aboutsummaryrefslogtreecommitdiff
path: root/mod/blog
diff options
context:
space:
mode:
Diffstat (limited to 'mod/blog')
-rw-r--r--mod/blog/actions/blog/auto_save_revision.php2
-rw-r--r--mod/blog/actions/blog/save.php6
-rw-r--r--mod/blog/lib/blog.php91
-rw-r--r--mod/blog/start.php3
-rw-r--r--mod/blog/views/default/forms/blog/save.php11
5 files changed, 72 insertions, 41 deletions
diff --git a/mod/blog/actions/blog/auto_save_revision.php b/mod/blog/actions/blog/auto_save_revision.php
index 66b65c5fd..e33edfaab 100644
--- a/mod/blog/actions/blog/auto_save_revision.php
+++ b/mod/blog/actions/blog/auto_save_revision.php
@@ -7,7 +7,7 @@
$guid = get_input('guid');
$user = elgg_get_logged_in_user_entity();
-$title = get_input('title');
+$title = htmlspecialchars(get_input('title', '', false), ENT_QUOTES, 'UTF-8');
$description = get_input('description');
$excerpt = get_input('excerpt');
diff --git a/mod/blog/actions/blog/save.php b/mod/blog/actions/blog/save.php
index 048bc00be..070c96398 100644
--- a/mod/blog/actions/blog/save.php
+++ b/mod/blog/actions/blog/save.php
@@ -57,7 +57,11 @@ $required = array('title', 'description');
// load from POST and do sanity and access checking
foreach ($values as $name => $default) {
- $value = get_input($name, $default);
+ if ($name === 'title') {
+ $value = htmlspecialchars(get_input('title', $default, false), ENT_QUOTES, 'UTF-8');
+ } else {
+ $value = get_input($name, $default);
+ }
if (in_array($name, $required) && empty($value)) {
$error = elgg_echo("blog:error:missing:$name");
diff --git a/mod/blog/lib/blog.php b/mod/blog/lib/blog.php
index 4622a9e7e..3c71dfbab 100644
--- a/mod/blog/lib/blog.php
+++ b/mod/blog/lib/blog.php
@@ -50,7 +50,7 @@ function blog_get_page_content_read($guid = NULL) {
/**
* Get page components to list a user's or all blogs.
*
- * @param int $owner_guid The GUID of the page owner or NULL for all blogs
+ * @param int $container_guid The GUID of the page owner or NULL for all blogs
* @return array
*/
function blog_get_page_content_list($container_guid = NULL) {
@@ -62,10 +62,11 @@ function blog_get_page_content_list($container_guid = NULL) {
$options = array(
'type' => 'object',
'subtype' => 'blog',
- 'full_view' => FALSE,
+ 'full_view' => false,
);
- $loggedin_userid = elgg_get_logged_in_user_guid();
+ $current_user = elgg_get_logged_in_user_entity();
+
if ($container_guid) {
// access check for closed groups
group_gatekeeper();
@@ -80,7 +81,7 @@ function blog_get_page_content_list($container_guid = NULL) {
$crumbs_title = $container->name;
elgg_push_breadcrumb($crumbs_title);
- if ($container_guid == $loggedin_userid) {
+ if ($current_user && ($container_guid == $current_user->guid)) {
$return['filter_context'] = 'mine';
} else if (elgg_instanceof($container, 'group')) {
$return['filter'] = false;
@@ -99,7 +100,13 @@ function blog_get_page_content_list($container_guid = NULL) {
// show all posts for admin or users looking at their own blogs
// show only published posts for other users.
- if (!(elgg_is_admin_logged_in() || (elgg_is_logged_in() && $container_guid == $loggedin_userid))) {
+ $show_only_published = true;
+ if ($current_user) {
+ if (($current_user->guid == $container_guid) || $current_user->isAdmin()) {
+ $show_only_published = false;
+ }
+ }
+ if ($show_only_published) {
$options['metadata_name_value_pairs'] = array(
array('name' => 'status', 'value' => 'published'),
);
@@ -155,11 +162,14 @@ function blog_get_page_content_friends($user_guid) {
// admin / owners can see any posts
// everyone else can only see published posts
- if (!(elgg_is_admin_logged_in() || (elgg_is_logged_in() && $owner_guid == elgg_get_logged_in_user_guid()))) {
- if ($upper > $now) {
- $upper = $now;
+ $show_only_published = true;
+ $current_user = elgg_get_logged_in_user_entity();
+ if ($current_user) {
+ if (($user_guid == $current_user->guid) || $current_user->isAdmin()) {
+ $show_only_published = false;
}
-
+ }
+ if ($show_only_published) {
$options['metadata_name_value_pairs'][] = array(
array('name' => 'status', 'value' => 'published')
);
@@ -240,9 +250,9 @@ function blog_get_page_content_archive($owner_guid, $lower = 0, $upper = 0) {
$list = elgg_list_entities_from_metadata($options);
if (!$list) {
- $content .= elgg_echo('blog:none');
+ $content = elgg_echo('blog:none');
} else {
- $content .= $list;
+ $content = $list;
}
$title = elgg_echo('date:month:' . date('m', $lower), array(date('Y', $lower)));
@@ -274,6 +284,7 @@ function blog_get_page_content_edit($page, $guid = 0, $revision = NULL) {
$vars['id'] = 'blog-post-edit';
$vars['class'] = 'elgg-form-alt';
+ $sidebar = '';
if ($page == 'edit') {
$blog = get_entity((int)$guid);
@@ -310,14 +321,8 @@ function blog_get_page_content_edit($page, $guid = 0, $revision = NULL) {
$content = elgg_echo('blog:error:cannot_edit_post');
}
} else {
- if (!$guid) {
- $container = elgg_get_logged_in_user_entity();
- } else {
- $container = get_entity($guid);
- }
-
elgg_push_breadcrumb(elgg_echo('blog:add'));
- $body_vars = blog_prepare_form_vars($blog);
+ $body_vars = blog_prepare_form_vars(null);
$title = elgg_echo('blog:add');
$content = elgg_view_form('blog/save', $vars, $body_vars);
@@ -384,7 +389,7 @@ function blog_prepare_form_vars($post = NULL, $revision = NULL) {
if ($auto_save_annotations = $post->getAnnotations('blog_auto_save', 1)) {
$auto_save = $auto_save_annotations[0];
} else {
- $auto_save == FALSE;
+ $auto_save = false;
}
if ($auto_save && $auto_save->id != $revision->id) {
@@ -396,52 +401,74 @@ function blog_prepare_form_vars($post = NULL, $revision = NULL) {
/**
* Forward to the new style of URLs
+ *
+ * Pre-1.7.5
+ * Group blogs page: /blog/group:<container_guid>/
+ * Group blog view: /blog/group:<container_guid>/read/<guid>/<title>
+ * 1.7.5-1.8
+ * Group blogs page: /blog/owner/group:<container_guid>/
+ * Group blog view: /blog/read/<guid>
+ *
*
* @param string $page
*/
function blog_url_forwarder($page) {
- global $CONFIG;
+
+ $viewtype = elgg_get_viewtype();
+ $qs = ($viewtype === 'default') ? "" : "?view=$viewtype";
+
+ $url = "blog/all";
+
+ // easier to work with & no notices
+ $page = array_pad($page, 4, "");
// group usernames
- if (substr_count($page[0], 'group:')) {
- preg_match('/group\:([0-9]+)/i', $page[0], $matches);
+ if (preg_match('~/group\:([0-9]+)/~', "/{$page[0]}/{$page[1]}/", $matches)) {
$guid = $matches[1];
$entity = get_entity($guid);
- if ($entity) {
- $url = "{$CONFIG->wwwroot}blog/group/$guid/all";
+ if (elgg_instanceof($entity, 'group')) {
+ if (!empty($page[2])) {
+ $url = "blog/view/$page[2]/";
+ } else {
+ $url = "blog/group/$guid/all";
+ }
register_error(elgg_echo("changebookmark"));
- forward($url);
+ forward($url . $qs);
}
}
+ if (empty($page[0])) {
+ return;
+ }
+
// user usernames
$user = get_user_by_username($page[0]);
if (!$user) {
return;
}
- if (!isset($page[1])) {
+ if (empty($page[1])) {
$page[1] = 'owner';
}
switch ($page[1]) {
case "read":
- $url = "{$CONFIG->wwwroot}blog/view/{$page[2]}/{$page[3]}";
+ $url = "blog/view/{$page[2]}/{$page[3]}";
break;
case "archive":
- $url = "{$CONFIG->wwwroot}blog/archive/{$page[0]}/{$page[2]}/{$page[3]}";
+ $url = "blog/archive/{$page[0]}/{$page[2]}/{$page[3]}";
break;
case "friends":
- $url = "{$CONFIG->wwwroot}blog/friends/{$page[0]}";
+ $url = "blog/friends/{$page[0]}";
break;
case "new":
- $url = "{$CONFIG->wwwroot}blog/add/$user->guid";
+ $url = "blog/add/$user->guid";
break;
case "owner":
- $url = "{$CONFIG->wwwroot}blog/owner/{$page[0]}";
+ $url = "blog/owner/{$page[0]}";
break;
}
register_error(elgg_echo("changebookmark"));
- forward($url);
+ forward($url . $qs);
}
diff --git a/mod/blog/start.php b/mod/blog/start.php
index 9faf1794e..8cbaf5cca 100644
--- a/mod/blog/start.php
+++ b/mod/blog/start.php
@@ -99,8 +99,7 @@ function blog_page_handler($page) {
elgg_load_library('elgg:blog');
- // @todo remove the forwarder in 1.9
- // forward to correct URL for blog pages pre-1.7.5
+ // forward to correct URL for blog pages pre-1.8
blog_url_forwarder($page);
// push all blogs breadcrumb
diff --git a/mod/blog/views/default/forms/blog/save.php b/mod/blog/views/default/forms/blog/save.php
index a805541bd..36fa2e0e8 100644
--- a/mod/blog/views/default/forms/blog/save.php
+++ b/mod/blog/views/default/forms/blog/save.php
@@ -23,7 +23,7 @@ if ($vars['guid']) {
$delete_link = elgg_view('output/confirmlink', array(
'href' => $delete_url,
'text' => elgg_echo('delete'),
- 'class' => 'elgg-button elgg-button-delete elgg-state-disabled float-alt'
+ 'class' => 'elgg-button elgg-button-delete float-alt'
));
}
@@ -53,7 +53,7 @@ $excerpt_label = elgg_echo('blog:excerpt');
$excerpt_input = elgg_view('input/text', array(
'name' => 'excerpt',
'id' => 'blog_excerpt',
- 'value' => html_entity_decode($vars['excerpt'], ENT_COMPAT, 'UTF-8')
+ 'value' => _elgg_html_decode($vars['excerpt'])
));
$body_label = elgg_echo('blog:body');
@@ -125,9 +125,10 @@ $draft_warning
$excerpt_input
</div>
-<label for="blog_description">$body_label</label>
-$body_input
-<br />
+<div>
+ <label for="blog_description">$body_label</label>
+ $body_input
+</div>
<div>
<label for="blog_tags">$tags_label</label>