summaryrefslogtreecommitdiff
path: root/actions
diff options
context:
space:
mode:
authorEvan Prodromou <evan@status.net>2009-10-31 12:16:30 -0400
committerEvan Prodromou <evan@status.net>2009-10-31 12:16:30 -0400
commit5e27d53947ff64c8aee1b2287e1c77bbeaea51f7 (patch)
treebaf10735ebc98827820844e8ec9d616061ab645b /actions
parent65a3ccd4587193bba72501837fab097e041f96d3 (diff)
parentdcca9fbec0cea9c5e15c4d58a8e9870514dfdbdd (diff)
Merge branch '0.8.x' into testing
Diffstat (limited to 'actions')
-rw-r--r--actions/getfile.php145
-rw-r--r--actions/newnotice.php4
-rw-r--r--actions/twitapistatuses.php7
3 files changed, 150 insertions, 6 deletions
diff --git a/actions/getfile.php b/actions/getfile.php
new file mode 100644
index 000000000..ecda34c0f
--- /dev/null
+++ b/actions/getfile.php
@@ -0,0 +1,145 @@
+<?php
+/**
+ * StatusNet, the distributed open-source microblogging tool
+ *
+ * Returns a given file attachment, allowing private sites to only allow
+ * access to file attachments after login.
+ *
+ * PHP version 5
+ *
+ * LICENCE: This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * @category Personal
+ * @package StatusNet
+ * @author Jeffery To <jeffery.to@gmail.com>
+ * @copyright 2008-2009 StatusNet, Inc.
+ * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
+ * @link http://status.net/
+ */
+
+if (!defined('STATUSNET') && !defined('LACONICA')) {
+ exit(1);
+}
+
+require_once 'MIME/Type.php';
+
+/**
+ * Action for getting a file attachment
+ *
+ * @category Personal
+ * @package StatusNet
+ * @author Jeffery To <jeffery.to@gmail.com>
+ * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
+ * @link http://status.net/
+ */
+
+class GetfileAction extends Action
+{
+ /**
+ * Path of file to return
+ */
+
+ var $path = null;
+
+ /**
+ * Get file name
+ *
+ * @param array $args $_REQUEST array
+ *
+ * @return success flag
+ */
+
+ function prepare($args)
+ {
+ parent::prepare($args);
+
+ $filename = $this->trimmed('filename');
+ $path = null;
+
+ if ($filename) {
+ $path = common_config('attachments', 'dir') . $filename;
+ }
+
+ if (empty($path) or !file_exists($path)) {
+ $this->clientError(_('No such file.'), 404);
+ return false;
+ }
+ if (!is_readable($path)) {
+ $this->clientError(_('Cannot read file.'), 403);
+ return false;
+ }
+
+ $this->path = $path;
+ return true;
+ }
+
+ /**
+ * Is this page read-only?
+ *
+ * @return boolean true
+ */
+
+ function isReadOnly($args)
+ {
+ return true;
+ }
+
+ /**
+ * Last-modified date for file
+ *
+ * @return int last-modified date as unix timestamp
+ */
+
+ function lastModified()
+ {
+ return filemtime($this->path);
+ }
+
+ /**
+ * etag for file
+ *
+ * This returns the same data (inode, size, mtime) as Apache would,
+ * but in decimal instead of hex.
+ *
+ * @return string etag http header
+ */
+ function etag()
+ {
+ $stat = stat($this->path);
+ return '"' . $stat['ino'] . '-' . $stat['size'] . '-' . $stat['mtime'] . '"';
+ }
+
+ /**
+ * Handle input, produce output
+ *
+ * @param array $args $_REQUEST contents
+ *
+ * @return void
+ */
+
+ function handle($args)
+ {
+ // undo headers set by PHP sessions
+ $sec = session_cache_expire() * 60;
+ header('Expires: ' . date(DATE_RFC1123, time() + $sec));
+ header('Cache-Control: public, max-age=' . $sec);
+ header('Pragma: public');
+
+ parent::handle($args);
+
+ $path = $this->path;
+ header('Content-Type: ' . MIME_Type::autoDetect($path));
+ readfile($path);
+ }
+}
diff --git a/actions/newnotice.php b/actions/newnotice.php
index 8c0476f70..548832eca 100644
--- a/actions/newnotice.php
+++ b/actions/newnotice.php
@@ -271,7 +271,9 @@ class NewnoticeAction extends Action
common_broadcast_notice($notice);
if ($this->boolean('ajax')) {
- $this->startHTML('text/xml;charset=utf-8');
+ header('Content-Type: text/xml;charset=utf-8');
+ $this->xw->startDocument('1.0', 'UTF-8');
+ $this->elementStart('html');
$this->elementStart('head');
$this->element('title', null, _('Notice posted'));
$this->elementEnd('head');
diff --git a/actions/twitapistatuses.php b/actions/twitapistatuses.php
index 360dff27c..b0d3e584b 100644
--- a/actions/twitapistatuses.php
+++ b/actions/twitapistatuses.php
@@ -236,11 +236,8 @@ class TwitapistatusesAction extends TwitterapiAction
}
if (empty($status)) {
-
- // XXX: Note: In this case, Twitter simply returns '200 OK'
- // No error is given, but the status is not posted to the
- // user's timeline. Seems bad. Shouldn't we throw an
- // errror? -- Zach
+ $this->clientError(_('Client must provide a \'status\' parameter with a value.'),
+ $code = 403, $apidata['content-type']);
return;
} else {