/** * Perform an action. * * This function executes the action with name $action as registered * by {@link elgg_register_action()}. * * The plugin hook 'action', $action_name will be triggered before the action * is executed. If a handler returns false, it will prevent the action script * from being called. * * @note If an action isn't registered in the system or is registered * to an unavailable file the user will be forwarded to the site front * page and an error will be emitted via {@link register_error()}. * * @warning All actions require {@link http://docs.elgg.org/Actions/Tokens Action Tokens}. * * @param string $action The requested action * @param string $forwarder Optionally, the location to forward to * * @link http://docs.elgg.org/Actions * @see elgg_register_action() * * @return void * @access private */ function action($action, $forwarder = "") { global $CONFIG; $action = rtrim($action, '/'); // @todo REMOVE THESE ONCE #1509 IS IN PLACE. // Allow users to disable plugins without a token in order to // remove plugins that are incompatible. // Login and logout are for convenience. // file/download (see #2010) $exceptions = array('admin/plugins/disable', 'logout', 'login', 'file/download'); if (!in_array($action, $exceptions)) { // All actions require a token. action_gatekeeper(); } $forwarder = str_replace(elgg_get_site_url(), "", $forwarder); $forwarder = str_replace("http://", "", $forwarder); $forwarder = str_replace("@", "", $forwarder); if (substr($forwarder, 0, 1) == "/") { $forwarder = substr($forwarder, 1); } if (isset($CONFIG->actions[$action])) { if (elgg_is_admin_logged_in() || $CONFIG->actions[$action]['access'] !== 'admin') { if (elgg_is_logged_in() || $CONFIG->actions[$action]['access'] === 'public') { // Trigger action event // @todo This is only called before the primary action is called. $event_result = true; $event_result = elgg_trigger_plugin_hook('action', $action, null, $event_result); // Include action // Event_result being false doesn't produce an error // since i assume this will be handled in the hook itself. // @todo make this better! if ($event_result) { if (!(include $CONFIG->actions[$action]['file'])) { register_error(elgg_echo('actionnotfound', array($action))); } } } else { register_error(elgg_echo('actionloggedout')); } } else { register_error(elgg_echo('actionunauthorized')); } } else { register_error(elgg_echo('actionundefined', array($action))); } if (!empty($forwarder)) { forward($forwarder); } else { forward(REFERER); } }
/** * Loads an action script, if it exists, then forwards elsewhere * * @param string $action The requested action * @param string $forwarder Optionally, the location to forward to */ function action($action, $forwarder = "") { global $CONFIG; // set GET params elgg_set_input_from_uri(); // @todo REMOVE THESE ONCE #1509 IS IN PLACE. // Allow users to disable plugins without a token in order to // remove plugins that are imcompatible. // Installation cannot use tokens because it requires site secret to be // working. (#1462) // Login and logout are for convenience. $exceptions = array('systemsettings/install', 'admin/plugins/disable', 'logout', 'login'); if (!in_array($action, $exceptions)) { // All actions require a token. action_gatekeeper(); } $forwarder = str_replace($CONFIG->url, "", $forwarder); $forwarder = str_replace("http://", "", $forwarder); $forwarder = str_replace("@", "", $forwarder); if (substr($forwarder, 0, 1) == "/") { $forwarder = substr($forwarder, 1); } if (isset($CONFIG->actions[$action])) { if (isadminloggedin() || !$CONFIG->actions[$action]['admin']) { if ($CONFIG->actions[$action]['public'] || $_SESSION['id'] != -1) { // Trigger action event TODO: This is only called before the primary action is called. We need to rethink actions for 1.5 $event_result = true; $event_result = trigger_plugin_hook('action', $action, null, $event_result); // Include action // Event_result being false doesn't produce an error - // since i assume this will be handled in the hook itself. // TODO make this better! if ($event_result) { if (!(include $CONFIG->actions[$action]['file'])) { register_error(sprintf(elgg_echo('actionundefined'), $action)); } } } else { register_error(elgg_echo('actionloggedout')); } } } else { register_error(sprintf(elgg_echo('actionundefined'), $action)); } forward($CONFIG->url . $forwarder); }
/** * @see action * @access private */ public function execute($action, $forwarder = "") { $action = rtrim($action, '/'); $this->currentAction = $action; // @todo REMOVE THESE ONCE #1509 IS IN PLACE. // Allow users to disable plugins without a token in order to // remove plugins that are incompatible. // Login and logout are for convenience. // file/download (see #2010) $exceptions = array('admin/plugins/disable', 'logout', 'file/download'); if (!in_array($action, $exceptions)) { // All actions require a token. action_gatekeeper($action); } $forwarder = str_replace(_elgg_services()->config->getSiteUrl(), "", $forwarder); $forwarder = str_replace("http://", "", $forwarder); $forwarder = str_replace("@", "", $forwarder); if (substr($forwarder, 0, 1) == "/") { $forwarder = substr($forwarder, 1); } if (!isset($this->actions[$action])) { register_error(_elgg_services()->translator->translate('actionundefined', array($action))); } elseif (!_elgg_services()->session->isAdminLoggedIn() && $this->actions[$action]['access'] === 'admin') { register_error(_elgg_services()->translator->translate('actionunauthorized')); } elseif (!_elgg_services()->session->isLoggedIn() && $this->actions[$action]['access'] !== 'public') { register_error(_elgg_services()->translator->translate('actionloggedout')); } else { // To quietly cancel the action file, return a falsey value in the "action" hook. if (_elgg_services()->hooks->trigger('action', $action, null, true)) { if (is_file($this->actions[$action]['file']) && is_readable($this->actions[$action]['file'])) { self::includeFile($this->actions[$action]['file']); } else { register_error(_elgg_services()->translator->translate('actionnotfound', array($action))); } } } $forwarder = empty($forwarder) ? REFERER : $forwarder; forward($forwarder); }
/** * @see action * @access private */ public function execute($action, $forwarder = "") { $action = rtrim($action, '/'); $this->currentAction = $action; // @todo REMOVE THESE ONCE #1509 IS IN PLACE. // Allow users to disable plugins without a token in order to // remove plugins that are incompatible. // Login and logout are for convenience. // file/download (see #2010) $exceptions = array('admin/plugins/disable', 'logout', 'file/download'); if (!in_array($action, $exceptions)) { // All actions require a token. action_gatekeeper($action); } $forwarder = str_replace(elgg_get_site_url(), "", $forwarder); $forwarder = str_replace("http://", "", $forwarder); $forwarder = str_replace("@", "", $forwarder); if (substr($forwarder, 0, 1) == "/") { $forwarder = substr($forwarder, 1); } if (!isset($this->actions[$action])) { register_error(elgg_echo('actionundefined', array($action))); } elseif (!elgg_is_admin_logged_in() && $this->actions[$action]['access'] === 'admin') { register_error(elgg_echo('actionunauthorized')); } elseif (!elgg_is_logged_in() && $this->actions[$action]['access'] !== 'public') { register_error(elgg_echo('actionloggedout')); } else { // Returning falsy doesn't produce an error // We assume this will be handled in the hook itself. if (elgg_trigger_plugin_hook('action', $action, null, true)) { if (!(include $this->actions[$action]['file'])) { register_error(elgg_echo('actionnotfound', array($action))); } } } $forwarder = empty($forwarder) ? REFERER : $forwarder; forward($forwarder); }
<?php /** * Profile Manager * * jQuery Profile Field change category * * @package profile_manager * @author ColdTrick IT Solutions * @copyright Coldtrick IT Solutions 2009 * @link http://www.coldtrick.com/ */ global $CONFIG; action_gatekeeper(); admin_gatekeeper(); $guid = get_input("guid"); $category_guid = get_input("category_guid"); if (!empty($guid)) { $entity = get_entity($guid); if ($entity->getSubtype() == CUSTOM_PROFILE_FIELDS_PROFILE_SUBTYPE || $entity->getSubtype() == CUSTOM_PROFILE_FIELDS_GROUP_SUBTYPE) { if (!empty($category_guid)) { $entity->category_guid = $category_guid; } else { unset($entity->category_guid); } echo "true"; } } exit;
/** * Handles graph requests * * /graph/<node>[/<edge>] * * @param array $segments URL segments * @return bool */ public function pageHandler($segments) { elgg_register_plugin_hook_handler('debug', 'log', array($this->logger, 'debugLogHandler')); error_reporting(E_ALL); set_error_handler(array($this->logger, 'errorHandler')); set_exception_handler(array($this->logger, 'exceptionHandler')); try { if ($this->request->getUrlSegments()[0] == 'services') { elgg_trigger_plugin_hook('auth', 'graph'); } else { // graph page handler is being accessed directly, and not routed to from services // check csrf tokens action_gatekeeper(''); if ($this->request->getMethod() != HttpRequest::METHOD_GET) { elgg_gatekeeper(); } } elgg_set_context('services'); elgg_push_context('api'); elgg_push_context('graph'); $viewtype = $this->mapViewtype(); $endpoint = implode('/', $segments); if (!elgg_is_registered_viewtype($viewtype)) { $viewtype = 'json'; } elgg_set_viewtype($viewtype); $result = $this->route($endpoint); } catch (Exception $ex) { $result = new ErrorResult($ex->getMessage(), $ex->getCode(), $ex); } $this->send($result); return true; }
/** * Elgg welcome plugin change user email action * * @author Gerard Kanters * @author Wouter van Os * @author Juho Jaakkola * * @website https://www.centillien.com * * @copyright Centillien 2016 */ if (elgg_get_user_validation_status($user->guid) == false) { register_error(elgg_echo('notallowed')); return; } action_gatekeeper('change_user_email'); // Set access status to perform needed operation $access_status = access_get_show_hidden_status(); access_show_hidden_entities(true); // Get user guid $user_guid = (int) get_input('user_guid'); $new_email = get_input('new_email'); // Check if user guid is provided if (!empty($user_guid) && !empty($new_email)) { $user = get_entity($user_guid); // Check if user exists if (elgg_instanceof($user, 'user')) { // Check if provided email address is valid if (validate_email_address($new_email)) { elgg_set_ignore_access(true); elgg_override_permissions(true);