/**
  * {@inheritdoc}
  */
 public function put(ParameterBag $params)
 {
     $owner = get_entity($params->guid);
     if (!$owner->canEdit()) {
         throw new GraphException("You are not allowed to modify this user's profile", HttpResponse::HTTP_FORBIDDEN);
     }
     $profile_fields = (array) elgg_get_config('profile_fields');
     $access_id = $params->access_id !== null ? $params->access_id : get_default_access($owner);
     $input = array();
     foreach ($profile_fields as $field => $valuetype) {
         // Making sure the consumer has sent these fields with the request
         if (isset($params->{$field}) && $this->request->get($field) !== null) {
             $value = $params->{$field};
             $value = _elgg_html_decode($value);
             if (!is_array($value) && $valuetype != 'longtext' && elgg_strlen($value) > 250) {
                 throw new GraphException(elgg_echo('profile:field_too_long', array(elgg_echo("profile:{$field}")), HttpResponse::HTTP_BAD_REQUEST));
             }
             if ($value && $valuetype == 'url' && !preg_match('~^https?\\://~i', $value)) {
                 $value = "http://{$value}";
             }
             if ($valuetype == 'tags') {
                 $value = string_to_tag_array($value);
             }
             if ($valuetype == 'email' && !empty($value) && !is_email_address($value)) {
                 throw new GraphException(elgg_echo('profile:invalid_email', array(elgg_echo("profile:{$field}"))), HttpResponse::HTTP_BAD_REQUEST);
             }
             $input[$field] = $value;
         }
     }
     // go through custom fields
     if (sizeof($input) > 0) {
         foreach ($input as $shortname => $value) {
             $options = array('guid' => $owner->guid, 'metadata_name' => $shortname, 'limit' => false);
             elgg_delete_metadata($options);
             if (!is_null($value) && $value !== '') {
                 // only create metadata for non empty values (0 is allowed) to prevent metadata records
                 // with empty string values #4858
                 if (is_array($value)) {
                     $i = 0;
                     foreach ($value as $interval) {
                         $i++;
                         $multiple = $i > 1 ? TRUE : FALSE;
                         create_metadata($owner->guid, $shortname, $interval, 'text', $owner->guid, $access_id, $multiple);
                     }
                 } else {
                     create_metadata($owner->getGUID(), $shortname, $value, 'text', $owner->getGUID(), $access_id);
                 }
             }
         }
         $owner->save();
         // Notify of profile update
         elgg_trigger_event('profileupdate', $owner->type, $owner);
     }
     return $this->get($params);
 }
Exemple #2
0
$preview_button = '';
if ($vars['guid']) {
    // add a delete button if editing
    $delete_url = "action/blog/delete?guid={$vars['guid']}";
    $delete_link = elgg_view('output/url', array('href' => $delete_url, 'text' => elgg_echo('delete'), 'class' => 'elgg-button elgg-button-delete float-alt', 'confirm' => true));
}
// published blogs do not get the preview button
if (!$vars['guid'] || $blog && $blog->status != 'published') {
    $preview_button = elgg_view('input/submit', array('value' => elgg_echo('preview'), 'name' => 'preview', 'class' => 'elgg-button-submit mls'));
}
$save_button = elgg_view('input/submit', array('value' => elgg_echo('save'), 'name' => 'save'));
$action_buttons = $save_button . $preview_button . $delete_link;
$title_label = elgg_echo('title');
$title_input = elgg_view('input/text', array('name' => 'title', 'id' => 'blog_title', 'value' => $vars['title']));
$excerpt_label = elgg_echo('blog:excerpt');
$excerpt_input = elgg_view('input/text', array('name' => 'excerpt', 'id' => 'blog_excerpt', 'value' => _elgg_html_decode($vars['excerpt'])));
$body_label = elgg_echo('blog:body');
$body_input = elgg_view('input/longtext', array('name' => 'description', 'id' => 'blog_description', 'value' => $vars['description']));
$save_status = elgg_echo('blog:save_status');
if ($vars['guid']) {
    $entity = get_entity($vars['guid']);
    $saved = date('F j, Y @ H:i', $entity->time_created);
} else {
    $saved = elgg_echo('never');
}
$status_label = elgg_echo('status');
$status_input = elgg_view('input/select', array('name' => 'status', 'id' => 'blog_status', 'value' => $vars['status'], 'options_values' => array('draft' => elgg_echo('status:draft'), 'published' => elgg_echo('status:published'))));
$comments_label = elgg_echo('comments');
$comments_input = elgg_view('input/select', array('name' => 'comments_on', 'id' => 'blog_comments_on', 'value' => $vars['comments_on'], 'options_values' => array('On' => elgg_echo('on'), 'Off' => elgg_echo('off'))));
$tags_label = elgg_echo('tags');
$tags_input = elgg_view('input/tags', array('name' => 'tags', 'id' => 'blog_tags', 'value' => $vars['tags']));
Exemple #3
0
/**
 * wrapper for recursive array walk decoding
 */
function profile_array_decoder(&$v)
{
    $v = _elgg_html_decode($v);
}
Exemple #4
0
<?php

// Upgrade to fix encoding issues on group data: #1963
elgg_set_ignore_access(TRUE);
$params = array('type' => 'group', 'limit' => 0);
$groups = elgg_get_entities($params);
if ($groups) {
    foreach ($groups as $group) {
        $group->name = _elgg_html_decode($group->name);
        $group->description = _elgg_html_decode($group->description);
        $group->briefdescription = _elgg_html_decode($group->briefdescription);
        $group->website = _elgg_html_decode($group->website);
        if ($group->interests) {
            $tags = $group->interests;
            foreach ($tags as $index => $tag) {
                $tags[$index] = _elgg_html_decode($tag);
            }
            $group->interests = $tags;
        }
        $group->save();
    }
}
elgg_set_ignore_access(FALSE);
Exemple #5
0
 /**
  * {@inheritdoc}
  */
 public function put(ParameterBag $params)
 {
     hypeGraph()->logger->vardump('params', $params);
     $user = isset($params->owner_guid) && $params->owner_guid ? get_entity($params->owner_guid) : elgg_get_logged_in_user_entity();
     $group_guid = isset($params->guid) ? $params->guid : 0;
     // allows us to recycle this method from SiteGroups controller
     $is_new_group = $group_guid == 0;
     if ($is_new_group && elgg_get_plugin_setting('limited_groups', 'groups') == 'yes' && !$user->isAdmin()) {
         throw new GraphException(elgg_echo("groups:cantcreate"), 403);
     }
     $group = $group_guid ? get_entity($group_guid) : new ElggGroup();
     if (elgg_instanceof($group, "group") && !$group->canEdit()) {
         throw new GraphException(elgg_echo("groups:cantedit"), 403);
     }
     if (!$is_new_group) {
         foreach ($params as $key => $value) {
             if ($value === null) {
                 $params->{$key} = $group->{$key};
             }
         }
     }
     $input = array();
     foreach (elgg_get_config('group') as $shortname => $valuetype) {
         $input[$shortname] = $params->{$shortname};
         if (is_array($input[$shortname])) {
             array_walk_recursive($input[$shortname], function (&$v) {
                 $v = _elgg_html_decode($v);
             });
         } else {
             $input[$shortname] = _elgg_html_decode($input[$shortname]);
         }
         if ($valuetype == 'tags') {
             $input[$shortname] = string_to_tag_array($input[$shortname]);
         }
     }
     $input = array_filter($input);
     $input['name'] = htmlspecialchars(get_input('name', '', false), ENT_QUOTES, 'UTF-8');
     // Assume we can edit or this is a new group
     if (sizeof($input) > 0) {
         foreach ($input as $shortname => $value) {
             // update access collection name if group name changes
             if (!$is_new_group && $shortname == 'name' && $value != $group->name) {
                 $group_name = html_entity_decode($value, ENT_QUOTES, 'UTF-8');
                 $ac_name = sanitize_string(elgg_echo('groups:group') . ": " . $group_name);
                 $acl = get_access_collection($group->group_acl);
                 if ($acl) {
                     // @todo Elgg api does not support updating access collection name
                     $db_prefix = elgg_get_config('dbprefix');
                     $query = "UPDATE {$db_prefix}access_collections SET name = '{$ac_name}'\n\t\t\t\t\tWHERE id = {$group->group_acl}";
                     update_data($query);
                 }
             }
             if ($value === '') {
                 // The group profile displays all profile fields that have a value.
                 // We don't want to display fields with empty string value, so we
                 // remove the metadata completely.
                 $group->deleteMetadata($shortname);
                 continue;
             }
             $group->{$shortname} = $value;
         }
     }
     // Validate create
     if (!$group->name) {
         throw new GraphException(elgg_echo("groups:notitle"), 400);
     }
     // Set group tool options
     $tool_options = elgg_get_config('group_tool_options');
     if ($tool_options) {
         foreach ($tool_options as $group_option) {
             $option_toggle_name = $group_option->name . "_enable";
             $option_default = $group->{$option_toggle_name} ?: $group_option->default_on ? 'yes' : 'no';
             $group->{$option_toggle_name} = $params->{$option_toggle_name} ?: $option_default;
         }
     }
     // Group membership - should these be treated with same constants as access permissions?
     $is_public_membership = (int) $params->membership == ACCESS_PUBLIC;
     $group->membership = $is_public_membership ? ACCESS_PUBLIC : ACCESS_PRIVATE;
     $group->setContentAccessMode($params->content_access_mode);
     if ($is_new_group) {
         $group->owner_guid = $user->guid;
         $group->access_id = ACCESS_PUBLIC;
     }
     if ($is_new_group) {
         // if new group, we need to save so group acl gets set in event handler
         if (!$group->save()) {
             throw new GraphException(elgg_echo("groups:save_error"));
         }
     }
     if (elgg_get_plugin_setting('hidden_groups', 'groups') == 'yes') {
         $visibility = (int) $params->vis;
         if ($visibility == ACCESS_PRIVATE) {
             // Make this group visible only to group members. We need to use
             // ACCESS_PRIVATE on the form and convert it to group_acl here
             // because new groups do not have acl until they have been saved once.
             $visibility = $group->group_acl;
             // Force all new group content to be available only to members
             $group->setContentAccessMode(ElggGroup::CONTENT_ACCESS_MODE_MEMBERS_ONLY);
         }
         $group->access_id = $visibility;
     }
     if (!$group->save()) {
         throw new GraphException(elgg_echo("groups:save_error"));
     }
     $river_id = false;
     if ($is_new_group) {
         elgg_set_page_owner_guid($group->guid);
         $group->join($user);
         $river_id = elgg_create_river_item(array('view' => 'river/group/create', 'action_type' => 'create', 'subject_guid' => $user->guid, 'object_guid' => $group->guid));
     }
     $return = array('nodes' => array('group' => $group));
     if ($river_id) {
         $river = elgg_get_river(array('ids' => $river_id));
         $return['nodes']['activity'] = $river ? $river[0] : $river_id;
     }
     return $return;
 }