--r-- | actions/admin/site/update_advanced.php | 19 | ||||
| -rw-r--r-- | actions/avatar/remove.php | 34 | ||||
| -rw-r--r-- | actions/avatar/revert.php | 15 | ||||
| -rw-r--r-- | actions/comments/delete.php | 17 | ||||
| -rw-r--r-- | actions/login.php | 8 | ||||
| -rw-r--r-- | actions/register.php | 4 | ||||
| -rw-r--r-- | actions/useradd.php | 4 |
7 files changed, 65 insertions, 36 deletions
diff --git a/actions/admin/site/update_advanced.php b/actions/admin/site/update_advanced.php index 23d622a62..897a2f983 100644 --- a/actions/admin/site/update_advanced.php +++ b/actions/admin/site/update_advanced.php @@ -17,7 +17,24 @@ if ($site = elgg_get_site_entity()) { $site->url = get_input('wwwroot'); datalist_set('path', sanitise_filepath(get_input('path'))); - datalist_set('dataroot', sanitise_filepath(get_input('dataroot'))); + $dataroot = sanitise_filepath(get_input('dataroot')); + + // check for relative paths + if (stripos(PHP_OS, 'win') === 0) { + if (strpos($dataroot, ':') !== 1) { + $msg = elgg_echo('admin:configuration:dataroot:relative_path', array($dataroot)); + register_error($msg); + forward(REFERER); + } + } else { + if (strpos($dataroot, '/') !== 0) { + $msg = elgg_echo('admin:configuration:dataroot:relative_path', array($dataroot)); + register_error($msg); + forward(REFERER); + } + } + + datalist_set('dataroot', $dataroot); if (get_input('simplecache_enabled')) { elgg_enable_simplecache(); diff --git a/actions/avatar/remove.php b/actions/avatar/remove.php new file mode 100644 index 000000000..cd38e456a --- /dev/null +++ b/actions/avatar/remove.php @@ -0,0 +1,34 @@ +<?php +/** + * Avatar remove action + */ + +$guid = get_input('guid'); +$user = get_entity($guid); +if ($user) { + // Delete all icons from diskspace + $icon_sizes = elgg_get_config('icon_sizes'); + foreach ($icon_sizes as $name => $size_info) { + $file = new ElggFile(); + $file->owner_guid = $guid; + $file->setFilename("profile/{$guid}{$name}.jpg"); + $filepath = $file->getFilenameOnFilestore(); + if (!$file->delete()) { + elgg_log("Avatar file remove failed. Remove $filepath manually, please.", 'WARNING'); + } + } + + // Remove crop coords + unset($user->x1); + unset($user->x2); + unset($user->y1); + unset($user->y2); + + // Remove icon + unset($user->icontime); + system_message(elgg_echo('avatar:remove:success')); +} else { + register_error(elgg_echo('avatar:remove:fail')); +} + +forward(REFERER); diff --git a/actions/avatar/revert.php b/actions/avatar/revert.php deleted file mode 100644 index 8cff40a68..000000000 --- a/actions/avatar/revert.php +++ /dev/null @@ -1,15 +0,0 @@ -<?php -/** - * Avatar revert action - */ - -$guid = get_input('guid'); -$user = get_entity($guid); -if ($user) { - unset($user->icontime); - system_message(elgg_echo('avatar:revert:success')); -} else { - register_error(elgg_echo('avatar:revert:fail')); -} - -forward(REFERER); diff --git a/actions/comments/delete.php b/actions/comments/delete.php index f8458a152..f2c058ff4 100644 --- a/actions/comments/delete.php +++ b/actions/comments/delete.php @@ -12,19 +12,12 @@ if (!elgg_is_logged_in()) { // Make sure we can get the comment in question $annotation_id = (int) get_input('annotation_id'); -if ($comment = elgg_get_annotation_from_id($annotation_id)) { - - $entity = get_entity($comment->entity_guid); - - if ($comment->canEdit()) { - $comment->delete(); - system_message(elgg_echo("generic_comment:deleted")); - forward($entity->getURL()); - } - +$comment = elgg_get_annotation_from_id($annotation_id); +if ($comment && $comment->canEdit()) { + $comment->delete(); + system_message(elgg_echo("generic_comment:deleted")); } else { - $url = ""; + register_error(elgg_echo("generic_comment:notdeleted")); } -register_error(elgg_echo("generic_comment:notdeleted")); forward(REFERER);
\ No newline at end of file diff --git a/actions/login.php b/actions/login.php index 256e78acb..ea7fb3508 100644 --- a/actions/login.php +++ b/actions/login.php @@ -18,9 +18,9 @@ if (isset($_SESSION['last_forward_from']) && $_SESSION['last_forward_from']) { } $username = get_input('username'); -$password = get_input("password"); -$persistent = get_input("persistent", FALSE); -$result = FALSE; +$password = get_input('password', null, false); +$persistent = get_input("persistent", false); +$result = false; if (empty($username) || empty($password)) { register_error(elgg_echo('login:empty')); @@ -28,7 +28,7 @@ if (empty($username) || empty($password)) { } // check if logging in with email address -if (strpos($username, '@') !== FALSE && ($users = get_user_by_email($username))) { +if (strpos($username, '@') !== false && ($users = get_user_by_email($username))) { $username = $users[0]->username; } diff --git a/actions/register.php b/actions/register.php index 360b7cb4b..f23d5b381 100644 --- a/actions/register.php +++ b/actions/register.php @@ -10,8 +10,8 @@ elgg_make_sticky_form('register'); // Get variables $username = get_input('username'); -$password = get_input('password'); -$password2 = get_input('password2'); +$password = get_input('password', null, false); +$password2 = get_input('password2', null, false); $email = get_input('email'); $name = get_input('name'); $friend_guid = (int) get_input('friend_guid', 0); diff --git a/actions/useradd.php b/actions/useradd.php index fdcd7e438..17459021b 100644 --- a/actions/useradd.php +++ b/actions/useradd.php @@ -10,8 +10,8 @@ elgg_make_sticky_form('useradd'); // Get variables $username = get_input('username'); -$password = get_input('password'); -$password2 = get_input('password2'); +$password = get_input('password', null, false); +$password2 = get_input('password2', null, false); $email = get_input('email'); $name = get_input('name'); |