7 files changed, 26 insertions, 20 deletions

diff --git a/mod/file/pages/file/edit.php b/mod/file/pages/file/edit.php
index 66529af0b..b396c6e9b 100644
--- a/mod/file/pages/file/edit.php
+++ b/mod/file/pages/file/edit.php
@@ -35,7 +35,6 @@ $body = elgg_view_layout('content', array(
 	'content' => $content,
 	'title' => $title,
 	'filter' => '',
-	'buttons' => '',
 ));
 
 echo elgg_view_page($title, $body);
diff --git a/mod/file/pages/file/friends.php b/mod/file/pages/file/friends.php
index 65fc66f62..0b351efaf 100644
--- a/mod/file/pages/file/friends.php
+++ b/mod/file/pages/file/friends.php
@@ -11,8 +11,9 @@ elgg_push_breadcrumb(elgg_echo('file'), "file/all");
 elgg_push_breadcrumb($owner->name, "file/owner/$owner->username");
 elgg_push_breadcrumb(elgg_echo('friends'));
 
+elgg_register_title_button();
 
-$title = elgg_echo("file:friends", array($owner->name));
+$title = elgg_echo("file:friends");
 
 // offset is grabbed in list_user_friends_objects
 $content = list_user_friends_objects($owner->guid, 'file', 10, false);
diff --git a/mod/file/pages/file/owner.php b/mod/file/pages/file/owner.php
index 69ec30425..4e2ec89d4 100644
--- a/mod/file/pages/file/owner.php
+++ b/mod/file/pages/file/owner.php
@@ -13,24 +13,24 @@ $owner = elgg_get_page_owner_entity();
 elgg_push_breadcrumb(elgg_echo('file'), "file/all");
 elgg_push_breadcrumb($owner->name);
 
+elgg_register_title_button();
+
 $params = array();
 
 if ($owner->guid == elgg_get_logged_in_user_guid()) {
 	// user looking at own files
-	$title = elgg_echo('file:yours');
 	$params['filter_context'] = 'mine';
 } else if (elgg_instanceof($owner, 'user')) {
 	// someone else's files
-	$title = elgg_echo("file:user", array($owner->name));
-	// do not show button or select a tab when viewing someone else's posts
+	// do not show select a tab when viewing someone else's posts
 	$params['filter_context'] = 'none';
-	$params['buttons'] = '';
 } else {
 	// group files
-	$title = elgg_echo("file:user", array($owner->name));
 	$params['filter'] = '';
 }
 
+$title = elgg_echo("file:user", array($owner->name));
+
 // List files
 $content = elgg_list_entities(array(
 	'types' => 'object',
diff --git a/mod/file/pages/file/search.php b/mod/file/pages/file/search.php
index 77c92f444..3e85d45db 100644
--- a/mod/file/pages/file/search.php
+++ b/mod/file/pages/file/search.php
@@ -15,10 +15,10 @@ group_gatekeeper();
 
 // Get input
 $md_type = 'simpletype';
-$tag = get_input('tag');
+// avoid reflected XSS attacks by only allowing alnum characters
+$file_type = preg_replace('[\W]', '', get_input('tag'));
 $listtype = get_input('listtype');
-$friends = get_input('friends', false);
-
+$friends = (bool)get_input('friends', false);
 
 // breadcrumbs
 elgg_push_breadcrumb(elgg_echo('file'), "file/all");
@@ -32,8 +32,8 @@ if ($owner) {
 if ($friends && $owner) {
 	elgg_push_breadcrumb(elgg_echo('friends'), "file/friends/$owner->username");
 }
-if ($tag) {
-	elgg_push_breadcrumb(elgg_echo("file:type:$tag"));
+if ($file_type) {
+	elgg_push_breadcrumb(elgg_echo("file:type:$file_type"));
 } else {
 	elgg_push_breadcrumb(elgg_echo('all'));
 }
@@ -41,10 +41,10 @@ if ($tag) {
 // title
 if (!$owner) {
 	// world files
-	$title = elgg_echo('all') . ' ' . elgg_echo("file:type:$tag");
+	$title = elgg_echo('all') . ' ' . elgg_echo("file:type:$file_type");
 } else {
 	$friend_string = $friends ? elgg_echo('file:title:friends') : '';
-	$type_string = elgg_echo("file:type:$tag");
+	$type_string = elgg_echo("file:type:$file_type");
 	$title = elgg_echo('file:list:title', array($owner->name, $friend_string, $type_string));
 }
 
@@ -76,9 +76,9 @@ $params = array(
 	'full_view' => false,
 );
 
-if ($tag) {
+if ($file_type) {
 	$params['metadata_name'] = $md_type;
-	$params['metadata_value'] = $tag;
+	$params['metadata_value'] = $file_type;
 	$content = elgg_list_entities_from_metadata($params);
 } else {
 	$content = elgg_list_entities($params);
@@ -86,7 +86,6 @@ if ($tag) {
 
 $body = elgg_view_layout('content', array(
 	'filter' => '',
-	'buttons' => '',
 	'content' => $content,
 	'title' => $title,
 	'sidebar' => $sidebar,
diff --git a/mod/file/pages/file/upload.php b/mod/file/pages/file/upload.php
index d97cc038d..3aa25b6db 100644
--- a/mod/file/pages/file/upload.php
+++ b/mod/file/pages/file/upload.php
@@ -32,7 +32,6 @@ $body = elgg_view_layout('content', array(
 	'content' => $content,
 	'title' => $title,
 	'filter' => '',
-	'buttons' => '',
 ));
 
 echo elgg_view_page($title, $body);
diff --git a/mod/file/pages/file/view.php b/mod/file/pages/file/view.php
index daa2a400e..50c55a74f 100644
--- a/mod/file/pages/file/view.php
+++ b/mod/file/pages/file/view.php
@@ -22,14 +22,20 @@ $title = $file->title;
 
 elgg_push_breadcrumb($title);
 
-$content = elgg_view_entity($file, true);
+$content = elgg_view_entity($file, array('full_view' => true));
 $content .= elgg_view_comments($file);
 
+elgg_register_menu_item('title', array(
+	'name' => 'download',
+	'text' => elgg_echo('file:download'),
+	'href' => "mod/file/download.php?file_guid=$file->guid",
+	'link_class' => 'elgg-button elgg-button-action',
+));
+
 $body = elgg_view_layout('content', array(
 	'content' => $content,
 	'title' => $title,
 	'filter' => '',
-	'header' => '',
 ));
 
 echo elgg_view_page($title, $body);
diff --git a/mod/file/pages/file/world.php b/mod/file/pages/file/world.php
index bfe965084..e438ca2f0 100644
--- a/mod/file/pages/file/world.php
+++ b/mod/file/pages/file/world.php
@@ -7,6 +7,8 @@
 
 elgg_push_breadcrumb(elgg_echo('file'));
 
+elgg_register_title_button();
+
 $limit = get_input("limit", 10);
 
 $title = elgg_echo('file:all');