/**
* {@inheritdoc}
*/
public function put(ParameterBag $params)
{
$owner = get_entity($params->guid);
if (!$owner->canEdit()) {
throw new GraphException("You are not allowed to modify this user's profile", HttpResponse::HTTP_FORBIDDEN);
}
$profile_fields = (array) elgg_get_config('profile_fields');
$access_id = $params->access_id !== null ? $params->access_id : get_default_access($owner);
$input = array();
foreach ($profile_fields as $field => $valuetype) {
// Making sure the consumer has sent these fields with the request
if (isset($params->{$field}) && $this->request->get($field) !== null) {
$value = $params->{$field};
$value = _elgg_html_decode($value);
if (!is_array($value) && $valuetype != 'longtext' && elgg_strlen($value) > 250) {
throw new GraphException(elgg_echo('profile:field_too_long', array(elgg_echo("profile:{$field}")), HttpResponse::HTTP_BAD_REQUEST));
}
if ($value && $valuetype == 'url' && !preg_match('~^https?\\://~i', $value)) {
$value = "http://{$value}";
}
if ($valuetype == 'tags') {
$value = string_to_tag_array($value);
}
if ($valuetype == 'email' && !empty($value) && !is_email_address($value)) {
throw new GraphException(elgg_echo('profile:invalid_email', array(elgg_echo("profile:{$field}"))), HttpResponse::HTTP_BAD_REQUEST);
}
$input[$field] = $value;
}
}
// go through custom fields
if (sizeof($input) > 0) {
foreach ($input as $shortname => $value) {
$options = array('guid' => $owner->guid, 'metadata_name' => $shortname, 'limit' => false);
elgg_delete_metadata($options);
if (!is_null($value) && $value !== '') {
// only create metadata for non empty values (0 is allowed) to prevent metadata records
// with empty string values #4858
if (is_array($value)) {
$i = 0;
foreach ($value as $interval) {
$i++;
$multiple = $i > 1 ? TRUE : FALSE;
create_metadata($owner->guid, $shortname, $interval, 'text', $owner->guid, $access_id, $multiple);
}
} else {
create_metadata($owner->getGUID(), $shortname, $value, 'text', $owner->getGUID(), $access_id);
}
}
}
$owner->save();
// Notify of profile update
elgg_trigger_event('profileupdate', $owner->type, $owner);
}
return $this->get($params);
}
$preview_button = '';
if ($vars['guid']) {
// add a delete button if editing
$delete_url = "action/blog/delete?guid={$vars['guid']}";
$delete_link = elgg_view('output/url', array('href' => $delete_url, 'text' => elgg_echo('delete'), 'class' => 'elgg-button elgg-button-delete float-alt', 'confirm' => true));
}
// published blogs do not get the preview button
if (!$vars['guid'] || $blog && $blog->status != 'published') {
$preview_button = elgg_view('input/submit', array('value' => elgg_echo('preview'), 'name' => 'preview', 'class' => 'elgg-button-submit mls'));
}
$save_button = elgg_view('input/submit', array('value' => elgg_echo('save'), 'name' => 'save'));
$action_buttons = $save_button . $preview_button . $delete_link;
$title_label = elgg_echo('title');
$title_input = elgg_view('input/text', array('name' => 'title', 'id' => 'blog_title', 'value' => $vars['title']));
$excerpt_label = elgg_echo('blog:excerpt');
$excerpt_input = elgg_view('input/text', array('name' => 'excerpt', 'id' => 'blog_excerpt', 'value' => _elgg_html_decode($vars['excerpt'])));
$body_label = elgg_echo('blog:body');
$body_input = elgg_view('input/longtext', array('name' => 'description', 'id' => 'blog_description', 'value' => $vars['description']));
$save_status = elgg_echo('blog:save_status');
if ($vars['guid']) {
$entity = get_entity($vars['guid']);
$saved = date('F j, Y @ H:i', $entity->time_created);
} else {
$saved = elgg_echo('never');
}
$status_label = elgg_echo('status');
$status_input = elgg_view('input/select', array('name' => 'status', 'id' => 'blog_status', 'value' => $vars['status'], 'options_values' => array('draft' => elgg_echo('status:draft'), 'published' => elgg_echo('status:published'))));
$comments_label = elgg_echo('comments');
$comments_input = elgg_view('input/select', array('name' => 'comments_on', 'id' => 'blog_comments_on', 'value' => $vars['comments_on'], 'options_values' => array('On' => elgg_echo('on'), 'Off' => elgg_echo('off'))));
$tags_label = elgg_echo('tags');
$tags_input = elgg_view('input/tags', array('name' => 'tags', 'id' => 'blog_tags', 'value' => $vars['tags']));
/**
* wrapper for recursive array walk decoding
*/
function profile_array_decoder(&$v)
{
$v = _elgg_html_decode($v);
}
<?php
// Upgrade to fix encoding issues on group data: #1963
elgg_set_ignore_access(TRUE);
$params = array('type' => 'group', 'limit' => 0);
$groups = elgg_get_entities($params);
if ($groups) {
foreach ($groups as $group) {
$group->name = _elgg_html_decode($group->name);
$group->description = _elgg_html_decode($group->description);
$group->briefdescription = _elgg_html_decode($group->briefdescription);
$group->website = _elgg_html_decode($group->website);
if ($group->interests) {
$tags = $group->interests;
foreach ($tags as $index => $tag) {
$tags[$index] = _elgg_html_decode($tag);
}
$group->interests = $tags;
}
$group->save();
}
}
elgg_set_ignore_access(FALSE);
/**
* {@inheritdoc}
*/
public function put(ParameterBag $params)
{
hypeGraph()->logger->vardump('params', $params);
$user = isset($params->owner_guid) && $params->owner_guid ? get_entity($params->owner_guid) : elgg_get_logged_in_user_entity();
$group_guid = isset($params->guid) ? $params->guid : 0;
// allows us to recycle this method from SiteGroups controller
$is_new_group = $group_guid == 0;
if ($is_new_group && elgg_get_plugin_setting('limited_groups', 'groups') == 'yes' && !$user->isAdmin()) {
throw new GraphException(elgg_echo("groups:cantcreate"), 403);
}
$group = $group_guid ? get_entity($group_guid) : new ElggGroup();
if (elgg_instanceof($group, "group") && !$group->canEdit()) {
throw new GraphException(elgg_echo("groups:cantedit"), 403);
}
if (!$is_new_group) {
foreach ($params as $key => $value) {
if ($value === null) {
$params->{$key} = $group->{$key};
}
}
}
$input = array();
foreach (elgg_get_config('group') as $shortname => $valuetype) {
$input[$shortname] = $params->{$shortname};
if (is_array($input[$shortname])) {
array_walk_recursive($input[$shortname], function (&$v) {
$v = _elgg_html_decode($v);
});
} else {
$input[$shortname] = _elgg_html_decode($input[$shortname]);
}
if ($valuetype == 'tags') {
$input[$shortname] = string_to_tag_array($input[$shortname]);
}
}
$input = array_filter($input);
$input['name'] = htmlspecialchars(get_input('name', '', false), ENT_QUOTES, 'UTF-8');
// Assume we can edit or this is a new group
if (sizeof($input) > 0) {
foreach ($input as $shortname => $value) {
// update access collection name if group name changes
if (!$is_new_group && $shortname == 'name' && $value != $group->name) {
$group_name = html_entity_decode($value, ENT_QUOTES, 'UTF-8');
$ac_name = sanitize_string(elgg_echo('groups:group') . ": " . $group_name);
$acl = get_access_collection($group->group_acl);
if ($acl) {
// @todo Elgg api does not support updating access collection name
$db_prefix = elgg_get_config('dbprefix');
$query = "UPDATE {$db_prefix}access_collections SET name = '{$ac_name}'\n\t\t\t\t\tWHERE id = {$group->group_acl}";
update_data($query);
}
}
if ($value === '') {
// The group profile displays all profile fields that have a value.
// We don't want to display fields with empty string value, so we
// remove the metadata completely.
$group->deleteMetadata($shortname);
continue;
}
$group->{$shortname} = $value;
}
}
// Validate create
if (!$group->name) {
throw new GraphException(elgg_echo("groups:notitle"), 400);
}
// Set group tool options
$tool_options = elgg_get_config('group_tool_options');
if ($tool_options) {
foreach ($tool_options as $group_option) {
$option_toggle_name = $group_option->name . "_enable";
$option_default = $group->{$option_toggle_name} ?: $group_option->default_on ? 'yes' : 'no';
$group->{$option_toggle_name} = $params->{$option_toggle_name} ?: $option_default;
}
}
// Group membership - should these be treated with same constants as access permissions?
$is_public_membership = (int) $params->membership == ACCESS_PUBLIC;
$group->membership = $is_public_membership ? ACCESS_PUBLIC : ACCESS_PRIVATE;
$group->setContentAccessMode($params->content_access_mode);
if ($is_new_group) {
$group->owner_guid = $user->guid;
$group->access_id = ACCESS_PUBLIC;
}
if ($is_new_group) {
// if new group, we need to save so group acl gets set in event handler
if (!$group->save()) {
throw new GraphException(elgg_echo("groups:save_error"));
}
}
if (elgg_get_plugin_setting('hidden_groups', 'groups') == 'yes') {
$visibility = (int) $params->vis;
if ($visibility == ACCESS_PRIVATE) {
// Make this group visible only to group members. We need to use
// ACCESS_PRIVATE on the form and convert it to group_acl here
// because new groups do not have acl until they have been saved once.
$visibility = $group->group_acl;
// Force all new group content to be available only to members
$group->setContentAccessMode(ElggGroup::CONTENT_ACCESS_MODE_MEMBERS_ONLY);
}
$group->access_id = $visibility;
}
if (!$group->save()) {
throw new GraphException(elgg_echo("groups:save_error"));
}
$river_id = false;
if ($is_new_group) {
elgg_set_page_owner_guid($group->guid);
$group->join($user);
$river_id = elgg_create_river_item(array('view' => 'river/group/create', 'action_type' => 'create', 'subject_guid' => $user->guid, 'object_guid' => $group->guid));
}
$return = array('nodes' => array('group' => $group));
if ($river_id) {
$river = elgg_get_river(array('ids' => $river_id));
$return['nodes']['activity'] = $river ? $river[0] : $river_id;
}
return $return;
}