From 85e4c16f39a8b00b229644bcd175663541dfd51a Mon Sep 17 00:00:00 2001 From: Steve Clay Date: Mon, 4 Feb 2013 20:37:25 -0500 Subject: Doc fixes and inline type hints for variables (big static analysis cleanup) --- engine/lib/metadata.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'engine/lib/metadata.php') diff --git a/engine/lib/metadata.php b/engine/lib/metadata.php index f76c20f24..2fa491963 100644 --- a/engine/lib/metadata.php +++ b/engine/lib/metadata.php @@ -277,7 +277,7 @@ $access_id = ACCESS_PRIVATE, $allow_multiple = false) { * all metadata that match the query instead of returning * ElggMetadata objects. * - * @return mixed + * @return ElggMetadata[]|mixed * @since 1.8.0 */ function elgg_get_metadata(array $options = array()) { @@ -412,7 +412,7 @@ function elgg_enable_metadata(array $options) { * * metadata_owner_guids => NULL|ARR guids for metadata owners * - * @return mixed If count, int. If not count, array. false on errors. + * @return ElggEntity[]|mixed If count, int. If not count, array. false on errors. * @since 1.7.0 */ function elgg_get_entities_from_metadata(array $options = array()) { @@ -461,7 +461,7 @@ function elgg_get_entities_from_metadata(array $options = array()) { * @param array|null $order_by_metadata Array of names / direction * @param array|null $owner_guids Array of owner GUIDs * - * @return FALSE|array False on fail, array('joins', 'wheres') + * @return false|array False on fail, array('joins', 'wheres') * @since 1.7.0 * @access private */ -- cgit v1.2.3 From 597c0a4e519e14ba42c77b518a44789e3a8067b0 Mon Sep 17 00:00:00 2001 From: Cash Costello Date: Tue, 5 Mar 2013 07:34:18 -0500 Subject: Fixes #5165 handling html tags passed as tags --- engine/lib/metadata.php | 2 +- views/default/output/tag.php | 1 + views/default/output/tagcloud.php | 2 ++ views/default/output/tags.php | 1 + 4 files changed, 5 insertions(+), 1 deletion(-) (limited to 'engine/lib/metadata.php') diff --git a/engine/lib/metadata.php b/engine/lib/metadata.php index 2fa491963..35b7b4dfb 100644 --- a/engine/lib/metadata.php +++ b/engine/lib/metadata.php @@ -774,10 +774,10 @@ function string_to_tag_array($string) { $ar = explode(",", $string); $ar = array_map('trim', $ar); $ar = array_filter($ar, 'is_not_null'); + $ar = array_map('strip_tags', $ar); return $ar; } return false; - } /** diff --git a/views/default/output/tag.php b/views/default/output/tag.php index 3c002a31b..3e1f1c320 100644 --- a/views/default/output/tag.php +++ b/views/default/output/tag.php @@ -20,6 +20,7 @@ if (!empty($vars['object'])) { } if (isset($vars['value'])) { + $vars['value'] = htmlspecialchars($vars['value'], ENT_QUOTES, 'UTF-8', false); if (!empty($vars['type'])) { $type = "&type={$vars['type']}"; } else { diff --git a/views/default/output/tagcloud.php b/views/default/output/tagcloud.php index a212becd8..2fbf1cd0a 100644 --- a/views/default/output/tagcloud.php +++ b/views/default/output/tagcloud.php @@ -39,6 +39,8 @@ if (!empty($vars['tagcloud']) && is_array($vars['tagcloud'])) { $cloud = ''; foreach ($vars['tagcloud'] as $tag) { + $tag->tag = htmlspecialchars($tag->tag, ENT_QUOTES, 'UTF-8', false); + if ($cloud != '') { $cloud .= ', '; } diff --git a/views/default/output/tags.php b/views/default/output/tags.php index 3082dd41e..41fd5f168 100644 --- a/views/default/output/tags.php +++ b/views/default/output/tags.php @@ -55,6 +55,7 @@ if (!empty($vars['tags'])) { $list_items = '
  • ' . elgg_view_icon('tag', $icon_class) . '
    • '; foreach($vars['tags'] as $tag) { + $tag = htmlspecialchars($tag, ENT_QUOTES, 'UTF-8', false); if (!empty($vars['type'])) { $type = "&type={$vars['type']}"; } else { -- cgit v1.2.3 From 2dbb9772881131f5739bae2d1ce5955587e9ab78 Mon Sep 17 00:00:00 2001 From: cash Date: Wed, 6 Mar 2013 16:51:20 -0500 Subject: Fixes #4393 working around the overloaded 'count' parameter --- engine/lib/annotations.php | 16 ++++++++++++++++ engine/lib/metadata.php | 8 ++++++++ engine/lib/metastrings.php | 5 ----- 3 files changed, 24 insertions(+), 5 deletions(-) (limited to 'engine/lib/metadata.php') diff --git a/engine/lib/annotations.php b/engine/lib/annotations.php index f40a2cc6f..bd5ea1a1f 100644 --- a/engine/lib/annotations.php +++ b/engine/lib/annotations.php @@ -200,6 +200,18 @@ function update_annotation($annotation_id, $name, $value, $value_type, $owner_gu * @since 1.8.0 */ function elgg_get_annotations(array $options = array()) { + + // @todo remove support for count shortcut - see #4393 + if (isset($options['__egefac']) && $options['__egefac']) { + unset($options['__egefac']); + } else { + // support shortcut of 'count' => true for 'annotation_calculation' => 'count' + if (isset($options['count']) && $options['count']) { + $options['annotation_calculation'] = 'count'; + unset($options['count']); + } + } + $options['metastring_type'] = 'annotations'; return elgg_get_metastring_based_objects($options); } @@ -425,6 +437,10 @@ function elgg_get_entities_from_annotation_calculation($options) { $options['callback'] = 'entity_row_to_elggstar'; + // see #4393 + // @todo remove after the 'count' shortcut is removed from elgg_get_annotations() + $options['__egefac'] = true; + return elgg_get_annotations($options); } diff --git a/engine/lib/metadata.php b/engine/lib/metadata.php index 35b7b4dfb..96d446060 100644 --- a/engine/lib/metadata.php +++ b/engine/lib/metadata.php @@ -281,6 +281,14 @@ $access_id = ACCESS_PRIVATE, $allow_multiple = false) { * @since 1.8.0 */ function elgg_get_metadata(array $options = array()) { + + // @todo remove support for count shortcut - see #4393 + // support shortcut of 'count' => true for 'metadata_calculation' => 'count' + if (isset($options['count']) && $options['count']) { + $options['metadata_calculation'] = 'count'; + unset($options['count']); + } + $options['metastring_type'] = 'metadata'; return elgg_get_metastring_based_objects($options); } diff --git a/engine/lib/metastrings.php b/engine/lib/metastrings.php index 76c4bd8c4..f49b4a163 100644 --- a/engine/lib/metastrings.php +++ b/engine/lib/metastrings.php @@ -389,11 +389,6 @@ function elgg_get_metastring_based_objects($options) { $selects = $options['selects']; - // allow count shortcut - if ($options['count']) { - $options['metastring_calculation'] = 'count'; - } - // For performance reasons we don't want the joins required for metadata / annotations // unless we're going through one of their callbacks. // this means we expect the functions passing different callbacks to pass their required joins. -- cgit v1.2.3 From cf04d05bd44cd2ac935b6ed14c7af85e58aa7d17 Mon Sep 17 00:00:00 2001 From: Steve Clay Date: Sun, 10 Mar 2013 23:10:48 -0400 Subject: Fixes #5214: Successfully invalidates metadata cache in some corner cases --- engine/lib/metadata.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'engine/lib/metadata.php') diff --git a/engine/lib/metadata.php b/engine/lib/metadata.php index 96d446060..305e9918b 100644 --- a/engine/lib/metadata.php +++ b/engine/lib/metadata.php @@ -310,11 +310,14 @@ function elgg_delete_metadata(array $options) { if (!elgg_is_valid_options_for_batch_operation($options, 'metadata')) { return false; } + $options['metastring_type'] = 'metadata'; + $result = elgg_batch_metastring_based_objects($options, 'elgg_batch_delete_callback', false); + // This moved last in case an object's constructor sets metadata. Currently the batch + // delete process has to create the entity to delete its metadata. See #5214 elgg_get_metadata_cache()->invalidateByOptions('delete', $options); - $options['metastring_type'] = 'metadata'; - return elgg_batch_metastring_based_objects($options, 'elgg_batch_delete_callback', false); + return $result; } /** -- cgit v1.2.3