aboutsummaryrefslogtreecommitdiff
path: root/mod/pages/actions
diff options
context:
space:
mode:
Diffstat (limited to 'mod/pages/actions')
-rw-r--r--mod/pages/actions/annotations/page/delete.php20
-rw-r--r--mod/pages/actions/pages/delete.php31
-rw-r--r--mod/pages/actions/pages/edit.php44
3 files changed, 87 insertions, 8 deletions
diff --git a/mod/pages/actions/annotations/page/delete.php b/mod/pages/actions/annotations/page/delete.php
new file mode 100644
index 000000000..156b516d2
--- /dev/null
+++ b/mod/pages/actions/annotations/page/delete.php
@@ -0,0 +1,20 @@
+<?php
+/**
+ * Remove a page (revision) annotation
+ *
+ * @package ElggPages
+ */
+
+// Make sure we can get the annotations and entity in question
+$annotation_id = (int) get_input('annotation_id');
+$annotation = elgg_get_annotation_from_id($annotation_id);
+$entity = get_entity($annotation->entity_guid);
+
+if ($annotation && $entity->canEdit() && $annotation->canEdit()) {
+ $annotation->delete();
+ system_message(elgg_echo("pages:revision:delete:success"));
+} else {
+ register_error(elgg_echo("pages:revision:delete:failure"));
+}
+
+forward("pages/history/{$annotation->entity_guid}"); \ No newline at end of file
diff --git a/mod/pages/actions/pages/delete.php b/mod/pages/actions/pages/delete.php
index dfa0de98d..fd5791e4d 100644
--- a/mod/pages/actions/pages/delete.php
+++ b/mod/pages/actions/pages/delete.php
@@ -9,8 +9,9 @@
$guid = get_input('guid');
$page = get_entity($guid);
-if ($page) {
- if ($page->canEdit()) {
+if (elgg_instanceof($page, 'object', 'page') || elgg_instanceof($page, 'object', 'page_top')) {
+ // only allow owners and admin to delete
+ if (elgg_is_admin_logged_in() || elgg_get_logged_in_user_guid() == $page->getOwnerGuid()) {
$container = get_entity($page->container_guid);
// Bring all child elements forward
@@ -20,11 +21,33 @@ if ($page) {
'metadata_value' => $page->getGUID()
));
if ($children) {
+ $db_prefix = elgg_get_config('dbprefix');
+ $subtype_id = (int)get_subtype_id('object', 'page_top');
+ $newentity_cache = is_memcache_available() ? new ElggMemcache('new_entity_cache') : null;
+
foreach ($children as $child) {
- $child->parent_guid = $parent;
+ if ($parent) {
+ $child->parent_guid = $parent;
+ } else {
+ // If no parent, we need to transform $child to a page_top
+ $child_guid = (int)$child->guid;
+
+ update_data("UPDATE {$db_prefix}entities
+ SET subtype = $subtype_id WHERE guid = $child_guid");
+
+ elgg_delete_metadata(array(
+ 'guid' => $child_guid,
+ 'metadata_name' => 'parent_guid',
+ ));
+
+ _elgg_invalidate_cache_for_entity($child_guid);
+ if ($newentity_cache) {
+ $newentity_cache->delete($child_guid);
+ }
+ }
}
}
-
+
if ($page->delete()) {
system_message(elgg_echo('pages:delete:success'));
if ($parent) {
diff --git a/mod/pages/actions/pages/edit.php b/mod/pages/actions/pages/edit.php
index 6950d4b2f..40215e02e 100644
--- a/mod/pages/actions/pages/edit.php
+++ b/mod/pages/actions/pages/edit.php
@@ -8,9 +8,10 @@
$variables = elgg_get_config('pages');
$input = array();
foreach ($variables as $name => $type) {
- $input[$name] = get_input($name);
if ($name == 'title') {
- $input[$name] = strip_tags($input[$name]);
+ $input[$name] = htmlspecialchars(get_input($name, '', false), ENT_QUOTES, 'UTF-8');
+ } else {
+ $input[$name] = get_input($name);
}
if ($type == 'tags') {
$input[$name] = string_to_tag_array($input[$name]);
@@ -47,7 +48,22 @@ if ($page_guid) {
}
if (sizeof($input) > 0) {
+ // don't change access if not an owner/admin
+ $user = elgg_get_logged_in_user_entity();
+ $can_change_access = true;
+
+ if ($user && $page) {
+ $can_change_access = $user->isAdmin() || $user->getGUID() == $page->owner_guid;
+ }
+
foreach ($input as $name => $value) {
+ if (($name == 'access_id' || $name == 'write_access_id') && !$can_change_access) {
+ continue;
+ }
+ if ($name == 'parent_guid') {
+ continue;
+ }
+
$page->$name = $value;
}
}
@@ -55,7 +71,27 @@ if (sizeof($input) > 0) {
// need to add check to make sure user can write to container
$page->container_guid = $container_guid;
-if ($parent_guid) {
+if ($parent_guid && $parent_guid != $page_guid) {
+ // Check if parent isn't below the page in the tree
+ if ($page_guid) {
+ $tree_page = get_entity($parent_guid);
+ while ($tree_page->parent_guid > 0 && $page_guid != $tree_page->guid) {
+ $tree_page = get_entity($tree_page->parent_guid);
+ }
+ // If is below, bring all child elements forward
+ if ($page_guid == $tree_page->guid) {
+ $previous_parent = $page->parent_guid;
+ $children = elgg_get_entities_from_metadata(array(
+ 'metadata_name' => 'parent_guid',
+ 'metadata_value' => $page->getGUID()
+ ));
+ if ($children) {
+ foreach ($children as $child) {
+ $child->parent_guid = $previous_parent;
+ }
+ }
+ }
+ }
$page->parent_guid = $parent_guid;
}
@@ -74,6 +110,6 @@ if ($page->save()) {
forward($page->getURL());
} else {
- register_error(elgg_echo('pages:error:no_save'));
+ register_error(elgg_echo('pages:error:notsaved'));
forward(REFERER);
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-11-13 12:10:22 +0000