aboutsummaryrefslogtreecommitdiff
path: root/mod
diff options
context:
space:
mode:
Diffstat (limited to 'mod')
-rw-r--r--mod/blog/actions/blog/auto_save_revision.php2
-rw-r--r--mod/blog/actions/blog/save.php10
-rw-r--r--mod/blog/lib/blog.php92
-rw-r--r--mod/blog/start.php3
-rw-r--r--mod/blog/views/default/forms/blog/save.php11
-rw-r--r--mod/blog/views/default/js/blog/save_draft.php6
-rw-r--r--mod/bookmarks/actions/bookmarks/save.php2
-rw-r--r--mod/bookmarks/start.php5
-rw-r--r--mod/categories/views/default/input/categories.php6
-rw-r--r--mod/developers/manifest.xml1
-rw-r--r--mod/developers/views/default/theme_preview/grid.php134
-rw-r--r--mod/embed/start.php2
-rw-r--r--mod/embed/views/default/js/embed/embed.php9
-rw-r--r--mod/file/actions/file/upload.php4
-rw-r--r--mod/file/thumbnail.php2
-rw-r--r--mod/groups/actions/discussion/save.php2
-rw-r--r--mod/groups/actions/groups/edit.php151
-rw-r--r--mod/groups/icon.php6
-rw-r--r--mod/groups/languages/en.php5
-rw-r--r--mod/groups/lib/discussion.php2
-rw-r--r--mod/groups/lib/groups.php72
-rw-r--r--mod/groups/start.php17
-rw-r--r--mod/groups/views/default/forms/groups/edit.php76
-rw-r--r--mod/groups/views/default/groups/edit.php4
-rw-r--r--mod/groups/views/default/groups/js.php7
-rw-r--r--mod/groups/views/default/plugins/groups/settings.php18
-rw-r--r--mod/groups/views/rss/groups/profile/layout.php13
-rw-r--r--mod/groups/views/rss/object/groupforumtopic.php2
-rw-r--r--mod/htmlawed/start.php22
-rw-r--r--mod/htmlawed/tests/tags.php45
-rw-r--r--mod/likes/actions/likes/delete.php17
-rw-r--r--mod/likes/languages/en.php2
-rw-r--r--mod/likes/views/default/annotation/likes.php10
-rw-r--r--mod/likes/views/default/likes/button.php8
-rw-r--r--mod/messageboard/views/default/river/object/messageboard/create.php23
-rw-r--r--mod/messages/manifest.xml2
-rw-r--r--mod/messages/pages/messages/inbox.php9
-rw-r--r--mod/messages/pages/messages/read.php9
-rw-r--r--mod/messages/pages/messages/sent.php9
-rw-r--r--mod/pages/actions/pages/edit.php5
-rw-r--r--mod/pages/views/default/pages/icon.php2
-rw-r--r--mod/profile/icondirect.php18
-rw-r--r--mod/profile/start.php2
-rw-r--r--mod/profile/views/default/profile/details.php2
-rw-r--r--mod/search/start.php4
-rw-r--r--mod/search/views/default/search/no_results.php2
-rw-r--r--mod/search/views/default/search/search_box.php3
-rw-r--r--mod/thewire/actions/delete.php2
-rw-r--r--mod/thewire/views/default/js/thewire.php16
-rw-r--r--mod/thewire/views/default/thewire/css.php3
-rw-r--r--mod/thewire/views/rss/object/thewire.php2
-rw-r--r--mod/twitter/views/default/widgets/twitter/content.php2
-rw-r--r--mod/twitter_api/vendors/twitteroauth/OAuth.php3
-rw-r--r--mod/twitter_api/vendors/twitteroauth/twitterOAuth.php4
-rw-r--r--mod/uservalidationbyemail/start.php16
-rw-r--r--mod/uservalidationbyemail/views/default/forms/uservalidationbyemail/bulk_action.php2
56 files changed, 633 insertions, 275 deletions
diff --git a/mod/blog/actions/blog/auto_save_revision.php b/mod/blog/actions/blog/auto_save_revision.php
index 66b65c5fd..e33edfaab 100644
--- a/mod/blog/actions/blog/auto_save_revision.php
+++ b/mod/blog/actions/blog/auto_save_revision.php
@@ -7,7 +7,7 @@
$guid = get_input('guid');
$user = elgg_get_logged_in_user_entity();
-$title = get_input('title');
+$title = htmlspecialchars(get_input('title', '', false), ENT_QUOTES, 'UTF-8');
$description = get_input('description');
$excerpt = get_input('excerpt');
diff --git a/mod/blog/actions/blog/save.php b/mod/blog/actions/blog/save.php
index 8923cd0d2..070c96398 100644
--- a/mod/blog/actions/blog/save.php
+++ b/mod/blog/actions/blog/save.php
@@ -57,7 +57,11 @@ $required = array('title', 'description');
// load from POST and do sanity and access checking
foreach ($values as $name => $default) {
- $value = get_input($name, $default);
+ if ($name === 'title') {
+ $value = htmlspecialchars(get_input('title', $default, false), ENT_QUOTES, 'UTF-8');
+ } else {
+ $value = get_input($name, $default);
+ }
if (in_array($name, $required) && empty($value)) {
$error = elgg_echo("blog:error:missing:$name");
@@ -145,7 +149,7 @@ if (!$error) {
// add to river if changing status or published, regardless of new post
// because we remove it for drafts.
if (($new_post || $old_status == 'draft') && $status == 'published') {
- add_to_river('river/object/blog/create', 'create', elgg_get_logged_in_user_guid(), $blog->getGUID());
+ add_to_river('river/object/blog/create', 'create', $blog->owner_guid, $blog->getGUID());
if ($guid) {
$blog->time_created = time();
@@ -170,4 +174,4 @@ if (!$error) {
} else {
register_error($error);
forward($error_forward_url);
-} \ No newline at end of file
+}
diff --git a/mod/blog/lib/blog.php b/mod/blog/lib/blog.php
index 9a02a8cc3..3c71dfbab 100644
--- a/mod/blog/lib/blog.php
+++ b/mod/blog/lib/blog.php
@@ -50,7 +50,7 @@ function blog_get_page_content_read($guid = NULL) {
/**
* Get page components to list a user's or all blogs.
*
- * @param int $owner_guid The GUID of the page owner or NULL for all blogs
+ * @param int $container_guid The GUID of the page owner or NULL for all blogs
* @return array
*/
function blog_get_page_content_list($container_guid = NULL) {
@@ -62,10 +62,11 @@ function blog_get_page_content_list($container_guid = NULL) {
$options = array(
'type' => 'object',
'subtype' => 'blog',
- 'full_view' => FALSE,
+ 'full_view' => false,
);
- $loggedin_userid = elgg_get_logged_in_user_guid();
+ $current_user = elgg_get_logged_in_user_entity();
+
if ($container_guid) {
// access check for closed groups
group_gatekeeper();
@@ -80,7 +81,7 @@ function blog_get_page_content_list($container_guid = NULL) {
$crumbs_title = $container->name;
elgg_push_breadcrumb($crumbs_title);
- if ($container_guid == $loggedin_userid) {
+ if ($current_user && ($container_guid == $current_user->guid)) {
$return['filter_context'] = 'mine';
} else if (elgg_instanceof($container, 'group')) {
$return['filter'] = false;
@@ -99,7 +100,13 @@ function blog_get_page_content_list($container_guid = NULL) {
// show all posts for admin or users looking at their own blogs
// show only published posts for other users.
- if (!(elgg_is_admin_logged_in() || (elgg_is_logged_in() && $container_guid == $loggedin_userid))) {
+ $show_only_published = true;
+ if ($current_user) {
+ if (($current_user->guid == $container_guid) || $current_user->isAdmin()) {
+ $show_only_published = false;
+ }
+ }
+ if ($show_only_published) {
$options['metadata_name_value_pairs'] = array(
array('name' => 'status', 'value' => 'published'),
);
@@ -155,11 +162,14 @@ function blog_get_page_content_friends($user_guid) {
// admin / owners can see any posts
// everyone else can only see published posts
- if (!(elgg_is_admin_logged_in() || (elgg_is_logged_in() && $owner_guid == elgg_get_logged_in_user_guid()))) {
- if ($upper > $now) {
- $upper = $now;
+ $show_only_published = true;
+ $current_user = elgg_get_logged_in_user_entity();
+ if ($current_user) {
+ if (($user_guid == $current_user->guid) || $current_user->isAdmin()) {
+ $show_only_published = false;
}
-
+ }
+ if ($show_only_published) {
$options['metadata_name_value_pairs'][] = array(
array('name' => 'status', 'value' => 'published')
);
@@ -240,9 +250,9 @@ function blog_get_page_content_archive($owner_guid, $lower = 0, $upper = 0) {
$list = elgg_list_entities_from_metadata($options);
if (!$list) {
- $content .= elgg_echo('blog:none');
+ $content = elgg_echo('blog:none');
} else {
- $content .= $list;
+ $content = $list;
}
$title = elgg_echo('date:month:' . date('m', $lower), array(date('Y', $lower)));
@@ -272,9 +282,9 @@ function blog_get_page_content_edit($page, $guid = 0, $revision = NULL) {
$vars = array();
$vars['id'] = 'blog-post-edit';
- $vars['name'] = 'blog_post';
$vars['class'] = 'elgg-form-alt';
+ $sidebar = '';
if ($page == 'edit') {
$blog = get_entity((int)$guid);
@@ -311,14 +321,8 @@ function blog_get_page_content_edit($page, $guid = 0, $revision = NULL) {
$content = elgg_echo('blog:error:cannot_edit_post');
}
} else {
- if (!$guid) {
- $container = elgg_get_logged_in_user_entity();
- } else {
- $container = get_entity($guid);
- }
-
elgg_push_breadcrumb(elgg_echo('blog:add'));
- $body_vars = blog_prepare_form_vars($blog);
+ $body_vars = blog_prepare_form_vars(null);
$title = elgg_echo('blog:add');
$content = elgg_view_form('blog/save', $vars, $body_vars);
@@ -385,7 +389,7 @@ function blog_prepare_form_vars($post = NULL, $revision = NULL) {
if ($auto_save_annotations = $post->getAnnotations('blog_auto_save', 1)) {
$auto_save = $auto_save_annotations[0];
} else {
- $auto_save == FALSE;
+ $auto_save = false;
}
if ($auto_save && $auto_save->id != $revision->id) {
@@ -397,52 +401,74 @@ function blog_prepare_form_vars($post = NULL, $revision = NULL) {
/**
* Forward to the new style of URLs
+ *
+ * Pre-1.7.5
+ * Group blogs page: /blog/group:<container_guid>/
+ * Group blog view: /blog/group:<container_guid>/read/<guid>/<title>
+ * 1.7.5-1.8
+ * Group blogs page: /blog/owner/group:<container_guid>/
+ * Group blog view: /blog/read/<guid>
+ *
*
* @param string $page
*/
function blog_url_forwarder($page) {
- global $CONFIG;
+
+ $viewtype = elgg_get_viewtype();
+ $qs = ($viewtype === 'default') ? "" : "?view=$viewtype";
+
+ $url = "blog/all";
+
+ // easier to work with & no notices
+ $page = array_pad($page, 4, "");
// group usernames
- if (substr_count($page[0], 'group:')) {
- preg_match('/group\:([0-9]+)/i', $page[0], $matches);
+ if (preg_match('~/group\:([0-9]+)/~', "/{$page[0]}/{$page[1]}/", $matches)) {
$guid = $matches[1];
$entity = get_entity($guid);
- if ($entity) {
- $url = "{$CONFIG->wwwroot}blog/group/$guid/all";
+ if (elgg_instanceof($entity, 'group')) {
+ if (!empty($page[2])) {
+ $url = "blog/view/$page[2]/";
+ } else {
+ $url = "blog/group/$guid/all";
+ }
register_error(elgg_echo("changebookmark"));
- forward($url);
+ forward($url . $qs);
}
}
+ if (empty($page[0])) {
+ return;
+ }
+
// user usernames
$user = get_user_by_username($page[0]);
if (!$user) {
return;
}
- if (!isset($page[1])) {
+ if (empty($page[1])) {
$page[1] = 'owner';
}
switch ($page[1]) {
case "read":
- $url = "{$CONFIG->wwwroot}blog/view/{$page[2]}/{$page[3]}";
+ $url = "blog/view/{$page[2]}/{$page[3]}";
break;
case "archive":
- $url = "{$CONFIG->wwwroot}blog/archive/{$page[0]}/{$page[2]}/{$page[3]}";
+ $url = "blog/archive/{$page[0]}/{$page[2]}/{$page[3]}";
break;
case "friends":
- $url = "{$CONFIG->wwwroot}blog/friends/{$page[0]}";
+ $url = "blog/friends/{$page[0]}";
break;
case "new":
- $url = "{$CONFIG->wwwroot}blog/add/$user->guid";
+ $url = "blog/add/$user->guid";
break;
case "owner":
- $url = "{$CONFIG->wwwroot}blog/owner/{$page[0]}";
+ $url = "blog/owner/{$page[0]}";
break;
}
register_error(elgg_echo("changebookmark"));
- forward($url);
+ forward($url . $qs);
}
diff --git a/mod/blog/start.php b/mod/blog/start.php
index 9faf1794e..8cbaf5cca 100644
--- a/mod/blog/start.php
+++ b/mod/blog/start.php
@@ -99,8 +99,7 @@ function blog_page_handler($page) {
elgg_load_library('elgg:blog');
- // @todo remove the forwarder in 1.9
- // forward to correct URL for blog pages pre-1.7.5
+ // forward to correct URL for blog pages pre-1.8
blog_url_forwarder($page);
// push all blogs breadcrumb
diff --git a/mod/blog/views/default/forms/blog/save.php b/mod/blog/views/default/forms/blog/save.php
index a805541bd..36fa2e0e8 100644
--- a/mod/blog/views/default/forms/blog/save.php
+++ b/mod/blog/views/default/forms/blog/save.php
@@ -23,7 +23,7 @@ if ($vars['guid']) {
$delete_link = elgg_view('output/confirmlink', array(
'href' => $delete_url,
'text' => elgg_echo('delete'),
- 'class' => 'elgg-button elgg-button-delete elgg-state-disabled float-alt'
+ 'class' => 'elgg-button elgg-button-delete float-alt'
));
}
@@ -53,7 +53,7 @@ $excerpt_label = elgg_echo('blog:excerpt');
$excerpt_input = elgg_view('input/text', array(
'name' => 'excerpt',
'id' => 'blog_excerpt',
- 'value' => html_entity_decode($vars['excerpt'], ENT_COMPAT, 'UTF-8')
+ 'value' => _elgg_html_decode($vars['excerpt'])
));
$body_label = elgg_echo('blog:body');
@@ -125,9 +125,10 @@ $draft_warning
$excerpt_input
</div>
-<label for="blog_description">$body_label</label>
-$body_input
-<br />
+<div>
+ <label for="blog_description">$body_label</label>
+ $body_input
+</div>
<div>
<label for="blog_tags">$tags_label</label>
diff --git a/mod/blog/views/default/js/blog/save_draft.php b/mod/blog/views/default/js/blog/save_draft.php
index 8a994ffb0..8cd07ff5d 100644
--- a/mod/blog/views/default/js/blog/save_draft.php
+++ b/mod/blog/views/default/js/blog/save_draft.php
@@ -12,7 +12,7 @@ elgg.provide('elgg.blog');
*/
elgg.blog.saveDraftCallback = function(data, textStatus, XHR) {
if (textStatus == 'success' && data.success == true) {
- var form = $('form[name=blog_post]');
+ var form = $('form[id=blog-post-edit]');
// update the guid input element for new posts that now have a guid
form.find('input[name=guid]').val(data.guid);
@@ -36,7 +36,7 @@ elgg.blog.saveDraft = function() {
}
// only save on changed content
- var form = $('form[name=blog_post]');
+ var form = $('form[id=blog-post-edit]');
var description = form.find('textarea[name=description]').val();
var title = form.find('input[name=title]').val();
@@ -59,7 +59,7 @@ elgg.blog.saveDraft = function() {
elgg.blog.init = function() {
// get a copy of the body to compare for auto save
- oldDescription = $('form[name=blog_post]').find('textarea[name=description]').val();
+ oldDescription = $('form[id=blog-post-edit]').find('textarea[name=description]').val();
setInterval(elgg.blog.saveDraft, 60000);
};
diff --git a/mod/bookmarks/actions/bookmarks/save.php b/mod/bookmarks/actions/bookmarks/save.php
index 3ca6bef32..46090b115 100644
--- a/mod/bookmarks/actions/bookmarks/save.php
+++ b/mod/bookmarks/actions/bookmarks/save.php
@@ -5,7 +5,7 @@
* @package Bookmarks
*/
-$title = strip_tags(get_input('title'));
+$title = htmlspecialchars(get_input('title', '', false), ENT_QUOTES, 'UTF-8');
$description = get_input('description');
$address = get_input('address');
$access_id = get_input('access_id');
diff --git a/mod/bookmarks/start.php b/mod/bookmarks/start.php
index 56bac984a..66e22b565 100644
--- a/mod/bookmarks/start.php
+++ b/mod/bookmarks/start.php
@@ -86,8 +86,13 @@ function bookmarks_init() {
* @return bool
*/
function bookmarks_page_handler($page) {
+
elgg_load_library('elgg:bookmarks');
+ if (!isset($page[0])) {
+ $page[0] = 'all';
+ }
+
elgg_push_breadcrumb(elgg_echo('bookmarks'), 'bookmarks/all');
// old group usernames
diff --git a/mod/categories/views/default/input/categories.php b/mod/categories/views/default/input/categories.php
index 75960d257..b543cde45 100644
--- a/mod/categories/views/default/input/categories.php
+++ b/mod/categories/views/default/input/categories.php
@@ -10,6 +10,12 @@
if (isset($vars['entity']) && $vars['entity'] instanceof ElggEntity) {
$selected_categories = $vars['entity']->universal_categories;
}
+
+// use sticky values if set
+if (isset($vars['universal_categories_list'])) {
+ $selected_categories = $vars['universal_categories_list'];
+}
+
$categories = elgg_get_site_entity()->categories;
if (empty($categories)) {
$categories = array();
diff --git a/mod/developers/manifest.xml b/mod/developers/manifest.xml
index 93a12945d..e31998872 100644
--- a/mod/developers/manifest.xml
+++ b/mod/developers/manifest.xml
@@ -8,6 +8,7 @@
<blurb>Developer tools for Elgg</blurb>
<description>A set of tools for writing plugins and themes. It is recommended that you have this plugin at the top of the plugin list.</description>
<website>http://www.elgg.org/</website>
+ <bugtracker>http://trac.elgg.org</bugtracker>
<copyright>See COPYRIGHT.txt</copyright>
<license>GNU General Public License version 2</license>
diff --git a/mod/developers/views/default/theme_preview/grid.php b/mod/developers/views/default/theme_preview/grid.php
index 030e752e7..0c4cbb251 100644
--- a/mod/developers/views/default/theme_preview/grid.php
+++ b/mod/developers/views/default/theme_preview/grid.php
@@ -4,73 +4,111 @@
*/
?>
-<style>
-h3 {text-align: center;}
-.elgg-col > .elgg-inner {border: 1px solid #cccccc; padding: 5px;}
-</style>
-
-<div class="elgg-col elgg-col-1of5">
- <div class="elgg-inner">
- <h3>1/5</h3>
- <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</p>
- <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</p>
- <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</p>
- </div>
+<div class="elgg-grid">
+ <div class="elgg-col elgg-col-1of1"><div class="elgg-inner"><h3>1/1</h3></div></div>
</div>
-<div class="elgg-col elgg-col-3of5">
- <div class="elgg-inner clearfix">
- <h3>3/5</h3>
- <div class="elgg-col elgg-col-1of2">
- <div class="elgg-inner">
- <h3>1/2</h3>
- <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</p>
- </div>
- </div>
- <div class="elgg-col elgg-col-1of2">
- <div class="elgg-inner">
- <h3>1/2</h3>
- <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</p>
- </div>
- </div>
- <div class="elgg-col elgg-col-1of3">
- <div class="elgg-inner">
- <h3>1/3</h3>
- <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</p>
- <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</p>
- </div>
+<div class="elgg-grid">
+ <div class="elgg-col elgg-col-1of2"><div class="elgg-inner"><h3>1/2</h3></div></div>
+ <div class="elgg-col elgg-col-1of2"><div class="elgg-inner"><h3>1/2</h3></div></div>
+</div>
+<div class="elgg-grid">
+ <div class="elgg-col elgg-col-1of3"><div class="elgg-inner"><h3>1/3</h3></div></div>
+ <div class="elgg-col elgg-col-2of3"><div class="elgg-inner"><h3>2/3</h3></div></div>
+</div>
+<div class="elgg-grid">
+ <div class="elgg-col elgg-col-3of4"><div class="elgg-inner"><h3>3/4</h3></div></div>
+ <div class="elgg-col elgg-col-1of4"><div class="elgg-inner"><h3>1/4</h3></div></div>
+</div>
+<div class="elgg-grid">
+ <div class="elgg-col elgg-col-1of5"><div class="elgg-inner"><h3>1/5</h3></div></div>
+ <div class="elgg-col elgg-col-4of5"><div class="elgg-inner"><h3>4/5</h3></div></div>
+</div>
+<div class="elgg-grid">
+ <div class="elgg-col elgg-col-3of5"><div class="elgg-inner"><h3>3/5</h3></div></div>
+ <div class="elgg-col elgg-col-2of5"><div class="elgg-inner"><h3>2/5</h3></div></div>
+</div>
+<div class="elgg-grid">
+ <div class="elgg-col elgg-col-1of6"><div class="elgg-inner"><h3>1/6</h3></div></div>
+ <div class="elgg-col elgg-col-5of6"><div class="elgg-inner"><h3>5/6</h3></div></div>
+</div>
+<div class="elgg-grid">
+ <style>
+ h3 { text-align: center; }
+ .elgg-col > .elgg-inner {
+ border: 1px solid #cccccc;
+ border-radius: 5px;
+ padding: 5px;
+ }
+ </style>
+ <div class="elgg-col elgg-col-1of5">
+ <div class="elgg-inner">
+ <h3>1/5</h3>
+ <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</p>
+ <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</p>
+ <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</p>
</div>
- <div class="elgg-col elgg-col-2of3">
- <div class="elgg-inner">
- <h3>2/3</h3>
+ </div>
+ <div class="elgg-col elgg-col-3of5">
+ <div class="elgg-inner clearfix">
+ <h3>3/5</h3>
+ <div class="elgg-grid">
<div class="elgg-col elgg-col-1of2">
<div class="elgg-inner">
<h3>1/2</h3>
<p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</p>
</div>
</div>
- <div class="elgg-col elgg-col-1of2">
+ <div class="elgg-col elgg-col-1of2 elgg-col-last">
<div class="elgg-inner">
<h3>1/2</h3>
<p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</p>
</div>
</div>
- <div class="elgg-col elgg-col-1of1">
+ </div>
+ <div class="elgg-grid">
+ <div class="elgg-col elgg-col-1of3">
<div class="elgg-inner">
- <h3>1</h3>
+ <h3>1/3</h3>
+ <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</p>
<p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</p>
</div>
</div>
+ <div class="elgg-col elgg-col-2of3 elgg-col-last">
+ <div class="elgg-inner">
+ <h3>2/3</h3>
+ <div class="elgg-grid">
+ <div class="elgg-col elgg-col-1of2">
+ <div class="elgg-inner">
+ <h3>1/2</h3>
+ <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</p>
+ </div>
+ </div>
+ <div class="elgg-col elgg-col-1of2 elgg-col-last">
+ <div class="elgg-inner">
+ <h3>1/2</h3>
+ <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</p>
+ </div>
+ </div>
+ </div>
+ <div class="elgg-grid">
+ <div class="elgg-col elgg-col-1of1">
+ <div class="elgg-inner">
+ <h3>1</h3>
+ <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</p>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
</div>
</div>
</div>
-</div>
-<div class="elgg-col elgg-col-1of5 elgg-col-last">
- <div class="elgg-inner">
- <h3>1/5</h3>
- <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</p>
- <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</p>
- <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</p>
+ <div class="elgg-col elgg-col-1of5 elgg-col-last">
+ <div class="elgg-inner">
+ <h3>1/5</h3>
+ <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</p>
+ <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</p>
+ <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</p>
+ </div>
</div>
</div>
-
-</div>
diff --git a/mod/embed/start.php b/mod/embed/start.php
index a3ccab66b..e8a3f8c14 100644
--- a/mod/embed/start.php
+++ b/mod/embed/start.php
@@ -47,7 +47,7 @@ function embed_longtext_menu($hook, $type, $items, $vars) {
'name' => 'embed',
'href' => $url,
'text' => elgg_echo('embed:media'),
- 'rel' => 'lightbox',
+ 'rel' => "embed-lightbox-{$vars['id']}",
'link_class' => "elgg-longtext-control elgg-lightbox embed-control embed-control-{$vars['id']}",
'priority' => 10,
));
diff --git a/mod/embed/views/default/js/embed/embed.php b/mod/embed/views/default/js/embed/embed.php
index 0c8442292..eb6153abf 100644
--- a/mod/embed/views/default/js/embed/embed.php
+++ b/mod/embed/views/default/js/embed/embed.php
@@ -67,6 +67,8 @@ echo elgg_view('embed/custom_insert_js');
* @return bool
*/
elgg.embed.submit = function(event) {
+ $('.embed-wrapper .elgg-form-file-upload').hide();
+ $('.embed-throbber').show();
$(this).ajaxSubmit({
dataType : 'json',
@@ -82,6 +84,10 @@ elgg.embed.submit = function(event) {
var url = elgg.normalize_url('embed/tab/' + forward);
url = elgg.embed.addContainerGUID(url);
$('.embed-wrapper').parent().load(url);
+ } else {
+ // incorrect response, presumably an error has been displayed
+ $('.embed-throbber').hide();
+ $('.embed-wrapper .elgg-form-file-upload').show();
}
}
},
@@ -90,9 +96,6 @@ elgg.embed.submit = function(event) {
}
});
- $('.elgg-form-file-upload').hide();
- $('.embed-throbber').show();
-
// this was bubbling up the DOM causing a submission
event.preventDefault();
event.stopPropagation();
diff --git a/mod/file/actions/file/upload.php b/mod/file/actions/file/upload.php
index d72d04eb7..d6dce2528 100644
--- a/mod/file/actions/file/upload.php
+++ b/mod/file/actions/file/upload.php
@@ -6,7 +6,7 @@
*/
// Get variables
-$title = get_input("title");
+$title = htmlspecialchars(get_input('title', '', false), ENT_QUOTES, 'UTF-8');
$desc = get_input("description");
$access_id = (int) get_input("access_id");
$container_guid = (int) get_input('container_guid', 0);
@@ -44,7 +44,7 @@ if ($new_file) {
// if no title on new upload, grab filename
if (empty($title)) {
- $title = $_FILES['upload']['name'];
+ $title = htmlspecialchars($_FILES['upload']['name'], ENT_QUOTES, 'UTF-8');
}
} else {
diff --git a/mod/file/thumbnail.php b/mod/file/thumbnail.php
index 35bf8c7f7..851f13a8f 100644
--- a/mod/file/thumbnail.php
+++ b/mod/file/thumbnail.php
@@ -46,7 +46,7 @@ if ($simpletype == "image") {
// caching images for 10 days
header("Content-type: $mime");
- header('Expires: ' . date('r',time() + 864000));
+ header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', strtotime("+10 days")), true);
header("Pragma: public", true);
header("Cache-Control: public", true);
header("Content-Length: " . strlen($contents));
diff --git a/mod/groups/actions/discussion/save.php b/mod/groups/actions/discussion/save.php
index de4afadfb..b3e9da654 100644
--- a/mod/groups/actions/discussion/save.php
+++ b/mod/groups/actions/discussion/save.php
@@ -4,7 +4,7 @@
*/
// Get variables
-$title = get_input("title");
+$title = htmlspecialchars(get_input('title', '', false), ENT_QUOTES, 'UTF-8');
$desc = get_input("description");
$status = get_input("status");
$access_id = (int) get_input("access_id");
diff --git a/mod/groups/actions/groups/edit.php b/mod/groups/actions/groups/edit.php
index b513a6098..d0689be2e 100644
--- a/mod/groups/actions/groups/edit.php
+++ b/mod/groups/actions/groups/edit.php
@@ -5,25 +5,25 @@
* @package ElggGroups
*/
-// Load configuration
-global $CONFIG;
+elgg_make_sticky_form('groups');
/**
* wrapper for recursive array walk decoding
*/
function profile_array_decoder(&$v) {
- $v = html_entity_decode($v, ENT_COMPAT, 'UTF-8');
+ $v = _elgg_html_decode($v);
}
// Get group fields
$input = array();
-foreach ($CONFIG->group as $shortname => $valuetype) {
- // another work around for Elgg's encoding problems: #561, #1963
+foreach (elgg_get_config('group') as $shortname => $valuetype) {
$input[$shortname] = get_input($shortname);
+
+ // @todo treat profile fields as unescaped: don't filter, encode on output
if (is_array($input[$shortname])) {
array_walk_recursive($input[$shortname], 'profile_array_decoder');
} else {
- $input[$shortname] = html_entity_decode($input[$shortname], ENT_COMPAT, 'UTF-8');
+ $input[$shortname] = _elgg_html_decode($input[$shortname]);
}
if ($valuetype == 'tags') {
@@ -31,18 +31,23 @@ foreach ($CONFIG->group as $shortname => $valuetype) {
}
}
-$input['name'] = get_input('name');
-$input['name'] = html_entity_decode($input['name'], ENT_COMPAT, 'UTF-8');
+$input['name'] = htmlspecialchars(get_input('name', '', false), ENT_QUOTES, 'UTF-8');
$user = elgg_get_logged_in_user_entity();
$group_guid = (int)get_input('group_guid');
-$new_group_flag = $group_guid == 0;
+$is_new_group = $group_guid == 0;
+
+if ($is_new_group
+ && (elgg_get_plugin_setting('limited_groups', 'groups') == 'yes')
+ && !$user->isAdmin()) {
+ register_error(elgg_echo("groups:cantcreate"));
+ forward(REFERER);
+}
$group = new ElggGroup($group_guid); // load if present, if not create a new group
-if (($group_guid) && (!$group->canEdit())) {
+if ($group_guid && !$group->canEdit()) {
register_error(elgg_echo("groups:cantedit"));
-
forward(REFERER);
}
@@ -56,37 +61,46 @@ if (sizeof($input) > 0) {
// Validate create
if (!$group->name) {
register_error(elgg_echo("groups:notitle"));
-
forward(REFERER);
}
// Set group tool options
-if (isset($CONFIG->group_tool_options)) {
- foreach ($CONFIG->group_tool_options as $group_option) {
- $group_option_toggle_name = $group_option->name . "_enable";
- if ($group_option->default_on) {
- $group_option_default_value = 'yes';
- } else {
- $group_option_default_value = 'no';
- }
- $group->$group_option_toggle_name = get_input($group_option_toggle_name, $group_option_default_value);
+$tool_options = elgg_get_config('group_tool_options');
+if ($tool_options) {
+ foreach ($tool_options as $group_option) {
+ $option_toggle_name = $group_option->name . "_enable";
+ $option_default = $group_option->default_on ? 'yes' : 'no';
+ $group->$option_toggle_name = get_input($option_toggle_name, $option_default);
}
}
// Group membership - should these be treated with same constants as access permissions?
-switch (get_input('membership')) {
- case ACCESS_PUBLIC:
- $group->membership = ACCESS_PUBLIC;
- break;
- default:
- $group->membership = ACCESS_PRIVATE;
-}
+$is_public_membership = (get_input('membership') == ACCESS_PUBLIC);
+$group->membership = $is_public_membership ? ACCESS_PUBLIC : ACCESS_PRIVATE;
-if ($new_group_flag) {
+if ($is_new_group) {
$group->access_id = ACCESS_PUBLIC;
}
+$old_owner_guid = $is_new_group ? 0 : $group->owner_guid;
+$new_owner_guid = (int) get_input('owner_guid');
+
+$owner_has_changed = false;
+$old_icontime = null;
+if (!$is_new_group && $new_owner_guid && $new_owner_guid != $old_owner_guid) {
+ // verify new owner is member and old owner/admin is logged in
+ if (is_group_member($group_guid, $new_owner_guid) && ($old_owner_guid == $user->guid || $user->isAdmin())) {
+ $group->owner_guid = $new_owner_guid;
+
+ // @todo Remove this when #4683 fixed
+ $owner_has_changed = true;
+ $old_icontime = $group->icontime;
+ }
+}
+
+$must_move_icons = ($owner_has_changed && $old_icontime);
+
$group->save();
// Invisible group support
@@ -106,15 +120,22 @@ if (elgg_get_plugin_setting('hidden_groups', 'groups') == 'yes') {
$group->save();
+// group saved so clear sticky form
+elgg_clear_sticky_form('groups');
+
// group creator needs to be member of new group and river entry created
-if ($new_group_flag) {
+if ($is_new_group) {
+
+ // @todo this should not be necessary...
elgg_set_page_owner_guid($group->guid);
+
$group->join($user);
add_to_river('river/group/create', 'create', $user->guid, $group->guid, $group->access_id);
}
-// Now see if we have a file icon
-if ((isset($_FILES['icon'])) && (substr_count($_FILES['icon']['type'],'image/'))) {
+$has_uploaded_icon = (!empty($_FILES['icon']['type']) && substr_count($_FILES['icon']['type'], 'image/'));
+
+if ($has_uploaded_icon) {
$icon_sizes = elgg_get_config('icon_sizes');
@@ -126,38 +147,58 @@ if ((isset($_FILES['icon'])) && (substr_count($_FILES['icon']['type'],'image/'))
$filehandler->open("write");
$filehandler->write(get_uploaded_file('icon'));
$filehandler->close();
+ $filename = $filehandler->getFilenameOnFilestore();
+
+ $sizes = array('tiny', 'small', 'medium', 'large');
+
+ $thumbs = array();
+ foreach ($sizes as $size) {
+ $thumbs[$size] = get_resized_image_from_existing_file(
+ $filename,
+ $icon_sizes[$size]['w'],
+ $icon_sizes[$size]['h'],
+ $icon_sizes[$size]['square']
+ );
+ }
- $thumbtiny = get_resized_image_from_existing_file($filehandler->getFilenameOnFilestore(), $icon_sizes['tiny']['w'], $icon_sizes['tiny']['h'], $icon_sizes['tiny']['square']);
- $thumbsmall = get_resized_image_from_existing_file($filehandler->getFilenameOnFilestore(), $icon_sizes['small']['w'], $icon_sizes['small']['h'], $icon_sizes['small']['square']);
- $thumbmedium = get_resized_image_from_existing_file($filehandler->getFilenameOnFilestore(), $icon_sizes['medium']['w'], $icon_sizes['medium']['h'], $icon_sizes['medium']['square']);
- $thumblarge = get_resized_image_from_existing_file($filehandler->getFilenameOnFilestore(), $icon_sizes['large']['w'], $icon_sizes['large']['h'], $icon_sizes['large']['square']);
- if ($thumbtiny) {
-
+ if ($thumbs['tiny']) { // just checking if resize successful
$thumb = new ElggFile();
$thumb->owner_guid = $group->owner_guid;
$thumb->setMimeType('image/jpeg');
- $thumb->setFilename($prefix."tiny.jpg");
- $thumb->open("write");
- $thumb->write($thumbtiny);
- $thumb->close();
+ foreach ($sizes as $size) {
+ $thumb->setFilename("{$prefix}{$size}.jpg");
+ $thumb->open("write");
+ $thumb->write($thumbs[$size]);
+ $thumb->close();
+ }
+
+ $group->icontime = time();
+ }
+}
- $thumb->setFilename($prefix."small.jpg");
- $thumb->open("write");
- $thumb->write($thumbsmall);
- $thumb->close();
+// @todo Remove this when #4683 fixed
+if ($must_move_icons) {
+ $filehandler = new ElggFile();
+ $filehandler->setFilename('groups');
+ $filehandler->owner_guid = $old_owner_guid;
+ $old_path = $filehandler->getFilenameOnFilestore();
- $thumb->setFilename($prefix."medium.jpg");
- $thumb->open("write");
- $thumb->write($thumbmedium);
- $thumb->close();
+ $sizes = array('', 'tiny', 'small', 'medium', 'large');
- $thumb->setFilename($prefix."large.jpg");
- $thumb->open("write");
- $thumb->write($thumblarge);
- $thumb->close();
+ if ($has_uploaded_icon) {
+ // delete those under old owner
+ foreach ($sizes as $size) {
+ unlink("$old_path/{$group_guid}{$size}.jpg");
+ }
+ } else {
+ // move existing to new owner
+ $filehandler->owner_guid = $group->owner_guid;
+ $new_path = $filehandler->getFilenameOnFilestore();
- $group->icontime = time();
+ foreach ($sizes as $size) {
+ rename("$old_path/{$group_guid}{$size}.jpg", "$new_path/{$group_guid}{$size}.jpg");
+ }
}
}
diff --git a/mod/groups/icon.php b/mod/groups/icon.php
index 1bd240ea6..ebdc1eb6d 100644
--- a/mod/groups/icon.php
+++ b/mod/groups/icon.php
@@ -18,7 +18,7 @@ if (!($group instanceof ElggGroup)) {
// If is the same ETag, content didn't changed.
$etag = $group->icontime . $group_guid;
-if (isset($_SERVER['HTTP_IF_NONE_MATCH']) && trim($_SERVER['HTTP_IF_NONE_MATCH']) == $etag) {
+if (isset($_SERVER['HTTP_IF_NONE_MATCH']) && trim($_SERVER['HTTP_IF_NONE_MATCH']) == "\"$etag\"") {
header("HTTP/1.1 304 Not Modified");
exit;
}
@@ -46,9 +46,9 @@ if (!$success) {
}
header("Content-type: image/jpeg");
-header('Expires: ' . date('r',time() + 864000));
+header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', strtotime("+10 days")), true);
header("Pragma: public");
header("Cache-Control: public");
header("Content-Length: " . strlen($contents));
-header("ETag: $etag");
+header("ETag: \"$etag\"");
echo $contents;
diff --git a/mod/groups/languages/en.php b/mod/groups/languages/en.php
index 4868aa334..0d57f1680 100644
--- a/mod/groups/languages/en.php
+++ b/mod/groups/languages/en.php
@@ -35,12 +35,14 @@ $english = array(
'groups:membership' => "Group membership permissions",
'groups:access' => "Access permissions",
'groups:owner' => "Owner",
+ 'groups:owner:warning' => "Warning: if you change this value, you will no longer be the owner of this group.",
'groups:widget:num_display' => 'Number of groups to display',
'groups:widget:membership' => 'Group membership',
'groups:widgets:description' => 'Display the groups you are a member of on your profile',
'groups:noaccess' => 'No access to group',
'groups:permissions:error' => 'You do not have the permissions for this',
'groups:ingroup' => 'in the group',
+ 'groups:cantcreate' => 'You can not create a group. Only admins can.',
'groups:cantedit' => 'You can not edit this group',
'groups:saved' => 'Group saved',
'groups:featured' => 'Featured groups',
@@ -259,6 +261,7 @@ or click below to view the group's join requests:
'groups:forumtopic:edited' => 'Forum topic successfully edited.',
'groups:allowhiddengroups' => 'Do you want to allow private (invisible) groups?',
+ 'groups:whocancreate' => 'Who can create new groups?',
/**
* Action messages
@@ -285,4 +288,4 @@ or click below to view the group's join requests:
);
-add_translation("en", $english); \ No newline at end of file
+add_translation("en", $english);
diff --git a/mod/groups/lib/discussion.php b/mod/groups/lib/discussion.php
index 02ab27fdc..ab2fe4849 100644
--- a/mod/groups/lib/discussion.php
+++ b/mod/groups/lib/discussion.php
@@ -15,7 +15,7 @@ function discussion_handle_all_page() {
'type' => 'object',
'subtype' => 'groupforumtopic',
'order_by' => 'e.last_action desc',
- 'limit' => 40,
+ 'limit' => 20,
'full_view' => false,
));
diff --git a/mod/groups/lib/groups.php b/mod/groups/lib/groups.php
index 51ae89a87..505cacd01 100644
--- a/mod/groups/lib/groups.php
+++ b/mod/groups/lib/groups.php
@@ -12,7 +12,9 @@ function groups_handle_all_page() {
elgg_pop_breadcrumb();
elgg_push_breadcrumb(elgg_echo('groups'));
- elgg_register_title_button();
+ if (elgg_get_plugin_setting('limited_groups', 'groups') != 'yes' || elgg_is_admin_logged_in()) {
+ elgg_register_title_button();
+ }
$selected_tab = get_input('filter', 'newest');
@@ -184,7 +186,11 @@ function groups_handle_edit_page($page, $guid = 0) {
elgg_set_page_owner_guid(elgg_get_logged_in_user_guid());
$title = elgg_echo('groups:add');
elgg_push_breadcrumb($title);
- $content = elgg_view('groups/edit');
+ if (elgg_get_plugin_setting('limited_groups', 'groups') != 'yes' || elgg_is_admin_logged_in()) {
+ $content = elgg_view('groups/edit');
+ } else {
+ $content = elgg_echo('groups:cantcreate');
+ }
} else {
$title = elgg_echo("groups:edit");
$group = get_entity($guid);
@@ -491,3 +497,65 @@ function groups_register_profile_buttons($group) {
}
}
}
+
+/**
+ * Prepares variables for the group edit form view.
+ *
+ * @param mixed $group ElggGroup or null. If a group, uses values from the group.
+ * @return array
+ */
+function groups_prepare_form_vars($group = null) {
+ $values = array(
+ 'name' => '',
+ 'membership' => ACCESS_PUBLIC,
+ 'vis' => ACCESS_PUBLIC,
+ 'guid' => null,
+ 'entity' => null
+ );
+
+ // handle customizable profile fields
+ $fields = elgg_get_config('group');
+
+ if ($fields) {
+ foreach ($fields as $name => $type) {
+ $values[$name] = '';
+ }
+ }
+
+ // handle tool options
+ $tools = elgg_get_config('group_tool_options');
+ if ($tools) {
+ foreach ($tools as $group_option) {
+ $option_name = $group_option->name . "_enable";
+ $values[$option_name] = $group_option->default_on ? 'yes' : 'no';
+ }
+ }
+
+ // get current group settings
+ if ($group) {
+ foreach (array_keys($values) as $field) {
+ if (isset($group->$field)) {
+ $values[$field] = $group->$field;
+ }
+ }
+
+ if ($group->access_id != ACCESS_PUBLIC && $group->access_id != ACCESS_LOGGED_IN) {
+ // group only access - this is done to handle access not created when group is created
+ $values['vis'] = ACCESS_PRIVATE;
+ }
+
+ $values['entity'] = $group;
+ }
+
+ // get any sticky form settings
+ if (elgg_is_sticky_form('groups')) {
+ $sticky_values = elgg_get_sticky_values('groups');
+ foreach ($sticky_values as $key => $value) {
+ $values[$key] = $value;
+ }
+ }
+
+ elgg_clear_sticky_form('groups');
+
+ return $values;
+}
diff --git a/mod/groups/start.php b/mod/groups/start.php
index 48df338c0..9dca7dc16 100644
--- a/mod/groups/start.php
+++ b/mod/groups/start.php
@@ -194,8 +194,21 @@ function groups_setup_sidebar_menus() {
*/
function groups_page_handler($page) {
+ // forward old profile urls
+ if (is_numeric($page[0])) {
+ $group = get_entity($page[0]);
+ if (elgg_instanceof($group, 'group', '', 'ElggGroup')) {
+ system_message(elgg_echo('changebookmark'));
+ forward($group->getURL());
+ }
+ }
+
elgg_load_library('elgg:groups');
+ if (!isset($page[0])) {
+ $page[0] = 'all';
+ }
+
elgg_push_breadcrumb(elgg_echo('groups'), "groups/all");
switch ($page[0]) {
@@ -785,6 +798,10 @@ function discussion_page_handler($page) {
elgg_load_library('elgg:discussion');
+ if (!isset($page[0])) {
+ $page[0] = 'all';
+ }
+
elgg_push_breadcrumb(elgg_echo('discussion'), 'discussion/all');
switch ($page[0]) {
diff --git a/mod/groups/views/default/forms/groups/edit.php b/mod/groups/views/default/forms/groups/edit.php
index 8055b6430..41d97e6c3 100644
--- a/mod/groups/views/default/forms/groups/edit.php
+++ b/mod/groups/views/default/forms/groups/edit.php
@@ -5,18 +5,9 @@
* @package ElggGroups
*/
-// new groups default to open membership
-if (isset($vars['entity'])) {
- $membership = $vars['entity']->membership;
- $access = $vars['entity']->access_id;
- if ($access != ACCESS_PUBLIC && $access != ACCESS_LOGGED_IN) {
- // group only - this is done to handle access not created when group is created
- $access = ACCESS_PRIVATE;
- }
-} else {
- $membership = ACCESS_PUBLIC;
- $access = ACCESS_PUBLIC;
-}
+// only extract these elements.
+$name = $membership = $vis = $entity = null;
+extract($vars, EXTR_IF_EXISTS);
?>
<div>
@@ -27,7 +18,7 @@ if (isset($vars['entity'])) {
<label><?php echo elgg_echo("groups:name"); ?></label><br />
<?php echo elgg_view("input/text", array(
'name' => 'name',
- 'value' => $vars['entity']->name,
+ 'value' => $name
));
?>
</div>
@@ -45,7 +36,7 @@ if ($group_profile_fields > 0) {
echo "</label>$line_break";
echo elgg_view("input/{$valtype}", array(
'name' => $shortname,
- 'value' => $vars['entity']->$shortname,
+ 'value' => elgg_extract($shortname, $vars)
));
echo '</div>';
}
@@ -70,10 +61,6 @@ if ($group_profile_fields > 0) {
<?php
if (elgg_get_plugin_setting('hidden_groups', 'groups') == 'yes') {
- $this_owner = $vars['entity']->owner_guid;
- if (!$this_owner) {
- $this_owner = elgg_get_logged_in_user_guid();
- }
$access_options = array(
ACCESS_PRIVATE => elgg_echo('groups:access:group'),
ACCESS_LOGGED_IN => elgg_echo("LOGGED_IN"),
@@ -86,7 +73,7 @@ if (elgg_get_plugin_setting('hidden_groups', 'groups') == 'yes') {
<?php echo elgg_echo('groups:visibility'); ?><br />
<?php echo elgg_view('input/access', array(
'name' => 'vis',
- 'value' => $access,
+ 'value' => $vis,
'options_values' => $access_options,
));
?>
@@ -96,17 +83,48 @@ if (elgg_get_plugin_setting('hidden_groups', 'groups') == 'yes') {
<?php
}
+if (isset($vars['entity'])) {
+ $entity = $vars['entity'];
+ $owner_guid = $vars['entity']->owner_guid;
+} else {
+ $entity = false;
+}
+
+if ($entity && ($owner_guid == elgg_get_logged_in_user_guid() || elgg_is_admin_logged_in())) {
+ $owner_guid = $vars['entity']->owner_guid;
+ $members = array();
+ foreach ($vars['entity']->getMembers(0) as $member) {
+ $members[$member->guid] = "$member->name (@$member->username)";
+ }
+?>
+
+<div>
+ <label>
+ <?php echo elgg_echo('groups:owner'); ?><br />
+ <?php echo elgg_view('input/dropdown', array(
+ 'name' => 'owner_guid',
+ 'value' => $owner_guid,
+ 'options_values' => $members,
+ 'class' => 'groups-owner-input',
+ ));
+ ?>
+ </label>
+ <?php
+ if ($owner_guid == elgg_get_logged_in_user_guid()) {
+ echo '<span class="elgg-text-help">' . elgg_echo('groups:owner:warning') . '</span>';
+ }
+ ?>
+</div>
+
+<?php
+}
+
$tools = elgg_get_config('group_tool_options');
if ($tools) {
usort($tools, create_function('$a,$b', 'return strcmp($a->label,$b->label);'));
foreach ($tools as $group_option) {
$group_option_toggle_name = $group_option->name . "_enable";
- if ($group_option->default_on) {
- $group_option_default_value = 'yes';
- } else {
- $group_option_default_value = 'no';
- }
- $value = $vars['entity']->$group_option_toggle_name ? $vars['entity']->$group_option_toggle_name : $group_option_default_value;
+ $value = elgg_extract($group_option_toggle_name, $vars);
?>
<div>
<label>
@@ -129,17 +147,17 @@ if ($tools) {
<div class="elgg-foot">
<?php
-if (isset($vars['entity'])) {
+if ($entity) {
echo elgg_view('input/hidden', array(
'name' => 'group_guid',
- 'value' => $vars['entity']->getGUID(),
+ 'value' => $entity->getGUID(),
));
}
echo elgg_view('input/submit', array('value' => elgg_echo('save')));
-if (isset($vars['entity'])) {
- $delete_url = 'action/groups/delete?guid=' . $vars['entity']->getGUID();
+if ($entity) {
+ $delete_url = 'action/groups/delete?guid=' . $entity->getGUID();
echo elgg_view('output/confirmlink', array(
'text' => elgg_echo('groups:delete'),
'href' => $delete_url,
diff --git a/mod/groups/views/default/groups/edit.php b/mod/groups/views/default/groups/edit.php
index 24a1c3f1e..5579ad54a 100644
--- a/mod/groups/views/default/groups/edit.php
+++ b/mod/groups/views/default/groups/edit.php
@@ -11,5 +11,5 @@ $form_vars = array(
'enctype' => 'multipart/form-data',
'class' => 'elgg-form-alt',
);
-$body_vars = array('entity' => $entity);
-echo elgg_view_form('groups/edit', $form_vars, $body_vars);
+
+echo elgg_view_form('groups/edit', $form_vars, groups_prepare_form_vars($entity));
diff --git a/mod/groups/views/default/groups/js.php b/mod/groups/views/default/groups/js.php
index 1b4d33f32..0319be14a 100644
--- a/mod/groups/views/default/groups/js.php
+++ b/mod/groups/views/default/groups/js.php
@@ -1,3 +1,10 @@
+<?php
+/**
+ * Javascript for Groups forms
+ *
+ * @package ElggGroups
+ */
+?>
// this adds a class to support IE8 and older
elgg.register_hook_handler('init', 'system', function() {
diff --git a/mod/groups/views/default/plugins/groups/settings.php b/mod/groups/views/default/plugins/groups/settings.php
index 7197dcb37..41ea146db 100644
--- a/mod/groups/views/default/plugins/groups/settings.php
+++ b/mod/groups/views/default/plugins/groups/settings.php
@@ -8,6 +8,11 @@ if (!isset($vars['entity']->hidden_groups)) {
$vars['entity']->hidden_groups = 'no';
}
+// set default value
+if (!isset($vars['entity']->limited_groups)) {
+ $vars['entity']->limited_groups = 'no';
+}
+
echo '<div>';
echo elgg_echo('groups:allowhiddengroups');
echo ' ';
@@ -20,3 +25,16 @@ echo elgg_view('input/dropdown', array(
'value' => $vars['entity']->hidden_groups,
));
echo '</div>';
+
+echo '<div>';
+echo elgg_echo('groups:whocancreate');
+echo ' ';
+echo elgg_view('input/dropdown', array(
+ 'name' => 'params[limited_groups]',
+ 'options_values' => array(
+ 'no' => elgg_echo('LOGGED_IN'),
+ 'yes' => elgg_echo('admin')
+ ),
+ 'value' => $vars['entity']->limited_groups,
+));
+echo '</div>';
diff --git a/mod/groups/views/rss/groups/profile/layout.php b/mod/groups/views/rss/groups/profile/layout.php
index 3eeb9eaf2..0dafe78ad 100644
--- a/mod/groups/views/rss/groups/profile/layout.php
+++ b/mod/groups/views/rss/groups/profile/layout.php
@@ -7,7 +7,12 @@
* @uses $vars['entity'] ElggGroup object
*/
-echo elgg_list_entities(array(
- 'type' => 'object',
- 'container_guid' => $vars['entity']->getGUID(),
-));
+$entities = elgg_get_config('registered_entities');
+
+if (!empty($entities['object'])) {
+ echo elgg_list_entities(array(
+ 'type' => 'object',
+ 'subtypes' => $entities['object'],
+ 'container_guid' => $vars['entity']->getGUID(),
+ ));
+}
diff --git a/mod/groups/views/rss/object/groupforumtopic.php b/mod/groups/views/rss/object/groupforumtopic.php
index d730ef796..b2d05d488 100644
--- a/mod/groups/views/rss/object/groupforumtopic.php
+++ b/mod/groups/views/rss/object/groupforumtopic.php
@@ -14,7 +14,7 @@ if (empty($title)) {
$permalink = htmlspecialchars($vars['entity']->getURL(), ENT_NOQUOTES, 'UTF-8');
$pubdate = date('r', $vars['entity']->getTimeCreated());
-$description = autop($vars['entity']->description);
+$description = elgg_autop($vars['entity']->description);
$creator = elgg_view('page/components/creator', $vars);
$georss = elgg_view('page/components/georss', $vars);
diff --git a/mod/htmlawed/start.php b/mod/htmlawed/start.php
index 5af18f4dd..12b6470a3 100644
--- a/mod/htmlawed/start.php
+++ b/mod/htmlawed/start.php
@@ -18,6 +18,8 @@ function htmlawed_init() {
$lib = elgg_get_plugins_path() . "htmlawed/vendors/htmLawed/htmLawed.php";
elgg_register_library('htmlawed', $lib);
+
+ elgg_register_plugin_hook_handler('unit_test', 'system', 'htmlawed_test');
}
/**
@@ -90,7 +92,13 @@ function htmLawedArray(&$v, $k, $htmlawed_config) {
* @param array $attributes An array of attributes
* @return string
*/
-function htmlawed_tag_post_processor($element, $attributes = array()) {
+function htmlawed_tag_post_processor($element, $attributes = false) {
+ if ($attributes === false) {
+ // This is a closing tag. Prevent further processing to avoid inserting a duplicate tag
+
+ return "</${element}>";
+ }
+
// these are the default styles used by tinymce.
$allowed_styles = array(
'color', 'cursor', 'text-align', 'vertical-align', 'font-size',
@@ -143,3 +151,15 @@ function htmlawed_tag_post_processor($element, $attributes = array()) {
$r = "<$element$string>";
return $r;
}
+
+/**
+ * Runs unit tests for htmlawed
+ *
+ * @return array
+ * */
+function htmlawed_test($hook, $type, $value, $params) {
+ global $CONFIG;
+
+ $value[] = dirname(__FILE__) . '/tests/tags.php';
+ return $value;
+}
diff --git a/mod/htmlawed/tests/tags.php b/mod/htmlawed/tests/tags.php
new file mode 100644
index 000000000..b3914a9d6
--- /dev/null
+++ b/mod/htmlawed/tests/tags.php
@@ -0,0 +1,45 @@
+<?php
+/**
+ * Dupplicated tags in htmlawed
+ */
+class HtmLawedDuplicateTagsTest extends ElggCoreUnitTest {
+
+ /**
+ * Called before each test object.
+ */
+ public function __construct() {
+ parent::__construct();
+ }
+
+ /**
+ * Called before each test method.
+ */
+ public function setUp() {
+ }
+
+ /**
+ * Called after each test method.
+ */
+ public function tearDown() {
+ // do not allow SimpleTest to interpret Elgg notices as exceptions
+ $this->swallowErrors();
+ }
+
+ /**
+ * Called after each test object.
+ */
+ public function __destruct() {
+ elgg_set_ignore_access($this->ia);
+ // all __destruct() code should go above here
+ parent::__destruct();
+ }
+
+ public function testNotDuplicateTags() {
+ $filter_html = '<ul><li>item</li></ul>';
+ set_input('test', $filter_html);
+
+ $expected = $filter_html;
+ $result = get_input('test');
+ $this->assertEqual($result, $expected);
+ }
+} \ No newline at end of file
diff --git a/mod/likes/actions/likes/delete.php b/mod/likes/actions/likes/delete.php
index 88cb84467..322d512e8 100644
--- a/mod/likes/actions/likes/delete.php
+++ b/mod/likes/actions/likes/delete.php
@@ -4,8 +4,23 @@
*
*/
+// Support deleting by id in case we're deleting another user's likes
$id = (int) get_input('id');
-$like = elgg_get_annotation_from_id($id);
+
+$like = NULL;
+if ($id) {
+ $like = elgg_get_annotation_from_id($id);
+}
+
+if (!$like) {
+ $likes = elgg_get_annotations(array(
+ 'guid' => (int) get_input('guid'),
+ 'annotation_owner_guid' => elgg_get_logged_in_user_guid(),
+ 'annotation_name' => 'likes',
+ ));
+ $like = $likes[0];
+}
+
if ($like && $like->canEdit()) {
$like->delete();
system_message(elgg_echo("likes:deleted"));
diff --git a/mod/likes/languages/en.php b/mod/likes/languages/en.php
index b9460aa10..bdbd2a963 100644
--- a/mod/likes/languages/en.php
+++ b/mod/likes/languages/en.php
@@ -17,7 +17,7 @@ $english = array(
'likes:userlikedthis' => '%s like',
'likes:userslikedthis' => '%s likes',
'likes:river:annotate' => 'likes',
- 'likes:delete:confirm' => 'Are you sure you want to unlike this?',
+ 'likes:delete:confirm' => 'Are you sure you want to delete this like?',
'river:likes' => 'likes %s %s',
diff --git a/mod/likes/views/default/annotation/likes.php b/mod/likes/views/default/annotation/likes.php
index abd4df823..2b5acc520 100644
--- a/mod/likes/views/default/annotation/likes.php
+++ b/mod/likes/views/default/annotation/likes.php
@@ -29,11 +29,11 @@ $friendlytime = elgg_view_friendly_time($like->time_created);
if ($like->canEdit()) {
$delete_button = elgg_view("output/confirmlink",array(
- 'href' => "action/likes/delete?id={$like->id}",
- 'text' => "<span class=\"elgg-icon elgg-icon-delete float-alt\"></span>",
- 'confirm' => elgg_echo('likes:delete:confirm'),
- 'encode_text' => false,
- ));
+ 'href' => "action/likes/delete?id={$like->id}",
+ 'text' => "<span class=\"elgg-icon elgg-icon-delete float-alt\"></span>",
+ 'confirm' => elgg_echo('likes:delete:confirm'),
+ 'encode_text' => false,
+ ));
}
$body = <<<HTML
diff --git a/mod/likes/views/default/likes/button.php b/mod/likes/views/default/likes/button.php
index 956bbcb19..bc7c8fd8a 100644
--- a/mod/likes/views/default/likes/button.php
+++ b/mod/likes/views/default/likes/button.php
@@ -24,13 +24,7 @@ if (elgg_is_logged_in() && $vars['entity']->canAnnotate(0, 'likes')) {
);
$likes_button = elgg_view('output/url', $params);
} else {
- $like = elgg_get_annotations(array(
- 'guid' => $guid,
- 'annotation_owner_guid' => elgg_get_logged_in_user_guid(),
- 'annotation_name' => 'likes',
- ));
- $like = $like[0];
- $url = elgg_get_site_url() . "action/likes/delete?id={$like->id}";
+ $url = elgg_get_site_url() . "action/likes/delete?guid={$guid}";
$params = array(
'href' => $url,
'text' => elgg_view_icon('thumbs-up-alt'),
diff --git a/mod/messageboard/views/default/river/object/messageboard/create.php b/mod/messageboard/views/default/river/object/messageboard/create.php
index 7ce7f6b4e..ac10a55c1 100644
--- a/mod/messageboard/views/default/river/object/messageboard/create.php
+++ b/mod/messageboard/views/default/river/object/messageboard/create.php
@@ -1,11 +1,12 @@
-<?php
-/**
- * Messageboard river view
- */
-
-$messageboard = $vars['item']->getAnnotation();
-
-echo elgg_view('river/elements/layout', array(
- 'item' => $vars['item'],
- 'message' => $messageboard->value,
-));
+<?php
+/**
+ * Messageboard river view
+ */
+
+$messageboard = $vars['item']->getAnnotation();
+$excerpt = elgg_get_excerpt($messageboard->value);
+
+echo elgg_view('river/elements/layout', array(
+ 'item' => $vars['item'],
+ 'message' => $excerpt,
+));
diff --git a/mod/messages/manifest.xml b/mod/messages/manifest.xml
index 73a58d9d4..6e3462901 100644
--- a/mod/messages/manifest.xml
+++ b/mod/messages/manifest.xml
@@ -6,8 +6,8 @@
<category>bundled</category>
<category>communication</category>
<description>Elgg internal messages plugin. This plugin lets user send each other messages.</description>
- <copyright>See COPYRIGHT.txt</copyright>
<website>http://www.elgg.org/</website>
+ <copyright>See COPYRIGHT.txt</copyright>
<license>GNU General Public License version 2</license>
<requires>
<type>elgg_release</type>
diff --git a/mod/messages/pages/messages/inbox.php b/mod/messages/pages/messages/inbox.php
index fdfc20c43..de5b8b231 100644
--- a/mod/messages/pages/messages/inbox.php
+++ b/mod/messages/pages/messages/inbox.php
@@ -8,8 +8,13 @@
gatekeeper();
$page_owner = elgg_get_page_owner_entity();
-if (!$page_owner) {
- register_error(elgg_echo());
+
+if (!$page_owner || !$page_owner->canEdit()) {
+ $guid = 0;
+ if($page_owner){
+ $guid = $page_owner->getGUID();
+ }
+ register_error(elgg_echo("pageownerunavailable", array($guid)));
forward();
}
diff --git a/mod/messages/pages/messages/read.php b/mod/messages/pages/messages/read.php
index 19e3ecdd7..4223c6bac 100644
--- a/mod/messages/pages/messages/read.php
+++ b/mod/messages/pages/messages/read.php
@@ -8,8 +8,8 @@
gatekeeper();
$message = get_entity(get_input('guid'));
-if (!$message) {
- forward('messages/inbox');
+if (!$message || !elgg_instanceof($message, "object", "messages")) {
+ forward('messages/inbox/' . elgg_get_logged_in_user_entity()->username);
}
// mark the message as read
@@ -38,8 +38,9 @@ if ($inbox) {
);
$body_params = array('message' => $message);
$content .= elgg_view_form('messages/reply', $form_params, $body_params);
-
- if (elgg_get_logged_in_user_guid() == elgg_get_page_owner_guid()) {
+ $from_user = get_user($message->fromId);
+
+ if ((elgg_get_logged_in_user_guid() == elgg_get_page_owner_guid()) && $from_user) {
elgg_register_menu_item('title', array(
'name' => 'reply',
'href' => '#messages-reply-form',
diff --git a/mod/messages/pages/messages/sent.php b/mod/messages/pages/messages/sent.php
index af06ab273..3d08cd5ee 100644
--- a/mod/messages/pages/messages/sent.php
+++ b/mod/messages/pages/messages/sent.php
@@ -8,8 +8,13 @@
gatekeeper();
$page_owner = elgg_get_page_owner_entity();
-if (!$page_owner) {
- register_error(elgg_echo());
+
+if (!$page_owner || !$page_owner->canEdit()) {
+ $guid = 0;
+ if($page_owner){
+ $guid = $page_owner->getGUID();
+ }
+ register_error(elgg_echo("pageownerunavailable", array($guid)));
forward();
}
diff --git a/mod/pages/actions/pages/edit.php b/mod/pages/actions/pages/edit.php
index bf54ae87d..29fbf022b 100644
--- a/mod/pages/actions/pages/edit.php
+++ b/mod/pages/actions/pages/edit.php
@@ -8,9 +8,10 @@
$variables = elgg_get_config('pages');
$input = array();
foreach ($variables as $name => $type) {
- $input[$name] = get_input($name);
if ($name == 'title') {
- $input[$name] = strip_tags($input[$name]);
+ $input[$name] = htmlspecialchars(get_input($name, '', false), ENT_QUOTES, 'UTF-8');
+ } else {
+ $input[$name] = get_input($name);
}
if ($type == 'tags') {
$input[$name] = string_to_tag_array($input[$name]);
diff --git a/mod/pages/views/default/pages/icon.php b/mod/pages/views/default/pages/icon.php
index d3b749eb8..cba034ec4 100644
--- a/mod/pages/views/default/pages/icon.php
+++ b/mod/pages/views/default/pages/icon.php
@@ -21,5 +21,5 @@ if (!in_array($vars['size'], array('small', 'medium', 'large', 'tiny', 'master',
?>
<a href="<?php echo $annotation->getURL(); ?>">
- <img src="<?php echo $entity->getIconURL($vars['size']); ?>" />
+ <img alt="<?php echo $entity->title; ?>" src="<?php echo $entity->getIconURL($vars['size']); ?>" />
</a>
diff --git a/mod/profile/icondirect.php b/mod/profile/icondirect.php
index c4439f78c..dbab5d31f 100644
--- a/mod/profile/icondirect.php
+++ b/mod/profile/icondirect.php
@@ -23,7 +23,7 @@ $guid = (int)$_GET['guid'];
// If is the same ETag, content didn't changed.
$etag = $last_cache . $guid;
-if (isset($_SERVER['HTTP_IF_NONE_MATCH']) && trim($_SERVER['HTTP_IF_NONE_MATCH']) == $etag) {
+if (isset($_SERVER['HTTP_IF_NONE_MATCH']) && trim($_SERVER['HTTP_IF_NONE_MATCH']) == "\"$etag\"") {
header("HTTP/1.1 304 Not Modified");
exit;
}
@@ -55,19 +55,15 @@ if ($mysql_dblink) {
$user_path = date('Y/m/d/', $join_date) . $guid;
$filename = "$data_root$user_path/profile/{$guid}{$size}.jpg";
- $contents = @file_get_contents($filename);
- if (!empty($contents)) {
+ $size = @filesize($filename);
+ if ($size) {
header("Content-type: image/jpeg");
- header('Expires: ' . date('r', strtotime("+6 months")), true);
+ header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', strtotime("+6 months")), true);
header("Pragma: public");
header("Cache-Control: public");
- header("Content-Length: " . strlen($contents));
- header("ETag: $etag");
- // this chunking is done for supposedly better performance
- $split_string = str_split($contents, 1024);
- foreach ($split_string as $chunk) {
- echo $chunk;
- }
+ header("Content-Length: $size");
+ header("ETag: \"$etag\"");
+ readfile($filename);
exit;
}
}
diff --git a/mod/profile/start.php b/mod/profile/start.php
index abe044632..ab596f235 100644
--- a/mod/profile/start.php
+++ b/mod/profile/start.php
@@ -56,6 +56,8 @@ function profile_page_handler($page) {
$username = $page[0];
$user = get_user_by_username($username);
elgg_set_page_owner_guid($user->guid);
+ } elseif (elgg_is_logged_in()) {
+ forward(elgg_get_logged_in_user_entity()->getURL());
}
// short circuit if invalid or banned username
diff --git a/mod/profile/views/default/profile/details.php b/mod/profile/views/default/profile/details.php
index 3af5cb756..7b05b0e15 100644
--- a/mod/profile/views/default/profile/details.php
+++ b/mod/profile/views/default/profile/details.php
@@ -28,7 +28,7 @@ if (is_array($profile_fields) && sizeof($profile_fields) > 0) {
<div class="<?php echo $even_odd; ?>">
<b><?php echo elgg_echo("profile:{$shortname}"); ?>: </b>
<?php
- echo elgg_view("output/{$valtype}", array('value' => $user->$shortname));
+ echo elgg_view("output/{$valtype}", array('value' => $value));
?>
</div>
<?php
diff --git a/mod/search/start.php b/mod/search/start.php
index d2d7ed3c2..f493508d8 100644
--- a/mod/search/start.php
+++ b/mod/search/start.php
@@ -94,6 +94,8 @@ function search_get_highlighted_relevant_substrings($haystack, $query, $min_matc
if (!$tag_match) {
$words = search_remove_ignored_words($query, 'array');
+ } else {
+ $words = array();
}
// if haystack < $max_length return the entire haystack w/formatting immediately
@@ -142,7 +144,7 @@ function search_get_highlighted_relevant_substrings($haystack, $query, $min_matc
$total_length = array_sum($offsets);
$add_length = 0;
- if ($total_length < $max_length) {
+ if ($total_length < $max_length && $offsets) {
$add_length = floor((($max_length - $total_length) / count($offsets)) / 2);
$starts = array();
diff --git a/mod/search/views/default/search/no_results.php b/mod/search/views/default/search/no_results.php
index 74b5b2cfa..0e9a5e295 100644
--- a/mod/search/views/default/search/no_results.php
+++ b/mod/search/views/default/search/no_results.php
@@ -3,4 +3,4 @@
* No results from search
*/
-echo autop(elgg_echo('search:no_results'));
+echo elgg_autop(elgg_echo('search:no_results'));
diff --git a/mod/search/views/default/search/search_box.php b/mod/search/views/default/search/search_box.php
index ff12ae4f0..7474a280c 100644
--- a/mod/search/views/default/search/search_box.php
+++ b/mod/search/views/default/search/search_box.php
@@ -32,12 +32,11 @@ if (function_exists('mb_convert_encoding')) {
}
$display_query = htmlspecialchars($display_query, ENT_QUOTES, 'UTF-8', false);
-
?>
<form class="<?php echo $class; ?>" action="<?php echo elgg_get_site_url(); ?>search" method="get">
<fieldset>
- <input type="text" class="search-input" size="21" name="q" value="<?php echo elgg_echo('search'); ?>" onblur="if (this.value=='') { this.value='<?php echo elgg_echo('search'); ?>' }" onfocus="if (this.value=='<?php echo elgg_echo('search'); ?>') { this.value='' };" />
+ <input type="text" class="search-input" size="21" name="q" value="<?php echo $display_query; ?>" onblur="if (this.value=='') { this.value='<?php echo elgg_echo('search'); ?>' }" onfocus="if (this.value=='<?php echo elgg_echo('search'); ?>') { this.value='' };" />
<input type="hidden" name="search_type" value="all" />
<input type="submit" value="<?php echo elgg_echo('search:go'); ?>" class="search-submit-button" />
</fieldset>
diff --git a/mod/thewire/actions/delete.php b/mod/thewire/actions/delete.php
index 58502a7e7..38355d25e 100644
--- a/mod/thewire/actions/delete.php
+++ b/mod/thewire/actions/delete.php
@@ -24,7 +24,7 @@ if ($thewire->getSubtype() == "thewire" && $thewire->canEdit()) {
}
// Get owning user
- $owner = get_entity($thewire->getOwner());
+ $owner = get_entity($thewire->getOwnerGUID());
// Delete it
$rowsaffected = $thewire->delete();
diff --git a/mod/thewire/views/default/js/thewire.php b/mod/thewire/views/default/js/thewire.php
index 0a6eba134..ba8f35050 100644
--- a/mod/thewire/views/default/js/thewire.php
+++ b/mod/thewire/views/default/js/thewire.php
@@ -34,11 +34,11 @@ elgg.thewire.textCounter = function(textarea, status, limit) {
status.html(remaining_chars);
if (remaining_chars < 0) {
- status.parent().css("color", "#D40D12");
+ status.parent().addClass("thewire-characters-remaining-warning");
$("#thewire-submit-button").attr('disabled', 'disabled');
$("#thewire-submit-button").addClass('elgg-state-disabled');
} else {
- status.parent().css("color", "");
+ status.parent().removeClass("thewire-characters-remaining-warning");
$("#thewire-submit-button").removeAttr('disabled', 'disabled');
$("#thewire-submit-button").removeClass('elgg-state-disabled');
}
@@ -57,16 +57,16 @@ elgg.thewire.viewPrevious = function(event) {
var postGuid = $link.attr("href").split("/").pop();
var $previousDiv = $("#thewire-previous-" + postGuid);
- if ($link.html() == "<?php echo elgg_echo('thewire:hide'); ?>") {
- $link.html("<?php echo elgg_echo('thewire:previous'); ?>");
- $link.attr("title", "<?php echo elgg_echo('thewire:previous:help'); ?>");
+ if ($link.html() == elgg.echo('thewire:hide')) {
+ $link.html(elgg.echo('thewire:previous'));
+ $link.attr("title", elgg.echo('thewire:previous:help'));
$previousDiv.slideUp(400);
} else {
- $link.html("<?php echo elgg_echo('thewire:hide'); ?>");
- $link.attr("title", "<?php echo elgg_echo('thewire:hide:help'); ?>");
+ $link.html(elgg.echo('thewire:hide'));
+ $link.attr("title", elgg.echo('thewire:hide:help'));
$.ajax({type: "GET",
- url: "<?php echo $site_url . "ajax/view/thewire/previous"; ?>",
+ url: elgg.config.wwwroot + "ajax/view/thewire/previous",
dataType: "html",
cache: false,
data: {guid: postGuid},
diff --git a/mod/thewire/views/default/thewire/css.php b/mod/thewire/views/default/thewire/css.php
index d1ef31993..d11cce74a 100644
--- a/mod/thewire/views/default/thewire/css.php
+++ b/mod/thewire/views/default/thewire/css.php
@@ -27,6 +27,9 @@ The Wire
text-align: right;
background: white;
}
+.thewire-characters-remaining-warning {
+ color: #D40D12 !important;
+}
.thewire-parent {
margin-left: 40px;
}
diff --git a/mod/thewire/views/rss/object/thewire.php b/mod/thewire/views/rss/object/thewire.php
index 494c2c8dc..8fddb8aa8 100644
--- a/mod/thewire/views/rss/object/thewire.php
+++ b/mod/thewire/views/rss/object/thewire.php
@@ -15,7 +15,7 @@ $title = elgg_echo('thewire:by', array($owner->name));
$permalink = htmlspecialchars($vars['entity']->getURL(), ENT_NOQUOTES, 'UTF-8');
$pubdate = date('r', $vars['entity']->getTimeCreated());
-$description = autop($vars['entity']->description);
+$description = elgg_autop($vars['entity']->description);
$creator = elgg_view('page/components/creator', $vars);
$georss = elgg_view('page/components/georss', $vars);
diff --git a/mod/twitter/views/default/widgets/twitter/content.php b/mod/twitter/views/default/widgets/twitter/content.php
index e429d0103..c616d944c 100644
--- a/mod/twitter/views/default/widgets/twitter/content.php
+++ b/mod/twitter/views/default/widgets/twitter/content.php
@@ -20,7 +20,7 @@ if ($username) {
<ul id="twitter_update_list"></ul>
<p class="visit_twitter"><a href="http://twitter.com/<?php echo $username; ?>"><?php echo elgg_echo("twitter:visit"); ?></a></p>
<script type="text/javascript" src="http://twitter.com/javascripts/blogger.js"></script>
- <script type="text/javascript" src="http://twitter.com/statuses/user_timeline/<?php echo $username; ?>.json?callback=twitterCallback2&count=<?php echo $num; ?>"></script>
+ <script type="text/javascript" src="https://api.twitter.com/1/statuses/user_timeline/<?php echo $username; ?>.json?callback=twitterCallback2&count=<?php echo $num; ?>"></script>
</div>
<?php
diff --git a/mod/twitter_api/vendors/twitteroauth/OAuth.php b/mod/twitter_api/vendors/twitteroauth/OAuth.php
index b0e3cfd5e..e132a5bc8 100644
--- a/mod/twitter_api/vendors/twitteroauth/OAuth.php
+++ b/mod/twitter_api/vendors/twitteroauth/OAuth.php
@@ -78,6 +78,7 @@ class twitterOAuthRequest extends OAuthRequest {
private $http_url;
// for debug purposes
public $base_string;
+ public static $version = '1.0';
public static $POST_INPUT = 'php://input';
function __construct($http_method, $http_url, $parameters=NULL) {
@@ -145,7 +146,7 @@ class twitterOAuthRequest extends OAuthRequest {
*/
public static function from_consumer_and_token($consumer, $token, $http_method, $http_url, $parameters=NULL) {
@$parameters or $parameters = array();
- $defaults = array("oauth_version" => '1.0',
+ $defaults = array("oauth_version" => twitterOAuthRequest::$version,
"oauth_nonce" => twitterOAuthRequest::generate_nonce(),
"oauth_timestamp" => twitterOAuthRequest::generate_timestamp(),
"oauth_consumer_key" => $consumer->key);
diff --git a/mod/twitter_api/vendors/twitteroauth/twitterOAuth.php b/mod/twitter_api/vendors/twitteroauth/twitterOAuth.php
index a1021ce6f..f36e6158d 100644
--- a/mod/twitter_api/vendors/twitteroauth/twitterOAuth.php
+++ b/mod/twitter_api/vendors/twitteroauth/twitterOAuth.php
@@ -43,8 +43,8 @@ class TwitterOAuth {
* Set API URLS
*/
function accessTokenURL() { return 'https://api.twitter.com/oauth/access_token'; }
- function authenticateURL() { return 'https://twitter.com/oauth/authenticate'; }
- function authorizeURL() { return 'https://twitter.com/oauth/authorize'; }
+ function authenticateURL() { return 'https://api.twitter.com/oauth/authenticate'; }
+ function authorizeURL() { return 'https://api.twitter.com/oauth/authorize'; }
function requestTokenURL() { return 'https://api.twitter.com/oauth/request_token'; }
/**
diff --git a/mod/uservalidationbyemail/start.php b/mod/uservalidationbyemail/start.php
index f98f57faf..f44d2ab50 100644
--- a/mod/uservalidationbyemail/start.php
+++ b/mod/uservalidationbyemail/start.php
@@ -233,15 +233,23 @@ function uservalidationbyemail_public_pages($hook, $type, $return_value, $params
* @param string $type
* @param ElggUser $user
* @return bool
+ *
+ * @throws LoginException
*/
function uservalidationbyemail_check_manual_login($event, $type, $user) {
$access_status = access_get_show_hidden_status();
access_show_hidden_entities(TRUE);
- // @todo register_error()?
- $return = ($user instanceof ElggUser && !$user->isEnabled() && !$user->validated) ? FALSE : NULL;
+ if (($user instanceof ElggUser) && !$user->isEnabled() && !$user->validated) {
+ // send new validation email
+ uservalidationbyemail_request_validation($user->getGUID());
+
+ // restore hidden entities settings
+ access_show_hidden_entities($access_status);
+
+ // throw error so we get a nice error message
+ throw new LoginException(elgg_echo('uservalidationbyemail:login:fail'));
+ }
access_show_hidden_entities($access_status);
-
- return $return;
}
diff --git a/mod/uservalidationbyemail/views/default/forms/uservalidationbyemail/bulk_action.php b/mod/uservalidationbyemail/views/default/forms/uservalidationbyemail/bulk_action.php
index cbd13a709..9199922d6 100644
--- a/mod/uservalidationbyemail/views/default/forms/uservalidationbyemail/bulk_action.php
+++ b/mod/uservalidationbyemail/views/default/forms/uservalidationbyemail/bulk_action.php
@@ -27,7 +27,7 @@ if (!$count) {
access_show_hidden_entities($hidden_entities);
elgg_set_ignore_access($ia);
- echo autop(elgg_echo('uservalidationbyemail:admin:no_unvalidated_users'));
+ echo elgg_autop(elgg_echo('uservalidationbyemail:admin:no_unvalidated_users'));
return TRUE;
}