Elgg  Version 1.11
Namespaces | Functions | Variables
actions.php File Reference

Go to the source code of this file.

Namespaces

 Elgg\Core
 Activate a plugin or plugins.
 

Functions

 _elgg_action_handler (array $segments)
 Handle a request for an action. More...
 
 action ($action, $forwarder="")
 Perform an action. More...
 
 elgg_register_action ($action, $filename="", $access= 'logged_in')
 Registers an action. More...
 
 elgg_unregister_action ($action)
 Unregisters an action. More...
 
 elgg_build_hmac ($data)
 Get an HMAC token builder/validator object. More...
 
 validate_action_token ($visible_errors=true, $token=null, $ts=null)
 Validate an action token. More...
 
 action_gatekeeper ($action)
 Validates the presence of action tokens. More...
 
 generate_action_token ($timestamp)
 Generate an action token. More...
 
 init_site_secret ()
 Initialise the site secret (32 bytes: "z" to indicate format + 186-bit key in Base64 URL). More...
 
 get_site_secret ()
 Returns the site secret. More...
 
 _elgg_get_site_secret_strength ()
 Get the strength of the site secret. More...
 
 elgg_action_exists ($action)
 Check if an action is registered and its script exists. More...
 
 elgg_is_xhr ()
 Checks whether the request was requested via ajax. More...
 
 ajax_forward_hook ($hook, $type, $reason, $params)
 Catch calls to forward() in ajax request and force an exit. More...
 
 ajax_action_hook ()
 Buffer all output echo'd directly in the action for inclusion in the returned JSON. More...
 
 _elgg_csrf_token_refresh ()
 Send an updated CSRF token, provided the page's current tokens were not fake. More...
 
 actions_init ()
 Initialize some ajaxy actions features private. More...
 

Variables

return function (\Elgg\EventsService $events,\Elgg\HooksRegistrationService $hooks)
 

Function Documentation

_elgg_action_handler ( array  $segments)

Handle a request for an action.

Parameters
array$segmentsURL segments that make up action name
Returns
void private

Definition at line 19 of file actions.php.

_elgg_csrf_token_refresh ( )

Send an updated CSRF token, provided the page's current tokens were not fake.

private

Definition at line 275 of file actions.php.

_elgg_get_site_secret_strength ( )

Get the strength of the site secret.

Returns
string "strong", "moderate", or "weak" private

Definition at line 205 of file actions.php.

action (   $action,
  $forwarder = "" 
)

Perform an action.

This function executes the action with name $action as registered by elgg_register_action().

The plugin hook 'action', $action_name will be triggered before the action is executed. If a handler returns false, it will prevent the action script from being called.

Note
If an action isn't registered in the system or is registered to an unavailable file the user will be forwarded to the site front page and an error will be emitted via register_error().
Warning
All actions require CSRF tokens.
Parameters
string$actionThe requested action
string$forwarderOptionally, the location to forward to
See also
elgg_register_action()
Returns
void private

Definition at line 47 of file actions.php.

action_gatekeeper (   $action)

Validates the presence of action tokens.

This function is called for all actions. If action tokens are missing, the user will be forwarded to the site front page and an error emitted.

This function verifies form input for security features (like a generated token), and forwards if they are invalid.

Parameters
string$actionThe action being performed
Returns
mixed True if valid or redirects. private

Definition at line 145 of file actions.php.

actions_init ( )

Initialize some ajaxy actions features private.

Definition at line 317 of file actions.php.

ajax_action_hook ( )

Buffer all output echo'd directly in the action for inclusion in the returned JSON.

Returns
void private

Definition at line 266 of file actions.php.

ajax_forward_hook (   $hook,
  $type,
  $reason,
  $params 
)

Catch calls to forward() in ajax request and force an exit.

Forces response is json of the following form:

{
    "current_url": "the.url.we/were/coming/from",
    "forward_url": "the.url.we/were/going/to",
    "system_messages": {
        "messages": ["msg1", "msg2", ...],
        "errors": ["err1", "err2", ...]
    },
    "status": -1 //or 0 for success if there are no error messages present
}

where "system_messages" is all message registers at the point of forwarding

Definition at line 257 of file actions.php.

elgg_action_exists (   $action)

Check if an action is registered and its script exists.

Parameters
string$actionAction name
Returns
bool
Since
1.8.0

Definition at line 217 of file actions.php.

elgg_build_hmac (   $data)

Get an HMAC token builder/validator object.

Parameters
mixed$dataHMAC data string or serializable data
Returns
Since
1.11

Definition at line 107 of file actions.php.

elgg_is_xhr ( )

Checks whether the request was requested via ajax.

Returns
bool whether page was requested via ajax
Since
1.8.0

Definition at line 227 of file actions.php.

elgg_register_action (   $action,
  $filename = "",
  $access = 'logged_in' 
)

Registers an action.

Actions are registered to a script in the system and are executed by the URL http://elggsite.org/action/action_name/.

$filename must be the full path of the file to register or a path relative to the core actions/ dir.

Actions should be namedspaced for your plugin. Example: elgg_register_action('myplugin/save_settings', ...);

Put action files under the actions/<plugin_name> directory of your plugin.

You don't need to include engine/start.php in your action files.

Note
Internal: Actions are saved in $CONFIG->actions as an array in the form: array( 'file' => '/location/to/file.php', 'access' => 'public', 'logged_in', or 'admin' )
Parameters
string$actionThe name of the action (eg "register", "account/settings/save")
string$filenameOptionally, the filename where this action is located. If not specified, will assume the action is in elgg/actions/<action>.php
string$accessWho is allowed to execute this action: public, logged_in, admin. (default: logged_in)
Returns
bool

Definition at line 85 of file actions.php.

elgg_unregister_action (   $action)

Unregisters an action.

Parameters
string$actionAction name
Returns
bool
Since
1.8.1

Definition at line 96 of file actions.php.

generate_action_token (   $timestamp)

Generate an action token.

Action tokens are based on timestamps as returned by time(). They are valid for one hour.

Action tokens should be passed to all actions name __elgg_ts and __elgg_token.

Warning
Action tokens are required for all actions.
Parameters
int$timestampUnix timestamp
See also
input/securitytoken
input/form
Returns
string|false private

Definition at line 167 of file actions.php.

get_site_secret ( )

Returns the site secret.

Used to generate difficult to guess hashes for sessions and action tokens.

Returns
string Site secret. private

Definition at line 195 of file actions.php.

init_site_secret ( )

Initialise the site secret (32 bytes: "z" to indicate format + 186-bit key in Base64 URL).

Used during installation and saves as a datalist.

Note: Old secrets were hex encoded.

Returns
mixed The site secret hash or false private

Definition at line 182 of file actions.php.

validate_action_token (   $visible_errors = true,
  $token = null,
  $ts = null 
)

Validate an action token.

Calls to actions will automatically validate tokens. If tokens are not present or invalid, the action will be denied and the user will be redirected.

Plugin authors should never have to manually validate action tokens.

Parameters
bool$visible_errorsEmit register_error() errors on failure?
mixed$tokenThe token to test against. Default: $_REQUEST['__elgg_token']
mixed$tsThe time stamp to test against. Default: $_REQUEST['__elgg_ts']
Returns
bool
See also
generate_action_token() private

Definition at line 127 of file actions.php.

Variable Documentation

Definition at line 327 of file actions.php.