diff options
Diffstat (limited to 'actions')
| -rw-r--r-- | actions/api.php | 63 | ||||
| -rw-r--r-- | actions/conversation.php | 5 | ||||
| -rw-r--r-- | actions/favorited.php | 2 | ||||
| -rw-r--r-- | actions/groupdesignsettings.php | 32 | ||||
| -rw-r--r-- | actions/othersettings.php | 11 | ||||
| -rw-r--r-- | actions/peoplesearch.php | 44 | ||||
| -rw-r--r-- | actions/subscriptions.php | 5 | ||||
| -rw-r--r-- | actions/twitapifriendships.php | 83 | ||||
| -rw-r--r-- | actions/twitapistatuses.php | 15 | ||||
| -rw-r--r-- | actions/twitapiusers.php | 13 |
10 files changed, 206 insertions, 67 deletions
diff --git a/actions/api.php b/actions/api.php index 08f5fadad..18c3b68d4 100644 --- a/actions/api.php +++ b/actions/api.php @@ -75,14 +75,14 @@ class ApiAction extends Action } } else { - # Caller might give us a username even if not required - if (isset($_SERVER['PHP_AUTH_USER'])) { - $user = User::staticGet('nickname', $_SERVER['PHP_AUTH_USER']); - if ($user) { - $this->user = $user; - } - # Twitter doesn't throw an error if the user isn't found - } + // Caller might give us a username even if not required + if (isset($_SERVER['PHP_AUTH_USER'])) { + $user = User::staticGet('nickname', $_SERVER['PHP_AUTH_USER']); + if ($user) { + $this->user = $user; + } + # Twitter doesn't throw an error if the user isn't found + } $this->process_command(); } @@ -117,7 +117,7 @@ class ApiAction extends Action } } - # Whitelist of API methods that don't need authentication + // Whitelist of API methods that don't need authentication function requires_auth() { static $noauth = array( 'statuses/public_timeline', @@ -135,28 +135,61 @@ class ApiAction extends Action 'statuses/replies', 'statuses/mentions', 'statuses/followers', - 'favorites/favorites'); + 'favorites/favorites', + 'friendships/show'); $fullname = "$this->api_action/$this->api_method"; // If the site is "private", all API methods except laconica/config // need authentication + if (common_config('site', 'private')) { return $fullname != 'laconica/config' || false; } + // bareauth: only needs auth if without an argument or query param specifying user + if (in_array($fullname, $bareauth)) { - # bareauth: only needs auth if without an argument or query param specifying user - if ($this->api_arg || $this->arg('id') || is_numeric($this->arg('user_id')) || $this->arg('screen_name')) { + + // Special case: friendships/show only needs auth if source_id or + // source_screen_name is not specified as a param + + if ($fullname == 'friendships/show') { + + $source_id = $this->arg('source_id'); + $source_screen_name = $this->arg('source_screen_name'); + + if (empty($source_id) && empty($source_screen_name)) { + return true; + } + return false; - } else { + } + + // if all of these are empty, auth is required + + $id = $this->arg('id'); + $user_id = $this->arg('user_id'); + $screen_name = $this->arg('screen_name'); + + if (empty($this->api_arg) && + empty($id) && + empty($user_id) && + empty($screen_name)) { return true; + } else { + return false; } + } else if (in_array($fullname, $noauth)) { - # noauth: never needs auth + + // noauth: never needs auth + return false; } else { - # everybody else needs auth + + // everybody else needs auth + return true; } } diff --git a/actions/conversation.php b/actions/conversation.php index cd6f26329..0eb0d86d6 100644 --- a/actions/conversation.php +++ b/actions/conversation.php @@ -31,6 +31,9 @@ if (!defined('LACONICA')) { exit(1); } +// XXX: not sure how to do paging yet, +// so set a 60-notice limit + require_once INSTALLDIR.'/lib/noticelist.php'; /** @@ -107,7 +110,7 @@ class ConversationAction extends Action function showContent() { - $notices = Notice::conversationStream($this->id, 0, null); + $notices = Notice::conversationStream($this->id, null, null); $ct = new ConversationTree($notices, $this); diff --git a/actions/favorited.php b/actions/favorited.php index c902d80f5..156c7a700 100644 --- a/actions/favorited.php +++ b/actions/favorited.php @@ -194,7 +194,7 @@ class FavoritedAction extends Action $qry = 'SELECT notice.*, '. $weightexpr . ' as weight ' . 'FROM notice JOIN fave ON notice.id = fave.notice_id ' . - 'GROUP BY id,profile_id,uri,content,rendered,url,created,notice.modified,reply_to,is_local,source ' . + 'GROUP BY id,profile_id,uri,content,rendered,url,created,notice.modified,reply_to,is_local,source,notice.conversation ' . 'ORDER BY weight DESC'; $offset = ($this->page - 1) * NOTICES_PER_PAGE; diff --git a/actions/groupdesignsettings.php b/actions/groupdesignsettings.php index 6c1c052cb..bb01243c6 100644 --- a/actions/groupdesignsettings.php +++ b/actions/groupdesignsettings.php @@ -312,36 +312,4 @@ class GroupDesignSettingsAction extends DesignSettingsAction $this->showForm(_('Design preferences saved.'), true); } - /** - * Handle input and output a page (overrided) - * - * @param array $args $_REQUEST arguments - * - * @return void - */ - - function handle($args) - { - parent::handle($args); - if (!common_logged_in()) { - $this->clientError(_('Not logged in.')); - return; - } else if (!common_is_real_login()) { - // Cookie theft means that automatic logins can't - // change important settings or see private info, and - // _all_ our settings are important - common_set_returnto($this->selfUrl()); - $user = common_current_user(); - if ($user->hasOpenID()) { - common_redirect(common_local_url('openidlogin'), 303); - } else { - common_redirect(common_local_url('login'), 303); - } - } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { - $this->handlePost(); - } else { - $this->showForm(); - } - } - } diff --git a/actions/othersettings.php b/actions/othersettings.php index b542233ca..1277f8052 100644 --- a/actions/othersettings.php +++ b/actions/othersettings.php @@ -83,14 +83,12 @@ class OthersettingsAction extends AccountSettingsAction { $user = common_current_user(); - $this->elementStart('form', array('method' => 'post', 'id' => 'form_settings_other', 'class' => 'form_settings', 'action' => common_local_url('othersettings'))); $this->elementStart('fieldset'); - $this->element('legend', null, _('URL Auto-shortening')); $this->hidden('token', common_session_token()); // I18N @@ -109,10 +107,14 @@ class OthersettingsAction extends AccountSettingsAction $this->elementStart('ul', 'form_data'); $this->elementStart('li'); - $this->dropdown('urlshorteningservice', _('Service'), + $this->dropdown('urlshorteningservice', _('Shorten URLs with'), $services, _('Automatic shortening service to use.'), false, $user->urlshorteningservice); $this->elementEnd('li'); + $this->elementStart('li'); + $this->checkbox('viewdesigns', _('View profile designs'), + $user->viewdesigns, _('Show or hide profile designs.')); + $this->elementEnd('li'); $this->elementEnd('ul'); $this->submit('save', _('Save')); $this->elementEnd('fieldset'); @@ -145,6 +147,8 @@ class OthersettingsAction extends AccountSettingsAction return; } + $viewdesigns = $this->boolean('viewdesigns'); + $user = common_current_user(); assert(!is_null($user)); // should already be checked @@ -154,6 +158,7 @@ class OthersettingsAction extends AccountSettingsAction $original = clone($user); $user->urlshorteningservice = $urlshorteningservice; + $user->viewdesigns = $viewdesigns; $result = $user->update($original); diff --git a/actions/peoplesearch.php b/actions/peoplesearch.php index c61e0e273..60ddb6a82 100644 --- a/actions/peoplesearch.php +++ b/actions/peoplesearch.php @@ -87,3 +87,47 @@ class PeoplesearchAction extends SearchAction } } +/** + * People search results class + * + * Derivative of ProfileList with specialization for highlighting search terms. + * + * @category Widget + * @package Laconica + * @author Evan Prodromou <evan@controlyourself.ca> + * @author Robin Millette <millette@controlyourself.ca> + * @license http://www.fsf.org/licensing/licenses/agpl.html AGPLv3 + * @link http://laconi.ca/ + * + * @see PeoplesearchAction + */ + +class PeopleSearchResults extends ProfileList +{ + var $terms = null; + var $pattern = null; + + function __construct($profile, $terms, $action) + { + parent::__construct($profile, $action); + + $this->terms = array_map('preg_quote', + array_map('htmlspecialchars', $terms)); + + $this->pattern = '/('.implode('|',$terms).')/i'; + } + + function newProfileItem($profile) + { + return new PeopleSearchResultItem($profile, $this->action); + } +} + +class PeopleSearchResultItem extends ProfileListItem +{ + function highlight($text) + { + return preg_replace($this->pattern, '<strong>\\1</strong>', htmlspecialchars($text)); + } +} + diff --git a/actions/subscriptions.php b/actions/subscriptions.php index 4124abea4..42bdae10f 100644 --- a/actions/subscriptions.php +++ b/actions/subscriptions.php @@ -159,7 +159,10 @@ class SubscriptionsListItem extends SubscriptionListItem $this->showBio(); $this->showTags(); // Relevant portion! - $this->showOwnerControls(); + $cur = common_current_user(); + if (!empty($cur) && $cur->id == $this->owner->id) { + $this->showOwnerControls(); + } $this->endProfile(); } diff --git a/actions/twitapifriendships.php b/actions/twitapifriendships.php index 29eb4cc0f..5fb55e9ff 100644 --- a/actions/twitapifriendships.php +++ b/actions/twitapifriendships.php @@ -160,4 +160,85 @@ class TwitapifriendshipsAction extends TwitterapiAction } -}
\ No newline at end of file + function show($args, $apidata) + { + parent::handle($args); + + if (!in_array($apidata['content-type'], array('xml', 'json'))) { + $this->clientError(_('API method not found!'), $code = 404); + return; + } + + $source_id = (int)$this->trimmed('source_id'); + $source_screen_name = $this->trimmed('source_screen_name'); + + // If the source is not specified for an unauthenticated request, + // the method will return an HTTP 403. + + if (empty($source_id) && empty($source_screen_name)) { + if (empty($apidata['user'])) { + $this->clientError(_('Could not determine source user.'), + $code = 403); + return; + } + } + + $source = null; + + if (!empty($source_id)) { + $source = User::staticGet($source_id); + } elseif (!empty($source_screen_name)) { + $source = User::staticGet('nickname', $source_screen_name); + } else { + $source = $apidata['user']; + } + + // If a source or target is specified but does not exist, + // the method will return an HTTP 404. + + if (empty($source)) { + $this->clientError(_('Could not determine source user.'), + $code = 404); + return; + } + + $target_id = (int)$this->trimmed('target_id'); + $target_screen_name = $this->trimmed('target_screen_name'); + + $target = null; + + if (!empty($target_id)) { + $target = User::staticGet($target_id); + } elseif (!empty($target_screen_name)) { + $target = User::staticGet('nickname', $target_screen_name); + } else { + $this->clientError(_('Target user not specified.'), + $code = 403); + return; + } + + if (empty($target)) { + $this->clientError(_('Could not find target user.'), + $code = 404); + return; + } + + $result = $this->twitter_relationship_array($source, $target); + + switch ($apidata['content-type']) { + case 'xml': + $this->init_document('xml'); + $this->show_twitter_xml_relationship($result[relationship]); + $this->end_document('xml'); + break; + case 'json': + $this->init_document('json'); + print json_encode($result); + $this->end_document('json'); + break; + default: + break; + } + } + +} diff --git a/actions/twitapistatuses.php b/actions/twitapistatuses.php index 555c746cb..c9943698d 100644 --- a/actions/twitapistatuses.php +++ b/actions/twitapistatuses.php @@ -373,9 +373,19 @@ class TwitapistatusesAction extends TwitterapiAction return; } + // 'id' is an undocumented parameter in Twitter's API. Several + // clients make use of it, so we support it too. + + // show.json?id=12345 takes precedence over /show/12345.json + $this->auth_user = $apidata['user']; - $notice_id = $apidata['api_arg']; - $notice = Notice::staticGet($notice_id); + $notice_id = $this->trimmed('id'); + + if (empty($notice_id)) { + $notice_id = $apidata['api_arg']; + } + + $notice = Notice::staticGet((int)$notice_id); if ($notice) { if ($apidata['content-type'] == 'xml') { @@ -389,7 +399,6 @@ class TwitapistatusesAction extends TwitterapiAction $this->clientError(_('No status with that ID found.'), 404, $apidata['content-type']); } - } function destroy($args, $apidata) diff --git a/actions/twitapiusers.php b/actions/twitapiusers.php index 4057b63e7..de8326e3a 100644 --- a/actions/twitapiusers.php +++ b/actions/twitapiusers.php @@ -37,24 +37,17 @@ class TwitapiusersAction extends TwitterapiAction $user = null; $email = $this->arg('email'); - $user_id = $this->arg('user_id'); // XXX: email field deprecated in Twitter's API - // XXX: Also: need to add screen_name param - if ($email) { $user = User::staticGet('email', $email); - } elseif ($user_id) { - $user = $this->get_user($user_id); - } elseif (isset($apidata['api_arg'])) { - $user = $this->get_user($apidata['api_arg']); - } elseif (isset($apidata['user'])) { - $user = $apidata['user']; + } else { + $user = $this->get_user($apidata['api_arg'], $apidata); } if (empty($user)) { - $this->client_error(_('Not found.'), 404, $apidata['content-type']); + $this->clientError(_('Not found.'), 404, $apidata['content-type']); return; } |