1 | <?php |
||
2 | /** |
||
3 | * Elgg profile edit action |
||
4 | * |
||
5 | */ |
||
6 | |||
7 | elgg_make_sticky_form('profile:edit'); |
||
8 | |||
9 | $guid = get_input('guid'); |
||
10 | $owner = get_entity($guid); |
||
11 | |||
12 | if (!($owner instanceof ElggUser) || !$owner->canEdit()) { |
||
13 | return elgg_error_response(elgg_echo('profile:noaccess')); |
||
14 | } |
||
15 | |||
16 | // grab the defined profile field names and their load the values from POST. |
||
17 | // each field can have its own access, so sort that too. |
||
18 | $input = []; |
||
19 | $accesslevel = get_input('accesslevel'); |
||
20 | |||
21 | if (!is_array($accesslevel)) { |
||
22 | $accesslevel = []; |
||
23 | } |
||
24 | |||
25 | $profile_fields = elgg_get_config('profile_fields'); |
||
26 | foreach ($profile_fields as $shortname => $valuetype) { |
||
27 | $value = get_input($shortname); |
||
28 | |||
29 | if ($value === null) { |
||
30 | // only submitted profile fields should be updated |
||
31 | continue; |
||
32 | } |
||
33 | |||
34 | // the decoding is a stop gap to prevent && showing up in profile fields |
||
35 | // because it is escaped on both input (get_input()) and output (view:output/text). see #561 and #1405. |
||
36 | // must decode in utf8 or string corruption occurs. see #1567. |
||
37 | if (is_array($value)) { |
||
38 | array_walk_recursive($value, function(&$v) { |
||
39 | $v = elgg_html_decode($v); |
||
40 | }); |
||
41 | } else { |
||
42 | $value = elgg_html_decode($value); |
||
43 | } |
||
44 | |||
45 | // convert tags fields to array values |
||
46 | if ($valuetype == 'tags') { |
||
47 | $value = string_to_tag_array($value); |
||
48 | } |
||
49 | |||
50 | if ($value && $valuetype == 'url' && !preg_match('~^https?\://~i', $value)) { |
||
51 | $value = "http://$value"; |
||
52 | } |
||
53 | |||
54 | if ($valuetype == 'email' && !empty($value) && !is_email_address($value)) { |
||
0 ignored issues
–
show
Bug
introduced
by
Loading history...
|
|||
55 | return elgg_error_response(elgg_echo('profile:invalid_email', [elgg_echo("profile:{$shortname}")])); |
||
56 | } |
||
57 | |||
58 | $input[$shortname] = $value; |
||
59 | } |
||
60 | |||
61 | // display name is handled separately |
||
62 | $name = strip_tags(get_input('name')); |
||
63 | if ($name) { |
||
64 | if (elgg_strlen($name) > 50) { |
||
65 | return elgg_error_response(elgg_echo('user:name:fail')); |
||
66 | } elseif ($owner->name !== $name) { |
||
67 | $owner->name = $name; |
||
68 | } |
||
69 | } |
||
70 | |||
71 | if (empty($input)) { |
||
72 | return elgg_ok_response('', '', $owner->getUrl()); |
||
73 | } |
||
74 | |||
75 | // go through custom fields |
||
76 | // fetch default access level for the user for use in fallback cases |
||
77 | $user_default_access = get_default_access($owner); |
||
78 | |||
79 | foreach ($input as $shortname => $value) { |
||
80 | $owner->deleteAnnotations("profile:$shortname"); |
||
81 | |||
82 | // for BC, keep storing fields in MD, but we'll read annotations only |
||
83 | elgg_delete_metadata([ |
||
84 | 'guid' => $owner->guid, |
||
85 | 'metadata_name' => $shortname, |
||
86 | 'limit' => false |
||
87 | ]); |
||
88 | |||
89 | if (!is_null($value) && ($value !== '')) { |
||
90 | // only create metadata for non empty values (0 is allowed) to prevent metadata records |
||
91 | // with empty string values #4858 |
||
92 | |||
93 | if (isset($accesslevel[$shortname])) { |
||
94 | $access_id = (int) $accesslevel[$shortname]; |
||
95 | } else { |
||
96 | // this should never be executed since the access level should always be set |
||
97 | $access_id = $user_default_access; |
||
98 | } |
||
99 | |||
100 | if (!is_array($value)) { |
||
101 | $value = [$value]; |
||
102 | } |
||
103 | foreach ($value as $interval) { |
||
104 | create_annotation($owner->guid, "profile:$shortname", $interval, 'text', $owner->guid, $access_id); |
||
105 | } |
||
106 | |||
107 | // for BC, keep storing fields in MD, but we'll read annotations only |
||
108 | $owner->$shortname = $value; |
||
109 | } |
||
110 | } |
||
111 | |||
112 | $owner->save(); |
||
113 | |||
114 | // Notify of profile update |
||
115 | elgg_trigger_event('profileupdate', $owner->type, $owner); |
||
116 | |||
117 | elgg_clear_sticky_form('profile:edit'); |
||
118 | |||
119 | return elgg_ok_response('', elgg_echo("profile:saved"), $owner->getUrl()); |
||
120 |