aboutsummaryrefslogtreecommitdiff
path: root/mod
diff options
context:
space:
mode:
Diffstat (limited to 'mod')
-rw-r--r--mod/blog/actions/blog/auto_save_revision.php2
-rw-r--r--mod/blog/actions/blog/save.php6
-rw-r--r--mod/blog/views/default/forms/blog/save.php11
-rw-r--r--mod/bookmarks/actions/bookmarks/save.php2
-rw-r--r--mod/file/actions/file/upload.php4
-rw-r--r--mod/groups/actions/discussion/save.php2
-rw-r--r--mod/groups/actions/groups/edit.php11
-rw-r--r--mod/groups/start.php9
-rw-r--r--mod/groups/views/rss/groups/profile/layout.php13
-rw-r--r--mod/messages/pages/messages/inbox.php9
-rw-r--r--mod/messages/pages/messages/read.php9
-rw-r--r--mod/messages/pages/messages/sent.php9
-rw-r--r--mod/pages/actions/pages/edit.php5
-rw-r--r--mod/search/views/default/search/search_box.php3
-rw-r--r--mod/twitter/views/default/widgets/twitter/content.php2
-rw-r--r--mod/twitter_api/vendors/twitteroauth/OAuth.php3
-rw-r--r--mod/twitter_api/vendors/twitteroauth/twitterOAuth.php4
-rw-r--r--mod/uservalidationbyemail/start.php16
18 files changed, 79 insertions, 41 deletions
diff --git a/mod/blog/actions/blog/auto_save_revision.php b/mod/blog/actions/blog/auto_save_revision.php
index 66b65c5fd..e33edfaab 100644
--- a/mod/blog/actions/blog/auto_save_revision.php
+++ b/mod/blog/actions/blog/auto_save_revision.php
@@ -7,7 +7,7 @@
$guid = get_input('guid');
$user = elgg_get_logged_in_user_entity();
-$title = get_input('title');
+$title = htmlspecialchars(get_input('title', '', false), ENT_QUOTES, 'UTF-8');
$description = get_input('description');
$excerpt = get_input('excerpt');
diff --git a/mod/blog/actions/blog/save.php b/mod/blog/actions/blog/save.php
index 048bc00be..070c96398 100644
--- a/mod/blog/actions/blog/save.php
+++ b/mod/blog/actions/blog/save.php
@@ -57,7 +57,11 @@ $required = array('title', 'description');
// load from POST and do sanity and access checking
foreach ($values as $name => $default) {
- $value = get_input($name, $default);
+ if ($name === 'title') {
+ $value = htmlspecialchars(get_input('title', $default, false), ENT_QUOTES, 'UTF-8');
+ } else {
+ $value = get_input($name, $default);
+ }
if (in_array($name, $required) && empty($value)) {
$error = elgg_echo("blog:error:missing:$name");
diff --git a/mod/blog/views/default/forms/blog/save.php b/mod/blog/views/default/forms/blog/save.php
index a805541bd..36fa2e0e8 100644
--- a/mod/blog/views/default/forms/blog/save.php
+++ b/mod/blog/views/default/forms/blog/save.php
@@ -23,7 +23,7 @@ if ($vars['guid']) {
$delete_link = elgg_view('output/confirmlink', array(
'href' => $delete_url,
'text' => elgg_echo('delete'),
- 'class' => 'elgg-button elgg-button-delete elgg-state-disabled float-alt'
+ 'class' => 'elgg-button elgg-button-delete float-alt'
));
}
@@ -53,7 +53,7 @@ $excerpt_label = elgg_echo('blog:excerpt');
$excerpt_input = elgg_view('input/text', array(
'name' => 'excerpt',
'id' => 'blog_excerpt',
- 'value' => html_entity_decode($vars['excerpt'], ENT_COMPAT, 'UTF-8')
+ 'value' => _elgg_html_decode($vars['excerpt'])
));
$body_label = elgg_echo('blog:body');
@@ -125,9 +125,10 @@ $draft_warning
$excerpt_input
</div>
-<label for="blog_description">$body_label</label>
-$body_input
-<br />
+<div>
+ <label for="blog_description">$body_label</label>
+ $body_input
+</div>
<div>
<label for="blog_tags">$tags_label</label>
diff --git a/mod/bookmarks/actions/bookmarks/save.php b/mod/bookmarks/actions/bookmarks/save.php
index 3ca6bef32..46090b115 100644
--- a/mod/bookmarks/actions/bookmarks/save.php
+++ b/mod/bookmarks/actions/bookmarks/save.php
@@ -5,7 +5,7 @@
* @package Bookmarks
*/
-$title = strip_tags(get_input('title'));
+$title = htmlspecialchars(get_input('title', '', false), ENT_QUOTES, 'UTF-8');
$description = get_input('description');
$address = get_input('address');
$access_id = get_input('access_id');
diff --git a/mod/file/actions/file/upload.php b/mod/file/actions/file/upload.php
index d72d04eb7..d6dce2528 100644
--- a/mod/file/actions/file/upload.php
+++ b/mod/file/actions/file/upload.php
@@ -6,7 +6,7 @@
*/
// Get variables
-$title = get_input("title");
+$title = htmlspecialchars(get_input('title', '', false), ENT_QUOTES, 'UTF-8');
$desc = get_input("description");
$access_id = (int) get_input("access_id");
$container_guid = (int) get_input('container_guid', 0);
@@ -44,7 +44,7 @@ if ($new_file) {
// if no title on new upload, grab filename
if (empty($title)) {
- $title = $_FILES['upload']['name'];
+ $title = htmlspecialchars($_FILES['upload']['name'], ENT_QUOTES, 'UTF-8');
}
} else {
diff --git a/mod/groups/actions/discussion/save.php b/mod/groups/actions/discussion/save.php
index de4afadfb..b3e9da654 100644
--- a/mod/groups/actions/discussion/save.php
+++ b/mod/groups/actions/discussion/save.php
@@ -4,7 +4,7 @@
*/
// Get variables
-$title = get_input("title");
+$title = htmlspecialchars(get_input('title', '', false), ENT_QUOTES, 'UTF-8');
$desc = get_input("description");
$status = get_input("status");
$access_id = (int) get_input("access_id");
diff --git a/mod/groups/actions/groups/edit.php b/mod/groups/actions/groups/edit.php
index df2464a65..2d7e1f023 100644
--- a/mod/groups/actions/groups/edit.php
+++ b/mod/groups/actions/groups/edit.php
@@ -8,15 +8,15 @@
// Load configuration
global $CONFIG;
+elgg_make_sticky_form('groups');
+
/**
* wrapper for recursive array walk decoding
*/
function profile_array_decoder(&$v) {
- $v = html_entity_decode($v, ENT_COMPAT, 'UTF-8');
+ $v = _elgg_html_decode($v);
}
-elgg_make_sticky_form('groups');
-
// Get group fields
$input = array();
foreach ($CONFIG->group as $shortname => $valuetype) {
@@ -25,7 +25,7 @@ foreach ($CONFIG->group as $shortname => $valuetype) {
if (is_array($input[$shortname])) {
array_walk_recursive($input[$shortname], 'profile_array_decoder');
} else {
- $input[$shortname] = html_entity_decode($input[$shortname], ENT_COMPAT, 'UTF-8');
+ $input[$shortname] = _elgg_html_decode($input[$shortname]);
}
if ($valuetype == 'tags') {
@@ -33,8 +33,7 @@ foreach ($CONFIG->group as $shortname => $valuetype) {
}
}
-$input['name'] = get_input('name');
-$input['name'] = html_entity_decode($input['name'], ENT_COMPAT, 'UTF-8');
+$input['name'] = htmlspecialchars(get_input('name', '', false), ENT_QUOTES, 'UTF-8');
$user = elgg_get_logged_in_user_entity();
diff --git a/mod/groups/start.php b/mod/groups/start.php
index c591410c5..9dca7dc16 100644
--- a/mod/groups/start.php
+++ b/mod/groups/start.php
@@ -194,6 +194,15 @@ function groups_setup_sidebar_menus() {
*/
function groups_page_handler($page) {
+ // forward old profile urls
+ if (is_numeric($page[0])) {
+ $group = get_entity($page[0]);
+ if (elgg_instanceof($group, 'group', '', 'ElggGroup')) {
+ system_message(elgg_echo('changebookmark'));
+ forward($group->getURL());
+ }
+ }
+
elgg_load_library('elgg:groups');
if (!isset($page[0])) {
diff --git a/mod/groups/views/rss/groups/profile/layout.php b/mod/groups/views/rss/groups/profile/layout.php
index 3eeb9eaf2..0dafe78ad 100644
--- a/mod/groups/views/rss/groups/profile/layout.php
+++ b/mod/groups/views/rss/groups/profile/layout.php
@@ -7,7 +7,12 @@
* @uses $vars['entity'] ElggGroup object
*/
-echo elgg_list_entities(array(
- 'type' => 'object',
- 'container_guid' => $vars['entity']->getGUID(),
-));
+$entities = elgg_get_config('registered_entities');
+
+if (!empty($entities['object'])) {
+ echo elgg_list_entities(array(
+ 'type' => 'object',
+ 'subtypes' => $entities['object'],
+ 'container_guid' => $vars['entity']->getGUID(),
+ ));
+}
diff --git a/mod/messages/pages/messages/inbox.php b/mod/messages/pages/messages/inbox.php
index fdfc20c43..de5b8b231 100644
--- a/mod/messages/pages/messages/inbox.php
+++ b/mod/messages/pages/messages/inbox.php
@@ -8,8 +8,13 @@
gatekeeper();
$page_owner = elgg_get_page_owner_entity();
-if (!$page_owner) {
- register_error(elgg_echo());
+
+if (!$page_owner || !$page_owner->canEdit()) {
+ $guid = 0;
+ if($page_owner){
+ $guid = $page_owner->getGUID();
+ }
+ register_error(elgg_echo("pageownerunavailable", array($guid)));
forward();
}
diff --git a/mod/messages/pages/messages/read.php b/mod/messages/pages/messages/read.php
index 19e3ecdd7..4223c6bac 100644
--- a/mod/messages/pages/messages/read.php
+++ b/mod/messages/pages/messages/read.php
@@ -8,8 +8,8 @@
gatekeeper();
$message = get_entity(get_input('guid'));
-if (!$message) {
- forward('messages/inbox');
+if (!$message || !elgg_instanceof($message, "object", "messages")) {
+ forward('messages/inbox/' . elgg_get_logged_in_user_entity()->username);
}
// mark the message as read
@@ -38,8 +38,9 @@ if ($inbox) {
);
$body_params = array('message' => $message);
$content .= elgg_view_form('messages/reply', $form_params, $body_params);
-
- if (elgg_get_logged_in_user_guid() == elgg_get_page_owner_guid()) {
+ $from_user = get_user($message->fromId);
+
+ if ((elgg_get_logged_in_user_guid() == elgg_get_page_owner_guid()) && $from_user) {
elgg_register_menu_item('title', array(
'name' => 'reply',
'href' => '#messages-reply-form',
diff --git a/mod/messages/pages/messages/sent.php b/mod/messages/pages/messages/sent.php
index af06ab273..3d08cd5ee 100644
--- a/mod/messages/pages/messages/sent.php
+++ b/mod/messages/pages/messages/sent.php
@@ -8,8 +8,13 @@
gatekeeper();
$page_owner = elgg_get_page_owner_entity();
-if (!$page_owner) {
- register_error(elgg_echo());
+
+if (!$page_owner || !$page_owner->canEdit()) {
+ $guid = 0;
+ if($page_owner){
+ $guid = $page_owner->getGUID();
+ }
+ register_error(elgg_echo("pageownerunavailable", array($guid)));
forward();
}
diff --git a/mod/pages/actions/pages/edit.php b/mod/pages/actions/pages/edit.php
index a32e4a4ba..fe5754d76 100644
--- a/mod/pages/actions/pages/edit.php
+++ b/mod/pages/actions/pages/edit.php
@@ -8,9 +8,10 @@
$variables = elgg_get_config('pages');
$input = array();
foreach ($variables as $name => $type) {
- $input[$name] = get_input($name);
if ($name == 'title') {
- $input[$name] = strip_tags($input[$name]);
+ $input[$name] = htmlspecialchars(get_input($name, '', false), ENT_QUOTES, 'UTF-8');
+ } else {
+ $input[$name] = get_input($name);
}
if ($type == 'tags') {
$input[$name] = string_to_tag_array($input[$name]);
diff --git a/mod/search/views/default/search/search_box.php b/mod/search/views/default/search/search_box.php
index ff12ae4f0..7474a280c 100644
--- a/mod/search/views/default/search/search_box.php
+++ b/mod/search/views/default/search/search_box.php
@@ -32,12 +32,11 @@ if (function_exists('mb_convert_encoding')) {
}
$display_query = htmlspecialchars($display_query, ENT_QUOTES, 'UTF-8', false);
-
?>
<form class="<?php echo $class; ?>" action="<?php echo elgg_get_site_url(); ?>search" method="get">
<fieldset>
- <input type="text" class="search-input" size="21" name="q" value="<?php echo elgg_echo('search'); ?>" onblur="if (this.value=='') { this.value='<?php echo elgg_echo('search'); ?>' }" onfocus="if (this.value=='<?php echo elgg_echo('search'); ?>') { this.value='' };" />
+ <input type="text" class="search-input" size="21" name="q" value="<?php echo $display_query; ?>" onblur="if (this.value=='') { this.value='<?php echo elgg_echo('search'); ?>' }" onfocus="if (this.value=='<?php echo elgg_echo('search'); ?>') { this.value='' };" />
<input type="hidden" name="search_type" value="all" />
<input type="submit" value="<?php echo elgg_echo('search:go'); ?>" class="search-submit-button" />
</fieldset>
diff --git a/mod/twitter/views/default/widgets/twitter/content.php b/mod/twitter/views/default/widgets/twitter/content.php
index e429d0103..c616d944c 100644
--- a/mod/twitter/views/default/widgets/twitter/content.php
+++ b/mod/twitter/views/default/widgets/twitter/content.php
@@ -20,7 +20,7 @@ if ($username) {
<ul id="twitter_update_list"></ul>
<p class="visit_twitter"><a href="http://twitter.com/<?php echo $username; ?>"><?php echo elgg_echo("twitter:visit"); ?></a></p>
<script type="text/javascript" src="http://twitter.com/javascripts/blogger.js"></script>
- <script type="text/javascript" src="http://twitter.com/statuses/user_timeline/<?php echo $username; ?>.json?callback=twitterCallback2&count=<?php echo $num; ?>"></script>
+ <script type="text/javascript" src="https://api.twitter.com/1/statuses/user_timeline/<?php echo $username; ?>.json?callback=twitterCallback2&count=<?php echo $num; ?>"></script>
</div>
<?php
diff --git a/mod/twitter_api/vendors/twitteroauth/OAuth.php b/mod/twitter_api/vendors/twitteroauth/OAuth.php
index b0e3cfd5e..e132a5bc8 100644
--- a/mod/twitter_api/vendors/twitteroauth/OAuth.php
+++ b/mod/twitter_api/vendors/twitteroauth/OAuth.php
@@ -78,6 +78,7 @@ class twitterOAuthRequest extends OAuthRequest {
private $http_url;
// for debug purposes
public $base_string;
+ public static $version = '1.0';
public static $POST_INPUT = 'php://input';
function __construct($http_method, $http_url, $parameters=NULL) {
@@ -145,7 +146,7 @@ class twitterOAuthRequest extends OAuthRequest {
*/
public static function from_consumer_and_token($consumer, $token, $http_method, $http_url, $parameters=NULL) {
@$parameters or $parameters = array();
- $defaults = array("oauth_version" => '1.0',
+ $defaults = array("oauth_version" => twitterOAuthRequest::$version,
"oauth_nonce" => twitterOAuthRequest::generate_nonce(),
"oauth_timestamp" => twitterOAuthRequest::generate_timestamp(),
"oauth_consumer_key" => $consumer->key);
diff --git a/mod/twitter_api/vendors/twitteroauth/twitterOAuth.php b/mod/twitter_api/vendors/twitteroauth/twitterOAuth.php
index a1021ce6f..f36e6158d 100644
--- a/mod/twitter_api/vendors/twitteroauth/twitterOAuth.php
+++ b/mod/twitter_api/vendors/twitteroauth/twitterOAuth.php
@@ -43,8 +43,8 @@ class TwitterOAuth {
* Set API URLS
*/
function accessTokenURL() { return 'https://api.twitter.com/oauth/access_token'; }
- function authenticateURL() { return 'https://twitter.com/oauth/authenticate'; }
- function authorizeURL() { return 'https://twitter.com/oauth/authorize'; }
+ function authenticateURL() { return 'https://api.twitter.com/oauth/authenticate'; }
+ function authorizeURL() { return 'https://api.twitter.com/oauth/authorize'; }
function requestTokenURL() { return 'https://api.twitter.com/oauth/request_token'; }
/**
diff --git a/mod/uservalidationbyemail/start.php b/mod/uservalidationbyemail/start.php
index f98f57faf..f44d2ab50 100644
--- a/mod/uservalidationbyemail/start.php
+++ b/mod/uservalidationbyemail/start.php
@@ -233,15 +233,23 @@ function uservalidationbyemail_public_pages($hook, $type, $return_value, $params
* @param string $type
* @param ElggUser $user
* @return bool
+ *
+ * @throws LoginException
*/
function uservalidationbyemail_check_manual_login($event, $type, $user) {
$access_status = access_get_show_hidden_status();
access_show_hidden_entities(TRUE);
- // @todo register_error()?
- $return = ($user instanceof ElggUser && !$user->isEnabled() && !$user->validated) ? FALSE : NULL;
+ if (($user instanceof ElggUser) && !$user->isEnabled() && !$user->validated) {
+ // send new validation email
+ uservalidationbyemail_request_validation($user->getGUID());
+
+ // restore hidden entities settings
+ access_show_hidden_entities($access_status);
+
+ // throw error so we get a nice error message
+ throw new LoginException(elgg_echo('uservalidationbyemail:login:fail'));
+ }
access_show_hidden_entities($access_status);
-
- return $return;
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-29 04:20:45 +0000