diff options
Diffstat (limited to 'mod/profile/actions')
-rw-r--r-- | mod/profile/actions/edit.php | 110 |
1 files changed, 0 insertions, 110 deletions
diff --git a/mod/profile/actions/edit.php b/mod/profile/actions/edit.php deleted file mode 100644 index da7553b6e..000000000 --- a/mod/profile/actions/edit.php +++ /dev/null @@ -1,110 +0,0 @@ -<?php -/** - * Elgg profile plugin edit action - * - * @package ElggProfile - */ - -global $CONFIG; - -$profile_username = get_input('username'); -$profile_owner = get_user_by_username($profile_username); - -if (!$profile_owner || !$profile_owner->canEdit()) { - system_message(elgg_echo("profile:noaccess")); - forward(REFERER); -} - -// grab the defined profile field names and their load the values from POST. -// each field can have its own access, so sort that too. -$input = array(); -$accesslevel = get_input('accesslevel'); - -if (!is_array($accesslevel)) { - $accesslevel = array(); -} - -/** - * wrapper for recursive array walk decoding - */ -function profile_array_decoder(&$v) { - $v = html_entity_decode($v, ENT_COMPAT, 'UTF-8'); -} - - -foreach($CONFIG->profile as $shortname => $valuetype) { - // the decoding is a stop gag to prevent && showing up in profile fields - // because it is escaped on both input (get_input()) and output (view:output/text). see #561 and #1405. - // must decode in utf8 or string corruption occurs. see #1567. - $value = get_input($shortname); - if (is_array($value)) { - array_walk_recursive($value, 'profile_array_decoder'); - } else { - $value = html_entity_decode($value, ENT_COMPAT, 'UTF-8'); - } - - // limit to reasonable sizes. - if (!is_array($value) && $valuetype != 'longtext' && elgg_strlen($value) > 250) { - $error = elgg_echo('profile:field_too_long', array(elgg_echo("profile:{$shortname}"))); - register_error($error); - forward(REFERER); - } - - if ($valuetype == 'tags') { - $value = string_to_tag_array($value); - } - - $input[$shortname] = $value; -} - -// display name is handled separately -if ($name = strip_tags(get_input('name'))) { - if (elgg_strlen($name) > 50) { - register_error(elgg_echo('user:name:fail')); - } elseif ($profile_owner->name != $name) { - $profile_owner->name = $name; - // @todo this is weird...giving two notifications? - if ($profile_owner->save()) { - system_message(elgg_echo('user:name:success')); - } else { - register_error(elgg_echo('user:name:fail')); - } - } -} - -// go through custom fields -if (sizeof($input) > 0) { - foreach($input as $shortname => $value) { - remove_metadata($profile_owner->guid, $shortname); - if (isset($accesslevel[$shortname])) { - $access_id = (int) $accesslevel[$shortname]; - } else { - // this should never be executed since the access level should always be set - $access_id = ACCESS_DEFAULT; - } - if (is_array($value)) { - $i = 0; - foreach($value as $interval) { - $i++; - $multiple = ($i > 1) ? TRUE : FALSE; - create_metadata($profile_owner->guid, $shortname, $interval, 'text', $profile_owner->guid, $access_id, $multiple); - } - } else { - create_metadata($profile_owner->getGUID(), $shortname, $value, 'text', $profile_owner->getGUID(), $access_id); - } - } - - $profile_owner->save(); - - // Notify of profile update - elgg_trigger_event('profileupdate',$user->type,$user); - - //add to river if edited by self - if (get_loggedin_userid() == $user->guid) { - add_to_river('river/user/default/profileupdate','update',get_loggedin_userid(),get_loggedin_userid(),get_default_access(get_loggedin_user())); - } - - system_message(elgg_echo("profile:saved")); -} - -forward($profile_owner->getUrl() . "/details"); |