From 0c2c36ff3b0329ff849930d0403f933653a84dcd Mon Sep 17 00:00:00 2001 From: brettp Date: Fri, 14 May 2010 20:50:34 +0000 Subject: Merged 5928-6908 from 1.7 branch to trunk. git-svn-id: http://code.elgg.org/elgg/trunk@6059 36083f99-b078-4883-b0ff-0f9b5a30f544 --- engine/lib/actions.php | 10 +- engine/lib/activity.php | 169 ------- engine/lib/api.php | 11 - engine/lib/elgglib.php | 73 +-- engine/lib/entities.php | 4 +- engine/lib/input.php | 96 ---- engine/lib/output.php | 150 ++++++ engine/lib/pagehandler.php | 15 +- engine/lib/river.php | 491 +++++++++++++++++++ engine/lib/river2.php | 544 --------------------- engine/lib/sessions.php | 21 - engine/start.php | 22 +- htaccess_dist | 8 +- languages/en.php | 1 + mod/groups/invitations.php | 2 + mod/groups/new.php | 2 + mod/groups/views/default/river/forum/create.php | 17 +- .../views/default/river/forum/topic/create.php | 10 +- .../views/default/river/object/page/create.php | 10 +- mod/profile/actions/edit.php | 6 +- 20 files changed, 719 insertions(+), 943 deletions(-) delete mode 100644 engine/lib/activity.php create mode 100644 engine/lib/output.php create mode 100644 engine/lib/river.php delete mode 100644 engine/lib/river2.php diff --git a/engine/lib/actions.php b/engine/lib/actions.php index 66c2d9505..57da1389f 100644 --- a/engine/lib/actions.php +++ b/engine/lib/actions.php @@ -21,9 +21,6 @@ function action($action, $forwarder = "") { global $CONFIG; - // set GET params - elgg_set_input_from_uri(); - // @todo REMOVE THESE ONCE #1509 IS IN PLACE. // Allow users to disable plugins without a token in order to // remove plugins that are imcompatible. @@ -72,6 +69,8 @@ function action($action, $forwarder = "") { } else { register_error(elgg_echo('actionloggedout')); } + } else { + register_error(elgg_echo('actionunauthorized')); } } else { register_error(sprintf(elgg_echo('actionundefined'),$action)); @@ -197,14 +196,11 @@ function generate_action_token($timestamp) { // Current session id $session_id = session_id(); - // Get user agent - $ua = $_SERVER['HTTP_USER_AGENT']; - // Session token $st = $_SESSION['__elgg_session']; if (($site_secret) && ($session_id)) { - return md5($site_secret.$timestamp.$session_id.$ua.$st); + return md5($site_secret.$timestamp.$session_id.$st); } return FALSE; diff --git a/engine/lib/activity.php b/engine/lib/activity.php deleted file mode 100644 index 51b083531..000000000 --- a/engine/lib/activity.php +++ /dev/null @@ -1,169 +0,0 @@ -owner_guid" - * @return array An array of system log entries. - */ -function get_activity_stream_data($limit = 10, $offset = 0, $type = "", $subtype = "", $owner_guid = "", $owner_relationship = "") { - global $CONFIG; - - $limit = (int)$limit; - $offset = (int)$offset; - - if ($type) { - if (!is_array($type)) { - $type = array(sanitise_string($type)); - } else { - foreach ($type as $k => $v) { - $type[$k] = sanitise_string($v); - } - } - } - - if ($subtype) { - if (!is_array($subtype)) { - $subtype = array(sanitise_string($subtype)); - } else { - foreach ($subtype as $k => $v) { - $subtype[$k] = sanitise_string($v); - } - } - } - - if ($owner_guid) { - if (is_array($owner_guid)) { - foreach ($owner_guid as $k => $v) { - $owner_guid[$k] = (int)$v; - } - } else { - $owner_guid = array((int)$owner_guid); - } - } - - $owner_relationship = sanitise_string($owner_relationship); - - // Get a list of possible views - $activity_events= array(); - $activity_views = array_merge(elgg_view_tree('activity', 'default'), elgg_view_tree('river', 'default')); // Join activity with river - - $done = array(); - - foreach ($activity_views as $view) { - $fragments = explode('/', $view); - $tmp = explode('/',$view, 2); - $tmp = $tmp[1]; - - if ((isset($fragments[0])) && (($fragments[0] == 'river') || ($fragments[0] == 'activity')) - && (!in_array($tmp, $done))) { - - if (isset($fragments[1])) { - $f = array(); - for ($n = 1; $n < count($fragments); $n++) { - $val = sanitise_string($fragments[$n]); - switch($n) { - case 1: $key = 'type'; break; - case 2: $key = 'subtype'; break; - case 3: $key = 'event'; break; - } - $f[$key] = $val; - } - - // Filter result based on parameters - $add = true; - if ($type) { - if (!in_array($f['type'], $type)) { - $add = false; - } - } - if (($add) && ($subtype)) { - if (!in_array($f['subtype'], $subtype)) { - $add = false; - } - } - if (($add) && ($event)) { - if (!in_array($f['event'], $event)) { - $add = false; - } - } - - if ($add) { - $activity_events[] = $f; - } - } - - $done[] = $tmp; - } - } - - $n = 0; - foreach ($activity_events as $details) { - // Get what we're talking about - if ($details['subtype'] == 'default') { - $details['subtype'] = ''; - } - - if (($details['type']) && ($details['event'])) { - if ($n > 0) { - $obj_query .= " or "; - } - - $access = ""; - if ($details['type']!='relationship') { - $access = " and " . get_access_sql_suffix('sl'); - } - - $obj_query .= "( sl.object_type='{$details['type']}' - AND sl.object_subtype='{$details['subtype']}' - AND sl.event='{$details['event']}' $access )"; - - $n++; - } - } - - // User - if ((count($owner_guid)) && ($owner_guid[0] != 0)) { - $user = " and sl.performed_by_guid in (".implode(',', $owner_guid).")"; - - if ($owner_relationship) { - $friendsarray = ""; - if ($friends = elgg_get_entities_from_relationship(array( - 'relationship' => $owner_relationship, - 'relationship_guid' => $owner_guid[0], - 'inverse_relationship' => FALSE, - 'types' => 'user', - 'subtypes' => $subtype, - 'limit' => 9999)) - ) { - - $friendsarray = array(); - foreach($friends as $friend) { - $friendsarray[] = $friend->getGUID(); - } - - $user = " and sl.performed_by_guid in (" . implode(',', $friendsarray).")"; - } - } - } - - $query = "SELECT sl.* FROM {$CONFIG->dbprefix}system_log sl - WHERE 1 $user AND ($obj_query) - ORDER BY sl.time_created desc limit $offset, $limit"; - return get_data($query); -} diff --git a/engine/lib/api.php b/engine/lib/api.php index 6707a7418..0da0c82f0 100644 --- a/engine/lib/api.php +++ b/engine/lib/api.php @@ -1438,17 +1438,6 @@ function __php_api_exception_handler($exception) { function service_handler($handler, $request) { global $CONFIG; - // setup the input parameters since this comes through rewrite rule - $query = substr($_SERVER['REQUEST_URI'], strpos($_SERVER['REQUEST_URI'], '?')+1); - if (isset($query)) { - $query_arr = elgg_parse_str($query); - if (is_array($query_arr)) { - foreach($query_arr as $name => $val) { - set_input($name, $val); - } - } - } - set_context('api'); $request = explode('/',$request); diff --git a/engine/lib/elgglib.php b/engine/lib/elgglib.php index fd99cee0b..eac75403f 100644 --- a/engine/lib/elgglib.php +++ b/engine/lib/elgglib.php @@ -476,11 +476,10 @@ function elgg_view_regenerate_simplecache() { function elgg_view_enable_simplecache() { global $CONFIG; - if(!$CONFIG->simplecache_enabled) { - datalist_set('simplecache_enabled',1); - $CONFIG->simplecache_enabled = 1; - elgg_view_regenerate_simplecache(); - } + + datalist_set('simplecache_enabled',1); + $CONFIG->simplecache_enabled = 1; + elgg_view_regenerate_simplecache(); } /** @@ -1385,6 +1384,39 @@ function elgg_extend_view($view, $view_extension, $priority = 501, $viewtype = ' ksort($CONFIG->views->extensions[$view]); } +/** + * Unextends a view. + * + * @param string $view The view that was extended. + * @param string $view_extension This view that was added to $view + * @return bool + * @since 1.7.2 + */ +function elgg_unextend_view($view, $view_extension) { + global $CONFIG; + + if (!isset($CONFIG->views)) { + return FALSE; + } + + if (!isset($CONFIG->views->extensions)) { + return FALSE; + } + + if (!isset($CONFIG->views->extensions[$view])) { + return FALSE; + } + + $priority = array_search($view_extension, $CONFIG->views->extensions[$view]); + if ($priority === FALSE) { + return FALSE; + } + + unset($CONFIG->views->extensions[$view][$priority]); + + return TRUE; +} + /** * @deprecated 1.7. Use elgg_extend_view(). * @param $view @@ -1497,26 +1529,6 @@ function page_draw($title, $body, $sidebar = "") { } } -/** - * Displays a UNIX timestamp in a friendly way (eg "less than a minute ago") - * - * @param int $time A UNIX epoch timestamp - * @return string The friendly time - */ -function friendly_time($time) { - return elgg_view('output/friendlytime', array('time' => $time)); -} - -/** - * When given a title, returns a version suitable for inclusion in a URL - * - * @param string $title The title - * @return string The optimised title - */ -function friendly_title($title) { - return elgg_view('output/friendlytitle', array('title' => $title)); -} - /** * Library loading and handling */ @@ -2812,17 +2824,6 @@ interface Friendable { public function countObjects($subtype = ""); } -/** - * Handles formatting of ampersands in urls - * - * @param string $url - * @return string - * @since 1.7.1 - */ -function elgg_format_url($url) { - return preg_replace('/&(?!amp;)/', '&', $url); -} - /** * Rebuilds a parsed (partial) URL * diff --git a/engine/lib/entities.php b/engine/lib/entities.php index 481feac6b..8e20ec269 100644 --- a/engine/lib/entities.php +++ b/engine/lib/entities.php @@ -2319,8 +2319,8 @@ function elgg_get_entity_site_where_sql($table, $site_guids) { */ function elgg_list_entities($options) { $defaults = array( - 'offset' => 0, - 'limit' => 10, + 'offset' => (int) max(get_input('offset', 0), 0), + 'limit' => (int) max(get_input('limit', 10), 0), 'full_view' => TRUE, 'view_type_toggle' => FALSE, 'pagination' => TRUE diff --git a/engine/lib/input.php b/engine/lib/input.php index 26416d646..cf0af2b8e 100644 --- a/engine/lib/input.php +++ b/engine/lib/input.php @@ -105,102 +105,6 @@ function sanitise_filepath($path) { return $path; } - -/** - * Takes a string and turns any URLs into formatted links - * - * @param string $text The input string - * @return string The output stirng with formatted links - **/ -function parse_urls($text) { - // @todo this causes problems with - // must be ing format (no space). - // By default htmlawed rewrites tags to this format. - // if PHP supported conditional negative lookbehinds we could use this: - // $r = preg_replace_callback('/(?"\'\!\(\),]+)/i', - // - // we can put , in the list of excluded char but need to keep . because of domain names. - // it is removed in the callback. - $r = preg_replace_callback('/(?"\'\!\(\),]+)/i', - create_function( - '$matches', - ' - $url = $matches[1]; - $period = \'\'; - if (substr($url, -1, 1) == \'.\') { - $period = \'.\'; - $url = trim($url, \'.\'); - } - $urltext = str_replace("/", "/", $url); - return "$urltext$period"; - ' - ), $text); - - return $r; -} - -/** - * - * Adds P tags. - * Borrowed from Wordpress. - * - **/ -function autop($pee, $br = 1) { - $pee = $pee . "\n"; // just to make things a little easier, pad the end - $pee = preg_replace('|
\s*
|', "\n\n", $pee); - // Space things out a little - $allblocks = '(?:table|thead|tfoot|caption|colgroup|tbody|tr|td|th|div|dl|dd|dt|ul|ol|li|pre|select|form|map|area|blockquote|address|math|style|input|p|h[1-6]|hr)'; - $pee = preg_replace('!(<' . $allblocks . '[^>]*>)!', "\n$1", $pee); - $pee = preg_replace('!()!', "$1\n\n", $pee); - $pee = str_replace(array("\r\n", "\r"), "\n", $pee); // cross-platform newlines - if ( strpos($pee, ']*)>\s*|', "", $pee); // no pee inside object/embed - $pee = preg_replace('|\s*\s*|', '', $pee); - } - $pee = preg_replace("/\n\n+/", "\n\n", $pee); // take care of duplicates - $pee = preg_replace('/\n?(.+?)(?:\n\s*\n|\z)/s', "

$1

\n", $pee); // make paragraphs, including one at the end - $pee = preg_replace('|

\s*?

|', '', $pee); // under certain strange conditions it could create a P of entirely whitespace - $pee = preg_replace('!

([^<]+)\s*?(]*>)!', "

$1

$2", $pee); - $pee = preg_replace( '|

|', "$1

", $pee ); - $pee = preg_replace('!

\s*(]*>)\s*

!', "$1", $pee); // don't pee all over a tag - $pee = preg_replace("|

(|", "$1", $pee); // problem with nested lists - $pee = preg_replace('|

]*)>|i', "

", $pee); - $pee = str_replace('

', '

', $pee); - $pee = preg_replace('!

\s*(]*>)!', "$1", $pee); - $pee = preg_replace('!(]*>)\s*

!', "$1", $pee); - if ($br) { - $pee = preg_replace_callback('/<(script|style).*?<\/\\1>/s', create_function('$matches', 'return str_replace("\n", "", $matches[0]);'), $pee); - $pee = preg_replace('|(?)\s*\n|', "
\n", $pee); // optionally make line breaks - $pee = str_replace('', "\n", $pee); - } - $pee = preg_replace('!(]*>)\s*
!', "$1", $pee); - $pee = preg_replace('!
(\s*]*>)!', '$1', $pee); -// if (strpos($pee, '. Only there because of the comment. -// $pee = preg_replace_callback('!()(.*?)!is', 'clean_pre', $pee ); -// } - $pee = preg_replace( "|\n

$|", '

', $pee ); - - return $pee; -} - -/** - * Examins $_SERVER['REQUEST_URI'] and set_input()s on each. - * Required if the params are sent as GET and not forwarded by mod_rewrite. - * - * @return bool on success - */ -function elgg_set_input_from_uri() { - $query = parse_url($_SERVER['REQUEST_URI'], PHP_URL_QUERY); - $query_arr = elgg_parse_str($query); - - if (is_array($query_arr)) { - foreach($query_arr as $name => $val) { - set_input($name, $val); - } - } -} - /** * Page handler for autocomplete endpoint. * diff --git a/engine/lib/output.php b/engine/lib/output.php new file mode 100644 index 000000000..d2b76a482 --- /dev/null +++ b/engine/lib/output.php @@ -0,0 +1,150 @@ + + * @link http://elgg.org/ + */ + +/** + * Takes a string and turns any URLs into formatted links + * + * @param string $text The input string + * @return string The output stirng with formatted links + **/ +function parse_urls($text) { + // @todo this causes problems with + // must be ing format (no space). + // By default htmlawed rewrites tags to this format. + // if PHP supported conditional negative lookbehinds we could use this: + // $r = preg_replace_callback('/(?"\'\!\(\),]+)/i', + // + // we can put , in the list of excluded char but need to keep . because of domain names. + // it is removed in the callback. + $r = preg_replace_callback('/(?"\'\!\(\),]+)/i', + create_function( + '$matches', + ' + $url = $matches[1]; + $period = \'\'; + if (substr($url, -1, 1) == \'.\') { + $period = \'.\'; + $url = trim($url, \'.\'); + } + $urltext = str_replace("/", "/", $url); + return "$urltext$period"; + ' + ), $text); + + return $r; +} + +/** + * Create paragraphs from text with line spacing + * Borrowed from Wordpress. + * + **/ +function autop($pee, $br = 1) { + $pee = $pee . "\n"; // just to make things a little easier, pad the end + $pee = preg_replace('|
\s*
|', "\n\n", $pee); + // Space things out a little + $allblocks = '(?:table|thead|tfoot|caption|colgroup|tbody|tr|td|th|div|dl|dd|dt|ul|ol|li|pre|select|form|map|area|blockquote|address|math|style|input|p|h[1-6]|hr)'; + $pee = preg_replace('!(<' . $allblocks . '[^>]*>)!', "\n$1", $pee); + $pee = preg_replace('!()!', "$1\n\n", $pee); + $pee = str_replace(array("\r\n", "\r"), "\n", $pee); // cross-platform newlines + if ( strpos($pee, ']*)>\s*|', "", $pee); // no pee inside object/embed + $pee = preg_replace('|\s*\s*|', '', $pee); + } + $pee = preg_replace("/\n\n+/", "\n\n", $pee); // take care of duplicates + $pee = preg_replace('/\n?(.+?)(?:\n\s*\n|\z)/s', "

$1

\n", $pee); // make paragraphs, including one at the end + $pee = preg_replace('|

\s*?

|', '', $pee); // under certain strange conditions it could create a P of entirely whitespace + $pee = preg_replace('!

([^<]+)\s*?(]*>)!', "

$1

$2", $pee); + $pee = preg_replace( '|

|', "$1

", $pee ); + $pee = preg_replace('!

\s*(]*>)\s*

!', "$1", $pee); // don't pee all over a tag + $pee = preg_replace("|

(|", "$1", $pee); // problem with nested lists + $pee = preg_replace('|

]*)>|i', "

", $pee); + $pee = str_replace('

', '

', $pee); + $pee = preg_replace('!

\s*(]*>)!', "$1", $pee); + $pee = preg_replace('!(]*>)\s*

!', "$1", $pee); + if ($br) { + $pee = preg_replace_callback('/<(script|style).*?<\/\\1>/s', create_function('$matches', 'return str_replace("\n", "", $matches[0]);'), $pee); + $pee = preg_replace('|(?)\s*\n|', "
\n", $pee); // optionally make line breaks + $pee = str_replace('', "\n", $pee); + } + $pee = preg_replace('!(]*>)\s*
!', "$1", $pee); + $pee = preg_replace('!
(\s*]*>)!', '$1', $pee); +// if (strpos($pee, '. Only there because of the comment. +// $pee = preg_replace_callback('!()(.*?)!is', 'clean_pre', $pee ); +// } + $pee = preg_replace( "|\n

$|", '

', $pee ); + + return $pee; +} + +/** + * Returns an excerpt. + * Will return up to n chars stopping at the nearest space. + * If no spaces are found (like in Japanese) will crop off at the + * n char mark. Adds ... if any text was chopped. + * + * @param string $text + * @param int $num_chars Return a string up to $num_chars long + * @return string + * @since 1.7.2 + */ +function elgg_make_excerpt($text, $num_chars = 250) { + $text = trim(strip_tags($text)); + $string_length = elgg_strlen($text); + + // handle cases + $excerpt = elgg_substr($text, 0, $num_chars); + $space = elgg_strrpos($excerpt, ' ', 0); + + // don't crop if can't find a space. + if ($space === FALSE) { + $space = $num_chars; + } + $excerpt = trim(elgg_substr($excerpt, 0, $space)); + + if ($string_length != elgg_strlen($excerpt)) { + $excerpt .= '...'; + } + + return $excerpt; +} + +/** + * Handles formatting of ampersands in urls + * + * @param string $url + * @return string + * @since 1.7.1 + */ +function elgg_format_url($url) { + return preg_replace('/&(?!amp;)/', '&', $url); +} + +/** + * When given a title, returns a version suitable for inclusion in a URL + * + * @param string $title The title + * @return string The optimised title + */ +function friendly_title($title) { + return elgg_view('output/friendlytitle', array('title' => $title)); +} + +/** + * Displays a UNIX timestamp in a friendly way (eg "less than a minute ago") + * + * @param int $time A UNIX epoch timestamp + * @return string The friendly time + */ +function friendly_time($time) { + return elgg_view('output/friendlytime', array('time' => $time)); +} \ No newline at end of file diff --git a/engine/lib/pagehandler.php b/engine/lib/pagehandler.php index fc11f2d67..490b81159 100644 --- a/engine/lib/pagehandler.php +++ b/engine/lib/pagehandler.php @@ -20,20 +20,7 @@ function page_handler($handler, $page) { set_context($handler); - // if there are any query parameters, make them available from get_input - if (strpos($_SERVER['REQUEST_URI'], '?') !== FALSE) { - $query = substr($_SERVER['REQUEST_URI'], strpos($_SERVER['REQUEST_URI'], '?') + 1); - if (isset($query)) { - $query_arr = elgg_parse_str($query); - if (is_array($query_arr)) { - foreach($query_arr as $name => $val) { - set_input($name, $val); - } - } - } - } - - $page = explode('/', $page); + $page = explode('/',$page); // remove empty array element when page url ends in a / (see #1480) if ($page[count($page) - 1] === '') { array_pop($page); diff --git a/engine/lib/river.php b/engine/lib/river.php new file mode 100644 index 000000000..61d40f6ef --- /dev/null +++ b/engine/lib/river.php @@ -0,0 +1,491 @@ +access_id; + } + $annotation_id = (int)$annotation_id; + $type = $object->getType(); + $subtype = $object->getSubtype(); + $action_type = sanitise_string($action_type); + + // Load config + global $CONFIG; + + // Attempt to save river item; return success status + return insert_data("insert into {$CONFIG->dbprefix}river " . + " set type = '{$type}', " . + " subtype = '{$subtype}', " . + " action_type = '{$action_type}', " . + " access_id = {$access_id}, " . + " view = '{$view}', " . + " subject_guid = {$subject_guid}, " . + " object_guid = {$object_guid}, " . + " annotation_id = {$annotation_id}, " . + " posted = {$posted} "); +} + +/** + * Removes all items relating to a particular acting entity from the river + * + * @param int $subject_guid The GUID of the entity + * @return true|false Depending on success + */ +function remove_from_river_by_subject($subject_guid) { + // Sanitise + $subject_guid = (int) $subject_guid; + + // Load config + global $CONFIG; + + // Remove + return delete_data("delete from {$CONFIG->dbprefix}river where subject_guid = {$subject_guid}"); +} + +/** + * Removes all items relating to a particular entity being acted upon from the river + * + * @param int $object_guid The GUID of the entity + * @return true|false Depending on success + */ +function remove_from_river_by_object($object_guid) { + // Sanitise + $object_guid = (int) $object_guid; + + // Load config + global $CONFIG; + + // Remove + return delete_data("delete from {$CONFIG->dbprefix}river where object_guid = {$object_guid}"); +} + +/** + * Removes all items relating to a particular annotation being acted upon from the river + * + * @param int annotation_id The ID of the annotation + * @return true|false Depending on success + */ +function remove_from_river_by_annotation($annotation_id) { + // Sanitise + $annotation_id = (int) $annotation_id; + + // Load config + global $CONFIG; + + // Remove + return delete_data("delete from {$CONFIG->dbprefix}river where annotation_id = {$annotation_id}"); +} + +/** + * Removes a single river entry + * + * @param int $id The ID of the river entry + * @return true|false Depending on success + * @since 1.7.2 + */ +function remove_from_river_by_id($id) { + global $CONFIG; + + // Sanitise + $id = (int) $id; + + return delete_data("delete from {$CONFIG->dbprefix}river where id = {$id}"); +} + + +/** + * Sets the access ID on river items for a particular object + * + * @param int $object_guid The GUID of the entity + * @param int $access_id The access ID + * @return true|false Depending on success + */ +function update_river_access_by_object($object_guid, $access_id) { + // Sanitise + $object_guid = (int) $object_guid; + $access_id = (int) $access_id; + + // Load config + global $CONFIG; + + // Remove + return update_data("update {$CONFIG->dbprefix}river set access_id = {$access_id} where object_guid = {$object_guid}"); +} + +/** + * Retrieves items from the river. All parameters are optional. + * + * @param int|array $subject_guid Acting entity to restrict to. Default: all + * @param int|array $object_guid Entity being acted on to restrict to. Default: all + * @param string $subject_relationship If set to a relationship type, this will use + * $subject_guid as the starting point and set the subjects to be all users this + * entity has this relationship with (eg 'friend'). Default: blank + * @param string $type The type of entity to restrict to. Default: all + * @param string $subtype The subtype of entity to restrict to. Default: all + * @param string $action_type The type of river action to restrict to. Default: all + * @param int $limit The number of items to retrieve. Default: 20 + * @param int $offset The page offset. Default: 0 + * @param int $posted_min The minimum time period to look at. Default: none + * @param int $posted_max The maximum time period to look at. Default: none + * @return array|false Depending on success + */ +function get_river_items($subject_guid = 0, $object_guid = 0, $subject_relationship = '', $type = '', + $subtype = '', $action_type = '', $limit = 20, $offset = 0, $posted_min = 0, $posted_max = 0) { + + // Get config + global $CONFIG; + + // Sanitise variables + if (!is_array($subject_guid)) { + $subject_guid = (int) $subject_guid; + } else { + foreach($subject_guid as $key => $temp) { + $subject_guid[$key] = (int) $temp; + } + } + if (!is_array($object_guid)) { + $object_guid = (int) $object_guid; + } else { + foreach($object_guid as $key => $temp) { + $object_guid[$key] = (int) $temp; + } + } + if (!empty($type)) { + $type = sanitise_string($type); + } + if (!empty($subtype)) { + $subtype = sanitise_string($subtype); + } + if (!empty($action_type)) { + $action_type = sanitise_string($action_type); + } + $limit = (int) $limit; + $offset = (int) $offset; + $posted_min = (int) $posted_min; + $posted_max = (int) $posted_max; + + // Construct 'where' clauses for the river + $where = array(); + // river table does not have columns expected by get_access_sql_suffix so we modify its output + $where[] = str_replace("and enabled='yes'",'',str_replace('owner_guid','subject_guid',get_access_sql_suffix())); + + if (empty($subject_relationship)) { + if (!empty($subject_guid)) { + if (!is_array($subject_guid)) { + $where[] = " subject_guid = {$subject_guid} "; + } else { + $where[] = " subject_guid in (" . implode(',',$subject_guid) . ") "; + } + } + } else { + if (!is_array($subject_guid)) { + if ($entities = elgg_get_entities_from_relationship(array( + 'relationship' => $subject_relationship, + 'relationship_guid' => $subject_guid, + 'limit' => 9999)) + ) { + $guids = array(); + foreach($entities as $entity) { + $guids[] = (int) $entity->guid; + } + // $guids[] = $subject_guid; + $where[] = " subject_guid in (" . implode(',',$guids) . ") "; + } else { + return array(); + } + } + } + if (!empty($object_guid)) + if (!is_array($object_guid)) { + $where[] = " object_guid = {$object_guid} "; + } else { + $where[] = " object_guid in (" . implode(',',$object_guid) . ") "; + } + if (!empty($type)) { + $where[] = " type = '{$type}' "; + } + if (!empty($subtype)) { + $where[] = " subtype = '{$subtype}' "; + } + if (!empty($action_type)) { + $where[] = " action_type = '{$action_type}' "; + } + if (!empty($posted_min)) { + $where[] = " posted > {$posted_min} "; + } + if (!empty($posted_max)) { + $where[] = " posted < {$posted_max} "; + } + + $whereclause = implode(' and ', $where); + + // Construct main SQL + $sql = "select id,type,subtype,action_type,access_id,view,subject_guid,object_guid,annotation_id,posted" . + " from {$CONFIG->dbprefix}river where {$whereclause} order by posted desc limit {$offset},{$limit}"; + + // Get data + return get_data($sql); +} + +/** + * Returns a human-readable representation of a river item + * + * @see get_river_items + * + * @param stdClass $item A river item object as returned from get_river_items + * @return string|false Depending on success + */ +function elgg_view_river_item($item) { + if (isset($item->view)) { + $object = get_entity($item->object_guid); + $subject = get_entity($item->subject_guid); + if (!$object || !$subject) { + // probably means an entity is disabled + return false; + } else { + if (elgg_view_exists($item->view)) { + $body = elgg_view($item->view,array( + 'item' => $item + )); + } + } + return elgg_view('river/item/wrapper',array( + 'item' => $item, + 'body' => $body + )); + } + return false; +} + +/** + * Returns a human-readable version of the river. + * + * @param int|array $subject_guid Acting entity to restrict to. Default: all + * @param int|array $object_guid Entity being acted on to restrict to. Default: all + * @param string $subject_relationship If set to a relationship type, this will use + * $subject_guid as the starting point and set the subjects to be all users this + * entity has this relationship with (eg 'friend'). Default: blank + * @param string $type The type of entity to restrict to. Default: all + * @param string $subtype The subtype of entity to restrict to. Default: all + * @param string $action_type The type of river action to restrict to. Default: all + * @param int $limit The number of items to retrieve. Default: 20 + * @param int $posted_min The minimum time period to look at. Default: none + * @param int $posted_max The maximum time period to look at. Default: none + * @return string Human-readable river. + */ +function elgg_view_river_items($subject_guid = 0, $object_guid = 0, $subject_relationship = '', + $type = '', $subtype = '', $action_type = '', $limit = 20, $posted_min = 0, $posted_max = 0, $pagination = true) { + + // Get input from outside world and sanitise it + $offset = (int) get_input('offset',0); + + // Get river items, if they exist + if ($riveritems = get_river_items($subject_guid,$object_guid,$subject_relationship,$type,$subtype,$action_type,($limit + 1),$offset,$posted_min,$posted_max)) { + + return elgg_view('river/item/list',array( + 'limit' => $limit, + 'offset' => $offset, + 'items' => $riveritems, + 'pagination' => $pagination + )); + + } + + return ''; +} + +/** + * Construct and execute the query required for the activity stream. + * + * @deprecated 1.8 + * + * @param int $limit Limit the query. + * @param int $offset Execute from the given object + * @param mixed $type A type, or array of types to look for. Note: This is how they appear in the SYSTEM LOG. + * @param mixed $subtype A subtype, or array of types to look for. Note: This is how they appear in the SYSTEM LOG. + * @param mixed $owner_guid The guid or a collection of GUIDs + * @param string $owner_relationship If defined, the relationship between $owner_guid and the entity owner_guid - so "is $owner_guid $owner_relationship with $entity->owner_guid" + * @return array An array of system log entries. + */ +function get_activity_stream_data($limit = 10, $offset = 0, $type = "", $subtype = "", $owner_guid = "", $owner_relationship = "") { + global $CONFIG; + + $limit = (int)$limit; + $offset = (int)$offset; + + if ($type) { + if (!is_array($type)) { + $type = array(sanitise_string($type)); + } else { + foreach ($type as $k => $v) { + $type[$k] = sanitise_string($v); + } + } + } + + if ($subtype) { + if (!is_array($subtype)) { + $subtype = array(sanitise_string($subtype)); + } else { + foreach ($subtype as $k => $v) { + $subtype[$k] = sanitise_string($v); + } + } + } + + if ($owner_guid) { + if (is_array($owner_guid)) { + foreach ($owner_guid as $k => $v) { + $owner_guid[$k] = (int)$v; + } + } else { + $owner_guid = array((int)$owner_guid); + } + } + + $owner_relationship = sanitise_string($owner_relationship); + + // Get a list of possible views + $activity_events= array(); + $activity_views = array_merge(elgg_view_tree('activity', 'default'), elgg_view_tree('river', 'default')); // Join activity with river + + $done = array(); + + foreach ($activity_views as $view) { + $fragments = explode('/', $view); + $tmp = explode('/',$view, 2); + $tmp = $tmp[1]; + + if ((isset($fragments[0])) && (($fragments[0] == 'river') || ($fragments[0] == 'activity')) + && (!in_array($tmp, $done))) { + + if (isset($fragments[1])) { + $f = array(); + for ($n = 1; $n < count($fragments); $n++) { + $val = sanitise_string($fragments[$n]); + switch($n) { + case 1: $key = 'type'; break; + case 2: $key = 'subtype'; break; + case 3: $key = 'event'; break; + } + $f[$key] = $val; + } + + // Filter result based on parameters + $add = true; + if ($type) { + if (!in_array($f['type'], $type)) { + $add = false; + } + } + if (($add) && ($subtype)) { + if (!in_array($f['subtype'], $subtype)) { + $add = false; + } + } + if (($add) && ($event)) { + if (!in_array($f['event'], $event)) { + $add = false; + } + } + + if ($add) { + $activity_events[] = $f; + } + } + + $done[] = $tmp; + } + } + + $n = 0; + foreach ($activity_events as $details) { + // Get what we're talking about + if ($details['subtype'] == 'default') { + $details['subtype'] = ''; + } + + if (($details['type']) && ($details['event'])) { + if ($n > 0) { + $obj_query .= " or "; + } + + $access = ""; + if ($details['type']!='relationship') { + $access = " and " . get_access_sql_suffix('sl'); + } + + $obj_query .= "( sl.object_type='{$details['type']}' + AND sl.object_subtype='{$details['subtype']}' + AND sl.event='{$details['event']}' $access )"; + + $n++; + } + } + + // User + if ((count($owner_guid)) && ($owner_guid[0] != 0)) { + $user = " and sl.performed_by_guid in (".implode(',', $owner_guid).")"; + + if ($owner_relationship) { + $friendsarray = ""; + if ($friends = elgg_get_entities_from_relationship(array( + 'relationship' => $owner_relationship, + 'relationship_guid' => $owner_guid[0], + 'inverse_relationship' => FALSE, + 'types' => 'user', + 'subtypes' => $subtype, + 'limit' => 9999)) + ) { + + $friendsarray = array(); + foreach($friends as $friend) { + $friendsarray[] = $friend->getGUID(); + } + + $user = " and sl.performed_by_guid in (" . implode(',', $friendsarray).")"; + } + } + } + + $query = "SELECT sl.* FROM {$CONFIG->dbprefix}system_log sl + WHERE 1 $user AND ($obj_query) + ORDER BY sl.time_created desc limit $offset, $limit"; + return get_data($query); +} diff --git a/engine/lib/river2.php b/engine/lib/river2.php deleted file mode 100644 index a4908167d..000000000 --- a/engine/lib/river2.php +++ /dev/null @@ -1,544 +0,0 @@ -access_id; - } - $annotation_id = (int)$annotation_id; - $type = $object->getType(); - $subtype = $object->getSubtype(); - $action_type = sanitise_string($action_type); - - // Load config - global $CONFIG; - - // Attempt to save river item; return success status - $insert_data = insert_data("insert into {$CONFIG->dbprefix}river " . - " set type = '{$type}', " . - " subtype = '{$subtype}', " . - " action_type = '{$action_type}', " . - " access_id = {$access_id}, " . - " view = '{$view}', " . - " subject_guid = {$subject_guid}, " . - " object_guid = {$object_guid}, " . - " annotation_id = {$annotation_id}, " . - " posted = {$posted} "); - - //update the entities which had the action carried out on it - if($insert_data){ - update_entity_last_action($object_guid, $posted); - return $insert_data; - } -} - -/** - * Removes all items relating to a particular acting entity from the river - * - * @param int $subject_guid The GUID of the entity - * @return true|false Depending on success - */ -function remove_from_river_by_subject($subject_guid) { - // Sanitise - $subject_guid = (int) $subject_guid; - - // Load config - global $CONFIG; - - // Remove - return delete_data("delete from {$CONFIG->dbprefix}river where subject_guid = {$subject_guid}"); -} - -/** - * Removes all items relating to a particular entity being acted upon from the river - * - * @param int $object_guid The GUID of the entity - * @return true|false Depending on success - */ -function remove_from_river_by_object($object_guid) { - // Sanitise - $object_guid = (int) $object_guid; - - // Load config - global $CONFIG; - - // Remove - return delete_data("delete from {$CONFIG->dbprefix}river where object_guid = {$object_guid}"); -} - -/** - * Removes all items relating to a particular annotation being acted upon from the river - * - * @param int annotation_id The ID of the annotation - * @return true|false Depending on success - */ -function remove_from_river_by_annotation($annotation_id) { - // Sanitise - $annotation_id = (int) $annotation_id; - - // Load config - global $CONFIG; - - // Remove - return delete_data("delete from {$CONFIG->dbprefix}river where annotation_id = {$annotation_id}"); -} - -/** - * Sets the access ID on river items for a particular object - * - * @param int $object_guid The GUID of the entity - * @param int $access_id The access ID - * @return true|false Depending on success - */ -function update_river_access_by_object($object_guid, $access_id) { - // Sanitise - $object_guid = (int) $object_guid; - $access_id = (int) $access_id; - - // Load config - global $CONFIG; - - // Remove - return update_data("update {$CONFIG->dbprefix}river set access_id = {$access_id} where object_guid = {$object_guid}"); -} - -/** - * Retrieves items from the river. All parameters are optional. - * - * @param int|array $subject_guid Acting entity to restrict to. Default: all - * @param int|array $object_guid Entity being acted on to restrict to. Default: all - * @param string $subject_relationship If set to a relationship type, this will use - * $subject_guid as the starting point and set the subjects to be all users this - * entity has this relationship with (eg 'friend'). Default: blank - * @param string $type The type of entity to restrict to. Default: all - * @param string $subtype The subtype of entity to restrict to. Default: all - * @param string $action_type The type of river action to restrict to. Default: all - * @param int $limit The number of items to retrieve. Default: 20 - * @param int $offset The page offset. Default: 0 - * @param int $posted_min The minimum time period to look at. Default: none - * @param int $posted_max The maximum time period to look at. Default: none - * @return array|false Depending on success - */ -function get_river_items($subject_guid = 0, $object_guid = 0, $subject_relationship = '', $type = '', - $subtype = '', $action_type = '', $limit = 20, $offset = 0, $posted_min = 0, $posted_max = 0) { - - // Get config - global $CONFIG; - - // Sanitise variables - if (!is_array($subject_guid)) { - $subject_guid = (int) $subject_guid; - } else { - foreach($subject_guid as $key => $temp) { - $subject_guid[$key] = (int) $temp; - } - } - if (!is_array($object_guid)) { - $object_guid = (int) $object_guid; - } else { - foreach($object_guid as $key => $temp) { - $object_guid[$key] = (int) $temp; - } - } - if (!empty($type)) { - $type = sanitise_string($type); - } - if (!empty($subtype)) { - $subtype = sanitise_string($subtype); - } - if (!empty($action_type)) { - $action_type = sanitise_string($action_type); - } - $limit = (int) $limit; - $offset = (int) $offset; - $posted_min = (int) $posted_min; - $posted_max = (int) $posted_max; - - // Construct 'where' clauses for the river - $where = array(); - // river table does not have columns expected by get_access_sql_suffix so we modify its output - $where[] = str_replace("and enabled='yes'",'',str_replace('owner_guid','subject_guid',get_access_sql_suffix())); - - if (empty($subject_relationship)) { - if (!empty($subject_guid)) { - if (!is_array($subject_guid)) { - $where[] = " subject_guid = {$subject_guid} "; - } else { - $where[] = " subject_guid in (" . implode(',',$subject_guid) . ") "; - } - } - } else { - if (!is_array($subject_guid)) { - if ($entities = elgg_get_entities_from_relationship(array( - 'relationship' => $subject_relationship, - 'relationship_guid' => $subject_guid, - 'limit' => 9999)) - ) { - $guids = array(); - foreach($entities as $entity) { - $guids[] = (int) $entity->guid; - } - // $guids[] = $subject_guid; - $where[] = " subject_guid in (" . implode(',',$guids) . ") "; - } else { - return array(); - } - } - } - if (!empty($object_guid)) - if (!is_array($object_guid)) { - $where[] = " object_guid = {$object_guid} "; - } else { - $where[] = " object_guid in (" . implode(',',$object_guid) . ") "; - } - if (!empty($type)) { - $where[] = " type = '{$type}' "; - } - if (!empty($subtype)) { - $where[] = " subtype = '{$subtype}' "; - } - if (!empty($action_type)) { - $where[] = " action_type = '{$action_type}' "; - } - if (!empty($posted_min)) { - $where[] = " posted > {$posted_min} "; - } - if (!empty($posted_max)) { - $where[] = " posted < {$posted_max} "; - } - - $whereclause = implode(' and ', $where); - - // Construct main SQL - $sql = "select id,type,subtype,action_type,access_id,view,subject_guid,object_guid,annotation_id,posted" . - " from {$CONFIG->dbprefix}river where {$whereclause} order by posted desc limit {$offset},{$limit}"; - - // Get data - return get_data($sql); -} - -/** - * Retrieves items from the river. All parameters are optional. - * - * @param int|array $subject_guid Acting entity to restrict to. Default: all - * @param int|array $object_guid Entity being acted on to restrict to. Default: all - * @param string $subject_relationship If set to a relationship type, this will use - * $subject_guid as the starting point and set the subjects to be all users this - * entity has this relationship with (eg 'friend'). Default: blank - * @param string $type The type of entity to restrict to. Default: all - * @param string $subtype The subtype of entity to restrict to. Default: all - * @param string $action_type The type of river action to restrict to. Default: all - * @param int $limit The number of items to retrieve. Default: 20 - * @param int $offset The page offset. Default: 0 - * @param int $posted_min The minimum time period to look at. Default: none - * @param int $posted_max The maximum time period to look at. Default: none - * @return array|false Depending on success - */ -function elgg_get_river_items($subject_guid = 0, $object_guid = 0, $subject_relationship = '', $type = '', - $subtype = '', $action_type = '', $limit = 10, $offset = 0, $posted_min = 0, $posted_max = 0) { - - // Get config - global $CONFIG; - - // Sanitise variables - if (!is_array($subject_guid)) { - $subject_guid = (int) $subject_guid; - } else { - foreach($subject_guid as $key => $temp) { - $subject_guid[$key] = (int) $temp; - } - } - if (!is_array($object_guid)) { - $object_guid = (int) $object_guid; - } else { - foreach($object_guid as $key => $temp) { - $object_guid[$key] = (int) $temp; - } - } - if (!empty($type)) { - $type = sanitise_string($type); - } - if (!empty($subtype)) { - $subtype = sanitise_string($subtype); - } - if (!empty($action_type)) { - $action_type = sanitise_string($action_type); - } - $limit = (int) $limit; - $offset = (int) $offset; - $posted_min = (int) $posted_min; - $posted_max = (int) $posted_max; - - // Construct 'where' clauses for the river - $where = array(); - $where[] = str_replace("and enabled='yes'",'',str_replace('owner_guid','subject_guid',get_access_sql_suffix_new('er','e'))); - - if (empty($subject_relationship)) { - if (!empty($subject_guid)) { - if (!is_array($subject_guid)) { - $where[] = " subject_guid = {$subject_guid} "; - } else { - $where[] = " subject_guid in (" . implode(',',$subject_guid) . ") "; - } - } - } else { - if (!is_array($subject_guid)) { - if ($entities = get_entities_from_relationship($subject_relationship,$subject_guid,false,'','',0,'',9999)) { - $guids = array(); - foreach($entities as $entity) { - $guids[] = (int) $entity->guid; - } - // $guids[] = $subject_guid; - $where[] = " subject_guid in (" . implode(',',$guids) . ") "; - } else { - return array(); - } - } - } - if (!empty($object_guid)) - if (!is_array($object_guid)) { - $where[] = " object_guid = {$object_guid} "; - } else { - $where[] = " object_guid in (" . implode(',',$object_guid) . ") "; - } - if (!empty($type)) { - $where[] = " er.type = '{$type}' "; - } - if (!empty($subtype)) { - $where[] = " er.subtype = '{$subtype}' "; - } - if (!empty($action_type)) { - $where[] = " action_type = '{$action_type}' "; - } - if (!empty($posted_min)) { - $where[] = " posted > {$posted_min} "; - } - if (!empty($posted_max)) { - $where[] = " posted < {$posted_max} "; - } - - $whereclause = implode(' and ', $where); - - // Construct main SQL - $sql = "select er.*" . - " from {$CONFIG->dbprefix}river er, {$CONFIG->dbprefix}entities e " . - " where {$whereclause} AND er.object_guid = e.guid GROUP BY object_guid " . - " ORDER BY e.last_action desc LIMIT {$offset},{$limit}"; - - // Get data - return get_data($sql); -} - -/** - * Returns a human-readable representation of a river item - * - * @see get_river_items - * - * @param stdClass $item A river item object as returned from get_river_items - * @return string|false Depending on success - */ -function elgg_view_river_item($item) { - if (isset($item->view)) { - $object = get_entity($item->object_guid); - $subject = get_entity($item->subject_guid); - if (!$object || !$subject) { - // probably means an entity is disabled - return false; - } else { - if (elgg_view_exists($item->view)) { - $body = elgg_view($item->view,array( - 'item' => $item - )); - } - } - if (get_plugin_setting('activitytype', 'riverdashboard') == 'classic'){ - return elgg_view('river/item/wrapper_classic',array( - 'item' => $item, - 'body' => $body - )); - }else{ - return elgg_view('river/item/wrapper',array( - 'item' => $item, - 'body' => $body - )); - } - } - return false; -} - -/** - * Returns a human-readable version of the river. - * - * @param int|array $subject_guid Acting entity to restrict to. Default: all - * @param int|array $object_guid Entity being acted on to restrict to. Default: all - * @param string $subject_relationship If set to a relationship type, this will use - * $subject_guid as the starting point and set the subjects to be all users this - * entity has this relationship with (eg 'friend'). Default: blank - * @param string $type The type of entity to restrict to. Default: all - * @param string $subtype The subtype of entity to restrict to. Default: all - * @param string $action_type The type of river action to restrict to. Default: all - * @param int $limit The number of items to retrieve. Default: 20 - * @param int $posted_min The minimum time period to look at. Default: none - * @param int $posted_max The maximum time period to look at. Default: none - * @return string Human-readable river. - */ -function elgg_view_river_items($subject_guid = 0, $object_guid = 0, $subject_relationship = '', - $type = '', $subtype = '', $action_type = '', $limit = 20, $posted_min = 0, $posted_max = 0, $pagination = true, $chronological = true) { - - // Get input from outside world and sanitise it - $offset = (int) get_input('offset',0); - - // Get the correct function - if($chronological == true){ - $riveritems = get_river_items($subject_guid,$object_guid,$subject_relationship,$type,$subtype,$action_type,($limit + 1),$offset,$posted_min,$posted_max); - }else{ - $riveritems = elgg_get_river_items($subject_guid,$object_guid,$subject_relationship,$type,$subtype,$action_type,($limit + 1),$offset,$posted_min,$posted_max); - } - - // Get river items, if they exist - if ($riveritems) { - - return elgg_view('river/item/list',array( - 'limit' => $limit, - 'offset' => $offset, - 'items' => $riveritems, - 'pagination' => $pagination - )); - - } - - return ''; -} -/** - * Update last_action on the given entity. - * - * @param int $guid Entity annotation|relationship action carried out on - * @param int $posted Timestamp of last action - **/ -function update_entity_last_action($guid, $posted){ - global $CONFIG; - if(!$posted) - $posted = time(); - $guid = (int)$guid; - if($guid){ - //now add to the river updated table - $query = update_data("UPDATE {$CONFIG->dbprefix}entities SET last_action = {$posted} WHERE guid = {$guid}"); - if($query) - return true; - else - return false; - }else{ - return false; - } -} -/** - * This function has been added here until we decide if it is going to roll into core or not - * Add access restriction sql code to a given query. - * Note that if this code is executed in privileged mode it will return blank. - * @TODO: DELETE once Query classes are fully integrated - * - * @param string $table_prefix Optional table. prefix for the access code. - * @param int $owner - */ -function get_access_sql_suffix_new($table_prefix_one = '', $table_prefix_two = '', $owner = null) { - global $ENTITY_SHOW_HIDDEN_OVERRIDE, $CONFIG; - - $sql = ""; - $friends_bit = ""; - $enemies_bit = ""; - - if ($table_prefix_one) { - $table_prefix_one = sanitise_string($table_prefix_one) . "."; - } - - if ($table_prefix_two) { - $table_prefix_two = sanitise_string($table_prefix_two) . "."; - } - - if (!isset($owner)) { - $owner = get_loggedin_userid(); - } - - if (!$owner) { - $owner = -1; - } - - $ignore_access = elgg_check_access_overrides($owner); - $access = get_access_list($owner); - - if ($ignore_access) { - $sql = " (1 = 1) "; - } else if ($owner != -1) { - $friends_bit = "{$table_prefix_one}access_id = " . ACCESS_FRIENDS . " - AND {$table_prefix_one}owner_guid IN ( - SELECT guid_one FROM {$CONFIG->dbprefix}entity_relationships - WHERE relationship='friend' AND guid_two=$owner - )"; - - $friends_bit = '('.$friends_bit.') OR '; - - if ((isset($CONFIG->user_block_and_filter_enabled)) && ($CONFIG->user_block_and_filter_enabled)) { - // check to see if the user is in the entity owner's block list - // or if the entity owner is in the user's filter list - // if so, disallow access - $enemies_bit = get_annotation_sql('elgg_block_list', "{$table_prefix_one}owner_guid", $owner, false); - $enemies_bit = '(' - . $enemies_bit - . ' AND ' . get_annotation_sql('elgg_filter_list', $owner, "{$table_prefix_one}owner_guid", false) - . ')'; - } - } - - if (empty($sql)) { - $sql = " $friends_bit ({$table_prefix_one}access_id IN {$access} - OR ({$table_prefix_one}owner_guid = {$owner}) - OR ( - {$table_prefix_one}access_id = " . ACCESS_PRIVATE . " - AND {$table_prefix_one}owner_guid = $owner - ) - )"; - } - - if ($enemies_bit) { - $sql = "$enemies_bit AND ($sql)"; - } - - if (!$ENTITY_SHOW_HIDDEN_OVERRIDE) - $sql .= " and {$table_prefix_two}enabled='yes'"; - return '('.$sql.')'; -} \ No newline at end of file diff --git a/engine/lib/sessions.php b/engine/lib/sessions.php index ffea2dcc2..b74b2f524 100644 --- a/engine/lib/sessions.php +++ b/engine/lib/sessions.php @@ -459,17 +459,6 @@ function logout() { return TRUE; } -/** - * Returns a fingerprint for an elgg session. - * - * @return string - */ -function get_session_fingerprint() { - global $CONFIG; - - return md5($_SERVER['HTTP_USER_AGENT'] . get_site_secret()); -} - /** * Initialises the system session and potentially logs the user in * @@ -505,16 +494,6 @@ function session_init($event, $object_type, $object) { session_name('Elgg'); session_start(); - // Do some sanity checking by generating a fingerprint (makes some XSS attacks harder) - if (isset($_SESSION['__elgg_fingerprint'])) { - if ($_SESSION['__elgg_fingerprint'] != get_session_fingerprint()) { - session_destroy(); - return false; - } - } else { - $_SESSION['__elgg_fingerprint'] = get_session_fingerprint(); - } - // Generate a simple token (private from potentially public session id) if (!isset($_SESSION['__elgg_session'])) { $_SESSION['__elgg_session'] = md5(microtime().rand()); diff --git a/engine/start.php b/engine/start.php index aade0a817..b7c63dfa4 100644 --- a/engine/start.php +++ b/engine/start.php @@ -51,18 +51,18 @@ set_exception_handler('__elgg_php_exception_handler'); // attempt to save settings.php and .htaccess if in installation. if ($sanitised = sanitised()) { - // load library files + // load the rest of the library files from engine/lib/ $lib_files = array( - 'actions.php', 'activity.php', 'admin.php', 'annotations.php', 'api.php', - 'cache.php', 'calendar.php', 'configuration.php', 'cron.php', - 'entities.php', 'export.php', 'extender.php', 'database.php', 'filestore.php', - 'group.php', 'input.php', 'install.php', 'location.php', 'mb_wrapper.php', + 'admin.php', 'annotations.php', 'api.php', 'cache.php', + 'calendar.php', 'configuration.php', 'cron.php', 'entities.php', + 'export.php', 'extender.php', 'filestore.php', 'group.php', + 'input.php', 'install.php', 'location.php', 'mb_wrapper.php', 'memcache.php', 'metadata.php', 'metastrings.php', 'notification.php', - 'objects.php', 'opendd.php', 'pagehandler.php', 'pageowner.php', 'pam.php', - 'plugins.php', 'query.php', 'relationships.php', 'river2.php', 'sites.php', - 'social.php', 'statistics.php', 'system_log.php', 'tags.php', - 'usersettings.php', 'users.php', 'version.php', 'widgets.php', 'xml.php', - 'xml-rpc.php' + 'objects.php', 'opendd.php', 'output.php', 'pagehandler.php', + 'pageowner.php', 'pam.php', 'plugins.php', 'query.php', + 'relationships.php', 'river.php', 'sites.php', 'social.php', + 'statistics.php', 'system_log.php', 'tags.php', 'usersettings.php', + 'users.php', 'version.php', 'widgets.php', 'xml.php', 'xml-rpc.php' ); foreach($lib_files as $file) { @@ -136,4 +136,4 @@ if (($installed) && ($db_installed)) { datalist_set('simplecache_'.$oldview,$lastcached); } $CONFIG->lastcache = $lastcached; -} \ No newline at end of file +} diff --git a/htaccess_dist b/htaccess_dist index 92e081bc3..7001610c0 100644 --- a/htaccess_dist +++ b/htaccess_dist @@ -116,9 +116,9 @@ RewriteEngine on # #RewriteBase / -RewriteRule ^action\/([A-Za-z0-9\_\-\/]+)$ engine/handlers/action_handler.php?action=$1 +RewriteRule ^action\/([A-Za-z0-9\_\-\/]+)$ engine/handlers/action_handler.php?action=$1&%{QUERY_STRING} -RewriteRule ^services\/api\/([A-Za-z0-9\_\-]+)\/(.*)$ engine/handlers/service_handler.php?handler=$1&request=$2 +RewriteRule ^services\/api\/([A-Za-z0-9\_\-]+)\/(.*)$ engine/handlers/service_handler.php?handler=$1&request=$2&%{QUERY_STRING} RewriteRule ^export\/([A-Za-z]+)\/([0-9]+)$ services/export/handler.php?view=$1&guid=$2 RewriteRule ^export\/([A-Za-z]+)\/([0-9]+)\/$ services/export/handler.php?view=$1&guid=$2 @@ -126,8 +126,8 @@ RewriteRule ^export\/([A-Za-z]+)\/([0-9]+)\/([A-Za-z]+)\/([A-Za-z0-9\_]+)\/$ ser RewriteRule ^\_css\/css\.css$ _css/css.php -RewriteRule ^pg\/([A-Za-z0-9\_\-]+)\/(.*)$ engine/handlers/pagehandler.php?handler=$1&page=$2 -RewriteRule ^pg\/([A-Za-z0-9\_\-]+)$ engine/handlers/pagehandler.php?handler=$1 +RewriteRule ^pg\/([A-Za-z0-9\_\-]+)\/(.*)$ engine/handlers/pagehandler.php?handler=$1&page=$2&%{QUERY_STRING} +RewriteRule ^pg\/([A-Za-z0-9\_\-]+)$ engine/handlers/pagehandler.php?handler=$1&%{QUERY_STRING} RewriteRule xml-rpc.php engine/handlers/xml-rpc_handler.php RewriteRule mt/mt-xmlrpc.cgi engine/handlers/xml-rpc_handler.php diff --git a/languages/en.php b/languages/en.php index 11ecfbdb6..3aaa89295 100644 --- a/languages/en.php +++ b/languages/en.php @@ -42,6 +42,7 @@ $english = array( 'actionundefined' => "The requested action (%s) was not defined in the system.", 'actionloggedout' => "Sorry, you cannot perform this action while logged out.", + 'actionunauthorized' => 'You are unauthorized to perform this action', 'SecurityException:Codeblock' => "Denied access to execute privileged code block", 'DatabaseException:WrongCredentials' => "Elgg couldn't connect to the database using the given credentials.", diff --git a/mod/groups/invitations.php b/mod/groups/invitations.php index f2594c786..70d65469e 100644 --- a/mod/groups/invitations.php +++ b/mod/groups/invitations.php @@ -12,6 +12,8 @@ require_once(dirname(dirname(dirname(__FILE__))) . "/engine/start.php"); gatekeeper(); +set_page_owner(get_loggedin_userid()); + $user = get_loggedin_user(); $title = elgg_echo('groups:invitations'); diff --git a/mod/groups/new.php b/mod/groups/new.php index 32b8d1902..95cabd3be 100644 --- a/mod/groups/new.php +++ b/mod/groups/new.php @@ -11,6 +11,8 @@ gatekeeper(); + set_page_owner(get_loggedin_userid()); + // Render the file upload page $title = elgg_echo("groups:new"); $area2 = elgg_view_title($title); diff --git a/mod/groups/views/default/river/forum/create.php b/mod/groups/views/default/river/forum/create.php index e51d9fe72..4906fc869 100644 --- a/mod/groups/views/default/river/forum/create.php +++ b/mod/groups/views/default/river/forum/create.php @@ -1,4 +1,7 @@ subject_guid); // $statement->getSubject(); $object = get_entity($vars['item']->object_guid); @@ -6,8 +9,9 @@ $forumtopic = $object->guid; $group_guid = $object->container_guid; //grab the annotation, if one exists - if($vars['item']->annotation_id != 0) + if($vars['item']->annotation_id != 0) { $comment = get_annotation($vars['item']->annotation_id)->value; + } $contents = strip_tags($contents);//this is so we don't get large images etc in the activity river $url = $vars['url'] . "mod/groups/topicposts.php?topic=" . $forumtopic . "&group_guid=" . $group_guid; $url_user = "getURL()}\">{$performed_by->name}"; @@ -15,14 +19,7 @@ $string .= elgg_echo("groupforum:river:annotate:create") . " | " . $object->title . " ". friendly_time($object->time_created) ." Visit discussion"; $string .= elgg_view('likes/forms/link', array('entity' => $object)); $string .= "
"; - if($comment){ - $contents = strip_tags($comment);//this is so we don't get large images etc in the activity river - if(strlen($contents) > 200) - $string .= substr($contents, 0, strpos($contents, ' ', 200)) . "…"; - else - $string .= $contents; - } + $string .= elgg_make_excerpt($contents, 200); $string .= "
"; -?> - \ No newline at end of file + echo $string; diff --git a/mod/groups/views/default/river/forum/topic/create.php b/mod/groups/views/default/river/forum/topic/create.php index 7b06cd275..a8d444465 100644 --- a/mod/groups/views/default/river/forum/topic/create.php +++ b/mod/groups/views/default/river/forum/topic/create.php @@ -16,13 +16,7 @@ $string .= "" . $object->title . " " . friendly_time($object->time_created) . " Visit discussion"; $string .= elgg_view('likes/forms/link', array('entity' => $object)); $string .= "
"; - if(strlen($contents) > 200) { - $string .= substr($contents, 0, strpos($contents, ' ', 200)) . "…"; - }else{ - $string .= $contents; - } + $string .= elgg_make_excerpt($contents, 200); $string .= "
"; -?> - - \ No newline at end of file + echo $string; \ No newline at end of file diff --git a/mod/pages/views/default/river/object/page/create.php b/mod/pages/views/default/river/object/page/create.php index 25efc216a..e34145d79 100644 --- a/mod/pages/views/default/river/object/page/create.php +++ b/mod/pages/views/default/river/object/page/create.php @@ -11,13 +11,7 @@ $string .= elgg_echo("pages:river:create") . " getURL() . "\">" . $object->title . " ". friendly_time($object->time_created) ." Comment"; $string .= elgg_view('likes/forms/link', array('entity' => $object)); $string .= "
"; - if(strlen($contents) > 200) { - $string .= substr($contents, 0, strpos($contents, ' ', 200)) . "…"; - }else{ - $string .= $contents; - } + $string .= elgg_make_excerpt($contents, 200); $string .= "
"; -?> - - \ No newline at end of file + echo $string; \ No newline at end of file diff --git a/mod/profile/actions/edit.php b/mod/profile/actions/edit.php index baeb49108..839b269af 100644 --- a/mod/profile/actions/edit.php +++ b/mod/profile/actions/edit.php @@ -104,8 +104,10 @@ if (sizeof($input) > 0) { // Notify of profile update trigger_elgg_event('profileupdate',$user->type,$user); - //add to river - add_to_river('river/user/default/profileupdate','update',$_SESSION['user']->guid,$_SESSION['user']->guid,get_default_access($_SESSION['user'])); + //add to river if edited by self + if (get_loggedin_userid() == $user->guid) { + add_to_river('river/user/default/profileupdate','update',$_SESSION['user']->guid,$_SESSION['user']->guid,get_default_access($_SESSION['user'])); + } system_message(elgg_echo("profile:saved")); } -- cgit v1.2.3