diff options
Diffstat (limited to 'plugins')
| -rw-r--r-- | plugins/ModHelper/ModHelperPlugin.php | 2 | ||||
| -rw-r--r-- | plugins/OStatus/actions/userxrd.php | 8 | ||||
| -rw-r--r-- | plugins/OStatus/classes/Ostatus_profile.php | 35 | ||||
| -rw-r--r-- | plugins/OStatus/lib/xrdaction.php | 27 | ||||
| -rw-r--r-- | plugins/RequireValidatedEmail/RequireValidatedEmailPlugin.php | 144 | ||||
| -rw-r--r-- | plugins/WikiHowProfile/WikiHowProfilePlugin.php | 31 | ||||
| -rw-r--r-- | plugins/YammerImport/lib/yammerimporter.php | 27 |
7 files changed, 191 insertions, 83 deletions
diff --git a/plugins/ModHelper/ModHelperPlugin.php b/plugins/ModHelper/ModHelperPlugin.php index 78818ebc8..2d0ae5b02 100644 --- a/plugins/ModHelper/ModHelperPlugin.php +++ b/plugins/ModHelper/ModHelperPlugin.php @@ -41,7 +41,7 @@ class ModHelperPlugin extends Plugin function onUserRightsCheck($profile, $right, &$result) { - if ($right == Right::SILENCEUSER || $right == Right::SANDBOXUSER) { + if ($right == Right::SILENCEUSER) { // Hrm.... really we should confirm that the *other* user isn't privleged. :) if ($profile->hasRole('modhelper')) { $result = true; diff --git a/plugins/OStatus/actions/userxrd.php b/plugins/OStatus/actions/userxrd.php index c9b1d0a5b..575a07c40 100644 --- a/plugins/OStatus/actions/userxrd.php +++ b/plugins/OStatus/actions/userxrd.php @@ -46,7 +46,15 @@ class UserxrdAction extends XrdAction } } else { $this->user = User::staticGet('uri', $this->uri); + if (empty($this->user)) { + // try and get it by profile url + $profile = Profile::staticGet('profileurl', $this->uri); + if (!empty($profile)) { + $this->user = User::staticGet('id', $profile->id); + } + } } + if (!$this->user) { $this->clientError(_m('No such user.'), 404); return false; diff --git a/plugins/OStatus/classes/Ostatus_profile.php b/plugins/OStatus/classes/Ostatus_profile.php index 47aee15f8..03fcb71df 100644 --- a/plugins/OStatus/classes/Ostatus_profile.php +++ b/plugins/OStatus/classes/Ostatus_profile.php @@ -1053,22 +1053,27 @@ class Ostatus_profile extends Memcached_DataObject // @fixme this should be better encapsulated // ripped from oauthstore.php (for old OMB client) $temp_filename = tempnam(sys_get_temp_dir(), 'listener_avatar'); - if (!copy($url, $temp_filename)) { - throw new ServerException(sprintf(_m("Unable to fetch avatar from %s."), $url)); - } + try { + if (!copy($url, $temp_filename)) { + throw new ServerException(sprintf(_m("Unable to fetch avatar from %s."), $url)); + } - if ($this->isGroup()) { - $id = $this->group_id; - } else { - $id = $this->profile_id; - } - // @fixme should we be using different ids? - $imagefile = new ImageFile($id, $temp_filename); - $filename = Avatar::filename($id, - image_type_to_extension($imagefile->type), - null, - common_timestamp()); - rename($temp_filename, Avatar::path($filename)); + if ($this->isGroup()) { + $id = $this->group_id; + } else { + $id = $this->profile_id; + } + // @fixme should we be using different ids? + $imagefile = new ImageFile($id, $temp_filename); + $filename = Avatar::filename($id, + image_type_to_extension($imagefile->type), + null, + common_timestamp()); + rename($temp_filename, Avatar::path($filename)); + } catch (Exception $e) { + unlink($temp_filename); + throw $e; + } // @fixme hardcoded chmod is lame, but seems to be necessary to // keep from accidentally saving images from command-line (queues) // that can't be read from web server, which causes hard-to-notice diff --git a/plugins/OStatus/lib/xrdaction.php b/plugins/OStatus/lib/xrdaction.php index d1488dbde..371c11080 100644 --- a/plugins/OStatus/lib/xrdaction.php +++ b/plugins/OStatus/lib/xrdaction.php @@ -36,7 +36,8 @@ class XrdAction extends Action function handle() { - $nick = $this->user->nickname; + $nick = $this->user->nickname; + $profile = $this->user->getProfile(); if (empty($this->xrd)) { $xrd = new XRD(); @@ -47,10 +48,28 @@ class XrdAction extends Action if (empty($xrd->subject)) { $xrd->subject = Discovery::normalize($this->uri); } - $xrd->alias[] = $this->user->uri; + + // Possible aliases for the user + + $uris = array($this->user->uri, $profile->profileurl); + + // FIXME: Webfinger generation code should live somewhere on its own + + $path = common_config('site', 'path'); + + if (empty($path)) { + $uris[] = sprintf('acct:%s@%s', $nick, common_config('site', 'server')); + } + + foreach ($uris as $uri) { + if ($uri != $xrd->subject) { + $xrd->alias[] = $uri; + } + } + $xrd->links[] = array('rel' => Discovery::PROFILEPAGE, 'type' => 'text/html', - 'href' => $this->user->uri); + 'href' => $profile->profileurl); $xrd->links[] = array('rel' => Discovery::UPDATESFROM, 'href' => common_local_url('ApiTimelineUser', @@ -66,7 +85,7 @@ class XrdAction extends Action // XFN $xrd->links[] = array('rel' => 'http://gmpg.org/xfn/11', 'type' => 'text/html', - 'href' => $this->user->uri); + 'href' => $profile->profileurl); // FOAF $xrd->links[] = array('rel' => 'describedby', 'type' => 'application/rdf+xml', diff --git a/plugins/RequireValidatedEmail/RequireValidatedEmailPlugin.php b/plugins/RequireValidatedEmail/RequireValidatedEmailPlugin.php index 719dba89c..6c0ef37d5 100644 --- a/plugins/RequireValidatedEmail/RequireValidatedEmailPlugin.php +++ b/plugins/RequireValidatedEmail/RequireValidatedEmailPlugin.php @@ -2,7 +2,8 @@ /** * StatusNet, the distributed open-source microblogging tool * - * Plugin that requires the user to have a validated email address before they can post notices + * Plugin that requires the user to have a validated email address before they + * can post notices * * PHP version 5 * @@ -32,44 +33,64 @@ if (!defined('STATUSNET') && !defined('LACONICA')) { exit(1); } +/** + * Plugin for requiring a validated email before posting. + * + * Enable this plugin using addPlugin('RequireValidatedEmail'); + * + * @category Plugin + * @package StatusNet + * @author Craig Andrews <candrews@integralblue.com> + * @author Brion Vibber <brion@status.net> + * @author Evan Prodromou <evan@status.net> + * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org + * @copyright 2009-2010 StatusNet, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + class RequireValidatedEmailPlugin extends Plugin { - // Users created before this time will be grandfathered in - // without the validation requirement. - public $grandfatherCutoff=null; - - // If OpenID plugin is installed, users with a verified OpenID - // association whose provider URL matches one of these regexes - // will be considered to be sufficiently valid for our needs. - // - // For example, to trust WikiHow and Wikipedia OpenID users: - // - // addPlugin('RequireValidatedEmailPlugin', array( - // 'trustedOpenIDs' => array( - // '!^http://\w+\.wikihow\.com/!', - // '!^http://\w+\.wikipedia\.org/!', - // ), - // )); - public $trustedOpenIDs=array(); - - function __construct() - { - parent::__construct(); - } + /** + * Users created before this time will be grandfathered in + * without the validation requirement. + */ + + public $grandfatherCutoff = null; + + /** + * If OpenID plugin is installed, users with a verified OpenID + * association whose provider URL matches one of these regexes + * will be considered to be sufficiently valid for our needs. + * + * For example, to trust WikiHow and Wikipedia OpenID users: + * + * addPlugin('RequireValidatedEmailPlugin', array( + * 'trustedOpenIDs' => array( + * '!^http://\w+\.wikihow\.com/!', + * '!^http://\w+\.wikipedia\.org/!', + * ), + * )); + */ + + public $trustedOpenIDs = array(); /** * Event handler for notice saves; rejects the notice * if user's address isn't validated. * - * @param Notice $notice + * @param Notice $notice The notice being saved + * * @return bool hook result code */ + function onStartNoticeSave($notice) { $user = User::staticGet('id', $notice->profile_id); if (!empty($user)) { // it's a remote notice if (!$this->validated($user)) { - throw new ClientException(_m("You must validate your email address before posting.")); + $msg = _m("You must validate your email address before posting."); + throw new ClientException($msg); } } return true; @@ -79,7 +100,8 @@ class RequireValidatedEmailPlugin extends Plugin * Event handler for registration attempts; rejects the registration * if email field is missing. * - * @param RegisterAction $action + * @param Action $action Action being executed + * * @return bool hook result code */ function onStartRegistrationTry($action) @@ -100,7 +122,8 @@ class RequireValidatedEmailPlugin extends Plugin * Check if a user has a validated email address or has been * otherwise grandfathered in. * - * @param User $user + * @param User $user User to valide + * * @return bool */ protected function validated($user) @@ -108,12 +131,16 @@ class RequireValidatedEmailPlugin extends Plugin // The email field is only stored after validation... // Until then you'll find them in confirm_address. $knownGood = !empty($user->email) || - $this->grandfathered($user) || - $this->hasTrustedOpenID($user); + $this->grandfathered($user) || + $this->hasTrustedOpenID($user); // Give other plugins a chance to override, if they can validate // that somebody's ok despite a non-validated email. - Event::handle('RequireValidatedEmailPlugin_Override', array($user, &$knownGood)); + + // FIXME: This isn't how to do it! Use Start*/End* instead + + Event::handle('RequireValidatedEmailPlugin_Override', + array($user, &$knownGood)); return $knownGood; } @@ -122,14 +149,15 @@ class RequireValidatedEmailPlugin extends Plugin * Check if a user was created before the grandfathering cutoff. * If so, we won't need to check for validation. * - * @param User $user - * @return bool + * @param User $user User to check + * + * @return bool true if user is grandfathered */ protected function grandfathered($user) { if ($this->grandfatherCutoff) { $created = strtotime($user->created . " GMT"); - $cutoff = strtotime($this->grandfatherCutoff); + $cutoff = strtotime($this->grandfatherCutoff); if ($created < $cutoff) { return true; } @@ -141,13 +169,20 @@ class RequireValidatedEmailPlugin extends Plugin * Override for RequireValidatedEmail plugin. If we have a user who's * not validated an e-mail, but did come from a trusted provider, * we'll consider them ok. + * + * @param User $user User to check + * + * @return bool true if user has a trusted OpenID. */ + function hasTrustedOpenID($user) { if ($this->trustedOpenIDs && class_exists('User_openid')) { foreach ($this->trustedOpenIDs as $regex) { $oid = new User_openid(); + $oid->user_id = $user->id; + $oid->find(); while ($oid->fetch()) { if (preg_match($regex, $oid->canonical)) { @@ -159,14 +194,45 @@ class RequireValidatedEmailPlugin extends Plugin return false; } + /** + * Add version information for this plugin. + * + * @param array &$versions Array of associative arrays of version data + * + * @return boolean hook value + */ + function onPluginVersion(&$versions) { - $versions[] = array('name' => 'Require Validated Email', - 'version' => STATUSNET_VERSION, - 'author' => 'Craig Andrews, Evan Prodromou, Brion Vibber', - 'homepage' => 'http://status.net/wiki/Plugin:RequireValidatedEmail', - 'rawdescription' => - _m('The Require Validated Email plugin disables posting for accounts that do not have a validated email address.')); + $versions[] = + array('name' => 'Require Validated Email', + 'version' => STATUSNET_VERSION, + 'author' => 'Craig Andrews, '. + 'Evan Prodromou, '. + 'Brion Vibber', + 'homepage' => + 'http://status.net/wiki/Plugin:RequireValidatedEmail', + 'rawdescription' => + _m('Disables posting without a validated email address.')); + return true; + } + + /** + * Hide the notice form if the user isn't able to post. + * + * @param Action $action action being shown + * + * @return boolean hook value + */ + + function onStartShowNoticeForm($action) + { + $user = common_current_user(); + if (!empty($user)) { // it's a remote notice + if (!$this->validated($user)) { + return false; + } + } return true; } } diff --git a/plugins/WikiHowProfile/WikiHowProfilePlugin.php b/plugins/WikiHowProfile/WikiHowProfilePlugin.php index fa683c483..753dff5a3 100644 --- a/plugins/WikiHowProfile/WikiHowProfilePlugin.php +++ b/plugins/WikiHowProfile/WikiHowProfilePlugin.php @@ -174,20 +174,25 @@ class WikiHowProfilePlugin extends Plugin // @fixme this should be better encapsulated // ripped from OStatus via oauthstore.php (for old OMB client) $temp_filename = tempnam(sys_get_temp_dir(), 'listener_avatar'); - if (!copy($url, $temp_filename)) { - throw new ServerException(sprintf(_m("Unable to fetch avatar from %s."), $url)); - } - - $profile = $user->getProfile(); - $id = $profile->id; - // @fixme should we be using different ids? + try { + if (!copy($url, $temp_filename)) { + throw new ServerException(sprintf(_m("Unable to fetch avatar from %s."), $url)); + } - $imagefile = new ImageFile($id, $temp_filename); - $filename = Avatar::filename($id, - image_type_to_extension($imagefile->type), - null, - common_timestamp()); - rename($temp_filename, Avatar::path($filename)); + $profile = $user->getProfile(); + $id = $profile->id; + // @fixme should we be using different ids? + + $imagefile = new ImageFile($id, $temp_filename); + $filename = Avatar::filename($id, + image_type_to_extension($imagefile->type), + null, + common_timestamp()); + rename($temp_filename, Avatar::path($filename)); + } catch (Exception $e) { + unlink($temp_filename); + throw $e; + } $profile->setOriginal($filename); } } diff --git a/plugins/YammerImport/lib/yammerimporter.php b/plugins/YammerImport/lib/yammerimporter.php index 80cbcff8e..93bc96d52 100644 --- a/plugins/YammerImport/lib/yammerimporter.php +++ b/plugins/YammerImport/lib/yammerimporter.php @@ -436,18 +436,23 @@ class YammerImporter // @fixme this should be better encapsulated // ripped from oauthstore.php (for old OMB client) $temp_filename = tempnam(sys_get_temp_dir(), 'listener_avatar'); - if (!copy($url, $temp_filename)) { - throw new ServerException(sprintf(_m("Unable to fetch avatar from %s."), $url)); - } + try { + if (!copy($url, $temp_filename)) { + throw new ServerException(sprintf(_m("Unable to fetch avatar from %s."), $url)); + } - $id = $dest->id; - // @fixme should we be using different ids? - $imagefile = new ImageFile($id, $temp_filename); - $filename = Avatar::filename($id, - image_type_to_extension($imagefile->type), - null, - common_timestamp()); - rename($temp_filename, Avatar::path($filename)); + $id = $dest->id; + // @fixme should we be using different ids? + $imagefile = new ImageFile($id, $temp_filename); + $filename = Avatar::filename($id, + image_type_to_extension($imagefile->type), + null, + common_timestamp()); + rename($temp_filename, Avatar::path($filename)); + } catch (Exception $e) { + unlink($temp_filename); + throw $e; + } // @fixme hardcoded chmod is lame, but seems to be necessary to // keep from accidentally saving images from command-line (queues) // that can't be read from web server, which causes hard-to-notice |