9 files changed, 66 insertions, 15 deletions

diff --git a/classes/File.php b/classes/File.php
index ba8332841..33273bbdc 100644
--- a/classes/File.php
+++ b/classes/File.php
@@ -194,7 +194,11 @@ class File extends Memcached_DataObject
     {
         require_once 'MIME/Type/Extension.php';
         $mte = new MIME_Type_Extension();
-        $ext = $mte->getExtension($mimetype);
+        try {
+            $ext = $mte->getExtension($mimetype);
+        } catch ( Exception $e) {
+            $ext = strtolower(preg_replace('/\W/', '', $mimetype));
+        }
         $nickname = $profile->nickname;
         $datestamp = strftime('%Y%m%dT%H%M%S', time());
         $random = strtolower(common_confirmation_code(32));
@@ -281,7 +285,7 @@ class File extends Memcached_DataObject
         $enclosure->mimetype=$this->mimetype;
 
         if(! isset($this->filename)){
-            $notEnclosureMimeTypes = array('text/html','application/xhtml+xml');
+            $notEnclosureMimeTypes = array(null,'text/html','application/xhtml+xml');
             $mimetype = strtolower($this->mimetype);
             $semicolon = strpos($mimetype,';');
             if($semicolon){
diff --git a/classes/Group_alias.php b/classes/Group_alias.php
index be3d0a6c6..c5a1895a1 100644
--- a/classes/Group_alias.php
+++ b/classes/Group_alias.php
@@ -34,7 +34,7 @@ class Group_alias extends Memcached_DataObject
     public $modified;                        // timestamp()   not_null default_CURRENT_TIMESTAMP
 
     /* Static get */
-    function staticGet($k,$v=NULL) { return DB_DataObject::staticGet('Group_alias',$k,$v); }
+    function staticGet($k,$v=NULL) { return Memcached_DataObject::staticGet('Group_alias',$k,$v); }
 
     /* the code above is auto generated do not remove the tag below */
     ###END_AUTOCODE
diff --git a/classes/Notice.php b/classes/Notice.php
index 4c7e6ab4b..f7194e339 100644
--- a/classes/Notice.php
+++ b/classes/Notice.php
@@ -119,6 +119,9 @@ class Notice extends Memcached_DataObject
         // NOTE: we don't clear queue items
 
         $result = parent::delete();
+
+        $this->blowOnDelete();
+        return $result;
     }
 
     /**
@@ -421,6 +424,18 @@ class Notice extends Memcached_DataObject
         $profile->blowNoticeCount();
     }
 
+    /**
+     * Clear cache entries related to this notice at delete time.
+     * Necessary to avoid breaking paging on public, profile timelines.
+     */
+    function blowOnDelete()
+    {
+        $this->blowOnInsert();
+
+        self::blow('profile:notice_ids:%d;last', $this->profile_id);
+        self::blow('public;last');
+    }
+
     /** save all urls in the notice to the db
      *
      * follow redirects and save all available file information
@@ -589,7 +604,6 @@ class Notice extends Memcached_DataObject
                               array(),
                               'public',
                               $offset, $limit, $since_id, $max_id);
-
         return Notice::getStreamByIds($ids);
     }
 
@@ -1128,6 +1142,7 @@ class Notice extends Memcached_DataObject
 
         if ($source) {
             $xs->elementStart('source');
+            $xs->element('id', null, $profile->profileurl);
             $xs->element('title', null, $profile->nickname . " - " . common_config('site', 'name'));
             $xs->element('link', array('href' => $profile->profileurl));
             $user = User::staticGet('id', $profile->id);
@@ -1143,13 +1158,14 @@ class Notice extends Memcached_DataObject
             }
 
             $xs->element('icon', null, $profile->avatarUrl(AVATAR_PROFILE_SIZE));
+            $xs->element('updated', null, common_date_w3dtf($this->created));
         }
 
         if ($source) {
             $xs->elementEnd('source');
         }
 
-        $xs->element('title', null, $this->content);
+        $xs->element('title', null, common_xml_safe_str($this->content));
 
         if ($author) {
             $xs->raw($profile->asAtomAuthor());
@@ -1225,7 +1241,11 @@ class Notice extends Memcached_DataObject
             }
         }
 
-        $xs->element('content', array('type' => 'html'), $this->rendered);
+        $xs->element(
+            'content',
+            array('type' => 'html'),
+            common_xml_safe_str($this->rendered)
+        );
 
         $tag = new Notice_tag();
         $tag->notice_id = $this->id;
diff --git a/classes/Profile.php b/classes/Profile.php
index 91f6e4692..eded1ff71 100644
--- a/classes/Profile.php
+++ b/classes/Profile.php
@@ -732,6 +732,9 @@ class Profile extends Memcached_DataObject
     function hasRight($right)
     {
         $result = false;
+        if ($this->hasRole(Profile_role::DELETED)) {
+            return false;
+        }
         if (Event::handle('UserRightsCheck', array($this, $right, &$result))) {
             switch ($right)
             {
diff --git a/classes/Profile_role.php b/classes/Profile_role.php
index d0a0b31f0..e7aa1f0f0 100644
--- a/classes/Profile_role.php
+++ b/classes/Profile_role.php
@@ -53,6 +53,7 @@ class Profile_role extends Memcached_DataObject
     const ADMINISTRATOR = 'administrator';
     const SANDBOXED     = 'sandboxed';
     const SILENCED      = 'silenced';
+    const DELETED       = 'deleted'; // Pending final deletion of notices...
 
     public static function isValid($role)
     {
diff --git a/classes/Safe_DataObject.php b/classes/Safe_DataObject.php
index 021f7b506..08bc6846f 100644
--- a/classes/Safe_DataObject.php
+++ b/classes/Safe_DataObject.php
@@ -43,6 +43,25 @@ class Safe_DataObject extends DB_DataObject
     }
 
     /**
+     * Magic function called at clone() time.
+     *
+     * We use this to drop connection with some global resources.
+     * This supports the fairly common pattern where individual
+     * items being read in a loop via a single object are cloned
+     * for individual processing, then fall out of scope when the
+     * loop comes around again.
+     *
+     * As that triggers the destructor, we want to make sure that
+     * the original object doesn't have its database result killed.
+     * It will still be freed properly when the original object
+     * gets destroyed.
+     */
+    function __clone()
+    {
+        $this->_DB_resultid = false;
+    }
+
+    /**
      * Magic function called at serialize() time.
      *
      * We use this to drop a couple process-specific references
diff --git a/classes/User.php b/classes/User.php
index 330da039b..77091fad5 100644
--- a/classes/User.php
+++ b/classes/User.php
@@ -211,6 +211,7 @@ class User extends Memcached_DataObject
         if(! User::allowed_nickname($nickname)){
             common_log(LOG_WARNING, sprintf("Attempted to register a nickname that is not allowed: %s", $profile->nickname),
                        __FILE__);
+            return false;
         }
         $profile->profileurl = common_profile_url($nickname);
 
diff --git a/classes/User_group.php b/classes/User_group.php
index 0460c9870..110f08301 100644
--- a/classes/User_group.php
+++ b/classes/User_group.php
@@ -295,7 +295,7 @@ class User_group extends Memcached_DataObject
         }
 
         // If not, check local groups.
-    
+
         $group = Local_group::staticGet('nickname', $nickname);
         if (!empty($group)) {
             return User_group::staticGet('id', $group->group_id);
@@ -371,16 +371,15 @@ class User_group extends Memcached_DataObject
 
         if ($source) {
             $xs->elementStart('source');
+            $xs->element('id', null, $this->permalink());
             $xs->element('title', null, $profile->nickname . " - " . common_config('site', 'name'));
             $xs->element('link', array('href' => $this->permalink()));
-        }
-
-        if ($source) {
+            $xs->element('updated', null, $this->modified);
             $xs->elementEnd('source');
         }
 
         $xs->element('title', null, $this->nickname);
-        $xs->element('summary', null, $this->description);
+        $xs->element('summary', null, common_xml_safe_str($this->description));
 
         $xs->element('link', array('rel' => 'alternate',
                                    'href' => $this->permalink()));
@@ -390,7 +389,11 @@ class User_group extends Memcached_DataObject
         $xs->element('published', null, common_date_w3dtf($this->created));
         $xs->element('updated', null, common_date_w3dtf($this->modified));
 
-        $xs->element('content', array('type' => 'html'), $this->description);
+        $xs->element(
+            'content',
+            array('type' => 'html'),
+            common_xml_safe_str($this->description)
+        );
 
         $xs->elementEnd('entry');
 
@@ -455,7 +458,7 @@ class User_group extends Memcached_DataObject
         $group = new User_group();
 
         $group->query('BEGIN');
-        
+
         if (empty($uri)) {
             // fill in later...
             $uri = null;
@@ -483,7 +486,7 @@ class User_group extends Memcached_DataObject
             $result = $group->update($orig);
             if (!$result) {
                 common_log_db_error($group, 'UPDATE', __FILE__);
-                throw new ServerException(_('Could not set group uri.'));
+                throw new ServerException(_('Could not set group URI.'));
             }
         }
 
diff --git a/classes/User_username.php b/classes/User_username.php
index 853fd5cb8..8d99cddd3 100644
--- a/classes/User_username.php
+++ b/classes/User_username.php
@@ -55,7 +55,7 @@ class User_username extends Memcached_DataObject
 
     // now define the keys.
     function keys() {
-        return array('provider_name', 'username');
+        return array('provider_name' => 'K', 'username' => 'K');
     }
 
 }