aboutsummaryrefslogtreecommitdiff
path: root/engine/lib
diff options
context:
space:
mode:
Diffstat (limited to 'engine/lib')
-rw-r--r--engine/lib/access.php33
-rw-r--r--engine/lib/annotations.php6
-rw-r--r--engine/lib/elgglib.php28
-rw-r--r--engine/lib/languages.php2
-rw-r--r--engine/lib/metadata.php11
-rw-r--r--engine/lib/metastrings.php19
-rw-r--r--engine/lib/plugins.php9
-rw-r--r--engine/lib/relationships.php2
-rw-r--r--engine/lib/sessions.php4
-rw-r--r--engine/lib/users.php6
-rw-r--r--engine/lib/views.php5
-rw-r--r--engine/lib/web_services.php2
12 files changed, 90 insertions, 37 deletions
diff --git a/engine/lib/access.php b/engine/lib/access.php
index 6be252c6a..e8b3b0d52 100644
--- a/engine/lib/access.php
+++ b/engine/lib/access.php
@@ -31,7 +31,7 @@ function get_access_list($user_id = 0, $site_id = 0, $flush = false) {
global $CONFIG, $init_finished;
static $access_list;
- if (!isset($access_list) || !$init_finished) {
+ if (!isset($access_list)) {
$access_list = array();
}
@@ -49,9 +49,16 @@ function get_access_list($user_id = 0, $site_id = 0, $flush = false) {
return $access_list[$user_id];
}
- $access_list[$user_id] = "(" . implode(",", get_access_array($user_id, $site_id, $flush)) . ")";
+ $access = "(" . implode(",", get_access_array($user_id, $site_id, $flush)) . ")";
- return $access_list[$user_id];
+ // only cache if done with init and access is enabled (unless admin user)
+ // session is loaded before init is finished, so don't need to check for user session
+ if ($init_finished && (elgg_is_admin_logged_in() || !elgg_get_ignore_access())) {
+ $access_list[$user_id] = $access;
+ return $access_list[$user_id];
+ } else {
+ return $access;
+ }
}
/**
@@ -83,7 +90,7 @@ function get_access_array($user_id = 0, $site_id = 0, $flush = false) {
// this cache might be redundant. But db cache is flushed on every db write.
static $access_array;
- if (!isset($access_array) || (!isset($init_finished)) || (!$init_finished)) {
+ if (!isset($access_array)) {
$access_array = array();
}
@@ -137,12 +144,12 @@ function get_access_array($user_id = 0, $site_id = 0, $flush = false) {
$tmp_access_array[] = ACCESS_PRIVATE;
}
- $access_array[$user_id] = $tmp_access_array;
- } else {
- // No user id logged in so we can only access public info
- $tmp_return = $tmp_access_array;
+ // only cache if done with init and access is enabled (unless admin user)
+ // session is loaded before init is finished, so don't need to check for user session
+ if ($init_finished && (elgg_is_admin_logged_in() || !elgg_get_ignore_access())) {
+ $access_array[$user_id] = $tmp_access_array;
+ }
}
-
} else {
$tmp_access_array = $access_array[$user_id];
}
@@ -946,7 +953,8 @@ function elgg_get_access_object() {
*
* @global bool $init_finished
* @access private
- * @todo investigate why this is needed
+ * @todo This is required to tell the access system to start caching because
+ * calls are made while in ignore access mode and before the user is logged in.
*/
$init_finished = false;
@@ -1014,8 +1022,9 @@ function access_test($hook, $type, $value, $params) {
return $value;
}
-// This function will let us know when 'init' has finished
-elgg_register_event_handler('init', 'system', 'access_init', 9999);
+// Tell the access functions the system has booted, plugins are loaded,
+// and the user is logged in so it can start caching
+elgg_register_event_handler('ready', 'system', 'access_init');
// For overrided permissions
elgg_register_plugin_hook_handler('permissions_check', 'all', 'elgg_override_permissions');
diff --git a/engine/lib/annotations.php b/engine/lib/annotations.php
index f32dee0f0..2036ccd61 100644
--- a/engine/lib/annotations.php
+++ b/engine/lib/annotations.php
@@ -95,8 +95,6 @@ $owner_guid = 0, $access_id = ACCESS_PRIVATE) {
$entity = get_entity($entity_guid);
if (elgg_trigger_event('annotate', $entity->type, $entity)) {
- system_log($entity, 'annotate');
-
// If ok then add it
$result = insert_data("INSERT into {$CONFIG->dbprefix}annotations
(entity_guid, name_id, value_id, value_type, owner_guid, time_created, access_id) VALUES
@@ -222,7 +220,7 @@ function elgg_delete_annotations(array $options) {
}
$options['metastring_type'] = 'annotations';
- return elgg_batch_metastring_based_objects($options, 'elgg_batch_delete_callback');
+ return elgg_batch_metastring_based_objects($options, 'elgg_batch_delete_callback', false);
}
/**
@@ -240,7 +238,7 @@ function elgg_disable_annotations(array $options) {
}
$options['metastring_type'] = 'annotations';
- return elgg_batch_metastring_based_objects($options, 'elgg_batch_disable_callback');
+ return elgg_batch_metastring_based_objects($options, 'elgg_batch_disable_callback', false);
}
/**
diff --git a/engine/lib/elgglib.php b/engine/lib/elgglib.php
index 11bdc7285..b55958a6c 100644
--- a/engine/lib/elgglib.php
+++ b/engine/lib/elgglib.php
@@ -2021,8 +2021,14 @@ function elgg_walled_garden_index() {
elgg_load_css('elgg.walled_garden');
elgg_load_js('elgg.walled_garden');
- $body = elgg_view('core/walled_garden/body');
+ $content = elgg_view('core/walled_garden/login');
+ $params = array(
+ 'content' => $content,
+ 'class' => 'elgg-walledgarden-double',
+ 'id' => 'elgg-walledgarden-login',
+ );
+ $body = elgg_view_layout('walled_garden', $params);
echo elgg_view_page('', $body, 'walled_garden');
// return true to prevent other plugins from adding a front page
@@ -2030,6 +2036,24 @@ function elgg_walled_garden_index() {
}
/**
+ * Serve walled garden sections
+ *
+ * @param array $page Array of URL segments
+ * @return string
+ * @access private
+ */
+function _elgg_walled_garden_ajax_handler($page) {
+ $view = $page[0];
+ $params = array(
+ 'content' => elgg_view("core/walled_garden/$view"),
+ 'class' => 'elgg-walledgarden-single hidden',
+ 'id' => str_replace('_', '-', "elgg-walledgarden-$view"),
+ );
+ echo elgg_view_layout('walled_garden', $params);
+ return true;
+}
+
+/**
* Checks the status of the Walled Garden and forwards to a login page
* if required.
*
@@ -2049,6 +2073,8 @@ function elgg_walled_garden() {
elgg_register_css('elgg.walled_garden', '/css/walled_garden.css');
elgg_register_js('elgg.walled_garden', '/js/walled_garden.js');
+ elgg_register_page_handler('walled_garden', '_elgg_walled_garden_ajax_handler');
+
// check for external page view
if (isset($CONFIG->site) && $CONFIG->site instanceof ElggSite) {
$CONFIG->site->checkWalledGarden();
diff --git a/engine/lib/languages.php b/engine/lib/languages.php
index bf6829a39..7a508d298 100644
--- a/engine/lib/languages.php
+++ b/engine/lib/languages.php
@@ -344,7 +344,7 @@ function get_missing_language_keys($language) {
*/
function elgg_languages_init() {
$lang = get_current_language();
- elgg_register_simplecache_view("cache/js/languages/$lang");
+ elgg_register_simplecache_view("js/languages/$lang");
}
elgg_register_event_handler('init', 'system', 'elgg_languages_init');
diff --git a/engine/lib/metadata.php b/engine/lib/metadata.php
index 34a36d86e..0ff3a43dc 100644
--- a/engine/lib/metadata.php
+++ b/engine/lib/metadata.php
@@ -297,6 +297,8 @@ function elgg_get_metadata(array $options = array()) {
* This requires at least one constraint: metadata_owner_guid(s),
* metadata_name(s), metadata_value(s), or guid(s) must be set.
*
+ * @warning This returns null on no ops.
+ *
* @param array $options An options array. {@see elgg_get_metadata()}
* @return mixed Null if the metadata name is invalid. Bool on success or fail.
* @since 1.8.0
@@ -307,8 +309,7 @@ function elgg_delete_metadata(array $options) {
}
$options['metastring_type'] = 'metadata';
- $result = elgg_batch_metastring_based_objects($options, 'elgg_batch_delete_callback');
- return $result;
+ return elgg_batch_metastring_based_objects($options, 'elgg_batch_delete_callback', false);
}
/**
@@ -316,6 +317,8 @@ function elgg_delete_metadata(array $options) {
*
* @warning Unlike elgg_get_metadata() this will not accept an empty options array!
*
+ * @warning This returns null on no ops.
+ *
* @param array $options An options array. {@See elgg_get_metadata()}
* @return mixed
* @since 1.8.0
@@ -326,7 +329,7 @@ function elgg_disable_metadata(array $options) {
}
$options['metastring_type'] = 'metadata';
- return elgg_batch_metastring_based_objects($options, 'elgg_batch_disable_callback');
+ return elgg_batch_metastring_based_objects($options, 'elgg_batch_disable_callback', false);
}
/**
@@ -334,6 +337,8 @@ function elgg_disable_metadata(array $options) {
*
* @warning Unlike elgg_get_metadata() this will not accept an empty options array!
*
+ * @warning This returns null on no ops.
+ *
* @param array $options An options array. {@See elgg_get_metadata()}
* @return mixed
* @since 1.8.0
diff --git a/engine/lib/metastrings.php b/engine/lib/metastrings.php
index d7cc4e0bc..cf6dd4d98 100644
--- a/engine/lib/metastrings.php
+++ b/engine/lib/metastrings.php
@@ -716,22 +716,23 @@ function elgg_set_metastring_based_object_enabled_by_id($id, $enabled, $type) {
* @warning Unlike elgg_get_metastring_based_objects() this will not accept an
* empty options array!
*
- * @param array $options An options array. {@See elgg_get_metastring_based_objects()}
- * @param string $callback The callback to pass each result through
- * @return mixed
+ * @warning This returns null on no ops.
+ *
+ * @param array $options An options array. {@See elgg_get_metastring_based_objects()}
+ * @param string $callback The callback to pass each result through
+ * @param bool $inc_offset Increment the offset? Pass false for callbacks that delete / disable
+ *
+ * @return bool|null true on success, false on failure, null if no objects are found.
* @since 1.8.0
* @access private
*/
-function elgg_batch_metastring_based_objects(array $options, $callback) {
+function elgg_batch_metastring_based_objects(array $options, $callback, $inc_offset = true) {
if (!$options || !is_array($options)) {
return false;
}
- // @todo restore once ElggBatch supports callbacks that delete rows.
- $batch = new ElggBatch('elgg_get_metastring_based_objects', $options, $callback, 50, false);
- $r = $batch->callbackResult;
-
- return $r;
+ $batch = new ElggBatch('elgg_get_metastring_based_objects', $options, $callback, 50, $inc_offset);
+ return $batch->callbackResult;
}
/**
diff --git a/engine/lib/plugins.php b/engine/lib/plugins.php
index 123fb18d8..39a76db5d 100644
--- a/engine/lib/plugins.php
+++ b/engine/lib/plugins.php
@@ -93,10 +93,13 @@ function elgg_get_plugin_ids_in_dir($dir = null) {
function elgg_generate_plugin_entities() {
$site = get_config('site');
$dir = elgg_get_plugins_path();
+ $db_prefix = elgg_get_config('dbprefix');
$options = array(
'type' => 'object',
'subtype' => 'plugin',
+ 'selects' => array('plugin_oe.*'),
+ 'joins' => array("JOIN {$db_prefix}objects_entity plugin_oe on plugin_oe.guid = e.guid"),
'limit' => ELGG_ENTITIES_NO_VALUE
);
@@ -352,7 +355,11 @@ function elgg_get_plugins($status = 'active', $site_guid = null) {
'type' => 'object',
'subtype' => 'plugin',
'limit' => ELGG_ENTITIES_NO_VALUE,
- 'joins' => array("JOIN {$db_prefix}private_settings ps on ps.entity_guid = e.guid"),
+ 'selects' => array('plugin_oe.*'),
+ 'joins' => array(
+ "JOIN {$db_prefix}private_settings ps on ps.entity_guid = e.guid",
+ "JOIN {$db_prefix}objects_entity plugin_oe on plugin_oe.guid = e.guid"
+ ),
'wheres' => array("ps.name = '$priority'"),
'order_by' => "CAST(ps.value as unsigned), e.guid"
);
diff --git a/engine/lib/relationships.php b/engine/lib/relationships.php
index fabe2d2d6..f50c4a485 100644
--- a/engine/lib/relationships.php
+++ b/engine/lib/relationships.php
@@ -290,7 +290,7 @@ function elgg_get_entities_from_relationship($options) {
$options['selects'] = array();
}
- $select = array('r.*');
+ $select = array('r.id');
$options['selects'] = array_merge($options['selects'], $select);
}
diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php
index 9982d9fe8..419d36707 100644
--- a/engine/lib/sessions.php
+++ b/engine/lib/sessions.php
@@ -127,6 +127,10 @@ function elgg_is_admin_user($user_guid) {
/**
* Perform user authentication with a given username and password.
*
+ * @warning This returns an error message on failure. Use the identical operator to check
+ * for access: if (true === elgg_authenticate()) { ... }.
+ *
+ *
* @see login
*
* @param string $username The username
diff --git a/engine/lib/users.php b/engine/lib/users.php
index f1d42e25e..e209f2c38 100644
--- a/engine/lib/users.php
+++ b/engine/lib/users.php
@@ -969,8 +969,8 @@ $allow_multiple_emails = false, $friend_guid = 0, $invitecode = '') {
$friend_user->addFriend($user->guid);
// @todo Should this be in addFriend?
- add_to_river('friends/river/create', 'friend', $user->getGUID(), $friend_guid);
- add_to_river('friends/river/create', 'friend', $friend_guid, $user->getGUID());
+ add_to_river('river/relationship/friend/create', 'friend', $user->getGUID(), $friend_guid);
+ add_to_river('river/relationship/friend/create', 'friend', $friend_guid, $user->getGUID());
}
}
}
@@ -1551,7 +1551,7 @@ function users_init() {
elgg_register_plugin_hook_handler('register', 'menu:user_hover', 'elgg_user_hover_menu');
elgg_register_action('register', '', 'public');
- elgg_register_action('useradd', '', 'public');
+ elgg_register_action('useradd', '', 'admin');
elgg_register_action('friends/add');
elgg_register_action('friends/remove');
elgg_register_action('avatar/upload');
diff --git a/engine/lib/views.php b/engine/lib/views.php
index ca0ce7196..1b013be6f 100644
--- a/engine/lib/views.php
+++ b/engine/lib/views.php
@@ -103,7 +103,10 @@ function elgg_get_viewtype() {
$viewtype = get_input('view', NULL);
if ($viewtype) {
- return $viewtype;
+ // only word characters allowed.
+ if (!preg_match('[\W]', $viewtype)) {
+ return $viewtype;
+ }
}
if (isset($CONFIG->view) && !empty($CONFIG->view)) {
diff --git a/engine/lib/web_services.php b/engine/lib/web_services.php
index 07be76ec6..da3ed76a9 100644
--- a/engine/lib/web_services.php
+++ b/engine/lib/web_services.php
@@ -1165,7 +1165,7 @@ function list_all_apis() {
* @access private
*/
function auth_gettoken($username, $password) {
- if (elgg_authenticate($username, $password)) {
+ if (true === elgg_authenticate($username, $password)) {
$token = create_user_token($username);
if ($token) {
return $token;