From a5dc5f9c62aec5021b31e7f202edf2de3462b6ba Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Mon, 1 Mar 2010 14:58:06 -0800 Subject: Upgrade XML output scrubbing to better deal with newline and a few other chars --- lib/util.php | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/lib/util.php b/lib/util.php index d12a7920d..7a170a5f5 100644 --- a/lib/util.php +++ b/lib/util.php @@ -809,8 +809,28 @@ function common_shorten_links($text) function common_xml_safe_str($str) { - // Neutralize control codes and surrogates - return preg_replace('/[\p{Cc}\p{Cs}]/u', '*', $str); + // Replace common eol and extra whitespace input chars + $unWelcome = array( + "\t", // tab + "\n", // newline + "\r", // cr + "\0", // null byte eos + "\x0B" // vertical tab + ); + + $replacement = array( + ' ', // single space + ' ', + '', // nothing + '', + ' ' + ); + + $str = str_replace($unWelcome, $replacement, $str); + + // Neutralize any additional control codes and UTF-16 surrogates + // (Twitter uses '*') + return preg_replace('/[\p{Cc}\p{Cs}]/u', '*', $str); } function common_tag_link($tag) -- cgit v1.2.3-54-g00ecf From f9dd83caa72a799916725888a631725d532d780e Mon Sep 17 00:00:00 2001 From: Craig Andrews Date: Mon, 1 Mar 2010 19:56:16 -0500 Subject: Modify configuration to have an option to allow uploads regardless of mime type --- config.php.sample | 2 ++ lib/mediafile.php | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/config.php.sample b/config.php.sample index b8852dc67..5c5fb5b53 100644 --- a/config.php.sample +++ b/config.php.sample @@ -275,6 +275,8 @@ $config['sphinx']['port'] = 3312; // Support for file uploads (attachments), // select supported mimetypes and quotas (in bytes) // $config['attachments']['supported'] = array('image/png', 'application/ogg'); +// $config['attachments']['supported'] = true; //allow all file types to be uploaded + // $config['attachments']['file_quota'] = 5000000; // $config['attachments']['user_quota'] = 50000000; // $config['attachments']['monthly_quota'] = 15000000; diff --git a/lib/mediafile.php b/lib/mediafile.php index e3d5b1dbc..10d90d008 100644 --- a/lib/mediafile.php +++ b/lib/mediafile.php @@ -262,7 +262,7 @@ class MediaFile $filetype = MIME_Type::autoDetect($stream['uri']); } - if (in_array($filetype, common_config('attachments', 'supported'))) { + if (common_config('attachments', 'supported') === true || in_array($filetype, common_config('attachments', 'supported'))) { return $filetype; } $media = MIME_Type::getMedia($filetype); -- cgit v1.2.3-54-g00ecf From d8212977ce7f911d4f9bd6e55f94aea059a86782 Mon Sep 17 00:00:00 2001 From: Craig Andrews Date: Mon, 1 Mar 2010 21:40:42 -0500 Subject: Use PHP exceptions for PEAR error handling. Allows for the common try/catch construct, which makes error handling cleaner and easier. --- index.php | 97 ++++++++++++++++++++++++++++++---------------------------- lib/common.php | 12 ++++++++ 2 files changed, 63 insertions(+), 46 deletions(-) (limited to 'lib') diff --git a/index.php b/index.php index 06ff9900f..88658a3ad 100644 --- a/index.php +++ b/index.php @@ -37,8 +37,6 @@ define('INSTALLDIR', dirname(__FILE__)); define('STATUSNET', true); define('LACONICA', true); // compatibility -require_once INSTALLDIR . '/lib/common.php'; - $user = null; $action = null; @@ -68,52 +66,63 @@ function getPath($req) */ function handleError($error) { - if ($error->getCode() == DB_DATAOBJECT_ERROR_NODATA) { - return; - } + try { - $logmsg = "PEAR error: " . $error->getMessage(); - if (common_config('site', 'logdebug')) { - $logmsg .= " : ". $error->getDebugInfo(); - } - // DB queries often end up with a lot of newlines; merge to a single line - // for easier grepability... - $logmsg = str_replace("\n", " ", $logmsg); - common_log(LOG_ERR, $logmsg); - - // @fixme backtrace output should be consistent with exception handling - if (common_config('site', 'logdebug')) { - $bt = $error->getBacktrace(); - foreach ($bt as $n => $line) { - common_log(LOG_ERR, formatBacktraceLine($n, $line)); + if ($error->getCode() == DB_DATAOBJECT_ERROR_NODATA) { + return; } - } - if ($error instanceof DB_DataObject_Error - || $error instanceof DB_Error - ) { - $msg = sprintf( - _( - 'The database for %s isn\'t responding correctly, '. - 'so the site won\'t work properly. '. - 'The site admins probably know about the problem, '. - 'but you can contact them at %s to make sure. '. - 'Otherwise, wait a few minutes and try again.' - ), - common_config('site', 'name'), - common_config('site', 'email') - ); - } else { - $msg = _( - 'An important error occured, probably related to email setup. '. - 'Check logfiles for more info..' - ); - } - $dac = new DBErrorAction($msg, 500); - $dac->showPage(); + $logmsg = "PEAR error: " . $error->getMessage(); + if ($error instanceof PEAR_Exception && common_config('site', 'logdebug')) { + $logmsg .= " : ". $error->toText(); + } + // DB queries often end up with a lot of newlines; merge to a single line + // for easier grepability... + $logmsg = str_replace("\n", " ", $logmsg); + common_log(LOG_ERR, $logmsg); + + // @fixme backtrace output should be consistent with exception handling + if (common_config('site', 'logdebug')) { + $bt = $error->getTrace(); + foreach ($bt as $n => $line) { + common_log(LOG_ERR, formatBacktraceLine($n, $line)); + } + } + if ($error instanceof DB_DataObject_Error + || $error instanceof DB_Error + || ($error instanceof PEAR_Exception && $error->getCode() == -24) + ) { + $msg = sprintf( + _( + 'The database for %s isn\'t responding correctly, '. + 'so the site won\'t work properly. '. + 'The site admins probably know about the problem, '. + 'but you can contact them at %s to make sure. '. + 'Otherwise, wait a few minutes and try again.' + ), + common_config('site', 'name'), + common_config('site', 'email') + ); + } else { + $msg = _( + 'An important error occured, probably related to email setup. '. + 'Check logfiles for more info..' + ); + } + + $dac = new DBErrorAction($msg, 500); + $dac->showPage(); + + } catch (Exception $e) { + echo _('An error occurred.'); + } exit(-1); } +set_exception_handler('handleError'); + +require_once INSTALLDIR . '/lib/common.php'; + /** * Format a backtrace line for debug output roughly like debug_print_backtrace() does. * Exceptions already have this built in, but PEAR error objects just give us the array. @@ -238,10 +247,6 @@ function main() return; } - // For database errors - - PEAR::setErrorHandling(PEAR_ERROR_CALLBACK, 'handleError'); - // Make sure RW database is setup setupRW(); diff --git a/lib/common.php b/lib/common.php index 546f6bbe4..6c01c7db4 100644 --- a/lib/common.php +++ b/lib/common.php @@ -71,6 +71,7 @@ if (!function_exists('dl')) { # global configuration object require_once('PEAR.php'); +require_once('PEAR/Exception.php'); require_once('DB/DataObject.php'); require_once('DB/DataObject/Cast.php'); # for dates @@ -128,6 +129,17 @@ require_once INSTALLDIR.'/lib/activity.php'; require_once INSTALLDIR.'/lib/clientexception.php'; require_once INSTALLDIR.'/lib/serverexception.php'; + +//set PEAR error handling to use regular PHP exceptions +function PEAR_ErrorToPEAR_Exception($err) +{ + if ($err->getCode()) { + throw new PEAR_Exception($err->getMessage(), $err->getCode()); + } + throw new PEAR_Exception($err->getMessage()); +} +PEAR::setErrorHandling(PEAR_ERROR_CALLBACK, 'PEAR_ErrorToPEAR_Exception'); + try { StatusNet::init(@$server, @$path, @$conffile); } catch (NoConfigException $e) { -- cgit v1.2.3-54-g00ecf