elgg / elgg Goto Github PK

Original ticket http://trac.elgg.org/ticket/580 on 38900851-10-21 by trac user costelloc, assigned to unknown.

Elgg version: 1.1

in engine lib metadata.php - line 729

current: array_walk($ar,'strtolower');

strtolower only takes one parameter so it appears that it doesn't run correctly.

replace with $ar = array_map('strtolower',$ar);

Original ticket http://trac.elgg.org/ticket/572 on 38888049-09-06 by trac user fuhrmara@..., assigned to unknown.

Elgg version: 1.1

The behavior of invite/join in groups is wrong.

This must be set to :

if the membership is set to privat

• only the owner (and the members) can invite other users. This doesn't depends an the access state. Join or request to join isn't allowed.

if the membership is set to privat

• it depends to the access state
  • if access is set to public/logged in users => all logged in user can join the group
  • if access is set to members only => logged in users can request to join the group

I think a combination of membership 'privat' and access 'privat' is nothing what a groups need. because this was only a one man group. so it isn't a group.

Original ticket http://trac.elgg.org/ticket/570 on 38887977-09-08 by trac user marcus, assigned to unknown.

Elgg version:

Original ticket http://trac.elgg.org/ticket/567 on 38887712-07-30 by trac user SGr33n, assigned to unknown.

Elgg version: 1.0

Hi,

It would be useful to add a rule that doesn't add a new river if the previous is the same (or similar sometimes) if it happen in a while.

ie. I add the widget Messageboard, then modify the access to public. The activity shows:

"sg[svn:33]n modified messageboard widget (now)"
"sg[svn:33]n added messageboard widget (now)"

Sometimes happen that you modify this two or more times:

"sg[svn:33]n modified messageboard widget (now)"
"sg[svn:33]n modified messageboard widget (1 minute ago)"
"sg[svn:33]n modified messageboard widget (2 minutes ago)"
"sg[svn:33]n added messageboard widget (2 minutes ago)"

So, it would be useful to add a control that doesn't add two similar activities.

Thanks :)

Original ticket http://trac.elgg.org/ticket/538 on 38862411-02-12 by trac user kevinjardine, assigned to unknown.

Elgg version: Github Master

If I enter three tags, eg. "Toronto, Leiden, Winnipeg" in a profile form, the display order is reversed when I view my profile.

This is not an alphabetical sort, but just a reversal, presumably because as usual Elgg displays the most recently created metadata item first.

Suggestion - use array_reverse to reverse the results of string_to_tag_array in metadata.php before that function returns its tag array.

Original ticket http://trac.elgg.org/ticket/551 on 38873606-05-03 by trac user fuhrmara@..., assigned to unknown.

Elgg version: 1.0

If an user request a new password he will get a mail with a different code for every request, but in the database is only the value of the first request.

Original ticket http://trac.elgg.org/ticket/554 on 38879672-12-02 by trac user SGr33n, assigned to unknown.

Elgg version: 1.1

As object, these users have on their profile pages, widgets problems.

Original ticket http://trac.elgg.org/ticket/564 on 38887610-08-08 by trac user fuhrmara@..., assigned to unknown.

Elgg version: 1.1

If an user of a closed-group (access private) invite friends,
this friends cannot join to the group with the join-link
in the sended email.
An error "groups:cantjoin"

Reason
If you get the group in join.php you load the group_entity.
But your SQL-Statement ask for access = public or user is owner.

SELECT * from entities where guid=10 and (access_id in (2,1) or (access_id = 0 and owner_guid = 14)) and enabled='yes'

This is a blocker for closed systems

Original ticket http://trac.elgg.org/ticket/544 on 38868512-10-01 by trac user pete, assigned to unknown.

Elgg version: 1.1

The latest discussion entries for non logged-in users displays 'last updated 14196 days ago'

Original ticket http://trac.elgg.org/ticket/571 on 38887988-06-28 by trac user marcus, assigned to unknown.

Elgg version:

Original ticket http://trac.elgg.org/ticket/569 on 38887976-11-11 by trac user marcus, assigned to unknown.

Elgg version:

Original ticket http://trac.elgg.org/ticket/568 on 38887976-03-13 by trac user marcus, assigned to unknown.

Elgg version:

Original ticket http://trac.elgg.org/ticket/582 on 38901755-12-01 by trac user fuhrmara@..., assigned to unknown.

Elgg version: 1.1

/register.php is different from /account/register.php

Original ticket http://trac.elgg.org/ticket/581 on 38901072-07-31 by trac user marcus, assigned to unknown.

Elgg version:

Original ticket http://trac.elgg.org/ticket/535 on 38860320-08-11 by trac user p4u1, assigned to unknown.

Elgg version: 1.0

Uploaded elgg v1.1 to root of shared hosting space (Hostgator).
There was already an existing .htaccess file. This file was blank.
Ran through install process and experienced a "page not found" error where elgg tries to save my system settings to "..action/systemsettings/install"
instead of
"..actions/systemsettings/install.php"

Turned out the existing ".htaccess" was not flagged or overwritten - elgg created a file called "htaccess_dist".
To sort the problem I renamed "htaccess_dist" to ".htaccess" and all was fine.

I should get an error before getting to the point where "action/systemsettings/install" is called if elgg cannot write to the .htaccess or the engine/settings.php file.

I am using Safari 3.1.2 on OSX 10.4.11

Original ticket http://trac.elgg.org/ticket/552 on 38877576-06-28 by trac user judgej, assigned to unknown.

Elgg version: 1.1

Logged in as an administrator, I go to:

Administation -> User Administration -> (select a user) -> Edit Details (in red)

This takes me to page:

/pg/settings/user/user-login-to-edit/

However, the details in the profile form displayed are my own (the administrator) details and not the profile of 'user-login-to-edit'.

Original ticket http://trac.elgg.org/ticket/546 on 38868845-12-04 by trac user fuhrmara@..., assigned to unknown.

Elgg version: 1.1

The translation-tags

'email:confirm:success' => "You have confirmed your email address!",
'email:confirm:fail' => "Your email address could not be verified...",

are in /languages/en.php but have to be in /mod/uservalidationbyemail/languages/en.php

Original ticket http://trac.elgg.org/ticket/563 on 38887573-10-01 by trac user SGr33n, assigned to unknown.

Elgg version: 1.1

... when you cancel the activity made disappear the whole activities, everything come back.

I tested this adding to my profile the google-maps widget... my whole activity became blank. Then I removed the google maps-widget and my activity came back.

Original ticket http://trac.elgg.org/ticket/573 on 38888053-09-03 by trac user fuhrmara@..., assigned to unknown.

Elgg version: 1.1

the access state 'members only' is not visible on creating a group. so you have to edit the group again.
i think this depends, because you display the group-name in the access state.

Original ticket http://trac.elgg.org/ticket/579 on 38898505-02-04 by trac user thearch, assigned to unknown.

Elgg version: 1.1

When the system sends out registration emails, the following

MIME-Version: 1.0

Content-Transfer-Encoding: 8bit

Message-Id: <20081119190138.23270454EA997642e3.fb.joyent.us >
Date: Wed, 19 Nov 2008 19:01:38 +0000 (GMT)

shows up on the email's body.

SOLUTION

this is a bug in engine/lib/notifications.php
Search for "\r\n" for example in lines like

$headers = "From: "$sitename" <$from>\r\n"

and replace "\r\n" with "\n" and it will work.

This should be configurable in elgg because most
mailservers tend to use "\n" only.

Original ticket http://trac.elgg.org/ticket/578 on 38890745-03-11 by trac user fuhrmara@..., assigned to unknown.

Elgg version: 1.1

if a plugin have translation files for a language that hasn't registered
(there is no file for this language for the core-system),
all this files will be added to the translation array.
But there is no possibility to access such languages.

I've attached a patch and a updated language.php wich will fix this.

Original ticket http://trac.elgg.org/ticket/558 on 38884063-12-31 by trac user fuhrmara@..., assigned to unknown.

Elgg version: 1.1

If you setup a clean elgg-core with SVN,
the install apperas in a blank screen.

Original ticket http://trac.elgg.org/ticket/547 on 38870274-01-16 by trac user starlessblack, assigned to unknown.

Elgg version: 1.0

in /mod/groups/views/default/forum/topicposts.php (lines ~49 and below) looks like authors were going to give the owner of a post a permission to delete it. However, canEdit() method returns false for posts that are actually owned by a particular user (based on wrong value of owner_guid returned by get_entity() function call in /engine/lib/entities.php. get_entity in fact returns the object with owner_guid set to a guid of an owner of the whole post, not a given topic).

Original ticket http://trac.elgg.org/ticket/534 on 38859609-04-29 by trac user SGr33n, assigned to unknown.

Elgg version: 1.1

Hi,

Customizing Elgg I found a few things to fix.

I'd like to share them with you.
Here we go (updated):

1. mod/profile/views/default/profile/userdetails.php
   show a message if no description
   search: description); ?>
   replace with: <?php
   $userdescription = $vars['entity']->description;

         if (!empty($userdescription)) {
             echo autop($vars['entity']->description);
   
         } else {
   
             echo "<p class=\"description_none\">" . elgg_echo('profile:descriptionnone') . "</p>";
         }
     ?>
   

   add to the profile en.php language file: 'profile:descriptionnone' => "none entered",

2. mod/bookmarks/views/default/widgets/bookmarks/view.php
   "bookmark inbox" hardcoded
   search: echo "<a href="{$user_inbox}">Bookmark inbox";
   replace with: echo "<a href="{$user_inbox}">" . elgg_echo('bookmarks:inbox') . "";

3. mod/status/views/default/status/widget_view.php
   save & cancel buttons hardcoded
   search:
   
   replace with:
   

4. mod/groups/views/default/groups/forum_latest.php
   * "Replies" hardcoded (added to language files)
   * Error counting replies (one more):
   search: $count_annotations = $f->countAnnotations("group_topic_post");
   replace with: $count_annotations = $f->countAnnotations("group_topic_post");
   $count_annotations = $count_annotations -1;

5. mod/google-map/languages/en.php
   search: 'gmap:modify' => 'Enter your Google Maps API Key
   You can obtain an API Key here.',
   replace with: 'gmap:modify' => 'Enter your Google Maps API Key
   You can obtain an API Key here.',

6. mod/messageboard/views/default/widgets/messageboard/view.php
   no message when empty
   search: echo "<div id="messageboard_wrapper">";

7. replace with: echo "<div id="messageboard_wrapper" class="messageboard_none">" . elgg_echo('messageboard:none') . "";

   • added a class name so you can style the message as you want (ex. a red box with exclamation)
     add to the messageboard en.php language file: 'messageboard:none' => "No comments yet",

8. mod/messageboard/views/default/widgets/messageboard/group_messageboard.php
   no message when empty
   search: echo "<div id="messageboard_wrapper" />";
   replace with: echo "<div id="messageboard_wrapper" class="messageboard_none" />" . elgg_echo('messageboard:none') . "";

   • added a class name so you can style the message as you want (ex. a red box with exclamation)

Original ticket http://trac.elgg.org/ticket/555 on 38883449-07-22 by trac user root, assigned to unknown.

Elgg version: 1.0

Fatal error: Call to undefined function elgg_set_viewtype() in ......\www\new\action\systemsettings\install.php on line 16

Original ticket http://trac.elgg.org/ticket/542 on 38863152-10-16 by trac user lungkao, assigned to unknown.

Elgg version: 1.0

Multibyte characters are replaced with nothing.

Original ticket http://trac.elgg.org/ticket/577 on 38889020-05-16 by trac user tremaine, assigned to unknown.

Elgg version: 1.0

I'm not sure what elgg sets as a password length restriction for the mysql user password, but it breaks if you use 40 multi case alphanumeric characters. If there is going to be a length restriction it should be documented both in the INSTALL.txt file, as well as in the engine/settings.php (engine/settings.example.php), and on the install page itself.

As a security monkey, I'd set that value to be fairly high ;)

Original ticket http://trac.elgg.org/ticket/566 on 38887678-11-22 by trac user fuhrmara@..., assigned to unknown.

Elgg version: 1.1

If the owner of a group with access 'member only' invite friends, this friends cannot join to the group with the join-link in the sended email. An error "groups:cantjoin"

Reason If you get the group in join.php you load the group_entity. But your SQL-Statement ask for access = public or user is owner.

SELECT * from entities where guid=10 and (access_id in (2,1) or (access_id = 0 and owner_guid = 14)) and enabled='yes'

This is a blocker for closed systems

Original ticket http://trac.elgg.org/ticket/574 on 38888060-06-27 by trac user fuhrmara@..., assigned to unknown.

Elgg version: 1.1

if you delete a user from administration you will be forwarded to the user-account, with a message, that the account doesn't exist (because you've deleted them)

Original ticket http://trac.elgg.org/ticket/562 on 38885616-04-21 by trac user staticred, assigned to unknown.

Elgg version: 1.1

Summary: Elgg appears to reset all session variables, making an external authentication module unworkable.

Full:
I've been putting together a CAS authentication module for Elgg 1.x, based on a successful CAS authentication module I developed for Elgg 0.8. The module is based on the phpCAS library, and makes a request to an external CAS server. When integrating this library into Elgg 1.0, it enters into an infinite loop of redirecting -- sending an authentication request to CAS, which returns a successful authentication ticket.

The same block of code outside of the Elgg system returns a successful CAS login. Upon further investigation, it appears that Elgg is destroying the session between the time the user leaves Elgg and returns from CAS, obliterating the phpCAS session variables and creating a new, empty Elgg session.

The basic setup of the module is as follows:

1. New module created in ./mod (./mod/cas_auth)

2. module initialized with
   --- 8< ---
   register_elgg_event_handler('init','system','cas_auth_init');
   --- 8< ---
   and custom action set up with
   --- 8< ---
   register_action('cas_auth/login', true, $CONFIG->pluginspath . 'cas_auth/login.php');
   --- 8< ---

3. Custom login form is used to direct user credentials to CAS login page (ie: user form logs users into CAS page, instead of using Elgg's internal register_pam_handler() call. For what it's worth, the same problem occurs with the register_pam_handler() call).

4. After successfully logging into CAS and receiving a ticket, user is returned to http://elggsite.com/action/cas_auth/login, which calls the following block of code:

--- 8< ---
$config = find_plugin_settings('cas_auth');
$NetUsername = authCAS($config);

    $attr = cas_ldapSearch($NetUsername);

--- 8< ---

the authCAS() function is as follows:

--- 8< ---
function athCAS($config) {
require_once('CAS/CAS.php');
$cas_validate=true;
$cas_version=CAS_VERSION_2_0;
$cas_language='english';
phpCAS::client($cas_version,$config->cashostname,(int)$config->casport,$config->casbaseuri,false);
phpCAS::setLang($cas_language);
phpCAS::sessionName("Elgg");
phpCAS::forceAuthentication();
$NetUsername = phpCAS::getUser(); //this stores their network user id

return $NetUsername;

}

--- 8< ---

The configuration options for the phpCAS calls are stored in the Elgg database as plugin configuration, and are retrieved without issue.

When the script reaches the call phpCAS::forceAuthentication();, it doesn't find the phpCAS session variable, and therefore redirects to the CAS server to authenticate the user.

This all works in Elgg 0.8 and 0.9, and also works when called independent of the Elgg framework. Through debugging, I've determined that the phpCAS session variables go missing at some point during Elgg's own session init cycle before it hits my code.

This is a death knell for any kind of external authentication method that relies on session variables and/or session cookies to pass along authentication. My institution is looking at upgrading to Elgg 1.x, but without the ability to integrate CAS, it's a non-starter.

Original ticket http://trac.elgg.org/ticket/540 on 38862767-10-22 by trac user SGr33n, assigned to unknown.

Elgg version: 1.0

Hi,

It would be useful to let elgg_view able to define an id value... expecially to use it on label tags: username

Original ticket http://trac.elgg.org/ticket/541 on 38863086-07-13 by trac user marcus, assigned to unknown.

Elgg version:

Original ticket http://trac.elgg.org/ticket/559 on 38884065-04-30 by trac user regiskuckaertz, assigned to unknown.

Elgg version: 1.0

As soon as there's a $limit parameter, there should always be a flag which tells whether pagination is needed or not

Original ticket http://trac.elgg.org/ticket/556 on 38884036-07-10 by trac user regiskuckaertz, assigned to unknown.

Elgg version: 1.0

The $pagination parameter in list_entities_from_relationship was not passed to elgg_view_entity_list and therefore was lost in the process

Original ticket http://trac.elgg.org/ticket/549 on 38873347-09-22 by trac user fuhrmara@..., assigned to unknown.

Elgg version: 1.1

if you delete an user directly from the profile,
a message 'profile:notfound' will be displayed.

Original ticket http://trac.elgg.org/ticket/533 on 38857726-05-31 by trac user dropkernel, assigned to unknown.

Elgg version: 1.1

I downloaded and installed Full Package.[[BR]]
Started Elgg and got the startup page.[[BR]]
Entered database information.[[BR]]
System Settings page appeared.[[BR]]
Entered 1) site name, 2) site url "http://localhost/", 3) entered full path "D:\My Webs\test.com", 4) entered full path to data "D:\My Webs\test.com\data", 5) enabled RESTful API[[BR]]
Clicked Save button and got an error message "404 Not Found, The requested URL /action/systemsettings/install was not found on this server."[[BR]]
Renamed "actions" folder as "action" folder.[[BR]]
Refreshed page and resent the form and got a new error message "Fatal error: Call to undefined function elgg_set_viewtype() in D:\My Webs\test.com\action\systemsettings\install.php on line 16"[[BR]]
Now I'm stuck.

Original ticket http://trac.elgg.org/ticket/543 on 38868109-01-25 by trac user marcus, assigned to unknown.

Elgg version:

Original ticket http://trac.elgg.org/ticket/560 on 38884101-05-24 by trac user regiskuckaertz, assigned to unknown.

Elgg version: 1.0

When listing entities, there should always be some kind of flag to activate/deactivate pagination

Original ticket http://trac.elgg.org/ticket/537 on 38862382-05-29 by trac user SGr33n, assigned to unknown.

Elgg version: 1.0

Missing $area2 doesn't show login (as default index.php) into right sidebar layout.

Here is the correction and in attachment the working file.

/views/default/canvas/layouts/two_column_right_sidebar.php

search:
replace with:

Original ticket http://trac.elgg.org/ticket/576 on 38888107-07-08 by trac user fuhrmara@..., assigned to unknown.

Elgg version: 1.1

if you create a topic, the number of replies is set to 1.

Original ticket http://trac.elgg.org/ticket/561 on 38885458-12-20 by trac user judgej, assigned to unknown.

Elgg version: 1.1

If I use characters in a display name that would normally be used to define HTML tags, they get converted to HTML entities. I don't believe this is the correct action to take.

For example, if I enter the name "Admin>", then it saves the name "Admin>". If this is an input mapping, then it could have repercussions throughout the system. For example, if I used '>' or '<' in a password, then can I be sure those characters are actually going to be stored in the password? If I have a five character limit on an input field, then the what happens when I enter '&&&&&' and find the system expands it to '&&&&&' before it attempts to store it? What if I am entering data that has nothing whatsoever to do with HTML or XML? What relevance is that kind of 'sanitisation' of input?

Mapping of special XML characters to entities is a function of the output (including when displayed as pre-filled form items). It is only relevent when that kind of mapping is important to the output, such as when creating XML or HTML. It has no place being done in the path between the user and the database.

I believe this is a very important issue, because I have seen other projects flounder when they do not follow the simple rule of keeping XML mapping out of the path from the user to the database. It is just asking for double-encoding to happen in various output points, and then you are in serious trouble because your user-entered data has effectively been corrupted.

Original ticket http://trac.elgg.org/ticket/536 on 38862312-10-03 by trac user marcus, assigned to unknown.

Elgg version:

Original ticket http://trac.elgg.org/ticket/565 on 38887671-04-03 by trac user fuhrmara@..., assigned to unknown.

Elgg version: 1.1

if a set the access of a group to 'only members' the group will
shown public (without login)
But not for logged in users.

Original ticket http://trac.elgg.org/ticket/545 on 38868516-12-19 by trac user kevinjardine, assigned to unknown.

Elgg version: 1.1

Although the fix to Ticket #448 allows admins to edit other user details, admins still cannot edit profile photos.

In part this is because the menu links at the left go to the admin's own settings rather than the settings for the user being viewed.

However, even changing this (eg with a mod/profile/editicon.php?username=xxx link) does not solve the problem because the view and action associated with editicon.php incorrectly use the logged-in user rather than the page owner.

I am ranking this bug minor because it would be a minor issue for most site operators, although it is not a minor issue for a client of mine who needs this feature!

Original ticket http://trac.elgg.org/ticket/553 on 38879080-05-28 by trac user SGr33n, assigned to unknown.

Elgg version: 1.1

Hi,

Last access into statistics doesn't work for me, is this a known issue?
The value for last_login and past_last_login on the database is 0.

Thanks :)

Original ticket http://trac.elgg.org/ticket/550 on 38873576-12-05 by trac user fuhrmara@..., assigned to unknown.

Elgg version: 1.1

If a user request a new password and confirms the link that is sended by mail, an error ('user:password:fail') occurs.
I tested this with a fully new installation of the current svn release.

Original ticket http://trac.elgg.org/ticket/575 on 38888100-10-29 by trac user fuhrmara@..., assigned to unknown.

Elgg version: 1.1

If you set the access of a topic to 'public' in a 'privat' group,
search will find this topic.
but if you do a click an this topic, you will be forwarded to the dashboard.

Original ticket http://trac.elgg.org/ticket/539 on 38862534-11-11 by trac user marcus, assigned to unknown.

Elgg version:

The query being used is non-indexed.

1. Either re-introduce the full text search (recommended)
2. Only match on last half of name
3. Live with it

Original ticket http://trac.elgg.org/ticket/548 on 38871201-09-24 by trac user fuhrmara@..., assigned to unknown.

Elgg version: 1.1

Original ticket http://trac.elgg.org/ticket/557 on 38884063-12-08 by trac user fuhrmara@..., assigned to unknown.

Elgg version: 1.1

If you setup a clean elgg-core with SVN,
the install apperas in a blank screen.