From 31bbdacbf330c28c5ebc900864ccd148ea1b23e0 Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Sat, 7 Nov 2009 18:51:57 -0500 Subject: add a method to Action to check session token --- lib/action.php | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/lib/action.php b/lib/action.php index 1b2f73752..78ca9137a 100644 --- a/lib/action.php +++ b/lib/action.php @@ -1101,4 +1101,22 @@ class Action extends HTMLOutputter // lawsuit { return Design::siteDesign(); } + + /** + * Check the session token. + * + * Checks that the current form has the correct session token, + * and throw an exception if it does not. + * + * @return void + */ + + function checkSessionToken() + { + // CSRF protection + $token = $this->trimmed('token'); + if (empty($token) || $token != common_session_token()) { + $this->clientError(_('There was a problem with your session token.')); + } + } } -- cgit v1.2.3-54-g00ecf From 589185ce872743c146285fca6980db087f96cd4a Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Sat, 7 Nov 2009 19:16:15 -0500 Subject: uppercase right constants --- lib/right.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/right.php b/lib/right.php index 4e0096d46..4fc981af0 100644 --- a/lib/right.php +++ b/lib/right.php @@ -45,6 +45,7 @@ if (!defined('STATUSNET') && !defined('LACONICA')) { class Right { - const deleteOthersNotice = 'deleteothersnotice'; + const DELETEOTHERSNOTICE = 'deleteothersnotice'; + const CONFIGURESITE = 'configuresite'; } -- cgit v1.2.3-54-g00ecf From eaec5b03f59b0ac5bcde4a973d72946a52cbd2a6 Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Sat, 7 Nov 2009 19:16:33 -0500 Subject: add constants for user roles --- classes/User_role.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/classes/User_role.php b/classes/User_role.php index 85ecfb422..fc3806897 100644 --- a/classes/User_role.php +++ b/classes/User_role.php @@ -45,4 +45,7 @@ class User_role extends Memcached_DataObject { return Memcached_DataObject::pkeyGet('User_role', $kv); } + + const MODERATOR = 'moderator'; + const ADMINISTRATOR = 'administrator'; } -- cgit v1.2.3-54-g00ecf From 38833af6f18ae48caed0cc7939803c89e3104ef9 Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Sat, 7 Nov 2009 19:16:54 -0500 Subject: use upper-case constants for roles and rights in hasRight() --- classes/User.php | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/classes/User.php b/classes/User.php index 96a64ccb2..546406f71 100644 --- a/classes/User.php +++ b/classes/User.php @@ -705,10 +705,12 @@ class User extends Memcached_DataObject if (Event::handle('UserRightsCheck', array($this, $right, &$result))) { switch ($right) { - case Right::deleteOthersNotice: - $result = $this->hasRole('moderator'); + case Right::DELETEOTHERSNOTICE: + $result = $this->hasRole(User_role::MODERATOR); break; - default: + case Right::CONFIGURESITE: + $result = $this->hasRole(User_role::ADMINISTRATOR); + default: $result = false; break; } -- cgit v1.2.3-54-g00ecf From 1de9496c7fed16c2675c3d5136c131c07534c2cc Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Sat, 7 Nov 2009 22:26:03 -0500 Subject: fix constant for deleteothersnotice --- actions/deletenotice.php | 2 +- lib/noticelist.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/actions/deletenotice.php b/actions/deletenotice.php index 4a48a9c34..ba8e86d0f 100644 --- a/actions/deletenotice.php +++ b/actions/deletenotice.php @@ -67,7 +67,7 @@ class DeletenoticeAction extends Action common_user_error(_('Not logged in.')); exit; } else if ($this->notice->profile_id != $this->user_profile->id && - !$this->user->hasRight(Right::deleteOthersNotice)) { + !$this->user->hasRight(Right::DELETEOTHERSNOTICE)) { common_user_error(_('Can\'t delete this notice.')); exit; } diff --git a/lib/noticelist.php b/lib/noticelist.php index 8b3015cc3..bf12bb73c 100644 --- a/lib/noticelist.php +++ b/lib/noticelist.php @@ -513,7 +513,7 @@ class NoticeListItem extends Widget $user = common_current_user(); if (!empty($user) && - ($this->notice->profile_id == $user->id || $user->hasRight(Right::deleteOthersNotice))) { + ($this->notice->profile_id == $user->id || $user->hasRight(Right::DELETEOTHERSNOTICE))) { $deleteurl = common_local_url('deletenotice', array('notice' => $this->notice->id)); -- cgit v1.2.3-54-g00ecf From 321ac38884125f1af9e8f07323f096505d0b2644 Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Sat, 7 Nov 2009 22:35:35 -0500 Subject: script for granting/revoking user roles --- scripts/userrole.php | 85 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 85 insertions(+) create mode 100644 scripts/userrole.php diff --git a/scripts/userrole.php b/scripts/userrole.php new file mode 100644 index 000000000..7b6a9b3fd --- /dev/null +++ b/scripts/userrole.php @@ -0,0 +1,85 @@ +#!/usr/bin/env php +. + */ + +define('INSTALLDIR', realpath(dirname(__FILE__) . '/..')); + +$shortoptions = 'i:n:r:d'; +$longoptions = array('id=', 'nickname=', 'role=', 'delete'); + +$helptext = <<nickname' ($user->id)..."; + try { + $user->revokeRole($role); + print "OK\n"; + } catch (Exception $e) { + print "FAIL\n"; + print $e->getMessage(); + print "\n"; + } +} else { + print "Granting role '$role' to user '$user->nickname' ($user->id)..."; + try { + $user->grantRole($role); + print "OK\n"; + } catch (Exception $e) { + print "FAIL\n"; + print $e->getMessage(); + print "\n"; + } +} -- cgit v1.2.3-54-g00ecf From b7e2e3fd2b7e36f75c810a599334c2ca8abcca55 Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Sun, 8 Nov 2009 17:04:46 -0500 Subject: Restructure theme.php to define a class Theme For various reasons, it's nicer to have a class for theme-file paths and such. So, I've rewritten the code for determining the locations of theme files to be more OOPy. I changed all the uses of the two functions in the module (theme_file and theme_path) to use Theme::file and Theme::path respectively. I've also removed the code in common.php that require's the module; using a class means we can autoload it instead. --- actions/opensearch.php | 2 +- classes/Avatar.php | 2 +- classes/User_group.php | 2 +- lib/action.php | 16 ++--- lib/common.php | 1 - lib/htmloutputter.php | 4 +- lib/noticesection.php | 2 +- lib/theme.php | 164 +++++++++++++++++++++++++++++++++++++------------ 8 files changed, 138 insertions(+), 55 deletions(-) diff --git a/actions/opensearch.php b/actions/opensearch.php index d5e6698f3..861b53d7d 100644 --- a/actions/opensearch.php +++ b/actions/opensearch.php @@ -75,7 +75,7 @@ class OpensearchAction extends Action $this->element('Url', array('type' => 'text/html', 'method' => 'get', 'template' => str_replace('---', '{searchTerms}', common_local_url($type, array('q' => '---'))))); $this->element('Image', array('height' => 16, 'width' => 16, 'type' => 'image/vnd.microsoft.icon'), common_path('favicon.ico')); - $this->element('Image', array('height' => 50, 'width' => 50, 'type' => 'image/png'), theme_path('logo.png')); + $this->element('Image', array('height' => 50, 'width' => 50, 'type' => 'image/png'), Theme::path('logo.png')); $this->element('AdultContent', null, 'false'); $this->element('Language', null, common_language()); $this->element('OutputEncoding', null, 'UTF-8'); diff --git a/classes/Avatar.php b/classes/Avatar.php index 64f105179..cc7a6b647 100644 --- a/classes/Avatar.php +++ b/classes/Avatar.php @@ -102,6 +102,6 @@ class Avatar extends Memcached_DataObject static $sizenames = array(AVATAR_PROFILE_SIZE => 'profile', AVATAR_STREAM_SIZE => 'stream', AVATAR_MINI_SIZE => 'mini'); - return theme_path('default-avatar-'.$sizenames[$size].'.png'); + return Theme::path('default-avatar-'.$sizenames[$size].'.png'); } } diff --git a/classes/User_group.php b/classes/User_group.php index 310ecff1e..b92638f7a 100644 --- a/classes/User_group.php +++ b/classes/User_group.php @@ -34,7 +34,7 @@ class User_group extends Memcached_DataObject static $sizenames = array(AVATAR_PROFILE_SIZE => 'profile', AVATAR_STREAM_SIZE => 'stream', AVATAR_MINI_SIZE => 'mini'); - return theme_path('default-avatar-'.$sizenames[$size].'.png'); + return Theme::path('default-avatar-'.$sizenames[$size].'.png'); } function homeUrl() diff --git a/lib/action.php b/lib/action.php index 78ca9137a..80f398fbd 100644 --- a/lib/action.php +++ b/lib/action.php @@ -168,7 +168,7 @@ class Action extends HTMLOutputter // lawsuit { if (is_readable(INSTALLDIR . '/theme/' . common_config('site', 'theme') . '/favicon.ico')) { $this->element('link', array('rel' => 'shortcut icon', - 'href' => theme_path('favicon.ico'))); + 'href' => Theme::path('favicon.ico'))); } else { $this->element('link', array('rel' => 'shortcut icon', 'href' => common_path('favicon.ico'))); @@ -177,7 +177,7 @@ class Action extends HTMLOutputter // lawsuit if (common_config('site', 'mobile')) { if (is_readable(INSTALLDIR . '/theme/' . common_config('site', 'theme') . '/apple-touch-icon.png')) { $this->element('link', array('rel' => 'apple-touch-icon', - 'href' => theme_path('apple-touch-icon.png'))); + 'href' => Theme::path('apple-touch-icon.png'))); } else { $this->element('link', array('rel' => 'apple-touch-icon', 'href' => common_path('apple-touch-icon.png'))); @@ -210,16 +210,16 @@ class Action extends HTMLOutputter // lawsuit if (Event::handle('StartShowUAStyles', array($this))) { $this->comment('[if IE]>comment('[if lte IE '.$ver.']>comment('[if IE]>elementStart('a', array('class' => 'url home bookmark', 'href' => common_local_url('public'))); - if (common_config('site', 'logo') || file_exists(theme_file('logo.png'))) { + if (common_config('site', 'logo') || file_exists(Theme::file('logo.png'))) { $this->element('img', array('class' => 'logo photo', - 'src' => (common_config('site', 'logo')) ? common_config('site', 'logo') : theme_path('logo.png'), + 'src' => (common_config('site', 'logo')) ? common_config('site', 'logo') : Theme::path('logo.png'), 'alt' => common_config('site', 'name'))); } $this->element('span', array('class' => 'fn org'), common_config('site', 'name')); diff --git a/lib/common.php b/lib/common.php index 68bdbf229..6aac46807 100644 --- a/lib/common.php +++ b/lib/common.php @@ -227,7 +227,6 @@ require_once 'markdown.php'; require_once INSTALLDIR.'/lib/util.php'; require_once INSTALLDIR.'/lib/action.php'; -require_once INSTALLDIR.'/lib/theme.php'; require_once INSTALLDIR.'/lib/mail.php'; require_once INSTALLDIR.'/lib/subs.php'; require_once INSTALLDIR.'/lib/Shorturl_api.php'; diff --git a/lib/htmloutputter.php b/lib/htmloutputter.php index ce83295fb..c2ec83c28 100644 --- a/lib/htmloutputter.php +++ b/lib/htmloutputter.php @@ -375,8 +375,8 @@ class HTMLOutputter extends XMLOutputter $url = parse_url($src); if( empty($url->scheme) && empty($url->host) && empty($url->query) && empty($url->fragment)) { - if(file_exists(theme_file($src,$theme))){ - $src = theme_path($src, $theme) . '?version=' . STATUSNET_VERSION; + if(file_exists(Theme::file($src,$theme))){ + $src = Theme::path($src, $theme) . '?version=' . STATUSNET_VERSION; }else{ $src = common_path($src); } diff --git a/lib/noticesection.php b/lib/noticesection.php index b223932ef..24465f8ba 100644 --- a/lib/noticesection.php +++ b/lib/noticesection.php @@ -114,7 +114,7 @@ class NoticeSection extends Section $att_class = 'attachments'; } - $clip = theme_path('images/icons/clip.png', 'base'); + $clip = Theme::path('images/icons/clip.png', 'base'); $this->out->elementStart('a', array('class' => $att_class, 'style' => "font-style: italic;", 'href' => $href, 'title' => "# of attachments: $count")); $this->out->raw(" ($count "); $this->out->element('img', array('style' => 'display: inline', 'align' => 'top', 'width' => 20, 'height' => 20, 'src' => $clip, 'alt' => 'alt')); diff --git a/lib/theme.php b/lib/theme.php index 08e3e8538..c658058ff 100644 --- a/lib/theme.php +++ b/lib/theme.php @@ -23,7 +23,7 @@ * @package StatusNet * @author Evan Prodromou * @author Sarven Capadisli - * @copyright 2008 StatusNet, Inc. + * @copyright 2008-2009 StatusNet, Inc. * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://status.net/ */ @@ -33,62 +33,146 @@ if (!defined('STATUSNET') && !defined('LACONICA')) { } /** - * Gets the full path of a file in a theme dir based on its relative name + * Class for querying and manipulating a theme * - * @param string $relative relative path within the theme directory - * @param string $theme name of the theme; defaults to current theme + * Themes are directories with some expected sub-directories and files + * in them. They're found in either local/theme (for locally-installed themes) + * or theme/ subdir of installation dir. * - * @return string File path to the theme file + * This used to be a couple of functions, but for various reasons it's nice + * to have a class instead. + * + * @category Output + * @package StatusNet + * @author Evan Prodromou + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ */ -function theme_file($relative, $theme=null) +class Theme { - if (empty($theme)) { - $theme = common_config('site', 'theme'); - } - $dir = common_config('theme', 'dir'); - if (empty($dir)) { - $dir = INSTALLDIR.'/theme'; - } - return $dir.'/'.$theme.'/'.$relative; -} + var $dir = null; + var $path = null; -/** - * Gets the full URL of a file in a theme dir based on its relative name - * - * @param string $relative relative path within the theme directory - * @param string $theme name of the theme; defaults to current theme - * - * @return string URL of the file - */ + /** + * Constructor + * + * Determines the proper directory and path for this theme. + * + * @param string $name Name of the theme; defaults to config value + */ -function theme_path($relative, $theme=null) -{ - if (empty($theme)) { - $theme = common_config('site', 'theme'); - } + function __construct($name=null) + { + if (empty($name)) { + $name = common_config('site', 'theme'); + } + + // Check to see if it's in the local dir + + $localroot = INSTALLDIR.'/local/theme'; + + $fulldir = $localroot.'/'.$name; + + if (file_exists($fulldir) && is_dir($fulldir)) { + $this->dir = $fulldir; + $this->path = common_path('local/theme/'.$name.'/'); + return; + } + + // Check to see if it's in the distribution dir - $path = common_config('theme', 'path'); + $instroot = common_config('theme', 'dir'); - if (empty($path)) { - $path = common_config('site', 'path') . '/theme/'; + if (empty($instroot)) { + $instroot = INSTALLDIR.'/theme'; + } + + $fulldir = $instroot.'/'.$name; + + if (file_exists($fulldir) && is_dir($fulldir)) { + + $this->dir = $fulldir; + + $path = common_config('theme', 'path'); + + if (empty($path)) { + $path = common_config('site', 'path') . '/theme/'; + } + + if ($path[strlen($path)-1] != '/') { + $path .= '/'; + } + + if ($path[0] != '/') { + $path = '/'.$path; + } + + $server = common_config('theme', 'server'); + + if (empty($server)) { + $server = common_config('site', 'server'); + } + + // XXX: protocol + + $this->path = 'http://'.$server.$path.$name; + } } - if ($path[strlen($path)-1] != '/') { - $path .= '/'; + /** + * Gets the full local filename of a file in this theme. + * + * @param string $relative relative name, like 'logo.png' + * + * @return string full pathname, like /var/www/mublog/theme/default/logo.png + */ + + function getFile($relative) + { + return $this->dir.'/'.$relative; } - if ($path[0] != '/') { - $path = '/'.$path; + /** + * Gets the full HTTP url of a file in this theme + * + * @param string $relative relative name, like 'logo.png' + * + * @return string full URL, like 'http://example.com/theme/default/logo.png' + */ + + function getPath($relative) + { + return $this->path.'/'.$relative; } - $server = common_config('theme', 'server'); + /** + * Gets the full path of a file in a theme dir based on its relative name + * + * @param string $relative relative path within the theme directory + * @param string $name name of the theme; defaults to current theme + * + * @return string File path to the theme file + */ - if (empty($server)) { - $server = common_config('site', 'server'); + static function file($relative, $name=null) + { + $theme = new Theme($name); + return $theme->getFile($relative); } - // XXX: protocol + /** + * Gets the full URL of a file in a theme dir based on its relative name + * + * @param string $relative relative path within the theme directory + * @param string $name name of the theme; defaults to current theme + * + * @return string URL of the file + */ - return 'http://'.$server.$path.$theme.'/'.$relative; + static function path($relative, $name=null) + { + $theme = new Theme($name); + return $theme->getPath($relative); + } } -- cgit v1.2.3-54-g00ecf