aboutsummaryrefslogtreecommitdiff
path: root/engine/lib
diff options
context:
space:
mode:
Diffstat (limited to 'engine/lib')
-rw-r--r--engine/lib/actions.php2
-rw-r--r--engine/lib/api.php6
-rw-r--r--engine/lib/elgglib.php39
-rw-r--r--engine/lib/notification.php72
-rw-r--r--engine/lib/river2.php6
5 files changed, 107 insertions, 18 deletions
diff --git a/engine/lib/actions.php b/engine/lib/actions.php
index 304179828..66c2d9505 100644
--- a/engine/lib/actions.php
+++ b/engine/lib/actions.php
@@ -54,7 +54,7 @@ function action($action, $forwarder = "") {
if (isset($CONFIG->actions[$action])) {
if ((isadminloggedin()) || (!$CONFIG->actions[$action]['admin'])) {
- if ($CONFIG->actions[$action]['public'] || $_SESSION['id'] != -1) {
+ if ($CONFIG->actions[$action]['public'] || get_loggedin_userid()) {
// Trigger action event TODO: This is only called before the primary action is called. We need to rethink actions for 1.5
$event_result = true;
diff --git a/engine/lib/api.php b/engine/lib/api.php
index 6b773138e..6707a7418 100644
--- a/engine/lib/api.php
+++ b/engine/lib/api.php
@@ -423,9 +423,11 @@ function authenticate_method($method) {
}
}
- // check user authentication if required
+ $user_auth_result = pam_authenticate();
+
+ // check if user authentication is required
if ($API_METHODS[$method]["require_user_auth"] == true) {
- if (pam_authenticate() == false) {
+ if ($user_auth_result == false) {
throw new APIException(elgg_echo('APIException:UserAuthenticationFailed'));
}
}
diff --git a/engine/lib/elgglib.php b/engine/lib/elgglib.php
index 78761c739..f6aae2b97 100644
--- a/engine/lib/elgglib.php
+++ b/engine/lib/elgglib.php
@@ -29,8 +29,15 @@ function forward($location = "") {
$location = $CONFIG->url . $location;
}
- header("Location: {$location}");
- exit;
+ // return new forward location or false to stop the forward or empty string to exit
+ $params = array('current_url' => $current_page, 'forward_url' => $location);
+ $location = trigger_plugin_hook('forward', 'system', $params, $location);
+ if ($location) {
+ header("Location: {$location}");
+ exit;
+ } else if ($location === '') {
+ exit;
+ }
}
return false;
@@ -568,7 +575,7 @@ function elgg_get_views($dir, $base) {
}
/**
- * @deprecated 1.7. Use elgg_extend_view().
+ * @deprecated 1.7. Use elgg_get_views().
* @param $dir
* @param $base
*/
@@ -1301,14 +1308,18 @@ function set_template_handler($function_name) {
}
/**
- * Extends a view by adding other views to be displayed at the same time.
+ * Extends a view.
*
- * @param string $view The view to add to.
- * @param string $view_name The name of the view to extend
- * @param int $priority The priority, from 0 to 1000, to add at (lowest numbers will be displayed first)
+ * The addititional views are displayed before or after the primary view.
+ * Priorities less than 500 are displayed before the primary view and
+ * greater than 500 after. The default priority is 501.
+ *
+ * @param string $view The view to extend.
+ * @param string $view_extension This view is added to $view
+ * @param int $priority The priority, from 0 to 1000, to add at (lowest numbers displayed first)
* @param string $viewtype Not used
*/
-function elgg_extend_view($view, $view_name, $priority = 501, $viewtype = '') {
+function elgg_extend_view($view, $view_extension, $priority = 501, $viewtype = '') {
global $CONFIG;
if (!isset($CONFIG->views)) {
@@ -1327,7 +1338,7 @@ function elgg_extend_view($view, $view_name, $priority = 501, $viewtype = '') {
$priority++;
}
- $CONFIG->views->extensions[$view][$priority] = "{$view_name}";
+ $CONFIG->views->extensions[$view][$priority] = "{$view_extension}";
ksort($CONFIG->views->extensions[$view]);
}
@@ -1482,23 +1493,25 @@ function get_library_files($directory, $exceptions = array(), $list = array()) {
* @param array $exceptions Array of filenames to ignore
* @param array $list Array of files to append to
* @param mixed $extensions Array of extensions to allow, NULL for all. (With a dot: array('.php'))
- * @return array
+ * @return array of filenames including $directory
*/
function elgg_get_file_list($directory, $exceptions = array(), $list = array(), $extensions = NULL) {
+ $directory = sanitise_filepath($directory);
if ($handle = opendir($directory)) {
while (($file = readdir($handle)) !== FALSE) {
- if (!is_file($file) || in_array($file, $exceptions)) {
+ if (!is_file($directory . $file) || in_array($file, $exceptions)) {
continue;
}
if (is_array($extensions)) {
if (in_array(strrchr($file, '.'), $extensions)) {
- $list[] = $directory . "/" . $file;
+ $list[] = $directory . $file;
}
} else {
- $list[] = $directory . "/" . $file;
+ $list[] = $directory . $file;
}
}
+ closedir($handle);
}
return $list;
diff --git a/engine/lib/notification.php b/engine/lib/notification.php
index 024881e0f..58e2a10f6 100644
--- a/engine/lib/notification.php
+++ b/engine/lib/notification.php
@@ -309,6 +309,78 @@ function email_notify_handler(ElggEntity $from, ElggUser $to, $subject, $message
}
/**
+ * Send an email to any email address
+ *
+ * @param string $from Email address or string: "name <email>"
+ * @param string $to Email address or string: "name <email>"
+ * @param string $subject The subject of the message
+ * @param string $body The message body
+ * @param array $params Optional parameters (none used in this function)
+ * @return bool
+ */
+function elgg_send_email($from, $to, $subject, $body, array $params = NULL) {
+ global $CONFIG;
+
+ if (!$from) {
+ throw new NotificationException(sprintf(elgg_echo('NotificationException:NoEmailAddress'), 'from'));
+ }
+
+ if (!$to) {
+ throw new NotificationException(sprintf(elgg_echo('NotificationException:NoEmailAddress'), 'to'));
+ }
+
+ // return TRUE/FALSE to stop elgg_send_email() from sending
+ $mail_params = array( 'to' => $to,
+ 'from' => $from,
+ 'subject' => $subject,
+ 'body' => $body,
+ 'params' => $params);
+ $result = trigger_plugin_hook('email', 'system', $mail_params, NULL);
+ if ($result !== NULL) {
+ return $result;
+ }
+
+ $header_eol = "\r\n";
+ if (isset($CONFIG->broken_mta) && $CONFIG->broken_mta) {
+ // Allow non-RFC 2822 mail headers to support some broken MTAs
+ $header_eol = "\n";
+ }
+
+ // Windows is somewhat broken, so we use just address for to and from
+ if (strtolower(substr(PHP_OS, 0 , 3)) == 'win') {
+ // strip name from to and from
+ if (strpos($to, '<')) {
+ preg_match('/<(.*)>/', $to, $matches);
+ $to = $matches[1];
+ }
+ if (strpos($from, '<')) {
+ preg_match('/<(.*)>/', $from, $matches);
+ $from = $matches[1];
+ }
+ }
+
+ $headers = "From: $from{$header_eol}"
+ . "Content-Type: text/plain; charset=UTF-8; format=flowed{$header_eol}"
+ . "MIME-Version: 1.0{$header_eol}"
+ . "Content-Transfer-Encoding: 8bit{$header_eol}";
+
+
+ // Sanitise subject by stripping line endings
+ $subject = preg_replace("/(\r\n|\r|\n)/", " ", $subject);
+ if (is_callable('mb_encode_mimeheader')) {
+ $subject = mb_encode_mimeheader($subject,"UTF-8", "B");
+ }
+
+ // Format message
+ $message = html_entity_decode($body, ENT_COMPAT, 'UTF-8'); // Decode any html entities
+ $message = strip_tags($body); // Strip tags from message
+ $message = preg_replace("/(\r\n|\r)/", "\n", $body); // Convert to unix line endings in body
+ $message = preg_replace("/^From/", ">From", $body); // Change lines starting with From to >From
+
+ return mail($to, $subject, wordwrap($body), $headers);
+}
+
+/**
* Correctly initialise notifications and register the email handler.
*
*/
diff --git a/engine/lib/river2.php b/engine/lib/river2.php
index 8e015ea0d..8fb20ac40 100644
--- a/engine/lib/river2.php
+++ b/engine/lib/river2.php
@@ -374,8 +374,10 @@ function elgg_get_river_items($subject_guid = 0, $object_guid = 0, $subject_rela
function elgg_view_river_item($item) {
if (isset($item->view)) {
$object = get_entity($item->object_guid);
- if (!$object) {
- $body = elgg_view('river/item/noaccess');
+ $subject = get_entity($item->subject_guid);
+ if (!$object || !$subject) {
+ // probably means an entity is disabled
+ return false;
} else {
if (elgg_view_exists($item->view)) {
$body = elgg_view($item->view,array(