From fcb614d0eb1f98bf8704654ed06e1f9d9733d359 Mon Sep 17 00:00:00 2001
From: Brion Vibber <brion@pobox.com>
Date: Sun, 21 Mar 2010 16:25:12 -0700
Subject: Pull <atom:author> info as well as <activity:actor> when we have an
 old-style ActivityStreams feed. This fixes subscription setup for Cliqset
 feeds, which currently have a bogus activity:actor/atom:id but a good
 atom:author/atom:uri

---
 lib/activityobject.php | 21 +++++++++++++++++++--
 lib/activityutils.php  | 22 ++++++++++++++++++++++
 2 files changed, 41 insertions(+), 2 deletions(-)

(limited to 'lib')

diff --git a/lib/activityobject.php b/lib/activityobject.php
index e5cea727b..0a358ccab 100644
--- a/lib/activityobject.php
+++ b/lib/activityobject.php
@@ -156,7 +156,11 @@ class ActivityObject
     {
         $this->type  = self::PERSON; // XXX: is this fair?
         $this->title = $this->_childContent($element, self::NAME);
-        $this->id    = $this->_childContent($element, self::URI);
+
+        $id = $this->_childContent($element, self::URI);
+        if (ActivityUtils::validateUri($id)) {
+            $this->id = $id;
+        }
 
         if (empty($this->id)) {
             $email = $this->_childContent($element, self::EMAIL);
@@ -169,6 +173,15 @@ class ActivityObject
 
     private function _fromAtomEntry($element)
     {
+        if ($element->localName == 'actor') {
+            // Old-fashioned <activity:actor>...
+            // First pull anything from <author>, then we'll add on top.
+            $author = ActivityUtils::child($element->parentNode, 'author');
+            if ($author) {
+                $this->_fromAuthor($author);
+            }
+        }
+
         $this->type = $this->_childContent($element, Activity::OBJECTTYPE,
                                            Activity::SPEC);
 
@@ -176,7 +189,11 @@ class ActivityObject
             $this->type = ActivityObject::NOTE;
         }
 
-        $this->id      = $this->_childContent($element, self::ID);
+        $id = $this->_childContent($element, self::ID);
+        if (ActivityUtils::validateUri($id)) {
+            $this->id = $id;
+        }
+
         $this->summary = ActivityUtils::childHtmlContent($element, self::SUMMARY);
         $this->content = ActivityUtils::getContent($element);
 
diff --git a/lib/activityutils.php b/lib/activityutils.php
index c85a3db55..a7e99fb11 100644
--- a/lib/activityutils.php
+++ b/lib/activityutils.php
@@ -240,4 +240,26 @@ class ActivityUtils
             throw new ClientException(_("Can't handle embedded Base64 content yet."));
         }
     }
+
+    /**
+     * Is this a valid URI for remote profile/notice identification?
+     * Does not have to be a resolvable URL.
+     * @param string $uri
+     * @return boolean
+     */
+    static function validateUri($uri)
+    {
+        if (Validate::uri($uri)) {
+            return true;
+        }
+
+        // Possibly an upstream bug; tag: URIs aren't validated properly
+        // unless you explicitly ask for them. All other schemes are accepted
+        // for basic URI validation without asking.
+        if (Validate::uri($uri, array('allowed_scheme' => array('tag')))) {
+            return true;
+        }
+
+        return false;
+    }
 }
-- 
cgit v1.2.3-54-g00ecf


From 7aee7670c7ac6302e988612d31c0b52cb378698d Mon Sep 17 00:00:00 2001
From: Brion Vibber <brion@pobox.com>
Date: Mon, 22 Mar 2010 10:35:54 -0700
Subject: Replace the "give up and dump object" attachment view fallback with a
 client-side redirect to the target URL, which will at least be useful.

---
 lib/attachmentlist.php | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

(limited to 'lib')

diff --git a/lib/attachmentlist.php b/lib/attachmentlist.php
index 51ceca857..fe38281af 100644
--- a/lib/attachmentlist.php
+++ b/lib/attachmentlist.php
@@ -306,7 +306,7 @@ class Attachment extends AttachmentListItem
     function showRepresentation() {
         if (empty($this->oembed->type)) {
             if (empty($this->attachment->mimetype)) {
-                $this->out->element('pre', null, 'oh well... not sure how to handle the following: ' . print_r($this->attachment, true));
+                $this->showFallback();
             } else {
                 switch ($this->attachment->mimetype) {
                 case 'image/gif':
@@ -332,6 +332,8 @@ class Attachment extends AttachmentListItem
                     $this->out->element('param', array('name' => 'autoStart', 'value' => 1));
                     $this->out->elementEnd('object');
                     break;
+                default:
+                    $this->showFallback();
                 }
             }
         } else {
@@ -354,9 +356,23 @@ class Attachment extends AttachmentListItem
                 break;
 
             default:
-                $this->out->element('pre', null, 'oh well... not sure how to handle the following oembed: ' . print_r($this->oembed, true));
+                $this->showFallback();
             }
         }
     }
+
+    function showFallback()
+    {
+        // If we don't know how to display an attachment inline, we probably
+        // shouldn't have gotten to this point.
+        //
+        // But, here we are... displaying details on a file or remote URL
+        // either on the main view or in an ajax-loaded lightbox. As a lesser
+        // of several evils, we'll try redirecting to the actual target via
+        // client-side JS.
+
+        common_log(LOG_ERR, "Empty or unknown type for file id {$this->attachment->id}; falling back to client-side redirect.");
+        $this->out->raw('<script>window.location = ' . json_encode($this->attachment->url) . ';</script>');
+    }
 }
 
-- 
cgit v1.2.3-54-g00ecf


From 4168b9cec1f7b2e6421c018e56e3b9a13c14d581 Mon Sep 17 00:00:00 2001
From: Brion Vibber <brion@pobox.com>
Date: Mon, 22 Mar 2010 11:33:56 -0700
Subject: Log backtraces for non-ClientException exceptions caught at the
 top-level handler.

---
 index.php                 | 4 ++--
 lib/servererroraction.php | 9 ++++++---
 2 files changed, 8 insertions(+), 5 deletions(-)

(limited to 'lib')

diff --git a/index.php b/index.php
index 36ba3a0d2..ea5c80277 100644
--- a/index.php
+++ b/index.php
@@ -324,10 +324,10 @@ function main()
             $cac = new ClientErrorAction($cex->getMessage(), $cex->getCode());
             $cac->showPage();
         } catch (ServerException $sex) { // snort snort guffaw
-            $sac = new ServerErrorAction($sex->getMessage(), $sex->getCode());
+            $sac = new ServerErrorAction($sex->getMessage(), $sex->getCode(), $sex);
             $sac->showPage();
         } catch (Exception $ex) {
-            $sac = new ServerErrorAction($ex->getMessage());
+            $sac = new ServerErrorAction($ex->getMessage(), 500, $ex);
             $sac->showPage();
         }
     }
diff --git a/lib/servererroraction.php b/lib/servererroraction.php
index 0993a63bc..9b5a553dc 100644
--- a/lib/servererroraction.php
+++ b/lib/servererroraction.php
@@ -62,15 +62,18 @@ class ServerErrorAction extends ErrorAction
                            504 => 'Gateway Timeout',
                            505 => 'HTTP Version Not Supported');
 
-    function __construct($message='Error', $code=500)
+    function __construct($message='Error', $code=500, $ex=null)
     {
         parent::__construct($message, $code);
 
         $this->default = 500;
 
         // Server errors must be logged.
-
-        common_log(LOG_ERR, "ServerErrorAction: $code $message");
+        $log = "ServerErrorAction: $code $message";
+        if ($ex) {
+            $log .= "\n" . $ex->getTraceAsString();
+        }
+        common_log(LOG_ERR, $log);
     }
 
     // XXX: Should these error actions even be invokable via URI?
-- 
cgit v1.2.3-54-g00ecf