| 
									
										
										
										
											2010-10-15 13:33:26 -07:00
										 |  |  | <?php | 
					
						
							| 
									
										
										
										
											2019-06-11 18:37:10 +01:00
										 |  |  | // This file is part of GNU social - https://www.gnu.org/software/social
 | 
					
						
							|  |  |  | //
 | 
					
						
							|  |  |  | // GNU social is free software: you can redistribute it and/or modify
 | 
					
						
							|  |  |  | // it under the terms of the GNU Affero General Public License as published by
 | 
					
						
							|  |  |  | // the Free Software Foundation, either version 3 of the License, or
 | 
					
						
							|  |  |  | // (at your option) any later version.
 | 
					
						
							|  |  |  | //
 | 
					
						
							|  |  |  | // GNU social is distributed in the hope that it will be useful,
 | 
					
						
							|  |  |  | // but WITHOUT ANY WARRANTY; without even the implied warranty of
 | 
					
						
							|  |  |  | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 | 
					
						
							|  |  |  | // GNU Affero General Public License for more details.
 | 
					
						
							|  |  |  | //
 | 
					
						
							|  |  |  | // You should have received a copy of the GNU Affero General Public License
 | 
					
						
							|  |  |  | // along with GNU social.  If not, see <http://www.gnu.org/licenses/>.
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /** | 
					
						
							|  |  |  |  * Bootstrapping code to initialize the application. | 
					
						
							| 
									
										
										
										
											2010-10-15 13:33:26 -07:00
										 |  |  |  * | 
					
						
							| 
									
										
										
										
											2019-06-11 18:37:10 +01:00
										 |  |  |  * @package   GNUsocial | 
					
						
							|  |  |  |  * @author    Evan Prodromou | 
					
						
							| 
									
										
										
										
											2019-08-02 02:50:48 +01:00
										 |  |  |  * @author    Shashi Gowda <connect2shashi@gmail.com> | 
					
						
							|  |  |  |  * @author    Neil E. Hodges <47hasbegun@gmail.com> | 
					
						
							|  |  |  |  * @author    Brion Vibber <brion@pobox.com> | 
					
						
							| 
									
										
										
										
											2019-06-11 18:37:10 +01:00
										 |  |  |  * @author    Mikael Nordfeldth <mmn@hethane.se> | 
					
						
							| 
									
										
										
										
											2019-08-02 02:50:48 +01:00
										 |  |  |  * @author    Diogo Cordeiro <diogo@fc.up.pt> | 
					
						
							| 
									
										
										
										
											2019-06-11 18:37:10 +01:00
										 |  |  |  * @copyright 2010-2019 Free Software Foundation, Inc http://www.fsf.org | 
					
						
							|  |  |  |  * @license   https://www.gnu.org/licenses/agpl.html GNU AGPL v3 or later | 
					
						
							| 
									
										
										
										
											2010-10-15 13:33:26 -07:00
										 |  |  |  */ | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-06-11 18:37:10 +01:00
										 |  |  | defined('GNUSOCIAL') || die(); | 
					
						
							| 
									
										
										
										
											2010-10-15 13:33:26 -07:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-10-30 16:28:59 +01:00
										 |  |  | define('GNUSOCIAL_ENGINE', 'GNU social'); | 
					
						
							|  |  |  | define('GNUSOCIAL_ENGINE_URL', 'https://www.gnu.org/software/social/'); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-03-11 21:23:55 -06:00
										 |  |  | define('GNUSOCIAL_BASE_VERSION', '2.0.0'); | 
					
						
							| 
									
										
										
											
												[MEDIA] File downloader now in PHP, added proper name in the UI and changed the format for new attachment file names
The file downloader was changed from a simple redirect to the file to one
implemented in PHP, which should make it safer, by making it possible disallow
direct access to the file, to prevent executing of atttachments
The filename has a new format:
  bin2hex("{$original_name}")."-{$filehash}"
This format should be respected. Notice the dash, which is important to distinguish it from the previous
format, which was "{$hash}.{$ext}"
This change was made to both make the experience more user friendly, by
providing a readable name for files, as opposed to it's hash. This name is taken
from the upload filename, but, clearly, as this wasn't done before, it's
impossible to have a proper name for older files, so those are displayed as
"untitled.{$ext}".
This new name is displayed in the UI, instead of the previous name.
											
										 
											2019-06-11 02:42:33 +01:00
										 |  |  | define('GNUSOCIAL_LIFECYCLE', 'dev'); // 'dev', 'alpha[0-9]+', 'beta[0-9]+', 'rc[0-9]+', 'release'
 | 
					
						
							| 
									
										
										
										
											2011-01-12 18:14:57 -05:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-10-27 11:27:12 +01:00
										 |  |  | define('GNUSOCIAL_VERSION', GNUSOCIAL_BASE_VERSION . '-' . GNUSOCIAL_LIFECYCLE); | 
					
						
							| 
									
										
										
										
											2010-10-15 13:33:26 -07:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-03-11 21:23:55 -06:00
										 |  |  | define('GNUSOCIAL_CODENAME', 'THIS. IS. GNU social!!!!'); | 
					
						
							| 
									
										
										
										
											2010-10-15 13:33:26 -07:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-06-06 22:11:50 +02:00
										 |  |  | define('AVATAR_PROFILE_SIZE', 96); | 
					
						
							|  |  |  | define('AVATAR_STREAM_SIZE', 48); | 
					
						
							|  |  |  | define('AVATAR_MINI_SIZE', 24); | 
					
						
							| 
									
										
										
										
											2010-10-15 13:33:26 -07:00
										 |  |  | 
 | 
					
						
							|  |  |  | define('NOTICES_PER_PAGE', 20); | 
					
						
							|  |  |  | define('PROFILES_PER_PAGE', 20); | 
					
						
							| 
									
										
										
										
											2011-03-16 11:11:06 -07:00
										 |  |  | define('MESSAGES_PER_PAGE', 20); | 
					
						
							| 
									
										
										
										
											2012-05-14 10:06:37 +02:00
										 |  |  | define('GROUPS_PER_PAGE', 20); | 
					
						
							| 
									
										
										
										
											2015-07-16 18:52:43 +02:00
										 |  |  | define('APPS_PER_PAGE', 20); | 
					
						
							| 
									
										
										
										
											2015-09-27 22:51:11 +02:00
										 |  |  | define('PEOPLETAGS_PER_PAGE', 20); | 
					
						
							| 
									
										
										
										
											2010-10-15 13:33:26 -07:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2015-06-05 14:07:03 +02:00
										 |  |  | define('GROUPS_PER_MINILIST', 8); | 
					
						
							|  |  |  | define('PROFILES_PER_MINILIST', 8); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-10-15 13:33:26 -07:00
										 |  |  | define('FOREIGN_NOTICE_SEND', 1); | 
					
						
							|  |  |  | define('FOREIGN_NOTICE_RECV', 2); | 
					
						
							|  |  |  | define('FOREIGN_NOTICE_SEND_REPLY', 4); | 
					
						
							| 
									
										
										
										
											2016-03-19 03:23:26 -07:00
										 |  |  | define('FOREIGN_NOTICE_SEND_REPEAT', 8); | 
					
						
							| 
									
										
										
										
											2010-10-15 13:33:26 -07:00
										 |  |  | 
 | 
					
						
							|  |  |  | define('FOREIGN_FRIEND_SEND', 1); | 
					
						
							|  |  |  | define('FOREIGN_FRIEND_RECV', 2); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | define('NOTICE_INBOX_SOURCE_SUB', 1); | 
					
						
							|  |  |  | define('NOTICE_INBOX_SOURCE_GROUP', 2); | 
					
						
							|  |  |  | define('NOTICE_INBOX_SOURCE_REPLY', 3); | 
					
						
							|  |  |  | define('NOTICE_INBOX_SOURCE_FORWARD', 4); | 
					
						
							| 
									
										
										
										
											2011-03-06 23:33:39 +05:30
										 |  |  | define('NOTICE_INBOX_SOURCE_PROFILE_TAG', 5); | 
					
						
							| 
									
										
										
										
											2010-10-15 13:33:26 -07:00
										 |  |  | define('NOTICE_INBOX_SOURCE_GATEWAY', -1); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-03-09 15:05:36 +01:00
										 |  |  | /** | 
					
						
							|  |  |  |  * StatusNet had this string as valid path characters: '\pN\pL\,\!\(\)\.\:\-\_\+\/\=\&\;\%\~\*\$\'\@' | 
					
						
							|  |  |  |  * Some of those characters can be troublesome when auto-linking plain text. Such as "http://some.com/)" | 
					
						
							|  |  |  |  * URL encoding should be used whenever a weird character is used, the following strings are not definitive. | 
					
						
							|  |  |  |  */ | 
					
						
							| 
									
										
										
										
											2019-08-02 02:50:48 +01:00
										 |  |  | define('URL_REGEX_VALID_PATH_CHARS', '\pN\pL\,\!\.\:\-\_\+\/\@\=\;\%\~\*\(\)'); | 
					
						
							|  |  |  | define('URL_REGEX_VALID_QSTRING_CHARS', URL_REGEX_VALID_PATH_CHARS . '\&'); | 
					
						
							|  |  |  | define('URL_REGEX_VALID_FRAGMENT_CHARS', URL_REGEX_VALID_QSTRING_CHARS . '\?\#'); | 
					
						
							|  |  |  | define('URL_REGEX_EXCLUDED_END_CHARS', '\?\.\,\!\#\:\'');  // don't include these if they are directly after a URL
 | 
					
						
							| 
									
										
										
										
											2017-04-22 11:07:38 +02:00
										 |  |  | define('URL_REGEX_DOMAIN_NAME', '(?:(?!-)[A-Za-z0-9\-]{1,63}(?<!-)\.)+[A-Za-z]{2,10}'); | 
					
						
							| 
									
										
										
										
											2016-03-09 14:51:52 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-03-11 21:23:55 -06:00
										 |  |  | // Autoload composer dependencies
 | 
					
						
							|  |  |  | require_once INSTALLDIR . '/vendor/autoload.php'; | 
					
						
							| 
									
										
										
										
											2010-10-15 13:33:26 -07:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-03-11 21:23:55 -06:00
										 |  |  | // append our extlib dir as the last-resort place to find libs
 | 
					
						
							| 
									
										
										
										
											2010-10-15 13:33:26 -07:00
										 |  |  | set_include_path(get_include_path() . PATH_SEPARATOR . INSTALLDIR . '/extlib/'); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-03-22 11:54:23 -04:00
										 |  |  | // global configuration object
 | 
					
						
							| 
									
										
										
										
											2010-10-15 13:33:26 -07:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2013-10-04 20:49:07 +02:00
										 |  |  | require_once 'PEAR.php'; | 
					
						
							|  |  |  | require_once 'PEAR/Exception.php'; | 
					
						
							|  |  |  | global $_PEAR; | 
					
						
							|  |  |  | $_PEAR = new PEAR; | 
					
						
							|  |  |  | $_PEAR->setErrorHandling(PEAR_ERROR_CALLBACK, 'PEAR_ErrorToPEAR_Exception'); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | require_once 'DB.php'; | 
					
						
							|  |  |  | require_once 'DB/DataObject.php'; | 
					
						
							|  |  |  | require_once 'DB/DataObject/Cast.php'; # for dates
 | 
					
						
							|  |  |  | global $_DB; | 
					
						
							|  |  |  | $_DB = new DB; | 
					
						
							| 
									
										
										
										
											2010-10-15 13:33:26 -07:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-08-23 13:36:02 +01:00
										 |  |  | require_once INSTALLDIR . '/lib/util/language.php'; | 
					
						
							| 
									
										
										
										
											2010-10-15 13:33:26 -07:00
										 |  |  | 
 | 
					
						
							|  |  |  | // This gets included before the config file, so that admin code and plugins
 | 
					
						
							|  |  |  | // can use it
 | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-08-23 13:36:02 +01:00
										 |  |  | require_once INSTALLDIR . '/lib/util/event.php'; | 
					
						
							| 
									
										
										
										
											2019-08-12 15:03:30 +01:00
										 |  |  | require_once INSTALLDIR . '/lib/modules/Module.php'; | 
					
						
							| 
									
										
										
										
											2019-08-02 02:50:48 +01:00
										 |  |  | require_once INSTALLDIR . '/lib/modules/Plugin.php'; | 
					
						
							| 
									
										
										
										
											2010-10-15 13:33:26 -07:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-08-02 02:50:48 +01:00
										 |  |  | function addPlugin($name, array $attrs = []) | 
					
						
							| 
									
										
										
										
											2010-10-15 13:33:26 -07:00
										 |  |  | { | 
					
						
							| 
									
										
										
										
											2015-02-27 12:44:15 +01:00
										 |  |  |     return GNUsocial::addPlugin($name, $attrs); | 
					
						
							| 
									
										
										
										
											2010-10-15 13:33:26 -07:00
										 |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | function _have_config() | 
					
						
							|  |  |  | { | 
					
						
							| 
									
										
										
										
											2015-02-27 12:44:15 +01:00
										 |  |  |     return GNUsocial::haveConfig(); | 
					
						
							| 
									
										
										
										
											2010-10-15 13:33:26 -07:00
										 |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-18 10:46:24 +01:00
										 |  |  | function GNUsocial_class_autoload($cls) | 
					
						
							| 
									
										
										
										
											2010-10-15 13:33:26 -07:00
										 |  |  | { | 
					
						
							| 
									
										
										
										
											2019-08-23 23:25:36 +01:00
										 |  |  |     if (mb_substr($cls, -6) == 'Action' && | 
					
						
							|  |  |  |         file_exists(($file = INSTALLDIR . '/actions/' . strtolower(mb_substr($cls, 0, -6)) . '.php'))) { | 
					
						
							|  |  |  |         require_once $file; | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     $lib_path = INSTALLDIR . '/lib/'; | 
					
						
							|  |  |  |     $lib_dirs = array_map(function ($dir) { | 
					
						
							|  |  |  |                              return '/lib/' . $dir . '/'; | 
					
						
							|  |  |  |                           }, | 
					
						
							|  |  |  |                               array_filter(scandir($lib_path), | 
					
						
							|  |  |  |                                            function ($dir) use ($lib_path) { | 
					
						
							|  |  |  |                                                // Filter out files and both hidden and implicit folders
 | 
					
						
							|  |  |  |                                                return $dir[0] != '.' && is_dir($lib_path . $dir); | 
					
						
							|  |  |  |                                            })); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     $found = false; | 
					
						
							|  |  |  |     foreach (array_merge(['/classes/'], $lib_dirs) as $dir) { | 
					
						
							|  |  |  |         $file = (in_array($dir, ['/classes/', '/lib/modules/'])) ? $cls : strtolower($cls); | 
					
						
							|  |  |  |         $inc = INSTALLDIR . $dir . $file . '.php'; | 
					
						
							|  |  |  |         if (file_exists($inc)) { | 
					
						
							|  |  |  |             $found = (require_once $inc); | 
					
						
							|  |  |  |             break; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     if (!$found) { | 
					
						
							|  |  |  |         Event::handle('Autoload', [&$cls]); | 
					
						
							| 
									
										
										
										
											2010-10-15 13:33:26 -07:00
										 |  |  |     } | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-18 11:20:58 +01:00
										 |  |  | // Autoload function queue, starting with our own discovery method
 | 
					
						
							| 
									
										
										
										
											2014-03-18 10:46:24 +01:00
										 |  |  | spl_autoload_register('GNUsocial_class_autoload'); | 
					
						
							| 
									
										
										
										
											2010-10-15 13:33:26 -07:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2014-03-18 11:20:58 +01:00
										 |  |  | /** | 
					
						
							|  |  |  |  * Extlibs with namespaces (or directly in extlib/) | 
					
						
							|  |  |  |  * This covers libraries such as: Validate and \Michelf\Markdown | 
					
						
							|  |  |  |  * | 
					
						
							|  |  |  |  * The namespaced based structure is called "PSR-0 autoloading standard": | 
					
						
							|  |  |  |  *    \<Vendor Name>\(<Namespace>\)*<Class Name> | 
					
						
							|  |  |  |  * and is available here: http://www.php-fig.org/psr/psr-0/ | 
					
						
							| 
									
										
										
										
											2019-08-02 02:50:48 +01:00
										 |  |  |  */ | 
					
						
							|  |  |  | spl_autoload_register(function ($class) { | 
					
						
							| 
									
										
										
										
											2019-08-23 23:25:36 +01:00
										 |  |  |     if ($class === 'OAuthRequest' || $class === 'OAuthException') { | 
					
						
							|  |  |  |         $class_base = 'OAuth.php'; | 
					
						
							|  |  |  |     } else { | 
					
						
							|  |  |  |         $class_base = preg_replace('{\\\\|_(?!.*\\\\)}', DIRECTORY_SEPARATOR, ltrim($class, '\\')); | 
					
						
							|  |  |  |     } | 
					
						
							| 
									
										
										
										
											2019-08-02 02:50:48 +01:00
										 |  |  |     $file = INSTALLDIR . "/extlib/{$class_base}.php"; | 
					
						
							| 
									
										
										
										
											2014-03-18 10:46:24 +01:00
										 |  |  |     if (file_exists($file)) { | 
					
						
							|  |  |  |         require_once $file; | 
					
						
							| 
									
										
										
										
											2015-09-03 17:52:04 +02:00
										 |  |  |         return; | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     # Try if the system has this external library
 | 
					
						
							| 
									
										
										
										
											2016-01-28 18:57:36 +01:00
										 |  |  |     $file = "/usr/share/php/{$class_base}.php"; | 
					
						
							| 
									
										
										
										
											2015-09-03 17:52:04 +02:00
										 |  |  |     if (file_exists($file)) { | 
					
						
							|  |  |  |         require_once $file; | 
					
						
							|  |  |  |         return; | 
					
						
							| 
									
										
										
										
											2014-03-18 10:46:24 +01:00
										 |  |  |     } | 
					
						
							|  |  |  | }); | 
					
						
							| 
									
										
										
										
											2019-08-23 13:36:02 +01:00
										 |  |  | require_once INSTALLDIR . '/lib/util/util.php'; | 
					
						
							|  |  |  | require_once INSTALLDIR . '/lib/action/action.php'; | 
					
						
							|  |  |  | require_once INSTALLDIR . '/lib/util/mail.php'; | 
					
						
							| 
									
										
										
										
											2010-10-15 13:33:26 -07:00
										 |  |  | 
 | 
					
						
							|  |  |  | //set PEAR error handling to use regular PHP exceptions
 | 
					
						
							| 
									
										
										
										
											2015-04-20 00:26:16 +02:00
										 |  |  | function PEAR_ErrorToPEAR_Exception(PEAR_Error $err) | 
					
						
							| 
									
										
										
										
											2010-10-15 13:33:26 -07:00
										 |  |  | { | 
					
						
							|  |  |  |     //DB_DataObject throws error when an empty set would be returned
 | 
					
						
							|  |  |  |     //That behavior is weird, and not how the rest of StatusNet works.
 | 
					
						
							|  |  |  |     //So just ignore those errors.
 | 
					
						
							|  |  |  |     if ($err->getCode() == DB_DATAOBJECT_ERROR_NODATA) { | 
					
						
							|  |  |  |         return; | 
					
						
							|  |  |  |     } | 
					
						
							| 
									
										
										
										
											2011-09-30 10:46:51 -04:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-08-02 02:50:48 +01:00
										 |  |  |     $msg = $err->getMessage(); | 
					
						
							| 
									
										
										
										
											2011-09-30 10:46:51 -04:00
										 |  |  |     $userInfo = $err->getUserInfo(); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     // Log this; push the message up as an exception
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     common_log(LOG_ERR, "PEAR Error: $msg ($userInfo)"); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-06-11 18:37:10 +01:00
										 |  |  |     // HACK: queue handlers get kicked by the long-query killer, and
 | 
					
						
							| 
									
										
										
										
											2011-11-26 09:54:41 -05:00
										 |  |  |     // keep the same broken connection. We die here to get a new
 | 
					
						
							|  |  |  |     // process started.
 | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2011-11-26 10:20:32 -05:00
										 |  |  |     if (php_sapi_name() == 'cli' && preg_match('/nativecode=2006/', $userInfo)) { | 
					
						
							| 
									
										
										
										
											2011-11-26 09:54:41 -05:00
										 |  |  |         common_log(LOG_ERR, "Lost DB connection; dying."); | 
					
						
							|  |  |  |         exit(100); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2010-10-15 13:33:26 -07:00
										 |  |  |     if ($err->getCode()) { | 
					
						
							|  |  |  |         throw new PEAR_Exception($err->getMessage(), $err->getCode()); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  |     throw new PEAR_Exception($err->getMessage()); | 
					
						
							|  |  |  | } |