diff options
Diffstat (limited to 'engine')
-rw-r--r-- | engine/lib/actions.php | 10 | ||||
-rw-r--r-- | engine/lib/activity.php | 169 | ||||
-rw-r--r-- | engine/lib/api.php | 11 | ||||
-rw-r--r-- | engine/lib/elgglib.php | 73 | ||||
-rw-r--r-- | engine/lib/entities.php | 4 | ||||
-rw-r--r-- | engine/lib/input.php | 96 | ||||
-rw-r--r-- | engine/lib/output.php | 150 | ||||
-rw-r--r-- | engine/lib/pagehandler.php | 15 | ||||
-rw-r--r-- | engine/lib/river.php (renamed from engine/lib/river2.php) | 381 | ||||
-rw-r--r-- | engine/lib/sessions.php | 21 | ||||
-rw-r--r-- | engine/start.php | 22 |
11 files changed, 368 insertions, 584 deletions
diff --git a/engine/lib/actions.php b/engine/lib/actions.php index 66c2d9505..57da1389f 100644 --- a/engine/lib/actions.php +++ b/engine/lib/actions.php @@ -21,9 +21,6 @@ function action($action, $forwarder = "") { global $CONFIG; - // set GET params - elgg_set_input_from_uri(); - // @todo REMOVE THESE ONCE #1509 IS IN PLACE. // Allow users to disable plugins without a token in order to // remove plugins that are imcompatible. @@ -72,6 +69,8 @@ function action($action, $forwarder = "") { } else { register_error(elgg_echo('actionloggedout')); } + } else { + register_error(elgg_echo('actionunauthorized')); } } else { register_error(sprintf(elgg_echo('actionundefined'),$action)); @@ -197,14 +196,11 @@ function generate_action_token($timestamp) { // Current session id $session_id = session_id(); - // Get user agent - $ua = $_SERVER['HTTP_USER_AGENT']; - // Session token $st = $_SESSION['__elgg_session']; if (($site_secret) && ($session_id)) { - return md5($site_secret.$timestamp.$session_id.$ua.$st); + return md5($site_secret.$timestamp.$session_id.$st); } return FALSE; diff --git a/engine/lib/activity.php b/engine/lib/activity.php deleted file mode 100644 index 51b083531..000000000 --- a/engine/lib/activity.php +++ /dev/null @@ -1,169 +0,0 @@ -<?php -/** - * Elgg activity stream. - * Functions for listening for and generating the rich activity stream from the - * system log. - * - * @package Elgg - * @subpackage Core - * @author Curverider Ltd - * @link http://elgg.org/ - */ - -/** - * Construct and execute the query required for the activity stream. - * - * @param int $limit Limit the query. - * @param int $offset Execute from the given object - * @param mixed $type A type, or array of types to look for. Note: This is how they appear in the SYSTEM LOG. - * @param mixed $subtype A subtype, or array of types to look for. Note: This is how they appear in the SYSTEM LOG. - * @param mixed $owner_guid The guid or a collection of GUIDs - * @param string $owner_relationship If defined, the relationship between $owner_guid and the entity owner_guid - so "is $owner_guid $owner_relationship with $entity->owner_guid" - * @return array An array of system log entries. - */ -function get_activity_stream_data($limit = 10, $offset = 0, $type = "", $subtype = "", $owner_guid = "", $owner_relationship = "") { - global $CONFIG; - - $limit = (int)$limit; - $offset = (int)$offset; - - if ($type) { - if (!is_array($type)) { - $type = array(sanitise_string($type)); - } else { - foreach ($type as $k => $v) { - $type[$k] = sanitise_string($v); - } - } - } - - if ($subtype) { - if (!is_array($subtype)) { - $subtype = array(sanitise_string($subtype)); - } else { - foreach ($subtype as $k => $v) { - $subtype[$k] = sanitise_string($v); - } - } - } - - if ($owner_guid) { - if (is_array($owner_guid)) { - foreach ($owner_guid as $k => $v) { - $owner_guid[$k] = (int)$v; - } - } else { - $owner_guid = array((int)$owner_guid); - } - } - - $owner_relationship = sanitise_string($owner_relationship); - - // Get a list of possible views - $activity_events= array(); - $activity_views = array_merge(elgg_view_tree('activity', 'default'), elgg_view_tree('river', 'default')); // Join activity with river - - $done = array(); - - foreach ($activity_views as $view) { - $fragments = explode('/', $view); - $tmp = explode('/',$view, 2); - $tmp = $tmp[1]; - - if ((isset($fragments[0])) && (($fragments[0] == 'river') || ($fragments[0] == 'activity')) - && (!in_array($tmp, $done))) { - - if (isset($fragments[1])) { - $f = array(); - for ($n = 1; $n < count($fragments); $n++) { - $val = sanitise_string($fragments[$n]); - switch($n) { - case 1: $key = 'type'; break; - case 2: $key = 'subtype'; break; - case 3: $key = 'event'; break; - } - $f[$key] = $val; - } - - // Filter result based on parameters - $add = true; - if ($type) { - if (!in_array($f['type'], $type)) { - $add = false; - } - } - if (($add) && ($subtype)) { - if (!in_array($f['subtype'], $subtype)) { - $add = false; - } - } - if (($add) && ($event)) { - if (!in_array($f['event'], $event)) { - $add = false; - } - } - - if ($add) { - $activity_events[] = $f; - } - } - - $done[] = $tmp; - } - } - - $n = 0; - foreach ($activity_events as $details) { - // Get what we're talking about - if ($details['subtype'] == 'default') { - $details['subtype'] = ''; - } - - if (($details['type']) && ($details['event'])) { - if ($n > 0) { - $obj_query .= " or "; - } - - $access = ""; - if ($details['type']!='relationship') { - $access = " and " . get_access_sql_suffix('sl'); - } - - $obj_query .= "( sl.object_type='{$details['type']}' - AND sl.object_subtype='{$details['subtype']}' - AND sl.event='{$details['event']}' $access )"; - - $n++; - } - } - - // User - if ((count($owner_guid)) && ($owner_guid[0] != 0)) { - $user = " and sl.performed_by_guid in (".implode(',', $owner_guid).")"; - - if ($owner_relationship) { - $friendsarray = ""; - if ($friends = elgg_get_entities_from_relationship(array( - 'relationship' => $owner_relationship, - 'relationship_guid' => $owner_guid[0], - 'inverse_relationship' => FALSE, - 'types' => 'user', - 'subtypes' => $subtype, - 'limit' => 9999)) - ) { - - $friendsarray = array(); - foreach($friends as $friend) { - $friendsarray[] = $friend->getGUID(); - } - - $user = " and sl.performed_by_guid in (" . implode(',', $friendsarray).")"; - } - } - } - - $query = "SELECT sl.* FROM {$CONFIG->dbprefix}system_log sl - WHERE 1 $user AND ($obj_query) - ORDER BY sl.time_created desc limit $offset, $limit"; - return get_data($query); -} diff --git a/engine/lib/api.php b/engine/lib/api.php index 6707a7418..0da0c82f0 100644 --- a/engine/lib/api.php +++ b/engine/lib/api.php @@ -1438,17 +1438,6 @@ function __php_api_exception_handler($exception) { function service_handler($handler, $request) { global $CONFIG; - // setup the input parameters since this comes through rewrite rule - $query = substr($_SERVER['REQUEST_URI'], strpos($_SERVER['REQUEST_URI'], '?')+1); - if (isset($query)) { - $query_arr = elgg_parse_str($query); - if (is_array($query_arr)) { - foreach($query_arr as $name => $val) { - set_input($name, $val); - } - } - } - set_context('api'); $request = explode('/',$request); diff --git a/engine/lib/elgglib.php b/engine/lib/elgglib.php index fd99cee0b..eac75403f 100644 --- a/engine/lib/elgglib.php +++ b/engine/lib/elgglib.php @@ -476,11 +476,10 @@ function elgg_view_regenerate_simplecache() { function elgg_view_enable_simplecache() { global $CONFIG; - if(!$CONFIG->simplecache_enabled) { - datalist_set('simplecache_enabled',1); - $CONFIG->simplecache_enabled = 1; - elgg_view_regenerate_simplecache(); - } + + datalist_set('simplecache_enabled',1); + $CONFIG->simplecache_enabled = 1; + elgg_view_regenerate_simplecache(); } /** @@ -1386,6 +1385,39 @@ function elgg_extend_view($view, $view_extension, $priority = 501, $viewtype = ' } /** + * Unextends a view. + * + * @param string $view The view that was extended. + * @param string $view_extension This view that was added to $view + * @return bool + * @since 1.7.2 + */ +function elgg_unextend_view($view, $view_extension) { + global $CONFIG; + + if (!isset($CONFIG->views)) { + return FALSE; + } + + if (!isset($CONFIG->views->extensions)) { + return FALSE; + } + + if (!isset($CONFIG->views->extensions[$view])) { + return FALSE; + } + + $priority = array_search($view_extension, $CONFIG->views->extensions[$view]); + if ($priority === FALSE) { + return FALSE; + } + + unset($CONFIG->views->extensions[$view][$priority]); + + return TRUE; +} + +/** * @deprecated 1.7. Use elgg_extend_view(). * @param $view * @param $view_name @@ -1498,26 +1530,6 @@ function page_draw($title, $body, $sidebar = "") { } /** - * Displays a UNIX timestamp in a friendly way (eg "less than a minute ago") - * - * @param int $time A UNIX epoch timestamp - * @return string The friendly time - */ -function friendly_time($time) { - return elgg_view('output/friendlytime', array('time' => $time)); -} - -/** - * When given a title, returns a version suitable for inclusion in a URL - * - * @param string $title The title - * @return string The optimised title - */ -function friendly_title($title) { - return elgg_view('output/friendlytitle', array('title' => $title)); -} - -/** * Library loading and handling */ @@ -2813,17 +2825,6 @@ interface Friendable { } /** - * Handles formatting of ampersands in urls - * - * @param string $url - * @return string - * @since 1.7.1 - */ -function elgg_format_url($url) { - return preg_replace('/&(?!amp;)/', '&', $url); -} - -/** * Rebuilds a parsed (partial) URL * * @param array $parts Associative array of URL components like parse_url() returns diff --git a/engine/lib/entities.php b/engine/lib/entities.php index 481feac6b..8e20ec269 100644 --- a/engine/lib/entities.php +++ b/engine/lib/entities.php @@ -2319,8 +2319,8 @@ function elgg_get_entity_site_where_sql($table, $site_guids) { */ function elgg_list_entities($options) { $defaults = array( - 'offset' => 0, - 'limit' => 10, + 'offset' => (int) max(get_input('offset', 0), 0), + 'limit' => (int) max(get_input('limit', 10), 0), 'full_view' => TRUE, 'view_type_toggle' => FALSE, 'pagination' => TRUE diff --git a/engine/lib/input.php b/engine/lib/input.php index 26416d646..cf0af2b8e 100644 --- a/engine/lib/input.php +++ b/engine/lib/input.php @@ -105,102 +105,6 @@ function sanitise_filepath($path) { return $path; } - -/** - * Takes a string and turns any URLs into formatted links - * - * @param string $text The input string - * @return string The output stirng with formatted links - **/ -function parse_urls($text) { - // @todo this causes problems with <attr = "val"> - // must be ing <attr="val"> format (no space). - // By default htmlawed rewrites tags to this format. - // if PHP supported conditional negative lookbehinds we could use this: - // $r = preg_replace_callback('/(?<!=)(?<![ ])?(?<!["\'])((ht|f)tps?:\/\/[^\s\r\n\t<>"\'\!\(\),]+)/i', - // - // we can put , in the list of excluded char but need to keep . because of domain names. - // it is removed in the callback. - $r = preg_replace_callback('/(?<!=)(?<!["\'])((ht|f)tps?:\/\/[^\s\r\n\t<>"\'\!\(\),]+)/i', - create_function( - '$matches', - ' - $url = $matches[1]; - $period = \'\'; - if (substr($url, -1, 1) == \'.\') { - $period = \'.\'; - $url = trim($url, \'.\'); - } - $urltext = str_replace("/", "/<wbr />", $url); - return "<a href=\"$url\" style=\"text-decoration:underline;\">$urltext</a>$period"; - ' - ), $text); - - return $r; -} - -/** - * - * Adds P tags. - * Borrowed from Wordpress. - * - **/ -function autop($pee, $br = 1) { - $pee = $pee . "\n"; // just to make things a little easier, pad the end - $pee = preg_replace('|<br />\s*<br />|', "\n\n", $pee); - // Space things out a little - $allblocks = '(?:table|thead|tfoot|caption|colgroup|tbody|tr|td|th|div|dl|dd|dt|ul|ol|li|pre|select|form|map|area|blockquote|address|math|style|input|p|h[1-6]|hr)'; - $pee = preg_replace('!(<' . $allblocks . '[^>]*>)!', "\n$1", $pee); - $pee = preg_replace('!(</' . $allblocks . '>)!', "$1\n\n", $pee); - $pee = str_replace(array("\r\n", "\r"), "\n", $pee); // cross-platform newlines - if ( strpos($pee, '<object') !== false ) { - $pee = preg_replace('|\s*<param([^>]*)>\s*|', "<param$1>", $pee); // no pee inside object/embed - $pee = preg_replace('|\s*</embed>\s*|', '</embed>', $pee); - } - $pee = preg_replace("/\n\n+/", "\n\n", $pee); // take care of duplicates - $pee = preg_replace('/\n?(.+?)(?:\n\s*\n|\z)/s', "<p>$1</p>\n", $pee); // make paragraphs, including one at the end - $pee = preg_replace('|<p>\s*?</p>|', '', $pee); // under certain strange conditions it could create a P of entirely whitespace - $pee = preg_replace('!<p>([^<]+)\s*?(</(?:div|address|form)[^>]*>)!', "<p>$1</p>$2", $pee); - $pee = preg_replace( '|<p>|', "$1<p>", $pee ); - $pee = preg_replace('!<p>\s*(</?' . $allblocks . '[^>]*>)\s*</p>!', "$1", $pee); // don't pee all over a tag - $pee = preg_replace("|<p>(<li.+?)</p>|", "$1", $pee); // problem with nested lists - $pee = preg_replace('|<p><blockquote([^>]*)>|i', "<blockquote$1><p>", $pee); - $pee = str_replace('</blockquote></p>', '</p></blockquote>', $pee); - $pee = preg_replace('!<p>\s*(</?' . $allblocks . '[^>]*>)!', "$1", $pee); - $pee = preg_replace('!(</?' . $allblocks . '[^>]*>)\s*</p>!', "$1", $pee); - if ($br) { - $pee = preg_replace_callback('/<(script|style).*?<\/\\1>/s', create_function('$matches', 'return str_replace("\n", "<WPPreserveNewline />", $matches[0]);'), $pee); - $pee = preg_replace('|(?<!<br />)\s*\n|', "<br />\n", $pee); // optionally make line breaks - $pee = str_replace('<WPPreserveNewline />', "\n", $pee); - } - $pee = preg_replace('!(</?' . $allblocks . '[^>]*>)\s*<br />!', "$1", $pee); - $pee = preg_replace('!<br />(\s*</?(?:p|li|div|dl|dd|dt|th|pre|td|ul|ol)[^>]*>)!', '$1', $pee); -// if (strpos($pee, '<pre') !== false) { -// mind the space between the ? and >. Only there because of the comment. -// $pee = preg_replace_callback('!(<pre.*? >)(.*?)</pre>!is', 'clean_pre', $pee ); -// } - $pee = preg_replace( "|\n</p>$|", '</p>', $pee ); - - return $pee; -} - -/** - * Examins $_SERVER['REQUEST_URI'] and set_input()s on each. - * Required if the params are sent as GET and not forwarded by mod_rewrite. - * - * @return bool on success - */ -function elgg_set_input_from_uri() { - $query = parse_url($_SERVER['REQUEST_URI'], PHP_URL_QUERY); - $query_arr = elgg_parse_str($query); - - if (is_array($query_arr)) { - foreach($query_arr as $name => $val) { - set_input($name, $val); - } - } -} - /** * Page handler for autocomplete endpoint. * diff --git a/engine/lib/output.php b/engine/lib/output.php new file mode 100644 index 000000000..d2b76a482 --- /dev/null +++ b/engine/lib/output.php @@ -0,0 +1,150 @@ +<?php +/** + * Output functions + * Processing text for output, formatting HTML, + * + * @package Elgg + * @subpackage Core + * @author Curverider Ltd <info@elgg.com> + * @link http://elgg.org/ + */ + +/** + * Takes a string and turns any URLs into formatted links + * + * @param string $text The input string + * @return string The output stirng with formatted links + **/ +function parse_urls($text) { + // @todo this causes problems with <attr = "val"> + // must be ing <attr="val"> format (no space). + // By default htmlawed rewrites tags to this format. + // if PHP supported conditional negative lookbehinds we could use this: + // $r = preg_replace_callback('/(?<!=)(?<![ ])?(?<!["\'])((ht|f)tps?:\/\/[^\s\r\n\t<>"\'\!\(\),]+)/i', + // + // we can put , in the list of excluded char but need to keep . because of domain names. + // it is removed in the callback. + $r = preg_replace_callback('/(?<!=)(?<!["\'])((ht|f)tps?:\/\/[^\s\r\n\t<>"\'\!\(\),]+)/i', + create_function( + '$matches', + ' + $url = $matches[1]; + $period = \'\'; + if (substr($url, -1, 1) == \'.\') { + $period = \'.\'; + $url = trim($url, \'.\'); + } + $urltext = str_replace("/", "/<wbr />", $url); + return "<a href=\"$url\" style=\"text-decoration:underline;\">$urltext</a>$period"; + ' + ), $text); + + return $r; +} + +/** + * Create paragraphs from text with line spacing + * Borrowed from Wordpress. + * + **/ +function autop($pee, $br = 1) { + $pee = $pee . "\n"; // just to make things a little easier, pad the end + $pee = preg_replace('|<br />\s*<br />|', "\n\n", $pee); + // Space things out a little + $allblocks = '(?:table|thead|tfoot|caption|colgroup|tbody|tr|td|th|div|dl|dd|dt|ul|ol|li|pre|select|form|map|area|blockquote|address|math|style|input|p|h[1-6]|hr)'; + $pee = preg_replace('!(<' . $allblocks . '[^>]*>)!', "\n$1", $pee); + $pee = preg_replace('!(</' . $allblocks . '>)!', "$1\n\n", $pee); + $pee = str_replace(array("\r\n", "\r"), "\n", $pee); // cross-platform newlines + if ( strpos($pee, '<object') !== false ) { + $pee = preg_replace('|\s*<param([^>]*)>\s*|', "<param$1>", $pee); // no pee inside object/embed + $pee = preg_replace('|\s*</embed>\s*|', '</embed>', $pee); + } + $pee = preg_replace("/\n\n+/", "\n\n", $pee); // take care of duplicates + $pee = preg_replace('/\n?(.+?)(?:\n\s*\n|\z)/s', "<p>$1</p>\n", $pee); // make paragraphs, including one at the end + $pee = preg_replace('|<p>\s*?</p>|', '', $pee); // under certain strange conditions it could create a P of entirely whitespace + $pee = preg_replace('!<p>([^<]+)\s*?(</(?:div|address|form)[^>]*>)!', "<p>$1</p>$2", $pee); + $pee = preg_replace( '|<p>|', "$1<p>", $pee ); + $pee = preg_replace('!<p>\s*(</?' . $allblocks . '[^>]*>)\s*</p>!', "$1", $pee); // don't pee all over a tag + $pee = preg_replace("|<p>(<li.+?)</p>|", "$1", $pee); // problem with nested lists + $pee = preg_replace('|<p><blockquote([^>]*)>|i', "<blockquote$1><p>", $pee); + $pee = str_replace('</blockquote></p>', '</p></blockquote>', $pee); + $pee = preg_replace('!<p>\s*(</?' . $allblocks . '[^>]*>)!', "$1", $pee); + $pee = preg_replace('!(</?' . $allblocks . '[^>]*>)\s*</p>!', "$1", $pee); + if ($br) { + $pee = preg_replace_callback('/<(script|style).*?<\/\\1>/s', create_function('$matches', 'return str_replace("\n", "<WPPreserveNewline />", $matches[0]);'), $pee); + $pee = preg_replace('|(?<!<br />)\s*\n|', "<br />\n", $pee); // optionally make line breaks + $pee = str_replace('<WPPreserveNewline />', "\n", $pee); + } + $pee = preg_replace('!(</?' . $allblocks . '[^>]*>)\s*<br />!', "$1", $pee); + $pee = preg_replace('!<br />(\s*</?(?:p|li|div|dl|dd|dt|th|pre|td|ul|ol)[^>]*>)!', '$1', $pee); +// if (strpos($pee, '<pre') !== false) { +// mind the space between the ? and >. Only there because of the comment. +// $pee = preg_replace_callback('!(<pre.*? >)(.*?)</pre>!is', 'clean_pre', $pee ); +// } + $pee = preg_replace( "|\n</p>$|", '</p>', $pee ); + + return $pee; +} + +/** + * Returns an excerpt. + * Will return up to n chars stopping at the nearest space. + * If no spaces are found (like in Japanese) will crop off at the + * n char mark. Adds ... if any text was chopped. + * + * @param string $text + * @param int $num_chars Return a string up to $num_chars long + * @return string + * @since 1.7.2 + */ +function elgg_make_excerpt($text, $num_chars = 250) { + $text = trim(strip_tags($text)); + $string_length = elgg_strlen($text); + + // handle cases + $excerpt = elgg_substr($text, 0, $num_chars); + $space = elgg_strrpos($excerpt, ' ', 0); + + // don't crop if can't find a space. + if ($space === FALSE) { + $space = $num_chars; + } + $excerpt = trim(elgg_substr($excerpt, 0, $space)); + + if ($string_length != elgg_strlen($excerpt)) { + $excerpt .= '...'; + } + + return $excerpt; +} + +/** + * Handles formatting of ampersands in urls + * + * @param string $url + * @return string + * @since 1.7.1 + */ +function elgg_format_url($url) { + return preg_replace('/&(?!amp;)/', '&', $url); +} + +/** + * When given a title, returns a version suitable for inclusion in a URL + * + * @param string $title The title + * @return string The optimised title + */ +function friendly_title($title) { + return elgg_view('output/friendlytitle', array('title' => $title)); +} + +/** + * Displays a UNIX timestamp in a friendly way (eg "less than a minute ago") + * + * @param int $time A UNIX epoch timestamp + * @return string The friendly time + */ +function friendly_time($time) { + return elgg_view('output/friendlytime', array('time' => $time)); +}
\ No newline at end of file diff --git a/engine/lib/pagehandler.php b/engine/lib/pagehandler.php index fc11f2d67..490b81159 100644 --- a/engine/lib/pagehandler.php +++ b/engine/lib/pagehandler.php @@ -20,20 +20,7 @@ function page_handler($handler, $page) { set_context($handler); - // if there are any query parameters, make them available from get_input - if (strpos($_SERVER['REQUEST_URI'], '?') !== FALSE) { - $query = substr($_SERVER['REQUEST_URI'], strpos($_SERVER['REQUEST_URI'], '?') + 1); - if (isset($query)) { - $query_arr = elgg_parse_str($query); - if (is_array($query_arr)) { - foreach($query_arr as $name => $val) { - set_input($name, $val); - } - } - } - } - - $page = explode('/', $page); + $page = explode('/',$page); // remove empty array element when page url ends in a / (see #1480) if ($page[count($page) - 1] === '') { array_pop($page); diff --git a/engine/lib/river2.php b/engine/lib/river.php index a4908167d..61d40f6ef 100644 --- a/engine/lib/river2.php +++ b/engine/lib/river.php @@ -49,7 +49,7 @@ function add_to_river($view,$action_type,$subject_guid,$object_guid,$access_id = global $CONFIG; // Attempt to save river item; return success status - $insert_data = insert_data("insert into {$CONFIG->dbprefix}river " . + return insert_data("insert into {$CONFIG->dbprefix}river " . " set type = '{$type}', " . " subtype = '{$subtype}', " . " action_type = '{$action_type}', " . @@ -59,12 +59,6 @@ function add_to_river($view,$action_type,$subject_guid,$object_guid,$access_id = " object_guid = {$object_guid}, " . " annotation_id = {$annotation_id}, " . " posted = {$posted} "); - - //update the entities which had the action carried out on it - if($insert_data){ - update_entity_last_action($object_guid, $posted); - return $insert_data; - } } /** @@ -119,6 +113,23 @@ function remove_from_river_by_annotation($annotation_id) { } /** + * Removes a single river entry + * + * @param int $id The ID of the river entry + * @return true|false Depending on success + * @since 1.7.2 + */ +function remove_from_river_by_id($id) { + global $CONFIG; + + // Sanitise + $id = (int) $id; + + return delete_data("delete from {$CONFIG->dbprefix}river where id = {$id}"); +} + + +/** * Sets the access ID on river items for a particular object * * @param int $object_guid The GUID of the entity @@ -253,118 +264,6 @@ function get_river_items($subject_guid = 0, $object_guid = 0, $subject_relations } /** - * Retrieves items from the river. All parameters are optional. - * - * @param int|array $subject_guid Acting entity to restrict to. Default: all - * @param int|array $object_guid Entity being acted on to restrict to. Default: all - * @param string $subject_relationship If set to a relationship type, this will use - * $subject_guid as the starting point and set the subjects to be all users this - * entity has this relationship with (eg 'friend'). Default: blank - * @param string $type The type of entity to restrict to. Default: all - * @param string $subtype The subtype of entity to restrict to. Default: all - * @param string $action_type The type of river action to restrict to. Default: all - * @param int $limit The number of items to retrieve. Default: 20 - * @param int $offset The page offset. Default: 0 - * @param int $posted_min The minimum time period to look at. Default: none - * @param int $posted_max The maximum time period to look at. Default: none - * @return array|false Depending on success - */ -function elgg_get_river_items($subject_guid = 0, $object_guid = 0, $subject_relationship = '', $type = '', - $subtype = '', $action_type = '', $limit = 10, $offset = 0, $posted_min = 0, $posted_max = 0) { - - // Get config - global $CONFIG; - - // Sanitise variables - if (!is_array($subject_guid)) { - $subject_guid = (int) $subject_guid; - } else { - foreach($subject_guid as $key => $temp) { - $subject_guid[$key] = (int) $temp; - } - } - if (!is_array($object_guid)) { - $object_guid = (int) $object_guid; - } else { - foreach($object_guid as $key => $temp) { - $object_guid[$key] = (int) $temp; - } - } - if (!empty($type)) { - $type = sanitise_string($type); - } - if (!empty($subtype)) { - $subtype = sanitise_string($subtype); - } - if (!empty($action_type)) { - $action_type = sanitise_string($action_type); - } - $limit = (int) $limit; - $offset = (int) $offset; - $posted_min = (int) $posted_min; - $posted_max = (int) $posted_max; - - // Construct 'where' clauses for the river - $where = array(); - $where[] = str_replace("and enabled='yes'",'',str_replace('owner_guid','subject_guid',get_access_sql_suffix_new('er','e'))); - - if (empty($subject_relationship)) { - if (!empty($subject_guid)) { - if (!is_array($subject_guid)) { - $where[] = " subject_guid = {$subject_guid} "; - } else { - $where[] = " subject_guid in (" . implode(',',$subject_guid) . ") "; - } - } - } else { - if (!is_array($subject_guid)) { - if ($entities = get_entities_from_relationship($subject_relationship,$subject_guid,false,'','',0,'',9999)) { - $guids = array(); - foreach($entities as $entity) { - $guids[] = (int) $entity->guid; - } - // $guids[] = $subject_guid; - $where[] = " subject_guid in (" . implode(',',$guids) . ") "; - } else { - return array(); - } - } - } - if (!empty($object_guid)) - if (!is_array($object_guid)) { - $where[] = " object_guid = {$object_guid} "; - } else { - $where[] = " object_guid in (" . implode(',',$object_guid) . ") "; - } - if (!empty($type)) { - $where[] = " er.type = '{$type}' "; - } - if (!empty($subtype)) { - $where[] = " er.subtype = '{$subtype}' "; - } - if (!empty($action_type)) { - $where[] = " action_type = '{$action_type}' "; - } - if (!empty($posted_min)) { - $where[] = " posted > {$posted_min} "; - } - if (!empty($posted_max)) { - $where[] = " posted < {$posted_max} "; - } - - $whereclause = implode(' and ', $where); - - // Construct main SQL - $sql = "select er.*" . - " from {$CONFIG->dbprefix}river er, {$CONFIG->dbprefix}entities e " . - " where {$whereclause} AND er.object_guid = e.guid GROUP BY object_guid " . - " ORDER BY e.last_action desc LIMIT {$offset},{$limit}"; - - // Get data - return get_data($sql); -} - -/** * Returns a human-readable representation of a river item * * @see get_river_items @@ -386,17 +285,10 @@ function elgg_view_river_item($item) { )); } } - if (get_plugin_setting('activitytype', 'riverdashboard') == 'classic'){ - return elgg_view('river/item/wrapper_classic',array( - 'item' => $item, - 'body' => $body - )); - }else{ - return elgg_view('river/item/wrapper',array( - 'item' => $item, - 'body' => $body - )); - } + return elgg_view('river/item/wrapper',array( + 'item' => $item, + 'body' => $body + )); } return false; } @@ -418,20 +310,13 @@ function elgg_view_river_item($item) { * @return string Human-readable river. */ function elgg_view_river_items($subject_guid = 0, $object_guid = 0, $subject_relationship = '', - $type = '', $subtype = '', $action_type = '', $limit = 20, $posted_min = 0, $posted_max = 0, $pagination = true, $chronological = true) { + $type = '', $subtype = '', $action_type = '', $limit = 20, $posted_min = 0, $posted_max = 0, $pagination = true) { // Get input from outside world and sanitise it $offset = (int) get_input('offset',0); - // Get the correct function - if($chronological == true){ - $riveritems = get_river_items($subject_guid,$object_guid,$subject_relationship,$type,$subtype,$action_type,($limit + 1),$offset,$posted_min,$posted_max); - }else{ - $riveritems = elgg_get_river_items($subject_guid,$object_guid,$subject_relationship,$type,$subtype,$action_type,($limit + 1),$offset,$posted_min,$posted_max); - } - // Get river items, if they exist - if ($riveritems) { + if ($riveritems = get_river_items($subject_guid,$object_guid,$subject_relationship,$type,$subtype,$action_type,($limit + 1),$offset,$posted_min,$posted_max)) { return elgg_view('river/item/list',array( 'limit' => $limit, @@ -444,101 +329,163 @@ function elgg_view_river_items($subject_guid = 0, $object_guid = 0, $subject_rel return ''; } + /** - * Update last_action on the given entity. + * Construct and execute the query required for the activity stream. * - * @param int $guid Entity annotation|relationship action carried out on - * @param int $posted Timestamp of last action - **/ -function update_entity_last_action($guid, $posted){ - global $CONFIG; - if(!$posted) - $posted = time(); - $guid = (int)$guid; - if($guid){ - //now add to the river updated table - $query = update_data("UPDATE {$CONFIG->dbprefix}entities SET last_action = {$posted} WHERE guid = {$guid}"); - if($query) - return true; - else - return false; - }else{ - return false; - } -} -/** - * This function has been added here until we decide if it is going to roll into core or not - * Add access restriction sql code to a given query. - * Note that if this code is executed in privileged mode it will return blank. - * @TODO: DELETE once Query classes are fully integrated + * @deprecated 1.8 * - * @param string $table_prefix Optional table. prefix for the access code. - * @param int $owner + * @param int $limit Limit the query. + * @param int $offset Execute from the given object + * @param mixed $type A type, or array of types to look for. Note: This is how they appear in the SYSTEM LOG. + * @param mixed $subtype A subtype, or array of types to look for. Note: This is how they appear in the SYSTEM LOG. + * @param mixed $owner_guid The guid or a collection of GUIDs + * @param string $owner_relationship If defined, the relationship between $owner_guid and the entity owner_guid - so "is $owner_guid $owner_relationship with $entity->owner_guid" + * @return array An array of system log entries. */ -function get_access_sql_suffix_new($table_prefix_one = '', $table_prefix_two = '', $owner = null) { - global $ENTITY_SHOW_HIDDEN_OVERRIDE, $CONFIG; +function get_activity_stream_data($limit = 10, $offset = 0, $type = "", $subtype = "", $owner_guid = "", $owner_relationship = "") { + global $CONFIG; - $sql = ""; - $friends_bit = ""; - $enemies_bit = ""; + $limit = (int)$limit; + $offset = (int)$offset; - if ($table_prefix_one) { - $table_prefix_one = sanitise_string($table_prefix_one) . "."; + if ($type) { + if (!is_array($type)) { + $type = array(sanitise_string($type)); + } else { + foreach ($type as $k => $v) { + $type[$k] = sanitise_string($v); + } + } } - if ($table_prefix_two) { - $table_prefix_two = sanitise_string($table_prefix_two) . "."; + if ($subtype) { + if (!is_array($subtype)) { + $subtype = array(sanitise_string($subtype)); + } else { + foreach ($subtype as $k => $v) { + $subtype[$k] = sanitise_string($v); + } + } } - if (!isset($owner)) { - $owner = get_loggedin_userid(); + if ($owner_guid) { + if (is_array($owner_guid)) { + foreach ($owner_guid as $k => $v) { + $owner_guid[$k] = (int)$v; + } + } else { + $owner_guid = array((int)$owner_guid); + } } - if (!$owner) { - $owner = -1; - } + $owner_relationship = sanitise_string($owner_relationship); + + // Get a list of possible views + $activity_events= array(); + $activity_views = array_merge(elgg_view_tree('activity', 'default'), elgg_view_tree('river', 'default')); // Join activity with river + + $done = array(); + + foreach ($activity_views as $view) { + $fragments = explode('/', $view); + $tmp = explode('/',$view, 2); + $tmp = $tmp[1]; + + if ((isset($fragments[0])) && (($fragments[0] == 'river') || ($fragments[0] == 'activity')) + && (!in_array($tmp, $done))) { + + if (isset($fragments[1])) { + $f = array(); + for ($n = 1; $n < count($fragments); $n++) { + $val = sanitise_string($fragments[$n]); + switch($n) { + case 1: $key = 'type'; break; + case 2: $key = 'subtype'; break; + case 3: $key = 'event'; break; + } + $f[$key] = $val; + } + + // Filter result based on parameters + $add = true; + if ($type) { + if (!in_array($f['type'], $type)) { + $add = false; + } + } + if (($add) && ($subtype)) { + if (!in_array($f['subtype'], $subtype)) { + $add = false; + } + } + if (($add) && ($event)) { + if (!in_array($f['event'], $event)) { + $add = false; + } + } - $ignore_access = elgg_check_access_overrides($owner); - $access = get_access_list($owner); - - if ($ignore_access) { - $sql = " (1 = 1) "; - } else if ($owner != -1) { - $friends_bit = "{$table_prefix_one}access_id = " . ACCESS_FRIENDS . " - AND {$table_prefix_one}owner_guid IN ( - SELECT guid_one FROM {$CONFIG->dbprefix}entity_relationships - WHERE relationship='friend' AND guid_two=$owner - )"; - - $friends_bit = '('.$friends_bit.') OR '; - - if ((isset($CONFIG->user_block_and_filter_enabled)) && ($CONFIG->user_block_and_filter_enabled)) { - // check to see if the user is in the entity owner's block list - // or if the entity owner is in the user's filter list - // if so, disallow access - $enemies_bit = get_annotation_sql('elgg_block_list', "{$table_prefix_one}owner_guid", $owner, false); - $enemies_bit = '(' - . $enemies_bit - . ' AND ' . get_annotation_sql('elgg_filter_list', $owner, "{$table_prefix_one}owner_guid", false) - . ')'; + if ($add) { + $activity_events[] = $f; + } + } + + $done[] = $tmp; } } - if (empty($sql)) { - $sql = " $friends_bit ({$table_prefix_one}access_id IN {$access} - OR ({$table_prefix_one}owner_guid = {$owner}) - OR ( - {$table_prefix_one}access_id = " . ACCESS_PRIVATE . " - AND {$table_prefix_one}owner_guid = $owner - ) - )"; + $n = 0; + foreach ($activity_events as $details) { + // Get what we're talking about + if ($details['subtype'] == 'default') { + $details['subtype'] = ''; + } + + if (($details['type']) && ($details['event'])) { + if ($n > 0) { + $obj_query .= " or "; + } + + $access = ""; + if ($details['type']!='relationship') { + $access = " and " . get_access_sql_suffix('sl'); + } + + $obj_query .= "( sl.object_type='{$details['type']}' + AND sl.object_subtype='{$details['subtype']}' + AND sl.event='{$details['event']}' $access )"; + + $n++; + } } - if ($enemies_bit) { - $sql = "$enemies_bit AND ($sql)"; + // User + if ((count($owner_guid)) && ($owner_guid[0] != 0)) { + $user = " and sl.performed_by_guid in (".implode(',', $owner_guid).")"; + + if ($owner_relationship) { + $friendsarray = ""; + if ($friends = elgg_get_entities_from_relationship(array( + 'relationship' => $owner_relationship, + 'relationship_guid' => $owner_guid[0], + 'inverse_relationship' => FALSE, + 'types' => 'user', + 'subtypes' => $subtype, + 'limit' => 9999)) + ) { + + $friendsarray = array(); + foreach($friends as $friend) { + $friendsarray[] = $friend->getGUID(); + } + + $user = " and sl.performed_by_guid in (" . implode(',', $friendsarray).")"; + } + } } - if (!$ENTITY_SHOW_HIDDEN_OVERRIDE) - $sql .= " and {$table_prefix_two}enabled='yes'"; - return '('.$sql.')'; -}
\ No newline at end of file + $query = "SELECT sl.* FROM {$CONFIG->dbprefix}system_log sl + WHERE 1 $user AND ($obj_query) + ORDER BY sl.time_created desc limit $offset, $limit"; + return get_data($query); +} diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php index ffea2dcc2..b74b2f524 100644 --- a/engine/lib/sessions.php +++ b/engine/lib/sessions.php @@ -460,17 +460,6 @@ function logout() { } /** - * Returns a fingerprint for an elgg session. - * - * @return string - */ -function get_session_fingerprint() { - global $CONFIG; - - return md5($_SERVER['HTTP_USER_AGENT'] . get_site_secret()); -} - -/** * Initialises the system session and potentially logs the user in * * This function looks for: @@ -505,16 +494,6 @@ function session_init($event, $object_type, $object) { session_name('Elgg'); session_start(); - // Do some sanity checking by generating a fingerprint (makes some XSS attacks harder) - if (isset($_SESSION['__elgg_fingerprint'])) { - if ($_SESSION['__elgg_fingerprint'] != get_session_fingerprint()) { - session_destroy(); - return false; - } - } else { - $_SESSION['__elgg_fingerprint'] = get_session_fingerprint(); - } - // Generate a simple token (private from potentially public session id) if (!isset($_SESSION['__elgg_session'])) { $_SESSION['__elgg_session'] = md5(microtime().rand()); diff --git a/engine/start.php b/engine/start.php index aade0a817..b7c63dfa4 100644 --- a/engine/start.php +++ b/engine/start.php @@ -51,18 +51,18 @@ set_exception_handler('__elgg_php_exception_handler'); // attempt to save settings.php and .htaccess if in installation. if ($sanitised = sanitised()) { - // load library files + // load the rest of the library files from engine/lib/ $lib_files = array( - 'actions.php', 'activity.php', 'admin.php', 'annotations.php', 'api.php', - 'cache.php', 'calendar.php', 'configuration.php', 'cron.php', - 'entities.php', 'export.php', 'extender.php', 'database.php', 'filestore.php', - 'group.php', 'input.php', 'install.php', 'location.php', 'mb_wrapper.php', + 'admin.php', 'annotations.php', 'api.php', 'cache.php', + 'calendar.php', 'configuration.php', 'cron.php', 'entities.php', + 'export.php', 'extender.php', 'filestore.php', 'group.php', + 'input.php', 'install.php', 'location.php', 'mb_wrapper.php', 'memcache.php', 'metadata.php', 'metastrings.php', 'notification.php', - 'objects.php', 'opendd.php', 'pagehandler.php', 'pageowner.php', 'pam.php', - 'plugins.php', 'query.php', 'relationships.php', 'river2.php', 'sites.php', - 'social.php', 'statistics.php', 'system_log.php', 'tags.php', - 'usersettings.php', 'users.php', 'version.php', 'widgets.php', 'xml.php', - 'xml-rpc.php' + 'objects.php', 'opendd.php', 'output.php', 'pagehandler.php', + 'pageowner.php', 'pam.php', 'plugins.php', 'query.php', + 'relationships.php', 'river.php', 'sites.php', 'social.php', + 'statistics.php', 'system_log.php', 'tags.php', 'usersettings.php', + 'users.php', 'version.php', 'widgets.php', 'xml.php', 'xml-rpc.php' ); foreach($lib_files as $file) { @@ -136,4 +136,4 @@ if (($installed) && ($db_installed)) { datalist_set('simplecache_'.$oldview,$lastcached); } $CONFIG->lastcache = $lastcached; -}
\ No newline at end of file +} |