1 | <?php |
||||
2 | /** |
||||
3 | * Elgg profile edit action |
||||
4 | * |
||||
5 | */ |
||||
6 | |||||
7 | elgg_make_sticky_form('profile:edit'); |
||||
8 | |||||
9 | $guid = get_input('guid'); |
||||
10 | $owner = get_entity($guid); |
||||
0 ignored issues
–
show
Bug
introduced
by
Loading history...
|
|||||
11 | |||||
12 | if (!($owner instanceof ElggUser) || !$owner->canEdit()) { |
||||
13 | return elgg_error_response(elgg_echo('profile:noaccess')); |
||||
14 | } |
||||
15 | |||||
16 | // grab the defined profile field names and their load the values from POST. |
||||
17 | // each field can have its own access, so sort that too. |
||||
18 | $input = []; |
||||
19 | $accesslevel = get_input('accesslevel'); |
||||
20 | |||||
21 | if (!is_array($accesslevel)) { |
||||
22 | $accesslevel = []; |
||||
23 | } |
||||
24 | |||||
25 | $profile_fields = elgg_get_config('profile_fields'); |
||||
26 | foreach ($profile_fields as $shortname => $valuetype) { |
||||
27 | $value = get_input($shortname); |
||||
28 | |||||
29 | if ($value === null) { |
||||
30 | // only submitted profile fields should be updated |
||||
31 | continue; |
||||
32 | } |
||||
33 | |||||
34 | // the decoding is a stop gap to prevent && showing up in profile fields |
||||
35 | // because it is escaped on both input (get_input()) and output (view:output/text). see #561 and #1405. |
||||
36 | // must decode in utf8 or string corruption occurs. see #1567. |
||||
37 | if (is_array($value)) { |
||||
38 | array_walk_recursive($value, function(&$v) { |
||||
39 | $v = elgg_html_decode($v); |
||||
40 | }); |
||||
41 | } else { |
||||
42 | $value = elgg_html_decode($value); |
||||
43 | } |
||||
44 | |||||
45 | // convert tags fields to array values |
||||
46 | if ($valuetype == 'tags') { |
||||
47 | $value = string_to_tag_array($value); |
||||
48 | } |
||||
49 | |||||
50 | if ($value && $valuetype == 'url' && !preg_match('~^https?\://~i', $value)) { |
||||
0 ignored issues
–
show
It seems like
$value can also be of type array ; however, parameter $subject of preg_match() does only seem to accept string , maybe add an additional type check?
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
Loading history...
|
|||||
51 | $value = "http://$value"; |
||||
52 | } |
||||
53 | |||||
54 | if ($valuetype == 'email' && !empty($value) && !is_email_address($value)) { |
||||
0 ignored issues
–
show
It seems like
$value can also be of type array ; however, parameter $address of is_email_address() does only seem to accept string , maybe add an additional type check?
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
Loading history...
|
|||||
55 | return elgg_error_response(elgg_echo('profile:invalid_email', [elgg_echo("profile:{$shortname}")])); |
||||
56 | } |
||||
57 | |||||
58 | $input[$shortname] = $value; |
||||
59 | } |
||||
60 | |||||
61 | // display name is handled separately |
||||
62 | $name = strip_tags(get_input('name')); |
||||
63 | if ($name) { |
||||
64 | if (elgg_strlen($name) > 50) { |
||||
65 | return elgg_error_response(elgg_echo('user:name:fail')); |
||||
66 | } elseif ($owner->name !== $name) { |
||||
67 | $owner->name = $name; |
||||
68 | } |
||||
69 | } |
||||
70 | |||||
71 | if (empty($input)) { |
||||
72 | return elgg_ok_response('', '', $owner->getUrl()); |
||||
73 | } |
||||
74 | |||||
75 | // go through custom fields |
||||
76 | // fetch default access level for the user for use in fallback cases |
||||
77 | $user_default_access = get_default_access($owner); |
||||
78 | |||||
79 | foreach ($input as $shortname => $value) { |
||||
80 | $owner->deleteAnnotations("profile:$shortname"); |
||||
81 | |||||
82 | // for BC, keep storing fields in MD, but we'll read annotations only |
||||
83 | elgg_delete_metadata([ |
||||
84 | 'guid' => $owner->guid, |
||||
85 | 'metadata_name' => $shortname, |
||||
86 | 'limit' => false |
||||
87 | ]); |
||||
88 | |||||
89 | if (!is_null($value) && ($value !== '')) { |
||||
90 | // only create metadata for non empty values (0 is allowed) to prevent metadata records |
||||
91 | // with empty string values #4858 |
||||
92 | |||||
93 | if (isset($accesslevel[$shortname])) { |
||||
94 | $access_id = (int) $accesslevel[$shortname]; |
||||
95 | } else { |
||||
96 | // this should never be executed since the access level should always be set |
||||
97 | $access_id = $user_default_access; |
||||
98 | } |
||||
99 | |||||
100 | if (!is_array($value)) { |
||||
101 | $value = [$value]; |
||||
102 | } |
||||
103 | foreach ($value as $interval) { |
||||
104 | create_annotation($owner->guid, "profile:$shortname", $interval, 'text', $owner->guid, $access_id); |
||||
0 ignored issues
–
show
The function
create_annotation() has been deprecated: 3.0
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
This function has been deprecated. The supplier of the function has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the function will be removed and what other function to use instead.
Loading history...
|
|||||
105 | } |
||||
106 | |||||
107 | // for BC, keep storing fields in MD, but we'll read annotations only |
||||
108 | $owner->$shortname = $value; |
||||
109 | } |
||||
110 | } |
||||
111 | |||||
112 | $owner->save(); |
||||
113 | |||||
114 | // Notify of profile update |
||||
115 | elgg_trigger_event('profileupdate', $owner->type, $owner); |
||||
116 | |||||
117 | elgg_clear_sticky_form('profile:edit'); |
||||
118 | |||||
119 | return elgg_ok_response('', elgg_echo("profile:saved"), $owner->getUrl()); |
||||
120 |