/**
* Delete the annotation.
*
* @return bool
*/
public function delete()
{
$result = _elgg_delete_metastring_based_object_by_id($this->id, 'annotation');
if ($result) {
_elgg_delete_river(array('annotation_id' => $this->id));
}
return $result;
}
/**
* Deletes the entity.
*
* Removes the entity and its metadata, annotations, relationships,
* river entries, and private data.
*
* Optionally can remove entities contained and owned by this entity.
*
* @warning If deleting recursively, this bypasses ownership of items contained by
* the entity. That means that if the container_guid = $this->guid, the item will
* be deleted regardless of who owns it.
*
* @param bool $recursive If true (default) then all entities which are
* owned or contained by $this will also be deleted.
*
* @return bool
*/
public function delete($recursive = true)
{
$guid = $this->guid;
if (!$guid) {
return false;
}
// first check if we can delete this entity
// NOTE: in Elgg <= 1.10.3 this was after the delete event,
// which could potentially remove some content if the user didn't have access
if (!$this->canDelete()) {
return false;
}
// now trigger an event to let others know this entity is about to be deleted
// so they can prevent it or take their own actions
if (!_elgg_services()->events->trigger('delete', $this->type, $this)) {
return false;
}
if ($this instanceof ElggUser) {
// ban to prevent using the site during delete
_elgg_services()->usersTable->markBanned($this->guid, true);
}
// Delete contained owned and otherwise releated objects (depth first)
if ($recursive) {
// Temporarily overriding access controls
$entity_disable_override = access_get_show_hidden_status();
access_show_hidden_entities(true);
$ia = elgg_set_ignore_access(true);
// @todo there was logic in the original code that ignored
// entities with owner or container guids of themselves.
// this should probably be prevented in \ElggEntity instead of checked for here
$options = array('wheres' => array("((container_guid = {$guid} OR owner_guid = {$guid})" . " AND guid != {$guid})"), 'limit' => 0);
$batch = new \ElggBatch('elgg_get_entities', $options);
$batch->setIncrementOffset(false);
foreach ($batch as $e) {
$e->delete(true);
}
access_show_hidden_entities($entity_disable_override);
elgg_set_ignore_access($ia);
}
$entity_disable_override = access_get_show_hidden_status();
access_show_hidden_entities(true);
$ia = elgg_set_ignore_access(true);
// Now delete the entity itself
$this->deleteMetadata();
$this->deleteOwnedMetadata();
$this->deleteAnnotations();
$this->deleteOwnedAnnotations();
$this->deleteRelationships();
$this->deleteAccessCollectionMemberships();
$this->deleteOwnedAccessCollections();
access_show_hidden_entities($entity_disable_override);
elgg_set_ignore_access($ia);
_elgg_delete_river(array('subject_guid' => $guid));
_elgg_delete_river(array('object_guid' => $guid));
_elgg_delete_river(array('target_guid' => $guid));
remove_all_private_settings($guid);
_elgg_invalidate_cache_for_entity($guid);
_elgg_invalidate_memcache_for_entity($guid);
$dbprefix = elgg_get_config('dbprefix');
$sql = "\n\t\t\tDELETE FROM {$dbprefix}entities\n\t\t\tWHERE guid = :guid\n\t\t";
$params = [':guid' => $guid];
$deleted = $this->getDatabase()->deleteData($sql, $params);
if ($deleted && in_array($this->type, ['object', 'user', 'group', 'site'])) {
// delete from type-specific subtable
$sql = "\n\t\t\t\tDELETE FROM {$dbprefix}{$this->type}s_entity\n\t\t\t\tWHERE guid = :guid\n\t\t\t";
$this->getDatabase()->deleteData($sql, $params);
}
_elgg_clear_entity_files($this);
return (bool) $deleted;
}
<?php
/**
* Avatar upload action
*/
$guid = get_input('guid');
$owner = get_entity($guid);
if (!$owner || !$owner instanceof ElggUser || !$owner->canEdit()) {
register_error(elgg_echo('avatar:upload:fail'));
forward(REFERER);
}
$error = elgg_get_friendly_upload_error($_FILES['avatar']['error']);
if ($error) {
register_error($error);
forward(REFERER);
}
if (!$owner->saveIconFromUploadedFile('avatar')) {
register_error(elgg_echo('avatar:resize:fail'));
forward(REFERER);
}
if (elgg_trigger_event('profileiconupdate', $owner->type, $owner)) {
system_message(elgg_echo("avatar:upload:success"));
$view = 'river/user/default/profileiconupdate';
_elgg_delete_river(array('subject_guid' => $owner->guid, 'view' => $view));
elgg_create_river_item(array('view' => $view, 'action_type' => 'update', 'subject_guid' => $owner->guid, 'object_guid' => $owner->guid));
}
forward(REFERER);
public function testDeprecatedDeleteRiverFunctionBypassesEventsPerms()
{
$entity = $this->getSomeEntity();
$params = array('view' => 'river/relationship/friend/create', 'action_type' => 'create', 'subject_guid' => $entity->guid, 'object_guid' => $entity->guid);
$id = elgg_create_river_item($params);
$fired = false;
$handler = function () use(&$fired) {
$fired = true;
};
elgg_register_plugin_hook_handler('permissions_check:delete', 'river', $handler);
elgg_register_event_handler('delete:before', 'river', $handler);
elgg_register_event_handler('delete:after', 'river', $handler);
_elgg_delete_river(['id' => $id]);
elgg_unregister_plugin_hook_handler('permissions_check:delete', 'river', $handler);
elgg_unregister_event_handler('delete:before', 'river', $handler);
elgg_unregister_event_handler('delete:after', 'river', $handler);
$this->assertFalse($fired);
}
if (!$new_post && $revision_text) {
$blog->annotate('blog_revision', $revision_text);
}
system_message(elgg_echo('blog:message:saved'));
$status = $blog->status;
// add to river if changing status or published, regardless of new post
// because we remove it for drafts.
if (($new_post || $old_status == 'draft') && $status == 'published') {
elgg_create_river_item(array('view' => 'river/object/blog/create', 'action_type' => 'create', 'subject_guid' => $blog->owner_guid, 'object_guid' => $blog->getGUID()));
elgg_trigger_event('publish', 'object', $blog);
// reset the creation time for posts that move from draft to published
if ($guid) {
$blog->time_created = time();
$blog->save();
}
} elseif ($old_status == 'published' && $status == 'draft') {
_elgg_delete_river(array('object_guid' => $blog->guid, 'action_type' => 'create'));
}
if ($blog->status == 'published' || $save == false) {
forward($blog->getURL());
} else {
forward("blog/edit/{$blog->guid}");
}
} else {
register_error(elgg_echo('blog:error:cannot_save'));
forward($error_forward_url);
}
} else {
register_error($error);
forward($error_forward_url);
}