From d2e66641322a3297be6a3a6680d10ed7b6720c0e Mon Sep 17 00:00:00 2001
From: Brion Vibber <brion@pobox.com>
Date: Fri, 19 Mar 2010 10:15:00 -0700
Subject: [PATCH 1/4] Validate OStatus avatar URL before fetching.

---
 plugins/OStatus/classes/Ostatus_profile.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/plugins/OStatus/classes/Ostatus_profile.php b/plugins/OStatus/classes/Ostatus_profile.php
index 6ae8e4fd58..6145080fc7 100644
--- a/plugins/OStatus/classes/Ostatus_profile.php
+++ b/plugins/OStatus/classes/Ostatus_profile.php
@@ -781,8 +781,8 @@ class Ostatus_profile extends Memcached_DataObject
     }
 
     /**
-     *
      * Download and update given avatar image
+     *
      * @param string $url
      * @throws Exception in various failure cases
      */
@@ -792,6 +792,9 @@ class Ostatus_profile extends Memcached_DataObject
             // We've already got this one.
             return;
         }
+        if (!common_valid_http_url($url)) {
+            throw new ServerException(_m("Invalid avatar URL %s"), $url);
+        }
 
         if ($this->isGroup()) {
             $self = $this->localGroup();

From b97400bd6f49dfac71124a3243d1c27f49822f58 Mon Sep 17 00:00:00 2001
From: Brion Vibber <brion@pobox.com>
Date: Fri, 19 Mar 2010 11:17:56 -0700
Subject: [PATCH 2/4] clarify output on fixup-shadow.php

---
 plugins/OStatus/scripts/fixup-shadow.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/plugins/OStatus/scripts/fixup-shadow.php b/plugins/OStatus/scripts/fixup-shadow.php
index 0171b77bc9..ec014c7878 100644
--- a/plugins/OStatus/scripts/fixup-shadow.php
+++ b/plugins/OStatus/scripts/fixup-shadow.php
@@ -50,7 +50,7 @@ $encGroup = str_replace($marker, '%', $encGroup);
 $sql = "SELECT * FROM ostatus_profile WHERE uri LIKE '%s' OR uri LIKE '%s'";
 $oprofile->query(sprintf($sql, $encProfile, $encGroup));
 
-echo "Found $oprofile->N bogus ostatus_profile entries:\n";
+echo "Found $oprofile->N bogus ostatus_profile entries for local users and groups:\n";
 
 while ($oprofile->fetch()) {
     echo "$oprofile->uri";
@@ -58,7 +58,7 @@ while ($oprofile->fetch()) {
     if ($dry) {
         echo " (unchanged)\n";
     } else {
-        echo " deleting...";
+        echo " removing bogus ostatus_profile entry...";
         $evil = clone($oprofile);
         $evil->delete();
         echo "  ok\n";

From 5c314c22885f78a04684637cb8a0e4e745220bd9 Mon Sep 17 00:00:00 2001
From: Brion Vibber <brion@pobox.com>
Date: Mon, 15 Mar 2010 15:41:57 -0700
Subject: [PATCH 3/4] Drop result ID from data objects on clone(). This keeps
 the original object working if it was in the middle of a query loop, even if
 the cloned object falls out of scope and triggers its destructor. This bug
 was hitting a number of places where we had the pattern:

$db->find();
while($dbo->fetch()) {
  $x = clone($dbo);
  // do anything with $x other than storing it in an array
}

The cloned object's destructor would trigger on the second run through the loop, freeing the database result set -- not really what we wanted.
(Loops that stored the clones into an array were fine, since the clones stay in scope in the array longer than the original does.)

Detaching the database result from the clone lets us work with its data without interfering with the rest of the query.
In the unlikely even that somebody is making clones in the middle of a query, then trying to continue the query with the clone instead of the original object, well they're gonna be broken now.
---
 classes/Safe_DataObject.php | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/classes/Safe_DataObject.php b/classes/Safe_DataObject.php
index 021f7b5064..08bc6846f4 100644
--- a/classes/Safe_DataObject.php
+++ b/classes/Safe_DataObject.php
@@ -42,6 +42,25 @@ class Safe_DataObject extends DB_DataObject
         }
     }
 
+    /**
+     * Magic function called at clone() time.
+     *
+     * We use this to drop connection with some global resources.
+     * This supports the fairly common pattern where individual
+     * items being read in a loop via a single object are cloned
+     * for individual processing, then fall out of scope when the
+     * loop comes around again.
+     *
+     * As that triggers the destructor, we want to make sure that
+     * the original object doesn't have its database result killed.
+     * It will still be freed properly when the original object
+     * gets destroyed.
+     */
+    function __clone()
+    {
+        $this->_DB_resultid = false;
+    }
+
     /**
      * Magic function called at serialize() time.
      *

From 8a221228ebac156cbbb4693b06e25a0c59c858c3 Mon Sep 17 00:00:00 2001
From: Brion Vibber <brion@pobox.com>
Date: Fri, 19 Mar 2010 12:50:34 -0700
Subject: [PATCH 4/4] Fix typo in public tag cloud query setup which caused the
 cutoff to get skipped.

---
 actions/publictagcloud.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/actions/publictagcloud.php b/actions/publictagcloud.php
index 9993b2d3fd..70c356659a 100644
--- a/actions/publictagcloud.php
+++ b/actions/publictagcloud.php
@@ -109,7 +109,7 @@ class PublictagcloudAction extends Action
         $cutoff = sprintf("notice_tag.created > '%s'",
                           common_sql_date(time() - common_config('tag', 'cutoff')));
         $tags->selectAdd($calc . ' as weight');
-        $tags->addWhere($cutoff);
+        $tags->whereAdd($cutoff);
         $tags->groupBy('tag');
         $tags->orderBy('weight DESC');