Refs #2434 - made the profile plugin more robust to bad urls and did a little code...

git-svn-id: http://code.elgg.org/elgg/trunk@6885 36083f99-b078-4883-b0ff-0f9b5a30f544

diff --git a/mod/profile/start.php b/mod/profile/start.php
index adac92aef0909a67028f284704e0c9cfcb9b465e..80f923cb34baffd6e471705bd9f496d55b0865e1 100644 (file)
--- a/mod/profile/start.php
+++ b/mod/profile/start.php
@@ -121,18 +121,18 @@ function profile_fields_setup() {
 function profile_page_handler($page) {
        global $CONFIG;
 
-       $username = $action = NULL;
+       $action = NULL;
 
        // short circuit if invalid or banned username
        if (isset($page[0])) {
                $username = $page[0];
                $user = get_user_by_username($username);
+               set_input('username', $page[0]);
+       }
 
-               if (!$user || ($user->isBanned() && !isadminloggedin())) {
-                       return elgg_echo('profile:notfound');
-               } else {
-                       set_input('username', $page[0]);
-               }
+       if (!$user || ($user->isBanned() && !isadminloggedin())) {
+               register_error(elgg_echo('profile:notfound'));
+               forward();
        }
 
        if (isset($page[1])) {

diff --git a/mod/profile/views/default/profile/profile_navigation.php b/mod/profile/views/default/profile/profile_navigation.php
index 5a7283a9c3a97366c62a8fb2b456f877b482e362..6750b9c6750a3fff402a3fb63696b1c2d02300c5 100755 (executable)
--- a/mod/profile/views/default/profile/profile_navigation.php
+++ b/mod/profile/views/default/profile/profile_navigation.php
@@ -5,13 +5,19 @@ if (isset($vars['section'])) {
        $section = $vars['section'];
 }
 
-$profile = $vars['entity'];
+$user = $vars['entity'];
+if (!$user) {
+       // no user so no profile
+       return TRUE;
+}
+
+
 $activity = '';
 $friends = '';
 $extend = '';
 $twitter = '';
 
-$url = "{$profile->getURL()}/";
+$url = "{$user->getURL()}/";
 
 //select section 
 switch($section){
@@ -39,7 +45,7 @@ switch($section){
 }
 ?>
 <div class="elgg_horizontal_tabbed_nav profile">
-<div class="profile_name"><h2><?php echo $profile->name; ?></h2></div>
+<div class="profile_name"><h2><?php echo $user->name; ?></h2></div>
 <ul>
        <li <?php echo $activity; ?>><a href="<?php echo $url; ?>"><?php echo elgg_echo('activity'); ?></a></li>
        <li <?php echo $details; ?>><a href="<?php echo $url . 'details'; ?>"><?php echo elgg_echo('Details'); ?></a></li>
@@ -55,7 +61,7 @@ switch($section){
                }
                
                //insert a view which others can extend
-               echo elgg_view('profilenav/extend', array('profile' => $profile));
+               echo elgg_view('profile_navigation/extend', array('entity' => $user));
        ?>
 </ul>
 </div>
\ No newline at end of file

diff --git a/mod/profile/views/default/profile/profile_ownerblock.php b/mod/profile/views/default/profile/profile_ownerblock.php
index ee39c197d0b6e7101316ceeb59271c616fb14f9e..c36e22076863a7b13d42532bda6049b75b4aeabc 100755 (executable)
--- a/mod/profile/views/default/profile/profile_ownerblock.php
+++ b/mod/profile/views/default/profile/profile_ownerblock.php
@@ -4,23 +4,29 @@
  * A simple owner block which houses info about the user whose 'stuff' you are looking at
  */
  
-//get the page owner
-if($vars['entity']){
-       if($vars['context'] == 'edit')
+// get the user who owns this profile
+if ($vars['entity']) {
+       if ($vars['context'] == 'edit') {
                $user = get_entity($vars['entity']->container_guid);
-       else
+       } else {
                $user = get_entity($vars['entity']->guid);
-}else{
+       }
+} else {
        $user = page_owner_entity();
+       if (!$user) {
+               // no user so we quit
+               return TRUE;
+       }
 }
+
 $more_info = '';
-//set some variables
+
 $location = elgg_view("output/tags",array('value' => $user->location));
 $section = $vars['section'];
-if($section == 'details'){
+if ($section == 'details') {
        $icon = elgg_view("profile/icon",array('entity' => $user, 'size' => 'large', 'override' => 'true'));
        $icon_class = "large";
-}else{
+} else {
        $icon = elgg_view("profile/icon",array('entity' => $user, 'size' => 'small'));
        $more_info = "<div class='owner_block_contents clearfloat'>";
        $more_info .= "<h3><a href='{$url}'>{$user->name}</a></h3>";
@@ -29,26 +35,27 @@ if($section == 'details'){
        $more_info .= "</div>";
 }
 $profile_actions = "";
-if(isloggedin() && (get_loggedin_user()->getGuid() == page_owner())){
+if (isloggedin() && (get_loggedin_user()->getGuid() == page_owner())) {
        $profile_actions = "<div class='clearfloat profile_actions'>";
        $profile_actions .= "<a href='{$vars['url']}pg/profile/{$user->username}/edit/details' class='action_button'>". elgg_echo('profile:edit') ."</a>";
        $profile_actions .= "<a href='{$vars['url']}pg/profile/{$user->username}/edit/icon' class='action_button'>". elgg_echo('profile:editicon') ."</a>";
        $profile_actions .= "</div>";
-}else{
+} else {
        $profile_actions = "<div class='profile_actions'>";
        if (isloggedin()) {
-               if ($_SESSION['user']->getGUID() != $user->getGUID()) {
-                       $ts = time();
-                       $token = generate_action_token($ts);
-                                       
+               if (get_loggedin_userid() != $user->getGUID()) {
                        if ($user->isFriend()) {
-                               $profile_actions .= "<a href=\"{$vars['url']}action/friends/remove?friend={$user->getGUID()}&__elgg_token=$token&__elgg_ts=$ts\" class='action_button'>" . elgg_echo('friend:remove') . "</a>";
+                               $url = "{$vars['url']}action/friends/remove?friend={$user->getGUID()}";
+                               $url = elgg_add_action_tokens_to_url($url);
+                               $profile_actions .= "<a href=\"$url\" class='action_button'>" . elgg_echo('friend:remove') . "</a>";
                        } else {
-                               $profile_actions .= "<a href=\"{$vars['url']}action/friends/add?friend={$user->getGUID()}&__elgg_token=$token&__elgg_ts=$ts\" class='action_button'>" . elgg_echo('friend:add') . "</a>";
+                               $url = "{$vars['url']}action/friends/add?friend={$user->getGUID()}";
+                               $url = elgg_add_action_tokens_to_url($url);
+                               $profile_actions .= "<a href=\"$url\" class='action_button'>" . elgg_echo('friend:add') . "</a>";
                        }
                }
        }
-       if(is_plugin_enabled('messages') && isloggedin()){
+       if (is_plugin_enabled('messages') && isloggedin()) {
                $profile_actions .= "<a href=\"{$vars['url']}mod/messages/send.php?send_to={$user->guid}\" class='action_button'>". elgg_echo('messages:send') ."</a>";
        }
        $profile_actions .= "</div>";
@@ -57,14 +64,12 @@ if(isloggedin() && (get_loggedin_user()->getGuid() == page_owner())){
 $username = $user->username;
 $email = $user->email;
 $phone = $user->phone;
-       
-//get correct links
-$url = $vars['url'];
+
 
 //if admin display admin links
-if(isadminloggedin()){
+if (isadminloggedin()) {
        $admin_links = elgg_view('profile/admin_menu');
-}else{
+} else {
        $admin_links = '';
 }