Merge branch 'testing' of gitorious.org:statusnet/mainline into testing

* 'testing' of gitorious.org:statusnet/mainline:
  OStatus remote sending test cases. Doesn't actually run within PHPUnit right now, must be run from command line -- specify base URLs to two StatusNet sites that will be able to communicate with each other.
  Math_BigInteger doesn't correctly handle serialization/deserialization for a value of 0, which can end up spewing notices to output and otherwise intefering with Salmon signature setup and verification when using memcached.
  Log backtraces for non-ClientException exceptions caught at the top-level handler.
  Confirm there's actually user and domain portions of acct string before assigning things from output of explode(); avoids notice message when invalid input passed to main/xrd
  Fixing HTTP Header LRDD parsing (sites in subdirectories need this)
  Replace the "give up and dump object" attachment view fallback with a client-side redirect to the target URL, which will at least be useful.
  ignore unrecognized object types
  Pull <atom:author> info as well as <activity:actor> when we have an old-style ActivityStreams feed. This fixes subscription setup for Cliqset feeds, which currently have a bogus activity:actor/atom:id but a good atom:author/atom:uri
  Accept 'tag' and other non-http id URIs in Ostatus_profile::getActivityObjectProfileURI().

4 files changed, 65 insertions, 7 deletions

diff --git a/lib/activityobject.php b/lib/activityobject.php
index e5cea727b..0a358ccab 100644
--- a/lib/activityobject.php
+++ b/lib/activityobject.php
@@ -156,7 +156,11 @@ class ActivityObject
     {
         $this->type  = self::PERSON; // XXX: is this fair?
         $this->title = $this->_childContent($element, self::NAME);
-        $this->id    = $this->_childContent($element, self::URI);
+
+        $id = $this->_childContent($element, self::URI);
+        if (ActivityUtils::validateUri($id)) {
+            $this->id = $id;
+        }
 
         if (empty($this->id)) {
             $email = $this->_childContent($element, self::EMAIL);
@@ -169,6 +173,15 @@ class ActivityObject
 
     private function _fromAtomEntry($element)
     {
+        if ($element->localName == 'actor') {
+            // Old-fashioned <activity:actor>...
+            // First pull anything from <author>, then we'll add on top.
+            $author = ActivityUtils::child($element->parentNode, 'author');
+            if ($author) {
+                $this->_fromAuthor($author);
+            }
+        }
+
         $this->type = $this->_childContent($element, Activity::OBJECTTYPE,
                                            Activity::SPEC);
 
@@ -176,7 +189,11 @@ class ActivityObject
             $this->type = ActivityObject::NOTE;
         }
 
-        $this->id      = $this->_childContent($element, self::ID);
+        $id = $this->_childContent($element, self::ID);
+        if (ActivityUtils::validateUri($id)) {
+            $this->id = $id;
+        }
+
         $this->summary = ActivityUtils::childHtmlContent($element, self::SUMMARY);
         $this->content = ActivityUtils::getContent($element);
 
diff --git a/lib/activityutils.php b/lib/activityutils.php
index c85a3db55..a7e99fb11 100644
--- a/lib/activityutils.php
+++ b/lib/activityutils.php
@@ -240,4 +240,26 @@ class ActivityUtils
             throw new ClientException(_("Can't handle embedded Base64 content yet."));
         }
     }
+
+    /**
+     * Is this a valid URI for remote profile/notice identification?
+     * Does not have to be a resolvable URL.
+     * @param string $uri
+     * @return boolean
+     */
+    static function validateUri($uri)
+    {
+        if (Validate::uri($uri)) {
+            return true;
+        }
+
+        // Possibly an upstream bug; tag: URIs aren't validated properly
+        // unless you explicitly ask for them. All other schemes are accepted
+        // for basic URI validation without asking.
+        if (Validate::uri($uri, array('allowed_scheme' => array('tag')))) {
+            return true;
+        }
+
+        return false;
+    }
 }
diff --git a/lib/attachmentlist.php b/lib/attachmentlist.php
index 51ceca857..fe38281af 100644
--- a/lib/attachmentlist.php
+++ b/lib/attachmentlist.php
@@ -306,7 +306,7 @@ class Attachment extends AttachmentListItem
     function showRepresentation() {
         if (empty($this->oembed->type)) {
             if (empty($this->attachment->mimetype)) {
-                $this->out->element('pre', null, 'oh well... not sure how to handle the following: ' . print_r($this->attachment, true));
+                $this->showFallback();
             } else {
                 switch ($this->attachment->mimetype) {
                 case 'image/gif':
@@ -332,6 +332,8 @@ class Attachment extends AttachmentListItem
                     $this->out->element('param', array('name' => 'autoStart', 'value' => 1));
                     $this->out->elementEnd('object');
                     break;
+                default:
+                    $this->showFallback();
                 }
             }
         } else {
@@ -354,9 +356,23 @@ class Attachment extends AttachmentListItem
                 break;
 
             default:
-                $this->out->element('pre', null, 'oh well... not sure how to handle the following oembed: ' . print_r($this->oembed, true));
+                $this->showFallback();
             }
         }
     }
+
+    function showFallback()
+    {
+        // If we don't know how to display an attachment inline, we probably
+        // shouldn't have gotten to this point.
+        //
+        // But, here we are... displaying details on a file or remote URL
+        // either on the main view or in an ajax-loaded lightbox. As a lesser
+        // of several evils, we'll try redirecting to the actual target via
+        // client-side JS.
+
+        common_log(LOG_ERR, "Empty or unknown type for file id {$this->attachment->id}; falling back to client-side redirect.");
+        $this->out->raw('<script>window.location = ' . json_encode($this->attachment->url) . ';</script>');
+    }
 }
 
diff --git a/lib/servererroraction.php b/lib/servererroraction.php
index 0993a63bc..9b5a553dc 100644
--- a/lib/servererroraction.php
+++ b/lib/servererroraction.php
@@ -62,15 +62,18 @@ class ServerErrorAction extends ErrorAction
                            504 => 'Gateway Timeout',
                            505 => 'HTTP Version Not Supported');
 
-    function __construct($message='Error', $code=500)
+    function __construct($message='Error', $code=500, $ex=null)
     {
         parent::__construct($message, $code);
 
         $this->default = 500;
 
         // Server errors must be logged.
-
-        common_log(LOG_ERR, "ServerErrorAction: $code $message");
+        $log = "ServerErrorAction: $code $message";
+        if ($ex) {
+            $log .= "\n" . $ex->getTraceAsString();
+        }
+        common_log(LOG_ERR, $log);
     }
 
     // XXX: Should these error actions even be invokable via URI?