From 31325f0995bb61413b07f166d253b13fb27d085d Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Tue, 23 Jun 2009 13:51:23 -0700 Subject: Stop Twitter gateway notices from leaking via user faves pages --- actions/showfavorites.php | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) (limited to 'actions') diff --git a/actions/showfavorites.php b/actions/showfavorites.php index 01f38a892..b723924a5 100644 --- a/actions/showfavorites.php +++ b/actions/showfavorites.php @@ -191,10 +191,21 @@ class ShowfavoritesAction extends CurrentUserDesignAction function showContent() { - $notice = $this->user->favoriteNotices(($this->page-1)*NOTICES_PER_PAGE, - NOTICES_PER_PAGE + 1); + $cur = common_current_user(); - if (!$notice) { + if (!empty($cur) && $cur->id == $this->user->id) { + + // Show imported/gateway notices as well as local if + // the user is looking at his own favorites + + $notice = $this->user->favoriteNotices(($this->page-1)*NOTICES_PER_PAGE, + NOTICES_PER_PAGE + 1, true); + } else { + $notice = $this->user->favoriteNotices(($this->page-1)*NOTICES_PER_PAGE, + NOTICES_PER_PAGE + 1, false); + } + + if (empty($notice)) { $this->serverError(_('Could not retrieve favorite notices.')); return; } -- cgit v1.2.3-54-g00ecf From 57903bf2acafdc4d15bb9af4fba183b37ec47efe Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Tue, 23 Jun 2009 15:53:49 -0700 Subject: Make gateway notices available to the auth user in the API --- actions/twitapifavorites.php | 6 +++++- actions/twitapistatuses.php | 13 ++++++++++--- 2 files changed, 15 insertions(+), 4 deletions(-) (limited to 'actions') diff --git a/actions/twitapifavorites.php b/actions/twitapifavorites.php index e40fea91a..8256668f3 100644 --- a/actions/twitapifavorites.php +++ b/actions/twitapifavorites.php @@ -61,7 +61,11 @@ class TwitapifavoritesAction extends TwitterapiAction $since_id = (int)$this->arg('since_id', 0); $since = $this->arg('since'); - $notice = $user->favoriteNotices(($page-1)*$count, $count); + if (!empty($this->auth_user) && $this->auth_user->id == $user->id) { + $notice = $user->favoriteNotices(($page-1)*$count, $count, true); + } else { + $notice = $user->favoriteNotices(($page-1)*$count, $count, false); + } switch($apidata['content-type']) { case 'xml': diff --git a/actions/twitapistatuses.php b/actions/twitapistatuses.php index 2bc404063..e1fbc5c76 100644 --- a/actions/twitapistatuses.php +++ b/actions/twitapistatuses.php @@ -75,8 +75,10 @@ class TwitapistatusesAction extends TwitterapiAction { parent::handle($args); + $this->auth_user = $apidata['user']; $user = $this->get_user($apidata['api_arg'], $apidata); - $this->auth_user = $user; + + common_debug("auth user = " . $this->auth_user->nickname); if (empty($user)) { $this->clientError(_('No such user!'), 404, @@ -100,8 +102,13 @@ class TwitapistatusesAction extends TwitterapiAction $since_id = (int)$this->arg('since_id', 0); $since = $this->arg('since'); - $notice = $user->noticesWithFriends(($page-1)*$count, - $count, $since_id, $max_id,$since); + if (!empty($this->auth_user) && $this->auth_user->id == $user->id) { + $notice = $user->noticeInbox(($page-1)*$count, + $count, $since_id, $max_id, $since); + } else { + $notice = $user->noticesWithFriends(($page-1)*$count, + $count, $since_id, $max_id, $since); + } switch($apidata['content-type']) { case 'xml': -- cgit v1.2.3-54-g00ecf From 98f518b9af43dd07b97373e6e71be08d553bb21b Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Wed, 24 Jun 2009 00:00:36 -0700 Subject: fix bug in which design background could accidentally get removed --- actions/groupdesignsettings.php | 2 -- actions/userdesignsettings.php | 2 -- 2 files changed, 4 deletions(-) (limited to 'actions') diff --git a/actions/groupdesignsettings.php b/actions/groupdesignsettings.php index 7270bc8f7..79c192ac4 100644 --- a/actions/groupdesignsettings.php +++ b/actions/groupdesignsettings.php @@ -238,7 +238,6 @@ class GroupDesignSettingsAction extends DesignSettingsAction $design->sidebarcolor = $sbcolor->intValue(); $design->textcolor = $tcolor->intValue(); $design->linkcolor = $lcolor->intValue(); - $design->backgroundimage = $filepath; $design->setDisposition($on, $off, $tile); @@ -263,7 +262,6 @@ class GroupDesignSettingsAction extends DesignSettingsAction $design->sidebarcolor = $sbcolor->intValue(); $design->textcolor = $tcolor->intValue(); $design->linkcolor = $lcolor->intValue(); - $design->backgroundimage = $filepath; $design->setDisposition($on, $off, $tile); diff --git a/actions/userdesignsettings.php b/actions/userdesignsettings.php index d6088aa9d..6e745e96f 100644 --- a/actions/userdesignsettings.php +++ b/actions/userdesignsettings.php @@ -149,7 +149,6 @@ class UserDesignSettingsAction extends DesignSettingsAction $design->sidebarcolor = $sbcolor->intValue(); $design->textcolor = $tcolor->intValue(); $design->linkcolor = $lcolor->intValue(); - $design->backgroundimage = $filepath; $design->setDisposition($on, $off, $tile); @@ -174,7 +173,6 @@ class UserDesignSettingsAction extends DesignSettingsAction $design->sidebarcolor = $sbcolor->intValue(); $design->textcolor = $tcolor->intValue(); $design->linkcolor = $lcolor->intValue(); - $design->backgroundimage = $filepath; $design->setDisposition($on, $off, $tile); -- cgit v1.2.3-54-g00ecf From e3c5d1664f8049b85198cf5c43957a237cb29bcf Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Wed, 24 Jun 2009 16:10:28 -0700 Subject: Take out noisy debugging statement --- actions/twitapistatuses.php | 2 -- 1 file changed, 2 deletions(-) (limited to 'actions') diff --git a/actions/twitapistatuses.php b/actions/twitapistatuses.php index e1fbc5c76..555c746cb 100644 --- a/actions/twitapistatuses.php +++ b/actions/twitapistatuses.php @@ -78,8 +78,6 @@ class TwitapistatusesAction extends TwitterapiAction $this->auth_user = $apidata['user']; $user = $this->get_user($apidata['api_arg'], $apidata); - common_debug("auth user = " . $this->auth_user->nickname); - if (empty($user)) { $this->clientError(_('No such user!'), 404, $apidata['content-type']); -- cgit v1.2.3-54-g00ecf From 3ca9e85ce4f0db7f160f9a8e989bec898bfbbf55 Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Thu, 25 Jun 2009 09:43:30 -0700 Subject: update conversations to use newer query format --- actions/conversation.php | 12 ++--------- classes/Notice.php | 53 +++++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 54 insertions(+), 11 deletions(-) (limited to 'actions') diff --git a/actions/conversation.php b/actions/conversation.php index d3fc5b6a9..654a670f5 100644 --- a/actions/conversation.php +++ b/actions/conversation.php @@ -63,6 +63,7 @@ class ConversationAction extends Action if (empty($this->id)) { return false; } + $this->id = $this->id+0; $this->page = $this->trimmed('page'); if (empty($this->page)) { $this->page = 1; @@ -106,18 +107,10 @@ class ConversationAction extends Action function showContent() { - // FIXME this needs to be a tree, not a list - - $qry = 'SELECT * FROM notice WHERE conversation = %s '; - $offset = ($this->page-1) * NOTICES_PER_PAGE; $limit = NOTICES_PER_PAGE + 1; - $txt = sprintf($qry, $this->id); - - $notices = Notice::getStream($txt, - 'notice:conversation:'.$this->id, - $offset, $limit); + $notices = Notice::conversationStream($this->id, $offset, $limit); $ct = new ConversationTree($notices, $this); @@ -126,7 +119,6 @@ class ConversationAction extends Action $this->pagination($this->page > 1, $cnt > NOTICES_PER_PAGE, $this->page, 'conversation', array('id' => $this->id)); } - } /** diff --git a/classes/Notice.php b/classes/Notice.php index 59ffef91a..44179b254 100644 --- a/classes/Notice.php +++ b/classes/Notice.php @@ -346,7 +346,7 @@ class Notice extends Memcached_DataObject { $cache = common_memcache(); if ($cache) { - $ck = 'notice:conversation:'.$this->conversation; + $ck = 'notice:conversation_ids:'.$this->conversation; $cache->delete($ck); if ($blowLast) { $cache->delete($ck.';last'); @@ -762,6 +762,57 @@ class Notice extends Memcached_DataObject return $ids; } + function conversationStream($id, $offset=0, $limit=20, $since_id=0, $max_id=0, $since=null) + { + $ids = Notice::stream(array('Notice', '_conversationStreamDirect'), + array($id), + 'notice:conversation_ids:'.$id, + $offset, $limit, $since_id, $max_id, $since); + + return Notice::getStreamByIds($ids); + } + + function _conversationStreamDirect($id, $offset=0, $limit=20, $since_id=0, $max_id=0, $since=null) + { + $notice = new Notice(); + + $notice->selectAdd(); // clears it + $notice->selectAdd('id'); + + $notice->whereAdd('conversation = '.$id); + + $notice->orderBy('id DESC'); + + if (!is_null($offset)) { + $notice->limit($offset, $limit); + } + + if ($since_id != 0) { + $notice->whereAdd('id > ' . $since_id); + } + + if ($max_id != 0) { + $notice->whereAdd('id <= ' . $max_id); + } + + if (!is_null($since)) { + $notice->whereAdd('created > \'' . date('Y-m-d H:i:s', $since) . '\''); + } + + $ids = array(); + + if ($notice->find()) { + while ($notice->fetch()) { + $ids[] = $notice->id; + } + } + + $notice->free(); + $notice = NULL; + + return $ids; + } + function addToInboxes() { $enabled = common_config('inboxes', 'enabled'); -- cgit v1.2.3-54-g00ecf From 4d56bc6a0adba63c5546d5d18a70fa2c989839be Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Thu, 25 Jun 2009 11:08:32 -0700 Subject: streamline the file action --- actions/file.php | 44 ++++++++++++++++++++++++++++++++------------ classes/Notice.php | 14 ++++++++++++++ 2 files changed, 46 insertions(+), 12 deletions(-) (limited to 'actions') diff --git a/actions/file.php b/actions/file.php index bb245c4a7..271f57ab9 100644 --- a/actions/file.php +++ b/actions/file.php @@ -21,20 +21,40 @@ if (!defined('LACONICA')) { exit(1); } require_once(INSTALLDIR.'/actions/shownotice.php'); -class FileAction extends ShowNoticeAction +class FileAction extends Action { - function showPage() { - $source_url = common_local_url('file', array('notice' => $this->notice->id)); - $query = "select file_redirection.url as url from file join file_redirection on file.id = file_redirection.file_id where file.url = '$source_url'"; - $file = new File_redirection; - $file->query($query); - $file->fetch(); - if (empty($file->url)) { - die('nothing attached here'); - } else { - header("Location: {$file->url}"); - die(); + var $id = null; + var $filerec = null; + + function prepare($args) + { + parent::prepare($args); + $this->id = $this->trimmed('notice'); + if (empty($this->id)) { + $this->clientError(_('No notice id')); + } + $notice = Notice::staticGet('id', $this->id); + if (empty($notice)) { + $this->clientError(_('No notice')); + } + $atts = $notice->attachments(); + if (empty($atts)) { + $this->clientError(_('No attachments')); + } + foreach ($atts as $att) { + if (!empty($att->filename)) { + $this->filerec = $att; + break; + } } + if (empty($this->filerec)) { + $this->clientError(_('No uploaded attachments')); + } + return true; + } + + function handle() { + common_redirect($this->filerec->url); } } diff --git a/classes/Notice.php b/classes/Notice.php index 44179b254..9960d3d0a 100644 --- a/classes/Notice.php +++ b/classes/Notice.php @@ -331,6 +331,20 @@ class Notice extends Memcached_DataObject return $n_attachments; } + function attachments() { + // XXX: cache this + $att = array(); + $f2p = new File_to_post; + $f2p->post_id = $this->id; + if ($f2p->find()) { + while ($f2p->fetch()) { + $f = File::staticGet($f2p->file_id); + $att[] = clone($f); + } + } + return $att; + } + function blowCaches($blowLast=false) { $this->blowSubsCache($blowLast); -- cgit v1.2.3-54-g00ecf From 638905c270824b3c0e673ae9872937c06fbd862e Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Thu, 25 Jun 2009 11:10:34 -0700 Subject: avoid getting duplicate errors on upload --- actions/newnotice.php | 43 +++++++++++++++++++++--------------- classes/File.php | 5 +++-- classes/File_redirection.php | 52 ++++++++++++++++++-------------------------- classes/File_to_post.php | 20 ++++++++++++----- 4 files changed, 64 insertions(+), 56 deletions(-) (limited to 'actions') diff --git a/actions/newnotice.php b/actions/newnotice.php index 4a2c369f0..3677f54c2 100644 --- a/actions/newnotice.php +++ b/actions/newnotice.php @@ -236,6 +236,7 @@ class NewnoticeAction extends Action $this->deleteFile($filename); $this->clientError(_('Max notice size is 140 chars, including attachment URL.')); } + $fileRecord = $this->rememberFile($filename, $mimetype, $short_fileurl); } $notice = Notice::saveNew($user->id, $content_shortened, 'web', 1, @@ -249,7 +250,7 @@ class NewnoticeAction extends Action } if (isset($mimetype)) { - $this->attachFile($notice, $filename, $mimetype, $short_fileurl); + $this->attachFile($notice, $fileRecord); } common_broadcast_notice($notice); @@ -304,12 +305,12 @@ class NewnoticeAction extends Action @unlink($filepath); } - function attachFile($notice, $filename, $mimetype, $short) + function rememberFile($filename, $mimetype, $short) { $file = new File; $file->filename = $filename; - $file->url = common_local_url('file', array('notice' => $notice->id)); + $file->url = File::url($filename); $filepath = File::path($filename); @@ -324,28 +325,34 @@ class NewnoticeAction extends Action $this->clientError(_('There was a database error while saving your file. Please try again.')); } - $file_redir = new File_redirection; - $file_redir->url = File::url($filename); - $file_redir->file_id = $file_id; + $this->maybeAddRedir($file_id, $short); + } - $result = $file_redir->insert(); + function maybeAddRedir($file_id, $url) + { + $file_redir = File_redirection::staticGet('url', $url); - if (!$result) { - common_log_db_error($file_redir, "INSERT", __FILE__); - $this->clientError(_('There was a database error while saving your file. Please try again.')); - } + if (empty($file_redir)) { + $file_redir = new File_redirection; + $file_redir->url = $url; + $file_redir->file_id = $file_id; - $f2p = new File_to_post; - $f2p->file_id = $file_id; - $f2p->post_id = $notice->id; - $f2p->insert(); + $result = $file_redir->insert(); - if (!$result) { - common_log_db_error($f2p, "INSERT", __FILE__); - $this->clientError(_('There was a database error while saving your file. Please try again.')); + if (!$result) { + common_log_db_error($file_redir, "INSERT", __FILE__); + $this->clientError(_('There was a database error while saving your file. Please try again.')); + } } } + function attachFile($notice, $filerec) + { + File_to_post::processNew($filerec->id, $notice->id); + + $this->maybeAddRedir($filerec->id, common_local_url('file', array('notice' => $this->notice->id))); + } + /** * Show an Ajax-y error message * diff --git a/classes/File.php b/classes/File.php index b98c9e665..5dd7cd865 100644 --- a/classes/File.php +++ b/classes/File.php @@ -91,9 +91,10 @@ class File extends Memcached_DataObject $given_url = File_redirection::_canonUrl($given_url); if (empty($given_url)) return -1; // error, no url to process $file = File::staticGet('url', $given_url); - if (empty($file->id)) { + if (empty($file)) { $file_redir = File_redirection::staticGet('url', $given_url); - if (empty($file_redir->id)) { + if (empty($file_redir)) { + common_debug("processNew() '$given_url' not a known redirect.\n"); $redir_data = File_redirection::where($given_url); $redir_url = $redir_data['url']; if ($redir_url === $given_url) { diff --git a/classes/File_redirection.php b/classes/File_redirection.php index c173017e2..d6fa0bcb6 100644 --- a/classes/File_redirection.php +++ b/classes/File_redirection.php @@ -66,21 +66,17 @@ class File_redirection extends Memcached_DataObject // let's see if we know this... $a = File::staticGet('url', $short_url); - if (empty($a->id)) { + + if (!empty($a)) { + // this is a direct link to $a->url + return $a->url; + } else { $b = File_redirection::staticGet('url', $short_url); - if (empty($b->id)) { - // we'll have to figure it out - } else { + if (!empty($b)) { // this is a redirect to $b->file_id - $a = File::staticGet($b->file_id); - $url = $a->url; + $a = File::staticGet('id', $b->file_id); + return $a->url; } - } else { - // this is a direct link to $a->url - $url = $a->url; - } - if (isset($url)) { - return $url; } $curlh = File_redirection::_commonCurl($short_url, $redirs); @@ -118,28 +114,22 @@ class File_redirection extends Memcached_DataObject } function makeShort($long_url) { - $long_url = File_redirection::_canonUrl($long_url); - // do we already know this long_url and have a short redirection for it? - $file = new File; - $file_redir = new File_redirection; - $file->url = $long_url; - $file->joinAdd($file_redir); - $file->selectAdd('length(file_redirection.url) as len'); - $file->limit(1); - $file->orderBy('len'); - $file->find(true); - if (!empty($file->url) && (strlen($file->url) < strlen($long_url))) { - return $file->url; - } - // if yet unknown, we must find a short url according to user settings - $short_url = File_redirection::_userMakeShort($long_url, common_current_user()); - return $short_url; + $canon = File_redirection::_canonUrl($long_url); + + $short_url = File_redirection::_userMakeShort($canon); + + // Did we get one? Is it shorter? + if (!empty($short_url) && mb_strlen($short_url) < mb_strlen($long_url)) { + return $short_url; + } else { + return $long_url; + } } - function _userMakeShort($long_url, $user) { + function _userMakeShort($long_url) { $short_url = common_shorten_url($long_url); - if ($short_url) { + if (!empty($short_url) && $short_url != $long_url) { $short_url = (string)$short_url; // store it $file = File::staticGet('url', $long_url); @@ -162,7 +152,7 @@ class File_redirection extends Memcached_DataObject } return $short_url; } - return $long_url; + return null; } function _canonUrl($in_url, $default_scheme = 'http://') { diff --git a/classes/File_to_post.php b/classes/File_to_post.php index db0a8d216..d35febb77 100644 --- a/classes/File_to_post.php +++ b/classes/File_to_post.php @@ -25,7 +25,7 @@ require_once INSTALLDIR.'/classes/Memcached_DataObject.php'; * Table Definition for file_to_post */ -class File_to_post extends Memcached_DataObject +class File_to_post extends Memcached_DataObject { ###START_AUTOCODE /* the code below is auto generated do not remove the above tag */ @@ -44,17 +44,27 @@ class File_to_post extends Memcached_DataObject function processNew($file_id, $notice_id) { static $seen = array(); if (empty($seen[$notice_id]) || !in_array($file_id, $seen[$notice_id])) { - $f2p = new File_to_post; - $f2p->file_id = $file_id; - $f2p->post_id = $notice_id; - $f2p->insert(); + + $f2p = File_to_post::pkeyGet(array('post_id' => $notice_id, + 'file_id' => $file_id)); + if (empty($f2p)) { + $f2p = new File_to_post; + $f2p->file_id = $file_id; + $f2p->post_id = $notice_id; + $f2p->insert(); + } + if (empty($seen[$notice_id])) { $seen[$notice_id] = array($file_id); } else { $seen[$notice_id][] = $file_id; } } + } + function &pkeyGet($kv) + { + return Memcached_DataObject::pkeyGet('File_to_post', $kv); } } -- cgit v1.2.3-54-g00ecf From a7cdf32df541bf73a47f1255b3e9f0a22c4724b4 Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Thu, 25 Jun 2009 13:23:59 -0700 Subject: max public page --- actions/public.php | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'actions') diff --git a/actions/public.php b/actions/public.php index 27153f131..9851285c4 100644 --- a/actions/public.php +++ b/actions/public.php @@ -35,6 +35,10 @@ require_once INSTALLDIR.'/lib/publicgroupnav.php'; require_once INSTALLDIR.'/lib/noticelist.php'; require_once INSTALLDIR.'/lib/feedlist.php'; +// Farther than any human will go + +define('MAX_PUBLIC_PAGE', 100); + /** * Action for displaying the public stream * @@ -74,6 +78,10 @@ class PublicAction extends Action parent::prepare($args); $this->page = ($this->arg('page')) ? ($this->arg('page')+0) : 1; + if ($this->page > MAX_PUBLIC_PAGE) { + $this->clientError(sprintf(_("Beyond the page limit (%s)"), MAX_PUBLIC_PAGE)); + } + common_set_returnto($this->selfUrl()); return true; -- cgit v1.2.3-54-g00ecf From 03d31911e18f8ca0ba2f8425943b4c244114a066 Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Thu, 25 Jun 2009 13:51:29 -0700 Subject: FileAction redirections weren't being added (e.g.: /notice/$notice_id/file) --- actions/newnotice.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'actions') diff --git a/actions/newnotice.php b/actions/newnotice.php index 3677f54c2..15caff6ea 100644 --- a/actions/newnotice.php +++ b/actions/newnotice.php @@ -326,6 +326,8 @@ class NewnoticeAction extends Action } $this->maybeAddRedir($file_id, $short); + + return $file; } function maybeAddRedir($file_id, $url) @@ -350,7 +352,8 @@ class NewnoticeAction extends Action { File_to_post::processNew($filerec->id, $notice->id); - $this->maybeAddRedir($filerec->id, common_local_url('file', array('notice' => $this->notice->id))); + $this->maybeAddRedir($filerec->id, + common_local_url('file', array('notice' => $notice->id))); } /** -- cgit v1.2.3-54-g00ecf