diff options
Diffstat (limited to 'actions')
28 files changed, 222 insertions, 88 deletions
diff --git a/actions/admin/plugins/activate.php b/actions/admin/plugins/activate.php index 224b5a2ae..5234a4ca5 100644 --- a/actions/admin/plugins/activate.php +++ b/actions/admin/plugins/activate.php @@ -38,7 +38,7 @@ foreach ($plugin_guids as $guid) { // don't regenerate the simplecache because the plugin won't be // loaded until next run. Just invalidate and let it regenerate as needed elgg_invalidate_simplecache(); -elgg_filepath_cache_reset(); +elgg_reset_system_cache(); if (count($activated_guids) === 1) { $url = 'admin/plugins'; @@ -47,7 +47,8 @@ if (count($activated_guids) === 1) { $url .= "?$query"; } $plugin = get_entity($plugin_guids[0]); - forward("$url#{$plugin->getID()}"); + $id = $css_id = preg_replace('/[^a-z0-9-]/i', '-', $plugin->getID()); + forward("$url#$id"); } else { // forward to top of page with a failure so remove any #foo $url = $_SERVER['HTTP_REFERER']; diff --git a/actions/admin/plugins/activate_all.php b/actions/admin/plugins/activate_all.php index 19c142346..4514ccbdf 100644 --- a/actions/admin/plugins/activate_all.php +++ b/actions/admin/plugins/activate_all.php @@ -28,6 +28,6 @@ foreach ($guids as $guid) { // don't regenerate the simplecache because the plugin won't be // loaded until next run. Just invalidate and let it regnerate as needed elgg_invalidate_simplecache(); -elgg_filepath_cache_reset(); +elgg_reset_system_cache(); forward(REFERER);
\ No newline at end of file diff --git a/actions/admin/plugins/deactivate.php b/actions/admin/plugins/deactivate.php index 2ce796eff..354f4717d 100644 --- a/actions/admin/plugins/deactivate.php +++ b/actions/admin/plugins/deactivate.php @@ -37,7 +37,7 @@ foreach ($plugin_guids as $guid) { // don't regenerate the simplecache because the plugin won't be // loaded until next run. Just invalidate and let it regnerate as needed elgg_invalidate_simplecache(); -elgg_filepath_cache_reset(); +elgg_reset_system_cache(); if (count($plugin_guids) == 1) { $url = 'admin/plugins'; @@ -46,7 +46,8 @@ if (count($plugin_guids) == 1) { $url .= "?$query"; } $plugin = get_entity($plugin_guids[0]); - forward("$url#{$plugin->getID()}"); + $id = preg_replace('/[^a-z0-9-]/i', '-', $plugin->getID()); + forward("$url#$id"); } else { forward(REFERER); } diff --git a/actions/admin/plugins/deactivate_all.php b/actions/admin/plugins/deactivate_all.php index 479e9c607..8b347a633 100644 --- a/actions/admin/plugins/deactivate_all.php +++ b/actions/admin/plugins/deactivate_all.php @@ -28,6 +28,6 @@ foreach ($guids as $guid) { // don't regenerate the simplecache because the plugin won't be // loaded until next run. Just invalidate and let it regnerate as needed elgg_invalidate_simplecache(); -elgg_filepath_cache_reset(); +elgg_reset_system_cache(); forward(REFERER); diff --git a/actions/admin/plugins/set_priority.php b/actions/admin/plugins/set_priority.php index 79b1c4c53..edd735371 100644 --- a/actions/admin/plugins/set_priority.php +++ b/actions/admin/plugins/set_priority.php @@ -34,6 +34,6 @@ if ($plugin->setPriority($priority)) { // don't regenerate the simplecache because the plugin won't be // loaded until next run. Just invalidate and let it regnerate as needed elgg_invalidate_simplecache(); -elgg_filepath_cache_reset(); +elgg_reset_system_cache(); forward(REFERER);
\ No newline at end of file diff --git a/actions/admin/site/flush_cache.php b/actions/admin/site/flush_cache.php new file mode 100644 index 000000000..ebb8296c7 --- /dev/null +++ b/actions/admin/site/flush_cache.php @@ -0,0 +1,10 @@ +<?php +/** + * Flush all the caches + */ + +elgg_invalidate_simplecache(); +elgg_reset_system_cache(); + +system_message(elgg_echo('admin:cache:flushed')); +forward(REFERER);
\ No newline at end of file diff --git a/actions/admin/site/regenerate_secret.php b/actions/admin/site/regenerate_secret.php new file mode 100644 index 000000000..3112fb5f3 --- /dev/null +++ b/actions/admin/site/regenerate_secret.php @@ -0,0 +1,11 @@ +<?php +/** + * Generate a new site secret + */ + +init_site_secret(); +elgg_reset_system_cache(); + +system_message(elgg_echo('admin:site:secret_regenerated')); + +forward(REFERER); diff --git a/actions/admin/site/unlock_upgrade.php b/actions/admin/site/unlock_upgrade.php new file mode 100644 index 000000000..b625b1d26 --- /dev/null +++ b/actions/admin/site/unlock_upgrade.php @@ -0,0 +1,10 @@ +<?php +/** + * Unlocks the upgrade script + */ + +if (_elgg_upgrade_is_locked()) { + _elgg_upgrade_unlock(); +} +system_message(elgg_echo('upgrade:unlock:success')); +forward(REFERER); diff --git a/actions/admin/site/update_advanced.php b/actions/admin/site/update_advanced.php index 7d57f78ea..4888b0a8d 100644 --- a/actions/admin/site/update_advanced.php +++ b/actions/admin/site/update_advanced.php @@ -9,16 +9,32 @@ * @subpackage Administration.Site */ -if (datalist_get('default_site')) { - $site = get_entity(datalist_get('default_site')); +if ($site = elgg_get_site_entity()) { if (!($site instanceof ElggSite)) { throw new InstallationException(elgg_echo('InvalidParameterException:NonElggSite')); } - $site->url = get_input('wwwroot'); + $site->url = rtrim(get_input('wwwroot', '', false), '/') . '/'; - datalist_set('path', sanitise_filepath(get_input('path'))); - datalist_set('dataroot', sanitise_filepath(get_input('dataroot'))); + datalist_set('path', sanitise_filepath(get_input('path', '', false))); + $dataroot = sanitise_filepath(get_input('dataroot', '', false)); + + // check for relative paths + if (stripos(PHP_OS, 'win') === 0) { + if (strpos($dataroot, ':') !== 1) { + $msg = elgg_echo('admin:configuration:dataroot:relative_path', array($dataroot)); + register_error($msg); + forward(REFERER); + } + } else { + if (strpos($dataroot, '/') !== 0) { + $msg = elgg_echo('admin:configuration:dataroot:relative_path', array($dataroot)); + register_error($msg); + forward(REFERER); + } + } + + datalist_set('dataroot', $dataroot); if (get_input('simplecache_enabled')) { elgg_enable_simplecache(); @@ -26,10 +42,10 @@ if (datalist_get('default_site')) { elgg_disable_simplecache(); } - if (get_input('viewpath_cache_enabled')) { - elgg_enable_filepath_cache(); + if (get_input('system_cache_enabled')) { + elgg_enable_system_cache(); } else { - elgg_disable_filepath_cache(); + elgg_disable_system_cache(); } set_config('default_access', get_input('default_access', ACCESS_PRIVATE), $site->getGUID()); @@ -37,8 +53,6 @@ if (datalist_get('default_site')) { $user_default_access = (get_input('allow_user_default_access')) ? 1 : 0; set_config('allow_user_default_access', $user_default_access, $site->getGUID()); - set_config('view', get_input('view'), $site->getGUID()); - $debug = get_input('debug'); if ($debug) { set_config('debug', $debug, $site->getGUID()); diff --git a/actions/admin/site/update_basic.php b/actions/admin/site/update_basic.php index c809dc671..9765182cc 100644 --- a/actions/admin/site/update_basic.php +++ b/actions/admin/site/update_basic.php @@ -10,18 +10,18 @@ * @subpackage Administration.Site */ -if (datalist_get('default_site')) { - $site = get_entity(datalist_get('default_site')); +if ($site = elgg_get_site_entity()) { if (!($site instanceof ElggSite)) { throw new InstallationException(elgg_echo('InvalidParameterException:NonElggSite')); } $site->description = get_input('sitedescription'); - $site->name = get_input('sitename'); + $site->name = strip_tags(get_input('sitename')); $site->email = get_input('siteemail'); $site->save(); set_config('language', get_input('language'), $site->getGUID()); } +system_message(elgg_echo('admin:configuration:success')); forward(REFERER);
\ No newline at end of file diff --git a/actions/avatar/crop.php b/actions/avatar/crop.php index 39061fa2c..b9a80f331 100644 --- a/actions/avatar/crop.php +++ b/actions/avatar/crop.php @@ -22,7 +22,14 @@ $filehandler->owner_guid = $owner->getGUID(); $filehandler->setFilename("profile/" . $owner->guid . "master" . ".jpg"); $filename = $filehandler->getFilenameOnFilestore(); +// ensuring the avatar image exists in the first place +if (!file_exists($filename)) { + register_error(elgg_echo('avatar:crop:fail')); + forward(REFERER); +} + $icon_sizes = elgg_get_config('icon_sizes'); +unset($icon_sizes['master']); // get the images and save their file handlers into an array // so we can do clean up if one fails. @@ -45,7 +52,7 @@ foreach ($icon_sizes as $name => $size_info) { $file->delete(); } - system_message(elgg_echo('avatar:resize:fail')); + register_error(elgg_echo('avatar:resize:fail')); forward(REFERER); } } diff --git a/actions/avatar/remove.php b/actions/avatar/remove.php new file mode 100644 index 000000000..9cb40a760 --- /dev/null +++ b/actions/avatar/remove.php @@ -0,0 +1,36 @@ +<?php +/** + * Avatar remove action + */ + +$user_guid = get_input('guid'); +$user = get_user($user_guid); + +if (!$user || !$user->canEdit()) { + register_error(elgg_echo('avatar:remove:fail')); + forward(REFERER); +} + +// Delete all icons from diskspace +$icon_sizes = elgg_get_config('icon_sizes'); +foreach ($icon_sizes as $name => $size_info) { + $file = new ElggFile(); + $file->owner_guid = $user_guid; + $file->setFilename("profile/{$user_guid}{$name}.jpg"); + $filepath = $file->getFilenameOnFilestore(); + if (!$file->delete()) { + elgg_log("Avatar file remove failed. Remove $filepath manually, please.", 'WARNING'); + } +} + +// Remove crop coords +unset($user->x1); +unset($user->x2); +unset($user->y1); +unset($user->y2); + +// Remove icon +unset($user->icontime); + +system_message(elgg_echo('avatar:remove:success')); +forward(REFERER); diff --git a/actions/avatar/upload.php b/actions/avatar/upload.php index 2e8ff98b3..0752615e0 100644 --- a/actions/avatar/upload.php +++ b/actions/avatar/upload.php @@ -44,6 +44,12 @@ foreach ($icon_sizes as $name => $size_info) { } } +// reset crop coordinates +$owner->x1 = 0; +$owner->x2 = 0; +$owner->y1 = 0; +$owner->y2 = 0; + $owner->icontime = time(); if (elgg_trigger_event('profileiconupdate', $owner->type, $owner)) { system_message(elgg_echo("avatar:upload:success")); diff --git a/actions/comments/delete.php b/actions/comments/delete.php index f8458a152..c6b481da4 100644 --- a/actions/comments/delete.php +++ b/actions/comments/delete.php @@ -5,26 +5,14 @@ * @package Elgg */ -// Ensure we're logged in -if (!elgg_is_logged_in()) { - forward(); -} - // Make sure we can get the comment in question $annotation_id = (int) get_input('annotation_id'); -if ($comment = elgg_get_annotation_from_id($annotation_id)) { - - $entity = get_entity($comment->entity_guid); - - if ($comment->canEdit()) { - $comment->delete(); - system_message(elgg_echo("generic_comment:deleted")); - forward($entity->getURL()); - } - +$comment = elgg_get_annotation_from_id($annotation_id); +if ($comment && $comment->canEdit()) { + $comment->delete(); + system_message(elgg_echo("generic_comment:deleted")); } else { - $url = ""; + register_error(elgg_echo("generic_comment:notdeleted")); } -register_error(elgg_echo("generic_comment:notdeleted")); forward(REFERER);
\ No newline at end of file diff --git a/actions/friends/add.php b/actions/friends/add.php index 7d38674c1..d1800ee14 100644 --- a/actions/friends/add.php +++ b/actions/friends/add.php @@ -9,6 +9,10 @@ // Get the GUID of the user to friend $friend_guid = get_input('friend'); $friend = get_entity($friend_guid); +if (!$friend) { + register_error(elgg_echo('error:missing_data')); + forward(REFERER); +} $errors = false; diff --git a/actions/friends/collections/add.php b/actions/friends/collections/add.php index 1e2bc1d5c..e63a149f7 100644 --- a/actions/friends/collections/add.php +++ b/actions/friends/collections/add.php @@ -6,7 +6,7 @@ * @subpackage Friends.Collections */ -$collection_name = get_input('collection_name'); +$collection_name = htmlspecialchars(get_input('collection_name', '', false), ENT_QUOTES, 'UTF-8'); $friends = get_input('friends_collection'); if (!$collection_name) { @@ -20,8 +20,7 @@ if ($id) { $result = update_access_collection($id, $friends); if ($result) { system_message(elgg_echo("friends:collectionadded")); - // go to the collections page - forward("pg/collections/" . get_loggedin_user()->username); + forward("collections/" . elgg_get_logged_in_user_entity()->username); } else { register_error(elgg_echo("friends:nocollectionname")); forward(REFERER); diff --git a/actions/login.php b/actions/login.php index 5934d1423..bd7f91299 100644 --- a/actions/login.php +++ b/actions/login.php @@ -7,9 +7,8 @@ */ // set forward url -if (isset($_SESSION['last_forward_from']) && $_SESSION['last_forward_from']) { +if (!empty($_SESSION['last_forward_from'])) { $forward_url = $_SESSION['last_forward_from']; - unset($_SESSION['last_forward_from']); } elseif (get_input('returntoreferer')) { $forward_url = REFERER; } else { @@ -18,9 +17,9 @@ if (isset($_SESSION['last_forward_from']) && $_SESSION['last_forward_from']) { } $username = get_input('username'); -$password = get_input("password"); -$persistent = get_input("persistent", FALSE); -$result = FALSE; +$password = get_input('password', null, false); +$persistent = (bool) get_input("persistent"); +$result = false; if (empty($username) || empty($password)) { register_error(elgg_echo('login:empty')); @@ -28,8 +27,7 @@ if (empty($username) || empty($password)) { } // check if logging in with email address -// @todo Are usernames with @ not allowed? -if (strpos($username, '@') !== FALSE && ($users = get_user_by_email($username))) { +if (strpos($username, '@') !== false && ($users = get_user_by_email($username))) { $username = $users[0]->username; } @@ -47,10 +45,25 @@ if (!$user) { try { login($user, $persistent); + // re-register at least the core language file for users with language other than site default + register_translations(dirname(dirname(__FILE__)) . "/languages/"); } catch (LoginException $e) { register_error($e->getMessage()); forward(REFERER); } -system_message(elgg_echo('loginok')); +// elgg_echo() caches the language and does not provide a way to change the language. +// @todo we need to use the config object to store this so that the current language +// can be changed. Refs #4171 +if ($user->language) { + $message = elgg_echo('loginok', array(), $user->language); +} else { + $message = elgg_echo('loginok'); +} + +if (isset($_SESSION['last_forward_from'])) { + unset($_SESSION['last_forward_from']); +} + +system_message($message); forward($forward_url); diff --git a/actions/plugins/settings/save.php b/actions/plugins/settings/save.php index e94127f7c..581a2f9ec 100644 --- a/actions/plugins/settings/save.php +++ b/actions/plugins/settings/save.php @@ -3,7 +3,7 @@ * Saves global plugin settings. * * This action can be overriden for a specific plugin by creating the - * settings/<plugin_id>/save action in that plugin. + * <plugin_id>/settings/save action in that plugin. * * @uses array $_REQUEST['params'] A set of key/value pairs to save to the ElggPlugin entity * @uses int $_REQUEST['plugin_id'] The ID of the plugin diff --git a/actions/plugins/usersettings/save.php b/actions/plugins/usersettings/save.php index 71ad2ad7b..f6b8ab0b6 100644 --- a/actions/plugins/usersettings/save.php +++ b/actions/plugins/usersettings/save.php @@ -3,7 +3,7 @@ * Saves user-specific plugin settings. * * This action can be overriden for a specific plugin by creating the - * settings/<plugin_id>/save action in that plugin. + * <plugin_id>/usersettings/save action in that plugin. * * @uses array $_REQUEST['params'] A set of key/value pairs to save to the ElggPlugin entity * @uses int $_REQUEST['plugin_id'] The id of the plugin diff --git a/actions/profile/edit.php b/actions/profile/edit.php index e86053b07..e1f066e82 100644 --- a/actions/profile/edit.php +++ b/actions/profile/edit.php @@ -4,6 +4,8 @@ * */ +elgg_make_sticky_form('profile:edit'); + $guid = get_input('guid'); $owner = get_entity($guid); @@ -25,7 +27,7 @@ if (!is_array($accesslevel)) { * wrapper for recursive array walk decoding */ function profile_array_decoder(&$v) { - $v = html_entity_decode($v, ENT_COMPAT, 'UTF-8'); + $v = _elgg_html_decode($v); } $profile_fields = elgg_get_config('profile_fields'); @@ -37,7 +39,7 @@ foreach ($profile_fields as $shortname => $valuetype) { if (is_array($value)) { array_walk_recursive($value, 'profile_array_decoder'); } else { - $value = html_entity_decode($value, ENT_COMPAT, 'UTF-8'); + $value = _elgg_html_decode($value); } // limit to reasonable sizes @@ -48,10 +50,14 @@ foreach ($profile_fields as $shortname => $valuetype) { forward(REFERER); } + if ($value && $valuetype == 'url' && !preg_match('~^https?\://~i', $value)) { + $value = "http://$value"; + } + if ($valuetype == 'tags') { $value = string_to_tag_array($value); } - + $input[$shortname] = $value; } @@ -62,12 +68,7 @@ if ($name) { register_error(elgg_echo('user:name:fail')); } elseif ($owner->name != $name) { $owner->name = $name; - // @todo this is weird...giving two notifications? - if ($owner->save()) { - system_message(elgg_echo('user:name:success')); - } else { - register_error(elgg_echo('user:name:fail')); - } + $owner->save(); } } @@ -76,24 +77,30 @@ if (sizeof($input) > 0) { foreach ($input as $shortname => $value) { $options = array( 'guid' => $owner->guid, - 'metadata_name' => $shortname + 'metadata_name' => $shortname, + 'limit' => false ); elgg_delete_metadata($options); - if (isset($accesslevel[$shortname])) { - $access_id = (int) $accesslevel[$shortname]; - } else { - // this should never be executed since the access level should always be set - $access_id = ACCESS_DEFAULT; - } - if (is_array($value)) { - $i = 0; - foreach ($value as $interval) { - $i++; - $multiple = ($i > 1) ? TRUE : FALSE; - create_metadata($owner->guid, $shortname, $interval, 'text', $owner->guid, $access_id, $multiple); + + if (!is_null($value) && ($value !== '')) { + // only create metadata for non empty values (0 is allowed) to prevent metadata records with empty string values #4858 + + if (isset($accesslevel[$shortname])) { + $access_id = (int) $accesslevel[$shortname]; + } else { + // this should never be executed since the access level should always be set + $access_id = ACCESS_DEFAULT; + } + if (is_array($value)) { + $i = 0; + foreach ($value as $interval) { + $i++; + $multiple = ($i > 1) ? TRUE : FALSE; + create_metadata($owner->guid, $shortname, $interval, 'text', $owner->guid, $access_id, $multiple); + } + } else { + create_metadata($owner->getGUID(), $shortname, $value, 'text', $owner->getGUID(), $access_id); } - } else { - create_metadata($owner->getGUID(), $shortname, $value, 'text', $owner->getGUID(), $access_id); } } @@ -102,6 +109,7 @@ if (sizeof($input) > 0) { // Notify of profile update elgg_trigger_event('profileupdate', $owner->type, $owner); + elgg_clear_sticky_form('profile:edit'); system_message(elgg_echo("profile:saved")); } diff --git a/actions/profile/fields/add.php b/actions/profile/fields/add.php index b35df1549..fce783092 100644 --- a/actions/profile/fields/add.php +++ b/actions/profile/fields/add.php @@ -2,7 +2,6 @@ /** * Elgg profile plugin edit default profile action * - * @package ElggProfile */ $label = get_input('label'); diff --git a/actions/profile/fields/delete.php b/actions/profile/fields/delete.php index 26ab48cba..9879feb3f 100644 --- a/actions/profile/fields/delete.php +++ b/actions/profile/fields/delete.php @@ -2,7 +2,6 @@ /** * Elgg profile plugin edit default profile action removal * - * @package ElggProfile */ $id = get_input('id'); diff --git a/actions/profile/fields/reorder.php b/actions/profile/fields/reorder.php index dd7a682a6..27c716749 100644 --- a/actions/profile/fields/reorder.php +++ b/actions/profile/fields/reorder.php @@ -2,11 +2,11 @@ /** * Elgg profile plugin reorder fields * - * @package ElggProfile */ $ordering = get_input('fieldorder'); $result = elgg_save_config('profile_custom_fields', $ordering); -exit;
\ No newline at end of file +// called by ajax so we exit +exit; diff --git a/actions/register.php b/actions/register.php index 360b7cb4b..73926232c 100644 --- a/actions/register.php +++ b/actions/register.php @@ -10,8 +10,8 @@ elgg_make_sticky_form('register'); // Get variables $username = get_input('username'); -$password = get_input('password'); -$password2 = get_input('password2'); +$password = get_input('password', null, false); +$password2 = get_input('password2', null, false); $email = get_input('email'); $name = get_input('name'); $friend_guid = (int) get_input('friend_guid', 0); @@ -30,8 +30,6 @@ if (elgg_get_config('allow_registration')) { $guid = register_user($username, $password, $name, $email, false, $friend_guid, $invitecode); if ($guid) { - elgg_clear_sticky_form('register'); - $new_user = get_entity($guid); // allow plugins to respond to self registration @@ -47,13 +45,16 @@ if (elgg_get_config('allow_registration')) { // @todo should registration be allowed no matter what the plugins return? if (!elgg_trigger_plugin_hook('register', 'user', $params, TRUE)) { + $ia = elgg_set_ignore_access(true); $new_user->delete(); + elgg_set_ignore_access($ia); // @todo this is a generic messages. We could have plugins // throw a RegistrationException, but that is very odd // for the plugin hooks system. throw new RegistrationException(elgg_echo('registerbad')); } + elgg_clear_sticky_form('register'); system_message(elgg_echo("registerok", array(elgg_get_site_entity()->name))); // if exception thrown, this probably means there is a validation @@ -76,4 +77,4 @@ if (elgg_get_config('allow_registration')) { register_error(elgg_echo('registerdisabled')); } -forward(REFERER);
\ No newline at end of file +forward(REFERER); diff --git a/actions/river/delete.php b/actions/river/delete.php new file mode 100644 index 000000000..0d8297932 --- /dev/null +++ b/actions/river/delete.php @@ -0,0 +1,21 @@ +<?php +/** + * River item delete action + * + * @package Elgg + * @subpackage Core + */ + +$id = get_input('id', false); + +if ($id !== false && elgg_is_admin_logged_in()) { + if (elgg_delete_river(array('id' => $id))) { + system_message(elgg_echo('river:delete:success')); + } else { + register_error(elgg_echo('river:delete:fail')); + } +} else { + register_error(elgg_echo('river:delete:fail')); +} + +forward(REFERER); diff --git a/actions/user/requestnewpassword.php b/actions/user/requestnewpassword.php index 5dfa24952..f1d4fa43c 100644 --- a/actions/user/requestnewpassword.php +++ b/actions/user/requestnewpassword.php @@ -8,6 +8,11 @@ $username = get_input('username'); +// allow email addresses +if (strpos($username, '@') !== false && ($users = get_user_by_email($username))) { + $username = $users[0]->username; +} + $user = get_user_by_username($username); if ($user) { if (send_new_password_request($user->guid)) { diff --git a/actions/useradd.php b/actions/useradd.php index 3df41af79..17459021b 100644 --- a/actions/useradd.php +++ b/actions/useradd.php @@ -10,8 +10,8 @@ elgg_make_sticky_form('useradd'); // Get variables $username = get_input('username'); -$password = get_input('password'); -$password2 = get_input('password2'); +$password = get_input('password', null, false); +$password2 = get_input('password2', null, false); $email = get_input('email'); $name = get_input('name'); @@ -37,7 +37,7 @@ try { if ($guid) { $new_user = get_entity($guid); - if ($uew_user && $admin && elgg_is_admin_logged_in()) { + if ($new_user && $admin && elgg_is_admin_logged_in()) { $new_user->makeAdmin(); } diff --git a/actions/widgets/add.php b/actions/widgets/add.php index f65d11134..d7b2f291c 100644 --- a/actions/widgets/add.php +++ b/actions/widgets/add.php @@ -9,6 +9,7 @@ $owner_guid = get_input('owner_guid'); $handler = get_input('handler'); $context = get_input('context'); +$show_access = (bool)get_input('show_access', true); $column = get_input('column', 1); $default_widgets = get_input('default_widgets', 0); @@ -29,7 +30,7 @@ if (!empty($owner_guid)) { $widget->move($column, 0); // send widget html for insertion - echo elgg_view_entity($widget); + echo elgg_view_entity($widget, array('show_access' => $show_access)); //system_message(elgg_echo('widgets:add:success')); forward(REFERER); |