forked from GNUsocial/gnu-social
Merge branch '0.8.x' into testing
This commit is contained in:
commit
5e27d53947
6
README
6
README
@ -755,6 +755,12 @@ private site, but users of the private site may be able to subscribe
|
||||
to users on a remote site. (Or not... it's not well tested.) The
|
||||
"proper behaviour" hasn't been defined here, so handle with care.
|
||||
|
||||
If fancy URLs is enabled, access to file attachments can also be
|
||||
restricted to logged-in users only. Uncomment the appropriate rewrite
|
||||
rule in .htaccess or your server's httpd.conf. (This most likely will
|
||||
not work if you are using a virtual server for attachments, so consider
|
||||
the performance/security tradeoff.)
|
||||
|
||||
Upgrading
|
||||
=========
|
||||
|
||||
|
145
actions/getfile.php
Normal file
145
actions/getfile.php
Normal file
@ -0,0 +1,145 @@
|
||||
<?php
|
||||
/**
|
||||
* StatusNet, the distributed open-source microblogging tool
|
||||
*
|
||||
* Returns a given file attachment, allowing private sites to only allow
|
||||
* access to file attachments after login.
|
||||
*
|
||||
* PHP version 5
|
||||
*
|
||||
* LICENCE: This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as published by
|
||||
* the Free Software Foundation, either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*
|
||||
* @category Personal
|
||||
* @package StatusNet
|
||||
* @author Jeffery To <jeffery.to@gmail.com>
|
||||
* @copyright 2008-2009 StatusNet, Inc.
|
||||
* @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
|
||||
* @link http://status.net/
|
||||
*/
|
||||
|
||||
if (!defined('STATUSNET') && !defined('LACONICA')) {
|
||||
exit(1);
|
||||
}
|
||||
|
||||
require_once 'MIME/Type.php';
|
||||
|
||||
/**
|
||||
* Action for getting a file attachment
|
||||
*
|
||||
* @category Personal
|
||||
* @package StatusNet
|
||||
* @author Jeffery To <jeffery.to@gmail.com>
|
||||
* @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
|
||||
* @link http://status.net/
|
||||
*/
|
||||
|
||||
class GetfileAction extends Action
|
||||
{
|
||||
/**
|
||||
* Path of file to return
|
||||
*/
|
||||
|
||||
var $path = null;
|
||||
|
||||
/**
|
||||
* Get file name
|
||||
*
|
||||
* @param array $args $_REQUEST array
|
||||
*
|
||||
* @return success flag
|
||||
*/
|
||||
|
||||
function prepare($args)
|
||||
{
|
||||
parent::prepare($args);
|
||||
|
||||
$filename = $this->trimmed('filename');
|
||||
$path = null;
|
||||
|
||||
if ($filename) {
|
||||
$path = common_config('attachments', 'dir') . $filename;
|
||||
}
|
||||
|
||||
if (empty($path) or !file_exists($path)) {
|
||||
$this->clientError(_('No such file.'), 404);
|
||||
return false;
|
||||
}
|
||||
if (!is_readable($path)) {
|
||||
$this->clientError(_('Cannot read file.'), 403);
|
||||
return false;
|
||||
}
|
||||
|
||||
$this->path = $path;
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Is this page read-only?
|
||||
*
|
||||
* @return boolean true
|
||||
*/
|
||||
|
||||
function isReadOnly($args)
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Last-modified date for file
|
||||
*
|
||||
* @return int last-modified date as unix timestamp
|
||||
*/
|
||||
|
||||
function lastModified()
|
||||
{
|
||||
return filemtime($this->path);
|
||||
}
|
||||
|
||||
/**
|
||||
* etag for file
|
||||
*
|
||||
* This returns the same data (inode, size, mtime) as Apache would,
|
||||
* but in decimal instead of hex.
|
||||
*
|
||||
* @return string etag http header
|
||||
*/
|
||||
function etag()
|
||||
{
|
||||
$stat = stat($this->path);
|
||||
return '"' . $stat['ino'] . '-' . $stat['size'] . '-' . $stat['mtime'] . '"';
|
||||
}
|
||||
|
||||
/**
|
||||
* Handle input, produce output
|
||||
*
|
||||
* @param array $args $_REQUEST contents
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
|
||||
function handle($args)
|
||||
{
|
||||
// undo headers set by PHP sessions
|
||||
$sec = session_cache_expire() * 60;
|
||||
header('Expires: ' . date(DATE_RFC1123, time() + $sec));
|
||||
header('Cache-Control: public, max-age=' . $sec);
|
||||
header('Pragma: public');
|
||||
|
||||
parent::handle($args);
|
||||
|
||||
$path = $this->path;
|
||||
header('Content-Type: ' . MIME_Type::autoDetect($path));
|
||||
readfile($path);
|
||||
}
|
||||
}
|
@ -271,7 +271,9 @@ class NewnoticeAction extends Action
|
||||
common_broadcast_notice($notice);
|
||||
|
||||
if ($this->boolean('ajax')) {
|
||||
$this->startHTML('text/xml;charset=utf-8');
|
||||
header('Content-Type: text/xml;charset=utf-8');
|
||||
$this->xw->startDocument('1.0', 'UTF-8');
|
||||
$this->elementStart('html');
|
||||
$this->elementStart('head');
|
||||
$this->element('title', null, _('Notice posted'));
|
||||
$this->elementEnd('head');
|
||||
|
@ -236,11 +236,8 @@ class TwitapistatusesAction extends TwitterapiAction
|
||||
}
|
||||
|
||||
if (empty($status)) {
|
||||
|
||||
// XXX: Note: In this case, Twitter simply returns '200 OK'
|
||||
// No error is given, but the status is not posted to the
|
||||
// user's timeline. Seems bad. Shouldn't we throw an
|
||||
// errror? -- Zach
|
||||
$this->clientError(_('Client must provide a \'status\' parameter with a value.'),
|
||||
$code = 403, $apidata['content-type']);
|
||||
return;
|
||||
|
||||
} else {
|
||||
|
@ -5,6 +5,14 @@
|
||||
|
||||
RewriteBase /mublog/
|
||||
|
||||
# If your site is private and want access to file attachments
|
||||
# restricted to logged-in users only, uncomment this rule.
|
||||
#
|
||||
# If you have a custom attachment path
|
||||
# ($config['attachments']['path']), change "file/" to match.
|
||||
#
|
||||
#RewriteRule ^file/(.*) getfile/$1
|
||||
|
||||
RewriteCond %{REQUEST_FILENAME} !-f
|
||||
RewriteCond %{REQUEST_FILENAME} !-d
|
||||
RewriteRule (.*) index.php?p=$1 [L,QSA]
|
||||
|
@ -171,6 +171,10 @@ class Router
|
||||
array('action' => 'attachment_thumbnail'),
|
||||
array('attachment' => '[0-9]+'));
|
||||
|
||||
$m->connect('getfile/:filename',
|
||||
array('action' => 'getfile'),
|
||||
array('filename' => '[A-Za-z0-9._-]+'));
|
||||
|
||||
$m->connect('notice/new', array('action' => 'newnotice'));
|
||||
$m->connect('notice/new?replyto=:replyto',
|
||||
array('action' => 'newnotice'),
|
||||
|
@ -760,12 +760,18 @@ function common_path($relative, $ssl=false)
|
||||
if (is_string(common_config('site', 'sslserver')) &&
|
||||
mb_strlen(common_config('site', 'sslserver')) > 0) {
|
||||
$serverpart = common_config('site', 'sslserver');
|
||||
} else {
|
||||
} else if (common_config('site', 'server')) {
|
||||
$serverpart = common_config('site', 'server');
|
||||
} else {
|
||||
common_log(LOG_ERR, 'Site Sever not configured, unable to determine site name.');
|
||||
}
|
||||
} else {
|
||||
$proto = 'http';
|
||||
if (common_config('site', 'server')) {
|
||||
$serverpart = common_config('site', 'server');
|
||||
} else {
|
||||
common_log(LOG_ERR, 'Site Sever not configured, unable to determine site name.');
|
||||
}
|
||||
}
|
||||
|
||||
return $proto.'://'.$serverpart.'/'.$pathpart.$relative;
|
||||
|
Loading…
Reference in New Issue
Block a user