25 files changed, 100 insertions, 33 deletions
diff --git a/mod/blog/languages/en.php b/mod/blog/languages/en.php
index e1930b916..5248a6f51 100644
--- a/mod/blog/languages/en.php
+++ b/mod/blog/languages/en.php
@@ -41,7 +41,6 @@ $english = array(
 	'blog:message:saved' => 'Blog post saved.',
 	'blog:error:cannot_save' => 'Cannot save blog post.',
 	'blog:error:cannot_write_to_container' => 'Insufficient access to save blog to group.',
-	'blog:error:post_not_found' => 'This post has been removed, is invalid, or you do not have permission to view it.',
 	'blog:messages:warning:draft' => 'There is an unsaved draft of this post!',
 	'blog:edit_revision_notice' => '(Old version)',
 	'blog:message:deleted_post' => 'Blog post deleted.',
diff --git a/mod/blog/lib/blog.php b/mod/blog/lib/blog.php
index 286fe1832..9d6cb37e7 100644
--- a/mod/blog/lib/blog.php
+++ b/mod/blog/lib/blog.php
@@ -22,7 +22,7 @@ function blog_get_page_content_read($guid = NULL) {
 	$return['filter'] = '';
 
 	if (!elgg_instanceof($blog, 'object', 'blog')) {
-		$return['content'] = elgg_echo('blog:error:post_not_found');
+		$return['content'] = elgg_echo('noaccess');
 		return $return;
 	}
 
diff --git a/mod/blog/start.php b/mod/blog/start.php
index 73056f1c9..9faf1794e 100644
--- a/mod/blog/start.php
+++ b/mod/blog/start.php
@@ -60,7 +60,7 @@ function blog_init() {
 	elgg_extend_view('groups/tool_latest', 'blog/group_module');
 
 	// add a blog widget
-	elgg_register_widget_type('blog', elgg_echo('blog'), elgg_echo('blog:widget:description'), 'profile');
+	elgg_register_widget_type('blog', elgg_echo('blog'), elgg_echo('blog:widget:description'));
 
 	// register actions
 	$action_path = elgg_get_plugins_path() . 'blog/actions/blog';
diff --git a/mod/blog/views/default/object/blog.php b/mod/blog/views/default/object/blog.php
index aa8074a69..4403a6006 100644
--- a/mod/blog/views/default/object/blog.php
+++ b/mod/blog/views/default/object/blog.php
@@ -27,7 +27,6 @@ $owner_link = elgg_view('output/url', array(
 	'is_trusted' => true,
 ));
 $author_text = elgg_echo('byline', array($owner_link));
-$tags = elgg_view('output/tags', array('tags' => $blog->tags));
 $date = elgg_view_friendly_time($blog->time_created);
 
 // The "on" status changes for comments, so best to check for !Off
@@ -74,7 +73,6 @@ if ($full) {
 		'title' => false,
 		'metadata' => $metadata,
 		'subtitle' => $subtitle,
-		'tags' => $tags,
 	);
 	$params = $params + $vars;
 	$summary = elgg_view('object/elements/summary', $params);
@@ -92,7 +90,6 @@ if ($full) {
 		'entity' => $blog,
 		'metadata' => $metadata,
 		'subtitle' => $subtitle,
-		'tags' => $tags,
 		'content' => $excerpt,
 	);
 	$params = $params + $vars;
diff --git a/mod/bookmarks/pages/bookmarks/view.php b/mod/bookmarks/pages/bookmarks/view.php
index 2439d2ee8..c819b8b41 100644
--- a/mod/bookmarks/pages/bookmarks/view.php
+++ b/mod/bookmarks/pages/bookmarks/view.php
@@ -6,6 +6,10 @@
  */
 
 $bookmark = get_entity(get_input('guid'));
+if (!$bookmark) {
+	register_error(elgg_echo('noaccess'));
+	forward('');
+}
 
 $page_owner = elgg_get_page_owner_entity();
 
diff --git a/mod/bookmarks/views/default/object/bookmarks.php b/mod/bookmarks/views/default/object/bookmarks.php
index 89a0d03e0..83bae2b13 100644
--- a/mod/bookmarks/views/default/object/bookmarks.php
+++ b/mod/bookmarks/views/default/object/bookmarks.php
@@ -27,7 +27,6 @@ $owner_link = elgg_view('output/url', array(
 ));
 $author_text = elgg_echo('byline', array($owner_link));
 
-$tags = elgg_view('output/tags', array('tags' => $bookmark->tags));
 $date = elgg_view_friendly_time($bookmark->time_created);
 
 $comments_count = $bookmark->countComments();
@@ -64,7 +63,6 @@ if ($full && !elgg_in_context('gallery')) {
 		'title' => false,
 		'metadata' => $metadata,
 		'subtitle' => $subtitle,
-		'tags' => $tags,
 	);
 	$params = $params + $vars;
 	$summary = elgg_view('object/elements/summary', $params);
@@ -120,7 +118,6 @@ HTML;
 		'entity' => $bookmark,
 		'metadata' => $metadata,
 		'subtitle' => $subtitle,
-		'tags' => $tags,
 		'content' => $content,
 	);
 	$params = $params + $vars;
diff --git a/mod/categories/languages/en.php b/mod/categories/languages/en.php
index eaa65b13e..422fe81a4 100644
--- a/mod/categories/languages/en.php
+++ b/mod/categories/languages/en.php
@@ -9,7 +9,7 @@ $english = array(
 	'categories:explanation' => 'To set some predefined site-wide categories that will be used throughout your system, enter them below, separated with commas. Compatible tools will then display them when the user creates or edits content.',
 	'categories:save:success' => 'Site categories were successfully saved.',
 	'categories:results' => "Results for the site category: %s",
-	'categories:on_activate_reminder' => "Site-wide Cateogires won't work until you add categories. <a href=\"%s\">Add categories now.</a>",
+	'categories:on_activate_reminder' => "Site-wide Categories won't work until you add categories. <a href=\"%s\">Add categories now.</a>",
 );
 
 add_translation("en", $english);
 \ No newline at end of file
diff --git a/mod/embed/manifest.xml b/mod/embed/manifest.xml
index 46ab2df9e..81ca9194e 100644
--- a/mod/embed/manifest.xml
+++ b/mod/embed/manifest.xml
@@ -13,10 +13,10 @@
 		<type>elgg_release</type>
 		<version>1.8</version>
 	</requires>
-	<suggests>
+	<requires>
 		<type>plugin</type>
 		<name>file</name>
 		<version>1.8.1</version>
-	</suggests>
+	</requires>
 	<activate_on_install>true</activate_on_install>
 </plugin_manifest>
diff --git a/mod/file/pages/file/download.php b/mod/file/pages/file/download.php
index 00e6d500e..76c1f1272 100644
--- a/mod/file/pages/file/download.php
+++ b/mod/file/pages/file/download.php
@@ -26,7 +26,7 @@ $filename = $file->originalfilename;
 header("Pragma: public");
 
 header("Content-type: $mime");
-if (strpos($mime, "image/") !== false) {
+if (strpos($mime, "image/") !== false || $mime == "application/pdf") {
 	header("Content-Disposition: inline; filename=\"$filename\"");
 } else {
 	header("Content-Disposition: attachment; filename=\"$filename\"");
diff --git a/mod/file/pages/file/view.php b/mod/file/pages/file/view.php
index a571c9d68..ec51b30e6 100644
--- a/mod/file/pages/file/view.php
+++ b/mod/file/pages/file/view.php
@@ -6,6 +6,10 @@
  */
 
 $file = get_entity(get_input('guid'));
+if (!$file) {
+	register_error(elgg_echo('noaccess'));
+	forward('');
+}
 
 $owner = elgg_get_page_owner_entity();
 
diff --git a/mod/file/views/default/object/file.php b/mod/file/views/default/object/file.php
index 1db9863c9..b3f530183 100644
--- a/mod/file/views/default/object/file.php
+++ b/mod/file/views/default/object/file.php
@@ -28,7 +28,6 @@ $author_text = elgg_echo('byline', array($owner_link));
 
 $file_icon = elgg_view_entity_icon($file, 'small');
 
-$tags = elgg_view('output/tags', array('tags' => $file->tags));
 $date = elgg_view_friendly_time($file->time_created);
 
 $comments_count = $file->countComments();
@@ -71,7 +70,6 @@ if ($full && !elgg_in_context('gallery')) {
 		'entity' => $file,
 		'metadata' => $metadata,
 		'subtitle' => $subtitle,
-		'tags' => $tags,
 	);
 	$params = $params + $vars;
 	$summary = elgg_view('object/elements/summary', $params);
@@ -100,7 +98,6 @@ if ($full && !elgg_in_context('gallery')) {
 		'entity' => $file,
 		'metadata' => $metadata,
 		'subtitle' => $subtitle,
-		'tags' => $tags,
 		'content' => $excerpt,
 	);
 	$params = $params + $vars;
diff --git a/mod/groups/icon.php b/mod/groups/icon.php
index 104da4b41..f86f84fa5 100644
--- a/mod/groups/icon.php
+++ b/mod/groups/icon.php
@@ -35,7 +35,7 @@ if ($filehandler->open("read")) {
 }
 
 if (!$success) {
-	$location = elgg_get_plugins_path() . "groups/graphics/default{$size}.jpg";
+	$location = elgg_get_plugins_path() . "groups/graphics/default{$size}.gif";
 	$contents = @file_get_contents($location);
 }
 
diff --git a/mod/groups/views/default/groups/sidebar/members.php b/mod/groups/views/default/groups/sidebar/members.php
index 49f14697c..11273d0e6 100644
--- a/mod/groups/views/default/groups/sidebar/members.php
+++ b/mod/groups/views/default/groups/sidebar/members.php
@@ -8,7 +8,7 @@
  * @uses $vars['limit']  The number of members to display
  */
 
-$limit = elgg_extract('limit', $vars, 10);
+$limit = elgg_extract('limit', $vars, 14);
 
 $all_link = elgg_view('output/url', array(
 	'href' => 'groups/members/' . $vars['entity']->guid,
@@ -24,6 +24,7 @@ $body = elgg_list_entities_from_relationship(array(
 	'limit' => $limit,
 	'list_type' => 'gallery',
 	'gallery_class' => 'elgg-gallery-users',
+	'pagination' => false
 ));
 
 $body .= "<div class='center mts'>$all_link</div>";
diff --git a/mod/messages/views/default/forms/messages/process.php b/mod/messages/views/default/forms/messages/process.php
index f86c3217a..cb30792e9 100644
--- a/mod/messages/views/default/forms/messages/process.php
+++ b/mod/messages/views/default/forms/messages/process.php
@@ -19,10 +19,12 @@ echo $messages;
 echo '</div>';
 
 echo '<div class="elgg-foot messages-buttonbank">';
+
 echo elgg_view('input/submit', array(
 	'value' => elgg_echo('delete'),
 	'name' => 'delete',
-	'class' => 'elgg-button-delete',
+	'class' => 'elgg-button-delete elgg-requires-confirmation',
+	'title' => elgg_echo('deleteconfirm:plural'),
 ));
 
 if ($vars['folder'] == "inbox") {
diff --git a/mod/pages/actions/pages/delete.php b/mod/pages/actions/pages/delete.php
index dfa0de98d..7a314a280 100644
--- a/mod/pages/actions/pages/delete.php
+++ b/mod/pages/actions/pages/delete.php
@@ -9,8 +9,9 @@
 
 $guid = get_input('guid');
 $page = get_entity($guid);
-if ($page) {
-	if ($page->canEdit()) {
+if (elgg_instanceof($page, 'object', 'page') || elgg_instanceof($page, 'object', 'page_top')) {
+	// only allow owners and admin to delete
+	if (elgg_is_admin_logged_in() || elgg_get_logged_in_user_guid() == $page->getOwnerGuid()) {
 		$container = get_entity($page->container_guid);
 
 		// Bring all child elements forward
diff --git a/mod/pages/actions/pages/edit.php b/mod/pages/actions/pages/edit.php
index 6950d4b2f..a32e4a4ba 100644
--- a/mod/pages/actions/pages/edit.php
+++ b/mod/pages/actions/pages/edit.php
@@ -47,7 +47,19 @@ if ($page_guid) {
 }
 
 if (sizeof($input) > 0) {
+	// don't change access if not an owner/admin
+	$user = elgg_get_logged_in_user_entity();
+	$can_change_access = true;
+
+	if ($user && $page) {
+		$can_change_access = $user->isAdmin() || $user->getGUID() == $page->owner_guid;
+	}
+	
 	foreach ($input as $name => $value) {
+		if (($name == 'access_id' || $name == 'write_access_id') && !$can_change_access) {
+			continue;
+		}
+
 		$page->$name = $value;
 	}
 }
@@ -74,6 +86,6 @@ if ($page->save()) {
 
 	forward($page->getURL());
 } else {
-	register_error(elgg_echo('pages:error:no_save'));
+	register_error(elgg_echo('pages:error:notsaved'));
 	forward(REFERER);
 }
diff --git a/mod/pages/lib/pages.php b/mod/pages/lib/pages.php
index 5c5323d6f..dbf7b8917 100644
--- a/mod/pages/lib/pages.php
+++ b/mod/pages/lib/pages.php
@@ -111,4 +111,4 @@ function pages_register_navigation_tree($container) {
 			}
 		}
 	}
-}
+}
+\ No newline at end of file
diff --git a/mod/pages/pages/pages/history.php b/mod/pages/pages/pages/history.php
index a63b37a7a..872596179 100644
--- a/mod/pages/pages/pages/history.php
+++ b/mod/pages/pages/pages/history.php
@@ -30,7 +30,12 @@ elgg_push_breadcrumb(elgg_echo('pages:history'));
 
 $title = $page->title . ": " . elgg_echo('pages:history');
 
-$content = list_annotations($page_guid, 'page', 20, false);
+$content = elgg_list_annotations(array(
+		'guid' => $page_guid,
+		'annotation_name' => 'page',
+		'limit' => 20,
+		'order_by' => "n_table.time_created desc"
+));
 
 $body = elgg_view_layout('content', array(
 	'filter' => '',
diff --git a/mod/pages/pages/pages/view.php b/mod/pages/pages/pages/view.php
index 5dfb76b55..6b9d03f49 100644
--- a/mod/pages/pages/pages/view.php
+++ b/mod/pages/pages/pages/view.php
@@ -8,6 +8,7 @@
 $page_guid = get_input('guid');
 $page = get_entity($page_guid);
 if (!$page) {
+	register_error(elgg_echo('noaccess'));
 	forward();
 }
 
@@ -32,7 +33,8 @@ elgg_push_breadcrumb($title);
 $content = elgg_view_entity($page, array('full_view' => true));
 $content .= elgg_view_comments($page);
 
-if (elgg_get_logged_in_user_guid() == $page->getOwnerGuid()) {
+// can add subpage if can edit this page and write to container (such as a group)
+if ($page->canEdit() && $container->canWriteToContainer(0, 'object', 'page')) {
 	$url = "pages/add/$page->guid";
 	elgg_register_menu_item('title', array(
 			'name' => 'subpage',
diff --git a/mod/pages/views/default/forms/pages/edit.php b/mod/pages/views/default/forms/pages/edit.php
index 20737a121..9469f5eb9 100644
--- a/mod/pages/views/default/forms/pages/edit.php
+++ b/mod/pages/views/default/forms/pages/edit.php
@@ -6,7 +6,18 @@
  */
 
 $variables = elgg_get_config('pages');
+$user = elgg_get_logged_in_user_entity();
+$entity = elgg_extract('entity', $vars);
+$can_change_access = true;
+if ($user && $entity) {
+	$can_change_access = ($user->isAdmin() || $user->getGUID() == $entity->owner_guid);
+}
+
 foreach ($variables as $name => $type) {
+	// don't show read / write access inputs for non-owners or admin when editing
+	if (($type == 'access' || $type == 'write_access') && !$can_change_access) {
+		continue;
+	}
 ?>
 <div>
 	<label><?php echo elgg_echo("pages:$name") ?></label>
@@ -14,8 +25,8 @@ foreach ($variables as $name => $type) {
 		if ($type != 'longtext') {
 			echo '<br />';
 		}
-	?>
-	<?php echo elgg_view("input/$type", array(
+
+		echo elgg_view("input/$type", array(
 			'name' => $name,
 			'value' => $vars[$name],
 		));
diff --git a/mod/pages/views/default/object/page_top.php b/mod/pages/views/default/object/page_top.php
index e78289f28..945a22eed 100644
--- a/mod/pages/views/default/object/page_top.php
+++ b/mod/pages/views/default/object/page_top.php
@@ -45,7 +45,6 @@ $editor_link = elgg_view('output/url', array(
 
 $date = elgg_view_friendly_time($annotation->time_created);
 $editor_text = elgg_echo('pages:strapline', array($date, $editor_link));
-$tags = elgg_view('output/tags', array('tags' => $page->tags));
 $categories = elgg_view('output/categories', $vars);
 
 $comments_count = $page->countComments();
@@ -82,7 +81,6 @@ if ($full) {
 		'entity' => $page,
 		'metadata' => $metadata,
 		'subtitle' => $subtitle,
-		'tags' => $tags,
 	);
 	$params = $params + $vars;
 	$summary = elgg_view('object/elements/summary', $params);
@@ -104,7 +102,6 @@ if ($full) {
 		'entity' => $page,
 		'metadata' => $metadata,
 		'subtitle' => $subtitle,
-		'tags' => $tags,
 		'content' => $excerpt,
 	);
 	$params = $params + $vars;
diff --git a/mod/search/views/default/search/search_box.php b/mod/search/views/default/search/search_box.php
index 87d59519c..ff12ae4f0 100644
--- a/mod/search/views/default/search/search_box.php
+++ b/mod/search/views/default/search/search_box.php
@@ -38,6 +38,7 @@ $display_query = htmlspecialchars($display_query, ENT_QUOTES, 'UTF-8', false);
 <form class="<?php echo $class; ?>" action="<?php echo elgg_get_site_url(); ?>search" method="get">
 	<fieldset>
 		<input type="text" class="search-input" size="21" name="q" value="<?php echo elgg_echo('search'); ?>" onblur="if (this.value=='') { this.value='<?php echo elgg_echo('search'); ?>' }" onfocus="if (this.value=='<?php echo elgg_echo('search'); ?>') { this.value='' };" />
+		<input type="hidden" name="search_type" value="all" />
 		<input type="submit" value="<?php echo elgg_echo('search:go'); ?>" class="search-submit-button" />
 	</fieldset>
-</form>
-\ No newline at end of file
+</form>
diff --git a/mod/thewire/pages/thewire/view.php b/mod/thewire/pages/thewire/view.php
new file mode 100644
index 000000000..1818e725a
--- /dev/null
+++ b/mod/thewire/pages/thewire/view.php
@@ -0,0 +1,30 @@
+<?php
+/**
+ * View individual wire post
+ */
+
+$post = get_entity(get_input('guid'));
+if (!$post) {
+	register_error(elgg_echo('noaccess'));
+	forward('');
+}
+$owner = $post->getOwnerEntity();
+if (!$owner) {
+	forward();
+}
+
+$title = elgg_echo('thewire:by', array($owner->name));
+
+elgg_push_breadcrumb(elgg_echo('thewire'), 'thewire/all');
+elgg_push_breadcrumb($owner->name, 'thewire/owner/' . $owner->username);
+elgg_push_breadcrumb($title);
+
+$content = elgg_view_entity($post);
+
+$body = elgg_view_layout('content', array(
+	'filter' => false,
+	'content' => $content,
+	'title' => $title,
+));
+
+echo elgg_view_page($title, $body);
diff --git a/mod/thewire/start.php b/mod/thewire/start.php
index 5d5786e2f..8e3b5224a 100644
--- a/mod/thewire/start.php
+++ b/mod/thewire/start.php
@@ -77,7 +77,8 @@ function thewire_init() {
  * thewire/owner/<username>     View this user's wire posts
  * thewire/following/<username> View the posts of those this user follows
  * thewire/reply/<guid>         Reply to a post
- * thewire/view/<guid>          View a conversation thread
+ * thewire/view/<guid>          View a post
+ * thewire/thread/<id>          View a conversation thread
  * thewire/tag/<tag>            View wire posts tagged with <tag>
  *
  * @param array $page From the page_handler function
@@ -104,6 +105,12 @@ function thewire_page_handler($page) {
 			include "$base_dir/owner.php";
 			break;
 
+		case "view":
+			if (isset($page[1])) {
+				set_input('guid', $page[1]);
+			}
+			include "$base_dir/view.php";
+
 		case "thread":
 			if (isset($page[1])) {
 				set_input('thread_id', $page[1]);
diff --git a/mod/twitter_api/lib/twitter_api.php b/mod/twitter_api/lib/twitter_api.php
index 355123992..fbce00d34 100644
--- a/mod/twitter_api/lib/twitter_api.php
+++ b/mod/twitter_api/lib/twitter_api.php
@@ -109,7 +109,7 @@ function twitter_api_login() {
 			$user = twitter_api_create_user($twitter);
 			$site_name = elgg_get_site_entity()->name;
 			system_message(elgg_echo('twitter_api:login:email', array($site_name)));
-			$forward = "twitter_api/intersitial";
+			$forward = "twitter_api/interstitial";
 		}
 
 		// set twitter services tokens