diff options
Diffstat (limited to 'actions')
| -rw-r--r-- | actions/apioauthaccesstoken.php | 26 | ||||
| -rw-r--r-- | actions/apioauthauthorize.php | 32 | ||||
| -rw-r--r-- | actions/apioauthrequesttoken.php | 7 | ||||
| -rw-r--r-- | actions/deletegroup.php | 21 | ||||
| -rw-r--r-- | actions/designadminpanel.php | 4 | ||||
| -rw-r--r-- | actions/makeadmin.php | 2 |
6 files changed, 58 insertions, 34 deletions
diff --git a/actions/apioauthaccesstoken.php b/actions/apioauthaccesstoken.php index 663a7a2bb..6b36d1919 100644 --- a/actions/apioauthaccesstoken.php +++ b/actions/apioauthaccesstoken.php @@ -67,7 +67,7 @@ class ApiOauthAccessTokenAction extends ApiOauthAction $server->add_signature_method($hmac_method); - $atok = null; + $atok = $app = null; // XXX: Insist that oauth_token and oauth_verifier be populated? // Spec doesn't say they MUST be. @@ -78,7 +78,7 @@ class ApiOauthAccessTokenAction extends ApiOauthAction $this->reqToken = $req->get_parameter('oauth_token'); $this->verifier = $req->get_parameter('oauth_verifier'); - + $app = $datastore->getAppByRequestToken($this->reqToken); $atok = $server->fetch_access_token($req); } catch (OAuthException $e) { @@ -92,22 +92,26 @@ class ApiOauthAccessTokenAction extends ApiOauthAction // Token exchange failed -- log it - list($proxy, $ip) = common_client_ip(); - $msg = sprintf( - 'API OAuth - Failure exchanging request token for access token, ' - . 'request token = %s, verifier = %s, IP = %s, proxy = %s', + 'API OAuth - Failure exchanging OAuth request token for access token, ' + . 'request token = %s, verifier = %s', $this->reqToken, - $this->verifier, - $ip, - $proxy + $this->verifier ); - common_log(LOG_WARNING, $msg); - + common_log(LOG_WARNIGN, $msg); $this->clientError(_("Invalid request token or verifier.", 400, 'text')); } else { + common_log( + LOG_INFO, + sprintf( + "Issued now access token '%s' for application %d (%s).", + $atok->key, + $app->id, + $app->name + ) + ); $this->showAccessToken($atok); } } diff --git a/actions/apioauthauthorize.php b/actions/apioauthauthorize.php index ea5c30c2a..eb1000e25 100644 --- a/actions/apioauthauthorize.php +++ b/actions/apioauthauthorize.php @@ -113,14 +113,12 @@ class ApiOauthAuthorizeAction extends Action $this->reqToken = $this->store->getTokenByKey($this->oauthTokenParam); if (empty($this->reqToken)) { - $this->serverError( - _('Invalid request token.') - ); + $this->clientError(_('Invalid request token.')); } else { // Check to make sure we haven't already authorized the token if ($this->reqToken->state != 0) { - $this->clientError("Invalid request token."); + $this->clientError(_("Invalid request token.")); } } } @@ -240,15 +238,31 @@ class ApiOauthAuthorizeAction extends Action // Redirect the user to the provided OAuth callback common_redirect($targetUrl, 303); - } else { + } elseif ($this->app->type == 2) { + + // Strangely, a web application seems to want to do the OOB + // workflow. Because no callback was specified anywhere. common_log( - LOG_INFO, - "No oauth_callback parameter provided for application ID " - . $this->app->id - . " when authorizing request token." + LOG_WARNING, + sprintf( + "API OAuth - No callback provided for OAuth web client ID %s (%s) " + . "during authorization step. Falling back to OOB workflow.", + $this->app->id, + $this->app->name + ) ); } + common_log( + LOG_INFO, + sprintf( + "The request token '%s' for OAuth application %s (%s) has been authorized.", + $this->oauthTokenParam, + $this->app->id, + $this->app->name + ) + ); + // Otherwise, inform the user that the rt was authorized $this->showAuthorized(); diff --git a/actions/apioauthrequesttoken.php b/actions/apioauthrequesttoken.php index 478d2dbfc..376567125 100644 --- a/actions/apioauthrequesttoken.php +++ b/actions/apioauthrequesttoken.php @@ -146,7 +146,7 @@ class ApiOauthRequestTokenAction extends ApiOauthAction function verifyCallback($callback) { if ($callback == "oob") { - common_debug("OAuth request token requested for out of bounds client."); + common_debug("OAuth request token requested for out of band client."); // XXX: Should we throw an error if a client is registered as a // web application but requests the pin based workflow? For now I'm @@ -154,10 +154,7 @@ class ApiOauthRequestTokenAction extends ApiOauthAction return true; } else { - return Validate::uri( - $callback, - array('allowed_schemes' => array('http', 'https')) - ); + return Validate::uri($callback); } } diff --git a/actions/deletegroup.php b/actions/deletegroup.php index acb309e1d..62fff00c4 100644 --- a/actions/deletegroup.php +++ b/actions/deletegroup.php @@ -45,7 +45,6 @@ if (!defined('STATUSNET') && !defined('LACONICA')) { * @link http://status.net/ * @fixme merge more of this code with related variants */ - class DeletegroupAction extends RedirectingAction { var $group = null; @@ -56,12 +55,12 @@ class DeletegroupAction extends RedirectingAction * @fixme merge common setup code with other group actions * @fixme allow group admins to delete their own groups */ - function prepare($args) { parent::prepare($args); if (!common_logged_in()) { + // TRANS: Client error when trying to delete group while not logged in. $this->clientError(_('You must be logged in to delete a group.')); return false; } @@ -84,23 +83,27 @@ class DeletegroupAction extends RedirectingAction $local = Local_group::staticGet('nickname', $nickname); if (!$local) { + // TRANS: Client error when trying to delete a non-local group. $this->clientError(_('No such group.'), 404); return false; } $this->group = User_group::staticGet('id', $local->group_id); } else { + // TRANS: Client error when trying to delete a group without providing a nickname or ID for the group. $this->clientError(_('No nickname or ID.'), 404); return false; } if (!$this->group) { + // TRANS: Client error when trying to delete a non-existing group. $this->clientError(_('No such group.'), 404); return false; } $cur = common_current_user(); if (!$cur->hasRight(Right::DELETEGROUP)) { + // TRANS: Client error when trying to delete a group without having the rights to delete it. $this->clientError(_('You are not allowed to delete this group.'), 403); return false; } @@ -117,7 +120,6 @@ class DeletegroupAction extends RedirectingAction * * @return void */ - function handle($args) { parent::handle($args); @@ -143,14 +145,18 @@ class DeletegroupAction extends RedirectingAction Event::handle('EndDeleteGroup', array($this->group)); } } catch (Exception $e) { - $this->serverError(sprintf(_('Could not delete group %2$s.'), + // TRANS: Server error displayed if a group could not be deleted. + // TRANS: %s is the name of the group that could not be deleted. + $this->serverError(sprintf(_('Could not delete group %s.'), $this->group->nickname)); } if ($this->boolean('ajax')) { $this->startHTML('text/xml;charset=utf-8'); $this->elementStart('head'); - $this->element('title', null, sprintf(_('Deleted group %2$s'), + // TRANS: Message given after deleting a group. + // TRANS: %s is the deleted group's name. + $this->element('title', null, sprintf(_('Deleted group %s'), $this->group->nickname)); $this->elementEnd('head'); $this->elementStart('body'); @@ -166,6 +172,7 @@ class DeletegroupAction extends RedirectingAction } function title() { + // TRANS: Title. return _('Delete group'); } @@ -191,8 +198,10 @@ class DeletegroupAction extends RedirectingAction 'action' => common_local_url('deletegroup', array('id' => $this->group->id)))); $this->elementStart('fieldset'); $this->hidden('token', common_session_token()); + // TRANS: Form legend for deleting a group. $this->element('legend', _('Delete group')); if (Event::handle('StartDeleteGroupForm', array($this, $this->group))) { + // TRANS: Warning in form for deleleting a group. $this->element('p', null, _('Are you sure you want to delete this group? '. 'This will clear all data about the group from the '. @@ -223,4 +232,4 @@ class DeletegroupAction extends RedirectingAction $this->elementEnd('fieldset'); $this->elementEnd('form'); } -}
\ No newline at end of file +} diff --git a/actions/designadminpanel.php b/actions/designadminpanel.php index 587333e06..199be43ea 100644 --- a/actions/designadminpanel.php +++ b/actions/designadminpanel.php @@ -258,8 +258,8 @@ class DesignadminpanelAction extends AdminPanelAction function saveBackgroundImage() { $filename = null; - - if ($_FILES['design_background-image_file']['error'] == + if (isset($_FILES['design_background-image_file']['error']) && + $_FILES['design_background-image_file']['error'] == UPLOAD_ERR_OK) { $filepath = null; diff --git a/actions/makeadmin.php b/actions/makeadmin.php index 9ccb44230..4e6e97a56 100644 --- a/actions/makeadmin.php +++ b/actions/makeadmin.php @@ -148,7 +148,7 @@ class MakeadminAction extends RedirectingAction $this->group->getBestName()); } - $this->returnToArgs(); + $this->returnToPrevious(); } /** |