From 7e975b17c5a857479826f6d730c1ca85c513f4d1 Mon Sep 17 00:00:00 2001 From: Sean Murphy Date: Wed, 4 Feb 2009 19:32:15 -0500 Subject: Fixed #1134; Consolidated image scaling functions. --- lib/imagefile.php | 124 ++++++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 98 insertions(+), 26 deletions(-) (limited to 'lib') diff --git a/lib/imagefile.php b/lib/imagefile.php index 7f1db892c..5e9913235 100644 --- a/lib/imagefile.php +++ b/lib/imagefile.php @@ -47,18 +47,22 @@ if (!defined('LACONICA')) { class ImageFile { - var $filename = null; - var $barename = null; - var $type = null; - var $height = null; - var $width = null; + var $id; + var $filepath; + var $barename; + var $type; + var $height; + var $width; - function __construct($filename=null, $type=null, $width=null, $height=null) + function __construct($id=null, $filepath=null, $type=null, $width=null, $height=null) { - $this->filename = $filename; - $this->type = $type; - $this->width = $type; - $this->height = $type; + $this->id = $id; + $this->filepath = $filepath; + + $info = @getimagesize($this->filepath); + $this->type = ($info) ? $info[2]:$type; + $this->width = ($info) ? $info[0]:$width; + $this->height = ($info) ? $info[1]:$height; } static function fromUpload($param='upload') @@ -78,32 +82,100 @@ class ImageFile throw new Exception(_('System error uploading file.')); return; } - - $imagefile = new ImageFile($_FILES[$param]['tmp_name']); - $info = @getimagesize($imagefile->filename); - + + $info = @getimagesize($_FILES[$param]['tmp_name']); + if (!$info) { - @unlink($imagefile->filename); + @unlink($_FILES[$param]['tmp_name']); throw new Exception(_('Not an image or corrupt file.')); return; } + + if ($info[2] !== IMAGETYPE_GIF && + $info[2] !== IMAGETYPE_JPEG && + $info[2] !== IMAGETYPE_PNG) { + + @unlink($_FILES[$param]['tmp_name']); + throw new Exception(_('Unsupported image file format.')); + return; + } - $imagefile->width = $info[0]; - $imagefile->height = $info[1]; + return new ImageFile(null, $_FILES[$param]['tmp_name']); + } + + function resize($size, $x = 0, $y = 0, $w = null, $h = null) + { + $w = ($w === null) ? $this->width:$w; + $h = ($h === null) ? $this->height:$h; - switch ($info[2]) { - case IMAGETYPE_GIF: - case IMAGETYPE_JPEG: - case IMAGETYPE_PNG: - $imagefile->type = $info[2]; + if (!file_exists($this->filepath)) { + throw new Exception(_('Lost our file.')); + return; + } + + switch ($this->type) { + case IMAGETYPE_GIF: + $image_src = imagecreatefromgif($this->filepath); break; - default: - @unlink($imagefile->filename); - throw new Exception(_('Unsupported image file format.')); + case IMAGETYPE_JPEG: + $image_src = imagecreatefromjpeg($this->filepath); + break; + case IMAGETYPE_PNG: + $image_src = imagecreatefrompng($this->filepath); + break; + default: + throw new Exception(_('Unknown file type')); + return; + } + + $image_dest = imagecreatetruecolor($size, $size); + + if ($this->type == IMAGETYPE_GIF || $this->type == IMAGETYPE_PNG) { + + $transparent_idx = imagecolortransparent($image_src); + + if ($transparent_idx >= 0) { + + $transparent_color = imagecolorsforindex($image_src, $transparent_idx); + $transparent_idx = imagecolorallocate($image_dest, $transparent_color['red'], $transparent_color['green'], $transparent_color['blue']); + imagefill($image_dest, 0, 0, $transparent_idx); + imagecolortransparent($image_dest, $transparent_idx); + + } elseif ($this->type == IMAGETYPE_PNG) { + + imagealphablending($image_dest, false); + $transparent = imagecolorallocatealpha($image_dest, 0, 0, 0, 127); + imagefill($image_dest, 0, 0, $transparent); + imagesavealpha($image_dest, true); + + } + } + + imagecopyresampled($image_dest, $image_src, 0, 0, $x, $y, $size, $size, $w, $h); + + $outname = common_avatar_filename($this->id, + image_type_to_extension($this->type), + $size, + common_timestamp()); + + $outpath = common_avatar_path($outname); + + switch ($this->type) { + case IMAGETYPE_GIF: + imagegif($image_dest, $outpath); + break; + case IMAGETYPE_JPEG: + imagejpeg($image_dest, $outpath); + break; + case IMAGETYPE_PNG: + imagepng($image_dest, $outpath); + break; + default: + throw new Exception(_('Unknown file type')); return; } - return $imagefile; + return $outname; } function unlink() -- cgit v1.2.3-54-g00ecf From 0f12d6135ea21f3cd55aea0d12b1680cbb81d7e9 Mon Sep 17 00:00:00 2001 From: Sean Murphy Date: Wed, 4 Feb 2009 20:02:50 -0500 Subject: Fixed #732; Hashtags inside parens and brackets. --- lib/util.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/util.php b/lib/util.php index 07e124811..c26ca6b62 100644 --- a/lib/util.php +++ b/lib/util.php @@ -388,7 +388,7 @@ function common_render_text($text) $r = preg_replace('/[\x{0}-\x{8}\x{b}-\x{c}\x{e}-\x{19}]/', '', $r); $r = preg_replace_callback('@(ftp|http|https|mms|rtsp|gopher|news|nntp|telnet|wais|file|prospero|webcal|xmpp|irc)://[^\]>\s]+@', 'common_render_uri_thingy', $r); $r = preg_replace_callback('@(mailto|aim|tel):[^\]>\s]+@', 'common_render_uri_thingy', $r); // Pseudo-protocols don't require '//' after ':'. - $r = preg_replace('/(^|\s+)#([A-Za-z0-9_\-\.]{1,64})/e', "'\\1#'.common_tag_link('\\2')", $r); + $r = preg_replace('/(^|\(|\[|\s+)#([A-Za-z0-9_\-\.]{1,64})/e', "'\\1#'.common_tag_link('\\2')", $r); // XXX: machine tags return $r; } -- cgit v1.2.3-54-g00ecf From 8053adc60e05c1154dc45a76e3d9b45d06422245 Mon Sep 17 00:00:00 2001 From: Sean Murphy Date: Wed, 4 Feb 2009 23:11:40 -0500 Subject: Fixed #779 & #588; Better URL auto-linking. --- lib/util.php | 99 ++++++++++++++++++++++++++++++++++++++++++------------------ 1 file changed, 69 insertions(+), 30 deletions(-) (limited to 'lib') diff --git a/lib/util.php b/lib/util.php index c26ca6b62..92dca1194 100644 --- a/lib/util.php +++ b/lib/util.php @@ -386,46 +386,85 @@ function common_render_text($text) $r = htmlspecialchars($text); $r = preg_replace('/[\x{0}-\x{8}\x{b}-\x{c}\x{e}-\x{19}]/', '', $r); - $r = preg_replace_callback('@(ftp|http|https|mms|rtsp|gopher|news|nntp|telnet|wais|file|prospero|webcal|xmpp|irc)://[^\]>\s]+@', 'common_render_uri_thingy', $r); - $r = preg_replace_callback('@(mailto|aim|tel):[^\]>\s]+@', 'common_render_uri_thingy', $r); // Pseudo-protocols don't require '//' after ':'. + $r = common_replace_urls_callback($r, 'common_linkify'); $r = preg_replace('/(^|\(|\[|\s+)#([A-Za-z0-9_\-\.]{1,64})/e', "'\\1#'.common_tag_link('\\2')", $r); // XXX: machine tags return $r; } -function common_render_uri_thingy($matches) -{ - $uri = $matches[0]; - $trailer = ''; - - // Some heuristics for extracting URIs from surrounding punctuation - // Strip from trailing text... - if (preg_match('/^(.*)([,.:"\']+)$/', $uri, $matches)) { - $uri = $matches[1]; - $trailer = $matches[2]; - } +function common_replace_urls_callback($text, $callback) { + // Start off with a regex + preg_match_all('#(?:(?:(?:https?|ftps?|mms|rtsp|gopher|news|nntp|telnet|wais|file|prospero|webcal|xmpp|irc)://|(?:mailto|aim|tel):)[^.\s]+\.[^\s]+|(?:[^.\s/]+\.)+(?:museum|travel|[a-z]{2,4})(?:[:/][^\s]*)?)#i', $text, $matches); + + // Then clean up what the regex left behind + $offset = 0; + foreach($matches[0] as $url) { + $url = htmlspecialchars_decode($url); + + // Make sure we didn't pick up an email address + if (preg_match('#^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$#i', $url)) continue; + + // Remove trailing punctuation + $url = rtrim($url, '.?!,;:\'"`'); + + // Remove surrounding parens and the like + preg_match('/[)\]>]+$/', $url, $trailing); + if (isset($trailing[0])) { + preg_match_all('/[(\[<]/', $url, $opened); + preg_match_all('/[)\]>]/', $url, $closed); + $unopened = count($closed[0]) - count($opened[0]); + + // Make sure not to take off more closing parens than there are at the end + $unopened = ($unopened > mb_strlen($trailing[0])) ? mb_strlen($trailing[0]):$unopened; + + $url = ($unopened > 0) ? mb_substr($url, 0, $unopened * -1):$url; + } - $pairs = array( - ']' => '[', // technically disallowed in URIs, but used in Java docs - ')' => '(', // far too frequent in Wikipedia and MSDN - ); - $final = substr($uri, -1, 1); - if (isset($pairs[$final])) { - $openers = substr_count($uri, $pairs[$final]); - $closers = substr_count($uri, $final); - if ($closers > $openers) { - // Assume the paren was opened outside the URI - $uri = substr($uri, 0, -1); - $trailer = $final . $trailer; + // Remove trailing punctuation again (in case there were some inside parens) + $url = rtrim($url, '.?!,;:\'"`'); + + // Make sure we didn't capture part of the next sentence + preg_match('#((?:[^.\s/]+\.)+)(museum|travel|[a-z]{2,4})#i', $url, $url_parts); + + // Were the parts capitalized any? + $last_part = (mb_strtolower($url_parts[2]) !== $url_parts[2]) ? true:false; + $prev_part = (mb_strtolower($url_parts[1]) !== $url_parts[1]) ? true:false; + + // If the first part wasn't cap'd but the last part was, we captured too much + if ((!$prev_part && $last_part)) { + $url = substr_replace($url, '', mb_strpos($url, '.'.$url_parts[2], 0)); } - } - if ($longurl = common_longurl($uri)) { + + // Capture the new TLD + preg_match('#((?:[^.\s/]+\.)+)(museum|travel|[a-z]{2,4})#i', $url, $url_parts); + + $tlds = array('ac', 'ad', 'ae', 'aero', 'af', 'ag', 'ai', 'al', 'am', 'an', 'ao', 'aq', 'ar', 'arpa', 'as', 'asia', 'at', 'au', 'aw', 'ax', 'az', 'ba', 'bb', 'bd', 'be', 'bf', 'bg', 'bh', 'bi', 'biz', 'bj', 'bm', 'bn', 'bo', 'br', 'bs', 'bt', 'bv', 'bw', 'by', 'bz', 'ca', 'cat', 'cc', 'cd', 'cf', 'cg', 'ch', 'ci', 'ck', 'cl', 'cm', 'cn', 'co', 'com', 'coop', 'cr', 'cu', 'cv', 'cx', 'cy', 'cz', 'de', 'dj', 'dk', 'dm', 'do', 'dz', 'ec', 'edu', 'ee', 'eg', 'er', 'es', 'et', 'eu', 'fi', 'fj', 'fk', 'fm', 'fo', 'fr', 'ga', 'gb', 'gd', 'ge', 'gf', 'gg', 'gh', 'gi', 'gl', 'gm', 'gn', 'gov', 'gp', 'gq', 'gr', 'gs', 'gt', 'gu', 'gw', 'gy', 'hk', 'hm', 'hn', 'hr', 'ht', 'hu', 'id', 'ie', 'il', 'im', 'in', 'info', 'int', 'io', 'iq', 'ir', 'is', 'it', 'je', 'jm', 'jo', 'jobs', 'jp', 'ke', 'kg', 'kh', 'ki', 'km', 'kn', 'kp', 'kr', 'kw', 'ky', 'kz', 'la', 'lb', 'lc', 'li', 'lk', 'lr', 'ls', 'lt', 'lu', 'lv', 'ly', 'ma', 'mc', 'md', 'me', 'mg', 'mh', 'mil', 'mk', 'ml', 'mm', 'mn', 'mo', 'mobi', 'mp', 'mq', 'mr', 'ms', 'mt', 'mu', 'museum', 'mv', 'mw', 'mx', 'my', 'mz', 'na', 'name', 'nc', 'ne', 'net', 'nf', 'ng', 'ni', 'nl', 'no', 'np', 'nr', 'nu', 'nz', 'om', 'org', 'pa', 'pe', 'pf', 'pg', 'ph', 'pk', 'pl', 'pm', 'pn', 'pr', 'pro', 'ps', 'pt', 'pw', 'py', 'qa', 're', 'ro', 'rs', 'ru', 'rw', 'sa', 'sb', 'sc', 'sd', 'se', 'sg', 'sh', 'si', 'sj', 'sk', 'sl', 'sm', 'sn', 'so', 'sr', 'st', 'su', 'sv', 'sy', 'sz', 'tc', 'td', 'tel', 'tf', 'tg', 'th', 'tj', 'tk', 'tl', 'tm', 'tn', 'to', 'tp', 'tr', 'travel', 'tt', 'tv', 'tw', 'tz', 'ua', 'ug', 'uk', 'us', 'uy', 'uz', 'va', 'vc', 've', 'vg', 'vi', 'vn', 'vu', 'wf', 'ws', 'ye', 'yt', 'yu', 'za', 'zm', 'zw'); + + if (!in_array($url_parts[2], $tlds)) continue; + + // Call user specified func + $modified_url = $callback($url); + + // Replace it! + $start = mb_strpos($text, $url, $offset); + $text = substr_replace($text, $modified_url, $start, mb_strlen($url)); + $offset = $start + mb_strlen($modified_url); + } + + return $text; +} + +function common_linkify($url) { + $display = $url; + $url = (!preg_match('#^([a-z]+://|(mailto|aim|tel):)#i', $url)) ? 'http://'.$url:$url; + + if ($longurl = common_longurl($url)) { $longurl = htmlentities($longurl, ENT_QUOTES, 'UTF-8'); - $title = " title='$longurl'"; + $title = "title=\"$longurl\""; } else $title = ''; - - return '' . $uri . '' . $trailer; + + return "$display"; } function common_longurl($short_url) -- cgit v1.2.3-54-g00ecf From 4090471ebec98654931c8f7b369495d093739541 Mon Sep 17 00:00:00 2001 From: Sean Murphy Date: Wed, 4 Feb 2009 23:18:45 -0500 Subject: Forgot to replace URL shortening regex with new function. --- lib/util.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/util.php b/lib/util.php index 92dca1194..87c239d5d 100644 --- a/lib/util.php +++ b/lib/util.php @@ -488,7 +488,7 @@ function common_shorten_links($text) static $cache = array(); if (isset($cache[$text])) return $cache[$text]; // \s = not a horizontal whitespace character (since PHP 5.2.4) - return $cache[$text] = preg_replace('@https?://[^)\]>\s]+@e', "common_shorten_link('\\0')", $text); + return $cache[$text] = common_replace_urls_callback($text, 'common_shorten_link');; } function common_shorten_link($url, $reverse = false) -- cgit v1.2.3-54-g00ecf From 7ad3ff4a2cd494ef8c1cc293e15c0a70b8786fee Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Thu, 5 Feb 2009 11:46:17 -0500 Subject: Allow re-authentication with OpenID "Rememberme" logins aren't allowed to make changes to an account (since cookie-stealing is too easy). Users have to re-authenticate. Previously, it was impossible to do so without having a username and password; this change lets you do it with OpenID, too. --- actions/finishopenidlogin.php | 2 +- actions/openidlogin.php | 13 +++++++++++-- classes/User.php | 11 +++++++++++ lib/settingsaction.php | 7 ++++++- 4 files changed, 29 insertions(+), 4 deletions(-) (limited to 'lib') diff --git a/actions/finishopenidlogin.php b/actions/finishopenidlogin.php index 880a9505b..bc9151120 100644 --- a/actions/finishopenidlogin.php +++ b/actions/finishopenidlogin.php @@ -30,7 +30,7 @@ class FinishopenidloginAction extends Action function handle($args) { parent::handle($args); - if (common_logged_in()) { + if (common_is_real_login()) { $this->clientError(_('Already logged in.')); } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { $token = $this->trimmed('token'); diff --git a/actions/openidlogin.php b/actions/openidlogin.php index 7a267a2bd..1a4372d73 100644 --- a/actions/openidlogin.php +++ b/actions/openidlogin.php @@ -26,7 +26,7 @@ class OpenidloginAction extends Action function handle($args) { parent::handle($args); - if (common_logged_in()) { + if (common_is_real_login()) { $this->clientError(_('Already logged in.')); } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { $openid_url = $this->trimmed('openid_url'); @@ -59,7 +59,16 @@ class OpenidloginAction extends Action function getInstructions() { - return _('Login with an [OpenID](%%doc.openid%%) account.'); + if (common_logged_in() && !common_is_real_login() && + common_get_returnto()) { + // rememberme logins have to reauthenticate before + // changing any profile settings (cookie-stealing protection) + return _('For security reasons, please re-login with your ' . + '[OpenID](%%doc.openid%%) ' . + 'before changing your settings.'); + } else { + return _('Login with an [OpenID](%%doc.openid%%) account.'); + } } function showPageNotice() diff --git a/classes/User.php b/classes/User.php index b1c061c18..a6a1b11b9 100644 --- a/classes/User.php +++ b/classes/User.php @@ -630,4 +630,15 @@ class User extends Memcached_DataObject return $profile; } + + function hasOpenID() + { + $oid = new User_openid(); + + $oid->user_id = $this->id; + + $cnt = $oid->find(); + + return ($cnt > 0); + } } diff --git a/lib/settingsaction.php b/lib/settingsaction.php index dfe1f114b..53c807c6f 100644 --- a/lib/settingsaction.php +++ b/lib/settingsaction.php @@ -76,7 +76,12 @@ class SettingsAction extends Action // change important settings or see private info, and // _all_ our settings are important common_set_returnto($this->selfUrl()); - common_redirect(common_local_url('login')); + $user = common_current_user(); + if ($user->hasOpenID()) { + common_redirect(common_local_url('openidlogin')); + } else { + common_redirect(common_local_url('login')); + } } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { $this->handlePost(); } else { -- cgit v1.2.3-54-g00ecf From 9febe8ce394d8428355ac73f1c0f6a9555252bd2 Mon Sep 17 00:00:00 2001 From: Robin Millette Date: Thu, 5 Feb 2009 18:10:47 +0000 Subject: trac #1142 fix tag rss --- actions/tagrss.php | 16 +++++++--------- lib/util.php | 2 ++ 2 files changed, 9 insertions(+), 9 deletions(-) (limited to 'lib') diff --git a/actions/tagrss.php b/actions/tagrss.php index b4c2dcdff..a77fa12c9 100644 --- a/actions/tagrss.php +++ b/actions/tagrss.php @@ -25,12 +25,12 @@ require_once(INSTALLDIR.'/lib/rssaction.php'); class TagrssAction extends Rss10Action { + var $tag; - function init() - { - $tag = $this->trimmed('tag'); + function prepare($args) { + parent::prepare($args); + $tag = common_canonical_tag($this->trimmed('tag')); $this->tag = Notice_tag::staticGet('tag', $tag); - if (!$this->tag) { $this->clientError(_('No such tag.')); return false; @@ -39,7 +39,7 @@ class TagrssAction extends Rss10Action } } - function get_notices($limit=0) + function getNotices($limit=0) { $tag = $this->tag; @@ -48,7 +48,6 @@ class TagrssAction extends Rss10Action } $notice = Notice_tag::getStream($tag->tag, 0, ($limit == 0) ? NOTICES_PER_PAGE : $limit); - while ($notice->fetch()) { $notices[] = clone($notice); } @@ -56,10 +55,9 @@ class TagrssAction extends Rss10Action return $notices; } - function get_channel() + function getChannel() { - $tag = $this->tag->tag; - + $tagname = $this->tag->tag; $c = array('url' => common_local_url('tagrss', array('tag' => $tagname)), 'title' => $tagname, 'link' => common_local_url('tagrss', array('tag' => $tagname)), diff --git a/lib/util.php b/lib/util.php index 579f964ac..cbff35a9d 100644 --- a/lib/util.php +++ b/lib/util.php @@ -736,6 +736,8 @@ function common_fancy_url($action, $args=null) return common_path("api/statuses/public_timeline.atom"); case 'publicxrds': return common_path('xrds'); + case 'tagrss': + return common_path('tag/' . $args['tag'] . '/rss'); case 'featuredrss': return common_path('featuredrss'); case 'favoritedrss': -- cgit v1.2.3-54-g00ecf