Merge branch '0.9.x' of git@gitorious.org:statusnet/mainline into 0.9.x

README

@@ -3,7 +3,7 @@ README
 ------
 
 StatusNet 0.8.2 ("Life and How to Live It")
-26 Aug 2009
+1 Nov 2009
 
 This is the README file for StatusNet (formerly Laconica), the Open
 Source microblogging platform. It includes installation instructions,
@@ -77,49 +77,80 @@ for additional terms.
 New this version
 ================
 
-This is a minor feature and bugfix release since version 0.8.0,
+This is a minor feature and bugfix release since version 0.8.1,
-released Jul 15 2009. Notable changes this version:
+released Aug 26 2009. Notable changes this version:
 
-- Laconica has been renamed StatusNet. With a few minor compatibility
+- New script for deleting user accounts. Not particularly safe or
-  exceptions, all references to "Laconica" in code, documentation
+  community-friendly. Better for deleting abusive accounts than for
-  and comments were changed to "StatusNet".
+  users who are 'retiring'.
-- A new plugin to support "infinite scroll".
+- Improved detection of URLs in notices, specifically for punctuation
-- A new plugin to support reCaptcha <http://recaptcha.net>.
+  chars like ~, :, $, _, -, +, !, @, and %.
-- Better logging of server errors.
+- Removed some extra <dl> semantic HTML code.
-- Add an Openid-only mode for authentication.
+- Correct error in status-network database ini file (having multiple
-- 'lite' parameter for some Twitter API methods.
+  statusnet sites with a single codebase)
-- A new plugin to auto-complete nicknames for @-replies.
+- Fixed error output for Twitter posting failures.
-- Configuration options to disable OpenID, SMS, Twitter, post-by-email, and IM.
+- Fixed bug in Twitter queue handler that requeued inapplicable
-- Support for lighttpd <http://lighttpd.org/> using 404-based
+  notices ad infinitum.
-  rewrites.
+- Improve FOAF output for remote users.
-- Support for using Twitter's OAuth authentication as a client.
+- new commands to join and leave groups.
-- First version of the groups API.
+- Fixed bug in which you cannot turn off importing friends timelines
-- Can configure a site-wide design, including background image and
+  flag.
-  colors.
+- Better error handling in Twitter posting.
-- Improved algorithm for replies and conversations, making
+- Show oEmbed data for XHTML files as well as plain HTML.
-  conversation trees more accurate and useful.
+- Updated bug database link in README.
-- Add a script to create a simulation database for testing/debugging.
+- require HTML tidy extension.
-- Sanitize HTML for OEmbed.
+- add support for HTTP Basic Auth in PHP CGI or FastCGI (e.g. GoDaddy).
-- Improved queue management for DB-based queuing.
+- autofocus input to selected entry elements depending on page.
-- More complete URL detection.
+- updated layout for filter-by-tag form.
-- Hashtags now support full Unicode character set.
+- better layout for inbox and outbox pages.
-- Notice inboxes are now garbage-collected on a regular basis
+- fix highlighting search terms in attributes of notice list elements.
-  at notice-write time.
+- Correctly handle errors in linkback plugin.
-- PiwikAnalyticsPlugin updated for latest Piwik interface.
+- Updated biz theme.
-- Attachment and notice pages can be embedded with OEmbed
+- Updated cloudy theme.
-  <http://www.oembed.com>.
+- Don't match '::' as an IPv6 address.
-- Failed authentication is logged.
+- Use the same decision logic for deciding whether to mark an
-- PostgreSQL schema and support brought up-to-date with 0.8.x features.
+  attachment as an enclosure in RSS or as a paperclip item in Web
-- The installer works with PostgreSQL as well as MySQL.
+  output.
-- RSS 1.0 feeds use HTTP Basic authentication in private mode.
+- Fixed a bug in the Piwik plugin that hard-coded the site ID.
-- Many, many bug fixes, particularly with performance.
+- Add a param, inreplyto, to notice/new to allow an explicit response
-- Better (=working) garbage collection for old sessions.
+  to another notice.
-- Better (=working) search queries.
+- Show username in subject of emails.
-- Some cleanup of HTML output.
+- Check if avatar exists before trying to delete it.
-- Better error handling when updating Facebook.
+- Correctly add omb_version to response for request token in OMB.
-- Considerably better performance when using replication for API
+- Add a few more SMS carriers.
-  calls.
+- Add a few more notice sources.
-- Initial unit tests.
+- Vary: header.
+- Improvements to the AutoCompletePlugin.
+- Check for 'dl' before using it.
+- Make it impossible to delete self-subscriptions via the API.
+- Fix pagination of tagged user pages.
+- Make PiwikAnalyticsPlugin work with addPlugin().
+- Removed trailing single space in user nicknames in notice lists.
+- Show context link if a notice starts a conversation.
+- blacklist all files and directories in install dir.
+- handle GoDaddy-style PATH_INFO, including script name.
+- add home_timeline synonym for friends_timeline.
+- Add a popup window for the realtime plugin.
+- Add some more streams for the realtime plugin.
+- Fix a bug that overwrote group creation timestamp on every edit.
+- Moved HTTP error code strings to a class variable.
+- The Twitter API now returns server errors in the correct format.
+- Reset the doctype for HTML output.
+- Fixed a number of notices.
+- Don't show search suggestions for private sites.
+- Some corrections to FBConnect nav overrides.
+- Slightly less database-intensive session management.
+- Updated name of software in installer script.
+- Include long-form attachment URLs if url-shortener is disabled.
+- Include updated localisations for Polish, Greek, Hebrew, Icelandic,
+  Norwegian, and Chinese.
+- Include upstream fixes to gettext.php.
+- Correct for regression in Facebook API for updates.
+- Ignore "Sent from my iPhone" (and similar) in mail updates.
+- Use the NICKNAME_FMT constant for detecting nicknames.
+- Check for site servername config'd.
+- Compatibility fix for empty status updates with Twitter API.
+- Option to show files privately (EXPERIMENTAL! Use with caution.)
 
 Prerequisites
 =============
@@ -225,9 +256,9 @@ especially if you've previously installed PHP/MySQL packages.
 1. Unpack the tarball you downloaded on your Web server. Usually a
    command like this will work:
 
-   	   tar zxf statusnet-0.8.1.tar.gz
+   	   tar zxf statusnet-0.8.2.tar.gz
 
-   ...which will make a statusnet-0.8.1 subdirectory in your current
+   ...which will make a statusnet-0.8.2 subdirectory in your current
    directory. (If you don't have shell access on your Web server, you
    may have to unpack the tarball on your local computer and FTP the
    files to the server.)
@@ -235,7 +266,7 @@ especially if you've previously installed PHP/MySQL packages.
 2. Move the tarball to a directory of your choosing in your Web root
    directory. Usually something like this will work:
 
-   	   mv statusnet-0.8.1 /var/www/mublog
+   	   mv statusnet-0.8.2 /var/www/mublog
 
    This will make your StatusNet instance available in the mublog path of
    your server, like "http://example.net/mublog". "microblog" or
@@ -656,6 +687,16 @@ private site, but users of the private site may be able to subscribe
 to users on a remote site. (Or not... it's not well tested.) The
 "proper behaviour" hasn't been defined here, so handle with care.
 
+If fancy URLs is enabled, access to file attachments can also be
+restricted to logged-in users only. Uncomment the appropriate rewrite
+<<<<<<< HEAD:README
+rule in .htaccess or your server's httpd.conf. (This most likely will
+not work if you are using a virtual server for attachments, so consider
+the performance/security tradeoff.)
+=======
+rule in .htaccess or your server's httpd.conf.
+>>>>>>> 446de62... Revert "Added some explanatory text to README":README
+
 Upgrading
 =========
 
@@ -669,7 +710,7 @@ with this situation.
 If you've been using StatusNet 0.7, 0.6, 0.5 or lower, or if you've
 been tracking the "git" version of the software, you will probably
 want to upgrade and keep your existing data. There is no automated
-upgrade procedure in StatusNet 0.8.1. Try these step-by-step
+upgrade procedure in StatusNet 0.8.2. Try these step-by-step
 instructions; read to the end first before trying them.
 
 0. Download StatusNet and set up all the prerequisites as if you were
@@ -690,7 +731,7 @@ instructions; read to the end first before trying them.
 5. Once all writing processes to your site are turned off, make a
    final backup of the Web directory and database.
 6. Move your StatusNet directory to a backup spot, like "mublog.bak".
-7. Unpack your StatusNet 0.8.1 tarball and move it to "mublog" or
+7. Unpack your StatusNet 0.8.2 tarball and move it to "mublog" or
    wherever your code used to be.
 8. Copy the config.php file and avatar directory from your old
    directory to your new directory.
@@ -1432,7 +1473,7 @@ repository (see below), and you get a compilation error ("unexpected
 T_STRING") in the browser, check to see that you don't have any
 conflicts in your code.
 
-If you upgraded to StatusNet 0.8.1 without reading the "Notice
+If you upgraded to StatusNet 0.8.2 without reading the "Notice
 inboxes" section above, and all your users' 'Personal' tabs are empty,
 read the "Notice inboxes" section above.
 
@@ -1540,6 +1581,7 @@ if anyone's been overlooked in error.
 * Jeffery To
 * Federico Marani
 * Craig Andrews
+* mEDI
 
 Thanks also to the developers of our upstream library code and to the
 thousands of people who have tried out Identi.ca, installed StatusNet,

actions/getfile.php

@@ -0,0 +1,145 @@
+<?php
+/**
+ * StatusNet, the distributed open-source microblogging tool
+ *
+ * Returns a given file attachment, allowing private sites to only allow
+ * access to file attachments after login.
+ *
+ * PHP version 5
+ *
+ * LICENCE: This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * @category  Personal
+ * @package   StatusNet
+ * @author    Jeffery To <jeffery.to@gmail.com>
+ * @copyright 2008-2009 StatusNet, Inc.
+ * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
+ * @link      http://status.net/
+ */
+
+if (!defined('STATUSNET') && !defined('LACONICA')) {
+    exit(1);
+}
+
+require_once 'MIME/Type.php';
+
+/**
+ * Action for getting a file attachment
+ *
+ * @category Personal
+ * @package  StatusNet
+ * @author   Jeffery To <jeffery.to@gmail.com>
+ * @license  http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
+ * @link     http://status.net/
+ */
+
+class GetfileAction extends Action
+{
+    /**
+     * Path of file to return
+     */
+
+    var $path = null;
+
+    /**
+     * Get file name
+     *
+     * @param array $args $_REQUEST array
+     *
+     * @return success flag
+     */
+
+    function prepare($args)
+    {
+        parent::prepare($args);
+
+        $filename = $this->trimmed('filename');
+        $path = null;
+
+        if ($filename) {
+            $path = common_config('attachments', 'dir') . $filename;
+        }
+
+        if (empty($path) or !file_exists($path)) {
+            $this->clientError(_('No such file.'), 404);
+            return false;
+        }
+        if (!is_readable($path)) {
+            $this->clientError(_('Cannot read file.'), 403);
+            return false;
+        }
+
+        $this->path = $path;
+        return true;
+    }
+
+    /**
+     * Is this page read-only?
+     *
+     * @return boolean true
+     */
+
+    function isReadOnly($args)
+    {
+        return true;
+    }
+
+    /**
+     * Last-modified date for file
+     *
+     * @return int last-modified date as unix timestamp
+     */
+
+    function lastModified()
+    {
+        return filemtime($this->path);
+    }
+
+    /**
+     * etag for file
+     *
+     * This returns the same data (inode, size, mtime) as Apache would,
+     * but in decimal instead of hex.
+     *
+     * @return string etag http header
+     */
+    function etag()
+    {
+        $stat = stat($this->path);
+        return '"' . $stat['ino'] . '-' . $stat['size'] . '-' . $stat['mtime'] . '"';
+    }
+
+    /**
+     * Handle input, produce output
+     *
+     * @param array $args $_REQUEST contents
+     *
+     * @return void
+     */
+
+    function handle($args)
+    {
+        // undo headers set by PHP sessions
+        $sec = session_cache_expire() * 60;
+        header('Expires: ' . date(DATE_RFC1123, time() + $sec));
+        header('Cache-Control: public, max-age=' . $sec);
+        header('Pragma: public');
+
+        parent::handle($args);
+
+        $path = $this->path;
+        header('Content-Type: ' . MIME_Type::autoDetect($path));
+        readfile($path);
+    }
+}

extlib/README

@@ -0,0 +1,58 @@
+DO NOT "FIX" CODE IN THIS DIRECTORY.
+
+ONLY UPSTREAM VERSIONS OF SOFTWARE GO IN THIS DIRECTORY.
+
+This directory is provided as a courtesy to our users who might be
+unable or unwilling to find and install libraries we depend on.
+
+If we "fix" software in this directory, we hamstring users who do the
+right thing and keep a single version of upstream libraries in a
+system-wide library. We introduce subtle and maddening bugs where
+our code is "accidentally" using the "wrong" library version. We may
+unwittingly interfere with other software that depends on the
+canonical release versions of those same libraries!
+
+Forking upstream software for trivial reasons makes us bad citizens in
+the Open Source community and adds unnecessary heartache for our
+users. Don't make us "that" project.
+
+FAQ:
+
+Q: What should we do when we find a bug in upstream software?
+
+A: First and foremost, REPORT THE BUG, and if possible send in a patch.
+
+   Watch for a release of the upstream software and integrate with it
+   when it's released.
+
+   In the meantime, work around the bug, if at all possible. Usually,
+   it's quite possible, if slightly harder or less efficient.
+
+Q: What if the bug can't be worked around?
+
+A: If the upstream developers have accepted a bug patch, it's
+   undesirable but acceptable to apply that patch to the library in
+   the extlib dir. Ideally, use a release version for upstream or a
+   version control system snapshot.
+
+   Note that this is a last resort.
+
+Q: What if upstream is unresponsive or won't accept a patch?
+
+A: Try again.
+
+Q: I tried again, and upstream is still unresponsive and nobody's
+   checked on my patch. Now what?
+
+A: If the upstream project is moribund and there's a way to adopt it,
+   propose having the StatusNet dev team adopt the project. Or, adopt
+   it yourself.
+
+Q: What if there's no upstream authority and it can't be adopted?
+
+A: Then we fork it. Make a new name and a new version. Include it in
+   lib/ instead of extlib/, and use the StatusNet_* prefix to change
+   the namespace to avoid collisions.
+
+   This is a last resort; consult with the rest of the dev group
+   before taking this radical step.

htaccess.sample

@@ -5,6 +5,14 @@
 
   RewriteBase /mublog/
 
+  # If your site is private and want to only allow logged-in users to
+  # be able to download file attachments, uncomment this rule.
+  #
+  # If you have a custom attachment path
+  # ($config['attachments']['path']), change "file/" to match.
+  #
+  #RewriteRule ^file/(.*) getfile/$1
+
   RewriteCond %{REQUEST_FILENAME} !-f
   RewriteCond %{REQUEST_FILENAME} !-d
   RewriteRule (.*) index.php?p=$1 [L,QSA]

lib/router.php

@@ -580,6 +580,10 @@ class Router
             $m->connect('api/search.json', array('action' => 'twitapisearchjson'));
             $m->connect('api/trends.json', array('action' => 'twitapitrends'));
 
+            $m->connect('getfile/:filename',
+                        array('action' => 'getfile'),
+                        array('filename' => '[A-Za-z0-9._-]+'));
+
             // user stuff
 
             foreach (array('subscriptions', 'subscribers',

lib/util.php

@@ -781,12 +781,18 @@ function common_path($relative, $ssl=false)
         if (is_string(common_config('site', 'sslserver')) &&
             mb_strlen(common_config('site', 'sslserver')) > 0) {
             $serverpart = common_config('site', 'sslserver');
-        } else {
+        } else if (common_config('site', 'server')) {
             $serverpart = common_config('site', 'server');
+        } else {
+            common_log(LOG_ERR, 'Site Sever not configured, unable to determine site name.');
         }
     } else {
         $proto = 'http';
-        $serverpart = common_config('site', 'server');
+        if (common_config('site', 'server')) {
+            $serverpart = common_config('site', 'server');
+        } else {
+            common_log(LOG_ERR, 'Site Sever not configured, unable to determine site name.');
+        }
     }
 
     return $proto.'://'.$serverpart.'/'.$pathpart.$relative;