From 035f68a467ab50776c3f52af0cceb750d60cb4a9 Mon Sep 17 00:00:00 2001
From: Ed Lyons <ejlyons@ix.netcom.com>
Date: Sat, 2 Feb 2013 17:58:59 -0500
Subject: Update mod/messages/start.php

We had an Elgg user named Chris Read with username 'read'. Once he registered, people's messages stopped working because hitting a message in your inbox was a url like: [site_name]/messages/read/459 - and the message code, supporting the old URL format, looked up the parameter right after messages and did a lookup on that word. So, since it got a user, redirected to his inbox. Yipes! So I put in some code checking that the parameter really is your username, so it would work for Chris, but not for anyone else. It works fine now.
---
 mod/messages/start.php | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

(limited to 'mod/messages/start.php')

diff --git a/mod/messages/start.php b/mod/messages/start.php
index e17640098..95ebffbdb 100644
--- a/mod/messages/start.php
+++ b/mod/messages/start.php
@@ -85,8 +85,17 @@ function messages_page_handler($page) {
 	// supporting the old inbox url /messages/<username>
 	$user = get_user_by_username($page[0]);
 	if ($user) {
-		$page[1] = $page[0];
-		$page[0] = 'inbox';
+		// Need to make sure that the username of the parameter is actually
+		// the username of the logged in user. This will prevent strange 
+		// errors like grabbing the 'read' parameter and looking up
+		// a user with username 'read' and finding it and redirecting
+		// to that other person's inbox. 
+
+		if ($user->username == elgg_get_logged_in_user_entity()->username) {
+			// OK, so it is our username and not someone else's
+			$page[1] = $page[0];
+			$page[0] = 'inbox';
+		}
 	}
 
 	if (!isset($page[1])) {
-- 
cgit v1.2.3


From a72b4bce06062fa0a6f2fbd7489fac3474c3dc24 Mon Sep 17 00:00:00 2001
From: Steve Clay <steve@mrclay.org>
Date: Sat, 2 Feb 2013 21:19:22 -0500
Subject: Handle logged out case, simplify logic

---
 mod/messages/start.php | 30 ++++++++++++++----------------
 1 file changed, 14 insertions(+), 16 deletions(-)

(limited to 'mod/messages/start.php')

diff --git a/mod/messages/start.php b/mod/messages/start.php
index 95ebffbdb..5503a675a 100644
--- a/mod/messages/start.php
+++ b/mod/messages/start.php
@@ -74,32 +74,30 @@ function messages_init() {
  */
 function messages_page_handler($page) {
 
+	$current_user = elgg_get_logged_in_user_entity();
+	if (!$current_user) {
+		register_error(elgg_echo('noaccess'));
+		$_SESSION['last_forward_from'] = current_page_url();
+		forward('');
+	}
+
 	elgg_load_library('elgg:messages');
 
-	elgg_push_breadcrumb(elgg_echo('messages'), 'messages/inbox/' . elgg_get_logged_in_user_entity()->username);
+	elgg_push_breadcrumb(elgg_echo('messages'), 'messages/inbox/' . $current_user->username);
 
 	if (!isset($page[0])) {
 		$page[0] = 'inbox';
 	}
 
-	// supporting the old inbox url /messages/<username>
-	$user = get_user_by_username($page[0]);
-	if ($user) {
-		// Need to make sure that the username of the parameter is actually
-		// the username of the logged in user. This will prevent strange 
-		// errors like grabbing the 'read' parameter and looking up
-		// a user with username 'read' and finding it and redirecting
-		// to that other person's inbox. 
-
-		if ($user->username == elgg_get_logged_in_user_entity()->username) {
-			// OK, so it is our username and not someone else's
-			$page[1] = $page[0];
-			$page[0] = 'inbox';
-		}
+	// Support the old inbox url /messages/<username>, but only if it matches the logged in user.
+	// Otherwise having a username like "read" on the system could confuse this function.
+	if ($current_user->username === $page[0]) {
+		$page[1] = $page[0];
+		$page[0] = 'inbox';
 	}
 
 	if (!isset($page[1])) {
-		$page[1] = elgg_get_logged_in_user_entity()->username;
+		$page[1] = $current_user->username;
 	}
 
 	$base_dir = elgg_get_plugins_path() . 'messages/pages/messages';
-- 
cgit v1.2.3


From 52a1bf6fd37021cb6bd1843898571ba2036fbf9d Mon Sep 17 00:00:00 2001
From: cash <cash.costello@gmail.com>
Date: Sat, 30 Mar 2013 12:32:00 -0400
Subject: Fixes #5083 removes messages sent by deleted user

---
 mod/messages/start.php | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

(limited to 'mod/messages/start.php')

diff --git a/mod/messages/start.php b/mod/messages/start.php
index 5503a675a..714129e4b 100644
--- a/mod/messages/start.php
+++ b/mod/messages/start.php
@@ -51,6 +51,9 @@ function messages_init() {
 	elgg_register_plugin_hook_handler('notify:entity:message', 'object', 'messages_notification_msg');
 	register_notification_object('object', 'messages', elgg_echo('messages:new'));
 
+	// delete messages sent by a user when user is deleted
+	elgg_register_event_handler('delete', 'user', 'messages_purge');
+
 	// ecml
 	elgg_register_plugin_hook_handler('get_views', 'ecml', 'messages_ecml_views_hook');
 
@@ -425,6 +428,35 @@ function messages_user_hover_menu($hook, $type, $return, $params) {
 	return $return;
 }
 
+/**
+ * Delete messages from a user who is being deleted
+ *
+ * @param string   $event Event name
+ * @param string   $type  Event type
+ * @param ElggUser $user  User being deleted
+ */
+function messages_purge($event, $type, $user) {
+
+	// make sure we delete them all
+	$entity_disable_override = access_get_show_hidden_status();
+	access_show_hidden_entities(true);
+	$ia = elgg_set_ignore_access(true);
+
+	$options = array(
+		'type' => 'object',
+		'subtype' => 'messages',
+		'metadata_name' => 'fromId',
+		'metadata_value' => $user->getGUID(),
+		'limit' => 0,
+	);
+	$batch = new ElggBatch('elgg_get_entities_from_metadata', $options);
+	foreach ($batch as $e) {
+		$e->delete();
+	}
+
+	elgg_set_ignore_access($ia);
+	access_show_hidden_entities($entity_disable_override);
+}
 
 /**
  * Register messages with ECML.
-- 
cgit v1.2.3


From 9a50f1530843f7fe8505b3424afcd40ad9e87900 Mon Sep 17 00:00:00 2001
From: cash <cash.costello@gmail.com>
Date: Sat, 30 Mar 2013 12:35:32 -0400
Subject: put test in to prevent deleting messages from everyone in case no
 guid - should never happen

---
 mod/messages/start.php | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'mod/messages/start.php')

diff --git a/mod/messages/start.php b/mod/messages/start.php
index 714129e4b..6d0e82744 100644
--- a/mod/messages/start.php
+++ b/mod/messages/start.php
@@ -437,6 +437,10 @@ function messages_user_hover_menu($hook, $type, $return, $params) {
  */
 function messages_purge($event, $type, $user) {
 
+	if (!$user->getGUID()) {
+		return;
+	}
+
 	// make sure we delete them all
 	$entity_disable_override = access_get_show_hidden_status();
 	access_show_hidden_entities(true);
-- 
cgit v1.2.3