From 66953a2148bb7a19ac79c1a4ccda2852ee87501e Mon Sep 17 00:00:00 2001 From: Cash Costello Date: Mon, 9 Jan 2012 18:53:19 -0500 Subject: coding standard fixes to engine --- engine/lib/views.php | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) (limited to 'engine/lib/views.php') diff --git a/engine/lib/views.php b/engine/lib/views.php index b938dd60e..85319b2d7 100644 --- a/engine/lib/views.php +++ b/engine/lib/views.php @@ -415,7 +415,6 @@ function elgg_view($view, $vars = array(), $bypass = false, $debug = false, $vie if (isset($vars['internalname']) && !isset($vars['__ignoreInternalname']) && !isset($vars['name'])) { elgg_deprecated_notice('You should pass $vars[\'name\'] now instead of $vars[\'internalname\']', 1.8, 2); $vars['name'] = $vars['internalname']; - $test=false; } elseif (isset($vars['name'])) { if (!isset($vars['internalname'])) { $vars['__ignoreInternalname'] = ''; @@ -1628,12 +1627,12 @@ function elgg_views_boot() { // set default icon sizes - can be overridden in settings.php or with plugin if (!elgg_get_config('icon_sizes')) { $icon_sizes = array( - 'topbar' => array('w'=>16, 'h'=>16, 'square'=>TRUE, 'upscale'=>TRUE), - 'tiny' => array('w'=>25, 'h'=>25, 'square'=>TRUE, 'upscale'=>TRUE), - 'small' => array('w'=>40, 'h'=>40, 'square'=>TRUE, 'upscale'=>TRUE), - 'medium' => array('w'=>100, 'h'=>100, 'square'=>TRUE, 'upscale'=>TRUE), - 'large' => array('w'=>200, 'h'=>200, 'square'=>FALSE, 'upscale'=>FALSE), - 'master' => array('w'=>550, 'h'=>550, 'square'=>FALSE, 'upscale'=>FALSE), + 'topbar' => array('w' => 16, 'h' => 16, 'square' => TRUE, 'upscale' => TRUE), + 'tiny' => array('w' => 25, 'h' => 25, 'square' => TRUE, 'upscale' => TRUE), + 'small' => array('w' => 40, 'h' => 40, 'square' => TRUE, 'upscale' => TRUE), + 'medium' => array('w' => 100, 'h' => 100, 'square' => TRUE, 'upscale' => TRUE), + 'large' => array('w' => 200, 'h' => 200, 'square' => FALSE, 'upscale' => FALSE), + 'master' => array('w' => 550, 'h' => 550, 'square' => FALSE, 'upscale' => FALSE), ); elgg_set_config('icon_sizes', $icon_sizes); } -- cgit v1.2.3 From 0c1ee36d6aa220376537324d427741861e00138a Mon Sep 17 00:00:00 2001 From: cash Date: Wed, 11 Jan 2012 22:39:59 -0500 Subject: Fixes #4292 added a white list for ajax views --- engine/lib/elgglib.php | 6 ++++++ engine/lib/views.php | 33 +++++++++++++++++++++++++++++++++ mod/thewire/start.php | 2 ++ 3 files changed, 41 insertions(+) (limited to 'engine/lib/views.php') diff --git a/engine/lib/elgglib.php b/engine/lib/elgglib.php index b044d230f..9035d95f2 100644 --- a/engine/lib/elgglib.php +++ b/engine/lib/elgglib.php @@ -1777,6 +1777,12 @@ function elgg_ajax_page_handler($page) { unset($page[0]); $view = implode('/', $page); + $allowed_views = elgg_get_config('allowed_ajax_views'); + if (!array_key_exists($view, $allowed_views)) { + header('HTTP/1.1 403 Forbidden'); + exit; + } + // pull out GET parameters through filter $vars = array(); foreach ($_GET as $name => $value) { diff --git a/engine/lib/views.php b/engine/lib/views.php index 85319b2d7..e59edac96 100644 --- a/engine/lib/views.php +++ b/engine/lib/views.php @@ -196,6 +196,37 @@ function elgg_does_viewtype_fallback($viewtype) { return FALSE; } +/** + * Register a view to be available for ajax calls + * + * @param string $view The view name + * @return void + * @since 1.8.3 + */ +function elgg_register_ajax_view($view) { + global $CONFIG; + + if (!isset($CONFIG->allowed_ajax_views)) { + $CONFIG->allowed_ajax_views = array(); + } + + $CONFIG->allowed_ajax_views[$view] = true; +} + +/** + * Unregister a view for ajax calls + * + * @param string $view The view name + * @return void + * @since 1.8.3 + */ +function elgg_unregister_ajax_view($view) { + global $CONFIG; + + if (isset($CONFIG->allowed_ajax_views[$view])) { + unset($CONFIG->allowed_ajax_views[$view]); + } +} /** * Returns the file location for a view. @@ -1610,6 +1641,8 @@ function elgg_views_boot() { elgg_register_css('elgg', $elgg_css_url); elgg_load_css('elgg'); + elgg_register_ajax_view('js/languages'); + elgg_register_plugin_hook_handler('output:before', 'layout', 'elgg_views_add_rss_link'); // discover the built-in view types diff --git a/mod/thewire/start.php b/mod/thewire/start.php index 328e5d46c..202e3d1d6 100644 --- a/mod/thewire/start.php +++ b/mod/thewire/start.php @@ -30,6 +30,8 @@ function thewire_init() { elgg_register_simplecache_view('js/thewire'); elgg_register_js('elgg.thewire', $thewire_js, 'footer'); + elgg_register_ajax_view('thewire/previous'); + // add a site navigation item $item = new ElggMenuItem('thewire', elgg_echo('thewire'), 'thewire/all'); elgg_register_menu_item('site', $item); -- cgit v1.2.3