/**
* Perform an action.
*
* This function executes the action with name $action as registered
* by {@link elgg_register_action()}.
*
* The plugin hook 'action', $action_name will be triggered before the action
* is executed. If a handler returns false, it will prevent the action script
* from being called.
*
* @note If an action isn't registered in the system or is registered
* to an unavailable file the user will be forwarded to the site front
* page and an error will be emitted via {@link register_error()}.
*
* @warning All actions require {@link http://docs.elgg.org/Actions/Tokens Action Tokens}.
*
* @param string $action The requested action
* @param string $forwarder Optionally, the location to forward to
*
* @link http://docs.elgg.org/Actions
* @see elgg_register_action()
*
* @return void
* @access private
*/
function action($action, $forwarder = "")
{
global $CONFIG;
$action = rtrim($action, '/');
// @todo REMOVE THESE ONCE #1509 IS IN PLACE.
// Allow users to disable plugins without a token in order to
// remove plugins that are incompatible.
// Login and logout are for convenience.
// file/download (see #2010)
$exceptions = array('admin/plugins/disable', 'logout', 'login', 'file/download');
if (!in_array($action, $exceptions)) {
// All actions require a token.
action_gatekeeper();
}
$forwarder = str_replace(elgg_get_site_url(), "", $forwarder);
$forwarder = str_replace("http://", "", $forwarder);
$forwarder = str_replace("@", "", $forwarder);
if (substr($forwarder, 0, 1) == "/") {
$forwarder = substr($forwarder, 1);
}
if (isset($CONFIG->actions[$action])) {
if (elgg_is_admin_logged_in() || $CONFIG->actions[$action]['access'] !== 'admin') {
if (elgg_is_logged_in() || $CONFIG->actions[$action]['access'] === 'public') {
// Trigger action event
// @todo This is only called before the primary action is called.
$event_result = true;
$event_result = elgg_trigger_plugin_hook('action', $action, null, $event_result);
// Include action
// Event_result being false doesn't produce an error
// since i assume this will be handled in the hook itself.
// @todo make this better!
if ($event_result) {
if (!(include $CONFIG->actions[$action]['file'])) {
register_error(elgg_echo('actionnotfound', array($action)));
}
}
} else {
register_error(elgg_echo('actionloggedout'));
}
} else {
register_error(elgg_echo('actionunauthorized'));
}
} else {
register_error(elgg_echo('actionundefined', array($action)));
}
if (!empty($forwarder)) {
forward($forwarder);
} else {
forward(REFERER);
}
}
/**
* Loads an action script, if it exists, then forwards elsewhere
*
* @param string $action The requested action
* @param string $forwarder Optionally, the location to forward to
*/
function action($action, $forwarder = "")
{
global $CONFIG;
// set GET params
elgg_set_input_from_uri();
// @todo REMOVE THESE ONCE #1509 IS IN PLACE.
// Allow users to disable plugins without a token in order to
// remove plugins that are imcompatible.
// Installation cannot use tokens because it requires site secret to be
// working. (#1462)
// Login and logout are for convenience.
$exceptions = array('systemsettings/install', 'admin/plugins/disable', 'logout', 'login');
if (!in_array($action, $exceptions)) {
// All actions require a token.
action_gatekeeper();
}
$forwarder = str_replace($CONFIG->url, "", $forwarder);
$forwarder = str_replace("http://", "", $forwarder);
$forwarder = str_replace("@", "", $forwarder);
if (substr($forwarder, 0, 1) == "/") {
$forwarder = substr($forwarder, 1);
}
if (isset($CONFIG->actions[$action])) {
if (isadminloggedin() || !$CONFIG->actions[$action]['admin']) {
if ($CONFIG->actions[$action]['public'] || $_SESSION['id'] != -1) {
// Trigger action event TODO: This is only called before the primary action is called. We need to rethink actions for 1.5
$event_result = true;
$event_result = trigger_plugin_hook('action', $action, null, $event_result);
// Include action
// Event_result being false doesn't produce an error -
// since i assume this will be handled in the hook itself.
// TODO make this better!
if ($event_result) {
if (!(include $CONFIG->actions[$action]['file'])) {
register_error(sprintf(elgg_echo('actionundefined'), $action));
}
}
} else {
register_error(elgg_echo('actionloggedout'));
}
}
} else {
register_error(sprintf(elgg_echo('actionundefined'), $action));
}
forward($CONFIG->url . $forwarder);
}
/**
* @see action
* @access private
*/
public function execute($action, $forwarder = "")
{
$action = rtrim($action, '/');
$this->currentAction = $action;
// @todo REMOVE THESE ONCE #1509 IS IN PLACE.
// Allow users to disable plugins without a token in order to
// remove plugins that are incompatible.
// Login and logout are for convenience.
// file/download (see #2010)
$exceptions = array('admin/plugins/disable', 'logout', 'file/download');
if (!in_array($action, $exceptions)) {
// All actions require a token.
action_gatekeeper($action);
}
$forwarder = str_replace(_elgg_services()->config->getSiteUrl(), "", $forwarder);
$forwarder = str_replace("http://", "", $forwarder);
$forwarder = str_replace("@", "", $forwarder);
if (substr($forwarder, 0, 1) == "/") {
$forwarder = substr($forwarder, 1);
}
if (!isset($this->actions[$action])) {
register_error(_elgg_services()->translator->translate('actionundefined', array($action)));
} elseif (!_elgg_services()->session->isAdminLoggedIn() && $this->actions[$action]['access'] === 'admin') {
register_error(_elgg_services()->translator->translate('actionunauthorized'));
} elseif (!_elgg_services()->session->isLoggedIn() && $this->actions[$action]['access'] !== 'public') {
register_error(_elgg_services()->translator->translate('actionloggedout'));
} else {
// To quietly cancel the action file, return a falsey value in the "action" hook.
if (_elgg_services()->hooks->trigger('action', $action, null, true)) {
if (is_file($this->actions[$action]['file']) && is_readable($this->actions[$action]['file'])) {
self::includeFile($this->actions[$action]['file']);
} else {
register_error(_elgg_services()->translator->translate('actionnotfound', array($action)));
}
}
}
$forwarder = empty($forwarder) ? REFERER : $forwarder;
forward($forwarder);
}
/**
* @see action
* @access private
*/
public function execute($action, $forwarder = "")
{
$action = rtrim($action, '/');
$this->currentAction = $action;
// @todo REMOVE THESE ONCE #1509 IS IN PLACE.
// Allow users to disable plugins without a token in order to
// remove plugins that are incompatible.
// Login and logout are for convenience.
// file/download (see #2010)
$exceptions = array('admin/plugins/disable', 'logout', 'file/download');
if (!in_array($action, $exceptions)) {
// All actions require a token.
action_gatekeeper($action);
}
$forwarder = str_replace(elgg_get_site_url(), "", $forwarder);
$forwarder = str_replace("http://", "", $forwarder);
$forwarder = str_replace("@", "", $forwarder);
if (substr($forwarder, 0, 1) == "/") {
$forwarder = substr($forwarder, 1);
}
if (!isset($this->actions[$action])) {
register_error(elgg_echo('actionundefined', array($action)));
} elseif (!elgg_is_admin_logged_in() && $this->actions[$action]['access'] === 'admin') {
register_error(elgg_echo('actionunauthorized'));
} elseif (!elgg_is_logged_in() && $this->actions[$action]['access'] !== 'public') {
register_error(elgg_echo('actionloggedout'));
} else {
// Returning falsy doesn't produce an error
// We assume this will be handled in the hook itself.
if (elgg_trigger_plugin_hook('action', $action, null, true)) {
if (!(include $this->actions[$action]['file'])) {
register_error(elgg_echo('actionnotfound', array($action)));
}
}
}
$forwarder = empty($forwarder) ? REFERER : $forwarder;
forward($forwarder);
}
<?php
/**
* Profile Manager
*
* jQuery Profile Field change category
*
* @package profile_manager
* @author ColdTrick IT Solutions
* @copyright Coldtrick IT Solutions 2009
* @link http://www.coldtrick.com/
*/
global $CONFIG;
action_gatekeeper();
admin_gatekeeper();
$guid = get_input("guid");
$category_guid = get_input("category_guid");
if (!empty($guid)) {
$entity = get_entity($guid);
if ($entity->getSubtype() == CUSTOM_PROFILE_FIELDS_PROFILE_SUBTYPE || $entity->getSubtype() == CUSTOM_PROFILE_FIELDS_GROUP_SUBTYPE) {
if (!empty($category_guid)) {
$entity->category_guid = $category_guid;
} else {
unset($entity->category_guid);
}
echo "true";
}
}
exit;
/**
* Handles graph requests
*
* /graph/<node>[/<edge>]
*
* @param array $segments URL segments
* @return bool
*/
public function pageHandler($segments)
{
elgg_register_plugin_hook_handler('debug', 'log', array($this->logger, 'debugLogHandler'));
error_reporting(E_ALL);
set_error_handler(array($this->logger, 'errorHandler'));
set_exception_handler(array($this->logger, 'exceptionHandler'));
try {
if ($this->request->getUrlSegments()[0] == 'services') {
elgg_trigger_plugin_hook('auth', 'graph');
} else {
// graph page handler is being accessed directly, and not routed to from services
// check csrf tokens
action_gatekeeper('');
if ($this->request->getMethod() != HttpRequest::METHOD_GET) {
elgg_gatekeeper();
}
}
elgg_set_context('services');
elgg_push_context('api');
elgg_push_context('graph');
$viewtype = $this->mapViewtype();
$endpoint = implode('/', $segments);
if (!elgg_is_registered_viewtype($viewtype)) {
$viewtype = 'json';
}
elgg_set_viewtype($viewtype);
$result = $this->route($endpoint);
} catch (Exception $ex) {
$result = new ErrorResult($ex->getMessage(), $ex->getCode(), $ex);
}
$this->send($result);
return true;
}
/**
* Elgg welcome plugin change user email action
*
* @author Gerard Kanters
* @author Wouter van Os
* @author Juho Jaakkola
*
* @website https://www.centillien.com
*
* @copyright Centillien 2016
*/
if (elgg_get_user_validation_status($user->guid) == false) {
register_error(elgg_echo('notallowed'));
return;
}
action_gatekeeper('change_user_email');
// Set access status to perform needed operation
$access_status = access_get_show_hidden_status();
access_show_hidden_entities(true);
// Get user guid
$user_guid = (int) get_input('user_guid');
$new_email = get_input('new_email');
// Check if user guid is provided
if (!empty($user_guid) && !empty($new_email)) {
$user = get_entity($user_guid);
// Check if user exists
if (elgg_instanceof($user, 'user')) {
// Check if provided email address is valid
if (validate_email_address($new_email)) {
elgg_set_ignore_access(true);
elgg_override_permissions(true);
