6 files changed, 298 insertions, 208 deletions
diff --git a/mod/blog/actions/add.php b/mod/blog/actions/add.php
deleted file mode 100644
index 97634638e..000000000
--- a/mod/blog/actions/add.php
+++ /dev/null
@@ -1,84 +0,0 @@
-<?php
-
-	/**
-	 * Elgg blog: add post action
-	 * 
-	 * @package ElggBlog
-	 * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
-	 * @author Curverider Ltd <info@elgg.com>
-	 * @copyright Curverider Ltd 2008-2010
-	 * @link http://elgg.org/
-	 */
-
-	// Make sure we're logged in (send us to the front page if not)
-		gatekeeper();
-
-	// Get input data
-		$title = get_input('blogtitle');
-		$body = get_input('blogbody');
-		$tags = get_input('blogtags');
-		$access = get_input('access_id');
-		$comments_on = get_input('comments_select','Off');
-
-	// Cache to the session
-		$_SESSION['user']->blogtitle = $title;
-		$_SESSION['user']->blogbody = $body;
-		$_SESSION['user']->blogtags = $tags;
-		
-	// Convert string of tags into a preformatted array
-		$tagarray = string_to_tag_array($tags);
-		
-	// Make sure the title / description aren't blank
-		if (empty($title) || empty($body)) {
-			register_error(elgg_echo("blog:blank"));
-			forward($_SERVER['HTTP_REFERER']);
-		}
-
-	
-	// Initialise a new ElggObject
-		$blog = new ElggObject();
-	// Tell the system it's a blog post
-		$blog->subtype = "blog";
-	// Set its owner to the current user
-		$blog->owner_guid = get_loggedin_userid();
-	// Set it's container
-		$blog->container_guid = (int)get_input('container_guid', get_loggedin_userid());
-	// For now, set its access
-		$blog->access_id = $access;
-	// Set its title and description appropriately
-		$blog->title = $title;
-		$blog->description = $body;
-	// Now let's add tags. We can pass an array directly to the object property! Easy.
-		if (is_array($tagarray)) {
-			$blog->tags = $tagarray;
-		}
-	//whether the user wants to allow comments or not on the blog post
-		$blog->comments_on = $comments_on;
-		
-	// Now save the object
-		if (!$blog->save()) {
-			register_error(elgg_echo("blog:error"));
-			forward($_SERVER['HTTP_REFERER']);
-		}
-
-	// Success message
-		system_message(elgg_echo("blog:posted"));
-	// add to river
-		add_to_river('river/object/blog/create', 'create', get_loggedin_userid(), $blog->guid);
-	// Remove the blog post cache
-		//unset($_SESSION['blogtitle']); unset($_SESSION['blogbody']); unset($_SESSION['blogtags']);
-		remove_metadata($_SESSION['user']->guid,'blogtitle');
-		remove_metadata($_SESSION['user']->guid,'blogbody');
-		remove_metadata($_SESSION['user']->guid,'blogtags');
-			
-	// Forward to the main blog page
-		$page_owner = get_entity($blog->container_guid);
-		if ($page_owner instanceof ElggUser) {
-			$username = $page_owner->username;
-		} else if ($page_owner instanceof ElggGroup) {
-			$username = "group:" . $page_owner->guid;
-		}
-		
-		forward("pg/blog/$username");
-		
-?>
diff --git a/mod/blog/actions/blog/auto_save_revision.php b/mod/blog/actions/blog/auto_save_revision.php
new file mode 100644
index 000000000..e33edfaab
--- /dev/null
+++ b/mod/blog/actions/blog/auto_save_revision.php
@@ -0,0 +1,89 @@
+<?php
+/**
+ * Action called by AJAX periodic auto saving when editing.
+ *
+ * @package Blog
+ */
+
+$guid = get_input('guid');
+$user = elgg_get_logged_in_user_entity();
+$title = htmlspecialchars(get_input('title', '', false), ENT_QUOTES, 'UTF-8');
+$description = get_input('description');
+$excerpt = get_input('excerpt');
+
+// because get_input() doesn't use the default if the input is ''
+if (empty($excerpt)) {
+	$excerpt = $description;
+}
+
+// store errors to pass along
+$error = FALSE;
+
+if ($title && $description) {
+
+	if ($guid) {
+		$entity = get_entity($guid);
+		if (elgg_instanceof($entity, 'object', 'blog') && $entity->canEdit()) {
+			$blog = $entity;
+		} else {
+			$error = elgg_echo('blog:error:post_not_found');
+		}
+	} else {
+		$blog = new ElggBlog();
+		$blog->subtype = 'blog';
+
+		// force draft and private for autosaves.
+		$blog->status = 'unsaved_draft';
+		$blog->access_id = ACCESS_PRIVATE;
+		$blog->title = $title;
+		$blog->description = $description;
+		$blog->excerpt = elgg_get_excerpt($excerpt);
+
+		// mark this as a brand new post so we can work out the
+		// river / revision logic in the real save action.
+		$blog->new_post = TRUE;
+
+		if (!$blog->save()) {
+			$error = elgg_echo('blog:error:cannot_save');
+		}
+	}
+
+	// creat draft annotation
+	if (!$error) {
+		// annotations don't have a "time_updated" so
+		// we have to delete everything or the times are wrong.
+
+		// don't save if nothing changed
+		if ($auto_save_annotations = $blog->getAnnotations('blog_auto_save', 1)) {
+			$auto_save = $auto_save_annotations[0];
+		} else {
+			$auto_save == FALSE;
+		}
+
+		if (!$auto_save) {
+			$annotation_id = $blog->annotate('blog_auto_save', $description);
+		} elseif ($auto_save instanceof ElggAnnotation && $auto_save->value != $description) {
+			$blog->deleteAnnotations('blog_auto_save');
+			$annotation_id = $blog->annotate('blog_auto_save', $description);
+		} elseif ($auto_save instanceof ElggAnnotation && $auto_save->value == $description) {
+			// this isn't an error because we have an up to date annotation.
+			$annotation_id = $auto_save->id;
+		}
+
+		if (!$annotation_id) {
+			$error = elgg_echo('blog:error:cannot_auto_save');
+		}
+	}
+} else {
+	$error = elgg_echo('blog:error:missing:description');
+}
+
+if ($error) {
+	$json = array('success' => FALSE, 'message' => $error);
+	echo json_encode($json);
+} else {
+	$msg = elgg_echo('blog:message:saved');
+	$json = array('success' => TRUE, 'message' => $msg, 'guid' => $blog->getGUID());
+	echo json_encode($json);
+}
+exit;
diff --git a/mod/blog/actions/blog/delete.php b/mod/blog/actions/blog/delete.php
new file mode 100644
index 000000000..ca4eb8a7f
--- /dev/null
+++ b/mod/blog/actions/blog/delete.php
@@ -0,0 +1,27 @@
+<?php
+/**
+ * Delete blog entity
+ *
+ * @package Blog
+ */
+
+$blog_guid = get_input('guid');
+$blog = get_entity($blog_guid);
+
+if (elgg_instanceof($blog, 'object', 'blog') && $blog->canEdit()) {
+	$container = get_entity($blog->container_guid);
+	if ($blog->delete()) {
+		system_message(elgg_echo('blog:message:deleted_post'));
+		if (elgg_instanceof($container, 'group')) {
+			forward("blog/group/$container->guid/all");
+		} else {
+			forward("blog/owner/$container->username");
+		}
+	} else {
+		register_error(elgg_echo('blog:error:cannot_delete_post'));
+	}
+} else {
+	register_error(elgg_echo('blog:error:post_not_found'));
+}
+
+forward(REFERER);
+\ No newline at end of file
diff --git a/mod/blog/actions/blog/save.php b/mod/blog/actions/blog/save.php
new file mode 100644
index 000000000..82a9e6c51
--- /dev/null
+++ b/mod/blog/actions/blog/save.php
@@ -0,0 +1,182 @@
+<?php
+/**
+ * Save blog entity
+ *
+ * Can be called by clicking save button or preview button. If preview button,
+ * we automatically save as draft. The preview button is only available for
+ * non-published drafts.
+ *
+ * Drafts are saved with the access set to private.
+ *
+ * @package Blog
+ */
+
+// start a new sticky form session in case of failure
+elgg_make_sticky_form('blog');
+
+// save or preview
+$save = (bool)get_input('save');
+
+// store errors to pass along
+$error = FALSE;
+$error_forward_url = REFERER;
+$user = elgg_get_logged_in_user_entity();
+
+// edit or create a new entity
+$guid = get_input('guid');
+
+if ($guid) {
+	$entity = get_entity($guid);
+	if (elgg_instanceof($entity, 'object', 'blog') && $entity->canEdit()) {
+		$blog = $entity;
+	} else {
+		register_error(elgg_echo('blog:error:post_not_found'));
+		forward(get_input('forward', REFERER));
+	}
+
+	// save some data for revisions once we save the new edit
+	$revision_text = $blog->description;
+	$new_post = $blog->new_post;
+} else {
+	$blog = new ElggBlog();
+	$blog->subtype = 'blog';
+	$new_post = TRUE;
+}
+
+// set the previous status for the hooks to update the time_created and river entries
+$old_status = $blog->status;
+
+// set defaults and required values.
+$values = array(
+	'title' => '',
+	'description' => '',
+	'status' => 'draft',
+	'access_id' => ACCESS_DEFAULT,
+	'comments_on' => 'On',
+	'excerpt' => '',
+	'tags' => '',
+	'container_guid' => (int)get_input('container_guid'),
+);
+
+// fail if a required entity isn't set
+$required = array('title', 'description');
+
+// load from POST and do sanity and access checking
+foreach ($values as $name => $default) {
+	if ($name === 'title') {
+		$value = htmlspecialchars(get_input('title', $default, false), ENT_QUOTES, 'UTF-8');
+	} else {
+		$value = get_input($name, $default);
+	}
+
+	if (in_array($name, $required) && empty($value)) {
+		$error = elgg_echo("blog:error:missing:$name");
+	}
+
+	if ($error) {
+		break;
+	}
+
+	switch ($name) {
+		case 'tags':
+			$values[$name] = string_to_tag_array($value);
+			break;
+
+		case 'excerpt':
+			if ($value) {
+				$values[$name] = elgg_get_excerpt($value);
+			}
+			break;
+
+		case 'container_guid':
+			// this can't be empty or saving the base entity fails
+			if (!empty($value)) {
+				if (can_write_to_container($user->getGUID(), $value)) {
+					$values[$name] = $value;
+				} else {
+					$error = elgg_echo("blog:error:cannot_write_to_container");
+				}
+			} else {
+				unset($values[$name]);
+			}
+			break;
+
+		default:
+			$values[$name] = $value;
+			break;
+	}
+}
+
+// if preview, force status to be draft
+if ($save == false) {
+	$values['status'] = 'draft';
+}
+
+// if draft, set access to private and cache the future access
+if ($values['status'] == 'draft') {
+	$values['future_access'] = $values['access_id'];
+	$values['access_id'] = ACCESS_PRIVATE;
+}
+
+// assign values to the entity, stopping on error.
+if (!$error) {
+	foreach ($values as $name => $value) {
+		$blog->$name = $value;
+	}
+}
+
+// only try to save base entity if no errors
+if (!$error) {
+	if ($blog->save()) {
+		// remove sticky form entries
+		elgg_clear_sticky_form('blog');
+
+		// remove autosave draft if exists
+		$blog->deleteAnnotations('blog_auto_save');
+
+		// no longer a brand new post.
+		$blog->deleteMetadata('new_post');
+
+		// if this was an edit, create a revision annotation
+		if (!$new_post && $revision_text) {
+			$blog->annotate('blog_revision', $revision_text);
+		}
+
+		system_message(elgg_echo('blog:message:saved'));
+
+		$status = $blog->status;
+
+		// add to river if changing status or published, regardless of new post
+		// because we remove it for drafts.
+		if (($new_post || $old_status == 'draft') && $status == 'published') {
+			add_to_river('river/object/blog/create', 'create', $blog->owner_guid, $blog->getGUID());
+
+			// we only want notifications sent when post published
+			register_notification_object('object', 'blog', elgg_echo('blog:newpost'));
+			elgg_trigger_event('publish', 'object', $blog);
+
+			// reset the creation time for posts that move from draft to published
+			if ($guid) {
+				$blog->time_created = time();
+				$blog->save();
+			}
+		} elseif ($old_status == 'published' && $status == 'draft') {
+			elgg_delete_river(array(
+				'object_guid' => $blog->guid,
+				'action_type' => 'create',
+			));
+		}
+
+		if ($blog->status == 'published' || $save == false) {
+			forward($blog->getURL());
+		} else {
+			forward("blog/edit/$blog->guid");
+		}
+	} else {
+		register_error(elgg_echo('blog:error:cannot_save'));
+		forward($error_forward_url);
+	}
+} else {
+	register_error($error);
+	forward($error_forward_url);
+}
diff --git a/mod/blog/actions/delete.php b/mod/blog/actions/delete.php
deleted file mode 100644
index c01ca3844..000000000
--- a/mod/blog/actions/delete.php
+++ /dev/null
@@ -1,38 +0,0 @@
-<?php
-
-	/**
-	 * Elgg blog: delete post action
-	 * 
-	 * @package ElggBlog
-	 * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
-	 * @author Curverider Ltd <info@elgg.com>
-	 * @copyright Curverider Ltd 2008-2010
-	 * @link http://elgg.org/
-	 */
-
-	// Make sure we're logged in (send us to the front page if not)
-		gatekeeper();
-
-	// Get input data
-		$guid = (int) get_input('blogpost');
-		
-	// Make sure we actually have permission to edit
-		$blog = get_entity($guid);
-		if ($blog->getSubtype() == "blog" && $blog->canEdit()) {
-	
-		// Get owning user
-				$owner = get_entity($blog->getOwner());
-		// Delete it!
-				$rowsaffected = $blog->delete();
-				if ($rowsaffected > 0) {
-		// Success message
-					system_message(elgg_echo("blog:deleted"));
-				} else {
-					register_error(elgg_echo("blog:notdeleted"));
-				}
-		// Forward to the main blog page
-				forward("mod/blog/?username=" . $owner->username);
-		
-		}
-		
-?>
-\ No newline at end of file
diff --git a/mod/blog/actions/edit.php b/mod/blog/actions/edit.php
deleted file mode 100644
index b44106645..000000000
--- a/mod/blog/actions/edit.php
+++ /dev/null
@@ -1,86 +0,0 @@
-<?php
-
-	/**
-	 * Elgg blog: edit post action
-	 * 
-	 * @package ElggBlog
-	 * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
-	 * @author Curverider Ltd <info@elgg.com>
-	 * @copyright Curverider Ltd 2008-2010
-	 * @link http://elgg.org/
-	 */
-
-	// Make sure we're logged in (send us to the front page if not)
-		gatekeeper();
-
-	// Get input data
-		$guid = (int) get_input('blogpost');
-		$title = get_input('blogtitle');
-		$body = get_input('blogbody');
-		$access = get_input('access_id');
-		$tags = get_input('blogtags');
-		$comments_on = get_input('comments_select','Off');
-		
-	// Make sure we actually have permission to edit
-		$blog = get_entity($guid);
-		if ($blog->getSubtype() == "blog" && $blog->canEdit()) {
-	
-		// Cache to the session
-			
-			$_SESSION['user']->blogtitle = $title;
-			$_SESSION['user']->blogbody = $body;
-			$_SESSION['user']->blogtags = $tags;
-			
-		// Convert string of tags into a preformatted array
-			$tagarray = string_to_tag_array($tags);
-			
-		// Make sure the title / description aren't blank
-			if (empty($title) || empty($body)) {
-				register_error(elgg_echo("blog:blank"));
-				forward("mod/blog/add.php");
-				
-		// Otherwise, save the blog post 
-			} else {
-				
-		// Get owning user
-				$owner = get_entity($blog->getOwner());
-		// For now, set its access to public (we'll add an access dropdown shortly)
-				$blog->access_id = $access;
-		// Set its title and description appropriately
-				$blog->title = $title;
-				$blog->description = $body;
-		// Before we can set metadata, we need to save the blog post
-				if (!$blog->save()) {
-					register_error(elgg_echo("blog:error"));
-					forward("mod/blog/edit.php?blogpost=" . $guid);
-				}
-		// Now let's add tags. We can pass an array directly to the object property! Easy.
-				$blog->clearMetadata('tags');
-				if (is_array($tagarray)) {
-					$blog->tags = $tagarray;
-				}
-
-				$blog->comments_on = $comments_on; //whether the users wants to allow comments or not on the blog post
-
-		// Success message
-				system_message(elgg_echo("blog:posted"));
-		//add to the river
-				add_to_river('river/object/blog/update','update',$_SESSION['user']->guid,$blog->guid);
-		// Remove the blog post cache
-				//unset($_SESSION['blogtitle']); unset($_SESSION['blogbody']); unset($_SESSION['blogtags']);
-				remove_metadata($_SESSION['user']->guid,'blogtitle');
-				remove_metadata($_SESSION['user']->guid,'blogbody');
-				remove_metadata($_SESSION['user']->guid,'blogtags');
-		// Forward to the main blog page
-			$page_owner = get_entity($blog->container_guid);
-			if ($page_owner instanceof ElggUser)
-				$username = $page_owner->username;
-			else if ($page_owner instanceof ElggGroup)
-				$username = "group:" . $page_owner->guid;
-			forward("pg/blog/$username");
-					
-			}
-		
-		}
-		
-?>