From 66fca9e2a87f9b9c55174694c79f567c5c81518a Mon Sep 17 00:00:00 2001 From: Brenda Wallace Date: Mon, 31 Aug 2009 10:59:50 +1200 Subject: [PATCH 1/9] some typoes in comments that annoyed me, fixed now --- lib/twitteroauthclient.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/twitteroauthclient.php b/lib/twitteroauthclient.php index e37fa05f0a..bad2b74ca3 100644 --- a/lib/twitteroauthclient.php +++ b/lib/twitteroauthclient.php @@ -118,7 +118,7 @@ class TwitterOAuthClient extends OAuthClient } /** - * Calls Twitter's /stutuses/update API method + * Calls Twitter's /statuses/update API method * * @param string $status text of the status * @param int $in_reply_to_status_id optional id of the status it's @@ -137,7 +137,7 @@ class TwitterOAuthClient extends OAuthClient } /** - * Calls Twitter's /stutuses/friends_timeline API method + * Calls Twitter's /statuses/friends_timeline API method * * @param int $since_id show statuses after this id * @param int $max_id show statuses before this id @@ -167,7 +167,7 @@ class TwitterOAuthClient extends OAuthClient } /** - * Calls Twitter's /stutuses/friends API method + * Calls Twitter's /statuses/friends API method * * @param int $id id of the user whom you wish to see friends of * @param int $user_id numerical user id @@ -197,7 +197,7 @@ class TwitterOAuthClient extends OAuthClient } /** - * Calls Twitter's /stutuses/friends/ids API method + * Calls Twitter's /statuses/friends/ids API method * * @param int $id id of the user whom you wish to see friends of * @param int $user_id numerical user id From 490dfc6f5a4480cda3fdee8af66ea4e856cdf0e8 Mon Sep 17 00:00:00 2001 From: Eric Helgeson Date: Mon, 19 Oct 2009 20:08:20 -0400 Subject: [PATCH 2/9] Better check if site,server is configured. --- lib/util.php | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/lib/util.php b/lib/util.php index 047faeef0d..0052090f6a 100644 --- a/lib/util.php +++ b/lib/util.php @@ -760,12 +760,18 @@ function common_path($relative, $ssl=false) if (is_string(common_config('site', 'sslserver')) && mb_strlen(common_config('site', 'sslserver')) > 0) { $serverpart = common_config('site', 'sslserver'); - } else { + } else if (common_config('site', 'server')) { $serverpart = common_config('site', 'server'); + } else { + common_log(LOG_ERR, 'Site Sever not configured, unable to determine site name.'); } } else { $proto = 'http'; - $serverpart = common_config('site', 'server'); + if (common_config('site', 'server')) { + $serverpart = common_config('site', 'server'); + } else { + common_log(LOG_ERR, 'Site Sever not configured, unable to determine site name.'); + } } return $proto.'://'.$serverpart.'/'.$pathpart.$relative; From 8a31970ff8fe8a4e440501771756747370e2fa20 Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Tue, 20 Oct 2009 15:04:47 -0700 Subject: [PATCH 3/9] Twitter now puts out an error msg when the status param is empty. Updated our API to match. --- actions/twitapistatuses.php | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/actions/twitapistatuses.php b/actions/twitapistatuses.php index 360dff27cb..b0d3e584ba 100644 --- a/actions/twitapistatuses.php +++ b/actions/twitapistatuses.php @@ -236,11 +236,8 @@ class TwitapistatusesAction extends TwitterapiAction } if (empty($status)) { - - // XXX: Note: In this case, Twitter simply returns '200 OK' - // No error is given, but the status is not posted to the - // user's timeline. Seems bad. Shouldn't we throw an - // errror? -- Zach + $this->clientError(_('Client must provide a \'status\' parameter with a value.'), + $code = 403, $apidata['content-type']); return; } else { From f58daa873befbaee5a998e69622c046c8a978dee Mon Sep 17 00:00:00 2001 From: Jeffery To Date: Thu, 8 Oct 2009 10:00:31 +0800 Subject: [PATCH 4/9] Added getfile action --- lib/router.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/router.php b/lib/router.php index 5529e60acb..7455d9cf85 100644 --- a/lib/router.php +++ b/lib/router.php @@ -171,6 +171,10 @@ class Router array('action' => 'attachment_thumbnail'), array('attachment' => '[0-9]+')); + $m->connect('getfile/:filename', + array('action' => 'getfile'), + array('filename' => '[A-Za-z0-9._-]+')); + $m->connect('notice/new', array('action' => 'newnotice')); $m->connect('notice/new?replyto=:replyto', array('action' => 'newnotice'), From 3f06bfc042e34ce97e1f1476faadb67fc5edd282 Mon Sep 17 00:00:00 2001 From: Jeffery To Date: Thu, 8 Oct 2009 11:45:06 +0800 Subject: [PATCH 5/9] Actually commit the file this time --- actions/getfile.php | 145 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 145 insertions(+) create mode 100644 actions/getfile.php diff --git a/actions/getfile.php b/actions/getfile.php new file mode 100644 index 0000000000..ecda34c0f6 --- /dev/null +++ b/actions/getfile.php @@ -0,0 +1,145 @@ +. + * + * @category Personal + * @package StatusNet + * @author Jeffery To + * @copyright 2008-2009 StatusNet, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +if (!defined('STATUSNET') && !defined('LACONICA')) { + exit(1); +} + +require_once 'MIME/Type.php'; + +/** + * Action for getting a file attachment + * + * @category Personal + * @package StatusNet + * @author Jeffery To + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +class GetfileAction extends Action +{ + /** + * Path of file to return + */ + + var $path = null; + + /** + * Get file name + * + * @param array $args $_REQUEST array + * + * @return success flag + */ + + function prepare($args) + { + parent::prepare($args); + + $filename = $this->trimmed('filename'); + $path = null; + + if ($filename) { + $path = common_config('attachments', 'dir') . $filename; + } + + if (empty($path) or !file_exists($path)) { + $this->clientError(_('No such file.'), 404); + return false; + } + if (!is_readable($path)) { + $this->clientError(_('Cannot read file.'), 403); + return false; + } + + $this->path = $path; + return true; + } + + /** + * Is this page read-only? + * + * @return boolean true + */ + + function isReadOnly($args) + { + return true; + } + + /** + * Last-modified date for file + * + * @return int last-modified date as unix timestamp + */ + + function lastModified() + { + return filemtime($this->path); + } + + /** + * etag for file + * + * This returns the same data (inode, size, mtime) as Apache would, + * but in decimal instead of hex. + * + * @return string etag http header + */ + function etag() + { + $stat = stat($this->path); + return '"' . $stat['ino'] . '-' . $stat['size'] . '-' . $stat['mtime'] . '"'; + } + + /** + * Handle input, produce output + * + * @param array $args $_REQUEST contents + * + * @return void + */ + + function handle($args) + { + // undo headers set by PHP sessions + $sec = session_cache_expire() * 60; + header('Expires: ' . date(DATE_RFC1123, time() + $sec)); + header('Cache-Control: public, max-age=' . $sec); + header('Pragma: public'); + + parent::handle($args); + + $path = $this->path; + header('Content-Type: ' . MIME_Type::autoDetect($path)); + readfile($path); + } +} From 834a876dd0998464cade1cdd0fe2fe8c9ab17dcc Mon Sep 17 00:00:00 2001 From: Jeffery To Date: Thu, 8 Oct 2009 11:45:32 +0800 Subject: [PATCH 6/9] mod_rewrite rule for getfile --- htaccess.sample | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/htaccess.sample b/htaccess.sample index 37eb8e01ec..91ae9da9be 100644 --- a/htaccess.sample +++ b/htaccess.sample @@ -5,6 +5,14 @@ RewriteBase /mublog/ + # If your site is private and want to only allow logged-in users to + # be able to download file attachments, uncomment this rule. + # + # If you have a custom attachment path + # ($config['attachments']['path']), change "file/" to match. + # + #RewriteRule ^file/(.*) getfile/$1 + RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule (.*) index.php?p=$1 [L,QSA] From d2bac158cd0d4a25b3997cdd1ccadc5f08d65943 Mon Sep 17 00:00:00 2001 From: Jeffery To Date: Thu, 8 Oct 2009 12:13:33 +0800 Subject: [PATCH 7/9] Added some explanatory text to README --- README | 4 ++++ htaccess.sample | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/README b/README index 7562199811..f5b559e73d 100644 --- a/README +++ b/README @@ -755,6 +755,10 @@ private site, but users of the private site may be able to subscribe to users on a remote site. (Or not... it's not well tested.) The "proper behaviour" hasn't been defined here, so handle with care. +If fancy URLs is enabled, access to file attachments can also be +restricted to logged-in users only. Uncomment the appropriate rewrite +rule in .htaccess or your server's httpd.conf. + Upgrading ========= diff --git a/htaccess.sample b/htaccess.sample index 91ae9da9be..373108c816 100644 --- a/htaccess.sample +++ b/htaccess.sample @@ -5,8 +5,8 @@ RewriteBase /mublog/ - # If your site is private and want to only allow logged-in users to - # be able to download file attachments, uncomment this rule. + # If your site is private and want access to file attachments + # restricted to logged-in users only, uncomment this rule. # # If you have a custom attachment path # ($config['attachments']['path']), change "file/" to match. From afe663af82250d020fd9dff0646c91c8f3b41013 Mon Sep 17 00:00:00 2001 From: Jeffery To Date: Fri, 9 Oct 2009 10:06:34 +0800 Subject: [PATCH 8/9] Added bit about being incompatible with file attachment virtual server --- README | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README b/README index f5b559e73d..5cd3102705 100644 --- a/README +++ b/README @@ -757,7 +757,9 @@ to users on a remote site. (Or not... it's not well tested.) The If fancy URLs is enabled, access to file attachments can also be restricted to logged-in users only. Uncomment the appropriate rewrite -rule in .htaccess or your server's httpd.conf. +rule in .htaccess or your server's httpd.conf. (This most likely will +not work if you are using a virtual server for attachments, so consider +the performance/security tradeoff.) Upgrading ========= From dcca9fbec0cea9c5e15c4d58a8e9870514dfdbdd Mon Sep 17 00:00:00 2001 From: Sarven Capadisli Date: Fri, 30 Oct 2009 21:44:31 +0000 Subject: [PATCH 9/9] IE has some issue with notices that are sent with file attachments. It doesn't like the XHR response with XHTML DTD. New notices without the file attachment work fine. The rendered content (the anchor for the file attachment link) doesn't appear to be the issue. To fix this problem, I removed the XHTML DTD line from newnotice's XHR response. This is unnecessary for text/xml outputs that's intended for XHR responses any way. It just happens to fix an IE issue. Still a mystery to me as to why it is particular to notices with file attachments. --- actions/newnotice.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/actions/newnotice.php b/actions/newnotice.php index 8c0476f705..548832eca1 100644 --- a/actions/newnotice.php +++ b/actions/newnotice.php @@ -271,7 +271,9 @@ class NewnoticeAction extends Action common_broadcast_notice($notice); if ($this->boolean('ajax')) { - $this->startHTML('text/xml;charset=utf-8'); + header('Content-Type: text/xml;charset=utf-8'); + $this->xw->startDocument('1.0', 'UTF-8'); + $this->elementStart('html'); $this->elementStart('head'); $this->element('title', null, _('Notice posted')); $this->elementEnd('head');