Default supported files need to use consistent names. Bumped version to 1.20.0 ImageFile has been changed to extend MediaFile and rely on it to partially validate files. This validation has been extended to not rely solely on Fileinfo, as it is disabled on some places. Now it'll try to use the shell command `file`, if Fileinfo isn't available. ImageFile now converts every new upload to PNG, except JPEG and GIF, which are kept, but still resized (to the same size), to remove possible scripts embedded therein. MediaFile::fromUpload will return an ImageFile if the uploaded file is an image or a MediaFile otherwise. MediaFile can be constructed with an id with value -1 to denote a temporary object, which is not added to the DB. This is useful to create a temporary object for representing images, so it can be used to rescale them. The supported attachment array needs to be populated with the result of calling `image_type_to_extension` for the appropriate image type, in the case of images. This is important so all parts of the code see the same extension for each image type (jpg vs jpeg). Added documentation to classes/File.php and to lib/MediaFile and lib/ImageFile
		
			
				
	
	
		
			203 lines
		
	
	
		
			7.0 KiB
		
	
	
	
		
			PHP
		
	
	
	
	
	
			
		
		
	
	
			203 lines
		
	
	
		
			7.0 KiB
		
	
	
	
		
			PHP
		
	
	
	
	
	
| <?php
 | |
| /*
 | |
|  * StatusNet - the distributed open-source microblogging tool
 | |
|  * Copyright (C) 2008-2010, StatusNet, Inc.
 | |
|  *
 | |
|  * This program is free software: you can redistribute it and/or modify
 | |
|  * it under the terms of the GNU Affero General Public License as published by
 | |
|  * the Free Software Foundation, either version 3 of the License, or
 | |
|  * (at your option) any later version.
 | |
|  *
 | |
|  * This program is distributed in the hope that it will be useful,
 | |
|  * but WITHOUT ANY WARRANTY; without even the implied warranty of
 | |
|  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 | |
|  * GNU Affero General Public License for more details.
 | |
|  *
 | |
|  * You should have received a copy of the GNU Affero General Public License
 | |
|  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 | |
|  */
 | |
| 
 | |
| if (!defined('GNUSOCIAL')) { exit(1); }
 | |
| 
 | |
| define('GNUSOCIAL_ENGINE', 'GNU social');
 | |
| define('GNUSOCIAL_ENGINE_URL', 'https://www.gnu.org/software/social/');
 | |
| 
 | |
| define('GNUSOCIAL_BASE_VERSION', '1.20.0');
 | |
| define('GNUSOCIAL_LIFECYCLE', 'rc0'); // 'dev', 'alpha[0-9]+', 'beta[0-9]+', 'rc[0-9]+', 'release'
 | |
| 
 | |
| define('GNUSOCIAL_VERSION', GNUSOCIAL_BASE_VERSION . '-' . GNUSOCIAL_LIFECYCLE);
 | |
| 
 | |
| define('GNUSOCIAL_CODENAME', 'Not decided yet');
 | |
| 
 | |
| define('AVATAR_PROFILE_SIZE', 96);
 | |
| define('AVATAR_STREAM_SIZE', 48);
 | |
| define('AVATAR_MINI_SIZE', 24);
 | |
| 
 | |
| define('NOTICES_PER_PAGE', 20);
 | |
| define('PROFILES_PER_PAGE', 20);
 | |
| define('MESSAGES_PER_PAGE', 20);
 | |
| define('GROUPS_PER_PAGE', 20);
 | |
| define('APPS_PER_PAGE', 20);
 | |
| define('PEOPLETAGS_PER_PAGE', 20);
 | |
| 
 | |
| define('GROUPS_PER_MINILIST', 8);
 | |
| define('PROFILES_PER_MINILIST', 8);
 | |
| 
 | |
| define('FOREIGN_NOTICE_SEND', 1);
 | |
| define('FOREIGN_NOTICE_RECV', 2);
 | |
| define('FOREIGN_NOTICE_SEND_REPLY', 4);
 | |
| define('FOREIGN_NOTICE_SEND_REPEAT', 8);
 | |
| 
 | |
| define('FOREIGN_FRIEND_SEND', 1);
 | |
| define('FOREIGN_FRIEND_RECV', 2);
 | |
| 
 | |
| define('NOTICE_INBOX_SOURCE_SUB', 1);
 | |
| define('NOTICE_INBOX_SOURCE_GROUP', 2);
 | |
| define('NOTICE_INBOX_SOURCE_REPLY', 3);
 | |
| define('NOTICE_INBOX_SOURCE_FORWARD', 4);
 | |
| define('NOTICE_INBOX_SOURCE_PROFILE_TAG', 5);
 | |
| define('NOTICE_INBOX_SOURCE_GATEWAY', -1);
 | |
| 
 | |
| /**
 | |
|  * StatusNet had this string as valid path characters: '\pN\pL\,\!\(\)\.\:\-\_\+\/\=\&\;\%\~\*\$\'\@'
 | |
|  * Some of those characters can be troublesome when auto-linking plain text. Such as "http://some.com/)"
 | |
|  * URL encoding should be used whenever a weird character is used, the following strings are not definitive.
 | |
|  */
 | |
| define('URL_REGEX_VALID_PATH_CHARS',        '\pN\pL\,\!\.\:\-\_\+\/\@\=\;\%\~\*');
 | |
| define('URL_REGEX_VALID_QSTRING_CHARS',     URL_REGEX_VALID_PATH_CHARS    . '\&');
 | |
| define('URL_REGEX_VALID_FRAGMENT_CHARS',    URL_REGEX_VALID_QSTRING_CHARS . '\?\#');
 | |
| define('URL_REGEX_EXCLUDED_END_CHARS',      '\?\.\,\!\#\:\'');  // don't include these if they are directly after a URL
 | |
| define('URL_REGEX_DOMAIN_NAME', '(?:(?!-)[A-Za-z0-9\-]{1,63}(?<!-)\.)+[A-Za-z]{2,10}');
 | |
| 
 | |
| // append our extlib dir as the last-resort place to find libs
 | |
| 
 | |
| set_include_path(get_include_path() . PATH_SEPARATOR . INSTALLDIR . '/extlib/');
 | |
| 
 | |
| // To protect against upstream libraries which haven't updated
 | |
| // for PHP 5.3 where dl() function may not be present...
 | |
| if (!function_exists('dl')) {
 | |
|     // function_exists() returns false for things in disable_functions,
 | |
|     // but they still exist and we'll die if we try to redefine them.
 | |
|     //
 | |
|     // Fortunately trying to call the disabled one will only trigger
 | |
|     // a warning, not a fatal, so it's safe to leave it for our case.
 | |
|     // Callers will be suppressing warnings anyway.
 | |
|     $disabled = array_filter(array_map('trim', explode(',', ini_get('disable_functions'))));
 | |
|     if (!in_array('dl', $disabled)) {
 | |
|         function dl($library) {
 | |
|             return false;
 | |
|         }
 | |
|     }
 | |
| }
 | |
| 
 | |
| // global configuration object
 | |
| 
 | |
| require_once 'PEAR.php';
 | |
| require_once 'PEAR/Exception.php';
 | |
| global $_PEAR;
 | |
| $_PEAR = new PEAR;
 | |
| $_PEAR->setErrorHandling(PEAR_ERROR_CALLBACK, 'PEAR_ErrorToPEAR_Exception');
 | |
| 
 | |
| require_once 'DB.php';
 | |
| require_once 'DB/DataObject.php';
 | |
| require_once 'DB/DataObject/Cast.php'; # for dates
 | |
| global $_DB;
 | |
| $_DB = new DB;
 | |
| 
 | |
| require_once(INSTALLDIR.'/lib/language.php');
 | |
| 
 | |
| // This gets included before the config file, so that admin code and plugins
 | |
| // can use it
 | |
| 
 | |
| require_once(INSTALLDIR.'/lib/event.php');
 | |
| require_once(INSTALLDIR.'/lib/plugin.php');
 | |
| 
 | |
| function addPlugin($name, array $attrs=array())
 | |
| {
 | |
|     return GNUsocial::addPlugin($name, $attrs);
 | |
| }
 | |
| 
 | |
| function _have_config()
 | |
| {
 | |
|     return GNUsocial::haveConfig();
 | |
| }
 | |
| 
 | |
| function GNUsocial_class_autoload($cls)
 | |
| {
 | |
|     if (file_exists(INSTALLDIR.'/classes/' . $cls . '.php')) {
 | |
|         require_once(INSTALLDIR.'/classes/' . $cls . '.php');
 | |
|     } else if (file_exists(INSTALLDIR.'/lib/' . strtolower($cls) . '.php')) {
 | |
|         require_once(INSTALLDIR.'/lib/' . strtolower($cls) . '.php');
 | |
|     } else if (mb_substr($cls, -6) == 'Action' &&
 | |
|                file_exists(INSTALLDIR.'/actions/' . strtolower(mb_substr($cls, 0, -6)) . '.php')) {
 | |
|         require_once(INSTALLDIR.'/actions/' . strtolower(mb_substr($cls, 0, -6)) . '.php');
 | |
|     } else if ($cls === 'OAuthRequest' || $cls === 'OAuthException') {
 | |
|         require_once('OAuth.php');
 | |
|     } else {
 | |
|         Event::handle('Autoload', array(&$cls));
 | |
|     }
 | |
| }
 | |
| 
 | |
| // Autoload function queue, starting with our own discovery method
 | |
| spl_autoload_register('GNUsocial_class_autoload');
 | |
| 
 | |
| /**
 | |
|  * Extlibs with namespaces (or directly in extlib/)
 | |
|  * This covers libraries such as: Validate and \Michelf\Markdown
 | |
|  *
 | |
|  * The namespaced based structure is called "PSR-0 autoloading standard":
 | |
|  *    \<Vendor Name>\(<Namespace>\)*<Class Name>
 | |
|  * and is available here: http://www.php-fig.org/psr/psr-0/
 | |
| */
 | |
| spl_autoload_register(function($class){
 | |
|     $class_base = preg_replace('{\\\\|_(?!.*\\\\)}', DIRECTORY_SEPARATOR, ltrim($class, '\\'));
 | |
|     $file = INSTALLDIR."/extlib/{$class_base}.php";
 | |
|     if (file_exists($file)) {
 | |
|         require_once $file;
 | |
|         return;
 | |
|     }
 | |
| 
 | |
|     # Try if the system has this external library
 | |
|     $file = "/usr/share/php/{$class_base}.php";
 | |
|     if (file_exists($file)) {
 | |
|         require_once $file;
 | |
|         return;
 | |
|     }
 | |
| });
 | |
| 
 | |
| require_once INSTALLDIR.'/lib/util.php';
 | |
| require_once INSTALLDIR.'/lib/action.php';
 | |
| require_once INSTALLDIR.'/lib/mail.php';
 | |
| 
 | |
| //set PEAR error handling to use regular PHP exceptions
 | |
| function PEAR_ErrorToPEAR_Exception(PEAR_Error $err)
 | |
| {
 | |
|     //DB_DataObject throws error when an empty set would be returned
 | |
|     //That behavior is weird, and not how the rest of StatusNet works.
 | |
|     //So just ignore those errors.
 | |
|     if ($err->getCode() == DB_DATAOBJECT_ERROR_NODATA) {
 | |
|         return;
 | |
|     }
 | |
| 
 | |
|     $msg      = $err->getMessage();
 | |
|     $userInfo = $err->getUserInfo();
 | |
| 
 | |
|     // Log this; push the message up as an exception
 | |
| 
 | |
|     common_log(LOG_ERR, "PEAR Error: $msg ($userInfo)");
 | |
| 
 | |
|     // HACK: queue handlers get kicked by the long-query killer, and 
 | |
|     // keep the same broken connection. We die here to get a new
 | |
|     // process started.
 | |
| 
 | |
|     if (php_sapi_name() == 'cli' && preg_match('/nativecode=2006/', $userInfo)) {
 | |
|         common_log(LOG_ERR, "Lost DB connection; dying.");
 | |
|         exit(100);
 | |
|     }
 | |
| 
 | |
|     if ($err->getCode()) {
 | |
|         throw new PEAR_Exception($err->getMessage(), $err->getCode());
 | |
|     }
 | |
|     throw new PEAR_Exception($err->getMessage());
 | |
| }
 |