From 2f376bfc5fa1e6c7f52a1eb0079409f27ed9b0cd Mon Sep 17 00:00:00 2001 From: cash Date: Tue, 31 Aug 2010 00:24:09 +0000 Subject: Refs #2434 - made the profile plugin more robust to bad urls and did a little code standardization git-svn-id: http://code.elgg.org/elgg/trunk@6885 36083f99-b078-4883-b0ff-0f9b5a30f544 --- mod/profile/start.php | 12 +++--- .../views/default/profile/profile_navigation.php | 14 +++++-- .../views/default/profile/profile_ownerblock.php | 49 ++++++++++++---------- 3 files changed, 43 insertions(+), 32 deletions(-) (limited to 'mod') diff --git a/mod/profile/start.php b/mod/profile/start.php index adac92aef..80f923cb3 100644 --- a/mod/profile/start.php +++ b/mod/profile/start.php @@ -121,18 +121,18 @@ function profile_fields_setup() { function profile_page_handler($page) { global $CONFIG; - $username = $action = NULL; + $action = NULL; // short circuit if invalid or banned username if (isset($page[0])) { $username = $page[0]; $user = get_user_by_username($username); + set_input('username', $page[0]); + } - if (!$user || ($user->isBanned() && !isadminloggedin())) { - return elgg_echo('profile:notfound'); - } else { - set_input('username', $page[0]); - } + if (!$user || ($user->isBanned() && !isadminloggedin())) { + register_error(elgg_echo('profile:notfound')); + forward(); } if (isset($page[1])) { diff --git a/mod/profile/views/default/profile/profile_navigation.php b/mod/profile/views/default/profile/profile_navigation.php index 5a7283a9c..6750b9c67 100755 --- a/mod/profile/views/default/profile/profile_navigation.php +++ b/mod/profile/views/default/profile/profile_navigation.php @@ -5,13 +5,19 @@ if (isset($vars['section'])) { $section = $vars['section']; } -$profile = $vars['entity']; +$user = $vars['entity']; +if (!$user) { + // no user so no profile + return TRUE; +} + + $activity = ''; $friends = ''; $extend = ''; $twitter = ''; -$url = "{$profile->getURL()}/"; +$url = "{$user->getURL()}/"; //select section switch($section){ @@ -39,7 +45,7 @@ switch($section){ } ?>
-

name; ?>

+

name; ?>

\ No newline at end of file diff --git a/mod/profile/views/default/profile/profile_ownerblock.php b/mod/profile/views/default/profile/profile_ownerblock.php index ee39c197d..c36e22076 100755 --- a/mod/profile/views/default/profile/profile_ownerblock.php +++ b/mod/profile/views/default/profile/profile_ownerblock.php @@ -4,23 +4,29 @@ * A simple owner block which houses info about the user whose 'stuff' you are looking at */ -//get the page owner -if($vars['entity']){ - if($vars['context'] == 'edit') +// get the user who owns this profile +if ($vars['entity']) { + if ($vars['context'] == 'edit') { $user = get_entity($vars['entity']->container_guid); - else + } else { $user = get_entity($vars['entity']->guid); -}else{ + } +} else { $user = page_owner_entity(); + if (!$user) { + // no user so we quit + return TRUE; + } } + $more_info = ''; -//set some variables + $location = elgg_view("output/tags",array('value' => $user->location)); $section = $vars['section']; -if($section == 'details'){ +if ($section == 'details') { $icon = elgg_view("profile/icon",array('entity' => $user, 'size' => 'large', 'override' => 'true')); $icon_class = "large"; -}else{ +} else { $icon = elgg_view("profile/icon",array('entity' => $user, 'size' => 'small')); $more_info = "
"; $more_info .= "

{$user->name}

"; @@ -29,26 +35,27 @@ if($section == 'details'){ $more_info .= "
"; } $profile_actions = ""; -if(isloggedin() && (get_loggedin_user()->getGuid() == page_owner())){ +if (isloggedin() && (get_loggedin_user()->getGuid() == page_owner())) { $profile_actions = "
"; $profile_actions .= "username}/edit/details' class='action_button'>". elgg_echo('profile:edit') .""; $profile_actions .= "username}/edit/icon' class='action_button'>". elgg_echo('profile:editicon') .""; $profile_actions .= "
"; -}else{ +} else { $profile_actions = "
"; if (isloggedin()) { - if ($_SESSION['user']->getGUID() != $user->getGUID()) { - $ts = time(); - $token = generate_action_token($ts); - + if (get_loggedin_userid() != $user->getGUID()) { if ($user->isFriend()) { - $profile_actions .= "getGUID()}&__elgg_token=$token&__elgg_ts=$ts\" class='action_button'>" . elgg_echo('friend:remove') . ""; + $url = "{$vars['url']}action/friends/remove?friend={$user->getGUID()}"; + $url = elgg_add_action_tokens_to_url($url); + $profile_actions .= "" . elgg_echo('friend:remove') . ""; } else { - $profile_actions .= "getGUID()}&__elgg_token=$token&__elgg_ts=$ts\" class='action_button'>" . elgg_echo('friend:add') . ""; + $url = "{$vars['url']}action/friends/add?friend={$user->getGUID()}"; + $url = elgg_add_action_tokens_to_url($url); + $profile_actions .= "" . elgg_echo('friend:add') . ""; } } } - if(is_plugin_enabled('messages') && isloggedin()){ + if (is_plugin_enabled('messages') && isloggedin()) { $profile_actions .= "guid}\" class='action_button'>". elgg_echo('messages:send') .""; } $profile_actions .= "
"; @@ -57,14 +64,12 @@ if(isloggedin() && (get_loggedin_user()->getGuid() == page_owner())){ $username = $user->username; $email = $user->email; $phone = $user->phone; - -//get correct links -$url = $vars['url']; + //if admin display admin links -if(isadminloggedin()){ +if (isadminloggedin()) { $admin_links = elgg_view('profile/admin_menu'); -}else{ +} else { $admin_links = ''; } -- cgit v1.2.3