Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

sorry! please ignore this ! #1423

Closed
wants to merge 46 commits into from

5 participants

@chuck911

I was trying to push the merge to 2.0.18

@422

Works perfectly Todd thanks

linc and others added some commits
@linc linc Revert change that broke embed's force redirect: "Added return for em…
…bed's local.js when it isn't in an iFrame."

This reverts commit 4720d55.
75ccf6c
@linc linc Embed: Better place to end execution of local.js e3146b3
@linc linc Merge branch '2.0.18' of github.com:vanillaforums/Garden into 2.0.18 4576e45
@tburry tburry Fixed bug where SSO would not work with non-English translations. 54734ae
@tburry tburry Merge branch '2.0.18' of github.com:vanillaforums/Garden into 2.0.18 6d6bbb9
@tburry tburry Added code to help with win7 servers that do not allow renaming over …
…an existing file.
c6c6f44
@kaecyra kaecyra Fix checkcolumn for jQuery 1.6. dced1b0
@tburry tburry Replace periods with dashes in Gdn_Format::Url(). 5710a2b
@linc linc Importer: vBulletin only needs the Photo field 1f980f2
@linc linc vB import: Support ProfileExtender for seamless transition 1902637
@linc linc Fixes vBulletin import to use new profile custom prefix 81097e6
@linc linc Merge branch '2.0.18' of github.com:vanillaforums/Garden into 2.0.18 06c885d
@tburry tburry Fixed misformed options array in entry/connect. af1e6b4
@tburry tburry Merge branch '2.0.18' of github.com:vanillaforums/Garden into 2.0.18 2b129f9
@kaecyra kaecyra Pass the real folder name to autoloader instead of app name 53e7b0f
@tburry tburry Fixed bug where Gravatar was using name instead of email for vanillic…
…ons.
2036566
@linc linc Version 2.0.18.2 ee1b2eb
@linc linc Flagging: Fix XSS vulnerability, closes #1311 016bf7c
@linc linc Version 2.0.18.3 eabbf59
@tburry tburry Fixed canonical url bug when looking at a category. c0f7b7b
@tburry tburry Fixed canonical url in /categories/*. e5232d3
@tburry tburry Partially fix #1330 by checking the format field on models. 8874708
@tburry tburry Version 2.0.18.4. 23f6425
@tburry tburry Added joomla password hashing.
Conflicts:

	library/core/class.passwordhash.php
0a201ca
@tburry tburry Fixed security hole where on profile/picture and profile/preferences.
Allow moderators to change users' pictures from the profile page.
Conflicts:

	applications/dashboard/controllers/class.profilecontroller.php
	applications/dashboard/views/modules/userphoto.php
de1f257
@tburry tburry Added Gdn_Model->FilterForm() to help prevent user from posting unaut…
…horized database values.
53e119c
@tburry tburry Filter activity, discussion, and comment forms.
Conflicts:

	applications/dashboard/controllers/class.activitycontroller.php
cd84c47
@tburry tburry Add the proper username parameter to profile/edit. 02a6eb6
@tburry tburry Version 2.0.18.5. e70a54b
@tburry tburry Fixed baaad merge. c3d4d58
@chuck911 chuck911 check preference according to the type
obvious bug! when $type==Popup,still check 'Preferences.Email.*'?
6f2d317
@chuck911 chuck911 closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Nov 1, 2011
  1. @linc

    Increment to RC3

    linc authored
Commits on Nov 3, 2011
  1. @linc

    Increment to 2.0.18 stable

    linc authored
Commits on Nov 4, 2011
  1. @tburry

    Fixed jQuery syntax errors.

    tburry authored
  2. @tburry

    Merge branch '2.0.18' of github.com:vanillaforums/Garden into 2.0.18

    tburry authored
    licts:
    
    	applications/vanilla/models/class.categorymodel.php
  3. @linc
Commits on Nov 5, 2011
  1. @linc
Commits on Nov 6, 2011
  1. @tburry

    Added a default translation to activity emails so people with custom …

    tburry authored
    …domains don't see strange text.
  2. @tburry
Commits on Nov 7, 2011
  1. @tburry

    Prevent too many photo changed activities.

    tburry authored
    Remove deprecated call to UserModel->Get().
  2. @tburry

    Fixed some bugs with connecting.

    tburry authored
    Conflicts:
    
    	applications/dashboard/js/entry.js
  3. @tburry
Commits on Nov 8, 2011
  1. @linc

    Version to 2.0.18.1

    linc authored
Commits on Nov 9, 2011
  1. @linc
Commits on Nov 10, 2011
  1. @tburry

    Fixes #1213.

    tburry authored
    Remove tag module from within a discussion.
    Conflicts:
    
    	plugins/Tagging/class.tagging.plugin.php
  2. @tburry

    Tagging plugin 1.1p1.

    tburry authored
Commits on Nov 13, 2011
  1. @linc

    Revert change that broke embed's force redirect: "Added return for em…

    linc authored
    …bed's local.js when it isn't in an iFrame."
    
    This reverts commit 4720d55.
  2. @linc
Commits on Nov 14, 2011
  1. @linc
Commits on Nov 27, 2011
  1. @tburry
  2. @tburry
Commits on Nov 30, 2011
  1. @tburry
Commits on Dec 2, 2011
  1. @kaecyra @tburry

    Fix checkcolumn for jQuery 1.6.

    kaecyra authored tburry committed
  2. @tburry
Commits on Dec 5, 2011
  1. @linc
  2. @linc
  3. @linc
  4. @linc
Commits on Dec 6, 2011
  1. @tburry
  2. @tburry
Commits on Dec 21, 2011
  1. @kaecyra @tburry

    Pass the real folder name to autoloader instead of app name

    kaecyra authored tburry committed
Commits on Dec 22, 2011
  1. @tburry
Commits on Jan 21, 2012
  1. @linc

    Version 2.0.18.2

    linc authored
Commits on Mar 5, 2012
  1. @linc
  2. @linc

    Version 2.0.18.3

    linc authored
Commits on Mar 16, 2012
  1. @tburry
  2. @tburry
Commits on Mar 26, 2012
  1. @tburry
  2. @tburry

    Version 2.0.18.4.

    tburry authored
Commits on Apr 3, 2012
  1. @tburry

    Added joomla password hashing.

    tburry authored
    Conflicts:
    
    	library/core/class.passwordhash.php
Commits on Apr 11, 2012
  1. @tburry

    Fixed security hole where on profile/picture and profile/preferences.

    tburry authored
    Allow moderators to change users' pictures from the profile page.
    Conflicts:
    
    	applications/dashboard/controllers/class.profilecontroller.php
    	applications/dashboard/views/modules/userphoto.php
  2. @tburry

    Added Gdn_Model->FilterForm() to help prevent user from posting unaut…

    tburry authored
    …horized database values.
  3. @tburry

    Filter activity, discussion, and comment forms.

    tburry authored
    Conflicts:
    
    	applications/dashboard/controllers/class.activitycontroller.php
  4. @tburry
  5. @tburry

    Version 2.0.18.5.

    tburry authored
Commits on Apr 24, 2012
  1. @tburry

    Fixed baaad merge.

    tburry authored
Commits on Aug 22, 2012
  1. @chuck911

    check preference according to the type

    chuck911 authored
    obvious bug! when $type==Popup,still check 'Preferences.Email.*'?
This page is out of date. Refresh to see the latest.
Showing with 234 additions and 123 deletions.
  1. +1 −1  applications/dashboard/controllers/class.activitycontroller.php
  2. +10 −4 applications/dashboard/controllers/class.entrycontroller.php
  3. +18 −14 applications/dashboard/controllers/class.profilecontroller.php
  4. +6 −6 applications/dashboard/js/entry.js
  5. +2 −0  applications/dashboard/locale/en-CA/definitions.php
  6. +11 −13 applications/dashboard/models/class.activitymodel.php
  7. +39 −13 applications/dashboard/models/class.usermodel.php
  8. +19 −1 applications/dashboard/models/class.vbulletinimportmodel.php
  9. +3 −1 applications/dashboard/views/setup/index.php
  10. +1 −1  applications/dashboard/views/setup/prerequisites.php
  11. +2 −2 applications/dashboard/views/user/applicants.php
  12. +3 −5 applications/vanilla/controllers/class.categoriescontroller.php
  13. +2 −0  applications/vanilla/controllers/class.postcontroller.php
  14. +10 −2 applications/vanilla/models/class.discussionmodel.php
  15. +1 −1  index.php
  16. +51 −43 js/library/jquery.gardencheckcolumn.js
  17. +1 −1  library/core/class.applicationmanager.php
  18. +9 −1 library/core/class.configuration.php
  19. +3 −1 library/core/class.form.php
  20. +6 −4 library/core/class.format.php
  21. +10 −0 library/core/class.model.php
  22. +7 −0 library/core/class.passwordhash.php
  23. +5 −0 library/core/class.validation.php
  24. +6 −0 library/core/functions.validation.php
  25. +2 −2 plugins/Flagging/views/flagging.php
  26. +1 −1  plugins/Gravatar/default.php
  27. +2 −2 plugins/Tagging/class.tagging.plugin.php
  28. +2 −1  plugins/Twitter/class.twitter.plugin.php
  29. +1 −3 plugins/embedvanilla/local.js
View
2  applications/dashboard/controllers/class.activitycontroller.php
@@ -253,5 +253,5 @@ public function Comment() {
// And render
$this->Render();
- }
+ }
}
View
14 applications/dashboard/controllers/class.entrycontroller.php
@@ -280,7 +280,7 @@ public function Auth($AuthenticationSchemeAlias = 'default') {
public function Connect($Method) {
$this->AddJsFile('entry.js');
$this->View = 'connect';
- $IsPostBack = $this->Form->IsPostBack() && $this->Form->GetFormValue('Connect') == 'Connect';
+ $IsPostBack = $this->Form->IsPostBack() && $this->Form->GetFormValue('Connect', NULL) !== NULL;
if (!$IsPostBack) {
// Here are the initial data array values. that can be set by a plugin.
@@ -338,8 +338,15 @@ public function Connect($Method) {
// The user is already connected.
$this->Form->SetFormValue('UserID', $UserID);
+ $User = Gdn::UserModel()->GetID($UserID, DATASET_TYPE_ARRAY);
$Data = $this->Form->FormValues();
+ // Don't overwrite the user photo if the user uploaded a new one.
+ $Photo = GetValue('Photo', $User);
+ if (GetValue('Photo', $Data) && $Photo && !StringBeginsWith($Photo, 'http')) {
+ unset($Data['Photo']);
+ }
+
// Synchronize the user's data.
$UserModel->Save($Data, array('NoConfirmEmail' => TRUE));
@@ -399,7 +406,7 @@ public function Connect($Method) {
$ExistingUsers);
}
- if (!isset($NameFound)) {
+ if (!isset($NameFound) && !$IsPostBack) {
$this->Form->SetFormValue('ConnectName', $this->Form->GetFormValue('Name'));
}
@@ -499,8 +506,7 @@ public function Connect($Method) {
$User['Name'] = $User['ConnectName'];
$User['Password'] = RandomString(50); // some password is required
$User['HashMethod'] = 'Random';
-
- $UserID = $UserModel->Register($User, array('CheckCaptcha' => FALSE));
+ $UserID = $UserModel->Register($User, array('CheckCaptcha' => FALSE, 'NoConfirmEmail' => TRUE));
$User['UserID'] = $UserID;
$this->Form->SetValidationResults($UserModel->ValidationResults());
View
32 applications/dashboard/controllers/class.profilecontroller.php
@@ -257,16 +257,14 @@ public function Count($Column, $UserID = FALSE) {
* @access public
* @param mixed $UserReference Username or User ID.
*/
- public function Edit($UserReference = '') {
+ public function Edit($UserReference = '', $Username = '') {
$this->Permission('Garden.SignIn.Allow');
- $this->GetUserInfo($UserReference);
+ $this->GetUserInfo($UserReference, $Username, '', TRUE);
$Session = Gdn::Session();
- if ($Session->UserID != $this->User->UserID)
- $this->Permission('Garden.Users.Edit');
// Decide if they have ability to edit the username
$this->CanEditUsername = Gdn::Config("Garden.Profile.EditUsernames");
- $this->CanEditUsername = $this->CanEditUsername | $Session->CheckPermission('Garden.Users.Edit');
+ $this->CanEditUsername = $this->CanEditUsername || $Session->CheckPermission('Garden.Users.Edit');
$UserModel = Gdn::UserModel();
$User = $UserModel->GetID($this->User->UserID);
@@ -431,6 +429,7 @@ public function Password() {
// Get user data and set up form
$this->GetUserInfo();
+
$this->Form->SetModel($this->UserModel);
$this->Form->AddHidden('UserID', $this->User->UserID);
@@ -463,7 +462,7 @@ public function Password() {
* @param mixed $UserReference Unique identifier, possible username or ID.
* @param string $Username.
*/
- public function Picture($UserReference = '', $Username = '') {
+ public function Picture($UserReference = '', $Username = '', $UserID = '') {
// Permission checks
$this->Permission('Garden.Profiles.Edit');
$Session = Gdn::Session();
@@ -482,8 +481,9 @@ public function Picture($UserReference = '', $Username = '') {
throw new Exception(sprintf(T("Unable to detect PHP GD installed on this system. Vanilla requires GD version 2 or better.")));
}
- // Get user data & prep form
- $this->GetUserInfo($UserReference, $Username);
+ // Get user data & prep form.
+ $this->GetUserInfo($UserReference, $Username, $UserID, TRUE);
+
$this->Form->SetModel($this->UserModel);
$this->Form->AddHidden('UserID', $this->User->UserID);
@@ -534,7 +534,7 @@ public function Picture($UserReference = '', $Username = '') {
}
// If there were no errors, associate the image with the user
if ($this->Form->ErrorCount() == 0) {
- if (!$this->UserModel->Save(array('UserID' => $this->User->UserID, 'Photo' => $UserPhoto)))
+ if (!$this->UserModel->Save(array('UserID' => $this->User->UserID, 'Photo' => $UserPhoto), array('CheckExisting' => TRUE)))
$this->Form->SetValidationResults($this->UserModel->ValidationResults());
}
// If there were no problems, redirect back to the user account
@@ -561,7 +561,7 @@ public function Preferences($UserReference = '', $Username = '', $UserID = '') {
$this->Permission('Garden.SignIn.Allow');
// Get user data
- $this->GetUserInfo($UserReference, $Username, $UserID);
+ $this->GetUserInfo($UserReference, $Username, $UserID, TRUE);
$UserPrefs = Gdn_Format::Unserialize($this->User->Preferences);
if (!is_array($UserPrefs))
$UserPrefs = array();
@@ -676,7 +676,7 @@ public function RemovePicture($UserReference = '', $Username = '', $TransientKey
$this->Form->AddError('You must be authenticated in order to use this form.');
// Get user data & another permission check
- $this->GetUserInfo($UserReference, $Username);
+ $this->GetUserInfo($UserReference, $Username, '', TRUE);
$RedirectUrl = 'dashboard/profile/'.$this->ProfileUrl();
if ($Session->ValidateTransientKey($TransientKey)
&& is_object($this->User)
@@ -747,7 +747,7 @@ public function Thumbnail($UserReference = '', $Username = '') {
$this->AddJsFile('jquery.jcrop.pack.js');
$this->AddJsFile('profile.js');
- $this->GetUserInfo($UserReference, $Username);
+ $this->GetUserInfo($UserReference, $Username, '', TRUE);
// Permission check (correct user)
if ($this->User->UserID != $Session->UserID && !$Session->CheckPermission('Garden.Users.Edit'))
@@ -1042,14 +1042,15 @@ public function Get($UserID = FALSE) {
* @param mixed $UserReference Unique identifier, possibly username or ID.
* @param string $Username.
* @param int $UserID Unique ID.
+ * @param bool $CheckPermissions Whether or not to check user permissions.
* @return bool Always true.
*/
- public function GetUserInfo($UserReference = '', $Username = '', $UserID = '') {
+ public function GetUserInfo($UserReference = '', $Username = '', $UserID = '', $CheckPermissions = FALSE) {
if ($this->_UserInfoRetrieved)
return;
if (!C('Garden.Profile.Public') && !Gdn::Session()->IsValid())
- Redirect('dashboard/home/permission');
+ throw PermissionException();
// If a UserID was provided as a querystring parameter, use it over anything else:
if ($UserID) {
@@ -1079,6 +1080,9 @@ public function GetUserInfo($UserReference = '', $Username = '', $UserID = '') {
$this->SetData('UserRoles', $this->Roles);
}
+ if ($CheckPermissions && Gdn::Session()->UserID != $this->User->UserID)
+ $this->Permission('Garden.Users.Edit');
+
// Make sure the userphoto module gets added to the page
$UserPhotoModule = new UserPhotoModule($this);
$UserPhotoModule->User = $this->User;
View
12 applications/dashboard/js/entry.js
@@ -1,7 +1,7 @@
// This file contains javascript that is specific to the dashboard/entry controller.
jQuery(document).ready(function($) {
// Check to see if the selected email is valid
- $('#Register input[name=User/Email], body.register input[name=User/Email]').blur(function() {
+ $('#Register input[name$=Email], body.register input[name$=Email]').blur(function() {
var email = $(this).val();
if (email != '') {
var checkUrl = gdn.url('/dashboard/user/emailavailable/'+encodeURIComponent(email)+'/x');
@@ -23,7 +23,7 @@ jQuery(document).ready(function($) {
});
// Check to see if the selected username is valid
- $('#Register input[name=User/Name], body.register input[name=User/Name]').blur(function() {
+ $('#Register input[name$=Name], body.register input[name$=Name]').blur(function() {
var name = $(this).val();
if (name != '') {
var checkUrl = gdn.url('/dashboard/user/usernameavailable/'+encodeURIComponent(name));
@@ -50,7 +50,7 @@ jQuery(document).ready(function($) {
return;
}
- var selectedName = $('input[name=Form/UserSelect]:checked').val();
+ var selectedName = $('input[name$=UserSelect]:checked').val();
if (!selectedName || selectedName == 'other') {
var name = $('#Form_ConnectName').val();
if (typeof(name) == 'string' && name != '') {
@@ -79,11 +79,11 @@ jQuery(document).ready(function($) {
checkConnectName();
$('#Form_ConnectName').blur(checkConnectName);
- $('input[name=Form/UserSelect]').click(checkConnectName);
+ $('input[name$=UserSelect]').click(checkConnectName);
// Check to see if passwords match
- $('input[name=User/PasswordMatch]').blur(function() {
- if ($('#Register input[name=User/Password], body.register input[name=User/Password]').val() == $(this).val())
+ $('input[name$=PasswordMatch]').blur(function() {
+ if ($('#Register input[name$=Password], body.register input[name$=Password]').val() == $(this).val())
$('#PasswordsDontMatch').hide();
else
$('#PasswordsDontMatch').show();
View
2  applications/dashboard/locale/en-CA/definitions.php
@@ -35,6 +35,7 @@ function Plural($Number, $Singular, $Plural) {
$Definition['ValidateRequired'] = '%s is required.';
$Definition['ValidateRequiredArray'] = 'You must select at least one %s.';
$Definition['ValidateEmail'] = '%s does not appear to be valid.';
+$Definition['ValidateFormat'] = 'You are not allowed to post raw html.';
$Definition['ValidateDate'] = '%s is not a valid date.';
$Definition['ValidateInteger'] = '%s is not a valid integer.';
$Definition['ValidateBoolean'] = '%s is not a valid boolean.';
@@ -170,5 +171,6 @@ function Plural($Number, $Singular, $Plural) {
$Definition['Warning: This is for advanced users.'] = '<b>Warning</b>: This is for advanced users and requires that you make additional changes to your web server. This is usually only available if you have dedicated or vps hosting. Do not attempt this if you do not know what you are doing.';
$Definition['Activity.Delete'] = '×';
$Definition['Draft.Delete'] = '×';
+$Definition['ConnectName'] = 'Username';
// TODO: PROVIDE TRANSLATIONS FOR ALL CONFIGURATION SETTINGS THAT ARE EDITABLE ON ADMIN FORMS (ie. Vanilla.Comments.MaxLength, etc).
View
24 applications/dashboard/models/class.activitymodel.php
@@ -503,7 +503,7 @@ public static function NotificationPreference($ActivityType, $Preferences, $Type
return $Result;
}
- $ConfigPreference = C('Preferences.Email.'.$ActivityType, '0');
+ $ConfigPreference = C('Preferences.'.$Type.'.'.$ActivityType, '0');
if ($ConfigPreference !== FALSE)
$Preference = ArrayValue($Type.'.'.$ActivityType, $Preferences, $ConfigPreference);
else
@@ -550,14 +550,14 @@ public function SendNotification($ActivityID, $Story = '', $Force = FALSE) {
$Email->Subject(sprintf(T('[%1$s] %2$s'), Gdn::Config('Garden.Title'), $ActivityHeadline));
$Email->To($User->Email, $User->Name);
//$Email->From(Gdn::Config('Garden.SupportEmail'), Gdn::Config('Garden.SupportName'));
- $Email->Message(
- sprintf(
- $Story == '' ? T('EmailNotification') : T('EmailStoryNotification'),
+
+ $Message = sprintf(
+ $Story == '' ? T('EmailNotification', "%1\$s\n\n%2\$s") : T('EmailStoryNotification', "%3\$s\n\n%2\$s"),
$ActivityHeadline,
ExternalUrl($Activity->Route == '' ? '/' : $Activity->Route),
$Story
- )
- );
+ );
+ $Email->Message($Message);
$Notification = array('ActivityID' => $ActivityID, 'User' => $User, 'Email' => $Email, 'Route' => $Activity->Route, 'Story' => $Story, 'Headline' => $ActivityHeadline, 'Activity' => $Activity);
$this->EventArguments = $Notification;
@@ -689,15 +689,13 @@ public function QueueNotification($ActivityID, $Story = '', $Position = 'last',
$Email = new Gdn_Email();
$Email->Subject(sprintf(T('[%1$s] %2$s'), Gdn::Config('Garden.Title'), $ActivityHeadline));
$Email->To($User->Email, $User->Name);
- //$Email->From(Gdn::Config('Garden.SupportEmail'), Gdn::Config('Garden.SupportName'));
- $Email->Message(
- sprintf(
- $Story == '' ? T('EmailNotification') : T('EmailStoryNotification'),
+ $Message = sprintf(
+ $Story == '' ? T('EmailNotification', "%1\$s\n\n%2\$s") : T('EmailStoryNotification', "%3\$s\n\n%2\$s"),
$ActivityHeadline,
- ExternalUrl($Activity->Route == '' ? '/' : $Activity->Route, TRUE),
+ ExternalUrl($Activity->Route == '' ? '/' : $Activity->Route),
$Story
- )
- );
+ );
+ $Email->Message($Message);
if (!array_key_exists($User->UserID, $this->_NotificationQueue))
$this->_NotificationQueue[$User->UserID] = array();
View
52 applications/dashboard/models/class.usermodel.php
@@ -111,6 +111,26 @@ public function Connect($UniqueID, $ProviderKey, $UserData) {
return $UserID;
}
+ public function FilterForm($Data) {
+ $Data = parent::FilterForm($Data);
+ $Data = array_diff_key($Data,
+ array('Admin' => 0, 'Deleted' => 0, 'CountVisits' => 0, 'CountInvitations' => 0, 'CountNotifications' => 0, 'Preferences' => 0,
+ 'Permissions' => 0, 'LastIPAddress' => 0, 'AllIPAddresses' => 0, 'DateFirstVisit' => 0, 'DateLastActive' => 0, 'CountDiscussions' => 0, 'CountComments' => 0,
+ 'Score' => 0));
+ if (!Gdn::Session()->CheckPermission('Garden.Moderation.Manage')) {
+ $Data = array_diff_key($Data, array('Banned' => 0, 'Verified' => 0));
+ }
+ if (!Gdn::Session()->CheckPermission('Garden.Users.Edit') && !C("Garden.Profile.EditUsernames")) {
+ unset($Data['Name']);
+ }
+
+// decho($Data);
+// die();
+
+ return $Data;
+
+ }
+
/**
* A convenience method to be called when inserting users (because users
* are inserted in various methods depending on registration setups).
@@ -823,17 +843,23 @@ public function Save($FormPostValues, $Settings = FALSE) {
if (isset($Fields['Email']) && $UserID == Gdn::Session()->UserID && $Fields['Email'] != Gdn::Session()->User->Email && !Gdn::Session()->CheckPermission('Garden.Users.Edit')) {
$User = Gdn::Session()->User;
$Attributes = Gdn::Session()->User->Attributes;
- $EmailKey = TouchValue('EmailKey', $Attributes, RandomString(8));
+
+ $ConfirmEmailRoleID = C('Garden.Registration.ConfirmEmailRole');
+ if (RoleModel::Roles($ConfirmEmailRoleID)) {
+ // The confirm email role is set and it exists so go ahead with the email confirmation.
+ $EmailKey = TouchValue('EmailKey', $Attributes, RandomString(8));
+
+ if ($RoleIDs)
+ $ConfirmedEmailRoles = $RoleIDs;
+ else
+ $ConfirmedEmailRoles = ConsolidateArrayValuesByKey($this->GetRoles($UserID), 'RoleID');
+ $Attributes['ConfirmedEmailRoles'] = $ConfirmedEmailRoles;
- if ($RoleIDs)
- $ConfirmedEmailRoles = $RoleIDs;
- else
- $ConfirmedEmailRoles = ConsolidateArrayValuesByKey($this->GetRoles($UserID), 'RoleID');
- $Attributes['ConfirmedEmailRoles'] = $ConfirmedEmailRoles;
+ $RoleIDs = (array)C('Garden.Registration.ConfirmEmailRole');
- $RoleIDs = (array)C('Garden.Registration.ConfirmEmailRole');
- $SaveRoles = TRUE;
- $Fields['Attributes'] = serialize($Attributes);
+ $SaveRoles = TRUE;
+ $Fields['Attributes'] = serialize($Attributes);
+ }
}
}
@@ -862,11 +888,11 @@ public function Save($FormPostValues, $Settings = FALSE) {
$Photo = ArrayValue('Photo', $FormPostValues);
if ($Photo !== FALSE) {
if (GetValue('CheckExisting', $Settings)) {
- $User = $this->Get($UserID);
+ $User = $this->GetID($UserID);
$OldPhoto = GetValue('Photo', $User);
}
- if (!isset($OldPhoto) || $Photo != $Photo) {
+ if (isset($OldPhoto) && $OldPhoto != $Photo) {
if (strpos($Photo, '//'))
$PhotoUrl = $Photo;
else
@@ -958,7 +984,7 @@ public function SaveAdminUser($FormPostValues) {
$Fields = $this->Validation->SchemaValidationFields(); // Only fields that are present in the schema
$Fields['UserID'] = 1;
- if ($this->Get($UserID) !== FALSE) {
+ if ($this->GetID($UserID) !== FALSE) {
$this->SQL->Put($this->Name, $Fields);
} else {
// Insert the new user
@@ -2435,4 +2461,4 @@ public function GetPermissionsIncrement() {
return $PermissionsKeyValue;;
}
-}
+}
View
20 applications/dashboard/models/class.vbulletinimportmodel.php
@@ -25,6 +25,8 @@ public function AfterImport() {
$Router->SetRoute('member\.php\?u=(\d+)', 'dashboard/profile/$1/x', 'Permanent');
// Make different sizes of avatars
$this->ProcessAvatars();
+ // Prep config for ProfileExtender plugin based on imported fields
+ $this->ProfileExtenderPrep();
}
/**
@@ -32,7 +34,7 @@ public function AfterImport() {
*/
public function ProcessAvatars() {
$UploadImage = new Gdn_UploadImage();
- $UserData = $this->SQL->Select('u.*')->From('User u')->Where('u.Photo is not null')->Get();
+ $UserData = $this->SQL->Select('u.Photo')->From('User u')->Where('u.Photo is not null')->Get();
// Make sure the avatars folder exists.
if (!file_exists(PATH_UPLOADS.'/userpics'))
@@ -68,4 +70,20 @@ public function ProcessAvatars() {
} catch (Exception $ex) { }
}
}
+
+ /**
+ * Get profile fields imported and add to ProfileFields list.
+ */
+ public function ProfileExtenderPrep() {
+ $ProfileKeyData = $this->SQL->Select('m.Name')->Distinct()->From('UserMeta m')->Like('m.Name', 'Profile_%')->Get();
+ $ExistingKeys = array_filter((array)explode(',', C('Plugins.ProfileExtender.ProfileFields', '')));
+ foreach ($ProfileKeyData->Result() as $Key) {
+ $Name = str_replace('Profile.', '', $Key->Name);
+ if (!in_array($Name, $ExistingKeys)) {
+ $ExistingKeys[] = $Name;
+ }
+ }
+ if (count($ExistingKeys))
+ SaveToConfig('Plugins.ProfileExtender.ProfileFields', implode(',', $ExistingKeys));
+ }
}
View
4 applications/dashboard/views/setup/index.php
@@ -9,4 +9,6 @@
<ul>
<li><?php echo Anchor(T('Click here to carry on to your dashboard'), 'settings'); ?>.</li>
</ul>
-</div>
+</div>
+<?php
+echo $this->Form->Close();
View
2  applications/dashboard/views/setup/prerequisites.php
@@ -17,4 +17,4 @@
</div>
</div>
<?php
-$this->Form->Close();
+echo $this->Form->Close();
View
4 applications/dashboard/views/user/applicants.php
@@ -49,8 +49,8 @@
</table>
<div class="Info">
<?php
- echo $this->Form->Button('Approve', array('Name' => $this->Form->EscapeFieldName('Submit'), 'class' => 'SmallButton'));
- echo $this->Form->Button('Decline', array('Name' => $this->Form->EscapeFieldName('Submit'), 'class' => 'SmallButton'));
+ echo $this->Form->Button('Approve', array('Name' => 'Submit', 'class' => 'SmallButton'));
+ echo $this->Form->Button('Decline', array('Name' => 'Submit', 'class' => 'SmallButton'));
?></div><?php
}
echo $this->Form->Close();
View
8 applications/vanilla/controllers/class.categoriescontroller.php
@@ -83,7 +83,7 @@ public function Index($CategoryIdentifier = '', $Page = '0') {
$this->AddCssFile('vanilla.css');
$this->Menu->HighlightRoute('/discussions');
if ($this->Head) {
- $this->Head->Title(GetValue('Name', $Category, ''));
+ $this->Title(GetValue('Name', $Category, ''));
$this->AddJsFile('discussions.js');
$this->AddJsFile('bookmark.js');
$this->AddJsFile('options.js');
@@ -135,7 +135,7 @@ public function Index($CategoryIdentifier = '', $Page = '0') {
$this->SetData('_Page', $Page);
// Set the canonical Url.
- $this->CanonicalUrl(Url(ConcatSep('/', 'categories/'.GetValue('UrlCode', $Category, $CategoryIdentifier), PageNumber($Offset, $Limit, TRUE)), TRUE));
+ $this->CanonicalUrl(Url(ConcatSep('/', 'categories/'.GetValue('UrlCode', $Category, $CategoryIdentifier), PageNumber($Offset, $Limit, TRUE, FALSE)), TRUE));
// Change the controller name so that it knows to grab the discussion views
$this->ControllerName = 'DiscussionsController';
@@ -149,8 +149,6 @@ public function Index($CategoryIdentifier = '', $Page = '0') {
$this->View = 'discussions';
}
- $this->CanonicalUrl(Url('/categories', TRUE));
-
// Render default view
$this->Render();
}
@@ -223,7 +221,7 @@ public function Discussions() {
$this->CategoryDiscussionData = array();
foreach ($this->CategoryData->Result() as $Category) {
if ($Category->CategoryID > 0)
- $this->CategoryDiscussionData[$Category->CategoryID] = $DiscussionModel->Get(0, $this->DiscussionsPerCategory, array('d.CategoryID' => $Category->CategoryID, 'd.Announce' => 0));
+ $this->CategoryDiscussionData[$Category->CategoryID] = $DiscussionModel->Get(0, $this->DiscussionsPerCategory, array('d.CategoryID' => $Category->CategoryID, 'Announce' => 'all'));
}
// Add modules
View
2  applications/vanilla/controllers/class.postcontroller.php
@@ -113,6 +113,7 @@ public function Discussion($CategoryID = '') {
} else { // Form was submitted
// Save as a draft?
$FormValues = $this->Form->FormValues();
+ $FormValues = $this->DiscussionModel->FilterForm($FormValues);
$this->DeliveryType(GetIncomingValue('DeliveryType', $this->_DeliveryType));
if ($DraftID == 0)
$DraftID = $this->Form->GetFormValue('DraftID', 0);
@@ -321,6 +322,7 @@ public function Comment($DiscussionID = '') {
} else {
// Save as a draft?
$FormValues = $this->Form->FormValues();
+ $FormValues = $this->CommentModel->FilterForm($FormValues);
if ($DraftID == 0)
$DraftID = $this->Form->GetFormValue('DraftID', 0);
View
12 applications/vanilla/models/class.discussionmodel.php
@@ -162,6 +162,12 @@ public function Get($Offset = '0', $Limit = '', $Wheres = '', $AdditionalFields
$this->EventArguments['SortDirection'] = C('Vanilla.Discussions.SortDirection', 'desc');
$this->EventArguments['Wheres'] = &$Wheres;
$this->FireEvent('BeforeGet'); // @see 'BeforeGetCount' for consistency in results vs. counts
+
+ $IncludeAnnouncements = FALSE;
+ if (strtolower(GetValue('Announce', $Wheres)) == 'all') {
+ $IncludeAnnouncements = TRUE;
+ unset($Wheres['Announce']);
+ }
if (is_array($Wheres))
$this->SQL->Where($Wheres);
@@ -181,8 +187,10 @@ public function Get($Offset = '0', $Limit = '', $Wheres = '', $AdditionalFields
$Data = $this->SQL->Get();
// If not looking at discussions filtered by bookmarks or user, filter announcements out.
- if (!isset($Wheres['w.Bookmarked']) && !isset($Wheres['d.InsertUserID']))
- $this->RemoveAnnouncements($Data);
+ if (!$IncludeAnnouncements) {
+ if (!isset($Wheres['w.Bookmarked']) && !isset($Wheres['d.InsertUserID']))
+ $this->RemoveAnnouncements($Data);
+ }
// Change discussions returned based on additional criteria
$this->AddDiscussionColumns($Data);
View
2  index.php
@@ -1,6 +1,6 @@
<?php
define('APPLICATION', 'Vanilla');
-define('APPLICATION_VERSION', '2.0.18rc2');
+define('APPLICATION_VERSION', '2.0.18.5');
/*
Copyright 2008, 2009 Vanilla Forums Inc.
This file is part of Garden.
View
94 js/library/jquery.gardencheckcolumn.js
@@ -1,47 +1,55 @@
-/**************************************************************
-jQuery / Garden CheckColumn Plugin v1
-**************************************************************/
+/*
+ * Garden CheckColumn Plugin (1.1)
+ * by Mark O'Sullivan (mark@vanillaforums.com)
+ * by Tim Gunter (tim@vanillaforums.com)
+ *
+ * Copyright (c) 2008 Vanilla Forums, Inc
+ * Licensed under the GPL (GPL-LICENSE.txt) license.
+ *
+ * NOTE: This script requires jQuery to work.
+ * Download jQuery at www.jquery.com
+ */
-(function($) {
- $.fn.checkColumn = function(opt) {
- opt = $.extend({
- noOptionsYet: 0
- }, opt);
-
- // Remove the cellpadding on anchor cells
- $(this).find('thead td').css('padding', '0px');
+jQuery(document).ready(function($){
+ $.fn.checkColumn = function(opt) {
+ opt = $.extend({
+ noOptionsYet: 0
+ }, opt);
+
+ // Remove the cellpadding on anchor cells
+ $(this).find('thead td').css('padding', '0px');
+
+ // Handle column heading clicks
+ $(this).find('thead td').each(function(i,el) {
+ el = $(el);
+ var columnIndex = el.prop('cellIndex');
+ var text = el.html();
+ el.html('');
+
+ var anchor = $('<a></a>');
+ anchor.click(function(event) {
+ var rows = $(el).parents('table').find('tbody tr');
+ var checkbox = false;
+ rows.each(function(j,row){
+ checkbox = $(row).find('td:eq(' + (columnIndex) + ')').find(":checkbox");
+ if (checkbox) {
+ if (checkbox.prop('checked')) {
+ checkbox.removeAttr('checked');
+ } else {
+ checkbox.prop('checked', 'checked');
+ }
+ }
+ })
+ return false;
+ });
+ anchor.html(text);
+ anchor.prop('href', '#');
+ el.append(anchor);
+ });
- // Handle column heading clicks
- $(this).find('thead td').each(function() {
- var columnIndex = $(this).attr('cellIndex');
- var text = $(this).html();
- var anchor = document.createElement('a');
- anchor.onclick = function(sender) {
- var rows = $(this).parents('table').find('tbody tr');
- var checkbox = false;
- for (i = 0; i < rows.length; i++) {
- checkbox = $(rows[i]).find('td:eq(' + (columnIndex) + ')').find(":checkbox");
- if (checkbox) {
- if ($(checkbox).attr('checked')) {
- checkbox.removeAttr('checked');
- } else {
- checkbox.attr('checked', 'checked');
- }
- }
- }
- return false;
- }
- anchor.innerHTML = text;
- anchor.href = '#';
- $(this).html(anchor);
- });
-
+ // Return the object for chaining
+ return $(this);
+ }
- // Return the object for chaining
- return $(this);
- }
-})(jQuery);
-
-$(function() {
- $('table.CheckColumn').checkColumn();
+ $('table.CheckColumn').checkColumn();
});
View
2  library/core/class.applicationmanager.php
@@ -190,7 +190,7 @@ public function TestApplication($ApplicationName, &$Validation) {
throw new Exception(T('The application folder was not properly defined.'));
// Hook directly into the autoloader and force it to load the newly tested application
- Gdn_Autoloader::AttachApplication($ApplicationName);
+ Gdn_Autoloader::AttachApplication($ApplicationFolder);
// Redefine the locale manager's settings $Locale->Set($CurrentLocale, $EnabledApps, $EnabledPlugins, TRUE);
$Locale = Gdn::Locale();
View
10 library/core/class.configuration.php
@@ -533,7 +533,15 @@ public function Save($File = '', $Group = '', $RequireSourceFile = TRUE) {
$Result = FALSE;
if (file_put_contents($TmpFile, $FileContents) !== FALSE) {
chmod($TmpFile, 0775);
- $Result = rename($TmpFile, $File);
+ if (!rename($TmpFile, $File)) {
+ // The rename may not work on Windows servers so try a copy.
+ if (copy($TmpFile, $File)) {
+ unlink($TmpFile);
+ $Result = TRUE;
+ }
+ } else {
+ $Result = TRUE;
+ }
}
}
View
4 library/core/class.form.php
@@ -1724,6 +1724,8 @@ public function Save() {
ErrorMessage(
"You cannot call the form's save method if a model has not been defined.",
"Form", "Save"), E_USER_ERROR);
+
+ $Data = $this->_Model->FilterForm($this->FormValues());
$Args = array_merge(func_get_args(),
array(
@@ -1737,7 +1739,7 @@ public function Save() {
NULL,
NULL,
NULL));
- $SaveResult = $this->_Model->Save($this->FormValues(), $Args[0], $Args[1],
+ $SaveResult = $this->_Model->Save($Data, $Args[0], $Args[1],
$Args[2], $Args[3], $Args[4], $Args[5], $Args[6], $Args[7],
$Args[8], $Args[9]);
if ($SaveResult === FALSE) {
View
10 library/core/class.format.php
@@ -1189,14 +1189,16 @@ public static function Timespan($timespan) {
* @return mixed
*/
public static function Url($Mixed) {
- if (!is_string($Mixed)) {
+ if (!is_string($Mixed))
return self::To($Mixed, 'Url');
- } elseif (preg_replace('`([^\PP])`u', '', 'Test') == '') {
+
+
+ if (preg_replace('`([^\PP])`u', '', 'Test') == '') {
// No Unicode PCRE support.
$Mixed = trim($Mixed);
$Mixed = strip_tags(html_entity_decode($Mixed, ENT_COMPAT, 'UTF-8'));
$Mixed = strtr($Mixed, self::$_UrlTranslations);
- $Mixed = preg_replace('/([^\w\d_:.])/', ' ', $Mixed); // get rid of punctuation and symbols
+ $Mixed = preg_replace('/([^\w\d_:])/', ' ', $Mixed); // get rid of punctuation and symbols
$Mixed = str_replace(' ', '-', trim($Mixed)); // get rid of spaces
$Mixed = preg_replace('/-+/', '-', $Mixed); // limit to 1 hyphen at a time
$Mixed = urlencode(strtolower($Mixed));
@@ -1208,7 +1210,7 @@ public static function Url($Mixed) {
$Mixed = strtr($Mixed, self::$_UrlTranslations);
$Mixed = preg_replace('`([^\PP.\-_])`u', '', $Mixed); // get rid of punctuation
$Mixed = preg_replace('`([^\PS+])`u', '', $Mixed); // get rid of symbols
- $Mixed = preg_replace('`[\s\-/+]+`u', '-', $Mixed); // replace certain characters with dashes
+ $Mixed = preg_replace('`[\s\-/+.]+`u', '-', $Mixed); // replace certain characters with dashes
$Mixed = rawurlencode(strtolower($Mixed));
return $Mixed;
}
View
10 library/core/class.model.php
@@ -295,6 +295,16 @@ public function Delete($Where = '', $Limit = FALSE, $ResetData = FALSE) {
$this->SQL->NoReset()->Delete($this->Name, $Where, $Limit);
}
}
+
+ /**
+ * Filter out any potentially insecure fields before they go to the database.
+ * @param array $Data
+ */
+ public function FilterForm($Data) {
+ $Data = array_diff_key($Data, array('Attributes' => 0, 'DateInserted' => 0, 'InsertUserID' => 0, 'InsertIPAddress' => 0,
+ 'DateUpdated' => 0, 'UpdateUserID' => 0, 'UpdateIPAddress' => 0));
+ return $Data;
+ }
/**
* Returns an array with only those keys that are actually in the schema.
View
7 library/core/class.passwordhash.php
@@ -77,6 +77,13 @@ function CheckPassword($Password, $StoredHash, $Method = FALSE, $Username = NULL
case 'django':
$Result = $this->CheckDjango($Password, $StoredHash);
break;
+ case 'joomla':
+ $Parts = explode(':', $StoredHash, 2);
+ $Hash = GetValue(0, $Parts);
+ $Salt = GetValue(1, $Parts);
+ $ComputedHash = md5($Password.$Salt);
+ $Result = $ComputedHash == $Hash;
+ break;
case 'phpbb':
require_once(PATH_LIBRARY.'/vendors/phpbb/phpbbhash.php');
$Result = phpbb_check_hash($Password, $StoredHash);
View
5 library/core/class.validation.php
@@ -139,6 +139,7 @@ public function __construct($Schema = FALSE) {
$this->AddRule('PhoneNA', 'function:ValidatePhoneNA');
$this->AddRule('PhoneInt', 'function:ValidatePhoneInt');
$this->AddRule('ZipCode', 'function:ValidateZipCode');
+ $this->AddRule('Format', 'function:ValidateFormat');
}
@@ -226,6 +227,10 @@ public function ApplyRulesBySchema($Schema) {
$RuleNames[] = 'Enum';
break;
}
+
+ if ($Field == 'Format') {
+ $RuleNames[] = 'Format';
+ }
}
// Assign the rules to the field.
// echo '<div>Field: '.$Field.'</div>';
View
6 library/core/functions.validation.php
@@ -262,6 +262,12 @@ function ValidateEnum($Value, $Field) {
}
}
+if (!function_exists('ValidateFormat')) {
+ function ValidateFormat($Value) {
+ return strcasecmp($Value, 'Raw') != 0 || Gdn::Session()->CheckPermission('Garden.Settings.Manage');
+ }
+}
+
if (!function_exists('ValidateOneOrMoreArrayItemRequired')) {
function ValidateOneOrMoreArrayItemRequired($Value, $Field) {
return is_array($Value) === TRUE && count($Value) > 0 ? TRUE : FALSE;
View
4 plugins/Flagging/views/flagging.php
@@ -60,7 +60,7 @@
<span><?php echo T('FlaggedBy', "Reported by:"); ?> </span>
<span><?php echo "<strong>".Anchor($Flag['InsertName'],"profile/{$Flag['InsertUserID']}/{$Flag['InsertName']}")."</strong>{$OtherString} ".T('on').' '.$Flag['DateInserted']; ?></span>
</div>
- <div class="FlaggedItemComment">"<?php echo $Flag['Comment']; ?>"</div>
+ <div class="FlaggedItemComment">"<?php echo Gdn_Format::Text($Flag['Comment']); ?>"</div>
<div class="FlaggedActions">
<?php
echo $this->Form->Button('Dismiss',array(
@@ -95,4 +95,4 @@
}
?>
</div>
-<?php } ?>
+<?php } ?>
View
2  plugins/Gravatar/default.php
@@ -33,7 +33,7 @@ function UserPhotoDefaultUrl($User) {
.'&amp;size='.C('Garden.Thumbnail.Width', 50);
if (C('Plugins.Gravatar.UseVanillicon', FALSE))
- $Url .= '&amp;default='.urlencode(Asset('http://vanillicon.com/'.md5($User->Name).'.png'));
+ $Url .= '&amp;default='.urlencode(Asset('http://vanillicon.com/'.md5($User->Email).'.png'));
else
$Url .= '&amp;default='.urlencode(Asset(C('Plugins.Gravatar.DefaultAvatar', 'plugins/Gravatar/default.gif'), TRUE));
View
4 plugins/Tagging/class.tagging.plugin.php
@@ -12,7 +12,7 @@
$PluginInfo['Tagging'] = array(
'Name' => 'Tagging',
'Description' => 'Allow tagging of discussions.',
- 'Version' => '1.1',
+ 'Version' => '1.1p1',
'SettingsUrl' => '/dashboard/settings/tagging',
'SettingsPermission' => 'Garden.Settings.Manage',
'Author' => "Mark O'Sullivan",
@@ -376,7 +376,7 @@ public function PostController_BeforeFormButtons_Handler($Sender) {
->From('TagDiscussion td')
->Join('Tag t', 'td.TagID = t.TagID')
->Where('td.DiscussionID', GetValue('DiscussionID', $Discussion))
- ->Where('t.Type', '')
+ ->Where("coalesce(t.Type, '')", '')
->Get()->ResultArray();
$Tags = ConsolidateArrayValuesByKey($Tags, 'Name');
View
3  plugins/Twitter/class.twitter.plugin.php
@@ -204,9 +204,10 @@ public function Base_ConnectData_Handler($Sender, $Args) {
return;
$RequestToken = GetValue('oauth_token', $_GET);
+ $AccessToken = $this->AccessToken();
// Get the access token.
- if ($RequestToken || !($AccessToken = $this->AccessToken())) {
+ if ($RequestToken || !$AccessToken) {
// Get the request secret.
$RequestToken = $this->GetOAuthToken($RequestToken);
View
4 plugins/embedvanilla/local.js
@@ -16,9 +16,6 @@ $(function() {
forceRemoteUrl = gdn.definition('ForceRemoteUrl', '') != '',
webroot = gdn.definition('WebRoot'),
pathroot = gdn.definition('UrlFormat').replace('/{Path}', '').replace('{Path}', '');
-
- if (!inIframe)
- return;
if (inIframe) {
if ("postMessage" in parent) {
@@ -135,6 +132,7 @@ $(function() {
$(window).unload(function() { remotePostMessage('unload', '*'); });
}
+ else return; // Ignore the rest if we're not embedded.
var path = gdn.definition('Path', '~');
if (path != '~') {
Something went wrong with that request. Please try again.