/**
* Upgrade.php can be protected for admins only or with a security code
*
* @return void
*/
function security_tools_protect_upgrade()
{
$setting = elgg_get_plugin_setting("secure_upgrade", "security_tools");
// default the upgrade is protected
if ($setting == "no") {
return;
}
$pass = false;
// check for a security code
$code = get_input("code");
if (!empty($code)) {
$pass = security_tools_validate_upgrade_code($code);
}
if (!$pass) {
elgg_admin_gatekeeper();
}
}
function river_addon_river_page_handler($page)
{
global $CONFIG;
$param = 'friends';
elgg_set_page_owner_guid(elgg_get_logged_in_user_guid());
// make a URL segment available in page handler script
$page_type = elgg_extract(0, $page, $param);
$page_type = preg_replace('[\\W]', '', $page_type);
if ($page_type == 'owner') {
elgg_gatekeeper();
$page_username = elgg_extract(1, $page, '');
if ($page_username == elgg_get_logged_in_user_entity()->username) {
$page_type = 'mine';
} else {
elgg_admin_gatekeeper();
set_input('subject_username', $page_username);
}
}
set_input('page_type', $page_type);
require_once "{$CONFIG->path}pages/river.php";
return true;
}
<?php
$plugin_id = get_input('plugin_id');
$plugin = elgg_get_plugin_from_id($plugin_id);
$filename = get_input('filename');
elgg_admin_gatekeeper();
_elgg_admin_add_plugin_settings_menu();
elgg_unregister_css('elgg');
elgg_load_js('elgg.admin');
elgg_load_js('jquery.jeditable');
elgg_load_library('elgg:markdown');
$error = false;
if (!$plugin) {
$error = elgg_echo('admin:plugins:markdown:unknown_plugin');
$body = elgg_view_layout('admin', array('content' => $error, 'title' => $error));
echo elgg_view_page($error, $body, 'admin');
return true;
}
$text_files = $plugin->getAvailableTextFiles();
if (!array_key_exists($filename, $text_files)) {
$error = elgg_echo('admin:plugins:markdown:unknown_file');
}
$file = $text_files[$filename];
$file_contents = file_get_contents($file);
if (!$file_contents) {
$error = elgg_echo('admin:plugins:markdown:unknown_file');
}
if ($error) {
$title = $error;
$body = elgg_view_layout('admin', array('content' => $error, 'title' => $title));
echo elgg_view_page($title, $body, 'admin');
/**
* Alias of elgg_admin_gatekeeper()
*
* Used at the top of a page to mark it as logged in admin or siteadmin only.
*
* @return void
*/
function admin_gatekeeper()
{
elgg_admin_gatekeeper();
}
/**
* Formats and serves out markdown files from plugins.
*
* URLs in format like admin_plugin_text_file/<plugin_id>/filename.ext
*
* The only valid files are:
* * README.txt
* * CHANGES.txt
* * INSTALL.txt
* * COPYRIGHT.txt
* * LICENSE.txt
*
* @param array $pages
* @return bool
* @access private
*/
function _elgg_admin_markdown_page_handler($pages)
{
elgg_admin_gatekeeper();
_elgg_admin_add_plugin_settings_menu();
elgg_set_context('admin');
elgg_unregister_css('elgg');
elgg_load_js('elgg.admin');
elgg_load_js('jquery.jeditable');
elgg_load_library('elgg:markdown');
$plugin_id = elgg_extract(0, $pages);
$plugin = elgg_get_plugin_from_id($plugin_id);
$filename = elgg_extract(1, $pages);
$error = false;
if (!$plugin) {
$error = elgg_echo('admin:plugins:markdown:unknown_plugin');
$body = elgg_view_layout('admin', array('content' => $error, 'title' => $error));
echo elgg_view_page($error, $body, 'admin');
return true;
}
$text_files = $plugin->getAvailableTextFiles();
if (!array_key_exists($filename, $text_files)) {
$error = elgg_echo('admin:plugins:markdown:unknown_file');
}
$file = $text_files[$filename];
$file_contents = file_get_contents($file);
if (!$file_contents) {
$error = elgg_echo('admin:plugins:markdown:unknown_file');
}
if ($error) {
$title = $error;
$body = elgg_view_layout('admin', array('content' => $error, 'title' => $title));
echo elgg_view_page($title, $body, 'admin');
return true;
}
$title = $plugin->getManifest()->getName() . ": {$filename}";
$text = Markdown($file_contents);
$body = elgg_view_layout('admin', array('content' => '<div class="elgg-markdown">' . $text . '</div>', 'title' => $title));
echo elgg_view_page($title, $body, 'admin');
return true;
}
/**
* Handle admin pages. Expects corresponding views as admin/section/subsection
*
* @param array $page Array of pages
*
* @return bool
* @access private
*/
function _elgg_admin_page_handler($page)
{
elgg_admin_gatekeeper();
_elgg_admin_add_plugin_settings_menu();
elgg_set_context('admin');
elgg_unregister_css('elgg');
elgg_require_js('elgg/admin');
elgg_load_js('jquery.jeditable');
// default to dashboard
if (!isset($page[0]) || empty($page[0])) {
$page = array('dashboard');
}
// was going to fix this in the page_handler() function but
// it's commented to explicitly return a string if there's a trailing /
if (empty($page[count($page) - 1])) {
array_pop($page);
}
$vars = array('page' => $page);
// special page for plugin settings since we create the form for them
if ($page[0] == 'plugin_settings') {
if (isset($page[1]) && (elgg_view_exists("settings/{$page[1]}/edit") || elgg_view_exists("plugins/{$page[1]}/settings"))) {
$view = 'admin/plugin_settings';
$plugin = elgg_get_plugin_from_id($page[1]);
$vars['plugin'] = $plugin;
$title = elgg_echo("admin:{$page[0]}");
} else {
forward('', '404');
}
} else {
$view = 'admin/' . implode('/', $page);
$title = elgg_echo("admin:{$page[0]}");
if (count($page) > 1) {
$title .= ' : ' . elgg_echo('admin:' . implode(':', $page));
}
}
// gets content and prevents direct access to 'components' views
if ($page[0] == 'components' || !($content = elgg_view($view, $vars))) {
$title = elgg_echo('admin:unknown_section');
$content = elgg_echo('admin:unknown_section');
}
$body = elgg_view_layout('admin', array('content' => $content, 'title' => $title));
echo elgg_view_page($title, $body, 'admin');
return true;
}
/**
* Take over the groups page handler in some cases
*
* @param string $hook the name of the hook
* @param string $type the type of the hook
* @param array $return_value current return value
* @param null $params supplied params
*
* @return void|false
*/
public static function groups($hook, $type, $return_value, $params)
{
if (empty($return_value) || !is_array($return_value)) {
return;
}
$resource_loaded = false;
$page = elgg_extract('segments', $return_value);
switch (elgg_extract(0, $page, 'all')) {
case 'all':
// prepare tab listing settings
group_tools_prepare_listing_settings();
break;
case 'suggested':
echo elgg_view_resource('group_tools/groups/suggested');
$resource_loaded = true;
break;
case 'requests':
$subpage = elgg_extract('2', $page);
if (empty($subpage)) {
break;
}
$guid = elgg_extract('1', $page);
if (elgg_view_exists("resources/groups/requests/{$subpage}")) {
elgg_push_breadcrumb(elgg_echo('groups'), "groups/all");
echo elgg_view_resource("groups/requests/{$subpage}", ['guid' => $guid]);
$resource_loaded = true;
}
break;
case 'mail':
echo elgg_view_resource('group_tools/groups/mail', ['group_guid' => (int) elgg_extract('1', $page)]);
$resource_loaded = true;
break;
case 'group_invite_autocomplete':
echo elgg_view_resource('group_tools/groups/group_invite_autocomplete');
$resource_loaded = true;
break;
case 'add':
if (group_tools_is_group_creation_limited()) {
elgg_admin_gatekeeper();
}
break;
case 'related':
$guid = elgg_extract('1', $page);
echo elgg_view_resource('group_tools/groups/related', ['guid' => $guid]);
$resource_loaded = true;
break;
default:
// check if we have an old group profile link
if (isset($page[0]) && is_numeric($page[0])) {
$group = get_entity($page[0]);
if ($group instanceof ElggGroup) {
register_error(elgg_echo('changebookmark'));
forward($group->getURL());
}
}
break;
}
// did we want this page?
if ($resource_loaded) {
// done by resource view
return false;
}
}
/**
* Dispatches blog pages.
* URLs take the form of
* All blogs: blog/all
* User's blogs: blog/owner/<username>
* Friends' blog: blog/friends/<username>
* User's archives: blog/archives/<username>/<time_start>/<time_stop>
* Blog post: blog/view/<guid>/<title>
* New post: blog/add/<guid>
* Edit post: blog/edit/<guid>/<revision>
* Preview post: blog/preview/<guid>
* Group blog: blog/group/<guid>/all
*
* Title is ignored
*
* @todo no archives for all blogs or friends
*
* @param array $page
* @return bool
*/
function page_handler($page)
{
elgg_load_library('elgg:blog');
// push all blogs breadcrumb
elgg_push_breadcrumb(elgg_echo('blog:blogs'), "blog/all");
if (!isset($page[0])) {
$page[0] = 'all';
}
$page_type = $page[0];
switch ($page_type) {
case 'owner':
$user = get_user_by_username($page[1]);
if (!$user || !$user->isAdmin()) {
forward('', '404');
}
$params = blog_get_page_content_list($user->guid);
if (!elgg_is_admin_logged_in()) {
elgg_unregister_menu_item('title', 'add');
}
$params['filter'] = false;
// no need for all/mine/friends anymore
break;
case 'archive':
$user = get_user_by_username($page[1]);
if (!$user || !$user->isAdmin()) {
forward('', '404');
}
$params = blog_get_page_content_archive($user->guid, $page[2], $page[3]);
break;
case 'view':
$params = blog_get_page_content_read($page[1]);
break;
case 'add':
elgg_admin_gatekeeper();
$params = blog_get_page_content_edit($page_type, $page[1]);
break;
case 'edit':
elgg_admin_gatekeeper();
$params = blog_get_page_content_edit($page_type, $page[1], $page[2]);
break;
case 'group':
$group_blogs = (int) elgg_get_plugin_setting('group_blog', PLUGIN_ID);
if (!$group_blogs) {
forward('', '404');
}
$group = get_entity($page[1]);
if (!elgg_instanceof($group, 'group')) {
forward('', '404');
}
if (!isset($page[2]) || $page[2] == 'all') {
$params = blog_get_page_content_list($page[1]);
} else {
$params = blog_get_page_content_archive($page[1], $page[3], $page[4]);
}
if (!elgg_is_admin_logged_in()) {
elgg_unregister_menu_item('title', 'add');
}
break;
case 'all':
$params = blog_get_page_content_list();
if (!elgg_is_admin_logged_in()) {
elgg_unregister_menu_item('title', 'add');
}
$params['filter'] = false;
break;
default:
return false;
}
if (isset($params['sidebar'])) {
$params['sidebar'] .= elgg_view('blog/sidebar', array('page' => $page_type));
} else {
$params['sidebar'] = elgg_view('blog/sidebar', array('page' => $page_type));
}
$body = elgg_view_layout('content', $params);
echo elgg_view_page($params['title'], $body);
return true;
}
