aboutsummaryrefslogtreecommitdiff
path: root/mod/file/pages
diff options
context:
space:
mode:
Diffstat (limited to 'mod/file/pages')
-rw-r--r--mod/file/pages/file/download.php38
-rw-r--r--mod/file/pages/file/edit.php1
-rw-r--r--mod/file/pages/file/friends.php6
-rw-r--r--mod/file/pages/file/owner.php18
-rw-r--r--mod/file/pages/file/search.php30
-rw-r--r--mod/file/pages/file/upload.php3
-rw-r--r--mod/file/pages/file/view.php17
-rw-r--r--mod/file/pages/file/world.php10
8 files changed, 91 insertions, 32 deletions
diff --git a/mod/file/pages/file/download.php b/mod/file/pages/file/download.php
new file mode 100644
index 000000000..76c1f1272
--- /dev/null
+++ b/mod/file/pages/file/download.php
@@ -0,0 +1,38 @@
+<?php
+/**
+ * Elgg file download.
+ *
+ * @package ElggFile
+ */
+
+// Get the guid
+$file_guid = get_input("guid");
+
+// Get the file
+$file = get_entity($file_guid);
+if (!$file) {
+ register_error(elgg_echo("file:downloadfailed"));
+ forward();
+}
+
+$mime = $file->getMimeType();
+if (!$mime) {
+ $mime = "application/octet-stream";
+}
+
+$filename = $file->originalfilename;
+
+// fix for IE https issue
+header("Pragma: public");
+
+header("Content-type: $mime");
+if (strpos($mime, "image/") !== false || $mime == "application/pdf") {
+ header("Content-Disposition: inline; filename=\"$filename\"");
+} else {
+ header("Content-Disposition: attachment; filename=\"$filename\"");
+}
+
+ob_clean();
+flush();
+readfile($file->getFilenameOnFilestore());
+exit;
diff --git a/mod/file/pages/file/edit.php b/mod/file/pages/file/edit.php
index 66529af0b..b396c6e9b 100644
--- a/mod/file/pages/file/edit.php
+++ b/mod/file/pages/file/edit.php
@@ -35,7 +35,6 @@ $body = elgg_view_layout('content', array(
'content' => $content,
'title' => $title,
'filter' => '',
- 'buttons' => '',
));
echo elgg_view_page($title, $body);
diff --git a/mod/file/pages/file/friends.php b/mod/file/pages/file/friends.php
index 65fc66f62..d55c1e62b 100644
--- a/mod/file/pages/file/friends.php
+++ b/mod/file/pages/file/friends.php
@@ -6,13 +6,17 @@
*/
$owner = elgg_get_page_owner_entity();
+if (!$owner) {
+ forward('', '404');
+}
elgg_push_breadcrumb(elgg_echo('file'), "file/all");
elgg_push_breadcrumb($owner->name, "file/owner/$owner->username");
elgg_push_breadcrumb(elgg_echo('friends'));
+elgg_register_title_button();
-$title = elgg_echo("file:friends", array($owner->name));
+$title = elgg_echo("file:friends");
// offset is grabbed in list_user_friends_objects
$content = list_user_friends_objects($owner->guid, 'file', 10, false);
diff --git a/mod/file/pages/file/owner.php b/mod/file/pages/file/owner.php
index 69ec30425..99cf62714 100644
--- a/mod/file/pages/file/owner.php
+++ b/mod/file/pages/file/owner.php
@@ -9,34 +9,36 @@
group_gatekeeper();
$owner = elgg_get_page_owner_entity();
+if (!$owner) {
+ forward('', '404');
+}
elgg_push_breadcrumb(elgg_echo('file'), "file/all");
elgg_push_breadcrumb($owner->name);
+elgg_register_title_button();
+
$params = array();
if ($owner->guid == elgg_get_logged_in_user_guid()) {
// user looking at own files
- $title = elgg_echo('file:yours');
$params['filter_context'] = 'mine';
} else if (elgg_instanceof($owner, 'user')) {
// someone else's files
- $title = elgg_echo("file:user", array($owner->name));
- // do not show button or select a tab when viewing someone else's posts
+ // do not show select a tab when viewing someone else's posts
$params['filter_context'] = 'none';
- $params['buttons'] = '';
} else {
// group files
- $title = elgg_echo("file:user", array($owner->name));
$params['filter'] = '';
}
+$title = elgg_echo("file:user", array($owner->name));
+
// List files
$content = elgg_list_entities(array(
- 'types' => 'object',
- 'subtypes' => 'file',
+ 'type' => 'object',
+ 'subtype' => 'file',
'container_guid' => $owner->guid,
- 'limit' => 10,
'full_view' => FALSE,
));
if (!$content) {
diff --git a/mod/file/pages/file/search.php b/mod/file/pages/file/search.php
index 2fa1ea60f..d60dfb755 100644
--- a/mod/file/pages/file/search.php
+++ b/mod/file/pages/file/search.php
@@ -6,6 +6,11 @@
*/
$page_owner_guid = get_input('page_owner', null);
+
+if ($page_owner_guid !== null) {
+ $page_owner_guid = sanitise_int($page_owner_guid);
+}
+
if ($page_owner_guid) {
elgg_set_page_owner_guid($page_owner_guid);
}
@@ -15,10 +20,10 @@ group_gatekeeper();
// Get input
$md_type = 'simpletype';
-$tag = get_input('tag');
+// avoid reflected XSS attacks by only allowing alnum characters
+$file_type = preg_replace('[\W]', '', get_input('tag'));
$listtype = get_input('listtype');
-$friends = get_input('friends', false);
-
+$friends = (bool)get_input('friends', false);
// breadcrumbs
elgg_push_breadcrumb(elgg_echo('file'), "file/all");
@@ -26,14 +31,14 @@ if ($owner) {
if (elgg_instanceof($owner, 'user')) {
elgg_push_breadcrumb($owner->name, "file/owner/$owner->username");
} else {
- elgg_push_breadcrumb($owner->name, "file/group/$owner->guid/owner");
+ elgg_push_breadcrumb($owner->name, "file/group/$owner->guid/all");
}
}
if ($friends && $owner) {
elgg_push_breadcrumb(elgg_echo('friends'), "file/friends/$owner->username");
}
-if ($tag) {
- elgg_push_breadcrumb(elgg_echo("file:type:$tag"));
+if ($file_type) {
+ elgg_push_breadcrumb(elgg_echo("file:type:$file_type"));
} else {
elgg_push_breadcrumb(elgg_echo('all'));
}
@@ -41,10 +46,10 @@ if ($tag) {
// title
if (!$owner) {
// world files
- $title = elgg_echo('all') . ' ' . elgg_echo("file:type:$tag");
+ $title = elgg_echo('all') . ' ' . elgg_echo("file:type:$file_type");
} else {
$friend_string = $friends ? elgg_echo('file:title:friends') : '';
- $type_string = elgg_echo("file:type:$tag");
+ $type_string = elgg_echo("file:type:$file_type");
$title = elgg_echo('file:list:title', array($owner->name, $friend_string, $type_string));
}
@@ -69,16 +74,16 @@ if ($listtype == "gallery") {
}
$params = array(
- 'types' => 'object',
- 'subtypes' => 'file',
+ 'type' => 'object',
+ 'subtype' => 'file',
'container_guid' => $page_owner_guid,
'limit' => $limit,
'full_view' => false,
);
-if ($tag) {
+if ($file_type) {
$params['metadata_name'] = $md_type;
- $params['metadata_value'] = $tag;
+ $params['metadata_value'] = $file_type;
$content = elgg_list_entities_from_metadata($params);
} else {
$content = elgg_list_entities($params);
@@ -86,7 +91,6 @@ if ($tag) {
$body = elgg_view_layout('content', array(
'filter' => '',
- 'buttons' => '',
'content' => $content,
'title' => $title,
'sidebar' => $sidebar,
diff --git a/mod/file/pages/file/upload.php b/mod/file/pages/file/upload.php
index c19522530..3aa25b6db 100644
--- a/mod/file/pages/file/upload.php
+++ b/mod/file/pages/file/upload.php
@@ -19,7 +19,7 @@ elgg_push_breadcrumb(elgg_echo('file'), "file/all");
if (elgg_instanceof($owner, 'user')) {
elgg_push_breadcrumb($owner->name, "file/owner/$owner->username");
} else {
- elgg_push_breadcrumb($owner->name, "file/group/$owner->guid/owner");
+ elgg_push_breadcrumb($owner->name, "file/group/$owner->guid/all");
}
elgg_push_breadcrumb($title);
@@ -32,7 +32,6 @@ $body = elgg_view_layout('content', array(
'content' => $content,
'title' => $title,
'filter' => '',
- 'buttons' => '',
));
echo elgg_view_page($title, $body);
diff --git a/mod/file/pages/file/view.php b/mod/file/pages/file/view.php
index 1d7c27337..6c9566a89 100644
--- a/mod/file/pages/file/view.php
+++ b/mod/file/pages/file/view.php
@@ -6,6 +6,11 @@
*/
$file = get_entity(get_input('guid'));
+if (!$file) {
+ register_error(elgg_echo('noaccess'));
+ $_SESSION['last_forward_from'] = current_page_url();
+ forward('');
+}
$owner = elgg_get_page_owner_entity();
@@ -13,7 +18,7 @@ elgg_push_breadcrumb(elgg_echo('file'), 'file/all');
$crumbs_title = $owner->name;
if (elgg_instanceof($owner, 'group')) {
- elgg_push_breadcrumb($crumbs_title, "file/group/$owner->guid/owner");
+ elgg_push_breadcrumb($crumbs_title, "file/group/$owner->guid/all");
} else {
elgg_push_breadcrumb($crumbs_title, "file/owner/$owner->username");
}
@@ -22,14 +27,20 @@ $title = $file->title;
elgg_push_breadcrumb($title);
-$content = elgg_view_entity($file, true);
+$content = elgg_view_entity($file, array('full_view' => true));
$content .= elgg_view_comments($file);
+elgg_register_menu_item('title', array(
+ 'name' => 'download',
+ 'text' => elgg_echo('file:download'),
+ 'href' => "file/download/$file->guid",
+ 'link_class' => 'elgg-button elgg-button-action',
+));
+
$body = elgg_view_layout('content', array(
'content' => $content,
'title' => $title,
'filter' => '',
- 'header' => '',
));
echo elgg_view_page($title, $body);
diff --git a/mod/file/pages/file/world.php b/mod/file/pages/file/world.php
index bfe965084..96c8de785 100644
--- a/mod/file/pages/file/world.php
+++ b/mod/file/pages/file/world.php
@@ -7,16 +7,18 @@
elgg_push_breadcrumb(elgg_echo('file'));
-$limit = get_input("limit", 10);
+elgg_register_title_button();
$title = elgg_echo('file:all');
$content = elgg_list_entities(array(
- 'types' => 'object',
- 'subtypes' => 'file',
- 'limit' => $limit,
+ 'type' => 'object',
+ 'subtype' => 'file',
'full_view' => FALSE
));
+if (!$content) {
+ $content = elgg_echo('file:none');
+}
$sidebar = file_get_type_cloud();
$sidebar = elgg_view('file/sidebar');
generated by cgit v1.2.3 (git 2.39.1) at 2025-11-13 12:24:33 +0000