diff options
Diffstat (limited to 'engine/lib')
-rw-r--r-- | engine/lib/annotations.php | 2 | ||||
-rw-r--r-- | engine/lib/configuration.php | 4 | ||||
-rw-r--r-- | engine/lib/elgglib.php | 15 | ||||
-rw-r--r-- | engine/lib/entities.php | 9 | ||||
-rw-r--r-- | engine/lib/input.php | 2 | ||||
-rw-r--r-- | engine/lib/install.php | 23 | ||||
-rw-r--r-- | engine/lib/metadata.php | 4 | ||||
-rw-r--r-- | engine/lib/tags.php | 301 | ||||
-rw-r--r-- | engine/lib/users.php | 2 |
9 files changed, 287 insertions, 75 deletions
diff --git a/engine/lib/annotations.php b/engine/lib/annotations.php index b7dc1b9d3..f1cec6cc9 100644 --- a/engine/lib/annotations.php +++ b/engine/lib/annotations.php @@ -623,7 +623,7 @@ function elgg_get_entity_annotation_where_sql($table, $names = NULL, $values = N } if (isset($pair['operand'])) { - $operand = mysql_real_escape_string($pair['operand']); + $operand = sanitise_string($pair['operand']); } else { $operand = ' = '; } diff --git a/engine/lib/configuration.php b/engine/lib/configuration.php index 100b5ac37..7976f8d8b 100644 --- a/engine/lib/configuration.php +++ b/engine/lib/configuration.php @@ -19,7 +19,7 @@ function unset_config($name, $site_guid = 0) { global $CONFIG; - $name = mysql_real_escape_string($name); + $name = sanitise_string($name); $site_guid = (int) $site_guid; if ($site_guid == 0) { $site_guid = (int) $CONFIG->site_id; @@ -66,7 +66,7 @@ function get_config($name, $site_guid = 0) { if (isset($CONFIG->$name)) { return $CONFIG->$name; } - $name = mysql_real_escape_string($name); + $name = sanitise_string($name); $site_guid = (int) $site_guid; if ($site_guid == 0) { $site_guid = (int) $CONFIG->site_id; diff --git a/engine/lib/elgglib.php b/engine/lib/elgglib.php index fb61b7d10..d7548b955 100644 --- a/engine/lib/elgglib.php +++ b/engine/lib/elgglib.php @@ -285,7 +285,7 @@ function elgg_view($view, $vars = array(), $bypass = false, $debug = false, $vie } // log warning - elgg_log($error, 'WARNING'); + elgg_log($error, 'NOTICE'); } } @@ -1372,8 +1372,21 @@ function sanitised() { $save_vars = get_input('db_install_vars'); $result = ""; if ($save_vars) { + $rtn = db_check_settings($save_vars['CONFIG_DBUSER'], + $save_vars['CONFIG_DBPASS'], + $save_vars['CONFIG_DBNAME'], + $save_vars['CONFIG_DBHOST'] ); + if ($rtn == FALSE) { + register_error(elgg_view("messages/sanitisation/dbsettings_error")); + register_error(elgg_view("messages/sanitisation/settings", + array( 'settings.php' => $result, + 'sticky' => $save_vars))); + return FALSE; + } + $result = create_settings($save_vars, dirname(dirname(__FILE__)) . "/settings.example.php"); + if (file_put_contents(dirname(dirname(__FILE__)) . "/settings.php", $result)) { // blank result to stop it being displayed in textarea $result = ""; diff --git a/engine/lib/entities.php b/engine/lib/entities.php index 17bc0aa1e..fd46b062d 100644 --- a/engine/lib/entities.php +++ b/engine/lib/entities.php @@ -1898,9 +1898,14 @@ function elgg_get_entities(array $options = array()) { function get_entities($type = "", $subtype = "", $owner_guid = 0, $order_by = "", $limit = 10, $offset = 0, $count = false, $site_guid = 0, $container_guid = null, $timelower = 0, $timeupper = 0) { elgg_deprecated_notice('get_entities() was deprecated by elgg_get_entities().', 1.7); + // rewrite owner_guid to container_guid to emulate old functionality - $container_guid = $owner_guid; - $owner_guid = NULL; + if ($owner_guid != "") { + if (is_null($container_guid)) { + $container_guid = $owner_guid; + $owner_guid = NULL; + } + } $options = array(); if ($type) { diff --git a/engine/lib/input.php b/engine/lib/input.php index d6f044c90..e21c909fc 100644 --- a/engine/lib/input.php +++ b/engine/lib/input.php @@ -216,7 +216,7 @@ function input_livesearch_page_handler($page) { exit; } - $q = mysql_real_escape_string($q); + $q = sanitise_string($q); // replace mysql vars with escaped strings $q = str_replace(array('_', '%'), array('\_', '\%'), $q); diff --git a/engine/lib/install.php b/engine/lib/install.php index 1b363b950..e2b0c5251 100644 --- a/engine/lib/install.php +++ b/engine/lib/install.php @@ -45,6 +45,29 @@ function validate_platform() { } /** + * Confirm the settings for the database + * + * @param string $user + * @param string $password + * @param string $dbname + * @param string $host + * @return bool + */ +function db_check_settings($user, $password, $dbname, $host) { + $mysql_dblink = mysql_connect($host, $user, $password, true); + if ($mysql_dblink == FALSE) { + return $FALSE; + } + + $result = mysql_select_db($dbname, $mysql_dblink); + + mysql_close($mysql_dblink); + + return $result; +} + + +/** * Returns whether or not the database has been installed * * @return true|false Whether the database has been installed diff --git a/engine/lib/metadata.php b/engine/lib/metadata.php index 2b5ace7a7..a5e8e22e8 100644 --- a/engine/lib/metadata.php +++ b/engine/lib/metadata.php @@ -756,7 +756,7 @@ function elgg_get_entity_metadata_where_sql($table, $names = NULL, $values = NUL } if (isset($pair['operand'])) { - $operand = mysql_real_escape_string($pair['operand']); + $operand = sanitise_string($pair['operand']); } else { $operand = ' = '; } @@ -938,7 +938,7 @@ function list_entities_from_metadata($meta_name, $meta_value = "", $entity_type 'limit' => $limit, 'offset' => $offset, 'count' => TRUE, - 'case_sensitive' => $case_sensitive + 'metadata_case_sensitive' => $case_sensitive ); $count = elgg_get_entities_from_metadata($options); diff --git a/engine/lib/tags.php b/engine/lib/tags.php index c551ba67a..ffc2bebc5 100644 --- a/engine/lib/tags.php +++ b/engine/lib/tags.php @@ -69,8 +69,180 @@ function generate_tag_cloud(array $tags, $buckets = 6) { } /** + * Get popular tags and their frequencies + * + * Supports similar arguments as elgg_get_entities() + * + * @since 1.7.1 + * + * @param array $options Array in format: + * + * threshold => INT minimum tag count + * + * tag_names => array() metadata tag names - must be registered tags + * + * limit => INT number of tags to return + * + * types => NULL|STR entity type (SQL: type = '$type') + * + * subtypes => NULL|STR entity subtype (SQL: subtype = '$subtype') + * + * type_subtype_pairs => NULL|ARR (array('type' => 'subtype')) (SQL: type = '$type' AND subtype = '$subtype') pairs + * + * owner_guids => NULL|INT entity guid + * + * container_guids => NULL|INT container_guid + * + * site_guids => NULL (current_site)|INT site_guid + * + * created_time_lower => NULL|INT Created time lower boundary in epoch time + * + * created_time_upper => NULL|INT Created time upper boundary in epoch time + * + * modified_time_lower => NULL|INT Modified time lower boundary in epoch time + * + * modified_time_upper => NULL|INT Modified time upper boundary in epoch time + * + * wheres => array() Additional where clauses to AND together + * + * joins => array() Additional joins + * + * @return false/array - if no tags or error, false + * otherwise, array of objects with ->tag and ->total values + */ +function elgg_get_tags(array $options = array()) { + global $CONFIG; + + $defaults = array( + 'threshold' => 1, + 'tag_names' => array(), + 'limit' => 10, + + 'types' => ELGG_ENTITIES_ANY_VALUE, + 'subtypes' => ELGG_ENTITIES_ANY_VALUE, + 'type_subtype_pairs' => ELGG_ENTITIES_ANY_VALUE, + + 'owner_guids' => ELGG_ENTITIES_ANY_VALUE, + 'container_guids' => ELGG_ENTITIES_ANY_VALUE, + 'site_guids' => $CONFIG->site_guid, + + 'modified_time_lower' => ELGG_ENTITIES_ANY_VALUE, + 'modified_time_upper' => ELGG_ENTITIES_ANY_VALUE, + 'created_time_lower' => ELGG_ENTITIES_ANY_VALUE, + 'created_time_upper' => ELGG_ENTITIES_ANY_VALUE, + + 'joins' => array(), + 'wheres' => array(), + ); + + + $options = array_merge($defaults, $options); + + $singulars = array('type', 'subtype', 'owner_guid', 'container_guid', 'site_guid'); + $options = elgg_normalise_plural_options_array($options, $singulars); + + + $registered_tags = elgg_get_registered_tag_metadata_names(); + + if (!is_array($options['tag_names'])) { + return false; + } + + // empty array so use all registered tag names + if (count($options['tag_names']) == 0) { + $options['tag_names'] = $registered_tags; + } + + $diff = array_diff($options['tag_names'], $registered_tags); + if (count($diff) > 0) { + elgg_deprecated_notice('Tag metadata names must be registered by elgg_register_tag_metadata_name()', 1.7); + // return false; + } + + + $wheres = $options['wheres']; + + // catch for tags that were spaces + $wheres[] = "msv.string != ''"; + + foreach ($options['tag_names'] as $tag) { + $sanitised_tags[] = '"' . sanitise_string($tag) . '"'; + } + $tags_in = implode(',', $sanitised_tags); + $wheres[] = "(msn.string IN ($tags_in))"; + + $wheres[] = elgg_get_entity_type_subtype_where_sql('e', $options['types'], $options['subtypes'], $options['type_subtype_pairs']); + $wheres[] = elgg_get_entity_site_where_sql('e', $options['site_guids']); + $wheres[] = elgg_get_entity_owner_where_sql('e', $options['owner_guids']); + $wheres[] = elgg_get_entity_container_where_sql('e', $options['container_guids']); + $wheres[] = elgg_get_entity_time_where_sql('e', $options['created_time_upper'], + $options['created_time_lower'], $options['modified_time_upper'], $options['modified_time_lower']); + + // remove identical where clauses + $wheres = array_unique($wheres); + + // see if any functions failed + // remove empty strings on successful functions + foreach ($wheres as $i => $where) { + if ($where === FALSE) { + return FALSE; + } elseif (empty($where)) { + unset($wheres[$i]); + } + } + + + $joins = $options['joins']; + + $joins[] = "JOIN {$CONFIG->dbprefix}metadata md on md.entity_guid = e.guid"; + $joins[] = "JOIN {$CONFIG->dbprefix}metastrings msv on msv.id = md.value_id"; + $joins[] = "JOIN {$CONFIG->dbprefix}metastrings msn on md.name_id = msn.id"; + + // remove identical join clauses + $joins = array_unique($joins); + + foreach ($joins as $i => $join) { + if ($join === FALSE) { + return FALSE; + } elseif (empty($join)) { + unset($joins[$i]); + } + } + + + $query = "SELECT msv.string as tag, count(msv.id) as total "; + $query .= "FROM {$CONFIG->dbprefix}entities e "; + + // add joins + foreach ($joins as $j) { + $query .= " $j "; + } + + // add wheres + $query .= ' WHERE '; + + foreach ($wheres as $w) { + $query .= " $w AND "; + } + + // Add access controls + $query .= get_access_sql_suffix('e'); + + $threshold = sanitise_int($options['threshold']); + $query .= " GROUP BY msv.string HAVING total > {$threshold} "; + $query .= " ORDER BY total DESC "; + + $limit = sanitise_int($options['limit']); + $query .= " LIMIT {$limit} "; + + return get_data($query); +} + +/** * Get an array of tags with weights for use with the output/tagcloud view. * + * @deprecated 1.7.1 Use elgg_get_tags(). + * * @param int $threshold Get the threshold of minimum number of each tags to bother with (ie only show tags where there are more than $threshold occurances) * @param int $limit Number of tags to return * @param string $metadata_name Optionally, the name of the field you want to grab for @@ -84,89 +256,91 @@ function generate_tag_cloud(array $tags, $buckets = 6) { */ function get_tags($threshold = 1, $limit = 10, $metadata_name = "", $entity_type = "object", $entity_subtype = "", $owner_guid = "", $site_guid = -1, $start_ts = "", $end_ts = "") { - global $CONFIG; - $threshold = (int) $threshold; - $limit = (int) $limit; + elgg_deprecated_notice('get_tags() has been replaced by elgg_get_tags()', 1.7); - $registered_tags = elgg_get_registered_tag_metadata_names(); - if (!in_array($metadata_name, $registered_tags)) { - elgg_deprecated_notice('Tag metadata names must be registered by elgg_register_tag_metadata_name()', 1.7); + if (is_array($metadata_name)) { + return false; } - if (!empty($metadata_name)) { - $metadata_name = (int) get_metastring_id($metadata_name); - // test if any metadata with that name - if (!$metadata_name) { - return false; // no matches so short circuit - } + $options = array(); + if ($metadata_name === '') { + $options['tag_names'] = array(); } else { - $metadata_name = 0; - } - $entity_subtype = get_subtype_id($entity_type, $entity_subtype); - $entity_type = sanitise_string($entity_type); - - if ($owner_guid != "") { - if (is_array($owner_guid)) { - foreach($owner_guid as $key => $val) { - $owner_guid[$key] = (int) $val; - } - } else { - $owner_guid = (int) $owner_guid; - } + $options['tag_names'] = array($metadata_name); } - if ($site_guid < 0) { - $site_guid = $CONFIG->site_id; - } + $options['threshold'] = $threshold; + $options['limit'] = $limit; - $query = "SELECT msvalue.string as tag, count(msvalue.id) as total "; - $query .= "FROM {$CONFIG->dbprefix}entities e join {$CONFIG->dbprefix}metadata md on md.entity_guid = e.guid "; - if ($entity_subtype > 0) { - $query .= " join {$CONFIG->dbprefix}entity_subtypes subtype on subtype.id = e.subtype "; + // rewrite owner_guid to container_guid to emulate old functionality + $container_guid = $owner_guid; + if ($container_guid) { + $options['container_guids'] = $container_guid; } - $query .= " join {$CONFIG->dbprefix}metastrings msvalue on msvalue.id = md.value_id "; - - $query .= " where msvalue.string != '' "; - if ($metadata_name > 0) { - $query .= " and md.name_id = {$metadata_name} "; - } - if ($site_guid > 0) { - $query .= " and e.site_guid = {$site_guid} "; + if ($entity_type) { + $options['type'] = $entity_type; } - if ($entity_subtype > 0) { - $query .= " and e.subtype = {$entity_subtype} "; + + if ($entity_subtype) { + $options['subtype'] = $entity_subtype; } - if ($entity_type != "") { - $query .= " and e.type = '{$entity_type}' "; + + if ($site_guid != -1) { + $options['site_guids'] = $site_guid; } - if (is_array($owner_guid)) { - $query .= " and e.container_guid in (".implode(",",$owner_guid).")"; - } else if (is_int($owner_guid)) { - $query .= " and e.container_guid = {$owner_guid} "; + + if ($end_ts) { + $options['time_upper'] = $end_ts; } + if ($start_ts) { - $start_ts = (int)$start_ts; - $query .= " and e.time_created>=$start_ts"; + $options['time_lower'] = $start_ts; } - if ($end_ts) { - $end_ts = (int)$end_ts; - $query .= " and e.time_created<=$end_ts"; - } + $r = elgg_get_tags($options); + return $r; +} - // Add access controls - $query .= ' and ' . get_access_sql_suffix("e"); +/** + * Returns viewable tagcloud + * + * @since 1.7.1 + * + * @see elgg_get_tags + * + * @param array $options Any elgg_get_tags() options except: + * + * type => must be single entity type + * + * subtype => must be single entity subtype + * + * @return string + * + */ +function elgg_view_tagcloud(array $options = array()) { - $query .= " group by msvalue.string having total > {$threshold} order by total desc limit {$limit} "; + $type = $subtype = ''; + if (isset($options['type'])) { + $type = $options['type']; + } + if (isset($options['subtype'])) { + $subtype = $options['subtype']; + } + + $tag_data = elgg_get_tags($options); + return elgg_view("output/tagcloud",array('value' => $tag_data, + 'type' => $type, + 'subtype' => $subtype)); - return get_data($query); } /** * Loads and displays a tagcloud given particular criteria. * + * @deprecated 1.7.1 use elgg_view_tagcloud() + * * @param int $threshold Get the threshold of minimum number of each tags to bother with (ie only show tags where there are more than $threshold occurances) * @param int $limit Number of tags to return * @param string $metadata_name Optionally, the name of the field you want to grab for @@ -176,18 +350,15 @@ function get_tags($threshold = 1, $limit = 10, $metadata_name = "", $entity_type * @param int $site_guid Optionally, the site to restrict to (default is the current site) * @param int $start_ts Optionally specify a start timestamp for tags used to generate cloud. * @param int $ent_ts Optionally specify an end timestamp for tags used to generate cloud. - * @return string THe HTML (or other, depending on view type) of the tagcloud. + * @return string The HTML (or other, depending on view type) of the tagcloud. */ function display_tagcloud($threshold = 1, $limit = 10, $metadata_name = "", $entity_type = "object", $entity_subtype = "", $owner_guid = "", $site_guid = -1, $start_ts = "", $end_ts = "") { - $registered_tags = elgg_get_registered_tag_metadata_names(); - if (!in_array($metadata_name, $registered_tags)) { - elgg_deprecated_notice('Tag metadata names must be registered by elgg_register_tag_metadata_name()', 1.7); - } - + elgg_deprecated_notice('display_cloud() was deprecated by elgg_view_tagcloud()!', 1.7); + return elgg_view("output/tagcloud",array('value' => get_tags($threshold, $limit, $metadata_name, $entity_type, $entity_subtype, $owner_guid, $site_guid, $start_ts, $end_ts), - 'object' => $entity_type, + 'type' => $entity_type, 'subtype' => $entity_subtype)); } diff --git a/engine/lib/users.php b/engine/lib/users.php index 46ccd8dc3..45c281d23 100644 --- a/engine/lib/users.php +++ b/engine/lib/users.php @@ -1355,7 +1355,7 @@ function register_user($username, $password, $name, $email, $allow_multiple_emai $username = trim($username); // no need to trim password. $password = $password; - $name = trim($name); + $name = trim(strip_tags($name)); $email = trim($email); // A little sanity checking |