aboutsummaryrefslogtreecommitdiff
path: root/engine/lib
diff options
context:
space:
mode:
Diffstat (limited to 'engine/lib')
-rw-r--r--engine/lib/input.php5
-rw-r--r--engine/lib/navigation.php17
-rw-r--r--engine/lib/river.php8
-rw-r--r--engine/lib/users.php5
-rw-r--r--engine/lib/views.php9
5 files changed, 33 insertions, 11 deletions
diff --git a/engine/lib/input.php b/engine/lib/input.php
index 84752bc7d..56ec214dc 100644
--- a/engine/lib/input.php
+++ b/engine/lib/input.php
@@ -10,8 +10,13 @@
/**
* Get some input from variables passed on the GET or POST line.
*
+ * If using any data obtained from get_input() in a web page, please be aware that
+ * it is a possible vector for a reflected XSS attack. If you are expecting an
+ * integer, cast it to an int. If it is a string, escape quotes.
+ *
* Note: this function does not handle nested arrays (ex: form input of param[m][n])
* because of the filtering done in htmlawed from the filter_tags call.
+ * @todo Is this ^ still?
*
* @param string $variable The variable we want to return.
* @param mixed $default A default value for the variable if it is not found.
diff --git a/engine/lib/navigation.php b/engine/lib/navigation.php
index cdf3d0f67..1305ee3de 100644
--- a/engine/lib/navigation.php
+++ b/engine/lib/navigation.php
@@ -154,17 +154,20 @@ function elgg_is_menu_item_registered($menu_name, $item_name) {
}
/**
- * Convenience function for registering an add content button to title menu
+ * Convenience function for registering a button to title menu
*
- * The add URL must be $handler/add/$guid where $guid is the guid of the page owner.
- * The label of the button is "$handler:add" so that must be defined in a
+ * The URL must be $handler/$name/$guid where $guid is the guid of the page owner.
+ * The label of the button is "$handler:$name" so that must be defined in a
* language file.
*
+ * This is used primarily to support adding an add content button
+ *
* @param string $handler The handler to use or null to autodetect from context
+ * @param string $name Name of the button
* @return void
* @since 1.8.0
*/
-function elgg_register_add_button($handler = null) {
+function elgg_register_title_button($handler = null, $name = 'add') {
if (elgg_is_logged_in()) {
if (!$handler) {
@@ -179,9 +182,9 @@ function elgg_register_add_button($handler = null) {
if ($owner && $owner->canWriteToContainer()) {
$guid = $owner->getGUID();
elgg_register_menu_item('title', array(
- 'name' => 'add',
- 'href' => "$handler/add/$guid",
- 'text' => elgg_echo("$handler:add"),
+ 'name' => $name,
+ 'href' => "$handler/$name/$guid",
+ 'text' => elgg_echo("$handler:$name"),
'link_class' => 'elgg-button elgg-button-action',
));
}
diff --git a/engine/lib/river.php b/engine/lib/river.php
index 36dde7f05..64ddcfdc1 100644
--- a/engine/lib/river.php
+++ b/engine/lib/river.php
@@ -185,6 +185,9 @@ function elgg_delete_river(array $options = array()) {
$query = "DELETE rv.* FROM {$CONFIG->dbprefix}river rv ";
+ // remove identical join clauses
+ $joins = array_unique($options['joins']);
+
// add joins
foreach ($joins as $j) {
$query .= " $j ";
@@ -469,7 +472,7 @@ function elgg_get_river_type_subtype_where_sql($table, $types, $subtypes, $pairs
}
if (is_array($wheres) && count($wheres)) {
- $wheres = array(implode(' AND ', $wheres));
+ $wheres = array(implode(' OR ', $wheres));
}
} else {
// using type/subtype pairs
@@ -589,10 +592,13 @@ function elgg_river_page_handler($page) {
elgg_set_page_owner_guid(elgg_get_logged_in_user_guid());
+ // make a URL segment available in page handler script
$page_type = elgg_extract(0, $page, 'all');
+ $page_type = preg_replace('[\W]', '', $page_type);
if ($page_type == 'owner') {
$page_type = 'mine';
}
+ set_input('page_type', $page_type);
// content filter code here
$entity_type = '';
diff --git a/engine/lib/users.php b/engine/lib/users.php
index e7e1a57f0..48f10f974 100644
--- a/engine/lib/users.php
+++ b/engine/lib/users.php
@@ -1383,7 +1383,10 @@ function elgg_profile_fields_setup() {
function elgg_avatar_page_handler($page) {
global $CONFIG;
- set_input('username', $page[1]);
+ $user = get_user_by_username($page[1]);
+ if ($user) {
+ elgg_set_page_owner_guid($user->getGUID());
+ }
if ($page[0] == 'edit') {
require_once("{$CONFIG->path}pages/avatar/edit.php");
diff --git a/engine/lib/views.php b/engine/lib/views.php
index dde298c2b..7686a8bef 100644
--- a/engine/lib/views.php
+++ b/engine/lib/views.php
@@ -309,6 +309,11 @@ function elgg_view_exists($view, $viewtype = '', $recurse = true) {
}
}
+ // Now check if the default view exists if the view is registered as a fallback
+ if ($viewtype != 'default' && elgg_does_viewtype_fallback($viewtype)) {
+ return elgg_view_exists($view, 'default');
+ }
+
return false;
}
@@ -1543,8 +1548,8 @@ function elgg_views_boot() {
elgg_register_simplecache_view('css/ie6');
elgg_register_simplecache_view('js/elgg');
- elgg_register_js('jquery', '/vendors/jquery/jquery-1.6.1.min.js', 'head', 1);
- elgg_register_js('jquery-ui', '/vendors/jquery/jquery-ui-1.8.14.min.js', 'head', 2);
+ elgg_register_js('jquery', '/vendors/jquery/jquery-1.6.2.min.js', 'head', 1);
+ elgg_register_js('jquery-ui', '/vendors/jquery/jquery-ui-1.8.16.min.js', 'head', 2);
elgg_register_js('jquery.form', '/vendors/jquery/jquery.form.js');
elgg_load_js('jquery');
elgg_load_js('jquery-ui');