diff options
Diffstat (limited to 'actions')
76 files changed, 3080 insertions, 779 deletions
diff --git a/actions/all.php b/actions/all.php index f1786462e..61cedce74 100644 --- a/actions/all.php +++ b/actions/all.php @@ -99,19 +99,17 @@ class AllAction extends ProfileAction sprintf(_('Feed for friends of %s (RSS 1.0)'), $this->user->nickname)), new Feed(Feed::RSS2, common_local_url( - 'api', array( - 'apiaction' => 'statuses', - 'method' => 'friends_timeline', - 'argument' => $this->user->nickname.'.rss' + 'ApiTimelineFriends', array( + 'format' => 'rss', + 'id' => $this->user->nickname ) ), sprintf(_('Feed for friends of %s (RSS 2.0)'), $this->user->nickname)), new Feed(Feed::ATOM, common_local_url( - 'api', array( - 'apiaction' => 'statuses', - 'method' => 'friends_timeline', - 'argument' => $this->user->nickname.'.atom' + 'ApiTimelineFriends', array( + 'format' => 'atom', + 'id' => $this->user->nickname ) ), sprintf(_('Feed for friends of %s (Atom)'), $this->user->nickname)) diff --git a/actions/apiaccountratelimitstatus.php b/actions/apiaccountratelimitstatus.php index 96179f175..1a5afd552 100644 --- a/actions/apiaccountratelimitstatus.php +++ b/actions/apiaccountratelimitstatus.php @@ -67,7 +67,7 @@ class ApiAccountRateLimitStatusAction extends ApiBareAuthAction if (!in_array($this->format, array('xml', 'json'))) { $this->clientError( - _('API method not found!'), + _('API method not found.'), 404, $this->format ); diff --git a/actions/apiaccountupdatedeliverydevice.php b/actions/apiaccountupdatedeliverydevice.php new file mode 100644 index 000000000..684906fe9 --- /dev/null +++ b/actions/apiaccountupdatedeliverydevice.php @@ -0,0 +1,157 @@ +<?php +/** + * StatusNet, the distributed open-source microblogging tool + * + * Update the authenticating user notification channels + * + * PHP version 5 + * + * LICENCE: This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * @category API + * @package StatusNet + * @author Zach Copley <zach@status.net> + * @copyright 2009 StatusNet, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +if (!defined('STATUSNET')) { + exit(1); +} + +require_once INSTALLDIR . '/lib/apiauth.php'; + +/** + * Sets which channel (device) StatusNet delivers updates to for + * the authenticating user. Sending none as the device parameter + * will disable IM and/or SMS updates. + * + * @category API + * @package StatusNet + * @author Zach Copley <zach@status.net> + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +class ApiAccountUpdateDeliveryDeviceAction extends ApiAuthAction +{ + /** + * Take arguments for running + * + * @param array $args $_REQUEST args + * + * @return boolean success flag + * + */ + + function prepare($args) + { + parent::prepare($args); + + $this->user = $this->auth_user; + $this->device = $this->trimmed('device'); + + return true; + } + + /** + * Handle the request + * + * See which request params have been set, and update the user settings + * + * @param array $args $_REQUEST data (unused) + * + * @return void + */ + + function handle($args) + { + parent::handle($args); + + if ($_SERVER['REQUEST_METHOD'] != 'POST') { + $this->clientError( + _('This method requires a POST.'), + 400, $this->format + ); + return; + } + + if (!in_array($this->format, array('xml', 'json'))) { + $this->clientError( + _('API method not found.'), + 404, + $this->format + ); + return; + } + + // Note: Twitter no longer supports IM + + if (!in_array(strtolower($this->device), array('sms', 'im', 'none'))) { + $this->clientError( + _( + 'You must specify a parameter named ' . + '\'device\' with a value of one of: sms, im, none' + ) + ); + return; + } + + if (empty($this->user)) { + $this->clientError(_('No such user.'), 404, $this->format); + return; + } + + $original = clone($this->user); + + if (strtolower($this->device) == 'sms') { + $this->user->smsnotify = true; + } elseif (strtolower($this->device) == 'im') { + $this->user->jabbernotify = true; + } elseif (strtolower($this->device == 'none')) { + $this->user->smsnotify = false; + $this->user->jabbernotify = false; + } + + $result = $this->user->update($original); + + if ($result === false) { + common_log_db_error($this->user, 'UPDATE', __FILE__); + $this->serverError(_('Could not update user.')); + return; + } + + $profile = $this->user->getProfile(); + + $twitter_user = $this->twitterUserArray($profile, true); + + // Note: this Twitter API method is retarded because it doesn't give + // any success/failure information. Twitter's docs claim that the + // notification field will change to reflect notification choice, + // but that's not true; notification> is used to indicate + // whether the auth user is following the user in question. + + if ($this->format == 'xml') { + $this->initDocument('xml'); + $this->showTwitterXmlUser($twitter_user); + $this->endDocument('xml'); + } elseif ($this->format == 'json') { + $this->initDocument('json'); + $this->showJsonObjects($twitter_user); + $this->endDocument('json'); + } + } + +} diff --git a/actions/apiaccountupdateprofile.php b/actions/apiaccountupdateprofile.php new file mode 100644 index 000000000..fd4384a25 --- /dev/null +++ b/actions/apiaccountupdateprofile.php @@ -0,0 +1,166 @@ +<?php +/** + * StatusNet, the distributed open-source microblogging tool + * + * Update the authenticating user's profile + * + * PHP version 5 + * + * LICENCE: This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * @category API + * @package StatusNet + * @author Zach Copley <zach@status.net> + * @copyright 2009 StatusNet, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +if (!defined('STATUSNET')) { + exit(1); +} + +require_once INSTALLDIR . '/lib/apiauth.php'; + +/** + * API analog to the profile settings page + * Only the parameters specified will be updated. + * + * @category API + * @package StatusNet + * @author Zach Copley <zach@status.net> + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +class ApiAccountUpdateProfileAction extends ApiAuthAction +{ + + /** + * Take arguments for running + * + * @param array $args $_REQUEST args + * + * @return boolean success flag + * + */ + + function prepare($args) + { + parent::prepare($args); + + $this->user = $this->auth_user; + + $this->name = $this->trimmed('name'); + $this->url = $this->trimmed('url'); + $this->location = $this->trimmed('location'); + $this->description = $this->trimmed('description'); + + return true; + } + + /** + * Handle the request + * + * See which request params have been set, and update the profile + * + * @param array $args $_REQUEST data (unused) + * + * @return void + */ + + function handle($args) + { + parent::handle($args); + + if ($_SERVER['REQUEST_METHOD'] != 'POST') { + $this->clientError( + _('This method requires a POST.'), + 400, $this->format + ); + return; + } + + if (!in_array($this->format, array('xml', 'json'))) { + $this->clientError( + _('API method not found.'), + 404, + $this->format + ); + return; + } + + if (empty($this->user)) { + $this->clientError(_('No such user.'), 404, $this->format); + return; + } + + $profile = $this->user->getProfile(); + + if (empty($profile)) { + $this->clientError(_('User has no profile.')); + return; + } + + $original = clone($profile); + + if (empty($this->name)) { + $profile->fullname = $this->name; + } + + if (empty($this->url)) { + $profile->homepage = $this->url; + } + + if (!empty($this->description)) { + $profile->bio = $this->description; + } + + if (!empty($this->location)) { + $profile->location = $this->location; + + $loc = Location::fromName($location); + + if (!empty($loc)) { + $profile->lat = $loc->lat; + $profile->lon = $loc->lon; + $profile->location_id = $loc->location_id; + $profile->location_ns = $loc->location_ns; + } + } + + $result = $profile->update($original); + + if (!$result) { + common_log_db_error($profile, 'UPDATE', __FILE__); + $this->serverError(_('Could not save profile.')); + return; + } + + common_broadcast_profile($profile); + + $twitter_user = $this->twitterUserArray($profile, true); + + if ($this->format == 'xml') { + $this->initDocument('xml'); + $this->showTwitterXmlUser($twitter_user); + $this->endDocument('xml'); + } elseif ($this->format == 'json') { + $this->initDocument('json'); + $this->showJsonObjects($twitter_user); + $this->endDocument('json'); + } + } + +} diff --git a/actions/apiaccountupdateprofilebackgroundimage.php b/actions/apiaccountupdateprofilebackgroundimage.php new file mode 100644 index 000000000..3537b9f97 --- /dev/null +++ b/actions/apiaccountupdateprofilebackgroundimage.php @@ -0,0 +1,211 @@ +<?php +/** + * StatusNet, the distributed open-source microblogging tool + * + * Update the authenticating user's profile background image + * + * PHP version 5 + * + * LICENCE: This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * @category API + * @package StatusNet + * @author Zach Copley <zach@status.net> + * @copyright 2009 StatusNet, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +if (!defined('STATUSNET')) { + exit(1); +} + +require_once INSTALLDIR . '/lib/apiauth.php'; + +/** + * Update the authenticating user's profile background image + * + * @category API + * @package StatusNet + * @author Zach Copley <zach@status.net> + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +class ApiAccountUpdateProfileBackgroundImageAction extends ApiAuthAction +{ + + var $tile = false; + + /** + * Take arguments for running + * + * @param array $args $_REQUEST args + * + * @return boolean success flag + * + */ + + function prepare($args) + { + parent::prepare($args); + + $this->user = $this->auth_user; + $this->tile = $this->arg('tile'); + + return true; + } + + /** + * Handle the request + * + * Check whether the credentials are valid and output the result + * + * @param array $args $_REQUEST data (unused) + * + * @return void + */ + + function handle($args) + { + parent::handle($args); + + if ($_SERVER['REQUEST_METHOD'] != 'POST') { + $this->clientError( + _('This method requires a POST.'), + 400, $this->format + ); + return; + } + + if (!in_array($this->format, array('xml', 'json'))) { + $this->clientError( + _('API method not found.'), + 404, + $this->format + ); + return; + } + + // Workaround for PHP returning empty $_POST and $_FILES when POST + // length > post_max_size in php.ini + + if (empty($_FILES) + && empty($_POST) + && ($_SERVER['CONTENT_LENGTH'] > 0) + ) { + $msg = _('The server was unable to handle that much POST ' . + 'data (%s bytes) due to its current configuration.'); + + $this->clientError(sprintf($msg, $_SERVER['CONTENT_LENGTH'])); + return; + } + + if (empty($this->user)) { + $this->clientError(_('No such user.'), 404, $this->format); + return; + } + + $design = $this->user->getDesign(); + + // XXX: This is kinda gross, but before we can add a background + // img we have to make sure there's a Design because design ID + // is part of the img filename. + + if (empty($design)) { + + $this->user->query('BEGIN'); + + // save new design + $design = new Design(); + $id = $design->insert(); + + if (empty($id)) { + common_log_db_error($id, 'INSERT', __FILE__); + $this->clientError(_('Unable to save your design settings.')); + return; + } + + $original = clone($this->user); + $this->user->design_id = $id; + $result = $this->user->update($original); + + if (empty($result)) { + common_log_db_error($original, 'UPDATE', __FILE__); + $this->clientError(_('Unable to save your design settings.')); + $this->user->query('ROLLBACK'); + return; + } + + $this->user->query('COMMIT'); + } + + // Okay, now get the image and add it to the design + + try { + $imagefile = ImageFile::fromUpload('image'); + } catch (Exception $e) { + $this->clientError($e->getMessage(), 400, $this->format); + return; + } + + $filename = Design::filename( + $design->id, + image_type_to_extension($imagefile->type), + common_timestamp() + ); + + $filepath = Design::path($filename); + + move_uploaded_file($imagefile->filepath, $filepath); + + // delete any old backround img laying around + + if (isset($design->backgroundimage)) { + @unlink(Design::path($design->backgroundimage)); + } + + $original = clone($design); + $design->backgroundimage = $filename; + $design->setDisposition(true, false, ($this->tile == 'true')); + + $result = $design->update($original); + + if ($result === false) { + common_log_db_error($design, 'UPDATE', __FILE__); + $this->showForm(_('Could not update your design.')); + return; + } + + $profile = $this->user->getProfile(); + + if (empty($profile)) { + $this->clientError(_('User has no profile.')); + return; + } + + $twitter_user = $this->twitterUserArray($profile, true); + + if ($this->format == 'xml') { + $this->initDocument('xml'); + $this->showTwitterXmlUser($twitter_user); + $this->endDocument('xml'); + } elseif ($this->format == 'json') { + $this->initDocument('json'); + $this->showJsonObjects($twitter_user); + $this->endDocument('json'); + } + } + +} diff --git a/actions/apiaccountupdateprofilecolors.php b/actions/apiaccountupdateprofilecolors.php new file mode 100644 index 000000000..3cac82974 --- /dev/null +++ b/actions/apiaccountupdateprofilecolors.php @@ -0,0 +1,246 @@ +<?php +/** + * StatusNet, the distributed open-source microblogging tool + * + * Update a user's design colors + * + * PHP version 5 + * + * LICENCE: This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * @category API + * @package StatusNet + * @author Zach Copley <zach@status.net> + * @copyright 2009 StatusNet, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +if (!defined('STATUSNET')) { + exit(1); +} + +require_once INSTALLDIR . '/lib/apiauth.php'; + +/** + * Sets one or more hex values that control the color scheme of the + * authenticating user's design + * + * @category API + * @package StatusNet + * @author Zach Copley <zach@status.net> + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +class ApiAccountUpdateProfileColorsAction extends ApiAuthAction +{ + + var $profile_background_color = null; + var $profile_text_color = null; + var $profile_link_color = null; + var $profile_sidebar_fill_color = null; + var $profile_sidebar_border_color = null; + + /** + * Take arguments for running + * + * @param array $args $_REQUEST args + * + * @return boolean success flag + * + */ + + function prepare($args) + { + parent::prepare($args); + + $this->user = $this->auth_user; + + $this->profile_background_color + = $this->trimmed('profile_background_color'); + $this->profile_text_color + = $this->trimmed('profile_text_color'); + $this->profile_link_color + = $this->trimmed('profile_link_color'); + $this->profile_sidebar_fill_color + = $this->trimmed('profile_sidebar_fill_color'); + + // XXX: we don't support changing the sidebar border color + // in our designs. + + $this->profile_sidebar_border_color + = $this->trimmed('profile_sidebar_border_color'); + + // XXX: Unlike Twitter, we do allow people to change the 'content color' + + $this->profile_content_color = $this->trimmed('profile_content_color'); + + return true; + } + + /** + * Handle the request + * + * Try to save the user's colors in her design. Create a new design + * if the user doesn't already have one. + * + * @param array $args $_REQUEST data (unused) + * + * @return void + */ + + function handle($args) + { + parent::handle($args); + + if ($_SERVER['REQUEST_METHOD'] != 'POST') { + $this->clientError( + _('This method requires a POST.'), + 400, $this->format + ); + return; + } + + if (!in_array($this->format, array('xml', 'json'))) { + $this->clientError( + _('API method not found.'), + 404, + $this->format + ); + return; + } + + $design = $this->user->getDesign(); + + if (!empty($design)) { + + $original = clone($design); + + try { + $this->setColors($design); + } catch (WebColorException $e) { + $this->clientError($e->getMessage()); + return false; + } + + $result = $design->update($original); + + if ($result === false) { + common_log_db_error($design, 'UPDATE', __FILE__); + $this->clientError(_('Could not update your design.')); + return; + } + + } else { + + $this->user->query('BEGIN'); + + // save new design + $design = new Design(); + + try { + $this->setColors($design); + } catch (WebColorException $e) { + $this->clientError($e->getMessage()); + return false; + } + + $id = $design->insert(); + + if (empty($id)) { + common_log_db_error($id, 'INSERT', __FILE__); + $this->clientError(_('Unable to save your design settings.')); + return; + } + + $original = clone($this->user); + $this->user->design_id = $id; + $result = $this->user->update($original); + + if (empty($result)) { + common_log_db_error($original, 'UPDATE', __FILE__); + $this->clientError(_('Unable to save your design settings.')); + $this->user->query('ROLLBACK'); + return; + } + + $this->user->query('COMMIT'); + } + + $profile = $this->user->getProfile(); + + if (empty($profile)) { + $this->clientError(_('User has no profile.')); + return; + } + + $twitter_user = $this->twitterUserArray($profile, true); + + if ($this->format == 'xml') { + $this->initDocument('xml'); + $this->showTwitterXmlUser($twitter_user); + $this->endDocument('xml'); + } elseif ($this->format == 'json') { + $this->initDocument('json'); + $this->showJsonObjects($twitter_user); + $this->endDocument('json'); + } + } + + /** + * Sets the user's design colors based on the request parameters + * + * @param Design $design the user's Design + * + * @return void + */ + + function setColors($design) + { + $bgcolor = empty($this->profile_background_color) ? + null : new WebColor($this->profile_background_color); + $tcolor = empty($this->profile_text_color) ? + null : new WebColor($this->profile_text_color); + $sbcolor = empty($this->profile_sidebar_fill_color) ? + null : new WebColor($this->profile_sidebar_fill_color); + $lcolor = empty($this->profile_link_color) ? + null : new WebColor($this->profile_link_color); + $ccolor = empty($this->profile_content_color) ? + null : new WebColor($this->profile_content_color); + + if (!empty($bgcolor)) { + $design->backgroundcolor = $bgcolor->intValue(); + } + + if (!empty($ccolor)) { + $design->contentcolor = $ccolor->intValue(); + } + + if (!empty($sbcolor)) { + $design->sidebarcolor = $sbcolor->intValue(); + } + + if (!empty($tcolor)) { + $design->textcolor = $tcolor->intValue(); + } + + if (!empty($lcolor)) { + $design->linkcolor = $lcolor->intValue(); + } + + return true; + } + +} diff --git a/actions/apiaccountupdateprofileimage.php b/actions/apiaccountupdateprofileimage.php new file mode 100644 index 000000000..153ef7818 --- /dev/null +++ b/actions/apiaccountupdateprofileimage.php @@ -0,0 +1,151 @@ +<?php +/** + * StatusNet, the distributed open-source microblogging tool + * + * Update the authenticating user's profile image + * + * PHP version 5 + * + * LICENCE: This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * @category API + * @package StatusNet + * @author Zach Copley <zach@status.net> + * @copyright 2009 StatusNet, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +if (!defined('STATUSNET')) { + exit(1); +} + +require_once INSTALLDIR . '/lib/apiauth.php'; + +/** + * Updates the authenticating user's profile image. Note that this API method + * expects raw multipart data, not a URL to an image. + * + * @category API + * @package StatusNet + * @author Zach Copley <zach@status.net> + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +class ApiAccountUpdateProfileImageAction extends ApiAuthAction +{ + + /** + * Take arguments for running + * + * @param array $args $_REQUEST args + * + * @return boolean success flag + * + */ + + function prepare($args) + { + parent::prepare($args); + + $this->user = $this->auth_user; + + return true; + } + + /** + * Handle the request + * + * Check whether the credentials are valid and output the result + * + * @param array $args $_REQUEST data (unused) + * + * @return void + */ + + function handle($args) + { + parent::handle($args); + + if ($_SERVER['REQUEST_METHOD'] != 'POST') { + $this->clientError( + _('This method requires a POST.'), + 400, $this->format + ); + return; + } + + // Workaround for PHP returning empty $_POST and $_FILES when POST + // length > post_max_size in php.ini + + if (empty($_FILES) + && empty($_POST) + && ($_SERVER['CONTENT_LENGTH'] > 0) + ) { + $msg = _('The server was unable to handle that much POST ' . + 'data (%s bytes) due to its current configuration.'); + + $this->clientError(sprintf($msg, $_SERVER['CONTENT_LENGTH'])); + return; + } + + if (empty($this->user)) { + $this->clientError(_('No such user.'), 404, $this->format); + return; + } + + try { + $imagefile = ImageFile::fromUpload('image'); + } catch (Exception $e) { + $this->clientError($e->getMessage(), 400, $this->format); + return; + } + + $filename = Avatar::filename( + $user->id, + image_type_to_extension($imagefile->type), + null, + 'tmp'.common_timestamp() + ); + + $filepath = Avatar::path($filename); + + move_uploaded_file($imagefile->filepath, $filepath); + + $profile = $this->user->getProfile(); + + if (empty($profile)) { + $this->clientError(_('User has no profile.')); + return; + } + + $profile->setOriginal($filename); + + common_broadcast_profile($profile); + + $twitter_user = $this->twitterUserArray($profile, true); + + if ($this->format == 'xml') { + $this->initDocument('xml'); + $this->showTwitterXmlUser($twitter_user); + $this->endDocument('xml'); + } elseif ($this->format == 'json') { + $this->initDocument('json'); + $this->showJsonObjects($twitter_user); + $this->endDocument('json'); + } + } + +} diff --git a/actions/apiblockcreate.php b/actions/apiblockcreate.php index 1cab2df5d..4f941f6c3 100644 --- a/actions/apiblockcreate.php +++ b/actions/apiblockcreate.php @@ -94,7 +94,7 @@ class ApiBlockCreateAction extends ApiAuthAction } if (empty($this->user) || empty($this->other)) { - $this->clientError(_('No such user!'), 404, $this->format); + $this->clientError(_('No such user.'), 404, $this->format); return; } diff --git a/actions/apiblockdestroy.php b/actions/apiblockdestroy.php index 16dbf94ca..328f18ab0 100644 --- a/actions/apiblockdestroy.php +++ b/actions/apiblockdestroy.php @@ -93,7 +93,7 @@ class ApiBlockDestroyAction extends ApiAuthAction } if (empty($this->user) || empty($this->other)) { - $this->clientError(_('No such user!'), 404, $this->format); + $this->clientError(_('No such user.'), 404, $this->format); return; } diff --git a/actions/apidirectmessage.php b/actions/apidirectmessage.php index a21fe86d2..5b3f412ad 100644 --- a/actions/apidirectmessage.php +++ b/actions/apidirectmessage.php @@ -74,7 +74,7 @@ class ApiDirectMessageAction extends ApiAuthAction $this->user = $this->auth_user; if (empty($this->user)) { - $this->clientError(_('No such user!'), 404, $this->format); + $this->clientError(_('No such user.'), 404, $this->format); return; } diff --git a/actions/apidirectmessagenew.php b/actions/apidirectmessagenew.php index ca1ee70dd..fed6acc30 100644 --- a/actions/apidirectmessagenew.php +++ b/actions/apidirectmessagenew.php @@ -72,7 +72,7 @@ class ApiDirectMessageNewAction extends ApiAuthAction $this->user = $this->auth_user; if (empty($this->user)) { - $this->clientError(_('No such user!'), 404, $this->format); + $this->clientError(_('No such user.'), 404, $this->format); return; } diff --git a/actions/apifriendshipsexists.php b/actions/apifriendshipsexists.php index ae50c512c..c040b9f6a 100644 --- a/actions/apifriendshipsexists.php +++ b/actions/apifriendshipsexists.php @@ -33,7 +33,7 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/api.php'; +require_once INSTALLDIR . '/lib/apiprivateauth.php'; /** * Tests for the existence of friendship between two users. Will return true if @@ -48,7 +48,7 @@ require_once INSTALLDIR . '/lib/api.php'; * @link http://status.net/ */ -class ApiFriendshipsExistsAction extends ApiAction +class ApiFriendshipsExistsAction extends ApiPrivateAuthAction { var $user_a = null; var $user_b = null; @@ -69,16 +69,7 @@ class ApiFriendshipsExistsAction extends ApiAction $user_a_id = $this->trimmed('user_a'); $user_b_id = $this->trimmed('user_b'); - common_debug("user_a = " . $user_a_id); - common_debug("user_b = " . $user_b_id); - - $this->user_a = $this->getTargetUser($user_a_id); - - if (empty($this->user_a)) { - common_debug('gargargra'); - } - $this->user_b = $this->getTargetUser($user_b_id); return true; diff --git a/actions/apigroupcreate.php b/actions/apigroupcreate.php index f66e83073..895dfb7ab 100644 --- a/actions/apigroupcreate.php +++ b/actions/apigroupcreate.php @@ -109,7 +109,7 @@ class ApiGroupCreateAction extends ApiAuthAction } if (empty($this->user)) { - $this->clientError(_('No such user!'), 404, $this->format); + $this->clientError(_('No such user.'), 404, $this->format); return; } diff --git a/actions/apigroupismember.php b/actions/apigroupismember.php index a8a40a6b3..08348e97b 100644 --- a/actions/apigroupismember.php +++ b/actions/apigroupismember.php @@ -87,12 +87,12 @@ class ApiGroupIsMemberAction extends ApiBareAuthAction parent::handle($args); if (empty($this->user)) { - $this->clientError(_('No such user!'), 404, $this->format); + $this->clientError(_('No such user.'), 404, $this->format); return; } if (empty($this->group)) { - $this->clientError('Group not found!', 404, $this->format); + $this->clientError(_('Group not found!'), 404, $this->format); return false; } diff --git a/actions/apigroupjoin.php b/actions/apigroupjoin.php index 071cd9290..b531d9501 100644 --- a/actions/apigroupjoin.php +++ b/actions/apigroupjoin.php @@ -96,12 +96,12 @@ class ApiGroupJoinAction extends ApiAuthAction } if (empty($this->user)) { - $this->clientError(_('No such user!'), 404, $this->format); + $this->clientError(_('No such user.'), 404, $this->format); return; } if (empty($this->group)) { - $this->clientError('Group not found!', 404, $this->format); + $this->clientError(_('Group not found!'), 404, $this->format); return false; } diff --git a/actions/apigroupleave.php b/actions/apigroupleave.php index 0d4bb9e4d..514a3a557 100644 --- a/actions/apigroupleave.php +++ b/actions/apigroupleave.php @@ -96,12 +96,12 @@ class ApiGroupLeaveAction extends ApiAuthAction } if (empty($this->user)) { - $this->clientError(_('No such user!'), 404, $this->format); + $this->clientError(_('No such user.'), 404, $this->format); return; } if (empty($this->group)) { - $this->clientError('Group not found!', 404, $this->format); + $this->clientError(_('Group not found!'), 404, $this->format); return false; } diff --git a/actions/apigrouplist.php b/actions/apigrouplist.php index c529c1e40..7b05f8a96 100644 --- a/actions/apigrouplist.php +++ b/actions/apigrouplist.php @@ -87,7 +87,7 @@ class ApiGroupListAction extends ApiBareAuthAction parent::handle($args); if (empty($this->user)) { - $this->clientError(_('No such user!'), 404, $this->format); + $this->clientError(_('No such user.'), 404, $this->format); return; } diff --git a/actions/apigrouplistall.php b/actions/apigrouplistall.php index 89469f36f..c597839a8 100644 --- a/actions/apigrouplistall.php +++ b/actions/apigrouplistall.php @@ -34,7 +34,7 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/api.php'; +require_once INSTALLDIR . '/lib/apiprivateauth.php'; /** * Returns of the lastest 20 groups for the site @@ -49,7 +49,7 @@ require_once INSTALLDIR . '/lib/api.php'; * @link http://status.net/ */ -class ApiGroupListAllAction extends ApiAction +class ApiGroupListAllAction extends ApiPrivateAuthAction { var $groups = null; diff --git a/actions/apigroupmembership.php b/actions/apigroupmembership.php index b31e47b39..dd2843161 100644 --- a/actions/apigroupmembership.php +++ b/actions/apigroupmembership.php @@ -34,7 +34,7 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/api.php'; +require_once INSTALLDIR . '/lib/apiprivateauth.php'; /** * List 20 newest members of the group specified by name or ID. @@ -49,7 +49,7 @@ require_once INSTALLDIR . '/lib/api.php'; * @link http://status.net/ */ -class ApiGroupMembershipAction extends ApiAction +class ApiGroupMembershipAction extends ApiPrivateAuthAction { var $group = null; var $profiles = null; @@ -87,6 +87,11 @@ class ApiGroupMembershipAction extends ApiAction { parent::handle($args); + if (empty($this->group)) { + $this->clientError(_('Group not found!'), 404, $this->format); + return false; + } + // XXX: RSS and Atom switch($this->format) { diff --git a/actions/apigroupshow.php b/actions/apigroupshow.php index 2bdb22bc4..f9b960747 100644 --- a/actions/apigroupshow.php +++ b/actions/apigroupshow.php @@ -34,7 +34,7 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/api.php'; +require_once INSTALLDIR . '/lib/apiprivateauth.php'; /** * Outputs detailed information about the group specified by ID @@ -49,7 +49,7 @@ require_once INSTALLDIR . '/lib/api.php'; * @link http://status.net/ */ -class ApiGroupShowAction extends ApiAction +class ApiGroupShowAction extends ApiPrivateAuthAction { var $group = null; @@ -87,7 +87,7 @@ class ApiGroupShowAction extends ApiAction if (empty($this->group)) { $this->clientError( - 'Group not found!', + _('Group not found!'), 404, $this->format ); diff --git a/actions/apihelptest.php b/actions/apihelptest.php index e4ef55f2e..f2c459e6f 100644 --- a/actions/apihelptest.php +++ b/actions/apihelptest.php @@ -32,7 +32,7 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/api.php'; +require_once INSTALLDIR . '/lib/apiprivateauth.php'; /** * Returns the string "ok" in the requested format with a 200 OK HTTP status code. @@ -45,7 +45,7 @@ require_once INSTALLDIR . '/lib/api.php'; * @link http://status.net/ */ -class ApiHelpTestAction extends ApiAction +class ApiHelpTestAction extends ApiPrivateAuthAction { /** diff --git a/actions/apistatusesshow.php b/actions/apistatusesshow.php index 3be22ca59..e26c009c4 100644 --- a/actions/apistatusesshow.php +++ b/actions/apistatusesshow.php @@ -37,7 +37,7 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/api.php'; +require_once INSTALLDIR . '/lib/apiprivateauth.php'; /** * Returns the notice specified by id as a Twitter-style status and inline user @@ -55,7 +55,7 @@ require_once INSTALLDIR . '/lib/api.php'; * @link http://status.net/ */ -class ApiStatusesShowAction extends ApiAction +class ApiStatusesShowAction extends ApiPrivateAuthAction { var $notice_id = null; diff --git a/actions/apistatusesupdate.php b/actions/apistatusesupdate.php index 0d71e1512..7ddf7703b 100644 --- a/actions/apistatusesupdate.php +++ b/actions/apistatusesupdate.php @@ -38,6 +38,7 @@ if (!defined('STATUSNET')) { } require_once INSTALLDIR . '/lib/apiauth.php'; +require_once INSTALLDIR . '/lib/mediafile.php'; /** * Updates the authenticating user's status (posts a notice). @@ -60,6 +61,8 @@ class ApiStatusesUpdateAction extends ApiAuthAction var $source = null; var $status = null; var $in_reply_to_status_id = null; + var $lat = null; + var $lon = null; static $reserved_sources = array('web', 'omb', 'mail', 'xmpp', 'api'); @@ -76,28 +79,13 @@ class ApiStatusesUpdateAction extends ApiAuthAction { parent::prepare($args); - $this->user = $this->auth_user; - - if (empty($this->user)) { - $this->clientError(_('No such user!'), 404, $this->format); - return false; - } - + $this->user = $this->auth_user; $this->status = $this->trimmed('status'); - - if (empty($this->status)) { - $this->clientError( - 'Client must provide a \'status\' parameter with a value.', - 400, - $this->format - ); - - return false; - } - $this->source = $this->trimmed('source'); + $this->lat = $this->trimmed('lat'); + $this->lon = $this->trimmed('long'); - if (empty($this->source) || in_array($source, $this->reserved_sources)) { + if (empty($this->source) || in_array($source, self::$reserved_sources)) { $this->source = 'api'; } @@ -129,6 +117,34 @@ class ApiStatusesUpdateAction extends ApiAuthAction return; } + // Workaround for PHP returning empty $_POST and $_FILES when POST + // length > post_max_size in php.ini + + if (empty($_FILES) + && empty($_POST) + && ($_SERVER['CONTENT_LENGTH'] > 0) + ) { + $msg = _('The server was unable to handle that much POST ' . + 'data (%s bytes) due to its current configuration.'); + + $this->clientError(sprintf($msg, $_SERVER['CONTENT_LENGTH'])); + return; + } + + if (empty($this->status)) { + $this->clientError( + 'Client must provide a \'status\' parameter with a value.', + 400, + $this->format + ); + return; + } + + if (empty($this->user)) { + $this->clientError(_('No such user.'), 404, $this->format); + return; + } + $status_shortened = common_shorten_links($this->status); if (Notice::contentTooLong($status_shortened)) { @@ -187,14 +203,52 @@ class ApiStatusesUpdateAction extends ApiAuthAction } } + $location = null; + + if (!empty($this->lat) && !empty($this->lon)) { + $location = Location::fromLatLon($this->lat, $this->lon); + } + + $upload = null; + + try { + $upload = MediaFile::fromUpload('media', $this->user); + } catch (ClientException $ce) { + $this->clientError($ce->getMessage()); + return; + } + + if (isset($upload)) { + $status_shortened .= ' ' . $upload->shortUrl(); + + if (Notice::contentTooLong($status_shortened)) { + $upload->delete(); + $msg = _( + 'Max notice size is %d chars, ' . + 'including attachment URL.' + ); + $this->clientError(sprintf($msg, Notice::maxContent())); + } + } + $this->notice = Notice::saveNew( $this->user->id, - html_entity_decode($this->status, ENT_NOQUOTES, 'UTF-8'), + html_entity_decode($status_shortened, ENT_NOQUOTES, 'UTF-8'), $this->source, 1, - $reply_to + $reply_to, + null, + null, + empty($location) ? null : $location->lat, + empty($location) ? null : $location->lon, + empty($location) ? null : $location->location_id, + empty($location) ? null : $location->location_ns ); + if (isset($upload)) { + $upload->attachToNotice($this->notice); + } + common_broadcast_notice($this->notice); } diff --git a/actions/apistatusnetversion.php b/actions/apistatusnetversion.php index e73ab983b..bbf891a89 100644 --- a/actions/apistatusnetversion.php +++ b/actions/apistatusnetversion.php @@ -32,7 +32,7 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/api.php'; +require_once INSTALLDIR . '/lib/apiprivateauth.php'; /** * Returns a version number for this version of StatusNet, which @@ -48,7 +48,7 @@ require_once INSTALLDIR . '/lib/api.php'; * @link http://status.net/ */ -class ApiStatusnetVersionAction extends ApiAction +class ApiStatusnetVersionAction extends ApiPrivateAuthAction { /** * Take arguments for running diff --git a/actions/apisubscriptions.php b/actions/apisubscriptions.php index bc68dd192..2c691bb84 100644 --- a/actions/apisubscriptions.php +++ b/actions/apisubscriptions.php @@ -84,7 +84,7 @@ class ApiSubscriptionsAction extends ApiBareAuthAction $this->user = $this->getTargetUser($this->arg('id')); if (empty($this->user)) { - $this->clientError(_('No such user!'), 404, $this->format); + $this->clientError(_('No such user.'), 404, $this->format); return false; } diff --git a/actions/apitimelinefavorites.php b/actions/apitimelinefavorites.php index b8ae74f13..f84d7b4cb 100644 --- a/actions/apitimelinefavorites.php +++ b/actions/apitimelinefavorites.php @@ -67,7 +67,7 @@ class ApiTimelineFavoritesAction extends ApiBareAuthAction $this->user = $this->getTargetUser($this->arg('id')); if (empty($this->user)) { - $this->clientError(_('No such user!'), 404, $this->format); + $this->clientError(_('No such user.'), 404, $this->format); return; } diff --git a/actions/apitimelinefriends.php b/actions/apitimelinefriends.php index 1ea35866e..e84f77372 100644 --- a/actions/apitimelinefriends.php +++ b/actions/apitimelinefriends.php @@ -72,11 +72,11 @@ class ApiTimelineFriendsAction extends ApiBareAuthAction function prepare($args) { parent::prepare($args); - + common_debug("api friends_timeline"); $this->user = $this->getTargetUser($this->arg('id')); if (empty($this->user)) { - $this->clientError(_('No such user!'), 404, $this->format); + $this->clientError(_('No such user.'), 404, $this->format); return; } diff --git a/actions/apitimelinegroup.php b/actions/apitimelinegroup.php index 5d0542918..de13e7eb9 100644 --- a/actions/apitimelinegroup.php +++ b/actions/apitimelinegroup.php @@ -34,7 +34,7 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/api.php'; +require_once INSTALLDIR . '/lib/apiprivateauth.php'; /** * Returns the most recent notices (default 20) posted to the group specified by ID @@ -49,7 +49,7 @@ require_once INSTALLDIR . '/lib/api.php'; * @link http://status.net/ */ -class ApiTimelineGroupAction extends ApiAction +class ApiTimelineGroupAction extends ApiPrivateAuthAction { var $group = null; @@ -69,7 +69,6 @@ class ApiTimelineGroupAction extends ApiAction parent::prepare($args); $this->group = $this->getTargetGroup($this->arg('id')); - $this->notices = $this->getNotices(); return true; } @@ -87,6 +86,13 @@ class ApiTimelineGroupAction extends ApiAction function handle($args) { parent::handle($args); + + if (empty($this->group)) { + $this->clientError(_('Group not found!'), 404, $this->format); + return false; + } + + $this->notices = $this->getNotices(); $this->showTimeline(); } diff --git a/actions/apitimelinementions.php b/actions/apitimelinementions.php index fe5ff0f28..0956ccdce 100644 --- a/actions/apitimelinementions.php +++ b/actions/apitimelinementions.php @@ -76,7 +76,7 @@ class ApiTimelineMentionsAction extends ApiBareAuthAction $this->user = $this->getTargetUser($this->arg('id')); if (empty($this->user)) { - $this->clientError(_('No such user!'), 404, $this->format); + $this->clientError(_('No such user.'), 404, $this->format); return; } diff --git a/actions/apitimelinepublic.php b/actions/apitimelinepublic.php index 58e267734..7a8504259 100644 --- a/actions/apitimelinepublic.php +++ b/actions/apitimelinepublic.php @@ -37,7 +37,7 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/api.php'; +require_once INSTALLDIR . '/lib/apiprivateauth.php'; /** * Returns the most recent notices (default 20) posted by everybody @@ -55,7 +55,7 @@ require_once INSTALLDIR . '/lib/api.php'; * @link http://status.net/ */ -class ApiTimelinePublicAction extends ApiAction +class ApiTimelinePublicAction extends ApiPrivateAuthAction { var $notices = null; diff --git a/actions/apitimelinetag.php b/actions/apitimelinetag.php index a274daac0..452593c11 100644 --- a/actions/apitimelinetag.php +++ b/actions/apitimelinetag.php @@ -34,7 +34,7 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/api.php'; +require_once INSTALLDIR . '/lib/apiprivateauth.php'; /** * Returns the 20 most recent notices tagged by a given tag @@ -49,7 +49,7 @@ require_once INSTALLDIR . '/lib/api.php'; * @link http://status.net/ */ -class ApiTimelineTagAction extends ApiAction +class ApiTimelineTagAction extends ApiPrivateAuthAction { var $notices = null; diff --git a/actions/apitimelineuser.php b/actions/apitimelineuser.php index 285735fd1..ca1d21772 100644 --- a/actions/apitimelineuser.php +++ b/actions/apitimelineuser.php @@ -78,7 +78,7 @@ class ApiTimelineUserAction extends ApiBareAuthAction $this->user = $this->getTargetUser($this->arg('id')); if (empty($this->user)) { - $this->clientError(_('No such user!'), 404, $this->format); + $this->clientError(_('No such user.'), 404, $this->format); return; } diff --git a/actions/apiusershow.php b/actions/apiusershow.php index b3a939b43..aa7aec5a4 100644 --- a/actions/apiusershow.php +++ b/actions/apiusershow.php @@ -34,7 +34,7 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/api.php'; +require_once INSTALLDIR . '/lib/apiprivateauth.php'; /** * Ouputs information for a user, specified by ID or screen name. @@ -50,7 +50,7 @@ require_once INSTALLDIR . '/lib/api.php'; * @link http://status.net/ */ -class ApiUserShowAction extends ApiAction +class ApiUserShowAction extends ApiPrivateAuthAction { /** * Take arguments for running diff --git a/actions/avatarsettings.php b/actions/avatarsettings.php index ded419dd7..879e44842 100644 --- a/actions/avatarsettings.php +++ b/actions/avatarsettings.php @@ -244,11 +244,25 @@ class AvatarsettingsAction extends AccountSettingsAction function handlePost() { + // Workaround for PHP returning empty $_POST and $_FILES when POST + // length > post_max_size in php.ini + + if (empty($_FILES) + && empty($_POST) + && ($_SERVER['CONTENT_LENGTH'] > 0) + ) { + $msg = _('The server was unable to handle that much POST ' . + 'data (%s bytes) due to its current configuration.'); + + $this->showForm(sprintf($msg, $_SERVER['CONTENT_LENGTH'])); + return; + } + // CSRF protection $token = $this->trimmed('token'); if (!$token || $token != common_session_token()) { - $this->show_form(_('There was a problem with your session token. '. + $this->showForm(_('There was a problem with your session token. '. 'Try again, please.')); return; } diff --git a/actions/block.php b/actions/block.php index 408f16434..71a34e087 100644 --- a/actions/block.php +++ b/actions/block.php @@ -42,9 +42,11 @@ if (!defined('STATUSNET') && !defined('LACONICA')) { * @license http://www.fsf.org/licensing/licenses/agpl.html AGPLv3 * @link http://status.net/ */ -class BlockAction extends Action + +class BlockAction extends ProfileFormAction { var $profile = null; + /** * Take arguments for running * @@ -52,28 +54,22 @@ class BlockAction extends Action * * @return boolean success flag */ + function prepare($args) { - parent::prepare($args); - if (!common_logged_in()) { - $this->clientError(_('Not logged in.')); - return false; - } - $token = $this->trimmed('token'); - if (!$token || $token != common_session_token()) { - $this->clientError(_('There was a problem with your session token. Try again, please.')); - return; - } - $id = $this->trimmed('blockto'); - if (!$id) { - $this->clientError(_('No profile specified.')); + if (!parent::prepare($args)) { return false; } - $this->profile = Profile::staticGet('id', $id); - if (!$this->profile) { - $this->clientError(_('No profile with that ID.')); + + $cur = common_current_user(); + + assert(!empty($cur)); // checked by parent + + if ($cur->hasBlocked($this->profile)) { + $this->clientError(_("You already blocked that user.")); return false; } + return true; } @@ -86,18 +82,16 @@ class BlockAction extends Action * * @return void */ + function handle($args) { - parent::handle($args); if ($_SERVER['REQUEST_METHOD'] == 'POST') { if ($this->arg('no')) { - $cur = common_current_user(); - $other = Profile::staticGet('id', $this->arg('blockto')); - common_redirect(common_local_url('showstream', array('nickname' => $other->nickname)), - 303); + $this->returnToArgs(); } elseif ($this->arg('yes')) { - $this->blockProfile(); - } elseif ($this->arg('blockto')) { + $this->handlePost(); + $this->returnToArgs(); + } else { $this->showPage(); } } @@ -138,7 +132,7 @@ class BlockAction extends Action 'unable to subscribe to you in the future, and '. 'you will not be notified of any @-replies from them.')); $this->element('input', array('id' => 'blockto-' . $id, - 'name' => 'blockto', + 'name' => 'profileid', 'type' => 'hidden', 'value' => $id)); foreach ($this->args as $k => $v) { @@ -146,8 +140,8 @@ class BlockAction extends Action $this->hidden($k, $v); } } - $this->submit('form_action-no', _('No'), 'submit form_action-primary', 'no', _("Do not block this user from this group")); - $this->submit('form_action-yes', _('Yes'), 'submit form_action-secondary', 'yes', _('Block this user from this group')); + $this->submit('form_action-no', _('No'), 'submit form_action-primary', 'no', _("Do not block this user")); + $this->submit('form_action-yes', _('Yes'), 'submit form_action-secondary', 'yes', _('Block this user')); $this->elementEnd('fieldset'); $this->elementEnd('form'); } @@ -157,36 +151,17 @@ class BlockAction extends Action * * @return void */ - function blockProfile() + + function handlePost() { $cur = common_current_user(); - if ($cur->hasBlocked($this->profile)) { - $this->clientError(_('You have already blocked this user.')); - return; - } $result = $cur->block($this->profile); + if (!$result) { $this->serverError(_('Failed to save block information.')); return; } - - // Now, gotta figure where we go back to - foreach ($this->args as $k => $v) { - if ($k == 'returnto-action') { - $action = $v; - } elseif (substr($k, 0, 9) == 'returnto-') { - $args[substr($k, 9)] = $v; - } - } - - if ($action) { - common_redirect(common_local_url($action, $args), 303); - } else { - common_redirect(common_local_url('subscribers', - array('nickname' => $cur->nickname)), - 303); - } } } diff --git a/actions/bookmarklet.php b/actions/bookmarklet.php new file mode 100644 index 000000000..0603a7456 --- /dev/null +++ b/actions/bookmarklet.php @@ -0,0 +1,75 @@ +<?php +/** + * StatusNet, the distributed open-source microblogging tool + * + * Handler for posting new notices + * + * PHP version 5 + * + * LICENCE: This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * @category Bookmarklet + * @package StatusNet + * @author Sarven Capadisli <csarven@status.net> + * @copyright 2008-2009 StatusNet, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +if (!defined('STATUSNET') && !defined('LACONICA')) { + exit(1); +} + +require_once INSTALLDIR . '/actions/newnotice.php'; + +/** + * Action for posting a notice + * + * @category Bookmarklet + * @package StatusNet + * @author Sarven Capadisli <csarven@status.net> + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +class BookmarkletAction extends NewnoticeAction +{ + function showTitle() + { + $this->element('title', null, _('Post to ').common_config('site', 'name')); + } + + function showHeader() + { + $this->elementStart('div', array('id' => 'header')); + $this->elementStart('address'); + $this->element('a', array('class' => 'url', + 'href' => common_local_url('public')), + ''); + $this->elementEnd('address'); + if (common_logged_in()) { + $this->showNoticeForm(); + } + $this->elementEnd('div'); + } + + function showCore() + { + } + + function showFooter() + { + } +} + diff --git a/actions/deletenotice.php b/actions/deletenotice.php index 4a48a9c34..ba8e86d0f 100644 --- a/actions/deletenotice.php +++ b/actions/deletenotice.php @@ -67,7 +67,7 @@ class DeletenoticeAction extends Action common_user_error(_('Not logged in.')); exit; } else if ($this->notice->profile_id != $this->user_profile->id && - !$this->user->hasRight(Right::deleteOthersNotice)) { + !$this->user->hasRight(Right::DELETEOTHERSNOTICE)) { common_user_error(_('Can\'t delete this notice.')); exit; } diff --git a/actions/deleteuser.php b/actions/deleteuser.php new file mode 100644 index 000000000..32b703aa7 --- /dev/null +++ b/actions/deleteuser.php @@ -0,0 +1,164 @@ +<?php +/** + * StatusNet, the distributed open-source microblogging tool + * + * Action class to delete a user + * + * PHP version 5 + * + * LICENCE: This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * @category Action + * @package StatusNet + * @author Evan Prodromou <evan@status.net> + * @copyright 2009 StatusNet, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +if (!defined('STATUSNET') && !defined('LACONICA')) { + exit(1); +} + +/** + * Delete a user + * + * @category Action + * @package StatusNet + * @author Evan Prodromou <evan@status.net> + * @license http://www.fsf.org/licensing/licenses/agpl.html AGPLv3 + * @link http://status.net/ + */ + +class DeleteuserAction extends ProfileFormAction +{ + var $user = null; + + /** + * Take arguments for running + * + * @param array $args $_REQUEST args + * + * @return boolean success flag + */ + + function prepare($args) + { + if (!parent::prepare($args)) { + return false; + } + + $cur = common_current_user(); + + assert(!empty($cur)); // checked by parent + + if (!$cur->hasRight(Right::DELETEUSER)) { + $this->clientError(_("You cannot delete users.")); + return false; + } + + $this->user = User::staticGet('id', $this->profile->id); + + if (empty($this->user)) { + $this->clientError(_("You can only delete local users.")); + return false; + } + + return true; + } + + /** + * Handle request + * + * Shows a page with list of favorite notices + * + * @param array $args $_REQUEST args; handled in prepare() + * + * @return void + */ + + function handle($args) + { + if ($_SERVER['REQUEST_METHOD'] == 'POST') { + if ($this->arg('no')) { + $this->returnToArgs(); + } elseif ($this->arg('yes')) { + $this->handlePost(); + $this->returnToArgs(); + } else { + $this->showPage(); + } + } + } + + function showContent() { + $this->areYouSureForm(); + } + + function title() { + return _('Delete user'); + } + + function showNoticeForm() { + // nop + } + + /** + * Confirm with user. + * + * Shows a confirmation form. + * + * @return void + */ + function areYouSureForm() + { + $id = $this->profile->id; + $this->elementStart('form', array('id' => 'deleteuser-' . $id, + 'method' => 'post', + 'class' => 'form_settings form_entity_block', + 'action' => common_local_url('deleteuser'))); + $this->elementStart('fieldset'); + $this->hidden('token', common_session_token()); + $this->element('legend', _('Delete user')); + $this->element('p', null, + _('Are you sure you want to delete this user? '. + 'This will clear all data about the user from the '. + 'database, without a backup.')); + $this->element('input', array('id' => 'deleteuserto-' . $id, + 'name' => 'profileid', + 'type' => 'hidden', + 'value' => $id)); + foreach ($this->args as $k => $v) { + if (substr($k, 0, 9) == 'returnto-') { + $this->hidden($k, $v); + } + } + $this->submit('form_action-no', _('No'), 'submit form_action-primary', 'no', _("Do not block this user")); + $this->submit('form_action-yes', _('Yes'), 'submit form_action-secondary', 'yes', _('Delete this user')); + $this->elementEnd('fieldset'); + $this->elementEnd('form'); + } + + /** + * Actually delete a user. + * + * @return void + */ + + function handlePost() + { + $this->user->delete(); + } +} + diff --git a/actions/designadminpanel.php b/actions/designadminpanel.php new file mode 100644 index 000000000..024cbe251 --- /dev/null +++ b/actions/designadminpanel.php @@ -0,0 +1,231 @@ +<?php +/** + * StatusNet, the distributed open-source microblogging tool + * + * Design administration panel + * + * PHP version 5 + * + * LICENCE: This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * @category Settings + * @package StatusNet + * @author Evan Prodromou <evan@status.net> + * @author Zach Copley <zach@status.net> + * @author Sarven Capadisli <csarven@status.net> + * @copyright 2008-2009 StatusNet, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +if (!defined('STATUSNET')) { + exit(1); +} + +/** + * Administer design settings + * + * @category Admin + * @package StatusNet + * @author Evan Prodromou <evan@status.net> + * @author Zach Copley <zach@status.net> + * @author Sarven Capadisli <csarven@status.net> + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +class DesignadminpanelAction extends AdminPanelAction +{ + /** + * Returns the page title + * + * @return string page title + */ + + function title() + { + return _('Design'); + } + + /** + * Instructions for using this form. + * + * @return string instructions + */ + + function getInstructions() + { + return _('Design settings for this StatusNet site.'); + } + + /** + * Show the site admin panel form + * + * @return void + */ + + function showForm() + { + $form = new DesignAdminPanelForm($this); + $form->show(); + return; + } + + /** + * Save settings from the form + * + * @return void + */ + + function saveSettings() + { + static $settings = array('theme'); + + $values = array(); + + foreach ($settings as $setting) { + $values[$setting] = $this->trimmed($setting); + } + + // This throws an exception on validation errors + + $this->validate($values); + + // assert(all values are valid); + + $config = new Config(); + + $config->query('BEGIN'); + + foreach ($settings as $setting) { + Config::save('site', $setting, $values[$setting]); + } + + $config->query('COMMIT'); + + return; + } + + function validate(&$values) + { + if (!in_array($values['theme'], Theme::listAvailable())) { + $this->clientError(sprintf(_("Theme not available: %s"), $values['theme'])); + } + } +} + +class DesignAdminPanelForm extends Form +{ + /** + * ID of the form + * + * @return int ID of the form + */ + + function id() + { + return 'form_design_admin_panel'; + } + + /** + * class of the form + * + * @return string class of the form + */ + + function formClass() + { + return 'form_settings'; + } + + /** + * Action of the form + * + * @return string URL of the action + */ + + function action() + { + return common_local_url('designadminpanel'); + } + + /** + * Data elements of the form + * + * @return void + */ + + function formData() + { + $themes = Theme::listAvailable(); + + asort($themes); + + $themes = array_combine($themes, $themes); + + $this->out->elementStart('ul'); + $this->out->elementStart('li'); + + $this->out->dropdown('theme', _('Theme'), + $themes, _('Theme for the site.'), + true, $this->value('theme')); + + $this->out->elementEnd('li'); + $this->out->elementEnd('ul'); + } + + /** + * Utility to simplify some of the duplicated code around + * params and settings. + * + * @param string $setting Name of the setting + * @param string $title Title to use for the input + * @param string $instructions Instructions for this field + * + * @return void + */ + + function input($setting, $title, $instructions) + { + $this->out->input($setting, $title, $this->value($setting), $instructions); + } + + /** + * Utility to simplify getting the posted-or-stored setting value + * + * @param string $setting Name of the setting + * + * @return string param value if posted, or current config value + */ + + function value($setting) + { + $value = $this->out->trimmed($setting); + if (empty($value)) { + $value = common_config('site', $setting); + } + return $value; + } + + /** + * Action elements + * + * @return void + */ + + function formActions() + { + $this->out->submit('submit', _('Save'), 'submit', null, _('Save site settings')); + } +} diff --git a/actions/emailsettings.php b/actions/emailsettings.php index 6eff06c0d..67b991cdc 100644 --- a/actions/emailsettings.php +++ b/actions/emailsettings.php @@ -326,7 +326,7 @@ class EmailsettingsAction extends AccountSettingsAction $this->showForm(_('Cannot normalize that email address')); return; } - if (!Validate::email($email, true)) { + if (!Validate::email($email, common_config('email', 'check_domain'))) { $this->showForm(_('Not a valid email address')); return; } else if ($user->email == $email) { diff --git a/actions/getfile.php b/actions/getfile.php new file mode 100644 index 000000000..ecda34c0f --- /dev/null +++ b/actions/getfile.php @@ -0,0 +1,145 @@ +<?php +/** + * StatusNet, the distributed open-source microblogging tool + * + * Returns a given file attachment, allowing private sites to only allow + * access to file attachments after login. + * + * PHP version 5 + * + * LICENCE: This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * @category Personal + * @package StatusNet + * @author Jeffery To <jeffery.to@gmail.com> + * @copyright 2008-2009 StatusNet, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +if (!defined('STATUSNET') && !defined('LACONICA')) { + exit(1); +} + +require_once 'MIME/Type.php'; + +/** + * Action for getting a file attachment + * + * @category Personal + * @package StatusNet + * @author Jeffery To <jeffery.to@gmail.com> + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +class GetfileAction extends Action +{ + /** + * Path of file to return + */ + + var $path = null; + + /** + * Get file name + * + * @param array $args $_REQUEST array + * + * @return success flag + */ + + function prepare($args) + { + parent::prepare($args); + + $filename = $this->trimmed('filename'); + $path = null; + + if ($filename) { + $path = common_config('attachments', 'dir') . $filename; + } + + if (empty($path) or !file_exists($path)) { + $this->clientError(_('No such file.'), 404); + return false; + } + if (!is_readable($path)) { + $this->clientError(_('Cannot read file.'), 403); + return false; + } + + $this->path = $path; + return true; + } + + /** + * Is this page read-only? + * + * @return boolean true + */ + + function isReadOnly($args) + { + return true; + } + + /** + * Last-modified date for file + * + * @return int last-modified date as unix timestamp + */ + + function lastModified() + { + return filemtime($this->path); + } + + /** + * etag for file + * + * This returns the same data (inode, size, mtime) as Apache would, + * but in decimal instead of hex. + * + * @return string etag http header + */ + function etag() + { + $stat = stat($this->path); + return '"' . $stat['ino'] . '-' . $stat['size'] . '-' . $stat['mtime'] . '"'; + } + + /** + * Handle input, produce output + * + * @param array $args $_REQUEST contents + * + * @return void + */ + + function handle($args) + { + // undo headers set by PHP sessions + $sec = session_cache_expire() * 60; + header('Expires: ' . date(DATE_RFC1123, time() + $sec)); + header('Cache-Control: public, max-age=' . $sec); + header('Pragma: public'); + + parent::handle($args); + + $path = $this->path; + header('Content-Type: ' . MIME_Type::autoDetect($path)); + readfile($path); + } +} diff --git a/actions/groupblock.php b/actions/groupblock.php index 979a56a81..faf18c6ad 100644 --- a/actions/groupblock.php +++ b/actions/groupblock.php @@ -151,17 +151,19 @@ class GroupblockAction extends Action function areYouSureForm() { $id = $this->profile->id; + $this->elementStart('form', array('id' => 'block-' . $id, + 'method' => 'post', + 'class' => 'form_settings form_entity_block', + 'action' => common_local_url('groupblock'))); + $this->elementStart('fieldset'); + $this->hidden('token', common_session_token()); + $this->element('legend', _('Block user')); $this->element('p', null, sprintf(_('Are you sure you want to block user "%s" from the group "%s"? '. 'They will be removed from the group, unable to post, and '. 'unable to subscribe to the group in the future.'), $this->profile->getBestName(), $this->group->getBestName())); - $this->elementStart('form', array('id' => 'block-' . $id, - 'method' => 'post', - 'class' => 'block', - 'action' => common_local_url('groupblock'))); - $this->hidden('token', common_session_token()); $this->hidden('blockto-' . $this->profile->id, $this->profile->id, 'blockto'); @@ -173,8 +175,9 @@ class GroupblockAction extends Action $this->hidden($k, $v); } } - $this->submit('no', _('No')); - $this->submit('yes', _('Yes')); + $this->submit('form_action-no', _('No'), 'submit form_action-primary', 'no', _("Do not block this user from this group")); + $this->submit('form_action-yes', _('Yes'), 'submit form_action-secondary', 'yes', _('Block this user from this group')); + $this->elementEnd('fieldset'); $this->elementEnd('form'); } diff --git a/actions/invite.php b/actions/invite.php index 788130c58..3015202e9 100644 --- a/actions/invite.php +++ b/actions/invite.php @@ -68,7 +68,7 @@ class InviteAction extends CurrentUserDesignAction foreach ($addresses as $email) { $email = trim($email); - if (!Validate::email($email, true)) { + if (!Validate::email($email, common_config('email', 'check_domain'))) { $this->showForm(sprintf(_('Invalid email address: %s'), $email)); return; } diff --git a/actions/login.php b/actions/login.php index f6d016310..ad57dd667 100644 --- a/actions/login.php +++ b/actions/login.php @@ -79,6 +79,8 @@ class LoginAction extends Action $this->clientError(_('Already logged in.')); } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { $this->checkLogin(); + } else if (isset($args['user_id']) && isset($args['token'])){ + $this->checkLogin($args['user_id'],$args['token']); } else { common_ensure_session(); $this->showForm(); @@ -95,23 +97,48 @@ class LoginAction extends Action * @return void */ - function checkLogin() + function checkLogin($user_id=null, $token=null) { - // XXX: login throttle - - // CSRF protection - token set in NoticeForm - $token = $this->trimmed('token'); - if (!$token || $token != common_session_token()) { - $this->clientError(_('There was a problem with your session token. '. - 'Try again, please.')); - return; + if(isset($token) && isset($user_id)){ + //Token based login (from the LoginCommand) + $login_token = Login_token::staticGet('user_id',$user_id); + if($login_token && $login_token->token == $token){ + if($login_token->modified > time()+2*60){ + //token has expired + //delete the token as it is useless + $login_token->delete(); + $this->showForm(_('Invalid or expired token.')); + return; + }else{ + //delete the token so it cannot be reused + $login_token->delete(); + //it's a valid token - let them log in + $user = User::staticGet('id', $user_id); + //$user = User::staticGet('nickname', "candrews"); + } + }else{ + $this->showForm(_('Invalid or expired token.')); + return; + } + }else{ + // Regular form submission login + + // XXX: login throttle + + // CSRF protection - token set in NoticeForm + $token = $this->trimmed('token'); + if (!$token || $token != common_session_token()) { + $this->clientError(_('There was a problem with your session token. '. + 'Try again, please.')); + return; + } + + $nickname = common_canonical_nickname($this->trimmed('nickname')); + $password = $this->arg('password'); + + $user = common_check_user($nickname, $password); } - $nickname = common_canonical_nickname($this->trimmed('nickname')); - $password = $this->arg('password'); - - $user = common_check_user($nickname, $password); - if (!$user) { $this->showForm(_('Incorrect username or password.')); return; diff --git a/actions/microsummary.php b/actions/microsummary.php index 5c01a9ce0..5c761e8bb 100644 --- a/actions/microsummary.php +++ b/actions/microsummary.php @@ -59,7 +59,7 @@ class MicrosummaryAction extends Action $user = User::staticGet('nickname', $nickname); if (!$user) { - $this->clientError(_('No such user'), 404); + $this->clientError(_('No such user.'), 404); return; } diff --git a/actions/newmessage.php b/actions/newmessage.php index a0b17fc18..0db2e7181 100644 --- a/actions/newmessage.php +++ b/actions/newmessage.php @@ -99,7 +99,9 @@ class NewmessageAction extends Action $user = common_current_user(); if (!$user) { - $this->clientError(_('Only logged-in users can send direct messages.'), 403); + /* Go log in, and then come back. */ + common_set_returnto($_SERVER['REQUEST_URI']); + common_redirect(common_local_url('login')); return false; } @@ -111,7 +113,7 @@ class NewmessageAction extends Action $this->other = User::staticGet('id', $this->to); if (!$this->other) { - $this->clientError(_('No such user'), 404); + $this->clientError(_('No such user.'), 404); return false; } @@ -221,7 +223,21 @@ class NewmessageAction extends Action } $this->msg = $msg; - $this->showPage(); + if ($this->trimmed('ajax')) { + header('Content-Type: text/xml;charset=utf-8'); + $this->xw->startDocument('1.0', 'UTF-8'); + $this->elementStart('html'); + $this->elementStart('head'); + $this->element('title', null, _('New message')); + $this->elementEnd('head'); + $this->elementStart('body'); + $this->showNoticeForm(); + $this->elementEnd('body'); + $this->endHTML(); + } + else { + $this->showPage(); + } } function showPageNotice() diff --git a/actions/newnotice.php b/actions/newnotice.php index 9ee031f93..fbd7ab6bc 100644 --- a/actions/newnotice.php +++ b/actions/newnotice.php @@ -33,7 +33,8 @@ if (!defined('STATUSNET') && !defined('LACONICA')) { exit(1); } -require_once INSTALLDIR.'/lib/noticelist.php'; +require_once INSTALLDIR . '/lib/noticelist.php'; +require_once INSTALLDIR . '/lib/mediafile.php'; /** * Action for posting new notices @@ -113,33 +114,6 @@ class NewnoticeAction extends Action } } - function getUploadedFileType() { - require_once 'MIME/Type.php'; - - $cmd = &PEAR::getStaticProperty('MIME_Type', 'fileCmd'); - $cmd = common_config('attachments', 'filecommand'); - - $filetype = MIME_Type::autoDetect($_FILES['attach']['tmp_name']); - if (in_array($filetype, common_config('attachments', 'supported'))) { - return $filetype; - } - $media = MIME_Type::getMedia($filetype); - if ('application' !== $media) { - $hint = sprintf(_(' Try using another %s format.'), $media); - } else { - $hint = ''; - } - $this->clientError(sprintf( - _('%s is not a supported filetype on this server.'), $filetype) . $hint); - } - - function isRespectsQuota($user) { - $file = new File; - $ret = $file->isRespectsQuota($user,$_FILES['attach']['size']); - if (true === $ret) return true; - $this->clientError($ret); - } - /** * Save a new notice, based on arguments * @@ -160,18 +134,12 @@ class NewnoticeAction extends Action if (!$content) { $this->clientError(_('No content!')); - } else { - $content_shortened = common_shorten_links($content); - if (Notice::contentTooLong($content_shortened)) { - $this->clientError(sprintf(_('That\'s too long. '. - 'Max notice size is %d chars.'), - Notice::maxContent())); - } + return; } $inter = new CommandInterpreter(); - $cmd = $inter->handle_command($user, $content_shortened); + $cmd = $inter->handle_command($user, $content); if ($cmd) { if ($this->boolean('ajax')) { @@ -182,6 +150,13 @@ class NewnoticeAction extends Action return; } + $content_shortened = common_shorten_links($content); + if (Notice::contentTooLong($content_shortened)) { + $this->clientError(sprintf(_('That\'s too long. '. + 'Max notice size is %d chars.'), + Notice::maxContent())); + } + $replyto = $this->trimmed('inreplyto'); #If an ID of 0 is wrongly passed here, it will cause a database error, #so override it... @@ -189,84 +164,37 @@ class NewnoticeAction extends Action $replyto = 'false'; } - if (isset($_FILES['attach']['error'])) { - switch ($_FILES['attach']['error']) { - case UPLOAD_ERR_NO_FILE: - // no file uploaded, nothing to do - break; - - case UPLOAD_ERR_OK: - $mimetype = $this->getUploadedFileType(); - if (!$this->isRespectsQuota($user)) { - die('clientError() should trigger an exception before reaching here.'); - } - break; - - case UPLOAD_ERR_INI_SIZE: - $this->clientError(_('The uploaded file exceeds the upload_max_filesize directive in php.ini.')); - - case UPLOAD_ERR_FORM_SIZE: - $this->clientError(_('The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form.')); + $upload = null; + $upload = MediaFile::fromUpload('attach'); - case UPLOAD_ERR_PARTIAL: - $this->clientError(_('The uploaded file was only partially uploaded.')); + if (isset($upload)) { - case UPLOAD_ERR_NO_TMP_DIR: - $this->clientError(_('Missing a temporary folder.')); - - case UPLOAD_ERR_CANT_WRITE: - $this->clientError(_('Failed to write file to disk.')); - - case UPLOAD_ERR_EXTENSION: - $this->clientError(_('File upload stopped by extension.')); - - default: - die('Should never reach here.'); - } - } - - if (isset($mimetype)) { - $filename = $this->saveFile($mimetype); - if (empty($filename)) { - $this->clientError(_('Couldn\'t save file.')); - } - - $fileRecord = $this->storeFile($filename, $mimetype); - - $fileurl = common_local_url('attachment', - array('attachment' => $fileRecord->id)); - - // not sure this is necessary -- Zach - $this->maybeAddRedir($fileRecord->id, $fileurl); - - $short_fileurl = common_shorten_url($fileurl); - if (!$short_fileurl) { - // todo -- Consider forcing default shortener if none selected? - $short_fileurl = $fileurl; - } - $content_shortened .= ' ' . $short_fileurl; + $content_shortened .= ' ' . $upload->shortUrl(); if (Notice::contentTooLong($content_shortened)) { - $this->deleteFile($filename); - $this->clientError(sprintf(_('Max notice size is %d chars, including attachment URL.'), - Notice::maxContent())); + $upload->delete(); + $this->clientError( + sprintf( + _('Max notice size is %d chars, including attachment URL.'), + Notice::maxContent() + ) + ); } - - // Also, not sure this is necessary -- Zach - $this->maybeAddRedir($fileRecord->id, $short_fileurl); } $notice = Notice::saveNew($user->id, $content_shortened, 'web', 1, ($replyto == 'false') ? null : $replyto); - if (isset($mimetype)) { - $this->attachFile($notice, $fileRecord); + if (isset($upload)) { + $upload->attachToNotice($notice); } common_broadcast_notice($notice); if ($this->boolean('ajax')) { - $this->startHTML('text/xml;charset=utf-8'); + header('Content-Type: text/xml;charset=utf-8'); + $this->xw->startDocument('1.0', 'UTF-8'); + $this->elementStart('html'); $this->elementStart('head'); $this->element('title', null, _('Notice posted')); $this->elementEnd('head'); @@ -288,87 +216,6 @@ class NewnoticeAction extends Action } } - function saveFile($mimetype) { - - $cur = common_current_user(); - - if (empty($cur)) { - $this->serverError(_('Somehow lost the login in saveFile')); - } - - $basename = basename($_FILES['attach']['name']); - - $filename = File::filename($cur->getProfile(), $basename, $mimetype); - - $filepath = File::path($filename); - - if (move_uploaded_file($_FILES['attach']['tmp_name'], $filepath)) { - return $filename; - } else { - $this->clientError(_('File could not be moved to destination directory.')); - } - } - - function deleteFile($filename) - { - $filepath = File::path($filename); - @unlink($filepath); - } - - function storeFile($filename, $mimetype) { - - $file = new File; - $file->filename = $filename; - - $file->url = File::url($filename); - - $filepath = File::path($filename); - - $file->size = filesize($filepath); - $file->date = time(); - $file->mimetype = $mimetype; - - $file_id = $file->insert(); - - if (!$file_id) { - common_log_db_error($file, "INSERT", __FILE__); - $this->clientError(_('There was a database error while saving your file. Please try again.')); - } - - return $file; - } - - function rememberFile($file, $short) - { - $this->maybeAddRedir($file->id, $short); - } - - function maybeAddRedir($file_id, $url) - { - $file_redir = File_redirection::staticGet('url', $url); - - if (empty($file_redir)) { - $file_redir = new File_redirection; - $file_redir->url = $url; - $file_redir->file_id = $file_id; - - $result = $file_redir->insert(); - - if (!$result) { - common_log_db_error($file_redir, "INSERT", __FILE__); - $this->clientError(_('There was a database error while saving your file. Please try again.')); - } - } - } - - function attachFile($notice, $filerec) - { - File_to_post::processNew($filerec->id, $notice->id); - - $this->maybeAddRedir($filerec->id, - common_local_url('file', array('notice' => $notice->id))); - } - /** * Show an Ajax-y error message * diff --git a/actions/noticesearch.php b/actions/noticesearch.php index 79cf572cc..76c877ff2 100644 --- a/actions/noticesearch.php +++ b/actions/noticesearch.php @@ -104,7 +104,7 @@ class NoticesearchAction extends SearchAction { $notice = new Notice(); - $search_engine = $notice->getSearchEngine('identica_notices'); + $search_engine = $notice->getSearchEngine('notice'); $search_engine->set_sort_mode('chron'); // Ask for an extra to see if there's more. $search_engine->limit((($page-1)*NOTICES_PER_PAGE), NOTICES_PER_PAGE + 1); @@ -121,7 +121,7 @@ class NoticesearchAction extends SearchAction $message = sprintf(_('Be the first to [post on this topic](%%%%action.newnotice%%%%?status_textarea=%s)!'), urlencode($q)); } else { - $message = sprintf(_('Why not [register an account](%%%%action.register%%%%) and be the first to [post on this topic](%%%%action.newnotice%%%%?status_textarea=%s)!'), urlencode($q)); + $message = sprintf(_('Why not [register an account](%%%%action.register%%%%) and be the first to [post on this topic](%%%%action.newnotice%%%%?status_textarea=%s)!'), urlencode($q)); } $this->elementStart('div', 'guide'); diff --git a/actions/noticesearchrss.php b/actions/noticesearchrss.php index f59ad7962..18f07f855 100644 --- a/actions/noticesearchrss.php +++ b/actions/noticesearchrss.php @@ -62,7 +62,7 @@ class NoticesearchrssAction extends Rss10Action $notice = new Notice(); - $search_engine = $notice->getSearchEngine('identica_notices'); + $search_engine = $notice->getSearchEngine('notice'); $search_engine->set_sort_mode('chron'); if (!$limit) $limit = 20; diff --git a/actions/opensearch.php b/actions/opensearch.php index d5e6698f3..861b53d7d 100644 --- a/actions/opensearch.php +++ b/actions/opensearch.php @@ -75,7 +75,7 @@ class OpensearchAction extends Action $this->element('Url', array('type' => 'text/html', 'method' => 'get', 'template' => str_replace('---', '{searchTerms}', common_local_url($type, array('q' => '---'))))); $this->element('Image', array('height' => 16, 'width' => 16, 'type' => 'image/vnd.microsoft.icon'), common_path('favicon.ico')); - $this->element('Image', array('height' => 50, 'width' => 50, 'type' => 'image/png'), theme_path('logo.png')); + $this->element('Image', array('height' => 50, 'width' => 50, 'type' => 'image/png'), Theme::path('logo.png')); $this->element('AdultContent', null, 'false'); $this->element('Language', null, common_language()); $this->element('OutputEncoding', null, 'UTF-8'); diff --git a/actions/othersettings.php b/actions/othersettings.php index 011b4fc83..0de7cd908 100644 --- a/actions/othersettings.php +++ b/actions/othersettings.php @@ -96,28 +96,28 @@ class OthersettingsAction extends AccountSettingsAction common_local_url('othersettings'))); $this->elementStart('fieldset'); $this->hidden('token', common_session_token()); + $this->elementStart('ul', 'form_data'); - $services=array(); - global $_shorteners; - if($_shorteners){ - foreach($_shorteners as $name=>$value) - { - $services[$name]=$name; - if($value['info']['freeService']){ - // I18N - $services[$name].=' (free service)'; - } + $shorteners = array(); + Event::handle('GetUrlShorteners', array(&$shorteners)); + $services = array(); + foreach($shorteners as $name=>$value) + { + $services[$name]=$name; + if($value['freeService']){ + $services[$name].=_(' (free service)'); } } - asort($services); - $services['']='None'; - - $this->elementStart('ul', 'form_data'); - $this->elementStart('li'); - $this->dropdown('urlshorteningservice', _('Shorten URLs with'), - $services, _('Automatic shortening service to use.'), - false, $user->urlshorteningservice); - $this->elementEnd('li'); + if($services) + { + asort($services); + + $this->elementStart('li'); + $this->dropdown('urlshorteningservice', _('Shorten URLs with'), + $services, _('Automatic shortening service to use.'), + false, $user->urlshorteningservice); + $this->elementEnd('li'); + } $this->elementStart('li'); $this->checkbox('viewdesigns', _('View profile designs'), $user->viewdesigns, _('Show or hide profile designs.')); diff --git a/actions/passwordsettings.php b/actions/passwordsettings.php index cd4beac3f..11d7bf785 100644 --- a/actions/passwordsettings.php +++ b/actions/passwordsettings.php @@ -86,6 +86,7 @@ class PasswordsettingsAction extends AccountSettingsAction function showContent() { $user = common_current_user(); + $this->elementStart('form', array('method' => 'POST', 'id' => 'form_password', 'class' => 'form_settings', @@ -164,21 +165,28 @@ class PasswordsettingsAction extends AccountSettingsAction $this->showForm(_('Incorrect old password')); return; } + }else{ + $oldpassword = null; } - $original = clone($user); + $success = false; + if(! Event::handle('StartChangePassword', array($user, $oldpassword, $newpassword))){ + //no handler changed the password, so change the password internally + $original = clone($user); - $user->password = common_munge_password($newpassword, $user->id); + $user->password = common_munge_password($newpassword, $user->id); - $val = $user->validate(); - if ($val !== true) { - $this->showForm(_('Error saving user; invalid.')); - return; - } + $val = $user->validate(); + if ($val !== true) { + $this->showForm(_('Error saving user; invalid.')); + return; + } - if (!$user->update($original)) { - $this->serverError(_('Can\'t save new password.')); - return; + if (!$user->update($original)) { + $this->serverError(_('Can\'t save new password.')); + return; + } + Event::handle('EndChangePassword', array($user)); } $this->showForm(_('Password saved.'), true); diff --git a/actions/peoplesearch.php b/actions/peoplesearch.php index 38135ecbd..69de44859 100644 --- a/actions/peoplesearch.php +++ b/actions/peoplesearch.php @@ -61,7 +61,7 @@ class PeoplesearchAction extends SearchAction function showResults($q, $page) { $profile = new Profile(); - $search_engine = $profile->getSearchEngine('identica_people'); + $search_engine = $profile->getSearchEngine('profile'); $search_engine->set_sort_mode('chron'); // Ask for an extra to see if there's more. $search_engine->limit((($page-1)*PROFILES_PER_PAGE), PROFILES_PER_PAGE + 1); diff --git a/actions/profilesettings.php b/actions/profilesettings.php index 5445d9bb2..0a0cc5997 100644 --- a/actions/profilesettings.php +++ b/actions/profilesettings.php @@ -306,6 +306,16 @@ class ProfilesettingsAction extends AccountSettingsAction $profile->homepage = $homepage; $profile->bio = $bio; $profile->location = $location; + + $loc = Location::fromName($location); + + if (!empty($loc)) { + $profile->lat = $loc->lat; + $profile->lon = $loc->lon; + $profile->location_id = $loc->location_id; + $profile->location_ns = $loc->location_ns; + } + $profile->profileurl = common_profile_url($nickname); common_debug('Old profile: ' . common_log_objstring($orig_profile), __FILE__); diff --git a/actions/public.php b/actions/public.php index 73fad182a..982dfde15 100644 --- a/actions/public.php +++ b/actions/public.php @@ -131,6 +131,13 @@ class PublicAction extends Action return _('Public timeline'); } } + + function extraHead() + { + parent::extraHead(); + $this->element('meta', array('http-equiv' => 'X-XRDS-Location', + 'content' => common_local_url('publicxrds'))); + } /** * Output <head> elements for RSS and Atom feeds @@ -143,14 +150,12 @@ class PublicAction extends Action return array(new Feed(Feed::RSS1, common_local_url('publicrss'), _('Public Stream Feed (RSS 1.0)')), new Feed(Feed::RSS2, - common_local_url('api', - array('apiaction' => 'statuses', - 'method' => 'public_timeline.rss')), + common_local_url('ApiTimelinePublic', + array('format' => 'rss')), _('Public Stream Feed (RSS 2.0)')), new Feed(Feed::ATOM, - common_local_url('api', - array('apiaction' => 'statuses', - 'method' => 'public_timeline.atom')), + common_local_url('ApiTimelinePublic', + array('format' => 'atom')), _('Public Stream Feed (Atom)'))); } diff --git a/actions/publicxrds.php b/actions/publicxrds.php new file mode 100644 index 000000000..5fd4eead7 --- /dev/null +++ b/actions/publicxrds.php @@ -0,0 +1,81 @@ +<?php + +/** + * Public XRDS for OpenID + * + * PHP version 5 + * + * @category Action + * @package StatusNet + * @author Evan Prodromou <evan@status.net> + * @author Robin Millette <millette@status.net> + * @license http://www.fsf.org/licensing/licenses/agpl.html AGPLv3 + * @link http://status.net/ + * + * StatusNet - the distributed open-source microblogging tool + * Copyright (C) 2008, 2009, StatusNet, Inc. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +if (!defined('STATUSNET') && !defined('LACONICA')) { + exit(1); +} + +require_once INSTALLDIR.'/plugins/OpenID/openid.php'; +require_once INSTALLDIR.'/lib/xrdsoutputter.php'; + +/** + * Public XRDS + * + * @category Action + * @package StatusNet + * @author Evan Prodromou <evan@status.net> + * @author Robin Millette <millette@status.net> + * @author Craig Andrews <candrews@integralblue.com> + * @license http://www.fsf.org/licensing/licenses/agpl.html AGPLv3 + * @link http://status.net/ + * + * @todo factor out similarities with XrdsAction + */ +class PublicxrdsAction extends Action +{ + /** + * Is read only? + * + * @return boolean true + */ + function isReadOnly($args) + { + return true; + } + + /** + * Class handler. + * + * @param array $args array of arguments + * + * @return nothing + */ + function handle($args) + { + parent::handle($args); + $xrdsOutputter = new XRDSOutputter(); + $xrdsOutputter->startXRDS(); + Event::handle('StartPublicXRDS', array($this,&$xrdsOutputter)); + Event::handle('EndPublicXRDS', array($this,&$xrdsOutputter)); + $xrdsOutputter->endXRDS(); + } +} + diff --git a/actions/recoverpassword.php b/actions/recoverpassword.php index 9776c1fb4..dcff35f6e 100644 --- a/actions/recoverpassword.php +++ b/actions/recoverpassword.php @@ -149,13 +149,13 @@ class RecoverpasswordAction extends Action $this->elementStart('div', 'instructions'); if ($this->mode == 'recover') { $this->element('p', null, - _('If you\'ve forgotten or lost your' . + _('If you have forgotten or lost your' . ' password, you can get a new one sent to' . ' the email address you have stored' . ' in your account.')); } else if ($this->mode == 'reset') { $this->element('p', null, - _('You\'ve been identified. Enter a' . + _('You have been identified. Enter a' . ' new password below. ')); } $this->elementEnd('div'); @@ -185,10 +185,10 @@ class RecoverpasswordAction extends Action 'class' => 'form_settings', 'action' => common_local_url('recoverpassword'))); $this->elementStart('fieldset'); - $this->element('legend', null, _('Password recover')); + $this->element('legend', null, _('Password recovery')); $this->elementStart('ul', 'form_data'); $this->elementStart('li'); - $this->input('nicknameoremail', _('Nickname or email'), + $this->input('nicknameoremail', _('Nickname or email address'), $this->trimmed('nicknameoremail'), _('Your nickname on this server, ' . 'or your registered email address.')); diff --git a/actions/register.php b/actions/register.php index 100ab7424..57f8e7bdf 100644 --- a/actions/register.php +++ b/actions/register.php @@ -56,6 +56,12 @@ class RegisterAction extends Action var $registered = false; /** + * Are we processing an invite? + */ + + var $invite = null; + + /** * Prepare page to run * * @@ -191,7 +197,7 @@ class RegisterAction extends Action if (!$this->boolean('license')) { $this->showForm(_('You can\'t register if you don\'t '. 'agree to the license.')); - } else if ($email && !Validate::email($email, true)) { + } else if ($email && !Validate::email($email, common_config('email', 'check_domain'))) { $this->showForm(_('Not a valid email address.')); } else if (!Validate::string($nickname, array('min_length' => 1, 'max_length' => 64, diff --git a/actions/remotesubscribe.php b/actions/remotesubscribe.php index aee2a5d8e..74025cf80 100644 --- a/actions/remotesubscribe.php +++ b/actions/remotesubscribe.php @@ -151,7 +151,7 @@ class RemotesubscribeAction extends Action $this->profile_url = $this->trimmed('profile_url'); if (!$this->profile_url) { - $this->showForm(_('No such user')); + $this->showForm(_('No such user.')); return; } diff --git a/actions/replies.php b/actions/replies.php index 6003ad30b..a13b5a227 100644 --- a/actions/replies.php +++ b/actions/replies.php @@ -138,11 +138,25 @@ class RepliesAction extends OwnerDesignAction function getFeeds() { - $rssurl = common_local_url('repliesrss', - array('nickname' => $this->user->nickname)); - $rsstitle = sprintf(_('Feed for replies to %s'), $this->user->nickname); - - return array(new Feed(Feed::RSS1, $rssurl, $rsstitle)); + return array(new Feed(Feed::RSS1, + common_local_url('repliesrss', + array('nickname' => $this->user->nickname)), + sprintf(_('Replies feed for %s (RSS 1.0)'), + $this->user->nickname)), + new Feed(Feed::RSS2, + common_local_url('ApiTimelineMentions', + array( + 'id' => $this->user->nickname, + 'format' => 'rss')), + sprintf(_('Replies feed for %s (RSS 2.0)'), + $this->user->nickname)), + new Feed(Feed::ATOM, + common_local_url('ApiTimelineMentions', + array( + 'id' => $this->user->nickname, + 'format' => 'atom')), + sprintf(_('Replies feed for %s (Atom)'), + $this->user->nickname))); } /** diff --git a/actions/sandbox.php b/actions/sandbox.php new file mode 100644 index 000000000..5b034ff07 --- /dev/null +++ b/actions/sandbox.php @@ -0,0 +1,89 @@ +<?php +/** + * StatusNet, the distributed open-source microblogging tool + * + * Action class to sandbox an abusive user + * + * PHP version 5 + * + * LICENCE: This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * @category Action + * @package StatusNet + * @author Evan Prodromou <evan@status.net> + * @copyright 2009 StatusNet, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +if (!defined('STATUSNET')) { + exit(1); +} + +/** + * Sandbox a user. + * + * @category Action + * @package StatusNet + * @author Evan Prodromou <evan@status.net> + * @license http://www.fsf.org/licensing/licenses/agpl.html AGPLv3 + * @link http://status.net/ + */ + +class SandboxAction extends ProfileFormAction +{ + /** + * Check parameters + * + * @param array $args action arguments (URL, GET, POST) + * + * @return boolean success flag + */ + + function prepare($args) + { + if (!parent::prepare($args)) { + return false; + } + + $cur = common_current_user(); + + assert(!empty($cur)); // checked by parent + + if (!$cur->hasRight(Right::SANDBOXUSER)) { + $this->clientError(_("You cannot sandbox users on this site.")); + return false; + } + + assert(!empty($this->profile)); // checked by parent + + if ($this->profile->isSandboxed()) { + $this->clientError(_("User is already sandboxed.")); + return false; + } + + return true; + } + + /** + * Sandbox a user. + * + * @return void + */ + + function handlePost() + { + $this->profile->sandbox(); + } +} diff --git a/actions/showfavorites.php b/actions/showfavorites.php index b96d2af37..b12fcdd9a 100644 --- a/actions/showfavorites.php +++ b/actions/showfavorites.php @@ -164,13 +164,25 @@ class ShowfavoritesAction extends OwnerDesignAction function getFeeds() { - $feedurl = common_local_url('favoritesrss', - array('nickname' => - $this->user->nickname)); - $feedtitle = sprintf(_('Feed for favorites of %s'), - $this->user->nickname); - - return array(new Feed(Feed::RSS1, $feedurl, $feedtitle)); + return array(new Feed(Feed::RSS1, + common_local_url('favoritesrss', + array('nickname' => $this->user->nickname)), + sprintf(_('Feed for favorites of %s (RSS 1.0)'), + $this->user->nickname)), + new Feed(Feed::RSS2, + common_local_url('ApiTimelineFavorites', + array( + 'id' => $this->user->nickname, + 'format' => 'rss')), + sprintf(_('Feed for favorites of %s (RSS 2.0)'), + $this->user->nickname)), + new Feed(Feed::ATOM, + common_local_url('ApiTimelineFavorites', + array( + 'id' => $this->user->nickname, + 'format' => 'atom')), + sprintf(_('Feed for favorites of %s (Atom)'), + $this->user->nickname))); } /** diff --git a/actions/showgroup.php b/actions/showgroup.php index bfe45ddad..a4af29391 100644 --- a/actions/showgroup.php +++ b/actions/showgroup.php @@ -328,17 +328,15 @@ class ShowgroupAction extends GroupDesignAction sprintf(_('Notice feed for %s group (RSS 1.0)'), $this->group->nickname)), new Feed(Feed::RSS2, - common_local_url('api', - array('apiaction' => 'groups', - 'method' => 'timeline', - 'argument' => $this->group->nickname.'.rss')), + common_local_url('ApiTimelineGroup', + array('format' => 'rss', + 'id' => $this->group->nickname)), sprintf(_('Notice feed for %s group (RSS 2.0)'), $this->group->nickname)), new Feed(Feed::ATOM, - common_local_url('api', - array('apiaction' => 'groups', - 'method' => 'timeline', - 'argument' => $this->group->nickname.'.atom')), + common_local_url('ApiTimelineGroup', + array('format' => 'atom', + 'id' => $this->group->nickname)), sprintf(_('Notice feed for %s group (Atom)'), $this->group->nickname)), new Feed(Feed::FOAF, diff --git a/actions/shownotice.php b/actions/shownotice.php index 41408c23c..5d16fdad9 100644 --- a/actions/shownotice.php +++ b/actions/shownotice.php @@ -172,9 +172,9 @@ class ShownoticeAction extends OwnerDesignAction function title() { if (!empty($this->profile->fullname)) { - $base = $this->profile->fullname . ' (' . $this->user->nickname . ') '; + $base = $this->profile->fullname . ' (' . $this->profile->nickname . ') '; } else { - $base = $this->user->nickname; + $base = $this->profile->nickname; } return sprintf(_('%1$s\'s status on %2$s'), diff --git a/actions/showstream.php b/actions/showstream.php index b3a9b1f05..663638c18 100644 --- a/actions/showstream.php +++ b/actions/showstream.php @@ -33,6 +33,7 @@ if (!defined('STATUSNET') && !defined('LACONICA')) { } require_once INSTALLDIR.'/lib/personalgroupnav.php'; +require_once INSTALLDIR.'/lib/userprofile.php'; require_once INSTALLDIR.'/lib/noticelist.php'; require_once INSTALLDIR.'/lib/profileminilist.php'; require_once INSTALLDIR.'/lib/groupminilist.php'; @@ -128,17 +129,17 @@ class ShowstreamAction extends ProfileAction sprintf(_('Notice feed for %s (RSS 1.0)'), $this->user->nickname)), new Feed(Feed::RSS2, - common_local_url('api', - array('apiaction' => 'statuses', - 'method' => 'user_timeline', - 'argument' => $this->user->nickname.'.rss')), + common_local_url('ApiTimelineUser', + array( + 'id' => $this->user->nickname, + 'format' => 'rss')), sprintf(_('Notice feed for %s (RSS 2.0)'), $this->user->nickname)), new Feed(Feed::ATOM, - common_local_url('api', - array('apiaction' => 'statuses', - 'method' => 'user_timeline', - 'argument' => $this->user->nickname.'.atom')), + common_local_url('ApiTimelineUser', + array( + 'id' => $this->user->nickname, + 'format' => 'atom')), sprintf(_('Notice feed for %s (Atom)'), $this->user->nickname)), new Feed(Feed::FOAF, @@ -181,260 +182,8 @@ class ShowstreamAction extends ProfileAction function showProfile() { - $this->showProfileData(); - $this->showEntityActions(); - } - - function showProfileData() - { - if (Event::handle('StartProfilePageProfileSection', array(&$this, $this->profile))) { - - $this->elementStart('div', 'entity_profile vcard author'); - $this->element('h2', null, _('User profile')); - - if (Event::handle('StartProfilePageProfileElements', array(&$this, $this->profile))) { - - $this->showAvatar(); - $this->showNickname(); - $this->showFullName(); - $this->showLocation(); - $this->showHomepage(); - $this->showBio(); - $this->showProfileTags(); - - Event::handle('EndProfilePageProfileElements', array(&$this, $this->profile)); - } - - $this->elementEnd('div'); - Event::handle('EndProfilePageProfileSection', array(&$this, $this->profile)); - } - } - - function showAvatar() - { - if (Event::handle('StartProfilePageAvatar', array($this, $this->profile))) { - - $avatar = $this->profile->getAvatar(AVATAR_PROFILE_SIZE); - - $this->elementStart('dl', 'entity_depiction'); - $this->element('dt', null, _('Photo')); - $this->elementStart('dd'); - $this->element('img', array('src' => ($avatar) ? $avatar->displayUrl() : Avatar::defaultImage(AVATAR_PROFILE_SIZE), - 'class' => 'photo avatar', - 'width' => AVATAR_PROFILE_SIZE, - 'height' => AVATAR_PROFILE_SIZE, - 'alt' => $this->profile->nickname)); - $this->elementEnd('dd'); - - $user = User::staticGet('id', $this->profile->id); - - $cur = common_current_user(); - if ($cur && $cur->id == $user->id) { - $this->elementStart('dd'); - $this->element('a', array('href' => common_local_url('avatarsettings')), _('Edit Avatar')); - $this->elementEnd('dd'); - } - - $this->elementEnd('dl'); - - Event::handle('EndProfilePageAvatar', array($this, $this->profile)); - } - } - - function showNickname() - { - if (Event::handle('StartProfilePageNickname', array($this, $this->profile))) { - - $this->elementStart('dl', 'entity_nickname'); - $this->element('dt', null, _('Nickname')); - $this->elementStart('dd'); - $hasFN = ($this->profile->fullname) ? 'nickname url uid' : 'fn nickname url uid'; - $this->element('a', array('href' => $this->profile->profileurl, - 'rel' => 'me', 'class' => $hasFN), - $this->profile->nickname); - $this->elementEnd('dd'); - $this->elementEnd('dl'); - - Event::handle('EndProfilePageNickname', array($this, $this->profile)); - } - } - - function showFullName() - { - if (Event::handle('StartProfilePageFullName', array($this, $this->profile))) { - if ($this->profile->fullname) { - $this->elementStart('dl', 'entity_fn'); - $this->element('dt', null, _('Full name')); - $this->elementStart('dd'); - $this->element('span', 'fn', $this->profile->fullname); - $this->elementEnd('dd'); - $this->elementEnd('dl'); - } - Event::handle('EndProfilePageFullName', array($this, $this->profile)); - } - } - - function showLocation() - { - if (Event::handle('StartProfilePageLocation', array($this, $this->profile))) { - if ($this->profile->location) { - $this->elementStart('dl', 'entity_location'); - $this->element('dt', null, _('Location')); - $this->element('dd', 'label', $this->profile->location); - $this->elementEnd('dl'); - } - Event::handle('EndProfilePageLocation', array($this, $this->profile)); - } - } - - function showHomepage() - { - if (Event::handle('StartProfilePageHomepage', array($this, $this->profile))) { - if ($this->profile->homepage) { - $this->elementStart('dl', 'entity_url'); - $this->element('dt', null, _('URL')); - $this->elementStart('dd'); - $this->element('a', array('href' => $this->profile->homepage, - 'rel' => 'me', 'class' => 'url'), - $this->profile->homepage); - $this->elementEnd('dd'); - $this->elementEnd('dl'); - } - Event::handle('EndProfilePageHomepage', array($this, $this->profile)); - } - } - - function showBio() - { - if (Event::handle('StartProfilePageBio', array($this, $this->profile))) { - if ($this->profile->bio) { - $this->elementStart('dl', 'entity_note'); - $this->element('dt', null, _('Note')); - $this->element('dd', 'note', $this->profile->bio); - $this->elementEnd('dl'); - } - Event::handle('EndProfilePageBio', array($this, $this->profile)); - } - } - - function showProfileTags() - { - if (Event::handle('StartProfilePageProfileTags', array($this, $this->profile))) { - $tags = Profile_tag::getTags($this->profile->id, $this->profile->id); - - if (count($tags) > 0) { - $this->elementStart('dl', 'entity_tags'); - $this->element('dt', null, _('Tags')); - $this->elementStart('dd'); - $this->elementStart('ul', 'tags xoxo'); - foreach ($tags as $tag) { - $this->elementStart('li'); - // Avoid space by using raw output. - $pt = '<span class="mark_hash">#</span><a rel="tag" href="' . - common_local_url('peopletag', array('tag' => $tag)) . - '">' . $tag . '</a>'; - $this->raw($pt); - $this->elementEnd('li'); - } - $this->elementEnd('ul'); - $this->elementEnd('dd'); - $this->elementEnd('dl'); - } - Event::handle('EndProfilePageProfileTags', array($this, $this->profile)); - } - } - - function showEntityActions() - { - if (Event::handle('StartProfilePageActionsSection', array(&$this, $this->profile))) { - - $this->elementStart('div', 'entity_actions'); - $this->element('h2', null, _('User actions')); - $this->elementStart('ul'); - - if (Event::handle('StartProfilePageActionsElements', array(&$this, $this->profile))) { - if (empty($cur)) { // not logged in - $this->elementStart('li', 'entity_subscribe'); - $this->showRemoteSubscribeLink(); - $this->elementEnd('li'); - } else { - if ($cur->id == $this->profile->id) { // your own page - $this->elementStart('li', 'entity_edit'); - $this->element('a', array('href' => common_local_url('profilesettings'), - 'title' => _('Edit profile settings')), - _('Edit')); - $this->elementEnd('li'); - } else { // someone else's page - - // subscribe/unsubscribe button - - $this->elementStart('li', 'entity_subscribe'); - - if ($cur->isSubscribed($this->profile)) { - $usf = new UnsubscribeForm($this, $this->profile); - $usf->show(); - } else { - $sf = new SubscribeForm($this, $this->profile); - $sf->show(); - } - $this->elementEnd('li'); - - if ($cur->mutuallySubscribed($user)) { - - // message - - $this->elementStart('li', 'entity_send-a-message'); - $this->element('a', array('href' => common_local_url('newmessage', array('to' => $user->id)), - 'title' => _('Send a direct message to this user')), - _('Message')); - $this->elementEnd('li'); - - // nudge - - if ($user->email && $user->emailnotifynudge) { - $this->elementStart('li', 'entity_nudge'); - $nf = new NudgeForm($this, $user); - $nf->show(); - $this->elementEnd('li'); - } - } - - // block/unblock - - $blocked = $cur->hasBlocked($this->profile); - $this->elementStart('li', 'entity_block'); - if ($blocked) { - $ubf = new UnblockForm($this, $this->profile, - array('action' => 'showstream', - 'nickname' => $this->profile->nickname)); - $ubf->show(); - } else { - $bf = new BlockForm($this, $this->profile, - array('action' => 'showstream', - 'nickname' => $this->profile->nickname)); - $bf->show(); - } - $this->elementEnd('li'); - } - } - - Event::handle('EndProfilePageActionsElements', array(&$this, $this->profile)); - } - - $this->elementEnd('ul'); - $this->elementEnd('div'); - - Event::handle('EndProfilePageActionsSection', array(&$this, $this->profile)); - } - } - - function showRemoteSubscribeLink() - { - $url = common_local_url('remotesubscribe', - array('nickname' => $this->profile->nickname)); - $this->element('a', array('href' => $url, - 'class' => 'entity_remote_subscribe'), - _('Subscribe')); + $profile = new UserProfile($this, $this->user, $this->profile); + $profile->show(); } function showEmptyListMessage() diff --git a/actions/silence.php b/actions/silence.php new file mode 100644 index 000000000..206e5ba87 --- /dev/null +++ b/actions/silence.php @@ -0,0 +1,89 @@ +<?php +/** + * StatusNet, the distributed open-source microblogging tool + * + * Action class to silence an abusive user + * + * PHP version 5 + * + * LICENCE: This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * @category Action + * @package StatusNet + * @author Evan Prodromou <evan@status.net> + * @copyright 2009 StatusNet, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +if (!defined('STATUSNET')) { + exit(1); +} + +/** + * Silence a user. + * + * @category Action + * @package StatusNet + * @author Evan Prodromou <evan@status.net> + * @license http://www.fsf.org/licensing/licenses/agpl.html AGPLv3 + * @link http://status.net/ + */ + +class SilenceAction extends ProfileFormAction +{ + /** + * Check parameters + * + * @param array $args action arguments (URL, GET, POST) + * + * @return boolean success flag + */ + + function prepare($args) + { + if (!parent::prepare($args)) { + return false; + } + + $cur = common_current_user(); + + assert(!empty($cur)); // checked by parent + + if (!$cur->hasRight(Right::SILENCEUSER)) { + $this->clientError(_("You cannot silence users on this site.")); + return false; + } + + assert(!empty($this->profile)); // checked by parent + + if ($this->profile->isSilenced()) { + $this->clientError(_("User is already silenced.")); + return false; + } + + return true; + } + + /** + * Silence a user. + * + * @return void + */ + + function handlePost() + { + $this->profile->silence(); + } +} diff --git a/actions/siteadminpanel.php b/actions/siteadminpanel.php new file mode 100644 index 000000000..c316f8e17 --- /dev/null +++ b/actions/siteadminpanel.php @@ -0,0 +1,373 @@ +<?php +/** + * StatusNet, the distributed open-source microblogging tool + * + * Site administration panel + * + * PHP version 5 + * + * LICENCE: This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * @category Settings + * @package StatusNet + * @author Evan Prodromou <evan@status.net> + * @author Zach Copley <zach@status.net> + * @author Sarven Capadisli <csarven@status.net> + * @copyright 2008-2009 StatusNet, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +if (!defined('STATUSNET')) { + exit(1); +} + +/** + * Administer site settings + * + * @category Admin + * @package StatusNet + * @author Evan Prodromou <evan@status.net> + * @author Zach Copley <zach@status.net> + * @author Sarven Capadisli <csarven@status.net> + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +class SiteadminpanelAction extends AdminPanelAction +{ + /** + * Returns the page title + * + * @return string page title + */ + + function title() + { + return _('Site'); + } + + /** + * Instructions for using this form. + * + * @return string instructions + */ + + function getInstructions() + { + return _('Basic settings for this StatusNet site.'); + } + + /** + * Show the site admin panel form + * + * @return void + */ + + function showForm() + { + $form = new SiteAdminPanelForm($this); + $form->show(); + return; + } + + /** + * Save settings from the form + * + * @return void + */ + + function saveSettings() + { + static $settings = array('site' => array('name', 'broughtby', 'broughtbyurl', + 'email', 'timezone', 'language'), + 'snapshot' => array('run', 'reporturl', 'frequency')); + + static $booleans = array('site' => array('private')); + + $values = array(); + + foreach ($settings as $section => $parts) { + foreach ($parts as $setting) { + $values[$section][$setting] = $this->trimmed($setting); + } + } + + foreach ($booleans as $section => $parts) { + foreach ($parts as $setting) { + $values[$section][$setting] = ($this->boolean($setting)) ? 1 : 0; + } + } + + // This throws an exception on validation errors + + $this->validate($values); + + // assert(all values are valid); + + $config = new Config(); + + $config->query('BEGIN'); + + foreach ($settings as $section => $parts) { + foreach ($parts as $setting) { + Config::save($section, $setting, $values[$section][$setting]); + } + } + + foreach ($booleans as $section => $parts) { + foreach ($parts as $setting) { + Config::save($section, $setting, $values[$section][$setting]); + } + } + + $config->query('COMMIT'); + + return; + } + + function validate(&$values) + { + // Validate site name + + if (empty($values['site']['name'])) { + $this->clientError(_("Site name must have non-zero length.")); + } + + // Validate email + + $values['site']['email'] = common_canonical_email($values['site']['email']); + + if (empty($values['site']['email'])) { + $this->clientError(_('You must have a valid contact email address')); + } + if (!Validate::email($values['site']['email'], common_config('email', 'check_domain'))) { + $this->clientError(_('Not a valid email address')); + } + + // Validate timezone + + if (is_null($values['site']['timezone']) || + !in_array($values['site']['timezone'], DateTimeZone::listIdentifiers())) { + $this->clientError(_('Timezone not selected.')); + return; + } + + // Validate language + + if (!is_null($values['site']['language']) && + !in_array($values['site']['language'], array_keys(get_nice_language_list()))) { + $this->clientError(sprintf(_('Unknown language "%s"'), $values['site']['language'])); + } + + // Validate report URL + + if (!is_null($values['snapshot']['reporturl']) && + !Validate::uri($values['snapshot']['reporturl'], array('allowed_schemes' => array('http', 'https')))) { + $this->clientError(_("Invalid snapshot report URL.")); + } + + // Validate snapshot run value + + if (!in_array($values['snapshot']['run'], array('web', 'cron', 'never'))) { + $this->clientError(_("Invalid snapshot run value.")); + } + + // Validate snapshot run value + + if (!Validate::number($values['snapshot']['frequency'])) { + $this->clientError(_("Snapshot frequency must be a number.")); + } + + } +} + +class SiteAdminPanelForm extends Form +{ + /** + * ID of the form + * + * @return int ID of the form + */ + + function id() + { + return 'form_site_admin_panel'; + } + + /** + * class of the form + * + * @return string class of the form + */ + + function formClass() + { + return 'form_settings'; + } + + /** + * Action of the form + * + * @return string URL of the action + */ + + function action() + { + return common_local_url('siteadminpanel'); + } + + /** + * Data elements of the form + * + * @return void + */ + + function formData() + { + $this->out->elementStart('ul', 'form_data'); + $this->li(); + $this->input('name', _('Site name'), + _('The name of your site, like "Yourcompany Microblog"')); + $this->unli(); + $this->li(); + $this->input('broughtby', _('Brought by'), + _('Text used for credits link in footer of each page')); + $this->unli(); + $this->li(); + $this->input('broughtbyurl', _('Brought by URL'), + _('URL used for credits link in footer of each page')); + $this->unli(); + $this->li(); + $this->input('email', _('Email'), + _('contact email address for your site')); + + $this->unli(); + + $timezones = array(); + + foreach (DateTimeZone::listIdentifiers() as $k => $v) { + $timezones[$v] = $v; + } + + asort($timezones); + + $this->li(); + + $this->out->dropdown('timezone', _('Default timezone'), + $timezones, _('Default timezone for the site; usually UTC.'), + true, $this->value('timezone')); + + $this->unli(); + $this->li(); + + $this->out->dropdown('language', _('Language'), + get_nice_language_list(), _('Default site language'), + false, $this->value('language')); + + $this->unli(); + $this->li(); + + $this->out->checkbox('private', _('Private'), + (bool) $this->value('private'), + _('Prohibit anonymous users (not logged in) from viewing site?')); + + $this->unli(); + + $this->li(); + + $snapshot = array('web' => _('Randomly during Web hit'), + 'cron' => _('In a scheduled job'), + 'never' => _('Never')); + + $this->out->dropdown('run', _('Data snapshots'), + $snapshot, _('When to send statistical data to status.net servers'), + false, $this->value('run', 'snapshot')); + + $this->unli(); + $this->li(); + + $this->input('frequency', _('Frequency'), + _('Snapshots will be sent once every N Web hits'), + 'snapshot'); + + $this->unli(); + + $this->li(); + + $this->input('reporturl', _('Report URL'), + _('Snapshots will be sent to this URL'), + 'snapshot'); + + $this->unli(); + + $this->out->elementEnd('ul'); + } + + /** + * Utility to simplify some of the duplicated code around + * params and settings. + * + * @param string $setting Name of the setting + * @param string $title Title to use for the input + * @param string $instructions Instructions for this field + * @param string $section config section, default = 'site' + * + * @return void + */ + + function input($setting, $title, $instructions, $section='site') + { + $this->out->input($setting, $title, $this->value($setting, $section), $instructions); + } + + /** + * Utility to simplify getting the posted-or-stored setting value + * + * @param string $setting Name of the setting + * @param string $main configuration section, default = 'site' + * + * @return string param value if posted, or current config value + */ + + function value($setting, $main='site') + { + $value = $this->out->trimmed($setting); + if (empty($value)) { + $value = common_config($main, $setting); + } + return $value; + } + + function li() + { + $this->out->elementStart('li'); + } + + function unli() + { + $this->out->elementEnd('li'); + } + + /** + * Action elements + * + * @return void + */ + + function formActions() + { + $this->out->submit('submit', _('Save'), 'submit', null, _('Save site settings')); + } +} diff --git a/actions/tag.php b/actions/tag.php index f0ab30308..3a88c1229 100644 --- a/actions/tag.php +++ b/actions/tag.php @@ -86,17 +86,15 @@ class TagAction extends Action sprintf(_('Notice feed for tag %s (RSS 1.0)'), $this->tag)), new Feed(Feed::RSS2, - common_local_url('api', - array('apiaction' => 'tags', - 'method' => 'timeline', - 'argument' => $this->tag.'.rss')), - sprintf(_('Notice feed for %s group (RSS 2.0)'), + common_local_url('ApiTimelineTag', + array('format' => 'rss', + 'tag' => $this->tag)), + sprintf(_('Notice feed for tag %s (RSS 2.0)'), $this->tag)), new Feed(Feed::ATOM, - common_local_url('api', - array('apiaction' => 'tags', - 'method' => 'timeline', - 'argument' => $this->tag.'.atom')), + common_local_url('ApiTimelineTag', + array('format' => 'atom', + 'tag' => $this->tag)), sprintf(_('Notice feed for tag %s (Atom)'), $this->tag))); } diff --git a/actions/twitapisearchatom.php b/actions/twitapisearchatom.php index 7d618c471..526ca2ae8 100644 --- a/actions/twitapisearchatom.php +++ b/actions/twitapisearchatom.php @@ -161,7 +161,7 @@ class TwitapisearchatomAction extends ApiAction // lcase it for comparison $q = strtolower($this->query); - $search_engine = $notice->getSearchEngine('identica_notices'); + $search_engine = $notice->getSearchEngine('notice'); $search_engine->set_sort_mode('chron'); $search_engine->limit(($this->page - 1) * $this->rpp, $this->rpp + 1, true); diff --git a/actions/twitapisearchjson.php b/actions/twitapisearchjson.php index c7fa741a0..741ed78d6 100644 --- a/actions/twitapisearchjson.php +++ b/actions/twitapisearchjson.php @@ -121,7 +121,7 @@ class TwitapisearchjsonAction extends ApiAction // lcase it for comparison $q = strtolower($this->query); - $search_engine = $notice->getSearchEngine('identica_notices'); + $search_engine = $notice->getSearchEngine('notice'); $search_engine->set_sort_mode('chron'); $search_engine->limit(($this->page - 1) * $this->rpp, $this->rpp + 1, true); if (false === $search_engine->query($q)) { diff --git a/actions/unblock.php b/actions/unblock.php index dc28d5d54..c60458cd3 100644 --- a/actions/unblock.php +++ b/actions/unblock.php @@ -42,57 +42,25 @@ if (!defined('STATUSNET') && !defined('LACONICA')) { * @license http://www.fsf.org/licensing/licenses/agpl.html AGPLv3 * @link http://status.net/ */ -class UnblockAction extends Action -{ - var $profile = null; - /** - * Take arguments for running - * - * @param array $args $_REQUEST args - * - * @return boolean success flag - */ +class UnblockAction extends ProfileFormAction +{ function prepare($args) { - parent::prepare($args); - if (!common_logged_in()) { - $this->clientError(_('Not logged in.')); - return false; - } - $token = $this->trimmed('token'); - if (!$token || $token != common_session_token()) { - $this->clientError(_('There was a problem with your session token. Try again, please.')); - return; - } - $id = $this->trimmed('unblockto'); - if (!$id) { - $this->clientError(_('No profile specified.')); + if (!parent::prepare($args)) { return false; } - $this->profile = Profile::staticGet('id', $id); - if (!$this->profile) { - $this->clientError(_('No profile with that ID.')); + + $cur = common_current_user(); + + assert(!empty($cur)); // checked by parent + + if (!$cur->hasBlocked($this->profile)) { + $this->clientError(_("You haven't blocked that user.")); return false; } - return true; - } - /** - * Handle request - * - * Shows a page with list of favorite notices - * - * @param array $args $_REQUEST args; handled in prepare() - * - * @return void - */ - function handle($args) - { - parent::handle($args); - if ($_SERVER['REQUEST_METHOD'] == 'POST') { - $this->unblockProfile(); - } + return true; } /** @@ -100,7 +68,8 @@ class UnblockAction extends Action * * @return void */ - function unblockProfile() + + function handlePost() { $cur = common_current_user(); $result = $cur->unblock($this->profile); @@ -108,20 +77,5 @@ class UnblockAction extends Action $this->serverError(_('Error removing the block.')); return; } - foreach ($this->args as $k => $v) { - if ($k == 'returnto-action') { - $action = $v; - } else if (substr($k, 0, 9) == 'returnto-') { - $args[substr($k, 9)] = $v; - } - } - if ($action) { - common_redirect(common_local_url($action, $args), 303); - } else { - common_redirect(common_local_url('subscribers', - array('nickname' => $cur->nickname)), - 303); - } } } - diff --git a/actions/unsandbox.php b/actions/unsandbox.php new file mode 100644 index 000000000..22f4d8e76 --- /dev/null +++ b/actions/unsandbox.php @@ -0,0 +1,89 @@ +<?php +/** + * StatusNet, the distributed open-source microblogging tool + * + * Action class to unsandbox a user + * + * PHP version 5 + * + * LICENCE: This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * @category Action + * @package StatusNet + * @author Evan Prodromou <evan@status.net> + * @copyright 2009 StatusNet, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +if (!defined('STATUSNET')) { + exit(1); +} + +/** + * Unsandbox a user. + * + * @category Action + * @package StatusNet + * @author Evan Prodromou <evan@status.net> + * @license http://www.fsf.org/licensing/licenses/agpl.html AGPLv3 + * @link http://status.net/ + */ + +class UnsandboxAction extends ProfileFormAction +{ + /** + * Check parameters + * + * @param array $args action arguments (URL, GET, POST) + * + * @return boolean success flag + */ + + function prepare($args) + { + if (!parent::prepare($args)) { + return false; + } + + $cur = common_current_user(); + + assert(!empty($cur)); // checked by parent + + if (!$cur->hasRight(Right::SANDBOXUSER)) { + $this->clientError(_("You cannot sandbox users on this site.")); + return false; + } + + assert(!empty($this->profile)); // checked by parent + + if (!$this->profile->isSandboxed()) { + $this->clientError(_("User is not sandboxed.")); + return false; + } + + return true; + } + + /** + * Unsandbox a user. + * + * @return void + */ + + function handlePost() + { + $this->profile->unsandbox(); + } +} diff --git a/actions/unsilence.php b/actions/unsilence.php new file mode 100644 index 000000000..9ff1b828b --- /dev/null +++ b/actions/unsilence.php @@ -0,0 +1,89 @@ +<?php +/** + * StatusNet, the distributed open-source microblogging tool + * + * Action class to unsilence a user + * + * PHP version 5 + * + * LICENCE: This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * @category Action + * @package StatusNet + * @author Evan Prodromou <evan@status.net> + * @copyright 2009 StatusNet, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +if (!defined('STATUSNET')) { + exit(1); +} + +/** + * Silence a user. + * + * @category Action + * @package StatusNet + * @author Evan Prodromou <evan@status.net> + * @license http://www.fsf.org/licensing/licenses/agpl.html AGPLv3 + * @link http://status.net/ + */ + +class UnsilenceAction extends ProfileFormAction +{ + /** + * Check parameters + * + * @param array $args action arguments (URL, GET, POST) + * + * @return boolean success flag + */ + + function prepare($args) + { + if (!parent::prepare($args)) { + return false; + } + + $cur = common_current_user(); + + assert(!empty($cur)); // checked by parent + + if (!$cur->hasRight(Right::SILENCEUSER)) { + $this->clientError(_("You cannot silence users on this site.")); + return false; + } + + assert(!empty($this->profile)); // checked by parent + + if (!$this->profile->isSilenced()) { + $this->clientError(_("User is not silenced.")); + return false; + } + + return true; + } + + /** + * Silence a user. + * + * @return void + */ + + function handlePost() + { + $this->profile->unsilence(); + } +} diff --git a/actions/useradminpanel.php b/actions/useradminpanel.php new file mode 100644 index 000000000..de475a27b --- /dev/null +++ b/actions/useradminpanel.php @@ -0,0 +1,228 @@ +<?php +/** + * StatusNet, the distributed open-source microblogging tool + * + * User administration panel + * + * PHP version 5 + * + * LICENCE: This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * @category Settings + * @package StatusNet + * @author Evan Prodromou <evan@status.net> + * @author Zach Copley <zach@status.net> + * @author Sarven Capadisli <csarven@status.net> + * @copyright 2008-2009 StatusNet, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +if (!defined('STATUSNET')) { + exit(1); +} + +/** + * Administer user settings + * + * @category Admin + * @package StatusNet + * @author Evan Prodromou <evan@status.net> + * @author Zach Copley <zach@status.net> + * @author Sarven Capadisli <csarven@status.net> + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +class UseradminpanelAction extends AdminPanelAction +{ + /** + * Returns the page title + * + * @return string page title + */ + + function title() + { + return _('User'); + } + + /** + * Instructions for using this form. + * + * @return string instructions + */ + + function getInstructions() + { + return _('User settings for this StatusNet site.'); + } + + /** + * Show the site admin panel form + * + * @return void + */ + + function showForm() + { + $form = new UserAdminPanelForm($this); + $form->show(); + return; + } + + /** + * Save settings from the form + * + * @return void + */ + + function saveSettings() + { + static $settings = array('theme'); + static $booleans = array('closed', 'inviteonly', 'private'); + + $values = array(); + + foreach ($settings as $setting) { + $values[$setting] = $this->trimmed($setting); + } + + // This throws an exception on validation errors + + $this->validate($values); + + // assert(all values are valid); + + $config = new Config(); + + $config->query('BEGIN'); + + foreach ($settings as $setting) { + Config::save('site', $setting, $values[$setting]); + } + + $config->query('COMMIT'); + + return; + } + + function validate(&$values) + { + } +} + +class UserAdminPanelForm extends Form +{ + /** + * ID of the form + * + * @return int ID of the form + */ + + function id() + { + return 'useradminpanel'; + } + + /** + * class of the form + * + * @return string class of the form + */ + + function formClass() + { + return 'form_user_admin_panel'; + } + + /** + * Action of the form + * + * @return string URL of the action + */ + + function action() + { + return common_local_url('useradminpanel'); + } + + /** + * Data elements of the form + * + * @return void + */ + + function formData() + { + $this->li(); + + $this->out->checkbox('closed', _('Closed'), + (bool) $this->value('closed'), + _('Is registration on this site prohibited?')); + + $this->unli(); + $this->li(); + + $this->out->checkbox('inviteonly', _('Invite-only'), + (bool) $this->value('inviteonly'), + _('Is registration on this site only open to invited users?')); + + $this->unli(); + } + + /** + * Utility to simplify some of the duplicated code around + * params and settings. + * + * @param string $setting Name of the setting + * @param string $title Title to use for the input + * @param string $instructions Instructions for this field + * + * @return void + */ + + function input($setting, $title, $instructions) + { + $this->out->input($setting, $title, $this->value($setting), $instructions); + } + + /** + * Utility to simplify getting the posted-or-stored setting value + * + * @param string $setting Name of the setting + * + * @return string param value if posted, or current config value + */ + + function value($cat, $setting) + { + $value = $this->out->trimmed($setting); + if (empty($value)) { + $value = common_config($cat, $setting); + } + return $value; + } + + /** + * Action elements + * + * @return void + */ + + function formActions() + { + $this->out->submit('submit', _('Save'), 'submit', null, _('Save site settings')); + } +} diff --git a/actions/userbyid.php b/actions/userbyid.php index 802bcb081..86a61f20b 100644 --- a/actions/userbyid.php +++ b/actions/userbyid.php @@ -74,8 +74,11 @@ class UserbyidAction extends Action $this->clientError(_('No such user.')); } - // support redirecting to FOAF rdf/xml if the agent prefers it - $page_prefs = 'application/rdf+xml,text/html,application/xhtml+xml,application/xml;q=0.3,text/xml;q=0.2'; + // Support redirecting to FOAF rdf/xml if the agent prefers it... + // Internet Explorer doesn't specify "text/html" and does list "*/*" + // at least through version 8. We need to list text/html up front to + // ensure that only user-agents who specifically ask for RDF get it. + $page_prefs = 'text/html,application/xhtml+xml,application/rdf+xml,application/xml;q=0.3,text/xml;q=0.2'; $httpaccept = isset($_SERVER['HTTP_ACCEPT']) ? $_SERVER['HTTP_ACCEPT'] : null; $type = common_negotiate_type(common_accept_to_prefs($httpaccept), diff --git a/actions/xrds.php b/actions/xrds.php index 8ba89fec0..534182e3e 100644 --- a/actions/xrds.php +++ b/actions/xrds.php @@ -36,6 +36,7 @@ if (!defined('STATUSNET') && !defined('LACONICA')) { require_once INSTALLDIR.'/lib/omb.php'; require_once INSTALLDIR.'/extlib/libomb/service_provider.php'; require_once INSTALLDIR.'/extlib/libomb/xrds_mapper.php'; +require_once INSTALLDIR.'/lib/xrdsoutputter.php'; /** * XRDS for OpenMicroBlogging @@ -49,6 +50,8 @@ require_once INSTALLDIR.'/extlib/libomb/xrds_mapper.php'; */ class XrdsAction extends Action { + var $user; + /** * Is read only? * @@ -58,60 +61,81 @@ class XrdsAction extends Action { return true; } - - /** - * Class handler. - * - * @param array $args query arguments - * - * @return void - */ - function handle($args) + + function prepare($args) { - parent::handle($args); + parent::prepare($args); $nickname = $this->trimmed('nickname'); - $user = User::staticGet('nickname', $nickname); - if (!$user) { + $this->user = User::staticGet('nickname', $nickname); + if (!$this->user) { $this->clientError(_('No such user.')); return; } - $this->showXrds($user); + return true; } /** - * Show XRDS for a user. + * Class handler. * - * @param class $user XRDS for this user. + * @param array $args query arguments * * @return void */ - function showXrds($user) + function handle($args) { - $srv = new OMB_Service_Provider(profile_to_omb_profile($user->uri, - $user->getProfile())); - /* Use libomb’s default XRDS Writer. */ - $xrds_writer = null; - $srv->writeXRDS(new Laconica_XRDS_Mapper(), $xrds_writer); - } -} + parent::handle($args); + $xrdsOutputter = new XRDSOutputter(); + $xrdsOutputter->startXRDS(); -class Laconica_XRDS_Mapper implements OMB_XRDS_Mapper -{ - protected $urls; + Event::handle('StartUserXRDS', array($this,&$xrdsOutputter)); - public function __construct() - { - $this->urls = array( - OAUTH_ENDPOINT_REQUEST => 'requesttoken', - OAUTH_ENDPOINT_AUTHORIZE => 'userauthorization', - OAUTH_ENDPOINT_ACCESS => 'accesstoken', - OMB_ENDPOINT_POSTNOTICE => 'postnotice', - OMB_ENDPOINT_UPDATEPROFILE => 'updateprofile'); - } + //oauth + $xrdsOutputter->elementStart('XRD', array('xmlns' => 'xri://$xrd*($v*2.0)', + 'xml:id' => 'oauth', + 'xmlns:simple' => 'http://xrds-simple.net/core/1.0', + 'version' => '2.0')); + $xrdsOutputter->element('Type', null, 'xri://$xrds*simple'); + $xrdsOutputter->showXrdsService(OAUTH_ENDPOINT_REQUEST, + common_local_url('requesttoken'), + array(OAUTH_AUTH_HEADER, OAUTH_POST_BODY, OAUTH_HMAC_SHA1), + null, + $this->user->uri); + $xrdsOutputter->showXrdsService( OAUTH_ENDPOINT_AUTHORIZE, + common_local_url('userauthorization'), + array(OAUTH_AUTH_HEADER, OAUTH_POST_BODY, OAUTH_HMAC_SHA1)); + $xrdsOutputter->showXrdsService(OAUTH_ENDPOINT_ACCESS, + common_local_url('accesstoken'), + array(OAUTH_AUTH_HEADER, OAUTH_POST_BODY, OAUTH_HMAC_SHA1)); + $xrdsOutputter->showXrdsService(OAUTH_ENDPOINT_RESOURCE, + null, + array(OAUTH_AUTH_HEADER, OAUTH_POST_BODY, OAUTH_HMAC_SHA1)); + $xrdsOutputter->elementEnd('XRD'); + + //omb + $xrdsOutputter->elementStart('XRD', array('xmlns' => 'xri://$xrd*($v*2.0)', + 'xml:id' => 'omb', + 'xmlns:simple' => 'http://xrds-simple.net/core/1.0', + 'version' => '2.0')); + $xrdsOutputter->element('Type', null, 'xri://$xrds*simple'); + $xrdsOutputter->showXrdsService(OMB_ENDPOINT_POSTNOTICE, + common_local_url('postnotice')); + $xrdsOutputter->showXrdsService(OMB_ENDPOINT_UPDATEPROFILE, + common_local_url('updateprofile')); + $xrdsOutputter->elementEnd('XRD'); + + Event::handle('EndUserXRDS', array($this,&$xrdsOutputter)); - public function getURL($action) - { - return common_local_url($this->urls[$action]); + //misc + $xrdsOutputter->elementStart('XRD', array('xmlns' => 'xri://$xrd*($v*2.0)', + 'version' => '2.0')); + $xrdsOutputter->showXrdsService(OAUTH_DISCOVERY, + '#oauth'); + $xrdsOutputter->showXrdsService(OMB_VERSION, + '#omb'); + $xrdsOutputter->elementEnd('XRD'); + + $xrdsOutputter->endXRDS(); + } } ?> |