Merge branch '0.9-release'

* 0.9-release: (874 commits)
  Removed call to NewDirectMessage() until IE return is fixed i.e.,
  Don't show flag user button your own profile
  Fixed HXR response for flag user
  Using the right form class name
  Using common_redirect
  Left a form_data class of a <ul> in the user admin panel
  Added validation to fields in user admin panel
  Added a user admin panel
  Added mobile logos for default and identica themes
  Changed gif to png
  Changed this to action. THANKS zach!
  Doing content negotiation only once
  Add execute bit to pingqueuehandler
  Localisation updates for !StatusNet from !translatewiki.net
  Use the browser's geolocation API to set the location on the notice form
  Add geometa library, and include it.
  Add location form elements to the noticeform, and save their values on submission
  Use the $user object nickname, as login name doesnt have to == nickname anymore with plugins such as ldap/etc
  Revert "Re added NICKNAME_FMT constant to router.php."
  Moved most path and server settings to a new paths admin panel
  ...

Conflicts:
	js/util.js
	locale/it_IT/LC_MESSAGES/statusnet.mo
	locale/mk_MK/LC_MESSAGES/statusnet.mo
	locale/mk_MK/LC_MESSAGES/statusnet.po
	locale/pt_BR/LC_MESSAGES/statusnet.mo
	locale/vi_VN/LC_MESSAGES/statusnet.mo
	plugins/InfiniteScroll/infinitescroll.js
	plugins/Realtime/realtimeupdate.js

1 files changed, 104 insertions, 0 deletions

diff --git a/plugins/Facebook/facebook/facebook_desktop.php b/plugins/Facebook/facebook/facebook_desktop.php
new file mode 100644
index 000000000..e79a2ca34
--- /dev/null
+++ b/plugins/Facebook/facebook/facebook_desktop.php
@@ -0,0 +1,104 @@
+<?php
+// Copyright 2004-2009 Facebook. All Rights Reserved.
+//
+// +---------------------------------------------------------------------------+
+// | Facebook Platform PHP5 client                                             |
+// +---------------------------------------------------------------------------+
+// | Copyright (c) 2007 Facebook, Inc.                                         |
+// | All rights reserved.                                                      |
+// |                                                                           |
+// | Redistribution and use in source and binary forms, with or without        |
+// | modification, are permitted provided that the following conditions        |
+// | are met:                                                                  |
+// |                                                                           |
+// | 1. Redistributions of source code must retain the above copyright         |
+// |    notice, this list of conditions and the following disclaimer.          |
+// | 2. Redistributions in binary form must reproduce the above copyright      |
+// |    notice, this list of conditions and the following disclaimer in the    |
+// |    documentation and/or other materials provided with the distribution.   |
+// |                                                                           |
+// | THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR      |
+// | IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
+// | OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.   |
+// | IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,          |
+// | INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT  |
+// | NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
+// | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY     |
+// | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT       |
+// | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF  |
+// | THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.         |
+// +---------------------------------------------------------------------------+
+// | For help with this library, contact developers-help@facebook.com          |
+// +---------------------------------------------------------------------------+
+//
+
+/**
+ *  This class extends and modifies the "Facebook" class to better
+ *  suit desktop apps.
+ */
+class FacebookDesktop extends Facebook {
+  // the application secret, which differs from the session secret
+  public $app_secret;
+  public $verify_sig;
+
+  public function __construct($api_key, $secret) {
+    $this->app_secret = $secret;
+    $this->verify_sig = false;
+    parent::__construct($api_key, $secret);
+  }
+
+  public function do_get_session($auth_token) {
+    $this->api_client->secret = $this->app_secret;
+    $this->api_client->session_key = null;
+    $session_info = parent::do_get_session($auth_token);
+    if (!empty($session_info['secret'])) {
+      // store the session secret
+      $this->set_session_secret($session_info['secret']);
+    }
+    return $session_info;
+  }
+
+  public function set_session_secret($session_secret) {
+    $this->secret = $session_secret;
+    $this->api_client->secret = $session_secret;
+  }
+
+  public function require_login() {
+    if ($this->get_loggedin_user()) {
+      try {
+        // try a session-based API call to ensure that we have the correct
+        // session secret
+        $user = $this->api_client->users_getLoggedInUser();
+
+        // now that we have a valid session secret, verify the signature
+        $this->verify_sig = true;
+        if ($this->validate_fb_params(false)) {
+          return $user;
+        } else {
+          // validation failed
+          return null;
+        }
+      } catch (FacebookRestClientException $ex) {
+        if (isset($_GET['auth_token'])) {
+          // if we have an auth_token, use it to establish a session
+          $session_info = $this->do_get_session($_GET['auth_token']);
+          if ($session_info) {
+            return $session_info['uid'];
+          }
+        }
+      }
+    }
+    // if we get here, we need to redirect the user to log in
+    $this->redirect($this->get_login_url(self::current_url(), $this->in_fb_canvas()));
+  }
+
+  public function verify_signature($fb_params, $expected_sig) {
+    // we don't want to verify the signature until we have a valid
+    // session secret
+    if ($this->verify_sig) {
+      return parent::verify_signature($fb_params, $expected_sig);
+    } else {
+      return true;
+    }
+  }
+}