diff options
Diffstat (limited to 'classes')
| -rw-r--r-- | classes/File_redirection.php | 68 | ||||
| -rw-r--r-- | classes/Login_token.php | 42 | ||||
| -rw-r--r-- | classes/Notice.php | 5 | ||||
| -rw-r--r-- | classes/User.php | 14 | ||||
| -rw-r--r-- | classes/statusnet.ini | 11 |
5 files changed, 103 insertions, 37 deletions
diff --git a/classes/File_redirection.php b/classes/File_redirection.php index 79052bf7d..08a6e8d8b 100644 --- a/classes/File_redirection.php +++ b/classes/File_redirection.php @@ -47,18 +47,15 @@ class File_redirection extends Memcached_DataObject /* the code above is auto generated do not remove the tag below */ ###END_AUTOCODE - function _commonCurl($url, $redirs) { - $curlh = curl_init(); - curl_setopt($curlh, CURLOPT_URL, $url); - curl_setopt($curlh, CURLOPT_AUTOREFERER, true); // # setup referer header when folowing redirects - curl_setopt($curlh, CURLOPT_CONNECTTIMEOUT, 10); // # seconds to wait - curl_setopt($curlh, CURLOPT_MAXREDIRS, $redirs); // # max number of http redirections to follow - curl_setopt($curlh, CURLOPT_USERAGENT, USER_AGENT); - curl_setopt($curlh, CURLOPT_FOLLOWLOCATION, true); // Follow redirects - curl_setopt($curlh, CURLOPT_RETURNTRANSFER, true); - curl_setopt($curlh, CURLOPT_FILETIME, true); - curl_setopt($curlh, CURLOPT_HEADER, true); // Include header in output - return $curlh; + static function _commonHttp($url, $redirs) { + $request = new HTTPClient($url); + $request->setConfig(array( + 'connect_timeout' => 10, // # seconds to wait + 'max_redirs' => $redirs, // # max number of http redirections to follow + 'follow_redirects' => true, // Follow redirects + 'store_body' => false, // We won't need body content here. + )); + return $request; } function _redirectWhere_imp($short_url, $redirs = 10, $protected = false) { @@ -82,32 +79,39 @@ class File_redirection extends Memcached_DataObject if(strpos($short_url,'://') === false){ return $short_url; } - $curlh = File_redirection::_commonCurl($short_url, $redirs); - // Don't include body in output - curl_setopt($curlh, CURLOPT_NOBODY, true); - curl_exec($curlh); - $info = curl_getinfo($curlh); - curl_close($curlh); - - if (405 == $info['http_code']) { - $curlh = File_redirection::_commonCurl($short_url, $redirs); - curl_exec($curlh); - $info = curl_getinfo($curlh); - curl_close($curlh); + try { + $request = self::_commonHttp($short_url, $redirs); + // Don't include body in output + $request->setMethod(HTTP_Request2::METHOD_HEAD); + $response = $request->send(); + + if (405 == $response->getStatus()) { + // Server doesn't support HEAD method? Can this really happen? + // We'll try again as a GET and ignore the response data. + $request = self::_commonHttp($short_url, $redirs); + $response = $request->send(); + } + } catch (Exception $e) { + // Invalid URL or failure to reach server + return $short_url; } - if (!empty($info['redirect_count']) && File::isProtected($info['url'])) { - return File_redirection::_redirectWhere_imp($short_url, $info['redirect_count'] - 1, true); + if ($response->getRedirectCount() && File::isProtected($response->getUrl())) { + // Bump back up the redirect chain until we find a non-protected URL + return self::_redirectWhere_imp($short_url, $response->getRedirectCount() - 1, true); } - $ret = array('code' => $info['http_code'] - , 'redirects' => $info['redirect_count'] - , 'url' => $info['url']); + $ret = array('code' => $response->getStatus() + , 'redirects' => $response->getRedirectCount() + , 'url' => $response->getUrl()); - if (!empty($info['content_type'])) $ret['type'] = $info['content_type']; + $type = $response->getHeader('Content-Type'); + if ($type) $ret['type'] = $type; if ($protected) $ret['protected'] = true; - if (!empty($info['download_content_length'])) $ret['size'] = $info['download_content_length']; - if (isset($info['filetime']) && ($info['filetime'] > 0)) $ret['time'] = $info['filetime']; + $size = $response->getHeader('Content-Length'); // @fixme bytes? + if ($size) $ret['size'] = $size; + $time = $response->getHeader('Last-Modified'); + if ($time) $ret['time'] = strtotime($time); return $ret; } diff --git a/classes/Login_token.php b/classes/Login_token.php new file mode 100644 index 000000000..bd6381f90 --- /dev/null +++ b/classes/Login_token.php @@ -0,0 +1,42 @@ +<?php +/** + * Table Definition for group_alias + * + * StatusNet - the distributed open-source microblogging tool + * Copyright (C) 2009, StatusNet, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('STATUSNET') && !defined('LACONICA')) { exit(1); } + +require_once INSTALLDIR.'/classes/Memcached_DataObject.php'; + +class Login_token extends Memcached_DataObject +{ + ###START_AUTOCODE + /* the code below is auto generated do not remove the above tag */ + + public $__table = 'login_token'; // table name + public $user_id; // int(4) primary_key not_null + public $token; // char(32) not_null + public $created; // datetime() not_null + public $modified; // timestamp() not_null default_CURRENT_TIMESTAMP + + /* Static get */ + function staticGet($k,$v=NULL) { return DB_DataObject::staticGet('Login_token',$k,$v); } + + /* the code above is auto generated do not remove the tag below */ + ###END_AUTOCODE +} diff --git a/classes/Notice.php b/classes/Notice.php index a9dbaa461..9886875cb 100644 --- a/classes/Notice.php +++ b/classes/Notice.php @@ -930,7 +930,10 @@ class Notice extends Memcached_DataObject $users = $group->getUserMembers(); foreach ($users as $id) { if (!array_key_exists($id, $ni)) { - $ni[$id] = NOTICE_INBOX_SOURCE_GROUP; + $user = User::staticGet('id', $id); + if (!$user->hasBlocked($notice->profile_id)) { + $ni[$id] = NOTICE_INBOX_SOURCE_GROUP; + } } } } diff --git a/classes/User.php b/classes/User.php index 3fa9cc152..96a64ccb2 100644 --- a/classes/User.php +++ b/classes/User.php @@ -117,8 +117,7 @@ class User extends Memcached_DataObject function allowed_nickname($nickname) { // XXX: should already be validated for size, content, etc. - - $blacklist = array(); + $blacklist = common_config('nickname', 'blacklist'); //all directory and file names should be blacklisted $d = dir(INSTALLDIR); @@ -126,8 +125,15 @@ class User extends Memcached_DataObject $blacklist[]=$entry; } $d->close(); - $merged = array_merge($blacklist, common_config('nickname', 'blacklist')); - return !in_array($nickname, $merged); + + //all top level names in the router should be blacklisted + $router = Router::get(); + foreach(array_keys($router->m->getPaths()) as $path){ + if(preg_match('/^\/(.*?)[\/\?]/',$path,$matches)){ + $blacklist[]=$matches[1]; + } + } + return !in_array($nickname, $blacklist); } function getCurrentNotice($dt=null) diff --git a/classes/statusnet.ini b/classes/statusnet.ini index 623790b10..912d05cdf 100644 --- a/classes/statusnet.ini +++ b/classes/statusnet.ini @@ -555,3 +555,14 @@ created = 142 [user_role__keys] user_id = K role = K + +[login_token] +user_id = 129 +token = 130 +created = 142 +modified = 384 + +[login_token__keys] +user_id = K +token = K + |