From 1c2735807961ce916c27832327a07ef0bc9d5a40 Mon Sep 17 00:00:00 2001
From: Cash Costello <cash.costello@gmail.com>
Date: Sat, 24 Dec 2011 07:41:06 -0500
Subject: Refs #4009 registering the walled garden css and js on every request

---
 engine/lib/elgglib.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'engine/lib/elgglib.php')

diff --git a/engine/lib/elgglib.php b/engine/lib/elgglib.php
index 57d602450..c32f7fa0c 100644
--- a/engine/lib/elgglib.php
+++ b/engine/lib/elgglib.php
@@ -1996,9 +1996,7 @@ function elgg_is_valid_options_for_batch_operation($options, $type) {
  * @access private
  */
 function elgg_walled_garden_index() {
-	elgg_register_css('elgg.walled_garden', '/css/walled_garden.css');
 	elgg_load_css('elgg.walled_garden');
-	elgg_register_js('elgg.walled_garden', '/js/walled_garden.js');
 	elgg_load_js('elgg.walled_garden');
 	
 	$body = elgg_view('core/walled_garden/body');
@@ -2026,6 +2024,9 @@ function elgg_walled_garden_index() {
 function elgg_walled_garden() {
 	global $CONFIG;
 
+	elgg_register_css('elgg.walled_garden', '/css/walled_garden.css');
+	elgg_register_js('elgg.walled_garden', '/js/walled_garden.js');
+
 	// check for external page view
 	if (isset($CONFIG->site) && $CONFIG->site instanceof ElggSite) {
 		$CONFIG->site->checkWalledGarden();
-- 
cgit v1.2.3


From 3c425c0bd366965923933a3ee2b1bcb74d64046b Mon Sep 17 00:00:00 2001
From: Cash Costello <cash.costello@gmail.com>
Date: Sun, 8 Jan 2012 09:09:12 -0500
Subject: fixed some formatting

---
 engine/lib/elgglib.php | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

(limited to 'engine/lib/elgglib.php')

diff --git a/engine/lib/elgglib.php b/engine/lib/elgglib.php
index c32f7fa0c..6f9fb0ded 100644
--- a/engine/lib/elgglib.php
+++ b/engine/lib/elgglib.php
@@ -1144,9 +1144,11 @@ function elgg_dump($value, $to_screen = TRUE, $level = 'NOTICE') {
 	global $CONFIG;
 
 	// plugin can return false to stop the default logging method
-	$params = array('level' => $level,
-					'msg' => $value,
-					'to_screen' => $to_screen);
+	$params = array(
+		'level' => $level,
+		'msg' => $value,
+		'to_screen' => $to_screen,
+	);
 	if (!elgg_trigger_plugin_hook('debug', 'log', $params, true)) {
 		return;
 	}
@@ -1184,7 +1186,7 @@ function elgg_dump($value, $to_screen = TRUE, $level = 'NOTICE') {
  * @see CODING.txt
  *
  * @param str $msg             Message to log / display.
- * @param str $dep_version     Human-readable *release* version: 1.7, 1.7.3
+ * @param str $dep_version     Human-readable *release* version: 1.7, 1.8, ...
  * @param int $backtrace_level How many levels back to display the backtrace. Useful if calling from
  *                             functions that are called from other places (like elgg_view()). Set
  *                             to -1 for a full backtrace.
-- 
cgit v1.2.3


From 05cfa919e51737d8292a6aa317f9802aee6f33bf Mon Sep 17 00:00:00 2001
From: Cash Costello <cash.costello@gmail.com>
Date: Sun, 8 Jan 2012 09:25:43 -0500
Subject: Fixes #4278 deprecation notices ignore debug level but do respect
 whether the admin is logged in

---
 engine/lib/elgglib.php | 31 +++++++++++++++++--------------
 1 file changed, 17 insertions(+), 14 deletions(-)

(limited to 'engine/lib/elgglib.php')

diff --git a/engine/lib/elgglib.php b/engine/lib/elgglib.php
index 6f9fb0ded..b044d230f 100644
--- a/engine/lib/elgglib.php
+++ b/engine/lib/elgglib.php
@@ -1174,7 +1174,9 @@ function elgg_dump($value, $to_screen = TRUE, $level = 'NOTICE') {
  *
  * This function either displays or logs the deprecation message,
  * depending upon the deprecation policies in {@link CODING.txt}.
- * Logged messages are sent with the level of 'WARNING'.
+ * Logged messages are sent with the level of 'WARNING'. Only admins
+ * get visual deprecation notices. When non-admins are logged in, the
+ * notices are sent to PHP's log through elgg_dump().
  *
  * A user-visual message will be displayed if $dep_version is greater
  * than 1 minor releases lower than the current Elgg version, or at all
@@ -1185,11 +1187,12 @@ function elgg_dump($value, $to_screen = TRUE, $level = 'NOTICE') {
  *
  * @see CODING.txt
  *
- * @param str $msg             Message to log / display.
- * @param str $dep_version     Human-readable *release* version: 1.7, 1.8, ...
- * @param int $backtrace_level How many levels back to display the backtrace. Useful if calling from
- *                             functions that are called from other places (like elgg_view()). Set
- *                             to -1 for a full backtrace.
+ * @param string $msg             Message to log / display.
+ * @param string $dep_version     Human-readable *release* version: 1.7, 1.8, ...
+ * @param int    $backtrace_level How many levels back to display the backtrace.
+ *                                Useful if calling from functions that are called
+ *                                from other places (like elgg_view()). Set to -1
+ *                                for a full backtrace.
  *
  * @return bool
  * @since 1.7.0
@@ -1198,13 +1201,13 @@ function elgg_deprecated_notice($msg, $dep_version, $backtrace_level = 1) {
 	// if it's a major release behind, visual and logged
 	// if it's a 1 minor release behind, visual and logged
 	// if it's for current minor release, logged.
-	// bugfixes don't matter because you're not deprecating between them, RIGHT?
+	// bugfixes don't matter because we are not deprecating between them
 
 	if (!$dep_version) {
-		return FALSE;
+		return false;
 	}
 
-	$elgg_version = get_version(TRUE);
+	$elgg_version = get_version(true);
 	$elgg_version_arr = explode('.', $elgg_version);
 	$elgg_major_version = (int)$elgg_version_arr[0];
 	$elgg_minor_version = (int)$elgg_version_arr[1];
@@ -1212,16 +1215,16 @@ function elgg_deprecated_notice($msg, $dep_version, $backtrace_level = 1) {
 	$dep_major_version = (int)$dep_version;
 	$dep_minor_version = 10 * ($dep_version - $dep_major_version);
 
-	$visual = FALSE;
+	$visual = false;
 
 	if (($dep_major_version < $elgg_major_version) ||
 		($dep_minor_version < $elgg_minor_version)) {
-		$visual = TRUE;
+		$visual = true;
 	}
 
 	$msg = "Deprecated in $dep_major_version.$dep_minor_version: $msg";
 
-	if ($visual) {
+	if ($visual && elgg_is_admin_logged_in()) {
 		register_error($msg);
 	}
 
@@ -1249,9 +1252,9 @@ function elgg_deprecated_notice($msg, $dep_version, $backtrace_level = 1) {
 
 	$msg .= implode("<br /> -> ", $stack);
 
-	elgg_log($msg, 'WARNING');
+	elgg_dump($msg, elgg_is_admin_logged_in(), 'WARNING');
 
-	return TRUE;
+	return true;
 }
 
 /**
-- 
cgit v1.2.3


From 0c1ee36d6aa220376537324d427741861e00138a Mon Sep 17 00:00:00 2001
From: cash <cash.costello@gmail.com>
Date: Wed, 11 Jan 2012 22:39:59 -0500
Subject: Fixes #4292 added a white list for ajax views

---
 engine/lib/elgglib.php |  6 ++++++
 engine/lib/views.php   | 33 +++++++++++++++++++++++++++++++++
 mod/thewire/start.php  |  2 ++
 3 files changed, 41 insertions(+)

(limited to 'engine/lib/elgglib.php')

diff --git a/engine/lib/elgglib.php b/engine/lib/elgglib.php
index b044d230f..9035d95f2 100644
--- a/engine/lib/elgglib.php
+++ b/engine/lib/elgglib.php
@@ -1777,6 +1777,12 @@ function elgg_ajax_page_handler($page) {
 		unset($page[0]);
 		$view = implode('/', $page);
 
+		$allowed_views = elgg_get_config('allowed_ajax_views');
+		if (!array_key_exists($view, $allowed_views)) {
+			header('HTTP/1.1 403 Forbidden');
+			exit;
+		}
+
 		// pull out GET parameters through filter
 		$vars = array();
 		foreach ($_GET as $name => $value) {
diff --git a/engine/lib/views.php b/engine/lib/views.php
index 85319b2d7..e59edac96 100644
--- a/engine/lib/views.php
+++ b/engine/lib/views.php
@@ -196,6 +196,37 @@ function elgg_does_viewtype_fallback($viewtype) {
 	return FALSE;
 }
 
+/**
+ * Register a view to be available for ajax calls
+ *
+ * @param string $view The view name
+ * @return void
+ * @since 1.8.3
+ */
+function elgg_register_ajax_view($view) {
+	global $CONFIG;
+
+	if (!isset($CONFIG->allowed_ajax_views)) {
+		$CONFIG->allowed_ajax_views = array();
+	}
+
+	$CONFIG->allowed_ajax_views[$view] = true;
+}
+
+/**
+ * Unregister a view for ajax calls
+ * 
+ * @param string $view The view name
+ * @return void
+ * @since 1.8.3
+ */
+function elgg_unregister_ajax_view($view) {
+	global $CONFIG;
+
+	if (isset($CONFIG->allowed_ajax_views[$view])) {
+		unset($CONFIG->allowed_ajax_views[$view]);
+	}
+}
 
 /**
  * Returns the file location for a view.
@@ -1610,6 +1641,8 @@ function elgg_views_boot() {
 	elgg_register_css('elgg', $elgg_css_url);
 	elgg_load_css('elgg');
 
+	elgg_register_ajax_view('js/languages');
+
 	elgg_register_plugin_hook_handler('output:before', 'layout', 'elgg_views_add_rss_link');
 
 	// discover the built-in view types
diff --git a/mod/thewire/start.php b/mod/thewire/start.php
index 328e5d46c..202e3d1d6 100644
--- a/mod/thewire/start.php
+++ b/mod/thewire/start.php
@@ -30,6 +30,8 @@ function thewire_init() {
 	elgg_register_simplecache_view('js/thewire');
 	elgg_register_js('elgg.thewire', $thewire_js, 'footer');
 
+	elgg_register_ajax_view('thewire/previous');
+
 	// add a site navigation item
 	$item = new ElggMenuItem('thewire', elgg_echo('thewire'), 'thewire/all');
 	elgg_register_menu_item('site', $item);
-- 
cgit v1.2.3