diff options
Diffstat (limited to 'engine')
| -rw-r--r-- | engine/classes/ElggBatch.php | 10 | ||||
| -rw-r--r-- | engine/classes/ElggPlugin.php | 23 | ||||
| -rw-r--r-- | engine/classes/ElggSite.php | 3 | ||||
| -rw-r--r-- | engine/classes/ElggUser.php | 3 | ||||
| -rw-r--r-- | engine/lib/input.php | 5 | ||||
| -rw-r--r-- | engine/lib/navigation.php | 17 | ||||
| -rw-r--r-- | engine/lib/river.php | 8 | ||||
| -rw-r--r-- | engine/lib/users.php | 5 | ||||
| -rw-r--r-- | engine/lib/views.php | 9 |
9 files changed, 54 insertions, 29 deletions
diff --git a/engine/classes/ElggBatch.php b/engine/classes/ElggBatch.php index 49aed800a..62128e34f 100644 --- a/engine/classes/ElggBatch.php +++ b/engine/classes/ElggBatch.php @@ -6,7 +6,7 @@ * This is usually used with elgg_get_entities() and friends, elgg_get_annotations() * and elgg_get_metadata(). * - * If pass a valid PHP callback, all results will be run through that callback. + * If you pass a valid PHP callback, all results will be run through that callback. * You can still foreach() through the result set after. Valid PHP callbacks * can be a string, an array, or a closure. * {@link http://php.net/manual/en/language.pseudo-types.php} @@ -14,10 +14,10 @@ * The callback function must accept 3 arguments: an entity, the getter used, and the options used. * * Results from the callback are stored in callbackResult. - * If the callback returns only booleans callbackResults will be the combined + * If the callback returns only booleans, callbackResults will be the combined * result of all calls. * - * If the callback returns anything else callbackresult will be an indexed array + * If the callback returns anything else, callbackresult will be an indexed array * of whatever the callback returns. If returning error handling information, * you should include enough information to determine which result you're referring * to. @@ -90,7 +90,7 @@ class ElggBatch private $offset = 0; /** - * Stop of this many results. + * Stop after this many results. * * @var unknown_type */ @@ -333,7 +333,7 @@ class ElggBatch $result = current($this->results); } else { - // the function above resets the indexes, so don't only inc if not + // the function above resets the indexes, so only inc if not // getting new set $this->resultIndex++; $result = next($this->results); diff --git a/engine/classes/ElggPlugin.php b/engine/classes/ElggPlugin.php index 95a7362e2..d837431fc 100644 --- a/engine/classes/ElggPlugin.php +++ b/engine/classes/ElggPlugin.php @@ -315,9 +315,9 @@ class ElggPlugin extends ElggObject { return false; } // Hook to validate setting - $value = elgg_trigger_plugin_hook('plugin:setting', 'plugin', array( - 'plugin' => $this->pluginID, - 'plugin_object' => $this, + $value = elgg_trigger_plugin_hook('setting', 'plugin', array( + 'plugin_id' => $this->pluginID, + 'plugin' => $this, 'name' => $name, 'value' => $value ), $value); @@ -454,10 +454,11 @@ class ElggPlugin extends ElggObject { } // Hook to validate setting - // note this doesn't pass the namespaced name! - $value = elgg_trigger_plugin_hook('plugin:usersetting', 'user', array( + // note: this doesn't pass the namespaced name + $value = elgg_trigger_plugin_hook('usersetting', 'plugin', array( 'user' => $user, - 'plugin' => $this->getID(), + 'plugin' => $this, + 'plugin_id' => $this->getID(), 'name' => $name, 'value' => $value ), $value); @@ -700,6 +701,11 @@ class ElggPlugin extends ElggObject { // return false; // } + // include classes + if ($flags & ELGG_PLUGIN_REGISTER_CLASSES) { + $this->registerClasses(); + } + // include start file if ($flags & ELGG_PLUGIN_INCLUDE_START) { $this->includeFile('start.php'); @@ -715,11 +721,6 @@ class ElggPlugin extends ElggObject { $this->registerLanguages(); } - // include classes - if ($flags & ELGG_PLUGIN_REGISTER_CLASSES) { - $this->registerClasses(); - } - return true; } diff --git a/engine/classes/ElggSite.php b/engine/classes/ElggSite.php index e3b8b8f1a..40bfca060 100644 --- a/engine/classes/ElggSite.php +++ b/engine/classes/ElggSite.php @@ -410,8 +410,9 @@ class ElggSite extends ElggEntity { 'register', 'action/register', 'forgotpassword', - 'action/user/requestnewpassword', 'resetpassword', + 'action/user/requestnewpassword', + 'action/user/passwordreset', 'upgrade\.php', 'xml-rpc\.php', 'mt/mt-xmlrpc\.cgi', diff --git a/engine/classes/ElggUser.php b/engine/classes/ElggUser.php index 1af4cdc3a..75ac008f6 100644 --- a/engine/classes/ElggUser.php +++ b/engine/classes/ElggUser.php @@ -484,7 +484,8 @@ class ElggUser extends ElggEntity * @return array|false */ public function getCollections($subtype = "", $limit = 10, $offset = 0) { - return get_user_collections($this->getGUID(), $subtype, $limit, $offset); + elgg_deprecated_notice("ElggUser::getCollections() has been deprecated", 1.8); + return false; } /** diff --git a/engine/lib/input.php b/engine/lib/input.php index 84752bc7d..56ec214dc 100644 --- a/engine/lib/input.php +++ b/engine/lib/input.php @@ -10,8 +10,13 @@ /** * Get some input from variables passed on the GET or POST line. * + * If using any data obtained from get_input() in a web page, please be aware that + * it is a possible vector for a reflected XSS attack. If you are expecting an + * integer, cast it to an int. If it is a string, escape quotes. + * * Note: this function does not handle nested arrays (ex: form input of param[m][n]) * because of the filtering done in htmlawed from the filter_tags call. + * @todo Is this ^ still? * * @param string $variable The variable we want to return. * @param mixed $default A default value for the variable if it is not found. diff --git a/engine/lib/navigation.php b/engine/lib/navigation.php index cdf3d0f67..1305ee3de 100644 --- a/engine/lib/navigation.php +++ b/engine/lib/navigation.php @@ -154,17 +154,20 @@ function elgg_is_menu_item_registered($menu_name, $item_name) { } /** - * Convenience function for registering an add content button to title menu + * Convenience function for registering a button to title menu * - * The add URL must be $handler/add/$guid where $guid is the guid of the page owner. - * The label of the button is "$handler:add" so that must be defined in a + * The URL must be $handler/$name/$guid where $guid is the guid of the page owner. + * The label of the button is "$handler:$name" so that must be defined in a * language file. * + * This is used primarily to support adding an add content button + * * @param string $handler The handler to use or null to autodetect from context + * @param string $name Name of the button * @return void * @since 1.8.0 */ -function elgg_register_add_button($handler = null) { +function elgg_register_title_button($handler = null, $name = 'add') { if (elgg_is_logged_in()) { if (!$handler) { @@ -179,9 +182,9 @@ function elgg_register_add_button($handler = null) { if ($owner && $owner->canWriteToContainer()) { $guid = $owner->getGUID(); elgg_register_menu_item('title', array( - 'name' => 'add', - 'href' => "$handler/add/$guid", - 'text' => elgg_echo("$handler:add"), + 'name' => $name, + 'href' => "$handler/$name/$guid", + 'text' => elgg_echo("$handler:$name"), 'link_class' => 'elgg-button elgg-button-action', )); } diff --git a/engine/lib/river.php b/engine/lib/river.php index 36dde7f05..64ddcfdc1 100644 --- a/engine/lib/river.php +++ b/engine/lib/river.php @@ -185,6 +185,9 @@ function elgg_delete_river(array $options = array()) { $query = "DELETE rv.* FROM {$CONFIG->dbprefix}river rv "; + // remove identical join clauses + $joins = array_unique($options['joins']); + // add joins foreach ($joins as $j) { $query .= " $j "; @@ -469,7 +472,7 @@ function elgg_get_river_type_subtype_where_sql($table, $types, $subtypes, $pairs } if (is_array($wheres) && count($wheres)) { - $wheres = array(implode(' AND ', $wheres)); + $wheres = array(implode(' OR ', $wheres)); } } else { // using type/subtype pairs @@ -589,10 +592,13 @@ function elgg_river_page_handler($page) { elgg_set_page_owner_guid(elgg_get_logged_in_user_guid()); + // make a URL segment available in page handler script $page_type = elgg_extract(0, $page, 'all'); + $page_type = preg_replace('[\W]', '', $page_type); if ($page_type == 'owner') { $page_type = 'mine'; } + set_input('page_type', $page_type); // content filter code here $entity_type = ''; diff --git a/engine/lib/users.php b/engine/lib/users.php index e7e1a57f0..48f10f974 100644 --- a/engine/lib/users.php +++ b/engine/lib/users.php @@ -1383,7 +1383,10 @@ function elgg_profile_fields_setup() { function elgg_avatar_page_handler($page) { global $CONFIG; - set_input('username', $page[1]); + $user = get_user_by_username($page[1]); + if ($user) { + elgg_set_page_owner_guid($user->getGUID()); + } if ($page[0] == 'edit') { require_once("{$CONFIG->path}pages/avatar/edit.php"); diff --git a/engine/lib/views.php b/engine/lib/views.php index dde298c2b..7686a8bef 100644 --- a/engine/lib/views.php +++ b/engine/lib/views.php @@ -309,6 +309,11 @@ function elgg_view_exists($view, $viewtype = '', $recurse = true) { } } + // Now check if the default view exists if the view is registered as a fallback + if ($viewtype != 'default' && elgg_does_viewtype_fallback($viewtype)) { + return elgg_view_exists($view, 'default'); + } + return false; } @@ -1543,8 +1548,8 @@ function elgg_views_boot() { elgg_register_simplecache_view('css/ie6'); elgg_register_simplecache_view('js/elgg'); - elgg_register_js('jquery', '/vendors/jquery/jquery-1.6.1.min.js', 'head', 1); - elgg_register_js('jquery-ui', '/vendors/jquery/jquery-ui-1.8.14.min.js', 'head', 2); + elgg_register_js('jquery', '/vendors/jquery/jquery-1.6.2.min.js', 'head', 1); + elgg_register_js('jquery-ui', '/vendors/jquery/jquery-ui-1.8.16.min.js', 'head', 2); elgg_register_js('jquery.form', '/vendors/jquery/jquery.form.js'); elgg_load_js('jquery'); elgg_load_js('jquery-ui'); |