mysql_* in a plugin is fine if the plugin establishes its own connection resource and uses it properly. But a call like mysql_query("SELECT 1") assumes there's an ambient MySQL connection established by Elgg. That will fail. view reply
The breaking change is minor. If you use the official Elgg APIs, it probably won't break anything. All our unit tests are working.
Yes, our goal is to use prepare() instead of sanitize_string(), but there are 200+ queries to convert and some... view reply
@David I don't think it's a "raw" deal unless you paid for them with an endless support contract. Nearly all of us are relying on code not being maintained by the original author; that's open source.
If the plugins were... view reply
https://github.com/Elgg/Elgg/pull/8325 is close to ready. It uses PDO::quote and removes the surrounding quotes it adds. The next step is probably to expose more of PDO to plugins so they can actually use queries with placeholders, and quietly... view reply
Some recent work has paved the way toward a PDO conversion. Short term we need a hacky replacement for sanitize_string() because there's no way we can convert everything to placeholders in one shot. view reply
If you run an Elgg where the "Lost password" feature fails (e.g. localhost with no mail-sending abililty, or you lost access to the e-mail account), you may need to change your password to get back in.
Here's a script to do that.
First you'll need...
Hello and welcome to Elgg!
The Elgg community site is the official general support channel for Elgg.
Lots more info: http://docs.elgg.org/wiki/Getting_Help
Register on the Community site
Join the Technical Support...
Type hints are like laws set by PHP functions to demand what type of arguments must be passed in. Before Elgg 1.8.6, violations of these laws went completely undetected, so even careful plugin authors missed them and left incorrect...