diff options
Diffstat (limited to 'mod/profile')
| -rw-r--r-- | mod/profile/actions/edit.php | 11 | ||||
| -rw-r--r-- | mod/profile/icondirect.php | 147 | ||||
| -rw-r--r-- | mod/profile/views/default/profile/menu/adminlinks.php | 4 | 
3 files changed, 36 insertions, 126 deletions
| diff --git a/mod/profile/actions/edit.php b/mod/profile/actions/edit.php index 4afe4cd47..207559334 100644 --- a/mod/profile/actions/edit.php +++ b/mod/profile/actions/edit.php @@ -33,10 +33,17 @@ foreach($CONFIG->profile as $shortname => $valuetype) {  	// the decoding is a stop gag to prevent && showing up in profile fields  	// because it is escaped on both input (get_input()) and output (view:output/text). see #561 and #1405.  	// must decode in utf8 or string corruption occurs. see #1567. -	$value = html_entity_decode(get_input($shortname), ENT_COMPAT, 'UTF-8'); +	$value = get_input($shortname); +	if (is_array($value)) { +		foreach ($value as $k => $v) { +			$value[$k] = html_entity_decode($v, ENT_COMPAT, 'UTF-8'); +		} +	} else { +		$value = html_entity_decode($value, ENT_COMPAT, 'UTF-8'); +	}  	// limit to reasonable sizes. -	if ($valuetype != 'longtext' && elgg_strlen($value) > 250) { +	if (!is_array($value) && $valuetype != 'longtext' && elgg_strlen($value) > 250) {  		$error = sprintf(elgg_echo('profile:field_too_long'), elgg_echo("profile:{$shortname}"));  		register_error($error);  		forward($_SERVER['HTTP_REFERER']); diff --git a/mod/profile/icondirect.php b/mod/profile/icondirect.php index a9aed2eea..353ce389c 100644 --- a/mod/profile/icondirect.php +++ b/mod/profile/icondirect.php @@ -1,125 +1,28 @@  <?php -/** - * Elgg profile icon - *  - * @package ElggProfile - * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2 - * @author Curverider Ltd <info@elgg.com> - * @copyright Curverider Ltd 2008-2010 - * @link http://elgg.com/ -*/ -require_once(dirname(dirname(dirname(__FILE__))). '/engine/settings.php'); +	/** +	 * Elgg profile icon cache/bypass +	 *  +	 * @package ElggProfile +	 * @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2 +	 * @author Curverider Ltd <info@elgg.com> +	 * @copyright Curverider Ltd 2008-2010 +	 * @link http://elgg.com/ +	 */ -/** - * UTF safe str_split. - * This is only used here since we don't have access to the file store code. - * TODO: This is a horrible hack, so clean this up! - */ -function __id_mb_str_split($string, $charset = 'UTF8'){ -	if (is_callable('mb_substr')){ -		$length = mb_strlen($string); -		$array = array(); -				 -		while ($length){ -			$array[] = mb_substr($string, 0, 1, $charset); -			$string = mb_substr($string, 1, $length, $charset); -			$length = mb_strlen($string); -		} -		 -		return $array; -	} else { -		return str_split($string); -	} -			 -	return FALSE; -} -		 -global $CONFIG; -$contents = ''; -		 -if ($mysql_dblink = @mysql_connect($CONFIG->dbhost,$CONFIG->dbuser,$CONFIG->dbpass, true)) { -	$username = $_GET['username']; -	//$username = preg_replace('/[^A-Za-z0-9\_\-]/i','',$username); -	$blacklist = '/[' . -	'\x{0080}-\x{009f}' . # iso-8859-1 control chars -	'\x{00a0}' .          # non-breaking space -	'\x{2000}-\x{200f}' . # various whitespace -	'\x{2028}-\x{202f}' . # breaks and control chars -	'\x{3000}' .          # ideographic space -	'\x{e000}-\x{f8ff}' . # private use -	']/u'; -	if ( -		preg_match($blacklist, $username) ||	 -		(strpos($username, '/')!==false) || -		(strpos($username, '\\')!==false) || -		(strpos($username, '"')!==false) || -		(strpos($username, '\'')!==false) || -		(strpos($username, '*')!==false) || -		(strpos($username, '&')!==false) || -		(strpos($username, ' ')!==false) -	) exit; -			 -	$userarray = __id_mb_str_split($username); -				 -	$matrix = ''; -	$length = 5; -	if (sizeof($userarray) < $length) $length = sizeof($userarray); -	for ($n = 0; $n < $length; $n++) { -		$matrix .= $userarray[$n] . "/"; -	}	 -		 -	// Get the size -	$size = strtolower($_GET['size']); -	if (!in_array($size,array('large','medium','small','tiny','master','topbar'))) -		$size = "medium"; -			 -	// Try and get the icon -	if (@mysql_select_db($CONFIG->dbname,$mysql_dblink)) { -		// get dataroot and simplecache_enabled in one select for efficiency -		if ($result = mysql_query("select name, value from {$CONFIG->dbprefix}datalists where name in ('dataroot','simplecache_enabled')",$mysql_dblink)) { -			$simplecache_enabled = true; -			$row = mysql_fetch_object($result); -			while ($row) { -				if ($row->name == 'dataroot') { -					$dataroot = $row->value; -				} else if ($row->name == 'simplecache_enabled') { -					$simplecache_enabled = $row->value; -				} -				$row = mysql_fetch_object($result); -			} -		} -	} -} -	//@todo forcing through the framework to ensure the matrix -	// is created the same way. -	//if ($simplecache_enabled) { -	if (false) { -		$filename = $dataroot . $matrix . "{$username}/profile/" . $username . $size . ".jpg"; -		$contents = @file_get_contents($filename); -		if (empty($contents)) {			 -			global $viewinput; -			$viewinput['view'] = 'icon/user/default/'.$size; -			ob_start(); -			include(dirname(dirname(dirname(__FILE__))).'/simplecache/view.php'); -			$loc = ob_get_clean(); -			header('Location: ' . $loc); -			exit; -			//$contents = @file_get_contents(dirname(__FILE__) . "/graphics/default{$size}.jpg"); -		}	else {		 -			header("Content-type: image/jpeg"); -			header('Expires: ' . date('r',time() + 864000)); -			header("Pragma: public"); -			header("Cache-Control: public"); -			header("Content-Length: " . strlen($contents)); -			$splitString = str_split($contents, 1024); -			foreach($splitString as $chunk) -				echo $chunk; -		} -	} else { -			mysql_close($mysql_dblink); -			require_once(dirname(dirname(dirname(__FILE__))) . "/engine/start.php"); -			set_input('username',$username); -			set_input('size',$size); -			require_once(dirname(__FILE__).'/icon.php'); -	}
\ No newline at end of file +	// This should provide faster access to profile icons by not loading the +	// engine but directly grabbing the file from the user's profile directory. +	// The speedup was broken in Elgg 1.7 because of a change in directory structure. +	// The link to this script is provided in profile_usericon_hook(). To work +	// in 1.7 forward, the link has to be updated to provide more information. +	// The profile icon filename should also be changed to not use username. + +	// To see previous code, see svn history. + +	// At the moment, this does not serve much of a purpose other than provide +	// continuity. It currently just includes icon.php which uses the engine. + +	// see #1989 and #2035 + +	require_once(dirname(dirname(dirname(__FILE__))) . "/engine/start.php"); +	require_once(dirname(__FILE__).'/icon.php'); diff --git a/mod/profile/views/default/profile/menu/adminlinks.php b/mod/profile/views/default/profile/menu/adminlinks.php index a88f96816..d2a36397d 100644 --- a/mod/profile/views/default/profile/menu/adminlinks.php +++ b/mod/profile/views/default/profile/menu/adminlinks.php @@ -23,10 +23,10 @@ if (isadminloggedin()){  			}  			echo elgg_view('output/confirmlink', array('text' => elgg_echo("delete"), 'href' => "{$vars['url']}action/admin/user/delete?guid={$vars['entity']->guid}"));  			echo elgg_view('output/confirmlink', array('text' => elgg_echo("resetpassword"), 'href' => "{$vars['url']}action/admin/user/resetpassword?guid={$vars['entity']->guid}")); -			if (!$vars['entity']->admin) {  +			if (!$vars['entity']->isAdmin()) {   				echo elgg_view('output/confirmlink', array('text' => elgg_echo("makeadmin"), 'href' => "{$vars['url']}action/admin/user/makeadmin?guid={$vars['entity']->guid}"));  			} else {  				echo elgg_view('output/confirmlink', array('text' => elgg_echo("removeadmin"), 'href' => "{$vars['url']}action/admin/user/removeadmin?guid={$vars['entity']->guid}"));  			}  		} -	}
\ No newline at end of file +	} | 
