From 0d7d4dfe5d258d2018f601f8116d629577105864 Mon Sep 17 00:00:00 2001 From: mEDI Date: Thu, 3 Sep 2009 19:32:27 +0200 Subject: add basic auth support for cgi servers on the api (trac #1832) --- actions/api.php | 46 +++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 41 insertions(+), 5 deletions(-) (limited to 'actions') diff --git a/actions/api.php b/actions/api.php index f425a8dcd..f624d6b69 100644 --- a/actions/api.php +++ b/actions/api.php @@ -27,6 +27,8 @@ class ApiAction extends Action var $api_arg; var $api_method; var $api_action; + var $auth_user; + var $auth_pw; function handle($args) { @@ -35,6 +37,7 @@ class ApiAction extends Action $this->api_action = $this->arg('apiaction'); $method = $this->arg('method'); $argument = $this->arg('argument'); + $this->basic_auth_process_header(); if (isset($argument)) { $cmdext = explode('.', $argument); @@ -50,7 +53,7 @@ class ApiAction extends Action } if ($this->requires_auth()) { - if (!isset($_SERVER['PHP_AUTH_USER'])) { + if (!isset($this->auth_user)) { # This header makes basic auth go header('WWW-Authenticate: Basic realm="StatusNet API"'); @@ -58,8 +61,8 @@ class ApiAction extends Action # If the user hits cancel -- bam! $this->show_basic_auth_error(); } else { - $nickname = $_SERVER['PHP_AUTH_USER']; - $password = $_SERVER['PHP_AUTH_PW']; + $nickname = $this->auth_user; + $password = $this->auth_pw; $user = common_check_user($nickname, $password); if ($user) { @@ -76,8 +79,8 @@ class ApiAction extends Action } else { // Caller might give us a username even if not required - if (isset($_SERVER['PHP_AUTH_USER'])) { - $user = User::staticGet('nickname', $_SERVER['PHP_AUTH_USER']); + if (isset($this->auth_user)) { + $user = User::staticGet('nickname', $this->auth_user); if ($user) { $this->user = $user; } @@ -203,6 +206,39 @@ class ApiAction extends Action } } + function basic_auth_process_header() + { + if(isset($_SERVER['AUTHORIZATION']) || isset($_SERVER['HTTP_AUTHORIZATION'])) + { + $authorization_header = isset($_SERVER['HTTP_AUTHORIZATION'])?$_SERVER['HTTP_AUTHORIZATION']:$_SERVER['AUTHORIZATION']; + } + + if(isset($_SERVER['PHP_AUTH_USER'])) + { + $this->auth_user = $_SERVER['PHP_AUTH_USER']; + $this->auth_pw = $_SERVER['PHP_AUTH_PW']; + } + elseif ( isset($authorization_header) && strstr(substr($authorization_header, 0,5),'Basic') ) + { + // decode the HTTP_AUTHORIZATION header on php-cgi server self + // on fcgid server is the header name AUTHORIZATION + + $auth_hash = base64_decode( substr($authorization_header, 6) ); + list($this->auth_user, $this->auth_pw) = explode(':', $auth_hash); + + // set all to NULL on a emty basic auth request + if($this->auth_user == "") { + $this->auth_user = NULL; + $this->auth_pw = NULL; + } + } + else + { + $this->auth_user = NULL; + $this->auth_pw = NULL; + } + } + function show_basic_auth_error() { header('HTTP/1.1 401 Unauthorized'); -- cgit v1.2.3-54-g00ecf From ebcbd3820e10e70ab2ed1bff9839a03f2948ee8f Mon Sep 17 00:00:00 2001 From: Craig Andrews Date: Thu, 3 Sep 2009 15:30:19 -0400 Subject: Fix spelling --- actions/api.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'actions') diff --git a/actions/api.php b/actions/api.php index f624d6b69..c236378bc 100644 --- a/actions/api.php +++ b/actions/api.php @@ -221,12 +221,12 @@ class ApiAction extends Action elseif ( isset($authorization_header) && strstr(substr($authorization_header, 0,5),'Basic') ) { // decode the HTTP_AUTHORIZATION header on php-cgi server self - // on fcgid server is the header name AUTHORIZATION + // on fcgid server the header name is AUTHORIZATION $auth_hash = base64_decode( substr($authorization_header, 6) ); list($this->auth_user, $this->auth_pw) = explode(':', $auth_hash); - // set all to NULL on a emty basic auth request + // set all to NULL on a empty basic auth request if($this->auth_user == "") { $this->auth_user = NULL; $this->auth_pw = NULL; -- cgit v1.2.3-54-g00ecf From 277b464054b24f8d680ddbe762c9e438f6679592 Mon Sep 17 00:00:00 2001 From: Sarven Capadisli Date: Thu, 3 Sep 2009 19:42:50 +0000 Subject: Created autofocus method to give focus to an element (primarily a form control) on page onload. Updated some of the pages to use autofocus. --- actions/avatarsettings.php | 2 ++ actions/editgroup.php | 6 ++++++ actions/emailsettings.php | 6 ++++++ actions/grouplogo.php | 2 ++ actions/groupsearch.php | 6 ++++++ actions/invite.php | 6 ++++++ actions/login.php | 8 ++++++++ actions/noticesearch.php | 6 ++++++ actions/openidlogin.php | 6 ++++++ actions/openidsettings.php | 6 ++++++ actions/othersettings.php | 6 ++++++ actions/passwordsettings.php | 6 ++++++ actions/peoplesearch.php | 6 ++++++ actions/profilesettings.php | 8 ++++++++ actions/register.php | 6 ++++++ actions/smssettings.php | 6 ++++++ actions/subscriptions.php | 6 ++++++ lib/designsettings.php | 2 ++ lib/htmloutputter.php | 25 +++++++++++++++++++++++++ 19 files changed, 125 insertions(+) (limited to 'actions') diff --git a/actions/avatarsettings.php b/actions/avatarsettings.php index 0bc439ff1..02a684b38 100644 --- a/actions/avatarsettings.php +++ b/actions/avatarsettings.php @@ -399,5 +399,7 @@ class AvatarsettingsAction extends AccountSettingsAction $this->script('js/jcrop/jquery.Jcrop.min.js'); $this->script('js/jcrop/jquery.Jcrop.go.js'); } + + $this->autofocus('avatarfile'); } } diff --git a/actions/editgroup.php b/actions/editgroup.php index cac910e9b..e7ba836a0 100644 --- a/actions/editgroup.php +++ b/actions/editgroup.php @@ -160,6 +160,12 @@ class EditgroupAction extends GroupDesignAction } } + function showScripts() + { + parent::showScripts(); + $this->autofocus('nickname'); + } + function trySave() { $cur = common_current_user(); diff --git a/actions/emailsettings.php b/actions/emailsettings.php index af528a892..6eff06c0d 100644 --- a/actions/emailsettings.php +++ b/actions/emailsettings.php @@ -71,6 +71,12 @@ class EmailsettingsAction extends AccountSettingsAction return _('Manage how you get email from %%site.name%%.'); } + function showScripts() + { + parent::showScripts(); + $this->autofocus('email'); + } + /** * Content area of the page * diff --git a/actions/grouplogo.php b/actions/grouplogo.php index c6f376915..63ba769c7 100644 --- a/actions/grouplogo.php +++ b/actions/grouplogo.php @@ -445,6 +445,8 @@ class GrouplogoAction extends GroupDesignAction $this->script('js/jcrop/jquery.Jcrop.min.js'); $this->script('js/jcrop/jquery.Jcrop.go.js'); } + + $this->autofocus('avatarfile'); } function showLocalNav() diff --git a/actions/groupsearch.php b/actions/groupsearch.php index bbd4c3a74..be15efc47 100644 --- a/actions/groupsearch.php +++ b/actions/groupsearch.php @@ -91,6 +91,12 @@ class GroupsearchAction extends SearchAction $user_group->free(); } } + + function showScripts() + { + parent::showScripts(); + $this->autofocus('q'); + } } class GroupSearchResults extends GroupList diff --git a/actions/invite.php b/actions/invite.php index ab43a2491..9fa6a76f6 100644 --- a/actions/invite.php +++ b/actions/invite.php @@ -98,6 +98,12 @@ class InviteAction extends CurrentUserDesignAction $this->showPage(); } + function showScripts() + { + parent::showScripts(); + $this->autofocus('addresses'); + } + function title() { if ($this->mode == 'sent') { diff --git a/actions/login.php b/actions/login.php index 37f3c54ff..ac8c40c3e 100644 --- a/actions/login.php +++ b/actions/login.php @@ -22,6 +22,7 @@ * @category Login * @package StatusNet * @author Evan Prodromou + * @author Sarven Capadisli * @copyright 2008-2009 StatusNet, Inc. * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://status.net/ @@ -37,6 +38,7 @@ if (!defined('STATUSNET') && !defined('LACONICA')) { * @category Personal * @package StatusNet * @author Evan Prodromou + * @author Sarven Capadisli * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://status.net/ */ @@ -162,6 +164,12 @@ class LoginAction extends Action $this->showPage(); } + function showScripts() + { + parent::showScripts(); + $this->autofocus('nickname'); + } + /** * Title of the page * diff --git a/actions/noticesearch.php b/actions/noticesearch.php index 1188e7e10..1cd987df3 100644 --- a/actions/noticesearch.php +++ b/actions/noticesearch.php @@ -137,6 +137,12 @@ class NoticesearchAction extends SearchAction $this->pagination($page > 1, $cnt > NOTICES_PER_PAGE, $page, 'noticesearch', array('q' => $q)); } + + function showScripts() + { + parent::showScripts(); + $this->autofocus('q'); + } } class SearchNoticeList extends NoticeList { diff --git a/actions/openidlogin.php b/actions/openidlogin.php index 4b5338694..9b7deefb6 100644 --- a/actions/openidlogin.php +++ b/actions/openidlogin.php @@ -86,6 +86,12 @@ class OpenidloginAction extends Action } } + function showScripts() + { + parent::showScripts(); + $this->autofocus('openid_url'); + } + function title() { return _('OpenID Login'); diff --git a/actions/openidsettings.php b/actions/openidsettings.php index 13da64a4f..30725fc1b 100644 --- a/actions/openidsettings.php +++ b/actions/openidsettings.php @@ -72,6 +72,12 @@ class OpenidsettingsAction extends AccountSettingsAction ' Manage your associated OpenIDs from here.'); } + function showScripts() + { + parent::showScripts(); + $this->autofocus('openid_url'); + } + /** * Show the form for OpenID management * diff --git a/actions/othersettings.php b/actions/othersettings.php index 8b674161a..f898e2207 100644 --- a/actions/othersettings.php +++ b/actions/othersettings.php @@ -71,6 +71,12 @@ class OthersettingsAction extends AccountSettingsAction return _('Manage various other options.'); } + function showScripts() + { + parent::showScripts(); + $this->autofocus('urlshorteningservice'); + } + /** * Content area of the page * diff --git a/actions/passwordsettings.php b/actions/passwordsettings.php index ec842600f..cd4beac3f 100644 --- a/actions/passwordsettings.php +++ b/actions/passwordsettings.php @@ -69,6 +69,12 @@ class PasswordsettingsAction extends AccountSettingsAction return _('Change your password.'); } + function showScripts() + { + parent::showScripts(); + $this->autofocus('oldpassword'); + } + /** * Content area of the page * diff --git a/actions/peoplesearch.php b/actions/peoplesearch.php index ba0f71e39..38135ecbd 100644 --- a/actions/peoplesearch.php +++ b/actions/peoplesearch.php @@ -85,6 +85,12 @@ class PeoplesearchAction extends SearchAction $profile->free(); } } + + function showScripts() + { + parent::showScripts(); + $this->autofocus('q'); + } } /** diff --git a/actions/profilesettings.php b/actions/profilesettings.php index f9c16351d..2d66e9946 100644 --- a/actions/profilesettings.php +++ b/actions/profilesettings.php @@ -23,6 +23,7 @@ * @package StatusNet * @author Evan Prodromou * @author Zach Copley + * @author Sarven Capadisli * @copyright 2008-2009 StatusNet, Inc. * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://status.net/ @@ -41,6 +42,7 @@ require_once INSTALLDIR.'/lib/accountsettingsaction.php'; * @package StatusNet * @author Evan Prodromou * @author Zach Copley + * @author Sarven Capadisli * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://status.net/ */ @@ -70,6 +72,12 @@ class ProfilesettingsAction extends AccountSettingsAction 'so people know more about you.'); } + function showScripts() + { + parent::showScripts(); + $this->autofocus('nickname'); + } + /** * Content area of the page * diff --git a/actions/register.php b/actions/register.php index c431aeee3..eefbc340a 100644 --- a/actions/register.php +++ b/actions/register.php @@ -140,6 +140,12 @@ class RegisterAction extends Action } } + function showScripts() + { + parent::showScripts(); + $this->autofocus('nickname'); + } + /** * Try to register a user * diff --git a/actions/smssettings.php b/actions/smssettings.php index b956cceba..672abcef8 100644 --- a/actions/smssettings.php +++ b/actions/smssettings.php @@ -69,6 +69,12 @@ class SmssettingsAction extends ConnectSettingsAction return _('You can receive SMS messages through email from %%site.name%%.'); } + function showScripts() + { + parent::showScripts(); + $this->autofocus('sms'); + } + /** * Content area of the page * diff --git a/actions/subscriptions.php b/actions/subscriptions.php index b1c668228..cc7b38ee4 100644 --- a/actions/subscriptions.php +++ b/actions/subscriptions.php @@ -107,6 +107,12 @@ class SubscriptionsAction extends GalleryAction array('nickname' => $this->user->nickname)); } + function showScripts() + { + parent::showScripts(); + $this->autofocus('tag'); + } + function showEmptyListMessage() { if (common_logged_in()) { diff --git a/lib/designsettings.php b/lib/designsettings.php index fe4222597..fdc05562e 100644 --- a/lib/designsettings.php +++ b/lib/designsettings.php @@ -327,6 +327,8 @@ class DesignSettingsAction extends AccountSettingsAction $this->script('js/farbtastic/farbtastic.js'); $this->script('js/farbtastic/farbtastic.go.js'); $this->script('js/userdesign.go.js'); + + $this->autofocus('design_background-image_file'); } /** diff --git a/lib/htmloutputter.php b/lib/htmloutputter.php index 8ad7dc20f..aa01f6b1d 100644 --- a/lib/htmloutputter.php +++ b/lib/htmloutputter.php @@ -412,4 +412,29 @@ class HTMLOutputter extends XMLOutputter $this->element('p', 'form_guide', $instructions); } } + + + /** + * Internal script to autofocus the given element on page onload. + * + * @param string $id element ID, must refer to an existing element + * + * @return void + * + */ + function autofocus($id) + { + $this->elementStart('script', array('type' => 'text/javascript')); + $this->raw(' + + '); + $this->elementEnd('script'); + } } -- cgit v1.2.3-54-g00ecf From 6020d85191bdd838acbeb40ab17035e378b0aee1 Mon Sep 17 00:00:00 2001 From: Craig Andrews Date: Mon, 7 Sep 2009 22:36:01 -0400 Subject: Don't "hightlight" search terms (by surrounding them in $term) when the term appears in an HTML attribute Fixes http://status.net/trac/ticket/1852 --- actions/noticesearch.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'actions') diff --git a/actions/noticesearch.php b/actions/noticesearch.php index 1cd987df3..69dcd1a46 100644 --- a/actions/noticesearch.php +++ b/actions/noticesearch.php @@ -198,7 +198,7 @@ class SearchNoticeListItem extends NoticeListItem { $result = preg_replace($pattern, '\\1', $text); /* Remove highlighting from inside links, loop incase multiple highlights in links */ - $pattern = '/(href="[^"]*)('.$options.')<\/strong>([^"]*")/iU'; + $pattern = '/(\w+="[^"]*)('.$options.')<\/strong>([^"]*")/iU'; do { $result = preg_replace($pattern, '\\1\\2\\3', $result, -1, $count); } while ($count); -- cgit v1.2.3-54-g00ecf From 84da24aba41b459ad8b2735328e257275c0f6136 Mon Sep 17 00:00:00 2001 From: Brenda Wallace Date: Sun, 13 Sep 2009 21:27:34 +1200 Subject: cleaned up code style --- actions/all.php | 82 ++++++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 58 insertions(+), 24 deletions(-) (limited to 'actions') diff --git a/actions/all.php b/actions/all.php index 29a19afb6..e56e10c21 100644 --- a/actions/all.php +++ b/actions/all.php @@ -1,5 +1,5 @@ . + * + * @category Actions + * @package Actions + * @author Evan Prodromou + * @author Evan Prodromou + * @author Mike Cochrane + * @author Robin Millette + * @author Adrian Lang + * @author Meitar Moscovitz + * @author Sarven Capadisli + * @author Craig Andrews + * @author Evan Prodromou + * @author Evan Prodromou + * @author Jeffery To + * @author Zach Copley + * @author csarven + * @license GNU Affero General Public License http://www.gnu.org/licenses/ + * @link http://status.net */ -if (!defined('STATUSNET') && !defined('LACONICA')) { exit(1); } +if (!defined('STATUSNET') && !defined('LACONICA')) { + exit(1); +} require_once INSTALLDIR.'/lib/personalgroupnav.php'; require_once INSTALLDIR.'/lib/noticelist.php'; @@ -43,8 +63,8 @@ class AllAction extends ProfileAction $this->notice = $this->user->noticesWithFriends(($this->page-1)*NOTICES_PER_PAGE, NOTICES_PER_PAGE + 1); } - if($this->page > 1 && $this->notice->N == 0){ - $this->serverError(_('No such page'),$code=404); + if ($this->page > 1 && $this->notice->N == 0) { + $this->serverError(_('No such page'), $code = 404); } return true; @@ -73,20 +93,33 @@ class AllAction extends ProfileAction function getFeeds() { - return array(new Feed(Feed::RSS1, - common_local_url('allrss', array('nickname' => - $this->user->nickname)), - sprintf(_('Feed for friends of %s (RSS 1.0)'), $this->user->nickname)), - new Feed(Feed::RSS2, - common_local_url('api', array('apiaction' => 'statuses', - 'method' => 'friends_timeline', - 'argument' => $this->user->nickname.'.rss')), - sprintf(_('Feed for friends of %s (RSS 2.0)'), $this->user->nickname)), - new Feed(Feed::ATOM, - common_local_url('api', array('apiaction' => 'statuses', - 'method' => 'friends_timeline', - 'argument' => $this->user->nickname.'.atom')), - sprintf(_('Feed for friends of %s (Atom)'), $this->user->nickname))); + return array( + new Feed(Feed::RSS1, + common_local_url( + 'allrss', array( + 'nickname' => + $this->user->nickname) + ), + sprintf(_('Feed for friends of %s (RSS 1.0)'), $this->user->nickname)), + new Feed(Feed::RSS2, + common_local_url( + 'api', array( + 'apiaction' => 'statuses', + 'method' => 'friends_timeline', + 'argument' => $this->user->nickname.'.rss' + ) + ), + sprintf(_('Feed for friends of %s (RSS 2.0)'), $this->user->nickname)), + new Feed(Feed::ATOM, + common_local_url( + 'api', array( + 'apiaction' => 'statuses', + 'method' => 'friends_timeline', + 'argument' => $this->user->nickname.'.atom' + ) + ), + sprintf(_('Feed for friends of %s (Atom)'), $this->user->nickname)) + ); } function showLocalNav() @@ -106,8 +139,7 @@ class AllAction extends ProfileAction } else { $message .= sprintf(_('You can try to [nudge %s](../%s) from his profile or [post something to his or her attention](%%%%action.newnotice%%%%?status_textarea=%s).'), $this->user->nickname, $this->user->nickname, '@' . $this->user->nickname); } - } - else { + } else { $message .= sprintf(_('Why not [register an account](%%%%action.register%%%%) and then nudge %s or post a notice to his or her attention.'), $this->user->nickname); } @@ -126,17 +158,19 @@ class AllAction extends ProfileAction $this->showEmptyListMessage(); } - $this->pagination($this->page > 1, $cnt > NOTICES_PER_PAGE, - $this->page, 'all', array('nickname' => $this->user->nickname)); + $this->pagination( + $this->page > 1, $cnt > NOTICES_PER_PAGE, + $this->page, 'all', array('nickname' => $this->user->nickname) + ); } function showPageTitle() { $user =& common_current_user(); if ($user && ($user->id == $this->user->id)) { - $this->element('h1', NULL, _("You and friends")); + $this->element('h1', null, _("You and friends")); } else { - $this->element('h1', NULL, sprintf(_('%s and friends'), $this->user->nickname)); + $this->element('h1', null, sprintf(_('%s and friends'), $this->user->nickname)); } } -- cgit v1.2.3-54-g00ecf From fcff85bb3610a0f2a77bfa72cf26ce8019ec0378 Mon Sep 17 00:00:00 2001 From: Brenda Wallace Date: Sun, 13 Sep 2009 21:55:45 +1200 Subject: code style cleanup --- actions/api.php | 106 ++++++++++++++++++++++++++++++++------------------------ 1 file changed, 61 insertions(+), 45 deletions(-) (limited to 'actions') diff --git a/actions/api.php b/actions/api.php index c236378bc..9b5f54807 100644 --- a/actions/api.php +++ b/actions/api.php @@ -1,5 +1,5 @@ . + * + * @category Actions + * @package Actions + * @author Evan Prodromou + * @author Evan Prodromou + * @author Brenda Wallace + * @author Jeffery To + * @author Robin Millette + * @author Tom Adams + * @author Christopher Vollick + * @author CiaranG + * @author Craig Andrews + * @author Evan Prodromou + * @author Evan Prodromou + * @author Gina Haeussge + * @author Mike Cochrane + * @author Sarven Capadisli + * @license GNU Affero General Public License http://www.gnu.org/licenses/ + * @link http://status.net */ -if (!defined('STATUSNET') && !defined('LACONICA')) { exit(1); } +if (!defined('STATUSNET') && !defined('LACONICA')) { + exit(1); +} class ApiAction extends Action { @@ -37,7 +58,7 @@ class ApiAction extends Action $this->api_action = $this->arg('apiaction'); $method = $this->arg('method'); $argument = $this->arg('argument'); - $this->basic_auth_process_header(); + $this->basic_auth_process_header(); if (isset($argument)) { $cmdext = explode('.', $argument); @@ -46,7 +67,7 @@ class ApiAction extends Action $this->content_type = strtolower($cmdext[1]); } else { - # Requested format / content-type will be an extension on the method + //Requested format / content-type will be an extension on the method $cmdext = explode('.', $method); $this->api_method = $cmdext[0]; $this->content_type = strtolower($cmdext[1]); @@ -55,10 +76,10 @@ class ApiAction extends Action if ($this->requires_auth()) { if (!isset($this->auth_user)) { - # This header makes basic auth go + //This header makes basic auth go header('WWW-Authenticate: Basic realm="StatusNet API"'); - # If the user hits cancel -- bam! + //If the user hits cancel -- bam! $this->show_basic_auth_error(); } else { $nickname = $this->auth_user; @@ -69,7 +90,7 @@ class ApiAction extends Action $this->user = $user; $this->process_command(); } else { - # basic authentication failed + //basic authentication failed list($proxy, $ip) = common_client_ip(); common_log(LOG_WARNING, "Failed API auth attempt, nickname = $nickname, proxy = $proxy, ip = $ip."); @@ -84,7 +105,7 @@ class ApiAction extends Action if ($user) { $this->user = $user; } - # Twitter doesn't throw an error if the user isn't found + //Twitter doesn't throw an error if the user isn't found } $this->process_command(); @@ -97,7 +118,7 @@ class ApiAction extends Action $actionfile = INSTALLDIR."/actions/$action.php"; if (file_exists($actionfile)) { - require_once($actionfile); + include_once $actionfile; $action_class = ucfirst($action)."Action"; $action_obj = new $action_class(); @@ -113,10 +134,10 @@ class ApiAction extends Action call_user_func(array($action_obj, $this->api_method), $_REQUEST, $apidata); } else { - $this->clientError("API method not found!", $code=404); + $this->clientError("API method not found!", $code = 404); } } else { - $this->clientError("API method not found!", $code=404); + $this->clientError("API method not found!", $code = 404); } } @@ -184,10 +205,11 @@ class ApiAction extends Action $user_id = $this->arg('user_id'); $screen_name = $this->arg('screen_name'); - if (empty($this->api_arg) && - empty($id) && - empty($user_id) && - empty($screen_name)) { + if (empty($this->api_arg) + && empty($id) + && empty($user_id) + && empty($screen_name) + ) { return true; } else { return false; @@ -208,35 +230,29 @@ class ApiAction extends Action function basic_auth_process_header() { - if(isset($_SERVER['AUTHORIZATION']) || isset($_SERVER['HTTP_AUTHORIZATION'])) - { - $authorization_header = isset($_SERVER['HTTP_AUTHORIZATION'])?$_SERVER['HTTP_AUTHORIZATION']:$_SERVER['AUTHORIZATION']; - } - - if(isset($_SERVER['PHP_AUTH_USER'])) - { - $this->auth_user = $_SERVER['PHP_AUTH_USER']; - $this->auth_pw = $_SERVER['PHP_AUTH_PW']; - } - elseif ( isset($authorization_header) && strstr(substr($authorization_header, 0,5),'Basic') ) - { - // decode the HTTP_AUTHORIZATION header on php-cgi server self - // on fcgid server the header name is AUTHORIZATION - - $auth_hash = base64_decode( substr($authorization_header, 6) ); - list($this->auth_user, $this->auth_pw) = explode(':', $auth_hash); - - // set all to NULL on a empty basic auth request - if($this->auth_user == "") { - $this->auth_user = NULL; - $this->auth_pw = NULL; - } - } - else - { - $this->auth_user = NULL; - $this->auth_pw = NULL; - } + if (isset($_SERVER['AUTHORIZATION']) || isset($_SERVER['HTTP_AUTHORIZATION'])) { + $authorization_header = isset($_SERVER['HTTP_AUTHORIZATION'])? $_SERVER['HTTP_AUTHORIZATION'] : $_SERVER['AUTHORIZATION']; + } + + if (isset($_SERVER['PHP_AUTH_USER'])) { + $this->auth_user = $_SERVER['PHP_AUTH_USER']; + $this->auth_pw = $_SERVER['PHP_AUTH_PW']; + } elseif (isset($authorization_header) && strstr(substr($authorization_header, 0, 5), 'Basic')) { + // decode the HTTP_AUTHORIZATION header on php-cgi server self + // on fcgid server the header name is AUTHORIZATION + + $auth_hash = base64_decode(substr($authorization_header, 6)); + list($this->auth_user, $this->auth_pw) = explode(':', $auth_hash); + + // set all to null on a empty basic auth request + if ($this->auth_user == "") { + $this->auth_user = null; + $this->auth_pw = null; + } + } else { + $this->auth_user = null; + $this->auth_pw = null; + } } function show_basic_auth_error() @@ -252,7 +268,7 @@ class ApiAction extends Action $this->element('request', null, $_SERVER['REQUEST_URI']); $this->elementEnd('hash'); $this->endXML(); - } else if ($this->content_type == 'json') { + } else if ($this->content_type == 'json') { header('Content-Type: application/json; charset=utf-8'); $error_array = array('error' => $msg, 'request' => $_SERVER['REQUEST_URI']); print(json_encode($error_array)); -- cgit v1.2.3-54-g00ecf From 4081ed79b02fd06f7c347803478e1f835311c2ab Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Tue, 15 Sep 2009 12:59:32 -0700 Subject: Make it impossible to delete self-subscriptions via the API --- actions/twitapifriendships.php | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'actions') diff --git a/actions/twitapifriendships.php b/actions/twitapifriendships.php index f2ea46910..eea8945c3 100644 --- a/actions/twitapifriendships.php +++ b/actions/twitapifriendships.php @@ -99,6 +99,12 @@ class TwitapifriendshipsAction extends TwitterapiAction $other = $this->get_profile($id); $user = $apidata['user']; // Alwyas the auth user + if ($user->id == $other->id) { + $this->clientError(_("You cannot unfollow yourself!"), + 403, $apidata['content-type']); + return; + } + $sub = new Subscription(); $sub->subscriber = $user->id; $sub->subscribed = $other->id; -- cgit v1.2.3-54-g00ecf From 6f531745ca21e7b5460be90890c55b1934a45f15 Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Tue, 15 Sep 2009 22:28:59 -0400 Subject: change all evans to evan@status.net --- actions/all.php | 6 +++--- actions/api.php | 6 +++--- actions/finishremotesubscribe.php | 2 +- actions/updateprofile.php | 2 +- index.php | 6 +++--- install.php | 2 +- lib/httpclient.php | 6 +++--- 7 files changed, 15 insertions(+), 15 deletions(-) (limited to 'actions') diff --git a/actions/all.php b/actions/all.php index e56e10c21..5ffc7e9bd 100644 --- a/actions/all.php +++ b/actions/all.php @@ -18,15 +18,15 @@ * * @category Actions * @package Actions - * @author Evan Prodromou - * @author Evan Prodromou + * @author Evan Prodromou + * @author Evan Prodromou * @author Mike Cochrane * @author Robin Millette * @author Adrian Lang * @author Meitar Moscovitz * @author Sarven Capadisli * @author Craig Andrews - * @author Evan Prodromou + * @author Evan Prodromou * @author Evan Prodromou * @author Jeffery To * @author Zach Copley diff --git a/actions/api.php b/actions/api.php index 9b5f54807..06fdbfb44 100644 --- a/actions/api.php +++ b/actions/api.php @@ -18,8 +18,8 @@ * * @category Actions * @package Actions - * @author Evan Prodromou - * @author Evan Prodromou + * @author Evan Prodromou + * @author Evan Prodromou * @author Brenda Wallace * @author Jeffery To * @author Robin Millette @@ -27,7 +27,7 @@ * @author Christopher Vollick * @author CiaranG * @author Craig Andrews - * @author Evan Prodromou + * @author Evan Prodromou * @author Evan Prodromou * @author Gina Haeussge * @author Mike Cochrane diff --git a/actions/finishremotesubscribe.php b/actions/finishremotesubscribe.php index 44abbfceb..5f6807d10 100644 --- a/actions/finishremotesubscribe.php +++ b/actions/finishremotesubscribe.php @@ -41,7 +41,7 @@ require_once INSTALLDIR.'/lib/omb.php'; * * @category Action * @package Laconica - * @author Evan Prodromou + * @author Evan Prodromou * @author Robin Millette * @license http://www.fsf.org/licensing/licenses/agpl.html AGPLv3 * @link http://laconi.ca/ diff --git a/actions/updateprofile.php b/actions/updateprofile.php index 7f7dd75fe..d9cc7f7f3 100644 --- a/actions/updateprofile.php +++ b/actions/updateprofile.php @@ -38,7 +38,7 @@ require_once INSTALLDIR.'/extlib/libomb/service_provider.php'; * * @category Action * @package Laconica - * @author Evan Prodromou + * @author Evan Prodromou * @author Robin Millette * @license http://www.fsf.org/licensing/licenses/agpl.html AGPLv3 * @link http://laconi.ca/ diff --git a/index.php b/index.php index a1d983dce..4e6c09379 100644 --- a/index.php +++ b/index.php @@ -23,9 +23,9 @@ * @author Christopher Vollick * @author CiaranG * @author Craig Andrews - * @author Evan Prodromou - * @author Evan Prodromou - * @author Evan Prodromou + * @author Evan Prodromou + * @author Evan Prodromou + * @author Evan Prodromou * @author Evan Prodromou * @author Gina Haeussge * @author Jeffery To diff --git a/install.php b/install.php index 54ae0cd5e..24ad3eb24 100644 --- a/install.php +++ b/install.php @@ -26,7 +26,7 @@ * @author CiaranG * @author Craig Andrews * @author Eric Helgeson - * @author Evan Prodromou + * @author Evan Prodromou * @author Evan Prodromou * @author Robin Millette * @author Sarven Capadisli diff --git a/lib/httpclient.php b/lib/httpclient.php index 9b0bb6f3a..005971153 100644 --- a/lib/httpclient.php +++ b/lib/httpclient.php @@ -21,7 +21,7 @@ * * @category Action * @package Laconica - * @author Evan Prodromou + * @author Evan Prodromou * @copyright 2009 Control Yourself, Inc. * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://laconi.ca/ @@ -40,7 +40,7 @@ if (!defined('STATUSNET')) { * * @category HTTP * @package Laconica - * @author Evan Prodromou + * @author Evan Prodromou * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://laconi.ca/ */ @@ -61,7 +61,7 @@ class HTTPResponse * * @category HTTP * @package Laconica - * @author Evan Prodromou + * @author Evan Prodromou * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://laconi.ca/ */ -- cgit v1.2.3-54-g00ecf From 1618d515e6d96c8c0458295282de89dfae790e00 Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Tue, 15 Sep 2009 22:30:52 -0400 Subject: dedupe evans --- actions/all.php | 9 +++------ actions/api.php | 15 ++++++--------- index.php | 21 +++++++++------------ install.php | 1 - 4 files changed, 18 insertions(+), 28 deletions(-) (limited to 'actions') diff --git a/actions/all.php b/actions/all.php index 5ffc7e9bd..22da3cd68 100644 --- a/actions/all.php +++ b/actions/all.php @@ -15,19 +15,16 @@ * * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . - * + * * @category Actions * @package Actions * @author Evan Prodromou - * @author Evan Prodromou * @author Mike Cochrane * @author Robin Millette * @author Adrian Lang * @author Meitar Moscovitz * @author Sarven Capadisli * @author Craig Andrews - * @author Evan Prodromou - * @author Evan Prodromou * @author Jeffery To * @author Zach Copley * @author csarven @@ -35,8 +32,8 @@ * @link http://status.net */ -if (!defined('STATUSNET') && !defined('LACONICA')) { - exit(1); +if (!defined('STATUSNET') && !defined('LACONICA')) { + exit(1); } require_once INSTALLDIR.'/lib/personalgroupnav.php'; diff --git a/actions/api.php b/actions/api.php index 06fdbfb44..243ae4c62 100644 --- a/actions/api.php +++ b/actions/api.php @@ -15,11 +15,10 @@ * * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . - * + * * @category Actions * @package Actions * @author Evan Prodromou - * @author Evan Prodromou * @author Brenda Wallace * @author Jeffery To * @author Robin Millette @@ -27,8 +26,6 @@ * @author Christopher Vollick * @author CiaranG * @author Craig Andrews - * @author Evan Prodromou - * @author Evan Prodromou * @author Gina Haeussge * @author Mike Cochrane * @author Sarven Capadisli @@ -36,8 +33,8 @@ * @link http://status.net */ -if (!defined('STATUSNET') && !defined('LACONICA')) { - exit(1); +if (!defined('STATUSNET') && !defined('LACONICA')) { + exit(1); } class ApiAction extends Action @@ -205,9 +202,9 @@ class ApiAction extends Action $user_id = $this->arg('user_id'); $screen_name = $this->arg('screen_name'); - if (empty($this->api_arg) - && empty($id) - && empty($user_id) + if (empty($this->api_arg) + && empty($id) + && empty($user_id) && empty($screen_name) ) { return true; diff --git a/index.php b/index.php index 4e6c09379..fb3758590 100644 --- a/index.php +++ b/index.php @@ -15,23 +15,20 @@ * * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . - * + * * @category StatusNet * @package StatusNet * @license GNU Affero General Public License http://www.gnu.org/licenses/ - * @author Brenda Wallace - * @author Christopher Vollick + * @author Brenda Wallace + * @author Christopher Vollick * @author CiaranG - * @author Craig Andrews - * @author Evan Prodromou - * @author Evan Prodromou - * @author Evan Prodromou + * @author Craig Andrews * @author Evan Prodromou - * @author Gina Haeussge + * @author Gina Haeussge * @author Jeffery To * @author Mike Cochrane * @author Robin Millette - * @author Sarven Capadisli + * @author Sarven Capadisli * @author Tom Adams */ @@ -74,7 +71,7 @@ function handleError($error) common_log(LOG_ERR, $line); } } - if ($error instanceof DB_DataObject_Error + if ($error instanceof DB_DataObject_Error || $error instanceof DB_Error ) { $msg = sprintf( @@ -227,8 +224,8 @@ function main() // If the site is private, and they're not on one of the "public" // parts of the site, redirect to login - if (!$user && common_config('site', 'private') - && !isLoginAction($action) + if (!$user && common_config('site', 'private') + && !isLoginAction($action) && !preg_match('/rss$/', $action) ) { common_redirect(common_local_url('login')); diff --git a/install.php b/install.php index 24ad3eb24..4398757de 100644 --- a/install.php +++ b/install.php @@ -27,7 +27,6 @@ * @author Craig Andrews * @author Eric Helgeson * @author Evan Prodromou - * @author Evan Prodromou * @author Robin Millette * @author Sarven Capadisli * @author Tom Adams -- cgit v1.2.3-54-g00ecf From 83b09164573ede90d87a7038a56f651a5f82b9f1 Mon Sep 17 00:00:00 2001 From: Sarven Capadisli Date: Wed, 16 Sep 2009 11:14:26 +0200 Subject: Updated csarven emails to csarven@status.net and removed dupes --- actions/all.php | 3 +-- actions/api.php | 2 +- index.php | 2 +- install.php | 2 +- theme/readme.txt | 2 +- 5 files changed, 5 insertions(+), 6 deletions(-) (limited to 'actions') diff --git a/actions/all.php b/actions/all.php index 22da3cd68..f1786462e 100644 --- a/actions/all.php +++ b/actions/all.php @@ -23,11 +23,10 @@ * @author Robin Millette * @author Adrian Lang * @author Meitar Moscovitz - * @author Sarven Capadisli + * @author Sarven Capadisli * @author Craig Andrews * @author Jeffery To * @author Zach Copley - * @author csarven * @license GNU Affero General Public License http://www.gnu.org/licenses/ * @link http://status.net */ diff --git a/actions/api.php b/actions/api.php index 243ae4c62..d570bb017 100644 --- a/actions/api.php +++ b/actions/api.php @@ -28,7 +28,7 @@ * @author Craig Andrews * @author Gina Haeussge * @author Mike Cochrane - * @author Sarven Capadisli + * @author Sarven Capadisli * @license GNU Affero General Public License http://www.gnu.org/licenses/ * @link http://status.net */ diff --git a/index.php b/index.php index fb3758590..d5174c2b7 100644 --- a/index.php +++ b/index.php @@ -28,7 +28,7 @@ * @author Jeffery To * @author Mike Cochrane * @author Robin Millette - * @author Sarven Capadisli + * @author Sarven Capadisli * @author Tom Adams */ diff --git a/install.php b/install.php index 4398757de..81241315e 100644 --- a/install.php +++ b/install.php @@ -28,7 +28,7 @@ * @author Eric Helgeson * @author Evan Prodromou * @author Robin Millette - * @author Sarven Capadisli + * @author Sarven Capadisli * @author Tom Adams * @license GNU Affero General Public License http://www.gnu.org/licenses/ */ diff --git a/theme/readme.txt b/theme/readme.txt index 151b1fb71..d030f2db4 100644 --- a/theme/readme.txt +++ b/theme/readme.txt @@ -1,7 +1,7 @@ /** Howto: create a statusnet theme * * @package StatusNet - * @author Sarven Capadisli + * @author Sarven Capadisli * @copyright 2009 Control Yourself, Inc. * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://laconi.ca/ -- cgit v1.2.3-54-g00ecf