From a9dabbe77e8ab575aaf5c3742e2cddb4874e6881 Mon Sep 17 00:00:00 2001 From: James Walker Date: Sat, 13 Mar 2010 10:37:08 -0500 Subject: * wrong param order to in_array * in getContent() if "type" isn't set, assume text (per atom spec) --- lib/activity.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/activity.php b/lib/activity.php index 125d391b0..738200c0b 100644 --- a/lib/activity.php +++ b/lib/activity.php @@ -457,7 +457,7 @@ class ActivityUtils // slavishly following http://atompub.org/rfc4287.html#rfc.section.4.1.3.3 - if ($type == 'text') { + if (empty($type) || $type == 'text') { return $contentEl->textContent; } else if ($type == 'html') { $text = $contentEl->textContent; @@ -476,7 +476,7 @@ class ActivityUtils $text .= $doc->saveXML($child); } return trim($text); - } else if (in_array(array('text/xml', 'application/xml'), $type) || + } else if (in_array($type, array('text/xml', 'application/xml')) || preg_match('#(+|/)xml$#', $type)) { throw new ClientException(_("Can't handle embedded XML content yet.")); } else if (strncasecmp($type, 'text/', 5)) { -- cgit v1.2.3-54-g00ecf From c4f89b06f1e7fe969e049c7dfe672bdfd6e5c8f9 Mon Sep 17 00:00:00 2001 From: James Walker Date: Sun, 14 Mar 2010 12:57:24 -0400 Subject: give preference to rel="photo" (per latest ActivityStreams spec), but still support rel="avatar" for compat --- lib/activity.php | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/activity.php b/lib/activity.php index 738200c0b..6acf37a8a 100644 --- a/lib/activity.php +++ b/lib/activity.php @@ -681,9 +681,16 @@ class ActivityObject if ($this->type == self::PERSON || $this->type == self::GROUP) { $this->displayName = $this->title; - $avatars = ActivityUtils::getLinks($element, 'avatar'); - foreach ($avatars as $link) { - $this->avatarLinks[] = new AvatarLink($link); + $photos = ActivityUtils::getLinks($element, 'photo'); + if (count($photos)) { + foreach ($photos as $link) { + $this->avatarLinks[] = new AvatarLink($link); + } + } else { + $avatars = ActivityUtils::getLinks($element, 'avatar'); + foreach ($avatars as $link) { + $this->avatarLinks[] = new AvatarLink($link); + } } $this->poco = new PoCo($element); -- cgit v1.2.3-54-g00ecf From c9232d8f26f055a9a1124b4b3db510e80979bf18 Mon Sep 17 00:00:00 2001 From: Brion Vibber Date: Mon, 15 Mar 2010 20:21:55 +0000 Subject: Ticket #2242: fix reading of inline XHTML content in Atom feeds for OStatus input. Lookup of the
needed to check for the XHTML namespace. --- lib/activity.php | 2 +- plugins/OStatus/scripts/testfeed.php | 89 ++++++++++++++++++++++++++++++++++++ 2 files changed, 90 insertions(+), 1 deletion(-) create mode 100644 plugins/OStatus/scripts/testfeed.php (limited to 'lib') diff --git a/lib/activity.php b/lib/activity.php index 6acf37a8a..ae65fe36f 100644 --- a/lib/activity.php +++ b/lib/activity.php @@ -463,7 +463,7 @@ class ActivityUtils $text = $contentEl->textContent; return htmlspecialchars_decode($text, ENT_QUOTES); } else if ($type == 'xhtml') { - $divEl = ActivityUtils::child($contentEl, 'div'); + $divEl = ActivityUtils::child($contentEl, 'div', 'http://www.w3.org/1999/xhtml'); if (empty($divEl)) { return null; } diff --git a/plugins/OStatus/scripts/testfeed.php b/plugins/OStatus/scripts/testfeed.php new file mode 100644 index 000000000..5e3ccd433 --- /dev/null +++ b/plugins/OStatus/scripts/testfeed.php @@ -0,0 +1,89 @@ +#!/usr/bin/env php +. + */ + +define('INSTALLDIR', realpath(dirname(__FILE__) . '/../../..')); + +$longoptions = array('skip=', 'count='); + +$helptext = <<loadXML($xml)) { + print "Bad XML.\n"; + exit(1); +} + +if ($skip || $count) { + $entries = $feed->getElementsByTagNameNS(ActivityUtils::ATOM, 'entry'); + $remove = array(); + for ($i = 0; $i < $skip && $i < $entries->length; $i++) { + $item = $entries->item($i); + if ($item) { + $remove[] = $item; + } + } + if ($count) { + for ($i = $skip + $count; $i < $entries->length; $i++) { + $item = $entries->item($i); + if ($item) { + $remove[] = $item; + } + } + } + foreach ($remove as $item) { + $item->parentNode->removeChild($item); + } +} + +Event::handle('StartFeedSubReceive', array($sub, $feed)); + -- cgit v1.2.3-54-g00ecf From 40cde2f7109cace8f37cd36c31420c38ad475d40 Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Mon, 15 Mar 2010 22:10:32 +0000 Subject: Initial Twitpic-like media upload endpoint /api/statusnet/media/upload --- actions/apimediaupload.php | 141 +++++++++++++++++++++++++++++++++++++++++++++ lib/router.php | 6 ++ 2 files changed, 147 insertions(+) create mode 100644 actions/apimediaupload.php (limited to 'lib') diff --git a/actions/apimediaupload.php b/actions/apimediaupload.php new file mode 100644 index 000000000..ec316edc8 --- /dev/null +++ b/actions/apimediaupload.php @@ -0,0 +1,141 @@ +. + * + * @category API + * @author Zach Copley + * @copyright 2010 StatusNet, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +if (!defined('STATUSNET')) { + exit(1); +} + +require_once INSTALLDIR . '/lib/apiauth.php'; +require_once INSTALLDIR . '/lib/mediafile.php'; + +/** + * Upload an image via the API. Returns a shortened URL for the image + * to the user. + * + * @category API + * @package StatusNet + * @author Zach Copley + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +class ApiMediaUploadAction extends ApiAuthAction +{ + /** + * Handle the request + * + * Grab the file from the 'media' param, then store, and shorten + * + * @todo Upload throttle! + * + * @param array $args $_REQUEST data (unused) + * + * @return void + */ + + function handle($args) + { + parent::handle($args); + + if ($_SERVER['REQUEST_METHOD'] != 'POST') { + $this->clientError( + _('This method requires a POST.'), + 400, $this->format + ); + return; + } + + // Workaround for PHP returning empty $_POST and $_FILES when POST + // length > post_max_size in php.ini + + if (empty($_FILES) + && empty($_POST) + && ($_SERVER['CONTENT_LENGTH'] > 0) + ) { + $msg = _('The server was unable to handle that much POST ' . + 'data (%s bytes) due to its current configuration.'); + + $this->clientError(sprintf($msg, $_SERVER['CONTENT_LENGTH'])); + return; + } + + $upload = null; + + try { + $upload = MediaFile::fromUpload('media', $this->auth_user); + } catch (ClientException $ce) { + $this->clientError($ce->getMessage()); + return; + } + + if (isset($upload)) { + $this->showResponse($upload); + } else { + $this->clientError('Upload failed.'); + return; + } + } + + /** + * Show a Twitpic-like response with the ID of the media file + * and a (hopefully) shortened URL for it. + * + * @param File $upload the uploaded file + * + * @return void + */ + function showResponse($upload) + { + $this->initDocument(); + $this->elementStart('rsp', array('stat' => 'ok')); + $this->element('mediaid', null, $upload->fileRecord->id); + $this->element('mediaurl', null, $upload->shortUrl()); + $this->elementEnd('rsp'); + $this->endDocument(); + } + + /** + * Overrided clientError to show a more Twitpic-like error + * + * @param String $msg an error message + * + */ + function clientError($msg) + { + $this->initDocument(); + $this->elementStart('rsp', array('stat' => 'fail')); + + // @todo add in error code + $errAttr = array('msg' => $msg); + + $this->element('err', $errAttr, null); + $this->elementEnd('rsp'); + $this->endDocument(); + } + +} diff --git a/lib/router.php b/lib/router.php index 706120e0b..a48ee875e 100644 --- a/lib/router.php +++ b/lib/router.php @@ -628,6 +628,12 @@ class Router array('action' => 'ApiTimelineTag', 'format' => '(xmljson|rss|atom)')); + // media related + $m->connect( + 'api/statusnet/media/upload', + array('action' => 'ApiMediaUpload') + ); + // search $m->connect('api/search.atom', array('action' => 'twitapisearchatom')); $m->connect('api/search.json', array('action' => 'twitapisearchjson')); -- cgit v1.2.3-54-g00ecf From 441e52718e4db4eb45bd5c76c5af446496f56f96 Mon Sep 17 00:00:00 2001 From: Brion Vibber Date: Mon, 15 Mar 2010 15:08:16 -0700 Subject: Background deletion of user accounts. Notices are deleted in chunks, then the user itself when they're all gone. While deletion is in progress, the account is locked with the 'deleted' role, which disables all actions with rights control. Todo: * Pretty up the notice on the profile page about the pending delete. Show status? * Possibly more thorough account disabling, such as disallowing all use for login and access. * Improve error recovery; worst case is that an account gets left locked in 'deleted' state but the queue jobs have gotten dropped out. This would leave the username in use and any undeleted notices in place. --- actions/deleteuser.php | 10 ++++- classes/Profile.php | 3 ++ classes/Profile_role.php | 1 + lib/deluserqueuehandler.php | 95 +++++++++++++++++++++++++++++++++++++++++++++ lib/queuemanager.php | 3 ++ lib/userprofile.php | 11 ++++++ 6 files changed, 122 insertions(+), 1 deletion(-) create mode 100644 lib/deluserqueuehandler.php (limited to 'lib') diff --git a/actions/deleteuser.php b/actions/deleteuser.php index c4f84fad2..4e6b27395 100644 --- a/actions/deleteuser.php +++ b/actions/deleteuser.php @@ -162,7 +162,15 @@ class DeleteuserAction extends ProfileFormAction function handlePost() { if (Event::handle('StartDeleteUser', array($this, $this->user))) { - $this->user->delete(); + // Mark the account as deleted and shove low-level deletion tasks + // to background queues. Removing a lot of posts can take a while... + if (!$this->user->hasRole(Profile_role::DELETED)) { + $this->user->grantRole(Profile_role::DELETED); + } + + $qm = QueueManager::get(); + $qm->enqueue($this->user, 'deluser'); + Event::handle('EndDeleteUser', array($this, $this->user)); } } diff --git a/classes/Profile.php b/classes/Profile.php index 91f6e4692..eded1ff71 100644 --- a/classes/Profile.php +++ b/classes/Profile.php @@ -732,6 +732,9 @@ class Profile extends Memcached_DataObject function hasRight($right) { $result = false; + if ($this->hasRole(Profile_role::DELETED)) { + return false; + } if (Event::handle('UserRightsCheck', array($this, $right, &$result))) { switch ($right) { diff --git a/classes/Profile_role.php b/classes/Profile_role.php index d0a0b31f0..e7aa1f0f0 100644 --- a/classes/Profile_role.php +++ b/classes/Profile_role.php @@ -53,6 +53,7 @@ class Profile_role extends Memcached_DataObject const ADMINISTRATOR = 'administrator'; const SANDBOXED = 'sandboxed'; const SILENCED = 'silenced'; + const DELETED = 'deleted'; // Pending final deletion of notices... public static function isValid($role) { diff --git a/lib/deluserqueuehandler.php b/lib/deluserqueuehandler.php new file mode 100644 index 000000000..4a1233a5e --- /dev/null +++ b/lib/deluserqueuehandler.php @@ -0,0 +1,95 @@ +. + */ + +/** + * Background job to delete prolific users without disrupting front-end too much. + * + * Up to 50 messages are deleted on each run through; when all messages are gone, + * the actual account is deleted. + * + * @package QueueHandler + * @maintainer Brion Vibber + */ + +class DelUserQueueHandler extends QueueHandler +{ + const DELETION_WINDOW = 50; + + public function transport() + { + return 'deluser'; + } + + public function handle($user) + { + if (!($user instanceof User)) { + common_log(LOG_ERR, "Got a bogus user, not deleting"); + return true; + } + + $user = User::staticGet('id', $user->id); + if (!$user) { + common_log(LOG_INFO, "User {$user->nickname} was deleted before we got here."); + return true; + } + + if (!$user->hasRole(Profile_role::DELETED)) { + common_log(LOG_INFO, "User {$user->nickname} is not pending deletion; aborting."); + return true; + } + + $notice = $this->getNextBatch($user); + if ($notice->N) { + common_log(LOG_INFO, "Deleting next {$notice->N} notices by {$user->nickname}"); + while ($notice->fetch()) { + $del = clone($notice); + $del->delete(); + } + + // @todo improve reliability in case we died during the above deletions + // with a fatal error. If the job is lost, we should perform some kind + // of garbage collection later. + + // Queue up the next batch. + $qm = QueueManager::get(); + $qm->enqueue($user, 'deluser'); + } else { + // Out of notices? Let's finish deleting this guy! + $user->delete(); + common_log(LOG_INFO, "User $user->id $user->nickname deleted."); + return true; + } + + return true; + } + + /** + * Fetch the next self::DELETION_WINDOW messages for this user. + * @return Notice + */ + protected function getNextBatch(User $user) + { + $notice = new Notice(); + $notice->profile_id = $user->id; + $notice->limit(self::DELETION_WINDOW); + $notice->find(); + return $notice; + } + +} diff --git a/lib/queuemanager.php b/lib/queuemanager.php index 87bd356aa..0829c8a8b 100644 --- a/lib/queuemanager.php +++ b/lib/queuemanager.php @@ -264,6 +264,9 @@ abstract class QueueManager extends IoManager $this->connect('sms', 'SmsQueueHandler'); } + // Background user management tasks... + $this->connect('deluser', 'DelUserQueueHandler'); + // Broadcasting profile updates to OMB remote subscribers $this->connect('profile', 'ProfileQueueHandler'); diff --git a/lib/userprofile.php b/lib/userprofile.php index 8464c2446..2c3b1ea45 100644 --- a/lib/userprofile.php +++ b/lib/userprofile.php @@ -228,6 +228,17 @@ class UserProfile extends Widget function showEntityActions() { + if ($this->profile->hasRole(Profile_role::DELETED)) { + $this->out->elementStart('div', 'entity_actions'); + $this->out->element('h2', null, _('User actions')); + $this->out->elementStart('ul'); + $this->out->elementStart('p', array('class' => 'profile_deleted')); + $this->out->text(_('User deletion in progress...')); + $this->out->elementEnd('p'); + $this->out->elementEnd('ul'); + $this->out->elementEnd('div'); + return; + } if (Event::handle('StartProfilePageActionsSection', array(&$this->out, $this->profile))) { $cur = common_current_user(); -- cgit v1.2.3-54-g00ecf From b994d529f4de53df6350e12b5e81889cee17f317 Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Mon, 15 Mar 2010 19:06:06 -0700 Subject: Throw an exception if we receive a document instead of a feed's root element --- lib/activity.php | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) (limited to 'lib') diff --git a/lib/activity.php b/lib/activity.php index ae65fe36f..d84eabf7c 100644 --- a/lib/activity.php +++ b/lib/activity.php @@ -1083,15 +1083,11 @@ class Activity $this->entry = $entry; - // @fixme Don't send in a DOMDocument + // Insist on a feed's root DOMElement; don't allow a DOMDocument if ($feed instanceof DOMDocument) { - common_log( - LOG_WARNING, - 'Activity::__construct() - ' - . 'DOMDocument passed in for feed by mistake. ' - . "Expecting a 'feed' DOMElement." + throw new ClientException( + _("Expecting a root feed element but got a whole XML document.") ); - $feed = $feed->getElementsByTagName('feed')->item(0); } $this->feed = $feed; -- cgit v1.2.3-54-g00ecf From f62b8a80cf33ac8529d0736c51dc060a9d235369 Mon Sep 17 00:00:00 2001 From: Brion Vibber Date: Tue, 16 Mar 2010 16:23:19 -0700 Subject: Pull back for now on switch of PEAR error mode to exceptions; seems to trigger out exceptions at various times we don't want them. For instance this was throwing an exception for DB_DataObject::staticGet when there's no match... definitely not what we want when all our code expects to get a nice null. Example of this causing trouble: http://gitorious.org/statusnet/mainline/merge_requests/131 Revert "Don't attempt to retrieve the current user from the DB while processing a DB error" This reverts commit 68347691b0c7fb3f81415abd7fcdc5aec85cc554. Revert "Use PHP exceptions for PEAR error handling." This reverts commit d8212977ce7f911d4f9bd6e55f94aea059a86782. --- index.php | 103 ++++++++++++++++++++++++++------------------------------- lib/common.php | 12 ------- 2 files changed, 46 insertions(+), 69 deletions(-) (limited to 'lib') diff --git a/index.php b/index.php index 65f251bcc..36ba3a0d2 100644 --- a/index.php +++ b/index.php @@ -37,6 +37,8 @@ define('INSTALLDIR', dirname(__FILE__)); define('STATUSNET', true); define('LACONICA', true); // compatibility +require_once INSTALLDIR . '/lib/common.php'; + $user = null; $action = null; @@ -66,69 +68,52 @@ function getPath($req) */ function handleError($error) { - try { - - if ($error->getCode() == DB_DATAOBJECT_ERROR_NODATA) { - return; - } + if ($error->getCode() == DB_DATAOBJECT_ERROR_NODATA) { + return; + } - $logmsg = "PEAR error: " . $error->getMessage(); - if ($error instanceof PEAR_Exception && common_config('site', 'logdebug')) { - $logmsg .= " : ". $error->toText(); - } - // DB queries often end up with a lot of newlines; merge to a single line - // for easier grepability... - $logmsg = str_replace("\n", " ", $logmsg); - common_log(LOG_ERR, $logmsg); - - // @fixme backtrace output should be consistent with exception handling - if (common_config('site', 'logdebug')) { - $bt = $error->getTrace(); - foreach ($bt as $n => $line) { - common_log(LOG_ERR, formatBacktraceLine($n, $line)); - } - } - if ($error instanceof DB_DataObject_Error - || $error instanceof DB_Error - || ($error instanceof PEAR_Exception && $error->getCode() == -24) - ) { - //If we run into a DB error, assume we can't connect to the DB at all - //so set the current user to null, so we don't try to access the DB - //while rendering the error page. - global $_cur; - $_cur = null; - - $msg = sprintf( - _( - 'The database for %s isn\'t responding correctly, '. - 'so the site won\'t work properly. '. - 'The site admins probably know about the problem, '. - 'but you can contact them at %s to make sure. '. - 'Otherwise, wait a few minutes and try again.' - ), - common_config('site', 'name'), - common_config('site', 'email') - ); - } else { - $msg = _( - 'An important error occured, probably related to email setup. '. - 'Check logfiles for more info..' - ); + $logmsg = "PEAR error: " . $error->getMessage(); + if (common_config('site', 'logdebug')) { + $logmsg .= " : ". $error->getDebugInfo(); + } + // DB queries often end up with a lot of newlines; merge to a single line + // for easier grepability... + $logmsg = str_replace("\n", " ", $logmsg); + common_log(LOG_ERR, $logmsg); + + // @fixme backtrace output should be consistent with exception handling + if (common_config('site', 'logdebug')) { + $bt = $error->getBacktrace(); + foreach ($bt as $n => $line) { + common_log(LOG_ERR, formatBacktraceLine($n, $line)); } - - $dac = new DBErrorAction($msg, 500); - $dac->showPage(); - - } catch (Exception $e) { - echo _('An error occurred.'); } + if ($error instanceof DB_DataObject_Error + || $error instanceof DB_Error + ) { + $msg = sprintf( + _( + 'The database for %s isn\'t responding correctly, '. + 'so the site won\'t work properly. '. + 'The site admins probably know about the problem, '. + 'but you can contact them at %s to make sure. '. + 'Otherwise, wait a few minutes and try again.' + ), + common_config('site', 'name'), + common_config('site', 'email') + ); + } else { + $msg = _( + 'An important error occured, probably related to email setup. '. + 'Check logfiles for more info..' + ); + } + + $dac = new DBErrorAction($msg, 500); + $dac->showPage(); exit(-1); } -set_exception_handler('handleError'); - -require_once INSTALLDIR . '/lib/common.php'; - /** * Format a backtrace line for debug output roughly like debug_print_backtrace() does. * Exceptions already have this built in, but PEAR error objects just give us the array. @@ -253,6 +238,10 @@ function main() return; } + // For database errors + + PEAR::setErrorHandling(PEAR_ERROR_CALLBACK, 'handleError'); + // Make sure RW database is setup setupRW(); diff --git a/lib/common.php b/lib/common.php index 047dc5a7b..5d53270e3 100644 --- a/lib/common.php +++ b/lib/common.php @@ -71,7 +71,6 @@ if (!function_exists('dl')) { # global configuration object require_once('PEAR.php'); -require_once('PEAR/Exception.php'); require_once('DB/DataObject.php'); require_once('DB/DataObject/Cast.php'); # for dates @@ -129,17 +128,6 @@ require_once INSTALLDIR.'/lib/activity.php'; require_once INSTALLDIR.'/lib/clientexception.php'; require_once INSTALLDIR.'/lib/serverexception.php'; - -//set PEAR error handling to use regular PHP exceptions -function PEAR_ErrorToPEAR_Exception($err) -{ - if ($err->getCode()) { - throw new PEAR_Exception($err->getMessage(), $err->getCode()); - } - throw new PEAR_Exception($err->getMessage()); -} -PEAR::setErrorHandling(PEAR_ERROR_CALLBACK, 'PEAR_ErrorToPEAR_Exception'); - try { StatusNet::init(@$server, @$path, @$conffile); } catch (NoConfigException $e) { -- cgit v1.2.3-54-g00ecf