Permalink
Browse files

Merge branch '1.8'

Conflicts:
	engine/lib/actions.php
	htaccess_dist
	version.php
  • Loading branch information...
2 parents 9d714fb + e9f710c commit 5c667e8728d7dd58f081ef9d5940823d8338b593 @cash cash committed Mar 10, 2013
View
@@ -1,14 +1,33 @@
Version 1.8.14
-(X xx, 2013 from https://github.com/Elgg/Elgg/tree/1.8)
+(March 12, 2013 from https://github.com/Elgg/Elgg/tree/1.8)
Contributing Developers:
+ * Aday Talavera
+ * Brett Profitt
+ * Cash Costello
+ * Ed Lyons
+ * German Bortoli
+ * Hellekin Wolf
+ * iionly
+ * Jerome Bakker
* Luciano Lima
+ * Matt Beckett
* Paweł Sroka
+ * Sem
+ * Steve Clay
+
+ Security Fixes:
+ * Fixed bug that exposed subject lines of messages in inbox
+ * Added requirement for CSRF token for login
Bugfixes:
- *
+ * Strip html tags from tag input
+ * Fixed several display issues for IE7
+ * Fixed several issues with blog drafts
+ * Fixed repeated token timeout errors
+ * Fixed JavaScript localization for non-English languages
Enhancements:
- * Web services fall back to xml if the viewtype is invalid
+ * Web services fall back to json if the viewtype is invalid
Version 1.8.13
View
@@ -48,6 +48,10 @@ function profile_array_decoder(&$v) {
forward(REFERER);
}
+ if ($valuetype == 'url' && !preg_match('~^https?\://~i', $value)) {
+ $value = "http://$value";
+ }
+
if ($valuetype == 'tags') {
$value = string_to_tag_array($value);
}
View
@@ -45,7 +45,9 @@
// @todo should registration be allowed no matter what the plugins return?
if (!elgg_trigger_plugin_hook('register', 'user', $params, TRUE)) {
+ $ia = elgg_set_ignore_access(true);
$new_user->delete();
+ elgg_set_ignore_access($ia);
// @todo this is a generic messages. We could have plugins
// throw a RegistrationException, but that is very odd
// for the plugin hooks system.
@@ -32,7 +32,6 @@ public function execute($action, $forwarder = "") {
$exceptions = array(
'admin/plugins/disable',
'logout',
- 'login',
'file/download',
);
View
@@ -200,6 +200,18 @@ function update_annotation($annotation_id, $name, $value, $value_type, $owner_gu
* @since 1.8.0
*/
function elgg_get_annotations(array $options = array()) {
+
+ // @todo remove support for count shortcut - see #4393
+ if (isset($options['__egefac']) && $options['__egefac']) {
+ unset($options['__egefac']);
+ } else {
+ // support shortcut of 'count' => true for 'annotation_calculation' => 'count'
+ if (isset($options['count']) && $options['count']) {
+ $options['annotation_calculation'] = 'count';
+ unset($options['count']);
+ }
+ }
+
$options['metastring_type'] = 'annotations';
return elgg_get_metastring_based_objects($options);
}
@@ -425,6 +437,10 @@ function elgg_get_entities_from_annotation_calculation($options) {
$options['callback'] = 'entity_row_to_elggstar';
+ // see #4393
+ // @todo remove after the 'count' shortcut is removed from elgg_get_annotations()
+ $options['__egefac'] = true;
+
return elgg_get_annotations($options);
}
View
@@ -281,6 +281,14 @@ function create_metadata_from_array($entity_guid, array $name_and_values, $value
* @since 1.8.0
*/
function elgg_get_metadata(array $options = array()) {
+
+ // @todo remove support for count shortcut - see #4393
+ // support shortcut of 'count' => true for 'metadata_calculation' => 'count'
+ if (isset($options['count']) && $options['count']) {
+ $options['metadata_calculation'] = 'count';
+ unset($options['count']);
+ }
+
$options['metastring_type'] = 'metadata';
return elgg_get_metastring_based_objects($options);
}
@@ -774,10 +782,10 @@ function string_to_tag_array($string) {
$ar = explode(",", $string);
$ar = array_map('trim', $ar);
$ar = array_filter($ar, 'is_not_null');
+ $ar = array_map('strip_tags', $ar);
return $ar;
}
return false;
-
}
/**
@@ -389,11 +389,6 @@ function elgg_get_metastring_based_objects($options) {
$selects = $options['selects'];
- // allow count shortcut
- if ($options['count']) {
- $options['metastring_calculation'] = 'count';
- }
-
// For performance reasons we don't want the joins required for metadata / annotations
// unless we're going through one of their callbacks.
// this means we expect the functions passing different callbacks to pass their required joins.
@@ -109,7 +109,7 @@ function add_entity_relationship($guid_one, $relationship, $guid_two) {
* @param string $relationship The type of relationship
* @param int $guid_two The GUID of the entity the relationship is with
*
- * @return object|false Depending on success
+ * @return ElggRelationship|false Depending on success
*/
function check_entity_relationship($guid_one, $relationship, $guid_two) {
global $CONFIG;
@@ -123,7 +123,7 @@ function check_entity_relationship($guid_one, $relationship, $guid_two) {
AND relationship='$relationship'
AND guid_two=$guid_two limit 1";
- $row = get_data_row($query);
+ $row = row_to_elggrelationship(get_data_row($query));
if ($row) {
return $row;
}
View
@@ -17,6 +17,9 @@
* @access private
*/
function upgrade_code($version, $quiet = FALSE) {
+ // do not remove - upgrade scripts depend on this
+ global $CONFIG;
+
$version = (int) $version;
$upgrade_path = elgg_get_config('path') . 'engine/lib/upgrades/';
$processed_upgrades = elgg_get_processed_upgrades();
@@ -0,0 +1,26 @@
+<?php
+/**
+ * Elgg 1.8.14 upgrade 2013030600
+ * update_user_location
+ *
+ * Before Elgg 1.8, a location like "London, England" would be stored as an array.
+ * This script turns that back into a string.
+ */
+
+global $DB_QUERY_CACHE;
+
+$ia = elgg_set_ignore_access(true);
+$options = array(
+ 'type' => 'user',
+ 'limit' => 0,
+);
+$batch = new ElggBatch('elgg_get_entities', $options);
+
+foreach ($batch as $entity) {
+ $DB_QUERY_CACHE = array();
+
+ if (is_array($entity->location)) {
+ $entity->location = implode(', ', $entity->location);
+ }
+}
+elgg_set_ignore_access($ia);
@@ -2729,6 +2729,36 @@ public function testElggGetEntitiesFromAnnotationsCalculateX() {
}
}
+ public function testElggGetEntitiesFromAnnotationCalculationCount() {
+ // add two annotations with a unique name to an entity
+ // then count the number of entities with that annotation name
+
+ $subtypes = $this->getRandomValidSubtypes(array('object'), 1);
+ $name = 'test_annotation_' . rand(0, 9999);
+ $values = array();
+ $options = array(
+ 'type' => 'object',
+ 'subtypes' => $subtypes,
+ 'limit' => 1
+ );
+ $es = elgg_get_entities($options);
+ $entity = $es[0];
+ $value = rand(0, 9999);
+ $entity->annotate($name, $value);
+ $value = rand(0, 9999);
+ $entity->annotate($name, $value);
+
+ $options = array(
+ 'type' => 'object',
+ 'subtypes' => $subtypes,
+ 'annotation_name' => $name,
+ 'calculation' => 'count',
+ 'count' => true,
+ );
+ $count = (int)elgg_get_entities_from_annotation_calculation($options);
+ $this->assertEqual(1, $count);
+ }
+
public function testElggGetAnnotationsAnnotationNames() {
$options = array('annotation_names' => array());
$a_e_map = array();
View
@@ -1,14 +1,11 @@
# Elgg htaccess directives
-# Copyright Curverider Ltd 2008-2009
-# License http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
-# Link http://elgg.org/
<Files "htaccess_dist">
order allow,deny
deny from all
</Files>
-# Don't listing directory
+# Don't allow listing directories
Options -Indexes
# Follow symbolic links
@@ -17,13 +14,28 @@ Options +FollowSymLinks
# Default handler
DirectoryIndex index.php
-# Turn on expiry
+
+############################
+# BROWSER CACHING
+
+# The expires module controls the Expires and Cache-Control headers. Elgg sets
+# these for dynamically generated files so this is just for static files.
<IfModule mod_expires.c>
ExpiresActive On
- ExpiresDefault "access plus 10 years"
+ ExpiresDefault "access plus 1 year"
</IfModule>
-# php 5, apache 1 and 2
+# Conditional requests are controlled through Last-Modified and ETag headers.
+# Elgg sets these on dynamically generated cacheable files so this is just for
+# static files. Note: Apache sends Last-Modified by default on static files so
+# I don't think we need to be sending ETag for these files.
+<FilesMatch "\.(jpg|jpeg|gif|png|mp3|flv|mov|avi|3pg|html|htm|swf|js|css|ico)$">
+ FileETag MTime Size
+</FilesMatch>
+
+
+############################
+# PHP SETTINGS
<IfModule mod_php5.c>
# limit the maximum memory consumed by the php script to 64 MB
php_value memory_limit 64M
@@ -37,6 +49,10 @@ DirectoryIndex index.php
php_value display_errors 0
</IfModule>
+
+############################
+# COMPRESSION
+
# Turn on mod_gzip if available
<IfModule mod_gzip.c>
mod_gzip_on yes
@@ -75,13 +91,9 @@ DirectoryIndex index.php
</IfModule>
-# Configure ETags
-<FilesMatch "\.(jpg|jpeg|gif|png|mp3|flv|mov|avi|3pg|3gp|3g2|html|htm|swf|js|ico)$">
- FileETag MTime Size
-</FilesMatch>
-# Add Proper MIME-Type for Favicon to allow expires to work
-AddType image/vnd.microsoft.icon .ico
+############################
+# REWRITE RULES
<IfModule mod_rewrite.c>
View
@@ -1160,11 +1160,21 @@ protected function validateDatabaseVars($submissionVars, $formVars) {
foreach ($formVars as $field => $info) {
if ($info['required'] == TRUE && !$submissionVars[$field]) {
$name = elgg_echo("install:database:label:$field");
- register_error("$name is required");
+ register_error(elgg_echo('install:error:requiredfield', array($name)));
return FALSE;
}
}
+ // according to postgres documentation: SQL identifiers and key words must
+ // begin with a letter (a-z, but also letters with diacritical marks and
+ // non-Latin letters) or an underscore (_). Subsequent characters in an
+ // identifier or key word can be letters, underscores, digits (0-9), or dollar signs ($).
+ // Refs #4994
+ if (!preg_match("/^[a-zA-Z_][\w]*$/", $submissionVars['dbprefix'])) {
+ register_error(elgg_echo('install:error:database_prefix'));
+ return FALSE;
+ }
+
return $this->checkDatabaseSettings(
$submissionVars['dbuser'],
$submissionVars['dbpassword'],
View
@@ -124,14 +124,15 @@
'install:error:htaccess' => 'Unable to create an .htaccess',
'install:error:settings' => 'Unable to create the settings file',
'install:error:databasesettings' => 'Unable to connect to the database with these settings.',
+ 'install:error:database_prefix' => 'Invalid characters in database prefix',
'install:error:oldmysql' => 'MySQL must be version 5.0 or above. Your server is using %s.',
'install:error:nodatabase' => 'Unable to use database %s. It may not exist.',
'install:error:cannotloadtables' => 'Cannot load the database tables',
'install:error:tables_exist' => 'There are already Elgg tables in the database. You need to either drop those tables or restart the installer and we will attempt to use them. To restart the installer, remove \'?step=database\' from the URL in your browser\'s address bar and press Enter.',
'install:error:readsettingsphp' => 'Unable to read engine/settings.example.php',
'install:error:writesettingphp' => 'Unable to write engine/settings.php',
'install:error:requiredfield' => '%s is required',
- 'install:error:relative_path' => 'We don\'t think "%s" is an absoluate path for your data directory',
+ 'install:error:relative_path' => 'We don\'t think "%s" is an absolute path for your data directory',
'install:error:datadirectoryexists' => 'Your data directory %s does not exist.',
'install:error:writedatadirectory' => 'Your data directory %s is not writable by the web server.',
'install:error:locationdatadirectory' => 'Your data directory %s must be outside of your install path for security.',
View
@@ -101,7 +101,7 @@ elgg.security.addToken = function(data) {
elgg.security.init = function() {
// elgg.security.interval is set in the js/elgg PHP view.
- elgg.security.tokenRefreshTimer = setInterval(elgg.security.refreshToken, 60 * 1000);
+ elgg.security.tokenRefreshTimer = setInterval(elgg.security.refreshToken, elgg.security.interval);
};
elgg.register_hook_handler('boot', 'system', elgg.security.init);
@@ -158,6 +158,11 @@
if (($new_post || $old_status == 'draft') && $status == 'published') {
add_to_river('river/object/blog/create', 'create', $blog->owner_guid, $blog->getGUID());
+ // we only want notifications sent when post published
+ register_notification_object('object', 'blog', elgg_echo('blog:newpost'));
+ elgg_trigger_event('publish', 'object', $blog);
+
+ // reset the creation time for posts that move from draft to published
if ($guid) {
$blog->time_created = time();
$blog->save();
View
@@ -39,8 +39,8 @@ function blog_get_page_content_read($guid = NULL) {
elgg_push_breadcrumb($blog->title);
$return['content'] = elgg_view_entity($blog, array('full_view' => true));
- //check to see if comment are on
- if ($blog->comments_on != 'Off') {
+ // check to see if we should allow comments
+ if ($blog->comments_on != 'Off' && $blog->status == 'published') {
$return['content'] .= elgg_view_comments($blog);
}
View
@@ -41,8 +41,8 @@ function blog_init() {
// override the default url to view a blog object
elgg_register_entity_url_handler('object', 'blog', 'blog_url_handler');
- // notifications
- register_notification_object('object', 'blog', elgg_echo('blog:newpost'));
+ // notifications - need to register for unique event because of draft/published status
+ elgg_register_event_handler('publish', 'object', 'object_notifications');
elgg_register_plugin_hook_handler('notify:entity:message', 'object', 'blog_notify_message');
// add blog link to
@@ -9,10 +9,6 @@
.groups-profile > .elgg-image {
margin-right: 10px;
}
-.groups-profile-icon img {
- width: 100%;
- height: auto;
-}
.groups-stats {
background: #eeeeee;
padding: 5px;
Oops, something went wrong.

0 comments on commit 5c667e8

Please sign in to comment.