From 1710082f0459d7acc130697d14476faf01ecfa2d Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Sat, 19 Sep 2009 18:34:07 -0700 Subject: [PATCH 01/36] Make statuses/home_timeline return the same thing as statuses/friends_timeline to support apps trying to use the new retweet API method. --- actions/twitapistatuses.php | 5 +++++ lib/router.php | 6 +++--- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/actions/twitapistatuses.php b/actions/twitapistatuses.php index edee239a03..5e2867ea81 100644 --- a/actions/twitapistatuses.php +++ b/actions/twitapistatuses.php @@ -136,6 +136,11 @@ class TwitapistatusesAction extends TwitterapiAction } + function home_timeline($args, $apidata) + { + call_user_func(array($this, 'friends_timeline'), $args, $apidata); + } + function user_timeline($args, $apidata) { parent::handle($args); diff --git a/lib/router.php b/lib/router.php index 00e728f557..5309fe7530 100644 --- a/lib/router.php +++ b/lib/router.php @@ -268,12 +268,12 @@ class Router $m->connect('api/statuses/:method', array('action' => 'api', 'apiaction' => 'statuses'), - array('method' => '(public_timeline|friends_timeline|user_timeline|update|replies|mentions|show|friends|followers|featured)(\.(atom|rss|xml|json))?')); + array('method' => '(public_timeline|home_timeline|friends_timeline|user_timeline|update|replies|mentions|show|friends|followers|featured)(\.(atom|rss|xml|json))?')); $m->connect('api/statuses/:method/:argument', array('action' => 'api', 'apiaction' => 'statuses'), - array('method' => '(|user_timeline|friends_timeline|replies|mentions|show|destroy|friends|followers)')); + array('method' => '(user_timeline|home_timeline|friends_timeline|replies|mentions|show|destroy|friends|followers)')); // users @@ -432,7 +432,7 @@ class Router $m->connect('api/statuses/:method/:argument', array('action' => 'api', 'apiaction' => 'statuses'), - array('method' => '(|user_timeline|friends_timeline|replies|mentions|show|destroy|friends|followers)')); + array('method' => '(user_timeline|home_timeline|friends_timeline|replies|mentions|show|destroy|friends|followers)')); $m->connect('api/statusnet/groups/:method/:argument', array('action' => 'api', From bf3699105a010a291db283f1058df6ea064f0a56 Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Sun, 27 Sep 2009 20:21:16 -0700 Subject: [PATCH 02/36] Forgot to add home_timeline to the list of methods that only require bareauth. --- actions/api.php | 1 + 1 file changed, 1 insertion(+) diff --git a/actions/api.php b/actions/api.php index f425a8dcd7..dc1bdbeacb 100644 --- a/actions/api.php +++ b/actions/api.php @@ -139,6 +139,7 @@ class ApiAction extends Action static $bareauth = array('statuses/user_timeline', 'statuses/friends_timeline', + 'statuses/home_timeline', 'statuses/friends', 'statuses/replies', 'statuses/mentions', From 120a84593e5155d1243ab47bfad604311729c698 Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Sun, 27 Sep 2009 20:21:16 -0700 Subject: [PATCH 03/36] Forgot to add home_timeline to the list of methods that only require bareauth. --- actions/api.php | 1 + 1 file changed, 1 insertion(+) diff --git a/actions/api.php b/actions/api.php index f425a8dcd7..dc1bdbeacb 100644 --- a/actions/api.php +++ b/actions/api.php @@ -139,6 +139,7 @@ class ApiAction extends Action static $bareauth = array('statuses/user_timeline', 'statuses/friends_timeline', + 'statuses/home_timeline', 'statuses/friends', 'statuses/replies', 'statuses/mentions', From 92ac156cbe588f2fdf86ac8c3391e4057852ac77 Mon Sep 17 00:00:00 2001 From: Craig Andrews Date: Fri, 28 Aug 2009 16:18:05 -0400 Subject: [PATCH 04/36] Add % and ~ as valid characters in the path, querystring, and fragment parts of URLs --- lib/util.php | 10 +++++----- tests/URLDetectionTest.php | 4 ++++ 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/lib/util.php b/lib/util.php index 0b696662c1..0bb943ad86 100644 --- a/lib/util.php +++ b/lib/util.php @@ -421,7 +421,7 @@ function common_replace_urls_callback($text, $callback, $notice_id = null) { '|'. '(?:(?:mailto|aim|tel|xmpp):)'. ')'. - '(?:[\pN\pL\-\_\+]+(?::[\pN\pL\-\_\+]+)?\@)?'. //user:pass@ + '(?:[\pN\pL\-\_\+\%\~]+(?::[\pN\pL\-\_\+\%\~]+)?\@)?'. //user:pass@ '(?:'. '(?:'. '\[[\pN\pL\-\_\:\.]+(?127.0.0.1:99'), array('127.0.0.1/test.php', '127.0.0.1/test.php'), + array('127.0.0.1/~test', + '127.0.0.1/~test'), + array('127.0.0.1/test%20stuff', + '127.0.0.1/test%20stuff'), array('http://[::1]:99/test.php', 'http://[::1]:99/test.php'), array('http://::1/test.php', From 4312ea90aa46299bfd77454e441f9ecb867fadd1 Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Tue, 29 Sep 2009 09:12:44 -0400 Subject: [PATCH 05/36] stop overwriting created timestamp on group edit --- actions/editgroup.php | 1 - 1 file changed, 1 deletion(-) diff --git a/actions/editgroup.php b/actions/editgroup.php index cac910e9bc..652719a33d 100644 --- a/actions/editgroup.php +++ b/actions/editgroup.php @@ -244,7 +244,6 @@ class EditgroupAction extends GroupDesignAction $this->group->homepage = $homepage; $this->group->description = $description; $this->group->location = $location; - $this->group->created = common_sql_now(); $result = $this->group->update($orig); From b0ce2add41877091ba750b36387b45a476127526 Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Tue, 29 Sep 2009 17:43:45 -0400 Subject: [PATCH 06/36] move HTTP error code strings to class variables --- lib/clienterroraction.php | 43 +++++++++++++++++---------------------- lib/error.php | 6 ++++-- lib/servererroraction.php | 19 +++++++---------- 3 files changed, 30 insertions(+), 38 deletions(-) diff --git a/lib/clienterroraction.php b/lib/clienterroraction.php index 7d007a7567..1b98a10645 100644 --- a/lib/clienterroraction.php +++ b/lib/clienterroraction.php @@ -46,28 +46,28 @@ require_once INSTALLDIR.'/lib/error.php'; */ class ClientErrorAction extends ErrorAction { + static $status = array(400 => 'Bad Request', + 401 => 'Unauthorized', + 402 => 'Payment Required', + 403 => 'Forbidden', + 404 => 'Not Found', + 405 => 'Method Not Allowed', + 406 => 'Not Acceptable', + 407 => 'Proxy Authentication Required', + 408 => 'Request Timeout', + 409 => 'Conflict', + 410 => 'Gone', + 411 => 'Length Required', + 412 => 'Precondition Failed', + 413 => 'Request Entity Too Large', + 414 => 'Request-URI Too Long', + 415 => 'Unsupported Media Type', + 416 => 'Requested Range Not Satisfiable', + 417 => 'Expectation Failed'); + function __construct($message='Error', $code=400) { parent::__construct($message, $code); - - $this->status = array(400 => 'Bad Request', - 401 => 'Unauthorized', - 402 => 'Payment Required', - 403 => 'Forbidden', - 404 => 'Not Found', - 405 => 'Method Not Allowed', - 406 => 'Not Acceptable', - 407 => 'Proxy Authentication Required', - 408 => 'Request Timeout', - 409 => 'Conflict', - 410 => 'Gone', - 411 => 'Length Required', - 412 => 'Precondition Failed', - 413 => 'Request Entity Too Large', - 414 => 'Request-URI Too Long', - 415 => 'Unsupported Media Type', - 416 => 'Requested Range Not Satisfiable', - 417 => 'Expectation Failed'); $this->default = 400; } @@ -91,9 +91,4 @@ class ClientErrorAction extends ErrorAction $this->showPage(); } - - function title() - { - return $this->status[$this->code]; - } } diff --git a/lib/error.php b/lib/error.php index 0c521db081..6a9b76be11 100644 --- a/lib/error.php +++ b/lib/error.php @@ -44,9 +44,10 @@ if (!defined('STATUSNET') && !defined('LACONICA')) { */ class ErrorAction extends Action { + static $status = array(); + var $code = null; var $message = null; - var $status = null; var $default = null; function __construct($message, $code, $output='php://output', $indent=true) @@ -88,9 +89,10 @@ class ErrorAction extends Action * * @return page title */ + function title() { - return $this->message; + return self::$status[$this->code]; } function isReadOnly($args) diff --git a/lib/servererroraction.php b/lib/servererroraction.php index c6400605ea..0993a63bca 100644 --- a/lib/servererroraction.php +++ b/lib/servererroraction.php @@ -55,17 +55,17 @@ require_once INSTALLDIR.'/lib/error.php'; class ServerErrorAction extends ErrorAction { + static $status = array(500 => 'Internal Server Error', + 501 => 'Not Implemented', + 502 => 'Bad Gateway', + 503 => 'Service Unavailable', + 504 => 'Gateway Timeout', + 505 => 'HTTP Version Not Supported'); + function __construct($message='Error', $code=500) { parent::__construct($message, $code); - $this->status = array(500 => 'Internal Server Error', - 501 => 'Not Implemented', - 502 => 'Bad Gateway', - 503 => 'Service Unavailable', - 504 => 'Gateway Timeout', - 505 => 'HTTP Version Not Supported'); - $this->default = 500; // Server errors must be logged. @@ -93,9 +93,4 @@ class ServerErrorAction extends ErrorAction $this->showPage(); } - - function title() - { - return $this->status[$this->code]; - } } From f46084309b72e647ee6552669a009cf5b3fbff5a Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Tue, 29 Sep 2009 17:57:31 -0400 Subject: [PATCH 07/36] Twitter API returns server errors in preferred format --- actions/twitapistatuses.php | 2 +- lib/twitterapi.php | 56 ++++++++++++++++++++++--------------- 2 files changed, 34 insertions(+), 24 deletions(-) diff --git a/actions/twitapistatuses.php b/actions/twitapistatuses.php index 5e2867ea81..41887a68f4 100644 --- a/actions/twitapistatuses.php +++ b/actions/twitapistatuses.php @@ -297,7 +297,7 @@ class TwitapistatusesAction extends TwitterapiAction $source, 1, $reply_to); if (is_string($notice)) { - $this->serverError($notice); + $this->serverError($notice, 500, $apidata['content-type']); return; } diff --git a/lib/twitterapi.php b/lib/twitterapi.php index 638efba241..3bac400e2f 100644 --- a/lib/twitterapi.php +++ b/lib/twitterapi.php @@ -501,7 +501,7 @@ class TwitterapiAction extends Action $enclosure = $entry['enclosures'][0]; $this->element('enclosure', array('url'=>$enclosure['url'],'type'=>$enclosure['mimetype'],'length'=>$enclosure['size']), null); } - + if(array_key_exists('tags', $entry)){ foreach($entry['tags'] as $tag){ $this->element('category', null,$tag); @@ -939,35 +939,16 @@ class TwitterapiAction extends Action function clientError($msg, $code = 400, $content_type = 'json') { - - static $status = array(400 => 'Bad Request', - 401 => 'Unauthorized', - 402 => 'Payment Required', - 403 => 'Forbidden', - 404 => 'Not Found', - 405 => 'Method Not Allowed', - 406 => 'Not Acceptable', - 407 => 'Proxy Authentication Required', - 408 => 'Request Timeout', - 409 => 'Conflict', - 410 => 'Gone', - 411 => 'Length Required', - 412 => 'Precondition Failed', - 413 => 'Request Entity Too Large', - 414 => 'Request-URI Too Long', - 415 => 'Unsupported Media Type', - 416 => 'Requested Range Not Satisfiable', - 417 => 'Expectation Failed'); - $action = $this->trimmed('action'); common_debug("User error '$code' on '$action': $msg", __FILE__); - if (!array_key_exists($code, $status)) { + if (!array_key_exists($code, ClientErrorAction::$status)) { $code = 400; } - $status_string = $status[$code]; + $status_string = ClientErrorAction::$status[$code]; + header('HTTP/1.1 '.$code.' '.$status_string); if ($content_type == 'xml') { @@ -986,6 +967,35 @@ class TwitterapiAction extends Action } + function serverError($msg, $code = 500, $content_type = 'json') + { + $action = $this->trimmed('action'); + + common_debug("Server error '$code' on '$action': $msg", __FILE__); + + if (!array_key_exists($code, ServerErrorAction::$status)) { + $code = 400; + } + + $status_string = ServerErrorAction::$status[$code]; + + header('HTTP/1.1 '.$code.' '.$status_string); + + if ($content_type == 'xml') { + $this->init_document('xml'); + $this->elementStart('hash'); + $this->element('error', null, $msg); + $this->element('request', null, $_SERVER['REQUEST_URI']); + $this->elementEnd('hash'); + $this->end_document('xml'); + } else { + $this->init_document('json'); + $error_array = array('error' => $msg, 'request' => $_SERVER['REQUEST_URI']); + print(json_encode($error_array)); + $this->end_document('json'); + } + } + function init_twitter_rss() { $this->startXML(); From 3727b17c39a9dba97b08f15211e3631c82162fdf Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Fri, 9 Oct 2009 10:39:56 -0400 Subject: [PATCH 08/36] don't write session if it's unchanged --- classes/Session.php | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/classes/Session.php b/classes/Session.php index d641edbbe4..79a69a96ea 100644 --- a/classes/Session.php +++ b/classes/Session.php @@ -85,9 +85,18 @@ class Session extends Memcached_DataObject return $session->insert(); } else { - $session->session_data = $session_data; + if (strcmp($session->session_data, $session_data) == 0) { + self::logdeb("Not writing session '$id'; unchanged"); + return true; + } else { + self::logdeb("Session '$id' data changed; updating"); - return $session->update(); + $orig = clone($session); + + $session->session_data = $session_data; + + return $session->update($orig); + } } } From ed1ff81e948ca576ed439178c7d6482a09dc4140 Mon Sep 17 00:00:00 2001 From: Brion Vibber Date: Tue, 13 Oct 2009 16:54:57 +0000 Subject: [PATCH 09/36] Include long-form attachment URL in notice if URL shortening is disabled. Previously, the attachment URL would simply be dropped when shortening returned false instead of a short URL... the attachment was present if you clicked through to notice details but didn't appear in the timeline, making it nigh-impossible to see the attachment. --- actions/newnotice.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/actions/newnotice.php b/actions/newnotice.php index 00a822860e..115cfd580f 100644 --- a/actions/newnotice.php +++ b/actions/newnotice.php @@ -239,6 +239,10 @@ class NewnoticeAction extends Action $this->maybeAddRedir($fileRecord->id, $fileurl); $short_fileurl = common_shorten_url($fileurl); + if (!$short_fileurl) { + // todo -- Consider forcing default shortener if none selected? + $short_fileurl = $fileurl; + } $content_shortened .= ' ' . $short_fileurl; if (mb_strlen($content_shortened) > 140) { From d1e70b4e37149e09b2189957e2a869b4014a05c5 Mon Sep 17 00:00:00 2001 From: Brion Vibber Date: Tue, 13 Oct 2009 14:51:23 -0700 Subject: [PATCH 10/36] Commit upstream updates to php-gettext after the 1.0.7 release (but in 2006! :P) Fixes file magic checks on 64-bit systems. http://bazaar.launchpad.net/~danilo/php-gettext/trunk/revision/17 http://bazaar.launchpad.net/~danilo/php-gettext/trunk/revision/18 http://bazaar.launchpad.net/~danilo/php-gettext/trunk/revision/19 --- extlib/php-gettext/ChangeLog | 16 ++++++++++++++++ extlib/php-gettext/gettext.inc | 6 +++--- extlib/php-gettext/gettext.php | 6 +++--- 3 files changed, 22 insertions(+), 6 deletions(-) diff --git a/extlib/php-gettext/ChangeLog b/extlib/php-gettext/ChangeLog index 5e0949dfd7..ab77d80810 100644 --- a/extlib/php-gettext/ChangeLog +++ b/extlib/php-gettext/ChangeLog @@ -1,3 +1,19 @@ +2006-02-28 Danilo Šegan + + * gettext.php: Added some comments about these workarounds for + different PHP versions and architectures. + +2006-02-28 Danilo Šegan + + Fixes bug #15923. + + * gettext.php (gettext_reader): make magic check work on 64-bit + platforms as well (by Steffen Pingel). + +2006-02-20 Danilo Šegan + + * gettext.inc (_bindtextdomain): Use php_uname to detect Windows. + 2006-02-07 Danilo Šegan * examples/pigs_dropin.php: comment-out bind_textdomain_codeset diff --git a/extlib/php-gettext/gettext.inc b/extlib/php-gettext/gettext.inc index eb94b256a6..fcaafe7c9e 100644 --- a/extlib/php-gettext/gettext.inc +++ b/extlib/php-gettext/gettext.inc @@ -148,9 +148,9 @@ function _setlocale($category, $locale) { */ function _bindtextdomain($domain, $path) { global $text_domains; - // ensure $path ends with a slash - if ($path[strlen($path) - 1] != '/') $path .= '/'; - elseif ($path[strlen($path) - 1] != '\\') $path .= '\\'; + // ensure $path ends with a slash + if ($path[strlen($path) - 1] != '/') $path .= '/'; + elseif ($path[strlen($path) - 1] != '\\') $path .= '\\'; $text_domains[$domain]->path = $path; } diff --git a/extlib/php-gettext/gettext.php b/extlib/php-gettext/gettext.php index ad94a987b7..cd080444ca 100644 --- a/extlib/php-gettext/gettext.php +++ b/extlib/php-gettext/gettext.php @@ -102,16 +102,16 @@ class gettext_reader { // Caching can be turned off $this->enable_cache = $enable_cache; - // $MAGIC1 = (int)0x950412de; //bug in PHP 5 + // $MAGIC1 = (int)0x950412de; //bug in PHP 5.0.2, see https://savannah.nongnu.org/bugs/?func=detailitem&item_id=10565 $MAGIC1 = (int) - 1794895138; // $MAGIC2 = (int)0xde120495; //bug $MAGIC2 = (int) - 569244523; $this->STREAM = $Reader; $magic = $this->readint(); - if ($magic == $MAGIC1) { + if ($magic == ($MAGIC1 & 0xFFFFFFFF)) { // to make sure it works for 64-bit platforms $this->BYTEORDER = 0; - } elseif ($magic == $MAGIC2) { + } elseif ($magic == ($MAGIC2 & 0xFFFFFFFF)) { $this->BYTEORDER = 1; } else { $this->error = 1; // not MO file From d3bbf3ad24c27522694bfaed437897273069a1e8 Mon Sep 17 00:00:00 2001 From: Brion Vibber Date: Mon, 12 Oct 2009 22:36:17 +0000 Subject: [PATCH 11/36] Workaround for Facebook data store API behavior regression, fixes saving of empty notice prefix text in facebook settings. Filed bug upstream at http://bugs.developers.facebook.com/show_bug.cgi?id=7110 Per documentation, saving a pref value of "" or "0" will delete the pref key: http://wiki.developers.facebook.com/index.php/Data.setUserPreference which used to do what we want... Now Facebook throws back an error "Parameter value is required" when we do this. Workaround appends a space to empty string or "0" at save time, then trims the string when we load it. The input string was already trimmed at pref save time, so this won't alter any user-visible behavior. Thanks to ^demon in #mediawiki for pointing out the behavior regression after testing the identi.ca Facebook app! --- actions/facebooksettings.php | 11 +++++++++-- lib/facebookutil.php | 4 ++-- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/actions/facebooksettings.php b/actions/facebooksettings.php index 84bdde9101..b2b1d68071 100644 --- a/actions/facebooksettings.php +++ b/actions/facebooksettings.php @@ -58,8 +58,15 @@ class FacebooksettingsAction extends FacebookAction $this->flink->set_flags($noticesync, $replysync, false, false); $result = $this->flink->update($original); + if ($prefix == '' || $prefix == '0') { + // Facebook bug: saving empty strings to prefs now fails + // http://bugs.developers.facebook.com/show_bug.cgi?id=7110 + $trimmed = $prefix . ' '; + } else { + $trimmed = substr($prefix, 0, 128); + } $this->facebook->api_client->data_setUserPreference(FACEBOOK_NOTICE_PREFIX, - substr($prefix, 0, 128)); + $trimmed); if ($result === false) { $this->showForm(_('There was a problem saving your sync preferences!')); @@ -101,7 +108,7 @@ class FacebooksettingsAction extends FacebookAction $this->elementStart('li'); - $prefix = $this->facebook->api_client->data_getUserPreference(FACEBOOK_NOTICE_PREFIX); + $prefix = trim($this->facebook->api_client->data_getUserPreference(FACEBOOK_NOTICE_PREFIX)); $this->input('prefix', _('Prefix'), ($prefix) ? $prefix : null, diff --git a/lib/facebookutil.php b/lib/facebookutil.php index ad61b6f0a5..c29576b64c 100644 --- a/lib/facebookutil.php +++ b/lib/facebookutil.php @@ -99,8 +99,8 @@ function facebookBroadcastNotice($notice) // XXX: Does this call count against our per user FB request limit? // If so we should consider storing verb elsewhere or not storing - $prefix = $facebook->api_client->data_getUserPreference(FACEBOOK_NOTICE_PREFIX, - $fbuid); + $prefix = trim($facebook->api_client->data_getUserPreference(FACEBOOK_NOTICE_PREFIX, + $fbuid)); $status = "$prefix $notice->content"; From 66fca9e2a87f9b9c55174694c79f567c5c81518a Mon Sep 17 00:00:00 2001 From: Brenda Wallace Date: Mon, 31 Aug 2009 10:59:50 +1200 Subject: [PATCH 12/36] some typoes in comments that annoyed me, fixed now --- lib/twitteroauthclient.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/twitteroauthclient.php b/lib/twitteroauthclient.php index e37fa05f0a..bad2b74ca3 100644 --- a/lib/twitteroauthclient.php +++ b/lib/twitteroauthclient.php @@ -118,7 +118,7 @@ class TwitterOAuthClient extends OAuthClient } /** - * Calls Twitter's /stutuses/update API method + * Calls Twitter's /statuses/update API method * * @param string $status text of the status * @param int $in_reply_to_status_id optional id of the status it's @@ -137,7 +137,7 @@ class TwitterOAuthClient extends OAuthClient } /** - * Calls Twitter's /stutuses/friends_timeline API method + * Calls Twitter's /statuses/friends_timeline API method * * @param int $since_id show statuses after this id * @param int $max_id show statuses before this id @@ -167,7 +167,7 @@ class TwitterOAuthClient extends OAuthClient } /** - * Calls Twitter's /stutuses/friends API method + * Calls Twitter's /statuses/friends API method * * @param int $id id of the user whom you wish to see friends of * @param int $user_id numerical user id @@ -197,7 +197,7 @@ class TwitterOAuthClient extends OAuthClient } /** - * Calls Twitter's /stutuses/friends/ids API method + * Calls Twitter's /statuses/friends/ids API method * * @param int $id id of the user whom you wish to see friends of * @param int $user_id numerical user id From 490dfc6f5a4480cda3fdee8af66ea4e856cdf0e8 Mon Sep 17 00:00:00 2001 From: Eric Helgeson Date: Mon, 19 Oct 2009 20:08:20 -0400 Subject: [PATCH 13/36] Better check if site,server is configured. --- lib/util.php | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/lib/util.php b/lib/util.php index 047faeef0d..0052090f6a 100644 --- a/lib/util.php +++ b/lib/util.php @@ -760,12 +760,18 @@ function common_path($relative, $ssl=false) if (is_string(common_config('site', 'sslserver')) && mb_strlen(common_config('site', 'sslserver')) > 0) { $serverpart = common_config('site', 'sslserver'); - } else { + } else if (common_config('site', 'server')) { $serverpart = common_config('site', 'server'); + } else { + common_log(LOG_ERR, 'Site Sever not configured, unable to determine site name.'); } } else { $proto = 'http'; - $serverpart = common_config('site', 'server'); + if (common_config('site', 'server')) { + $serverpart = common_config('site', 'server'); + } else { + common_log(LOG_ERR, 'Site Sever not configured, unable to determine site name.'); + } } return $proto.'://'.$serverpart.'/'.$pathpart.$relative; From 8a31970ff8fe8a4e440501771756747370e2fa20 Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Tue, 20 Oct 2009 15:04:47 -0700 Subject: [PATCH 14/36] Twitter now puts out an error msg when the status param is empty. Updated our API to match. --- actions/twitapistatuses.php | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/actions/twitapistatuses.php b/actions/twitapistatuses.php index 360dff27cb..b0d3e584ba 100644 --- a/actions/twitapistatuses.php +++ b/actions/twitapistatuses.php @@ -236,11 +236,8 @@ class TwitapistatusesAction extends TwitterapiAction } if (empty($status)) { - - // XXX: Note: In this case, Twitter simply returns '200 OK' - // No error is given, but the status is not posted to the - // user's timeline. Seems bad. Shouldn't we throw an - // errror? -- Zach + $this->clientError(_('Client must provide a \'status\' parameter with a value.'), + $code = 403, $apidata['content-type']); return; } else { From f58daa873befbaee5a998e69622c046c8a978dee Mon Sep 17 00:00:00 2001 From: Jeffery To Date: Thu, 8 Oct 2009 10:00:31 +0800 Subject: [PATCH 15/36] Added getfile action --- lib/router.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/router.php b/lib/router.php index 5529e60acb..7455d9cf85 100644 --- a/lib/router.php +++ b/lib/router.php @@ -171,6 +171,10 @@ class Router array('action' => 'attachment_thumbnail'), array('attachment' => '[0-9]+')); + $m->connect('getfile/:filename', + array('action' => 'getfile'), + array('filename' => '[A-Za-z0-9._-]+')); + $m->connect('notice/new', array('action' => 'newnotice')); $m->connect('notice/new?replyto=:replyto', array('action' => 'newnotice'), From 3f06bfc042e34ce97e1f1476faadb67fc5edd282 Mon Sep 17 00:00:00 2001 From: Jeffery To Date: Thu, 8 Oct 2009 11:45:06 +0800 Subject: [PATCH 16/36] Actually commit the file this time --- actions/getfile.php | 145 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 145 insertions(+) create mode 100644 actions/getfile.php diff --git a/actions/getfile.php b/actions/getfile.php new file mode 100644 index 0000000000..ecda34c0f6 --- /dev/null +++ b/actions/getfile.php @@ -0,0 +1,145 @@ +. + * + * @category Personal + * @package StatusNet + * @author Jeffery To + * @copyright 2008-2009 StatusNet, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +if (!defined('STATUSNET') && !defined('LACONICA')) { + exit(1); +} + +require_once 'MIME/Type.php'; + +/** + * Action for getting a file attachment + * + * @category Personal + * @package StatusNet + * @author Jeffery To + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +class GetfileAction extends Action +{ + /** + * Path of file to return + */ + + var $path = null; + + /** + * Get file name + * + * @param array $args $_REQUEST array + * + * @return success flag + */ + + function prepare($args) + { + parent::prepare($args); + + $filename = $this->trimmed('filename'); + $path = null; + + if ($filename) { + $path = common_config('attachments', 'dir') . $filename; + } + + if (empty($path) or !file_exists($path)) { + $this->clientError(_('No such file.'), 404); + return false; + } + if (!is_readable($path)) { + $this->clientError(_('Cannot read file.'), 403); + return false; + } + + $this->path = $path; + return true; + } + + /** + * Is this page read-only? + * + * @return boolean true + */ + + function isReadOnly($args) + { + return true; + } + + /** + * Last-modified date for file + * + * @return int last-modified date as unix timestamp + */ + + function lastModified() + { + return filemtime($this->path); + } + + /** + * etag for file + * + * This returns the same data (inode, size, mtime) as Apache would, + * but in decimal instead of hex. + * + * @return string etag http header + */ + function etag() + { + $stat = stat($this->path); + return '"' . $stat['ino'] . '-' . $stat['size'] . '-' . $stat['mtime'] . '"'; + } + + /** + * Handle input, produce output + * + * @param array $args $_REQUEST contents + * + * @return void + */ + + function handle($args) + { + // undo headers set by PHP sessions + $sec = session_cache_expire() * 60; + header('Expires: ' . date(DATE_RFC1123, time() + $sec)); + header('Cache-Control: public, max-age=' . $sec); + header('Pragma: public'); + + parent::handle($args); + + $path = $this->path; + header('Content-Type: ' . MIME_Type::autoDetect($path)); + readfile($path); + } +} From 834a876dd0998464cade1cdd0fe2fe8c9ab17dcc Mon Sep 17 00:00:00 2001 From: Jeffery To Date: Thu, 8 Oct 2009 11:45:32 +0800 Subject: [PATCH 17/36] mod_rewrite rule for getfile --- htaccess.sample | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/htaccess.sample b/htaccess.sample index 37eb8e01ec..91ae9da9be 100644 --- a/htaccess.sample +++ b/htaccess.sample @@ -5,6 +5,14 @@ RewriteBase /mublog/ + # If your site is private and want to only allow logged-in users to + # be able to download file attachments, uncomment this rule. + # + # If you have a custom attachment path + # ($config['attachments']['path']), change "file/" to match. + # + #RewriteRule ^file/(.*) getfile/$1 + RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule (.*) index.php?p=$1 [L,QSA] From d2bac158cd0d4a25b3997cdd1ccadc5f08d65943 Mon Sep 17 00:00:00 2001 From: Jeffery To Date: Thu, 8 Oct 2009 12:13:33 +0800 Subject: [PATCH 18/36] Added some explanatory text to README --- README | 4 ++++ htaccess.sample | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/README b/README index 7562199811..f5b559e73d 100644 --- a/README +++ b/README @@ -755,6 +755,10 @@ private site, but users of the private site may be able to subscribe to users on a remote site. (Or not... it's not well tested.) The "proper behaviour" hasn't been defined here, so handle with care. +If fancy URLs is enabled, access to file attachments can also be +restricted to logged-in users only. Uncomment the appropriate rewrite +rule in .htaccess or your server's httpd.conf. + Upgrading ========= diff --git a/htaccess.sample b/htaccess.sample index 91ae9da9be..373108c816 100644 --- a/htaccess.sample +++ b/htaccess.sample @@ -5,8 +5,8 @@ RewriteBase /mublog/ - # If your site is private and want to only allow logged-in users to - # be able to download file attachments, uncomment this rule. + # If your site is private and want access to file attachments + # restricted to logged-in users only, uncomment this rule. # # If you have a custom attachment path # ($config['attachments']['path']), change "file/" to match. From afe663af82250d020fd9dff0646c91c8f3b41013 Mon Sep 17 00:00:00 2001 From: Jeffery To Date: Fri, 9 Oct 2009 10:06:34 +0800 Subject: [PATCH 19/36] Added bit about being incompatible with file attachment virtual server --- README | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README b/README index f5b559e73d..5cd3102705 100644 --- a/README +++ b/README @@ -757,7 +757,9 @@ to users on a remote site. (Or not... it's not well tested.) The If fancy URLs is enabled, access to file attachments can also be restricted to logged-in users only. Uncomment the appropriate rewrite -rule in .htaccess or your server's httpd.conf. +rule in .htaccess or your server's httpd.conf. (This most likely will +not work if you are using a virtual server for attachments, so consider +the performance/security tradeoff.) Upgrading ========= From dcca9fbec0cea9c5e15c4d58a8e9870514dfdbdd Mon Sep 17 00:00:00 2001 From: Sarven Capadisli Date: Fri, 30 Oct 2009 21:44:31 +0000 Subject: [PATCH 20/36] IE has some issue with notices that are sent with file attachments. It doesn't like the XHR response with XHTML DTD. New notices without the file attachment work fine. The rendered content (the anchor for the file attachment link) doesn't appear to be the issue. To fix this problem, I removed the XHTML DTD line from newnotice's XHR response. This is unnecessary for text/xml outputs that's intended for XHR responses any way. It just happens to fix an IE issue. Still a mystery to me as to why it is particular to notices with file attachments. --- actions/newnotice.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/actions/newnotice.php b/actions/newnotice.php index 8c0476f705..548832eca1 100644 --- a/actions/newnotice.php +++ b/actions/newnotice.php @@ -271,7 +271,9 @@ class NewnoticeAction extends Action common_broadcast_notice($notice); if ($this->boolean('ajax')) { - $this->startHTML('text/xml;charset=utf-8'); + header('Content-Type: text/xml;charset=utf-8'); + $this->xw->startDocument('1.0', 'UTF-8'); + $this->elementStart('html'); $this->elementStart('head'); $this->element('title', null, _('Notice posted')); $this->elementEnd('head'); From 9f7d390ad1ade40887398f0454e5aab4f0243fb9 Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Sat, 31 Oct 2009 12:18:38 -0400 Subject: [PATCH 21/36] update version to rc2 --- lib/common.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/common.php b/lib/common.php index 3de567cd93..016b04481d 100644 --- a/lib/common.php +++ b/lib/common.php @@ -19,7 +19,7 @@ if (!defined('STATUSNET') && !defined('LACONICA')) { exit(1); } -define('STATUSNET_VERSION', '0.8.2dev'); +define('STATUSNET_VERSION', '0.8.2rc2'); define('LACONICA_VERSION', STATUSNET_VERSION); // compatibility define('STATUSNET_CODENAME', 'Life and How to Live It'); From 8ce3adc76becfce9e7f8b572a9ba047f31f63043 Mon Sep 17 00:00:00 2001 From: Carlos Perilla Date: Tue, 1 Sep 2009 09:19:10 -0500 Subject: [PATCH 22/36] Fixes foaf notices, use Profile for information that's missing in Remote_profile --- actions/foaf.php | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/actions/foaf.php b/actions/foaf.php index 4dae9dfc19..356393304e 100644 --- a/actions/foaf.php +++ b/actions/foaf.php @@ -146,8 +146,10 @@ class FoafAction extends Action while ($sub->fetch()) { if ($sub->token) { $other = Remote_profile::staticGet('id', $sub->subscriber); + $profile = Profile::staticGet('id', $sub->subscriber); } else { $other = User::staticGet('id', $sub->subscriber); + $profile = Profile::staticGet('id', $sub->subscriber); } if (!$other) { common_debug('Got a bad subscription: '.print_r($sub,true)); @@ -158,12 +160,15 @@ class FoafAction extends Action } else { $person[$other->uri] = array(LISTENER, $other->id, - $other->nickname, + $profile->nickname, (empty($sub->token)) ? 'User' : 'Remote_profile'); } $other->free(); $other = null; unset($other); + $profile->free(); + $profile = null; + unset($profile); } } @@ -254,8 +259,10 @@ class FoafAction extends Action while ($sub->fetch()) { if (!empty($sub->token)) { $other = Remote_profile::staticGet('id', $sub->subscribed); + $profile = Profile::staticGet('id', $sub->subscribed); } else { $other = User::staticGet('id', $sub->subscribed); + $profile = Profile::staticGet('id', $sub->subscribed); } if (empty($other)) { common_debug('Got a bad subscription: '.print_r($sub,true)); @@ -264,11 +271,14 @@ class FoafAction extends Action $this->element('sioc:follows', array('rdf:resource' => $other->uri.'#acct')); $person[$other->uri] = array(LISTENEE, $other->id, - $other->nickname, + $profile->nickname, (empty($sub->token)) ? 'User' : 'Remote_profile'); $other->free(); $other = null; unset($other); + $profile->free(); + $profile = null; + unset($profile); } } From ae7d524fd89943a3b0f94169f486c68a5da833e6 Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Sat, 31 Oct 2009 13:35:20 -0400 Subject: [PATCH 23/36] add a README warning devs from fracking around in extlib/ --- extlib/README | 58 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 extlib/README diff --git a/extlib/README b/extlib/README new file mode 100644 index 0000000000..cfc2f9c8c4 --- /dev/null +++ b/extlib/README @@ -0,0 +1,58 @@ +DO NOT "FIX" CODE IN THIS DIRECTORY. + +ONLY UPSTREAM VERSIONS OF SOFTWARE GO IN THIS DIRECTORY. + +This directory is provided as a courtesy to our users who might be +unable or unwilling to find and install libraries we depend on. + +If we "fix" software in this directory, we hamstring users who do the +right thing and keep a single version of upstream libraries in a +system-wide library. We introduce subtle and maddening bugs where +our code is "accidentally" using the "wrong" library version. We may +unwittingly interfere with other software that depends on the +canonical release versions of those same libraries! + +Forking upstream software for trivial reasons makes us bad citizens in +the Open Source community and adds unnecessary heartache for our +users. Don't make us "that" project. + +FAQ: + +Q: What should we do when we find a bug in upstream software? + +A: First and foremost, REPORT THE BUG, and if possible send in a patch. + + Watch for a release of the upstream software and integrate with it + when it's released. + + In the meantime, work around the bug, if at all possible. Usually, + it's quite possible, if slightly harder or less efficient. + +Q: What if the bug can't be worked around? + +A: If the upstream developers have accepted a bug patch, it's + undesirable but acceptable to apply that patch to the library in + the extlib dir. Ideally, use a release version for upstream or a + version control system snapshot. + + Note that this is a last resort. + +Q: What if upstream is unresponsive or won't accept a patch? + +A: Try again. + +Q: I tried again, and upstream is still unresponsive and nobody's + checked on my patch. Now what? + +A: If the upstream project is moribund and there's a way to adopt it, + propose having the StatusNet dev team adopt the project. Or, adopt + it yourself. + +Q: What if there's no upstream authority and it can't be adopted? + +A: Then we fork it. Make a new name and a new version. Include it in + lib/ instead of extlib/, and use the StatusNet_* prefix to change + the namespace to avoid collisions. + + This is a last resort; consult with the rest of the dev group + before taking this radical step. From cf199a9b739eafea7a27eff947327befdcf001be Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Sat, 31 Oct 2009 14:19:26 -0400 Subject: [PATCH 24/36] updates to README --- README | 130 +++++++++++++++++++++++++++++++++++---------------------- 1 file changed, 81 insertions(+), 49 deletions(-) diff --git a/README b/README index e0d63e43c4..841423b7cb 100644 --- a/README +++ b/README @@ -3,7 +3,7 @@ README ------ StatusNet 0.8.2 ("Life and How to Live It") -26 Aug 2009 +1 Nov 2009 This is the README file for StatusNet (formerly Laconica), the Open Source microblogging platform. It includes installation instructions, @@ -77,49 +77,80 @@ for additional terms. New this version ================ -This is a minor feature and bugfix release since version 0.8.0, -released Jul 15 2009. Notable changes this version: +This is a minor feature and bugfix release since version 0.8.1, +released Aug 26 2009. Notable changes this version: -- Laconica has been renamed StatusNet. With a few minor compatibility - exceptions, all references to "Laconica" in code, documentation - and comments were changed to "StatusNet". -- A new plugin to support "infinite scroll". -- A new plugin to support reCaptcha . -- Better logging of server errors. -- Add an Openid-only mode for authentication. -- 'lite' parameter for some Twitter API methods. -- A new plugin to auto-complete nicknames for @-replies. -- Configuration options to disable OpenID, SMS, Twitter, post-by-email, and IM. -- Support for lighttpd using 404-based - rewrites. -- Support for using Twitter's OAuth authentication as a client. -- First version of the groups API. -- Can configure a site-wide design, including background image and - colors. -- Improved algorithm for replies and conversations, making - conversation trees more accurate and useful. -- Add a script to create a simulation database for testing/debugging. -- Sanitize HTML for OEmbed. -- Improved queue management for DB-based queuing. -- More complete URL detection. -- Hashtags now support full Unicode character set. -- Notice inboxes are now garbage-collected on a regular basis - at notice-write time. -- PiwikAnalyticsPlugin updated for latest Piwik interface. -- Attachment and notice pages can be embedded with OEmbed - . -- Failed authentication is logged. -- PostgreSQL schema and support brought up-to-date with 0.8.x features. -- The installer works with PostgreSQL as well as MySQL. -- RSS 1.0 feeds use HTTP Basic authentication in private mode. -- Many, many bug fixes, particularly with performance. -- Better (=working) garbage collection for old sessions. -- Better (=working) search queries. -- Some cleanup of HTML output. -- Better error handling when updating Facebook. -- Considerably better performance when using replication for API - calls. -- Initial unit tests. +- New script for deleting user accounts. Not particularly safe or + community-friendly. Better for deleting abusive accounts than for + users who are 'retiring'. +- Improved detection of URLs in notices, specifically for punctuation + chars like ~, :, $, _, -, +, !, @, and %. +- Removed some extra
semantic HTML code. +- Correct error in status-network database ini file (having multiple + statusnet sites with a single codebase) +- Fixed error output for Twitter posting failures. +- Fixed bug in Twitter queue handler that requeued inapplicable + notices ad infinitum. +- Improve FOAF output for remote users. +- new commands to join and leave groups. +- Fixed bug in which you cannot turn off importing friends timelines + flag. +- Better error handling in Twitter posting. +- Show oEmbed data for XHTML files as well as plain HTML. +- Updated bug database link in README. +- require HTML tidy extension. +- add support for HTTP Basic Auth in PHP CGI or FastCGI (e.g. GoDaddy). +- autofocus input to selected entry elements depending on page. +- updated layout for filter-by-tag form. +- better layout for inbox and outbox pages. +- fix highlighting search terms in attributes of notice list elements. +- Correctly handle errors in linkback plugin. +- Updated biz theme. +- Updated cloudy theme. +- Don't match '::' as an IPv6 address. +- Use the same decision logic for deciding whether to mark an + attachment as an enclosure in RSS or as a paperclip item in Web + output. +- Fixed a bug in the Piwik plugin that hard-coded the site ID. +- Add a param, inreplyto, to notice/new to allow an explicit response + to another notice. +- Show username in subject of emails. +- Check if avatar exists before trying to delete it. +- Correctly add omb_version to response for request token in OMB. +- Add a few more SMS carriers. +- Add a few more notice sources. +- Vary: header. +- Improvements to the AutoCompletePlugin. +- Check for 'dl' before using it. +- Make it impossible to delete self-subscriptions via the API. +- Fix pagination of tagged user pages. +- Make PiwikAnalyticsPlugin work with addPlugin(). +- Removed trailing single space in user nicknames in notice lists. +- Show context link if a notice starts a conversation. +- blacklist all files and directories in install dir. +- handle GoDaddy-style PATH_INFO, including script name. +- add home_timeline synonym for friends_timeline. +- Add a popup window for the realtime plugin. +- Add some more streams for the realtime plugin. +- Fix a bug that overwrote group creation timestamp on every edit. +- Moved HTTP error code strings to a class variable. +- The Twitter API now returns server errors in the correct format. +- Reset the doctype for HTML output. +- Fixed a number of notices. +- Don't show search suggestions for private sites. +- Some corrections to FBConnect nav overrides. +- Slightly less database-intensive session management. +- Updated name of software in installer script. +- Include long-form attachment URLs if url-shortener is disabled. +- Include updated localisations for Polish, Greek, Hebrew, Icelandic, + Norwegian, and Chinese. +- Include upstream fixes to gettext.php. +- Correct for regression in Facebook API for updates. +- Ignore "Sent from my iPhone" (and similar) in mail updates. +- Use the NICKNAME_FMT constant for detecting nicknames. +- Check for site servername config'd. +- Compatibility fix for empty status updates with Twitter API. +- Option to show files privately (EXPERIMENTAL! Use with caution.) Prerequisites ============= @@ -225,9 +256,9 @@ especially if you've previously installed PHP/MySQL packages. 1. Unpack the tarball you downloaded on your Web server. Usually a command like this will work: - tar zxf statusnet-0.8.1.tar.gz + tar zxf statusnet-0.8.2.tar.gz - ...which will make a statusnet-0.8.1 subdirectory in your current + ...which will make a statusnet-0.8.2 subdirectory in your current directory. (If you don't have shell access on your Web server, you may have to unpack the tarball on your local computer and FTP the files to the server.) @@ -235,7 +266,7 @@ especially if you've previously installed PHP/MySQL packages. 2. Move the tarball to a directory of your choosing in your Web root directory. Usually something like this will work: - mv statusnet-0.8.1 /var/www/mublog + mv statusnet-0.8.2 /var/www/mublog This will make your StatusNet instance available in the mublog path of your server, like "http://example.net/mublog". "microblog" or @@ -774,7 +805,7 @@ with this situation. If you've been using StatusNet 0.7, 0.6, 0.5 or lower, or if you've been tracking the "git" version of the software, you will probably want to upgrade and keep your existing data. There is no automated -upgrade procedure in StatusNet 0.8.1. Try these step-by-step +upgrade procedure in StatusNet 0.8.2. Try these step-by-step instructions; read to the end first before trying them. 0. Download StatusNet and set up all the prerequisites as if you were @@ -795,7 +826,7 @@ instructions; read to the end first before trying them. 5. Once all writing processes to your site are turned off, make a final backup of the Web directory and database. 6. Move your StatusNet directory to a backup spot, like "mublog.bak". -7. Unpack your StatusNet 0.8.1 tarball and move it to "mublog" or +7. Unpack your StatusNet 0.8.2 tarball and move it to "mublog" or wherever your code used to be. 8. Copy the config.php file and avatar directory from your old directory to your new directory. @@ -1568,7 +1599,7 @@ repository (see below), and you get a compilation error ("unexpected T_STRING") in the browser, check to see that you don't have any conflicts in your code. -If you upgraded to StatusNet 0.8.1 without reading the "Notice +If you upgraded to StatusNet 0.8.2 without reading the "Notice inboxes" section above, and all your users' 'Personal' tabs are empty, read the "Notice inboxes" section above. @@ -1676,6 +1707,7 @@ if anyone's been overlooked in error. * Jeffery To * Federico Marani * Craig Andrews +* mEDI Thanks also to the developers of our upstream library code and to the thousands of people who have tried out Identi.ca, installed StatusNet, From 4056a26017ddbb83a32777e8e5f5aeb7289b5e57 Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Sat, 31 Oct 2009 14:32:12 -0400 Subject: [PATCH 25/36] Revert "Added getfile action" This reverts commit f58daa873befbaee5a998e69622c046c8a978dee. --- lib/router.php | 4 ---- 1 file changed, 4 deletions(-) diff --git a/lib/router.php b/lib/router.php index 7455d9cf85..5529e60acb 100644 --- a/lib/router.php +++ b/lib/router.php @@ -171,10 +171,6 @@ class Router array('action' => 'attachment_thumbnail'), array('attachment' => '[0-9]+')); - $m->connect('getfile/:filename', - array('action' => 'getfile'), - array('filename' => '[A-Za-z0-9._-]+')); - $m->connect('notice/new', array('action' => 'newnotice')); $m->connect('notice/new?replyto=:replyto', array('action' => 'newnotice'), From ba89c891768b371e5358af4cdc76ff18e8b37672 Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Sat, 31 Oct 2009 14:32:15 -0400 Subject: [PATCH 26/36] Revert "Actually commit the file this time" This reverts commit 3f06bfc042e34ce97e1f1476faadb67fc5edd282. --- actions/getfile.php | 145 -------------------------------------------- 1 file changed, 145 deletions(-) delete mode 100644 actions/getfile.php diff --git a/actions/getfile.php b/actions/getfile.php deleted file mode 100644 index ecda34c0f6..0000000000 --- a/actions/getfile.php +++ /dev/null @@ -1,145 +0,0 @@ -. - * - * @category Personal - * @package StatusNet - * @author Jeffery To - * @copyright 2008-2009 StatusNet, Inc. - * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 - * @link http://status.net/ - */ - -if (!defined('STATUSNET') && !defined('LACONICA')) { - exit(1); -} - -require_once 'MIME/Type.php'; - -/** - * Action for getting a file attachment - * - * @category Personal - * @package StatusNet - * @author Jeffery To - * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 - * @link http://status.net/ - */ - -class GetfileAction extends Action -{ - /** - * Path of file to return - */ - - var $path = null; - - /** - * Get file name - * - * @param array $args $_REQUEST array - * - * @return success flag - */ - - function prepare($args) - { - parent::prepare($args); - - $filename = $this->trimmed('filename'); - $path = null; - - if ($filename) { - $path = common_config('attachments', 'dir') . $filename; - } - - if (empty($path) or !file_exists($path)) { - $this->clientError(_('No such file.'), 404); - return false; - } - if (!is_readable($path)) { - $this->clientError(_('Cannot read file.'), 403); - return false; - } - - $this->path = $path; - return true; - } - - /** - * Is this page read-only? - * - * @return boolean true - */ - - function isReadOnly($args) - { - return true; - } - - /** - * Last-modified date for file - * - * @return int last-modified date as unix timestamp - */ - - function lastModified() - { - return filemtime($this->path); - } - - /** - * etag for file - * - * This returns the same data (inode, size, mtime) as Apache would, - * but in decimal instead of hex. - * - * @return string etag http header - */ - function etag() - { - $stat = stat($this->path); - return '"' . $stat['ino'] . '-' . $stat['size'] . '-' . $stat['mtime'] . '"'; - } - - /** - * Handle input, produce output - * - * @param array $args $_REQUEST contents - * - * @return void - */ - - function handle($args) - { - // undo headers set by PHP sessions - $sec = session_cache_expire() * 60; - header('Expires: ' . date(DATE_RFC1123, time() + $sec)); - header('Cache-Control: public, max-age=' . $sec); - header('Pragma: public'); - - parent::handle($args); - - $path = $this->path; - header('Content-Type: ' . MIME_Type::autoDetect($path)); - readfile($path); - } -} From a5b3ad7bf5e83459cfb163df04e68a88e867b2cd Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Sat, 31 Oct 2009 14:33:24 -0400 Subject: [PATCH 27/36] Revert "Added bit about being incompatible with file attachment virtual server" This reverts commit afe663af82250d020fd9dff0646c91c8f3b41013. --- README | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/README b/README index 841423b7cb..c37893c5a7 100644 --- a/README +++ b/README @@ -788,9 +788,7 @@ to users on a remote site. (Or not... it's not well tested.) The If fancy URLs is enabled, access to file attachments can also be restricted to logged-in users only. Uncomment the appropriate rewrite -rule in .htaccess or your server's httpd.conf. (This most likely will -not work if you are using a virtual server for attachments, so consider -the performance/security tradeoff.) +rule in .htaccess or your server's httpd.conf. Upgrading ========= From 446de62d02f372b6755237ae61e08bfcd4bf5100 Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Sat, 31 Oct 2009 14:33:26 -0400 Subject: [PATCH 28/36] Revert "Added some explanatory text to README" This reverts commit d2bac158cd0d4a25b3997cdd1ccadc5f08d65943. --- README | 4 ---- htaccess.sample | 4 ++-- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/README b/README index c37893c5a7..9025512aaa 100644 --- a/README +++ b/README @@ -786,10 +786,6 @@ private site, but users of the private site may be able to subscribe to users on a remote site. (Or not... it's not well tested.) The "proper behaviour" hasn't been defined here, so handle with care. -If fancy URLs is enabled, access to file attachments can also be -restricted to logged-in users only. Uncomment the appropriate rewrite -rule in .htaccess or your server's httpd.conf. - Upgrading ========= diff --git a/htaccess.sample b/htaccess.sample index 373108c816..91ae9da9be 100644 --- a/htaccess.sample +++ b/htaccess.sample @@ -5,8 +5,8 @@ RewriteBase /mublog/ - # If your site is private and want access to file attachments - # restricted to logged-in users only, uncomment this rule. + # If your site is private and want to only allow logged-in users to + # be able to download file attachments, uncomment this rule. # # If you have a custom attachment path # ($config['attachments']['path']), change "file/" to match. From 7b5285c34692df865517ba823d14169d61fefa4c Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Sat, 31 Oct 2009 14:33:28 -0400 Subject: [PATCH 29/36] Revert "mod_rewrite rule for getfile" This reverts commit 834a876dd0998464cade1cdd0fe2fe8c9ab17dcc. --- htaccess.sample | 8 -------- 1 file changed, 8 deletions(-) diff --git a/htaccess.sample b/htaccess.sample index 91ae9da9be..37eb8e01ec 100644 --- a/htaccess.sample +++ b/htaccess.sample @@ -5,14 +5,6 @@ RewriteBase /mublog/ - # If your site is private and want to only allow logged-in users to - # be able to download file attachments, uncomment this rule. - # - # If you have a custom attachment path - # ($config['attachments']['path']), change "file/" to match. - # - #RewriteRule ^file/(.*) getfile/$1 - RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule (.*) index.php?p=$1 [L,QSA] From c637fe8cf07c22534e5227082ba81a12a8da3075 Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Sat, 31 Oct 2009 14:34:04 -0400 Subject: [PATCH 30/36] remove mention of getfile --- README | 1 - 1 file changed, 1 deletion(-) diff --git a/README b/README index 9025512aaa..b4c37e3aba 100644 --- a/README +++ b/README @@ -150,7 +150,6 @@ released Aug 26 2009. Notable changes this version: - Use the NICKNAME_FMT constant for detecting nicknames. - Check for site servername config'd. - Compatibility fix for empty status updates with Twitter API. -- Option to show files privately (EXPERIMENTAL! Use with caution.) Prerequisites ============= From 521bd68d7cafba2d534b22105133138d727e9119 Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Sat, 31 Oct 2009 14:43:01 -0400 Subject: [PATCH 31/36] revert revert on getfile --- lib/router.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/router.php b/lib/router.php index 2fd255fe6f..3223b0a265 100644 --- a/lib/router.php +++ b/lib/router.php @@ -577,6 +577,10 @@ class Router $m->connect('api/search.json', array('action' => 'twitapisearchjson')); $m->connect('api/trends.json', array('action' => 'twitapitrends')); + $m->connect('getfile/:filename', + array('action' => 'getfile'), + array('filename' => '[A-Za-z0-9._-]+')); + // user stuff foreach (array('subscriptions', 'subscribers', From d7da76ab6da1d17775d1d11eaf1a84528b1c4561 Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Sat, 31 Oct 2009 14:43:13 -0400 Subject: [PATCH 32/36] Revert "Revert "Actually commit the file this time"" This reverts commit ba89c891768b371e5358af4cdc76ff18e8b37672. --- actions/getfile.php | 145 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 145 insertions(+) create mode 100644 actions/getfile.php diff --git a/actions/getfile.php b/actions/getfile.php new file mode 100644 index 0000000000..ecda34c0f6 --- /dev/null +++ b/actions/getfile.php @@ -0,0 +1,145 @@ +. + * + * @category Personal + * @package StatusNet + * @author Jeffery To + * @copyright 2008-2009 StatusNet, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +if (!defined('STATUSNET') && !defined('LACONICA')) { + exit(1); +} + +require_once 'MIME/Type.php'; + +/** + * Action for getting a file attachment + * + * @category Personal + * @package StatusNet + * @author Jeffery To + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +class GetfileAction extends Action +{ + /** + * Path of file to return + */ + + var $path = null; + + /** + * Get file name + * + * @param array $args $_REQUEST array + * + * @return success flag + */ + + function prepare($args) + { + parent::prepare($args); + + $filename = $this->trimmed('filename'); + $path = null; + + if ($filename) { + $path = common_config('attachments', 'dir') . $filename; + } + + if (empty($path) or !file_exists($path)) { + $this->clientError(_('No such file.'), 404); + return false; + } + if (!is_readable($path)) { + $this->clientError(_('Cannot read file.'), 403); + return false; + } + + $this->path = $path; + return true; + } + + /** + * Is this page read-only? + * + * @return boolean true + */ + + function isReadOnly($args) + { + return true; + } + + /** + * Last-modified date for file + * + * @return int last-modified date as unix timestamp + */ + + function lastModified() + { + return filemtime($this->path); + } + + /** + * etag for file + * + * This returns the same data (inode, size, mtime) as Apache would, + * but in decimal instead of hex. + * + * @return string etag http header + */ + function etag() + { + $stat = stat($this->path); + return '"' . $stat['ino'] . '-' . $stat['size'] . '-' . $stat['mtime'] . '"'; + } + + /** + * Handle input, produce output + * + * @param array $args $_REQUEST contents + * + * @return void + */ + + function handle($args) + { + // undo headers set by PHP sessions + $sec = session_cache_expire() * 60; + header('Expires: ' . date(DATE_RFC1123, time() + $sec)); + header('Cache-Control: public, max-age=' . $sec); + header('Pragma: public'); + + parent::handle($args); + + $path = $this->path; + header('Content-Type: ' . MIME_Type::autoDetect($path)); + readfile($path); + } +} From f36162b218cd86a9281da2b5c50dc8db91e23ad5 Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Sat, 31 Oct 2009 14:44:32 -0400 Subject: [PATCH 33/36] Revert "Revert "Added bit about being incompatible with file attachment virtual server"" This reverts commit a5b3ad7bf5e83459cfb163df04e68a88e867b2cd. Conflicts: README --- README | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README b/README index 852b48667d..28f99405e3 100644 --- a/README +++ b/README @@ -686,6 +686,12 @@ private site, but users of the private site may be able to subscribe to users on a remote site. (Or not... it's not well tested.) The "proper behaviour" hasn't been defined here, so handle with care. +If fancy URLs is enabled, access to file attachments can also be +restricted to logged-in users only. Uncomment the appropriate rewrite +rule in .htaccess or your server's httpd.conf. (This most likely will +not work if you are using a virtual server for attachments, so consider +the performance/security tradeoff.) + Upgrading ========= From 65cbf05f607a93f4eb34e0019035cc167e2ef032 Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Sat, 31 Oct 2009 14:45:46 -0400 Subject: [PATCH 34/36] Revert "Revert "Added some explanatory text to README"" This reverts commit 446de62d02f372b6755237ae61e08bfcd4bf5100. Conflicts: README htaccess.sample --- README | 4 ++++ htaccess.sample | 8 ++++++++ 2 files changed, 12 insertions(+) diff --git a/README b/README index 28f99405e3..a0fb9ab0b2 100644 --- a/README +++ b/README @@ -688,9 +688,13 @@ to users on a remote site. (Or not... it's not well tested.) The If fancy URLs is enabled, access to file attachments can also be restricted to logged-in users only. Uncomment the appropriate rewrite +<<<<<<< HEAD:README rule in .htaccess or your server's httpd.conf. (This most likely will not work if you are using a virtual server for attachments, so consider the performance/security tradeoff.) +======= +rule in .htaccess or your server's httpd.conf. +>>>>>>> 446de62... Revert "Added some explanatory text to README":README Upgrading ========= diff --git a/htaccess.sample b/htaccess.sample index 37eb8e01ec..373108c816 100644 --- a/htaccess.sample +++ b/htaccess.sample @@ -5,6 +5,14 @@ RewriteBase /mublog/ + # If your site is private and want access to file attachments + # restricted to logged-in users only, uncomment this rule. + # + # If you have a custom attachment path + # ($config['attachments']['path']), change "file/" to match. + # + #RewriteRule ^file/(.*) getfile/$1 + RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule (.*) index.php?p=$1 [L,QSA] From 77311a362f2cff254c05207a4326ca6083560429 Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Sat, 31 Oct 2009 14:46:46 -0400 Subject: [PATCH 35/36] Revert "Revert "mod_rewrite rule for getfile"" This reverts commit 7b5285c34692df865517ba823d14169d61fefa4c. Conflicts: htaccess.sample --- htaccess.sample | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/htaccess.sample b/htaccess.sample index 373108c816..91ae9da9be 100644 --- a/htaccess.sample +++ b/htaccess.sample @@ -5,8 +5,8 @@ RewriteBase /mublog/ - # If your site is private and want access to file attachments - # restricted to logged-in users only, uncomment this rule. + # If your site is private and want to only allow logged-in users to + # be able to download file attachments, uncomment this rule. # # If you have a custom attachment path # ($config['attachments']['path']), change "file/" to match. From bed942271d772e6eed36c4c012c48460510564f1 Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Sat, 31 Oct 2009 14:47:00 -0400 Subject: [PATCH 36/36] Revert "remove mention of getfile" This reverts commit c637fe8cf07c22534e5227082ba81a12a8da3075. --- README | 1 + 1 file changed, 1 insertion(+) diff --git a/README b/README index a0fb9ab0b2..952c914fec 100644 --- a/README +++ b/README @@ -150,6 +150,7 @@ released Aug 26 2009. Notable changes this version: - Use the NICKNAME_FMT constant for detecting nicknames. - Check for site servername config'd. - Compatibility fix for empty status updates with Twitter API. +- Option to show files privately (EXPERIMENTAL! Use with caution.) Prerequisites =============