$context = get_input('context');
$show_access = (bool) get_input('show_access', true);
$column = (int) get_input('column', 1);
$default_widgets = (int) get_input('default_widgets', 0);
elgg_set_page_owner_guid($page_owner_guid);
$page_owner = elgg_get_page_owner_entity();
if (!$page_owner) {
return elgg_error_response(elgg_echo('widgets:add:failure'));
}
if (!elgg_can_edit_widget_layout($context)) {
// logged in user must be able to edit the layout to add a widget
return elgg_error_response(elgg_echo('widgets:add:failure'));
}
$guid = elgg_create_widget($page_owner->getGUID(), $handler, $context);
if (!$guid) {
return elgg_error_response(elgg_echo('widgets:add:failure'));
}
$widget = get_entity($guid);
// position the widget
$widget->move($column, 0);
$context_stack = [];
if ($default_widgets) {
$context_stack[] = 'default_widgets';
}
$context_stack[] = 'widgets';
if ($context) {
$context_stack[] = $context;
}
foreach ($context_stack as $ctx) {
elgg_push_context($ctx);
}
/**
* Serve individual views for Ajax.
*
* /ajax/view/<view_name>?<key/value params>
* /ajax/form/<action_name>?<key/value params>
*
* @param string[] $segments URL segments (not including "ajax")
* @return ResponseBuilder
*
* @see elgg_register_ajax_view()
* @elgg_pagehandler ajax
* @access private
*/
function _elgg_ajax_page_handler($segments)
{
elgg_ajax_gatekeeper();
if (count($segments) < 2) {
return false;
}
if ($segments[0] === 'view' || $segments[0] === 'form') {
if ($segments[0] === 'view') {
// ignore 'view/'
$view = implode('/', array_slice($segments, 1));
} else {
// form views start with "forms", not "form"
$view = 'forms/' . implode('/', array_slice($segments, 1));
}
$ajax_api = _elgg_services()->ajax;
$allowed_views = $ajax_api->getViews();
// cacheable views are always allowed
if (!in_array($view, $allowed_views) && !_elgg_services()->views->isCacheableView($view)) {
return elgg_error_response("Ajax view '{$view}' was not registered", REFERRER, ELGG_HTTP_FORBIDDEN);
}
// pull out GET parameters through filter
$vars = array();
foreach (_elgg_services()->request->query->keys() as $name) {
$vars[$name] = get_input($name);
}
if (isset($vars['guid'])) {
$vars['entity'] = get_entity($vars['guid']);
}
$content_type = '';
if ($segments[0] === 'view') {
$output = elgg_view($view, $vars);
// Try to guess the mime-type
switch ($segments[1]) {
case "js":
$content_type = 'text/javascript;charset=utf-8';
break;
case "css":
$content_type = 'text/css;charset=utf-8';
break;
default:
if (_elgg_services()->views->isCacheableView($view)) {
$file = _elgg_services()->views->findViewFile($view, elgg_get_viewtype());
$content_type = (new \Elgg\Filesystem\MimeTypeDetector())->getType($file, 'text/html');
}
break;
}
} else {
$action = implode('/', array_slice($segments, 1));
$output = elgg_view_form($action, array(), $vars);
}
if ($content_type) {
elgg_set_http_header("Content-Type: {$content_type}");
}
return elgg_ok_response($output);
}
return false;
}
// they provided.
elgg_get_session()->set('forgotpassword:hash_missing', get_input('username'));
$output = ['forward' => 'forgotpassword'];
return elgg_ok_response($output, '', 'forgotpassword');
}
return elgg_error_response($result);
}
if (!$user) {
return elgg_error_response(elgg_echo('login:baduser'));
}
try {
login($user, $persistent);
// re-register at least the core language file for users with language other than site default
register_translations(dirname(dirname(__FILE__)) . "/languages/");
} catch (LoginException $e) {
return elgg_error_response($e->getMessage());
}
// elgg_echo() caches the language and does not provide a way to change the language.
// @todo we need to use the config object to store this so that the current language
// can be changed. Refs #4171
if ($user->language) {
$message = elgg_echo('loginok', array(), $user->language);
} else {
$message = elgg_echo('loginok');
}
// clear after login in case login fails
$session->remove('last_forward_from');
$params = array('user' => $user, 'source' => $forward_source);
$forward_url = elgg_trigger_plugin_hook('login:forward', 'user', $params, $forward_url);
$output = ['forward' => $forward_url];
return elgg_ok_response($output, $message, $forward_url);
<?php
$guid = (int) get_input('guid');
$type = get_input('type');
$key = get_input('key');
$show_hidden = access_show_hidden_entities(true);
$entity = get_entity($guid);
if (empty($entity) || empty($type) || $key === null) {
access_show_hidden_entities($show_hidden);
return elgg_error_response(elgg_echo('error:missing_data'));
}
if (!$entity->canEdit()) {
access_show_hidden_entities($show_hidden);
return elgg_error_response(elgg_echo('action:unauthorized'));
}
switch ($type) {
case 'entity':
if (!$entity instanceof ElggSite) {
$entity->delete();
}
break;
case 'metadata':
unset($entity->{$key});
break;
case 'relationship':
get_relationship($key)->delete();
break;
case 'private_setting':
$entity->removePrivateSetting($key);
break;
}
<?php
/**
* Elgg Message board: delete message action
*
* @package ElggMessageBoard
*/
$annotation_id = (int) get_input('annotation_id');
$message = elgg_get_annotation_from_id($annotation_id);
$ok_output = ['deleted' => $message->toObject()];
if ($message && $message->canEdit() && $message->delete()) {
return elgg_ok_response($ok_output, elgg_echo('messageboard:deleted'));
}
return elgg_error_response(elgg_echo('messageboard:notdeleted'));
<?php
$output = get_input('output');
$forward_url = get_input('forward_url');
$forward_reason = (int) get_input('forward_reason', ELGG_HTTP_OK);
$system_message = get_input('system_message');
$error_message = get_input('error_message');
if ($forward_url == '-1') {
$forward_url = REFERRER;
}
if ($forward_reason == ELGG_HTTP_OK && !$error_message) {
return elgg_ok_response($output, $system_message, $forward_url, $forward_reason);
} else {
if ($forward_reason == ELGG_HTTP_BAD_REQUEST || $error_message) {
return elgg_error_response($error_message, $forward_url, $forward_reason);
} else {
if ($forward_reason == ELGG_HTTP_FOUND) {
return elgg_redirect_response($forward_url);
}
}
}
<?php
/**
* Runs batch upgrades
*/
$guid = get_input('guid');
$upgrade = get_entity($guid);
try {
if (!$upgrade instanceof \ElggUpgrade) {
throw new RuntimeException(elgg_echo('admin:upgrades:error:invalid_upgrade', [$entity->title, $guid]));
}
$result = _elgg_services()->batchUpgrader->run($upgrade);
return elgg_ok_response($result);
} catch (RuntimeException $ex) {
return elgg_error_response($ex->getMessage(), REFERRER, ELGG_HTTP_INTERNAL_SERVER_ERROR);
}
<?php
/**
* Elgg Message board: add message action
*
* @package ElggMessageBoard
*/
$message_content = get_input('message_content');
$owner_guid = (int) get_input('owner_guid');
$owner = get_user($owner_guid);
if (!$owner || empty($message_content)) {
return elgg_error_response(elgg_echo('messageboard:blank'));
}
$result = messageboard_add(elgg_get_logged_in_user_entity(), $owner, $message_content, $owner->access_id);
if (!$result) {
return elgg_error_response(elgg_echo('messageboard:failure'));
}
$output = elgg_list_annotations(['annotations_name' => 'messageboard', 'guid' => $owner->guid, 'pagination' => false, 'reverse_order_by' => true, 'limit' => 1]);
return elgg_ok_response($output, elgg_echo('messageboard:posted'));
continue;
}
if (get_user_by_email($email)) {
$error = true;
$already_members[] = $email;
continue;
}
$link = elgg_get_registration_url(array('friend_guid' => $current_user->guid, 'invitecode' => generate_invite_code($current_user->username)));
$message = elgg_echo('invitefriends:email', array($site->name, $current_user->name, $emailmessage, $link));
$subject = elgg_echo('invitefriends:subject', array($site->getDisplayName()));
// create the from address
if ($site->email) {
$from = $site->email;
} else {
$from = 'noreply@' . $site->getDomain();
}
elgg_send_email($from, $email, $subject, $message);
$sent_total++;
}
if ($error) {
register_error(elgg_echo('invitefriends:invitations_sent', array($sent_total)));
if (count($bad_emails) > 0) {
register_error(elgg_echo('invitefriends:email_error', array(implode(', ', $bad_emails))));
}
if (count($already_members) > 0) {
register_error(elgg_echo('invitefriends:already_members', array(implode(', ', $already_members))));
}
return elgg_error_response();
}
elgg_clear_sticky_form('invitefriends');
return elgg_ok_response('', elgg_echo('invitefriends:success'));
<?php
/**
* Elgg widget delete action
*
* @package Elgg.Core
* @subpackage Widgets.Management
*/
$widget_guid = (int) get_input('widget_guid');
$widget = get_entity($widget_guid);
if (!$widget instanceof \ElggWidget) {
return elgg_error_response(elgg_echo('widgets:remove:failure'));
}
elgg_set_page_owner_guid($widget->getContainerGUID());
if (!elgg_can_edit_widget_layout($widget->context)) {
return elgg_error_response(elgg_echo('widgets:remove:failure'));
}
if (!$widget->delete()) {
return elgg_error_response(elgg_echo('widgets:remove:failure'));
}
return elgg_ok_response();
/**
* @group AjaxService
*/
public function testCanFilterResponseToAjax2ViewRequestForARegisteredFormView()
{
$this->hooks->registerHandler('response', 'form:query_view', function ($hook, $type, $response, $params) {
$this->assertEquals('response', $hook);
$this->assertEquals('form:query_view', $type);
$this->assertEquals($response, $params);
$this->assertInstanceOf(OkResponse::class, $response);
return elgg_error_response('good bye', REFERRER, ELGG_HTTP_BAD_REQUEST);
});
$vars = ['query_value' => 'hello'];
$this->request = $this->prepareHttpRequest('ajax/form/query_view', 'GET', $vars, 2);
$this->createService();
elgg_register_ajax_view('form/query_view');
$this->route();
$response = _elgg_services()->responseFactory->getSentResponse();
$this->assertInstanceOf(Response::class, $response);
$this->assertEquals(ELGG_HTTP_BAD_REQUEST, $response->getStatusCode());
$this->assertContains('application/json', $response->headers->get('Content-Type'));
$output = json_encode(['error' => 'good bye'], ELGG_JSON_ENCODING);
$this->assertEquals($output, $response->getContent());
}
