diff options
Diffstat (limited to 'engine/lib')
-rw-r--r-- | engine/lib/input.php | 5 | ||||
-rw-r--r-- | engine/lib/navigation.php | 17 | ||||
-rw-r--r-- | engine/lib/river.php | 8 | ||||
-rw-r--r-- | engine/lib/users.php | 5 | ||||
-rw-r--r-- | engine/lib/views.php | 9 |
5 files changed, 33 insertions, 11 deletions
diff --git a/engine/lib/input.php b/engine/lib/input.php index 84752bc7d..56ec214dc 100644 --- a/engine/lib/input.php +++ b/engine/lib/input.php @@ -10,8 +10,13 @@ /** * Get some input from variables passed on the GET or POST line. * + * If using any data obtained from get_input() in a web page, please be aware that + * it is a possible vector for a reflected XSS attack. If you are expecting an + * integer, cast it to an int. If it is a string, escape quotes. + * * Note: this function does not handle nested arrays (ex: form input of param[m][n]) * because of the filtering done in htmlawed from the filter_tags call. + * @todo Is this ^ still? * * @param string $variable The variable we want to return. * @param mixed $default A default value for the variable if it is not found. diff --git a/engine/lib/navigation.php b/engine/lib/navigation.php index cdf3d0f67..1305ee3de 100644 --- a/engine/lib/navigation.php +++ b/engine/lib/navigation.php @@ -154,17 +154,20 @@ function elgg_is_menu_item_registered($menu_name, $item_name) { } /** - * Convenience function for registering an add content button to title menu + * Convenience function for registering a button to title menu * - * The add URL must be $handler/add/$guid where $guid is the guid of the page owner. - * The label of the button is "$handler:add" so that must be defined in a + * The URL must be $handler/$name/$guid where $guid is the guid of the page owner. + * The label of the button is "$handler:$name" so that must be defined in a * language file. * + * This is used primarily to support adding an add content button + * * @param string $handler The handler to use or null to autodetect from context + * @param string $name Name of the button * @return void * @since 1.8.0 */ -function elgg_register_add_button($handler = null) { +function elgg_register_title_button($handler = null, $name = 'add') { if (elgg_is_logged_in()) { if (!$handler) { @@ -179,9 +182,9 @@ function elgg_register_add_button($handler = null) { if ($owner && $owner->canWriteToContainer()) { $guid = $owner->getGUID(); elgg_register_menu_item('title', array( - 'name' => 'add', - 'href' => "$handler/add/$guid", - 'text' => elgg_echo("$handler:add"), + 'name' => $name, + 'href' => "$handler/$name/$guid", + 'text' => elgg_echo("$handler:$name"), 'link_class' => 'elgg-button elgg-button-action', )); } diff --git a/engine/lib/river.php b/engine/lib/river.php index 36dde7f05..64ddcfdc1 100644 --- a/engine/lib/river.php +++ b/engine/lib/river.php @@ -185,6 +185,9 @@ function elgg_delete_river(array $options = array()) { $query = "DELETE rv.* FROM {$CONFIG->dbprefix}river rv "; + // remove identical join clauses + $joins = array_unique($options['joins']); + // add joins foreach ($joins as $j) { $query .= " $j "; @@ -469,7 +472,7 @@ function elgg_get_river_type_subtype_where_sql($table, $types, $subtypes, $pairs } if (is_array($wheres) && count($wheres)) { - $wheres = array(implode(' AND ', $wheres)); + $wheres = array(implode(' OR ', $wheres)); } } else { // using type/subtype pairs @@ -589,10 +592,13 @@ function elgg_river_page_handler($page) { elgg_set_page_owner_guid(elgg_get_logged_in_user_guid()); + // make a URL segment available in page handler script $page_type = elgg_extract(0, $page, 'all'); + $page_type = preg_replace('[\W]', '', $page_type); if ($page_type == 'owner') { $page_type = 'mine'; } + set_input('page_type', $page_type); // content filter code here $entity_type = ''; diff --git a/engine/lib/users.php b/engine/lib/users.php index e7e1a57f0..48f10f974 100644 --- a/engine/lib/users.php +++ b/engine/lib/users.php @@ -1383,7 +1383,10 @@ function elgg_profile_fields_setup() { function elgg_avatar_page_handler($page) { global $CONFIG; - set_input('username', $page[1]); + $user = get_user_by_username($page[1]); + if ($user) { + elgg_set_page_owner_guid($user->getGUID()); + } if ($page[0] == 'edit') { require_once("{$CONFIG->path}pages/avatar/edit.php"); diff --git a/engine/lib/views.php b/engine/lib/views.php index dde298c2b..7686a8bef 100644 --- a/engine/lib/views.php +++ b/engine/lib/views.php @@ -309,6 +309,11 @@ function elgg_view_exists($view, $viewtype = '', $recurse = true) { } } + // Now check if the default view exists if the view is registered as a fallback + if ($viewtype != 'default' && elgg_does_viewtype_fallback($viewtype)) { + return elgg_view_exists($view, 'default'); + } + return false; } @@ -1543,8 +1548,8 @@ function elgg_views_boot() { elgg_register_simplecache_view('css/ie6'); elgg_register_simplecache_view('js/elgg'); - elgg_register_js('jquery', '/vendors/jquery/jquery-1.6.1.min.js', 'head', 1); - elgg_register_js('jquery-ui', '/vendors/jquery/jquery-ui-1.8.14.min.js', 'head', 2); + elgg_register_js('jquery', '/vendors/jquery/jquery-1.6.2.min.js', 'head', 1); + elgg_register_js('jquery-ui', '/vendors/jquery/jquery-ui-1.8.16.min.js', 'head', 2); elgg_register_js('jquery.form', '/vendors/jquery/jquery.form.js'); elgg_load_js('jquery'); elgg_load_js('jquery-ui'); |