From 0d7d4dfe5d258d2018f601f8116d629577105864 Mon Sep 17 00:00:00 2001 From: mEDI Date: Thu, 3 Sep 2009 19:32:27 +0200 Subject: [PATCH 1/4] add basic auth support for cgi servers on the api (trac #1832) --- actions/api.php | 46 +++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 41 insertions(+), 5 deletions(-) diff --git a/actions/api.php b/actions/api.php index f425a8dcd7..f624d6b693 100644 --- a/actions/api.php +++ b/actions/api.php @@ -27,6 +27,8 @@ class ApiAction extends Action var $api_arg; var $api_method; var $api_action; + var $auth_user; + var $auth_pw; function handle($args) { @@ -35,6 +37,7 @@ class ApiAction extends Action $this->api_action = $this->arg('apiaction'); $method = $this->arg('method'); $argument = $this->arg('argument'); + $this->basic_auth_process_header(); if (isset($argument)) { $cmdext = explode('.', $argument); @@ -50,7 +53,7 @@ class ApiAction extends Action } if ($this->requires_auth()) { - if (!isset($_SERVER['PHP_AUTH_USER'])) { + if (!isset($this->auth_user)) { # This header makes basic auth go header('WWW-Authenticate: Basic realm="StatusNet API"'); @@ -58,8 +61,8 @@ class ApiAction extends Action # If the user hits cancel -- bam! $this->show_basic_auth_error(); } else { - $nickname = $_SERVER['PHP_AUTH_USER']; - $password = $_SERVER['PHP_AUTH_PW']; + $nickname = $this->auth_user; + $password = $this->auth_pw; $user = common_check_user($nickname, $password); if ($user) { @@ -76,8 +79,8 @@ class ApiAction extends Action } else { // Caller might give us a username even if not required - if (isset($_SERVER['PHP_AUTH_USER'])) { - $user = User::staticGet('nickname', $_SERVER['PHP_AUTH_USER']); + if (isset($this->auth_user)) { + $user = User::staticGet('nickname', $this->auth_user); if ($user) { $this->user = $user; } @@ -203,6 +206,39 @@ class ApiAction extends Action } } + function basic_auth_process_header() + { + if(isset($_SERVER['AUTHORIZATION']) || isset($_SERVER['HTTP_AUTHORIZATION'])) + { + $authorization_header = isset($_SERVER['HTTP_AUTHORIZATION'])?$_SERVER['HTTP_AUTHORIZATION']:$_SERVER['AUTHORIZATION']; + } + + if(isset($_SERVER['PHP_AUTH_USER'])) + { + $this->auth_user = $_SERVER['PHP_AUTH_USER']; + $this->auth_pw = $_SERVER['PHP_AUTH_PW']; + } + elseif ( isset($authorization_header) && strstr(substr($authorization_header, 0,5),'Basic') ) + { + // decode the HTTP_AUTHORIZATION header on php-cgi server self + // on fcgid server is the header name AUTHORIZATION + + $auth_hash = base64_decode( substr($authorization_header, 6) ); + list($this->auth_user, $this->auth_pw) = explode(':', $auth_hash); + + // set all to NULL on a emty basic auth request + if($this->auth_user == "") { + $this->auth_user = NULL; + $this->auth_pw = NULL; + } + } + else + { + $this->auth_user = NULL; + $this->auth_pw = NULL; + } + } + function show_basic_auth_error() { header('HTTP/1.1 401 Unauthorized'); From ebcbd3820e10e70ab2ed1bff9839a03f2948ee8f Mon Sep 17 00:00:00 2001 From: Craig Andrews Date: Thu, 3 Sep 2009 15:30:19 -0400 Subject: [PATCH 2/4] Fix spelling --- actions/api.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/actions/api.php b/actions/api.php index f624d6b693..c236378bcb 100644 --- a/actions/api.php +++ b/actions/api.php @@ -221,12 +221,12 @@ class ApiAction extends Action elseif ( isset($authorization_header) && strstr(substr($authorization_header, 0,5),'Basic') ) { // decode the HTTP_AUTHORIZATION header on php-cgi server self - // on fcgid server is the header name AUTHORIZATION + // on fcgid server the header name is AUTHORIZATION $auth_hash = base64_decode( substr($authorization_header, 6) ); list($this->auth_user, $this->auth_pw) = explode(':', $auth_hash); - // set all to NULL on a emty basic auth request + // set all to NULL on a empty basic auth request if($this->auth_user == "") { $this->auth_user = NULL; $this->auth_pw = NULL; From 277b464054b24f8d680ddbe762c9e438f6679592 Mon Sep 17 00:00:00 2001 From: Sarven Capadisli Date: Thu, 3 Sep 2009 19:42:50 +0000 Subject: [PATCH 3/4] Created autofocus method to give focus to an element (primarily a form control) on page onload. Updated some of the pages to use autofocus. --- actions/avatarsettings.php | 2 ++ actions/editgroup.php | 6 ++++++ actions/emailsettings.php | 6 ++++++ actions/grouplogo.php | 2 ++ actions/groupsearch.php | 6 ++++++ actions/invite.php | 6 ++++++ actions/login.php | 8 ++++++++ actions/noticesearch.php | 6 ++++++ actions/openidlogin.php | 6 ++++++ actions/openidsettings.php | 6 ++++++ actions/othersettings.php | 6 ++++++ actions/passwordsettings.php | 6 ++++++ actions/peoplesearch.php | 6 ++++++ actions/profilesettings.php | 8 ++++++++ actions/register.php | 6 ++++++ actions/smssettings.php | 6 ++++++ actions/subscriptions.php | 6 ++++++ lib/designsettings.php | 2 ++ lib/htmloutputter.php | 25 +++++++++++++++++++++++++ 19 files changed, 125 insertions(+) diff --git a/actions/avatarsettings.php b/actions/avatarsettings.php index 0bc439ff12..02a684b38f 100644 --- a/actions/avatarsettings.php +++ b/actions/avatarsettings.php @@ -399,5 +399,7 @@ class AvatarsettingsAction extends AccountSettingsAction $this->script('js/jcrop/jquery.Jcrop.min.js'); $this->script('js/jcrop/jquery.Jcrop.go.js'); } + + $this->autofocus('avatarfile'); } } diff --git a/actions/editgroup.php b/actions/editgroup.php index cac910e9bc..e7ba836a01 100644 --- a/actions/editgroup.php +++ b/actions/editgroup.php @@ -160,6 +160,12 @@ class EditgroupAction extends GroupDesignAction } } + function showScripts() + { + parent::showScripts(); + $this->autofocus('nickname'); + } + function trySave() { $cur = common_current_user(); diff --git a/actions/emailsettings.php b/actions/emailsettings.php index af528a892e..6eff06c0d6 100644 --- a/actions/emailsettings.php +++ b/actions/emailsettings.php @@ -71,6 +71,12 @@ class EmailsettingsAction extends AccountSettingsAction return _('Manage how you get email from %%site.name%%.'); } + function showScripts() + { + parent::showScripts(); + $this->autofocus('email'); + } + /** * Content area of the page * diff --git a/actions/grouplogo.php b/actions/grouplogo.php index c6f376915e..63ba769c7a 100644 --- a/actions/grouplogo.php +++ b/actions/grouplogo.php @@ -445,6 +445,8 @@ class GrouplogoAction extends GroupDesignAction $this->script('js/jcrop/jquery.Jcrop.min.js'); $this->script('js/jcrop/jquery.Jcrop.go.js'); } + + $this->autofocus('avatarfile'); } function showLocalNav() diff --git a/actions/groupsearch.php b/actions/groupsearch.php index bbd4c3a74a..be15efc47c 100644 --- a/actions/groupsearch.php +++ b/actions/groupsearch.php @@ -91,6 +91,12 @@ class GroupsearchAction extends SearchAction $user_group->free(); } } + + function showScripts() + { + parent::showScripts(); + $this->autofocus('q'); + } } class GroupSearchResults extends GroupList diff --git a/actions/invite.php b/actions/invite.php index ab43a2491d..9fa6a76f67 100644 --- a/actions/invite.php +++ b/actions/invite.php @@ -98,6 +98,12 @@ class InviteAction extends CurrentUserDesignAction $this->showPage(); } + function showScripts() + { + parent::showScripts(); + $this->autofocus('addresses'); + } + function title() { if ($this->mode == 'sent') { diff --git a/actions/login.php b/actions/login.php index 37f3c54ffb..ac8c40c3e5 100644 --- a/actions/login.php +++ b/actions/login.php @@ -22,6 +22,7 @@ * @category Login * @package StatusNet * @author Evan Prodromou + * @author Sarven Capadisli * @copyright 2008-2009 StatusNet, Inc. * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://status.net/ @@ -37,6 +38,7 @@ if (!defined('STATUSNET') && !defined('LACONICA')) { * @category Personal * @package StatusNet * @author Evan Prodromou + * @author Sarven Capadisli * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://status.net/ */ @@ -162,6 +164,12 @@ class LoginAction extends Action $this->showPage(); } + function showScripts() + { + parent::showScripts(); + $this->autofocus('nickname'); + } + /** * Title of the page * diff --git a/actions/noticesearch.php b/actions/noticesearch.php index 1188e7e10f..1cd987df39 100644 --- a/actions/noticesearch.php +++ b/actions/noticesearch.php @@ -137,6 +137,12 @@ class NoticesearchAction extends SearchAction $this->pagination($page > 1, $cnt > NOTICES_PER_PAGE, $page, 'noticesearch', array('q' => $q)); } + + function showScripts() + { + parent::showScripts(); + $this->autofocus('q'); + } } class SearchNoticeList extends NoticeList { diff --git a/actions/openidlogin.php b/actions/openidlogin.php index 4b53386943..9b7deefb63 100644 --- a/actions/openidlogin.php +++ b/actions/openidlogin.php @@ -86,6 +86,12 @@ class OpenidloginAction extends Action } } + function showScripts() + { + parent::showScripts(); + $this->autofocus('openid_url'); + } + function title() { return _('OpenID Login'); diff --git a/actions/openidsettings.php b/actions/openidsettings.php index 13da64a4f6..30725fc1bf 100644 --- a/actions/openidsettings.php +++ b/actions/openidsettings.php @@ -72,6 +72,12 @@ class OpenidsettingsAction extends AccountSettingsAction ' Manage your associated OpenIDs from here.'); } + function showScripts() + { + parent::showScripts(); + $this->autofocus('openid_url'); + } + /** * Show the form for OpenID management * diff --git a/actions/othersettings.php b/actions/othersettings.php index 8b674161a8..f898e22079 100644 --- a/actions/othersettings.php +++ b/actions/othersettings.php @@ -71,6 +71,12 @@ class OthersettingsAction extends AccountSettingsAction return _('Manage various other options.'); } + function showScripts() + { + parent::showScripts(); + $this->autofocus('urlshorteningservice'); + } + /** * Content area of the page * diff --git a/actions/passwordsettings.php b/actions/passwordsettings.php index ec842600f6..cd4beac3f2 100644 --- a/actions/passwordsettings.php +++ b/actions/passwordsettings.php @@ -69,6 +69,12 @@ class PasswordsettingsAction extends AccountSettingsAction return _('Change your password.'); } + function showScripts() + { + parent::showScripts(); + $this->autofocus('oldpassword'); + } + /** * Content area of the page * diff --git a/actions/peoplesearch.php b/actions/peoplesearch.php index ba0f71e392..38135ecbde 100644 --- a/actions/peoplesearch.php +++ b/actions/peoplesearch.php @@ -85,6 +85,12 @@ class PeoplesearchAction extends SearchAction $profile->free(); } } + + function showScripts() + { + parent::showScripts(); + $this->autofocus('q'); + } } /** diff --git a/actions/profilesettings.php b/actions/profilesettings.php index f9c16351d3..2d66e99469 100644 --- a/actions/profilesettings.php +++ b/actions/profilesettings.php @@ -23,6 +23,7 @@ * @package StatusNet * @author Evan Prodromou * @author Zach Copley + * @author Sarven Capadisli * @copyright 2008-2009 StatusNet, Inc. * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://status.net/ @@ -41,6 +42,7 @@ require_once INSTALLDIR.'/lib/accountsettingsaction.php'; * @package StatusNet * @author Evan Prodromou * @author Zach Copley + * @author Sarven Capadisli * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://status.net/ */ @@ -70,6 +72,12 @@ class ProfilesettingsAction extends AccountSettingsAction 'so people know more about you.'); } + function showScripts() + { + parent::showScripts(); + $this->autofocus('nickname'); + } + /** * Content area of the page * diff --git a/actions/register.php b/actions/register.php index c431aeee3e..eefbc340a1 100644 --- a/actions/register.php +++ b/actions/register.php @@ -140,6 +140,12 @@ class RegisterAction extends Action } } + function showScripts() + { + parent::showScripts(); + $this->autofocus('nickname'); + } + /** * Try to register a user * diff --git a/actions/smssettings.php b/actions/smssettings.php index b956ccebaa..672abcef8c 100644 --- a/actions/smssettings.php +++ b/actions/smssettings.php @@ -69,6 +69,12 @@ class SmssettingsAction extends ConnectSettingsAction return _('You can receive SMS messages through email from %%site.name%%.'); } + function showScripts() + { + parent::showScripts(); + $this->autofocus('sms'); + } + /** * Content area of the page * diff --git a/actions/subscriptions.php b/actions/subscriptions.php index b1c6682283..cc7b38ee46 100644 --- a/actions/subscriptions.php +++ b/actions/subscriptions.php @@ -107,6 +107,12 @@ class SubscriptionsAction extends GalleryAction array('nickname' => $this->user->nickname)); } + function showScripts() + { + parent::showScripts(); + $this->autofocus('tag'); + } + function showEmptyListMessage() { if (common_logged_in()) { diff --git a/lib/designsettings.php b/lib/designsettings.php index fe42225974..fdc05562e0 100644 --- a/lib/designsettings.php +++ b/lib/designsettings.php @@ -327,6 +327,8 @@ class DesignSettingsAction extends AccountSettingsAction $this->script('js/farbtastic/farbtastic.js'); $this->script('js/farbtastic/farbtastic.go.js'); $this->script('js/userdesign.go.js'); + + $this->autofocus('design_background-image_file'); } /** diff --git a/lib/htmloutputter.php b/lib/htmloutputter.php index 8ad7dc20fa..aa01f6b1d9 100644 --- a/lib/htmloutputter.php +++ b/lib/htmloutputter.php @@ -412,4 +412,29 @@ class HTMLOutputter extends XMLOutputter $this->element('p', 'form_guide', $instructions); } } + + + /** + * Internal script to autofocus the given element on page onload. + * + * @param string $id element ID, must refer to an existing element + * + * @return void + * + */ + function autofocus($id) + { + $this->elementStart('script', array('type' => 'text/javascript')); + $this->raw(' + + '); + $this->elementEnd('script'); + } } From 5974871b7b00bd8e3f28dc5f5a9465a9eec0d3d3 Mon Sep 17 00:00:00 2001 From: Craig Andrews Date: Thu, 3 Sep 2009 18:34:30 -0400 Subject: [PATCH 4/4] Improve OAuth CGI compatibility Fixes http://status.net/trac/ticket/1822 Reported upstream at http://code.google.com/p/oauth/issues/detail?id=118 --- extlib/OAuth.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/extlib/OAuth.php b/extlib/OAuth.php index 029166175c..fd48535545 100644 --- a/extlib/OAuth.php +++ b/extlib/OAuth.php @@ -199,7 +199,8 @@ class OAuthRequest {/*{{{*/ } else { // collect request parameters from query string (GET) and post-data (POST) if appropriate (note: POST vars have priority) $req_parameters = $_GET; - if ($http_method == "POST" && @strstr($request_headers["Content-Type"], "application/x-www-form-urlencoded") ) { + if ($http_method == "POST" && + ( @strstr($request_headers["Content-Type"], "application/x-www-form-urlencoded") || @strstr($_ENV["CONTENT_TYPE"], "application/x-www-form-urlencoded") )) { $req_parameters = array_merge($req_parameters, $_POST); }