1 files changed, 60 insertions, 34 deletions

diff --git a/engine/lib/pageowner.php b/engine/lib/pageowner.php
index c9e85d22f..bd63d08c6 100644
--- a/engine/lib/pageowner.php
+++ b/engine/lib/pageowner.php
@@ -29,7 +29,9 @@ function elgg_get_page_owner_guid($guid = 0) {
 	// return guid of page owner entity
 	$guid = elgg_trigger_plugin_hook('page_owner', 'system', NULL, 0);
 
-	$page_owner_guid = $guid;
+	if ($guid) {
+		$page_owner_guid = $guid;
+	}
 
 	return $guid;
 }
@@ -37,24 +39,30 @@ function elgg_get_page_owner_guid($guid = 0) {
 /**
  * Gets the owner entity for the current page.
  *
- * @return ElggEntity|false The current page owner or false if none.
+ * @note Access is disabled when getting the page owner entity.
+ *
+ * @return ElggUser|ElggGroup|false The current page owner or false if none.
  *
  * @since 1.8.0
  */
 function elgg_get_page_owner_entity() {
 	$guid = elgg_get_page_owner_guid();
 	if ($guid > 0) {
-		return get_entity($guid);
+		$ia = elgg_set_ignore_access(true);
+		$owner = get_entity($guid);
+		elgg_set_ignore_access($ia);
+
+		return $owner;
 	}
 
-	return FALSE;
+	return false;
 }
 
 /**
  * Set the guid of the entity that owns this page
  *
  * @param int $guid The guid of the page owner
- *
+ * @return void
  * @since 1.8.0
  */
 function elgg_set_page_owner_guid($guid) {
@@ -68,12 +76,14 @@ function elgg_set_page_owner_guid($guid) {
  * parameter. The request parameters used are 'username' and 'owner_guid'. If
  * the page request is going through the page handling system, this function
  * attempts to figure out the owner if the url fits the patterns of:
- *   pg/<handler>/owner/<username>
- *   pg/<handler>/friends/<username>
- *   pg/<handler>/view/<entity guid>
- *   pg/<handler>/add/<container guid>
- *   pg/<handler>/edit/<entity guid>
- *   pg/<handler>/group/<group guid>
+ *   <handler>/owner/<username>
+ *   <handler>/friends/<username>
+ *   <handler>/view/<entity guid>
+ *   <handler>/add/<container guid>
+ *   <handler>/edit/<entity guid>
+ *   <handler>/group/<group guid>
+ *
+ * @note Access is disabled while finding the page owner for the group gatekeeper functions.
  *
  *
  * @param string $hook        'page_owner'
@@ -82,6 +92,7 @@ function elgg_set_page_owner_guid($guid) {
  * @param array  $params      no parameters
  *
  * @return int GUID
+ * @access private
  */
 function default_page_owner_handler($hook, $entity_type, $returnvalue, $params) {
 
@@ -89,6 +100,8 @@ function default_page_owner_handler($hook, $entity_type, $returnvalue, $params)
 		return $returnvalue;
 	}
 
+	$ia = elgg_set_ignore_access(true);
+
 	$username = get_input("username");
 	if ($username) {
 		// @todo using a username of group:<guid> is deprecated
@@ -96,11 +109,13 @@ function default_page_owner_handler($hook, $entity_type, $returnvalue, $params)
 			preg_match('/group\:([0-9]+)/i', $username, $matches);
 			$guid = $matches[1];
 			if ($entity = get_entity($guid)) {
+				elgg_set_ignore_access($ia);
 				return $entity->getGUID();
 			}
 		}
 
 		if ($user = get_user_by_username($username)) {
+			elgg_set_ignore_access($ia);
 			return $user->getGUID();
 		}
 	}
@@ -108,42 +123,45 @@ function default_page_owner_handler($hook, $entity_type, $returnvalue, $params)
 	$owner = get_input("owner_guid");
 	if ($owner) {
 		if ($user = get_entity($owner)) {
+			elgg_set_ignore_access($ia);
 			return $user->getGUID();
 		}
 	}
 
-	$uri = $_SERVER['REQUEST_URI'];
-	// ignore the query
-	$parts = parse_url($uri);
-
-	if ($parts && isset($parts['path'])) {
-		$path = $parts['path'];
-	} else {
-		return $returnvalue;
+	// ignore root and query
+	$uri = current_page_url();
+	$path = str_replace(elgg_get_site_url(), '', $uri);
+	$path = trim($path, "/");
+	if (strpos($path, "?")) {
+		$path = substr($path, 0, strpos($path, "?"));
 	}
 
-	if (strpos($path, '/pg') === 0) {
+	// @todo feels hacky
+	if (get_input('page', FALSE)) {
 		$segments = explode('/', $path);
-		if (isset($segments[3]) && isset($segments[4])) {
-			switch ($segments[3]) {
+		if (isset($segments[1]) && isset($segments[2])) {
+			switch ($segments[1]) {
 				case 'owner':
 				case 'friends':
-					$user = get_user_by_username($segments[4]);
+					$user = get_user_by_username($segments[2]);
 					if ($user) {
+						elgg_set_ignore_access($ia);
 						return $user->getGUID();
 					}
 					break;
 				case 'view':
 				case 'edit':
-					$entity = get_entity($segments[4]);
+					$entity = get_entity($segments[2]);
 					if ($entity) {
+						elgg_set_ignore_access($ia);
 						return $entity->getContainerGUID();
 					}
 					break;
 				case 'add':
 				case 'group':
-					$entity = get_entity($segments[4]);
+					$entity = get_entity($segments[2]);
 					if ($entity) {
+						elgg_set_ignore_access($ia);
 						return $entity->getGUID();
 					}
 					break;
@@ -151,7 +169,7 @@ function default_page_owner_handler($hook, $entity_type, $returnvalue, $params)
 		}
 	}
 
-	return $returnvalue;
+	elgg_set_ignore_access($ia);
 }
 
 /**
@@ -162,8 +180,8 @@ function default_page_owner_handler($hook, $entity_type, $returnvalue, $params)
  * output could be different for those two contexts ('blog' vs 'widget').
  *
  * Pages that pass through the page handling system set the context to the
- * first string after 'pg'. Example: http://elgg.org/pg/bookmarks/ results in
- * the initial context being set to 'bookmarks'.
+ * first string after the root url. Example: http://example.org/elgg/bookmarks/ 
+ * results in the initial context being set to 'bookmarks'.
  *
  * The context is a stack so that for a widget on a profile, the context stack
  * may contain first 'profile' and then 'widget'.
@@ -173,7 +191,7 @@ function default_page_owner_handler($hook, $entity_type, $returnvalue, $params)
  * @warning The context is not available until the page_handler runs (after
  * the 'init, system' event processing has completed).
  *
- * @param  string $context The context of the page
+ * @param string $context The context of the page
  * @return bool
  * @since 1.8.0
  */
@@ -205,6 +223,10 @@ function elgg_set_context($context) {
 function elgg_get_context() {
 	global $CONFIG;
 
+	if (!$CONFIG->context) {
+		return null;
+	}
+
 	return $CONFIG->context[count($CONFIG->context) - 1];
 }
 
@@ -212,6 +234,7 @@ function elgg_get_context() {
  * Push a context onto the top of the stack
  *
  * @param string $context The context string to add to the context stack
+ * @return void
  * @since 1.8.0
  */
 function elgg_push_context($context) {
@@ -240,7 +263,7 @@ function elgg_pop_context() {
  * itself differently based on being on the dashboard or profile pages, it
  * can check the stack.
  *
- * @param  string $context The context string to check for
+ * @param string $context The context string to check for
  * @return bool
  * @since 1.8.0
  */
@@ -256,15 +279,18 @@ function elgg_in_context($context) {
  * @note This is on the 'boot, system' event so that the context is set up quickly.
  *
  * @return void
+ * @access private
  */
 function page_owner_boot() {
-	global $CONFIG;
 	
 	elgg_register_plugin_hook_handler('page_owner', 'system', 'default_page_owner_handler');
 
-	$CONFIG->context = array();
-	if (preg_match("/\/pg\/([\w\-\_]+)/", $_SERVER['REQUEST_URI'], $matches)) {
-		elgg_set_context($matches[1]);
+	// Bootstrap the context stack by setting its first entry to the handler.
+	// This is the first segment of the URL and the handler is set by the rewrite rules.
+	// @todo this does not work for actions
+	$handler = get_input('handler', FALSE);
+	if ($handler) {
+		elgg_set_context($handler);
 	}
 }