4 files changed, 149 insertions, 151 deletions
diff --git a/mod/pages/actions/annotations/page/delete.php b/mod/pages/actions/annotations/page/delete.php
new file mode 100644
index 000000000..156b516d2
--- /dev/null
+++ b/mod/pages/actions/annotations/page/delete.php
@@ -0,0 +1,20 @@
+<?php
+/**
+ * Remove a page (revision) annotation
+ *
+ * @package ElggPages
+ */
+
+// Make sure we can get the annotations and entity in question
+$annotation_id = (int) get_input('annotation_id');
+$annotation = elgg_get_annotation_from_id($annotation_id);
+$entity = get_entity($annotation->entity_guid);
+
+if ($annotation && $entity->canEdit() && $annotation->canEdit()) {
+	$annotation->delete();
+	system_message(elgg_echo("pages:revision:delete:success"));
+} else {
+	register_error(elgg_echo("pages:revision:delete:failure"));
+}
+
+forward("pages/history/{$annotation->entity_guid}");
+\ No newline at end of file
diff --git a/mod/pages/actions/pages/delete.php b/mod/pages/actions/pages/delete.php
index 8bc20b821..fd5791e4d 100644
--- a/mod/pages/actions/pages/delete.php
+++ b/mod/pages/actions/pages/delete.php
@@ -2,36 +2,66 @@
 /**
  * Remove a page
  *
+ * Subpages are not deleted but are moved up a level in the tree
+ *
  * @package ElggPages
  */
 
-$page = get_input('page');
-
-if ($page = get_entity($page)) {
-
-	if ($page->canEdit()) {
-
+$guid = get_input('guid');
+$page = get_entity($guid);
+if (elgg_instanceof($page, 'object', 'page') || elgg_instanceof($page, 'object', 'page_top')) {
+	// only allow owners and admin to delete
+	if (elgg_is_admin_logged_in() || elgg_get_logged_in_user_guid() == $page->getOwnerGuid()) {
 		$container = get_entity($page->container_guid);
 
 		// Bring all child elements forward
-			$parent = $page->parent_guid;
-			if ($children = elgg_get_entities_from_metadata(array('metadata_name' => 'parent_guid', 'metadata_value' => $page->getGUID()))) {
-				foreach($children as $child) {
-					$child->parent_guid = $parent;
-				}
-			}
-			if ($page->delete()) {
-				system_message(elgg_echo('pages:delete:success'));
+		$parent = $page->parent_guid;
+		$children = elgg_get_entities_from_metadata(array(
+			'metadata_name' => 'parent_guid',
+			'metadata_value' => $page->getGUID()
+		));
+		if ($children) {
+			$db_prefix = elgg_get_config('dbprefix');
+			$subtype_id = (int)get_subtype_id('object', 'page_top');
+			$newentity_cache = is_memcache_available() ? new ElggMemcache('new_entity_cache') : null;
+
+			foreach ($children as $child) {
 				if ($parent) {
-					if ($parent = get_entity($parent)) {
-						forward($parent->getURL());
+					$child->parent_guid = $parent;
+				} else {
+					// If no parent, we need to transform $child to a page_top
+					$child_guid = (int)$child->guid;
+
+					update_data("UPDATE {$db_prefix}entities
+						SET subtype = $subtype_id WHERE guid = $child_guid");
+
+					elgg_delete_metadata(array(
+						'guid' => $child_guid,
+						'metadata_name' => 'parent_guid',
+					));
+
+					_elgg_invalidate_cache_for_entity($child_guid);
+					if ($newentity_cache) {
+						$newentity_cache->delete($child_guid);
 					}
 				}
-				forward("pg/pages/owned/$container->username/");
 			}
+		}
 
+		if ($page->delete()) {
+			system_message(elgg_echo('pages:delete:success'));
+			if ($parent) {
+				if ($parent = get_entity($parent)) {
+					forward($parent->getURL());
+				}
+			}
+			if (elgg_instanceof($container, 'group')) {
+				forward("pages/group/$container->guid/all");
+			} else {
+				forward("pages/owner/$container->username");
+			}
+		}
 	}
-
 }
 
 register_error(elgg_echo('pages:delete:failure'));
diff --git a/mod/pages/actions/pages/edit.php b/mod/pages/actions/pages/edit.php
index 63382f1aa..40215e02e 100644
--- a/mod/pages/actions/pages/edit.php
+++ b/mod/pages/actions/pages/edit.php
@@ -1,112 +1,115 @@
 <?php
 /**
- * Edit a page
+ * Create or edit a page
  *
  * @package ElggPages
  */
 
-// Load configuration
-global $CONFIG;
-
-elgg_set_context('pages');
-
-//boolean to select correct add to river. It will be new or edit
-$which_river = 'new';
-
-// Get group fields
+$variables = elgg_get_config('pages');
 $input = array();
-foreach($CONFIG->pages as $shortname => $valuetype) {
-	$input[$shortname] = get_input($shortname);
-	if ($shortname == 'title') {
-		$input[$shortname] = strip_tags($input[$shortname]);
+foreach ($variables as $name => $type) {
+	if ($name == 'title') {
+		$input[$name] = htmlspecialchars(get_input($name, '', false), ENT_QUOTES, 'UTF-8');
+	} else {
+		$input[$name] = get_input($name);
+	}
+	if ($type == 'tags') {
+		$input[$name] = string_to_tag_array($input[$name]);
 	}
-	if ($valuetype == 'tags')
-		$input[$shortname] = string_to_tag_array($input[$shortname]);
 }
 
-// Get parent
-$parent_guid = (int)get_input('parent_guid', 0);
+// Get guids
+$page_guid = (int)get_input('page_guid');
+$container_guid = (int)get_input('container_guid');
+$parent_guid = (int)get_input('parent_guid');
 
-// New or old?
-$page = NULL;
-$pages_guid = (int)get_input('pages_guid');
+elgg_make_sticky_form('page');
 
-if ($pages_guid) {
-	$page = get_entity($pages_guid);
-	if (!$page->canEdit()) {
-		$page = NULL; // if we can't edit it, go no further.
-	}
+if (!$input['title']) {
+	register_error(elgg_echo('pages:error:no_title'));
+	forward(REFERER);
+}
 
-	//select river boolean to edit
-	$which_river = 'edit';
+if ($page_guid) {
+	$page = get_entity($page_guid);
+	if (!$page || !$page->canEdit()) {
+		register_error(elgg_echo('pages:error:no_save'));
+		forward(REFERER);
+	}
+	$new_page = false;
 } else {
 	$page = new ElggObject();
-	if (!$parent_guid) {
-		$page->subtype = 'page_top';
-	} else {
+	if ($parent_guid) {
 		$page->subtype = 'page';
+	} else {
+		$page->subtype = 'page_top';
 	}
-
-	// New instance, so set container_guid
-	$container_guid = get_input('container_guid', get_loggedin_userid());
-	$page->container_guid = $container_guid;
-
-	// cache data in session in case data from form does not validate
-	$_SESSION['page_description'] = $input['description'];
-	$_SESSION['page_tags'] = get_input('tags');
-	$_SESSION['page_read_access'] = (int)get_input('access_id');
-	$_SESSION['page_write_access'] = (int)get_input('write_access_id');
+	$new_page = true;
 }
 
-// Have we got it? Can we edit it?
-if ($page instanceof ElggObject) {
-	// Save fields - note we always save latest description as both description and annotation
-	if (sizeof($input) > 0) {
-		foreach($input as $shortname => $value) {
-			$page->$shortname = $value;
+if (sizeof($input) > 0) {
+	// don't change access if not an owner/admin
+	$user = elgg_get_logged_in_user_entity();
+	$can_change_access = true;
+
+	if ($user && $page) {
+		$can_change_access = $user->isAdmin() || $user->getGUID() == $page->owner_guid;
+	}
+	
+	foreach ($input as $name => $value) {
+		if (($name == 'access_id' || $name == 'write_access_id') && !$can_change_access) {
+			continue;
 		}
+		if ($name == 'parent_guid') {
+			continue;
+		}
+
+		$page->$name = $value;
 	}
+}
 
-	if (!$page->title) {
-		register_error(elgg_echo("pages:notitle"));
+// need to add check to make sure user can write to container
+$page->container_guid = $container_guid;
 
-		forward(REFERER);
+if ($parent_guid && $parent_guid != $page_guid) {
+	// Check if parent isn't below the page in the tree
+	if ($page_guid) {
+		$tree_page = get_entity($parent_guid);
+		while ($tree_page->parent_guid > 0 && $page_guid != $tree_page->guid) {
+			$tree_page = get_entity($tree_page->parent_guid);
+		}
+		// If is below, bring all child elements forward
+		if ($page_guid == $tree_page->guid) {
+			$previous_parent = $page->parent_guid;
+			$children = elgg_get_entities_from_metadata(array(
+				'metadata_name' => 'parent_guid',
+				'metadata_value' => $page->getGUID()
+			));
+			if ($children) {
+				foreach ($children as $child) {
+					$child->parent_guid = $previous_parent;
+				}
+			}
+		}
 	}
-
-	$page->access_id = (int)get_input('access_id', ACCESS_PRIVATE);
-	$page->write_access_id = (int)get_input('write_access_id', ACCESS_PRIVATE);
 	$page->parent_guid = $parent_guid;
-	$page->owner_guid = ($page->owner_guid ? $page->owner_guid : get_loggedin_userid());
+}
 
-	if ($page->save()) {
+if ($page->save()) {
 
-		// Now save description as an annotation
-		$page->annotate('page', $page->description, $page->access_id);
+	elgg_clear_sticky_form('page');
 
-		// clear cache
-		unset($_SESSION['page_description']);
-		unset($_SESSION['page_tags']);
-		unset($_SESSION['page_read_access']);
-		unset($_SESSION['page_write_access']);
+	// Now save description as an annotation
+	$page->annotate('page', $page->description, $page->access_id);
 
-		system_message(elgg_echo("pages:saved"));
+	system_message(elgg_echo('pages:saved'));
 
-		//add to river
-		if ($which_river == 'new') {
-			add_to_river('river/object/page/create','create',get_loggedin_userid(),$page->guid);
-		} else {
-			add_to_river('river/object/page/update','update',get_loggedin_userid(),$page->guid);
-		}
-
-		// Forward to the user's profile
-		forward($page->getUrl());
-	} else {
-		register_error(elgg_echo('pages:notsaved'));
+	if ($new_page) {
+		add_to_river('river/object/page/create', 'create', elgg_get_logged_in_user_guid(), $page->guid);
 	}
 
+	forward($page->getURL());
 } else {
-	register_error(elgg_echo("pages:noaccess"));
+	register_error(elgg_echo('pages:error:notsaved'));
+	forward(REFERER);
 }
-
-// Forward to the user's profile
-forward($page->getUrl());
-\ No newline at end of file
diff --git a/mod/pages/actions/pages/editwelcome.php b/mod/pages/actions/pages/editwelcome.php
deleted file mode 100644
index a13ae4c35..000000000
--- a/mod/pages/actions/pages/editwelcome.php
+++ /dev/null
@@ -1,55 +0,0 @@
-<?php
-/**
- * Elgg Pages Edit welcome message
- *
- * @package ElggPages
- */
-
-global $CONFIG;
-
-// Get group fields
-$message = get_input("pages_welcome");
-$container_guid = get_input("owner_guid");
-$object_guid = get_input("object_guid");
-$access_id = (int) get_input("access_id");
-
-//check to see if this is an edit or new welcome message
-if($object_guid){
-
-	//it is an edit so grab the object
-	$welcome = get_entity($object_guid);
-	if ($welcome->getSubtype() == "pages_welcome" && $welcome->canEdit()) {
-
-		$welcome->description = $message;
-		$welcome->access_id = $access_id;
-		$welcome->save();
-		system_message(elgg_echo("pages:welcomeposted"));
-
-	} else {
-		register_error(elgg_echo("pages:welcomeerror"));
-	}
-} else {
-	//it is a new welcome object
-	if ($container_guid) {
-		$welcome = new ElggObject();
-		// Tell the system it's a pages welcome message
-		$welcome->subtype = "pages_welcome";
-		$welcome->title = "Welcome";
-		$welcome->description = $message;
-		$welcome->access_id = $access_id;
-
-		// Set the owner
-		$welcome->container_guid = $container_guid;
-
-		// save
-		if (!$welcome->save()){
-			register_error(elgg_echo("pages:welcomeerror"));
-		} else {
-			system_message(elgg_echo("pages:welcomeposted"));
-		}
-	} else {
-		register_error(elgg_echo("pages:welcomeerror"));
-	}
-}
-
-forward("pg/pages/owned/" . get_entity($container_guid)->username);
-\ No newline at end of file