28 files changed, 220 insertions, 58 deletions
diff --git a/engine/classes/ElggAttributeLoader.php b/engine/classes/ElggAttributeLoader.php
index 0b770da75..ffc80b02d 100644
--- a/engine/classes/ElggAttributeLoader.php
+++ b/engine/classes/ElggAttributeLoader.php
@@ -4,7 +4,7 @@
  * Loads ElggEntity attributes from DB or validates those passed in via constructor
  *
  * @access private
- * 
+ *
  * @package    Elgg.Core
  * @subpackage DataModel
  */
@@ -69,7 +69,7 @@ class ElggAttributeLoader {
 
 	/**
 	 * Constructor
-	 * 
+	 *
 	 * @param string $class             class of object being loaded
 	 * @param string $required_type     entity type this is being used to populate
 	 * @param array  $initialized_attrs attributes after initializeAttributes() has been run
@@ -94,7 +94,7 @@ class ElggAttributeLoader {
 
 	/**
 	 * Get primary attributes missing that are missing
-	 * 
+	 *
 	 * @param stdClass $row Database row
 	 * @return array
 	 */
@@ -104,7 +104,7 @@ class ElggAttributeLoader {
 
 	/**
 	 * Get secondary attributes that are missing
-	 * 
+	 *
 	 * @param stdClass $row Database row
 	 * @return array
 	 */
@@ -114,7 +114,7 @@ class ElggAttributeLoader {
 
 	/**
 	 * Check that the type is correct
-	 * 
+	 *
 	 * @param stdClass $row Database row
 	 * @return void
 	 * @throws InvalidClassException
@@ -216,7 +216,7 @@ class ElggAttributeLoader {
 		// Note: If there are still missing attributes, we're running on a 1.7 or earlier schema. We let
 		// this pass so the upgrades can run.
 
-		// guid needs to be an int  http://trac.elgg.org/ticket/4111
+		// guid needs to be an int  https://github.com/elgg/elgg/issues/4111
 		$row['guid'] = (int) $row['guid'];
 
 		return $row;
diff --git a/engine/classes/ElggEntity.php b/engine/classes/ElggEntity.php
index dd1c7c114..a563f6fad 100644
--- a/engine/classes/ElggEntity.php
+++ b/engine/classes/ElggEntity.php
@@ -24,7 +24,7 @@
  *
  * @package    Elgg.Core
  * @subpackage DataModel.Entities
- * 
+ *
  * @property string $type           object, user, group, or site (read-only after save)
  * @property string $subtype        Further clarifies the nature of the entity (read-only after save)
  * @property int    $guid           The unique identifier for this entity (read only)
@@ -352,8 +352,8 @@ abstract class ElggEntity extends ElggData implements
 					'limit' => 0
 				);
 				// @todo in 1.9 make this return false if can't add metadata
-				// http://trac.elgg.org/ticket/4520
-				// 
+				// https://github.com/elgg/elgg/issues/4520
+				//
 				// need to remove access restrictions right now to delete
 				// because this is the expected behavior
 				$ia = elgg_set_ignore_access(true);
@@ -379,7 +379,7 @@ abstract class ElggEntity extends ElggData implements
 			// unsaved entity. store in temp array
 			// returning single entries instead of an array of 1 element is decided in
 			// getMetaData(), just like pulling from the db.
-			// 
+			//
 			// if overwrite, delete first
 			if (!$multiple || !isset($this->temp_metadata[$name])) {
 				$this->temp_metadata[$name] = array();
@@ -964,7 +964,7 @@ abstract class ElggEntity extends ElggData implements
 	 *
 	 * @tip Can be overridden by registering for the permissions_check:comment,
 	 * <entity type> plugin hook.
-	 * 
+	 *
 	 * @param int $user_guid User guid (default is logged in user)
 	 *
 	 * @return bool
@@ -1365,7 +1365,7 @@ abstract class ElggEntity extends ElggData implements
 				$this->attributes['tables_loaded']++;
 			}
 
-			// guid needs to be an int  http://trac.elgg.org/ticket/4111
+			// guid needs to be an int  https://github.com/elgg/elgg/issues/4111
 			$this->attributes['guid'] = (int)$this->attributes['guid'];
 
 			// Cache object handle
diff --git a/engine/classes/ElggWidget.php b/engine/classes/ElggWidget.php
index c123e5032..66191bf47 100644
--- a/engine/classes/ElggWidget.php
+++ b/engine/classes/ElggWidget.php
@@ -146,10 +146,15 @@ class ElggWidget extends ElggObject {
 			}
 		}
 
+		$bottom_rank = count($widgets);
+		if ($column == $this->column) {
+			$bottom_rank--;
+		}
+		
 		if ($rank == 0) {
 			// top of the column
 			$this->order = reset($widgets)->order - 10;
-		} elseif ($rank == (count($widgets) - 1)) {
+		} elseif ($rank == $bottom_rank) {
 			// bottom of the column of active widgets
 			$this->order = end($widgets)->order + 10;
 		} else {
diff --git a/engine/lib/annotations.php b/engine/lib/annotations.php
index 124e67e0f..5e9b530de 100644
--- a/engine/lib/annotations.php
+++ b/engine/lib/annotations.php
@@ -249,9 +249,13 @@ function elgg_disable_annotations(array $options) {
 	if (!elgg_is_valid_options_for_batch_operation($options, 'annotations')) {
 		return false;
 	}
+	
+	// if we can see hidden (disabled) we need to use the offset
+	// otherwise we risk an infinite loop if there are more than 50
+	$inc_offset = access_get_show_hidden_status();
 
 	$options['metastring_type'] = 'annotations';
-	return elgg_batch_metastring_based_objects($options, 'elgg_batch_disable_callback', false);
+	return elgg_batch_metastring_based_objects($options, 'elgg_batch_disable_callback', $inc_offset);
 }
 
 /**
diff --git a/engine/lib/database.php b/engine/lib/database.php
index 37dfb8f8d..a7949788d 100644
--- a/engine/lib/database.php
+++ b/engine/lib/database.php
@@ -129,7 +129,7 @@ function establish_db_link($dblinkname = "readwrite") {
 	// Set up cache if global not initialized and query cache not turned off
 	if ((!$DB_QUERY_CACHE) && (!$db_cache_off)) {
 		// @todo if we keep this cache in 1.9, expose the size as a config parameter
-		$DB_QUERY_CACHE = new ElggLRUCache(200);		
+		$DB_QUERY_CACHE = new ElggLRUCache(200);
 	}
 }
 
@@ -399,14 +399,14 @@ function elgg_query_runner($query, $callback = null, $single = false) {
 
 	// Since we want to cache results of running the callback, we need to
 	// need to namespace the query with the callback and single result request.
-	// http://trac.elgg.org/ticket/4049
+	// https://github.com/elgg/elgg/issues/4049
 	$hash = (string)$callback . (int)$single . $query;
 
 	// Is cached?
 	if ($DB_QUERY_CACHE) {
 		if (isset($DB_QUERY_CACHE[$hash])) {
 			elgg_log("DB query $query results returned from cache (hash: $hash)", 'NOTICE');
-			return $DB_QUERY_CACHE[$hash];			
+			return $DB_QUERY_CACHE[$hash];
 		}
 	}
 
@@ -524,7 +524,7 @@ function delete_data($query) {
 
 /**
  * Invalidate the query cache
- * 
+ *
  * @access private
  */
 function _elgg_invalidate_query_cache() {
@@ -533,7 +533,7 @@ function _elgg_invalidate_query_cache() {
 		$DB_QUERY_CACHE->clear();
 		elgg_log("Query cache invalidated", 'NOTICE');
 	} elseif ($DB_QUERY_CACHE) {
-		// In case someone sets the cache to an array and primes it with data 
+		// In case someone sets the cache to an array and primes it with data
 		$DB_QUERY_CACHE = array();
 		elgg_log("Query cache invalidated", 'NOTICE');
 	}
@@ -668,7 +668,7 @@ function run_sql_script($scriptlocation) {
 
 /**
  * Format a query string for logging
- * 
+ *
  * @param string $query Query string
  * @return string
  * @access private
diff --git a/engine/lib/elgglib.php b/engine/lib/elgglib.php
index b5ef7e572..34111c69d 100644
--- a/engine/lib/elgglib.php
+++ b/engine/lib/elgglib.php
@@ -746,7 +746,7 @@ function elgg_unregister_event_handler($event, $object_type, $callback) {
  * @tip When referring to events, the preferred syntax is "event, type".
  *
  * @internal Only rarely should events be changed, added, or removed in core.
- * When making changes to events, be sure to first create a ticket in trac.
+ * When making changes to events, be sure to first create a ticket on Github.
  *
  * @internal @tip Think of $object_type as the primary namespace element, and
  * $event as the secondary namespace.
@@ -1350,7 +1350,7 @@ function full_url() {
 		"" : (":" . $_SERVER["SERVER_PORT"]);
 
 	// This is here to prevent XSS in poorly written browsers used by 80% of the population.
-	// {@trac [5813]}
+	// https://github.com/Elgg/Elgg/commit/0c947e80f512cb0a482b1864fd0a6965c8a0cd4a
 	$quotes = array('\'', '"');
 	$encoded = array('%27', '%22');
 
@@ -2249,7 +2249,7 @@ function elgg_api_test($hook, $type, $value, $params) {
  *
  * @warning ACCESS_DEFAULT is a place holder for the input/access view. Do not
  * use it when saving an entity.
- * 
+ *
  * @var int
  */
 define('ACCESS_DEFAULT', -1);
diff --git a/engine/lib/entities.php b/engine/lib/entities.php
index 997db79d2..4fcf1c657 100644
--- a/engine/lib/entities.php
+++ b/engine/lib/entities.php
@@ -791,7 +791,7 @@ function get_entity($guid) {
 
 	if ($shared_cache) {
 		$cached_entity = $shared_cache->load($guid);
-		// @todo store ACLs in memcache http://trac.elgg.org/ticket/3018#comment:3
+		// @todo store ACLs in memcache https://github.com/elgg/elgg/issues/3018#issuecomment-13662617
 		if ($cached_entity) {
 			// @todo use ACL and cached entity access_id to determine if user can see it
 			return $cached_entity;
diff --git a/engine/lib/input.php b/engine/lib/input.php
index 2d9bae4dd..80b0b8766 100644
--- a/engine/lib/input.php
+++ b/engine/lib/input.php
@@ -60,8 +60,8 @@ function get_input($variable, $default = NULL, $filter_result = TRUE) {
  *
  * Note: this function does not handle nested arrays (ex: form input of param[m][n])
  *
- * @param string $variable The name of the variable
- * @param string $value    The value of the variable
+ * @param string          $variable The name of the variable
+ * @param string|string[] $value    The value of the variable
  *
  * @return void
  */
diff --git a/engine/lib/metadata.php b/engine/lib/metadata.php
index d2f8d4cd4..fdb1b85f6 100644
--- a/engine/lib/metadata.php
+++ b/engine/lib/metadata.php
@@ -333,9 +333,13 @@ function elgg_disable_metadata(array $options) {
 	}
 
 	elgg_get_metadata_cache()->invalidateByOptions('disable', $options);
+	
+	// if we can see hidden (disabled) we need to use the offset
+	// otherwise we risk an infinite loop if there are more than 50
+	$inc_offset = access_get_show_hidden_status();
 
 	$options['metastring_type'] = 'metadata';
-	return elgg_batch_metastring_based_objects($options, 'elgg_batch_disable_callback', false);
+	return elgg_batch_metastring_based_objects($options, 'elgg_batch_disable_callback', $inc_offset);
 }
 
 /**
diff --git a/engine/lib/plugins.php b/engine/lib/plugins.php
index 74bce45fd..d5d3db466 100644
--- a/engine/lib/plugins.php
+++ b/engine/lib/plugins.php
@@ -1105,6 +1105,49 @@ function plugins_test($hook, $type, $value, $params) {
 }
 
 /**
+ * Checks on deactivate plugin event if disabling it won't create unmet dependencies and blocks disable in such case.
+ *
+ * @param string $event  deactivate
+ * @param string $type   plugin
+ * @param array  $params Parameters array containing entry with ELggPlugin instance under 'plugin_entity' key
+ * @return bool  false to block plugin deactivation action
+ *
+ * @access private
+ */
+function _plugins_deactivate_dependency_check($event, $type, $params) {
+	$plugin_id = $params['plugin_entity']->getManifest()->getPluginID();
+	$plugin_name = $params['plugin_entity']->getManifest()->getName();
+
+	$active_plugins = elgg_get_plugins();
+
+	$dependents = array();
+	foreach ($active_plugins as $plugin) {
+		$manifest = $plugin->getManifest();
+		$requires = $manifest->getRequires();
+
+		foreach ($requires as $required) {
+			if ($required['type'] == 'plugin' && $required['name'] == $plugin_id) {
+				// there are active dependents
+				$dependents[$manifest->getPluginID()] = $plugin;
+			}
+		}
+	}
+
+	if ($dependents) {
+		$list = '<ul>';
+		// construct error message and prevent disabling
+		foreach ($dependents as $dependent) {
+			$list .= '<li>' . $dependent->getManifest()->getName() . '</li>';
+		}
+		$list .= '</ul>';
+
+		register_error(elgg_echo('ElggPlugin:Dependencies:ActiveDependent', array($plugin_name, $list)));
+
+		return false;
+	}
+}
+
+/**
  * Initialize the plugin system
  * Listens to system init and registers actions
  *
@@ -1115,6 +1158,10 @@ function plugin_init() {
 	run_function_once("plugin_run_once");
 
 	elgg_register_plugin_hook_handler('unit_test', 'system', 'plugins_test');
+	
+	// note - plugins are booted by the time this handler is registered
+	// deactivation due to error may have already occurred
+	elgg_register_event_handler('deactivate', 'plugin', '_plugins_deactivate_dependency_check');
 
 	elgg_register_action("plugins/settings/save", '', 'admin');
 	elgg_register_action("plugins/usersettings/save");
diff --git a/engine/lib/river.php b/engine/lib/river.php
index 4926a85c4..e92040eb7 100644
--- a/engine/lib/river.php
+++ b/engine/lib/river.php
@@ -120,7 +120,7 @@ $posted = 0, $annotation_id = 0) {
  *   subtypes             => STR|ARR Entity subtype string(s)
  *   type_subtype_pairs   => ARR     Array of type => subtype pairs where subtype
  *                                   can be an array of subtype strings
- * 
+ *
  *   posted_time_lower    => INT     The lower bound on the time posted
  *   posted_time_upper    => INT     The upper bound on the time posted
  *
@@ -434,8 +434,13 @@ function elgg_list_river(array $options = array()) {
 		'pagination' => TRUE,
 		'list_class' => 'elgg-list-river elgg-river', // @todo remove elgg-river in Elgg 1.9
 	);
-
+	
 	$options = array_merge($defaults, $options);
+	
+	if (!$options["limit"] && !$options["offset"]) {
+		// no need for pagination if listing is unlimited
+		$options["pagination"] = false;
+	}
 
 	$options['count'] = TRUE;
 	$count = elgg_get_river($options);
@@ -445,6 +450,7 @@ function elgg_list_river(array $options = array()) {
 
 	$options['count'] = $count;
 	$options['items'] = $items;
+	
 	return elgg_view('page/components/list', $options);
 }
 
diff --git a/engine/lib/upgrade.php b/engine/lib/upgrade.php
index 0cc1e64dc..158ec9ec1 100644
--- a/engine/lib/upgrade.php
+++ b/engine/lib/upgrade.php
@@ -245,7 +245,7 @@ function version_upgrade() {
 
 	// No version number? Oh snap...this is an upgrade from a clean installation < 1.7.
 	// Run all upgrades without error reporting and hope for the best.
-	// See http://trac.elgg.org/elgg/ticket/1432 for more.
+	// See https://github.com/elgg/elgg/issues/1432 for more.
 	$quiet = !$dbversion;
 
 	// Note: Database upgrades are deprecated as of 1.8.  Use code upgrades.  See #1433
diff --git a/engine/lib/upgrades/2010033101.php b/engine/lib/upgrades/2010033101.php
index 0bffee001..4779295fd 100644
--- a/engine/lib/upgrades/2010033101.php
+++ b/engine/lib/upgrades/2010033101.php
@@ -1,7 +1,7 @@
 <?php
 
 /**
- * Conditional upgrade for UTF8 as described in http://trac.elgg.org/ticket/1928
+ * Conditional upgrade for UTF8 as described in https://github.com/elgg/elgg/issues/1928
  */
 
 // get_version() returns the code version.
diff --git a/engine/lib/upgrades/2012041801-1.8.3-multiple_user_tokens-852225f7fd89f6c5.php b/engine/lib/upgrades/2012041801-1.8.3-multiple_user_tokens-852225f7fd89f6c5.php
index 07732f261..780038c32 100644
--- a/engine/lib/upgrades/2012041801-1.8.3-multiple_user_tokens-852225f7fd89f6c5.php
+++ b/engine/lib/upgrades/2012041801-1.8.3-multiple_user_tokens-852225f7fd89f6c5.php
@@ -3,7 +3,7 @@
  * Elgg 1.8.3 upgrade 2012041801
  * multiple_user_tokens
  *
- * Fixes http://trac.elgg.org/ticket/4291
+ * Fixes https://github.com/elgg/elgg/issues/4291
  * Removes the unique index on users_apisessions for user_guid and site_guid
  */
 
diff --git a/engine/lib/upgrades/2013052900-1.8.15-ipv6_in_syslog-f5c2cc0196e9e731.php b/engine/lib/upgrades/2013052900-1.8.15-ipv6_in_syslog-f5c2cc0196e9e731.php
new file mode 100644
index 000000000..d333a6cd2
--- /dev/null
+++ b/engine/lib/upgrades/2013052900-1.8.15-ipv6_in_syslog-f5c2cc0196e9e731.php
@@ -0,0 +1,12 @@
+<?php
+/**
+ * Elgg 1.8.15 upgrade 2013052900
+ * ipv6_in_syslog
+ *
+ * Upgrade the ip column in system_log to be able to store ipv6 addresses
+ */
+
+$db_prefix = elgg_get_config('dbprefix');
+$q = "ALTER TABLE {$db_prefix}system_log MODIFY COLUMN ip_address varchar(46) NOT NULL";
+
+update_data($q);
+\ No newline at end of file
diff --git a/engine/lib/users.php b/engine/lib/users.php
index 9a5194896..a8fb9121c 100644
--- a/engine/lib/users.php
+++ b/engine/lib/users.php
@@ -553,6 +553,11 @@ function get_user($guid) {
 function get_user_by_username($username) {
 	global $CONFIG, $USERNAME_TO_GUID_MAP_CACHE;
 
+	// Fixes #6052. Username is frequently sniffed from the path info, which,
+	// unlike $_GET, is not URL decoded. If the username was not URL encoded,
+	// this is harmless.
+	$username = rawurldecode($username);
+
 	$username = sanitise_string($username);
 	$access = get_access_sql_suffix('e');
 
@@ -1091,6 +1096,7 @@ function friends_page_handler($segments, $handler) {
  * @access private
  */
 function collections_page_handler($page_elements) {
+	gatekeeper();
 	elgg_set_context('friends');
 	$base = elgg_get_config('path');
 	if (isset($page_elements[0])) {
diff --git a/engine/lib/views.php b/engine/lib/views.php
index 65ba20204..fff3581cf 100644
--- a/engine/lib/views.php
+++ b/engine/lib/views.php
@@ -218,7 +218,7 @@ function elgg_register_ajax_view($view) {
 
 /**
  * Unregister a view for ajax calls
- * 
+ *
  * @param string $view The view name
  * @return void
  * @since 1.8.3
@@ -369,7 +369,7 @@ function elgg_view_exists($view, $viewtype = '', $recurse = true) {
  * view, $view_name plugin hook.
  *
  * @warning Any variables in $_SESSION will override passed vars
- * upon name collision.  See {@trac #2124}.
+ * upon name collision.  See https://github.com/Elgg/Elgg/issues/2124
  *
  * @param string  $view     The name and location of the view to use
  * @param array   $vars     Variables to pass to the view.
@@ -795,7 +795,7 @@ function elgg_view_menu($menu_name, array $vars = array()) {
  *  - bool 'full_view' Whether to show a full or condensed view.
  *
  * @tip This function can automatically appends annotations to entities if in full
- * view and a handler is registered for the entity:annotate.  See {@trac 964} and
+ * view and a handler is registered for the entity:annotate.  See https://github.com/Elgg/Elgg/issues/964 and
  * {@link elgg_view_entity_annotations()}.
  *
  * @param ElggEntity $entity The entity to display
@@ -992,6 +992,11 @@ function elgg_view_annotation(ElggAnnotation $annotation, array $vars = array(),
 function elgg_view_entity_list($entities, $vars = array(), $offset = 0, $limit = 10, $full_view = true,
 $list_type_toggle = true, $pagination = true) {
 
+	if (!$vars["limit"] && !$vars["offset"]) {
+		// no need for pagination if listing is unlimited
+		$vars["pagination"] = false;
+	}
+		
 	if (!is_int($offset)) {
 		$offset = (int)get_input('offset', 0);
 	}
@@ -1064,8 +1069,13 @@ function elgg_view_annotation_list($annotations, array $vars = array()) {
 		'full_view' => true,
 		'offset_key' => 'annoff',
 	);
-
+	
 	$vars = array_merge($defaults, $vars);
+	
+	if (!$vars["limit"] && !$vars["offset"]) {
+		// no need for pagination if listing is unlimited
+		$vars["pagination"] = false;
+	}
 
 	return elgg_view('page/components/list', $vars);
 }
@@ -1239,7 +1249,7 @@ function elgg_view_river_item($item, array $vars = array()) {
 
 	// @todo this needs to be cleaned up
 	// Don't hide objects in closed groups that a user can see.
-	// see http://trac.elgg.org/ticket/4789
+	// see https://github.com/elgg/elgg/issues/4789
 	//	else {
 	//		// hide based on object's container
 	//		$visibility = ElggGroupItemVisibility::factory($object->container_guid);
@@ -1334,12 +1344,12 @@ function elgg_view_list_item($item, array $vars = array()) {
 
 /**
  * View one of the elgg sprite icons
- * 
+ *
  * Shorthand for <span class="elgg-icon elgg-icon-$name"></span>
- * 
+ *
  * @param string $name  The specific icon to display
  * @param string $class Additional class: float, float-alt, or custom class
- * 
+ *
  * @return string The html for displaying an icon
  */
 function elgg_view_icon($name, $class = '') {
diff --git a/engine/lib/web_services.php b/engine/lib/web_services.php
index b440e3afb..51cad6f39 100644
--- a/engine/lib/web_services.php
+++ b/engine/lib/web_services.php
@@ -1166,6 +1166,17 @@ function list_all_apis() {
  * @access private
  */
 function auth_gettoken($username, $password) {
+	// check if username is an email address
+	if (is_email_address($username)) {
+		$users = get_user_by_email($username);
+			
+		// check if we have a unique user
+		if (is_array($users) && (count($users) == 1)) {
+			$username = $users[0]->username;
+		}
+	}
+	
+	// validate username and password
 	if (true === elgg_authenticate($username, $password)) {
 		$token = create_user_token($username);
 		if ($token) {
@@ -1195,7 +1206,7 @@ $ERRORS = array();
  *
  * @return void
  * @access private
- * 
+ *
  * @throws Exception
  */
 function _php_api_error_handler($errno, $errmsg, $filename, $linenum, $vars) {
diff --git a/engine/schema/mysql.sql b/engine/schema/mysql.sql
index 6c6e9db89..4714b71bb 100644
--- a/engine/schema/mysql.sql
+++ b/engine/schema/mysql.sql
@@ -361,7 +361,7 @@ CREATE TABLE `prefix_system_log` (
   `access_id` int(11) NOT NULL,
   `enabled` enum('yes','no') NOT NULL DEFAULT 'yes',
   `time_created` int(11) NOT NULL,
-  `ip_address` varchar(15) NOT NULL,
+  `ip_address` varchar(46) NOT NULL,
   PRIMARY KEY (`id`),
   KEY `object_id` (`object_id`),
   KEY `object_class` (`object_class`),
diff --git a/engine/tests/api/entity_getter_functions.php b/engine/tests/api/entity_getter_functions.php
index 0492b1fb0..fef9dc0c5 100644
--- a/engine/tests/api/entity_getter_functions.php
+++ b/engine/tests/api/entity_getter_functions.php
@@ -426,7 +426,7 @@ class ElggCoreEntityGetterFunctionsTest extends ElggCoreUnitTest {
 
 		$options = array(
 			'types' => $types,
-			'subtype' => $subtype
+			'subtypes' => $subtype
 		);
 
 		$es = elgg_get_entities($options);
diff --git a/engine/tests/api/helpers.php b/engine/tests/api/helpers.php
index 10216140f..414fb4145 100644
--- a/engine/tests/api/helpers.php
+++ b/engine/tests/api/helpers.php
@@ -519,7 +519,7 @@ class ElggCoreHelpersTest extends ElggCoreUnitTest {
 		$this->assertIdentical($elements_sorted_string, $test_elements);
 	}
 
-	// see http://trac.elgg.org/ticket/4288
+	// see https://github.com/elgg/elgg/issues/4288
 	public function testElggBatchIncOffset() {
 		// normal increment
 		$options = array(
diff --git a/engine/tests/api/metadata.php b/engine/tests/api/metadata.php
index 0862341c1..d23510c6a 100644
--- a/engine/tests/api/metadata.php
+++ b/engine/tests/api/metadata.php
@@ -139,7 +139,7 @@ class ElggCoreMetadataAPITest extends ElggCoreUnitTest {
 
 	// Make sure metadata with multiple values is correctly deleted when re-written
 	// by another user
-	// http://trac.elgg.org/ticket/2776
+	// https://github.com/elgg/elgg/issues/2776
 	public function test_elgg_metadata_multiple_values() {
 		$u1 = new ElggUser();
 		$u1->username = rand();
diff --git a/engine/tests/api/plugins.php b/engine/tests/api/plugins.php
index 114f3991b..d0f111c48 100644
--- a/engine/tests/api/plugins.php
+++ b/engine/tests/api/plugins.php
@@ -69,7 +69,7 @@ class ElggCorePluginsAPITest extends ElggCoreUnitTest {
 			'description' => 'A longer, more interesting description.',
 			'website' => 'http://www.elgg.org/',
 			'repository' => 'https://github.com/Elgg/Elgg',
-			'bugtracker' => 'http://trac.elgg.org',
+			'bugtracker' => 'https://github.com/elgg/elgg/issues',
 			'donations' => 'http://elgg.org/supporter.php',
 			'copyright' => '(C) Elgg Foundation 2011',
 			'license' => 'GNU General Public License version 2',
@@ -174,7 +174,7 @@ class ElggCorePluginsAPITest extends ElggCoreUnitTest {
 	}
 	
 		public function testElggPluginManifestGetBugtracker() {
-		$this->assertEqual($this->manifest18->getBugTrackerURL(), 'http://trac.elgg.org');
+		$this->assertEqual($this->manifest18->getBugTrackerURL(), 'https://github.com/elgg/elgg/issues');
 		$this->assertEqual($this->manifest17->getBugTrackerURL(), '');
 	}
 	
diff --git a/engine/tests/objects/entities.php b/engine/tests/objects/entities.php
index 248b85c9e..bac72079e 100644
--- a/engine/tests/objects/entities.php
+++ b/engine/tests/objects/entities.php
@@ -271,7 +271,7 @@ class ElggCoreEntityTest extends ElggCoreUnitTest {
 		$this->save_entity();
 
 		// test deleting incorrectly
-		// @link http://trac.elgg.org/ticket/2273
+		// @link https://github.com/elgg/elgg/issues/2273
 		$this->assertNull($this->entity->deleteMetadata('impotent'));
 		$this->assertEqual($this->entity->important, 'indeed!');
 
diff --git a/engine/tests/objects/objects.php b/engine/tests/objects/objects.php
index 915594e0a..263ab2414 100644
--- a/engine/tests/objects/objects.php
+++ b/engine/tests/objects/objects.php
@@ -194,7 +194,7 @@ class ElggCoreObjectTest extends ElggCoreUnitTest {
 		$old = elgg_set_ignore_access(true);
 	}
 
-	// see http://trac.elgg.org/ticket/1196
+	// see https://github.com/elgg/elgg/issues/1196
 	public function testElggEntityRecursiveDisableWhenLoggedOut() {
 		$e1 = new ElggObject();
 		$e1->access_id = ACCESS_PUBLIC;
diff --git a/engine/tests/objects/users.php b/engine/tests/objects/users.php
index dc9129326..8a1033ac4 100644
--- a/engine/tests/objects/users.php
+++ b/engine/tests/objects/users.php
@@ -145,7 +145,7 @@ class ElggCoreUserTest extends ElggCoreUnitTest {
 	}
 
 	public function testElggUserNameCache() {
-		// Trac #1305
+		// issue https://github.com/elgg/elgg/issues/1305
 
 		// very unlikely a user would have this username
 		$name = (string)time();
@@ -159,6 +159,22 @@ class ElggCoreUserTest extends ElggCoreUnitTest {
 		$this->assertFalse($user);
 	}
 
+	public function testGetUserByUsernameAcceptsUrlEncoded() {
+		$username = (string)time();
+		$this->user->username = $username;
+		$guid = $this->user->save();
+
+		// percent encode first letter
+		$first_letter = $username[0];
+		$first_letter = str_pad('%' . dechex(ord($first_letter)), 2, '0', STR_PAD_LEFT);
+		$username =   $first_letter . substr($username, 1);
+
+		$user = get_user_by_username($username);
+		$this->assertTrue((bool) $user);
+		$this->assertEqual($guid, $user->guid);
+
+		$this->user->delete();
+	}
 
 	public function testElggUserMakeAdmin() {
 		global $CONFIG;
diff --git a/engine/tests/regression/trac_bugs.php b/engine/tests/regression/trac_bugs.php
index f173b5b9f..ef1348cf6 100644
--- a/engine/tests/regression/trac_bugs.php
+++ b/engine/tests/regression/trac_bugs.php
@@ -1,7 +1,7 @@
 <?php
 /**
- * Elgg Regression Tests -- Trac Bugfixes
- * Any bugfixes from Trac that require testing belong here.
+ * Elgg Regression Tests -- GitHub Bugfixes
+ * Any bugfixes from GitHub that require testing belong here.
  *
  * @package Elgg
  * @subpackage Test
@@ -201,8 +201,8 @@ class ElggCoreRegressionBugsTest extends ElggCoreUnitTest {
 	}
 
 	/**
-	 * http://trac.elgg.org/ticket/3210 - Don't remove -s in friendly titles
-	 * http://trac.elgg.org/ticket/2276 - improve char encoding
+	 * https://github.com/elgg/elgg/issues/3210 - Don't remove -s in friendly titles
+	 * https://github.com/elgg/elgg/issues/2276 - improve char encoding
 	 */
 	public function test_friendly_title() {
 		$cases = array(
@@ -216,7 +216,7 @@ class ElggCoreRegressionBugsTest extends ElggCoreUnitTest {
 			=> "a-a-a-a-a-a-aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
 			
 			// separators trimmed
-			"-_ hello _-" 
+			"-_ hello _-"
 			=> "hello",
 
 			// accents removed, lower case, other multibyte chars are URL encoded
@@ -286,7 +286,7 @@ class ElggCoreRegressionBugsTest extends ElggCoreUnitTest {
 			'web archive anchor <a href="http://web.archive.org/web/20000229040250/http://www.google.com/">google</a>' =>
 				'web archive anchor <a href="http://web.archive.org/web/20000229040250/http://www.google.com/">google</a>',
 
-			'single quotes already anchor <a href=\'http://www.yahoo.com\'>yahoo</a>' => 
+			'single quotes already anchor <a href=\'http://www.yahoo.com\'>yahoo</a>' =>
 				'single quotes already anchor <a href=\'http://www.yahoo.com\'>yahoo</a>',
 
 			'unquoted already anchor <a href=http://www.yahoo.com>yahoo</a>' =>
@@ -302,7 +302,7 @@ class ElggCoreRegressionBugsTest extends ElggCoreUnitTest {
 	
 	/**
 	 * Ensure additional select columns do not end up in entity attributes.
-	 * 
+	 *
 	 * https://github.com/Elgg/Elgg/issues/5538
 	 */
 	public function test_extra_columns_dont_appear_in_attributes() {
@@ -332,4 +332,45 @@ class ElggCoreRegressionBugsTest extends ElggCoreUnitTest {
 		
 		$group->delete();
 	}
+
+	/**
+	 * Ensure that ElggBatch doesn't go into infinite loop when disabling annotations recursively when show hidden is enabled.
+	 *
+	 * https://github.com/Elgg/Elgg/issues/5952
+	 */
+	public function test_disabling_annotations_infinite_loop() {
+
+		//let's have some entity
+		$group = new ElggGroup();
+		$group->name = 'test_group';
+		$group->access_id = ACCESS_PUBLIC;
+		$this->assertTrue($group->save() !== false);
+
+		$total = 51;
+		//add some annotations
+		for ($cnt = 0; $cnt < $total; $cnt++) {
+			$group->annotate('test_annotation', 'value_' . $total);
+		}
+
+		//disable them
+		$show_hidden = access_get_show_hidden_status();
+		access_show_hidden_entities(true);
+		$options = array(
+			'guid' => $group->guid,
+			'limit' => $total, //using strict limit to avoid real infinite loop and just see ElggBatch limiting on it before finishing the work
+		);
+		elgg_disable_annotations($options);
+		access_show_hidden_entities($show_hidden);
+
+		//confirm all being disabled
+		$annotations = $group->getAnnotations(array(
+			'limit' => $total,
+		));
+		foreach ($annotations as $annotation) {
+			$this->assertTrue($annotation->enabled == 'no');
+		}
+
+		//delete group and annotations
+		$group->delete();
+	}
 }
diff --git a/engine/tests/test_files/plugin_18/manifest.xml b/engine/tests/test_files/plugin_18/manifest.xml
index 5d788616a..c8b407511 100644
--- a/engine/tests/test_files/plugin_18/manifest.xml
+++ b/engine/tests/test_files/plugin_18/manifest.xml
@@ -7,7 +7,7 @@
 	<description>A longer, more interesting description.</description>
 	<website>http://www.elgg.org/</website>
 	<repository>https://github.com/Elgg/Elgg</repository>
-	<bugtracker>http://trac.elgg.org</bugtracker>
+	<bugtracker>https://github.com/elgg/elgg/issues</bugtracker>
 	<donations>http://elgg.org/supporter.php</donations>
 	<copyright>(C) Elgg Foundation 2011</copyright>
 	<license>GNU General Public License version 2</license>