From 14a76926a225dec3d29aeffa13ab7ece74f708e5 Mon Sep 17 00:00:00 2001 From: Brion Vibber Date: Tue, 18 May 2010 21:52:17 +0000 Subject: Redirect non-SSL hits to login & register actions to SSL if 'always' or 'sometimes' SSL modes are kicked in. The forms would already submit to SSL, but people are happier if they start on a secure page! Note: this really should be done for sensitive/all URLs in index.php, but it seems a bit awkward to reconstruct the SSL version of the link atm. Cleanup todo! --- actions/login.php | 22 ++++++++++++++++++++++ actions/register.php | 7 +++++++ 2 files changed, 29 insertions(+) (limited to 'actions') diff --git a/actions/login.php b/actions/login.php index dc6352368..d3e4312f7 100644 --- a/actions/login.php +++ b/actions/login.php @@ -62,6 +62,28 @@ class LoginAction extends Action return false; } + /** + * Prepare page to run + * + * + * @param $args + * @return string title + */ + + function prepare($args) + { + parent::prepare($args); + + // @todo this check should really be in index.php for all sensitive actions + $ssl = common_config('site', 'ssl'); + if (empty($_SERVER['HTTPS']) && ($ssl == 'always' || $ssl == 'sometimes')) { + common_redirect(common_local_url('login')); + // exit + } + + return true; + } + /** * Handle input, produce output * diff --git a/actions/register.php b/actions/register.php index 7fdbb4ded..2fc7ef921 100644 --- a/actions/register.php +++ b/actions/register.php @@ -74,6 +74,13 @@ class RegisterAction extends Action parent::prepare($args); $this->code = $this->trimmed('code'); + // @todo this check should really be in index.php for all sensitive actions + $ssl = common_config('site', 'ssl'); + if (empty($_SERVER['HTTPS']) && ($ssl == 'always' || $ssl == 'sometimes')) { + common_redirect(common_local_url('register')); + // exit + } + if (empty($this->code)) { common_ensure_session(); if (array_key_exists('invitecode', $_SESSION)) { -- cgit v1.2.3-54-g00ecf From c78f67aa7367acab5f9156ecf8963e2d5243e400 Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Thu, 6 May 2010 00:20:10 -0700 Subject: Refactor and centralize notice source link calculation --- actions/twitapisearchatom.php | 15 ++++++++++-- classes/Notice.php | 39 +++++++++++++++++++++++++++++- lib/apiaction.php | 51 ++++++++++----------------------------- lib/noticelist.php | 56 ++++++++++++++++++++----------------------- 4 files changed, 90 insertions(+), 71 deletions(-) (limited to 'actions') diff --git a/actions/twitapisearchatom.php b/actions/twitapisearchatom.php index 24aa619bd..3eb54ccc3 100644 --- a/actions/twitapisearchatom.php +++ b/actions/twitapisearchatom.php @@ -342,10 +342,21 @@ class TwitapisearchatomAction extends ApiAction 'rel' => 'related', 'href' => $profile->avatarUrl())); - // TODO: Here is where we'd put in a link to an atom feed for threads + // @todo: Here is where we'd put in a link to an atom feed for threads + + $source = null; + + $ns = $notice->getSource(); + if ($ns) { + if (!empty($ns->name) && !empty($ns->url)) { + $source = '' . $ns->name . ''; + } else { + $source = $ns->code; + } + } $this->element("twitter:source", null, - htmlentities($this->sourceLink($notice->source))); + htmlentities($source)); $this->elementStart('author'); diff --git a/classes/Notice.php b/classes/Notice.php index 9a9172cba..2c2c87d56 100644 --- a/classes/Notice.php +++ b/classes/Notice.php @@ -703,7 +703,7 @@ class Notice extends Memcached_DataObject /** * Is this notice part of an active conversation? - * + * * @return boolean true if other messages exist in the same * conversation, false if this is the only one */ @@ -1809,4 +1809,41 @@ class Notice extends Memcached_DataObject return $result; } + + /** + * Get the source of the notice + * + * @return Notice_source $ns A notice source object. 'code' is the only attribute + * guaranteed to be populated. + */ + function getSource() + { + $ns = new Notice_source(); + if (!empty($this->source)) { + switch ($this->source) { + case 'web': + case 'xmpp': + case 'mail': + case 'omb': + case 'system': + case 'api': + $ns->code = $this->source; + break; + default: + $ns = Notice_source::staticGet($this->source); + if (!$ns) { + $ns = new Notice_source(); + $ns->code = $this->source; + $app = Oauth_application::staticGet('name', $this->source); + if ($app) { + $ns->name = $app->name; + $ns->url = $app->source_url; + } + } + break; + } + } + return $ns; + } + } diff --git a/lib/apiaction.php b/lib/apiaction.php index f87b04611..7a6a5549b 100644 --- a/lib/apiaction.php +++ b/lib/apiaction.php @@ -260,7 +260,19 @@ class ApiAction extends Action $twitter_status['created_at'] = $this->dateTwitter($notice->created); $twitter_status['in_reply_to_status_id'] = ($notice->reply_to) ? intval($notice->reply_to) : null; - $twitter_status['source'] = $this->sourceLink($notice->source); + + $source = null; + + $ns = $notice->getSource(); + if ($ns) { + if (!empty($ns->name) && !empty($ns->url)) { + $source = '' . $ns->name . ''; + } else { + $source = $ns->code; + } + } + + $twitter_status['source'] = $source; $twitter_status['id'] = intval($notice->id); $replier_profile = null; @@ -1298,43 +1310,6 @@ class ApiAction extends Action } } - function sourceLink($source) - { - $source_name = _($source); - switch ($source) { - case 'web': - case 'xmpp': - case 'mail': - case 'omb': - case 'api': - break; - default: - - $name = null; - $url = null; - - $ns = Notice_source::staticGet($source); - - if ($ns) { - $name = $ns->name; - $url = $ns->url; - } else { - $app = Oauth_application::staticGet('name', $source); - if ($app) { - $name = $app->name; - $url = $app->source_url; - } - } - - if (!empty($name) && !empty($url)) { - $source_name = '' . $name . ''; - } - - break; - } - return $source_name; - } - /** * Returns query argument or default value if not found. Certain * parameters used throughout the API are lightly scrubbed and diff --git a/lib/noticelist.php b/lib/noticelist.php index 4f997a328..e0d8bf560 100644 --- a/lib/noticelist.php +++ b/lib/noticelist.php @@ -480,48 +480,44 @@ class NoticeListItem extends Widget function showNoticeSource() { - if ($this->notice->source) { + $ns = $this->notice->getSource(); + + if ($ns) { + $source_name = _($ns->code); $this->out->text(' '); $this->out->elementStart('span', 'source'); $this->out->text(_('from')); - $source_name = _($this->notice->source); $this->out->text(' '); - switch ($this->notice->source) { - case 'web': - case 'xmpp': - case 'mail': - case 'omb': - case 'system': - case 'api': - $this->out->element('span', 'device', $source_name); - break; - default: - $name = $source_name; - $url = null; + // if $ns->name and $ns->url are populated we have + // configured a source attr somewhere + if (empty($ns->name) && empty($ns->url)) { + // otherwise it's from normal channel such as web or api + $this->out->element('span', 'device', $source_name); + } else { + $name = null; + $url = null; + $title = null; if (Event::handle('StartNoticeSourceLink', array($this->notice, &$name, &$url, &$title))) { - $ns = Notice_source::staticGet($this->notice->source); - - if ($ns) { - $name = $ns->name; - $url = $ns->url; - } else { - $app = Oauth_application::staticGet('name', $this->notice->source); - if ($app) { - $name = $app->name; - $url = $app->source_url; - } - } + $name = $source_name; + $url = $ns->url; } Event::handle('EndNoticeSourceLink', array($this->notice, &$name, &$url, &$title)); if (!empty($name) && !empty($url)) { $this->out->elementStart('span', 'device'); - $this->out->element('a', array('href' => $url, - 'rel' => 'external', - 'title' => $title), - $name); + + $attrs = array( + 'href' => $url, + 'rel' => 'external' + ); + + if (isset($title)) { + $attrs['title'] = $title; + } + + $this->out->element('a', $attrs, $name); $this->out->elementEnd('span'); } else { $this->out->element('span', 'device', $name); -- cgit v1.2.3-54-g00ecf From 0dfef88cacde19cf0afaefbd422a7f5230091064 Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Thu, 6 May 2010 00:55:17 -0700 Subject: HTML entity encode source link URLs in plain XML output and add rel="nofollow" to them --- actions/twitapisearchatom.php | 2 +- lib/apiaction.php | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'actions') diff --git a/actions/twitapisearchatom.php b/actions/twitapisearchatom.php index 3eb54ccc3..6c740c490 100644 --- a/actions/twitapisearchatom.php +++ b/actions/twitapisearchatom.php @@ -349,7 +349,7 @@ class TwitapisearchatomAction extends ApiAction $ns = $notice->getSource(); if ($ns) { if (!empty($ns->name) && !empty($ns->url)) { - $source = '' . $ns->name . ''; + $source = '' . $ns->name . ''; } else { $source = $ns->code; } diff --git a/lib/apiaction.php b/lib/apiaction.php index 7a6a5549b..f3efff402 100644 --- a/lib/apiaction.php +++ b/lib/apiaction.php @@ -266,13 +266,13 @@ class ApiAction extends Action $ns = $notice->getSource(); if ($ns) { if (!empty($ns->name) && !empty($ns->url)) { - $source = '' . $ns->name . ''; + $source = '' . $ns->name . ''; } else { $source = $ns->code; } } - $twitter_status['source'] = $source; + $twitter_status['source'] = htmlentities($source); $twitter_status['id'] = intval($notice->id); $replier_profile = null; -- cgit v1.2.3-54-g00ecf From 5ea019c41ac4d6c161f3c8f287d405971d4aadea Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Thu, 6 May 2010 21:36:13 +0000 Subject: Remove errant double HTML entity encoding in API source attribution --- actions/twitapisearchatom.php | 9 ++++++--- classes/Notice.php | 2 +- lib/apiaction.php | 8 ++++++-- 3 files changed, 13 insertions(+), 6 deletions(-) (limited to 'actions') diff --git a/actions/twitapisearchatom.php b/actions/twitapisearchatom.php index 6c740c490..51e8a8881 100644 --- a/actions/twitapisearchatom.php +++ b/actions/twitapisearchatom.php @@ -349,14 +349,17 @@ class TwitapisearchatomAction extends ApiAction $ns = $notice->getSource(); if ($ns) { if (!empty($ns->name) && !empty($ns->url)) { - $source = '' . $ns->name . ''; + $source = '' + . htmlspecialchars($ns->name) + . ''; } else { $source = $ns->code; } } - $this->element("twitter:source", null, - htmlentities($source)); + $this->element("twitter:source", null, $source); $this->elementStart('author'); diff --git a/classes/Notice.php b/classes/Notice.php index 196501279..0dc7e10e7 100644 --- a/classes/Notice.php +++ b/classes/Notice.php @@ -1220,7 +1220,7 @@ class Notice extends Memcached_DataObject $ns = $this->getSource(); if ($ns) { if (!empty($ns->url)) { - $noticeInfoAttr['source_link'] = htmlentities($ns->url); + $noticeInfoAttr['source_link'] = $ns->url; } } diff --git a/lib/apiaction.php b/lib/apiaction.php index f3efff402..68198effc 100644 --- a/lib/apiaction.php +++ b/lib/apiaction.php @@ -266,13 +266,17 @@ class ApiAction extends Action $ns = $notice->getSource(); if ($ns) { if (!empty($ns->name) && !empty($ns->url)) { - $source = '' . $ns->name . ''; + $source = '' + . htmlspecialchars($ns->name) + . ''; } else { $source = $ns->code; } } - $twitter_status['source'] = htmlentities($source); + $twitter_status['source'] = $source; $twitter_status['id'] = intval($notice->id); $replier_profile = null; -- cgit v1.2.3-54-g00ecf