Elgg
Version 1.11
|
Go to the source code of this file.
Namespaces | |
Elgg\Core | |
Activate a plugin or plugins. | |
Functions | |
_elgg_action_handler (array $segments) | |
Handle a request for an action. More... | |
action ($action, $forwarder="") | |
Perform an action. More... | |
elgg_register_action ($action, $filename="", $access= 'logged_in') | |
Registers an action. More... | |
elgg_unregister_action ($action) | |
Unregisters an action. More... | |
elgg_build_hmac ($data) | |
Get an HMAC token builder/validator object. More... | |
validate_action_token ($visible_errors=true, $token=null, $ts=null) | |
Validate an action token. More... | |
action_gatekeeper ($action) | |
Validates the presence of action tokens. More... | |
generate_action_token ($timestamp) | |
Generate an action token. More... | |
init_site_secret () | |
Initialise the site secret (32 bytes: "z" to indicate format + 186-bit key in Base64 URL). More... | |
get_site_secret () | |
Returns the site secret. More... | |
_elgg_get_site_secret_strength () | |
Get the strength of the site secret. More... | |
elgg_action_exists ($action) | |
Check if an action is registered and its script exists. More... | |
elgg_is_xhr () | |
Checks whether the request was requested via ajax. More... | |
ajax_forward_hook ($hook, $type, $reason, $params) | |
Catch calls to forward() in ajax request and force an exit. More... | |
ajax_action_hook () | |
Buffer all output echo'd directly in the action for inclusion in the returned JSON. More... | |
_elgg_csrf_token_refresh () | |
Send an updated CSRF token, provided the page's current tokens were not fake. More... | |
actions_init () | |
Initialize some ajaxy actions features private. More... | |
Variables | |
return | function (\Elgg\EventsService $events,\Elgg\HooksRegistrationService $hooks) |
_elgg_action_handler | ( | array | $segments | ) |
Handle a request for an action.
array | $segments | URL segments that make up action name |
Definition at line 19 of file actions.php.
_elgg_csrf_token_refresh | ( | ) |
Send an updated CSRF token, provided the page's current tokens were not fake.
private
Definition at line 275 of file actions.php.
_elgg_get_site_secret_strength | ( | ) |
Get the strength of the site secret.
Definition at line 205 of file actions.php.
action | ( | $action, | |
$forwarder = "" |
|||
) |
Perform an action.
This function executes the action with name $action as registered by elgg_register_action().
The plugin hook 'action', $action_name will be triggered before the action is executed. If a handler returns false, it will prevent the action script from being called.
string | $action | The requested action |
string | $forwarder | Optionally, the location to forward to |
Definition at line 47 of file actions.php.
action_gatekeeper | ( | $action | ) |
Validates the presence of action tokens.
This function is called for all actions. If action tokens are missing, the user will be forwarded to the site front page and an error emitted.
This function verifies form input for security features (like a generated token), and forwards if they are invalid.
string | $action | The action being performed |
Definition at line 145 of file actions.php.
actions_init | ( | ) |
Initialize some ajaxy actions features private.
Definition at line 317 of file actions.php.
ajax_action_hook | ( | ) |
Buffer all output echo'd directly in the action for inclusion in the returned JSON.
Definition at line 266 of file actions.php.
ajax_forward_hook | ( | $hook, | |
$type, | |||
$reason, | |||
$params | |||
) |
Catch calls to forward() in ajax request and force an exit.
Forces response is json of the following form:
{ "current_url": "the.url.we/were/coming/from", "forward_url": "the.url.we/were/going/to", "system_messages": { "messages": ["msg1", "msg2", ...], "errors": ["err1", "err2", ...] }, "status": -1 //or 0 for success if there are no error messages present }
where "system_messages" is all message registers at the point of forwarding
Definition at line 257 of file actions.php.
elgg_action_exists | ( | $action | ) |
Check if an action is registered and its script exists.
string | $action | Action name |
Definition at line 217 of file actions.php.
elgg_build_hmac | ( | $data | ) |
Get an HMAC token builder/validator object.
mixed | $data | HMAC data string or serializable data |
Definition at line 107 of file actions.php.
elgg_is_xhr | ( | ) |
Checks whether the request was requested via ajax.
Definition at line 227 of file actions.php.
elgg_register_action | ( | $action, | |
$filename = "" , |
|||
$access = 'logged_in' |
|||
) |
Registers an action.
Actions are registered to a script in the system and are executed by the URL http://elggsite.org/action/action_name/.
$filename must be the full path of the file to register or a path relative to the core actions/ dir.
Actions should be namedspaced for your plugin. Example: elgg_register_action('myplugin/save_settings', ...);
Put action files under the actions/<plugin_name> directory of your plugin.
You don't need to include engine/start.php in your action files.
array( 'file' => '/location/to/file.php', 'access' => 'public', 'logged_in', or 'admin' )
string | $action | The name of the action (eg "register", "account/settings/save") |
string | $filename | Optionally, the filename where this action is located. If not specified, will assume the action is in elgg/actions/<action>.php |
string | $access | Who is allowed to execute this action: public, logged_in, admin. (default: logged_in) |
Definition at line 85 of file actions.php.
elgg_unregister_action | ( | $action | ) |
Unregisters an action.
string | $action | Action name |
Definition at line 96 of file actions.php.
generate_action_token | ( | $timestamp | ) |
Generate an action token.
Action tokens are based on timestamps as returned by time(). They are valid for one hour.
Action tokens should be passed to all actions name __elgg_ts and __elgg_token.
int | $timestamp | Unix timestamp |
Definition at line 167 of file actions.php.
get_site_secret | ( | ) |
Returns the site secret.
Used to generate difficult to guess hashes for sessions and action tokens.
Definition at line 195 of file actions.php.
init_site_secret | ( | ) |
Initialise the site secret (32 bytes: "z" to indicate format + 186-bit key in Base64 URL).
Used during installation and saves as a datalist.
Note: Old secrets were hex encoded.
Definition at line 182 of file actions.php.
validate_action_token | ( | $visible_errors = true , |
|
$token = null , |
|||
$ts = null |
|||
) |
Validate an action token.
Calls to actions will automatically validate tokens. If tokens are not present or invalid, the action will be denied and the user will be redirected.
Plugin authors should never have to manually validate action tokens.
bool | $visible_errors | Emit register_error() errors on failure? |
mixed | $token | The token to test against. Default: $_REQUEST['__elgg_token'] |
mixed | $ts | The time stamp to test against. Default: $_REQUEST['__elgg_ts'] |
Definition at line 127 of file actions.php.
return function(\Elgg\EventsService $events,\Elgg\HooksRegistrationService $hooks) |
Definition at line 327 of file actions.php.