From 66fca9e2a87f9b9c55174694c79f567c5c81518a Mon Sep 17 00:00:00 2001 From: Brenda Wallace Date: Mon, 31 Aug 2009 10:59:50 +1200 Subject: some typoes in comments that annoyed me, fixed now --- lib/twitteroauthclient.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/twitteroauthclient.php b/lib/twitteroauthclient.php index e37fa05f0..bad2b74ca 100644 --- a/lib/twitteroauthclient.php +++ b/lib/twitteroauthclient.php @@ -118,7 +118,7 @@ class TwitterOAuthClient extends OAuthClient } /** - * Calls Twitter's /stutuses/update API method + * Calls Twitter's /statuses/update API method * * @param string $status text of the status * @param int $in_reply_to_status_id optional id of the status it's @@ -137,7 +137,7 @@ class TwitterOAuthClient extends OAuthClient } /** - * Calls Twitter's /stutuses/friends_timeline API method + * Calls Twitter's /statuses/friends_timeline API method * * @param int $since_id show statuses after this id * @param int $max_id show statuses before this id @@ -167,7 +167,7 @@ class TwitterOAuthClient extends OAuthClient } /** - * Calls Twitter's /stutuses/friends API method + * Calls Twitter's /statuses/friends API method * * @param int $id id of the user whom you wish to see friends of * @param int $user_id numerical user id @@ -197,7 +197,7 @@ class TwitterOAuthClient extends OAuthClient } /** - * Calls Twitter's /stutuses/friends/ids API method + * Calls Twitter's /statuses/friends/ids API method * * @param int $id id of the user whom you wish to see friends of * @param int $user_id numerical user id -- cgit v1.2.3-54-g00ecf From 490dfc6f5a4480cda3fdee8af66ea4e856cdf0e8 Mon Sep 17 00:00:00 2001 From: Eric Helgeson Date: Mon, 19 Oct 2009 20:08:20 -0400 Subject: Better check if site,server is configured. --- lib/util.php | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/lib/util.php b/lib/util.php index 047faeef0..0052090f6 100644 --- a/lib/util.php +++ b/lib/util.php @@ -760,12 +760,18 @@ function common_path($relative, $ssl=false) if (is_string(common_config('site', 'sslserver')) && mb_strlen(common_config('site', 'sslserver')) > 0) { $serverpart = common_config('site', 'sslserver'); - } else { + } else if (common_config('site', 'server')) { $serverpart = common_config('site', 'server'); + } else { + common_log(LOG_ERR, 'Site Sever not configured, unable to determine site name.'); } } else { $proto = 'http'; - $serverpart = common_config('site', 'server'); + if (common_config('site', 'server')) { + $serverpart = common_config('site', 'server'); + } else { + common_log(LOG_ERR, 'Site Sever not configured, unable to determine site name.'); + } } return $proto.'://'.$serverpart.'/'.$pathpart.$relative; -- cgit v1.2.3-54-g00ecf From 8a31970ff8fe8a4e440501771756747370e2fa20 Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Tue, 20 Oct 2009 15:04:47 -0700 Subject: Twitter now puts out an error msg when the status param is empty. Updated our API to match. --- actions/twitapistatuses.php | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/actions/twitapistatuses.php b/actions/twitapistatuses.php index 360dff27c..b0d3e584b 100644 --- a/actions/twitapistatuses.php +++ b/actions/twitapistatuses.php @@ -236,11 +236,8 @@ class TwitapistatusesAction extends TwitterapiAction } if (empty($status)) { - - // XXX: Note: In this case, Twitter simply returns '200 OK' - // No error is given, but the status is not posted to the - // user's timeline. Seems bad. Shouldn't we throw an - // errror? -- Zach + $this->clientError(_('Client must provide a \'status\' parameter with a value.'), + $code = 403, $apidata['content-type']); return; } else { -- cgit v1.2.3-54-g00ecf From f58daa873befbaee5a998e69622c046c8a978dee Mon Sep 17 00:00:00 2001 From: Jeffery To Date: Thu, 8 Oct 2009 10:00:31 +0800 Subject: Added getfile action --- lib/router.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/router.php b/lib/router.php index 5529e60ac..7455d9cf8 100644 --- a/lib/router.php +++ b/lib/router.php @@ -171,6 +171,10 @@ class Router array('action' => 'attachment_thumbnail'), array('attachment' => '[0-9]+')); + $m->connect('getfile/:filename', + array('action' => 'getfile'), + array('filename' => '[A-Za-z0-9._-]+')); + $m->connect('notice/new', array('action' => 'newnotice')); $m->connect('notice/new?replyto=:replyto', array('action' => 'newnotice'), -- cgit v1.2.3-54-g00ecf From 3f06bfc042e34ce97e1f1476faadb67fc5edd282 Mon Sep 17 00:00:00 2001 From: Jeffery To Date: Thu, 8 Oct 2009 11:45:06 +0800 Subject: Actually commit the file this time --- actions/getfile.php | 145 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 145 insertions(+) create mode 100644 actions/getfile.php diff --git a/actions/getfile.php b/actions/getfile.php new file mode 100644 index 000000000..ecda34c0f --- /dev/null +++ b/actions/getfile.php @@ -0,0 +1,145 @@ +. + * + * @category Personal + * @package StatusNet + * @author Jeffery To + * @copyright 2008-2009 StatusNet, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +if (!defined('STATUSNET') && !defined('LACONICA')) { + exit(1); +} + +require_once 'MIME/Type.php'; + +/** + * Action for getting a file attachment + * + * @category Personal + * @package StatusNet + * @author Jeffery To + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +class GetfileAction extends Action +{ + /** + * Path of file to return + */ + + var $path = null; + + /** + * Get file name + * + * @param array $args $_REQUEST array + * + * @return success flag + */ + + function prepare($args) + { + parent::prepare($args); + + $filename = $this->trimmed('filename'); + $path = null; + + if ($filename) { + $path = common_config('attachments', 'dir') . $filename; + } + + if (empty($path) or !file_exists($path)) { + $this->clientError(_('No such file.'), 404); + return false; + } + if (!is_readable($path)) { + $this->clientError(_('Cannot read file.'), 403); + return false; + } + + $this->path = $path; + return true; + } + + /** + * Is this page read-only? + * + * @return boolean true + */ + + function isReadOnly($args) + { + return true; + } + + /** + * Last-modified date for file + * + * @return int last-modified date as unix timestamp + */ + + function lastModified() + { + return filemtime($this->path); + } + + /** + * etag for file + * + * This returns the same data (inode, size, mtime) as Apache would, + * but in decimal instead of hex. + * + * @return string etag http header + */ + function etag() + { + $stat = stat($this->path); + return '"' . $stat['ino'] . '-' . $stat['size'] . '-' . $stat['mtime'] . '"'; + } + + /** + * Handle input, produce output + * + * @param array $args $_REQUEST contents + * + * @return void + */ + + function handle($args) + { + // undo headers set by PHP sessions + $sec = session_cache_expire() * 60; + header('Expires: ' . date(DATE_RFC1123, time() + $sec)); + header('Cache-Control: public, max-age=' . $sec); + header('Pragma: public'); + + parent::handle($args); + + $path = $this->path; + header('Content-Type: ' . MIME_Type::autoDetect($path)); + readfile($path); + } +} -- cgit v1.2.3-54-g00ecf From 834a876dd0998464cade1cdd0fe2fe8c9ab17dcc Mon Sep 17 00:00:00 2001 From: Jeffery To Date: Thu, 8 Oct 2009 11:45:32 +0800 Subject: mod_rewrite rule for getfile --- htaccess.sample | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/htaccess.sample b/htaccess.sample index 37eb8e01e..91ae9da9b 100644 --- a/htaccess.sample +++ b/htaccess.sample @@ -5,6 +5,14 @@ RewriteBase /mublog/ + # If your site is private and want to only allow logged-in users to + # be able to download file attachments, uncomment this rule. + # + # If you have a custom attachment path + # ($config['attachments']['path']), change "file/" to match. + # + #RewriteRule ^file/(.*) getfile/$1 + RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule (.*) index.php?p=$1 [L,QSA] -- cgit v1.2.3-54-g00ecf From d2bac158cd0d4a25b3997cdd1ccadc5f08d65943 Mon Sep 17 00:00:00 2001 From: Jeffery To Date: Thu, 8 Oct 2009 12:13:33 +0800 Subject: Added some explanatory text to README --- README | 4 ++++ htaccess.sample | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/README b/README index 756219981..f5b559e73 100644 --- a/README +++ b/README @@ -755,6 +755,10 @@ private site, but users of the private site may be able to subscribe to users on a remote site. (Or not... it's not well tested.) The "proper behaviour" hasn't been defined here, so handle with care. +If fancy URLs is enabled, access to file attachments can also be +restricted to logged-in users only. Uncomment the appropriate rewrite +rule in .htaccess or your server's httpd.conf. + Upgrading ========= diff --git a/htaccess.sample b/htaccess.sample index 91ae9da9b..373108c81 100644 --- a/htaccess.sample +++ b/htaccess.sample @@ -5,8 +5,8 @@ RewriteBase /mublog/ - # If your site is private and want to only allow logged-in users to - # be able to download file attachments, uncomment this rule. + # If your site is private and want access to file attachments + # restricted to logged-in users only, uncomment this rule. # # If you have a custom attachment path # ($config['attachments']['path']), change "file/" to match. -- cgit v1.2.3-54-g00ecf From afe663af82250d020fd9dff0646c91c8f3b41013 Mon Sep 17 00:00:00 2001 From: Jeffery To Date: Fri, 9 Oct 2009 10:06:34 +0800 Subject: Added bit about being incompatible with file attachment virtual server --- README | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README b/README index f5b559e73..5cd310270 100644 --- a/README +++ b/README @@ -757,7 +757,9 @@ to users on a remote site. (Or not... it's not well tested.) The If fancy URLs is enabled, access to file attachments can also be restricted to logged-in users only. Uncomment the appropriate rewrite -rule in .htaccess or your server's httpd.conf. +rule in .htaccess or your server's httpd.conf. (This most likely will +not work if you are using a virtual server for attachments, so consider +the performance/security tradeoff.) Upgrading ========= -- cgit v1.2.3-54-g00ecf From dcca9fbec0cea9c5e15c4d58a8e9870514dfdbdd Mon Sep 17 00:00:00 2001 From: Sarven Capadisli Date: Fri, 30 Oct 2009 21:44:31 +0000 Subject: IE has some issue with notices that are sent with file attachments. It doesn't like the XHR response with XHTML DTD. New notices without the file attachment work fine. The rendered content (the anchor for the file attachment link) doesn't appear to be the issue. To fix this problem, I removed the XHTML DTD line from newnotice's XHR response. This is unnecessary for text/xml outputs that's intended for XHR responses any way. It just happens to fix an IE issue. Still a mystery to me as to why it is particular to notices with file attachments. --- actions/newnotice.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/actions/newnotice.php b/actions/newnotice.php index 8c0476f70..548832eca 100644 --- a/actions/newnotice.php +++ b/actions/newnotice.php @@ -271,7 +271,9 @@ class NewnoticeAction extends Action common_broadcast_notice($notice); if ($this->boolean('ajax')) { - $this->startHTML('text/xml;charset=utf-8'); + header('Content-Type: text/xml;charset=utf-8'); + $this->xw->startDocument('1.0', 'UTF-8'); + $this->elementStart('html'); $this->elementStart('head'); $this->element('title', null, _('Notice posted')); $this->elementEnd('head'); -- cgit v1.2.3-54-g00ecf