Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Merge branch '1.8'

Conflicts:
	engine/lib/actions.php
	htaccess_dist
	version.php
  • Loading branch information...
commit 5c667e8728d7dd58f081ef9d5940823d8338b593 2 parents 9d714fb + e9f710c
@cash cash authored
Showing with 214 additions and 45 deletions.
  1. +22 −3 CHANGES.txt
  2. +4 −0 actions/profile/edit.php
  3. +2 −0  actions/register.php
  4. +0 −1  engine/classes/Elgg/ActionsService.php
  5. +16 −0 engine/lib/annotations.php
  6. +9 −1 engine/lib/metadata.php
  7. +0 −5 engine/lib/metastrings.php
  8. +2 −2 engine/lib/relationships.php
  9. +3 −0  engine/lib/upgrade.php
  10. +26 −0 engine/lib/upgrades/2013030600-1.8.13-update_user_location-8999eb8bf1bdd9a3.php
  11. +30 −0 engine/tests/ElggCoreEntityGetterFunctionsTest.php
  12. +25 −13 htaccess_dist
  13. +11 −1 install/ElggInstaller.php
  14. +2 −1  install/languages/en.php
  15. +1 −1  js/lib/security.js
  16. +5 −0 mod/blog/actions/blog/save.php
  17. +2 −2 mod/blog/lib/blog.php
  18. +2 −2 mod/blog/start.php
  19. +0 −4 mod/groups/views/default/groups/css.php
  20. +8 −1 mod/groups/views/default/groups/profile/summary.php
  21. +6 −0 mod/profile/views/default/profile/details.php
  22. +2 −2 version.php
  23. +4 −0 views/default/css/admin.php
  24. +4 −0 views/default/css/elements/forms.php
  25. +24 −6 views/default/icon/default.php
  26. +1 −0  views/default/output/tag.php
  27. +2 −0  views/default/output/tagcloud.php
  28. +1 −0  views/default/output/tags.php
View
25 CHANGES.txt
@@ -1,14 +1,33 @@
Version 1.8.14
-(X xx, 2013 from https://github.com/Elgg/Elgg/tree/1.8)
+(March 12, 2013 from https://github.com/Elgg/Elgg/tree/1.8)
Contributing Developers:
+ * Aday Talavera
+ * Brett Profitt
+ * Cash Costello
+ * Ed Lyons
+ * German Bortoli
+ * Hellekin Wolf
+ * iionly
+ * Jerome Bakker
* Luciano Lima
+ * Matt Beckett
* Paweł Sroka
+ * Sem
+ * Steve Clay
+
+ Security Fixes:
+ * Fixed bug that exposed subject lines of messages in inbox
+ * Added requirement for CSRF token for login
Bugfixes:
- *
+ * Strip html tags from tag input
+ * Fixed several display issues for IE7
+ * Fixed several issues with blog drafts
+ * Fixed repeated token timeout errors
+ * Fixed JavaScript localization for non-English languages
Enhancements:
- * Web services fall back to xml if the viewtype is invalid
+ * Web services fall back to json if the viewtype is invalid
Version 1.8.13
View
4 actions/profile/edit.php
@@ -48,6 +48,10 @@ function profile_array_decoder(&$v) {
forward(REFERER);
}
+ if ($valuetype == 'url' && !preg_match('~^https?\://~i', $value)) {
+ $value = "http://$value";
+ }
+
if ($valuetype == 'tags') {
$value = string_to_tag_array($value);
}
View
2  actions/register.php
@@ -45,7 +45,9 @@
// @todo should registration be allowed no matter what the plugins return?
if (!elgg_trigger_plugin_hook('register', 'user', $params, TRUE)) {
+ $ia = elgg_set_ignore_access(true);
$new_user->delete();
+ elgg_set_ignore_access($ia);
// @todo this is a generic messages. We could have plugins
// throw a RegistrationException, but that is very odd
// for the plugin hooks system.
View
1  engine/classes/Elgg/ActionsService.php
@@ -32,7 +32,6 @@ public function execute($action, $forwarder = "") {
$exceptions = array(
'admin/plugins/disable',
'logout',
- 'login',
'file/download',
);
View
16 engine/lib/annotations.php
@@ -200,6 +200,18 @@ function update_annotation($annotation_id, $name, $value, $value_type, $owner_gu
* @since 1.8.0
*/
function elgg_get_annotations(array $options = array()) {
+
+ // @todo remove support for count shortcut - see #4393
+ if (isset($options['__egefac']) && $options['__egefac']) {
+ unset($options['__egefac']);
+ } else {
+ // support shortcut of 'count' => true for 'annotation_calculation' => 'count'
+ if (isset($options['count']) && $options['count']) {
+ $options['annotation_calculation'] = 'count';
+ unset($options['count']);
+ }
+ }
+
$options['metastring_type'] = 'annotations';
return elgg_get_metastring_based_objects($options);
}
@@ -425,6 +437,10 @@ function elgg_get_entities_from_annotation_calculation($options) {
$options['callback'] = 'entity_row_to_elggstar';
+ // see #4393
+ // @todo remove after the 'count' shortcut is removed from elgg_get_annotations()
+ $options['__egefac'] = true;
+
return elgg_get_annotations($options);
}
View
10 engine/lib/metadata.php
@@ -281,6 +281,14 @@ function create_metadata_from_array($entity_guid, array $name_and_values, $value
* @since 1.8.0
*/
function elgg_get_metadata(array $options = array()) {
+
+ // @todo remove support for count shortcut - see #4393
+ // support shortcut of 'count' => true for 'metadata_calculation' => 'count'
+ if (isset($options['count']) && $options['count']) {
+ $options['metadata_calculation'] = 'count';
+ unset($options['count']);
+ }
+
$options['metastring_type'] = 'metadata';
return elgg_get_metastring_based_objects($options);
}
@@ -774,10 +782,10 @@ function string_to_tag_array($string) {
$ar = explode(",", $string);
$ar = array_map('trim', $ar);
$ar = array_filter($ar, 'is_not_null');
+ $ar = array_map('strip_tags', $ar);
return $ar;
}
return false;
-
}
/**
View
5 engine/lib/metastrings.php
@@ -389,11 +389,6 @@ function elgg_get_metastring_based_objects($options) {
$selects = $options['selects'];
- // allow count shortcut
- if ($options['count']) {
- $options['metastring_calculation'] = 'count';
- }
-
// For performance reasons we don't want the joins required for metadata / annotations
// unless we're going through one of their callbacks.
// this means we expect the functions passing different callbacks to pass their required joins.
View
4 engine/lib/relationships.php
@@ -109,7 +109,7 @@ function add_entity_relationship($guid_one, $relationship, $guid_two) {
* @param string $relationship The type of relationship
* @param int $guid_two The GUID of the entity the relationship is with
*
- * @return object|false Depending on success
+ * @return ElggRelationship|false Depending on success
*/
function check_entity_relationship($guid_one, $relationship, $guid_two) {
global $CONFIG;
@@ -123,7 +123,7 @@ function check_entity_relationship($guid_one, $relationship, $guid_two) {
AND relationship='$relationship'
AND guid_two=$guid_two limit 1";
- $row = get_data_row($query);
+ $row = row_to_elggrelationship(get_data_row($query));
if ($row) {
return $row;
}
View
3  engine/lib/upgrade.php
@@ -17,6 +17,9 @@
* @access private
*/
function upgrade_code($version, $quiet = FALSE) {
+ // do not remove - upgrade scripts depend on this
+ global $CONFIG;
+
$version = (int) $version;
$upgrade_path = elgg_get_config('path') . 'engine/lib/upgrades/';
$processed_upgrades = elgg_get_processed_upgrades();
View
26 engine/lib/upgrades/2013030600-1.8.13-update_user_location-8999eb8bf1bdd9a3.php
@@ -0,0 +1,26 @@
+<?php
+/**
+ * Elgg 1.8.14 upgrade 2013030600
+ * update_user_location
+ *
+ * Before Elgg 1.8, a location like "London, England" would be stored as an array.
+ * This script turns that back into a string.
+ */
+
+global $DB_QUERY_CACHE;
+
+$ia = elgg_set_ignore_access(true);
+$options = array(
+ 'type' => 'user',
+ 'limit' => 0,
+);
+$batch = new ElggBatch('elgg_get_entities', $options);
+
+foreach ($batch as $entity) {
+ $DB_QUERY_CACHE = array();
+
+ if (is_array($entity->location)) {
+ $entity->location = implode(', ', $entity->location);
+ }
+}
+elgg_set_ignore_access($ia);
View
30 engine/tests/ElggCoreEntityGetterFunctionsTest.php
@@ -2729,6 +2729,36 @@ public function testElggGetEntitiesFromAnnotationsCalculateX() {
}
}
+ public function testElggGetEntitiesFromAnnotationCalculationCount() {
+ // add two annotations with a unique name to an entity
+ // then count the number of entities with that annotation name
+
+ $subtypes = $this->getRandomValidSubtypes(array('object'), 1);
+ $name = 'test_annotation_' . rand(0, 9999);
+ $values = array();
+ $options = array(
+ 'type' => 'object',
+ 'subtypes' => $subtypes,
+ 'limit' => 1
+ );
+ $es = elgg_get_entities($options);
+ $entity = $es[0];
+ $value = rand(0, 9999);
+ $entity->annotate($name, $value);
+ $value = rand(0, 9999);
+ $entity->annotate($name, $value);
+
+ $options = array(
+ 'type' => 'object',
+ 'subtypes' => $subtypes,
+ 'annotation_name' => $name,
+ 'calculation' => 'count',
+ 'count' => true,
+ );
+ $count = (int)elgg_get_entities_from_annotation_calculation($options);
+ $this->assertEqual(1, $count);
+ }
+
public function testElggGetAnnotationsAnnotationNames() {
$options = array('annotation_names' => array());
$a_e_map = array();
View
38 htaccess_dist
@@ -1,14 +1,11 @@
# Elgg htaccess directives
-# Copyright Curverider Ltd 2008-2009
-# License http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
-# Link http://elgg.org/
<Files "htaccess_dist">
order allow,deny
deny from all
</Files>
-# Don't listing directory
+# Don't allow listing directories
Options -Indexes
# Follow symbolic links
@@ -17,13 +14,28 @@ Options +FollowSymLinks
# Default handler
DirectoryIndex index.php
-# Turn on expiry
+
+############################
+# BROWSER CACHING
+
+# The expires module controls the Expires and Cache-Control headers. Elgg sets
+# these for dynamically generated files so this is just for static files.
<IfModule mod_expires.c>
ExpiresActive On
- ExpiresDefault "access plus 10 years"
+ ExpiresDefault "access plus 1 year"
</IfModule>
-# php 5, apache 1 and 2
+# Conditional requests are controlled through Last-Modified and ETag headers.
+# Elgg sets these on dynamically generated cacheable files so this is just for
+# static files. Note: Apache sends Last-Modified by default on static files so
+# I don't think we need to be sending ETag for these files.
+<FilesMatch "\.(jpg|jpeg|gif|png|mp3|flv|mov|avi|3pg|html|htm|swf|js|css|ico)$">
+ FileETag MTime Size
+</FilesMatch>
+
+
+############################
+# PHP SETTINGS
<IfModule mod_php5.c>
# limit the maximum memory consumed by the php script to 64 MB
php_value memory_limit 64M
@@ -37,6 +49,10 @@ DirectoryIndex index.php
php_value display_errors 0
</IfModule>
+
+############################
+# COMPRESSION
+
# Turn on mod_gzip if available
<IfModule mod_gzip.c>
mod_gzip_on yes
@@ -75,13 +91,9 @@ DirectoryIndex index.php
</IfModule>
-# Configure ETags
-<FilesMatch "\.(jpg|jpeg|gif|png|mp3|flv|mov|avi|3pg|3gp|3g2|html|htm|swf|js|ico)$">
- FileETag MTime Size
-</FilesMatch>
-# Add Proper MIME-Type for Favicon to allow expires to work
-AddType image/vnd.microsoft.icon .ico
+############################
+# REWRITE RULES
<IfModule mod_rewrite.c>
View
12 install/ElggInstaller.php
@@ -1160,11 +1160,21 @@ protected function validateDatabaseVars($submissionVars, $formVars) {
foreach ($formVars as $field => $info) {
if ($info['required'] == TRUE && !$submissionVars[$field]) {
$name = elgg_echo("install:database:label:$field");
- register_error("$name is required");
+ register_error(elgg_echo('install:error:requiredfield', array($name)));
return FALSE;
}
}
+ // according to postgres documentation: SQL identifiers and key words must
+ // begin with a letter (a-z, but also letters with diacritical marks and
+ // non-Latin letters) or an underscore (_). Subsequent characters in an
+ // identifier or key word can be letters, underscores, digits (0-9), or dollar signs ($).
+ // Refs #4994
+ if (!preg_match("/^[a-zA-Z_][\w]*$/", $submissionVars['dbprefix'])) {
+ register_error(elgg_echo('install:error:database_prefix'));
+ return FALSE;
+ }
+
return $this->checkDatabaseSettings(
$submissionVars['dbuser'],
$submissionVars['dbpassword'],
View
3  install/languages/en.php
@@ -124,6 +124,7 @@
'install:error:htaccess' => 'Unable to create an .htaccess',
'install:error:settings' => 'Unable to create the settings file',
'install:error:databasesettings' => 'Unable to connect to the database with these settings.',
+ 'install:error:database_prefix' => 'Invalid characters in database prefix',
'install:error:oldmysql' => 'MySQL must be version 5.0 or above. Your server is using %s.',
'install:error:nodatabase' => 'Unable to use database %s. It may not exist.',
'install:error:cannotloadtables' => 'Cannot load the database tables',
@@ -131,7 +132,7 @@
'install:error:readsettingsphp' => 'Unable to read engine/settings.example.php',
'install:error:writesettingphp' => 'Unable to write engine/settings.php',
'install:error:requiredfield' => '%s is required',
- 'install:error:relative_path' => 'We don\'t think "%s" is an absoluate path for your data directory',
+ 'install:error:relative_path' => 'We don\'t think "%s" is an absolute path for your data directory',
'install:error:datadirectoryexists' => 'Your data directory %s does not exist.',
'install:error:writedatadirectory' => 'Your data directory %s is not writable by the web server.',
'install:error:locationdatadirectory' => 'Your data directory %s must be outside of your install path for security.',
View
2  js/lib/security.js
@@ -101,7 +101,7 @@ elgg.security.addToken = function(data) {
elgg.security.init = function() {
// elgg.security.interval is set in the js/elgg PHP view.
- elgg.security.tokenRefreshTimer = setInterval(elgg.security.refreshToken, 60 * 1000);
+ elgg.security.tokenRefreshTimer = setInterval(elgg.security.refreshToken, elgg.security.interval);
};
elgg.register_hook_handler('boot', 'system', elgg.security.init);
View
5 mod/blog/actions/blog/save.php
@@ -158,6 +158,11 @@
if (($new_post || $old_status == 'draft') && $status == 'published') {
add_to_river('river/object/blog/create', 'create', $blog->owner_guid, $blog->getGUID());
+ // we only want notifications sent when post published
+ register_notification_object('object', 'blog', elgg_echo('blog:newpost'));
+ elgg_trigger_event('publish', 'object', $blog);
+
+ // reset the creation time for posts that move from draft to published
if ($guid) {
$blog->time_created = time();
$blog->save();
View
4 mod/blog/lib/blog.php
@@ -39,8 +39,8 @@ function blog_get_page_content_read($guid = NULL) {
elgg_push_breadcrumb($blog->title);
$return['content'] = elgg_view_entity($blog, array('full_view' => true));
- //check to see if comment are on
- if ($blog->comments_on != 'Off') {
+ // check to see if we should allow comments
+ if ($blog->comments_on != 'Off' && $blog->status == 'published') {
$return['content'] .= elgg_view_comments($blog);
}
View
4 mod/blog/start.php
@@ -41,8 +41,8 @@ function blog_init() {
// override the default url to view a blog object
elgg_register_entity_url_handler('object', 'blog', 'blog_url_handler');
- // notifications
- register_notification_object('object', 'blog', elgg_echo('blog:newpost'));
+ // notifications - need to register for unique event because of draft/published status
+ elgg_register_event_handler('publish', 'object', 'object_notifications');
elgg_register_plugin_hook_handler('notify:entity:message', 'object', 'blog_notify_message');
// add blog link to
View
4 mod/groups/views/default/groups/css.php
@@ -9,10 +9,6 @@
.groups-profile > .elgg-image {
margin-right: 10px;
}
-.groups-profile-icon img {
- width: 100%;
- height: auto;
-}
.groups-stats {
background: #eeeeee;
padding: 5px;
View
9 mod/groups/views/default/groups/profile/summary.php
@@ -25,7 +25,14 @@
<div class="groups-profile clearfix elgg-image-block">
<div class="elgg-image">
<div class="groups-profile-icon">
- <?php echo elgg_view_entity_icon($group, 'large', array('href' => '')); ?>
+ <?php
+ // we don't force icons to be square so don't set width/height
+ echo elgg_view_entity_icon($group, 'large', array(
+ 'href' => '',
+ 'width' => '',
+ 'height' => '',
+ ));
+ ?>
</div>
<div class="groups-stats">
<p>
View
6 mod/profile/views/default/profile/details.php
@@ -21,6 +21,12 @@
continue;
}
$value = $user->$shortname;
+
+ // validate urls
+ if ($valtype == 'url' && !preg_match('~^https?\://~i', $value)) {
+ $value = "http://$value";
+ }
+
if (!empty($value)) {
//This function controls the alternating class
$even_odd = ( 'odd' != $even_odd ) ? 'odd' : 'even';
View
4 version.php
@@ -5,13 +5,13 @@
* This is compared against the values stored in the database to determine
* whether upgrades should be performed.
*
- * @package Elgg
+ * @package Elgg
* @subpackage Core
*/
// YYYYMMDD = Elgg Date
// XX = Interim incrementer
-$version = 2013022000;
+$version = 2013030600;
// Human-friendly version name
$release = '1.9.0-dev';
View
4 views/default/css/admin.php
@@ -627,6 +627,10 @@
text-decoration: none;
color: #4690D6;
}
+.ui-autocomplete a.ui-state-hover {
+ background-color: #eee;
+ display: block;
+}
/* ***************************************
USER PICKER
View
4 views/default/css/elements/forms.php
@@ -242,6 +242,10 @@
text-decoration: none;
color: #4690D6;
}
+.ui-autocomplete a.ui-state-hover {
+ background-color: #eee;
+ display: block;
+}
/* ***************************************
USER PICKER
View
30 views/default/icon/default.php
@@ -37,13 +37,31 @@
$icon_sizes = elgg_get_config('icon_sizes');
$size = $vars['size'];
-$img = elgg_view('output/img', array(
+if (!isset($vars['width'])) {
+ $vars['width'] = $size != 'master' ? $icon_sizes[$size]['w'] : null;
+}
+if (!isset($vars['height'])) {
+ $vars['height'] = $size != 'master' ? $icon_sizes[$size]['h'] : null;
+}
+
+$img_params = array(
'src' => $entity->getIconURL($vars['size']),
- 'alt' => $title,
- 'class' => $class,
- 'width' => $size != 'master' ? $icon_sizes[$size]['w'] : NULL,
- 'height' => $size != 'master' ? $icon_sizes[$size]['h'] : NULL,
-));
+ 'alt' => $title,
+);
+
+if (!empty($class)) {
+ $img_params['class'] = $class;
+}
+
+if (!empty($vars['width'])) {
+ $img_params['width'] = $vars['width'];
+}
+
+if (!empty($vars['height'])) {
+ $img_params['height'] = $vars['height'];
+}
+
+$img = elgg_view('output/img', $img_params);
if ($url) {
$params = array(
View
1  views/default/output/tag.php
@@ -20,6 +20,7 @@
}
if (isset($vars['value'])) {
+ $vars['value'] = htmlspecialchars($vars['value'], ENT_QUOTES, 'UTF-8', false);
if (!empty($vars['type'])) {
$type = "&type={$vars['type']}";
} else {
View
2  views/default/output/tagcloud.php
@@ -39,6 +39,8 @@
$cloud = '';
foreach ($vars['tagcloud'] as $tag) {
+ $tag->tag = htmlspecialchars($tag->tag, ENT_QUOTES, 'UTF-8', false);
+
if ($cloud != '') {
$cloud .= ', ';
}
View
1  views/default/output/tags.php
@@ -55,6 +55,7 @@
$list_items = '<li>' . elgg_view_icon('tag', $icon_class) . '</li>';
foreach($vars['tags'] as $tag) {
+ $tag = htmlspecialchars($tag, ENT_QUOTES, 'UTF-8', false);
if (!empty($vars['type'])) {
$type = "&type={$vars['type']}";
} else {
Please sign in to comment.
Something went wrong with that request. Please try again.