aboutsummaryrefslogtreecommitdiff
path: root/mod
diff options
context:
space:
mode:
Diffstat (limited to 'mod')
-rw-r--r--mod/blog/actions/blog/auto_save_revision.php2
-rw-r--r--mod/blog/actions/blog/save.php10
-rw-r--r--mod/blog/lib/blog.php91
-rw-r--r--mod/blog/start.php3
-rw-r--r--mod/blog/views/default/forms/blog/save.php11
-rw-r--r--mod/bookmarks/actions/bookmarks/save.php2
-rw-r--r--mod/embed/start.php2
-rw-r--r--mod/embed/views/default/js/embed/embed.php9
-rw-r--r--mod/file/actions/file/upload.php4
-rw-r--r--mod/file/thumbnail.php2
-rw-r--r--mod/groups/actions/discussion/save.php2
-rw-r--r--mod/groups/actions/groups/edit.php146
-rw-r--r--mod/groups/icon.php6
-rw-r--r--mod/groups/languages/en.php1
-rw-r--r--mod/groups/lib/groups.php62
-rw-r--r--mod/groups/start.php9
-rw-r--r--mod/groups/views/default/forms/groups/edit.php84
-rw-r--r--mod/groups/views/default/groups/edit.php4
-rw-r--r--mod/groups/views/default/groups/js.php7
-rw-r--r--mod/groups/views/rss/groups/profile/layout.php13
-rw-r--r--mod/groups/views/rss/object/groupforumtopic.php2
-rw-r--r--mod/messageboard/views/default/river/object/messageboard/create.php23
-rw-r--r--mod/messages/pages/messages/inbox.php9
-rw-r--r--mod/messages/pages/messages/read.php9
-rw-r--r--mod/messages/pages/messages/sent.php9
-rw-r--r--mod/pages/actions/pages/edit.php30
-rw-r--r--mod/pages/languages/en.php3
-rw-r--r--mod/pages/lib/pages.php53
-rw-r--r--mod/pages/start.php1
-rw-r--r--mod/pages/views/default/forms/pages/edit.php17
-rw-r--r--mod/pages/views/default/pages/icon.php2
-rw-r--r--mod/pages/views/default/pages/input/parent.php37
-rw-r--r--mod/profile/icondirect.php18
-rw-r--r--mod/profile/views/default/profile/details.php2
-rw-r--r--mod/search/start.php4
-rw-r--r--mod/search/views/default/search/no_results.php2
-rw-r--r--mod/search/views/default/search/search_box.php3
-rw-r--r--mod/thewire/views/rss/object/thewire.php2
-rw-r--r--mod/twitter/views/default/widgets/twitter/content.php2
-rw-r--r--mod/twitter_api/vendors/twitteroauth/OAuth.php3
-rw-r--r--mod/twitter_api/vendors/twitteroauth/twitterOAuth.php4
-rw-r--r--mod/uservalidationbyemail/start.php16
-rw-r--r--mod/uservalidationbyemail/views/default/forms/uservalidationbyemail/bulk_action.php2
43 files changed, 502 insertions, 221 deletions
diff --git a/mod/blog/actions/blog/auto_save_revision.php b/mod/blog/actions/blog/auto_save_revision.php
index 66b65c5fd..e33edfaab 100644
--- a/mod/blog/actions/blog/auto_save_revision.php
+++ b/mod/blog/actions/blog/auto_save_revision.php
@@ -7,7 +7,7 @@
$guid = get_input('guid');
$user = elgg_get_logged_in_user_entity();
-$title = get_input('title');
+$title = htmlspecialchars(get_input('title', '', false), ENT_QUOTES, 'UTF-8');
$description = get_input('description');
$excerpt = get_input('excerpt');
diff --git a/mod/blog/actions/blog/save.php b/mod/blog/actions/blog/save.php
index 8923cd0d2..070c96398 100644
--- a/mod/blog/actions/blog/save.php
+++ b/mod/blog/actions/blog/save.php
@@ -57,7 +57,11 @@ $required = array('title', 'description');
// load from POST and do sanity and access checking
foreach ($values as $name => $default) {
- $value = get_input($name, $default);
+ if ($name === 'title') {
+ $value = htmlspecialchars(get_input('title', $default, false), ENT_QUOTES, 'UTF-8');
+ } else {
+ $value = get_input($name, $default);
+ }
if (in_array($name, $required) && empty($value)) {
$error = elgg_echo("blog:error:missing:$name");
@@ -145,7 +149,7 @@ if (!$error) {
// add to river if changing status or published, regardless of new post
// because we remove it for drafts.
if (($new_post || $old_status == 'draft') && $status == 'published') {
- add_to_river('river/object/blog/create', 'create', elgg_get_logged_in_user_guid(), $blog->getGUID());
+ add_to_river('river/object/blog/create', 'create', $blog->owner_guid, $blog->getGUID());
if ($guid) {
$blog->time_created = time();
@@ -170,4 +174,4 @@ if (!$error) {
} else {
register_error($error);
forward($error_forward_url);
-} \ No newline at end of file
+}
diff --git a/mod/blog/lib/blog.php b/mod/blog/lib/blog.php
index 4622a9e7e..3c71dfbab 100644
--- a/mod/blog/lib/blog.php
+++ b/mod/blog/lib/blog.php
@@ -50,7 +50,7 @@ function blog_get_page_content_read($guid = NULL) {
/**
* Get page components to list a user's or all blogs.
*
- * @param int $owner_guid The GUID of the page owner or NULL for all blogs
+ * @param int $container_guid The GUID of the page owner or NULL for all blogs
* @return array
*/
function blog_get_page_content_list($container_guid = NULL) {
@@ -62,10 +62,11 @@ function blog_get_page_content_list($container_guid = NULL) {
$options = array(
'type' => 'object',
'subtype' => 'blog',
- 'full_view' => FALSE,
+ 'full_view' => false,
);
- $loggedin_userid = elgg_get_logged_in_user_guid();
+ $current_user = elgg_get_logged_in_user_entity();
+
if ($container_guid) {
// access check for closed groups
group_gatekeeper();
@@ -80,7 +81,7 @@ function blog_get_page_content_list($container_guid = NULL) {
$crumbs_title = $container->name;
elgg_push_breadcrumb($crumbs_title);
- if ($container_guid == $loggedin_userid) {
+ if ($current_user && ($container_guid == $current_user->guid)) {
$return['filter_context'] = 'mine';
} else if (elgg_instanceof($container, 'group')) {
$return['filter'] = false;
@@ -99,7 +100,13 @@ function blog_get_page_content_list($container_guid = NULL) {
// show all posts for admin or users looking at their own blogs
// show only published posts for other users.
- if (!(elgg_is_admin_logged_in() || (elgg_is_logged_in() && $container_guid == $loggedin_userid))) {
+ $show_only_published = true;
+ if ($current_user) {
+ if (($current_user->guid == $container_guid) || $current_user->isAdmin()) {
+ $show_only_published = false;
+ }
+ }
+ if ($show_only_published) {
$options['metadata_name_value_pairs'] = array(
array('name' => 'status', 'value' => 'published'),
);
@@ -155,11 +162,14 @@ function blog_get_page_content_friends($user_guid) {
// admin / owners can see any posts
// everyone else can only see published posts
- if (!(elgg_is_admin_logged_in() || (elgg_is_logged_in() && $owner_guid == elgg_get_logged_in_user_guid()))) {
- if ($upper > $now) {
- $upper = $now;
+ $show_only_published = true;
+ $current_user = elgg_get_logged_in_user_entity();
+ if ($current_user) {
+ if (($user_guid == $current_user->guid) || $current_user->isAdmin()) {
+ $show_only_published = false;
}
-
+ }
+ if ($show_only_published) {
$options['metadata_name_value_pairs'][] = array(
array('name' => 'status', 'value' => 'published')
);
@@ -240,9 +250,9 @@ function blog_get_page_content_archive($owner_guid, $lower = 0, $upper = 0) {
$list = elgg_list_entities_from_metadata($options);
if (!$list) {
- $content .= elgg_echo('blog:none');
+ $content = elgg_echo('blog:none');
} else {
- $content .= $list;
+ $content = $list;
}
$title = elgg_echo('date:month:' . date('m', $lower), array(date('Y', $lower)));
@@ -274,6 +284,7 @@ function blog_get_page_content_edit($page, $guid = 0, $revision = NULL) {
$vars['id'] = 'blog-post-edit';
$vars['class'] = 'elgg-form-alt';
+ $sidebar = '';
if ($page == 'edit') {
$blog = get_entity((int)$guid);
@@ -310,14 +321,8 @@ function blog_get_page_content_edit($page, $guid = 0, $revision = NULL) {
$content = elgg_echo('blog:error:cannot_edit_post');
}
} else {
- if (!$guid) {
- $container = elgg_get_logged_in_user_entity();
- } else {
- $container = get_entity($guid);
- }
-
elgg_push_breadcrumb(elgg_echo('blog:add'));
- $body_vars = blog_prepare_form_vars($blog);
+ $body_vars = blog_prepare_form_vars(null);
$title = elgg_echo('blog:add');
$content = elgg_view_form('blog/save', $vars, $body_vars);
@@ -384,7 +389,7 @@ function blog_prepare_form_vars($post = NULL, $revision = NULL) {
if ($auto_save_annotations = $post->getAnnotations('blog_auto_save', 1)) {
$auto_save = $auto_save_annotations[0];
} else {
- $auto_save == FALSE;
+ $auto_save = false;
}
if ($auto_save && $auto_save->id != $revision->id) {
@@ -396,52 +401,74 @@ function blog_prepare_form_vars($post = NULL, $revision = NULL) {
/**
* Forward to the new style of URLs
+ *
+ * Pre-1.7.5
+ * Group blogs page: /blog/group:<container_guid>/
+ * Group blog view: /blog/group:<container_guid>/read/<guid>/<title>
+ * 1.7.5-1.8
+ * Group blogs page: /blog/owner/group:<container_guid>/
+ * Group blog view: /blog/read/<guid>
+ *
*
* @param string $page
*/
function blog_url_forwarder($page) {
- global $CONFIG;
+
+ $viewtype = elgg_get_viewtype();
+ $qs = ($viewtype === 'default') ? "" : "?view=$viewtype";
+
+ $url = "blog/all";
+
+ // easier to work with & no notices
+ $page = array_pad($page, 4, "");
// group usernames
- if (substr_count($page[0], 'group:')) {
- preg_match('/group\:([0-9]+)/i', $page[0], $matches);
+ if (preg_match('~/group\:([0-9]+)/~', "/{$page[0]}/{$page[1]}/", $matches)) {
$guid = $matches[1];
$entity = get_entity($guid);
- if ($entity) {
- $url = "{$CONFIG->wwwroot}blog/group/$guid/all";
+ if (elgg_instanceof($entity, 'group')) {
+ if (!empty($page[2])) {
+ $url = "blog/view/$page[2]/";
+ } else {
+ $url = "blog/group/$guid/all";
+ }
register_error(elgg_echo("changebookmark"));
- forward($url);
+ forward($url . $qs);
}
}
+ if (empty($page[0])) {
+ return;
+ }
+
// user usernames
$user = get_user_by_username($page[0]);
if (!$user) {
return;
}
- if (!isset($page[1])) {
+ if (empty($page[1])) {
$page[1] = 'owner';
}
switch ($page[1]) {
case "read":
- $url = "{$CONFIG->wwwroot}blog/view/{$page[2]}/{$page[3]}";
+ $url = "blog/view/{$page[2]}/{$page[3]}";
break;
case "archive":
- $url = "{$CONFIG->wwwroot}blog/archive/{$page[0]}/{$page[2]}/{$page[3]}";
+ $url = "blog/archive/{$page[0]}/{$page[2]}/{$page[3]}";
break;
case "friends":
- $url = "{$CONFIG->wwwroot}blog/friends/{$page[0]}";
+ $url = "blog/friends/{$page[0]}";
break;
case "new":
- $url = "{$CONFIG->wwwroot}blog/add/$user->guid";
+ $url = "blog/add/$user->guid";
break;
case "owner":
- $url = "{$CONFIG->wwwroot}blog/owner/{$page[0]}";
+ $url = "blog/owner/{$page[0]}";
break;
}
register_error(elgg_echo("changebookmark"));
- forward($url);
+ forward($url . $qs);
}
diff --git a/mod/blog/start.php b/mod/blog/start.php
index 9faf1794e..8cbaf5cca 100644
--- a/mod/blog/start.php
+++ b/mod/blog/start.php
@@ -99,8 +99,7 @@ function blog_page_handler($page) {
elgg_load_library('elgg:blog');
- // @todo remove the forwarder in 1.9
- // forward to correct URL for blog pages pre-1.7.5
+ // forward to correct URL for blog pages pre-1.8
blog_url_forwarder($page);
// push all blogs breadcrumb
diff --git a/mod/blog/views/default/forms/blog/save.php b/mod/blog/views/default/forms/blog/save.php
index a805541bd..36fa2e0e8 100644
--- a/mod/blog/views/default/forms/blog/save.php
+++ b/mod/blog/views/default/forms/blog/save.php
@@ -23,7 +23,7 @@ if ($vars['guid']) {
$delete_link = elgg_view('output/confirmlink', array(
'href' => $delete_url,
'text' => elgg_echo('delete'),
- 'class' => 'elgg-button elgg-button-delete elgg-state-disabled float-alt'
+ 'class' => 'elgg-button elgg-button-delete float-alt'
));
}
@@ -53,7 +53,7 @@ $excerpt_label = elgg_echo('blog:excerpt');
$excerpt_input = elgg_view('input/text', array(
'name' => 'excerpt',
'id' => 'blog_excerpt',
- 'value' => html_entity_decode($vars['excerpt'], ENT_COMPAT, 'UTF-8')
+ 'value' => _elgg_html_decode($vars['excerpt'])
));
$body_label = elgg_echo('blog:body');
@@ -125,9 +125,10 @@ $draft_warning
$excerpt_input
</div>
-<label for="blog_description">$body_label</label>
-$body_input
-<br />
+<div>
+ <label for="blog_description">$body_label</label>
+ $body_input
+</div>
<div>
<label for="blog_tags">$tags_label</label>
diff --git a/mod/bookmarks/actions/bookmarks/save.php b/mod/bookmarks/actions/bookmarks/save.php
index 3ca6bef32..46090b115 100644
--- a/mod/bookmarks/actions/bookmarks/save.php
+++ b/mod/bookmarks/actions/bookmarks/save.php
@@ -5,7 +5,7 @@
* @package Bookmarks
*/
-$title = strip_tags(get_input('title'));
+$title = htmlspecialchars(get_input('title', '', false), ENT_QUOTES, 'UTF-8');
$description = get_input('description');
$address = get_input('address');
$access_id = get_input('access_id');
diff --git a/mod/embed/start.php b/mod/embed/start.php
index a3ccab66b..e8a3f8c14 100644
--- a/mod/embed/start.php
+++ b/mod/embed/start.php
@@ -47,7 +47,7 @@ function embed_longtext_menu($hook, $type, $items, $vars) {
'name' => 'embed',
'href' => $url,
'text' => elgg_echo('embed:media'),
- 'rel' => 'lightbox',
+ 'rel' => "embed-lightbox-{$vars['id']}",
'link_class' => "elgg-longtext-control elgg-lightbox embed-control embed-control-{$vars['id']}",
'priority' => 10,
));
diff --git a/mod/embed/views/default/js/embed/embed.php b/mod/embed/views/default/js/embed/embed.php
index 0c8442292..eb6153abf 100644
--- a/mod/embed/views/default/js/embed/embed.php
+++ b/mod/embed/views/default/js/embed/embed.php
@@ -67,6 +67,8 @@ echo elgg_view('embed/custom_insert_js');
* @return bool
*/
elgg.embed.submit = function(event) {
+ $('.embed-wrapper .elgg-form-file-upload').hide();
+ $('.embed-throbber').show();
$(this).ajaxSubmit({
dataType : 'json',
@@ -82,6 +84,10 @@ elgg.embed.submit = function(event) {
var url = elgg.normalize_url('embed/tab/' + forward);
url = elgg.embed.addContainerGUID(url);
$('.embed-wrapper').parent().load(url);
+ } else {
+ // incorrect response, presumably an error has been displayed
+ $('.embed-throbber').hide();
+ $('.embed-wrapper .elgg-form-file-upload').show();
}
}
},
@@ -90,9 +96,6 @@ elgg.embed.submit = function(event) {
}
});
- $('.elgg-form-file-upload').hide();
- $('.embed-throbber').show();
-
// this was bubbling up the DOM causing a submission
event.preventDefault();
event.stopPropagation();
diff --git a/mod/file/actions/file/upload.php b/mod/file/actions/file/upload.php
index d72d04eb7..d6dce2528 100644
--- a/mod/file/actions/file/upload.php
+++ b/mod/file/actions/file/upload.php
@@ -6,7 +6,7 @@
*/
// Get variables
-$title = get_input("title");
+$title = htmlspecialchars(get_input('title', '', false), ENT_QUOTES, 'UTF-8');
$desc = get_input("description");
$access_id = (int) get_input("access_id");
$container_guid = (int) get_input('container_guid', 0);
@@ -44,7 +44,7 @@ if ($new_file) {
// if no title on new upload, grab filename
if (empty($title)) {
- $title = $_FILES['upload']['name'];
+ $title = htmlspecialchars($_FILES['upload']['name'], ENT_QUOTES, 'UTF-8');
}
} else {
diff --git a/mod/file/thumbnail.php b/mod/file/thumbnail.php
index 35bf8c7f7..851f13a8f 100644
--- a/mod/file/thumbnail.php
+++ b/mod/file/thumbnail.php
@@ -46,7 +46,7 @@ if ($simpletype == "image") {
// caching images for 10 days
header("Content-type: $mime");
- header('Expires: ' . date('r',time() + 864000));
+ header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', strtotime("+10 days")), true);
header("Pragma: public", true);
header("Cache-Control: public", true);
header("Content-Length: " . strlen($contents));
diff --git a/mod/groups/actions/discussion/save.php b/mod/groups/actions/discussion/save.php
index de4afadfb..b3e9da654 100644
--- a/mod/groups/actions/discussion/save.php
+++ b/mod/groups/actions/discussion/save.php
@@ -4,7 +4,7 @@
*/
// Get variables
-$title = get_input("title");
+$title = htmlspecialchars(get_input('title', '', false), ENT_QUOTES, 'UTF-8');
$desc = get_input("description");
$status = get_input("status");
$access_id = (int) get_input("access_id");
diff --git a/mod/groups/actions/groups/edit.php b/mod/groups/actions/groups/edit.php
index df2464a65..d0689be2e 100644
--- a/mod/groups/actions/groups/edit.php
+++ b/mod/groups/actions/groups/edit.php
@@ -5,27 +5,25 @@
* @package ElggGroups
*/
-// Load configuration
-global $CONFIG;
+elgg_make_sticky_form('groups');
/**
* wrapper for recursive array walk decoding
*/
function profile_array_decoder(&$v) {
- $v = html_entity_decode($v, ENT_COMPAT, 'UTF-8');
+ $v = _elgg_html_decode($v);
}
-elgg_make_sticky_form('groups');
-
// Get group fields
$input = array();
-foreach ($CONFIG->group as $shortname => $valuetype) {
- // another work around for Elgg's encoding problems: #561, #1963
+foreach (elgg_get_config('group') as $shortname => $valuetype) {
$input[$shortname] = get_input($shortname);
+
+ // @todo treat profile fields as unescaped: don't filter, encode on output
if (is_array($input[$shortname])) {
array_walk_recursive($input[$shortname], 'profile_array_decoder');
} else {
- $input[$shortname] = html_entity_decode($input[$shortname], ENT_COMPAT, 'UTF-8');
+ $input[$shortname] = _elgg_html_decode($input[$shortname]);
}
if ($valuetype == 'tags') {
@@ -33,21 +31,22 @@ foreach ($CONFIG->group as $shortname => $valuetype) {
}
}
-$input['name'] = get_input('name');
-$input['name'] = html_entity_decode($input['name'], ENT_COMPAT, 'UTF-8');
+$input['name'] = htmlspecialchars(get_input('name', '', false), ENT_QUOTES, 'UTF-8');
$user = elgg_get_logged_in_user_entity();
$group_guid = (int)get_input('group_guid');
-$new_group_flag = $group_guid == 0;
+$is_new_group = $group_guid == 0;
-if ($new_group_flag && elgg_get_plugin_setting('limited_groups', 'groups') == 'yes' && !elgg_is_admin_logged_in()) {
+if ($is_new_group
+ && (elgg_get_plugin_setting('limited_groups', 'groups') == 'yes')
+ && !$user->isAdmin()) {
register_error(elgg_echo("groups:cantcreate"));
forward(REFERER);
}
$group = new ElggGroup($group_guid); // load if present, if not create a new group
-if (($group_guid) && (!$group->canEdit())) {
+if ($group_guid && !$group->canEdit()) {
register_error(elgg_echo("groups:cantedit"));
forward(REFERER);
}
@@ -62,37 +61,46 @@ if (sizeof($input) > 0) {
// Validate create
if (!$group->name) {
register_error(elgg_echo("groups:notitle"));
-
forward(REFERER);
}
// Set group tool options
-if (isset($CONFIG->group_tool_options)) {
- foreach ($CONFIG->group_tool_options as $group_option) {
- $group_option_toggle_name = $group_option->name . "_enable";
- if ($group_option->default_on) {
- $group_option_default_value = 'yes';
- } else {
- $group_option_default_value = 'no';
- }
- $group->$group_option_toggle_name = get_input($group_option_toggle_name, $group_option_default_value);
+$tool_options = elgg_get_config('group_tool_options');
+if ($tool_options) {
+ foreach ($tool_options as $group_option) {
+ $option_toggle_name = $group_option->name . "_enable";
+ $option_default = $group_option->default_on ? 'yes' : 'no';
+ $group->$option_toggle_name = get_input($option_toggle_name, $option_default);
}
}
// Group membership - should these be treated with same constants as access permissions?
-switch (get_input('membership')) {
- case ACCESS_PUBLIC:
- $group->membership = ACCESS_PUBLIC;
- break;
- default:
- $group->membership = ACCESS_PRIVATE;
-}
+$is_public_membership = (get_input('membership') == ACCESS_PUBLIC);
+$group->membership = $is_public_membership ? ACCESS_PUBLIC : ACCESS_PRIVATE;
-if ($new_group_flag) {
+if ($is_new_group) {
$group->access_id = ACCESS_PUBLIC;
}
+$old_owner_guid = $is_new_group ? 0 : $group->owner_guid;
+$new_owner_guid = (int) get_input('owner_guid');
+
+$owner_has_changed = false;
+$old_icontime = null;
+if (!$is_new_group && $new_owner_guid && $new_owner_guid != $old_owner_guid) {
+ // verify new owner is member and old owner/admin is logged in
+ if (is_group_member($group_guid, $new_owner_guid) && ($old_owner_guid == $user->guid || $user->isAdmin())) {
+ $group->owner_guid = $new_owner_guid;
+
+ // @todo Remove this when #4683 fixed
+ $owner_has_changed = true;
+ $old_icontime = $group->icontime;
+ }
+}
+
+$must_move_icons = ($owner_has_changed && $old_icontime);
+
$group->save();
// Invisible group support
@@ -116,14 +124,18 @@ $group->save();
elgg_clear_sticky_form('groups');
// group creator needs to be member of new group and river entry created
-if ($new_group_flag) {
+if ($is_new_group) {
+
+ // @todo this should not be necessary...
elgg_set_page_owner_guid($group->guid);
+
$group->join($user);
add_to_river('river/group/create', 'create', $user->guid, $group->guid, $group->access_id);
}
-// Now see if we have a file icon
-if ((isset($_FILES['icon'])) && (substr_count($_FILES['icon']['type'],'image/'))) {
+$has_uploaded_icon = (!empty($_FILES['icon']['type']) && substr_count($_FILES['icon']['type'], 'image/'));
+
+if ($has_uploaded_icon) {
$icon_sizes = elgg_get_config('icon_sizes');
@@ -135,38 +147,58 @@ if ((isset($_FILES['icon'])) && (substr_count($_FILES['icon']['type'],'image/'))
$filehandler->open("write");
$filehandler->write(get_uploaded_file('icon'));
$filehandler->close();
+ $filename = $filehandler->getFilenameOnFilestore();
+
+ $sizes = array('tiny', 'small', 'medium', 'large');
+
+ $thumbs = array();
+ foreach ($sizes as $size) {
+ $thumbs[$size] = get_resized_image_from_existing_file(
+ $filename,
+ $icon_sizes[$size]['w'],
+ $icon_sizes[$size]['h'],
+ $icon_sizes[$size]['square']
+ );
+ }
- $thumbtiny = get_resized_image_from_existing_file($filehandler->getFilenameOnFilestore(), $icon_sizes['tiny']['w'], $icon_sizes['tiny']['h'], $icon_sizes['tiny']['square']);
- $thumbsmall = get_resized_image_from_existing_file($filehandler->getFilenameOnFilestore(), $icon_sizes['small']['w'], $icon_sizes['small']['h'], $icon_sizes['small']['square']);
- $thumbmedium = get_resized_image_from_existing_file($filehandler->getFilenameOnFilestore(), $icon_sizes['medium']['w'], $icon_sizes['medium']['h'], $icon_sizes['medium']['square']);
- $thumblarge = get_resized_image_from_existing_file($filehandler->getFilenameOnFilestore(), $icon_sizes['large']['w'], $icon_sizes['large']['h'], $icon_sizes['large']['square']);
- if ($thumbtiny) {
-
+ if ($thumbs['tiny']) { // just checking if resize successful
$thumb = new ElggFile();
$thumb->owner_guid = $group->owner_guid;
$thumb->setMimeType('image/jpeg');
- $thumb->setFilename($prefix."tiny.jpg");
- $thumb->open("write");
- $thumb->write($thumbtiny);
- $thumb->close();
+ foreach ($sizes as $size) {
+ $thumb->setFilename("{$prefix}{$size}.jpg");
+ $thumb->open("write");
+ $thumb->write($thumbs[$size]);
+ $thumb->close();
+ }
- $thumb->setFilename($prefix."small.jpg");
- $thumb->open("write");
- $thumb->write($thumbsmall);
- $thumb->close();
+ $group->icontime = time();
+ }
+}
- $thumb->setFilename($prefix."medium.jpg");
- $thumb->open("write");
- $thumb->write($thumbmedium);
- $thumb->close();
+// @todo Remove this when #4683 fixed
+if ($must_move_icons) {
+ $filehandler = new ElggFile();
+ $filehandler->setFilename('groups');
+ $filehandler->owner_guid = $old_owner_guid;
+ $old_path = $filehandler->getFilenameOnFilestore();
- $thumb->setFilename($prefix."large.jpg");
- $thumb->open("write");
- $thumb->write($thumblarge);
- $thumb->close();
+ $sizes = array('', 'tiny', 'small', 'medium', 'large');
- $group->icontime = time();
+ if ($has_uploaded_icon) {
+ // delete those under old owner
+ foreach ($sizes as $size) {
+ unlink("$old_path/{$group_guid}{$size}.jpg");
+ }
+ } else {
+ // move existing to new owner
+ $filehandler->owner_guid = $group->owner_guid;
+ $new_path = $filehandler->getFilenameOnFilestore();
+
+ foreach ($sizes as $size) {
+ rename("$old_path/{$group_guid}{$size}.jpg", "$new_path/{$group_guid}{$size}.jpg");
+ }
}
}
diff --git a/mod/groups/icon.php b/mod/groups/icon.php
index 1bd240ea6..ebdc1eb6d 100644
--- a/mod/groups/icon.php
+++ b/mod/groups/icon.php
@@ -18,7 +18,7 @@ if (!($group instanceof ElggGroup)) {
// If is the same ETag, content didn't changed.
$etag = $group->icontime . $group_guid;
-if (isset($_SERVER['HTTP_IF_NONE_MATCH']) && trim($_SERVER['HTTP_IF_NONE_MATCH']) == $etag) {
+if (isset($_SERVER['HTTP_IF_NONE_MATCH']) && trim($_SERVER['HTTP_IF_NONE_MATCH']) == "\"$etag\"") {
header("HTTP/1.1 304 Not Modified");
exit;
}
@@ -46,9 +46,9 @@ if (!$success) {
}
header("Content-type: image/jpeg");
-header('Expires: ' . date('r',time() + 864000));
+header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', strtotime("+10 days")), true);
header("Pragma: public");
header("Cache-Control: public");
header("Content-Length: " . strlen($contents));
-header("ETag: $etag");
+header("ETag: \"$etag\"");
echo $contents;
diff --git a/mod/groups/languages/en.php b/mod/groups/languages/en.php
index 0ca980108..0d57f1680 100644
--- a/mod/groups/languages/en.php
+++ b/mod/groups/languages/en.php
@@ -35,6 +35,7 @@ $english = array(
'groups:membership' => "Group membership permissions",
'groups:access' => "Access permissions",
'groups:owner' => "Owner",
+ 'groups:owner:warning' => "Warning: if you change this value, you will no longer be the owner of this group.",
'groups:widget:num_display' => 'Number of groups to display',
'groups:widget:membership' => 'Group membership',
'groups:widgets:description' => 'Display the groups you are a member of on your profile',
diff --git a/mod/groups/lib/groups.php b/mod/groups/lib/groups.php
index dfbb1154b..505cacd01 100644
--- a/mod/groups/lib/groups.php
+++ b/mod/groups/lib/groups.php
@@ -497,3 +497,65 @@ function groups_register_profile_buttons($group) {
}
}
}
+
+/**
+ * Prepares variables for the group edit form view.
+ *
+ * @param mixed $group ElggGroup or null. If a group, uses values from the group.
+ * @return array
+ */
+function groups_prepare_form_vars($group = null) {
+ $values = array(
+ 'name' => '',
+ 'membership' => ACCESS_PUBLIC,
+ 'vis' => ACCESS_PUBLIC,
+ 'guid' => null,
+ 'entity' => null
+ );
+
+ // handle customizable profile fields
+ $fields = elgg_get_config('group');
+
+ if ($fields) {
+ foreach ($fields as $name => $type) {
+ $values[$name] = '';
+ }
+ }
+
+ // handle tool options
+ $tools = elgg_get_config('group_tool_options');
+ if ($tools) {
+ foreach ($tools as $group_option) {
+ $option_name = $group_option->name . "_enable";
+ $values[$option_name] = $group_option->default_on ? 'yes' : 'no';
+ }
+ }
+
+ // get current group settings
+ if ($group) {
+ foreach (array_keys($values) as $field) {
+ if (isset($group->$field)) {
+ $values[$field] = $group->$field;
+ }
+ }
+
+ if ($group->access_id != ACCESS_PUBLIC && $group->access_id != ACCESS_LOGGED_IN) {
+ // group only access - this is done to handle access not created when group is created
+ $values['vis'] = ACCESS_PRIVATE;
+ }
+
+ $values['entity'] = $group;
+ }
+
+ // get any sticky form settings
+ if (elgg_is_sticky_form('groups')) {
+ $sticky_values = elgg_get_sticky_values('groups');
+ foreach ($sticky_values as $key => $value) {
+ $values[$key] = $value;
+ }
+ }
+
+ elgg_clear_sticky_form('groups');
+
+ return $values;
+}
diff --git a/mod/groups/start.php b/mod/groups/start.php
index c591410c5..9dca7dc16 100644
--- a/mod/groups/start.php
+++ b/mod/groups/start.php
@@ -194,6 +194,15 @@ function groups_setup_sidebar_menus() {
*/
function groups_page_handler($page) {
+ // forward old profile urls
+ if (is_numeric($page[0])) {
+ $group = get_entity($page[0]);
+ if (elgg_instanceof($group, 'group', '', 'ElggGroup')) {
+ system_message(elgg_echo('changebookmark'));
+ forward($group->getURL());
+ }
+ }
+
elgg_load_library('elgg:groups');
if (!isset($page[0])) {
diff --git a/mod/groups/views/default/forms/groups/edit.php b/mod/groups/views/default/forms/groups/edit.php
index 7540d1bf9..41d97e6c3 100644
--- a/mod/groups/views/default/forms/groups/edit.php
+++ b/mod/groups/views/default/forms/groups/edit.php
@@ -5,26 +5,9 @@
* @package ElggGroups
*/
-if (elgg_is_sticky_form('groups')) {
- $sticky_values = elgg_get_sticky_values('groups');
- elgg_clear_sticky_form('groups');
-}
-
-// new groups default to open membership
-if (isset($sticky_values)) {
- $membership = $sticky_values['membership'];
- $access = $sticky_values['access_id'];
-} elseif (isset($vars['entity'])) {
- $membership = $vars['entity']->membership;
- $access = $vars['entity']->access_id;
- if ($access != ACCESS_PUBLIC && $access != ACCESS_LOGGED_IN) {
- // group only - this is done to handle access not created when group is created
- $access = ACCESS_PRIVATE;
- }
-} else {
- $membership = ACCESS_PUBLIC;
- $access = ACCESS_PUBLIC;
-}
+// only extract these elements.
+$name = $membership = $vis = $entity = null;
+extract($vars, EXTR_IF_EXISTS);
?>
<div>
@@ -35,7 +18,7 @@ if (isset($sticky_values)) {
<label><?php echo elgg_echo("groups:name"); ?></label><br />
<?php echo elgg_view("input/text", array(
'name' => 'name',
- 'value' => isset($sticky_values['name']) ? $sticky_values['name'] : $vars['entity']->name,
+ 'value' => $name
));
?>
</div>
@@ -53,7 +36,7 @@ if ($group_profile_fields > 0) {
echo "</label>$line_break";
echo elgg_view("input/{$valtype}", array(
'name' => $shortname,
- 'value' => isset($sticky_values[$shortname]) ? $sticky_values[$shortname] : $vars['entity']->$shortname,
+ 'value' => elgg_extract($shortname, $vars)
));
echo '</div>';
}
@@ -78,10 +61,6 @@ if ($group_profile_fields > 0) {
<?php
if (elgg_get_plugin_setting('hidden_groups', 'groups') == 'yes') {
- $this_owner = $vars['entity']->owner_guid;
- if (!$this_owner) {
- $this_owner = elgg_get_logged_in_user_guid();
- }
$access_options = array(
ACCESS_PRIVATE => elgg_echo('groups:access:group'),
ACCESS_LOGGED_IN => elgg_echo("LOGGED_IN"),
@@ -94,7 +73,7 @@ if (elgg_get_plugin_setting('hidden_groups', 'groups') == 'yes') {
<?php echo elgg_echo('groups:visibility'); ?><br />
<?php echo elgg_view('input/access', array(
'name' => 'vis',
- 'value' => $access,
+ 'value' => $vis,
'options_values' => $access_options,
));
?>
@@ -104,17 +83,48 @@ if (elgg_get_plugin_setting('hidden_groups', 'groups') == 'yes') {
<?php
}
+if (isset($vars['entity'])) {
+ $entity = $vars['entity'];
+ $owner_guid = $vars['entity']->owner_guid;
+} else {
+ $entity = false;
+}
+
+if ($entity && ($owner_guid == elgg_get_logged_in_user_guid() || elgg_is_admin_logged_in())) {
+ $owner_guid = $vars['entity']->owner_guid;
+ $members = array();
+ foreach ($vars['entity']->getMembers(0) as $member) {
+ $members[$member->guid] = "$member->name (@$member->username)";
+ }
+?>
+
+<div>
+ <label>
+ <?php echo elgg_echo('groups:owner'); ?><br />
+ <?php echo elgg_view('input/dropdown', array(
+ 'name' => 'owner_guid',
+ 'value' => $owner_guid,
+ 'options_values' => $members,
+ 'class' => 'groups-owner-input',
+ ));
+ ?>
+ </label>
+ <?php
+ if ($owner_guid == elgg_get_logged_in_user_guid()) {
+ echo '<span class="elgg-text-help">' . elgg_echo('groups:owner:warning') . '</span>';
+ }
+ ?>
+</div>
+
+<?php
+}
+
$tools = elgg_get_config('group_tool_options');
if ($tools) {
usort($tools, create_function('$a,$b', 'return strcmp($a->label,$b->label);'));
foreach ($tools as $group_option) {
$group_option_toggle_name = $group_option->name . "_enable";
- if ($group_option->default_on) {
- $group_option_default_value = 'yes';
- } else {
- $group_option_default_value = 'no';
- }
- $value = $vars['entity']->$group_option_toggle_name ? $vars['entity']->$group_option_toggle_name : $group_option_default_value;
+ $value = elgg_extract($group_option_toggle_name, $vars);
?>
<div>
<label>
@@ -137,17 +147,17 @@ if ($tools) {
<div class="elgg-foot">
<?php
-if (isset($vars['entity'])) {
+if ($entity) {
echo elgg_view('input/hidden', array(
'name' => 'group_guid',
- 'value' => $vars['entity']->getGUID(),
+ 'value' => $entity->getGUID(),
));
}
echo elgg_view('input/submit', array('value' => elgg_echo('save')));
-if (isset($vars['entity'])) {
- $delete_url = 'action/groups/delete?guid=' . $vars['entity']->getGUID();
+if ($entity) {
+ $delete_url = 'action/groups/delete?guid=' . $entity->getGUID();
echo elgg_view('output/confirmlink', array(
'text' => elgg_echo('groups:delete'),
'href' => $delete_url,
diff --git a/mod/groups/views/default/groups/edit.php b/mod/groups/views/default/groups/edit.php
index 24a1c3f1e..5579ad54a 100644
--- a/mod/groups/views/default/groups/edit.php
+++ b/mod/groups/views/default/groups/edit.php
@@ -11,5 +11,5 @@ $form_vars = array(
'enctype' => 'multipart/form-data',
'class' => 'elgg-form-alt',
);
-$body_vars = array('entity' => $entity);
-echo elgg_view_form('groups/edit', $form_vars, $body_vars);
+
+echo elgg_view_form('groups/edit', $form_vars, groups_prepare_form_vars($entity));
diff --git a/mod/groups/views/default/groups/js.php b/mod/groups/views/default/groups/js.php
index 1b4d33f32..0319be14a 100644
--- a/mod/groups/views/default/groups/js.php
+++ b/mod/groups/views/default/groups/js.php
@@ -1,3 +1,10 @@
+<?php
+/**
+ * Javascript for Groups forms
+ *
+ * @package ElggGroups
+ */
+?>
// this adds a class to support IE8 and older
elgg.register_hook_handler('init', 'system', function() {
diff --git a/mod/groups/views/rss/groups/profile/layout.php b/mod/groups/views/rss/groups/profile/layout.php
index 3eeb9eaf2..0dafe78ad 100644
--- a/mod/groups/views/rss/groups/profile/layout.php
+++ b/mod/groups/views/rss/groups/profile/layout.php
@@ -7,7 +7,12 @@
* @uses $vars['entity'] ElggGroup object
*/
-echo elgg_list_entities(array(
- 'type' => 'object',
- 'container_guid' => $vars['entity']->getGUID(),
-));
+$entities = elgg_get_config('registered_entities');
+
+if (!empty($entities['object'])) {
+ echo elgg_list_entities(array(
+ 'type' => 'object',
+ 'subtypes' => $entities['object'],
+ 'container_guid' => $vars['entity']->getGUID(),
+ ));
+}
diff --git a/mod/groups/views/rss/object/groupforumtopic.php b/mod/groups/views/rss/object/groupforumtopic.php
index d730ef796..b2d05d488 100644
--- a/mod/groups/views/rss/object/groupforumtopic.php
+++ b/mod/groups/views/rss/object/groupforumtopic.php
@@ -14,7 +14,7 @@ if (empty($title)) {
$permalink = htmlspecialchars($vars['entity']->getURL(), ENT_NOQUOTES, 'UTF-8');
$pubdate = date('r', $vars['entity']->getTimeCreated());
-$description = autop($vars['entity']->description);
+$description = elgg_autop($vars['entity']->description);
$creator = elgg_view('page/components/creator', $vars);
$georss = elgg_view('page/components/georss', $vars);
diff --git a/mod/messageboard/views/default/river/object/messageboard/create.php b/mod/messageboard/views/default/river/object/messageboard/create.php
index 7ce7f6b4e..ac10a55c1 100644
--- a/mod/messageboard/views/default/river/object/messageboard/create.php
+++ b/mod/messageboard/views/default/river/object/messageboard/create.php
@@ -1,11 +1,12 @@
-<?php
-/**
- * Messageboard river view
- */
-
-$messageboard = $vars['item']->getAnnotation();
-
-echo elgg_view('river/elements/layout', array(
- 'item' => $vars['item'],
- 'message' => $messageboard->value,
-));
+<?php
+/**
+ * Messageboard river view
+ */
+
+$messageboard = $vars['item']->getAnnotation();
+$excerpt = elgg_get_excerpt($messageboard->value);
+
+echo elgg_view('river/elements/layout', array(
+ 'item' => $vars['item'],
+ 'message' => $excerpt,
+));
diff --git a/mod/messages/pages/messages/inbox.php b/mod/messages/pages/messages/inbox.php
index fdfc20c43..de5b8b231 100644
--- a/mod/messages/pages/messages/inbox.php
+++ b/mod/messages/pages/messages/inbox.php
@@ -8,8 +8,13 @@
gatekeeper();
$page_owner = elgg_get_page_owner_entity();
-if (!$page_owner) {
- register_error(elgg_echo());
+
+if (!$page_owner || !$page_owner->canEdit()) {
+ $guid = 0;
+ if($page_owner){
+ $guid = $page_owner->getGUID();
+ }
+ register_error(elgg_echo("pageownerunavailable", array($guid)));
forward();
}
diff --git a/mod/messages/pages/messages/read.php b/mod/messages/pages/messages/read.php
index 19e3ecdd7..4223c6bac 100644
--- a/mod/messages/pages/messages/read.php
+++ b/mod/messages/pages/messages/read.php
@@ -8,8 +8,8 @@
gatekeeper();
$message = get_entity(get_input('guid'));
-if (!$message) {
- forward('messages/inbox');
+if (!$message || !elgg_instanceof($message, "object", "messages")) {
+ forward('messages/inbox/' . elgg_get_logged_in_user_entity()->username);
}
// mark the message as read
@@ -38,8 +38,9 @@ if ($inbox) {
);
$body_params = array('message' => $message);
$content .= elgg_view_form('messages/reply', $form_params, $body_params);
-
- if (elgg_get_logged_in_user_guid() == elgg_get_page_owner_guid()) {
+ $from_user = get_user($message->fromId);
+
+ if ((elgg_get_logged_in_user_guid() == elgg_get_page_owner_guid()) && $from_user) {
elgg_register_menu_item('title', array(
'name' => 'reply',
'href' => '#messages-reply-form',
diff --git a/mod/messages/pages/messages/sent.php b/mod/messages/pages/messages/sent.php
index af06ab273..3d08cd5ee 100644
--- a/mod/messages/pages/messages/sent.php
+++ b/mod/messages/pages/messages/sent.php
@@ -8,8 +8,13 @@
gatekeeper();
$page_owner = elgg_get_page_owner_entity();
-if (!$page_owner) {
- register_error(elgg_echo());
+
+if (!$page_owner || !$page_owner->canEdit()) {
+ $guid = 0;
+ if($page_owner){
+ $guid = $page_owner->getGUID();
+ }
+ register_error(elgg_echo("pageownerunavailable", array($guid)));
forward();
}
diff --git a/mod/pages/actions/pages/edit.php b/mod/pages/actions/pages/edit.php
index a32e4a4ba..40215e02e 100644
--- a/mod/pages/actions/pages/edit.php
+++ b/mod/pages/actions/pages/edit.php
@@ -8,9 +8,10 @@
$variables = elgg_get_config('pages');
$input = array();
foreach ($variables as $name => $type) {
- $input[$name] = get_input($name);
if ($name == 'title') {
- $input[$name] = strip_tags($input[$name]);
+ $input[$name] = htmlspecialchars(get_input($name, '', false), ENT_QUOTES, 'UTF-8');
+ } else {
+ $input[$name] = get_input($name);
}
if ($type == 'tags') {
$input[$name] = string_to_tag_array($input[$name]);
@@ -59,6 +60,9 @@ if (sizeof($input) > 0) {
if (($name == 'access_id' || $name == 'write_access_id') && !$can_change_access) {
continue;
}
+ if ($name == 'parent_guid') {
+ continue;
+ }
$page->$name = $value;
}
@@ -67,7 +71,27 @@ if (sizeof($input) > 0) {
// need to add check to make sure user can write to container
$page->container_guid = $container_guid;
-if ($parent_guid) {
+if ($parent_guid && $parent_guid != $page_guid) {
+ // Check if parent isn't below the page in the tree
+ if ($page_guid) {
+ $tree_page = get_entity($parent_guid);
+ while ($tree_page->parent_guid > 0 && $page_guid != $tree_page->guid) {
+ $tree_page = get_entity($tree_page->parent_guid);
+ }
+ // If is below, bring all child elements forward
+ if ($page_guid == $tree_page->guid) {
+ $previous_parent = $page->parent_guid;
+ $children = elgg_get_entities_from_metadata(array(
+ 'metadata_name' => 'parent_guid',
+ 'metadata_value' => $page->getGUID()
+ ));
+ if ($children) {
+ foreach ($children as $child) {
+ $child->parent_guid = $previous_parent;
+ }
+ }
+ }
+ }
$page->parent_guid = $parent_guid;
}
diff --git a/mod/pages/languages/en.php b/mod/pages/languages/en.php
index eb9d22708..930676b3e 100644
--- a/mod/pages/languages/en.php
+++ b/mod/pages/languages/en.php
@@ -61,6 +61,7 @@ View and comment on the new page:
'pages:title' => 'Page title',
'pages:description' => 'Page text',
'pages:tags' => 'Tags',
+ 'pages:parent_guid' => 'Parent page',
'pages:access_id' => 'Read access',
'pages:write_access_id' => 'Write access',
@@ -110,4 +111,4 @@ View and comment on the new page:
'pages:backtoparent' => "Back to '%s'",
);
-add_translation("en", $english); \ No newline at end of file
+add_translation("en", $english);
diff --git a/mod/pages/lib/pages.php b/mod/pages/lib/pages.php
index 9a9ba12e9..afe42b68f 100644
--- a/mod/pages/lib/pages.php
+++ b/mod/pages/lib/pages.php
@@ -65,11 +65,11 @@ function pages_prepare_parent_breadcrumbs($page) {
}
/**
- * Register the navigation menu
+ * Produce the navigation tree
*
* @param ElggEntity $container Container entity for the pages
*/
-function pages_register_navigation_tree($container) {
+function pages_get_navigation_tree($container) {
if (!$container) {
return;
}
@@ -84,13 +84,18 @@ function pages_register_navigation_tree($container) {
if (!$top_pages) {
return;
}
+
+ $tree = array();
+ $depths = array();
foreach ($top_pages as $page) {
- elgg_register_menu_item('pages_nav', array(
- 'name' => $page->getGUID(),
- 'text' => $page->title,
- 'href' => $page->getURL(),
- ));
+ $tree[] = array(
+ 'guid' => $page->getGUID(),
+ 'title' => $page->title,
+ 'url' => $page->getURL(),
+ 'depth' => 0,
+ );
+ $depths[$page->guid] = 0;
$stack = array();
array_push($stack, $page);
@@ -106,15 +111,37 @@ function pages_register_navigation_tree($container) {
if ($children) {
foreach ($children as $child) {
- elgg_register_menu_item('pages_nav', array(
- 'name' => $child->getGUID(),
- 'text' => $child->title,
- 'href' => $child->getURL(),
- 'parent_name' => $parent->getGUID(),
- ));
+ $tree[] = array(
+ 'guid' => $child->getGUID(),
+ 'title' => $child->title,
+ 'url' => $child->getURL(),
+ 'parent_guid' => $parent->getGUID(),
+ 'depth' => $depths[$parent->guid] + 1,
+ );
+ $depths[$child->guid] = $depths[$parent->guid] + 1;
array_push($stack, $child);
}
}
}
}
+ return $tree;
+}
+
+/**
+ * Register the navigation menu
+ *
+ * @param ElggEntity $container Container entity for the pages
+ */
+function pages_register_navigation_tree($container) {
+ $pages = pages_get_navigation_tree($container);
+ if ($pages) {
+ foreach ($pages as $page) {
+ elgg_register_menu_item('pages_nav', array(
+ 'name' => $page['guid'],
+ 'text' => $page['title'],
+ 'href' => $page['url'],
+ 'parent_name' => $page['parent_guid'],
+ ));
+ }
+ }
}
diff --git a/mod/pages/start.php b/mod/pages/start.php
index 6b0ad38b0..6d974f122 100644
--- a/mod/pages/start.php
+++ b/mod/pages/start.php
@@ -63,6 +63,7 @@ function pages_init() {
'title' => 'text',
'description' => 'longtext',
'tags' => 'tags',
+ 'parent_guid' => 'parent',
'access_id' => 'access',
'write_access_id' => 'write_access',
));
diff --git a/mod/pages/views/default/forms/pages/edit.php b/mod/pages/views/default/forms/pages/edit.php
index 9469f5eb9..e14ff19ec 100644
--- a/mod/pages/views/default/forms/pages/edit.php
+++ b/mod/pages/views/default/forms/pages/edit.php
@@ -18,6 +18,18 @@ foreach ($variables as $name => $type) {
if (($type == 'access' || $type == 'write_access') && !$can_change_access) {
continue;
}
+
+ // don't show parent picker input for top or new pages.
+ if ($name == 'parent_guid' && (!$vars['parent_guid'] || !$vars['guid'])) {
+ continue;
+ }
+
+ if ($type == 'parent') {
+ $input_view = "pages/input/$type";
+ } else {
+ $input_view = "input/$type";
+ }
+
?>
<div>
<label><?php echo elgg_echo("pages:$name") ?></label>
@@ -26,9 +38,10 @@ foreach ($variables as $name => $type) {
echo '<br />';
}
- echo elgg_view("input/$type", array(
+ echo elgg_view($input_view, array(
'name' => $name,
'value' => $vars[$name],
+ 'entity' => ($name == 'parent_guid') ? $vars['entity'] : null,
));
?>
</div>
@@ -52,7 +65,7 @@ echo elgg_view('input/hidden', array(
'name' => 'container_guid',
'value' => $vars['container_guid'],
));
-if ($vars['parent_guid']) {
+if (!$vars['guid']) {
echo elgg_view('input/hidden', array(
'name' => 'parent_guid',
'value' => $vars['parent_guid'],
diff --git a/mod/pages/views/default/pages/icon.php b/mod/pages/views/default/pages/icon.php
index d3b749eb8..cba034ec4 100644
--- a/mod/pages/views/default/pages/icon.php
+++ b/mod/pages/views/default/pages/icon.php
@@ -21,5 +21,5 @@ if (!in_array($vars['size'], array('small', 'medium', 'large', 'tiny', 'master',
?>
<a href="<?php echo $annotation->getURL(); ?>">
- <img src="<?php echo $entity->getIconURL($vars['size']); ?>" />
+ <img alt="<?php echo $entity->title; ?>" src="<?php echo $entity->getIconURL($vars['size']); ?>" />
</a>
diff --git a/mod/pages/views/default/pages/input/parent.php b/mod/pages/views/default/pages/input/parent.php
new file mode 100644
index 000000000..c5ee3c3fb
--- /dev/null
+++ b/mod/pages/views/default/pages/input/parent.php
@@ -0,0 +1,37 @@
+<?php
+/**
+ * Parent picker
+ *
+ * @uses $vars['value'] The current value, if any
+ * @uses $vars['options_values']
+ * @uses $vars['name'] The name of the input field
+ * @uses $vars['entity'] Optional. The child entity (uses container_guid)
+ */
+
+elgg_load_library('elgg:pages');
+
+if (empty($vars['entity'])) {
+ $container = elgg_get_page_owner_entity();
+} else {
+ $container = $vars['entity']->getContainerEntity();
+}
+
+$pages = pages_get_navigation_tree($container);
+$options = array();
+
+foreach ($pages as $page) {
+ $spacing = "";
+ for ($i = 0; $i < $page['depth']; $i++) {
+ $spacing .= "--";
+ }
+ $options[$page['guid']] = "$spacing " . $page['title'];
+}
+
+$defaults = array(
+ 'class' => 'elgg-pages-input-parent-picker',
+ 'options_values' => $options,
+);
+
+$vars = array_merge($defaults, $vars);
+
+echo elgg_view('input/dropdown', $vars);
diff --git a/mod/profile/icondirect.php b/mod/profile/icondirect.php
index c4439f78c..dbab5d31f 100644
--- a/mod/profile/icondirect.php
+++ b/mod/profile/icondirect.php
@@ -23,7 +23,7 @@ $guid = (int)$_GET['guid'];
// If is the same ETag, content didn't changed.
$etag = $last_cache . $guid;
-if (isset($_SERVER['HTTP_IF_NONE_MATCH']) && trim($_SERVER['HTTP_IF_NONE_MATCH']) == $etag) {
+if (isset($_SERVER['HTTP_IF_NONE_MATCH']) && trim($_SERVER['HTTP_IF_NONE_MATCH']) == "\"$etag\"") {
header("HTTP/1.1 304 Not Modified");
exit;
}
@@ -55,19 +55,15 @@ if ($mysql_dblink) {
$user_path = date('Y/m/d/', $join_date) . $guid;
$filename = "$data_root$user_path/profile/{$guid}{$size}.jpg";
- $contents = @file_get_contents($filename);
- if (!empty($contents)) {
+ $size = @filesize($filename);
+ if ($size) {
header("Content-type: image/jpeg");
- header('Expires: ' . date('r', strtotime("+6 months")), true);
+ header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', strtotime("+6 months")), true);
header("Pragma: public");
header("Cache-Control: public");
- header("Content-Length: " . strlen($contents));
- header("ETag: $etag");
- // this chunking is done for supposedly better performance
- $split_string = str_split($contents, 1024);
- foreach ($split_string as $chunk) {
- echo $chunk;
- }
+ header("Content-Length: $size");
+ header("ETag: \"$etag\"");
+ readfile($filename);
exit;
}
}
diff --git a/mod/profile/views/default/profile/details.php b/mod/profile/views/default/profile/details.php
index 3af5cb756..7b05b0e15 100644
--- a/mod/profile/views/default/profile/details.php
+++ b/mod/profile/views/default/profile/details.php
@@ -28,7 +28,7 @@ if (is_array($profile_fields) && sizeof($profile_fields) > 0) {
<div class="<?php echo $even_odd; ?>">
<b><?php echo elgg_echo("profile:{$shortname}"); ?>: </b>
<?php
- echo elgg_view("output/{$valtype}", array('value' => $user->$shortname));
+ echo elgg_view("output/{$valtype}", array('value' => $value));
?>
</div>
<?php
diff --git a/mod/search/start.php b/mod/search/start.php
index d2d7ed3c2..f493508d8 100644
--- a/mod/search/start.php
+++ b/mod/search/start.php
@@ -94,6 +94,8 @@ function search_get_highlighted_relevant_substrings($haystack, $query, $min_matc
if (!$tag_match) {
$words = search_remove_ignored_words($query, 'array');
+ } else {
+ $words = array();
}
// if haystack < $max_length return the entire haystack w/formatting immediately
@@ -142,7 +144,7 @@ function search_get_highlighted_relevant_substrings($haystack, $query, $min_matc
$total_length = array_sum($offsets);
$add_length = 0;
- if ($total_length < $max_length) {
+ if ($total_length < $max_length && $offsets) {
$add_length = floor((($max_length - $total_length) / count($offsets)) / 2);
$starts = array();
diff --git a/mod/search/views/default/search/no_results.php b/mod/search/views/default/search/no_results.php
index 74b5b2cfa..0e9a5e295 100644
--- a/mod/search/views/default/search/no_results.php
+++ b/mod/search/views/default/search/no_results.php
@@ -3,4 +3,4 @@
* No results from search
*/
-echo autop(elgg_echo('search:no_results'));
+echo elgg_autop(elgg_echo('search:no_results'));
diff --git a/mod/search/views/default/search/search_box.php b/mod/search/views/default/search/search_box.php
index ff12ae4f0..7474a280c 100644
--- a/mod/search/views/default/search/search_box.php
+++ b/mod/search/views/default/search/search_box.php
@@ -32,12 +32,11 @@ if (function_exists('mb_convert_encoding')) {
}
$display_query = htmlspecialchars($display_query, ENT_QUOTES, 'UTF-8', false);
-
?>
<form class="<?php echo $class; ?>" action="<?php echo elgg_get_site_url(); ?>search" method="get">
<fieldset>
- <input type="text" class="search-input" size="21" name="q" value="<?php echo elgg_echo('search'); ?>" onblur="if (this.value=='') { this.value='<?php echo elgg_echo('search'); ?>' }" onfocus="if (this.value=='<?php echo elgg_echo('search'); ?>') { this.value='' };" />
+ <input type="text" class="search-input" size="21" name="q" value="<?php echo $display_query; ?>" onblur="if (this.value=='') { this.value='<?php echo elgg_echo('search'); ?>' }" onfocus="if (this.value=='<?php echo elgg_echo('search'); ?>') { this.value='' };" />
<input type="hidden" name="search_type" value="all" />
<input type="submit" value="<?php echo elgg_echo('search:go'); ?>" class="search-submit-button" />
</fieldset>
diff --git a/mod/thewire/views/rss/object/thewire.php b/mod/thewire/views/rss/object/thewire.php
index 494c2c8dc..8fddb8aa8 100644
--- a/mod/thewire/views/rss/object/thewire.php
+++ b/mod/thewire/views/rss/object/thewire.php
@@ -15,7 +15,7 @@ $title = elgg_echo('thewire:by', array($owner->name));
$permalink = htmlspecialchars($vars['entity']->getURL(), ENT_NOQUOTES, 'UTF-8');
$pubdate = date('r', $vars['entity']->getTimeCreated());
-$description = autop($vars['entity']->description);
+$description = elgg_autop($vars['entity']->description);
$creator = elgg_view('page/components/creator', $vars);
$georss = elgg_view('page/components/georss', $vars);
diff --git a/mod/twitter/views/default/widgets/twitter/content.php b/mod/twitter/views/default/widgets/twitter/content.php
index e429d0103..c616d944c 100644
--- a/mod/twitter/views/default/widgets/twitter/content.php
+++ b/mod/twitter/views/default/widgets/twitter/content.php
@@ -20,7 +20,7 @@ if ($username) {
<ul id="twitter_update_list"></ul>
<p class="visit_twitter"><a href="http://twitter.com/<?php echo $username; ?>"><?php echo elgg_echo("twitter:visit"); ?></a></p>
<script type="text/javascript" src="http://twitter.com/javascripts/blogger.js"></script>
- <script type="text/javascript" src="http://twitter.com/statuses/user_timeline/<?php echo $username; ?>.json?callback=twitterCallback2&count=<?php echo $num; ?>"></script>
+ <script type="text/javascript" src="https://api.twitter.com/1/statuses/user_timeline/<?php echo $username; ?>.json?callback=twitterCallback2&count=<?php echo $num; ?>"></script>
</div>
<?php
diff --git a/mod/twitter_api/vendors/twitteroauth/OAuth.php b/mod/twitter_api/vendors/twitteroauth/OAuth.php
index b0e3cfd5e..e132a5bc8 100644
--- a/mod/twitter_api/vendors/twitteroauth/OAuth.php
+++ b/mod/twitter_api/vendors/twitteroauth/OAuth.php
@@ -78,6 +78,7 @@ class twitterOAuthRequest extends OAuthRequest {
private $http_url;
// for debug purposes
public $base_string;
+ public static $version = '1.0';
public static $POST_INPUT = 'php://input';
function __construct($http_method, $http_url, $parameters=NULL) {
@@ -145,7 +146,7 @@ class twitterOAuthRequest extends OAuthRequest {
*/
public static function from_consumer_and_token($consumer, $token, $http_method, $http_url, $parameters=NULL) {
@$parameters or $parameters = array();
- $defaults = array("oauth_version" => '1.0',
+ $defaults = array("oauth_version" => twitterOAuthRequest::$version,
"oauth_nonce" => twitterOAuthRequest::generate_nonce(),
"oauth_timestamp" => twitterOAuthRequest::generate_timestamp(),
"oauth_consumer_key" => $consumer->key);
diff --git a/mod/twitter_api/vendors/twitteroauth/twitterOAuth.php b/mod/twitter_api/vendors/twitteroauth/twitterOAuth.php
index a1021ce6f..f36e6158d 100644
--- a/mod/twitter_api/vendors/twitteroauth/twitterOAuth.php
+++ b/mod/twitter_api/vendors/twitteroauth/twitterOAuth.php
@@ -43,8 +43,8 @@ class TwitterOAuth {
* Set API URLS
*/
function accessTokenURL() { return 'https://api.twitter.com/oauth/access_token'; }
- function authenticateURL() { return 'https://twitter.com/oauth/authenticate'; }
- function authorizeURL() { return 'https://twitter.com/oauth/authorize'; }
+ function authenticateURL() { return 'https://api.twitter.com/oauth/authenticate'; }
+ function authorizeURL() { return 'https://api.twitter.com/oauth/authorize'; }
function requestTokenURL() { return 'https://api.twitter.com/oauth/request_token'; }
/**
diff --git a/mod/uservalidationbyemail/start.php b/mod/uservalidationbyemail/start.php
index f98f57faf..f44d2ab50 100644
--- a/mod/uservalidationbyemail/start.php
+++ b/mod/uservalidationbyemail/start.php
@@ -233,15 +233,23 @@ function uservalidationbyemail_public_pages($hook, $type, $return_value, $params
* @param string $type
* @param ElggUser $user
* @return bool
+ *
+ * @throws LoginException
*/
function uservalidationbyemail_check_manual_login($event, $type, $user) {
$access_status = access_get_show_hidden_status();
access_show_hidden_entities(TRUE);
- // @todo register_error()?
- $return = ($user instanceof ElggUser && !$user->isEnabled() && !$user->validated) ? FALSE : NULL;
+ if (($user instanceof ElggUser) && !$user->isEnabled() && !$user->validated) {
+ // send new validation email
+ uservalidationbyemail_request_validation($user->getGUID());
+
+ // restore hidden entities settings
+ access_show_hidden_entities($access_status);
+
+ // throw error so we get a nice error message
+ throw new LoginException(elgg_echo('uservalidationbyemail:login:fail'));
+ }
access_show_hidden_entities($access_status);
-
- return $return;
}
diff --git a/mod/uservalidationbyemail/views/default/forms/uservalidationbyemail/bulk_action.php b/mod/uservalidationbyemail/views/default/forms/uservalidationbyemail/bulk_action.php
index cbd13a709..9199922d6 100644
--- a/mod/uservalidationbyemail/views/default/forms/uservalidationbyemail/bulk_action.php
+++ b/mod/uservalidationbyemail/views/default/forms/uservalidationbyemail/bulk_action.php
@@ -27,7 +27,7 @@ if (!$count) {
access_show_hidden_entities($hidden_entities);
elgg_set_ignore_access($ia);
- echo autop(elgg_echo('uservalidationbyemail:admin:no_unvalidated_users'));
+ echo elgg_autop(elgg_echo('uservalidationbyemail:admin:no_unvalidated_users'));
return TRUE;
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-09 23:38:20 +0000