aboutsummaryrefslogtreecommitdiff
path: root/engine/lib
diff options
context:
space:
mode:
Diffstat (limited to 'engine/lib')
-rw-r--r--engine/lib/annotations.php2
-rw-r--r--engine/lib/configuration.php4
-rw-r--r--engine/lib/elgglib.php15
-rw-r--r--engine/lib/entities.php9
-rw-r--r--engine/lib/input.php2
-rw-r--r--engine/lib/install.php23
-rw-r--r--engine/lib/metadata.php4
-rw-r--r--engine/lib/tags.php301
-rw-r--r--engine/lib/users.php2
9 files changed, 287 insertions, 75 deletions
diff --git a/engine/lib/annotations.php b/engine/lib/annotations.php
index b7dc1b9d3..f1cec6cc9 100644
--- a/engine/lib/annotations.php
+++ b/engine/lib/annotations.php
@@ -623,7 +623,7 @@ function elgg_get_entity_annotation_where_sql($table, $names = NULL, $values = N
}
if (isset($pair['operand'])) {
- $operand = mysql_real_escape_string($pair['operand']);
+ $operand = sanitise_string($pair['operand']);
} else {
$operand = ' = ';
}
diff --git a/engine/lib/configuration.php b/engine/lib/configuration.php
index 100b5ac37..7976f8d8b 100644
--- a/engine/lib/configuration.php
+++ b/engine/lib/configuration.php
@@ -19,7 +19,7 @@
function unset_config($name, $site_guid = 0) {
global $CONFIG;
- $name = mysql_real_escape_string($name);
+ $name = sanitise_string($name);
$site_guid = (int) $site_guid;
if ($site_guid == 0) {
$site_guid = (int) $CONFIG->site_id;
@@ -66,7 +66,7 @@ function get_config($name, $site_guid = 0) {
if (isset($CONFIG->$name)) {
return $CONFIG->$name;
}
- $name = mysql_real_escape_string($name);
+ $name = sanitise_string($name);
$site_guid = (int) $site_guid;
if ($site_guid == 0) {
$site_guid = (int) $CONFIG->site_id;
diff --git a/engine/lib/elgglib.php b/engine/lib/elgglib.php
index fb61b7d10..d7548b955 100644
--- a/engine/lib/elgglib.php
+++ b/engine/lib/elgglib.php
@@ -285,7 +285,7 @@ function elgg_view($view, $vars = array(), $bypass = false, $debug = false, $vie
}
// log warning
- elgg_log($error, 'WARNING');
+ elgg_log($error, 'NOTICE');
}
}
@@ -1372,8 +1372,21 @@ function sanitised() {
$save_vars = get_input('db_install_vars');
$result = "";
if ($save_vars) {
+ $rtn = db_check_settings($save_vars['CONFIG_DBUSER'],
+ $save_vars['CONFIG_DBPASS'],
+ $save_vars['CONFIG_DBNAME'],
+ $save_vars['CONFIG_DBHOST'] );
+ if ($rtn == FALSE) {
+ register_error(elgg_view("messages/sanitisation/dbsettings_error"));
+ register_error(elgg_view("messages/sanitisation/settings",
+ array( 'settings.php' => $result,
+ 'sticky' => $save_vars)));
+ return FALSE;
+ }
+
$result = create_settings($save_vars, dirname(dirname(__FILE__)) . "/settings.example.php");
+
if (file_put_contents(dirname(dirname(__FILE__)) . "/settings.php", $result)) {
// blank result to stop it being displayed in textarea
$result = "";
diff --git a/engine/lib/entities.php b/engine/lib/entities.php
index 17bc0aa1e..fd46b062d 100644
--- a/engine/lib/entities.php
+++ b/engine/lib/entities.php
@@ -1898,9 +1898,14 @@ function elgg_get_entities(array $options = array()) {
function get_entities($type = "", $subtype = "", $owner_guid = 0, $order_by = "", $limit = 10, $offset = 0,
$count = false, $site_guid = 0, $container_guid = null, $timelower = 0, $timeupper = 0) {
elgg_deprecated_notice('get_entities() was deprecated by elgg_get_entities().', 1.7);
+
// rewrite owner_guid to container_guid to emulate old functionality
- $container_guid = $owner_guid;
- $owner_guid = NULL;
+ if ($owner_guid != "") {
+ if (is_null($container_guid)) {
+ $container_guid = $owner_guid;
+ $owner_guid = NULL;
+ }
+ }
$options = array();
if ($type) {
diff --git a/engine/lib/input.php b/engine/lib/input.php
index d6f044c90..e21c909fc 100644
--- a/engine/lib/input.php
+++ b/engine/lib/input.php
@@ -216,7 +216,7 @@ function input_livesearch_page_handler($page) {
exit;
}
- $q = mysql_real_escape_string($q);
+ $q = sanitise_string($q);
// replace mysql vars with escaped strings
$q = str_replace(array('_', '%'), array('\_', '\%'), $q);
diff --git a/engine/lib/install.php b/engine/lib/install.php
index 1b363b950..e2b0c5251 100644
--- a/engine/lib/install.php
+++ b/engine/lib/install.php
@@ -45,6 +45,29 @@ function validate_platform() {
}
/**
+ * Confirm the settings for the database
+ *
+ * @param string $user
+ * @param string $password
+ * @param string $dbname
+ * @param string $host
+ * @return bool
+ */
+function db_check_settings($user, $password, $dbname, $host) {
+ $mysql_dblink = mysql_connect($host, $user, $password, true);
+ if ($mysql_dblink == FALSE) {
+ return $FALSE;
+ }
+
+ $result = mysql_select_db($dbname, $mysql_dblink);
+
+ mysql_close($mysql_dblink);
+
+ return $result;
+}
+
+
+/**
* Returns whether or not the database has been installed
*
* @return true|false Whether the database has been installed
diff --git a/engine/lib/metadata.php b/engine/lib/metadata.php
index 2b5ace7a7..a5e8e22e8 100644
--- a/engine/lib/metadata.php
+++ b/engine/lib/metadata.php
@@ -756,7 +756,7 @@ function elgg_get_entity_metadata_where_sql($table, $names = NULL, $values = NUL
}
if (isset($pair['operand'])) {
- $operand = mysql_real_escape_string($pair['operand']);
+ $operand = sanitise_string($pair['operand']);
} else {
$operand = ' = ';
}
@@ -938,7 +938,7 @@ function list_entities_from_metadata($meta_name, $meta_value = "", $entity_type
'limit' => $limit,
'offset' => $offset,
'count' => TRUE,
- 'case_sensitive' => $case_sensitive
+ 'metadata_case_sensitive' => $case_sensitive
);
$count = elgg_get_entities_from_metadata($options);
diff --git a/engine/lib/tags.php b/engine/lib/tags.php
index c551ba67a..ffc2bebc5 100644
--- a/engine/lib/tags.php
+++ b/engine/lib/tags.php
@@ -69,8 +69,180 @@ function generate_tag_cloud(array $tags, $buckets = 6) {
}
/**
+ * Get popular tags and their frequencies
+ *
+ * Supports similar arguments as elgg_get_entities()
+ *
+ * @since 1.7.1
+ *
+ * @param array $options Array in format:
+ *
+ * threshold => INT minimum tag count
+ *
+ * tag_names => array() metadata tag names - must be registered tags
+ *
+ * limit => INT number of tags to return
+ *
+ * types => NULL|STR entity type (SQL: type = '$type')
+ *
+ * subtypes => NULL|STR entity subtype (SQL: subtype = '$subtype')
+ *
+ * type_subtype_pairs => NULL|ARR (array('type' => 'subtype')) (SQL: type = '$type' AND subtype = '$subtype') pairs
+ *
+ * owner_guids => NULL|INT entity guid
+ *
+ * container_guids => NULL|INT container_guid
+ *
+ * site_guids => NULL (current_site)|INT site_guid
+ *
+ * created_time_lower => NULL|INT Created time lower boundary in epoch time
+ *
+ * created_time_upper => NULL|INT Created time upper boundary in epoch time
+ *
+ * modified_time_lower => NULL|INT Modified time lower boundary in epoch time
+ *
+ * modified_time_upper => NULL|INT Modified time upper boundary in epoch time
+ *
+ * wheres => array() Additional where clauses to AND together
+ *
+ * joins => array() Additional joins
+ *
+ * @return false/array - if no tags or error, false
+ * otherwise, array of objects with ->tag and ->total values
+ */
+function elgg_get_tags(array $options = array()) {
+ global $CONFIG;
+
+ $defaults = array(
+ 'threshold' => 1,
+ 'tag_names' => array(),
+ 'limit' => 10,
+
+ 'types' => ELGG_ENTITIES_ANY_VALUE,
+ 'subtypes' => ELGG_ENTITIES_ANY_VALUE,
+ 'type_subtype_pairs' => ELGG_ENTITIES_ANY_VALUE,
+
+ 'owner_guids' => ELGG_ENTITIES_ANY_VALUE,
+ 'container_guids' => ELGG_ENTITIES_ANY_VALUE,
+ 'site_guids' => $CONFIG->site_guid,
+
+ 'modified_time_lower' => ELGG_ENTITIES_ANY_VALUE,
+ 'modified_time_upper' => ELGG_ENTITIES_ANY_VALUE,
+ 'created_time_lower' => ELGG_ENTITIES_ANY_VALUE,
+ 'created_time_upper' => ELGG_ENTITIES_ANY_VALUE,
+
+ 'joins' => array(),
+ 'wheres' => array(),
+ );
+
+
+ $options = array_merge($defaults, $options);
+
+ $singulars = array('type', 'subtype', 'owner_guid', 'container_guid', 'site_guid');
+ $options = elgg_normalise_plural_options_array($options, $singulars);
+
+
+ $registered_tags = elgg_get_registered_tag_metadata_names();
+
+ if (!is_array($options['tag_names'])) {
+ return false;
+ }
+
+ // empty array so use all registered tag names
+ if (count($options['tag_names']) == 0) {
+ $options['tag_names'] = $registered_tags;
+ }
+
+ $diff = array_diff($options['tag_names'], $registered_tags);
+ if (count($diff) > 0) {
+ elgg_deprecated_notice('Tag metadata names must be registered by elgg_register_tag_metadata_name()', 1.7);
+ // return false;
+ }
+
+
+ $wheres = $options['wheres'];
+
+ // catch for tags that were spaces
+ $wheres[] = "msv.string != ''";
+
+ foreach ($options['tag_names'] as $tag) {
+ $sanitised_tags[] = '"' . sanitise_string($tag) . '"';
+ }
+ $tags_in = implode(',', $sanitised_tags);
+ $wheres[] = "(msn.string IN ($tags_in))";
+
+ $wheres[] = elgg_get_entity_type_subtype_where_sql('e', $options['types'], $options['subtypes'], $options['type_subtype_pairs']);
+ $wheres[] = elgg_get_entity_site_where_sql('e', $options['site_guids']);
+ $wheres[] = elgg_get_entity_owner_where_sql('e', $options['owner_guids']);
+ $wheres[] = elgg_get_entity_container_where_sql('e', $options['container_guids']);
+ $wheres[] = elgg_get_entity_time_where_sql('e', $options['created_time_upper'],
+ $options['created_time_lower'], $options['modified_time_upper'], $options['modified_time_lower']);
+
+ // remove identical where clauses
+ $wheres = array_unique($wheres);
+
+ // see if any functions failed
+ // remove empty strings on successful functions
+ foreach ($wheres as $i => $where) {
+ if ($where === FALSE) {
+ return FALSE;
+ } elseif (empty($where)) {
+ unset($wheres[$i]);
+ }
+ }
+
+
+ $joins = $options['joins'];
+
+ $joins[] = "JOIN {$CONFIG->dbprefix}metadata md on md.entity_guid = e.guid";
+ $joins[] = "JOIN {$CONFIG->dbprefix}metastrings msv on msv.id = md.value_id";
+ $joins[] = "JOIN {$CONFIG->dbprefix}metastrings msn on md.name_id = msn.id";
+
+ // remove identical join clauses
+ $joins = array_unique($joins);
+
+ foreach ($joins as $i => $join) {
+ if ($join === FALSE) {
+ return FALSE;
+ } elseif (empty($join)) {
+ unset($joins[$i]);
+ }
+ }
+
+
+ $query = "SELECT msv.string as tag, count(msv.id) as total ";
+ $query .= "FROM {$CONFIG->dbprefix}entities e ";
+
+ // add joins
+ foreach ($joins as $j) {
+ $query .= " $j ";
+ }
+
+ // add wheres
+ $query .= ' WHERE ';
+
+ foreach ($wheres as $w) {
+ $query .= " $w AND ";
+ }
+
+ // Add access controls
+ $query .= get_access_sql_suffix('e');
+
+ $threshold = sanitise_int($options['threshold']);
+ $query .= " GROUP BY msv.string HAVING total > {$threshold} ";
+ $query .= " ORDER BY total DESC ";
+
+ $limit = sanitise_int($options['limit']);
+ $query .= " LIMIT {$limit} ";
+
+ return get_data($query);
+}
+
+/**
* Get an array of tags with weights for use with the output/tagcloud view.
*
+ * @deprecated 1.7.1 Use elgg_get_tags().
+ *
* @param int $threshold Get the threshold of minimum number of each tags to bother with (ie only show tags where there are more than $threshold occurances)
* @param int $limit Number of tags to return
* @param string $metadata_name Optionally, the name of the field you want to grab for
@@ -84,89 +256,91 @@ function generate_tag_cloud(array $tags, $buckets = 6) {
*/
function get_tags($threshold = 1, $limit = 10, $metadata_name = "", $entity_type = "object", $entity_subtype = "", $owner_guid = "", $site_guid = -1, $start_ts = "", $end_ts = "") {
- global $CONFIG;
- $threshold = (int) $threshold;
- $limit = (int) $limit;
+ elgg_deprecated_notice('get_tags() has been replaced by elgg_get_tags()', 1.7);
- $registered_tags = elgg_get_registered_tag_metadata_names();
- if (!in_array($metadata_name, $registered_tags)) {
- elgg_deprecated_notice('Tag metadata names must be registered by elgg_register_tag_metadata_name()', 1.7);
+ if (is_array($metadata_name)) {
+ return false;
}
- if (!empty($metadata_name)) {
- $metadata_name = (int) get_metastring_id($metadata_name);
- // test if any metadata with that name
- if (!$metadata_name) {
- return false; // no matches so short circuit
- }
+ $options = array();
+ if ($metadata_name === '') {
+ $options['tag_names'] = array();
} else {
- $metadata_name = 0;
- }
- $entity_subtype = get_subtype_id($entity_type, $entity_subtype);
- $entity_type = sanitise_string($entity_type);
-
- if ($owner_guid != "") {
- if (is_array($owner_guid)) {
- foreach($owner_guid as $key => $val) {
- $owner_guid[$key] = (int) $val;
- }
- } else {
- $owner_guid = (int) $owner_guid;
- }
+ $options['tag_names'] = array($metadata_name);
}
- if ($site_guid < 0) {
- $site_guid = $CONFIG->site_id;
- }
+ $options['threshold'] = $threshold;
+ $options['limit'] = $limit;
- $query = "SELECT msvalue.string as tag, count(msvalue.id) as total ";
- $query .= "FROM {$CONFIG->dbprefix}entities e join {$CONFIG->dbprefix}metadata md on md.entity_guid = e.guid ";
- if ($entity_subtype > 0) {
- $query .= " join {$CONFIG->dbprefix}entity_subtypes subtype on subtype.id = e.subtype ";
+ // rewrite owner_guid to container_guid to emulate old functionality
+ $container_guid = $owner_guid;
+ if ($container_guid) {
+ $options['container_guids'] = $container_guid;
}
- $query .= " join {$CONFIG->dbprefix}metastrings msvalue on msvalue.id = md.value_id ";
-
- $query .= " where msvalue.string != '' ";
- if ($metadata_name > 0) {
- $query .= " and md.name_id = {$metadata_name} ";
- }
- if ($site_guid > 0) {
- $query .= " and e.site_guid = {$site_guid} ";
+ if ($entity_type) {
+ $options['type'] = $entity_type;
}
- if ($entity_subtype > 0) {
- $query .= " and e.subtype = {$entity_subtype} ";
+
+ if ($entity_subtype) {
+ $options['subtype'] = $entity_subtype;
}
- if ($entity_type != "") {
- $query .= " and e.type = '{$entity_type}' ";
+
+ if ($site_guid != -1) {
+ $options['site_guids'] = $site_guid;
}
- if (is_array($owner_guid)) {
- $query .= " and e.container_guid in (".implode(",",$owner_guid).")";
- } else if (is_int($owner_guid)) {
- $query .= " and e.container_guid = {$owner_guid} ";
+
+ if ($end_ts) {
+ $options['time_upper'] = $end_ts;
}
+
if ($start_ts) {
- $start_ts = (int)$start_ts;
- $query .= " and e.time_created>=$start_ts";
+ $options['time_lower'] = $start_ts;
}
- if ($end_ts) {
- $end_ts = (int)$end_ts;
- $query .= " and e.time_created<=$end_ts";
- }
+ $r = elgg_get_tags($options);
+ return $r;
+}
- // Add access controls
- $query .= ' and ' . get_access_sql_suffix("e");
+/**
+ * Returns viewable tagcloud
+ *
+ * @since 1.7.1
+ *
+ * @see elgg_get_tags
+ *
+ * @param array $options Any elgg_get_tags() options except:
+ *
+ * type => must be single entity type
+ *
+ * subtype => must be single entity subtype
+ *
+ * @return string
+ *
+ */
+function elgg_view_tagcloud(array $options = array()) {
- $query .= " group by msvalue.string having total > {$threshold} order by total desc limit {$limit} ";
+ $type = $subtype = '';
+ if (isset($options['type'])) {
+ $type = $options['type'];
+ }
+ if (isset($options['subtype'])) {
+ $subtype = $options['subtype'];
+ }
+
+ $tag_data = elgg_get_tags($options);
+ return elgg_view("output/tagcloud",array('value' => $tag_data,
+ 'type' => $type,
+ 'subtype' => $subtype));
- return get_data($query);
}
/**
* Loads and displays a tagcloud given particular criteria.
*
+ * @deprecated 1.7.1 use elgg_view_tagcloud()
+ *
* @param int $threshold Get the threshold of minimum number of each tags to bother with (ie only show tags where there are more than $threshold occurances)
* @param int $limit Number of tags to return
* @param string $metadata_name Optionally, the name of the field you want to grab for
@@ -176,18 +350,15 @@ function get_tags($threshold = 1, $limit = 10, $metadata_name = "", $entity_type
* @param int $site_guid Optionally, the site to restrict to (default is the current site)
* @param int $start_ts Optionally specify a start timestamp for tags used to generate cloud.
* @param int $ent_ts Optionally specify an end timestamp for tags used to generate cloud.
- * @return string THe HTML (or other, depending on view type) of the tagcloud.
+ * @return string The HTML (or other, depending on view type) of the tagcloud.
*/
function display_tagcloud($threshold = 1, $limit = 10, $metadata_name = "", $entity_type = "object", $entity_subtype = "", $owner_guid = "", $site_guid = -1, $start_ts = "", $end_ts = "") {
- $registered_tags = elgg_get_registered_tag_metadata_names();
- if (!in_array($metadata_name, $registered_tags)) {
- elgg_deprecated_notice('Tag metadata names must be registered by elgg_register_tag_metadata_name()', 1.7);
- }
-
+ elgg_deprecated_notice('display_cloud() was deprecated by elgg_view_tagcloud()!', 1.7);
+
return elgg_view("output/tagcloud",array('value' => get_tags($threshold, $limit, $metadata_name, $entity_type, $entity_subtype, $owner_guid, $site_guid, $start_ts, $end_ts),
- 'object' => $entity_type,
+ 'type' => $entity_type,
'subtype' => $entity_subtype));
}
diff --git a/engine/lib/users.php b/engine/lib/users.php
index 46ccd8dc3..45c281d23 100644
--- a/engine/lib/users.php
+++ b/engine/lib/users.php
@@ -1355,7 +1355,7 @@ function register_user($username, $password, $name, $email, $allow_multiple_emai
$username = trim($username);
// no need to trim password.
$password = $password;
- $name = trim($name);
+ $name = trim(strip_tags($name));
$email = trim($email);
// A little sanity checking