diff options
Diffstat (limited to 'actions')
| -rw-r--r-- | actions/apidirectmessagenew.php | 8 | ||||
| -rw-r--r-- | actions/apistatusesretweet.php | 2 | ||||
| -rw-r--r-- | actions/apistatusesupdate.php | 12 | ||||
| -rw-r--r-- | actions/apitimelinefavorites.php | 10 | ||||
| -rw-r--r-- | actions/block.php | 46 | ||||
| -rw-r--r-- | actions/deleteuser.php | 4 | ||||
| -rw-r--r-- | actions/favoritesrss.php | 2 | ||||
| -rw-r--r-- | actions/groupblock.php | 4 | ||||
| -rw-r--r-- | actions/login.php | 22 | ||||
| -rw-r--r-- | actions/register.php | 55 | ||||
| -rw-r--r-- | actions/showfavorites.php | 8 | ||||
| -rw-r--r-- | actions/twitapisearchatom.php | 20 |
12 files changed, 149 insertions, 44 deletions
diff --git a/actions/apidirectmessagenew.php b/actions/apidirectmessagenew.php index b9ac92d77..65d065648 100644 --- a/actions/apidirectmessagenew.php +++ b/actions/apidirectmessagenew.php @@ -52,7 +52,6 @@ require_once INSTALLDIR . '/lib/apiauth.php'; class ApiDirectMessageNewAction extends ApiAuthAction { - var $source = null; var $other = null; var $content = null; @@ -76,13 +75,6 @@ class ApiDirectMessageNewAction extends ApiAuthAction return; } - $this->source = $this->trimmed('source'); // Not supported by Twitter. - - $reserved_sources = array('web', 'omb', 'mail', 'xmpp', 'api'); - if (empty($this->source) || in_array($this->source, $reserved_sources)) { - $source = 'api'; - } - $this->content = $this->trimmed('text'); $this->user = $this->auth_user; diff --git a/actions/apistatusesretweet.php b/actions/apistatusesretweet.php index 128c881e2..9aa337485 100644 --- a/actions/apistatusesretweet.php +++ b/actions/apistatusesretweet.php @@ -79,7 +79,7 @@ class ApiStatusesRetweetAction extends ApiAuthAction $this->user = $this->auth_user; - if ($this->user->id == $notice->profile_id) { + if ($this->user->id == $this->original->profile_id) { $this->clientError(_('Cannot repeat your own notice.'), 400, $this->format); return false; diff --git a/actions/apistatusesupdate.php b/actions/apistatusesupdate.php index d4ef6b550..e3e579b0d 100644 --- a/actions/apistatusesupdate.php +++ b/actions/apistatusesupdate.php @@ -64,8 +64,6 @@ class ApiStatusesUpdateAction extends ApiAuthAction var $lat = null; var $lon = null; - static $reserved_sources = array('web', 'omb', 'mail', 'xmpp', 'api'); - /** * Take arguments for running * @@ -80,19 +78,9 @@ class ApiStatusesUpdateAction extends ApiAuthAction parent::prepare($args); $this->status = $this->trimmed('status'); - $this->source = $this->trimmed('source'); $this->lat = $this->trimmed('lat'); $this->lon = $this->trimmed('long'); - // try to set the source attr from OAuth app - if (empty($this->source)) { - $this->source = $this->oauth_source; - } - - if (empty($this->source) || in_array($this->source, self::$reserved_sources)) { - $this->source = 'api'; - } - $this->in_reply_to_status_id = intval($this->trimmed('in_reply_to_status_id')); diff --git a/actions/apitimelinefavorites.php b/actions/apitimelinefavorites.php index 8cb2e808d..79632447e 100644 --- a/actions/apitimelinefavorites.php +++ b/actions/apitimelinefavorites.php @@ -185,17 +185,23 @@ class ApiTimelineFavoritesAction extends ApiBareAuthAction { $notices = array(); + common_debug("since id = " . $this->since_id . " max id = " . $this->max_id); + if (!empty($this->auth_user) && $this->auth_user->id == $this->user->id) { $notice = $this->user->favoriteNotices( + true, ($this->page-1) * $this->count, $this->count, - true + $this->since_id, + $this->max_id ); } else { $notice = $this->user->favoriteNotices( + false, ($this->page-1) * $this->count, $this->count, - false + $this->since_id, + $this->max_id ); } diff --git a/actions/block.php b/actions/block.php index 7f609c253..239a50868 100644 --- a/actions/block.php +++ b/actions/block.php @@ -87,13 +87,15 @@ class BlockAction extends ProfileFormAction { if ($_SERVER['REQUEST_METHOD'] == 'POST') { if ($this->arg('no')) { - $this->returnToArgs(); + $this->returnToPrevious(); } elseif ($this->arg('yes')) { $this->handlePost(); - $this->returnToArgs(); + $this->returnToPrevious(); } else { $this->showPage(); } + } else { + $this->showPage(); } } @@ -118,6 +120,12 @@ class BlockAction extends ProfileFormAction */ function areYouSureForm() { + // @fixme if we ajaxify the confirmation form, skip the preview on ajax hits + $profile = new ArrayWrapper(array($this->profile)); + $preview = new ProfileList($profile, $this); + $preview->show(); + + $id = $this->profile->id; $this->elementStart('form', array('id' => 'block-' . $id, 'method' => 'post', @@ -175,4 +183,38 @@ class BlockAction extends ProfileFormAction $this->autofocus('form_action-yes'); } + /** + * Override for form session token checks; on our first hit we're just + * requesting confirmation, which doesn't need a token. We need to be + * able to take regular GET requests from email! + * + * @throws ClientException if token is bad on POST request or if we have + * confirmation parameters which could trigger something. + */ + function checkSessionToken() + { + if ($_SERVER['REQUEST_METHOD'] == 'POST' || + $this->arg('yes') || + $this->arg('no')) { + + return parent::checkSessionToken(); + } + } + + /** + * If we reached this form without returnto arguments, return to the + * current user's subscription list. + * + * @return string URL + */ + function defaultReturnTo() + { + $user = common_current_user(); + if ($user) { + return common_local_url('subscribers', + array('nickname' => $user->nickname)); + } else { + return common_local_url('public'); + } + } } diff --git a/actions/deleteuser.php b/actions/deleteuser.php index 42ef4b9f5..c0a8b20e2 100644 --- a/actions/deleteuser.php +++ b/actions/deleteuser.php @@ -92,10 +92,10 @@ class DeleteuserAction extends ProfileFormAction { if ($_SERVER['REQUEST_METHOD'] == 'POST') { if ($this->arg('no')) { - $this->returnToArgs(); + $this->returnToPrevious(); } elseif ($this->arg('yes')) { $this->handlePost(); - $this->returnToArgs(); + $this->returnToPrevious(); } else { $this->showPage(); } diff --git a/actions/favoritesrss.php b/actions/favoritesrss.php index 62f06e841..51c92af93 100644 --- a/actions/favoritesrss.php +++ b/actions/favoritesrss.php @@ -89,7 +89,7 @@ class FavoritesrssAction extends Rss10Action function getNotices($limit=0) { $user = $this->user; - $notice = $user->favoriteNotices(0, $limit); + $notice = $user->favoriteNotices(false, 0, $limit); $notices = array(); while ($notice->fetch()) { $notices[] = clone($notice); diff --git a/actions/groupblock.php b/actions/groupblock.php index fc95c0e66..2e06dc324 100644 --- a/actions/groupblock.php +++ b/actions/groupblock.php @@ -117,7 +117,7 @@ class GroupblockAction extends RedirectingAction parent::handle($args); if ($_SERVER['REQUEST_METHOD'] == 'POST') { if ($this->arg('no')) { - $this->returnToArgs(); + $this->returnToPrevious(); } elseif ($this->arg('yes')) { $this->blockProfile(); } elseif ($this->arg('blockto')) { @@ -195,7 +195,7 @@ class GroupblockAction extends RedirectingAction return false; } - $this->returnToArgs(); + $this->returnToPrevious(); } /** diff --git a/actions/login.php b/actions/login.php index dc6352368..d3e4312f7 100644 --- a/actions/login.php +++ b/actions/login.php @@ -63,6 +63,28 @@ class LoginAction extends Action } /** + * Prepare page to run + * + * + * @param $args + * @return string title + */ + + function prepare($args) + { + parent::prepare($args); + + // @todo this check should really be in index.php for all sensitive actions + $ssl = common_config('site', 'ssl'); + if (empty($_SERVER['HTTPS']) && ($ssl == 'always' || $ssl == 'sometimes')) { + common_redirect(common_local_url('login')); + // exit + } + + return true; + } + + /** * Handle input, produce output * * Switches on request method; either shows the form or handles its input. diff --git a/actions/register.php b/actions/register.php index da8d0a0bb..2fc7ef921 100644 --- a/actions/register.php +++ b/actions/register.php @@ -74,6 +74,13 @@ class RegisterAction extends Action parent::prepare($args); $this->code = $this->trimmed('code'); + // @todo this check should really be in index.php for all sensitive actions + $ssl = common_config('site', 'ssl'); + if (empty($_SERVER['HTTPS']) && ($ssl == 'always' || $ssl == 'sometimes')) { + common_redirect(common_local_url('register')); + // exit + } + if (empty($this->code)) { common_ensure_session(); if (array_key_exists('invitecode', $_SESSION)) { @@ -491,6 +498,45 @@ class RegisterAction extends Action $this->elementStart('li'); $this->element('input', $attrs); $this->elementStart('label', array('class' => 'checkbox', 'for' => 'license')); + $this->raw($this->licenseCheckbox()); + $this->elementEnd('label'); + $this->elementEnd('li'); + } + $this->elementEnd('ul'); + $this->submit('submit', _('Register')); + $this->elementEnd('fieldset'); + $this->elementEnd('form'); + } + + function licenseCheckbox() + { + $out = ''; + switch (common_config('license', 'type')) { + case 'private': + // TRANS: Copyright checkbox label in registration dialog, for private sites. + $out .= htmlspecialchars(sprintf( + _('I understand that content and data of %1$s are private and confidential.'), + common_config('site', 'name'))); + // fall through + case 'allrightsreserved': + if ($out != '') { + $out .= ' '; + } + if (common_config('license', 'owner')) { + // TRANS: Copyright checkbox label in registration dialog, for all rights reserved with a specified copyright owner. + $out .= htmlspecialchars(sprintf( + _('My text and files are copyright by %1$s.'), + common_config('license', 'owner'))); + } else { + // TRANS: Copyright checkbox label in registration dialog, for all rights reserved with ownership left to contributors. + $out .= htmlspecialchars(_('My text and files remain under my own copyright.')); + } + // TRANS: Copyright checkbox label in registration dialog, for all rights reserved. + $out .= ' ' . _('All rights reserved.'); + break; + case 'cc': // fall through + default: + // TRANS: Copyright checkbox label in registration dialog, for Creative Commons-style licenses. $message = _('My text and files are available under %s ' . 'except this private data: password, ' . 'email address, IM address, and phone number.'); @@ -499,14 +545,9 @@ class RegisterAction extends Action '">' . htmlspecialchars(common_config('license', 'title')) . '</a>'; - $this->raw(sprintf(htmlspecialchars($message), $link)); - $this->elementEnd('label'); - $this->elementEnd('li'); + $out .= sprintf(htmlspecialchars($message), $link); } - $this->elementEnd('ul'); - $this->submit('submit', _('Register')); - $this->elementEnd('fieldset'); - $this->elementEnd('form'); + return $out; } /** diff --git a/actions/showfavorites.php b/actions/showfavorites.php index 4d776ef04..7f3c77ee2 100644 --- a/actions/showfavorites.php +++ b/actions/showfavorites.php @@ -121,11 +121,11 @@ class ShowfavoritesAction extends OwnerDesignAction // Show imported/gateway notices as well as local if // the user is looking at his own favorites - $this->notice = $this->user->favoriteNotices(($this->page-1)*NOTICES_PER_PAGE, - NOTICES_PER_PAGE + 1, true); + $this->notice = $this->user->favoriteNotices(true, ($this->page-1)*NOTICES_PER_PAGE, + NOTICES_PER_PAGE + 1); } else { - $this->notice = $this->user->favoriteNotices(($this->page-1)*NOTICES_PER_PAGE, - NOTICES_PER_PAGE + 1, false); + $this->notice = $this->user->favoriteNotices(false, ($this->page-1)*NOTICES_PER_PAGE, + NOTICES_PER_PAGE + 1); } if (empty($this->notice)) { diff --git a/actions/twitapisearchatom.php b/actions/twitapisearchatom.php index 24aa619bd..51e8a8881 100644 --- a/actions/twitapisearchatom.php +++ b/actions/twitapisearchatom.php @@ -342,10 +342,24 @@ class TwitapisearchatomAction extends ApiAction 'rel' => 'related', 'href' => $profile->avatarUrl())); - // TODO: Here is where we'd put in a link to an atom feed for threads + // @todo: Here is where we'd put in a link to an atom feed for threads + + $source = null; + + $ns = $notice->getSource(); + if ($ns) { + if (!empty($ns->name) && !empty($ns->url)) { + $source = '<a href="' + . htmlspecialchars($ns->url) + . '" rel="nofollow">' + . htmlspecialchars($ns->name) + . '</a>'; + } else { + $source = $ns->code; + } + } - $this->element("twitter:source", null, - htmlentities($this->sourceLink($notice->source))); + $this->element("twitter:source", null, $source); $this->elementStart('author'); |