10 files changed, 75 insertions, 53 deletions

diff --git a/actions/admin/plugins/activate.php b/actions/admin/plugins/activate.php
index 5a945e8eb..224b5a2ae 100644
--- a/actions/admin/plugins/activate.php
+++ b/actions/admin/plugins/activate.php
@@ -29,7 +29,9 @@ foreach ($plugin_guids as $guid) {
 	if ($plugin->activate()) {
 		$activated_guids[] = $guid;
 	} else {
-		register_error(elgg_echo('admin:plugins:activate:no', array($plugin->getManifest()->getName())));
+		$msg = $plugin->getError();
+		$string = ($msg) ? 'admin:plugins:activate:no_with_msg' : 'admin:plugins:activate:no';
+		register_error(elgg_echo($string, array($plugin->getFriendlyName(), $plugin->getError())));
 	}
 }
 
@@ -47,5 +49,10 @@ if (count($activated_guids) === 1) {
 	$plugin = get_entity($plugin_guids[0]);
 	forward("$url#{$plugin->getID()}");
 } else {
-	forward(REFERER);
+	// forward to top of page with a failure so remove any #foo
+	$url = $_SERVER['HTTP_REFERER'];
+	if (strpos($url, '#')) {
+		$url = substr(0, strpos($url, '#'));
+	}
+	forward($url);
 }
\ No newline at end of file
diff --git a/actions/admin/plugins/activate_all.php b/actions/admin/plugins/activate_all.php
index 19eb82142..19c142346 100644
--- a/actions/admin/plugins/activate_all.php
+++ b/actions/admin/plugins/activate_all.php
@@ -18,7 +18,9 @@ foreach ($guids as $guid) {
 		if ($plugin->activate()) {
 			//system_message(elgg_echo('admin:plugins:activate:yes', array($plugin->getManifest()->getName())));
 		} else {
-			register_error(elgg_echo('admin:plugins:activate:no', array($plugin->getManifest()->getName())));
+			$msg = $plugin->getError();
+			$string = ($msg) ? 'admin:plugins:activate:no_with_msg' : 'admin:plugins:activate:no';
+			register_error(elgg_echo($string, array($plugin->getFriendlyName(), $plugin->getError())));
 		}
 	}
 }
diff --git a/actions/admin/plugins/deactivate.php b/actions/admin/plugins/deactivate.php
index f5eca3aaa..2ce796eff 100644
--- a/actions/admin/plugins/deactivate.php
+++ b/actions/admin/plugins/deactivate.php
@@ -28,7 +28,9 @@ foreach ($plugin_guids as $guid) {
 	if ($plugin->deactivate()) {
 		//system_message(elgg_echo('admin:plugins:deactivate:yes', array($plugin->getManifest()->getName())));
 	} else {
-		register_error(elgg_echo('admin:plugins:deactivate:no', array($plugin->getManifest()->getName())));
+		$msg = $plugin->getError();
+		$string = ($msg) ? 'admin:plugins:deactivate:no_with_msg' : 'admin:plugins:deactivate:no';
+		register_error(elgg_echo($string, array($plugin->getFriendlyName(), $plugin->getError())));
 	}
 }
 
diff --git a/actions/admin/plugins/deactivate_all.php b/actions/admin/plugins/deactivate_all.php
index 436a3ad30..479e9c607 100644
--- a/actions/admin/plugins/deactivate_all.php
+++ b/actions/admin/plugins/deactivate_all.php
@@ -18,7 +18,9 @@ foreach ($guids as $guid) {
 		if ($plugin->deactivate()) {
 			//system_message(elgg_echo('admin:plugins:activate:yes', array($plugin->getManifest()->getName())));
 		} else {
-			register_error(elgg_echo('admin:plugins:deactivate:no', array($plugin->getManifest()->getName())));
+			$msg = $plugin->getError();
+			$string = ($msg) ? 'admin:plugins:deactivate:no_with_msg' : 'admin:plugins:deactivate:no';
+			register_error(elgg_echo($string, array($plugin->getFriendlyName(), $plugin->getError())));
 		}
 	}
 }
diff --git a/actions/admin/plugins/set_priority.php b/actions/admin/plugins/set_priority.php
index 1f8bc24af..79b1c4c53 100644
--- a/actions/admin/plugins/set_priority.php
+++ b/actions/admin/plugins/set_priority.php
@@ -26,7 +26,9 @@ if (!($plugin instanceof ElggPlugin)) {
 if ($plugin->setPriority($priority)) {
 	//system_message(elgg_echo('admin:plugins:set_priority:yes', array($plugin->getManifest()->getName())));
 } else {
-	register_error(elgg_echo('admin:plugins:set_priority:no', array($plugin->getManifest()->getName())));
+	$msg = $plugin->getError();
+	$string = ($msg) ? 'admin:plugins:set_priority:no_with_msg' : 'admin:plugins:set_priority:no';
+	register_error(elgg_echo($string, array($plugin->getFriendlyName(), $plugin->getError())));
 }
 
 // don't regenerate the simplecache because the plugin won't be
diff --git a/actions/avatar/upload.php b/actions/avatar/upload.php
index e21aa49c8..885a16557 100644
--- a/actions/avatar/upload.php
+++ b/actions/avatar/upload.php
@@ -11,13 +11,18 @@ if (!$owner || !($owner instanceof ElggUser) || !$owner->canEdit()) {
 	forward(REFERER);
 }
 
+if ($_FILES['avatar']['error'] != 0) {
+	register_error(elgg_echo('avatar:upload:fail'));
+	forward(REFERER);
+}
+
 //@todo make this configurable?
 $icon_sizes = array(
 	'topbar' => array('w'=>16, 'h'=>16, 'square'=>TRUE, 'upscale'=>TRUE),
 	'tiny' => array('w'=>25, 'h'=>25, 'square'=>TRUE, 'upscale'=>TRUE),
 	'small' => array('w'=>40, 'h'=>40, 'square'=>TRUE, 'upscale'=>TRUE),
 	'medium' => array('w'=>100, 'h'=>100, 'square'=>TRUE, 'upscale'=>TRUE),
-	'large' => array('w'=>200, 'h'=>200, 'square'=>FALSE, 'upscale'=>FALSE),
+	'large' => array('w'=>200, 'h'=>200, 'square'=>FALSE, 'upscale'=>TRUE),
 	'master' => array('w'=>550, 'h'=>550, 'square'=>FALSE, 'upscale'=>FALSE)
 );
 
@@ -42,7 +47,7 @@ foreach ($icon_sizes as $name => $size_info) {
 			$file->delete();
 		}
 
-		system_message(elgg_echo('avatar:resize:fail'));
+		register_error(elgg_echo('avatar:resize:fail'));
 		forward(REFERER);
 	}
 }
diff --git a/actions/friends/collections/add.php b/actions/friends/collections/add.php
index 8ec6a085f..1e2bc1d5c 100644
--- a/actions/friends/collections/add.php
+++ b/actions/friends/collections/add.php
@@ -9,28 +9,24 @@
 $collection_name = get_input('collection_name');
 $friends = get_input('friends_collection');
 
-//first check to make sure that a collection name has been set and create the new colection
-if ($collection_name) {
+if (!$collection_name) {
+	register_error(elgg_echo("friends:nocollectionname"));
+	forward(REFERER);
+}
 
-	//create the collection
-	$create_collection = create_access_collection($collection_name, elgg_get_logged_in_user_guid());
+$id = create_access_collection($collection_name);
 
-	//if the collection was created and the user passed some friends from the form, add them
-	if ($create_collection && (!empty($friends))) {
-		//add friends to the collection
-		foreach ($friends as $friend) {
-			add_user_to_access_collection($friend, $create_collection);
-		}
+if ($id) {
+	$result = update_access_collection($id, $friends);
+	if ($result) {
+		system_message(elgg_echo("friends:collectionadded"));
+		// go to the collections page
+		forward("pg/collections/" . get_loggedin_user()->username);
+	} else {
+		register_error(elgg_echo("friends:nocollectionname"));
+		forward(REFERER);
 	}
-
-	// Success message
-	system_message(elgg_echo("friends:collectionadded"));
-	// Forward to the collections page
-	forward("collections/" . elgg_get_logged_in_user_entity()->username);
-
 } else {
 	register_error(elgg_echo("friends:nocollectionname"));
-
-	// Forward to the add collection page
-	forward("collections/add");
-}
+	forward(REFERER);
+}
\ No newline at end of file
diff --git a/actions/friends/collections/delete.php b/actions/friends/collections/delete.php
index fe719d74b..ff8f1fb55 100644
--- a/actions/friends/collections/delete.php
+++ b/actions/friends/collections/delete.php
@@ -8,29 +8,16 @@
 
 $collection_id = (int) get_input('collection');
 
-// Check to see that the access collection exist and grab its owner
-$get_collection = get_access_collection($collection_id);
-
-if ($get_collection) {
-
-	if ($get_collection->owner_guid == elgg_get_logged_in_user_guid()) {
-
-		$delete_collection = delete_access_collection($collection_id);
+// check the ACL exists and we can edit
+if (!can_edit_access_collection($collection_id)) {
+	register_error(elgg_echo("friends:collectiondeletefailed"));
+	forward(REFERER);
+}
 
-		// Success message
-		if ($delete_collection) {
-			system_message(elgg_echo("friends:collectiondeleted"));
-		} else {
-			register_error(elgg_echo("friends:collectiondeletefailed"));
-		}
-	} else {
-		// Failure message
-		register_error(elgg_echo("friends:collectiondeletefailed"));
-	}
+if (delete_access_collection($collection_id)) {
+	system_message(elgg_echo("friends:collectiondeleted"));
 } else {
-	// Failure message
 	register_error(elgg_echo("friends:collectiondeletefailed"));
 }
 
-// Forward to the collections page
-forward("collections/" . elgg_get_logged_in_user_entity()->username);
+forward(REFERER);
diff --git a/actions/friends/collections/edit.php b/actions/friends/collections/edit.php
index b7fb716f2..9eb5e1eab 100644
--- a/actions/friends/collections/edit.php
+++ b/actions/friends/collections/edit.php
@@ -9,7 +9,15 @@
 $collection_id = get_input('collection_id');
 $friends = get_input('friend');
 
-//chech the collection exists and the current user owners it
-update_access_collection($collection_id, $friends);
+// check it exists and we can edit
+if (!can_edit_access_collection($collection_id)) {
+	system_message(elgg_echo('friends:collection:edit_failed'));
+}
 
-exit;
+if (update_access_collection($collection_id, $friends)) {
+	system_message(elgg_echo('friends:collections:edited'));
+} else {
+	system_message(elgg_echo('friends:collection:edit_failed'));
+}
+
+forward(REFERER);
\ No newline at end of file
diff --git a/actions/useradd.php b/actions/useradd.php
index 8e588d073..be08b4be5 100644
--- a/actions/useradd.php
+++ b/actions/useradd.php
@@ -20,11 +20,22 @@ if (is_array($admin)) {
 	$admin = $admin[0];
 }
 
+// no blank fields
+if ($username == '' || $password == '' || $password2 == '' || $email == '' || $name == '') {
+	register_error(elgg_echo('register:fields'));
+	forward(REFERER);
+}
+
+if (strcmp($password, $password2) != 0) {
+	register_error(elgg_echo('RegistrationException:PasswordMismatch'));
+	forward(REFERER);
+}
+
 // For now, just try and register the user
 try {
 	$guid = register_user($username, $password, $name, $email, TRUE);
 
-	if (((trim($password) != "") && (strcmp($password, $password2) == 0)) && ($guid)) {
+	if ($guid) {
 		$new_user = get_entity($guid);
 		if (($guid) && ($admin)) {
 			$new_user->makeAdmin();