1 | <?php |
||
2 | /** |
||
3 | * Elgg profile edit action |
||
4 | * |
||
5 | */ |
||
6 | |||
7 | elgg_make_sticky_form('profile:edit'); |
||
8 | |||
9 | $guid = get_input('guid'); |
||
10 | $owner = get_entity($guid); |
||
11 | |||
12 | if (!($owner instanceof ElggUser) || !$owner->canEdit()) { |
||
13 | return elgg_error_response(elgg_echo('profile:noaccess')); |
||
14 | } |
||
15 | |||
16 | // grab the defined profile field names and their load the values from POST. |
||
17 | // each field can have its own access, so sort that too. |
||
18 | $input = []; |
||
19 | $accesslevel = get_input('accesslevel'); |
||
20 | |||
21 | if (!is_array($accesslevel)) { |
||
22 | $accesslevel = []; |
||
23 | } |
||
24 | |||
25 | $profile_fields = elgg_get_config('profile_fields'); |
||
26 | foreach ($profile_fields as $shortname => $valuetype) { |
||
27 | $value = get_input($shortname); |
||
28 | |||
29 | if ($value === null) { |
||
30 | // only submitted profile fields should be updated |
||
31 | continue; |
||
32 | } |
||
33 | |||
34 | // the decoding is a stop gap to prevent && showing up in profile fields |
||
35 | // because it is escaped on both input (get_input()) and output (view:output/text). see #561 and #1405. |
||
36 | // must decode in utf8 or string corruption occurs. see #1567. |
||
37 | if (is_array($value)) { |
||
38 | array_walk_recursive($value, function(&$v) { |
||
39 | $v = elgg_html_decode($v); |
||
40 | }); |
||
41 | } else { |
||
42 | $value = elgg_html_decode($value); |
||
43 | } |
||
44 | |||
45 | // convert tags fields to array values |
||
46 | if ($valuetype == 'tags') { |
||
47 | $value = string_to_tag_array($value); |
||
48 | } |
||
49 | |||
50 | if ($value && $valuetype == 'url' && !preg_match('~^https?\://~i', $value)) { |
||
51 | $value = "http://$value"; |
||
52 | } |
||
53 | |||
54 | if ($valuetype == 'email' && !empty($value) && !is_email_address($value)) { |
||
55 | return elgg_error_response(elgg_echo('profile:invalid_email', [elgg_echo("profile:{$shortname}")])); |
||
56 | } |
||
57 | |||
58 | $input[$shortname] = $value; |
||
59 | } |
||
60 | |||
61 | // display name is handled separately |
||
62 | $name = strip_tags(get_input('name')); |
||
63 | if ($name) { |
||
64 | if (elgg_strlen($name) > 50) { |
||
65 | return elgg_error_response(elgg_echo('user:name:fail')); |
||
66 | } elseif ($owner->name !== $name) { |
||
67 | $owner->name = $name; |
||
68 | } |
||
69 | } |
||
70 | |||
71 | if (empty($input)) { |
||
72 | return elgg_ok_response('', '', $owner->getUrl()); |
||
73 | } |
||
74 | |||
75 | // go through custom fields |
||
76 | // fetch default access level for the user for use in fallback cases |
||
77 | $user_default_access = get_default_access($owner); |
||
78 | |||
79 | foreach ($input as $shortname => $value) { |
||
80 | $owner->deleteAnnotations("profile:$shortname"); |
||
81 | |||
82 | // for BC, keep storing fields in MD, but we'll read annotations only |
||
83 | elgg_delete_metadata([ |
||
84 | 'guid' => $owner->guid, |
||
85 | 'metadata_name' => $shortname, |
||
86 | 'limit' => false |
||
87 | ]); |
||
88 | |||
89 | if (!is_null($value) && ($value !== '')) { |
||
90 | // only create metadata for non empty values (0 is allowed) to prevent metadata records |
||
91 | // with empty string values #4858 |
||
92 | |||
93 | if (isset($accesslevel[$shortname])) { |
||
94 | $access_id = (int) $accesslevel[$shortname]; |
||
95 | } else { |
||
96 | // this should never be executed since the access level should always be set |
||
97 | $access_id = $user_default_access; |
||
98 | } |
||
99 | |||
100 | if (!is_array($value)) { |
||
101 | $value = [$value]; |
||
102 | } |
||
103 | foreach ($value as $interval) { |
||
104 | create_annotation($owner->guid, "profile:$shortname", $interval, 'text', $owner->guid, $access_id); |
||
0 ignored issues
–
show
|
|||
105 | } |
||
106 | |||
107 | // for BC, keep storing fields in MD, but we'll read annotations only |
||
108 | $owner->$shortname = $value; |
||
109 | } |
||
110 | } |
||
111 | |||
112 | $owner->save(); |
||
113 | |||
114 | // Notify of profile update |
||
115 | elgg_trigger_event('profileupdate', $owner->type, $owner); |
||
116 | |||
117 | elgg_clear_sticky_form('profile:edit'); |
||
118 | |||
119 | return elgg_ok_response('', elgg_echo("profile:saved"), $owner->getUrl()); |
||
120 |
This function has been deprecated. The supplier of the function has supplied an explanatory message.
The explanatory message should give you some clue as to whether and when the function will be removed and what other function to use instead.