aboutsummaryrefslogtreecommitdiff
path: root/engine/lib
diff options
context:
space:
mode:
Diffstat (limited to 'engine/lib')
-rw-r--r--engine/lib/actions.php10
-rw-r--r--engine/lib/activity.php169
-rw-r--r--engine/lib/api.php11
-rw-r--r--engine/lib/elgglib.php73
-rw-r--r--engine/lib/entities.php4
-rw-r--r--engine/lib/input.php96
-rw-r--r--engine/lib/output.php150
-rw-r--r--engine/lib/pagehandler.php15
-rw-r--r--engine/lib/river.php (renamed from engine/lib/river2.php)381
-rw-r--r--engine/lib/sessions.php21
10 files changed, 357 insertions, 573 deletions
diff --git a/engine/lib/actions.php b/engine/lib/actions.php
index 66c2d9505..57da1389f 100644
--- a/engine/lib/actions.php
+++ b/engine/lib/actions.php
@@ -21,9 +21,6 @@
function action($action, $forwarder = "") {
global $CONFIG;
- // set GET params
- elgg_set_input_from_uri();
-
// @todo REMOVE THESE ONCE #1509 IS IN PLACE.
// Allow users to disable plugins without a token in order to
// remove plugins that are imcompatible.
@@ -72,6 +69,8 @@ function action($action, $forwarder = "") {
} else {
register_error(elgg_echo('actionloggedout'));
}
+ } else {
+ register_error(elgg_echo('actionunauthorized'));
}
} else {
register_error(sprintf(elgg_echo('actionundefined'),$action));
@@ -197,14 +196,11 @@ function generate_action_token($timestamp) {
// Current session id
$session_id = session_id();
- // Get user agent
- $ua = $_SERVER['HTTP_USER_AGENT'];
-
// Session token
$st = $_SESSION['__elgg_session'];
if (($site_secret) && ($session_id)) {
- return md5($site_secret.$timestamp.$session_id.$ua.$st);
+ return md5($site_secret.$timestamp.$session_id.$st);
}
return FALSE;
diff --git a/engine/lib/activity.php b/engine/lib/activity.php
deleted file mode 100644
index 51b083531..000000000
--- a/engine/lib/activity.php
+++ /dev/null
@@ -1,169 +0,0 @@
-<?php
-/**
- * Elgg activity stream.
- * Functions for listening for and generating the rich activity stream from the
- * system log.
- *
- * @package Elgg
- * @subpackage Core
- * @author Curverider Ltd
- * @link http://elgg.org/
- */
-
-/**
- * Construct and execute the query required for the activity stream.
- *
- * @param int $limit Limit the query.
- * @param int $offset Execute from the given object
- * @param mixed $type A type, or array of types to look for. Note: This is how they appear in the SYSTEM LOG.
- * @param mixed $subtype A subtype, or array of types to look for. Note: This is how they appear in the SYSTEM LOG.
- * @param mixed $owner_guid The guid or a collection of GUIDs
- * @param string $owner_relationship If defined, the relationship between $owner_guid and the entity owner_guid - so "is $owner_guid $owner_relationship with $entity->owner_guid"
- * @return array An array of system log entries.
- */
-function get_activity_stream_data($limit = 10, $offset = 0, $type = "", $subtype = "", $owner_guid = "", $owner_relationship = "") {
- global $CONFIG;
-
- $limit = (int)$limit;
- $offset = (int)$offset;
-
- if ($type) {
- if (!is_array($type)) {
- $type = array(sanitise_string($type));
- } else {
- foreach ($type as $k => $v) {
- $type[$k] = sanitise_string($v);
- }
- }
- }
-
- if ($subtype) {
- if (!is_array($subtype)) {
- $subtype = array(sanitise_string($subtype));
- } else {
- foreach ($subtype as $k => $v) {
- $subtype[$k] = sanitise_string($v);
- }
- }
- }
-
- if ($owner_guid) {
- if (is_array($owner_guid)) {
- foreach ($owner_guid as $k => $v) {
- $owner_guid[$k] = (int)$v;
- }
- } else {
- $owner_guid = array((int)$owner_guid);
- }
- }
-
- $owner_relationship = sanitise_string($owner_relationship);
-
- // Get a list of possible views
- $activity_events= array();
- $activity_views = array_merge(elgg_view_tree('activity', 'default'), elgg_view_tree('river', 'default')); // Join activity with river
-
- $done = array();
-
- foreach ($activity_views as $view) {
- $fragments = explode('/', $view);
- $tmp = explode('/',$view, 2);
- $tmp = $tmp[1];
-
- if ((isset($fragments[0])) && (($fragments[0] == 'river') || ($fragments[0] == 'activity'))
- && (!in_array($tmp, $done))) {
-
- if (isset($fragments[1])) {
- $f = array();
- for ($n = 1; $n < count($fragments); $n++) {
- $val = sanitise_string($fragments[$n]);
- switch($n) {
- case 1: $key = 'type'; break;
- case 2: $key = 'subtype'; break;
- case 3: $key = 'event'; break;
- }
- $f[$key] = $val;
- }
-
- // Filter result based on parameters
- $add = true;
- if ($type) {
- if (!in_array($f['type'], $type)) {
- $add = false;
- }
- }
- if (($add) && ($subtype)) {
- if (!in_array($f['subtype'], $subtype)) {
- $add = false;
- }
- }
- if (($add) && ($event)) {
- if (!in_array($f['event'], $event)) {
- $add = false;
- }
- }
-
- if ($add) {
- $activity_events[] = $f;
- }
- }
-
- $done[] = $tmp;
- }
- }
-
- $n = 0;
- foreach ($activity_events as $details) {
- // Get what we're talking about
- if ($details['subtype'] == 'default') {
- $details['subtype'] = '';
- }
-
- if (($details['type']) && ($details['event'])) {
- if ($n > 0) {
- $obj_query .= " or ";
- }
-
- $access = "";
- if ($details['type']!='relationship') {
- $access = " and " . get_access_sql_suffix('sl');
- }
-
- $obj_query .= "( sl.object_type='{$details['type']}'
- AND sl.object_subtype='{$details['subtype']}'
- AND sl.event='{$details['event']}' $access )";
-
- $n++;
- }
- }
-
- // User
- if ((count($owner_guid)) && ($owner_guid[0] != 0)) {
- $user = " and sl.performed_by_guid in (".implode(',', $owner_guid).")";
-
- if ($owner_relationship) {
- $friendsarray = "";
- if ($friends = elgg_get_entities_from_relationship(array(
- 'relationship' => $owner_relationship,
- 'relationship_guid' => $owner_guid[0],
- 'inverse_relationship' => FALSE,
- 'types' => 'user',
- 'subtypes' => $subtype,
- 'limit' => 9999))
- ) {
-
- $friendsarray = array();
- foreach($friends as $friend) {
- $friendsarray[] = $friend->getGUID();
- }
-
- $user = " and sl.performed_by_guid in (" . implode(',', $friendsarray).")";
- }
- }
- }
-
- $query = "SELECT sl.* FROM {$CONFIG->dbprefix}system_log sl
- WHERE 1 $user AND ($obj_query)
- ORDER BY sl.time_created desc limit $offset, $limit";
- return get_data($query);
-}
diff --git a/engine/lib/api.php b/engine/lib/api.php
index 6707a7418..0da0c82f0 100644
--- a/engine/lib/api.php
+++ b/engine/lib/api.php
@@ -1438,17 +1438,6 @@ function __php_api_exception_handler($exception) {
function service_handler($handler, $request) {
global $CONFIG;
- // setup the input parameters since this comes through rewrite rule
- $query = substr($_SERVER['REQUEST_URI'], strpos($_SERVER['REQUEST_URI'], '?')+1);
- if (isset($query)) {
- $query_arr = elgg_parse_str($query);
- if (is_array($query_arr)) {
- foreach($query_arr as $name => $val) {
- set_input($name, $val);
- }
- }
- }
-
set_context('api');
$request = explode('/',$request);
diff --git a/engine/lib/elgglib.php b/engine/lib/elgglib.php
index fd99cee0b..eac75403f 100644
--- a/engine/lib/elgglib.php
+++ b/engine/lib/elgglib.php
@@ -476,11 +476,10 @@ function elgg_view_regenerate_simplecache() {
function elgg_view_enable_simplecache() {
global $CONFIG;
- if(!$CONFIG->simplecache_enabled) {
- datalist_set('simplecache_enabled',1);
- $CONFIG->simplecache_enabled = 1;
- elgg_view_regenerate_simplecache();
- }
+
+ datalist_set('simplecache_enabled',1);
+ $CONFIG->simplecache_enabled = 1;
+ elgg_view_regenerate_simplecache();
}
/**
@@ -1386,6 +1385,39 @@ function elgg_extend_view($view, $view_extension, $priority = 501, $viewtype = '
}
/**
+ * Unextends a view.
+ *
+ * @param string $view The view that was extended.
+ * @param string $view_extension This view that was added to $view
+ * @return bool
+ * @since 1.7.2
+ */
+function elgg_unextend_view($view, $view_extension) {
+ global $CONFIG;
+
+ if (!isset($CONFIG->views)) {
+ return FALSE;
+ }
+
+ if (!isset($CONFIG->views->extensions)) {
+ return FALSE;
+ }
+
+ if (!isset($CONFIG->views->extensions[$view])) {
+ return FALSE;
+ }
+
+ $priority = array_search($view_extension, $CONFIG->views->extensions[$view]);
+ if ($priority === FALSE) {
+ return FALSE;
+ }
+
+ unset($CONFIG->views->extensions[$view][$priority]);
+
+ return TRUE;
+}
+
+/**
* @deprecated 1.7. Use elgg_extend_view().
* @param $view
* @param $view_name
@@ -1498,26 +1530,6 @@ function page_draw($title, $body, $sidebar = "") {
}
/**
- * Displays a UNIX timestamp in a friendly way (eg "less than a minute ago")
- *
- * @param int $time A UNIX epoch timestamp
- * @return string The friendly time
- */
-function friendly_time($time) {
- return elgg_view('output/friendlytime', array('time' => $time));
-}
-
-/**
- * When given a title, returns a version suitable for inclusion in a URL
- *
- * @param string $title The title
- * @return string The optimised title
- */
-function friendly_title($title) {
- return elgg_view('output/friendlytitle', array('title' => $title));
-}
-
-/**
* Library loading and handling
*/
@@ -2813,17 +2825,6 @@ interface Friendable {
}
/**
- * Handles formatting of ampersands in urls
- *
- * @param string $url
- * @return string
- * @since 1.7.1
- */
-function elgg_format_url($url) {
- return preg_replace('/&(?!amp;)/', '&amp;', $url);
-}
-
-/**
* Rebuilds a parsed (partial) URL
*
* @param array $parts Associative array of URL components like parse_url() returns
diff --git a/engine/lib/entities.php b/engine/lib/entities.php
index 481feac6b..8e20ec269 100644
--- a/engine/lib/entities.php
+++ b/engine/lib/entities.php
@@ -2319,8 +2319,8 @@ function elgg_get_entity_site_where_sql($table, $site_guids) {
*/
function elgg_list_entities($options) {
$defaults = array(
- 'offset' => 0,
- 'limit' => 10,
+ 'offset' => (int) max(get_input('offset', 0), 0),
+ 'limit' => (int) max(get_input('limit', 10), 0),
'full_view' => TRUE,
'view_type_toggle' => FALSE,
'pagination' => TRUE
diff --git a/engine/lib/input.php b/engine/lib/input.php
index 26416d646..cf0af2b8e 100644
--- a/engine/lib/input.php
+++ b/engine/lib/input.php
@@ -105,102 +105,6 @@ function sanitise_filepath($path) {
return $path;
}
-
-/**
- * Takes a string and turns any URLs into formatted links
- *
- * @param string $text The input string
- * @return string The output stirng with formatted links
- **/
-function parse_urls($text) {
- // @todo this causes problems with <attr = "val">
- // must be ing <attr="val"> format (no space).
- // By default htmlawed rewrites tags to this format.
- // if PHP supported conditional negative lookbehinds we could use this:
- // $r = preg_replace_callback('/(?<!=)(?<![ ])?(?<!["\'])((ht|f)tps?:\/\/[^\s\r\n\t<>"\'\!\(\),]+)/i',
- //
- // we can put , in the list of excluded char but need to keep . because of domain names.
- // it is removed in the callback.
- $r = preg_replace_callback('/(?<!=)(?<!["\'])((ht|f)tps?:\/\/[^\s\r\n\t<>"\'\!\(\),]+)/i',
- create_function(
- '$matches',
- '
- $url = $matches[1];
- $period = \'\';
- if (substr($url, -1, 1) == \'.\') {
- $period = \'.\';
- $url = trim($url, \'.\');
- }
- $urltext = str_replace("/", "/<wbr />", $url);
- return "<a href=\"$url\" style=\"text-decoration:underline;\">$urltext</a>$period";
- '
- ), $text);
-
- return $r;
-}
-
-/**
- *
- * Adds P tags.
- * Borrowed from Wordpress.
- *
- **/
-function autop($pee, $br = 1) {
- $pee = $pee . "\n"; // just to make things a little easier, pad the end
- $pee = preg_replace('|<br />\s*<br />|', "\n\n", $pee);
- // Space things out a little
- $allblocks = '(?:table|thead|tfoot|caption|colgroup|tbody|tr|td|th|div|dl|dd|dt|ul|ol|li|pre|select|form|map|area|blockquote|address|math|style|input|p|h[1-6]|hr)';
- $pee = preg_replace('!(<' . $allblocks . '[^>]*>)!', "\n$1", $pee);
- $pee = preg_replace('!(</' . $allblocks . '>)!', "$1\n\n", $pee);
- $pee = str_replace(array("\r\n", "\r"), "\n", $pee); // cross-platform newlines
- if ( strpos($pee, '<object') !== false ) {
- $pee = preg_replace('|\s*<param([^>]*)>\s*|', "<param$1>", $pee); // no pee inside object/embed
- $pee = preg_replace('|\s*</embed>\s*|', '</embed>', $pee);
- }
- $pee = preg_replace("/\n\n+/", "\n\n", $pee); // take care of duplicates
- $pee = preg_replace('/\n?(.+?)(?:\n\s*\n|\z)/s', "<p>$1</p>\n", $pee); // make paragraphs, including one at the end
- $pee = preg_replace('|<p>\s*?</p>|', '', $pee); // under certain strange conditions it could create a P of entirely whitespace
- $pee = preg_replace('!<p>([^<]+)\s*?(</(?:div|address|form)[^>]*>)!', "<p>$1</p>$2", $pee);
- $pee = preg_replace( '|<p>|', "$1<p>", $pee );
- $pee = preg_replace('!<p>\s*(</?' . $allblocks . '[^>]*>)\s*</p>!', "$1", $pee); // don't pee all over a tag
- $pee = preg_replace("|<p>(<li.+?)</p>|", "$1", $pee); // problem with nested lists
- $pee = preg_replace('|<p><blockquote([^>]*)>|i', "<blockquote$1><p>", $pee);
- $pee = str_replace('</blockquote></p>', '</p></blockquote>', $pee);
- $pee = preg_replace('!<p>\s*(</?' . $allblocks . '[^>]*>)!', "$1", $pee);
- $pee = preg_replace('!(</?' . $allblocks . '[^>]*>)\s*</p>!', "$1", $pee);
- if ($br) {
- $pee = preg_replace_callback('/<(script|style).*?<\/\\1>/s', create_function('$matches', 'return str_replace("\n", "<WPPreserveNewline />", $matches[0]);'), $pee);
- $pee = preg_replace('|(?<!<br />)\s*\n|', "<br />\n", $pee); // optionally make line breaks
- $pee = str_replace('<WPPreserveNewline />', "\n", $pee);
- }
- $pee = preg_replace('!(</?' . $allblocks . '[^>]*>)\s*<br />!', "$1", $pee);
- $pee = preg_replace('!<br />(\s*</?(?:p|li|div|dl|dd|dt|th|pre|td|ul|ol)[^>]*>)!', '$1', $pee);
-// if (strpos($pee, '<pre') !== false) {
-// mind the space between the ? and >. Only there because of the comment.
-// $pee = preg_replace_callback('!(<pre.*? >)(.*?)</pre>!is', 'clean_pre', $pee );
-// }
- $pee = preg_replace( "|\n</p>$|", '</p>', $pee );
-
- return $pee;
-}
-
-/**
- * Examins $_SERVER['REQUEST_URI'] and set_input()s on each.
- * Required if the params are sent as GET and not forwarded by mod_rewrite.
- *
- * @return bool on success
- */
-function elgg_set_input_from_uri() {
- $query = parse_url($_SERVER['REQUEST_URI'], PHP_URL_QUERY);
- $query_arr = elgg_parse_str($query);
-
- if (is_array($query_arr)) {
- foreach($query_arr as $name => $val) {
- set_input($name, $val);
- }
- }
-}
-
/**
* Page handler for autocomplete endpoint.
*
diff --git a/engine/lib/output.php b/engine/lib/output.php
new file mode 100644
index 000000000..d2b76a482
--- /dev/null
+++ b/engine/lib/output.php
@@ -0,0 +1,150 @@
+<?php
+/**
+ * Output functions
+ * Processing text for output, formatting HTML,
+ *
+ * @package Elgg
+ * @subpackage Core
+ * @author Curverider Ltd <info@elgg.com>
+ * @link http://elgg.org/
+ */
+
+/**
+ * Takes a string and turns any URLs into formatted links
+ *
+ * @param string $text The input string
+ * @return string The output stirng with formatted links
+ **/
+function parse_urls($text) {
+ // @todo this causes problems with <attr = "val">
+ // must be ing <attr="val"> format (no space).
+ // By default htmlawed rewrites tags to this format.
+ // if PHP supported conditional negative lookbehinds we could use this:
+ // $r = preg_replace_callback('/(?<!=)(?<![ ])?(?<!["\'])((ht|f)tps?:\/\/[^\s\r\n\t<>"\'\!\(\),]+)/i',
+ //
+ // we can put , in the list of excluded char but need to keep . because of domain names.
+ // it is removed in the callback.
+ $r = preg_replace_callback('/(?<!=)(?<!["\'])((ht|f)tps?:\/\/[^\s\r\n\t<>"\'\!\(\),]+)/i',
+ create_function(
+ '$matches',
+ '
+ $url = $matches[1];
+ $period = \'\';
+ if (substr($url, -1, 1) == \'.\') {
+ $period = \'.\';
+ $url = trim($url, \'.\');
+ }
+ $urltext = str_replace("/", "/<wbr />", $url);
+ return "<a href=\"$url\" style=\"text-decoration:underline;\">$urltext</a>$period";
+ '
+ ), $text);
+
+ return $r;
+}
+
+/**
+ * Create paragraphs from text with line spacing
+ * Borrowed from Wordpress.
+ *
+ **/
+function autop($pee, $br = 1) {
+ $pee = $pee . "\n"; // just to make things a little easier, pad the end
+ $pee = preg_replace('|<br />\s*<br />|', "\n\n", $pee);
+ // Space things out a little
+ $allblocks = '(?:table|thead|tfoot|caption|colgroup|tbody|tr|td|th|div|dl|dd|dt|ul|ol|li|pre|select|form|map|area|blockquote|address|math|style|input|p|h[1-6]|hr)';
+ $pee = preg_replace('!(<' . $allblocks . '[^>]*>)!', "\n$1", $pee);
+ $pee = preg_replace('!(</' . $allblocks . '>)!', "$1\n\n", $pee);
+ $pee = str_replace(array("\r\n", "\r"), "\n", $pee); // cross-platform newlines
+ if ( strpos($pee, '<object') !== false ) {
+ $pee = preg_replace('|\s*<param([^>]*)>\s*|', "<param$1>", $pee); // no pee inside object/embed
+ $pee = preg_replace('|\s*</embed>\s*|', '</embed>', $pee);
+ }
+ $pee = preg_replace("/\n\n+/", "\n\n", $pee); // take care of duplicates
+ $pee = preg_replace('/\n?(.+?)(?:\n\s*\n|\z)/s', "<p>$1</p>\n", $pee); // make paragraphs, including one at the end
+ $pee = preg_replace('|<p>\s*?</p>|', '', $pee); // under certain strange conditions it could create a P of entirely whitespace
+ $pee = preg_replace('!<p>([^<]+)\s*?(</(?:div|address|form)[^>]*>)!', "<p>$1</p>$2", $pee);
+ $pee = preg_replace( '|<p>|', "$1<p>", $pee );
+ $pee = preg_replace('!<p>\s*(</?' . $allblocks . '[^>]*>)\s*</p>!', "$1", $pee); // don't pee all over a tag
+ $pee = preg_replace("|<p>(<li.+?)</p>|", "$1", $pee); // problem with nested lists
+ $pee = preg_replace('|<p><blockquote([^>]*)>|i', "<blockquote$1><p>", $pee);
+ $pee = str_replace('</blockquote></p>', '</p></blockquote>', $pee);
+ $pee = preg_replace('!<p>\s*(</?' . $allblocks . '[^>]*>)!', "$1", $pee);
+ $pee = preg_replace('!(</?' . $allblocks . '[^>]*>)\s*</p>!', "$1", $pee);
+ if ($br) {
+ $pee = preg_replace_callback('/<(script|style).*?<\/\\1>/s', create_function('$matches', 'return str_replace("\n", "<WPPreserveNewline />", $matches[0]);'), $pee);
+ $pee = preg_replace('|(?<!<br />)\s*\n|', "<br />\n", $pee); // optionally make line breaks
+ $pee = str_replace('<WPPreserveNewline />', "\n", $pee);
+ }
+ $pee = preg_replace('!(</?' . $allblocks . '[^>]*>)\s*<br />!', "$1", $pee);
+ $pee = preg_replace('!<br />(\s*</?(?:p|li|div|dl|dd|dt|th|pre|td|ul|ol)[^>]*>)!', '$1', $pee);
+// if (strpos($pee, '<pre') !== false) {
+// mind the space between the ? and >. Only there because of the comment.
+// $pee = preg_replace_callback('!(<pre.*? >)(.*?)</pre>!is', 'clean_pre', $pee );
+// }
+ $pee = preg_replace( "|\n</p>$|", '</p>', $pee );
+
+ return $pee;
+}
+
+/**
+ * Returns an excerpt.
+ * Will return up to n chars stopping at the nearest space.
+ * If no spaces are found (like in Japanese) will crop off at the
+ * n char mark. Adds ... if any text was chopped.
+ *
+ * @param string $text
+ * @param int $num_chars Return a string up to $num_chars long
+ * @return string
+ * @since 1.7.2
+ */
+function elgg_make_excerpt($text, $num_chars = 250) {
+ $text = trim(strip_tags($text));
+ $string_length = elgg_strlen($text);
+
+ // handle cases
+ $excerpt = elgg_substr($text, 0, $num_chars);
+ $space = elgg_strrpos($excerpt, ' ', 0);
+
+ // don't crop if can't find a space.
+ if ($space === FALSE) {
+ $space = $num_chars;
+ }
+ $excerpt = trim(elgg_substr($excerpt, 0, $space));
+
+ if ($string_length != elgg_strlen($excerpt)) {
+ $excerpt .= '...';
+ }
+
+ return $excerpt;
+}
+
+/**
+ * Handles formatting of ampersands in urls
+ *
+ * @param string $url
+ * @return string
+ * @since 1.7.1
+ */
+function elgg_format_url($url) {
+ return preg_replace('/&(?!amp;)/', '&amp;', $url);
+}
+
+/**
+ * When given a title, returns a version suitable for inclusion in a URL
+ *
+ * @param string $title The title
+ * @return string The optimised title
+ */
+function friendly_title($title) {
+ return elgg_view('output/friendlytitle', array('title' => $title));
+}
+
+/**
+ * Displays a UNIX timestamp in a friendly way (eg "less than a minute ago")
+ *
+ * @param int $time A UNIX epoch timestamp
+ * @return string The friendly time
+ */
+function friendly_time($time) {
+ return elgg_view('output/friendlytime', array('time' => $time));
+} \ No newline at end of file
diff --git a/engine/lib/pagehandler.php b/engine/lib/pagehandler.php
index fc11f2d67..490b81159 100644
--- a/engine/lib/pagehandler.php
+++ b/engine/lib/pagehandler.php
@@ -20,20 +20,7 @@ function page_handler($handler, $page) {
set_context($handler);
- // if there are any query parameters, make them available from get_input
- if (strpos($_SERVER['REQUEST_URI'], '?') !== FALSE) {
- $query = substr($_SERVER['REQUEST_URI'], strpos($_SERVER['REQUEST_URI'], '?') + 1);
- if (isset($query)) {
- $query_arr = elgg_parse_str($query);
- if (is_array($query_arr)) {
- foreach($query_arr as $name => $val) {
- set_input($name, $val);
- }
- }
- }
- }
-
- $page = explode('/', $page);
+ $page = explode('/',$page);
// remove empty array element when page url ends in a / (see #1480)
if ($page[count($page) - 1] === '') {
array_pop($page);
diff --git a/engine/lib/river2.php b/engine/lib/river.php
index a4908167d..61d40f6ef 100644
--- a/engine/lib/river2.php
+++ b/engine/lib/river.php
@@ -49,7 +49,7 @@ function add_to_river($view,$action_type,$subject_guid,$object_guid,$access_id =
global $CONFIG;
// Attempt to save river item; return success status
- $insert_data = insert_data("insert into {$CONFIG->dbprefix}river " .
+ return insert_data("insert into {$CONFIG->dbprefix}river " .
" set type = '{$type}', " .
" subtype = '{$subtype}', " .
" action_type = '{$action_type}', " .
@@ -59,12 +59,6 @@ function add_to_river($view,$action_type,$subject_guid,$object_guid,$access_id =
" object_guid = {$object_guid}, " .
" annotation_id = {$annotation_id}, " .
" posted = {$posted} ");
-
- //update the entities which had the action carried out on it
- if($insert_data){
- update_entity_last_action($object_guid, $posted);
- return $insert_data;
- }
}
/**
@@ -119,6 +113,23 @@ function remove_from_river_by_annotation($annotation_id) {
}
/**
+ * Removes a single river entry
+ *
+ * @param int $id The ID of the river entry
+ * @return true|false Depending on success
+ * @since 1.7.2
+ */
+function remove_from_river_by_id($id) {
+ global $CONFIG;
+
+ // Sanitise
+ $id = (int) $id;
+
+ return delete_data("delete from {$CONFIG->dbprefix}river where id = {$id}");
+}
+
+
+/**
* Sets the access ID on river items for a particular object
*
* @param int $object_guid The GUID of the entity
@@ -253,118 +264,6 @@ function get_river_items($subject_guid = 0, $object_guid = 0, $subject_relations
}
/**
- * Retrieves items from the river. All parameters are optional.
- *
- * @param int|array $subject_guid Acting entity to restrict to. Default: all
- * @param int|array $object_guid Entity being acted on to restrict to. Default: all
- * @param string $subject_relationship If set to a relationship type, this will use
- * $subject_guid as the starting point and set the subjects to be all users this
- * entity has this relationship with (eg 'friend'). Default: blank
- * @param string $type The type of entity to restrict to. Default: all
- * @param string $subtype The subtype of entity to restrict to. Default: all
- * @param string $action_type The type of river action to restrict to. Default: all
- * @param int $limit The number of items to retrieve. Default: 20
- * @param int $offset The page offset. Default: 0
- * @param int $posted_min The minimum time period to look at. Default: none
- * @param int $posted_max The maximum time period to look at. Default: none
- * @return array|false Depending on success
- */
-function elgg_get_river_items($subject_guid = 0, $object_guid = 0, $subject_relationship = '', $type = '',
- $subtype = '', $action_type = '', $limit = 10, $offset = 0, $posted_min = 0, $posted_max = 0) {
-
- // Get config
- global $CONFIG;
-
- // Sanitise variables
- if (!is_array($subject_guid)) {
- $subject_guid = (int) $subject_guid;
- } else {
- foreach($subject_guid as $key => $temp) {
- $subject_guid[$key] = (int) $temp;
- }
- }
- if (!is_array($object_guid)) {
- $object_guid = (int) $object_guid;
- } else {
- foreach($object_guid as $key => $temp) {
- $object_guid[$key] = (int) $temp;
- }
- }
- if (!empty($type)) {
- $type = sanitise_string($type);
- }
- if (!empty($subtype)) {
- $subtype = sanitise_string($subtype);
- }
- if (!empty($action_type)) {
- $action_type = sanitise_string($action_type);
- }
- $limit = (int) $limit;
- $offset = (int) $offset;
- $posted_min = (int) $posted_min;
- $posted_max = (int) $posted_max;
-
- // Construct 'where' clauses for the river
- $where = array();
- $where[] = str_replace("and enabled='yes'",'',str_replace('owner_guid','subject_guid',get_access_sql_suffix_new('er','e')));
-
- if (empty($subject_relationship)) {
- if (!empty($subject_guid)) {
- if (!is_array($subject_guid)) {
- $where[] = " subject_guid = {$subject_guid} ";
- } else {
- $where[] = " subject_guid in (" . implode(',',$subject_guid) . ") ";
- }
- }
- } else {
- if (!is_array($subject_guid)) {
- if ($entities = get_entities_from_relationship($subject_relationship,$subject_guid,false,'','',0,'',9999)) {
- $guids = array();
- foreach($entities as $entity) {
- $guids[] = (int) $entity->guid;
- }
- // $guids[] = $subject_guid;
- $where[] = " subject_guid in (" . implode(',',$guids) . ") ";
- } else {
- return array();
- }
- }
- }
- if (!empty($object_guid))
- if (!is_array($object_guid)) {
- $where[] = " object_guid = {$object_guid} ";
- } else {
- $where[] = " object_guid in (" . implode(',',$object_guid) . ") ";
- }
- if (!empty($type)) {
- $where[] = " er.type = '{$type}' ";
- }
- if (!empty($subtype)) {
- $where[] = " er.subtype = '{$subtype}' ";
- }
- if (!empty($action_type)) {
- $where[] = " action_type = '{$action_type}' ";
- }
- if (!empty($posted_min)) {
- $where[] = " posted > {$posted_min} ";
- }
- if (!empty($posted_max)) {
- $where[] = " posted < {$posted_max} ";
- }
-
- $whereclause = implode(' and ', $where);
-
- // Construct main SQL
- $sql = "select er.*" .
- " from {$CONFIG->dbprefix}river er, {$CONFIG->dbprefix}entities e " .
- " where {$whereclause} AND er.object_guid = e.guid GROUP BY object_guid " .
- " ORDER BY e.last_action desc LIMIT {$offset},{$limit}";
-
- // Get data
- return get_data($sql);
-}
-
-/**
* Returns a human-readable representation of a river item
*
* @see get_river_items
@@ -386,17 +285,10 @@ function elgg_view_river_item($item) {
));
}
}
- if (get_plugin_setting('activitytype', 'riverdashboard') == 'classic'){
- return elgg_view('river/item/wrapper_classic',array(
- 'item' => $item,
- 'body' => $body
- ));
- }else{
- return elgg_view('river/item/wrapper',array(
- 'item' => $item,
- 'body' => $body
- ));
- }
+ return elgg_view('river/item/wrapper',array(
+ 'item' => $item,
+ 'body' => $body
+ ));
}
return false;
}
@@ -418,20 +310,13 @@ function elgg_view_river_item($item) {
* @return string Human-readable river.
*/
function elgg_view_river_items($subject_guid = 0, $object_guid = 0, $subject_relationship = '',
- $type = '', $subtype = '', $action_type = '', $limit = 20, $posted_min = 0, $posted_max = 0, $pagination = true, $chronological = true) {
+ $type = '', $subtype = '', $action_type = '', $limit = 20, $posted_min = 0, $posted_max = 0, $pagination = true) {
// Get input from outside world and sanitise it
$offset = (int) get_input('offset',0);
- // Get the correct function
- if($chronological == true){
- $riveritems = get_river_items($subject_guid,$object_guid,$subject_relationship,$type,$subtype,$action_type,($limit + 1),$offset,$posted_min,$posted_max);
- }else{
- $riveritems = elgg_get_river_items($subject_guid,$object_guid,$subject_relationship,$type,$subtype,$action_type,($limit + 1),$offset,$posted_min,$posted_max);
- }
-
// Get river items, if they exist
- if ($riveritems) {
+ if ($riveritems = get_river_items($subject_guid,$object_guid,$subject_relationship,$type,$subtype,$action_type,($limit + 1),$offset,$posted_min,$posted_max)) {
return elgg_view('river/item/list',array(
'limit' => $limit,
@@ -444,101 +329,163 @@ function elgg_view_river_items($subject_guid = 0, $object_guid = 0, $subject_rel
return '';
}
+
/**
- * Update last_action on the given entity.
+ * Construct and execute the query required for the activity stream.
*
- * @param int $guid Entity annotation|relationship action carried out on
- * @param int $posted Timestamp of last action
- **/
-function update_entity_last_action($guid, $posted){
- global $CONFIG;
- if(!$posted)
- $posted = time();
- $guid = (int)$guid;
- if($guid){
- //now add to the river updated table
- $query = update_data("UPDATE {$CONFIG->dbprefix}entities SET last_action = {$posted} WHERE guid = {$guid}");
- if($query)
- return true;
- else
- return false;
- }else{
- return false;
- }
-}
-/**
- * This function has been added here until we decide if it is going to roll into core or not
- * Add access restriction sql code to a given query.
- * Note that if this code is executed in privileged mode it will return blank.
- * @TODO: DELETE once Query classes are fully integrated
+ * @deprecated 1.8
*
- * @param string $table_prefix Optional table. prefix for the access code.
- * @param int $owner
+ * @param int $limit Limit the query.
+ * @param int $offset Execute from the given object
+ * @param mixed $type A type, or array of types to look for. Note: This is how they appear in the SYSTEM LOG.
+ * @param mixed $subtype A subtype, or array of types to look for. Note: This is how they appear in the SYSTEM LOG.
+ * @param mixed $owner_guid The guid or a collection of GUIDs
+ * @param string $owner_relationship If defined, the relationship between $owner_guid and the entity owner_guid - so "is $owner_guid $owner_relationship with $entity->owner_guid"
+ * @return array An array of system log entries.
*/
-function get_access_sql_suffix_new($table_prefix_one = '', $table_prefix_two = '', $owner = null) {
- global $ENTITY_SHOW_HIDDEN_OVERRIDE, $CONFIG;
+function get_activity_stream_data($limit = 10, $offset = 0, $type = "", $subtype = "", $owner_guid = "", $owner_relationship = "") {
+ global $CONFIG;
- $sql = "";
- $friends_bit = "";
- $enemies_bit = "";
+ $limit = (int)$limit;
+ $offset = (int)$offset;
- if ($table_prefix_one) {
- $table_prefix_one = sanitise_string($table_prefix_one) . ".";
+ if ($type) {
+ if (!is_array($type)) {
+ $type = array(sanitise_string($type));
+ } else {
+ foreach ($type as $k => $v) {
+ $type[$k] = sanitise_string($v);
+ }
+ }
}
- if ($table_prefix_two) {
- $table_prefix_two = sanitise_string($table_prefix_two) . ".";
+ if ($subtype) {
+ if (!is_array($subtype)) {
+ $subtype = array(sanitise_string($subtype));
+ } else {
+ foreach ($subtype as $k => $v) {
+ $subtype[$k] = sanitise_string($v);
+ }
+ }
}
- if (!isset($owner)) {
- $owner = get_loggedin_userid();
+ if ($owner_guid) {
+ if (is_array($owner_guid)) {
+ foreach ($owner_guid as $k => $v) {
+ $owner_guid[$k] = (int)$v;
+ }
+ } else {
+ $owner_guid = array((int)$owner_guid);
+ }
}
- if (!$owner) {
- $owner = -1;
- }
+ $owner_relationship = sanitise_string($owner_relationship);
+
+ // Get a list of possible views
+ $activity_events= array();
+ $activity_views = array_merge(elgg_view_tree('activity', 'default'), elgg_view_tree('river', 'default')); // Join activity with river
+
+ $done = array();
+
+ foreach ($activity_views as $view) {
+ $fragments = explode('/', $view);
+ $tmp = explode('/',$view, 2);
+ $tmp = $tmp[1];
+
+ if ((isset($fragments[0])) && (($fragments[0] == 'river') || ($fragments[0] == 'activity'))
+ && (!in_array($tmp, $done))) {
+
+ if (isset($fragments[1])) {
+ $f = array();
+ for ($n = 1; $n < count($fragments); $n++) {
+ $val = sanitise_string($fragments[$n]);
+ switch($n) {
+ case 1: $key = 'type'; break;
+ case 2: $key = 'subtype'; break;
+ case 3: $key = 'event'; break;
+ }
+ $f[$key] = $val;
+ }
+
+ // Filter result based on parameters
+ $add = true;
+ if ($type) {
+ if (!in_array($f['type'], $type)) {
+ $add = false;
+ }
+ }
+ if (($add) && ($subtype)) {
+ if (!in_array($f['subtype'], $subtype)) {
+ $add = false;
+ }
+ }
+ if (($add) && ($event)) {
+ if (!in_array($f['event'], $event)) {
+ $add = false;
+ }
+ }
- $ignore_access = elgg_check_access_overrides($owner);
- $access = get_access_list($owner);
-
- if ($ignore_access) {
- $sql = " (1 = 1) ";
- } else if ($owner != -1) {
- $friends_bit = "{$table_prefix_one}access_id = " . ACCESS_FRIENDS . "
- AND {$table_prefix_one}owner_guid IN (
- SELECT guid_one FROM {$CONFIG->dbprefix}entity_relationships
- WHERE relationship='friend' AND guid_two=$owner
- )";
-
- $friends_bit = '('.$friends_bit.') OR ';
-
- if ((isset($CONFIG->user_block_and_filter_enabled)) && ($CONFIG->user_block_and_filter_enabled)) {
- // check to see if the user is in the entity owner's block list
- // or if the entity owner is in the user's filter list
- // if so, disallow access
- $enemies_bit = get_annotation_sql('elgg_block_list', "{$table_prefix_one}owner_guid", $owner, false);
- $enemies_bit = '('
- . $enemies_bit
- . ' AND ' . get_annotation_sql('elgg_filter_list', $owner, "{$table_prefix_one}owner_guid", false)
- . ')';
+ if ($add) {
+ $activity_events[] = $f;
+ }
+ }
+
+ $done[] = $tmp;
}
}
- if (empty($sql)) {
- $sql = " $friends_bit ({$table_prefix_one}access_id IN {$access}
- OR ({$table_prefix_one}owner_guid = {$owner})
- OR (
- {$table_prefix_one}access_id = " . ACCESS_PRIVATE . "
- AND {$table_prefix_one}owner_guid = $owner
- )
- )";
+ $n = 0;
+ foreach ($activity_events as $details) {
+ // Get what we're talking about
+ if ($details['subtype'] == 'default') {
+ $details['subtype'] = '';
+ }
+
+ if (($details['type']) && ($details['event'])) {
+ if ($n > 0) {
+ $obj_query .= " or ";
+ }
+
+ $access = "";
+ if ($details['type']!='relationship') {
+ $access = " and " . get_access_sql_suffix('sl');
+ }
+
+ $obj_query .= "( sl.object_type='{$details['type']}'
+ AND sl.object_subtype='{$details['subtype']}'
+ AND sl.event='{$details['event']}' $access )";
+
+ $n++;
+ }
}
- if ($enemies_bit) {
- $sql = "$enemies_bit AND ($sql)";
+ // User
+ if ((count($owner_guid)) && ($owner_guid[0] != 0)) {
+ $user = " and sl.performed_by_guid in (".implode(',', $owner_guid).")";
+
+ if ($owner_relationship) {
+ $friendsarray = "";
+ if ($friends = elgg_get_entities_from_relationship(array(
+ 'relationship' => $owner_relationship,
+ 'relationship_guid' => $owner_guid[0],
+ 'inverse_relationship' => FALSE,
+ 'types' => 'user',
+ 'subtypes' => $subtype,
+ 'limit' => 9999))
+ ) {
+
+ $friendsarray = array();
+ foreach($friends as $friend) {
+ $friendsarray[] = $friend->getGUID();
+ }
+
+ $user = " and sl.performed_by_guid in (" . implode(',', $friendsarray).")";
+ }
+ }
}
- if (!$ENTITY_SHOW_HIDDEN_OVERRIDE)
- $sql .= " and {$table_prefix_two}enabled='yes'";
- return '('.$sql.')';
-} \ No newline at end of file
+ $query = "SELECT sl.* FROM {$CONFIG->dbprefix}system_log sl
+ WHERE 1 $user AND ($obj_query)
+ ORDER BY sl.time_created desc limit $offset, $limit";
+ return get_data($query);
+}
diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php
index ffea2dcc2..b74b2f524 100644
--- a/engine/lib/sessions.php
+++ b/engine/lib/sessions.php
@@ -460,17 +460,6 @@ function logout() {
}
/**
- * Returns a fingerprint for an elgg session.
- *
- * @return string
- */
-function get_session_fingerprint() {
- global $CONFIG;
-
- return md5($_SERVER['HTTP_USER_AGENT'] . get_site_secret());
-}
-
-/**
* Initialises the system session and potentially logs the user in
*
* This function looks for:
@@ -505,16 +494,6 @@ function session_init($event, $object_type, $object) {
session_name('Elgg');
session_start();
- // Do some sanity checking by generating a fingerprint (makes some XSS attacks harder)
- if (isset($_SESSION['__elgg_fingerprint'])) {
- if ($_SESSION['__elgg_fingerprint'] != get_session_fingerprint()) {
- session_destroy();
- return false;
- }
- } else {
- $_SESSION['__elgg_fingerprint'] = get_session_fingerprint();
- }
-
// Generate a simple token (private from potentially public session id)
if (!isset($_SESSION['__elgg_session'])) {
$_SESSION['__elgg_session'] = md5(microtime().rand());