summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/default.php3
-rw-r--r--lib/httpclient.php21
-rw-r--r--lib/installer.php576
-rw-r--r--lib/jabber.php179
-rw-r--r--lib/mail.php45
-rw-r--r--lib/noticelist.php13
-rw-r--r--lib/profileformaction.php25
-rw-r--r--lib/redirectingaction.php96
-rw-r--r--lib/stompqueuemanager.php29
-rw-r--r--lib/util.php75
10 files changed, 981 insertions, 81 deletions
diff --git a/lib/default.php b/lib/default.php
index ffeab70b3..fa4ece10a 100644
--- a/lib/default.php
+++ b/lib/default.php
@@ -72,6 +72,7 @@ $default =
'quote_identifiers' => false,
'type' => 'mysql',
'schemacheck' => 'runtime', // 'runtime' or 'script'
+ 'annotate_queries' => false, // true to add caller comments to queries, eg /* POST Notice::saveNew */
'log_queries' => false, // true to log all DB queries
'log_slow_queries' => 0), // if set, log queries taking over N seconds
'syslog' =>
@@ -87,6 +88,8 @@ $default =
'stomp_username' => null,
'stomp_password' => null,
'stomp_persistent' => true, // keep items across queue server restart, if persistence is enabled
+ 'stomp_transactions' => true, // use STOMP transactions to aid in detecting failures (supported by ActiveMQ, but not by all)
+ 'stomp_acks' => true, // send acknowledgements after successful processing (supported by ActiveMQ, but not by all)
'stomp_manual_failover' => true, // if multiple servers are listed, treat them as separate (enqueue on one randomly, listen on all)
'monitor' => null, // URL to monitor ping endpoint (work in progress)
'softlimit' => '90%', // total size or % of memory_limit at which to restart queue threads gracefully
diff --git a/lib/httpclient.php b/lib/httpclient.php
index 64a51353c..384626ae0 100644
--- a/lib/httpclient.php
+++ b/lib/httpclient.php
@@ -43,6 +43,9 @@ require_once 'HTTP/Request2/Response.php';
*
* This extends the HTTP_Request2_Response class with methods to get info
* about any followed redirects.
+ *
+ * Originally used the name 'HTTPResponse' to match earlier code, but
+ * this conflicts with a class in in the PECL HTTP extension.
*
* @category HTTP
* @package StatusNet
@@ -51,7 +54,7 @@ require_once 'HTTP/Request2/Response.php';
* @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
* @link http://status.net/
*/
-class HTTPResponse extends HTTP_Request2_Response
+class StatusNet_HTTPResponse extends HTTP_Request2_Response
{
function __construct(HTTP_Request2_Response $response, $url, $redirects=0)
{
@@ -146,7 +149,7 @@ class HTTPClient extends HTTP_Request2
/**
* Convenience function to run a GET request.
*
- * @return HTTPResponse
+ * @return StatusNet_HTTPResponse
* @throws HTTP_Request2_Exception
*/
public function get($url, $headers=array())
@@ -157,7 +160,7 @@ class HTTPClient extends HTTP_Request2
/**
* Convenience function to run a HEAD request.
*
- * @return HTTPResponse
+ * @return StatusNet_HTTPResponse
* @throws HTTP_Request2_Exception
*/
public function head($url, $headers=array())
@@ -171,7 +174,7 @@ class HTTPClient extends HTTP_Request2
* @param string $url
* @param array $headers optional associative array of HTTP headers
* @param array $data optional associative array or blob of form data to submit
- * @return HTTPResponse
+ * @return StatusNet_HTTPResponse
* @throws HTTP_Request2_Exception
*/
public function post($url, $headers=array(), $data=array())
@@ -183,7 +186,7 @@ class HTTPClient extends HTTP_Request2
}
/**
- * @return HTTPResponse
+ * @return StatusNet_HTTPResponse
* @throws HTTP_Request2_Exception
*/
protected function doRequest($url, $method, $headers)
@@ -217,12 +220,12 @@ class HTTPClient extends HTTP_Request2
}
/**
- * Actually performs the HTTP request and returns an HTTPResponse object
- * with response body and header info.
+ * Actually performs the HTTP request and returns a
+ * StatusNet_HTTPResponse object with response body and header info.
*
* Wraps around parent send() to add logging and redirection processing.
*
- * @return HTTPResponse
+ * @return StatusNet_HTTPResponse
* @throw HTTP_Request2_Exception
*/
public function send()
@@ -265,6 +268,6 @@ class HTTPClient extends HTTP_Request2
}
break;
} while ($maxRedirs);
- return new HTTPResponse($response, $this->getUrl(), $redirs);
+ return new StatusNet_HTTPResponse($response, $this->getUrl(), $redirs);
}
}
diff --git a/lib/installer.php b/lib/installer.php
new file mode 100644
index 000000000..589a19a66
--- /dev/null
+++ b/lib/installer.php
@@ -0,0 +1,576 @@
+<?php
+
+/**
+ * StatusNet - the distributed open-source microblogging tool
+ * Copyright (C) 2009, StatusNet, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * @category Installation
+ * @package Installation
+ *
+ * @author Adrian Lang <mail@adrianlang.de>
+ * @author Brenda Wallace <shiny@cpan.org>
+ * @author Brett Taylor <brett@webfroot.co.nz>
+ * @author Brion Vibber <brion@pobox.com>
+ * @author CiaranG <ciaran@ciarang.com>
+ * @author Craig Andrews <candrews@integralblue.com>
+ * @author Eric Helgeson <helfire@Erics-MBP.local>
+ * @author Evan Prodromou <evan@status.net>
+ * @author Robin Millette <millette@controlyourself.ca>
+ * @author Sarven Capadisli <csarven@status.net>
+ * @author Tom Adams <tom@holizz.com>
+ * @author Zach Copley <zach@status.net>
+ * @license GNU Affero General Public License http://www.gnu.org/licenses/
+ * @version 0.9.x
+ * @link http://status.net
+ */
+
+abstract class Installer
+{
+ /** Web site info */
+ public $sitename, $server, $path, $fancy;
+ /** DB info */
+ public $host, $dbname, $dbtype, $username, $password, $db;
+ /** Administrator info */
+ public $adminNick, $adminPass, $adminEmail, $adminUpdates;
+ /** Should we skip writing the configuration file? */
+ public $skipConfig = false;
+
+ public static $dbModules = array(
+ 'mysql' => array(
+ 'name' => 'MySQL',
+ 'check_module' => 'mysqli',
+ 'installer' => 'mysql_db_installer',
+ ),
+ 'pgsql' => array(
+ 'name' => 'PostgreSQL',
+ 'check_module' => 'pgsql',
+ 'installer' => 'pgsql_db_installer',
+ ),
+ );
+
+ /**
+ * Attempt to include a PHP file and report if it worked, while
+ * suppressing the annoying warning messages on failure.
+ */
+ private function haveIncludeFile($filename) {
+ $old = error_reporting(error_reporting() & ~E_WARNING);
+ $ok = include_once($filename);
+ error_reporting($old);
+ return $ok;
+ }
+
+ /**
+ * Check if all is ready for installation
+ *
+ * @return void
+ */
+ function checkPrereqs()
+ {
+ $pass = true;
+
+ if (file_exists(INSTALLDIR.'/config.php')) {
+ $this->warning('Config file "config.php" already exists.');
+ $pass = false;
+ }
+
+ if (version_compare(PHP_VERSION, '5.2.3', '<')) {
+ $errors[] = 'Require PHP version 5.2.3 or greater.';
+ $pass = false;
+ }
+
+ // Look for known library bugs
+ $str = "abcdefghijklmnopqrstuvwxyz";
+ $replaced = preg_replace('/[\p{Cc}\p{Cs}]/u', '*', $str);
+ if ($str != $replaced) {
+ $this->warning('PHP is linked to a version of the PCRE library ' .
+ 'that does not support Unicode properties. ' .
+ 'If you are running Red Hat Enterprise Linux / ' .
+ 'CentOS 5.4 or earlier, see <a href="' .
+ 'http://status.net/wiki/Red_Hat_Enterprise_Linux#PCRE_library' .
+ '">our documentation page</a> on fixing this.');
+ $pass = false;
+ }
+
+ $reqs = array('gd', 'curl',
+ 'xmlwriter', 'mbstring', 'xml', 'dom', 'simplexml');
+
+ foreach ($reqs as $req) {
+ if (!$this->checkExtension($req)) {
+ $this->warning(sprintf('Cannot load required extension: <code>%s</code>', $req));
+ $pass = false;
+ }
+ }
+
+ // Make sure we have at least one database module available
+ $missingExtensions = array();
+ foreach (self::$dbModules as $type => $info) {
+ if (!$this->checkExtension($info['check_module'])) {
+ $missingExtensions[] = $info['check_module'];
+ }
+ }
+
+ if (count($missingExtensions) == count(self::$dbModules)) {
+ $req = implode(', ', $missingExtensions);
+ $this->warning(sprintf('Cannot find a database extension. You need at least one of %s.', $req));
+ $pass = false;
+ }
+
+ if (!is_writable(INSTALLDIR)) {
+ $this->warning(sprintf('Cannot write config file to: <code>%s</code></p>', INSTALLDIR),
+ sprintf('On your server, try this command: <code>chmod a+w %s</code>', INSTALLDIR));
+ $pass = false;
+ }
+
+ // Check the subdirs used for file uploads
+ $fileSubdirs = array('avatar', 'background', 'file');
+ foreach ($fileSubdirs as $fileSubdir) {
+ $fileFullPath = INSTALLDIR."/$fileSubdir/";
+ if (!is_writable($fileFullPath)) {
+ $this->warning(sprintf('Cannot write to %s directory: <code>%s</code>', $fileSubdir, $fileFullPath),
+ sprintf('On your server, try this command: <code>chmod a+w %s</code>', $fileFullPath));
+ $pass = false;
+ }
+ }
+
+ return $pass;
+ }
+
+ /**
+ * Checks if a php extension is both installed and loaded
+ *
+ * @param string $name of extension to check
+ *
+ * @return boolean whether extension is installed and loaded
+ */
+ function checkExtension($name)
+ {
+ if (extension_loaded($name)) {
+ return true;
+ } elseif (function_exists('dl') && ini_get('enable_dl') && !ini_get('safe_mode')) {
+ // dl will throw a fatal error if it's disabled or we're in safe mode.
+ // More fun, it may not even exist under some SAPIs in 5.3.0 or later...
+ $soname = $name . '.' . PHP_SHLIB_SUFFIX;
+ if (PHP_SHLIB_SUFFIX == 'dll') {
+ $soname = "php_" . $soname;
+ }
+ return @dl($soname);
+ } else {
+ return false;
+ }
+ }
+
+ /**
+ * Basic validation on the database paramters
+ * Side effects: error output if not valid
+ *
+ * @return boolean success
+ */
+ function validateDb()
+ {
+ $fail = false;
+
+ if (empty($this->host)) {
+ $this->updateStatus("No hostname specified.", true);
+ $fail = true;
+ }
+
+ if (empty($this->database)) {
+ $this->updateStatus("No database specified.", true);
+ $fail = true;
+ }
+
+ if (empty($this->username)) {
+ $this->updateStatus("No username specified.", true);
+ $fail = true;
+ }
+
+ if (empty($this->sitename)) {
+ $this->updateStatus("No sitename specified.", true);
+ $fail = true;
+ }
+
+ return !$fail;
+ }
+
+ /**
+ * Basic validation on the administrator user paramters
+ * Side effects: error output if not valid
+ *
+ * @return boolean success
+ */
+ function validateAdmin()
+ {
+ $fail = false;
+
+ if (empty($this->adminNick)) {
+ $this->updateStatus("No initial StatusNet user nickname specified.", true);
+ $fail = true;
+ }
+ if ($this->adminNick && !preg_match('/^[0-9a-z]{1,64}$/', $this->adminNick)) {
+ $this->updateStatus('The user nickname "' . htmlspecialchars($this->adminNick) .
+ '" is invalid; should be plain letters and numbers no longer than 64 characters.', true);
+ $fail = true;
+ }
+ // @fixme hardcoded list; should use User::allowed_nickname()
+ // if/when it's safe to have loaded the infrastructure here
+ $blacklist = array('main', 'admin', 'twitter', 'settings', 'rsd.xml', 'favorited', 'featured', 'favoritedrss', 'featuredrss', 'rss', 'getfile', 'api', 'groups', 'group', 'peopletag', 'tag', 'user', 'message', 'conversation', 'bookmarklet', 'notice', 'attachment', 'search', 'index.php', 'doc', 'opensearch', 'robots.txt', 'xd_receiver.html', 'facebook');
+ if (in_array($this->adminNick, $blacklist)) {
+ $this->updateStatus('The user nickname "' . htmlspecialchars($this->adminNick) .
+ '" is reserved.', true);
+ $fail = true;
+ }
+
+ if (empty($this->adminPass)) {
+ $this->updateStatus("No initial StatusNet user password specified.", true);
+ $fail = true;
+ }
+
+ return !$fail;
+ }
+
+ /**
+ * Set up the database with the appropriate function for the selected type...
+ * Saves database info into $this->db.
+ *
+ * @return mixed array of database connection params on success, false on failure
+ */
+ function setupDatabase()
+ {
+ if ($this->db) {
+ throw new Exception("Bad order of operations: DB already set up.");
+ }
+ $method = self::$dbModules[$this->dbtype]['installer'];
+ $db = call_user_func(array($this, $method),
+ $this->host,
+ $this->database,
+ $this->username,
+ $this->password);
+ $this->db = $db;
+ return $this->db;
+ }
+
+ /**
+ * Set up a database on PostgreSQL.
+ * Will output status updates during the operation.
+ *
+ * @param string $host
+ * @param string $database
+ * @param string $username
+ * @param string $password
+ * @return mixed array of database connection params on success, false on failure
+ *
+ * @fixme escape things in the connection string in case we have a funny pass etc
+ */
+ function Pgsql_Db_installer($host, $database, $username, $password)
+ {
+ $connstring = "dbname=$database host=$host user=$username";
+
+ //No password would mean trust authentication used.
+ if (!empty($password)) {
+ $connstring .= " password=$password";
+ }
+ $this->updateStatus("Starting installation...");
+ $this->updateStatus("Checking database...");
+ $conn = pg_connect($connstring);
+
+ if ($conn ===false) {
+ $this->updateStatus("Failed to connect to database: $connstring");
+ return false;
+ }
+
+ //ensure database encoding is UTF8
+ $record = pg_fetch_object(pg_query($conn, 'SHOW server_encoding'));
+ if ($record->server_encoding != 'UTF8') {
+ $this->updateStatus("StatusNet requires UTF8 character encoding. Your database is ". htmlentities($record->server_encoding));
+ return false;
+ }
+
+ $this->updateStatus("Running database script...");
+ //wrap in transaction;
+ pg_query($conn, 'BEGIN');
+ $res = $this->runDbScript('statusnet_pg.sql', $conn, 'pgsql');
+
+ if ($res === false) {
+ $this->updateStatus("Can't run database script.", true);
+ return false;
+ }
+ foreach (array('sms_carrier' => 'SMS carrier',
+ 'notice_source' => 'notice source',
+ 'foreign_services' => 'foreign service')
+ as $scr => $name) {
+ $this->updateStatus(sprintf("Adding %s data to database...", $name));
+ $res = $this->runDbScript($scr.'.sql', $conn, 'pgsql');
+ if ($res === false) {
+ $this->updateStatus(sprintf("Can't run %d script.", $name), true);
+ return false;
+ }
+ }
+ pg_query($conn, 'COMMIT');
+
+ if (empty($password)) {
+ $sqlUrl = "pgsql://$username@$host/$database";
+ } else {
+ $sqlUrl = "pgsql://$username:$password@$host/$database";
+ }
+
+ $db = array('type' => 'pgsql', 'database' => $sqlUrl);
+
+ return $db;
+ }
+
+ /**
+ * Set up a database on MySQL.
+ * Will output status updates during the operation.
+ *
+ * @param string $host
+ * @param string $database
+ * @param string $username
+ * @param string $password
+ * @return mixed array of database connection params on success, false on failure
+ *
+ * @fixme escape things in the connection string in case we have a funny pass etc
+ */
+ function Mysql_Db_installer($host, $database, $username, $password)
+ {
+ $this->updateStatus("Starting installation...");
+ $this->updateStatus("Checking database...");
+
+ $conn = mysqli_init();
+ if (!$conn->real_connect($host, $username, $password)) {
+ $this->updateStatus("Can't connect to server '$host' as '$username'.", true);
+ return false;
+ }
+ $this->updateStatus("Changing to database...");
+ if (!$conn->select_db($database)) {
+ $this->updateStatus("Can't change to database.", true);
+ return false;
+ }
+
+ $this->updateStatus("Running database script...");
+ $res = $this->runDbScript('statusnet.sql', $conn);
+ if ($res === false) {
+ $this->updateStatus("Can't run database script.", true);
+ return false;
+ }
+ foreach (array('sms_carrier' => 'SMS carrier',
+ 'notice_source' => 'notice source',
+ 'foreign_services' => 'foreign service')
+ as $scr => $name) {
+ $this->updateStatus(sprintf("Adding %s data to database...", $name));
+ $res = $this->runDbScript($scr.'.sql', $conn);
+ if ($res === false) {
+ $this->updateStatus(sprintf("Can't run %d script.", $name), true);
+ return false;
+ }
+ }
+
+ $sqlUrl = "mysqli://$username:$password@$host/$database";
+ $db = array('type' => 'mysql', 'database' => $sqlUrl);
+ return $db;
+ }
+
+ /**
+ * Write a stock configuration file.
+ *
+ * @return boolean success
+ *
+ * @fixme escape variables in output in case we have funny chars, apostrophes etc
+ */
+ function writeConf()
+ {
+ // assemble configuration file in a string
+ $cfg = "<?php\n".
+ "if (!defined('STATUSNET') && !defined('LACONICA')) { exit(1); }\n\n".
+
+ // site name
+ "\$config['site']['name'] = '{$this->sitename}';\n\n".
+
+ // site location
+ "\$config['site']['server'] = '{$this->server}';\n".
+ "\$config['site']['path'] = '{$this->path}'; \n\n".
+
+ // checks if fancy URLs are enabled
+ ($this->fancy ? "\$config['site']['fancy'] = true;\n\n":'').
+
+ // database
+ "\$config['db']['database'] = '{$this->db['database']}';\n\n".
+ ($this->db['type'] == 'pgsql' ? "\$config['db']['quote_identifiers'] = true;\n\n":'').
+ "\$config['db']['type'] = '{$this->db['type']}';\n\n";
+ // write configuration file out to install directory
+ $res = file_put_contents(INSTALLDIR.'/config.php', $cfg);
+
+ return $res;
+ }
+
+ /**
+ * Install schema into the database
+ *
+ * @param string $filename location of database schema file
+ * @param dbconn $conn connection to database
+ * @param string $type type of database, currently mysql or pgsql
+ *
+ * @return boolean - indicating success or failure
+ */
+ function runDbScript($filename, $conn, $type = 'mysqli')
+ {
+ $sql = trim(file_get_contents(INSTALLDIR . '/db/' . $filename));
+ $stmts = explode(';', $sql);
+ foreach ($stmts as $stmt) {
+ $stmt = trim($stmt);
+ if (!mb_strlen($stmt)) {
+ continue;
+ }
+ // FIXME: use PEAR::DB or PDO instead of our own switch
+ switch ($type) {
+ case 'mysqli':
+ $res = $conn->query($stmt);
+ if ($res === false) {
+ $error = $conn->error();
+ }
+ break;
+ case 'pgsql':
+ $res = pg_query($conn, $stmt);
+ if ($res === false) {
+ $error = pg_last_error();
+ }
+ break;
+ default:
+ $this->updateStatus("runDbScript() error: unknown database type ". $type ." provided.");
+ }
+ if ($res === false) {
+ $this->updateStatus("ERROR ($error) for SQL '$stmt'");
+ return $res;
+ }
+ }
+ return true;
+ }
+
+ /**
+ * Create the initial admin user account.
+ * Side effect: may load portions of StatusNet framework.
+ * Side effect: outputs program info
+ */
+ function registerInitialUser()
+ {
+ define('STATUSNET', true);
+ define('LACONICA', true); // compatibility
+
+ require_once INSTALLDIR . '/lib/common.php';
+
+ $data = array('nickname' => $this->adminNick,
+ 'password' => $this->adminPass,
+ 'fullname' => $this->adminNick);
+ if ($this->adminEmail) {
+ $data['email'] = $this->adminEmail;
+ }
+ $user = User::register($data);
+
+ if (empty($user)) {
+ return false;
+ }
+
+ // give initial user carte blanche
+
+ $user->grantRole('owner');
+ $user->grantRole('moderator');
+ $user->grantRole('administrator');
+
+ // Attempt to do a remote subscribe to update@status.net
+ // Will fail if instance is on a private network.
+
+ if ($this->adminUpdates && class_exists('Ostatus_profile')) {
+ try {
+ $oprofile = Ostatus_profile::ensureProfileURL('http://update.status.net/');
+ Subscription::start($user->getProfile(), $oprofile->localProfile());
+ $this->updateStatus("Set up subscription to <a href='http://update.status.net/'>update@status.net</a>.");
+ } catch (Exception $e) {
+ $this->updateStatus("Could not set up subscription to <a href='http://update.status.net/'>update@status.net</a>.", true);
+ }
+ }
+
+ return true;
+ }
+
+ /**
+ * The beef of the installer!
+ * Create database, config file, and admin user.
+ *
+ * Prerequisites: validation of input data.
+ *
+ * @return boolean success
+ */
+ function doInstall()
+ {
+ $this->db = $this->setupDatabase();
+
+ if (!$this->db) {
+ // database connection failed, do not move on to create config file.
+ return false;
+ }
+
+ if (!$this->skipConfig) {
+ $this->updateStatus("Writing config file...");
+ $res = $this->writeConf();
+
+ if (!$res) {
+ $this->updateStatus("Can't write config file.", true);
+ return false;
+ }
+ }
+
+ if (!empty($this->adminNick)) {
+ // Okay, cross fingers and try to register an initial user
+ if ($this->registerInitialUser()) {
+ $this->updateStatus(
+ "An initial user with the administrator role has been created."
+ );
+ } else {
+ $this->updateStatus(
+ "Could not create initial StatusNet user (administrator).",
+ true
+ );
+ return false;
+ }
+ }
+
+ /*
+ TODO https needs to be considered
+ */
+ $link = "http://".$this->server.'/'.$this->path;
+
+ $this->updateStatus("StatusNet has been installed at $link");
+ $this->updateStatus(
+ "<strong>DONE!</strong> You can visit your <a href='$link'>new StatusNet site</a> (login as '$this->adminNick'). If this is your first StatusNet install, you may want to poke around our <a href='http://status.net/wiki/Getting_started'>Getting Started guide</a>."
+ );
+
+ return true;
+ }
+
+ /**
+ * Output a pre-install-time warning message
+ * @param string $message HTML ok, but should be plaintext-able
+ * @param string $submessage HTML ok, but should be plaintext-able
+ */
+ abstract function warning($message, $submessage='');
+
+ /**
+ * Output an install-time progress message
+ * @param string $message HTML ok, but should be plaintext-able
+ * @param boolean $error true if this should be marked as an error condition
+ */
+ abstract function updateStatus($status, $error=false);
+
+}
diff --git a/lib/jabber.php b/lib/jabber.php
index db4e2e9a7..cdcfc4423 100644
--- a/lib/jabber.php
+++ b/lib/jabber.php
@@ -34,39 +34,198 @@ if (!defined('STATUSNET') && !defined('LACONICA')) {
require_once 'XMPPHP/XMPP.php';
/**
- * checks whether a string is a syntactically valid Jabber ID (JID)
+ * Splits a Jabber ID (JID) into node, domain, and resource portions.
+ *
+ * Based on validation routine submitted by:
+ * @copyright 2009 Patrick Georgi <patrick@georgi-clan.de>
+ * @license Licensed under ISC-L, which is compatible with everything else that keeps the copyright notice intact.
*
* @param string $jid string to check
*
+ * @return array with "node", "domain", and "resource" indices
+ * @throws Exception if input is not valid
+ */
+
+function jabber_split_jid($jid)
+{
+ $chars = '';
+ /* the following definitions come from stringprep, Appendix C,
+ which is used in its entirety by nodeprop, Chapter 5, "Prohibited Output" */
+ /* C1.1 ASCII space characters */
+ $chars .= "\x{20}";
+ /* C1.2 Non-ASCII space characters */
+ $chars .= "\x{a0}\x{1680}\x{2000}-\x{200b}\x{202f}\x{205f}\x{3000a}";
+ /* C2.1 ASCII control characters */
+ $chars .= "\x{00}-\x{1f}\x{7f}";
+ /* C2.2 Non-ASCII control characters */
+ $chars .= "\x{80}-\x{9f}\x{6dd}\x{70f}\x{180e}\x{200c}\x{200d}\x{2028}\x{2029}\x{2060}-\x{2063}\x{206a}-\x{206f}\x{feff}\x{fff9}-\x{fffc}\x{1d173}-\x{1d17a}";
+ /* C3 - Private Use */
+ $chars .= "\x{e000}-\x{f8ff}\x{f0000}-\x{ffffd}\x{100000}-\x{10fffd}";
+ /* C4 - Non-character code points */
+ $chars .= "\x{fdd0}-\x{fdef}\x{fffe}\x{ffff}\x{1fffe}\x{1ffff}\x{2fffe}\x{2ffff}\x{3fffe}\x{3ffff}\x{4fffe}\x{4ffff}\x{5fffe}\x{5ffff}\x{6fffe}\x{6ffff}\x{7fffe}\x{7ffff}\x{8fffe}\x{8ffff}\x{9fffe}\x{9ffff}\x{afffe}\x{affff}\x{bfffe}\x{bffff}\x{cfffe}\x{cffff}\x{dfffe}\x{dffff}\x{efffe}\x{effff}\x{ffffe}\x{fffff}\x{10fffe}\x{10ffff}";
+ /* C5 - Surrogate codes */
+ $chars .= "\x{d800}-\x{dfff}";
+ /* C6 - Inappropriate for plain text */
+ $chars .= "\x{fff9}-\x{fffd}";
+ /* C7 - Inappropriate for canonical representation */
+ $chars .= "\x{2ff0}-\x{2ffb}";
+ /* C8 - Change display properties or are deprecated */
+ $chars .= "\x{340}\x{341}\x{200e}\x{200f}\x{202a}-\x{202e}\x{206a}-\x{206f}";
+ /* C9 - Tagging characters */
+ $chars .= "\x{e0001}\x{e0020}-\x{e007f}";
+
+ /* Nodeprep forbids some more characters */
+ $nodeprepchars = $chars;
+ $nodeprepchars .= "\x{22}\x{26}\x{27}\x{2f}\x{3a}\x{3c}\x{3e}\x{40}";
+
+ $parts = explode("/", $jid, 2);
+ if (count($parts) > 1) {
+ $resource = $parts[1];
+ if ($resource == '') {
+ // Warning: empty resource isn't legit.
+ // But if we're normalizing, we may as well take it...
+ }
+ } else {
+ $resource = null;
+ }
+
+ $node = explode("@", $parts[0]);
+ if ((count($node) > 2) || (count($node) == 0)) {
+ throw new Exception("Invalid JID: too many @s");
+ } else if (count($node) == 1) {
+ $domain = $node[0];
+ $node = null;
+ } else {
+ $domain = $node[1];
+ $node = $node[0];
+ if ($node == '') {
+ throw new Exception("Invalid JID: @ but no node");
+ }
+ }
+
+ // Length limits per http://xmpp.org/rfcs/rfc3920.html#addressing
+ if ($node !== null) {
+ if (strlen($node) > 1023) {
+ throw new Exception("Invalid JID: node too long.");
+ }
+ if (preg_match("/[".$nodeprepchars."]/u", $node)) {
+ throw new Exception("Invalid JID node '$node'");
+ }
+ }
+
+ if (strlen($domain) > 1023) {
+ throw new Exception("Invalid JID: domain too long.");
+ }
+ if (!common_valid_domain($domain)) {
+ throw new Exception("Invalid JID domain name '$domain'");
+ }
+
+ if ($resource !== null) {
+ if (strlen($resource) > 1023) {
+ throw new Exception("Invalid JID: resource too long.");
+ }
+ if (preg_match("/[".$chars."]/u", $resource)) {
+ throw new Exception("Invalid JID resource '$resource'");
+ }
+ }
+
+ return array('node' => is_null($node) ? null : mb_strtolower($node),
+ 'domain' => is_null($domain) ? null : mb_strtolower($domain),
+ 'resource' => $resource);
+}
+
+/**
+ * Checks whether a string is a syntactically valid Jabber ID (JID),
+ * either with or without a resource.
+ *
+ * Note that a bare domain can be a valid JID.
+ *
+ * @param string $jid string to check
+ * @param bool $check_domain whether we should validate that domain...
+ *
* @return boolean whether the string is a valid JID
*/
+function jabber_valid_full_jid($jid, $check_domain=false)
+{
+ try {
+ $parts = jabber_split_jid($jid);
+ if ($check_domain) {
+ if (!jabber_check_domain($parts['domain'])) {
+ return false;
+ }
+ }
+ return $parts['resource'] !== ''; // missing or present; empty ain't kosher
+ } catch (Exception $e) {
+ return false;
+ }
+}
-function jabber_valid_base_jid($jid)
+/**
+ * Checks whether a string is a syntactically valid base Jabber ID (JID).
+ * A base JID won't include a resource specifier on the end; since we
+ * take it off when reading input we can't really use them reliably
+ * to direct outgoing messages yet (sorry guys!)
+ *
+ * Note that a bare domain can be a valid JID.
+ *
+ * @param string $jid string to check
+ * @param bool $check_domain whether we should validate that domain...
+ *
+ * @return boolean whether the string is a valid JID
+ */
+function jabber_valid_base_jid($jid, $check_domain=false)
{
- // Cheap but effective
- return Validate::email($jid);
+ try {
+ $parts = jabber_split_jid($jid);
+ if ($check_domain) {
+ if (!jabber_check_domain($parts['domain'])) {
+ return false;
+ }
+ }
+ return ($parts['resource'] === null); // missing; empty ain't kosher
+ } catch (Exception $e) {
+ return false;
+ }
}
/**
- * normalizes a Jabber ID for comparison
+ * Normalizes a Jabber ID for comparison, dropping the resource component if any.
*
* @param string $jid JID to check
+ * @param bool $check_domain if true, reject if the domain isn't findable
*
* @return string an equivalent JID in normalized (lowercase) form
*/
function jabber_normalize_jid($jid)
{
- if (preg_match("/(?:([^\@]+)\@)?([^\/]+)(?:\/(.*))?$/", $jid, $matches)) {
- $node = $matches[1];
- $server = $matches[2];
- return strtolower($node.'@'.$server);
- } else {
+ try {
+ $parts = jabber_split_jid($jid);
+ if ($parts['node'] !== null) {
+ return $parts['node'] . '@' . $parts['domain'];
+ } else {
+ return $parts['domain'];
+ }
+ } catch (Exception $e) {
return null;
}
}
/**
+ * Check if this domain's got some legit DNS record
+ */
+function jabber_check_domain($domain)
+{
+ if (checkdnsrr("_xmpp-server._tcp." . $domain, "SRV")) {
+ return true;
+ }
+ if (checkdnsrr($domain, "ANY")) {
+ return true;
+ }
+ return false;
+}
+
+/**
* the JID of the Jabber daemon for this StatusNet instance
*
* @return string JID of the Jabber daemon
diff --git a/lib/mail.php b/lib/mail.php
index d73603694..5fc584e28 100644
--- a/lib/mail.php
+++ b/lib/mail.php
@@ -170,8 +170,10 @@ function mail_to_user(&$user, $subject, $body, $headers=array(), $address=null)
function mail_confirm_address($user, $code, $nickname, $address)
{
+ // TRANS: Subject for address confirmation email
$subject = _('Email address confirmation');
+ // TRANS: Body for address confirmation email.
$body = sprintf(_("Hey, %s.\n\n".
"Someone just entered this email address on %s.\n\n" .
"If it was you, and you want to confirm your entry, ".
@@ -237,11 +239,13 @@ function mail_subscribe_notify_profile($listenee, $other)
$headers = _mail_prepare_headers('subscribe', $listenee->nickname, $other->nickname);
$headers['From'] = mail_notify_from();
$headers['To'] = $name . ' <' . $listenee->email . '>';
+ // TRANS: Subject of new-subscriber notification e-mail
$headers['Subject'] = sprintf(_('%1$s is now listening to '.
'your notices on %2$s.'),
$other->getBestName(),
common_config('site', 'name'));
+ // TRANS: Main body of new-subscriber notification e-mail
$body = sprintf(_('%1$s is now listening to your notices on %2$s.'."\n\n".
"\t".'%3$s'."\n\n".
'%4$s'.
@@ -255,10 +259,13 @@ function mail_subscribe_notify_profile($listenee, $other)
common_config('site', 'name'),
$other->profileurl,
($other->location) ?
+ // TRANS: Profile info line in new-subscriber notification e-mail
sprintf(_("Location: %s"), $other->location) . "\n" : '',
($other->homepage) ?
+ // TRANS: Profile info line in new-subscriber notification e-mail
sprintf(_("Homepage: %s"), $other->homepage) . "\n" : '',
($other->bio) ?
+ // TRANS: Profile info line in new-subscriber notification e-mail
sprintf(_("Bio: %s"), $other->bio) . "\n\n" : '',
common_config('site', 'name'),
common_local_url('emailsettings'));
@@ -287,9 +294,11 @@ function mail_new_incoming_notify($user)
$headers['From'] = $user->incomingemail;
$headers['To'] = $name . ' <' . $user->email . '>';
+ // TRANS: Subject of notification mail for new posting email address
$headers['Subject'] = sprintf(_('New email address for posting to %s'),
common_config('site', 'name'));
+ // TRANS: Body of notification mail for new posting email address
$body = sprintf(_("You have a new posting address on %1\$s.\n\n".
"Send email to %2\$s to post new messages.\n\n".
"More email instructions at %3\$s.\n\n".
@@ -414,6 +423,7 @@ function mail_send_sms_notice_address($notice, $smsemail, $incomingemail)
$headers['From'] = ($incomingemail) ? $incomingemail : mail_notify_from();
$headers['To'] = $to;
+ // TRANS: Subject line for SMS-by-email notification messages
$headers['Subject'] = sprintf(_('%s status'),
$other->getBestName());
@@ -440,11 +450,11 @@ function mail_confirm_sms($code, $nickname, $address)
$headers['From'] = mail_notify_from();
$headers['To'] = $nickname . ' <' . $address . '>';
+ // TRANS: Subject line for SMS-by-email address confirmation message
$headers['Subject'] = _('SMS confirmation');
- // FIXME: I18N
-
- $body = "$nickname: confirm you own this phone number with this code:";
+ // TRANS: Main body heading for SMS-by-email address confirmation message
+ $body = sprintf(_("%s: confirm you own this phone number with this code:"), $nickname);
$body .= "\n\n";
$body .= $code;
$body .= "\n\n";
@@ -464,10 +474,12 @@ function mail_confirm_sms($code, $nickname, $address)
function mail_notify_nudge($from, $to)
{
common_init_locale($to->language);
+ // TRANS: Subject for 'nudge' notification email
$subject = sprintf(_('You\'ve been nudged by %s'), $from->nickname);
$from_profile = $from->getProfile();
+ // TRANS: Body for 'nudge' notification email
$body = sprintf(_("%1\$s (%2\$s) is wondering what you are up to ".
"these days and is inviting you to post some news.\n\n".
"So let's hear from you :)\n\n".
@@ -514,10 +526,12 @@ function mail_notify_message($message, $from=null, $to=null)
}
common_init_locale($to->language);
+ // TRANS: Subject for direct-message notification email
$subject = sprintf(_('New private message from %s'), $from->nickname);
$from_profile = $from->getProfile();
+ // TRANS: Body for direct-message notification email
$body = sprintf(_("%1\$s (%2\$s) sent you a private message:\n\n".
"------------------------------------------------------\n".
"%3\$s\n".
@@ -565,8 +579,10 @@ function mail_notify_fave($other, $user, $notice)
common_init_locale($other->language);
+ // TRANS: Subject for favorite notification email
$subject = sprintf(_('%s (@%s) added your notice as a favorite'), $bestname, $user->nickname);
+ // TRANS: Body for favorite notification email
$body = sprintf(_("%1\$s (@%7\$s) just added your notice from %2\$s".
" as one of their favorites.\n\n" .
"The URL of your notice is:\n\n" .
@@ -622,24 +638,25 @@ function mail_notify_attn($user, $notice)
common_switch_locale($user->language);
- if ($notice->conversation != $notice->id) {
- $conversationEmailText = "The full conversation can be read here:\n\n".
- "\t%5\$s\n\n ";
- $conversationUrl = common_local_url('conversation',
- array('id' => $notice->conversation)).'#notice-'.$notice->id;
- } else {
- $conversationEmailText = "%5\$s";
- $conversationUrl = null;
- }
+ if ($notice->hasConversation()) {
+ $conversationUrl = common_local_url('conversation',
+ array('id' => $notice->conversation)).'#notice-'.$notice->id;
+ // TRANS: Line in @-reply notification e-mail. %s is conversation URL.
+ $conversationEmailText = sprintf(_("The full conversation can be read here:\n\n".
+ "\t%s"), $conversationUrl) . "\n\n";
+ } else {
+ $conversationEmailText = '';
+ }
$subject = sprintf(_('%s (@%s) sent a notice to your attention'), $bestname, $sender->nickname);
+ // TRANS: Body of @-reply notification e-mail.
$body = sprintf(_("%1\$s (@%9\$s) just sent a notice to your attention (an '@-reply') on %2\$s.\n\n".
"The notice is here:\n\n".
"\t%3\$s\n\n" .
"It reads:\n\n".
"\t%4\$s\n\n" .
- $conversationEmailText .
+ "%5\$s" .
"You can reply back here:\n\n".
"\t%6\$s\n\n" .
"The list of all @-replies for you here:\n\n" .
@@ -652,7 +669,7 @@ function mail_notify_attn($user, $notice)
common_local_url('shownotice',
array('notice' => $notice->id)),//%3
$notice->content,//%4
- $conversationUrl,//%5
+ $conversationEmailText,//%5
common_local_url('newnotice',
array('replyto' => $sender->nickname, 'inreplyto' => $notice->id)),//%6
common_local_url('replies',
diff --git a/lib/noticelist.php b/lib/noticelist.php
index 83c8de9f6..4f997a328 100644
--- a/lib/noticelist.php
+++ b/lib/noticelist.php
@@ -543,18 +543,7 @@ class NoticeListItem extends Widget
function showContext()
{
- $hasConversation = false;
- if (!empty($this->notice->conversation)) {
- $conversation = Notice::conversationStream(
- $this->notice->conversation,
- 1,
- 1
- );
- if ($conversation->N > 0) {
- $hasConversation = true;
- }
- }
- if ($hasConversation) {
+ if ($this->notice->hasConversation()) {
$conv = Conversation::staticGet(
'id',
$this->notice->conversation
diff --git a/lib/profileformaction.php b/lib/profileformaction.php
index 8a934666e..0ffafe5fb 100644
--- a/lib/profileformaction.php
+++ b/lib/profileformaction.php
@@ -41,7 +41,7 @@ if (!defined('STATUSNET') && !defined('LACONICA')) {
* @link http://status.net/
*/
-class ProfileFormAction extends Action
+class ProfileFormAction extends RedirectingAction
{
var $profile = null;
@@ -102,29 +102,6 @@ class ProfileFormAction extends Action
}
/**
- * Return to the calling page based on hidden arguments
- *
- * @return void
- */
-
- function returnToArgs()
- {
- foreach ($this->args as $k => $v) {
- if ($k == 'returnto-action') {
- $action = $v;
- } else if (substr($k, 0, 9) == 'returnto-') {
- $args[substr($k, 9)] = $v;
- }
- }
-
- if ($action) {
- common_redirect(common_local_url($action, $args), 303);
- } else {
- $this->clientError(_("No return-to arguments."));
- }
- }
-
- /**
* handle a POST request
*
* sub-classes should overload this request
diff --git a/lib/redirectingaction.php b/lib/redirectingaction.php
new file mode 100644
index 000000000..f11585274
--- /dev/null
+++ b/lib/redirectingaction.php
@@ -0,0 +1,96 @@
+<?php
+/**
+ * Superclass for actions that redirect to a given return-to page on completion.
+ *
+ * PHP version 5
+ *
+ * StatusNet - the distributed open-source microblogging tool
+ * Copyright (C) 2009-2010, StatusNet, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * @category Action
+ * @package StatusNet
+ * @author Evan Prodromou <evan@status.net>
+ * @author Brion Vibber <brion@status.net>
+ * @license http://www.fsf.org/licensing/licenses/agpl.html AGPLv3
+ * @link http://status.net/
+ */
+
+if (!defined('STATUSNET') && !defined('LACONICA')) {
+ exit(1);
+}
+
+/**
+ * Superclass for actions that redirect to a given return-to page on completion.
+ *
+ * @category Action
+ * @package StatusNet
+ * @author Evan Prodromou <evan@status.net>
+ * @author Brion Vibber <brion@status.net>
+ * @license http://www.fsf.org/licensing/licenses/agpl.html AGPLv3
+ * @link http://status.net/
+ */
+
+
+class RedirectingAction extends Action
+{
+
+ /**
+ * Redirect browser to the page our hidden parameters requested,
+ * or if none given, to the url given by $this->defaultReturnTo().
+ *
+ * To be called only after successful processing.
+ *
+ * @fixme rename this -- it obscures Action::returnToArgs() which
+ * returns a list of arguments, and is a bit confusing.
+ *
+ * @return void
+ */
+ function returnToArgs()
+ {
+ // Now, gotta figure where we go back to
+ $action = false;
+ $args = array();
+ $params = array();
+ foreach ($this->args as $k => $v) {
+ if ($k == 'returnto-action') {
+ $action = $v;
+ } else if (substr($k, 0, 15) == 'returnto-param-') {
+ $params[substr($k, 15)] = $v;
+ } elseif (substr($k, 0, 9) == 'returnto-') {
+ $args[substr($k, 9)] = $v;
+ }
+ }
+
+ if ($action) {
+ common_redirect(common_local_url($action, $args, $params), 303);
+ } else {
+ $url = $this->defaultReturnToUrl();
+ }
+ common_redirect($url, 303);
+ }
+
+ /**
+ * If we reached this form without returnto arguments, where should
+ * we go? May be overridden by subclasses to a reasonable destination
+ * for that action; default implementation throws an exception.
+ *
+ * @return string URL
+ */
+ function defaultReturnTo()
+ {
+ $this->clientError(_("No return-to arguments."));
+ }
+}
diff --git a/lib/stompqueuemanager.php b/lib/stompqueuemanager.php
index 9af8b2f48..5d5c7ccfb 100644
--- a/lib/stompqueuemanager.php
+++ b/lib/stompqueuemanager.php
@@ -39,7 +39,8 @@ class StompQueueManager extends QueueManager
protected $base;
protected $control;
- protected $useTransactions = true;
+ protected $useTransactions;
+ protected $useAcks;
protected $sites = array();
protected $subscriptions = array();
@@ -59,11 +60,13 @@ class StompQueueManager extends QueueManager
} else {
$this->servers = array($server);
}
- $this->username = common_config('queue', 'stomp_username');
- $this->password = common_config('queue', 'stomp_password');
- $this->base = common_config('queue', 'queue_basename');
- $this->control = common_config('queue', 'control_channel');
- $this->breakout = common_config('queue', 'breakout');
+ $this->username = common_config('queue', 'stomp_username');
+ $this->password = common_config('queue', 'stomp_password');
+ $this->base = common_config('queue', 'queue_basename');
+ $this->control = common_config('queue', 'control_channel');
+ $this->breakout = common_config('queue', 'breakout');
+ $this->useTransactions = common_config('queue', 'stomp_transactions');
+ $this->useAcks = common_config('queue', 'stomp_acks');
}
/**
@@ -703,13 +706,15 @@ class StompQueueManager extends QueueManager
protected function ack($idx, $frame)
{
- if ($this->useTransactions) {
- if (empty($this->transaction[$idx])) {
- throw new Exception("Tried to ack but not in a transaction");
+ if ($this->useAcks) {
+ if ($this->useTransactions) {
+ if (empty($this->transaction[$idx])) {
+ throw new Exception("Tried to ack but not in a transaction");
+ }
+ $this->cons[$idx]->ack($frame, $this->transaction[$idx]);
+ } else {
+ $this->cons[$idx]->ack($frame);
}
- $this->cons[$idx]->ack($frame, $this->transaction[$idx]);
- } else {
- $this->cons[$idx]->ack($frame);
}
}
diff --git a/lib/util.php b/lib/util.php
index 58d54cda3..c0013bb3d 100644
--- a/lib/util.php
+++ b/lib/util.php
@@ -1308,12 +1308,38 @@ function common_mtrand($bytes)
return $enc;
}
+/**
+ * Record the given URL as the return destination for a future
+ * form submission, to be read by common_get_returnto().
+ *
+ * @param string $url
+ *
+ * @fixme as a session-global setting, this can allow multiple forms
+ * to conflict and overwrite each others' returnto destinations if
+ * the user has multiple tabs or windows open.
+ *
+ * Should refactor to index with a token or otherwise only pass the
+ * data along its intended path.
+ */
function common_set_returnto($url)
{
common_ensure_session();
$_SESSION['returnto'] = $url;
}
+/**
+ * Fetch a return-destination URL previously recorded by
+ * common_set_returnto().
+ *
+ * @return mixed URL string or null
+ *
+ * @fixme as a session-global setting, this can allow multiple forms
+ * to conflict and overwrite each others' returnto destinations if
+ * the user has multiple tabs or windows open.
+ *
+ * Should refactor to index with a token or otherwise only pass the
+ * data along its intended path.
+ */
function common_get_returnto()
{
common_ensure_session();
@@ -1433,6 +1459,55 @@ function common_valid_tag($tag)
return false;
}
+/**
+ * Determine if given domain or address literal is valid
+ * eg for use in JIDs and URLs. Does not check if the domain
+ * exists!
+ *
+ * @param string $domain
+ * @return boolean valid or not
+ */
+function common_valid_domain($domain)
+{
+ $octet = "(?:25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9][0-9]|[0-9])";
+ $ipv4 = "(?:$octet(?:\.$octet){3})";
+ if (preg_match("/^$ipv4$/u", $domain)) return true;
+
+ $group = "(?:[0-9a-f]{1,4})";
+ $ipv6 = "(?:\[($group(?::$group){0,7})?(::)?($group(?::$group){0,7})?\])"; // http://tools.ietf.org/html/rfc3513#section-2.2
+
+ if (preg_match("/^$ipv6$/ui", $domain, $matches)) {
+ $before = explode(":", $matches[1]);
+ $zeroes = $matches[2];
+ $after = explode(":", $matches[3]);
+ if ($zeroes) {
+ $min = 0;
+ $max = 7;
+ } else {
+ $min = 1;
+ $max = 8;
+ }
+ $explicit = count($before) + count($after);
+ if ($explicit < $min || $explicit > $max) {
+ return false;
+ }
+ return true;
+ }
+
+ try {
+ require_once "Net/IDNA.php";
+ $idn = Net_IDNA::getInstance();
+ $domain = $idn->encode($domain);
+ } catch (Exception $e) {
+ return false;
+ }
+
+ $subdomain = "(?:[a-z0-9][a-z0-9-]*)"; // @fixme
+ $fqdn = "(?:$subdomain(?:\.$subdomain)*\.?)";
+
+ return preg_match("/^$fqdn$/ui", $domain);
+}
+
/* Following functions are copied from MediaWiki GlobalFunctions.php
* and written by Evan Prodromou. */