diff options
Diffstat (limited to 'actions/friends')
| -rw-r--r-- | actions/friends/add.php | 4 | ||||
| -rw-r--r-- | actions/friends/collections/add.php | 11 | ||||
| -rw-r--r-- | actions/friends/collections/delete.php | 5 | ||||
| -rw-r--r-- | actions/friends/collections/edit.php | 6 |
4 files changed, 14 insertions, 12 deletions
diff --git a/actions/friends/add.php b/actions/friends/add.php index 7d38674c1..d1800ee14 100644 --- a/actions/friends/add.php +++ b/actions/friends/add.php @@ -9,6 +9,10 @@ // Get the GUID of the user to friend $friend_guid = get_input('friend'); $friend = get_entity($friend_guid); +if (!$friend) { + register_error(elgg_echo('error:missing_data')); + forward(REFERER); +} $errors = false; diff --git a/actions/friends/collections/add.php b/actions/friends/collections/add.php index 8383e4db2..e63a149f7 100644 --- a/actions/friends/collections/add.php +++ b/actions/friends/collections/add.php @@ -2,11 +2,11 @@ /** * Elgg collection add page * - * @package Elgg - * @subpackage Core + * @package Elgg.Core + * @subpackage Friends.Collections */ -$collection_name = get_input('collection_name'); +$collection_name = htmlspecialchars(get_input('collection_name', '', false), ENT_QUOTES, 'UTF-8'); $friends = get_input('friends_collection'); if (!$collection_name) { @@ -20,8 +20,7 @@ if ($id) { $result = update_access_collection($id, $friends); if ($result) { system_message(elgg_echo("friends:collectionadded")); - // go to the collections page - forward("pg/collections/" . get_loggedin_user()->username); + forward("collections/" . elgg_get_logged_in_user_entity()->username); } else { register_error(elgg_echo("friends:nocollectionname")); forward(REFERER); @@ -29,4 +28,4 @@ if ($id) { } else { register_error(elgg_echo("friends:nocollectionname")); forward(REFERER); -} +}
\ No newline at end of file diff --git a/actions/friends/collections/delete.php b/actions/friends/collections/delete.php index 5b0aa8e10..ff8f1fb55 100644 --- a/actions/friends/collections/delete.php +++ b/actions/friends/collections/delete.php @@ -1,10 +1,9 @@ <?php - /** * Elgg friends: delete collection action * - * @package Elgg - * @subpackage Core + * @package Elgg.Core + * @subpackage Friends.Collections */ $collection_id = (int) get_input('collection'); diff --git a/actions/friends/collections/edit.php b/actions/friends/collections/edit.php index 581b21353..9eb5e1eab 100644 --- a/actions/friends/collections/edit.php +++ b/actions/friends/collections/edit.php @@ -1,9 +1,9 @@ <?php /** - * Elgg collection add page + * Friends collection edit action * - * @package Elgg - * @subpackage Core + * @package Elgg.Core + * @subpackage Friends.Collections */ $collection_id = get_input('collection_id'); |