Merge branch '0.8.x' into testing

This commit is contained in:
Evan Prodromou 2009-10-31 12:16:30 -04:00
commit 5e27d53947
7 changed files with 176 additions and 8 deletions

6
README
View File

@ -755,6 +755,12 @@ private site, but users of the private site may be able to subscribe
to users on a remote site. (Or not... it's not well tested.) The to users on a remote site. (Or not... it's not well tested.) The
"proper behaviour" hasn't been defined here, so handle with care. "proper behaviour" hasn't been defined here, so handle with care.
If fancy URLs is enabled, access to file attachments can also be
restricted to logged-in users only. Uncomment the appropriate rewrite
rule in .htaccess or your server's httpd.conf. (This most likely will
not work if you are using a virtual server for attachments, so consider
the performance/security tradeoff.)
Upgrading Upgrading
========= =========

145
actions/getfile.php Normal file
View File

@ -0,0 +1,145 @@
<?php
/**
* StatusNet, the distributed open-source microblogging tool
*
* Returns a given file attachment, allowing private sites to only allow
* access to file attachments after login.
*
* PHP version 5
*
* LICENCE: This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* @category Personal
* @package StatusNet
* @author Jeffery To <jeffery.to@gmail.com>
* @copyright 2008-2009 StatusNet, Inc.
* @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
* @link http://status.net/
*/
if (!defined('STATUSNET') && !defined('LACONICA')) {
exit(1);
}
require_once 'MIME/Type.php';
/**
* Action for getting a file attachment
*
* @category Personal
* @package StatusNet
* @author Jeffery To <jeffery.to@gmail.com>
* @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
* @link http://status.net/
*/
class GetfileAction extends Action
{
/**
* Path of file to return
*/
var $path = null;
/**
* Get file name
*
* @param array $args $_REQUEST array
*
* @return success flag
*/
function prepare($args)
{
parent::prepare($args);
$filename = $this->trimmed('filename');
$path = null;
if ($filename) {
$path = common_config('attachments', 'dir') . $filename;
}
if (empty($path) or !file_exists($path)) {
$this->clientError(_('No such file.'), 404);
return false;
}
if (!is_readable($path)) {
$this->clientError(_('Cannot read file.'), 403);
return false;
}
$this->path = $path;
return true;
}
/**
* Is this page read-only?
*
* @return boolean true
*/
function isReadOnly($args)
{
return true;
}
/**
* Last-modified date for file
*
* @return int last-modified date as unix timestamp
*/
function lastModified()
{
return filemtime($this->path);
}
/**
* etag for file
*
* This returns the same data (inode, size, mtime) as Apache would,
* but in decimal instead of hex.
*
* @return string etag http header
*/
function etag()
{
$stat = stat($this->path);
return '"' . $stat['ino'] . '-' . $stat['size'] . '-' . $stat['mtime'] . '"';
}
/**
* Handle input, produce output
*
* @param array $args $_REQUEST contents
*
* @return void
*/
function handle($args)
{
// undo headers set by PHP sessions
$sec = session_cache_expire() * 60;
header('Expires: ' . date(DATE_RFC1123, time() + $sec));
header('Cache-Control: public, max-age=' . $sec);
header('Pragma: public');
parent::handle($args);
$path = $this->path;
header('Content-Type: ' . MIME_Type::autoDetect($path));
readfile($path);
}
}

View File

@ -271,7 +271,9 @@ class NewnoticeAction extends Action
common_broadcast_notice($notice); common_broadcast_notice($notice);
if ($this->boolean('ajax')) { if ($this->boolean('ajax')) {
$this->startHTML('text/xml;charset=utf-8'); header('Content-Type: text/xml;charset=utf-8');
$this->xw->startDocument('1.0', 'UTF-8');
$this->elementStart('html');
$this->elementStart('head'); $this->elementStart('head');
$this->element('title', null, _('Notice posted')); $this->element('title', null, _('Notice posted'));
$this->elementEnd('head'); $this->elementEnd('head');

View File

@ -236,11 +236,8 @@ class TwitapistatusesAction extends TwitterapiAction
} }
if (empty($status)) { if (empty($status)) {
$this->clientError(_('Client must provide a \'status\' parameter with a value.'),
// XXX: Note: In this case, Twitter simply returns '200 OK' $code = 403, $apidata['content-type']);
// No error is given, but the status is not posted to the
// user's timeline. Seems bad. Shouldn't we throw an
// errror? -- Zach
return; return;
} else { } else {

View File

@ -5,6 +5,14 @@
RewriteBase /mublog/ RewriteBase /mublog/
# If your site is private and want access to file attachments
# restricted to logged-in users only, uncomment this rule.
#
# If you have a custom attachment path
# ($config['attachments']['path']), change "file/" to match.
#
#RewriteRule ^file/(.*) getfile/$1
RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule (.*) index.php?p=$1 [L,QSA] RewriteRule (.*) index.php?p=$1 [L,QSA]

View File

@ -171,6 +171,10 @@ class Router
array('action' => 'attachment_thumbnail'), array('action' => 'attachment_thumbnail'),
array('attachment' => '[0-9]+')); array('attachment' => '[0-9]+'));
$m->connect('getfile/:filename',
array('action' => 'getfile'),
array('filename' => '[A-Za-z0-9._-]+'));
$m->connect('notice/new', array('action' => 'newnotice')); $m->connect('notice/new', array('action' => 'newnotice'));
$m->connect('notice/new?replyto=:replyto', $m->connect('notice/new?replyto=:replyto',
array('action' => 'newnotice'), array('action' => 'newnotice'),

View File

@ -760,12 +760,18 @@ function common_path($relative, $ssl=false)
if (is_string(common_config('site', 'sslserver')) && if (is_string(common_config('site', 'sslserver')) &&
mb_strlen(common_config('site', 'sslserver')) > 0) { mb_strlen(common_config('site', 'sslserver')) > 0) {
$serverpart = common_config('site', 'sslserver'); $serverpart = common_config('site', 'sslserver');
} else { } else if (common_config('site', 'server')) {
$serverpart = common_config('site', 'server'); $serverpart = common_config('site', 'server');
} else {
common_log(LOG_ERR, 'Site Sever not configured, unable to determine site name.');
} }
} else { } else {
$proto = 'http'; $proto = 'http';
if (common_config('site', 'server')) {
$serverpart = common_config('site', 'server'); $serverpart = common_config('site', 'server');
} else {
common_log(LOG_ERR, 'Site Sever not configured, unable to determine site name.');
}
} }
return $proto.'://'.$serverpart.'/'.$pathpart.$relative; return $proto.'://'.$serverpart.'/'.$pathpart.$relative;