From f964357de944e79ffbca062c60240f7784d98f08 Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Mon, 1 Feb 2010 13:44:06 -0500 Subject: readme and version for beta5 --- README | 80 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++-- lib/common.php | 2 +- 2 files changed, 79 insertions(+), 3 deletions(-) diff --git a/README b/README index 4e576dcdd..9b4147645 100644 --- a/README +++ b/README @@ -2,8 +2,8 @@ README ------ -StatusNet 0.9.0 ("Stand") Beta 4 -27 Jan 2010 +StatusNet 0.9.0 ("Stand") Beta 5 +1 Feb 2010 This is the README file for StatusNet (formerly Laconica), the Open Source microblogging platform. It includes installation instructions, @@ -78,6 +78,11 @@ New this version ================ This is a major feature release since version 0.8.2, released Nov 1 2009. +It is also a security release since 0.9.0beta4 January 27 2010. Beta +users are strongly encouraged to upgrade to deal with a security alert. + +http://status.net/wiki/Security_alert_0000002 + Notable changes this version: - Records of deleted notices are stored without the notice content. @@ -198,6 +203,77 @@ Notable changes this version: - Major refactoring of queue handlers to manage very large hosting site (like status.net) - SubscriptionThrottle plugin to prevent subscription spamming +- Don't enqueue into plugin or SMS queues when disabled (breaks unqueuehandler if SMS queue isn't attached) +- Improve name validation checks on local File references +- fix local file include vulnerability in doc.php +- Reusing fixed selector name for 'processing' in util.js +- Removed hAtom pattern from registration page. +- restructuring of User::registerNew() lost password munging +- Add a script to clear the cache for a given key +- buggy fetch for site owner +- Added missing concat of in Realtime response +- Updated XHR binded events to work better in jQuery 1.4.1. Using .live() for event delegation instead of jQuery.data() and checking to see if an element was previously binded. +- Updated jQuery Form Plugin from v2.17 to v2.36 +- Updated jQuery JavaScript Library from v1.3.2 to v1.4.1 +- move schema.type.php to typeschema.php like other files +- Add Really Simple Discovery (RSD) support +- Add a robots.txt URL to the site root +- error clearing tags for profiles from memcached +- on exceptions, stomp logs the error and reenqueues +- add lat, lon, location and remove closing tag from geocode.php +- Use passed-in lat long in geocode.php +- better handling of null responses from geonames.org +- Globalized form notice data geo values +- Using jQuery chaining in FormNoticeXHR +- Using form object instead of form_id and find(). Slightly faster and easier to read. +- removed describeTable from base class, and fixed it up in pgsql +- getTableDef() mostly working in postgres +- move the schema DDL sql off into seperate files for each db we support +- plugin to limit number of registered users +- add hooks for user registration +- live fast, die young in bash scripts +- for single-user mode, retrieve either site owner or defined nickname +- method to get the site owner +- define a constant for the 'owner' role of a site +- add simple cache getter/setter static functions to Memcached_DataObject +- Adds notice author's name to @title in Realtime response +- Hides .author from XHR response in showstream +- Hides .author from XHR response in showstream +- Fix more fatal errors in queue edge cases +- Don't attempt to resend XMPP messages that can't be broadcast due to the profile being deleted. +- Wrap each bit of distrib queue handler's saving operation in a try/catch; log exceptions but let everything else continue. +- Log exceptions from queuedaemon.php if they're not already caught +- Move sessions settings to its own panel +- Fixes for status_network db object .ini and tag setter script +- Add a script to set tags for sites +- Adjust API authentication to also check for OAuth protocol params in the HTTP Authorization header, as defined in OAuth HTTP Authorization Scheme. +- Last-chance distribution if enqueueing fails +- Manual failover for stomp queues. +- lost config in index.php made all traffic go to master +- "Revert "move RW setup above user get in index.php so remember_me works"" +- Revert "move RW setup above user get in index.php so remember_me works" +- move RW setup above user get in index.php so remember_me works +- hide most DB_DataObject errors +- always set up database_rw, regardless, so cached sessions work +- update mysqltimestamps on insert and update +- additional debugging data for Sessions +- 'Sign in with Twitter' button img +- Update to biz theme +- Remove redundant session token field from form (was already being added by base class). +- 'Sign in with Twitter' button img +- Can now set $config['queue']['stomp_persistent'] = false; to explicitly disable persistence when we queue items +- Showing processing indicator for form_repeat on submit instead of form +- Removed avatar from repeat of username (matches noticelist) +- Removed unused variable assignment for avatar URL and added missing fn +- Don't preemptively close existing DB connections for web views (needed to keep # of conns from going insane on multi-site queue daemons, so just doing for CLI) May, or may not, help with mystery session problems +- dropping the setcookie() call from common_ensure_session() since we're pretty sure it's unnecessary +- append '/' on cookie path for now (may still need some refactoring) +- set session cookie correctly +- Fix for Mapstraction plugin's zoomed map links +- debug log line for control channel sub +- Move faceboookapp.js to the Facebook plugin +- fix for fix for bad realtime JS load +- default 24-hour expiry on Memcached objects where not specified. Prerequisites ============= diff --git a/lib/common.php b/lib/common.php index b482464aa..b95cd1175 100644 --- a/lib/common.php +++ b/lib/common.php @@ -22,7 +22,7 @@ if (!defined('STATUSNET') && !defined('LACONICA')) { exit(1); } //exit with 200 response, if this is checking fancy from the installer if (isset($_REQUEST['p']) && $_REQUEST['p'] == 'check-fancy') { exit; } -define('STATUSNET_VERSION', '0.9.0beta4'); +define('STATUSNET_VERSION', '0.9.0beta5'); define('LACONICA_VERSION', STATUSNET_VERSION); // compatibility define('STATUSNET_CODENAME', 'Stand'); -- cgit v1.2.3-54-g00ecf From 0e49b3525d81a62a21e94e656c0ee5f2d38409eb Mon Sep 17 00:00:00 2001 From: Sarven Capadisli Date: Mon, 1 Feb 2010 20:31:56 +0100 Subject: Sentence case for app statistics --- actions/showapplication.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/actions/showapplication.php b/actions/showapplication.php index a6ff425c7..090e11882 100644 --- a/actions/showapplication.php +++ b/actions/showapplication.php @@ -201,7 +201,7 @@ class ShowApplicationAction extends OwnerDesignAction $userCnt = $appUsers->count(); $this->raw(sprintf( - _('created by %1$s - %2$s access by default - %3$d users'), + _('Created by %1$s - %2$s access by default - %3$d users'), $profile->getBestName(), $defaultAccess, $userCnt -- cgit v1.2.3-54-g00ecf From d40e72becaa7b0b1a51de8edb634d2ed5a953875 Mon Sep 17 00:00:00 2001 From: Sarven Capadisli Date: Mon, 1 Feb 2010 20:32:18 +0100 Subject: Prevents app statistic text from wrapping around avatar --- theme/base/css/display.css | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/theme/base/css/display.css b/theme/base/css/display.css index 0d6395d05..2240e42af 100644 --- a/theme/base/css/display.css +++ b/theme/base/css/display.css @@ -632,7 +632,8 @@ margin-bottom:18px; .entity_profile .entity_url, .entity_profile .entity_note, .entity_profile .entity_tags, -.entity_profile .entity_aliases { +.entity_profile .entity_aliases, +.entity_profile .entity_statistics { margin-left:113px; margin-bottom:4px; } -- cgit v1.2.3-54-g00ecf From 803c6d954c92582520bed4ff4397f53b581fdc34 Mon Sep 17 00:00:00 2001 From: Sarven Capadisli Date: Mon, 1 Feb 2010 23:10:44 +0000 Subject: Revert "Removed hAtom pattern from registration page." This reverts commit d6fe865133511ac64565a583106b3233b70a0b1e. Screws up list rendering when registration is complete. --- actions/register.php | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/actions/register.php b/actions/register.php index 063bbe2cc..698137346 100644 --- a/actions/register.php +++ b/actions/register.php @@ -303,6 +303,27 @@ class RegisterAction extends Action return ($user !== false); } + // overrrided to add entry-title class + function showPageTitle() { + if (Event::handle('StartShowPageTitle', array($this))) { + $this->element('h1', array('class' => 'entry-title'), $this->title()); + } + } + + // overrided to add hentry, and content-inner class + function showContentBlock() + { + $this->elementStart('div', array('id' => 'content', 'class' => 'hentry')); + $this->showPageTitle(); + $this->showPageNoticeBlock(); + $this->elementStart('div', array('id' => 'content_inner', + 'class' => 'entry-content')); + // show the actual content (forms, lists, whatever) + $this->showContent(); + $this->elementEnd('div'); + $this->elementEnd('div'); + } + /** * Instructions or a notice for the page * -- cgit v1.2.3-54-g00ecf From dabfe19098e6d2d5d12ba4a980bc42f40d365a97 Mon Sep 17 00:00:00 2001 From: Sarven Capadisli Date: Mon, 1 Feb 2010 23:17:12 +0000 Subject: Fixed margin-left on lists inside .hentry and .form_settings --- theme/base/css/display.css | 3 +++ 1 file changed, 3 insertions(+) diff --git a/theme/base/css/display.css b/theme/base/css/display.css index 2240e42af..b5cfab7e9 100644 --- a/theme/base/css/display.css +++ b/theme/base/css/display.css @@ -1412,6 +1412,9 @@ margin-bottom:18px; .hentry .entry-content li li { margin-left:18px; } +.hentry .entry-content .form_settings ul { +margin-left:0; +} #content #plugin_authors { min-width:122px; -- cgit v1.2.3-54-g00ecf From df2a08126510445f93eddbebc0551ee44c945fd5 Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Mon, 1 Feb 2010 20:58:29 +0000 Subject: OAuth app names should be unique. --- actions/editapplication.php | 24 ++++++++++++++++++++++++ actions/newapplication.php | 20 ++++++++++++++++++++ classes/statusnet.ini | 3 ++- db/statusnet.sql | 2 +- 4 files changed, 47 insertions(+), 2 deletions(-) diff --git a/actions/editapplication.php b/actions/editapplication.php index 9cc3e3cea..029b622e8 100644 --- a/actions/editapplication.php +++ b/actions/editapplication.php @@ -179,6 +179,9 @@ class EditApplicationAction extends OwnerDesignAction } elseif (mb_strlen($name) > 255) { $this->showForm(_('Name is too long (max 255 chars).')); return; + } else if ($this->nameExists($name)) { + $this->showForm(_('Name already in use. Try another one.')); + return; } elseif (empty($description)) { $this->showForm(_('Description is required.')); return; @@ -260,5 +263,26 @@ class EditApplicationAction extends OwnerDesignAction common_redirect(common_local_url('oauthappssettings'), 303); } + /** + * Does the app name already exist? + * + * Checks the DB to see someone has already registered and app + * with the same name. + * + * @param string $name app name to check + * + * @return boolean true if the name already exists + */ + + function nameExists($name) + { + $newapp = Oauth_application::staticGet('name', $name); + if (!$newapp) { + return false; + } else { + return $newapp->id != $this->app->id; + } + } + } diff --git a/actions/newapplication.php b/actions/newapplication.php index c499fe7c7..ba1cca5c9 100644 --- a/actions/newapplication.php +++ b/actions/newapplication.php @@ -158,6 +158,9 @@ class NewApplicationAction extends OwnerDesignAction if (empty($name)) { $this->showForm(_('Name is required.')); return; + } else if ($this->nameExists($name)) { + $this->showForm(_('Name already in use. Try another one.')); + return; } elseif (mb_strlen($name) > 255) { $this->showForm(_('Name is too long (max 255 chars).')); return; @@ -273,5 +276,22 @@ class NewApplicationAction extends OwnerDesignAction } + /** + * Does the app name already exist? + * + * Checks the DB to see someone has already registered and app + * with the same name. + * + * @param string $name app name to check + * + * @return boolean true if the name already exists + */ + + function nameExists($name) + { + $app = Oauth_application::staticGet('name', $name); + return ($app !== false); + } + } diff --git a/classes/statusnet.ini b/classes/statusnet.ini index 6203650a6..4ace4407b 100644 --- a/classes/statusnet.ini +++ b/classes/statusnet.ini @@ -353,7 +353,7 @@ notice_id = K id = 129 owner = 129 consumer_key = 130 -name = 130 +name = 2 description = 2 icon = 130 source_url = 2 @@ -367,6 +367,7 @@ modified = 384 [oauth_application__keys] id = N +name = U [oauth_application_user] profile_id = 129 diff --git a/db/statusnet.sql b/db/statusnet.sql index 17de4fd0d..71a6e724c 100644 --- a/db/statusnet.sql +++ b/db/statusnet.sql @@ -214,7 +214,7 @@ create table oauth_application ( id integer auto_increment primary key comment 'unique identifier', owner integer not null comment 'owner of the application' references profile (id), consumer_key varchar(255) not null comment 'application consumer key' references consumer (consumer_key), - name varchar(255) not null comment 'name of the application', + name varchar(255) unique key comment 'name of the application', description varchar(255) comment 'description of the application', icon varchar(255) not null comment 'application icon', source_url varchar(255) comment 'application homepage - used for source link', -- cgit v1.2.3-54-g00ecf From f0875ceea1bd6940bb30deab0f6a0f38a752a2c6 Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Tue, 2 Feb 2010 06:26:03 +0000 Subject: Allow developers to delete OAuth applications --- actions/deleteapplication.php | 176 ++++++++++++++++++++++++++++++++++++++++++ actions/showapplication.php | 19 ++++- classes/Consumer.php | 30 +++++++ classes/Oauth_application.php | 17 ++++ lib/router.php | 4 + 5 files changed, 244 insertions(+), 2 deletions(-) create mode 100644 actions/deleteapplication.php diff --git a/actions/deleteapplication.php b/actions/deleteapplication.php new file mode 100644 index 000000000..17526e111 --- /dev/null +++ b/actions/deleteapplication.php @@ -0,0 +1,176 @@ +. + * + * @category Action + * @package StatusNet + * @author Zach Copley + * @copyright 2010 StatusNet, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +if (!defined('STATUSNET') && !defined('LACONICA')) { + exit(1); +} + +/** + * Delete an OAuth appliction + * + * @category Action + * @package StatusNet + * @author Zach Copley + * @license http://www.fsf.org/licensing/licenses/agpl.html AGPLv3 + * @link http://status.net/ + */ + +class DeleteapplicationAction extends Action +{ + var $app = null; + + /** + * Take arguments for running + * + * @param array $args $_REQUEST args + * + * @return boolean success flag + */ + + function prepare($args) + { + if (!parent::prepare($args)) { + return false; + } + + if (!common_logged_in()) { + $this->clientError(_('You must be logged in to delete an application.')); + return false; + } + + $id = (int)$this->arg('id'); + $this->app = Oauth_application::staticGet('id', $id); + + if (empty($this->app)) { + $this->clientError(_('Application not found.')); + return false; + } + + $cur = common_current_user(); + + if ($cur->id != $this->app->owner) { + $this->clientError(_('You are not the owner of this application.'), 401); + return false; + } + + return true; + } + + /** + * Handle request + * + * Shows a page with list of favorite notices + * + * @param array $args $_REQUEST args; handled in prepare() + * + * @return void + */ + + function handle($args) + { + if ($_SERVER['REQUEST_METHOD'] == 'POST') { + + // CSRF protection + $token = $this->trimmed('token'); + if (!$token || $token != common_session_token()) { + $this->clientError(_('There was a problem with your session token.')); + return; + } + + if ($this->arg('no')) { + common_redirect(common_local_url('showapplication', + array('id' => $this->app->id)), 303); + } elseif ($this->arg('yes')) { + $this->handlePost(); + common_redirect(common_local_url('oauthappssettings'), 303); + } else { + $this->showPage(); + } + } + } + + function showContent() { + $this->areYouSureForm(); + } + + function title() { + return _('Delete application'); + } + + function showNoticeForm() { + // nop + } + + /** + * Confirm with user. + * + * Shows a confirmation form. + * + * @return void + */ + function areYouSureForm() + { + $id = $this->app->id; + $this->elementStart('form', array('id' => 'deleteapplication-' . $id, + 'method' => 'post', + 'class' => 'form_settings form_entity_block', + 'action' => common_local_url('deleteapplication', + array('id' => $this->app->id)))); + $this->elementStart('fieldset'); + $this->hidden('token', common_session_token()); + $this->element('legend', _('Delete application')); + $this->element('p', null, + _('Are you sure you want to delete this application? '. + 'This will clear all data about the application from the '. + 'database, including all existing user connections.')); + $this->submit('form_action-no', + _('No'), + 'submit form_action-primary', + 'no', + _("Do not delete this application")); + $this->submit('form_action-yes', + _('Yes'), + 'submit form_action-secondary', + 'yes', _('Delete this application')); + $this->elementEnd('fieldset'); + $this->elementEnd('form'); + } + + /** + * Actually delete the app + * + * @return void + */ + + function handlePost() + { + $this->app->delete(); + } +} + diff --git a/actions/showapplication.php b/actions/showapplication.php index 090e11882..020d62480 100644 --- a/actions/showapplication.php +++ b/actions/showapplication.php @@ -222,18 +222,33 @@ class ShowApplicationAction extends OwnerDesignAction $this->elementStart('li', 'entity_reset_keysecret'); $this->elementStart('form', array( - 'id' => 'forma_reset_key', + 'id' => 'form_reset_key', 'class' => 'form_reset_key', 'method' => 'POST', 'action' => common_local_url('showapplication', array('id' => $this->application->id)))); - $this->elementStart('fieldset'); $this->hidden('token', common_session_token()); $this->submit('reset', _('Reset key & secret')); $this->elementEnd('fieldset'); $this->elementEnd('form'); $this->elementEnd('li'); + + $this->elementStart('li', 'entity_delete'); + $this->elementStart('form', array( + 'id' => 'form_delete_application', + 'class' => 'form_delete_application', + 'method' => 'POST', + 'action' => common_local_url('deleteapplication', + array('id' => $this->application->id)))); + + $this->elementStart('fieldset'); + $this->hidden('token', common_session_token()); + $this->submit('delete', _('Delete')); + $this->elementEnd('fieldset'); + $this->elementEnd('form'); + $this->elementEnd('li'); + $this->elementEnd('ul'); $this->elementEnd('div'); diff --git a/classes/Consumer.php b/classes/Consumer.php index ad64a8491..ce399f278 100644 --- a/classes/Consumer.php +++ b/classes/Consumer.php @@ -36,4 +36,34 @@ class Consumer extends Memcached_DataObject return $cons; } + /** + * Delete a Consumer and related tokens and nonces + * + * XXX: Should this happen in an OAuthDataStore instead? + * + */ + function delete() + { + // XXX: Is there any reason NOT to do this kind of cleanup? + + $this->_deleteTokens(); + $this->_deleteNonces(); + + parent::delete(); + } + + function _deleteTokens() + { + $token = new Token(); + $token->consumer_key = $this->consumer_key; + $token->delete(); + } + + function _deleteNonces() + { + $nonce = new Nonce(); + $nonce->consumer_key = $this->consumer_key; + $nonce->delete(); + } + } diff --git a/classes/Oauth_application.php b/classes/Oauth_application.php index a6b539087..748b64220 100644 --- a/classes/Oauth_application.php +++ b/classes/Oauth_application.php @@ -137,4 +137,21 @@ class Oauth_application extends Memcached_DataObject } } + function delete() + { + $this->_deleteAppUsers(); + + $consumer = $this->getConsumer(); + $consumer->delete(); + + parent::delete(); + } + + function _deleteAppUsers() + { + $oauser = new Oauth_application_user(); + $oauser->application_id = $this->id; + $oauser->delete(); + } + } diff --git a/lib/router.php b/lib/router.php index b046b240c..987d0152e 100644 --- a/lib/router.php +++ b/lib/router.php @@ -152,6 +152,10 @@ class Router array('action' => 'editapplication'), array('id' => '[0-9]+') ); + $m->connect('settings/oauthapps/delete/:id', + array('action' => 'deleteapplication'), + array('id' => '[0-9]+') + ); // search -- cgit v1.2.3-54-g00ecf From 819127307896c3aee43f0f009f6ff636eb227b4c Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Tue, 2 Feb 2010 07:35:54 +0000 Subject: Better token revocation --- actions/apioauthauthorize.php | 22 ++++++---------------- actions/oauthconnectionssettings.php | 24 +++++++++++++++--------- db/statusnet.sql | 2 +- lib/apioauthstore.php | 27 +++++++++++++++++++++++++++ 4 files changed, 49 insertions(+), 26 deletions(-) diff --git a/actions/apioauthauthorize.php b/actions/apioauthauthorize.php index 15c3a9dad..05d925d26 100644 --- a/actions/apioauthauthorize.php +++ b/actions/apioauthauthorize.php @@ -99,24 +99,17 @@ class ApiOauthAuthorizeAction extends ApiOauthAction } else { - // XXX: make better error messages - if (empty($this->oauth_token)) { - - common_debug("No request token found."); - - $this->clientError(_('Bad request.')); + $this->clientError(_('No oauth_token parameter provided.')); return; } if (empty($this->app)) { - common_debug('No app for that token.'); - $this->clientError(_('Bad request.')); + $this->clientError(_('Invalid token.')); return; } $name = $this->app->name; - common_debug("Requesting auth for app: " . $name); $this->showForm(); } @@ -124,8 +117,6 @@ class ApiOauthAuthorizeAction extends ApiOauthAction function handlePost() { - common_debug("handlePost()"); - // check session token for CSRF protection. $token = $this->trimmed('token'); @@ -210,13 +201,9 @@ class ApiOauthAuthorizeAction extends ApiOauthAction if (!empty($this->callback)) { - // XXX: Need better way to build this redirect url. - $target_url = $this->getCallback($this->callback, array('oauth_token' => $this->oauth_token)); - common_debug("Doing callback to $target_url"); - common_redirect($target_url, 303); } else { common_debug("callback was empty!"); @@ -236,9 +223,12 @@ class ApiOauthAuthorizeAction extends ApiOauthAction } else if ($this->arg('deny')) { + $datastore = new ApiStatusNetOAuthDataStore(); + $datastore->revoke_token($this->oauth_token, 0); + $this->elementStart('p'); - $this->raw(sprintf(_("The request token %s has been denied."), + $this->raw(sprintf(_("The request token %s has been denied and revoked."), $this->oauth_token)); $this->elementEnd('p'); diff --git a/actions/oauthconnectionssettings.php b/actions/oauthconnectionssettings.php index c2e8d441b..b1467f0d0 100644 --- a/actions/oauthconnectionssettings.php +++ b/actions/oauthconnectionssettings.php @@ -33,6 +33,7 @@ if (!defined('STATUSNET') && !defined('LACONICA')) { require_once INSTALLDIR . '/lib/connectsettingsaction.php'; require_once INSTALLDIR . '/lib/applicationlist.php'; +require_once INSTALLDIR . '/lib/apioauthstore.php'; /** * Show connected OAuth applications @@ -71,11 +72,6 @@ class OauthconnectionssettingsAction extends ConnectSettingsAction return _('Connected applications'); } - function isReadOnly($args) - { - return true; - } - /** * Instructions for use * @@ -153,6 +149,13 @@ class OauthconnectionssettingsAction extends ConnectSettingsAction } } + /** + * Revoke access to an authorized OAuth application + * + * @param int $appId the ID of the application + * + */ + function revokeAccess($appId) { $cur = common_current_user(); @@ -164,6 +167,8 @@ class OauthconnectionssettingsAction extends ConnectSettingsAction return false; } + // XXX: Transaction here? + $appUser = Oauth_application_user::getByKeys($cur, $app); if (empty($appUser)) { @@ -171,12 +176,13 @@ class OauthconnectionssettingsAction extends ConnectSettingsAction return false; } - $orig = clone($appUser); - $appUser->access_type = 0; // No access - $result = $appUser->update(); + $datastore = new ApiStatusNetOAuthDataStore(); + $datastore->revoke_token($appUser->token, 1); + + $result = $appUser->delete(); if (!$result) { - common_log_db_error($orig, 'UPDATE', __FILE__); + common_log_db_error($orig, 'DELETE', __FILE__); $this->clientError(_('Unable to revoke access for app: ' . $app->id)); return false; } diff --git a/db/statusnet.sql b/db/statusnet.sql index 71a6e724c..8946f4d7e 100644 --- a/db/statusnet.sql +++ b/db/statusnet.sql @@ -230,7 +230,7 @@ create table oauth_application ( create table oauth_application_user ( profile_id integer not null comment 'user of the application' references profile (id), application_id integer not null comment 'id of the application' references oauth_application (id), - access_type tinyint default 0 comment 'access type, bit 1 = read, bit 2 = write, bit 3 = revoked', + access_type tinyint default 0 comment 'access type, bit 1 = read, bit 2 = write', token varchar(255) comment 'request or access token', created datetime not null comment 'date this record was created', modified timestamp comment 'date this record was modified', diff --git a/lib/apioauthstore.php b/lib/apioauthstore.php index 32110d057..1bb11cbca 100644 --- a/lib/apioauthstore.php +++ b/lib/apioauthstore.php @@ -159,5 +159,32 @@ class ApiStatusNetOAuthDataStore extends StatusNetOAuthDataStore } } + /** + * Revoke specified access token + * + * Revokes the token specified by $token_key. + * Throws exceptions in case of error. + * + * @param string $token_key the token to be revoked + * @param int $type type of token (0 = req, 1 = access) + * + * @access public + * + * @return void + */ + + public function revoke_token($token_key, $type = 0) { + $rt = new Token(); + $rt->tok = $token_key; + $rt->type = $type; + $rt->state = 0; + if (!$rt->find(true)) { + throw new Exception('Tried to revoke unknown token'); + } + if (!$rt->delete()) { + throw new Exception('Failed to delete revoked token'); + } + } + } -- cgit v1.2.3-54-g00ecf From 3906713b2aec17d889d79dcf526ae05e284b5b33 Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Tue, 2 Feb 2010 07:59:28 +0000 Subject: Suppress notice input box on OAuth authorization page --- actions/apioauthauthorize.php | 36 ++++++++++++++++++++++++++++++------ 1 file changed, 30 insertions(+), 6 deletions(-) diff --git a/actions/apioauthauthorize.php b/actions/apioauthauthorize.php index 05d925d26..2caa8d20b 100644 --- a/actions/apioauthauthorize.php +++ b/actions/apioauthauthorize.php @@ -67,8 +67,6 @@ class ApiOauthAuthorizeAction extends ApiOauthAction { parent::prepare($args); - common_debug("apioauthauthorize"); - $this->nickname = $this->trimmed('nickname'); $this->password = $this->arg('password'); $this->oauth_token = $this->arg('oauth_token'); @@ -193,8 +191,6 @@ class ApiOauthAuthorizeAction extends ApiOauthAction // A callback specified in the app setup overrides whatever // is passed in with the request. - common_debug("Req token is authorized - doing callback"); - if (!empty($this->app->callback_url)) { $this->callback = $this->app->callback_url; } @@ -295,12 +291,15 @@ class ApiOauthAuthorizeAction extends ApiOauthAction $msg = _('The application %1$s by ' . '%2$s would like the ability ' . - 'to %3$s your account data.'); + 'to %3$s your %4$s account data. ' . + 'You should only give access to your %4$s account ' . + 'to third parties you trust.'); $this->raw(sprintf($msg, $this->app->name, $this->app->organization, - $access)); + $access, + common_config('site', 'name'))); $this->elementEnd('p'); $this->elementEnd('li'); $this->elementEnd('ul'); @@ -362,6 +361,31 @@ class ApiOauthAuthorizeAction extends ApiOauthAction function showLocalNav() { + // NOP + } + + /** + * Show site notice. + * + * @return nothing + */ + + function showSiteNotice() + { + // NOP + } + + /** + * Show notice form. + * + * Show the form for posting a new notice + * + * @return nothing + */ + + function showNoticeForm() + { + // NOP } } -- cgit v1.2.3-54-g00ecf From dae28d98d1958b1d7ba6572f72efc3e6cdbff276 Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Tue, 2 Feb 2010 08:47:14 +0000 Subject: Linkify notice source when posting from registered OAuth apps --- lib/api.php | 19 ++++++++++++++++++- lib/noticelist.php | 20 ++++++++++++++++++-- 2 files changed, 36 insertions(+), 3 deletions(-) diff --git a/lib/api.php b/lib/api.php index 10a2fae28..f81975216 100644 --- a/lib/api.php +++ b/lib/api.php @@ -1249,10 +1249,27 @@ class ApiAction extends Action case 'api': break; default: + + $name = null; + $url = null; + $ns = Notice_source::staticGet($source); + if ($ns) { - $source_name = '' . $ns->name . ''; + $name = $ns->name; + $url = $ns->url; + } else { + $app = Oauth_application::staticGet('name', $source); + if ($app) { + $name = $app->name; + $url = $app->source_url; + } + } + + if (!empty($name) && !empty($url)) { + $source_name = '' . $name . ''; } + break; } return $source_name; diff --git a/lib/noticelist.php b/lib/noticelist.php index 85c169716..a4a0f2651 100644 --- a/lib/noticelist.php +++ b/lib/noticelist.php @@ -486,12 +486,28 @@ class NoticeListItem extends Widget $this->out->element('span', 'device', $source_name); break; default: + + $name = null; + $url = null; + $ns = Notice_source::staticGet($this->notice->source); + if ($ns) { + $name = $ns->name; + $url = $ns->url; + } else { + $app = Oauth_application::staticGet('name', $this->notice->source); + if ($app) { + $name = $app->name; + $url = $app->source_url; + } + } + + if (!empty($name) && !empty($url)) { $this->out->elementStart('span', 'device'); - $this->out->element('a', array('href' => $ns->url, + $this->out->element('a', array('href' => $url, 'rel' => 'external'), - $ns->name); + $name); $this->out->elementEnd('span'); } else { $this->out->element('span', 'device', $source_name); -- cgit v1.2.3-54-g00ecf From cc256aaa67a2fe009f818874a79901d921085905 Mon Sep 17 00:00:00 2001 From: Sarven Capadisli Date: Tue, 2 Feb 2010 13:12:03 +0100 Subject: Updated StatusNet logos --- theme/base/logo.png | Bin 4988 -> 10107 bytes theme/default/css/display.css | 2 +- theme/default/logo.png | Bin 6389 -> 10107 bytes theme/default/mobilelogo.png | Bin 2238 -> 4017 bytes theme/identica/mobilelogo.png | Bin 2238 -> 4017 bytes 5 files changed, 1 insertion(+), 1 deletion(-) diff --git a/theme/base/logo.png b/theme/base/logo.png index 7c68b34f6..cf1839194 100644 Binary files a/theme/base/logo.png and b/theme/base/logo.png differ diff --git a/theme/default/css/display.css b/theme/default/css/display.css index 06711850f..c31d13d00 100644 --- a/theme/default/css/display.css +++ b/theme/default/css/display.css @@ -1,7 +1,7 @@ /** theme: default * * @package StatusNet - * @author Sarven Capadisli + * @author Sarven Capadisli * @copyright 2009 StatusNet, Inc. * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://status.net/ diff --git a/theme/default/logo.png b/theme/default/logo.png index 550d373fe..cf1839194 100644 Binary files a/theme/default/logo.png and b/theme/default/logo.png differ diff --git a/theme/default/mobilelogo.png b/theme/default/mobilelogo.png index b72f7aff5..66bb5f678 100644 Binary files a/theme/default/mobilelogo.png and b/theme/default/mobilelogo.png differ diff --git a/theme/identica/mobilelogo.png b/theme/identica/mobilelogo.png index b72f7aff5..66bb5f678 100644 Binary files a/theme/identica/mobilelogo.png and b/theme/identica/mobilelogo.png differ -- cgit v1.2.3-54-g00ecf From 7b690dab8f277d864c4588667838ad9ce6959baf Mon Sep 17 00:00:00 2001 From: Sarven Capadisli Date: Tue, 2 Feb 2010 13:16:30 +0100 Subject: Minor alignment notice form alignment for default theme --- theme/default/css/display.css | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/theme/default/css/display.css b/theme/default/css/display.css index c31d13d00..07aa5325f 100644 --- a/theme/default/css/display.css +++ b/theme/default/css/display.css @@ -18,7 +18,7 @@ font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif; font-size:1em; } address { -margin-right:5.7%; +margin-right:5.3%; } input, textarea, select { border-width:2px; -- cgit v1.2.3-54-g00ecf From 5f14301c55477e9989039bc04747608fdc7c932c Mon Sep 17 00:00:00 2001 From: Brion Vibber Date: Tue, 2 Feb 2010 06:15:01 -0800 Subject: setconfig.php: list all current settings if no parameters given --- scripts/setconfig.php | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) mode change 100644 => 100755 scripts/setconfig.php diff --git a/scripts/setconfig.php b/scripts/setconfig.php old mode 100644 new mode 100755 index b102f99b1..fe0e46d65 --- a/scripts/setconfig.php +++ b/scripts/setconfig.php @@ -28,6 +28,7 @@ setconfig.php [options] [section] [setting] With three args, set the setting to the value. With two args, just show the setting. With -d, delete the setting. +With no args, lists all currently set values. [section] section to use (required) [setting] setting to use (required) @@ -39,6 +40,21 @@ END_OF_SETCONFIG_HELP; require_once INSTALLDIR.'/scripts/commandline.inc'; +if (empty($args)) { + $count = 0; + $config = new Config(); + $config->find(); + while ($config->fetch()) { + $count++; + printf("%-20s %-20s %s\n", $config->section, $config->setting, + var_export($config->value, true)); + } + if ($count == 0) { + print "No configuration set in database for this site.\n"; + } + exit(0); +} + if (count($args) < 2 || count($args) > 3) { show_help(); exit(1); -- cgit v1.2.3-54-g00ecf From 65c5d7813b6e4add186e7e8bf7e476c262c2c4cd Mon Sep 17 00:00:00 2001 From: Sarven Capadisli Date: Tue, 2 Feb 2010 16:06:22 +0100 Subject: Added icon to Clear label for UserFlag plugin --- plugins/UserFlag/clearflagform.php | 2 +- theme/base/images/icons/icons-01.gif | Bin 3650 -> 3696 bytes theme/default/css/display.css | 6 +++++- theme/identica/css/display.css | 8 ++++++-- 4 files changed, 12 insertions(+), 4 deletions(-) diff --git a/plugins/UserFlag/clearflagform.php b/plugins/UserFlag/clearflagform.php index 5ad6055d3..eefd15c36 100644 --- a/plugins/UserFlag/clearflagform.php +++ b/plugins/UserFlag/clearflagform.php @@ -54,7 +54,7 @@ class ClearFlagForm extends ProfileActionForm function formClass() { - return 'form_entity_clearflag'; + return 'form_user_clearflag'; } /** diff --git a/theme/base/images/icons/icons-01.gif b/theme/base/images/icons/icons-01.gif index f93d33d79..980fa0c0d 100644 Binary files a/theme/base/images/icons/icons-01.gif and b/theme/base/images/icons/icons-01.gif differ diff --git a/theme/default/css/display.css b/theme/default/css/display.css index 07aa5325f..3c05420ef 100644 --- a/theme/default/css/display.css +++ b/theme/default/css/display.css @@ -189,7 +189,8 @@ button.close, .notice-options .repeated, .form_notice label[for=notice_data-geo], button.minimize, -.form_reset_key input.submit { +.form_reset_key input.submit, +.entity_clear input.submit { background-image:url(../../base/images/icons/icons-01.gif); background-repeat:no-repeat; background-color:transparent; @@ -338,6 +339,9 @@ background-position: 5px -1511px; .form_reset_key input.submit { background-position: 5px -1973px; } +.entity_clear input.submit { +background-position: 5px -2039px; +} /* NOTICES */ .notice .attachment { diff --git a/theme/identica/css/display.css b/theme/identica/css/display.css index 1ac96ab5b..e19555378 100644 --- a/theme/identica/css/display.css +++ b/theme/identica/css/display.css @@ -1,7 +1,7 @@ /** theme: identica * * @package StatusNet - * @author Sarven Capadisli + * @author Sarven Capadisli * @copyright 2009 StatusNet, Inc. * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://status.net/ @@ -189,7 +189,8 @@ button.close, .notice-options .repeated, .form_notice label[for=notice_data-geo], button.minimize, -.form_reset_key input.submit { +.form_reset_key input.submit, +.entity_clear input.submit { background-image:url(../../base/images/icons/icons-01.gif); background-repeat:no-repeat; background-color:transparent; @@ -337,6 +338,9 @@ background-position: 5px -1511px; .form_reset_key input.submit { background-position: 5px -1973px; } +.entity_clear input.submit { +background-position: 5px -2039px; +} /* NOTICES */ .notice .attachment { -- cgit v1.2.3-54-g00ecf From 7cecd7f722b152f34ff8e82fb5a93bb596a9a3dc Mon Sep 17 00:00:00 2001 From: Sarven Capadisli Date: Tue, 2 Feb 2010 16:09:39 +0100 Subject: Added single icon for Clear --- theme/base/images/icons/twotone/green/clear.gif | Bin 0 -> 82 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 theme/base/images/icons/twotone/green/clear.gif diff --git a/theme/base/images/icons/twotone/green/clear.gif b/theme/base/images/icons/twotone/green/clear.gif new file mode 100644 index 000000000..2666430ef Binary files /dev/null and b/theme/base/images/icons/twotone/green/clear.gif differ -- cgit v1.2.3-54-g00ecf From a1f55c3f80f9a08ca7b2ed24faf4e148b09d4bb2 Mon Sep 17 00:00:00 2001 From: Sarven Capadisli Date: Tue, 2 Feb 2010 16:14:37 +0100 Subject: Added flag icon to core --- theme/base/images/icons/icons-01.gif | Bin 3696 -> 3758 bytes theme/base/images/icons/twotone/green/flag.gif | Bin 0 -> 80 bytes 2 files changed, 0 insertions(+), 0 deletions(-) create mode 100644 theme/base/images/icons/twotone/green/flag.gif diff --git a/theme/base/images/icons/icons-01.gif b/theme/base/images/icons/icons-01.gif index 980fa0c0d..01a729c10 100644 Binary files a/theme/base/images/icons/icons-01.gif and b/theme/base/images/icons/icons-01.gif differ diff --git a/theme/base/images/icons/twotone/green/flag.gif b/theme/base/images/icons/twotone/green/flag.gif new file mode 100644 index 000000000..68c8aee25 Binary files /dev/null and b/theme/base/images/icons/twotone/green/flag.gif differ -- cgit v1.2.3-54-g00ecf From 245610d2e18e2df26b8b2095ab3092855a272096 Mon Sep 17 00:00:00 2001 From: Sarven Capadisli Date: Tue, 2 Feb 2010 16:27:58 +0100 Subject: Removed entity flag stylesheet and icons from plugin to core. --- plugins/UserFlag/UserFlagPlugin.php | 15 --------------- plugins/UserFlag/icon_flag.gif | Bin 80 -> 0 bytes plugins/UserFlag/userflag.css | 4 ---- theme/default/css/display.css | 8 +++++++- theme/identica/css/display.css | 8 +++++++- 5 files changed, 14 insertions(+), 21 deletions(-) delete mode 100644 plugins/UserFlag/icon_flag.gif delete mode 100644 plugins/UserFlag/userflag.css diff --git a/plugins/UserFlag/UserFlagPlugin.php b/plugins/UserFlag/UserFlagPlugin.php index 8728e5703..ae3dfe036 100644 --- a/plugins/UserFlag/UserFlagPlugin.php +++ b/plugins/UserFlag/UserFlagPlugin.php @@ -182,21 +182,6 @@ class UserFlagPlugin extends Plugin return true; } - /** - * Add our plugin's CSS to page output - * - * @param Action $action action being shown - * - * @return boolean hook result - */ - - function onEndShowStatusNetStyles($action) - { - $action->cssLink(common_path('plugins/UserFlag/userflag.css'), - null, 'screen, projection, tv'); - return true; - } - /** * Initialize any flagging buttons on the page * diff --git a/plugins/UserFlag/icon_flag.gif b/plugins/UserFlag/icon_flag.gif deleted file mode 100644 index 68c8aee25..000000000 Binary files a/plugins/UserFlag/icon_flag.gif and /dev/null differ diff --git a/plugins/UserFlag/userflag.css b/plugins/UserFlag/userflag.css deleted file mode 100644 index 98da24cc9..000000000 --- a/plugins/UserFlag/userflag.css +++ /dev/null @@ -1,4 +0,0 @@ -.entity_flag input.submit, -.entity_flag p { -background:url(icon_flag.gif) 5px 5px no-repeat; -} diff --git a/theme/default/css/display.css b/theme/default/css/display.css index 3c05420ef..6954de7ba 100644 --- a/theme/default/css/display.css +++ b/theme/default/css/display.css @@ -190,7 +190,9 @@ button.close, .form_notice label[for=notice_data-geo], button.minimize, .form_reset_key input.submit, -.entity_clear input.submit { +.entity_clear input.submit, +.entity_flag input.submit, +.entity_flag p { background-image:url(../../base/images/icons/icons-01.gif); background-repeat:no-repeat; background-color:transparent; @@ -342,6 +344,10 @@ background-position: 5px -1973px; .entity_clear input.submit { background-position: 5px -2039px; } +.entity_flag input.submit, +.entity_flag p { +background-position: 5px -2105px; +} /* NOTICES */ .notice .attachment { diff --git a/theme/identica/css/display.css b/theme/identica/css/display.css index e19555378..9ac2730bd 100644 --- a/theme/identica/css/display.css +++ b/theme/identica/css/display.css @@ -190,7 +190,9 @@ button.close, .form_notice label[for=notice_data-geo], button.minimize, .form_reset_key input.submit, -.entity_clear input.submit { +.entity_clear input.submit, +.entity_flag input.submit, +.entity_flag p { background-image:url(../../base/images/icons/icons-01.gif); background-repeat:no-repeat; background-color:transparent; @@ -341,6 +343,10 @@ background-position: 5px -1973px; .entity_clear input.submit { background-position: 5px -2039px; } +.entity_flag input.submit, +.entity_flag p { +background-position: 5px -2105px; +} /* NOTICES */ .notice .attachment { -- cgit v1.2.3-54-g00ecf From 027c7e61fd6ecbb866a4f18111662902942d046e Mon Sep 17 00:00:00 2001 From: Brion Vibber Date: Tue, 2 Feb 2010 09:30:15 -0800 Subject: Fix regression breaking file attachments. This is what I get for rushing fixes and not properly testing them. :P --- classes/File.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/classes/File.php b/classes/File.php index 6dd9e0c06..ee418a802 100644 --- a/classes/File.php +++ b/classes/File.php @@ -181,7 +181,7 @@ class File extends Memcached_DataObject */ static function validFilename($filename) { - return preg_match('^/[A-Za-z0-9._-]+$/', $filename); + return preg_match('/^[A-Za-z0-9._-]+$/', $filename); } /** -- cgit v1.2.3-54-g00ecf