aboutsummaryrefslogtreecommitdiff
path: root/mod/groups
diff options
context:
space:
mode:
Diffstat (limited to 'mod/groups')
-rw-r--r--mod/groups/actions/discussion/save.php2
-rw-r--r--mod/groups/actions/groups/edit.php146
-rw-r--r--mod/groups/icon.php6
-rw-r--r--mod/groups/languages/en.php1
-rw-r--r--mod/groups/lib/groups.php62
-rw-r--r--mod/groups/start.php9
-rw-r--r--mod/groups/views/default/forms/groups/edit.php84
-rw-r--r--mod/groups/views/default/groups/edit.php4
-rw-r--r--mod/groups/views/default/groups/js.php7
-rw-r--r--mod/groups/views/rss/groups/profile/layout.php13
-rw-r--r--mod/groups/views/rss/object/groupforumtopic.php2
11 files changed, 231 insertions, 105 deletions
diff --git a/mod/groups/actions/discussion/save.php b/mod/groups/actions/discussion/save.php
index de4afadfb..b3e9da654 100644
--- a/mod/groups/actions/discussion/save.php
+++ b/mod/groups/actions/discussion/save.php
@@ -4,7 +4,7 @@
*/
// Get variables
-$title = get_input("title");
+$title = htmlspecialchars(get_input('title', '', false), ENT_QUOTES, 'UTF-8');
$desc = get_input("description");
$status = get_input("status");
$access_id = (int) get_input("access_id");
diff --git a/mod/groups/actions/groups/edit.php b/mod/groups/actions/groups/edit.php
index df2464a65..d0689be2e 100644
--- a/mod/groups/actions/groups/edit.php
+++ b/mod/groups/actions/groups/edit.php
@@ -5,27 +5,25 @@
* @package ElggGroups
*/
-// Load configuration
-global $CONFIG;
+elgg_make_sticky_form('groups');
/**
* wrapper for recursive array walk decoding
*/
function profile_array_decoder(&$v) {
- $v = html_entity_decode($v, ENT_COMPAT, 'UTF-8');
+ $v = _elgg_html_decode($v);
}
-elgg_make_sticky_form('groups');
-
// Get group fields
$input = array();
-foreach ($CONFIG->group as $shortname => $valuetype) {
- // another work around for Elgg's encoding problems: #561, #1963
+foreach (elgg_get_config('group') as $shortname => $valuetype) {
$input[$shortname] = get_input($shortname);
+
+ // @todo treat profile fields as unescaped: don't filter, encode on output
if (is_array($input[$shortname])) {
array_walk_recursive($input[$shortname], 'profile_array_decoder');
} else {
- $input[$shortname] = html_entity_decode($input[$shortname], ENT_COMPAT, 'UTF-8');
+ $input[$shortname] = _elgg_html_decode($input[$shortname]);
}
if ($valuetype == 'tags') {
@@ -33,21 +31,22 @@ foreach ($CONFIG->group as $shortname => $valuetype) {
}
}
-$input['name'] = get_input('name');
-$input['name'] = html_entity_decode($input['name'], ENT_COMPAT, 'UTF-8');
+$input['name'] = htmlspecialchars(get_input('name', '', false), ENT_QUOTES, 'UTF-8');
$user = elgg_get_logged_in_user_entity();
$group_guid = (int)get_input('group_guid');
-$new_group_flag = $group_guid == 0;
+$is_new_group = $group_guid == 0;
-if ($new_group_flag && elgg_get_plugin_setting('limited_groups', 'groups') == 'yes' && !elgg_is_admin_logged_in()) {
+if ($is_new_group
+ && (elgg_get_plugin_setting('limited_groups', 'groups') == 'yes')
+ && !$user->isAdmin()) {
register_error(elgg_echo("groups:cantcreate"));
forward(REFERER);
}
$group = new ElggGroup($group_guid); // load if present, if not create a new group
-if (($group_guid) && (!$group->canEdit())) {
+if ($group_guid && !$group->canEdit()) {
register_error(elgg_echo("groups:cantedit"));
forward(REFERER);
}
@@ -62,37 +61,46 @@ if (sizeof($input) > 0) {
// Validate create
if (!$group->name) {
register_error(elgg_echo("groups:notitle"));
-
forward(REFERER);
}
// Set group tool options
-if (isset($CONFIG->group_tool_options)) {
- foreach ($CONFIG->group_tool_options as $group_option) {
- $group_option_toggle_name = $group_option->name . "_enable";
- if ($group_option->default_on) {
- $group_option_default_value = 'yes';
- } else {
- $group_option_default_value = 'no';
- }
- $group->$group_option_toggle_name = get_input($group_option_toggle_name, $group_option_default_value);
+$tool_options = elgg_get_config('group_tool_options');
+if ($tool_options) {
+ foreach ($tool_options as $group_option) {
+ $option_toggle_name = $group_option->name . "_enable";
+ $option_default = $group_option->default_on ? 'yes' : 'no';
+ $group->$option_toggle_name = get_input($option_toggle_name, $option_default);
}
}
// Group membership - should these be treated with same constants as access permissions?
-switch (get_input('membership')) {
- case ACCESS_PUBLIC:
- $group->membership = ACCESS_PUBLIC;
- break;
- default:
- $group->membership = ACCESS_PRIVATE;
-}
+$is_public_membership = (get_input('membership') == ACCESS_PUBLIC);
+$group->membership = $is_public_membership ? ACCESS_PUBLIC : ACCESS_PRIVATE;
-if ($new_group_flag) {
+if ($is_new_group) {
$group->access_id = ACCESS_PUBLIC;
}
+$old_owner_guid = $is_new_group ? 0 : $group->owner_guid;
+$new_owner_guid = (int) get_input('owner_guid');
+
+$owner_has_changed = false;
+$old_icontime = null;
+if (!$is_new_group && $new_owner_guid && $new_owner_guid != $old_owner_guid) {
+ // verify new owner is member and old owner/admin is logged in
+ if (is_group_member($group_guid, $new_owner_guid) && ($old_owner_guid == $user->guid || $user->isAdmin())) {
+ $group->owner_guid = $new_owner_guid;
+
+ // @todo Remove this when #4683 fixed
+ $owner_has_changed = true;
+ $old_icontime = $group->icontime;
+ }
+}
+
+$must_move_icons = ($owner_has_changed && $old_icontime);
+
$group->save();
// Invisible group support
@@ -116,14 +124,18 @@ $group->save();
elgg_clear_sticky_form('groups');
// group creator needs to be member of new group and river entry created
-if ($new_group_flag) {
+if ($is_new_group) {
+
+ // @todo this should not be necessary...
elgg_set_page_owner_guid($group->guid);
+
$group->join($user);
add_to_river('river/group/create', 'create', $user->guid, $group->guid, $group->access_id);
}
-// Now see if we have a file icon
-if ((isset($_FILES['icon'])) && (substr_count($_FILES['icon']['type'],'image/'))) {
+$has_uploaded_icon = (!empty($_FILES['icon']['type']) && substr_count($_FILES['icon']['type'], 'image/'));
+
+if ($has_uploaded_icon) {
$icon_sizes = elgg_get_config('icon_sizes');
@@ -135,38 +147,58 @@ if ((isset($_FILES['icon'])) && (substr_count($_FILES['icon']['type'],'image/'))
$filehandler->open("write");
$filehandler->write(get_uploaded_file('icon'));
$filehandler->close();
+ $filename = $filehandler->getFilenameOnFilestore();
+
+ $sizes = array('tiny', 'small', 'medium', 'large');
+
+ $thumbs = array();
+ foreach ($sizes as $size) {
+ $thumbs[$size] = get_resized_image_from_existing_file(
+ $filename,
+ $icon_sizes[$size]['w'],
+ $icon_sizes[$size]['h'],
+ $icon_sizes[$size]['square']
+ );
+ }
- $thumbtiny = get_resized_image_from_existing_file($filehandler->getFilenameOnFilestore(), $icon_sizes['tiny']['w'], $icon_sizes['tiny']['h'], $icon_sizes['tiny']['square']);
- $thumbsmall = get_resized_image_from_existing_file($filehandler->getFilenameOnFilestore(), $icon_sizes['small']['w'], $icon_sizes['small']['h'], $icon_sizes['small']['square']);
- $thumbmedium = get_resized_image_from_existing_file($filehandler->getFilenameOnFilestore(), $icon_sizes['medium']['w'], $icon_sizes['medium']['h'], $icon_sizes['medium']['square']);
- $thumblarge = get_resized_image_from_existing_file($filehandler->getFilenameOnFilestore(), $icon_sizes['large']['w'], $icon_sizes['large']['h'], $icon_sizes['large']['square']);
- if ($thumbtiny) {
-
+ if ($thumbs['tiny']) { // just checking if resize successful
$thumb = new ElggFile();
$thumb->owner_guid = $group->owner_guid;
$thumb->setMimeType('image/jpeg');
- $thumb->setFilename($prefix."tiny.jpg");
- $thumb->open("write");
- $thumb->write($thumbtiny);
- $thumb->close();
+ foreach ($sizes as $size) {
+ $thumb->setFilename("{$prefix}{$size}.jpg");
+ $thumb->open("write");
+ $thumb->write($thumbs[$size]);
+ $thumb->close();
+ }
- $thumb->setFilename($prefix."small.jpg");
- $thumb->open("write");
- $thumb->write($thumbsmall);
- $thumb->close();
+ $group->icontime = time();
+ }
+}
- $thumb->setFilename($prefix."medium.jpg");
- $thumb->open("write");
- $thumb->write($thumbmedium);
- $thumb->close();
+// @todo Remove this when #4683 fixed
+if ($must_move_icons) {
+ $filehandler = new ElggFile();
+ $filehandler->setFilename('groups');
+ $filehandler->owner_guid = $old_owner_guid;
+ $old_path = $filehandler->getFilenameOnFilestore();
- $thumb->setFilename($prefix."large.jpg");
- $thumb->open("write");
- $thumb->write($thumblarge);
- $thumb->close();
+ $sizes = array('', 'tiny', 'small', 'medium', 'large');
- $group->icontime = time();
+ if ($has_uploaded_icon) {
+ // delete those under old owner
+ foreach ($sizes as $size) {
+ unlink("$old_path/{$group_guid}{$size}.jpg");
+ }
+ } else {
+ // move existing to new owner
+ $filehandler->owner_guid = $group->owner_guid;
+ $new_path = $filehandler->getFilenameOnFilestore();
+
+ foreach ($sizes as $size) {
+ rename("$old_path/{$group_guid}{$size}.jpg", "$new_path/{$group_guid}{$size}.jpg");
+ }
}
}
diff --git a/mod/groups/icon.php b/mod/groups/icon.php
index 1bd240ea6..ebdc1eb6d 100644
--- a/mod/groups/icon.php
+++ b/mod/groups/icon.php
@@ -18,7 +18,7 @@ if (!($group instanceof ElggGroup)) {
// If is the same ETag, content didn't changed.
$etag = $group->icontime . $group_guid;
-if (isset($_SERVER['HTTP_IF_NONE_MATCH']) && trim($_SERVER['HTTP_IF_NONE_MATCH']) == $etag) {
+if (isset($_SERVER['HTTP_IF_NONE_MATCH']) && trim($_SERVER['HTTP_IF_NONE_MATCH']) == "\"$etag\"") {
header("HTTP/1.1 304 Not Modified");
exit;
}
@@ -46,9 +46,9 @@ if (!$success) {
}
header("Content-type: image/jpeg");
-header('Expires: ' . date('r',time() + 864000));
+header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', strtotime("+10 days")), true);
header("Pragma: public");
header("Cache-Control: public");
header("Content-Length: " . strlen($contents));
-header("ETag: $etag");
+header("ETag: \"$etag\"");
echo $contents;
diff --git a/mod/groups/languages/en.php b/mod/groups/languages/en.php
index 0ca980108..0d57f1680 100644
--- a/mod/groups/languages/en.php
+++ b/mod/groups/languages/en.php
@@ -35,6 +35,7 @@ $english = array(
'groups:membership' => "Group membership permissions",
'groups:access' => "Access permissions",
'groups:owner' => "Owner",
+ 'groups:owner:warning' => "Warning: if you change this value, you will no longer be the owner of this group.",
'groups:widget:num_display' => 'Number of groups to display',
'groups:widget:membership' => 'Group membership',
'groups:widgets:description' => 'Display the groups you are a member of on your profile',
diff --git a/mod/groups/lib/groups.php b/mod/groups/lib/groups.php
index dfbb1154b..505cacd01 100644
--- a/mod/groups/lib/groups.php
+++ b/mod/groups/lib/groups.php
@@ -497,3 +497,65 @@ function groups_register_profile_buttons($group) {
}
}
}
+
+/**
+ * Prepares variables for the group edit form view.
+ *
+ * @param mixed $group ElggGroup or null. If a group, uses values from the group.
+ * @return array
+ */
+function groups_prepare_form_vars($group = null) {
+ $values = array(
+ 'name' => '',
+ 'membership' => ACCESS_PUBLIC,
+ 'vis' => ACCESS_PUBLIC,
+ 'guid' => null,
+ 'entity' => null
+ );
+
+ // handle customizable profile fields
+ $fields = elgg_get_config('group');
+
+ if ($fields) {
+ foreach ($fields as $name => $type) {
+ $values[$name] = '';
+ }
+ }
+
+ // handle tool options
+ $tools = elgg_get_config('group_tool_options');
+ if ($tools) {
+ foreach ($tools as $group_option) {
+ $option_name = $group_option->name . "_enable";
+ $values[$option_name] = $group_option->default_on ? 'yes' : 'no';
+ }
+ }
+
+ // get current group settings
+ if ($group) {
+ foreach (array_keys($values) as $field) {
+ if (isset($group->$field)) {
+ $values[$field] = $group->$field;
+ }
+ }
+
+ if ($group->access_id != ACCESS_PUBLIC && $group->access_id != ACCESS_LOGGED_IN) {
+ // group only access - this is done to handle access not created when group is created
+ $values['vis'] = ACCESS_PRIVATE;
+ }
+
+ $values['entity'] = $group;
+ }
+
+ // get any sticky form settings
+ if (elgg_is_sticky_form('groups')) {
+ $sticky_values = elgg_get_sticky_values('groups');
+ foreach ($sticky_values as $key => $value) {
+ $values[$key] = $value;
+ }
+ }
+
+ elgg_clear_sticky_form('groups');
+
+ return $values;
+}
diff --git a/mod/groups/start.php b/mod/groups/start.php
index c591410c5..9dca7dc16 100644
--- a/mod/groups/start.php
+++ b/mod/groups/start.php
@@ -194,6 +194,15 @@ function groups_setup_sidebar_menus() {
*/
function groups_page_handler($page) {
+ // forward old profile urls
+ if (is_numeric($page[0])) {
+ $group = get_entity($page[0]);
+ if (elgg_instanceof($group, 'group', '', 'ElggGroup')) {
+ system_message(elgg_echo('changebookmark'));
+ forward($group->getURL());
+ }
+ }
+
elgg_load_library('elgg:groups');
if (!isset($page[0])) {
diff --git a/mod/groups/views/default/forms/groups/edit.php b/mod/groups/views/default/forms/groups/edit.php
index 7540d1bf9..41d97e6c3 100644
--- a/mod/groups/views/default/forms/groups/edit.php
+++ b/mod/groups/views/default/forms/groups/edit.php
@@ -5,26 +5,9 @@
* @package ElggGroups
*/
-if (elgg_is_sticky_form('groups')) {
- $sticky_values = elgg_get_sticky_values('groups');
- elgg_clear_sticky_form('groups');
-}
-
-// new groups default to open membership
-if (isset($sticky_values)) {
- $membership = $sticky_values['membership'];
- $access = $sticky_values['access_id'];
-} elseif (isset($vars['entity'])) {
- $membership = $vars['entity']->membership;
- $access = $vars['entity']->access_id;
- if ($access != ACCESS_PUBLIC && $access != ACCESS_LOGGED_IN) {
- // group only - this is done to handle access not created when group is created
- $access = ACCESS_PRIVATE;
- }
-} else {
- $membership = ACCESS_PUBLIC;
- $access = ACCESS_PUBLIC;
-}
+// only extract these elements.
+$name = $membership = $vis = $entity = null;
+extract($vars, EXTR_IF_EXISTS);
?>
<div>
@@ -35,7 +18,7 @@ if (isset($sticky_values)) {
<label><?php echo elgg_echo("groups:name"); ?></label><br />
<?php echo elgg_view("input/text", array(
'name' => 'name',
- 'value' => isset($sticky_values['name']) ? $sticky_values['name'] : $vars['entity']->name,
+ 'value' => $name
));
?>
</div>
@@ -53,7 +36,7 @@ if ($group_profile_fields > 0) {
echo "</label>$line_break";
echo elgg_view("input/{$valtype}", array(
'name' => $shortname,
- 'value' => isset($sticky_values[$shortname]) ? $sticky_values[$shortname] : $vars['entity']->$shortname,
+ 'value' => elgg_extract($shortname, $vars)
));
echo '</div>';
}
@@ -78,10 +61,6 @@ if ($group_profile_fields > 0) {
<?php
if (elgg_get_plugin_setting('hidden_groups', 'groups') == 'yes') {
- $this_owner = $vars['entity']->owner_guid;
- if (!$this_owner) {
- $this_owner = elgg_get_logged_in_user_guid();
- }
$access_options = array(
ACCESS_PRIVATE => elgg_echo('groups:access:group'),
ACCESS_LOGGED_IN => elgg_echo("LOGGED_IN"),
@@ -94,7 +73,7 @@ if (elgg_get_plugin_setting('hidden_groups', 'groups') == 'yes') {
<?php echo elgg_echo('groups:visibility'); ?><br />
<?php echo elgg_view('input/access', array(
'name' => 'vis',
- 'value' => $access,
+ 'value' => $vis,
'options_values' => $access_options,
));
?>
@@ -104,17 +83,48 @@ if (elgg_get_plugin_setting('hidden_groups', 'groups') == 'yes') {
<?php
}
+if (isset($vars['entity'])) {
+ $entity = $vars['entity'];
+ $owner_guid = $vars['entity']->owner_guid;
+} else {
+ $entity = false;
+}
+
+if ($entity && ($owner_guid == elgg_get_logged_in_user_guid() || elgg_is_admin_logged_in())) {
+ $owner_guid = $vars['entity']->owner_guid;
+ $members = array();
+ foreach ($vars['entity']->getMembers(0) as $member) {
+ $members[$member->guid] = "$member->name (@$member->username)";
+ }
+?>
+
+<div>
+ <label>
+ <?php echo elgg_echo('groups:owner'); ?><br />
+ <?php echo elgg_view('input/dropdown', array(
+ 'name' => 'owner_guid',
+ 'value' => $owner_guid,
+ 'options_values' => $members,
+ 'class' => 'groups-owner-input',
+ ));
+ ?>
+ </label>
+ <?php
+ if ($owner_guid == elgg_get_logged_in_user_guid()) {
+ echo '<span class="elgg-text-help">' . elgg_echo('groups:owner:warning') . '</span>';
+ }
+ ?>
+</div>
+
+<?php
+}
+
$tools = elgg_get_config('group_tool_options');
if ($tools) {
usort($tools, create_function('$a,$b', 'return strcmp($a->label,$b->label);'));
foreach ($tools as $group_option) {
$group_option_toggle_name = $group_option->name . "_enable";
- if ($group_option->default_on) {
- $group_option_default_value = 'yes';
- } else {
- $group_option_default_value = 'no';
- }
- $value = $vars['entity']->$group_option_toggle_name ? $vars['entity']->$group_option_toggle_name : $group_option_default_value;
+ $value = elgg_extract($group_option_toggle_name, $vars);
?>
<div>
<label>
@@ -137,17 +147,17 @@ if ($tools) {
<div class="elgg-foot">
<?php
-if (isset($vars['entity'])) {
+if ($entity) {
echo elgg_view('input/hidden', array(
'name' => 'group_guid',
- 'value' => $vars['entity']->getGUID(),
+ 'value' => $entity->getGUID(),
));
}
echo elgg_view('input/submit', array('value' => elgg_echo('save')));
-if (isset($vars['entity'])) {
- $delete_url = 'action/groups/delete?guid=' . $vars['entity']->getGUID();
+if ($entity) {
+ $delete_url = 'action/groups/delete?guid=' . $entity->getGUID();
echo elgg_view('output/confirmlink', array(
'text' => elgg_echo('groups:delete'),
'href' => $delete_url,
diff --git a/mod/groups/views/default/groups/edit.php b/mod/groups/views/default/groups/edit.php
index 24a1c3f1e..5579ad54a 100644
--- a/mod/groups/views/default/groups/edit.php
+++ b/mod/groups/views/default/groups/edit.php
@@ -11,5 +11,5 @@ $form_vars = array(
'enctype' => 'multipart/form-data',
'class' => 'elgg-form-alt',
);
-$body_vars = array('entity' => $entity);
-echo elgg_view_form('groups/edit', $form_vars, $body_vars);
+
+echo elgg_view_form('groups/edit', $form_vars, groups_prepare_form_vars($entity));
diff --git a/mod/groups/views/default/groups/js.php b/mod/groups/views/default/groups/js.php
index 1b4d33f32..0319be14a 100644
--- a/mod/groups/views/default/groups/js.php
+++ b/mod/groups/views/default/groups/js.php
@@ -1,3 +1,10 @@
+<?php
+/**
+ * Javascript for Groups forms
+ *
+ * @package ElggGroups
+ */
+?>
// this adds a class to support IE8 and older
elgg.register_hook_handler('init', 'system', function() {
diff --git a/mod/groups/views/rss/groups/profile/layout.php b/mod/groups/views/rss/groups/profile/layout.php
index 3eeb9eaf2..0dafe78ad 100644
--- a/mod/groups/views/rss/groups/profile/layout.php
+++ b/mod/groups/views/rss/groups/profile/layout.php
@@ -7,7 +7,12 @@
* @uses $vars['entity'] ElggGroup object
*/
-echo elgg_list_entities(array(
- 'type' => 'object',
- 'container_guid' => $vars['entity']->getGUID(),
-));
+$entities = elgg_get_config('registered_entities');
+
+if (!empty($entities['object'])) {
+ echo elgg_list_entities(array(
+ 'type' => 'object',
+ 'subtypes' => $entities['object'],
+ 'container_guid' => $vars['entity']->getGUID(),
+ ));
+}
diff --git a/mod/groups/views/rss/object/groupforumtopic.php b/mod/groups/views/rss/object/groupforumtopic.php
index d730ef796..b2d05d488 100644
--- a/mod/groups/views/rss/object/groupforumtopic.php
+++ b/mod/groups/views/rss/object/groupforumtopic.php
@@ -14,7 +14,7 @@ if (empty($title)) {
$permalink = htmlspecialchars($vars['entity']->getURL(), ENT_NOQUOTES, 'UTF-8');
$pubdate = date('r', $vars['entity']->getTimeCreated());
-$description = autop($vars['entity']->description);
+$description = elgg_autop($vars['entity']->description);
$creator = elgg_view('page/components/creator', $vars);
$georss = elgg_view('page/components/georss', $vars);
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-09 10:46:04 +0000