From edee1fc09e304616fbce4ad1d1dae6097655c4e7 Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Mon, 22 Mar 2010 08:17:14 -0400 Subject: [PATCH 1/6] ignore unrecognized object types --- plugins/OStatus/classes/Ostatus_profile.php | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/plugins/OStatus/classes/Ostatus_profile.php b/plugins/OStatus/classes/Ostatus_profile.php index e33509c471..0eb5b8b82a 100644 --- a/plugins/OStatus/classes/Ostatus_profile.php +++ b/plugins/OStatus/classes/Ostatus_profile.php @@ -442,6 +442,17 @@ class Ostatus_profile extends Memcached_DataObject { $activity = new Activity($entry, $feed); + switch ($activity->object->type) { + case ActivityObject::ARTICLE: + case ActivityObject::BLOGENTRY: + case ActivityObject::NOTE: + case ActivityObject::STATUS: + case ActivityObject::COMMENT: + break; + default: + throw new ClientException("Can't handle that kind of post."); + } + if ($activity->verb == ActivityVerb::POST) { $this->processPost($activity, $source); } else { From 7aee7670c7ac6302e988612d31c0b52cb378698d Mon Sep 17 00:00:00 2001 From: Brion Vibber Date: Mon, 22 Mar 2010 10:35:54 -0700 Subject: [PATCH 2/6] Replace the "give up and dump object" attachment view fallback with a client-side redirect to the target URL, which will at least be useful. --- lib/attachmentlist.php | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/lib/attachmentlist.php b/lib/attachmentlist.php index 51ceca8576..fe38281af9 100644 --- a/lib/attachmentlist.php +++ b/lib/attachmentlist.php @@ -306,7 +306,7 @@ class Attachment extends AttachmentListItem function showRepresentation() { if (empty($this->oembed->type)) { if (empty($this->attachment->mimetype)) { - $this->out->element('pre', null, 'oh well... not sure how to handle the following: ' . print_r($this->attachment, true)); + $this->showFallback(); } else { switch ($this->attachment->mimetype) { case 'image/gif': @@ -332,6 +332,8 @@ class Attachment extends AttachmentListItem $this->out->element('param', array('name' => 'autoStart', 'value' => 1)); $this->out->elementEnd('object'); break; + default: + $this->showFallback(); } } } else { @@ -354,9 +356,23 @@ class Attachment extends AttachmentListItem break; default: - $this->out->element('pre', null, 'oh well... not sure how to handle the following oembed: ' . print_r($this->oembed, true)); + $this->showFallback(); } } } + + function showFallback() + { + // If we don't know how to display an attachment inline, we probably + // shouldn't have gotten to this point. + // + // But, here we are... displaying details on a file or remote URL + // either on the main view or in an ajax-loaded lightbox. As a lesser + // of several evils, we'll try redirecting to the actual target via + // client-side JS. + + common_log(LOG_ERR, "Empty or unknown type for file id {$this->attachment->id}; falling back to client-side redirect."); + $this->out->raw(''); + } } From a20880ee1e526efafd89ad9b823089f71245c481 Mon Sep 17 00:00:00 2001 From: James Walker Date: Mon, 22 Mar 2010 13:44:05 -0400 Subject: [PATCH 3/6] Fixing HTTP Header LRDD parsing (sites in subdirectories need this) --- plugins/OStatus/lib/discovery.php | 2 +- plugins/OStatus/lib/linkheader.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/plugins/OStatus/lib/discovery.php b/plugins/OStatus/lib/discovery.php index 44fad62fbd..7187c1f3e9 100644 --- a/plugins/OStatus/lib/discovery.php +++ b/plugins/OStatus/lib/discovery.php @@ -195,7 +195,7 @@ class Discovery_LRDD_Link_Header implements Discovery_LRDD // return false; } - return Discovery_LRDD_Link_Header::parseHeader($link_header); + return array(Discovery_LRDD_Link_Header::parseHeader($link_header)); } protected static function parseHeader($header) diff --git a/plugins/OStatus/lib/linkheader.php b/plugins/OStatus/lib/linkheader.php index afcd66d264..cd78d31cef 100644 --- a/plugins/OStatus/lib/linkheader.php +++ b/plugins/OStatus/lib/linkheader.php @@ -11,7 +11,7 @@ class LinkHeader preg_match('/^<[^>]+>/', $str, $uri_reference); //if (empty($uri_reference)) return; - $this->uri = trim($uri_reference[0], '<>'); + $this->href = trim($uri_reference[0], '<>'); $this->rel = array(); $this->type = null; From 3bb639699c7a5e7e96c0d048adbe48a3ed486fc9 Mon Sep 17 00:00:00 2001 From: Brion Vibber Date: Mon, 22 Mar 2010 11:27:39 -0700 Subject: [PATCH 4/6] Confirm there's actually user and domain portions of acct string before assigning things from output of explode(); avoids notice message when invalid input passed to main/xrd --- plugins/OStatus/actions/userxrd.php | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/plugins/OStatus/actions/userxrd.php b/plugins/OStatus/actions/userxrd.php index eb80a5ad46..6a6886eb8c 100644 --- a/plugins/OStatus/actions/userxrd.php +++ b/plugins/OStatus/actions/userxrd.php @@ -35,9 +35,13 @@ class UserxrdAction extends XrdAction $this->uri = Discovery::normalize($this->uri); if (Discovery::isWebfinger($this->uri)) { - list($nick, $domain) = explode('@', substr(urldecode($this->uri), 5)); - $nick = common_canonical_nickname($nick); - $this->user = User::staticGet('nickname', $nick); + $parts = explode('@', substr(urldecode($this->uri), 5)); + if (count($parts) == 2) { + list($nick, $domain) = $parts; + // @fixme confirm the domain too + $nick = common_canonical_nickname($nick); + $this->user = User::staticGet('nickname', $nick); + } } else { $this->user = User::staticGet('uri', $this->uri); } From 4168b9cec1f7b2e6421c018e56e3b9a13c14d581 Mon Sep 17 00:00:00 2001 From: Brion Vibber Date: Mon, 22 Mar 2010 11:33:56 -0700 Subject: [PATCH 5/6] Log backtraces for non-ClientException exceptions caught at the top-level handler. --- index.php | 4 ++-- lib/servererroraction.php | 9 ++++++--- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/index.php b/index.php index 36ba3a0d21..ea5c802779 100644 --- a/index.php +++ b/index.php @@ -324,10 +324,10 @@ function main() $cac = new ClientErrorAction($cex->getMessage(), $cex->getCode()); $cac->showPage(); } catch (ServerException $sex) { // snort snort guffaw - $sac = new ServerErrorAction($sex->getMessage(), $sex->getCode()); + $sac = new ServerErrorAction($sex->getMessage(), $sex->getCode(), $sex); $sac->showPage(); } catch (Exception $ex) { - $sac = new ServerErrorAction($ex->getMessage()); + $sac = new ServerErrorAction($ex->getMessage(), 500, $ex); $sac->showPage(); } } diff --git a/lib/servererroraction.php b/lib/servererroraction.php index 0993a63bca..9b5a553dc6 100644 --- a/lib/servererroraction.php +++ b/lib/servererroraction.php @@ -62,15 +62,18 @@ class ServerErrorAction extends ErrorAction 504 => 'Gateway Timeout', 505 => 'HTTP Version Not Supported'); - function __construct($message='Error', $code=500) + function __construct($message='Error', $code=500, $ex=null) { parent::__construct($message, $code); $this->default = 500; // Server errors must be logged. - - common_log(LOG_ERR, "ServerErrorAction: $code $message"); + $log = "ServerErrorAction: $code $message"; + if ($ex) { + $log .= "\n" . $ex->getTraceAsString(); + } + common_log(LOG_ERR, $log); } // XXX: Should these error actions even be invokable via URI? From 27bfd1211d64298ee3c3b2d82d7b38ca1e1167ad Mon Sep 17 00:00:00 2001 From: Brion Vibber Date: Mon, 22 Mar 2010 12:17:45 -0700 Subject: [PATCH 6/6] Math_BigInteger doesn't correctly handle serialization/deserialization for a value of 0, which can end up spewing notices to output and otherwise intefering with Salmon signature setup and verification when using memcached. Worked around this with a subclass that fixes the wakeup, used for the stored 0 value in the subclassed Crypt_RSA. --- plugins/OStatus/classes/Magicsig.php | 10 ++++------ plugins/OStatus/lib/safecrypt_rsa.php | 18 ++++++++++++++++++ plugins/OStatus/lib/safemath_biginteger.php | 20 ++++++++++++++++++++ 3 files changed, 42 insertions(+), 6 deletions(-) create mode 100644 plugins/OStatus/lib/safecrypt_rsa.php create mode 100644 plugins/OStatus/lib/safemath_biginteger.php diff --git a/plugins/OStatus/classes/Magicsig.php b/plugins/OStatus/classes/Magicsig.php index 5705ecc116..87c684c93d 100644 --- a/plugins/OStatus/classes/Magicsig.php +++ b/plugins/OStatus/classes/Magicsig.php @@ -27,8 +27,6 @@ * @link http://status.net/ */ -require_once 'Crypt/RSA.php'; - class Magicsig extends Memcached_DataObject { @@ -102,16 +100,16 @@ class Magicsig extends Memcached_DataObject public function generate($user_id) { - $rsa = new Crypt_RSA(); + $rsa = new SafeCrypt_RSA(); $keypair = $rsa->createKey(); $rsa->loadKey($keypair['privatekey']); - $this->privateKey = new Crypt_RSA(); + $this->privateKey = new SafeCrypt_RSA(); $this->privateKey->loadKey($keypair['privatekey']); - $this->publicKey = new Crypt_RSA(); + $this->publicKey = new SafeCrypt_RSA(); $this->publicKey->loadKey($keypair['publickey']); $this->user_id = $user_id; @@ -163,7 +161,7 @@ class Magicsig extends Memcached_DataObject { common_log(LOG_DEBUG, "Adding ".$type." key: (".$mod .', '. $exp .")"); - $rsa = new Crypt_RSA(); + $rsa = new SafeCrypt_RSA(); $rsa->signatureMode = CRYPT_RSA_SIGNATURE_PKCS1; $rsa->setHash('sha256'); $rsa->modulus = new Math_BigInteger(base64_url_decode($mod), 256); diff --git a/plugins/OStatus/lib/safecrypt_rsa.php b/plugins/OStatus/lib/safecrypt_rsa.php new file mode 100644 index 0000000000..f3aa2c9285 --- /dev/null +++ b/plugins/OStatus/lib/safecrypt_rsa.php @@ -0,0 +1,18 @@ +zero = new SafeMath_BigInteger(); + } +} + diff --git a/plugins/OStatus/lib/safemath_biginteger.php b/plugins/OStatus/lib/safemath_biginteger.php new file mode 100644 index 0000000000..c05e24d1ec --- /dev/null +++ b/plugins/OStatus/lib/safemath_biginteger.php @@ -0,0 +1,20 @@ +hex == '') { + $this->hex = '0'; + } + parent::__wakeup(); + } +} +