From d6ddb84132d7b9510ba82064c67f2a39822dab49 Mon Sep 17 00:00:00 2001
From: Craig Andrews <candrews@integralblue.com>
Date: Thu, 5 Nov 2009 23:27:18 -0500
Subject: Add ChangePassword event

---
 actions/passwordsettings.php | 31 ++++++++++++++++++++-----------
 1 file changed, 20 insertions(+), 11 deletions(-)

(limited to 'actions')

diff --git a/actions/passwordsettings.php b/actions/passwordsettings.php
index cd4beac3f..87eb45a7d 100644
--- a/actions/passwordsettings.php
+++ b/actions/passwordsettings.php
@@ -164,23 +164,32 @@ class PasswordsettingsAction extends AccountSettingsAction
                 $this->showForm(_('Incorrect old password'));
                 return;
             }
+        }else{
+            $oldpassword = null;
         }
 
-        $original = clone($user);
+        $errormsg = false;
+        if(! Event::handle('ChangePassword', array($user->nickname, $oldpassword, $newpassword, &$errormsg))){
+            //no handler changed the password, so change the password internally
+            $original = clone($user);
 
-        $user->password = common_munge_password($newpassword, $user->id);
+            $user->password = common_munge_password($newpassword, $user->id);
 
-        $val = $user->validate();
-        if ($val !== true) {
-            $this->showForm(_('Error saving user; invalid.'));
-            return;
-        }
+            $val = $user->validate();
+            if ($val !== true) {
+                $this->showForm(_('Error saving user; invalid.'));
+                return;
+            }
 
-        if (!$user->update($original)) {
-            $this->serverError(_('Can\'t save new password.'));
-            return;
+            if (!$user->update($original)) {
+                $this->serverError(_('Can\'t save new password.'));
+                return;
+            }
         }
 
-        $this->showForm(_('Password saved.'), true);
+        if($errormsg === false)
+            $this->showForm(_('Password saved.'), true);
+        else
+            $this->showForm($errormsg);
     }
 }
-- 
cgit v1.2.3-54-g00ecf


From b522c401e66e5b5d7e000c1bf25fd4b4a4d0558f Mon Sep 17 00:00:00 2001
From: Zach Copley <zach@status.net>
Date: Fri, 6 Nov 2009 17:21:08 -0800
Subject: Better workaround for PHP returning empty $_POST and $_FILES when
 POST length > post_max_size in php.ini. I also added this check to avatar
 upload, which was failing with huge files.

---
 actions/apiaccountupdateprofileimage.php | 20 +++++++++++++-------
 actions/apistatusesupdate.php            | 21 ++++++++++++++-------
 actions/avatarsettings.php               | 16 +++++++++++++++-
 lib/designsettings.php                   | 13 ++++++++-----
 4 files changed, 50 insertions(+), 20 deletions(-)

(limited to 'actions')

diff --git a/actions/apiaccountupdateprofileimage.php b/actions/apiaccountupdateprofileimage.php
index 416fee45a..72fb361bf 100644
--- a/actions/apiaccountupdateprofileimage.php
+++ b/actions/apiaccountupdateprofileimage.php
@@ -87,16 +87,22 @@ class ApiAccountUpdateProfileImageAction extends ApiAuthAction
             return;
         }
 
-        if (empty($this->user)) {
-            $this->clientError(_('No such user!'), 404, $this->format);
+        // Workaround for PHP returning empty $_POST and $_FILES when POST
+        // length > post_max_size in php.ini
+
+        if (empty($_FILES)
+            && empty($_POST)
+            && ($_SERVER['CONTENT_LENGTH'] > 0)
+        ) {
+             $msg = _('The server was unable to handle that much POST ' .
+                    'data (%s bytes) due to its current configuration.');
+
+            $this->clientError(sprintf($msg, $_SERVER['CONTENT_LENGTH']));
             return;
         }
 
-        // Workaround for PHP returning empty $_FILES when POST length > PHP settings
-
-        if (empty($_FILES) && ($_SERVER['CONTENT_LENGTH'] > 0)) {
-            common_debug('content-length = ' . $_SERVER['CONTENT_LENGTH']);
-            $this->clientError(_('Unable to handle that much POST data!'));
+        if (empty($this->user)) {
+            $this->clientError(_('No such user!'), 404, $this->format);
             return;
         }
 
diff --git a/actions/apistatusesupdate.php b/actions/apistatusesupdate.php
index 82fe5a537..e369fa71e 100644
--- a/actions/apistatusesupdate.php
+++ b/actions/apistatusesupdate.php
@@ -112,6 +112,20 @@ class ApiStatusesUpdateAction extends ApiAuthAction
             return;
         }
 
+        // Workaround for PHP returning empty $_POST and $_FILES when POST
+        // length > post_max_size in php.ini
+
+        if (empty($_FILES)
+            && empty($_POST)
+            && ($_SERVER['CONTENT_LENGTH'] > 0)
+        ) {
+             $msg = _('The server was unable to handle that much POST ' .
+                    'data (%s bytes) due to its current configuration.');
+
+            $this->clientError(sprintf($msg, $_SERVER['CONTENT_LENGTH']));
+            return;
+        }
+
         if (empty($this->status)) {
             $this->clientError(
                 'Client must provide a \'status\' parameter with a value.',
@@ -126,13 +140,6 @@ class ApiStatusesUpdateAction extends ApiAuthAction
             return;
         }
 
-        // Workaround for PHP returning empty $_FILES when POST length > PHP settings
-
-        if (empty($_FILES) && ($_SERVER['CONTENT_LENGTH'] > 0)) {
-            $this->clientError(_('Unable to handle that much POST data!'));
-            return;
-        }
-
         $status_shortened = common_shorten_links($this->status);
 
         if (Notice::contentTooLong($status_shortened)) {
diff --git a/actions/avatarsettings.php b/actions/avatarsettings.php
index ded419dd7..879e44842 100644
--- a/actions/avatarsettings.php
+++ b/actions/avatarsettings.php
@@ -244,11 +244,25 @@ class AvatarsettingsAction extends AccountSettingsAction
 
     function handlePost()
     {
+        // Workaround for PHP returning empty $_POST and $_FILES when POST
+        // length > post_max_size in php.ini
+
+        if (empty($_FILES)
+            && empty($_POST)
+            && ($_SERVER['CONTENT_LENGTH'] > 0)
+        ) {
+            $msg = _('The server was unable to handle that much POST ' .
+                'data (%s bytes) due to its current configuration.');
+
+            $this->showForm(sprintf($msg, $_SERVER['CONTENT_LENGTH']));
+            return;
+        }
+
         // CSRF protection
 
         $token = $this->trimmed('token');
         if (!$token || $token != common_session_token()) {
-            $this->show_form(_('There was a problem with your session token. '.
+            $this->showForm(_('There was a problem with your session token. '.
                                'Try again, please.'));
             return;
         }
diff --git a/lib/designsettings.php b/lib/designsettings.php
index 820d534f2..5ce9ddeda 100644
--- a/lib/designsettings.php
+++ b/lib/designsettings.php
@@ -271,17 +271,20 @@ class DesignSettingsAction extends AccountSettingsAction
 
     function handlePost()
     {
-        // XXX: Robin's workaround for a bug in PHP where $_POST
-        // and $_FILE are empty in the case that the uploaded
-        // file is bigger than PHP is configured to handle.
-
         if ($_SERVER['REQUEST_METHOD'] == 'POST') {
-            if (empty($_POST) && $_SERVER['CONTENT_LENGTH']) {
 
+            // Workaround for PHP returning empty $_POST and $_FILES when POST
+            // length > post_max_size in php.ini
+
+            if (empty($_FILES)
+                && empty($_POST)
+                && ($_SERVER['CONTENT_LENGTH'] > 0)
+            ) {
                 $msg = _('The server was unable to handle that much POST ' .
                     'data (%s bytes) due to its current configuration.');
 
                 $this->showForm(sprintf($msg, $_SERVER['CONTENT_LENGTH']));
+                return;
             }
         }
 
-- 
cgit v1.2.3-54-g00ecf