diff options
Diffstat (limited to 'actions')
55 files changed, 611 insertions, 637 deletions
diff --git a/actions/admin/delete_admin_notice.php b/actions/admin/delete_admin_notice.php new file mode 100644 index 000000000..a9c3b8758 --- /dev/null +++ b/actions/admin/delete_admin_notice.php @@ -0,0 +1,13 @@ +<?php +/** + * Removes an admin notice. + */ + +$guid = get_input('guid'); +$notice = get_entity($guid); + +if (!(elgg_instanceof($notice, 'object', 'admin_notice') && $notice->delete())) { + register_error(elgg_echo("admin:notices:could_not_delete")); +} + +forward(REFERER);
\ No newline at end of file diff --git a/actions/admin/menu/save.php b/actions/admin/menu/save.php index 3fdce8c45..66ce71082 100644 --- a/actions/admin/menu/save.php +++ b/actions/admin/menu/save.php @@ -9,12 +9,11 @@ // featured menu items $featured_names = get_input('featured_menu_names', array()); $featured_names = array_unique($featured_names); -if (in_array('', $featured_names)) { - unset($featured_names[array_search('', $featured_names)]); +if (in_array(' ', $featured_names)) { + unset($featured_names[array_search(' ', $featured_names)]); } elgg_save_config('site_featured_menu_names', $featured_names); - // custom menu items $custom_menu_titles = get_input('custom_menu_titles', array()); $custom_menu_urls = get_input('custom_menu_urls', array()); diff --git a/actions/admin/plugins/activate.php b/actions/admin/plugins/activate.php index 7a55cb7bb..5234a4ca5 100644 --- a/actions/admin/plugins/activate.php +++ b/actions/admin/plugins/activate.php @@ -17,6 +17,7 @@ if (!is_array($plugin_guids)) { $plugin_guids = array($plugin_guids); } +$activated_guids = array(); foreach ($plugin_guids as $guid) { $plugin = get_entity($guid); @@ -26,17 +27,33 @@ foreach ($plugin_guids as $guid) { } if ($plugin->activate()) { - //system_message(elgg_echo('admin:plugins:activate:yes', array($plugin->manifest->getName()))); + $activated_guids[] = $guid; } else { - register_error(elgg_echo('admin:plugins:activate:no', array($plugin->manifest->getName()))); + $msg = $plugin->getError(); + $string = ($msg) ? 'admin:plugins:activate:no_with_msg' : 'admin:plugins:activate:no'; + register_error(elgg_echo($string, array($plugin->getFriendlyName(), $plugin->getError()))); } } -elgg_delete_admin_notice('first_installation_plugin_reminder'); - // don't regenerate the simplecache because the plugin won't be -// loaded until next run. Just invalidate and let it regnerate as needed +// loaded until next run. Just invalidate and let it regenerate as needed elgg_invalidate_simplecache(); -elgg_filepath_cache_reset(); +elgg_reset_system_cache(); -forward(REFERER);
\ No newline at end of file +if (count($activated_guids) === 1) { + $url = 'admin/plugins'; + $query = (string)parse_url($_SERVER['HTTP_REFERER'], PHP_URL_QUERY); + if ($query) { + $url .= "?$query"; + } + $plugin = get_entity($plugin_guids[0]); + $id = $css_id = preg_replace('/[^a-z0-9-]/i', '-', $plugin->getID()); + forward("$url#$id"); +} else { + // forward to top of page with a failure so remove any #foo + $url = $_SERVER['HTTP_REFERER']; + if (strpos($url, '#')) { + $url = substr(0, strpos($url, '#')); + } + forward($url); +}
\ No newline at end of file diff --git a/actions/admin/plugins/activate_all.php b/actions/admin/plugins/activate_all.php index 4ba4be270..4514ccbdf 100644 --- a/actions/admin/plugins/activate_all.php +++ b/actions/admin/plugins/activate_all.php @@ -1,29 +1,33 @@ <?php /** - * Activates all installed and inactive plugins. + * Activates all specified installed and inactive plugins. * - * All plugins in the mod/ directory are that aren't active are activated and the views + * All specified plugins in the mod/ directory are that aren't active are activated and the views * cache and simplecache are invalidated. * * @package Elgg.Core * @subpackage Administration.Plugins */ -$plugins = elgg_get_plugins('inactive'); +$guids = get_input('guids'); +$guids = explode(',', $guids); -foreach ($plugins as $plugin) { - if ($plugin->activate()) { - //system_message(elgg_echo('admin:plugins:activate:yes', array($plugin->manifest->getName()))); - } else { - register_error(elgg_echo('admin:plugins:activate:no', array($plugin->manifest->getName()))); +foreach ($guids as $guid) { + $plugin = get_entity($guid); + if (!$plugin->isActive()) { + if ($plugin->activate()) { + //system_message(elgg_echo('admin:plugins:activate:yes', array($plugin->getManifest()->getName()))); + } else { + $msg = $plugin->getError(); + $string = ($msg) ? 'admin:plugins:activate:no_with_msg' : 'admin:plugins:activate:no'; + register_error(elgg_echo($string, array($plugin->getFriendlyName(), $plugin->getError()))); + } } } -elgg_delete_admin_notice('first_installation_plugin_reminder'); - // don't regenerate the simplecache because the plugin won't be // loaded until next run. Just invalidate and let it regnerate as needed elgg_invalidate_simplecache(); -elgg_filepath_cache_reset(); +elgg_reset_system_cache(); forward(REFERER);
\ No newline at end of file diff --git a/actions/admin/plugins/deactivate.php b/actions/admin/plugins/deactivate.php index 7a9d59287..354f4717d 100644 --- a/actions/admin/plugins/deactivate.php +++ b/actions/admin/plugins/deactivate.php @@ -26,17 +26,28 @@ foreach ($plugin_guids as $guid) { } if ($plugin->deactivate()) { - //system_message(elgg_echo('admin:plugins:deactivate:yes', array($plugin->manifest->getName()))); + //system_message(elgg_echo('admin:plugins:deactivate:yes', array($plugin->getManifest()->getName()))); } else { - register_error(elgg_echo('admin:plugins:deactivate:no', array($plugin->manifest->getName()))); + $msg = $plugin->getError(); + $string = ($msg) ? 'admin:plugins:deactivate:no_with_msg' : 'admin:plugins:deactivate:no'; + register_error(elgg_echo($string, array($plugin->getFriendlyName(), $plugin->getError()))); } } -elgg_delete_admin_notice('first_installation_plugin_reminder'); - // don't regenerate the simplecache because the plugin won't be // loaded until next run. Just invalidate and let it regnerate as needed elgg_invalidate_simplecache(); -elgg_filepath_cache_reset(); +elgg_reset_system_cache(); -forward(REFERER); +if (count($plugin_guids) == 1) { + $url = 'admin/plugins'; + $query = (string)parse_url($_SERVER['HTTP_REFERER'], PHP_URL_QUERY); + if ($query) { + $url .= "?$query"; + } + $plugin = get_entity($plugin_guids[0]); + $id = preg_replace('/[^a-z0-9-]/i', '-', $plugin->getID()); + forward("$url#$id"); +} else { + forward(REFERER); +} diff --git a/actions/admin/plugins/deactivate_all.php b/actions/admin/plugins/deactivate_all.php index bdeda001f..8b347a633 100644 --- a/actions/admin/plugins/deactivate_all.php +++ b/actions/admin/plugins/deactivate_all.php @@ -1,29 +1,33 @@ <?php /** - * Disable all installed plugins. + * Disable all specified installed plugins. * - * All plugins in the mod/ directory are disabled and the views cache and simplecache + * Specified plugins in the mod/ directory are disabled and the views cache and simplecache * are reset. * * @package Elgg.Core * @subpackage Administration.Plugins */ -$plugins = elgg_get_plugins('active'); +$guids = get_input('guids'); +$guids = explode(',', $guids); -foreach ($plugins as $plugin) { - if ($plugin->deactivate()) { - //system_message(elgg_echo('admin:plugins:deactivate:yes', array($plugin->manifest->getName()))); - } else { - register_error(elgg_echo('admin:plugins:deactivate:no', array($plugin->manifest->getName()))); +foreach ($guids as $guid) { + $plugin = get_entity($guid); + if ($plugin->isActive()) { + if ($plugin->deactivate()) { + //system_message(elgg_echo('admin:plugins:activate:yes', array($plugin->getManifest()->getName()))); + } else { + $msg = $plugin->getError(); + $string = ($msg) ? 'admin:plugins:deactivate:no_with_msg' : 'admin:plugins:deactivate:no'; + register_error(elgg_echo($string, array($plugin->getFriendlyName(), $plugin->getError()))); + } } } -elgg_delete_admin_notice('first_installation_plugin_reminder'); - // don't regenerate the simplecache because the plugin won't be // loaded until next run. Just invalidate and let it regnerate as needed elgg_invalidate_simplecache(); -elgg_filepath_cache_reset(); +elgg_reset_system_cache(); forward(REFERER); diff --git a/actions/admin/plugins/set_priority.php b/actions/admin/plugins/set_priority.php index 1203e22de..edd735371 100644 --- a/actions/admin/plugins/set_priority.php +++ b/actions/admin/plugins/set_priority.php @@ -6,9 +6,8 @@ * overriding as well as the order of view extensions. Plugins with higher * priority are loaded after and override plugins with lower priorities. * - * NOTE: When viewing the admin page (advanced plugin admin in >= 1.8) plugins - * LOWER on the page have HIGHER priority and will override views, etc - * from plugins above them. + * NOTE: When viewing the plugin admin page, plugins LOWER on the page + * have HIGHER priority and will override views, etc from plugins above them. * * @package Elgg.Core * @subpackage Administration.Plugins @@ -25,16 +24,16 @@ if (!($plugin instanceof ElggPlugin)) { } if ($plugin->setPriority($priority)) { - //system_message(elgg_echo('admin:plugins:set_priority:yes', array($plugin->manifest->getName()))); + //system_message(elgg_echo('admin:plugins:set_priority:yes', array($plugin->getManifest()->getName()))); } else { - register_error(elgg_echo('admin:plugins:set_priority:no', array($plugin->manifest->getName()))); + $msg = $plugin->getError(); + $string = ($msg) ? 'admin:plugins:set_priority:no_with_msg' : 'admin:plugins:set_priority:no'; + register_error(elgg_echo($string, array($plugin->getFriendlyName(), $plugin->getError()))); } -elgg_delete_admin_notice('first_installation_plugin_reminder'); - // don't regenerate the simplecache because the plugin won't be // loaded until next run. Just invalidate and let it regnerate as needed elgg_invalidate_simplecache(); -elgg_filepath_cache_reset(); +elgg_reset_system_cache(); forward(REFERER);
\ No newline at end of file diff --git a/actions/admin/plugins/simple_update_states.php b/actions/admin/plugins/simple_update_states.php deleted file mode 100644 index 216a458f4..000000000 --- a/actions/admin/plugins/simple_update_states.php +++ /dev/null @@ -1,49 +0,0 @@ -<?php -/** - * Bulk activate/deactivate for plugins appearing in the "simple" interface. - * - * Plugins marked as using the "simple" interface can be activated/deactivated - * en masse by passing the plugins to activate as an array of their plugin guids - * in $_REQUEST['enabled_plugins']. All "simple" plugins not in this array will be - * deactivated. - * - * Simplecache and views cache are reset. - * - * @uses array $_REQUEST['activated_plugin_guids'] Array of plugin guids to activate. - * - * @since 1.8 - * @package Elgg.Core - * @subpackage Administration.Plugins - */ - -$active_plugin_guids = get_input('active_plugin_guids', array()); -$installed_plugins = elgg_get_plugins('any'); -$success = TRUE; - -foreach ($installed_plugins as $plugin) { - // this is only for simple plugins. - if ($plugin->manifest->getAdminInterface() != 'simple') { - continue; - } - - // only effect changes to plugins not already in that state. - if ($plugin->isActive() && !in_array($plugin->guid, $active_plugin_guids)) { - $success = $success && $plugin->deactivate(); - } elseif (!$plugin->isActive() && in_array($plugin->guid, $active_plugin_guids)) { - $success = $success && $plugin->activate(); - } -} - -if ($success) { - elgg_delete_admin_notice('first_installation_plugin_reminder'); - //system_message(elgg_echo('admin:plugins:simple_simple_success')); -} else { - register_error(elgg_echo('admin:plugins:simple_simple_fail')); -} - -// don't regenerate the simplecache because the plugin won't be -// loaded until next run. Just invalidate and let it regnerate as needed -elgg_invalidate_simplecache(); -elgg_filepath_cache_reset(); - -forward(REFERER);
\ No newline at end of file diff --git a/actions/admin/site/flush_cache.php b/actions/admin/site/flush_cache.php new file mode 100644 index 000000000..ebb8296c7 --- /dev/null +++ b/actions/admin/site/flush_cache.php @@ -0,0 +1,10 @@ +<?php +/** + * Flush all the caches + */ + +elgg_invalidate_simplecache(); +elgg_reset_system_cache(); + +system_message(elgg_echo('admin:cache:flushed')); +forward(REFERER);
\ No newline at end of file diff --git a/actions/admin/site/regenerate_secret.php b/actions/admin/site/regenerate_secret.php new file mode 100644 index 000000000..3112fb5f3 --- /dev/null +++ b/actions/admin/site/regenerate_secret.php @@ -0,0 +1,11 @@ +<?php +/** + * Generate a new site secret + */ + +init_site_secret(); +elgg_reset_system_cache(); + +system_message(elgg_echo('admin:site:secret_regenerated')); + +forward(REFERER); diff --git a/actions/admin/site/unlock_upgrade.php b/actions/admin/site/unlock_upgrade.php new file mode 100644 index 000000000..b625b1d26 --- /dev/null +++ b/actions/admin/site/unlock_upgrade.php @@ -0,0 +1,10 @@ +<?php +/** + * Unlocks the upgrade script + */ + +if (_elgg_upgrade_is_locked()) { + _elgg_upgrade_unlock(); +} +system_message(elgg_echo('upgrade:unlock:success')); +forward(REFERER); diff --git a/actions/admin/site/update_advanced.php b/actions/admin/site/update_advanced.php index 523c64e3e..4888b0a8d 100644 --- a/actions/admin/site/update_advanced.php +++ b/actions/admin/site/update_advanced.php @@ -9,27 +9,43 @@ * @subpackage Administration.Site */ -if (datalist_get('default_site')) { - $site = get_entity(datalist_get('default_site')); +if ($site = elgg_get_site_entity()) { if (!($site instanceof ElggSite)) { throw new InstallationException(elgg_echo('InvalidParameterException:NonElggSite')); } - $site->url = get_input('wwwroot'); + $site->url = rtrim(get_input('wwwroot', '', false), '/') . '/'; - datalist_set('path', sanitise_filepath(get_input('path'))); - datalist_set('dataroot', sanitise_filepath(get_input('dataroot'))); + datalist_set('path', sanitise_filepath(get_input('path', '', false))); + $dataroot = sanitise_filepath(get_input('dataroot', '', false)); + + // check for relative paths + if (stripos(PHP_OS, 'win') === 0) { + if (strpos($dataroot, ':') !== 1) { + $msg = elgg_echo('admin:configuration:dataroot:relative_path', array($dataroot)); + register_error($msg); + forward(REFERER); + } + } else { + if (strpos($dataroot, '/') !== 0) { + $msg = elgg_echo('admin:configuration:dataroot:relative_path', array($dataroot)); + register_error($msg); + forward(REFERER); + } + } + + datalist_set('dataroot', $dataroot); if (get_input('simplecache_enabled')) { - elgg_view_enable_simplecache(); + elgg_enable_simplecache(); } else { - elgg_view_disable_simplecache(); + elgg_disable_simplecache(); } - if (get_input('viewpath_cache_enabled')) { - elgg_enable_filepath_cache(); + if (get_input('system_cache_enabled')) { + elgg_enable_system_cache(); } else { - elgg_disable_filepath_cache(); + elgg_disable_system_cache(); } set_config('default_access', get_input('default_access', ACCESS_PRIVATE), $site->getGUID()); @@ -37,8 +53,6 @@ if (datalist_get('default_site')) { $user_default_access = (get_input('allow_user_default_access')) ? 1 : 0; set_config('allow_user_default_access', $user_default_access, $site->getGUID()); - set_config('view', get_input('view'), $site->getGUID()); - $debug = get_input('debug'); if ($debug) { set_config('debug', $debug, $site->getGUID()); diff --git a/actions/admin/site/update_basic.php b/actions/admin/site/update_basic.php index c809dc671..9765182cc 100644 --- a/actions/admin/site/update_basic.php +++ b/actions/admin/site/update_basic.php @@ -10,18 +10,18 @@ * @subpackage Administration.Site */ -if (datalist_get('default_site')) { - $site = get_entity(datalist_get('default_site')); +if ($site = elgg_get_site_entity()) { if (!($site instanceof ElggSite)) { throw new InstallationException(elgg_echo('InvalidParameterException:NonElggSite')); } $site->description = get_input('sitedescription'); - $site->name = get_input('sitename'); + $site->name = strip_tags(get_input('sitename')); $site->email = get_input('siteemail'); $site->save(); set_config('language', get_input('language'), $site->getGUID()); } +system_message(elgg_echo('admin:configuration:success')); forward(REFERER);
\ No newline at end of file diff --git a/actions/admin/user/ban.php b/actions/admin/user/ban.php index a8fa57925..209ece2a0 100644 --- a/actions/admin/user/ban.php +++ b/actions/admin/user/ban.php @@ -12,7 +12,7 @@ $guid = get_input('guid'); $user = get_entity($guid); -if ($guid == get_loggedin_userid()) { +if ($guid == elgg_get_logged_in_user_guid()) { register_error(elgg_echo('admin:user:self:ban:no')); forward(REFERER); } diff --git a/actions/admin/user/delete.php b/actions/admin/user/delete.php index c6ed5b819..7cfbd0925 100644 --- a/actions/admin/user/delete.php +++ b/actions/admin/user/delete.php @@ -13,7 +13,7 @@ $guid = get_input('guid'); $user = get_entity($guid); -if ($guid == get_loggedin_userid()) { +if ($guid == elgg_get_logged_in_user_guid()) { register_error(elgg_echo('admin:user:self:delete:no')); forward(REFERER); } @@ -34,7 +34,7 @@ if (($user instanceof ElggUser) && ($user->canEdit())) { // forward to user administration if on a user's page as it no longer exists $forward = REFERER; if (strpos($_SERVER['HTTP_REFERER'], $username) != FALSE) { - $forward = "pg/admin/user/"; + $forward = "admin/users/newest"; } forward($forward); diff --git a/actions/admin/user/removeadmin.php b/actions/admin/user/removeadmin.php index 4466e925f..8cebc7078 100644 --- a/actions/admin/user/removeadmin.php +++ b/actions/admin/user/removeadmin.php @@ -9,7 +9,7 @@ $guid = get_input('guid'); $user = get_entity($guid); -if ($guid == get_loggedin_userid()) { +if ($guid == elgg_get_logged_in_user_guid()) { register_error(elgg_echo('admin:user:self:removeadmin:no')); forward(REFERER); } diff --git a/actions/avatar/crop.php b/actions/avatar/crop.php index ed5faecfa..b9a80f331 100644 --- a/actions/avatar/crop.php +++ b/actions/avatar/crop.php @@ -22,14 +22,14 @@ $filehandler->owner_guid = $owner->getGUID(); $filehandler->setFilename("profile/" . $owner->guid . "master" . ".jpg"); $filename = $filehandler->getFilenameOnFilestore(); -//@todo make this configurable? -$icon_sizes = array( - 'topbar' => array('w'=>16, 'h'=>16, 'square'=>TRUE, 'upscale'=>TRUE), - 'tiny' => array('w'=>25, 'h'=>25, 'square'=>TRUE, 'upscale'=>TRUE), - 'small' => array('w'=>40, 'h'=>40, 'square'=>TRUE, 'upscale'=>TRUE), - 'medium' => array('w'=>100, 'h'=>100, 'square'=>TRUE, 'upscale'=>TRUE), - 'large' => array('w'=>200, 'h'=>200, 'square'=>FALSE, 'upscale'=>FALSE) -); +// ensuring the avatar image exists in the first place +if (!file_exists($filename)) { + register_error(elgg_echo('avatar:crop:fail')); + forward(REFERER); +} + +$icon_sizes = elgg_get_config('icon_sizes'); +unset($icon_sizes['master']); // get the images and save their file handlers into an array // so we can do clean up if one fails. @@ -52,7 +52,7 @@ foreach ($icon_sizes as $name => $size_info) { $file->delete(); } - system_message(elgg_echo('avatar:resize:fail')); + register_error(elgg_echo('avatar:resize:fail')); forward(REFERER); } } @@ -65,5 +65,8 @@ $owner->y1 = $y1; $owner->y2 = $y2; system_message(elgg_echo('avatar:crop:success')); +$view = 'river/user/default/profileiconupdate'; +elgg_delete_river(array('subject_guid' => $owner->guid, 'view' => $view)); +add_to_river($view, 'update', $owner->guid, $owner->guid); forward(REFERER); diff --git a/actions/avatar/remove.php b/actions/avatar/remove.php new file mode 100644 index 000000000..9cb40a760 --- /dev/null +++ b/actions/avatar/remove.php @@ -0,0 +1,36 @@ +<?php +/** + * Avatar remove action + */ + +$user_guid = get_input('guid'); +$user = get_user($user_guid); + +if (!$user || !$user->canEdit()) { + register_error(elgg_echo('avatar:remove:fail')); + forward(REFERER); +} + +// Delete all icons from diskspace +$icon_sizes = elgg_get_config('icon_sizes'); +foreach ($icon_sizes as $name => $size_info) { + $file = new ElggFile(); + $file->owner_guid = $user_guid; + $file->setFilename("profile/{$user_guid}{$name}.jpg"); + $filepath = $file->getFilenameOnFilestore(); + if (!$file->delete()) { + elgg_log("Avatar file remove failed. Remove $filepath manually, please.", 'WARNING'); + } +} + +// Remove crop coords +unset($user->x1); +unset($user->x2); +unset($user->y1); +unset($user->y2); + +// Remove icon +unset($user->icontime); + +system_message(elgg_echo('avatar:remove:success')); +forward(REFERER); diff --git a/actions/avatar/upload.php b/actions/avatar/upload.php index 052212e97..0752615e0 100644 --- a/actions/avatar/upload.php +++ b/actions/avatar/upload.php @@ -11,15 +11,12 @@ if (!$owner || !($owner instanceof ElggUser) || !$owner->canEdit()) { forward(REFERER); } -//@todo make this configurable? -$icon_sizes = array( - 'topbar' => array('w'=>16, 'h'=>16, 'square'=>TRUE, 'upscale'=>TRUE), - 'tiny' => array('w'=>25, 'h'=>25, 'square'=>TRUE, 'upscale'=>TRUE), - 'small' => array('w'=>40, 'h'=>40, 'square'=>TRUE, 'upscale'=>TRUE), - 'medium' => array('w'=>100, 'h'=>100, 'square'=>TRUE, 'upscale'=>TRUE), - 'large' => array('w'=>200, 'h'=>200, 'square'=>FALSE, 'upscale'=>FALSE), - 'master' => array('w'=>550, 'h'=>550, 'square'=>FALSE, 'upscale'=>FALSE) -); +if ($_FILES['avatar']['error'] != 0) { + register_error(elgg_echo('avatar:upload:fail')); + forward(REFERER); +} + +$icon_sizes = elgg_get_config('icon_sizes'); // get the images and save their file handlers into an array // so we can do clean up if one fails. @@ -42,14 +39,24 @@ foreach ($icon_sizes as $name => $size_info) { $file->delete(); } - system_message(elgg_echo('avatar:resize:fail')); + register_error(elgg_echo('avatar:resize:fail')); forward(REFERER); } } +// reset crop coordinates +$owner->x1 = 0; +$owner->x2 = 0; +$owner->y1 = 0; +$owner->y2 = 0; + $owner->icontime = time(); if (elgg_trigger_event('profileiconupdate', $owner->type, $owner)) { system_message(elgg_echo("avatar:upload:success")); + + $view = 'river/user/default/profileiconupdate'; + elgg_delete_river(array('subject_guid' => $owner->guid, 'view' => $view)); + add_to_river($view, 'update', $owner->guid, $owner->guid); } forward(REFERER); diff --git a/actions/comments/add.php b/actions/comments/add.php index 38c91c412..5bd741413 100644 --- a/actions/comments/add.php +++ b/actions/comments/add.php @@ -21,7 +21,7 @@ if (!$entity) { forward(REFERER); } -$user = get_loggedin_user(); +$user = elgg_get_logged_in_user_entity(); $annotation = create_annotation($entity->guid, 'generic_comment', diff --git a/actions/comments/delete.php b/actions/comments/delete.php index d0f5c7b84..c6b481da4 100644 --- a/actions/comments/delete.php +++ b/actions/comments/delete.php @@ -5,26 +5,14 @@ * @package Elgg */ -// Ensure we're logged in -if (!isloggedin()) { - forward(); -} - // Make sure we can get the comment in question $annotation_id = (int) get_input('annotation_id'); -if ($comment = get_annotation($annotation_id)) { - - $entity = get_entity($comment->entity_guid); - - if ($comment->canEdit()) { - $comment->delete(); - system_message(elgg_echo("generic_comment:deleted")); - forward($entity->getURL()); - } - +$comment = elgg_get_annotation_from_id($annotation_id); +if ($comment && $comment->canEdit()) { + $comment->delete(); + system_message(elgg_echo("generic_comment:deleted")); } else { - $url = ""; + register_error(elgg_echo("generic_comment:notdeleted")); } -register_error(elgg_echo("generic_comment:notdeleted")); forward(REFERER);
\ No newline at end of file diff --git a/actions/email/save.php b/actions/email/save.php deleted file mode 100644 index 13bc14d65..000000000 --- a/actions/email/save.php +++ /dev/null @@ -1,41 +0,0 @@ -<?php -/** - * Save email address for user. - * - * @package Elgg.Core - * @subpackage Administration.Users - */ - -$email = get_input('email'); -$user_id = get_input('guid'); - -if (!$user_id) { - $user = get_loggedin_user(); -} else { - $user = get_entity($user_id); -} - -if (!is_email_address($email)) { - register_error(elgg_echo('email:save:fail')); - forward(REFERER); -} - -if ($user) { - if (strcmp($email, $user->email) != 0) { - if (!get_user_by_email($email)) { - if ($user->email != $email) { - - $user->email = $email; - if ($user->save()) { - system_message(elgg_echo('email:save:success')); - } else { - register_error(elgg_echo('email:save:fail')); - } - } - } else { - register_error(elgg_echo('registration:dupeemail')); - } - } -} else { - register_error(elgg_echo('email:save:fail')); -} diff --git a/actions/friends/add.php b/actions/friends/add.php index e6fa5b62e..d1800ee14 100644 --- a/actions/friends/add.php +++ b/actions/friends/add.php @@ -9,12 +9,16 @@ // Get the GUID of the user to friend $friend_guid = get_input('friend'); $friend = get_entity($friend_guid); +if (!$friend) { + register_error(elgg_echo('error:missing_data')); + forward(REFERER); +} $errors = false; // Get the user try { - if (!get_loggedin_user()->addFriend($friend_guid)) { + if (!elgg_get_logged_in_user_entity()->addFriend($friend_guid)) { $errors = true; } } catch (Exception $e) { @@ -23,7 +27,7 @@ try { } if (!$errors) { // add to river - add_to_river('friends/river/create', 'friend', get_loggedin_userid(), $friend_guid); + add_to_river('river/relationship/friend/create', 'friend', elgg_get_logged_in_user_guid(), $friend_guid); system_message(elgg_echo("friends:add:successful", array($friend->name))); } diff --git a/actions/friends/addcollection.php b/actions/friends/addcollection.php deleted file mode 100644 index 92c78a2c1..000000000 --- a/actions/friends/addcollection.php +++ /dev/null @@ -1,36 +0,0 @@ -<?php -/** - * Elgg collection add page - * - * @package Elgg.Core - * @subpackage Friends.Collections - */ - -$collection_name = get_input('collection_name'); -$friends = get_input('friends_collection'); - -//first check to make sure that a collection name has been set and create the new colection -if ($collection_name) { - - //create the collection - $create_collection = create_access_collection($collection_name, get_loggedin_userid()); - - //if the collection was created and the user passed some friends from the form, add them - if ($create_collection && (!empty($friends))) { - //add friends to the collection - foreach ($friends as $friend) { - add_user_to_access_collection($friend, $create_collection); - } - } - - // Success message - system_message(elgg_echo("friends:collectionadded")); - // Forward to the collections page - forward("pg/collections/" . get_loggedin_user()->username); - -} else { - register_error(elgg_echo("friends:nocollectionname")); - - // Forward to the add collection page - forward("pg/collections/add"); -} diff --git a/actions/friends/collections/add.php b/actions/friends/collections/add.php new file mode 100644 index 000000000..e63a149f7 --- /dev/null +++ b/actions/friends/collections/add.php @@ -0,0 +1,31 @@ +<?php +/** + * Elgg collection add page + * + * @package Elgg.Core + * @subpackage Friends.Collections + */ + +$collection_name = htmlspecialchars(get_input('collection_name', '', false), ENT_QUOTES, 'UTF-8'); +$friends = get_input('friends_collection'); + +if (!$collection_name) { + register_error(elgg_echo("friends:nocollectionname")); + forward(REFERER); +} + +$id = create_access_collection($collection_name); + +if ($id) { + $result = update_access_collection($id, $friends); + if ($result) { + system_message(elgg_echo("friends:collectionadded")); + forward("collections/" . elgg_get_logged_in_user_entity()->username); + } else { + register_error(elgg_echo("friends:nocollectionname")); + forward(REFERER); + } +} else { + register_error(elgg_echo("friends:nocollectionname")); + forward(REFERER); +}
\ No newline at end of file diff --git a/actions/friends/collections/delete.php b/actions/friends/collections/delete.php new file mode 100644 index 000000000..ff8f1fb55 --- /dev/null +++ b/actions/friends/collections/delete.php @@ -0,0 +1,23 @@ +<?php +/** + * Elgg friends: delete collection action + * + * @package Elgg.Core + * @subpackage Friends.Collections + */ + +$collection_id = (int) get_input('collection'); + +// check the ACL exists and we can edit +if (!can_edit_access_collection($collection_id)) { + register_error(elgg_echo("friends:collectiondeletefailed")); + forward(REFERER); +} + +if (delete_access_collection($collection_id)) { + system_message(elgg_echo("friends:collectiondeleted")); +} else { + register_error(elgg_echo("friends:collectiondeletefailed")); +} + +forward(REFERER); diff --git a/actions/friends/collections/edit.php b/actions/friends/collections/edit.php new file mode 100644 index 000000000..9eb5e1eab --- /dev/null +++ b/actions/friends/collections/edit.php @@ -0,0 +1,23 @@ +<?php +/** + * Friends collection edit action + * + * @package Elgg.Core + * @subpackage Friends.Collections + */ + +$collection_id = get_input('collection_id'); +$friends = get_input('friend'); + +// check it exists and we can edit +if (!can_edit_access_collection($collection_id)) { + system_message(elgg_echo('friends:collection:edit_failed')); +} + +if (update_access_collection($collection_id, $friends)) { + system_message(elgg_echo('friends:collections:edited')); +} else { + system_message(elgg_echo('friends:collection:edit_failed')); +} + +forward(REFERER);
\ No newline at end of file diff --git a/actions/friends/deletecollection.php b/actions/friends/deletecollection.php deleted file mode 100644 index 1c3d878a1..000000000 --- a/actions/friends/deletecollection.php +++ /dev/null @@ -1,36 +0,0 @@ -<?php -/** - * Elgg friends: delete collection action - * - * @package Elgg.Core - * @subpackage Friends.Collections - */ - -$collection_id = (int) get_input('collection'); - -// Check to see that the access collection exist and grab its owner -$get_collection = get_access_collection($collection_id); - -if ($get_collection) { - - if ($get_collection->owner_guid == get_loggedin_userid()) { - - $delete_collection = delete_access_collection($collection_id); - - // Success message - if ($delete_collection) { - system_message(elgg_echo("friends:collectiondeleted")); - } else { - register_error(elgg_echo("friends:collectiondeletefailed")); - } - } else { - // Failure message - register_error(elgg_echo("friends:collectiondeletefailed")); - } -} else { - // Failure message - register_error(elgg_echo("friends:collectiondeletefailed")); -} - -// Forward to the collections page -forward("pg/collections/" . get_loggedin_user()->username); diff --git a/actions/friends/editcollection.php b/actions/friends/editcollection.php deleted file mode 100644 index 8fd1eae18..000000000 --- a/actions/friends/editcollection.php +++ /dev/null @@ -1,13 +0,0 @@ -<?php -/** - * Elgg collection add page - * - * @package Elgg.Core - * @subpackage Friends.Collections - */ - -$collection_id = get_input('collection_id'); -$friends = get_input('friend'); - -//chech the collection exists and the current user owners it -update_access_collection($collection_id, $friends);
\ No newline at end of file diff --git a/actions/friends/remove.php b/actions/friends/remove.php index 0a43c95bc..d69d18f31 100644 --- a/actions/friends/remove.php +++ b/actions/friends/remove.php @@ -14,7 +14,7 @@ $errors = false; // Get the user try{ if ($friend instanceof ElggUser) { - get_loggedin_user()->removeFriend($friend_guid); + elgg_get_logged_in_user_entity()->removeFriend($friend_guid); } else { register_error(elgg_echo("friends:remove:failure", array($friend->name))); $errors = true; diff --git a/actions/likes/add.php b/actions/likes/add.php deleted file mode 100644 index 9abe0b60e..000000000 --- a/actions/likes/add.php +++ /dev/null @@ -1,66 +0,0 @@ -<?php -/** - * Elgg add like action - * - * @package Elgg.Core - * @subpackage Likes - */ - -$entity_guid = (int) get_input('guid'); - -//check to see if the user has already liked the item -if (elgg_annotation_exists($entity_guid, 'likes')) { - system_message(elgg_echo("likes:alreadyliked")); - forward(REFERER); -} -// Let's see if we can get an entity with the specified GUID -$entity = get_entity($entity_guid); -if (!$entity) { - register_error(elgg_echo("likes:notfound")); - forward(REFERER); -} - -// cannot like your own stuff -if (get_loggedin_userid() == $entity->getOwnerGUID()) { - register_error(elgg_echo("likes:no_self_like")); - forward(REFERER); -} - -$user = get_loggedin_user(); -$annotation = create_annotation($entity->guid, - 'likes', - "likes", - "", - $user->guid, - $entity->access_id); - -// tell user annotation didn't work if that is the case -if (!$annotation) { - register_error(elgg_echo("likes:failure")); - forward(REFERER); -} - -// notify if poster wasn't owner -if ($entity->owner_guid != $user->guid) { - - notify_user($entity->owner_guid, - $user->guid, - elgg_echo('likes:email:subject'), - elgg_echo('likes:email:body', array( - $user->name, - $entity->title, - //$comment_text, - $entity->getURL(), - $user->name, - $user->getURL() - )) - ); -} - -system_message(elgg_echo("likes:likes")); - -//add to river -add_to_river('annotation/annotatelike', 'likes', $user->guid, $entity->guid, "", 0, $annotation); - -// Forward back to the page where the user 'liked' the object -forward(REFERER); diff --git a/actions/likes/delete.php b/actions/likes/delete.php deleted file mode 100644 index 7ccf2de37..000000000 --- a/actions/likes/delete.php +++ /dev/null @@ -1,31 +0,0 @@ -<?php -/** - * Elgg delete like action - * - * @package Elgg.Core - * @subpackage Likes - */ - -// Ensure we're logged in -if (!isloggedin()) { - forward(); -} - -// Make sure we can get the comment in question -$annotation_id = (int) get_input('annotation_id'); -if ($likes = get_annotation($annotation_id)) { - - $entity = get_entity($likes->entity_guid); - - if ($likes->canEdit()) { - $likes->delete(); - system_message(elgg_echo("likes:deleted")); - forward(REFERER); - } - -} else { - $url = ""; -} - -register_error(elgg_echo("likes:notdeleted")); -forward(REFERER);
\ No newline at end of file diff --git a/actions/login.php b/actions/login.php index 1b4fbe1fd..bd7f91299 100644 --- a/actions/login.php +++ b/actions/login.php @@ -6,10 +6,20 @@ * @subpackage User.Authentication */ +// set forward url +if (!empty($_SESSION['last_forward_from'])) { + $forward_url = $_SESSION['last_forward_from']; +} elseif (get_input('returntoreferer')) { + $forward_url = REFERER; +} else { + // forward to main index page + $forward_url = ''; +} + $username = get_input('username'); -$password = get_input("password"); -$persistent = get_input("persistent", FALSE); -$result = FALSE; +$password = get_input('password', null, false); +$persistent = (bool) get_input("persistent"); +$result = false; if (empty($username) || empty($password)) { register_error(elgg_echo('login:empty')); @@ -17,8 +27,7 @@ if (empty($username) || empty($password)) { } // check if logging in with email address -// @todo Are usernames with @ not allowed? -if (strpos($username, '@') !== FALSE && ($users = get_user_by_email($username))) { +if (strpos($username, '@') !== false && ($users = get_user_by_email($username))) { $username = $users[0]->username; } @@ -36,21 +45,25 @@ if (!$user) { try { login($user, $persistent); + // re-register at least the core language file for users with language other than site default + register_translations(dirname(dirname(__FILE__)) . "/languages/"); } catch (LoginException $e) { register_error($e->getMessage()); forward(REFERER); } -// forward to correct page -if (isset($_SESSION['last_forward_from']) && $_SESSION['last_forward_from']) { - $forward_url = $_SESSION['last_forward_from']; - unset($_SESSION['last_forward_from']); -} elseif (get_input('returntoreferer')) { - $forward_url = REFERER; +// elgg_echo() caches the language and does not provide a way to change the language. +// @todo we need to use the config object to store this so that the current language +// can be changed. Refs #4171 +if ($user->language) { + $message = elgg_echo('loginok', array(), $user->language); } else { - // forward to main index page - $forward_url = ''; + $message = elgg_echo('loginok'); +} + +if (isset($_SESSION['last_forward_from'])) { + unset($_SESSION['last_forward_from']); } -system_message(elgg_echo('loginok')); +system_message($message); forward($forward_url); diff --git a/actions/logout.php b/actions/logout.php index 98926d205..c48a26b15 100644 --- a/actions/logout.php +++ b/actions/logout.php @@ -12,6 +12,7 @@ $result = logout(); // Set the system_message as appropriate if ($result) { system_message(elgg_echo('logoutok')); + forward(); } else { register_error(elgg_echo('logouterror')); }
\ No newline at end of file diff --git a/actions/notifications/settings/usersettings/save.php b/actions/notifications/settings/usersettings/save.php index eaa01c3ad..455a444e1 100644 --- a/actions/notifications/settings/usersettings/save.php +++ b/actions/notifications/settings/usersettings/save.php @@ -17,7 +17,7 @@ foreach ($method as $k => $v) { continue; } - $result = set_user_notification_setting(get_loggedin_userid(), $k, ($v == 'yes') ? true : false); + $result = set_user_notification_setting(elgg_get_logged_in_user_guid(), $k, ($v == 'yes') ? true : false); if (!$result) { register_error(elgg_echo('notifications:usersettings:save:fail')); diff --git a/actions/plugins/settings/save.php b/actions/plugins/settings/save.php index 3fa45e0c1..581a2f9ec 100644 --- a/actions/plugins/settings/save.php +++ b/actions/plugins/settings/save.php @@ -1,34 +1,37 @@ <?php /** - * Elgg plugin settings save action. + * Saves global plugin settings. * - * @package Elgg - * @subpackage Core + * This action can be overriden for a specific plugin by creating the + * <plugin_id>/settings/save action in that plugin. + * + * @uses array $_REQUEST['params'] A set of key/value pairs to save to the ElggPlugin entity + * @uses int $_REQUEST['plugin_id'] The ID of the plugin + * + * @package Elgg.Core + * @subpackage Plugins.Settings */ $params = get_input('params'); -$plugin = get_input('plugin'); -if (!$plugin_info = load_plugin_manifest($plugin)) { - register_error(elgg_echo('plugins:settings:save:fail', array($plugin))); +$plugin_id = get_input('plugin_id'); +$plugin = elgg_get_plugin_from_id($plugin_id); + +if (!($plugin instanceof ElggPlugin)) { + register_error(elgg_echo('plugins:settings:save:fail', array($plugin_id))); forward(REFERER); } -$plugin_name = $plugin_info['name']; +$plugin_name = $plugin->getManifest()->getName(); $result = false; -$options = array( - 'plugin' => $plugin, - 'manifest' => $plugin_info, - 'settings' => $params -); - // allow a plugin to override the save action for their settings -if (elgg_action_exist("settings/$plugin/save")) { - action("settings/$plugin/save"); +if (elgg_action_exists("$plugin_id/settings/save")) { + action("$plugin_id/settings/save"); } else { foreach ($params as $k => $v) { - if (!$result = set_plugin_setting($k, $v, $plugin)) { + $result = $plugin->setSetting($k, $v); + if (!$result) { register_error(elgg_echo('plugins:settings:save:fail', array($plugin_name))); forward(REFERER); exit; @@ -37,21 +40,4 @@ if (elgg_action_exist("settings/$plugin/save")) { } system_message(elgg_echo('plugins:settings:save:ok', array($plugin_name))); -forward(REFERER); -// -//$trigger = elgg_trigger_plugin_hook('plugin:save_settings', $plugin, $options, NULL); -//if ($trigger === NULL) { -// foreach ($params as $k => $v) { -// if (!$result = set_plugin_setting($k, $v, $plugin)) { -// register_error(elgg_echo('plugins:settings:save:fail', array($plugin_name))); -// forward(REFERER); -// exit; -// } -// } -//} elseif ($trigger === FALSE) { -// register_error(elgg_echo('plugins:settings:save:fail', array($plugin_name))); -// forward(REFERER); -//} -// -//system_message(elgg_echo('plugins:settings:save:ok', array($plugin_name))); -//forward(REFERER);
\ No newline at end of file +forward(REFERER);
\ No newline at end of file diff --git a/actions/plugins/usersettings/save.php b/actions/plugins/usersettings/save.php index ddf7e822e..f6b8ab0b6 100644 --- a/actions/plugins/usersettings/save.php +++ b/actions/plugins/usersettings/save.php @@ -1,27 +1,58 @@ <?php /** - * Elgg plugin user settings save action. + * Saves user-specific plugin settings. * - * @package Elgg - * @subpackage Core + * This action can be overriden for a specific plugin by creating the + * <plugin_id>/usersettings/save action in that plugin. + * + * @uses array $_REQUEST['params'] A set of key/value pairs to save to the ElggPlugin entity + * @uses int $_REQUEST['plugin_id'] The id of the plugin + * @uses int $_REQUEST['user_guid'] The GUID of the user to save settings for. + * + * @package Elgg.Core + * @subpackage Plugins.Settings */ $params = get_input('params'); -$plugin = get_input('plugin'); +$plugin_id = get_input('plugin_id'); +$user_guid = get_input('user_guid', elgg_get_logged_in_user_guid()); +$plugin = elgg_get_plugin_from_id($plugin_id); +$user = get_entity($user_guid); + +if (!($plugin instanceof ElggPlugin)) { + register_error(elgg_echo('plugins:usersettings:save:fail', array($plugin_id))); + forward(REFERER); +} + +if (!($user instanceof ElggUser)) { + register_error(elgg_echo('plugins:usersettings:save:fail', array($plugin_id))); + forward(REFERER); +} + +$plugin_name = $plugin->getManifest()->getName(); + +// make sure we're admin or the user +if (!$user->canEdit()) { + register_error(elgg_echo('plugins:usersettings:save:fail', array($plugin_name))); + forward(REFERER); +} $result = false; -foreach ($params as $k => $v) { - // Save - $result = set_plugin_usersetting($k, $v, get_loggedin_userid(), $plugin); +if (elgg_action_exists("$plugin_id/usersettings/save")) { + action("$plugin_id/usersettings/save"); +} else { + foreach ($params as $k => $v) { + // Save + $result = $plugin->setUserSetting($k, $v, $user->guid); - // Error? - if (!$result) { - register_error(elgg_echo('plugins:usersettings:save:fail', array($plugin))); - forward(REFERER); - exit; + // Error? + if (!$result) { + register_error(elgg_echo('plugins:usersettings:save:fail', array($plugin_name))); + forward(REFERER); + } } } -system_message(elgg_echo('plugins:usersettings:save:ok', array($plugin))); +system_message(elgg_echo('plugins:usersettings:save:ok', array($plugin_name))); forward(REFERER); diff --git a/actions/profile/edit.php b/actions/profile/edit.php index 260f2aba9..e1f066e82 100644 --- a/actions/profile/edit.php +++ b/actions/profile/edit.php @@ -4,6 +4,8 @@ * */ +elgg_make_sticky_form('profile:edit'); + $guid = get_input('guid'); $owner = get_entity($guid); @@ -25,7 +27,7 @@ if (!is_array($accesslevel)) { * wrapper for recursive array walk decoding */ function profile_array_decoder(&$v) { - $v = html_entity_decode($v, ENT_COMPAT, 'UTF-8'); + $v = _elgg_html_decode($v); } $profile_fields = elgg_get_config('profile_fields'); @@ -37,7 +39,7 @@ foreach ($profile_fields as $shortname => $valuetype) { if (is_array($value)) { array_walk_recursive($value, 'profile_array_decoder'); } else { - $value = html_entity_decode($value, ENT_COMPAT, 'UTF-8'); + $value = _elgg_html_decode($value); } // limit to reasonable sizes @@ -48,10 +50,14 @@ foreach ($profile_fields as $shortname => $valuetype) { forward(REFERER); } + if ($value && $valuetype == 'url' && !preg_match('~^https?\://~i', $value)) { + $value = "http://$value"; + } + if ($valuetype == 'tags') { $value = string_to_tag_array($value); } - + $input[$shortname] = $value; } @@ -62,34 +68,39 @@ if ($name) { register_error(elgg_echo('user:name:fail')); } elseif ($owner->name != $name) { $owner->name = $name; - // @todo this is weird...giving two notifications? - if ($owner->save()) { - system_message(elgg_echo('user:name:success')); - } else { - register_error(elgg_echo('user:name:fail')); - } + $owner->save(); } } // go through custom fields if (sizeof($input) > 0) { foreach ($input as $shortname => $value) { - remove_metadata($owner->guid, $shortname); - if (isset($accesslevel[$shortname])) { - $access_id = (int) $accesslevel[$shortname]; - } else { - // this should never be executed since the access level should always be set - $access_id = ACCESS_DEFAULT; - } - if (is_array($value)) { - $i = 0; - foreach ($value as $interval) { - $i++; - $multiple = ($i > 1) ? TRUE : FALSE; - create_metadata($owner->guid, $shortname, $interval, 'text', $owner->guid, $access_id, $multiple); + $options = array( + 'guid' => $owner->guid, + 'metadata_name' => $shortname, + 'limit' => false + ); + elgg_delete_metadata($options); + + if (!is_null($value) && ($value !== '')) { + // only create metadata for non empty values (0 is allowed) to prevent metadata records with empty string values #4858 + + if (isset($accesslevel[$shortname])) { + $access_id = (int) $accesslevel[$shortname]; + } else { + // this should never be executed since the access level should always be set + $access_id = ACCESS_DEFAULT; + } + if (is_array($value)) { + $i = 0; + foreach ($value as $interval) { + $i++; + $multiple = ($i > 1) ? TRUE : FALSE; + create_metadata($owner->guid, $shortname, $interval, 'text', $owner->guid, $access_id, $multiple); + } + } else { + create_metadata($owner->getGUID(), $shortname, $value, 'text', $owner->getGUID(), $access_id); } - } else { - create_metadata($owner->getGUID(), $shortname, $value, 'text', $owner->getGUID(), $access_id); } } @@ -98,6 +109,7 @@ if (sizeof($input) > 0) { // Notify of profile update elgg_trigger_event('profileupdate', $owner->type, $owner); + elgg_clear_sticky_form('profile:edit'); system_message(elgg_echo("profile:saved")); } diff --git a/actions/profile/fields/add.php b/actions/profile/fields/add.php index b35df1549..fce783092 100644 --- a/actions/profile/fields/add.php +++ b/actions/profile/fields/add.php @@ -2,7 +2,6 @@ /** * Elgg profile plugin edit default profile action * - * @package ElggProfile */ $label = get_input('label'); diff --git a/actions/profile/fields/delete.php b/actions/profile/fields/delete.php index 26ab48cba..9879feb3f 100644 --- a/actions/profile/fields/delete.php +++ b/actions/profile/fields/delete.php @@ -2,7 +2,6 @@ /** * Elgg profile plugin edit default profile action removal * - * @package ElggProfile */ $id = get_input('id'); diff --git a/actions/profile/fields/reorder.php b/actions/profile/fields/reorder.php index dd7a682a6..27c716749 100644 --- a/actions/profile/fields/reorder.php +++ b/actions/profile/fields/reorder.php @@ -2,11 +2,11 @@ /** * Elgg profile plugin reorder fields * - * @package ElggProfile */ $ordering = get_input('fieldorder'); $result = elgg_save_config('profile_custom_fields', $ordering); -exit;
\ No newline at end of file +// called by ajax so we exit +exit; diff --git a/actions/register.php b/actions/register.php index 33ee19aee..73926232c 100644 --- a/actions/register.php +++ b/actions/register.php @@ -6,10 +6,12 @@ * @subpackage User.Account */ +elgg_make_sticky_form('register'); + // Get variables $username = get_input('username'); -$password = get_input('password'); -$password2 = get_input('password2'); +$password = get_input('password', null, false); +$password2 = get_input('password2', null, false); $email = get_input('email'); $name = get_input('name'); $friend_guid = (int) get_input('friend_guid', 0); @@ -43,13 +45,16 @@ if (elgg_get_config('allow_registration')) { // @todo should registration be allowed no matter what the plugins return? if (!elgg_trigger_plugin_hook('register', 'user', $params, TRUE)) { + $ia = elgg_set_ignore_access(true); $new_user->delete(); + elgg_set_ignore_access($ia); // @todo this is a generic messages. We could have plugins // throw a RegistrationException, but that is very odd // for the plugin hooks system. throw new RegistrationException(elgg_echo('registerbad')); } + elgg_clear_sticky_form('register'); system_message(elgg_echo("registerok", array(elgg_get_site_entity()->name))); // if exception thrown, this probably means there is a validation @@ -72,4 +77,4 @@ if (elgg_get_config('allow_registration')) { register_error(elgg_echo('registerdisabled')); } -forward(REFERER);
\ No newline at end of file +forward(REFERER); diff --git a/actions/river/delete.php b/actions/river/delete.php new file mode 100644 index 000000000..0d8297932 --- /dev/null +++ b/actions/river/delete.php @@ -0,0 +1,21 @@ +<?php +/** + * River item delete action + * + * @package Elgg + * @subpackage Core + */ + +$id = get_input('id', false); + +if ($id !== false && elgg_is_admin_logged_in()) { + if (elgg_delete_river(array('id' => $id))) { + system_message(elgg_echo('river:delete:success')); + } else { + register_error(elgg_echo('river:delete:fail')); + } +} else { + register_error(elgg_echo('river:delete:fail')); +} + +forward(REFERER); diff --git a/actions/user/default_access.php b/actions/user/default_access.php deleted file mode 100644 index 0b7d0bfbd..000000000 --- a/actions/user/default_access.php +++ /dev/null @@ -1,31 +0,0 @@ -<?php -/** - * Action for changing a user's default access level - * - * @package Elgg - * @subpackage Core - */ - -if (elgg_get_config('allow_user_default_access')) { - $default_access = get_input('default_access'); - $user_id = get_input('guid'); - - if (!$user_id) { - $user = get_loggedin_user(); - } else { - $user = get_entity($user_id); - } - - if ($user) { - $current_default_access = $user->getPrivateSetting('elgg_default_access'); - if ($default_access !== $current_default_access) { - if ($user->setPrivateSetting('elgg_default_access', $default_access)) { - system_message(elgg_echo('user:default_access:success')); - } else { - register_error(elgg_echo('user:default_access:fail')); - } - } - } else { - register_error(elgg_echo('user:default_access:fail')); - } -} diff --git a/actions/user/language.php b/actions/user/language.php deleted file mode 100644 index 44c591d7a..000000000 --- a/actions/user/language.php +++ /dev/null @@ -1,29 +0,0 @@ -<?php -/** - * Action for changing a user's personal language settings - * - * @package Elgg - * @subpackage Core - */ - -$language = get_input('language'); -$user_id = get_input('guid'); - -if (!$user_id) { - $user = get_loggedin_user(); -} else { - $user = get_entity($user_id); -} - -if (($user) && ($language)) { - if (strcmp($language, $user->language) != 0) { - $user->language = $language; - if ($user->save()) { - system_message(elgg_echo('user:language:success')); - } else { - register_error(elgg_echo('user:language:fail')); - } - } -} else { - register_error(elgg_echo('user:language:fail')); -} diff --git a/actions/user/name.php b/actions/user/name.php deleted file mode 100644 index e293d409c..000000000 --- a/actions/user/name.php +++ /dev/null @@ -1,34 +0,0 @@ -<?php -/** - * Action for changing a user's name - * - * @package Elgg - * @subpackage Core - */ - -$name = strip_tags(get_input('name')); -$user_id = get_input('guid'); - -if (!$user_id) { - $user = get_loggedin_user(); -} else { - $user = get_entity($user_id); -} - -if (elgg_strlen($name) > 50) { - register_error(elgg_echo('user:name:fail')); - forward(REFERER); -} - -if (($user) && ($user->canEdit()) && ($name)) { - if ($name != $user->name) { - $user->name = $name; - if ($user->save()) { - system_message(elgg_echo('user:name:success')); - } else { - register_error(elgg_echo('user:name:fail')); - } - } -} else { - register_error(elgg_echo('user:name:fail')); -} diff --git a/actions/user/password.php b/actions/user/password.php deleted file mode 100644 index bbeb0ea7f..000000000 --- a/actions/user/password.php +++ /dev/null @@ -1,49 +0,0 @@ -<?php -/** - * Action for changing a user's password - * - * @package Elgg - * @subpackage Core - */ - -$current_password = get_input('current_password'); -$password = get_input('password'); -$password2 = get_input('password2'); -$user_id = get_input('guid'); - -if (!$user_id) { - $user = get_loggedin_user(); -} else { - $user = get_entity($user_id); -} - -if (($user) && ($password != "")) { - // let admin user change anyone's password without knowing it except his own. - if (!isadminloggedin() || isadminloggedin() && $user->guid == get_loggedin_userid()) { - $credentials = array( - 'username' => $user->username, - 'password' => $current_password - ); - - if (!pam_auth_userpass($credentials)) { - register_error(elgg_echo('user:password:fail:incorrect_current_password')); - forward(REFERER); - } - } - - if (strlen($password) >= 4) { - if ($password == $password2) { - $user->salt = generate_random_cleartext_password(); // Reset the salt - $user->password = generate_user_password($user, $password); - if ($user->save()) { - system_message(elgg_echo('user:password:success')); - } else { - register_error(elgg_echo('user:password:fail')); - } - } else { - register_error(elgg_echo('user:password:fail:notsame')); - } - } else { - register_error(elgg_echo('user:password:fail:tooshort')); - } -} diff --git a/actions/user/requestnewpassword.php b/actions/user/requestnewpassword.php index 5dfa24952..f1d4fa43c 100644 --- a/actions/user/requestnewpassword.php +++ b/actions/user/requestnewpassword.php @@ -8,6 +8,11 @@ $username = get_input('username'); +// allow email addresses +if (strpos($username, '@') !== false && ($users = get_user_by_email($username))) { + $username = $users[0]->username; +} + $user = get_user_by_username($username); if ($user) { if (send_new_password_request($user->guid)) { diff --git a/actions/user/spotlight.php b/actions/user/spotlight.php index 390197e78..202dde387 100644 --- a/actions/user/spotlight.php +++ b/actions/user/spotlight.php @@ -14,6 +14,6 @@ if ($closed != 'true') { $closed = true; } -get_loggedin_user()->spotlightclosed = $closed; +elgg_get_logged_in_user_entity()->spotlightclosed = $closed; // exit as this action is called through Ajax exit;
\ No newline at end of file diff --git a/actions/useradd.php b/actions/useradd.php index 0219361fb..17459021b 100644 --- a/actions/useradd.php +++ b/actions/useradd.php @@ -6,10 +6,12 @@ * @subpackage Core */ +elgg_make_sticky_form('useradd'); + // Get variables $username = get_input('username'); -$password = get_input('password'); -$password2 = get_input('password2'); +$password = get_input('password', null, false); +$password2 = get_input('password2', null, false); $email = get_input('email'); $name = get_input('name'); @@ -18,18 +20,32 @@ if (is_array($admin)) { $admin = $admin[0]; } +// no blank fields +if ($username == '' || $password == '' || $password2 == '' || $email == '' || $name == '') { + register_error(elgg_echo('register:fields')); + forward(REFERER); +} + +if (strcmp($password, $password2) != 0) { + register_error(elgg_echo('RegistrationException:PasswordMismatch')); + forward(REFERER); +} + // For now, just try and register the user try { $guid = register_user($username, $password, $name, $email, TRUE); - if (((trim($password) != "") && (strcmp($password, $password2) == 0)) && ($guid)) { + if ($guid) { $new_user = get_entity($guid); - if (($guid) && ($admin)) { + if ($new_user && $admin && elgg_is_admin_logged_in()) { $new_user->makeAdmin(); } + elgg_clear_sticky_form('useradd'); + $new_user->admin_created = TRUE; - $new_user->created_by_guid = get_loggedin_userid(); + // @todo ugh, saving a guid as metadata! + $new_user->created_by_guid = elgg_get_logged_in_user_guid(); $subject = elgg_echo('useradd:subject'); $body = elgg_echo('useradd:body', array( diff --git a/actions/widgets/add.php b/actions/widgets/add.php index 38686b36d..d7b2f291c 100644 --- a/actions/widgets/add.php +++ b/actions/widgets/add.php @@ -6,18 +6,23 @@ * @subpackage Widgets.Management */ -$user_guid = get_input('user_guid'); +$owner_guid = get_input('owner_guid'); $handler = get_input('handler'); $context = get_input('context'); +$show_access = (bool)get_input('show_access', true); $column = get_input('column', 1); +$default_widgets = get_input('default_widgets', 0); elgg_push_context($context); +if ($default_widgets) { + elgg_push_context('default_widgets'); +} elgg_push_context('widgets'); -if (!empty($user_guid)) { - $user = get_entity($user_guid); - if ($user && $user->canEdit()) { - $guid = elgg_create_widget($user->getGUID(), $handler, $context); +if (!empty($owner_guid)) { + $owner = get_entity($owner_guid); + if ($owner && $owner->canEdit()) { + $guid = elgg_create_widget($owner->getGUID(), $handler, $context); if ($guid) { $widget = get_entity($guid); @@ -25,13 +30,13 @@ if (!empty($user_guid)) { $widget->move($column, 0); // send widget html for insertion - echo elgg_view_entity($widget); + echo elgg_view_entity($widget, array('show_access' => $show_access)); - system_message(elgg_echo('widgets:add:success')); + //system_message(elgg_echo('widgets:add:success')); forward(REFERER); } } } register_error(elgg_echo('widgets:add:failure')); -forward(REFERER);
\ No newline at end of file +forward(REFERER); diff --git a/actions/widgets/delete.php b/actions/widgets/delete.php index 167324b0c..47920013d 100644 --- a/actions/widgets/delete.php +++ b/actions/widgets/delete.php @@ -6,12 +6,13 @@ * @subpackage Widgets.Management */ -$guid = get_input('guid'); +$widget_guid = get_input('widget_guid'); +$owner_guid = get_input('owner_guid', elgg_get_logged_in_user_guid()); -$user = get_loggedin_user(); +$widget = get_entity($widget_guid); +$owner = get_entity($owner_guid); -$widget = get_entity($guid); -if ($widget && $user->canEdit() && $widget->delete()) { +if ($widget && $owner->canEdit() && $widget->delete()) { forward(REFERER); } diff --git a/actions/widgets/move.php b/actions/widgets/move.php index 276dcb55e..eab650c9c 100644 --- a/actions/widgets/move.php +++ b/actions/widgets/move.php @@ -6,14 +6,16 @@ * @subpackage Widgets.Management */ -$guid = get_input('guid'); +$widget_guid = get_input('widget_guid'); $column = get_input('column', 1); $position = get_input('position'); +$owner_guid = get_input('owner_guid', elgg_get_logged_in_user_guid()); -$user = get_loggedin_user(); +$widget = get_entity($widget_guid); +$owner = get_entity($owner_guid); -$widget = get_entity($guid); -if ($widget && $user->canEdit()) { + +if ($widget && $owner->canEdit()) { $widget->move($column, $position); forward(REFERER); } diff --git a/actions/widgets/save.php b/actions/widgets/save.php index b1649cc17..e15deab77 100644 --- a/actions/widgets/save.php +++ b/actions/widgets/save.php @@ -4,18 +4,39 @@ * * @package Elgg.Core * @subpackage Widgets.Management + * + * @uses int $_REQUEST['guid'] The guid of the widget to save + * @uses array $_REQUEST['params'] An array of params to set on the widget. + * @uses int $_REQUEST['default_widgets'] Flag for if these settings are for default wigets. + * @uses string $_REQUEST['context'] An optional context of the widget. Used to return + * the correct output if widget content changes + * depending on context. + * */ elgg_set_context('widgets'); $guid = get_input('guid'); $params = get_input('params'); +$default_widgets = get_input('default_widgets', 0); +$context = get_input('context'); $widget = get_entity($guid); if ($widget && $widget->saveSettings($params)) { elgg_set_page_owner_guid($widget->getContainerGUID()); - $view = "widgets/$widget->handler/content"; - echo elgg_view($view, array('entity' => $widget)); + if ($context) { + elgg_push_context($context); + } + + if (!$default_widgets) { + if (elgg_view_exists("widgets/$widget->handler/content")) { + $view = "widgets/$widget->handler/content"; + } else { + elgg_deprecated_notice("widgets use content as the display view", 1.8); + $view = "widgets/$widget->handler/view"; + } + echo elgg_view($view, array('entity' => $widget)); + } } else { register_error(elgg_echo('widgets:save:failure')); } diff --git a/actions/widgets/upgrade.php b/actions/widgets/upgrade.php new file mode 100644 index 000000000..0a5cf8d48 --- /dev/null +++ b/actions/widgets/upgrade.php @@ -0,0 +1,65 @@ +<?php +/** + * Upgrade default widgets for Elgg 1.8 + * + * Pre-1.8, default widgets were stored as metadata on a defaultwidgets object. + * Now they are stored as widget objects owned by the site. + * + * @package Elgg.Core + * @subpackage Widgets.Management + */ + +$object = elgg_get_entities(array( + 'type' => 'object', + 'subtype' => 'moddefaultwidgets', + 'limit' => 1, +)); + +if (!$object) { + forward(REFERER); +} + +$object = $object[0]; + +$site = elgg_get_site_entity(); + +$ia = elgg_set_ignore_access(true); +foreach (array('profile', 'dashboard') as $context) { + if (isset($object->$context)) { + elgg_push_context($context); + elgg_push_context('default_widgets'); + elgg_push_context('widgets'); + + // deserialize the widget information + list($left, $middle, $right) = split('%%', $object->$context); + $left_widgets = split('::', $left); + $middle_widgets = split('::', $middle); + $right_widgets = split('::', $right); + + // 1st column is right column in default theme + $widgets = array( + 1 => array_reverse($right_widgets), + 2 => array_reverse($middle_widgets), + 3 => array_reverse($left_widgets), + ); + + foreach ($widgets as $column => $column_widgets) { + foreach ($column_widgets as $handler) { + $guid = elgg_create_widget($site->getGUID(), $handler, $context); + if ($guid) { + $widget = get_entity($guid); + $widget->move($column, 0); + } + } + } + + elgg_pop_context(); + elgg_pop_context(); + elgg_pop_context(); + } +} +elgg_set_ignore_access($ia); + +$object->delete(); +system_message(elgg_echo('upgrade:core')); +forward(REFERER); |