GNUsocial/gnu-social
4
0
Fork 1
Code Issues Releases Wiki Activity
Files
e15f322187d4ddc39c7718d533824df435d99bc8
gnu-social/plugins/OStatus/scripts/fixup-shadow.php

194 lines
6.0 KiB
PHP
Raw Normal View History

OStatus: reject attempts to create a remote profile for a local user or group. Some stray shadow entries were ending up getting created, which would steal group posts from remote users. Run plugins/OStatus/scripts/fixup-shadow.php for each site to remove any existing ones.
2010-03-10 17:00:05 -08:00
#!/usr/bin/env php
<?php
/*
* StatusNet - a distributed open-source microblogging tool
* Copyright (C) 2010 StatusNet, Inc.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
define('INSTALLDIR', realpath(dirname(__FILE__) . '/../../..'));
$longoptions = array('dry-run');
$helptext = <<<END_OF_USERROLE_HELP
fixup_shadow.php [options]
Patches up stray ostatus_profile entries with corrupted shadow entries
for local users and groups.
--dry-run look but don't touch
END_OF_USERROLE_HELP;
require_once INSTALLDIR.'/scripts/commandline.inc';
$dry = have_option('dry-run');
Enhanced OStatus fixup-shadow.php cleanup script to check for direct matches against user.uri and user_group.uri (for local groups). This should catch cases that were missed before because we were only doing pattern-matching checks, and the pattern didn't match because the site has been renamed and the old URI no longer matches the current domain / path structure. Could use some more thorough testing in practice!
2010-09-27 14:23:10 -07:00
// Look for user.uri matches... These may not match up with the current
// URL schema if the site has changed names.
echo "Checking for bogus ostatus_profile entries matching user.uri...\n";
$user = new User();
$oprofile = new Ostatus_profile();
$user->joinAdd($oprofile, 'INNER', 'oprofile', 'uri');
$user->find();
$count = $user->N;
echo "Found $count...\n";
while ($user->fetch()) {
Code cleanup and enabling User object's etc. getUri()
2014-04-28 14:08:42 +02:00
$uri = $user->getUri();
Enhanced OStatus fixup-shadow.php cleanup script to check for direct matches against user.uri and user_group.uri (for local groups). This should catch cases that were missed before because we were only doing pattern-matching checks, and the pattern didn't match because the site has been renamed and the old URI no longer matches the current domain / path structure. Could use some more thorough testing in practice!
2010-09-27 14:23:10 -07:00
echo "user $user->id ($user->nickname) hidden by $uri";
if ($dry) {
echo " - skipping\n";
} else {
echo " - removing bogus ostatus_profile entry...";
The overloaded DB_DataObject function staticGet is now called getKV I used this hacky sed-command (run it from your GNU Social root, or change the first grep's path to where it actually lies) to do a rough fix on all ::staticGet calls and rename them to ::getKV sed -i -s -e '/DataObject::staticGet/I!s/::staticGet/::getKV/Ig' $(grep -R ::staticGet `pwd`/* | grep -v -e '^extlib' | grep -v DataObject:: |grep -v "function staticGet"|cut -d: -f1 |sort |uniq) If you're applying this, remember to change the Managed_DataObject and Memcached_DataObject function definitions of staticGet to getKV! This might of course take some getting used to, or modification fo StatusNet plugins, but the result is that all the static calls (to staticGet) are now properly made without breaking PHP Strict Standards. Standards are there to be followed (and they caused some very bad confusion when used with get_called_class) Reasonably any plugin or code that tests for the definition of 'GNUSOCIAL' or similar will take this change into consideration.
2013-08-18 13:04:58 +02:00
$evil = Ostatus_profile::getKV('uri', $uri);
Enhanced OStatus fixup-shadow.php cleanup script to check for direct matches against user.uri and user_group.uri (for local groups). This should catch cases that were missed before because we were only doing pattern-matching checks, and the pattern didn't match because the site has been renamed and the old URI no longer matches the current domain / path structure. Could use some more thorough testing in practice!
2010-09-27 14:23:10 -07:00
$evil->delete();
echo " ok\n";
}
}
echo "\n";
// Also try user_group.uri matches for local groups.
// Not all group entries will have this filled out, though, as it's new!
echo "Checking for bogus ostatus_profile entries matching local user_group.uri...\n";
$group = new User_group();
$group->joinAdd(array('uri', 'ostatus_profile:uri'));
$group->joinAdd(array('id', 'local_group:group_id'));
$group->find();
$count = $group->N;
echo "Found $count...\n";
while ($group->fetch()) {
Code cleanup and enabling User object's etc. getUri()
2014-04-28 14:08:42 +02:00
$uri = $group->getUri();
Enhanced OStatus fixup-shadow.php cleanup script to check for direct matches against user.uri and user_group.uri (for local groups). This should catch cases that were missed before because we were only doing pattern-matching checks, and the pattern didn't match because the site has been renamed and the old URI no longer matches the current domain / path structure. Could use some more thorough testing in practice!
2010-09-27 14:23:10 -07:00
echo "group $group->id ($group->nickname) hidden by $uri";
if ($dry) {
echo " - skipping\n";
} else {
echo " - removing bogus ostatus_profile entry...";
The overloaded DB_DataObject function staticGet is now called getKV I used this hacky sed-command (run it from your GNU Social root, or change the first grep's path to where it actually lies) to do a rough fix on all ::staticGet calls and rename them to ::getKV sed -i -s -e '/DataObject::staticGet/I!s/::staticGet/::getKV/Ig' $(grep -R ::staticGet `pwd`/* | grep -v -e '^extlib' | grep -v DataObject:: |grep -v "function staticGet"|cut -d: -f1 |sort |uniq) If you're applying this, remember to change the Managed_DataObject and Memcached_DataObject function definitions of staticGet to getKV! This might of course take some getting used to, or modification fo StatusNet plugins, but the result is that all the static calls (to staticGet) are now properly made without breaking PHP Strict Standards. Standards are there to be followed (and they caused some very bad confusion when used with get_called_class) Reasonably any plugin or code that tests for the definition of 'GNUSOCIAL' or similar will take this change into consideration.
2013-08-18 13:04:58 +02:00
$evil = Ostatus_profile::getKV('uri', $uri);
Enhanced OStatus fixup-shadow.php cleanup script to check for direct matches against user.uri and user_group.uri (for local groups). This should catch cases that were missed before because we were only doing pattern-matching checks, and the pattern didn't match because the site has been renamed and the old URI no longer matches the current domain / path structure. Could use some more thorough testing in practice!
2010-09-27 14:23:10 -07:00
$evil->delete();
echo " ok\n";
}
}
echo "\n";
OStatus fixup-shadow.php: add check for user_group entries with 'uri' entry shadowing an actual local_group -- this can cause trouble now that we sometimes actually use the uri field for lookups, and leaving the entries around would break updating the table to fill out formerly missing uris, since the unique index entry would already be taken by the bad entry.
2010-10-07 11:26:07 -07:00
// And there may be user_group entries remaining where we've already killed
// the ostatus_profile. These were "harmless" until our lookup started actually
// using the uri field, at which point we can clearly see it breaks stuff.
echo "Checking for leftover bogus user_group.uri entries obscuring local_group entries...\n";
$group = new User_group();
$group->joinAdd(array('id', 'local_group:group_id'), 'LEFT');
$group->whereAdd('group_id IS NULL');
$marker = mt_rand(31337, 31337000);
$groupTemplate = common_local_url('groupbyid', array('id' => $marker));
$encGroup = $group->escape($groupTemplate, true);
$encGroup = str_replace($marker, '%', $encGroup);
echo " LIKE '$encGroup'\n";
$group->whereAdd("uri LIKE '$encGroup'");
$group->find();
$count = $group->N;
echo "Found $count...\n";
while ($group->fetch()) {
Code cleanup and enabling User object's etc. getUri()
2014-04-28 14:08:42 +02:00
$uri = $group->getUri();
OStatus fixup-shadow.php: add check for user_group entries with 'uri' entry shadowing an actual local_group -- this can cause trouble now that we sometimes actually use the uri field for lookups, and leaving the entries around would break updating the table to fill out formerly missing uris, since the unique index entry would already be taken by the bad entry.
2010-10-07 11:26:07 -07:00
if (preg_match('!/group/(\d+)/id!', $uri, $matches)) {
$id = intval($matches[1]);
The overloaded DB_DataObject function staticGet is now called getKV I used this hacky sed-command (run it from your GNU Social root, or change the first grep's path to where it actually lies) to do a rough fix on all ::staticGet calls and rename them to ::getKV sed -i -s -e '/DataObject::staticGet/I!s/::staticGet/::getKV/Ig' $(grep -R ::staticGet `pwd`/* | grep -v -e '^extlib' | grep -v DataObject:: |grep -v "function staticGet"|cut -d: -f1 |sort |uniq) If you're applying this, remember to change the Managed_DataObject and Memcached_DataObject function definitions of staticGet to getKV! This might of course take some getting used to, or modification fo StatusNet plugins, but the result is that all the static calls (to staticGet) are now properly made without breaking PHP Strict Standards. Standards are there to be followed (and they caused some very bad confusion when used with get_called_class) Reasonably any plugin or code that tests for the definition of 'GNUSOCIAL' or similar will take this change into consideration.
2013-08-18 13:04:58 +02:00
$local = Local_group::getKV('group_id', $id);
OStatus fixup-shadow.php: add check for user_group entries with 'uri' entry shadowing an actual local_group -- this can cause trouble now that we sometimes actually use the uri field for lookups, and leaving the entries around would break updating the table to fill out formerly missing uris, since the unique index entry would already be taken by the bad entry.
2010-10-07 11:26:07 -07:00
if ($local) {
$nick = $local->nickname;
} else {
$nick = '<deleted>';
}
echo "local group $id ($local->nickname) hidden by $uri (bogus group id $group->id)";
if ($dry) {
echo " - skipping\n";
} else {
echo " - removing bogus user_group entry...";
The overloaded DB_DataObject function staticGet is now called getKV I used this hacky sed-command (run it from your GNU Social root, or change the first grep's path to where it actually lies) to do a rough fix on all ::staticGet calls and rename them to ::getKV sed -i -s -e '/DataObject::staticGet/I!s/::staticGet/::getKV/Ig' $(grep -R ::staticGet `pwd`/* | grep -v -e '^extlib' | grep -v DataObject:: |grep -v "function staticGet"|cut -d: -f1 |sort |uniq) If you're applying this, remember to change the Managed_DataObject and Memcached_DataObject function definitions of staticGet to getKV! This might of course take some getting used to, or modification fo StatusNet plugins, but the result is that all the static calls (to staticGet) are now properly made without breaking PHP Strict Standards. Standards are there to be followed (and they caused some very bad confusion when used with get_called_class) Reasonably any plugin or code that tests for the definition of 'GNUSOCIAL' or similar will take this change into consideration.
2013-08-18 13:04:58 +02:00
$evil = User_group::getKV('id', $group->id);
OStatus fixup-shadow.php: add check for user_group entries with 'uri' entry shadowing an actual local_group -- this can cause trouble now that we sometimes actually use the uri field for lookups, and leaving the entries around would break updating the table to fill out formerly missing uris, since the unique index entry would already be taken by the bad entry.
2010-10-07 11:26:07 -07:00
$evil->delete();
echo " ok\n";
}
}
}
echo "\n";
Enhanced OStatus fixup-shadow.php cleanup script to check for direct matches against user.uri and user_group.uri (for local groups). This should catch cases that were missed before because we were only doing pattern-matching checks, and the pattern didn't match because the site has been renamed and the old URI no longer matches the current domain / path structure. Could use some more thorough testing in practice!
2010-09-27 14:23:10 -07:00
// Fallback?
echo "Checking for bogus profiles blocking local users/groups by URI pattern match...\n";
OStatus: reject attempts to create a remote profile for a local user or group. Some stray shadow entries were ending up getting created, which would steal group posts from remote users. Run plugins/OStatus/scripts/fixup-shadow.php for each site to remove any existing ones.
2010-03-10 17:00:05 -08:00
$oprofile = new Ostatus_profile();
$marker = mt_rand(31337, 31337000);
$profileTemplate = common_local_url('userbyid', array('id' => $marker));
$encProfile = $oprofile->escape($profileTemplate, true);
$encProfile = str_replace($marker, '%', $encProfile);
Enhanced OStatus fixup-shadow.php cleanup script to check for direct matches against user.uri and user_group.uri (for local groups). This should catch cases that were missed before because we were only doing pattern-matching checks, and the pattern didn't match because the site has been renamed and the old URI no longer matches the current domain / path structure. Could use some more thorough testing in practice!
2010-09-27 14:23:10 -07:00
echo " LIKE '$encProfile'\n";
OStatus: reject attempts to create a remote profile for a local user or group. Some stray shadow entries were ending up getting created, which would steal group posts from remote users. Run plugins/OStatus/scripts/fixup-shadow.php for each site to remove any existing ones.
2010-03-10 17:00:05 -08:00
$groupTemplate = common_local_url('groupbyid', array('id' => $marker));
$encGroup = $oprofile->escape($groupTemplate, true);
$encGroup = str_replace($marker, '%', $encGroup);
Enhanced OStatus fixup-shadow.php cleanup script to check for direct matches against user.uri and user_group.uri (for local groups). This should catch cases that were missed before because we were only doing pattern-matching checks, and the pattern didn't match because the site has been renamed and the old URI no longer matches the current domain / path structure. Could use some more thorough testing in practice!
2010-09-27 14:23:10 -07:00
echo " LIKE '$encGroup'\n";
OStatus: reject attempts to create a remote profile for a local user or group. Some stray shadow entries were ending up getting created, which would steal group posts from remote users. Run plugins/OStatus/scripts/fixup-shadow.php for each site to remove any existing ones.
2010-03-10 17:00:05 -08:00
$sql = "SELECT * FROM ostatus_profile WHERE uri LIKE '%s' OR uri LIKE '%s'";
$oprofile->query(sprintf($sql, $encProfile, $encGroup));
Clean up and clarify output on fix-shadow.php
2010-04-05 11:20:35 -07:00
$count = $oprofile->N;
Enhanced OStatus fixup-shadow.php cleanup script to check for direct matches against user.uri and user_group.uri (for local groups). This should catch cases that were missed before because we were only doing pattern-matching checks, and the pattern didn't match because the site has been renamed and the old URI no longer matches the current domain / path structure. Could use some more thorough testing in practice!
2010-09-27 14:23:10 -07:00
echo "Found $count...\n";
OStatus: reject attempts to create a remote profile for a local user or group. Some stray shadow entries were ending up getting created, which would steal group posts from remote users. Run plugins/OStatus/scripts/fixup-shadow.php for each site to remove any existing ones.
2010-03-10 17:00:05 -08:00
while ($oprofile->fetch()) {
Code cleanup and enabling User object's etc. getUri()
2014-04-28 14:08:42 +02:00
$uri = $oprofile->getUri();
if (preg_match('!/group/(\d+)/id!', $oprofile->getUri(), $matches)) {
Clean up and clarify output on fix-shadow.php
2010-04-05 11:20:35 -07:00
$id = intval($matches[1]);
The overloaded DB_DataObject function staticGet is now called getKV I used this hacky sed-command (run it from your GNU Social root, or change the first grep's path to where it actually lies) to do a rough fix on all ::staticGet calls and rename them to ::getKV sed -i -s -e '/DataObject::staticGet/I!s/::staticGet/::getKV/Ig' $(grep -R ::staticGet `pwd`/* | grep -v -e '^extlib' | grep -v DataObject:: |grep -v "function staticGet"|cut -d: -f1 |sort |uniq) If you're applying this, remember to change the Managed_DataObject and Memcached_DataObject function definitions of staticGet to getKV! This might of course take some getting used to, or modification fo StatusNet plugins, but the result is that all the static calls (to staticGet) are now properly made without breaking PHP Strict Standards. Standards are there to be followed (and they caused some very bad confusion when used with get_called_class) Reasonably any plugin or code that tests for the definition of 'GNUSOCIAL' or similar will take this change into consideration.
2013-08-18 13:04:58 +02:00
$group = Local_group::getKV('group_id', $id);
Clean up and clarify output on fix-shadow.php
2010-04-05 11:20:35 -07:00
if ($group) {
$nick = $group->nickname;
} else {
$nick = '<deleted>';
}
echo "group $id ($nick) hidden by $uri";
} else if (preg_match('!/user/(\d+)!', $uri, $matches)) {
$id = intval($matches[1]);
The overloaded DB_DataObject function staticGet is now called getKV I used this hacky sed-command (run it from your GNU Social root, or change the first grep's path to where it actually lies) to do a rough fix on all ::staticGet calls and rename them to ::getKV sed -i -s -e '/DataObject::staticGet/I!s/::staticGet/::getKV/Ig' $(grep -R ::staticGet `pwd`/* | grep -v -e '^extlib' | grep -v DataObject:: |grep -v "function staticGet"|cut -d: -f1 |sort |uniq) If you're applying this, remember to change the Managed_DataObject and Memcached_DataObject function definitions of staticGet to getKV! This might of course take some getting used to, or modification fo StatusNet plugins, but the result is that all the static calls (to staticGet) are now properly made without breaking PHP Strict Standards. Standards are there to be followed (and they caused some very bad confusion when used with get_called_class) Reasonably any plugin or code that tests for the definition of 'GNUSOCIAL' or similar will take this change into consideration.
2013-08-18 13:04:58 +02:00
$user = User::getKV('id', $id);
Clean up and clarify output on fix-shadow.php
2010-04-05 11:20:35 -07:00
if ($user) {
$nick = $user->nickname;
} else {
$nick = '<deleted>';
}
echo "user $id ($nick) hidden by $uri";
} else {
echo "$uri matched query, but we don't recognize it.\n";
continue;
}
* i18n/L10n updates and FIXMEs added * whitespace fixes
2010-09-03 01:35:04 +02:00
OStatus: reject attempts to create a remote profile for a local user or group. Some stray shadow entries were ending up getting created, which would steal group posts from remote users. Run plugins/OStatus/scripts/fixup-shadow.php for each site to remove any existing ones.
2010-03-10 17:00:05 -08:00
if ($dry) {
Clean up and clarify output on fix-shadow.php
2010-04-05 11:20:35 -07:00
echo " - skipping\n";
OStatus: reject attempts to create a remote profile for a local user or group. Some stray shadow entries were ending up getting created, which would steal group posts from remote users. Run plugins/OStatus/scripts/fixup-shadow.php for each site to remove any existing ones.
2010-03-10 17:00:05 -08:00
} else {
Clean up and clarify output on fix-shadow.php
2010-04-05 11:20:35 -07:00
echo " - removing bogus ostatus_profile entry...";
OStatus: reject attempts to create a remote profile for a local user or group. Some stray shadow entries were ending up getting created, which would steal group posts from remote users. Run plugins/OStatus/scripts/fixup-shadow.php for each site to remove any existing ones.
2010-03-10 17:00:05 -08:00
$evil = clone($oprofile);
$evil->delete();
echo " ok\n";
}
}
Clean up and clarify output on fix-shadow.php
2010-04-05 11:20:35 -07:00
if ($count && $dry) {
echo "NO CHANGES MADE -- To delete the bogus entries, run again without --dry-run option.\n";
} else {
echo "done.\n";
}
Copy Permalink