From 949a3f0c2ea1804577ff69d92f811ced71a79976 Mon Sep 17 00:00:00 2001 From: Jerome Bakker Date: Wed, 3 Oct 2012 14:02:11 +0200 Subject: correct singual usage of type in elgg_get_entities_* functions --- mod/groups/lib/groups.php | 4 ++-- mod/groups/start.php | 2 +- mod/groups/views/default/groups/sidebar/featured.php | 2 +- mod/groups/views/default/groups/sidebar/members.php | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) (limited to 'mod/groups') diff --git a/mod/groups/lib/groups.php b/mod/groups/lib/groups.php index 505cacd01..a9eb6e843 100644 --- a/mod/groups/lib/groups.php +++ b/mod/groups/lib/groups.php @@ -79,7 +79,7 @@ function groups_search_page() { $params = array( 'metadata_name' => 'interests', 'metadata_value' => $tag, - 'types' => 'group', + 'type' => 'group', 'full_view' => FALSE, ); $content = elgg_list_entities_from_metadata($params); @@ -351,7 +351,7 @@ function groups_handle_members_page($guid) { 'relationship' => 'member', 'relationship_guid' => $group->guid, 'inverse_relationship' => true, - 'types' => 'user', + 'type' => 'user', 'limit' => 20, )); diff --git a/mod/groups/start.php b/mod/groups/start.php index c591410c5..9689802eb 100644 --- a/mod/groups/start.php +++ b/mod/groups/start.php @@ -979,7 +979,7 @@ function discussion_reply_notifications($event, $type, $annotation) { 'relationship' => 'notify' . $method, 'relationship_guid' => $topic->getContainerGUID(), 'inverse_relationship' => true, - 'types' => 'user', + 'type' => 'user', 'limit' => 0, )); diff --git a/mod/groups/views/default/groups/sidebar/featured.php b/mod/groups/views/default/groups/sidebar/featured.php index 8bd51ab5c..f3f8f8d2d 100644 --- a/mod/groups/views/default/groups/sidebar/featured.php +++ b/mod/groups/views/default/groups/sidebar/featured.php @@ -8,7 +8,7 @@ $featured_groups = elgg_get_entities_from_metadata(array( 'metadata_name' => 'featured_group', 'metadata_value' => 'yes', - 'types' => 'group', + 'type' => 'group', 'limit' => 10, )); diff --git a/mod/groups/views/default/groups/sidebar/members.php b/mod/groups/views/default/groups/sidebar/members.php index 11273d0e6..1199a0c34 100644 --- a/mod/groups/views/default/groups/sidebar/members.php +++ b/mod/groups/views/default/groups/sidebar/members.php @@ -20,7 +20,7 @@ $body = elgg_list_entities_from_relationship(array( 'relationship' => 'member', 'relationship_guid' => $vars['entity']->guid, 'inverse_relationship' => true, - 'types' => 'user', + 'type' => 'user', 'limit' => $limit, 'list_type' => 'gallery', 'gallery_class' => 'elgg-gallery-users', -- cgit v1.2.3 From f8bee7421d1c3880ba7acb3f8fd16042d598a95f Mon Sep 17 00:00:00 2001 From: Jerome Bakker Date: Wed, 3 Oct 2012 14:29:14 +0200 Subject: better usage of 'limit' in cases where this is irrelevant --- engine/lib/deprecated-1.8.php | 2 +- engine/lib/notification.php | 2 +- mod/groups/start.php | 2 +- mod/notifications/actions/groupsave.php | 2 +- mod/notifications/groups.php | 2 +- mod/notifications/index.php | 2 +- .../views/default/forms/notificationsettings/groupsave.php | 2 +- .../views/default/notifications/subscriptions/forminternals.php | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) (limited to 'mod/groups') diff --git a/engine/lib/deprecated-1.8.php b/engine/lib/deprecated-1.8.php index 033af90fd..2b4ffcc4f 100644 --- a/engine/lib/deprecated-1.8.php +++ b/engine/lib/deprecated-1.8.php @@ -2568,7 +2568,7 @@ $owner_guid = "", $owner_relationship = "") { 'inverse_relationship' => FALSE, 'type' => 'user', 'subtype' => $subtype, - 'limit' => 9999)) + 'limit' => false)) ) { $friendsarray = array(); diff --git a/engine/lib/notification.php b/engine/lib/notification.php index 738295588..20e32ae55 100644 --- a/engine/lib/notification.php +++ b/engine/lib/notification.php @@ -492,7 +492,7 @@ function object_notifications($event, $object_type, $object) { 'relationship_guid' => $object->container_guid, 'inverse_relationship' => TRUE, 'type' => 'user', - 'limit' => 99999 + 'limit' => false )); if ($interested_users && is_array($interested_users)) { diff --git a/mod/groups/start.php b/mod/groups/start.php index 9689802eb..6bdf04d2b 100644 --- a/mod/groups/start.php +++ b/mod/groups/start.php @@ -538,7 +538,7 @@ function groups_write_acl_plugin_hook($hook, $entity_type, $returnvalue, $params 'relationship' => 'member', 'relationship_guid' => $user_guid, 'inverse_relationship' => FALSE, - 'limit' => 999 + 'limit' => false )); if ($groups) { diff --git a/mod/notifications/actions/groupsave.php b/mod/notifications/actions/groupsave.php index c646c1885..d77af41cc 100644 --- a/mod/notifications/actions/groupsave.php +++ b/mod/notifications/actions/groupsave.php @@ -22,7 +22,7 @@ $options = array( 'relationship' => 'member', 'relationship_guid' => $user->guid, 'type' => 'group', - 'limit' => 9999, + 'limit' => false, ); if ($groupmemberships = elgg_get_entities_from_relationship($options)) { foreach($groupmemberships as $groupmembership) { diff --git a/mod/notifications/groups.php b/mod/notifications/groups.php index d29c43e1f..973f3493c 100644 --- a/mod/notifications/groups.php +++ b/mod/notifications/groups.php @@ -29,7 +29,7 @@ $groupmemberships = elgg_get_entities_from_relationship(array( 'relationship' => 'member', 'relationship_guid' => $user->guid, 'type' => 'group', - 'limit' => 9999, + 'limit' => false, )); $body = elgg_view_form('notificationsettings/groupsave', array(), array( diff --git a/mod/notifications/index.php b/mod/notifications/index.php index ff03cb274..a99622efd 100644 --- a/mod/notifications/index.php +++ b/mod/notifications/index.php @@ -28,7 +28,7 @@ if ($people_ents = elgg_get_entities_from_relationship(array( 'relationship' => 'notify', 'relationship_guid' => $user->guid, 'type' => 'user', - 'limit' => 99999, + 'limit' => false, ))) { foreach($people_ents as $ent) { diff --git a/mod/notifications/views/default/forms/notificationsettings/groupsave.php b/mod/notifications/views/default/forms/notificationsettings/groupsave.php index 64db8f533..f3e5f693a 100644 --- a/mod/notifications/views/default/forms/notificationsettings/groupsave.php +++ b/mod/notifications/views/default/forms/notificationsettings/groupsave.php @@ -16,7 +16,7 @@ foreach ($NOTIFICATION_HANDLERS as $method => $foo) { 'relationship' => 'notify' . $method, 'relationship_guid' => $user->guid, 'type' => 'group', - 'limit' => 99999, + 'limit' => false, )); $tmparray = array(); if ($subsbig[$method]) { diff --git a/mod/notifications/views/default/notifications/subscriptions/forminternals.php b/mod/notifications/views/default/notifications/subscriptions/forminternals.php index 57fa62405..79a7959ac 100644 --- a/mod/notifications/views/default/notifications/subscriptions/forminternals.php +++ b/mod/notifications/views/default/notifications/subscriptions/forminternals.php @@ -32,7 +32,7 @@ foreach($NOTIFICATION_HANDLERS as $method => $foo) { 'relationship' => 'notify' . $method, 'relationship_guid' => $user->guid, 'type' => 'user', - 'limit' => 99999, + 'limit' => false, )); } -- cgit v1.2.3 From d27d5859a67396f84ec2087136f266a0530bd7c4 Mon Sep 17 00:00:00 2001 From: cash Date: Mon, 18 Feb 2013 09:29:29 -0500 Subject: Fixes #5068 removed invalid menu item creation --- mod/groups/views/default/groups/sidebar/my_status.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'mod/groups') diff --git a/mod/groups/views/default/groups/sidebar/my_status.php b/mod/groups/views/default/groups/sidebar/my_status.php index 4c36c0213..5951cbd28 100644 --- a/mod/groups/views/default/groups/sidebar/my_status.php +++ b/mod/groups/views/default/groups/sidebar/my_status.php @@ -14,7 +14,7 @@ $subscribed = elgg_extract('subscribed', $vars); if (!elgg_is_logged_in()) { return true; } -$t = new ElggMenuItem(); + // membership status $is_member = $group->isMember($user); $is_owner = $group->getOwnerEntity() == $user; -- cgit v1.2.3 From 95920add94d9056806538da00f28e73dba5932bc Mon Sep 17 00:00:00 2001 From: Sem Date: Wed, 20 Feb 2013 20:08:34 +0100 Subject: Fixes #5106. Do not make big group description images. --- mod/groups/views/default/groups/css.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'mod/groups') diff --git a/mod/groups/views/default/groups/css.php b/mod/groups/views/default/groups/css.php index 6f710ddab..39246f856 100644 --- a/mod/groups/views/default/groups/css.php +++ b/mod/groups/views/default/groups/css.php @@ -9,7 +9,7 @@ .groups-profile > .elgg-image { margin-right: 10px; } -.groups-profile img { +.groups-profile-icon img { width: 100%; height: auto; } -- cgit v1.2.3 From c42e0a6f66c013ba971be6ff8eed2efe1749d225 Mon Sep 17 00:00:00 2001 From: Cash Costello Date: Thu, 21 Feb 2013 07:55:27 -0500 Subject: Fixes #4953 updates group access list when name changed --- mod/groups/actions/groups/edit.php | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'mod/groups') diff --git a/mod/groups/actions/groups/edit.php b/mod/groups/actions/groups/edit.php index d0689be2e..632a6412b 100644 --- a/mod/groups/actions/groups/edit.php +++ b/mod/groups/actions/groups/edit.php @@ -54,6 +54,18 @@ if ($group_guid && !$group->canEdit()) { // Assume we can edit or this is a new group if (sizeof($input) > 0) { foreach($input as $shortname => $value) { + // update access collection name ig group name changes + if (!$is_new_group && $shortname == 'name' && $value != $group->name) { + $ac_name = elgg_echo('groups:group') . ": " . $group->name; + $acl = get_access_collection($group->group_acl); + if ($acl) { + // @todo Elgg api does not support updating access collection name + $db_prefix = elgg_get_config('dbprefix'); + $query = "UPDATE {$db_prefix}access_collections SET name = '$ac_name'"; + update_data($query); + } + } + $group->$shortname = $value; } } -- cgit v1.2.3 From 791ba1944832fe7a831f8755c14cb8f9691be6f1 Mon Sep 17 00:00:00 2001 From: Aday Talavera Date: Fri, 22 Feb 2013 13:47:10 +0000 Subject: Fixes #5119: Pending membership request shows wrong count --- mod/groups/start.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'mod/groups') diff --git a/mod/groups/start.php b/mod/groups/start.php index 89194d1be..46ab0e636 100644 --- a/mod/groups/start.php +++ b/mod/groups/start.php @@ -148,7 +148,7 @@ function groups_setup_sidebar_menus() { $count = elgg_get_entities_from_relationship(array( 'type' => 'user', 'relationship' => 'membership_request', - 'relationship_guid' => $guid, + 'relationship_guid' => $page_owner->getGUID(), 'inverse_relationship' => true, 'count' => true, )); -- cgit v1.2.3 From 4df59c77131c3664fe3fadaf34989bb4aa986c6c Mon Sep 17 00:00:00 2001 From: Paweł Sroka Date: Tue, 26 Feb 2013 15:18:28 +0100 Subject: Fixes #5142 - Displays correct group visibility access on group edit page --- mod/groups/lib/groups.php | 2 ++ 1 file changed, 2 insertions(+) (limited to 'mod/groups') diff --git a/mod/groups/lib/groups.php b/mod/groups/lib/groups.php index 7d5c3232c..0557d41eb 100644 --- a/mod/groups/lib/groups.php +++ b/mod/groups/lib/groups.php @@ -561,6 +561,8 @@ function groups_prepare_form_vars($group = null) { if ($group->access_id != ACCESS_PUBLIC && $group->access_id != ACCESS_LOGGED_IN) { // group only access - this is done to handle access not created when group is created $values['vis'] = ACCESS_PRIVATE; + } else { + $values['vis'] = $group->access_id; } $values['entity'] = $group; -- cgit v1.2.3 From 05dd511d383c0bfb5f20fcbc5436bb25c79d078e Mon Sep 17 00:00:00 2001 From: Brett Profitt Date: Wed, 27 Feb 2013 10:49:26 -0500 Subject: Fixes #4977. Switched to ElggBatch for group ownership transfer. --- mod/groups/views/default/forms/groups/edit.php | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) (limited to 'mod/groups') diff --git a/mod/groups/views/default/forms/groups/edit.php b/mod/groups/views/default/forms/groups/edit.php index 41d97e6c3..b2860b225 100644 --- a/mod/groups/views/default/forms/groups/edit.php +++ b/mod/groups/views/default/forms/groups/edit.php @@ -91,9 +91,18 @@ if (isset($vars['entity'])) { } if ($entity && ($owner_guid == elgg_get_logged_in_user_guid() || elgg_is_admin_logged_in())) { - $owner_guid = $vars['entity']->owner_guid; $members = array(); - foreach ($vars['entity']->getMembers(0) as $member) { + + $options = array( + 'relationship' => 'member', + 'relationship_guid' => $vars['entity']->getGUID(), + 'inverse_relationship' => true, + 'type' => 'user', + 'limit' => 0, + ); + + $batch = new ElggBatch('elgg_get_entities', $options); + foreach ($batch as $member) { $members[$member->guid] = "$member->name (@$member->username)"; } ?> -- cgit v1.2.3 From da25d56fa09aeb8ee21767e60b27d854505cd8cd Mon Sep 17 00:00:00 2001 From: cash Date: Wed, 6 Mar 2013 17:56:19 -0500 Subject: Fixes #5058 not forcing a size on an image --- mod/groups/views/default/groups/css.php | 4 ---- mod/groups/views/default/groups/profile/summary.php | 9 ++++++++- views/default/icon/default.php | 11 +++++++++-- 3 files changed, 17 insertions(+), 7 deletions(-) (limited to 'mod/groups') diff --git a/mod/groups/views/default/groups/css.php b/mod/groups/views/default/groups/css.php index 39246f856..32dd2b74d 100644 --- a/mod/groups/views/default/groups/css.php +++ b/mod/groups/views/default/groups/css.php @@ -9,10 +9,6 @@ .groups-profile > .elgg-image { margin-right: 10px; } -.groups-profile-icon img { - width: 100%; - height: auto; -} .groups-stats { background: #eeeeee; padding: 5px; diff --git a/mod/groups/views/default/groups/profile/summary.php b/mod/groups/views/default/groups/profile/summary.php index f1221f19a..3f7496871 100644 --- a/mod/groups/views/default/groups/profile/summary.php +++ b/mod/groups/views/default/groups/profile/summary.php @@ -25,7 +25,14 @@ if (!$owner) {
- '')); ?> + '', + 'width' => '', + 'height' => '', + )); + ?>

diff --git a/views/default/icon/default.php b/views/default/icon/default.php index 087c7eae9..25175b0f4 100644 --- a/views/default/icon/default.php +++ b/views/default/icon/default.php @@ -37,12 +37,19 @@ if (isset($vars['href'])) { $icon_sizes = elgg_get_config('icon_sizes'); $size = $vars['size']; +if (!isset($vars['width'])) { + $vars['width'] = $size != 'master' ? $icon_sizes[$size]['w'] : null; +} +if (!isset($vars['height'])) { + $vars['height'] = $size != 'master' ? $icon_sizes[$size]['h'] : null; +} + $img = elgg_view('output/img', array( 'src' => $entity->getIconURL($vars['size']), 'alt' => $title, 'class' => $class, - 'width' => $size != 'master' ? $icon_sizes[$size]['w'] : NULL, - 'height' => $size != 'master' ? $icon_sizes[$size]['h'] : NULL, + 'width' => $vars['width'], + 'height' => $vars['height'], )); if ($url) { -- cgit v1.2.3 From fafcbec36266a0542efd4d606d96489cf6fd8270 Mon Sep 17 00:00:00 2001 From: cash Date: Tue, 12 Mar 2013 11:31:17 -0400 Subject: Fixes #4953 added where clause to only change the correct acl --- mod/groups/actions/groups/edit.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'mod/groups') diff --git a/mod/groups/actions/groups/edit.php b/mod/groups/actions/groups/edit.php index 632a6412b..c924ef198 100644 --- a/mod/groups/actions/groups/edit.php +++ b/mod/groups/actions/groups/edit.php @@ -54,14 +54,15 @@ if ($group_guid && !$group->canEdit()) { // Assume we can edit or this is a new group if (sizeof($input) > 0) { foreach($input as $shortname => $value) { - // update access collection name ig group name changes + // update access collection name if group name changes if (!$is_new_group && $shortname == 'name' && $value != $group->name) { - $ac_name = elgg_echo('groups:group') . ": " . $group->name; + $ac_name = elgg_echo('groups:group') . ": " . $value; $acl = get_access_collection($group->group_acl); if ($acl) { // @todo Elgg api does not support updating access collection name $db_prefix = elgg_get_config('dbprefix'); - $query = "UPDATE {$db_prefix}access_collections SET name = '$ac_name'"; + $query = "UPDATE {$db_prefix}access_collections SET name = '$ac_name' + WHERE id = $group->group_acl"; update_data($query); } } -- cgit v1.2.3 From 648cc5da8f89be53408ce28970da78cb29888276 Mon Sep 17 00:00:00 2001 From: cash Date: Tue, 12 Mar 2013 11:54:42 -0400 Subject: Fixes #5224 transfering container and metadata ownership --- mod/groups/actions/groups/edit.php | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) (limited to 'mod/groups') diff --git a/mod/groups/actions/groups/edit.php b/mod/groups/actions/groups/edit.php index c924ef198..f04ef60db 100644 --- a/mod/groups/actions/groups/edit.php +++ b/mod/groups/actions/groups/edit.php @@ -105,7 +105,21 @@ if (!$is_new_group && $new_owner_guid && $new_owner_guid != $old_owner_guid) { // verify new owner is member and old owner/admin is logged in if (is_group_member($group_guid, $new_owner_guid) && ($old_owner_guid == $user->guid || $user->isAdmin())) { $group->owner_guid = $new_owner_guid; - + $group->container_guid = $new_owner_guid; + + $metadata = elgg_get_metadata(array( + 'guid' => $group_guid, + 'limit' => false, + )); + if ($metadata) { + foreach ($metadata as $md) { + if ($md->owner_guid == $old_owner_guid) { + $md->owner_guid = $new_owner_guid; + $md->save(); + } + } + } + // @todo Remove this when #4683 fixed $owner_has_changed = true; $old_icontime = $group->icontime; -- cgit v1.2.3 From c33f667ac5bcd531d274c891a1c5e14f7505d5f6 Mon Sep 17 00:00:00 2001 From: cash Date: Tue, 12 Mar 2013 13:00:15 -0400 Subject: Fixes #5226 passing options through egefr --- mod/groups/views/default/forms/groups/edit.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'mod/groups') diff --git a/mod/groups/views/default/forms/groups/edit.php b/mod/groups/views/default/forms/groups/edit.php index b2860b225..e2dc5455a 100644 --- a/mod/groups/views/default/forms/groups/edit.php +++ b/mod/groups/views/default/forms/groups/edit.php @@ -101,7 +101,7 @@ if ($entity && ($owner_guid == elgg_get_logged_in_user_guid() || elgg_is_admin_l 'limit' => 0, ); - $batch = new ElggBatch('elgg_get_entities', $options); + $batch = new ElggBatch('elgg_get_entities_from_relationship', $options); foreach ($batch as $member) { $members[$member->guid] = "$member->name (@$member->username)"; } -- cgit v1.2.3 From a313f38890eec3b870c94476a79afce7d606c222 Mon Sep 17 00:00:00 2001 From: cash Date: Tue, 12 Mar 2013 13:09:51 -0400 Subject: Refs #4953 sanitize group name when updating collection name --- mod/groups/actions/groups/edit.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'mod/groups') diff --git a/mod/groups/actions/groups/edit.php b/mod/groups/actions/groups/edit.php index f04ef60db..f19b90566 100644 --- a/mod/groups/actions/groups/edit.php +++ b/mod/groups/actions/groups/edit.php @@ -56,7 +56,8 @@ if (sizeof($input) > 0) { foreach($input as $shortname => $value) { // update access collection name if group name changes if (!$is_new_group && $shortname == 'name' && $value != $group->name) { - $ac_name = elgg_echo('groups:group') . ": " . $value; + $group_name = html_entity_decode($value, ENT_QUOTES, 'UTF-8'); + $ac_name = sanitize_string(elgg_echo('groups:group') . ": " . $group_name); $acl = get_access_collection($group->group_acl); if ($acl) { // @todo Elgg api does not support updating access collection name -- cgit v1.2.3 From b8bd4161058a2f539f1913a1dd9856f9e759c79c Mon Sep 17 00:00:00 2001 From: Matt Beckett Date: Wed, 20 Mar 2013 15:10:57 -0600 Subject: only show notification status if you're a member of the group --- mod/groups/views/default/groups/sidebar/my_status.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'mod/groups') diff --git a/mod/groups/views/default/groups/sidebar/my_status.php b/mod/groups/views/default/groups/sidebar/my_status.php index 5951cbd28..1e4e84b80 100644 --- a/mod/groups/views/default/groups/sidebar/my_status.php +++ b/mod/groups/views/default/groups/sidebar/my_status.php @@ -41,7 +41,7 @@ if ($is_owner) { } // notification info -if (elgg_is_active_plugin('notifications')) { +if (elgg_is_active_plugin('notifications') && $is_member) { if ($subscribed) { elgg_register_menu_item('groups:my_status', array( 'name' => 'subscription_status', -- cgit v1.2.3 From d84add30c2846a91636f8e58dff5f29f018791a8 Mon Sep 17 00:00:00 2001 From: cash Date: Sat, 20 Apr 2013 12:43:26 -0400 Subject: Refs #5332 cleans up group invite action --- mod/groups/actions/groups/membership/invite.php | 73 +++++++++++++------------ 1 file changed, 39 insertions(+), 34 deletions(-) (limited to 'mod/groups') diff --git a/mod/groups/actions/groups/membership/invite.php b/mod/groups/actions/groups/membership/invite.php index db90ecf3a..a96165b0e 100644 --- a/mod/groups/actions/groups/membership/invite.php +++ b/mod/groups/actions/groups/membership/invite.php @@ -7,43 +7,48 @@ $logged_in_user = elgg_get_logged_in_user_entity(); -$user_guid = get_input('user_guid'); -if (!is_array($user_guid)) { - $user_guid = array($user_guid); +$user_guids = get_input('user_guid'); +if (!is_array($user_guids)) { + $user_guids = array($user_guids); } $group_guid = get_input('group_guid'); +$group = get_entity($group_guid); -if (sizeof($user_guid)) { - foreach ($user_guid as $u_id) { - $user = get_entity($u_id); - $group = get_entity($group_guid); - - if ($user && $group && ($group instanceof ElggGroup) && $group->canEdit()) { - - if (!check_entity_relationship($group->guid, 'invited', $user->guid)) { - - // Create relationship - add_entity_relationship($group->guid, 'invited', $user->guid); - - // Send email - $url = elgg_normalize_url("groups/invitations/$user->username"); - $result = notify_user($user->getGUID(), $group->owner_guid, - elgg_echo('groups:invite:subject', array($user->name, $group->name)), - elgg_echo('groups:invite:body', array( - $user->name, - $logged_in_user->name, - $group->name, - $url, - )), - NULL); - if ($result) { - system_message(elgg_echo("groups:userinvited")); - } else { - register_error(elgg_echo("groups:usernotinvited")); - } - } else { - register_error(elgg_echo("groups:useralreadyinvited")); - } +if (count($user_guids) > 0 && elgg_instanceof($group, 'group') && $group->canEdit()) { + foreach ($user_guids as $guid) { + $user = get_user($guid); + if (!$user) { + continue; + } + + if (check_entity_relationship($group->guid, 'invited', $user->guid)) { + register_error(elgg_echo("groups:useralreadyinvited")); + continue; + } + + if (check_entity_relationship($user->guid, 'member', $group->guid)) { + // @todo add error message + continue; + } + + // Create relationship + add_entity_relationship($group->guid, 'invited', $user->guid); + + // Send notification + $url = elgg_normalize_url("groups/invitations/$user->username"); + $result = notify_user($user->getGUID(), $group->owner_guid, + elgg_echo('groups:invite:subject', array($user->name, $group->name)), + elgg_echo('groups:invite:body', array( + $user->name, + $logged_in_user->name, + $group->name, + $url, + )), + NULL); + if ($result) { + system_message(elgg_echo("groups:userinvited")); + } else { + register_error(elgg_echo("groups:usernotinvited")); } } } -- cgit v1.2.3 From a873fa6429460ccebbfdb5b7d17f124c80a6ee5c Mon Sep 17 00:00:00 2001 From: cash Date: Fri, 5 Jul 2013 20:10:12 -0400 Subject: Fixes #5745 serve 404 pages when someone requests content of a user that does not exist --- mod/blog/start.php | 13 +++++++++++++ mod/bookmarks/pages/bookmarks/friends.php | 2 +- mod/bookmarks/pages/bookmarks/owner.php | 2 +- mod/file/pages/file/friends.php | 2 +- mod/file/pages/file/owner.php | 2 +- mod/groups/lib/discussion.php | 5 ++--- mod/groups/lib/groups.php | 4 ++-- mod/groups/start.php | 4 ++++ mod/pages/pages/pages/friends.php | 2 +- mod/pages/pages/pages/owner.php | 2 +- mod/thewire/pages/thewire/friends.php | 2 +- mod/thewire/pages/thewire/owner.php | 2 +- 12 files changed, 29 insertions(+), 13 deletions(-) (limited to 'mod/groups') diff --git a/mod/blog/start.php b/mod/blog/start.php index 25cd81935..91525acee 100644 --- a/mod/blog/start.php +++ b/mod/blog/start.php @@ -113,14 +113,23 @@ function blog_page_handler($page) { switch ($page_type) { case 'owner': $user = get_user_by_username($page[1]); + if (!$user) { + forward('', '404'); + } $params = blog_get_page_content_list($user->guid); break; case 'friends': $user = get_user_by_username($page[1]); + if (!$user) { + forward('', '404'); + } $params = blog_get_page_content_friends($user->guid); break; case 'archive': $user = get_user_by_username($page[1]); + if (!$user) { + forward('', '404'); + } $params = blog_get_page_content_archive($user->guid, $page[2], $page[3]); break; case 'view': @@ -139,6 +148,10 @@ function blog_page_handler($page) { $params = blog_get_page_content_edit($page_type, $page[1], $page[2]); break; case 'group': + $group = get_entity($page[1]); + if (!elgg_instanceof($group, 'group')) { + forward('', '404'); + } if ($page[2] == 'all') { $params = blog_get_page_content_list($page[1]); } else { diff --git a/mod/bookmarks/pages/bookmarks/friends.php b/mod/bookmarks/pages/bookmarks/friends.php index 15b1da098..173996346 100644 --- a/mod/bookmarks/pages/bookmarks/friends.php +++ b/mod/bookmarks/pages/bookmarks/friends.php @@ -7,7 +7,7 @@ $page_owner = elgg_get_page_owner_entity(); if (!$page_owner) { - forward('bookmarks/all'); + forward('', '404'); } elgg_push_breadcrumb($page_owner->name, "bookmarks/owner/$page_owner->username"); diff --git a/mod/bookmarks/pages/bookmarks/owner.php b/mod/bookmarks/pages/bookmarks/owner.php index b99730fb9..b7b907916 100644 --- a/mod/bookmarks/pages/bookmarks/owner.php +++ b/mod/bookmarks/pages/bookmarks/owner.php @@ -7,7 +7,7 @@ $page_owner = elgg_get_page_owner_entity(); if (!$page_owner) { - forward('bookmarks/all'); + forward('', '404'); } elgg_push_breadcrumb($page_owner->name); diff --git a/mod/file/pages/file/friends.php b/mod/file/pages/file/friends.php index f504bdc1f..d55c1e62b 100644 --- a/mod/file/pages/file/friends.php +++ b/mod/file/pages/file/friends.php @@ -7,7 +7,7 @@ $owner = elgg_get_page_owner_entity(); if (!$owner) { - forward('file/all'); + forward('', '404'); } elgg_push_breadcrumb(elgg_echo('file'), "file/all"); diff --git a/mod/file/pages/file/owner.php b/mod/file/pages/file/owner.php index 5ad6866d6..99cf62714 100644 --- a/mod/file/pages/file/owner.php +++ b/mod/file/pages/file/owner.php @@ -10,7 +10,7 @@ group_gatekeeper(); $owner = elgg_get_page_owner_entity(); if (!$owner) { - forward('file/all'); + forward('', '404'); } elgg_push_breadcrumb(elgg_echo('file'), "file/all"); diff --git a/mod/groups/lib/discussion.php b/mod/groups/lib/discussion.php index ab2fe4849..874e21b2d 100644 --- a/mod/groups/lib/discussion.php +++ b/mod/groups/lib/discussion.php @@ -39,9 +39,8 @@ function discussion_handle_list_page($guid) { elgg_set_page_owner_guid($guid); $group = get_entity($guid); - if (!$group) { - register_error(elgg_echo('group:notfound')); - forward(); + if (!elgg_instanceof($group, 'group')) { + forward('', '404'); } elgg_push_breadcrumb($group->name); diff --git a/mod/groups/lib/groups.php b/mod/groups/lib/groups.php index 0557d41eb..e5b047eba 100644 --- a/mod/groups/lib/groups.php +++ b/mod/groups/lib/groups.php @@ -255,8 +255,8 @@ function groups_handle_profile_page($guid) { elgg_push_context('group_profile'); $group = get_entity($guid); - if (!$group) { - forward('groups/all'); + if (!elgg_instanceof($group, 'group')) { + forward('', '404'); } elgg_push_breadcrumb($group->name); diff --git a/mod/groups/start.php b/mod/groups/start.php index 46ab0e636..6002a535c 100644 --- a/mod/groups/start.php +++ b/mod/groups/start.php @@ -142,6 +142,10 @@ function groups_setup_sidebar_menus() { $page_owner = elgg_get_page_owner_entity(); if (elgg_in_context('group_profile')) { + if (!elgg_instanceof($page_owner, 'group')) { + forward('', '404'); + } + if (elgg_is_logged_in() && $page_owner->canEdit() && !$page_owner->isPublicMembership()) { $url = elgg_get_site_url() . "groups/requests/{$page_owner->getGUID()}"; diff --git a/mod/pages/pages/pages/friends.php b/mod/pages/pages/pages/friends.php index 87ac631c2..cecc4053b 100644 --- a/mod/pages/pages/pages/friends.php +++ b/mod/pages/pages/pages/friends.php @@ -7,7 +7,7 @@ $owner = elgg_get_page_owner_entity(); if (!$owner) { - forward('pages/all'); + forward('', '404'); } elgg_push_breadcrumb($owner->name, "pages/owner/$owner->username"); diff --git a/mod/pages/pages/pages/owner.php b/mod/pages/pages/pages/owner.php index 48199368c..7de74a3b4 100644 --- a/mod/pages/pages/pages/owner.php +++ b/mod/pages/pages/pages/owner.php @@ -7,7 +7,7 @@ $owner = elgg_get_page_owner_entity(); if (!$owner) { - forward('pages/all'); + forward('', '404'); } // access check for closed groups diff --git a/mod/thewire/pages/thewire/friends.php b/mod/thewire/pages/thewire/friends.php index e7f5eed59..efa7e7a56 100644 --- a/mod/thewire/pages/thewire/friends.php +++ b/mod/thewire/pages/thewire/friends.php @@ -5,7 +5,7 @@ $owner = elgg_get_page_owner_entity(); if (!$owner) { - forward('thewire/all'); + forward('', '404'); } $title = elgg_echo('thewire:friends'); diff --git a/mod/thewire/pages/thewire/owner.php b/mod/thewire/pages/thewire/owner.php index d8dff401e..dc25940e1 100644 --- a/mod/thewire/pages/thewire/owner.php +++ b/mod/thewire/pages/thewire/owner.php @@ -6,7 +6,7 @@ $owner = elgg_get_page_owner_entity(); if (!$owner) { - forward('thewire/all'); + forward('', '404'); } $title = elgg_echo('thewire:user', array($owner->name)); -- cgit v1.2.3 From 25929426871cc09d81b0612b239e9ea025bc808c Mon Sep 17 00:00:00 2001 From: cash Date: Fri, 5 Jul 2013 21:36:20 -0400 Subject: Fixes #5613 group member list alphabetical --- mod/groups/lib/groups.php | 3 +++ 1 file changed, 3 insertions(+) (limited to 'mod/groups') diff --git a/mod/groups/lib/groups.php b/mod/groups/lib/groups.php index e5b047eba..77d7c09cc 100644 --- a/mod/groups/lib/groups.php +++ b/mod/groups/lib/groups.php @@ -366,12 +366,15 @@ function groups_handle_members_page($guid) { elgg_push_breadcrumb($group->name, $group->getURL()); elgg_push_breadcrumb(elgg_echo('groups:members')); + $db_prefix = elgg_get_config('dbprefix'); $content = elgg_list_entities_from_relationship(array( 'relationship' => 'member', 'relationship_guid' => $group->guid, 'inverse_relationship' => true, 'type' => 'user', 'limit' => 20, + 'joins' => array("JOIN {$db_prefix}users_entity u ON e.guid=u.guid"), + 'order_by' => 'u.name ASC', )); $params = array( -- cgit v1.2.3 From 094b8f3afc75dac6520ea58d4e014b0e7f77d62a Mon Sep 17 00:00:00 2001 From: cash Date: Fri, 5 Jul 2013 22:05:11 -0400 Subject: Fixes #4819 clearing floated images in the content area --- mod/groups/views/default/object/groupforumtopic.php | 5 ++++- views/default/object/elements/full.php | 4 ++-- 2 files changed, 6 insertions(+), 3 deletions(-) (limited to 'mod/groups') diff --git a/mod/groups/views/default/object/groupforumtopic.php b/mod/groups/views/default/object/groupforumtopic.php index 34e0ee3cc..e6988d16e 100644 --- a/mod/groups/views/default/object/groupforumtopic.php +++ b/mod/groups/views/default/object/groupforumtopic.php @@ -73,7 +73,10 @@ if ($full) { $info = elgg_view_image_block($poster_icon, $list_body); - $body = elgg_view('output/longtext', array('value' => $topic->description)); + $body = elgg_view('output/longtext', array( + 'value' => $topic->description, + 'class' => 'clearfix', + )); echo << Date: Thu, 12 Sep 2013 05:59:18 +0200 Subject: Added function for escaping query strings and fixed several XSRF vulnerabilities. --- engine/lib/output.php | 19 +++++++++++++++++++ mod/groups/lib/groups.php | 3 ++- mod/members/pages/members/search.php | 8 ++++++-- mod/search/pages/search/index.php | 10 +--------- 4 files changed, 28 insertions(+), 12 deletions(-) (limited to 'mod/groups') diff --git a/engine/lib/output.php b/engine/lib/output.php index 6172a5c8d..de4f911fb 100644 --- a/engine/lib/output.php +++ b/engine/lib/output.php @@ -420,6 +420,25 @@ function _elgg_html_decode($string) { return $string; } +/** + * Prepares query string for output to prevent CSRF attacks. + * + * @param string $string + * @return string + * + * @access private + */ +function _elgg_get_display_query($string) { + //encode <,>,&, quotes and characters above 127 + if (function_exists('mb_convert_encoding')) { + $display_query = mb_convert_encoding($string, 'HTML-ENTITIES', 'UTF-8'); + } else { + // if no mbstring extension, we just strip characters + $display_query = preg_replace("/[^\x01-\x7F]/", "", $string); + } + return htmlspecialchars($display_query, ENT_QUOTES, 'UTF-8', false); +} + /** * Unit tests for Output * diff --git a/mod/groups/lib/groups.php b/mod/groups/lib/groups.php index 77d7c09cc..aa8766e06 100644 --- a/mod/groups/lib/groups.php +++ b/mod/groups/lib/groups.php @@ -73,7 +73,8 @@ function groups_search_page() { elgg_push_breadcrumb(elgg_echo('search')); $tag = get_input("tag"); - $title = elgg_echo('groups:search:title', array($tag)); + $display_query = _elgg_get_display_query($tag); + $title = elgg_echo('groups:search:title', array($display_query)); // groups plugin saves tags as "interests" - see groups_fields_setup() in start.php $params = array( diff --git a/mod/members/pages/members/search.php b/mod/members/pages/members/search.php index 1f0444d67..5466a8246 100644 --- a/mod/members/pages/members/search.php +++ b/mod/members/pages/members/search.php @@ -7,7 +7,9 @@ if ($vars['search_type'] == 'tag') { $tag = get_input('tag'); - $title = elgg_echo('members:title:searchtag', array($tag)); + $display_query = _elgg_get_display_query($tag); + + $title = elgg_echo('members:title:searchtag', array($display_query)); $options = array(); $options['query'] = $tag; @@ -28,7 +30,9 @@ if ($vars['search_type'] == 'tag') { } else { $name = sanitize_string(get_input('name')); - $title = elgg_echo('members:title:searchname', array($name)); + $display_query = _elgg_get_display_query($name); + + $title = elgg_echo('members:title:searchname', array($display_query)); $db_prefix = elgg_get_config('dbprefix'); $params = array( diff --git a/mod/search/pages/search/index.php b/mod/search/pages/search/index.php index ede09329b..9542e0751 100644 --- a/mod/search/pages/search/index.php +++ b/mod/search/pages/search/index.php @@ -17,15 +17,7 @@ $search_type = get_input('search_type', 'all'); // XSS protection is more important that searching for HTML. $query = stripslashes(get_input('q', get_input('tag', ''))); -// @todo - create function for sanitization of strings for display in 1.8 -// encode <,>,&, quotes and characters above 127 -if (function_exists('mb_convert_encoding')) { - $display_query = mb_convert_encoding($query, 'HTML-ENTITIES', 'UTF-8'); -} else { - // if no mbstring extension, we just strip characters - $display_query = preg_replace("/[^\x01-\x7F]/", "", $query); -} -$display_query = htmlspecialchars($display_query, ENT_QUOTES, 'UTF-8', false); +$display_query = _elgg_get_display_query($query); // check that we have an actual query if (!$query) { -- cgit v1.2.3 From d1d37b4116338ebfa0871f74776c36a5549a4591 Mon Sep 17 00:00:00 2001 From: Juho Jaakkola Date: Wed, 11 Dec 2013 09:06:42 +0200 Subject: Makes sure all group pages respect the limited_groups setting --- mod/groups/lib/groups.php | 28 ++++++++++++++++------------ 1 file changed, 16 insertions(+), 12 deletions(-) (limited to 'mod/groups') diff --git a/mod/groups/lib/groups.php b/mod/groups/lib/groups.php index 77d7c09cc..f07ab5dc6 100644 --- a/mod/groups/lib/groups.php +++ b/mod/groups/lib/groups.php @@ -55,7 +55,7 @@ function groups_handle_all_page() { } $filter = elgg_view('groups/group_sort_menu', array('selected' => $selected_tab)); - + $sidebar = elgg_view('groups/sidebar/find'); $sidebar .= elgg_view('groups/sidebar/featured'); @@ -115,7 +115,9 @@ function groups_handle_owned_page() { } elgg_push_breadcrumb($title); - elgg_register_title_button(); + if (elgg_get_plugin_setting('limited_groups', 'groups') != 'yes' || elgg_is_admin_logged_in()) { + elgg_register_title_button(); + } $content = elgg_list_entities(array( 'type' => 'group', @@ -150,7 +152,9 @@ function groups_handle_mine_page() { } elgg_push_breadcrumb($title); - elgg_register_title_button(); + if (elgg_get_plugin_setting('limited_groups', 'groups') != 'yes' || elgg_is_admin_logged_in()) { + elgg_register_title_button(); + } $content = elgg_list_entities_from_relationship(array( 'type' => 'group', @@ -181,7 +185,7 @@ function groups_handle_mine_page() { */ function groups_handle_edit_page($page, $guid = 0) { gatekeeper(); - + if ($page == 'add') { elgg_set_page_owner_guid(elgg_get_logged_in_user_guid()); $title = elgg_echo('groups:add'); @@ -204,7 +208,7 @@ function groups_handle_edit_page($page, $guid = 0) { $content = elgg_echo('groups:noaccess'); } } - + $params = array( 'content' => $content, 'title' => $title, @@ -266,7 +270,7 @@ function groups_handle_profile_page($guid) { $content = elgg_view('groups/profile/layout', array('entity' => $group)); $sidebar = ''; - if (group_gatekeeper(false)) { + if (group_gatekeeper(false)) { if (elgg_is_active_plugin('search')) { $sidebar .= elgg_view('groups/sidebar/search', array('entity' => $group)); } @@ -275,18 +279,18 @@ function groups_handle_profile_page($guid) { $subscribed = false; if (elgg_is_active_plugin('notifications')) { global $NOTIFICATION_HANDLERS; - + foreach ($NOTIFICATION_HANDLERS as $method => $foo) { $relationship = check_entity_relationship(elgg_get_logged_in_user_guid(), 'notify' . $method, $guid); - + if ($relationship) { $subscribed = true; break; } } } - + $sidebar .= elgg_view('groups/sidebar/my_status', array( 'entity' => $group, 'subscribed' => $subscribed @@ -334,7 +338,7 @@ function groups_handle_activity_page($guid) { if (!$content) { $content = '

' . elgg_echo('groups:activity:none') . '

'; } - + $params = array( 'content' => $content, 'title' => $title, @@ -427,7 +431,7 @@ function groups_handle_invite_page($guid) { /** * Manage requests to join a group - * + * * @param int $guid Group entity GUID */ function groups_handle_requests_page($guid) { @@ -443,7 +447,7 @@ function groups_handle_requests_page($guid) { if ($group && $group->canEdit()) { elgg_push_breadcrumb($group->name, $group->getURL()); elgg_push_breadcrumb($title); - + $requests = elgg_get_entities_from_relationship(array( 'type' => 'user', 'relationship' => 'membership_request', -- cgit v1.2.3