diff options
Diffstat (limited to 'mod/profile')
-rw-r--r-- | mod/profile/actions/edit.php | 11 | ||||
-rw-r--r-- | mod/profile/icondirect.php | 147 | ||||
-rw-r--r-- | mod/profile/views/default/profile/menu/adminlinks.php | 4 |
3 files changed, 36 insertions, 126 deletions
diff --git a/mod/profile/actions/edit.php b/mod/profile/actions/edit.php index 4afe4cd47..207559334 100644 --- a/mod/profile/actions/edit.php +++ b/mod/profile/actions/edit.php @@ -33,10 +33,17 @@ foreach($CONFIG->profile as $shortname => $valuetype) { // the decoding is a stop gag to prevent && showing up in profile fields // because it is escaped on both input (get_input()) and output (view:output/text). see #561 and #1405. // must decode in utf8 or string corruption occurs. see #1567. - $value = html_entity_decode(get_input($shortname), ENT_COMPAT, 'UTF-8'); + $value = get_input($shortname); + if (is_array($value)) { + foreach ($value as $k => $v) { + $value[$k] = html_entity_decode($v, ENT_COMPAT, 'UTF-8'); + } + } else { + $value = html_entity_decode($value, ENT_COMPAT, 'UTF-8'); + } // limit to reasonable sizes. - if ($valuetype != 'longtext' && elgg_strlen($value) > 250) { + if (!is_array($value) && $valuetype != 'longtext' && elgg_strlen($value) > 250) { $error = sprintf(elgg_echo('profile:field_too_long'), elgg_echo("profile:{$shortname}")); register_error($error); forward($_SERVER['HTTP_REFERER']); diff --git a/mod/profile/icondirect.php b/mod/profile/icondirect.php index a9aed2eea..353ce389c 100644 --- a/mod/profile/icondirect.php +++ b/mod/profile/icondirect.php @@ -1,125 +1,28 @@ <?php -/** - * Elgg profile icon - * - * @package ElggProfile - * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2 - * @author Curverider Ltd <info@elgg.com> - * @copyright Curverider Ltd 2008-2010 - * @link http://elgg.com/ -*/ -require_once(dirname(dirname(dirname(__FILE__))). '/engine/settings.php'); + /** + * Elgg profile icon cache/bypass + * + * @package ElggProfile + * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2 + * @author Curverider Ltd <info@elgg.com> + * @copyright Curverider Ltd 2008-2010 + * @link http://elgg.com/ + */ -/** - * UTF safe str_split. - * This is only used here since we don't have access to the file store code. - * TODO: This is a horrible hack, so clean this up! - */ -function __id_mb_str_split($string, $charset = 'UTF8'){ - if (is_callable('mb_substr')){ - $length = mb_strlen($string); - $array = array(); - - while ($length){ - $array[] = mb_substr($string, 0, 1, $charset); - $string = mb_substr($string, 1, $length, $charset); - $length = mb_strlen($string); - } - - return $array; - } else { - return str_split($string); - } - - return FALSE; -} - -global $CONFIG; -$contents = ''; - -if ($mysql_dblink = @mysql_connect($CONFIG->dbhost,$CONFIG->dbuser,$CONFIG->dbpass, true)) { - $username = $_GET['username']; - //$username = preg_replace('/[^A-Za-z0-9\_\-]/i','',$username); - $blacklist = '/[' . - '\x{0080}-\x{009f}' . # iso-8859-1 control chars - '\x{00a0}' . # non-breaking space - '\x{2000}-\x{200f}' . # various whitespace - '\x{2028}-\x{202f}' . # breaks and control chars - '\x{3000}' . # ideographic space - '\x{e000}-\x{f8ff}' . # private use - ']/u'; - if ( - preg_match($blacklist, $username) || - (strpos($username, '/')!==false) || - (strpos($username, '\\')!==false) || - (strpos($username, '"')!==false) || - (strpos($username, '\'')!==false) || - (strpos($username, '*')!==false) || - (strpos($username, '&')!==false) || - (strpos($username, ' ')!==false) - ) exit; - - $userarray = __id_mb_str_split($username); - - $matrix = ''; - $length = 5; - if (sizeof($userarray) < $length) $length = sizeof($userarray); - for ($n = 0; $n < $length; $n++) { - $matrix .= $userarray[$n] . "/"; - } - - // Get the size - $size = strtolower($_GET['size']); - if (!in_array($size,array('large','medium','small','tiny','master','topbar'))) - $size = "medium"; - - // Try and get the icon - if (@mysql_select_db($CONFIG->dbname,$mysql_dblink)) { - // get dataroot and simplecache_enabled in one select for efficiency - if ($result = mysql_query("select name, value from {$CONFIG->dbprefix}datalists where name in ('dataroot','simplecache_enabled')",$mysql_dblink)) { - $simplecache_enabled = true; - $row = mysql_fetch_object($result); - while ($row) { - if ($row->name == 'dataroot') { - $dataroot = $row->value; - } else if ($row->name == 'simplecache_enabled') { - $simplecache_enabled = $row->value; - } - $row = mysql_fetch_object($result); - } - } - } -} - //@todo forcing through the framework to ensure the matrix - // is created the same way. - //if ($simplecache_enabled) { - if (false) { - $filename = $dataroot . $matrix . "{$username}/profile/" . $username . $size . ".jpg"; - $contents = @file_get_contents($filename); - if (empty($contents)) { - global $viewinput; - $viewinput['view'] = 'icon/user/default/'.$size; - ob_start(); - include(dirname(dirname(dirname(__FILE__))).'/simplecache/view.php'); - $loc = ob_get_clean(); - header('Location: ' . $loc); - exit; - //$contents = @file_get_contents(dirname(__FILE__) . "/graphics/default{$size}.jpg"); - } else { - header("Content-type: image/jpeg"); - header('Expires: ' . date('r',time() + 864000)); - header("Pragma: public"); - header("Cache-Control: public"); - header("Content-Length: " . strlen($contents)); - $splitString = str_split($contents, 1024); - foreach($splitString as $chunk) - echo $chunk; - } - } else { - mysql_close($mysql_dblink); - require_once(dirname(dirname(dirname(__FILE__))) . "/engine/start.php"); - set_input('username',$username); - set_input('size',$size); - require_once(dirname(__FILE__).'/icon.php'); - }
\ No newline at end of file + // This should provide faster access to profile icons by not loading the + // engine but directly grabbing the file from the user's profile directory. + // The speedup was broken in Elgg 1.7 because of a change in directory structure. + // The link to this script is provided in profile_usericon_hook(). To work + // in 1.7 forward, the link has to be updated to provide more information. + // The profile icon filename should also be changed to not use username. + + // To see previous code, see svn history. + + // At the moment, this does not serve much of a purpose other than provide + // continuity. It currently just includes icon.php which uses the engine. + + // see #1989 and #2035 + + require_once(dirname(dirname(dirname(__FILE__))) . "/engine/start.php"); + require_once(dirname(__FILE__).'/icon.php'); diff --git a/mod/profile/views/default/profile/menu/adminlinks.php b/mod/profile/views/default/profile/menu/adminlinks.php index a88f96816..d2a36397d 100644 --- a/mod/profile/views/default/profile/menu/adminlinks.php +++ b/mod/profile/views/default/profile/menu/adminlinks.php @@ -23,10 +23,10 @@ if (isadminloggedin()){ } echo elgg_view('output/confirmlink', array('text' => elgg_echo("delete"), 'href' => "{$vars['url']}action/admin/user/delete?guid={$vars['entity']->guid}")); echo elgg_view('output/confirmlink', array('text' => elgg_echo("resetpassword"), 'href' => "{$vars['url']}action/admin/user/resetpassword?guid={$vars['entity']->guid}")); - if (!$vars['entity']->admin) { + if (!$vars['entity']->isAdmin()) { echo elgg_view('output/confirmlink', array('text' => elgg_echo("makeadmin"), 'href' => "{$vars['url']}action/admin/user/makeadmin?guid={$vars['entity']->guid}")); } else { echo elgg_view('output/confirmlink', array('text' => elgg_echo("removeadmin"), 'href' => "{$vars['url']}action/admin/user/removeadmin?guid={$vars['entity']->guid}")); } } - }
\ No newline at end of file + } |