diff options
Diffstat (limited to 'mod')
74 files changed, 1011 insertions, 293 deletions
diff --git a/mod/blog/actions/blog/auto_save_revision.php b/mod/blog/actions/blog/auto_save_revision.php index 66b65c5fd..e33edfaab 100644 --- a/mod/blog/actions/blog/auto_save_revision.php +++ b/mod/blog/actions/blog/auto_save_revision.php @@ -7,7 +7,7 @@ $guid = get_input('guid'); $user = elgg_get_logged_in_user_entity(); -$title = get_input('title'); +$title = htmlspecialchars(get_input('title', '', false), ENT_QUOTES, 'UTF-8'); $description = get_input('description'); $excerpt = get_input('excerpt'); diff --git a/mod/blog/actions/blog/save.php b/mod/blog/actions/blog/save.php index 048bc00be..070c96398 100644 --- a/mod/blog/actions/blog/save.php +++ b/mod/blog/actions/blog/save.php @@ -57,7 +57,11 @@ $required = array('title', 'description'); // load from POST and do sanity and access checking foreach ($values as $name => $default) { - $value = get_input($name, $default); + if ($name === 'title') { + $value = htmlspecialchars(get_input('title', $default, false), ENT_QUOTES, 'UTF-8'); + } else { + $value = get_input($name, $default); + } if (in_array($name, $required) && empty($value)) { $error = elgg_echo("blog:error:missing:$name"); diff --git a/mod/blog/lib/blog.php b/mod/blog/lib/blog.php index 4622a9e7e..3c71dfbab 100644 --- a/mod/blog/lib/blog.php +++ b/mod/blog/lib/blog.php @@ -50,7 +50,7 @@ function blog_get_page_content_read($guid = NULL) { /** * Get page components to list a user's or all blogs. * - * @param int $owner_guid The GUID of the page owner or NULL for all blogs + * @param int $container_guid The GUID of the page owner or NULL for all blogs * @return array */ function blog_get_page_content_list($container_guid = NULL) { @@ -62,10 +62,11 @@ function blog_get_page_content_list($container_guid = NULL) { $options = array( 'type' => 'object', 'subtype' => 'blog', - 'full_view' => FALSE, + 'full_view' => false, ); - $loggedin_userid = elgg_get_logged_in_user_guid(); + $current_user = elgg_get_logged_in_user_entity(); + if ($container_guid) { // access check for closed groups group_gatekeeper(); @@ -80,7 +81,7 @@ function blog_get_page_content_list($container_guid = NULL) { $crumbs_title = $container->name; elgg_push_breadcrumb($crumbs_title); - if ($container_guid == $loggedin_userid) { + if ($current_user && ($container_guid == $current_user->guid)) { $return['filter_context'] = 'mine'; } else if (elgg_instanceof($container, 'group')) { $return['filter'] = false; @@ -99,7 +100,13 @@ function blog_get_page_content_list($container_guid = NULL) { // show all posts for admin or users looking at their own blogs // show only published posts for other users. - if (!(elgg_is_admin_logged_in() || (elgg_is_logged_in() && $container_guid == $loggedin_userid))) { + $show_only_published = true; + if ($current_user) { + if (($current_user->guid == $container_guid) || $current_user->isAdmin()) { + $show_only_published = false; + } + } + if ($show_only_published) { $options['metadata_name_value_pairs'] = array( array('name' => 'status', 'value' => 'published'), ); @@ -155,11 +162,14 @@ function blog_get_page_content_friends($user_guid) { // admin / owners can see any posts // everyone else can only see published posts - if (!(elgg_is_admin_logged_in() || (elgg_is_logged_in() && $owner_guid == elgg_get_logged_in_user_guid()))) { - if ($upper > $now) { - $upper = $now; + $show_only_published = true; + $current_user = elgg_get_logged_in_user_entity(); + if ($current_user) { + if (($user_guid == $current_user->guid) || $current_user->isAdmin()) { + $show_only_published = false; } - + } + if ($show_only_published) { $options['metadata_name_value_pairs'][] = array( array('name' => 'status', 'value' => 'published') ); @@ -240,9 +250,9 @@ function blog_get_page_content_archive($owner_guid, $lower = 0, $upper = 0) { $list = elgg_list_entities_from_metadata($options); if (!$list) { - $content .= elgg_echo('blog:none'); + $content = elgg_echo('blog:none'); } else { - $content .= $list; + $content = $list; } $title = elgg_echo('date:month:' . date('m', $lower), array(date('Y', $lower))); @@ -274,6 +284,7 @@ function blog_get_page_content_edit($page, $guid = 0, $revision = NULL) { $vars['id'] = 'blog-post-edit'; $vars['class'] = 'elgg-form-alt'; + $sidebar = ''; if ($page == 'edit') { $blog = get_entity((int)$guid); @@ -310,14 +321,8 @@ function blog_get_page_content_edit($page, $guid = 0, $revision = NULL) { $content = elgg_echo('blog:error:cannot_edit_post'); } } else { - if (!$guid) { - $container = elgg_get_logged_in_user_entity(); - } else { - $container = get_entity($guid); - } - elgg_push_breadcrumb(elgg_echo('blog:add')); - $body_vars = blog_prepare_form_vars($blog); + $body_vars = blog_prepare_form_vars(null); $title = elgg_echo('blog:add'); $content = elgg_view_form('blog/save', $vars, $body_vars); @@ -384,7 +389,7 @@ function blog_prepare_form_vars($post = NULL, $revision = NULL) { if ($auto_save_annotations = $post->getAnnotations('blog_auto_save', 1)) { $auto_save = $auto_save_annotations[0]; } else { - $auto_save == FALSE; + $auto_save = false; } if ($auto_save && $auto_save->id != $revision->id) { @@ -396,52 +401,74 @@ function blog_prepare_form_vars($post = NULL, $revision = NULL) { /** * Forward to the new style of URLs + * + * Pre-1.7.5 + * Group blogs page: /blog/group:<container_guid>/ + * Group blog view: /blog/group:<container_guid>/read/<guid>/<title> + * 1.7.5-1.8 + * Group blogs page: /blog/owner/group:<container_guid>/ + * Group blog view: /blog/read/<guid> + * * * @param string $page */ function blog_url_forwarder($page) { - global $CONFIG; + + $viewtype = elgg_get_viewtype(); + $qs = ($viewtype === 'default') ? "" : "?view=$viewtype"; + + $url = "blog/all"; + + // easier to work with & no notices + $page = array_pad($page, 4, ""); // group usernames - if (substr_count($page[0], 'group:')) { - preg_match('/group\:([0-9]+)/i', $page[0], $matches); + if (preg_match('~/group\:([0-9]+)/~', "/{$page[0]}/{$page[1]}/", $matches)) { $guid = $matches[1]; $entity = get_entity($guid); - if ($entity) { - $url = "{$CONFIG->wwwroot}blog/group/$guid/all"; + if (elgg_instanceof($entity, 'group')) { + if (!empty($page[2])) { + $url = "blog/view/$page[2]/"; + } else { + $url = "blog/group/$guid/all"; + } register_error(elgg_echo("changebookmark")); - forward($url); + forward($url . $qs); } } + if (empty($page[0])) { + return; + } + // user usernames $user = get_user_by_username($page[0]); if (!$user) { return; } - if (!isset($page[1])) { + if (empty($page[1])) { $page[1] = 'owner'; } switch ($page[1]) { case "read": - $url = "{$CONFIG->wwwroot}blog/view/{$page[2]}/{$page[3]}"; + $url = "blog/view/{$page[2]}/{$page[3]}"; break; case "archive": - $url = "{$CONFIG->wwwroot}blog/archive/{$page[0]}/{$page[2]}/{$page[3]}"; + $url = "blog/archive/{$page[0]}/{$page[2]}/{$page[3]}"; break; case "friends": - $url = "{$CONFIG->wwwroot}blog/friends/{$page[0]}"; + $url = "blog/friends/{$page[0]}"; break; case "new": - $url = "{$CONFIG->wwwroot}blog/add/$user->guid"; + $url = "blog/add/$user->guid"; break; case "owner": - $url = "{$CONFIG->wwwroot}blog/owner/{$page[0]}"; + $url = "blog/owner/{$page[0]}"; break; } register_error(elgg_echo("changebookmark")); - forward($url); + forward($url . $qs); } diff --git a/mod/blog/start.php b/mod/blog/start.php index 9faf1794e..eb6eee05f 100644 --- a/mod/blog/start.php +++ b/mod/blog/start.php @@ -99,8 +99,7 @@ function blog_page_handler($page) { elgg_load_library('elgg:blog'); - // @todo remove the forwarder in 1.9 - // forward to correct URL for blog pages pre-1.7.5 + // forward to correct URL for blog pages pre-1.8 blog_url_forwarder($page); // push all blogs breadcrumb @@ -125,9 +124,12 @@ function blog_page_handler($page) { $params = blog_get_page_content_archive($user->guid, $page[2], $page[3]); break; case 'view': - case 'read': // Elgg 1.7 compatibility $params = blog_get_page_content_read($page[1]); break; + case 'read': // Elgg 1.7 compatibility + register_error(elgg_echo("changebookmark")); + forward("blog/view/{$page[1]}"); + break; case 'add': gatekeeper(); $params = blog_get_page_content_edit($page_type, $page[1]); diff --git a/mod/blog/views/default/forms/blog/save.php b/mod/blog/views/default/forms/blog/save.php index a805541bd..36fa2e0e8 100644 --- a/mod/blog/views/default/forms/blog/save.php +++ b/mod/blog/views/default/forms/blog/save.php @@ -23,7 +23,7 @@ if ($vars['guid']) { $delete_link = elgg_view('output/confirmlink', array( 'href' => $delete_url, 'text' => elgg_echo('delete'), - 'class' => 'elgg-button elgg-button-delete elgg-state-disabled float-alt' + 'class' => 'elgg-button elgg-button-delete float-alt' )); } @@ -53,7 +53,7 @@ $excerpt_label = elgg_echo('blog:excerpt'); $excerpt_input = elgg_view('input/text', array( 'name' => 'excerpt', 'id' => 'blog_excerpt', - 'value' => html_entity_decode($vars['excerpt'], ENT_COMPAT, 'UTF-8') + 'value' => _elgg_html_decode($vars['excerpt']) )); $body_label = elgg_echo('blog:body'); @@ -125,9 +125,10 @@ $draft_warning $excerpt_input </div> -<label for="blog_description">$body_label</label> -$body_input -<br /> +<div> + <label for="blog_description">$body_label</label> + $body_input +</div> <div> <label for="blog_tags">$tags_label</label> diff --git a/mod/bookmarks/actions/bookmarks/save.php b/mod/bookmarks/actions/bookmarks/save.php index 3ca6bef32..46090b115 100644 --- a/mod/bookmarks/actions/bookmarks/save.php +++ b/mod/bookmarks/actions/bookmarks/save.php @@ -5,7 +5,7 @@ * @package Bookmarks */ -$title = strip_tags(get_input('title')); +$title = htmlspecialchars(get_input('title', '', false), ENT_QUOTES, 'UTF-8'); $description = get_input('description'); $address = get_input('address'); $access_id = get_input('access_id'); diff --git a/mod/bookmarks/start.php b/mod/bookmarks/start.php index 66e22b565..3846f5165 100644 --- a/mod/bookmarks/start.php +++ b/mod/bookmarks/start.php @@ -125,11 +125,14 @@ function bookmarks_page_handler($page) { include "$pages/friends.php"; break; - case "read": case "view": set_input('guid', $page[1]); include "$pages/view.php"; break; + case 'read': // Elgg 1.7 compatibility + register_error(elgg_echo("changebookmark")); + forward("bookmarks/view/{$page[1]}"); + break; case "add": gatekeeper(); diff --git a/mod/developers/languages/en.php b/mod/developers/languages/en.php index 262759e23..856efe008 100644 --- a/mod/developers/languages/en.php +++ b/mod/developers/languages/en.php @@ -54,6 +54,7 @@ $english = array( 'theme_preview:modules' => 'Modules', 'theme_preview:navigation' => 'Navigation', 'theme_preview:typography' => 'Typography', + 'theme_preview:miscellaneous' => 'Miscellaneous', // unit tests 'developers:unit_tests:description' => 'Elgg has unit and integration tests for detecting bugs in its core classes and functions.', diff --git a/mod/developers/start.php b/mod/developers/start.php index d77a96b36..413a8ed9b 100644 --- a/mod/developers/start.php +++ b/mod/developers/start.php @@ -176,6 +176,7 @@ function developers_theme_preview_controller($page) { 'modules', 'navigation', 'typography', + 'miscellaneous' ); foreach ($pages as $page_name) { diff --git a/mod/developers/views/default/developers/css.php b/mod/developers/views/default/developers/css.php index 4690945a9..b4f59fdec 100644 --- a/mod/developers/views/default/developers/css.php +++ b/mod/developers/views/default/developers/css.php @@ -21,3 +21,7 @@ color: #666; padding: 20px; } + +.developers-content-thin { + max-width: 600px; +}
\ No newline at end of file diff --git a/mod/developers/views/default/forms/developers/settings.php b/mod/developers/views/default/forms/developers/settings.php index 584f6af30..78e1372de 100644 --- a/mod/developers/views/default/forms/developers/settings.php +++ b/mod/developers/views/default/forms/developers/settings.php @@ -10,20 +10,22 @@ echo '<p>' . elgg_echo('elgg_dev_tools:settings:explanation') . '</p>'; foreach ($vars['data'] as $name => $info) { echo '<div>'; if ($info['type'] == 'checkbox') { + echo '<label>'; echo elgg_view("input/checkbox", array( 'name' => $name, 'value' => $info['value'], 'checked' => $info['checked'], )); - echo '<label>' . elgg_echo("developers:label:$name") . '</label>'; + echo elgg_echo("developers:label:$name") . '</label>'; echo '<span class="elgg-text-help">' . elgg_echo("developers:help:$name") . '</span>'; } else { - echo '<label>' . elgg_echo("developers:label:$name") . '</label>'; + echo '<label>' . elgg_echo("developers:label:$name"); echo elgg_view("input/{$info['type']}", array( 'name' => $name, 'value' => $info['value'], 'options_values' => $info['options_values'], )); + echo '</label>'; echo '<span class="elgg-text-help">' . elgg_echo("developers:help:$name") . '</span>'; } echo '</div>'; diff --git a/mod/developers/views/default/page/theme_preview.php b/mod/developers/views/default/page/theme_preview.php index 584387ec1..ee2bc0c0f 100644 --- a/mod/developers/views/default/page/theme_preview.php +++ b/mod/developers/views/default/page/theme_preview.php @@ -18,9 +18,19 @@ header("Content-type: text/html; charset=UTF-8"); </head> <body> <div class="elgg-page elgg-page-default"> + <div class="elgg-page-messages"> + <ul class="elgg-system-messages"> + <li class="hidden"></li> + </ul> + </div> <div class="elgg-page-header"> <div class="elgg-inner"> <h1 class="elgg-heading-site">Theme Sandbox</h1> + <?php + if (get_input("site_menu", false)) { + echo elgg_view_menu('site'); + } + ?> </div> </div> <div class="elgg-page-body"> diff --git a/mod/developers/views/default/theme_preview/components.php b/mod/developers/views/default/theme_preview/components.php index 2f414cd88..50c155b14 100644 --- a/mod/developers/views/default/theme_preview/components.php +++ b/mod/developers/views/default/theme_preview/components.php @@ -22,4 +22,4 @@ $body = elgg_view('theme_preview/components/tags'); echo elgg_view_module('info', 'Tags (.elgg-tag)', $body); $body = elgg_view('theme_preview/components/messages'); -echo elgg_view_module('info', 'Messages (.elgg-message)', $body); +echo elgg_view_module('info', 'Messages (.elgg-message)', $body);
\ No newline at end of file diff --git a/mod/developers/views/default/theme_preview/general.php b/mod/developers/views/default/theme_preview/general.php index 629462873..7d98d4443 100644 --- a/mod/developers/views/default/theme_preview/general.php +++ b/mod/developers/views/default/theme_preview/general.php @@ -11,6 +11,29 @@ The preview is divided into sections that are listed in the page menu (usually in the sidebar but depends on your current theme). </p> +<?php +$simple_cache = elgg_get_config('simplecache_enabled'); +$system_cache = elgg_get_config('system_cache_enabled'); + +if ($simple_cache || $system_cache) { + $advanced = elgg_view('output/url', array( + 'text' => 'Advanced Settings', + 'href' => 'admin/settings/advanced', + 'is_trusted' => true + )); + $developers = elgg_view('output/url', array( + 'text' => 'Developers\' Plugin Settings', + 'href' => 'admin/developers/settings', + 'is_trusted' => true + )); + + $body = "Caches are enabled. Changes you make to CSS and views might not appear. It is + always recommended to disable caches while developing themes and plugins. To + disable caches, visit the $advanced or $developers pages."; + + echo elgg_view_module('info', 'Warning', $body); +} +?> <p> <?php echo elgg_view('output/url', array( diff --git a/mod/developers/views/default/theme_preview/miscellaneous.php b/mod/developers/views/default/theme_preview/miscellaneous.php new file mode 100644 index 000000000..2f4ee4acd --- /dev/null +++ b/mod/developers/views/default/theme_preview/miscellaneous.php @@ -0,0 +1,22 @@ +<?php +/** + * Miscellaneous and complex components + */ + +$body = elgg_view('theme_preview/miscellaneous/lightbox'); +echo elgg_view_module('info', 'Lightbox (.elgg-lightbox)', $body); + +$body = elgg_view('theme_preview/miscellaneous/popup'); +echo elgg_view_module('info', 'Popup (rel=popup)', $body); + +$body = elgg_view('theme_preview/miscellaneous/toggle'); +echo elgg_view_module('info', 'Toggle (rel=toggle)', $body); + +$body = elgg_view('theme_preview/miscellaneous/system_messages'); +echo elgg_view_module('info', 'System Messages and Errors', $body); + +$body = elgg_view('theme_preview/miscellaneous/site_menu'); +echo elgg_view_module('info', 'Site Menu', $body); + +$body = elgg_view('theme_preview/miscellaneous/user_hover_menu'); +echo elgg_view_module('info', 'User Icon with Hover Menu', $body);
\ No newline at end of file diff --git a/mod/developers/views/default/theme_preview/miscellaneous/lightbox.php b/mod/developers/views/default/theme_preview/miscellaneous/lightbox.php new file mode 100644 index 000000000..b673c4ee0 --- /dev/null +++ b/mod/developers/views/default/theme_preview/miscellaneous/lightbox.php @@ -0,0 +1,19 @@ +<?php + +elgg_load_js('lightbox'); +elgg_load_css('lightbox'); + +$ipsum = elgg_view('developers/ipsum'); + +$link = elgg_view('output/url', array( + 'text' => 'Open lighbox', + 'href' => "#elgg-lightbox-test", + 'class' => 'elgg-lightbox' +)); + +echo $link; +echo '<div class="hidden">'; +echo elgg_view_module('aside', 'Lightbox Test', $ipsum, array( + 'id' => 'elgg-lightbox-test' +)); +echo '</div>';
\ No newline at end of file diff --git a/mod/developers/views/default/theme_preview/miscellaneous/popup.php b/mod/developers/views/default/theme_preview/miscellaneous/popup.php new file mode 100644 index 000000000..b711bb7cc --- /dev/null +++ b/mod/developers/views/default/theme_preview/miscellaneous/popup.php @@ -0,0 +1,15 @@ +<?php + +$ipsum = elgg_view('developers/ipsum'); + +$link = elgg_view('output/url', array( + 'text' => 'Popup content', + 'href' => "#elgg-popup-test", + 'rel' => 'popup' +)); + +echo $link; +echo elgg_view_module('popup', 'Popup Test', $ipsum, array( + 'id' => 'elgg-popup-test', + 'class' => 'hidden clearfix developers-content-thin', +));
\ No newline at end of file diff --git a/mod/developers/views/default/theme_preview/miscellaneous/site_menu.php b/mod/developers/views/default/theme_preview/miscellaneous/site_menu.php new file mode 100644 index 000000000..e2384b9f7 --- /dev/null +++ b/mod/developers/views/default/theme_preview/miscellaneous/site_menu.php @@ -0,0 +1,15 @@ +<?php + +if (!get_input('site_menu')) { + echo elgg_view('output/url', array( + 'text' => 'Show Site Menu', + 'href' => elgg_http_add_url_query_elements(current_page_url(), array('site_menu' => 1)), + 'is_trusted' => true + )); +} else { + echo elgg_view('output/url', array( + 'text' => 'Hide Site Menu', + 'href' => elgg_http_remove_url_query_element(current_page_url(), 'site_menu'), + 'is_trusted' => true + )); +}
\ No newline at end of file diff --git a/mod/developers/views/default/theme_preview/miscellaneous/system_messages.php b/mod/developers/views/default/theme_preview/miscellaneous/system_messages.php new file mode 100644 index 000000000..a6663a3dc --- /dev/null +++ b/mod/developers/views/default/theme_preview/miscellaneous/system_messages.php @@ -0,0 +1,35 @@ +<?php + +// can't use the ipsum because it includes html when wrapping views. +$message = elgg_view('output/url', array( + 'text' => 'Show system message (system_message())', + 'is_trusted' => true, + 'href' => '#', + 'id' => 'developers-system-message', +// 'onclick' => "elgg.system_message('Elgg System Message');" +)); + +$error = elgg_view('output/url', array( + 'text' => 'Show error message (register_error())', + 'is_trusted' => true, + 'href' => '#', + 'id' => 'developers-error-message', +)); + +?> +<script type="text/javascript"> + $(function() { + $('#developers-system-message').click(function() { + elgg.system_message('Elgg System Message'); + }) + + $('#developers-error-message').click(function() { + elgg.register_error('Elgg Error Message'); + }) + }); +</script> + +<ul> + <li><?php echo $message; ?></li> + <li><?php echo $error; ?></li> +</ul>
\ No newline at end of file diff --git a/mod/developers/views/default/theme_preview/miscellaneous/toggle.php b/mod/developers/views/default/theme_preview/miscellaneous/toggle.php new file mode 100644 index 000000000..abe39ddd8 --- /dev/null +++ b/mod/developers/views/default/theme_preview/miscellaneous/toggle.php @@ -0,0 +1,15 @@ +<?php + +$ipsum = elgg_view('developers/ipsum'); + +$link = elgg_view('output/url', array( + 'text' => 'Toggle content', + 'href' => "#elgg-toggle-test", + 'rel' => 'toggle' +)); + +echo $link; +echo elgg_view_module('featured', 'Toggle Test', $ipsum, array( + 'id' => 'elgg-toggle-test', + 'class' => 'hidden clearfix developers-content-thin', +));
\ No newline at end of file diff --git a/mod/developers/views/default/theme_preview/miscellaneous/user_hover_menu.php b/mod/developers/views/default/theme_preview/miscellaneous/user_hover_menu.php new file mode 100644 index 000000000..45331b6e0 --- /dev/null +++ b/mod/developers/views/default/theme_preview/miscellaneous/user_hover_menu.php @@ -0,0 +1,16 @@ +<?php + +$me = elgg_get_logged_in_user_entity(); +echo elgg_view_entity_icon($me); + +// show another user if available +$users = elgg_get_entities(array( + 'type' => 'user', + 'wheres' => array("guid != {$me->getGUID()}"), + 'limit' => 1 +)); + +if (is_array($users) && count($users) > 0) { + echo elgg_view_entity_icon($users[0]); +} + diff --git a/mod/developers/views/default/theme_preview/modules.php b/mod/developers/views/default/theme_preview/modules.php index 3e0acb3a5..c46c94296 100644 --- a/mod/developers/views/default/theme_preview/modules.php +++ b/mod/developers/views/default/theme_preview/modules.php @@ -2,5 +2,5 @@ echo elgg_view_module('info', 'Modules (.elgg-module)', elgg_view('theme_preview/modules/modules')); -echo elgg_view_module('info', 'Widgets (.elgg-widget)', elgg_view('theme_preview/modules/widgets')); +echo elgg_view_module('info', 'Widgets (.elgg-module-widget)', elgg_view('theme_preview/modules/widgets')); diff --git a/mod/file/actions/file/upload.php b/mod/file/actions/file/upload.php index d72d04eb7..d6dce2528 100644 --- a/mod/file/actions/file/upload.php +++ b/mod/file/actions/file/upload.php @@ -6,7 +6,7 @@ */ // Get variables -$title = get_input("title"); +$title = htmlspecialchars(get_input('title', '', false), ENT_QUOTES, 'UTF-8'); $desc = get_input("description"); $access_id = (int) get_input("access_id"); $container_guid = (int) get_input('container_guid', 0); @@ -44,7 +44,7 @@ if ($new_file) { // if no title on new upload, grab filename if (empty($title)) { - $title = $_FILES['upload']['name']; + $title = htmlspecialchars($_FILES['upload']['name'], ENT_QUOTES, 'UTF-8'); } } else { diff --git a/mod/file/start.php b/mod/file/start.php index 172042332..7ea050ce3 100644 --- a/mod/file/start.php +++ b/mod/file/start.php @@ -121,8 +121,11 @@ function file_page_handler($page) { file_register_toggle(); include "$file_dir/friends.php"; break; - case 'view': case 'read': // Elgg 1.7 compatibility + register_error(elgg_echo("changebookmark")); + forward("file/view/{$page[1]}"); + break; + case 'view': set_input('guid', $page[1]); include "$file_dir/view.php"; break; diff --git a/mod/file/thumbnail.php b/mod/file/thumbnail.php index 35bf8c7f7..851f13a8f 100644 --- a/mod/file/thumbnail.php +++ b/mod/file/thumbnail.php @@ -46,7 +46,7 @@ if ($simpletype == "image") { // caching images for 10 days header("Content-type: $mime"); - header('Expires: ' . date('r',time() + 864000)); + header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', strtotime("+10 days")), true); header("Pragma: public", true); header("Cache-Control: public", true); header("Content-Length: " . strlen($contents)); diff --git a/mod/file/views/default/object/file.php b/mod/file/views/default/object/file.php index b3f530183..64f19c483 100644 --- a/mod/file/views/default/object/file.php +++ b/mod/file/views/default/object/file.php @@ -68,6 +68,7 @@ if ($full && !elgg_in_context('gallery')) { $params = array( 'entity' => $file, + 'title' => false, 'metadata' => $metadata, 'subtitle' => $subtitle, ); @@ -79,7 +80,6 @@ if ($full && !elgg_in_context('gallery')) { echo elgg_view('object/elements/full', array( 'entity' => $file, - 'title' => false, 'icon' => $file_icon, 'summary' => $summary, 'body' => $body, diff --git a/mod/groups/actions/discussion/save.php b/mod/groups/actions/discussion/save.php index de4afadfb..b3e9da654 100644 --- a/mod/groups/actions/discussion/save.php +++ b/mod/groups/actions/discussion/save.php @@ -4,7 +4,7 @@ */ // Get variables -$title = get_input("title"); +$title = htmlspecialchars(get_input('title', '', false), ENT_QUOTES, 'UTF-8'); $desc = get_input("description"); $status = get_input("status"); $access_id = (int) get_input("access_id"); diff --git a/mod/groups/actions/groups/edit.php b/mod/groups/actions/groups/edit.php index df2464a65..d0689be2e 100644 --- a/mod/groups/actions/groups/edit.php +++ b/mod/groups/actions/groups/edit.php @@ -5,27 +5,25 @@ * @package ElggGroups */ -// Load configuration -global $CONFIG; +elgg_make_sticky_form('groups'); /** * wrapper for recursive array walk decoding */ function profile_array_decoder(&$v) { - $v = html_entity_decode($v, ENT_COMPAT, 'UTF-8'); + $v = _elgg_html_decode($v); } -elgg_make_sticky_form('groups'); - // Get group fields $input = array(); -foreach ($CONFIG->group as $shortname => $valuetype) { - // another work around for Elgg's encoding problems: #561, #1963 +foreach (elgg_get_config('group') as $shortname => $valuetype) { $input[$shortname] = get_input($shortname); + + // @todo treat profile fields as unescaped: don't filter, encode on output if (is_array($input[$shortname])) { array_walk_recursive($input[$shortname], 'profile_array_decoder'); } else { - $input[$shortname] = html_entity_decode($input[$shortname], ENT_COMPAT, 'UTF-8'); + $input[$shortname] = _elgg_html_decode($input[$shortname]); } if ($valuetype == 'tags') { @@ -33,21 +31,22 @@ foreach ($CONFIG->group as $shortname => $valuetype) { } } -$input['name'] = get_input('name'); -$input['name'] = html_entity_decode($input['name'], ENT_COMPAT, 'UTF-8'); +$input['name'] = htmlspecialchars(get_input('name', '', false), ENT_QUOTES, 'UTF-8'); $user = elgg_get_logged_in_user_entity(); $group_guid = (int)get_input('group_guid'); -$new_group_flag = $group_guid == 0; +$is_new_group = $group_guid == 0; -if ($new_group_flag && elgg_get_plugin_setting('limited_groups', 'groups') == 'yes' && !elgg_is_admin_logged_in()) { +if ($is_new_group + && (elgg_get_plugin_setting('limited_groups', 'groups') == 'yes') + && !$user->isAdmin()) { register_error(elgg_echo("groups:cantcreate")); forward(REFERER); } $group = new ElggGroup($group_guid); // load if present, if not create a new group -if (($group_guid) && (!$group->canEdit())) { +if ($group_guid && !$group->canEdit()) { register_error(elgg_echo("groups:cantedit")); forward(REFERER); } @@ -62,37 +61,46 @@ if (sizeof($input) > 0) { // Validate create if (!$group->name) { register_error(elgg_echo("groups:notitle")); - forward(REFERER); } // Set group tool options -if (isset($CONFIG->group_tool_options)) { - foreach ($CONFIG->group_tool_options as $group_option) { - $group_option_toggle_name = $group_option->name . "_enable"; - if ($group_option->default_on) { - $group_option_default_value = 'yes'; - } else { - $group_option_default_value = 'no'; - } - $group->$group_option_toggle_name = get_input($group_option_toggle_name, $group_option_default_value); +$tool_options = elgg_get_config('group_tool_options'); +if ($tool_options) { + foreach ($tool_options as $group_option) { + $option_toggle_name = $group_option->name . "_enable"; + $option_default = $group_option->default_on ? 'yes' : 'no'; + $group->$option_toggle_name = get_input($option_toggle_name, $option_default); } } // Group membership - should these be treated with same constants as access permissions? -switch (get_input('membership')) { - case ACCESS_PUBLIC: - $group->membership = ACCESS_PUBLIC; - break; - default: - $group->membership = ACCESS_PRIVATE; -} +$is_public_membership = (get_input('membership') == ACCESS_PUBLIC); +$group->membership = $is_public_membership ? ACCESS_PUBLIC : ACCESS_PRIVATE; -if ($new_group_flag) { +if ($is_new_group) { $group->access_id = ACCESS_PUBLIC; } +$old_owner_guid = $is_new_group ? 0 : $group->owner_guid; +$new_owner_guid = (int) get_input('owner_guid'); + +$owner_has_changed = false; +$old_icontime = null; +if (!$is_new_group && $new_owner_guid && $new_owner_guid != $old_owner_guid) { + // verify new owner is member and old owner/admin is logged in + if (is_group_member($group_guid, $new_owner_guid) && ($old_owner_guid == $user->guid || $user->isAdmin())) { + $group->owner_guid = $new_owner_guid; + + // @todo Remove this when #4683 fixed + $owner_has_changed = true; + $old_icontime = $group->icontime; + } +} + +$must_move_icons = ($owner_has_changed && $old_icontime); + $group->save(); // Invisible group support @@ -116,14 +124,18 @@ $group->save(); elgg_clear_sticky_form('groups'); // group creator needs to be member of new group and river entry created -if ($new_group_flag) { +if ($is_new_group) { + + // @todo this should not be necessary... elgg_set_page_owner_guid($group->guid); + $group->join($user); add_to_river('river/group/create', 'create', $user->guid, $group->guid, $group->access_id); } -// Now see if we have a file icon -if ((isset($_FILES['icon'])) && (substr_count($_FILES['icon']['type'],'image/'))) { +$has_uploaded_icon = (!empty($_FILES['icon']['type']) && substr_count($_FILES['icon']['type'], 'image/')); + +if ($has_uploaded_icon) { $icon_sizes = elgg_get_config('icon_sizes'); @@ -135,38 +147,58 @@ if ((isset($_FILES['icon'])) && (substr_count($_FILES['icon']['type'],'image/')) $filehandler->open("write"); $filehandler->write(get_uploaded_file('icon')); $filehandler->close(); + $filename = $filehandler->getFilenameOnFilestore(); + + $sizes = array('tiny', 'small', 'medium', 'large'); + + $thumbs = array(); + foreach ($sizes as $size) { + $thumbs[$size] = get_resized_image_from_existing_file( + $filename, + $icon_sizes[$size]['w'], + $icon_sizes[$size]['h'], + $icon_sizes[$size]['square'] + ); + } - $thumbtiny = get_resized_image_from_existing_file($filehandler->getFilenameOnFilestore(), $icon_sizes['tiny']['w'], $icon_sizes['tiny']['h'], $icon_sizes['tiny']['square']); - $thumbsmall = get_resized_image_from_existing_file($filehandler->getFilenameOnFilestore(), $icon_sizes['small']['w'], $icon_sizes['small']['h'], $icon_sizes['small']['square']); - $thumbmedium = get_resized_image_from_existing_file($filehandler->getFilenameOnFilestore(), $icon_sizes['medium']['w'], $icon_sizes['medium']['h'], $icon_sizes['medium']['square']); - $thumblarge = get_resized_image_from_existing_file($filehandler->getFilenameOnFilestore(), $icon_sizes['large']['w'], $icon_sizes['large']['h'], $icon_sizes['large']['square']); - if ($thumbtiny) { - + if ($thumbs['tiny']) { // just checking if resize successful $thumb = new ElggFile(); $thumb->owner_guid = $group->owner_guid; $thumb->setMimeType('image/jpeg'); - $thumb->setFilename($prefix."tiny.jpg"); - $thumb->open("write"); - $thumb->write($thumbtiny); - $thumb->close(); + foreach ($sizes as $size) { + $thumb->setFilename("{$prefix}{$size}.jpg"); + $thumb->open("write"); + $thumb->write($thumbs[$size]); + $thumb->close(); + } - $thumb->setFilename($prefix."small.jpg"); - $thumb->open("write"); - $thumb->write($thumbsmall); - $thumb->close(); + $group->icontime = time(); + } +} - $thumb->setFilename($prefix."medium.jpg"); - $thumb->open("write"); - $thumb->write($thumbmedium); - $thumb->close(); +// @todo Remove this when #4683 fixed +if ($must_move_icons) { + $filehandler = new ElggFile(); + $filehandler->setFilename('groups'); + $filehandler->owner_guid = $old_owner_guid; + $old_path = $filehandler->getFilenameOnFilestore(); - $thumb->setFilename($prefix."large.jpg"); - $thumb->open("write"); - $thumb->write($thumblarge); - $thumb->close(); + $sizes = array('', 'tiny', 'small', 'medium', 'large'); - $group->icontime = time(); + if ($has_uploaded_icon) { + // delete those under old owner + foreach ($sizes as $size) { + unlink("$old_path/{$group_guid}{$size}.jpg"); + } + } else { + // move existing to new owner + $filehandler->owner_guid = $group->owner_guid; + $new_path = $filehandler->getFilenameOnFilestore(); + + foreach ($sizes as $size) { + rename("$old_path/{$group_guid}{$size}.jpg", "$new_path/{$group_guid}{$size}.jpg"); + } } } diff --git a/mod/groups/icon.php b/mod/groups/icon.php index 1bd240ea6..ebdc1eb6d 100644 --- a/mod/groups/icon.php +++ b/mod/groups/icon.php @@ -18,7 +18,7 @@ if (!($group instanceof ElggGroup)) { // If is the same ETag, content didn't changed. $etag = $group->icontime . $group_guid; -if (isset($_SERVER['HTTP_IF_NONE_MATCH']) && trim($_SERVER['HTTP_IF_NONE_MATCH']) == $etag) { +if (isset($_SERVER['HTTP_IF_NONE_MATCH']) && trim($_SERVER['HTTP_IF_NONE_MATCH']) == "\"$etag\"") { header("HTTP/1.1 304 Not Modified"); exit; } @@ -46,9 +46,9 @@ if (!$success) { } header("Content-type: image/jpeg"); -header('Expires: ' . date('r',time() + 864000)); +header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', strtotime("+10 days")), true); header("Pragma: public"); header("Cache-Control: public"); header("Content-Length: " . strlen($contents)); -header("ETag: $etag"); +header("ETag: \"$etag\""); echo $contents; diff --git a/mod/groups/languages/en.php b/mod/groups/languages/en.php index 0ca980108..9e0799b3a 100644 --- a/mod/groups/languages/en.php +++ b/mod/groups/languages/en.php @@ -20,7 +20,9 @@ $english = array( 'groups:edit' => "Edit group", 'groups:delete' => 'Delete group', 'groups:membershiprequests' => 'Manage join requests', + 'groups:membershiprequests:pending' => 'Manage join requests (%s)', 'groups:invitations' => 'Group invitations', + 'groups:invitations:pending' => 'Group invitations (%s)', 'groups:icon' => 'Group icon (leave blank to leave unchanged)', 'groups:name' => 'Group name', @@ -30,11 +32,18 @@ $english = array( 'groups:interests' => 'Tags', 'groups:website' => 'Website', 'groups:members' => 'Group members', + 'groups:my_status' => 'My status', + 'groups:my_status:group_owner' => 'You own this group', + 'groups:my_status:group_member' => 'You are in this group', + 'groups:subscribed' => 'Group notifications on', + 'groups:unsubscribed' => 'Group notifications off', + 'groups:members:title' => 'Members of %s', 'groups:members:more' => "View all members", 'groups:membership' => "Group membership permissions", 'groups:access' => "Access permissions", 'groups:owner' => "Owner", + 'groups:owner:warning' => "Warning: if you change this value, you will no longer be the owner of this group.", 'groups:widget:num_display' => 'Number of groups to display', 'groups:widget:membership' => 'Group membership', 'groups:widgets:description' => 'Display the groups you are a member of on your profile', @@ -210,7 +219,7 @@ View and reply to the discussion: 'groups:updated' => "Last reply by %s %s", 'groups:started' => "Started by %s", 'groups:joinrequest:remove:check' => 'Are you sure you want to remove this join request?', - 'groups:invite:remove:check' => 'Are you sure you want to remove this invite?', + 'groups:invite:remove:check' => 'Are you sure you want to remove this invitation?', 'groups:invite:body' => "Hi %s, %s invited you to join the '%s' group. Click below to view your invitations: diff --git a/mod/groups/lib/groups.php b/mod/groups/lib/groups.php index a9eb6e843..7d5c3232c 100644 --- a/mod/groups/lib/groups.php +++ b/mod/groups/lib/groups.php @@ -152,7 +152,7 @@ function groups_handle_mine_page() { elgg_register_title_button(); - $content = elgg_list_entities_from_relationship_count(array( + $content = elgg_list_entities_from_relationship(array( 'type' => 'group', 'relationship' => 'member', 'relationship_guid' => elgg_get_page_owner_guid(), @@ -264,14 +264,33 @@ function groups_handle_profile_page($guid) { groups_register_profile_buttons($group); $content = elgg_view('groups/profile/layout', array('entity' => $group)); - if (group_gatekeeper(false)) { - $sidebar = ''; + $sidebar = ''; + + if (group_gatekeeper(false)) { if (elgg_is_active_plugin('search')) { $sidebar .= elgg_view('groups/sidebar/search', array('entity' => $group)); } $sidebar .= elgg_view('groups/sidebar/members', array('entity' => $group)); - } else { - $sidebar = ''; + + $subscribed = false; + if (elgg_is_active_plugin('notifications')) { + global $NOTIFICATION_HANDLERS; + + foreach ($NOTIFICATION_HANDLERS as $method => $foo) { + $relationship = check_entity_relationship(elgg_get_logged_in_user_guid(), + 'notify' . $method, $guid); + + if ($relationship) { + $subscribed = true; + break; + } + } + } + + $sidebar .= elgg_view('groups/sidebar/my_status', array( + 'entity' => $group, + 'subscribed' => $subscribed + )); } $params = array( diff --git a/mod/groups/start.php b/mod/groups/start.php index 6bdf04d2b..89194d1be 100644 --- a/mod/groups/start.php +++ b/mod/groups/start.php @@ -144,9 +144,24 @@ function groups_setup_sidebar_menus() { if (elgg_in_context('group_profile')) { if (elgg_is_logged_in() && $page_owner->canEdit() && !$page_owner->isPublicMembership()) { $url = elgg_get_site_url() . "groups/requests/{$page_owner->getGUID()}"; + + $count = elgg_get_entities_from_relationship(array( + 'type' => 'user', + 'relationship' => 'membership_request', + 'relationship_guid' => $guid, + 'inverse_relationship' => true, + 'count' => true, + )); + + if ($count) { + $text = elgg_echo('groups:membershiprequests:pending', array($count)); + } else { + $text = elgg_echo('groups:membershiprequests'); + } + elgg_register_menu_item('page', array( 'name' => 'membership_requests', - 'text' => elgg_echo('groups:membershiprequests'), + 'text' => $text, 'href' => $url, )); } @@ -163,11 +178,21 @@ function groups_setup_sidebar_menus() { $url = "groups/owner/$user->username"; $item = new ElggMenuItem('groups:owned', elgg_echo('groups:owned'), $url); elgg_register_menu_item('page', $item); + $url = "groups/member/$user->username"; $item = new ElggMenuItem('groups:member', elgg_echo('groups:yours'), $url); elgg_register_menu_item('page', $item); + $url = "groups/invitations/$user->username"; - $item = new ElggMenuItem('groups:user:invites', elgg_echo('groups:invitations'), $url); + $invitations = groups_get_invited_groups($user->getGUID()); + if (is_array($invitations) && !empty($invitations)) { + $invitation_count = count($invitations); + $text = elgg_echo('groups:invitations:pending', array($invitation_count)); + } else { + $text = elgg_echo('groups:invitations'); + } + + $item = new ElggMenuItem('groups:user:invites', $text, $url); elgg_register_menu_item('page', $item); } } @@ -194,6 +219,15 @@ function groups_setup_sidebar_menus() { */ function groups_page_handler($page) { + // forward old profile urls + if (is_numeric($page[0])) { + $group = get_entity($page[0]); + if (elgg_instanceof($group, 'group', '', 'ElggGroup')) { + system_message(elgg_echo('changebookmark')); + forward($group->getURL()); + } + } + elgg_load_library('elgg:groups'); if (!isset($page[0])) { diff --git a/mod/groups/views/default/forms/groups/edit.php b/mod/groups/views/default/forms/groups/edit.php index 532e89c35..41d97e6c3 100644 --- a/mod/groups/views/default/forms/groups/edit.php +++ b/mod/groups/views/default/forms/groups/edit.php @@ -83,6 +83,42 @@ if (elgg_get_plugin_setting('hidden_groups', 'groups') == 'yes') { <?php } +if (isset($vars['entity'])) { + $entity = $vars['entity']; + $owner_guid = $vars['entity']->owner_guid; +} else { + $entity = false; +} + +if ($entity && ($owner_guid == elgg_get_logged_in_user_guid() || elgg_is_admin_logged_in())) { + $owner_guid = $vars['entity']->owner_guid; + $members = array(); + foreach ($vars['entity']->getMembers(0) as $member) { + $members[$member->guid] = "$member->name (@$member->username)"; + } +?> + +<div> + <label> + <?php echo elgg_echo('groups:owner'); ?><br /> + <?php echo elgg_view('input/dropdown', array( + 'name' => 'owner_guid', + 'value' => $owner_guid, + 'options_values' => $members, + 'class' => 'groups-owner-input', + )); + ?> + </label> + <?php + if ($owner_guid == elgg_get_logged_in_user_guid()) { + echo '<span class="elgg-text-help">' . elgg_echo('groups:owner:warning') . '</span>'; + } + ?> +</div> + +<?php +} + $tools = elgg_get_config('group_tool_options'); if ($tools) { usort($tools, create_function('$a,$b', 'return strcmp($a->label,$b->label);')); @@ -111,7 +147,7 @@ if ($tools) { <div class="elgg-foot"> <?php -if (isset($entity)) { +if ($entity) { echo elgg_view('input/hidden', array( 'name' => 'group_guid', 'value' => $entity->getGUID(), @@ -120,7 +156,7 @@ if (isset($entity)) { echo elgg_view('input/submit', array('value' => elgg_echo('save'))); -if (isset($entity)) { +if ($entity) { $delete_url = 'action/groups/delete?guid=' . $entity->getGUID(); echo elgg_view('output/confirmlink', array( 'text' => elgg_echo('groups:delete'), diff --git a/mod/groups/views/default/groups/css.php b/mod/groups/views/default/groups/css.php index 9c65d1602..6f710ddab 100644 --- a/mod/groups/views/default/groups/css.php +++ b/mod/groups/views/default/groups/css.php @@ -9,7 +9,10 @@ .groups-profile > .elgg-image { margin-right: 10px; } - +.groups-profile img { + width: 100%; + height: auto; +} .groups-stats { background: #eeeeee; padding: 5px; @@ -54,3 +57,24 @@ .groups-latest-reply { float: right; } + +.elgg-menu-groups-my-status li a { + display: block; + + -webkit-border-radius: 8px; + -moz-border-radius: 8px; + border-radius: 8px; + + background-color: white; + margin: 3px 0 5px 0; + padding: 2px 4px 2px 8px; +} +.elgg-menu-groups-my-status li a:hover { + background-color: #0054A7; + color: white; + text-decoration: none; +} +.elgg-menu-groups-my-status li.elgg-state-selected > a { + background-color: #4690D6; + color: white; +} diff --git a/mod/groups/views/default/groups/js.php b/mod/groups/views/default/groups/js.php index 1b4d33f32..0319be14a 100644 --- a/mod/groups/views/default/groups/js.php +++ b/mod/groups/views/default/groups/js.php @@ -1,3 +1,10 @@ +<?php +/** + * Javascript for Groups forms + * + * @package ElggGroups + */ +?> // this adds a class to support IE8 and older elgg.register_hook_handler('init', 'system', function() { diff --git a/mod/groups/views/default/groups/profile/summary.php b/mod/groups/views/default/groups/profile/summary.php index 54abcb1e5..f1221f19a 100644 --- a/mod/groups/views/default/groups/profile/summary.php +++ b/mod/groups/views/default/groups/profile/summary.php @@ -15,6 +15,12 @@ if (!isset($vars['entity']) || !$vars['entity']) { $group = $vars['entity']; $owner = $group->getOwnerEntity(); +if (!$owner) { + // not having an owner is very bad so we throw an exception + $msg = elgg_echo('InvalidParameterException:IdNotExistForGUID', array('group owner', $group->guid)); + throw new InvalidParameterException($msg); +} + ?> <div class="groups-profile clearfix elgg-image-block"> <div class="elgg-image"> diff --git a/mod/groups/views/default/groups/sidebar/my_status.php b/mod/groups/views/default/groups/sidebar/my_status.php new file mode 100644 index 000000000..4c36c0213 --- /dev/null +++ b/mod/groups/views/default/groups/sidebar/my_status.php @@ -0,0 +1,62 @@ +<?php +/** + * Group status for logged in user + * + * @package ElggGroups + * + * @uses $vars['entity'] Group entity + */ + +$group = elgg_extract('entity', $vars); +$user = elgg_get_logged_in_user_entity(); +$subscribed = elgg_extract('subscribed', $vars); + +if (!elgg_is_logged_in()) { + return true; +} +$t = new ElggMenuItem(); +// membership status +$is_member = $group->isMember($user); +$is_owner = $group->getOwnerEntity() == $user; + +if ($is_owner) { + elgg_register_menu_item('groups:my_status', array( + 'name' => 'membership_status', + 'text' => '<a>' . elgg_echo('groups:my_status:group_owner') . '</a>', + 'href' => false + )); +} elseif ($is_member) { + elgg_register_menu_item('groups:my_status', array( + 'name' => 'membership_status', + 'text' => '<a>' . elgg_echo('groups:my_status:group_member') . '</a>', + 'href' => false + )); +} else { + elgg_register_menu_item('groups:my_status', array( + 'name' => 'membership_status', + 'text' => elgg_echo('groups:join'), + 'href' => "/action/groups/join?group_guid={$group->getGUID()}", + 'is_action' => true + )); +} + +// notification info +if (elgg_is_active_plugin('notifications')) { + if ($subscribed) { + elgg_register_menu_item('groups:my_status', array( + 'name' => 'subscription_status', + 'text' => elgg_echo('groups:subscribed'), + 'href' => "notifications/group/$user->username", + 'is_action' => true + )); + } else { + elgg_register_menu_item('groups:my_status', array( + 'name' => 'subscription_status', + 'text' => elgg_echo('groups:unsubscribed'), + 'href' => "notifications/group/$user->username" + )); + } +} + +$body = elgg_view_menu('groups:my_status'); +echo elgg_view_module('aside', elgg_echo('groups:my_status'), $body); diff --git a/mod/groups/views/rss/groups/profile/layout.php b/mod/groups/views/rss/groups/profile/layout.php index 3eeb9eaf2..0dafe78ad 100644 --- a/mod/groups/views/rss/groups/profile/layout.php +++ b/mod/groups/views/rss/groups/profile/layout.php @@ -7,7 +7,12 @@ * @uses $vars['entity'] ElggGroup object */ -echo elgg_list_entities(array( - 'type' => 'object', - 'container_guid' => $vars['entity']->getGUID(), -)); +$entities = elgg_get_config('registered_entities'); + +if (!empty($entities['object'])) { + echo elgg_list_entities(array( + 'type' => 'object', + 'subtypes' => $entities['object'], + 'container_guid' => $vars['entity']->getGUID(), + )); +} diff --git a/mod/groups/views/rss/object/groupforumtopic.php b/mod/groups/views/rss/object/groupforumtopic.php index d730ef796..b2d05d488 100644 --- a/mod/groups/views/rss/object/groupforumtopic.php +++ b/mod/groups/views/rss/object/groupforumtopic.php @@ -14,7 +14,7 @@ if (empty($title)) { $permalink = htmlspecialchars($vars['entity']->getURL(), ENT_NOQUOTES, 'UTF-8'); $pubdate = date('r', $vars['entity']->getTimeCreated()); -$description = autop($vars['entity']->description); +$description = elgg_autop($vars['entity']->description); $creator = elgg_view('page/components/creator', $vars); $georss = elgg_view('page/components/georss', $vars); diff --git a/mod/messageboard/views/default/river/object/messageboard/create.php b/mod/messageboard/views/default/river/object/messageboard/create.php index 7ce7f6b4e..ac10a55c1 100644 --- a/mod/messageboard/views/default/river/object/messageboard/create.php +++ b/mod/messageboard/views/default/river/object/messageboard/create.php @@ -1,11 +1,12 @@ -<?php -/** - * Messageboard river view - */ - -$messageboard = $vars['item']->getAnnotation(); - -echo elgg_view('river/elements/layout', array( - 'item' => $vars['item'], - 'message' => $messageboard->value, -)); +<?php
+/**
+ * Messageboard river view
+ */
+
+$messageboard = $vars['item']->getAnnotation();
+$excerpt = elgg_get_excerpt($messageboard->value);
+
+echo elgg_view('river/elements/layout', array(
+ 'item' => $vars['item'],
+ 'message' => $excerpt,
+));
diff --git a/mod/messages/pages/messages/inbox.php b/mod/messages/pages/messages/inbox.php index fdfc20c43..de5b8b231 100644 --- a/mod/messages/pages/messages/inbox.php +++ b/mod/messages/pages/messages/inbox.php @@ -8,8 +8,13 @@ gatekeeper(); $page_owner = elgg_get_page_owner_entity(); -if (!$page_owner) { - register_error(elgg_echo()); + +if (!$page_owner || !$page_owner->canEdit()) { + $guid = 0; + if($page_owner){ + $guid = $page_owner->getGUID(); + } + register_error(elgg_echo("pageownerunavailable", array($guid))); forward(); } diff --git a/mod/messages/pages/messages/read.php b/mod/messages/pages/messages/read.php index 19e3ecdd7..4223c6bac 100644 --- a/mod/messages/pages/messages/read.php +++ b/mod/messages/pages/messages/read.php @@ -8,8 +8,8 @@ gatekeeper(); $message = get_entity(get_input('guid')); -if (!$message) { - forward('messages/inbox'); +if (!$message || !elgg_instanceof($message, "object", "messages")) { + forward('messages/inbox/' . elgg_get_logged_in_user_entity()->username); } // mark the message as read @@ -38,8 +38,9 @@ if ($inbox) { ); $body_params = array('message' => $message); $content .= elgg_view_form('messages/reply', $form_params, $body_params); - - if (elgg_get_logged_in_user_guid() == elgg_get_page_owner_guid()) { + $from_user = get_user($message->fromId); + + if ((elgg_get_logged_in_user_guid() == elgg_get_page_owner_guid()) && $from_user) { elgg_register_menu_item('title', array( 'name' => 'reply', 'href' => '#messages-reply-form', diff --git a/mod/messages/pages/messages/sent.php b/mod/messages/pages/messages/sent.php index af06ab273..3d08cd5ee 100644 --- a/mod/messages/pages/messages/sent.php +++ b/mod/messages/pages/messages/sent.php @@ -8,8 +8,13 @@ gatekeeper(); $page_owner = elgg_get_page_owner_entity(); -if (!$page_owner) { - register_error(elgg_echo()); + +if (!$page_owner || !$page_owner->canEdit()) { + $guid = 0; + if($page_owner){ + $guid = $page_owner->getGUID(); + } + register_error(elgg_echo("pageownerunavailable", array($guid))); forward(); } diff --git a/mod/messages/start.php b/mod/messages/start.php index 2e61d6e21..5503a675a 100644 --- a/mod/messages/start.php +++ b/mod/messages/start.php @@ -74,23 +74,30 @@ function messages_init() { */ function messages_page_handler($page) { + $current_user = elgg_get_logged_in_user_entity(); + if (!$current_user) { + register_error(elgg_echo('noaccess')); + $_SESSION['last_forward_from'] = current_page_url(); + forward(''); + } + elgg_load_library('elgg:messages'); - elgg_push_breadcrumb(elgg_echo('messages'), 'messages/inbox/' . elgg_get_logged_in_user_entity()->username); + elgg_push_breadcrumb(elgg_echo('messages'), 'messages/inbox/' . $current_user->username); if (!isset($page[0])) { $page[0] = 'inbox'; } - // supporting the old inbox url /messages/<username> - $user = get_user_by_username($page[0]); - if ($user) { + // Support the old inbox url /messages/<username>, but only if it matches the logged in user. + // Otherwise having a username like "read" on the system could confuse this function. + if ($current_user->username === $page[0]) { $page[1] = $page[0]; $page[0] = 'inbox'; } if (!isset($page[1])) { - $page[1] = elgg_get_logged_in_user_entity()->username; + $page[1] = $current_user->username; } $base_dir = elgg_get_plugins_path() . 'messages/pages/messages'; @@ -212,18 +219,20 @@ function messages_can_edit_container($hook_name, $entity_type, $return_value, $p * * @param string $subject The subject line of the message * @param string $body The body of the mesage - * @param int $send_to The GUID of the user to send to - * @param int $from Optionally, the GUID of the user to send from - * @param int $reply The GUID of the message to reply from (default: none) - * @param true|false $notify Send a notification (default: true) - * @param true|false $add_to_sent If true (default), will add a message to the sender's 'sent' tray + * @param int $recipient_guid The GUID of the user to send to + * @param int $sender_guid Optionally, the GUID of the user to send from + * @param int $original_msg_guid The GUID of the message to reply from (default: none) + * @param bool $notify Send a notification (default: true) + * @param bool $add_to_sent If true (default), will add a message to the sender's 'sent' tray * @return bool */ -function messages_send($subject, $body, $send_to, $from = 0, $reply = 0, $notify = true, $add_to_sent = true) { +function messages_send($subject, $body, $recipient_guid, $sender_guid = 0, $original_msg_guid = 0, $notify = true, $add_to_sent = true) { + // @todo remove globals global $messagesendflag; $messagesendflag = 1; + // @todo remove globals global $messages_pm; if ($notify) { $messages_pm = 1; @@ -231,33 +240,40 @@ function messages_send($subject, $body, $send_to, $from = 0, $reply = 0, $notify $messages_pm = 0; } - // If $from == 0, set to current user - if ($from == 0) { - $from = (int) elgg_get_logged_in_user_guid(); + // If $sender_guid == 0, set to current user + if ($sender_guid == 0) { + $sender_guid = (int) elgg_get_logged_in_user_guid(); } // Initialise 2 new ElggObject $message_to = new ElggObject(); $message_sent = new ElggObject(); + $message_to->subtype = "messages"; $message_sent->subtype = "messages"; - $message_to->owner_guid = $send_to; - $message_to->container_guid = $send_to; - $message_sent->owner_guid = $from; - $message_sent->container_guid = $from; + + $message_to->owner_guid = $recipient_guid; + $message_to->container_guid = $recipient_guid; + $message_sent->owner_guid = $sender_guid; + $message_sent->container_guid = $sender_guid; + $message_to->access_id = ACCESS_PUBLIC; $message_sent->access_id = ACCESS_PUBLIC; + $message_to->title = $subject; $message_to->description = $body; + $message_sent->title = $subject; $message_sent->description = $body; - $message_to->toId = $send_to; // the user receiving the message - $message_to->fromId = $from; // the user receiving the message + + $message_to->toId = $recipient_guid; // the user receiving the message + $message_to->fromId = $sender_guid; // the user receiving the message $message_to->readYet = 0; // this is a toggle between 0 / 1 (1 = read) $message_to->hiddenFrom = 0; // this is used when a user deletes a message in their sentbox, it is a flag $message_to->hiddenTo = 0; // this is used when a user deletes a message in their inbox - $message_sent->toId = $send_to; // the user receiving the message - $message_sent->fromId = $from; // the user receiving the message + + $message_sent->toId = $recipient_guid; // the user receiving the message + $message_sent->fromId = $sender_guid; // the user receiving the message $message_sent->readYet = 0; // this is a toggle between 0 / 1 (1 = read) $message_sent->hiddenFrom = 0; // this is used when a user deletes a message in their sentbox, it is a flag $message_sent->hiddenTo = 0; // this is used when a user deletes a message in their inbox @@ -270,7 +286,7 @@ function messages_send($subject, $body, $send_to, $from = 0, $reply = 0, $notify // Save the copy of the message that goes to the sender if ($add_to_sent) { - $success2 = $message_sent->save(); + $message_sent->save(); } $message_to->access_id = ACCESS_PRIVATE; @@ -283,22 +299,25 @@ function messages_send($subject, $body, $send_to, $from = 0, $reply = 0, $notify // if the new message is a reply then create a relationship link between the new message // and the message it is in reply to - if ($reply && $success){ - $create_relationship = add_entity_relationship($message_sent->guid, "reply", $reply); + if ($original_msg_guid && $success) { + add_entity_relationship($message_sent->guid, "reply", $original_msg_guid); } $message_contents = strip_tags($body); - if ($send_to != elgg_get_logged_in_user_entity() && $notify) { + if (($recipient_guid != elgg_get_logged_in_user_guid()) && $notify) { + $recipient = get_user($recipient_guid); + $sender = get_user($sender_guid); + $subject = elgg_echo('messages:email:subject'); $body = elgg_echo('messages:email:body', array( - elgg_get_logged_in_user_entity()->name, + $sender->name, $message_contents, - elgg_get_site_url() . "messages/inbox/" . $user->username, - elgg_get_logged_in_user_entity()->name, - elgg_get_site_url() . "messages/compose?send_to=" . elgg_get_logged_in_user_guid() + elgg_get_site_url() . "messages/inbox/" . $recipient->username, + $sender->name, + elgg_get_site_url() . "messages/compose?send_to=" . $sender_guid )); - notify_user($send_to, elgg_get_logged_in_user_guid(), $subject, $body); + notify_user($recipient_guid, $sender_guid, $subject, $body); } $messagesendflag = 0; diff --git a/mod/notifications/actions/groupsave.php b/mod/notifications/actions/groupsave.php index d77af41cc..e79dae5cc 100644 --- a/mod/notifications/actions/groupsave.php +++ b/mod/notifications/actions/groupsave.php @@ -30,14 +30,11 @@ if ($groupmemberships = elgg_get_entities_from_relationship($options)) { } } -// Load important global vars -global $NOTIFICATION_HANDLERS; -foreach($NOTIFICATION_HANDLERS as $method => $foo) { - $subscriptions[$method] = get_input($method.'subscriptions'); - $personal[$method] = get_input($method.'personal'); - $collections[$method] = get_input($method.'collections'); - if (!empty($groups)) { - foreach($groups as $group) { +if (!empty($groups)) { + global $NOTIFICATION_HANDLERS; + foreach ($NOTIFICATION_HANDLERS as $method => $foo) { + $subscriptions[$method] = get_input($method.'subscriptions', array()); + foreach ($groups as $group) { if (in_array($group, $subscriptions[$method])) { add_entity_relationship($user->guid, 'notify'.$method, $group); } else { diff --git a/mod/pages/actions/pages/edit.php b/mod/pages/actions/pages/edit.php index a32e4a4ba..40215e02e 100644 --- a/mod/pages/actions/pages/edit.php +++ b/mod/pages/actions/pages/edit.php @@ -8,9 +8,10 @@ $variables = elgg_get_config('pages'); $input = array(); foreach ($variables as $name => $type) { - $input[$name] = get_input($name); if ($name == 'title') { - $input[$name] = strip_tags($input[$name]); + $input[$name] = htmlspecialchars(get_input($name, '', false), ENT_QUOTES, 'UTF-8'); + } else { + $input[$name] = get_input($name); } if ($type == 'tags') { $input[$name] = string_to_tag_array($input[$name]); @@ -59,6 +60,9 @@ if (sizeof($input) > 0) { if (($name == 'access_id' || $name == 'write_access_id') && !$can_change_access) { continue; } + if ($name == 'parent_guid') { + continue; + } $page->$name = $value; } @@ -67,7 +71,27 @@ if (sizeof($input) > 0) { // need to add check to make sure user can write to container $page->container_guid = $container_guid; -if ($parent_guid) { +if ($parent_guid && $parent_guid != $page_guid) { + // Check if parent isn't below the page in the tree + if ($page_guid) { + $tree_page = get_entity($parent_guid); + while ($tree_page->parent_guid > 0 && $page_guid != $tree_page->guid) { + $tree_page = get_entity($tree_page->parent_guid); + } + // If is below, bring all child elements forward + if ($page_guid == $tree_page->guid) { + $previous_parent = $page->parent_guid; + $children = elgg_get_entities_from_metadata(array( + 'metadata_name' => 'parent_guid', + 'metadata_value' => $page->getGUID() + )); + if ($children) { + foreach ($children as $child) { + $child->parent_guid = $previous_parent; + } + } + } + } $page->parent_guid = $parent_guid; } diff --git a/mod/pages/languages/en.php b/mod/pages/languages/en.php index eb9d22708..930676b3e 100644 --- a/mod/pages/languages/en.php +++ b/mod/pages/languages/en.php @@ -61,6 +61,7 @@ View and comment on the new page: 'pages:title' => 'Page title', 'pages:description' => 'Page text', 'pages:tags' => 'Tags', + 'pages:parent_guid' => 'Parent page', 'pages:access_id' => 'Read access', 'pages:write_access_id' => 'Write access', @@ -110,4 +111,4 @@ View and comment on the new page: 'pages:backtoparent' => "Back to '%s'", ); -add_translation("en", $english);
\ No newline at end of file +add_translation("en", $english); diff --git a/mod/pages/lib/pages.php b/mod/pages/lib/pages.php index 9a9ba12e9..afe42b68f 100644 --- a/mod/pages/lib/pages.php +++ b/mod/pages/lib/pages.php @@ -65,11 +65,11 @@ function pages_prepare_parent_breadcrumbs($page) { } /** - * Register the navigation menu + * Produce the navigation tree * * @param ElggEntity $container Container entity for the pages */ -function pages_register_navigation_tree($container) { +function pages_get_navigation_tree($container) { if (!$container) { return; } @@ -84,13 +84,18 @@ function pages_register_navigation_tree($container) { if (!$top_pages) { return; } + + $tree = array(); + $depths = array(); foreach ($top_pages as $page) { - elgg_register_menu_item('pages_nav', array( - 'name' => $page->getGUID(), - 'text' => $page->title, - 'href' => $page->getURL(), - )); + $tree[] = array( + 'guid' => $page->getGUID(), + 'title' => $page->title, + 'url' => $page->getURL(), + 'depth' => 0, + ); + $depths[$page->guid] = 0; $stack = array(); array_push($stack, $page); @@ -106,15 +111,37 @@ function pages_register_navigation_tree($container) { if ($children) { foreach ($children as $child) { - elgg_register_menu_item('pages_nav', array( - 'name' => $child->getGUID(), - 'text' => $child->title, - 'href' => $child->getURL(), - 'parent_name' => $parent->getGUID(), - )); + $tree[] = array( + 'guid' => $child->getGUID(), + 'title' => $child->title, + 'url' => $child->getURL(), + 'parent_guid' => $parent->getGUID(), + 'depth' => $depths[$parent->guid] + 1, + ); + $depths[$child->guid] = $depths[$parent->guid] + 1; array_push($stack, $child); } } } } + return $tree; +} + +/** + * Register the navigation menu + * + * @param ElggEntity $container Container entity for the pages + */ +function pages_register_navigation_tree($container) { + $pages = pages_get_navigation_tree($container); + if ($pages) { + foreach ($pages as $page) { + elgg_register_menu_item('pages_nav', array( + 'name' => $page['guid'], + 'text' => $page['title'], + 'href' => $page['url'], + 'parent_name' => $page['parent_guid'], + )); + } + } } diff --git a/mod/pages/start.php b/mod/pages/start.php index 6b0ad38b0..6d974f122 100644 --- a/mod/pages/start.php +++ b/mod/pages/start.php @@ -63,6 +63,7 @@ function pages_init() { 'title' => 'text', 'description' => 'longtext', 'tags' => 'tags', + 'parent_guid' => 'parent', 'access_id' => 'access', 'write_access_id' => 'write_access', )); diff --git a/mod/pages/views/default/forms/pages/edit.php b/mod/pages/views/default/forms/pages/edit.php index 9469f5eb9..e14ff19ec 100644 --- a/mod/pages/views/default/forms/pages/edit.php +++ b/mod/pages/views/default/forms/pages/edit.php @@ -18,6 +18,18 @@ foreach ($variables as $name => $type) { if (($type == 'access' || $type == 'write_access') && !$can_change_access) { continue; } + + // don't show parent picker input for top or new pages. + if ($name == 'parent_guid' && (!$vars['parent_guid'] || !$vars['guid'])) { + continue; + } + + if ($type == 'parent') { + $input_view = "pages/input/$type"; + } else { + $input_view = "input/$type"; + } + ?> <div> <label><?php echo elgg_echo("pages:$name") ?></label> @@ -26,9 +38,10 @@ foreach ($variables as $name => $type) { echo '<br />'; } - echo elgg_view("input/$type", array( + echo elgg_view($input_view, array( 'name' => $name, 'value' => $vars[$name], + 'entity' => ($name == 'parent_guid') ? $vars['entity'] : null, )); ?> </div> @@ -52,7 +65,7 @@ echo elgg_view('input/hidden', array( 'name' => 'container_guid', 'value' => $vars['container_guid'], )); -if ($vars['parent_guid']) { +if (!$vars['guid']) { echo elgg_view('input/hidden', array( 'name' => 'parent_guid', 'value' => $vars['parent_guid'], diff --git a/mod/pages/views/default/pages/input/parent.php b/mod/pages/views/default/pages/input/parent.php new file mode 100644 index 000000000..c5ee3c3fb --- /dev/null +++ b/mod/pages/views/default/pages/input/parent.php @@ -0,0 +1,37 @@ +<?php +/** + * Parent picker + * + * @uses $vars['value'] The current value, if any + * @uses $vars['options_values'] + * @uses $vars['name'] The name of the input field + * @uses $vars['entity'] Optional. The child entity (uses container_guid) + */ + +elgg_load_library('elgg:pages'); + +if (empty($vars['entity'])) { + $container = elgg_get_page_owner_entity(); +} else { + $container = $vars['entity']->getContainerEntity(); +} + +$pages = pages_get_navigation_tree($container); +$options = array(); + +foreach ($pages as $page) { + $spacing = ""; + for ($i = 0; $i < $page['depth']; $i++) { + $spacing .= "--"; + } + $options[$page['guid']] = "$spacing " . $page['title']; +} + +$defaults = array( + 'class' => 'elgg-pages-input-parent-picker', + 'options_values' => $options, +); + +$vars = array_merge($defaults, $vars); + +echo elgg_view('input/dropdown', $vars); diff --git a/mod/profile/icondirect.php b/mod/profile/icondirect.php index c4439f78c..dbab5d31f 100644 --- a/mod/profile/icondirect.php +++ b/mod/profile/icondirect.php @@ -23,7 +23,7 @@ $guid = (int)$_GET['guid']; // If is the same ETag, content didn't changed. $etag = $last_cache . $guid; -if (isset($_SERVER['HTTP_IF_NONE_MATCH']) && trim($_SERVER['HTTP_IF_NONE_MATCH']) == $etag) { +if (isset($_SERVER['HTTP_IF_NONE_MATCH']) && trim($_SERVER['HTTP_IF_NONE_MATCH']) == "\"$etag\"") { header("HTTP/1.1 304 Not Modified"); exit; } @@ -55,19 +55,15 @@ if ($mysql_dblink) { $user_path = date('Y/m/d/', $join_date) . $guid; $filename = "$data_root$user_path/profile/{$guid}{$size}.jpg"; - $contents = @file_get_contents($filename); - if (!empty($contents)) { + $size = @filesize($filename); + if ($size) { header("Content-type: image/jpeg"); - header('Expires: ' . date('r', strtotime("+6 months")), true); + header('Expires: ' . gmdate('D, d M Y H:i:s \G\M\T', strtotime("+6 months")), true); header("Pragma: public"); header("Cache-Control: public"); - header("Content-Length: " . strlen($contents)); - header("ETag: $etag"); - // this chunking is done for supposedly better performance - $split_string = str_split($contents, 1024); - foreach ($split_string as $chunk) { - echo $chunk; - } + header("Content-Length: $size"); + header("ETag: \"$etag\""); + readfile($filename); exit; } } diff --git a/mod/profile/views/default/profile/details.php b/mod/profile/views/default/profile/details.php index 3af5cb756..7b05b0e15 100644 --- a/mod/profile/views/default/profile/details.php +++ b/mod/profile/views/default/profile/details.php @@ -28,7 +28,7 @@ if (is_array($profile_fields) && sizeof($profile_fields) > 0) { <div class="<?php echo $even_odd; ?>"> <b><?php echo elgg_echo("profile:{$shortname}"); ?>: </b> <?php - echo elgg_view("output/{$valtype}", array('value' => $user->$shortname)); + echo elgg_view("output/{$valtype}", array('value' => $value)); ?> </div> <?php diff --git a/mod/search/pages/search/index.php b/mod/search/pages/search/index.php index fcd95c43e..ede09329b 100644 --- a/mod/search/pages/search/index.php +++ b/mod/search/pages/search/index.php @@ -63,7 +63,7 @@ switch ($sort) { break; } -$order = get_input('sort', 'desc'); +$order = get_input('order', 'desc'); if ($order != 'asc' && $order != 'desc') { $order = 'desc'; } diff --git a/mod/search/search_hooks.php b/mod/search/search_hooks.php index 2143a0d24..47351fb8a 100644 --- a/mod/search/search_hooks.php +++ b/mod/search/search_hooks.php @@ -35,6 +35,7 @@ function search_objects_hook($hook, $type, $value, $params) { } $params['count'] = FALSE; + $params['order_by'] = search_get_order_by_sql('e', 'oe', $params['sort'], $params['order']); $entities = elgg_get_entities($params); // add the volatile data for why these entities have been returned. @@ -89,6 +90,7 @@ function search_groups_hook($hook, $type, $value, $params) { } $params['count'] = FALSE; + $params['order_by'] = search_get_order_by_sql('e', 'ge', $params['sort'], $params['order']); $entities = elgg_get_entities($params); // add the volatile data for why these entities have been returned. @@ -122,24 +124,35 @@ function search_users_hook($hook, $type, $value, $params) { $query = sanitise_string($params['query']); - $join = "JOIN {$db_prefix}users_entity ue ON e.guid = ue.guid"; - $params['joins'] = array($join); - -// $where = "(ue.guid = e.guid -// AND (ue.username LIKE '%$query%' -// OR ue.name LIKE '%$query%' -// ) -// )"; - + $params['joins'] = array( + "JOIN {$db_prefix}users_entity ue ON e.guid = ue.guid", + "JOIN {$db_prefix}metadata md on e.guid = md.entity_guid", + "JOIN {$db_prefix}metastrings msv ON n_table.value_id = msv.id" + ); + + // username and display name $fields = array('username', 'name'); $where = search_get_where_sql('ue', $fields, $params, FALSE); + + // profile fields + $profile_fields = array_keys(elgg_get_config('profile_fields')); - $params['wheres'] = array($where); + // get the where clauses for the md names + // can't use egef_metadata() because the n_table join comes too late. + $clauses = elgg_entities_get_metastrings_options('metadata', array( + 'metadata_names' => $profile_fields, + )); + + $params['joins'] = array_merge($clauses['joins'], $params['joins']); + // no fulltext index, can't disable fulltext search in this function. + // $md_where .= " AND " . search_get_where_sql('msv', array('string'), $params, FALSE); + $md_where = "(({$clauses['wheres'][0]}) AND msv.string LIKE '%$query%')"; + + $params['wheres'] = array("(($where) OR ($md_where))"); // override subtype -- All users should be returned regardless of subtype. $params['subtype'] = ELGG_ENTITIES_ANY_VALUE; - - $params['count'] = TRUE; + $params['count'] = true; $count = elgg_get_entities($params); // no need to continue if nothing here. @@ -148,15 +161,32 @@ function search_users_hook($hook, $type, $value, $params) { } $params['count'] = FALSE; + $params['order_by'] = search_get_order_by_sql('e', 'ue', $params['sort'], $params['order']); $entities = elgg_get_entities($params); // add the volatile data for why these entities have been returned. foreach ($entities as $entity) { - $username = search_get_highlighted_relevant_substrings($entity->username, $query); - $entity->setVolatileData('search_matched_title', $username); + + $title = search_get_highlighted_relevant_substrings($entity->name, $query); - $name = search_get_highlighted_relevant_substrings($entity->name, $query); - $entity->setVolatileData('search_matched_description', $name); + // include the username if it matches but the display name doesn't. + if (false !== strpos($entity->username, $query)) { + $username = search_get_highlighted_relevant_substrings($entity->username, $query); + $title .= " ($username)"; + } + + $entity->setVolatileData('search_matched_title', $title); + + $matched = ''; + foreach ($profile_fields as $md) { + $text = $entity->$md; + if (stristr($text, $query)) { + $matched .= elgg_echo("profile:{$md}") . ': ' + . search_get_highlighted_relevant_substrings($text, $query); + } + } + + $entity->setVolatileData('search_matched_description', $matched); } return array( @@ -234,6 +264,7 @@ function search_tags_hook($hook, $type, $value, $params) { } $params['count'] = FALSE; + $params['order_by'] = search_get_order_by_sql('e', null, $params['sort'], $params['order']); $entities = elgg_get_entities($params); // add the volatile data for why these entities have been returned. @@ -371,6 +402,11 @@ function search_comments_hook($hook, $type, $value, $params) { return array ('entities' => array(), 'count' => 0); } + $order_by = search_get_order_by_sql('e', null, $params['sort'], $params['order']); + if ($order_by) { + $order_by = "ORDER BY $order_by"; + } + $q = "SELECT DISTINCT a.*, msv.string as comment FROM {$db_prefix}annotations a JOIN {$db_prefix}metastrings msn ON a.name_id = msn.id JOIN {$db_prefix}metastrings msv ON a.value_id = msv.id @@ -380,7 +416,8 @@ function search_comments_hook($hook, $type, $value, $params) { AND $e_access AND $a_access $container_and - + + $order_by LIMIT $offset, $limit "; diff --git a/mod/search/start.php b/mod/search/start.php index d2d7ed3c2..8a112a3a3 100644 --- a/mod/search/start.php +++ b/mod/search/start.php @@ -77,7 +77,7 @@ function search_page_handler($page) { /** * Return a string with highlighted matched queries and relevant context - * Determins context based upon occurance and distance of words with each other. + * Determines context based upon occurance and distance of words with each other. * * @param string $haystack * @param string $query @@ -94,6 +94,8 @@ function search_get_highlighted_relevant_substrings($haystack, $query, $min_matc if (!$tag_match) { $words = search_remove_ignored_words($query, 'array'); + } else { + $words = array(); } // if haystack < $max_length return the entire haystack w/formatting immediately @@ -142,7 +144,7 @@ function search_get_highlighted_relevant_substrings($haystack, $query, $min_matc $total_length = array_sum($offsets); $add_length = 0; - if ($total_length < $max_length) { + if ($total_length < $max_length && $offsets) { $add_length = floor((($max_length - $total_length) / count($offsets)) / 2); $starts = array(); diff --git a/mod/search/views/default/search/no_results.php b/mod/search/views/default/search/no_results.php index 74b5b2cfa..0e9a5e295 100644 --- a/mod/search/views/default/search/no_results.php +++ b/mod/search/views/default/search/no_results.php @@ -3,4 +3,4 @@ * No results from search */ -echo autop(elgg_echo('search:no_results')); +echo elgg_autop(elgg_echo('search:no_results')); diff --git a/mod/search/views/default/search/search_box.php b/mod/search/views/default/search/search_box.php index ff12ae4f0..7474a280c 100644 --- a/mod/search/views/default/search/search_box.php +++ b/mod/search/views/default/search/search_box.php @@ -32,12 +32,11 @@ if (function_exists('mb_convert_encoding')) { } $display_query = htmlspecialchars($display_query, ENT_QUOTES, 'UTF-8', false); - ?> <form class="<?php echo $class; ?>" action="<?php echo elgg_get_site_url(); ?>search" method="get"> <fieldset> - <input type="text" class="search-input" size="21" name="q" value="<?php echo elgg_echo('search'); ?>" onblur="if (this.value=='') { this.value='<?php echo elgg_echo('search'); ?>' }" onfocus="if (this.value=='<?php echo elgg_echo('search'); ?>') { this.value='' };" /> + <input type="text" class="search-input" size="21" name="q" value="<?php echo $display_query; ?>" onblur="if (this.value=='') { this.value='<?php echo elgg_echo('search'); ?>' }" onfocus="if (this.value=='<?php echo elgg_echo('search'); ?>') { this.value='' };" /> <input type="hidden" name="search_type" value="all" /> <input type="submit" value="<?php echo elgg_echo('search:go'); ?>" class="search-submit-button" /> </fieldset> diff --git a/mod/thewire/start.php b/mod/thewire/start.php index 1ba48263a..8b01cc57a 100644 --- a/mod/thewire/start.php +++ b/mod/thewire/start.php @@ -67,6 +67,8 @@ function thewire_init() { elgg_register_action("thewire/delete", "$action_base/delete.php"); elgg_register_plugin_hook_handler('unit_test', 'system', 'thewire_test'); + + elgg_register_event_handler('upgrade', 'system', 'thewire_run_upgrades'); } /** @@ -462,3 +464,12 @@ function thewire_test($hook, $type, $value, $params) { $value[] = $CONFIG->pluginspath . 'thewire/tests/regex.php'; return $value; } + +function thewire_run_upgrades() { + $path = dirname(__FILE__) . '/upgrades/'; + $files = elgg_get_upgrade_files($path); + + foreach ($files as $file) { + include $path . $file; + } +}
\ No newline at end of file diff --git a/mod/thewire/upgrades/2012122701-fix_entity_class.php b/mod/thewire/upgrades/2012122701-fix_entity_class.php new file mode 100644 index 000000000..a1f382712 --- /dev/null +++ b/mod/thewire/upgrades/2012122701-fix_entity_class.php @@ -0,0 +1,8 @@ +<?php +/** + * Register thewire objects with the ElggWire class. + */ + +if (get_subtype_id('object', 'thewire')) { + update_subtype('object', 'thewire', 'ElggWire'); +}
\ No newline at end of file diff --git a/mod/thewire/views/rss/object/thewire.php b/mod/thewire/views/rss/object/thewire.php index 494c2c8dc..8fddb8aa8 100644 --- a/mod/thewire/views/rss/object/thewire.php +++ b/mod/thewire/views/rss/object/thewire.php @@ -15,7 +15,7 @@ $title = elgg_echo('thewire:by', array($owner->name)); $permalink = htmlspecialchars($vars['entity']->getURL(), ENT_NOQUOTES, 'UTF-8'); $pubdate = date('r', $vars['entity']->getTimeCreated()); -$description = autop($vars['entity']->description); +$description = elgg_autop($vars['entity']->description); $creator = elgg_view('page/components/creator', $vars); $georss = elgg_view('page/components/georss', $vars); diff --git a/mod/tinymce/views/default/js/tinymce.php b/mod/tinymce/views/default/js/tinymce.php index 51e99c223..b4db43cee 100644 --- a/mod/tinymce/views/default/js/tinymce.php +++ b/mod/tinymce/views/default/js/tinymce.php @@ -39,7 +39,7 @@ elgg.tinymce.init = function() { editor_selector : "elgg-input-longtext", theme : "advanced", language : "<?php echo tinymce_get_site_language(); ?>", - plugins : "lists,spellchecker,autosave,fullscreen,paste", + plugins : "lists,spellchecker,autosave,fullscreen,paste,inlinepopups", relative_urls : false, remove_script_host : false, document_base_url : elgg.config.wwwroot, diff --git a/mod/twitter/languages/en.php b/mod/twitter/languages/en.php index 29700744a..11e745ba1 100644 --- a/mod/twitter/languages/en.php +++ b/mod/twitter/languages/en.php @@ -4,13 +4,14 @@ */ $english = array( - 'twitter:title' => 'Twitter', 'twitter:info' => 'Display your latest tweets', - 'twitter:username' => 'Enter your twitter username.', - 'twitter:num' => 'The number of tweets to show.', + 'twitter:username' => 'Your twitter username', + 'twitter:num' => 'Number of tweets to show*', 'twitter:visit' => 'visit my twitter', - 'twitter:notset' => 'This Twitter widget is not yet set to go. To display your latest tweets, click on - edit - and fill in your details', + 'twitter:notset' => 'This widget needs to be configured. To display your latest tweets, click the customize icon and fill in your Twitter username.', + 'twitter:invalid' => 'This widget is configured with an invalid Twitter username. Click the customize icon to correct it.', + 'twitter:apibug' => "*Due to a bug in the Twitter 1.0 API, you may see fewer tweets than you ask for.", ); add_translation("en", $english); diff --git a/mod/twitter/views/default/widgets/twitter/content.php b/mod/twitter/views/default/widgets/twitter/content.php index e429d0103..caefd369a 100644 --- a/mod/twitter/views/default/widgets/twitter/content.php +++ b/mod/twitter/views/default/widgets/twitter/content.php @@ -6,26 +6,37 @@ * @package ElggTwitter */ -//some required params - $username = $vars['entity']->twitter_username; + +if (empty($username)) { + echo "<p>" . elgg_echo("twitter:notset") . "</p>"; + return; +} + +$username_is_valid = preg_match('~^[a-zA-Z0-9_]{1,20}$~', $username); +if (!$username_is_valid) { + echo "<p>" . elgg_echo("twitter:invalid") . "</p>"; + return; +} + + $num = $vars['entity']->twitter_num; +if (empty($num)) { + $num = 5; +} -// if the twitter username is empty, then do not show -if ($username) { +// @todo upgrade to 1.1 API https://dev.twitter.com/docs/api/1.1/get/statuses/home_timeline +$script_url = "https://api.twitter.com/1/statuses/user_timeline/" . urlencode($username) . ".json" + . "?callback=twitterCallback2&count=" . (int) $num; ?> - <div id="twitter_widget"> <ul id="twitter_update_list"></ul> - <p class="visit_twitter"><a href="http://twitter.com/<?php echo $username; ?>"><?php echo elgg_echo("twitter:visit"); ?></a></p> + <p class="visit_twitter"><?php echo elgg_view('output/url', array( + 'text' => elgg_echo("twitter:visit"), + 'href' => 'http://twitter.com/' . urlencode($username), + 'is_trusted' => true, + )) ?></p> <script type="text/javascript" src="http://twitter.com/javascripts/blogger.js"></script> - <script type="text/javascript" src="http://twitter.com/statuses/user_timeline/<?php echo $username; ?>.json?callback=twitterCallback2&count=<?php echo $num; ?>"></script> + <script type="text/javascript" src="<?php echo htmlspecialchars($script_url, ENT_QUOTES, 'UTF-8') ?>"></script> </div> - -<?php -} else { - - echo "<p>" . elgg_echo("twitter:notset") . ".</p>"; - -} diff --git a/mod/twitter/views/default/widgets/twitter/edit.php b/mod/twitter/views/default/widgets/twitter/edit.php index 5da3a7e55..c3fc6f0d5 100644 --- a/mod/twitter/views/default/widgets/twitter/edit.php +++ b/mod/twitter/views/default/widgets/twitter/edit.php @@ -1,16 +1,24 @@ <?php - /** - * Elgg twitter edit page - * - * @package ElggTwitter - */ +/** + * Elgg twitter edit page + * + * @package ElggTwitter + */ ?> - <p> - <?php echo elgg_echo("twitter:username"); ?> - <input type="text" name="params[twitter_username]" value="<?php echo htmlentities($vars['entity']->twitter_username); ?>" /> - <br /><?php echo elgg_echo("twitter:num"); ?> - <input type="text" name="params[twitter_num]" value="<?php echo htmlentities($vars['entity']->twitter_num); ?>" /> - - </p>
\ No newline at end of file +<div> + <?php echo elgg_echo("twitter:username"); ?> + <?php echo elgg_view('input/text', array( + 'name' => 'params[twitter_username]', + 'value' => $vars['entity']->twitter_username, + )) ?> +</div> +<div> + <?php echo elgg_echo("twitter:num"); ?> + <?php echo elgg_view('input/text', array( + 'name' => 'params[twitter_num]', + 'value' => $vars['entity']->twitter_num, + )) ?> + <span class="elgg-text-help"><?php echo elgg_echo("twitter:apibug"); ?></span> +</div>
\ No newline at end of file diff --git a/mod/twitter_api/lib/twitter_api.php b/mod/twitter_api/lib/twitter_api.php index fbce00d34..e163d2b3e 100644 --- a/mod/twitter_api/lib/twitter_api.php +++ b/mod/twitter_api/lib/twitter_api.php @@ -29,6 +29,8 @@ function twitter_api_allow_sign_on_with_twitter() { * This includes the login URL as the callback */ function twitter_api_forward() { + global $SESSION; + // sanity check if (!twitter_api_allow_sign_on_with_twitter()) { forward(); @@ -37,6 +39,20 @@ function twitter_api_forward() { $callback = elgg_normalize_url("twitter_api/login"); $request_link = twitter_api_get_authorize_url($callback); + // capture metadata about login to persist through redirects + $login_metadata = array( + 'persistent' => (bool) get_input("persistent"), + ); + // capture referrer if in site, but not the twitter_api + if (!empty($SESSION['last_forward_from'])) { + $login_metadata['forward'] = $SESSION['last_forward_from']; + } elseif (!empty($_SERVER['HTTP_REFERER']) + && 0 === strpos($_SERVER['HTTP_REFERER'], elgg_get_site_url()) + && 0 !== strpos($_SERVER['HTTP_REFERER'], elgg_get_site_url() . 'twitter_api/')) { + $login_metadata['forward'] = $_SERVER['HTTP_REFERER']; + } + $SESSION['twitter_api_login_metadata'] = $login_metadata; + forward($request_link, 'twitter_api'); } @@ -55,6 +71,8 @@ function twitter_api_forward() { * the Twitter OAuth data. */ function twitter_api_login() { + /* @var ElggSession $SESSION */ + global $SESSION; // sanity check if (!twitter_api_allow_sign_on_with_twitter()) { @@ -62,6 +80,20 @@ function twitter_api_login() { } $token = twitter_api_get_access_token(get_input('oauth_verifier')); + + $persistent = false; + $forward = ''; + + // fetch login metadata from session + $login_metadata = $SESSION['twitter_api_login_metadata']; + unset($SESSION['twitter_api_login_metadata']); + if (!empty($login_metadata['persistent'])) { + $persistent = true; + } + if (!empty($login_metadata['forward'])) { + $forward = $login_metadata['forward']; + } + if (!isset($token['oauth_token']) or !isset($token['oauth_token_secret'])) { register_error(elgg_echo('twitter_api:login:error')); forward(); @@ -81,13 +113,13 @@ function twitter_api_login() { $users = elgg_get_entities_from_plugin_user_settings($options); if ($users) { - if (count($users) == 1 && login($users[0])) { - system_message(elgg_echo('twitter_api:login:success')); + if (count($users) == 1 && login($users[0], $persistent)) { + system_message(elgg_echo('twitter_api:login:success')); + forward($forward); } else { register_error(elgg_echo('twitter_api:login:error')); + forward(); } - - forward(elgg_get_site_url()); } else { $consumer_key = elgg_get_plugin_setting('consumer_key', 'twitter_api'); $consumer_secret = elgg_get_plugin_setting('consumer_secret', 'twitter_api'); @@ -301,9 +333,11 @@ function twitter_api_get_authorize_url($callback = NULL, $login = true) { /** * Returns the access token to use in twitter calls. * - * @param unknown_type $oauth_verifier + * @param bool $oauth_verifier + * @return array */ function twitter_api_get_access_token($oauth_verifier = FALSE) { + /* @var ElggSession $SESSION */ global $SESSION; $consumer_key = elgg_get_plugin_setting('consumer_key', 'twitter_api'); @@ -312,7 +346,7 @@ function twitter_api_get_access_token($oauth_verifier = FALSE) { // retrieve stored tokens $oauth_token = $SESSION['twitter_api']['oauth_token']; $oauth_token_secret = $SESSION['twitter_api']['oauth_token_secret']; - $SESSION->offsetUnset('twitter_api'); + unset($SESSION['twitter_api']); // fetch an access token $api = new TwitterOAuth($consumer_key, $consumer_secret, $oauth_token, $oauth_token_secret); diff --git a/mod/twitter_api/start.php b/mod/twitter_api/start.php index 08bce5479..e6221de6b 100644 --- a/mod/twitter_api/start.php +++ b/mod/twitter_api/start.php @@ -20,6 +20,7 @@ function twitter_api_init() { //elgg_extend_view('metatags', 'twitter_api/metatags'); elgg_extend_view('css/elgg', 'twitter_api/css'); elgg_extend_view('css/admin', 'twitter_api/css'); + elgg_extend_view('js/elgg', 'twitter_api/js'); // sign on with twitter if (twitter_api_allow_sign_on_with_twitter()) { @@ -60,7 +61,7 @@ function twitter_api_pagehandler_deprecated($page) { * Serves pages for twitter. * * @param array $page - * @return void + * @return bool */ function twitter_api_pagehandler($page) { if (!isset($page[0])) { @@ -131,14 +132,15 @@ function twitter_api_tweet($hook, $type, $returnvalue, $params) { // send tweet $api = new TwitterOAuth($consumer_key, $consumer_secret, $access_key, $access_secret); - $response = $api->post('statuses/update', array('status' => $params['message'])); + $api->post('statuses/update', array('status' => $params['message'])); } /** * Get tweets for a user. * - * @param int $user_id The Elgg user GUID + * @param int $user_guid The Elgg user GUID * @param array $options + * @return array */ function twitter_api_fetch_tweets($user_guid, $options = array()) { // check admin settings @@ -167,6 +169,7 @@ function twitter_api_fetch_tweets($user_guid, $options = array()) { * @param string $type * @param array $return_value * @param array $params + * @return array */ function twitter_api_public_pages($hook, $type, $return_value, $params) { $return_value[] = 'twitter_api/forward'; diff --git a/mod/twitter_api/vendors/twitteroauth/OAuth.php b/mod/twitter_api/vendors/twitteroauth/OAuth.php index b0e3cfd5e..e132a5bc8 100644 --- a/mod/twitter_api/vendors/twitteroauth/OAuth.php +++ b/mod/twitter_api/vendors/twitteroauth/OAuth.php @@ -78,6 +78,7 @@ class twitterOAuthRequest extends OAuthRequest { private $http_url; // for debug purposes public $base_string; + public static $version = '1.0'; public static $POST_INPUT = 'php://input'; function __construct($http_method, $http_url, $parameters=NULL) { @@ -145,7 +146,7 @@ class twitterOAuthRequest extends OAuthRequest { */ public static function from_consumer_and_token($consumer, $token, $http_method, $http_url, $parameters=NULL) { @$parameters or $parameters = array(); - $defaults = array("oauth_version" => '1.0', + $defaults = array("oauth_version" => twitterOAuthRequest::$version, "oauth_nonce" => twitterOAuthRequest::generate_nonce(), "oauth_timestamp" => twitterOAuthRequest::generate_timestamp(), "oauth_consumer_key" => $consumer->key); diff --git a/mod/twitter_api/vendors/twitteroauth/twitterOAuth.php b/mod/twitter_api/vendors/twitteroauth/twitterOAuth.php index a1021ce6f..f36e6158d 100644 --- a/mod/twitter_api/vendors/twitteroauth/twitterOAuth.php +++ b/mod/twitter_api/vendors/twitteroauth/twitterOAuth.php @@ -43,8 +43,8 @@ class TwitterOAuth { * Set API URLS */ function accessTokenURL() { return 'https://api.twitter.com/oauth/access_token'; } - function authenticateURL() { return 'https://twitter.com/oauth/authenticate'; } - function authorizeURL() { return 'https://twitter.com/oauth/authorize'; } + function authenticateURL() { return 'https://api.twitter.com/oauth/authenticate'; } + function authorizeURL() { return 'https://api.twitter.com/oauth/authorize'; } function requestTokenURL() { return 'https://api.twitter.com/oauth/request_token'; } /** diff --git a/mod/twitter_api/views/default/twitter_api/css.php b/mod/twitter_api/views/default/twitter_api/css.php index 04bbed668..2d081d361 100644 --- a/mod/twitter_api/views/default/twitter_api/css.php +++ b/mod/twitter_api/views/default/twitter_api/css.php @@ -4,7 +4,7 @@ */ ?> -#login_with_twitter { +.login_with_twitter { padding: 10px 0 0 0; } diff --git a/mod/twitter_api/views/default/twitter_api/js.php b/mod/twitter_api/views/default/twitter_api/js.php new file mode 100644 index 000000000..3d2905a44 --- /dev/null +++ b/mod/twitter_api/views/default/twitter_api/js.php @@ -0,0 +1,16 @@ +<?php if (0): ?><script><?php endif; ?> + +// add ?persistent to login link +elgg.register_hook_handler('init', 'system', function() { + $('form.elgg-form-login').each(function () { + var link = $('.login_with_twitter a', this).get(0), + $input = $('input[name="persistent"]', this); + function sync() { + link.href = link.href.replace(/\?.*/, '') + ($input[0].checked ? '?persistent' : ''); + } + if (link && $input.length) { + sync(); + $input.change(sync); + } + }); +}); diff --git a/mod/twitter_api/views/default/twitter_api/login.php b/mod/twitter_api/views/default/twitter_api/login.php index 17bd76d56..7b4b4ecb1 100644 --- a/mod/twitter_api/views/default/twitter_api/login.php +++ b/mod/twitter_api/views/default/twitter_api/login.php @@ -7,7 +7,7 @@ $url = elgg_get_site_url() . 'twitter_api/forward'; $img_url = elgg_get_site_url() . 'mod/twitter_api/graphics/sign-in-with-twitter-d.png'; $login = <<<__HTML -<div id="login_with_twitter"> +<div class="login_with_twitter"> <a href="$url"> <img src="$img_url" alt="Twitter" /> </a> diff --git a/mod/uservalidationbyemail/start.php b/mod/uservalidationbyemail/start.php index f98f57faf..f44d2ab50 100644 --- a/mod/uservalidationbyemail/start.php +++ b/mod/uservalidationbyemail/start.php @@ -233,15 +233,23 @@ function uservalidationbyemail_public_pages($hook, $type, $return_value, $params * @param string $type * @param ElggUser $user * @return bool + * + * @throws LoginException */ function uservalidationbyemail_check_manual_login($event, $type, $user) { $access_status = access_get_show_hidden_status(); access_show_hidden_entities(TRUE); - // @todo register_error()? - $return = ($user instanceof ElggUser && !$user->isEnabled() && !$user->validated) ? FALSE : NULL; + if (($user instanceof ElggUser) && !$user->isEnabled() && !$user->validated) { + // send new validation email + uservalidationbyemail_request_validation($user->getGUID()); + + // restore hidden entities settings + access_show_hidden_entities($access_status); + + // throw error so we get a nice error message + throw new LoginException(elgg_echo('uservalidationbyemail:login:fail')); + } access_show_hidden_entities($access_status); - - return $return; } diff --git a/mod/uservalidationbyemail/views/default/forms/uservalidationbyemail/bulk_action.php b/mod/uservalidationbyemail/views/default/forms/uservalidationbyemail/bulk_action.php index cbd13a709..9199922d6 100644 --- a/mod/uservalidationbyemail/views/default/forms/uservalidationbyemail/bulk_action.php +++ b/mod/uservalidationbyemail/views/default/forms/uservalidationbyemail/bulk_action.php @@ -27,7 +27,7 @@ if (!$count) { access_show_hidden_entities($hidden_entities); elgg_set_ignore_access($ia); - echo autop(elgg_echo('uservalidationbyemail:admin:no_unvalidated_users')); + echo elgg_autop(elgg_echo('uservalidationbyemail:admin:no_unvalidated_users')); return TRUE; } |