aboutsummaryrefslogtreecommitdiff
path: root/engine/lib
diff options
context:
space:
mode:
Diffstat (limited to 'engine/lib')
-rw-r--r--engine/lib/access.php33
-rw-r--r--engine/lib/actions.php15
-rw-r--r--engine/lib/admin.php1
-rw-r--r--engine/lib/annotations.php6
-rw-r--r--engine/lib/elgglib.php7
-rw-r--r--engine/lib/extender.php5
-rw-r--r--engine/lib/languages.php2
-rw-r--r--engine/lib/metadata.php11
-rw-r--r--engine/lib/metastrings.php19
-rw-r--r--engine/lib/plugins.php9
-rw-r--r--engine/lib/river.php8
-rw-r--r--engine/lib/users.php4
-rw-r--r--engine/lib/views.php5
13 files changed, 82 insertions, 43 deletions
diff --git a/engine/lib/access.php b/engine/lib/access.php
index 6be252c6a..e8b3b0d52 100644
--- a/engine/lib/access.php
+++ b/engine/lib/access.php
@@ -31,7 +31,7 @@ function get_access_list($user_id = 0, $site_id = 0, $flush = false) {
global $CONFIG, $init_finished;
static $access_list;
- if (!isset($access_list) || !$init_finished) {
+ if (!isset($access_list)) {
$access_list = array();
}
@@ -49,9 +49,16 @@ function get_access_list($user_id = 0, $site_id = 0, $flush = false) {
return $access_list[$user_id];
}
- $access_list[$user_id] = "(" . implode(",", get_access_array($user_id, $site_id, $flush)) . ")";
+ $access = "(" . implode(",", get_access_array($user_id, $site_id, $flush)) . ")";
- return $access_list[$user_id];
+ // only cache if done with init and access is enabled (unless admin user)
+ // session is loaded before init is finished, so don't need to check for user session
+ if ($init_finished && (elgg_is_admin_logged_in() || !elgg_get_ignore_access())) {
+ $access_list[$user_id] = $access;
+ return $access_list[$user_id];
+ } else {
+ return $access;
+ }
}
/**
@@ -83,7 +90,7 @@ function get_access_array($user_id = 0, $site_id = 0, $flush = false) {
// this cache might be redundant. But db cache is flushed on every db write.
static $access_array;
- if (!isset($access_array) || (!isset($init_finished)) || (!$init_finished)) {
+ if (!isset($access_array)) {
$access_array = array();
}
@@ -137,12 +144,12 @@ function get_access_array($user_id = 0, $site_id = 0, $flush = false) {
$tmp_access_array[] = ACCESS_PRIVATE;
}
- $access_array[$user_id] = $tmp_access_array;
- } else {
- // No user id logged in so we can only access public info
- $tmp_return = $tmp_access_array;
+ // only cache if done with init and access is enabled (unless admin user)
+ // session is loaded before init is finished, so don't need to check for user session
+ if ($init_finished && (elgg_is_admin_logged_in() || !elgg_get_ignore_access())) {
+ $access_array[$user_id] = $tmp_access_array;
+ }
}
-
} else {
$tmp_access_array = $access_array[$user_id];
}
@@ -946,7 +953,8 @@ function elgg_get_access_object() {
*
* @global bool $init_finished
* @access private
- * @todo investigate why this is needed
+ * @todo This is required to tell the access system to start caching because
+ * calls are made while in ignore access mode and before the user is logged in.
*/
$init_finished = false;
@@ -1014,8 +1022,9 @@ function access_test($hook, $type, $value, $params) {
return $value;
}
-// This function will let us know when 'init' has finished
-elgg_register_event_handler('init', 'system', 'access_init', 9999);
+// Tell the access functions the system has booted, plugins are loaded,
+// and the user is logged in so it can start caching
+elgg_register_event_handler('ready', 'system', 'access_init');
// For overrided permissions
elgg_register_plugin_hook_handler('permissions_check', 'all', 'elgg_override_permissions');
diff --git a/engine/lib/actions.php b/engine/lib/actions.php
index c6613e6d6..3a7c02488 100644
--- a/engine/lib/actions.php
+++ b/engine/lib/actions.php
@@ -273,8 +273,19 @@ function validate_action_token($visibleerrors = TRUE, $token = NULL, $ts = NULL)
} else if ($visibleerrors) {
register_error(elgg_echo('actiongatekeeper:tokeninvalid'));
}
- } else if ($visibleerrors) {
- register_error(elgg_echo('actiongatekeeper:missingfields'));
+ } else {
+ if (! empty($_SERVER['CONTENT_LENGTH']) && empty($_POST)) {
+ // The size of $_POST or uploaded file has exceed the size limit
+ $error_msg = elgg_trigger_plugin_hook('action_gatekeeper:upload_exceeded_msg', 'all', array(
+ 'post_size' => $_SERVER['CONTENT_LENGTH'],
+ 'visible_errors' => $visibleerrors,
+ ), elgg_echo('actiongatekeeper:uploadexceeded'));
+ } else {
+ $error_msg = elgg_echo('actiongatekeeper:missingfields');
+ }
+ if ($visibleerrors) {
+ register_error($error_msg);
+ }
}
return FALSE;
diff --git a/engine/lib/admin.php b/engine/lib/admin.php
index 928101fc5..1528d97c5 100644
--- a/engine/lib/admin.php
+++ b/engine/lib/admin.php
@@ -244,6 +244,7 @@ function admin_init() {
elgg_register_action('profile/fields/delete', '', 'admin');
elgg_register_action('profile/fields/reorder', '', 'admin');
+ elgg_register_simplecache_view('css/admin');
elgg_register_simplecache_view('js/admin');
$url = elgg_get_simplecache_url('js', 'admin');
elgg_register_js('elgg.admin', $url);
diff --git a/engine/lib/annotations.php b/engine/lib/annotations.php
index f32dee0f0..2036ccd61 100644
--- a/engine/lib/annotations.php
+++ b/engine/lib/annotations.php
@@ -95,8 +95,6 @@ $owner_guid = 0, $access_id = ACCESS_PRIVATE) {
$entity = get_entity($entity_guid);
if (elgg_trigger_event('annotate', $entity->type, $entity)) {
- system_log($entity, 'annotate');
-
// If ok then add it
$result = insert_data("INSERT into {$CONFIG->dbprefix}annotations
(entity_guid, name_id, value_id, value_type, owner_guid, time_created, access_id) VALUES
@@ -222,7 +220,7 @@ function elgg_delete_annotations(array $options) {
}
$options['metastring_type'] = 'annotations';
- return elgg_batch_metastring_based_objects($options, 'elgg_batch_delete_callback');
+ return elgg_batch_metastring_based_objects($options, 'elgg_batch_delete_callback', false);
}
/**
@@ -240,7 +238,7 @@ function elgg_disable_annotations(array $options) {
}
$options['metastring_type'] = 'annotations';
- return elgg_batch_metastring_based_objects($options, 'elgg_batch_disable_callback');
+ return elgg_batch_metastring_based_objects($options, 'elgg_batch_disable_callback', false);
}
/**
diff --git a/engine/lib/elgglib.php b/engine/lib/elgglib.php
index b55958a6c..db1464bd8 100644
--- a/engine/lib/elgglib.php
+++ b/engine/lib/elgglib.php
@@ -1053,12 +1053,14 @@ function _elgg_php_exception_handler($exception) {
*
* @return true
* @access private
+ * @todo Replace error_log calls with elgg_log calls.
*/
function _elgg_php_error_handler($errno, $errmsg, $filename, $linenum, $vars) {
$error = date("Y-m-d H:i:s (T)") . ": \"$errmsg\" in file $filename (line $linenum)";
switch ($errno) {
case E_USER_ERROR:
+ case E_RECOVERABLE_ERROR: // (e.g. type hint violation)
error_log("PHP ERROR: $error");
register_error("ERROR: $error");
@@ -1092,8 +1094,8 @@ function _elgg_php_error_handler($errno, $errmsg, $filename, $linenum, $vars) {
*
* @note No messages will be displayed unless debugging has been enabled.
*
- * @param str $message User message
- * @param str $level NOTICE | WARNING | ERROR | DEBUG
+ * @param string $message User message
+ * @param string $level NOTICE | WARNING | ERROR | DEBUG
*
* @return bool
* @since 1.7.0
@@ -2137,6 +2139,7 @@ function elgg_init() {
elgg_register_js('jquery.easing', 'vendors/jquery/jquery.easing.1.3.packed.js');
elgg_register_js('elgg.avatar_cropper', 'js/lib/ui.avatar_cropper.js');
elgg_register_js('jquery.imgareaselect', 'vendors/jquery/jquery.imgareaselect-0.9.8/scripts/jquery.imgareaselect.min.js');
+ elgg_register_js('elgg.ui.river', 'js/lib/ui.river.js');
elgg_register_css('jquery.imgareaselect', 'vendors/jquery/jquery.imgareaselect-0.9.8/css/imgareaselect-deprecated.css');
diff --git a/engine/lib/extender.php b/engine/lib/extender.php
index ffd3c1357..43421342c 100644
--- a/engine/lib/extender.php
+++ b/engine/lib/extender.php
@@ -105,6 +105,7 @@ function import_extender_plugin_hook($hook, $entity_type, $returnvalue, $params)
// Save
if (!$entity->save()) {
+ $attr_name = $element->getAttribute('name');
$msg = elgg_echo('ImportException:ProblemUpdatingMeta', array($attr_name, $entity_uuid));
throw new ImportException($msg);
}
@@ -120,7 +121,7 @@ function import_extender_plugin_hook($hook, $entity_type, $returnvalue, $params)
* @param string $type 'metadata' or 'annotation'
* @param int $user_guid The GUID of the user
*
- * @return true|false
+ * @return bool
*/
function can_edit_extender($extender_id, $type, $user_guid = 0) {
if (!elgg_is_logged_in()) {
@@ -155,7 +156,7 @@ function can_edit_extender($extender_id, $type, $user_guid = 0) {
}
// Trigger plugin hooks
- $params = array('entity' => $entity, 'user' => $user);
+ $params = array('entity' => $extender->getEntity(), 'user' => $user);
return elgg_trigger_plugin_hook('permissions_check', $type, $params, false);
}
diff --git a/engine/lib/languages.php b/engine/lib/languages.php
index bf6829a39..7a508d298 100644
--- a/engine/lib/languages.php
+++ b/engine/lib/languages.php
@@ -344,7 +344,7 @@ function get_missing_language_keys($language) {
*/
function elgg_languages_init() {
$lang = get_current_language();
- elgg_register_simplecache_view("cache/js/languages/$lang");
+ elgg_register_simplecache_view("js/languages/$lang");
}
elgg_register_event_handler('init', 'system', 'elgg_languages_init');
diff --git a/engine/lib/metadata.php b/engine/lib/metadata.php
index 34a36d86e..0ff3a43dc 100644
--- a/engine/lib/metadata.php
+++ b/engine/lib/metadata.php
@@ -297,6 +297,8 @@ function elgg_get_metadata(array $options = array()) {
* This requires at least one constraint: metadata_owner_guid(s),
* metadata_name(s), metadata_value(s), or guid(s) must be set.
*
+ * @warning This returns null on no ops.
+ *
* @param array $options An options array. {@see elgg_get_metadata()}
* @return mixed Null if the metadata name is invalid. Bool on success or fail.
* @since 1.8.0
@@ -307,8 +309,7 @@ function elgg_delete_metadata(array $options) {
}
$options['metastring_type'] = 'metadata';
- $result = elgg_batch_metastring_based_objects($options, 'elgg_batch_delete_callback');
- return $result;
+ return elgg_batch_metastring_based_objects($options, 'elgg_batch_delete_callback', false);
}
/**
@@ -316,6 +317,8 @@ function elgg_delete_metadata(array $options) {
*
* @warning Unlike elgg_get_metadata() this will not accept an empty options array!
*
+ * @warning This returns null on no ops.
+ *
* @param array $options An options array. {@See elgg_get_metadata()}
* @return mixed
* @since 1.8.0
@@ -326,7 +329,7 @@ function elgg_disable_metadata(array $options) {
}
$options['metastring_type'] = 'metadata';
- return elgg_batch_metastring_based_objects($options, 'elgg_batch_disable_callback');
+ return elgg_batch_metastring_based_objects($options, 'elgg_batch_disable_callback', false);
}
/**
@@ -334,6 +337,8 @@ function elgg_disable_metadata(array $options) {
*
* @warning Unlike elgg_get_metadata() this will not accept an empty options array!
*
+ * @warning This returns null on no ops.
+ *
* @param array $options An options array. {@See elgg_get_metadata()}
* @return mixed
* @since 1.8.0
diff --git a/engine/lib/metastrings.php b/engine/lib/metastrings.php
index d7cc4e0bc..cf6dd4d98 100644
--- a/engine/lib/metastrings.php
+++ b/engine/lib/metastrings.php
@@ -716,22 +716,23 @@ function elgg_set_metastring_based_object_enabled_by_id($id, $enabled, $type) {
* @warning Unlike elgg_get_metastring_based_objects() this will not accept an
* empty options array!
*
- * @param array $options An options array. {@See elgg_get_metastring_based_objects()}
- * @param string $callback The callback to pass each result through
- * @return mixed
+ * @warning This returns null on no ops.
+ *
+ * @param array $options An options array. {@See elgg_get_metastring_based_objects()}
+ * @param string $callback The callback to pass each result through
+ * @param bool $inc_offset Increment the offset? Pass false for callbacks that delete / disable
+ *
+ * @return bool|null true on success, false on failure, null if no objects are found.
* @since 1.8.0
* @access private
*/
-function elgg_batch_metastring_based_objects(array $options, $callback) {
+function elgg_batch_metastring_based_objects(array $options, $callback, $inc_offset = true) {
if (!$options || !is_array($options)) {
return false;
}
- // @todo restore once ElggBatch supports callbacks that delete rows.
- $batch = new ElggBatch('elgg_get_metastring_based_objects', $options, $callback, 50, false);
- $r = $batch->callbackResult;
-
- return $r;
+ $batch = new ElggBatch('elgg_get_metastring_based_objects', $options, $callback, 50, $inc_offset);
+ return $batch->callbackResult;
}
/**
diff --git a/engine/lib/plugins.php b/engine/lib/plugins.php
index 123fb18d8..39a76db5d 100644
--- a/engine/lib/plugins.php
+++ b/engine/lib/plugins.php
@@ -93,10 +93,13 @@ function elgg_get_plugin_ids_in_dir($dir = null) {
function elgg_generate_plugin_entities() {
$site = get_config('site');
$dir = elgg_get_plugins_path();
+ $db_prefix = elgg_get_config('dbprefix');
$options = array(
'type' => 'object',
'subtype' => 'plugin',
+ 'selects' => array('plugin_oe.*'),
+ 'joins' => array("JOIN {$db_prefix}objects_entity plugin_oe on plugin_oe.guid = e.guid"),
'limit' => ELGG_ENTITIES_NO_VALUE
);
@@ -352,7 +355,11 @@ function elgg_get_plugins($status = 'active', $site_guid = null) {
'type' => 'object',
'subtype' => 'plugin',
'limit' => ELGG_ENTITIES_NO_VALUE,
- 'joins' => array("JOIN {$db_prefix}private_settings ps on ps.entity_guid = e.guid"),
+ 'selects' => array('plugin_oe.*'),
+ 'joins' => array(
+ "JOIN {$db_prefix}private_settings ps on ps.entity_guid = e.guid",
+ "JOIN {$db_prefix}objects_entity plugin_oe on plugin_oe.guid = e.guid"
+ ),
'wheres' => array("ps.name = '$priority'"),
'order_by' => "CAST(ps.value as unsigned), e.guid"
);
diff --git a/engine/lib/river.php b/engine/lib/river.php
index 547d9495e..711832f70 100644
--- a/engine/lib/river.php
+++ b/engine/lib/river.php
@@ -55,7 +55,7 @@ $posted = 0, $annotation_id = 0) {
$posted = sanitise_int($posted);
$annotation_id = sanitise_int($annotation_id);
- $params = array(
+ $values = array(
'type' => $type,
'subtype' => $subtype,
'action_type' => $action_type,
@@ -68,13 +68,13 @@ $posted = 0, $annotation_id = 0) {
);
// return false to stop insert
- $params = elgg_trigger_plugin_hook('creating', 'river', null, $params);
- if ($params == false) {
+ $values = elgg_trigger_plugin_hook('creating', 'river', null, $values);
+ if ($values == false) {
// inserting did not fail - it was just prevented
return true;
}
- extract($params);
+ extract($values);
// Attempt to save river item; return success status
$id = insert_data("insert into {$CONFIG->dbprefix}river " .
diff --git a/engine/lib/users.php b/engine/lib/users.php
index 6a881777e..7d427e743 100644
--- a/engine/lib/users.php
+++ b/engine/lib/users.php
@@ -1551,12 +1551,12 @@ function users_init() {
elgg_register_plugin_hook_handler('register', 'menu:user_hover', 'elgg_user_hover_menu');
elgg_register_action('register', '', 'public');
- elgg_register_action('useradd', '', 'public');
+ elgg_register_action('useradd', '', 'admin');
elgg_register_action('friends/add');
elgg_register_action('friends/remove');
elgg_register_action('avatar/upload');
elgg_register_action('avatar/crop');
- elgg_register_action('avatar/revert');
+ elgg_register_action('avatar/remove');
elgg_register_action('profile/edit');
elgg_register_action('friends/collections/add');
diff --git a/engine/lib/views.php b/engine/lib/views.php
index ca0ce7196..1b013be6f 100644
--- a/engine/lib/views.php
+++ b/engine/lib/views.php
@@ -103,7 +103,10 @@ function elgg_get_viewtype() {
$viewtype = get_input('view', NULL);
if ($viewtype) {
- return $viewtype;
+ // only word characters allowed.
+ if (!preg_match('[\W]', $viewtype)) {
+ return $viewtype;
+ }
}
if (isset($CONFIG->view) && !empty($CONFIG->view)) {