9 files changed, 79 insertions, 32 deletions
diff --git a/mod/file/actions/file/upload.php b/mod/file/actions/file/upload.php
index 5242cbda2..e20c4079f 100644
--- a/mod/file/actions/file/upload.php
+++ b/mod/file/actions/file/upload.php
@@ -6,7 +6,7 @@
  */
 
 // Get variables
-$title = get_input("title");
+$title = htmlspecialchars(get_input('title', '', false), ENT_QUOTES, 'UTF-8');
 $desc = get_input("description");
 $access_id = (int) get_input("access_id");
 $container_guid = (int) get_input('container_guid', 0);
@@ -44,7 +44,7 @@ if ($new_file) {
 
 	// if no title on new upload, grab filename
 	if (empty($title)) {
-		$title = $_FILES['upload']['name'];
+		$title = htmlspecialchars($_FILES['upload']['name'], ENT_QUOTES, 'UTF-8');
 	}
 
 } else {
@@ -71,9 +71,7 @@ $file->title = $title;
 $file->description = $desc;
 $file->access_id = $access_id;
 $file->container_guid = $container_guid;
-
-$tags = explode(",", $tags);
-$file->tags = $tags;
+$file->tags = string_to_tag_array($tags);
 
 // we have a file upload, so process it
 if (isset($_FILES['upload']['name']) && !empty($_FILES['upload']['name'])) {
@@ -94,8 +92,31 @@ if (isset($_FILES['upload']['name']) && !empty($_FILES['upload']['name'])) {
 		$filestorename = elgg_strtolower(time().$_FILES['upload']['name']);
 	}
 
-	$mime_type = $file->detectMimeType($_FILES['upload']['tmp_name'], $_FILES['upload']['type']);
 	$file->setFilename($prefix . $filestorename);
+	$mime_type = ElggFile::detectMimeType($_FILES['upload']['tmp_name'], $_FILES['upload']['type']);
+
+	// hack for Microsoft zipped formats
+	$info = pathinfo($_FILES['upload']['name']);
+	$office_formats = array('docx', 'xlsx', 'pptx');
+	if ($mime_type == "application/zip" && in_array($info['extension'], $office_formats)) {
+		switch ($info['extension']) {
+			case 'docx':
+				$mime_type = "application/vnd.openxmlformats-officedocument.wordprocessingml.document";
+				break;
+			case 'xlsx':
+				$mime_type = "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet";
+				break;
+			case 'pptx':
+				$mime_type = "application/vnd.openxmlformats-officedocument.presentationml.presentation";
+				break;
+		}
+	}
+
+	// check for bad ppt detection
+	if ($mime_type == "application/vnd.ms-office" && $info['extension'] == "ppt") {
+		$mime_type = "application/vnd.ms-powerpoint";
+	}
+
 	$file->setMimeType($mime_type);
 	$file->originalfilename = $_FILES['upload']['name'];
 	$file->simpletype = file_get_simple_type($mime_type);
@@ -144,6 +165,23 @@ if (isset($_FILES['upload']['name']) && !empty($_FILES['upload']['name'])) {
 			$file->largethumb = $prefix."largethumb".$filestorename;
 			unset($thumblarge);
 		}
+	} elseif ($file->icontime) {
+		// if it is not an image, we do not need thumbnails
+		unset($file->icontime);
+		
+		$thumb = new ElggFile();
+		
+		$thumb->setFilename($prefix . "thumb" . $filestorename);
+		$thumb->delete();
+		unset($file->thumbnail);
+		
+		$thumb->setFilename($prefix . "smallthumb" . $filestorename);
+		$thumb->delete();
+		unset($file->smallthumb);
+		
+		$thumb->setFilename($prefix . "largethumb" . $filestorename);
+		$thumb->delete();
+		unset($file->largethumb);
 	}
 } else {
 	// not saving a file but still need to save the entity to push attributes to database
@@ -181,4 +219,4 @@ if ($new_file) {
 	}
 
 	forward($file->getURL());
-}	
+}
diff --git a/mod/file/pages/file/friends.php b/mod/file/pages/file/friends.php
index f504bdc1f..d55c1e62b 100644
--- a/mod/file/pages/file/friends.php
+++ b/mod/file/pages/file/friends.php
@@ -7,7 +7,7 @@
 
 $owner = elgg_get_page_owner_entity();
 if (!$owner) {
-	forward('file/all');
+	forward('', '404');
 }
 
 elgg_push_breadcrumb(elgg_echo('file'), "file/all");
diff --git a/mod/file/pages/file/owner.php b/mod/file/pages/file/owner.php
index fb87af1b2..99cf62714 100644
--- a/mod/file/pages/file/owner.php
+++ b/mod/file/pages/file/owner.php
@@ -10,7 +10,7 @@ group_gatekeeper();
 
 $owner = elgg_get_page_owner_entity();
 if (!$owner) {
-	forward('file/all');
+	forward('', '404');
 }
 
 elgg_push_breadcrumb(elgg_echo('file'), "file/all");
@@ -36,10 +36,9 @@ $title = elgg_echo("file:user", array($owner->name));
 
 // List files
 $content = elgg_list_entities(array(
-	'types' => 'object',
-	'subtypes' => 'file',
+	'type' => 'object',
+	'subtype' => 'file',
 	'container_guid' => $owner->guid,
-	'limit' => 10,
 	'full_view' => FALSE,
 ));
 if (!$content) {
diff --git a/mod/file/pages/file/search.php b/mod/file/pages/file/search.php
index 402a28933..d60dfb755 100644
--- a/mod/file/pages/file/search.php
+++ b/mod/file/pages/file/search.php
@@ -74,8 +74,8 @@ if ($listtype == "gallery") {
 }
 
 $params = array(
-	'types' => 'object',
-	'subtypes' => 'file',
+	'type' => 'object',
+	'subtype' => 'file',
 	'container_guid' => $page_owner_guid,
 	'limit' => $limit,
 	'full_view' => false,
diff --git a/mod/file/pages/file/view.php b/mod/file/pages/file/view.php
index a571c9d68..6c9566a89 100644
--- a/mod/file/pages/file/view.php
+++ b/mod/file/pages/file/view.php
@@ -6,6 +6,11 @@
  */
 
 $file = get_entity(get_input('guid'));
+if (!$file) {
+	register_error(elgg_echo('noaccess'));
+	$_SESSION['last_forward_from'] = current_page_url();
+	forward('');
+}
 
 $owner = elgg_get_page_owner_entity();
 
diff --git a/mod/file/pages/file/world.php b/mod/file/pages/file/world.php
index 770dfd6e8..96c8de785 100644
--- a/mod/file/pages/file/world.php
+++ b/mod/file/pages/file/world.php
@@ -9,14 +9,11 @@ elgg_push_breadcrumb(elgg_echo('file'));
 
 elgg_register_title_button();
 
-$limit = get_input("limit", 10);
-
 $title = elgg_echo('file:all');
 
 $content = elgg_list_entities(array(
-	'types' => 'object',
-	'subtypes' => 'file',
-	'limit' => $limit,
+	'type' => 'object',
+	'subtype' => 'file',
 	'full_view' => FALSE
 ));
 if (!$content) {
diff --git a/mod/file/start.php b/mod/file/start.php
index 120129276..7c0c216b2 100644
--- a/mod/file/start.php
+++ b/mod/file/start.php
@@ -121,8 +121,11 @@ function file_page_handler($page) {
 			file_register_toggle();
 			include "$file_dir/friends.php";
 			break;
-		case 'view':
 		case 'read': // Elgg 1.7 compatibility
+			register_error(elgg_echo("changebookmark"));
+			forward("file/view/{$page[1]}");
+			break;
+		case 'view':
 			set_input('guid', $page[1]);
 			include "$file_dir/view.php";
 			break;
@@ -200,13 +203,9 @@ function file_notify_message($hook, $entity_type, $returnvalue, $params) {
 	if (($entity instanceof ElggEntity) && ($entity->getSubtype() == 'file')) {
 		$descr = $entity->description;
 		$title = $entity->title;
+		$url = elgg_get_site_url() . "view/" . $entity->guid;
 		$owner = $entity->getOwnerEntity();
-		return elgg_echo('file:notification', array(
-			$owner->name,
-			$title,
-			$descr,
-			$entity->getURL()
-		));
+		return $owner->name . ' ' . elgg_echo("file:via") . ': ' . $entity->title . "\n\n" . $descr . "\n\n" . $entity->getURL();
 	}
 	return null;
 }
@@ -237,14 +236,22 @@ function file_owner_block_menu($hook, $type, $return, $params) {
  * @return string The overall type
  */
 function file_get_simple_type($mimetype) {
+		
+	if ($simpletype = elgg_trigger_plugin_hook('file:simpletype', $mimetype, null, null)) {
+		return $simpletype;
+	}
 
 	switch ($mimetype) {
 		case "application/msword":
+		case "application/vnd.openxmlformats-officedocument.wordprocessingml.document":
 			return "document";
 			break;
 		case "application/pdf":
 			return "document";
 			break;
+		case "application/ogg":
+			return "audio";
+			break;
 	}
 
 	if (substr_count($mimetype, 'text/')) {
@@ -357,11 +364,15 @@ function file_icon_url_override($hook, $type, $returnvalue, $params) {
 		$mapping = array(
 			'application/excel' => 'excel',
 			'application/msword' => 'word',
+			'application/ogg' => 'music',
 			'application/pdf' => 'pdf',
 			'application/powerpoint' => 'ppt',
 			'application/vnd.ms-excel' => 'excel',
 			'application/vnd.ms-powerpoint' => 'ppt',
 			'application/vnd.oasis.opendocument.text' => 'openoffice',
+			'application/vnd.openxmlformats-officedocument.wordprocessingml.document' => 'word',
+			'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet' => 'excel',
+			'application/vnd.openxmlformats-officedocument.presentationml.presentation' => 'ppt',
 			'application/x-gzip' => 'archive',
 			'application/x-rar-compressed' => 'archive',
 			'application/x-stuffit' => 'archive',
@@ -402,4 +413,4 @@ function file_icon_url_override($hook, $type, $returnvalue, $params) {
 		$url = elgg_trigger_plugin_hook('file:icon:url', 'override', $params, $url);
 		return $url;
 	}
-}
-\ No newline at end of file
+}
diff --git a/mod/file/thumbnail.php b/mod/file/thumbnail.php
index 35bf8c7f7..851f13a8f 100644
--- a/mod/file/thumbnail.php
+++ b/mod/file/thumbnail.php
@@ -46,7 +46,7 @@ if ($simpletype == "image") {
 
 		// caching images for 10 days
 		header("Content-type: $mime");
-		header('Expires: ' . date('r',time() + 864000));
+		header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', strtotime("+10 days")), true);
 		header("Pragma: public", true);
 		header("Cache-Control: public", true);
 		header("Content-Length: " . strlen($contents));
diff --git a/mod/file/views/default/object/file.php b/mod/file/views/default/object/file.php
index 1db9863c9..64f19c483 100644
--- a/mod/file/views/default/object/file.php
+++ b/mod/file/views/default/object/file.php
@@ -28,7 +28,6 @@ $author_text = elgg_echo('byline', array($owner_link));
 
 $file_icon = elgg_view_entity_icon($file, 'small');
 
-$tags = elgg_view('output/tags', array('tags' => $file->tags));
 $date = elgg_view_friendly_time($file->time_created);
 
 $comments_count = $file->countComments();
@@ -69,9 +68,9 @@ if ($full && !elgg_in_context('gallery')) {
 
 	$params = array(
 		'entity' => $file,
+		'title' => false,
 		'metadata' => $metadata,
 		'subtitle' => $subtitle,
-		'tags' => $tags,
 	);
 	$params = $params + $vars;
 	$summary = elgg_view('object/elements/summary', $params);
@@ -81,7 +80,6 @@ if ($full && !elgg_in_context('gallery')) {
 
 	echo elgg_view('object/elements/full', array(
 		'entity' => $file,
-		'title' => false,
 		'icon' => $file_icon,
 		'summary' => $summary,
 		'body' => $body,
@@ -100,7 +98,6 @@ if ($full && !elgg_in_context('gallery')) {
 		'entity' => $file,
 		'metadata' => $metadata,
 		'subtitle' => $subtitle,
-		'tags' => $tags,
 		'content' => $excerpt,
 	);
 	$params = $params + $vars;