We are no longer offering accounts on this server. Consider https://gitlab.freedesktop.org/ as a place to host projects.

Commit 5bab0288 authored by Zach Copley's avatar Zach Copley

Merge branch '0.9.x' into refactor-api

* 0.9.x: (39 commits)
  Timeout a little incase the notice item from XHR response is
  Relocated the button for pop up window for notice stream
  Script no longer needed for Realtime plugin
  Better check to see if the XML prolog should be outputted for XML
  Outputting UTF-8 charset in document header irrespective of mimetype.
  Switched Doctype to XHTML 1.0 Strict (which best reflects the current
  Twitter API returns server errors in preferred format
  move HTTP error code strings to class variables
  remove string-checks from code using Notice::saveNew()
  change string return from Notice::saveNew to exceptions
  stop overwriting created timestamp on group edit
  Forgot to add home_timeline to the list of methods that only require
  Forgot to add home_timeline to the list of methods that only require
  moderator can delete another user's notice
  show delete button when user has deleteOthersNotice right
  let hooks override standard user rights
  user rights
  Merge DeleteAction class into DeletenoticeAction
  Fix some bugs in the URL linkification, and fixed the unit test.
  Fix URL linkification test cases for addition of 'title' attribution with long URL in f3c8fccc
  ...
parents 34ba2d03 a57783de
......@@ -194,6 +194,12 @@ StartShowExportData: just before showing the <div> with export data (feeds)
EndShowExportData: just after showing the <div> with export data (feeds)
- $action: action object being shown
StartShowNoticeItem: just before showing the notice item
- $action: action object being shown
EndShowNoticeItem: just after showing the notice item
- $action: action object being shown
StartShowPageNotice: just before showing the page notice (instructions or error)
- $action: action object being shown
......
......@@ -160,6 +160,7 @@ class ApiAction extends Action
static $bareauth = array('statuses/user_timeline',
'statuses/friends_timeline',
'statuses/home_timeline',
'statuses/friends',
'statuses/replies',
'statuses/mentions',
......
......@@ -32,15 +32,45 @@ if (!defined('STATUSNET') && !defined('LACONICA')) {
exit(1);
}
require_once INSTALLDIR.'/lib/deleteaction.php';
class DeletenoticeAction extends DeleteAction
class DeletenoticeAction extends Action
{
var $error = null;
var $error = null;
var $user = null;
var $notice = null;
var $profile = null;
var $user_profile = null;
function prepare($args)
{
parent::prepare($args);
$this->user = common_current_user();
$notice_id = $this->trimmed('notice');
$this->notice = Notice::staticGet($notice_id);
if (!$this->notice) {
common_user_error(_('No such notice.'));
exit;
}
$this->profile = $this->notice->getProfile();
$this->user_profile = $this->user->getProfile();
return true;
}
function handle($args)
{
parent::handle($args);
if (!common_logged_in()) {
common_user_error(_('Not logged in.'));
exit;
} else if ($this->notice->profile_id != $this->user_profile->id &&
!$this->user->hasRight(Right::deleteOthersNotice)) {
common_user_error(_('Can\'t delete this notice.'));
exit;
}
// XXX: Ajax!
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
......
......@@ -250,7 +250,6 @@ class EditgroupAction extends GroupDesignAction
$this->group->homepage = $homepage;
$this->group->description = $description;
$this->group->location = $location;
$this->group->created = common_sql_now();
$result = $this->group->update($orig);
......
......@@ -255,13 +255,6 @@ class NewnoticeAction extends Action
$notice = Notice::saveNew($user->id, $content_shortened, 'web', 1,
($replyto == 'false') ? null : $replyto);
if (is_string($notice)) {
if (isset($filename)) {
$this->deleteFile($filename);
}
$this->clientError($notice);
}
if (isset($mimetype)) {
$this->attachFile($notice, $fileRecord);
}
......
......@@ -297,11 +297,6 @@ class TwitapistatusesAction extends TwitterapiAction
html_entity_decode($status, ENT_NOQUOTES, 'UTF-8'),
$source, 1, $reply_to);
if (is_string($notice)) {
$this->serverError($notice);
return;
}
common_broadcast_notice($notice);
$apidata['api_arg'] = $notice->id;
}
......
......@@ -94,7 +94,13 @@ class File extends Memcached_DataObject
$file_redir = File_redirection::staticGet('url', $given_url);
if (empty($file_redir)) {
$redir_data = File_redirection::where($given_url);
$redir_url = $redir_data['url'];
if (is_array($redir_data)) {
$redir_url = $redir_data['url'];
} elseif (is_string($redir_data)) {
$redir_url = $redir_data;
} else {
throw new ServerException("Can't process url '$given_url'");
}
// TODO: max field length
if ($redir_url === $given_url || strlen($redir_url) > 255) {
$x = File::saveNew($redir_data, $given_url);
......
......@@ -79,6 +79,9 @@ class File_redirection extends Memcached_DataObject
}
}
if(strpos($short_url,'://') === false){
return $short_url;
}
$curlh = File_redirection::_commonCurl($short_url, $redirs);
// Don't include body in output
curl_setopt($curlh, CURLOPT_NOBODY, true);
......
......@@ -153,30 +153,30 @@ class Notice extends Memcached_DataObject
$final = common_shorten_links($content);
if (Notice::contentTooLong($final)) {
common_log(LOG_INFO, 'Rejecting notice that is too long.');
return _('Problem saving notice. Too long.');
throw new ClientException(_('Problem saving notice. Too long.'));
}
if (!$profile) {
common_log(LOG_ERR, 'Problem saving notice. Unknown user.');
return _('Problem saving notice. Unknown user.');
throw new ClientException(_('Problem saving notice. Unknown user.'));
}
if (common_config('throttle', 'enabled') && !Notice::checkEditThrottle($profile_id)) {
common_log(LOG_WARNING, 'Excessive posting by profile #' . $profile_id . '; throttled.');
return _('Too many notices too fast; take a breather and post again in a few minutes.');
throw new ClientException(_('Too many notices too fast; take a breather '.
'and post again in a few minutes.'));
}
if (common_config('site', 'dupelimit') > 0 && !Notice::checkDupes($profile_id, $final)) {
common_log(LOG_WARNING, 'Dupe posting by profile #' . $profile_id . '; throttled.');
return _('Too many duplicate messages too quickly; take a breather and post again in a few minutes.');
throw new ClientException(_('Too many duplicate messages too quickly;'.
' take a breather and post again in a few minutes.'));
}
$banned = common_config('profile', 'banned');
if ( in_array($profile_id, $banned) || in_array($profile->nickname, $banned)) {
common_log(LOG_WARNING, "Attempted post from banned user: $profile->nickname (user id = $profile_id).");
return _('You are banned from posting notices on this site.');
throw new ClientException(_('You are banned from posting notices on this site.'));
}
$notice = new Notice();
......@@ -222,7 +222,7 @@ class Notice extends Memcached_DataObject
if (!$id) {
common_log_db_error($notice, 'INSERT', __FILE__);
return _('Problem saving notice.');
throw new ServerException(_('Problem saving notice.'));
}
// Update ID-dependent columns: URI, conversation
......@@ -247,7 +247,7 @@ class Notice extends Memcached_DataObject
if ($changed) {
if (!$notice->update($orig)) {
common_log_db_error($notice, 'UPDATE', __FILE__);
return _('Problem saving notice.');
throw new ServerException(_('Problem saving notice.'));
}
}
......
......@@ -711,4 +711,33 @@ class User extends Memcached_DataObject
return true;
}
/**
* Does this user have the right to do X?
*
* With our role-based authorization, this is merely a lookup for whether the user
* has a particular role. The implementation currently uses a switch statement
* to determine if the user has the pre-defined role to exercise the right. Future
* implementations may allow per-site roles, and different mappings of roles to rights.
*
* @param $right string Name of the right, usually a constant in class Right
* @return boolean whether the user has the right in question
*/
function hasRight($right)
{
$result = false;
if (Event::handle('UserRightsCheck', array($this, $right, &$result))) {
switch ($right)
{
case Right::deleteOthersNotice:
$result = $this->hasRole('moderator');
break;
default:
$result = false;
break;
}
}
return $result;
}
}
......@@ -46,28 +46,28 @@ require_once INSTALLDIR.'/lib/error.php';
*/
class ClientErrorAction extends ErrorAction
{
static $status = array(400 => 'Bad Request',
401 => 'Unauthorized',
402 => 'Payment Required',
403 => 'Forbidden',
404 => 'Not Found',
405 => 'Method Not Allowed',
406 => 'Not Acceptable',
407 => 'Proxy Authentication Required',
408 => 'Request Timeout',
409 => 'Conflict',
410 => 'Gone',
411 => 'Length Required',
412 => 'Precondition Failed',
413 => 'Request Entity Too Large',
414 => 'Request-URI Too Long',
415 => 'Unsupported Media Type',
416 => 'Requested Range Not Satisfiable',
417 => 'Expectation Failed');
function __construct($message='Error', $code=400)
{
parent::__construct($message, $code);
$this->status = array(400 => 'Bad Request',
401 => 'Unauthorized',
402 => 'Payment Required',
403 => 'Forbidden',
404 => 'Not Found',
405 => 'Method Not Allowed',
406 => 'Not Acceptable',
407 => 'Proxy Authentication Required',
408 => 'Request Timeout',
409 => 'Conflict',
410 => 'Gone',
411 => 'Length Required',
412 => 'Precondition Failed',
413 => 'Request Entity Too Large',
414 => 'Request-URI Too Long',
415 => 'Unsupported Media Type',
416 => 'Requested Range Not Satisfiable',
417 => 'Expectation Failed');
$this->default = 400;
}
......@@ -91,9 +91,4 @@ class ClientErrorAction extends ErrorAction
$this->showPage();
}
function title()
{
return $this->status[$this->code];
}
}
......@@ -53,6 +53,7 @@ require_once('DB/DataObject/Cast.php'); # for dates
if (!function_exists('gettext')) {
require_once("php-gettext/gettext.inc");
}
require_once(INSTALLDIR.'/lib/language.php');
// This gets included before the config file, so that admin code and plugins
......@@ -93,214 +94,17 @@ if (isset($path)) {
null;
}
// default configuration, overwritten in config.php
require_once(INSTALLDIR.'/lib/default.php');
// Set config values initially to default values
$config =
array('site' =>
array('name' => 'Just another StatusNet microblog',
'server' => $_server,
'theme' => 'default',
'path' => $_path,
'logfile' => null,
'logo' => null,
'logdebug' => false,
'fancy' => false,
'locale_path' => INSTALLDIR.'/locale',
'language' => 'en_US',
'languages' => get_all_languages(),
'email' =>
array_key_exists('SERVER_ADMIN', $_SERVER) ? $_SERVER['SERVER_ADMIN'] : null,
'broughtby' => null,
'timezone' => 'UTC',
'broughtbyurl' => null,
'closed' => false,
'inviteonly' => false,
'private' => false,
'ssl' => 'never',
'sslserver' => null,
'shorturllength' => 30,
'dupelimit' => 60, # default for same person saying the same thing
'textlimit' => 140,
),
'syslog' =>
array('appname' => 'statusnet', # for syslog
'priority' => 'debug', # XXX: currently ignored
'facility' => LOG_USER),
'queue' =>
array('enabled' => false,
'subsystem' => 'db', # default to database, or 'stomp'
'stomp_server' => null,
'queue_basename' => 'statusnet',
'stomp_username' => null,
'stomp_password' => null,
),
'license' =>
array('url' => 'http://creativecommons.org/licenses/by/3.0/',
'title' => 'Creative Commons Attribution 3.0',
'image' => 'http://i.creativecommons.org/l/by/3.0/80x15.png'),
'mail' =>
array('backend' => 'mail',
'params' => null),
'nickname' =>
array('blacklist' => array(),
'featured' => array()),
'profile' =>
array('banned' => array(),
'biolimit' => null),
'avatar' =>
array('server' => null,
'dir' => INSTALLDIR . '/avatar/',
'path' => $_path . '/avatar/'),
'background' =>
array('server' => null,
'dir' => INSTALLDIR . '/background/',
'path' => $_path . '/background/'),
'public' =>
array('localonly' => true,
'blacklist' => array(),
'autosource' => array()),
'theme' =>
array('server' => null,
'dir' => null,
'path'=> null),
'throttle' =>
array('enabled' => false, // whether to throttle edits; false by default
'count' => 20, // number of allowed messages in timespan
'timespan' => 600), // timespan for throttling
'xmpp' =>
array('enabled' => false,
'server' => 'INVALID SERVER',
'port' => 5222,
'user' => 'update',
'encryption' => true,
'resource' => 'uniquename',
'password' => 'blahblahblah',
'host' => null, # only set if != server
'debug' => false, # print extra debug info
'public' => array()), # JIDs of users who want to receive the public stream
'invite' =>
array('enabled' => true),
'sphinx' =>
array('enabled' => false,
'server' => 'localhost',
'port' => 3312),
'tag' =>
array('dropoff' => 864000.0),
'popular' =>
array('dropoff' => 864000.0),
'daemon' =>
array('piddir' => '/var/run',
'user' => false,
'group' => false),
'emailpost' =>
array('enabled' => true),
'sms' =>
array('enabled' => true),
'twitter' =>
array('enabled' => true),
'twitterbridge' =>
array('enabled' => false),
'integration' =>
array('source' => 'StatusNet', # source attribute for Twitter
'taguri' => $_server.',2009'), # base for tag URIs
'twitter' =>
array('consumer_key' => null,
'consumer_secret' => null),
'memcached' =>
array('enabled' => false,
'server' => 'localhost',
'base' => null,
'port' => 11211),
'ping' =>
array('notify' => array()),
'inboxes' =>
array('enabled' => true), # on by default for new sites
'newuser' =>
array('default' => null,
'welcome' => null),
'snapshot' =>
array('run' => 'web',
'frequency' => 10000,
'reporturl' => 'http://status.net/stats/report'),
'attachments' =>
array('server' => null,
'dir' => INSTALLDIR . '/file/',
'path' => $_path . '/file/',
'supported' => array('image/png',
'image/jpeg',
'image/gif',
'image/svg+xml',
'audio/mpeg',
'audio/x-speex',
'application/ogg',
'application/pdf',
'application/vnd.oasis.opendocument.text',
'application/vnd.oasis.opendocument.text-template',
'application/vnd.oasis.opendocument.graphics',
'application/vnd.oasis.opendocument.graphics-template',
'application/vnd.oasis.opendocument.presentation',
'application/vnd.oasis.opendocument.presentation-template',
'application/vnd.oasis.opendocument.spreadsheet',
'application/vnd.oasis.opendocument.spreadsheet-template',
'application/vnd.oasis.opendocument.chart',
'application/vnd.oasis.opendocument.chart-template',
'application/vnd.oasis.opendocument.image',
'application/vnd.oasis.opendocument.image-template',
'application/vnd.oasis.opendocument.formula',
'application/vnd.oasis.opendocument.formula-template',
'application/vnd.oasis.opendocument.text-master',
'application/vnd.oasis.opendocument.text-web',
'application/x-zip',
'application/zip',
'text/plain',
'video/mpeg',
'video/mp4',
'video/quicktime',
'video/mpeg'),
'file_quota' => 5000000,
'user_quota' => 50000000,
'monthly_quota' => 15000000,
'uploads' => true,
'filecommand' => '/usr/bin/file',
),
'group' =>
array('maxaliases' => 3,
'desclimit' => null),
'oohembed' => array('endpoint' => 'http://oohembed.com/oohembed/'),
'search' =>
array('type' => 'fulltext'),
'sessions' =>
array('handle' => false, // whether to handle sessions ourselves
'debug' => false), // debugging output for sessions
'design' =>
array('backgroundcolor' => null, // null -> 'use theme default'
'contentcolor' => null,
'sidebarcolor' => null,
'textcolor' => null,
'linkcolor' => null,
'backgroundimage' => null,
'disposition' => null),
'notice' =>
array('contentlimit' => null),
'message' =>
array('contentlimit' => null),
'http' =>
array('client' => 'curl'), // XXX: should this be the default?
);
$config = $default;
// default configuration, overwritten in config.php
$config['db'] = &PEAR::getStaticProperty('DB_DataObject','options');
$config['db'] =
array('database' => 'YOU HAVE TO SET THIS IN config.php',
'schema_location' => INSTALLDIR . '/classes',
'class_location' => INSTALLDIR . '/classes',
'require_prefix' => 'classes/',
'class_prefix' => '',
'mirror' => null,
'utf8' => true,
'db_driver' => 'DB', # XXX: JanRain libs only work with DB
'quote_identifiers' => false,
'type' => 'mysql' );
$config['db'] = $default['db'];
// Backward compatibility
......
<?php
/**
* StatusNet, the distributed open-source microblogging tool
*
* Default settings for core configuration
*
* PHP version 5
*
* LICENCE: This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* @category Config
* @package StatusNet
* @author Evan Prodromou <evan@status.net>
* @copyright 2008-9 StatusNet, Inc.
* @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
* @link http://status.net/
*/
$default =
array('site' =>
array('name' => 'Just another StatusNet microblog',
'server' => $_server,
'theme' => 'default',
'path' => $_path,
'logfile' => null,
'logo' => null,
'logdebug' => false,
'fancy' => false,
'locale_path' => INSTALLDIR.'/locale',
'language' => 'en_US',
'languages' => get_all_languages(),
'email' =>
array_key_exists('SERVER_ADMIN', $_SERVER) ? $_SERVER['SERVER_ADMIN'] : null,
'broughtby' => null,
'timezone' => 'UTC',
'broughtbyurl' => null,
'closed' => false,
'inviteonly' => false,
'private' => false,
'ssl' => 'never',
'sslserver' => null,
'shorturllength' => 30,
'dupelimit' => 60, # default for same person saying the same thing
'textlimit' => 140,
),
'db' =>
array('database' => 'YOU HAVE TO SET THIS IN config.php',
'schema_location' => INSTALLDIR . '/classes',
'class_location' => INSTALLDIR . '/classes',
'require_prefix' => 'classes/',
'class_prefix' => '',
'mirror' => null,
'utf8' => true,
'db_driver' => 'DB', # XXX: JanRain libs only work with DB
'quote_identifiers' => false,
'type' => 'mysql' ),
'syslog' =>
array('appname' => 'statusnet', # for syslog
'priority' => 'debug', # XXX: currently ignored
'facility' => LOG_USER),
'queue' =>
array('enabled' => false,
'subsystem' => 'db', # default to database, or 'stomp'
'stomp_server' => null,
'queue_basename' => 'statusnet',
'stomp_username' => null,
'stomp_password' => null,
),
'license' =>
array('url' => 'http://creativecommons.org/licenses/by/3.0/',
'title' => 'Creative Commons Attribution 3.0',
'image' => 'http://i.creativecommons.org/l/by/3.0/80x15.png'),
'mail' =>
array('backend' => 'mail',
'params' => null),
'nickname' =>
array('blacklist' => array(),
'featured' => array()),
'profile' =>
array('banned' => array(),
'biolimit' => null),
'avatar' =>
array('server' => null,
'dir' => INSTALLDIR . '/avatar/',
'path' => $_path . '/avatar/'),