From 971f1f64f1f42a51bced51665ae693a9d37750a0 Mon Sep 17 00:00:00 2001 From: Brion Vibber Date: Tue, 9 Mar 2010 13:41:05 -0800 Subject: [PATCH 1/3] Added scripts/command.php, can be used to run commands such as subscription on behalf of users. This includes whatever support for extended command parsing plugins may have added. Example: ./scripts/command.php -nbrionv sub update@status.net --- lib/channel.php | 19 +++++++++++ scripts/command.php | 80 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 99 insertions(+) create mode 100755 scripts/command.php diff --git a/lib/channel.php b/lib/channel.php index 3cd168786c..689bca0be9 100644 --- a/lib/channel.php +++ b/lib/channel.php @@ -47,6 +47,25 @@ class Channel } } +class CLIChannel extends Channel +{ + function source() + { + return 'cli'; + } + + function output($user, $text) + { + $site = common_config('site', 'name'); + print "[{$user->nickname}@{$site}] $text\n"; + } + + function error($user, $text) + { + $this->output($user, $text); + } +} + class XMPPChannel extends Channel { diff --git a/scripts/command.php b/scripts/command.php new file mode 100755 index 0000000000..6041b02eb1 --- /dev/null +++ b/scripts/command.php @@ -0,0 +1,80 @@ +#!/usr/bin/env php +. + */ + +define('INSTALLDIR', realpath(dirname(__FILE__) . '/..')); + +$shortoptions = 'i:n:'; +$longoptions = array('id=', 'nickname='); + +$helptext = <<handle_command($user, $body); + if ($cmd) { + $cmd->execute($chan); + return true; + } else { + $chan->error($user, "Not a valid command. Try 'help'?"); + return false; + } +} + + + +if (have_option('i', 'id')) { + $id = get_option_value('i', 'id'); + $user = User::staticGet('id', $id); + if (empty($user)) { + print "Can't find user with ID $id\n"; + exit(1); + } +} else if (have_option('n', 'nickname')) { + $nickname = get_option_value('n', 'nickname'); + $user = User::staticGet('nickname', $nickname); + if (empty($user)) { + print "Can't find user with nickname '$nickname'\n"; + exit(1); + } +} else { + print "You must provide either an ID or a nickname.\n\n"; + print $helptext; + exit(1); +} + +// @todo refactor the interactive console in console.php and use +// that to optionally make an interactive test console here too. +// Would be good to help people test commands when XMPP or email +// isn't available locally. +interpretCommand($user, implode(' ', $args)); + From 2c6eb770457b5e763a2ca960dcde11201c08952f Mon Sep 17 00:00:00 2001 From: Sarven Capadisli Date: Tue, 9 Mar 2010 11:08:21 -0500 Subject: [PATCH 2/3] Added a checkbox for subscribing the admin of a StatusNet instance to update@status.net. Checked by default. Subscription optional. --- install.php | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/install.php b/install.php index 929277e5e8..fbedbaf017 100644 --- a/install.php +++ b/install.php @@ -483,6 +483,7 @@ function showForm() $dbRadios .= " $info[name]
\n"; } } + echo<< @@ -559,6 +560,11 @@ function showForm()

Optional email address for the initial StatusNet user (administrator)

+
  • + + +

    Release and security feed from update@status.net (recommended)

    +
  • @@ -587,6 +593,7 @@ function handlePost() $adminPass = $_POST['admin_password']; $adminPass2 = $_POST['admin_password2']; $adminEmail = $_POST['admin_email']; + $adminUpdates = $_POST['admin_updates']; $server = $_SERVER['HTTP_HOST']; $path = substr(dirname($_SERVER['PHP_SELF']), 1); @@ -657,7 +664,7 @@ STR; } // Okay, cross fingers and try to register an initial user - if (registerInitialUser($adminNick, $adminPass, $adminEmail)) { + if (registerInitialUser($adminNick, $adminPass, $adminEmail, $adminUpdates)) { updateStatus( "An initial user with the administrator role has been created." ); @@ -854,7 +861,7 @@ function runDbScript($filename, $conn, $type = 'mysqli') return true; } -function registerInitialUser($nickname, $password, $email) +function registerInitialUser($nickname, $password, $email, $adminUpdates) { define('STATUSNET', true); define('LACONICA', true); // compatibility @@ -882,7 +889,7 @@ function registerInitialUser($nickname, $password, $email) // Attempt to do a remote subscribe to update@status.net // Will fail if instance is on a private network. - if (class_exists('Ostatus_profile')) { + if (class_exists('Ostatus_profile') && $adminUpdates) { try { $oprofile = Ostatus_profile::ensureProfile('http://update.status.net/'); Subscription::start($user->getProfile(), $oprofile->localProfile()); From 60e6172bc9e52f1e6b4941811e2d6fd6050c1c6b Mon Sep 17 00:00:00 2001 From: Brion Vibber Date: Tue, 9 Mar 2010 14:15:55 -0800 Subject: [PATCH 3/3] Check for invalid and reserved usernames for the admin user at install time. --- install.php | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/install.php b/install.php index fbedbaf017..9a7e27fa2c 100644 --- a/install.php +++ b/install.php @@ -589,7 +589,7 @@ function handlePost() $sitename = $_POST['sitename']; $fancy = !empty($_POST['fancy']); - $adminNick = $_POST['admin_nickname']; + $adminNick = strtolower($_POST['admin_nickname']); $adminPass = $_POST['admin_password']; $adminPass2 = $_POST['admin_password2']; $adminEmail = $_POST['admin_email']; @@ -630,6 +630,19 @@ STR; updateStatus("No initial StatusNet user nickname specified.", true); $fail = true; } + if ($adminNick && !preg_match('/^[0-9a-z]{1,64}$/', $adminNick)) { + updateStatus('The user nickname "' . htmlspecialchars($adminNick) . + '" is invalid; should be plain letters and numbers no longer than 64 characters.', true); + $fail = true; + } + // @fixme hardcoded list; should use User::allowed_nickname() + // if/when it's safe to have loaded the infrastructure here + $blacklist = array('main', 'admin', 'twitter', 'settings', 'rsd.xml', 'favorited', 'featured', 'favoritedrss', 'featuredrss', 'rss', 'getfile', 'api', 'groups', 'group', 'peopletag', 'tag', 'user', 'message', 'conversation', 'bookmarklet', 'notice', 'attachment', 'search', 'index.php', 'doc', 'opensearch', 'robots.txt', 'xd_receiver.html', 'facebook'); + if (in_array($adminNick, $blacklist)) { + updateStatus('The user nickname "' . htmlspecialchars($adminNick) . + '" is reserved.', true); + $fail = true; + } if (empty($adminPass)) { updateStatus("No initial StatusNet user password specified.", true);