From bb93d6b1c7c697891baca7082261ee694727f161 Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Mon, 28 Dec 2009 14:21:07 -0800 Subject: remove namespace setting from location; it's unused --- lib/default.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/default.php') diff --git a/lib/default.php b/lib/default.php index 42d4623b1..b5eda7b2c 100644 --- a/lib/default.php +++ b/lib/default.php @@ -226,7 +226,7 @@ $default = 'message' => array('contentlimit' => null), 'location' => - array('namespace' => 1), // 1 = geonames, 2 = Yahoo Where on Earth + array(), 'omb' => array('timeout' => 5), // HTTP request timeout in seconds when contacting remote hosts for OMB updates 'logincommand' => -- cgit v1.2.3-54-g00ecf From 39bdda9c7e7ee7571298c84c406a9dd74805f050 Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Mon, 28 Dec 2009 14:43:34 -0800 Subject: More configuration options for location sharing --- classes/User.php | 26 +++++++++++++++++--------- lib/default.php | 3 ++- 2 files changed, 19 insertions(+), 10 deletions(-) (limited to 'lib/default.php') diff --git a/classes/User.php b/classes/User.php index 2bcb7c2a0..34151778c 100644 --- a/classes/User.php +++ b/classes/User.php @@ -999,17 +999,25 @@ class User extends Memcached_DataObject function shareLocation() { - $share = true; + $cfg = common_config('location', 'share'); - $prefs = User_location_prefs::staticGet('user_id', $this->id); + if ($cfg == 'always') { + return true; + } else if ($cfg == 'never') { + return false; + } else { // user + $share = true; - if (empty($prefs)) { - $share = common_config('location', 'share'); - } else { - $share = $prefs->share_location; - $prefs->free(); - } + $prefs = User_location_prefs::staticGet('user_id', $this->id); - return $share; + if (empty($prefs)) { + $share = common_config('location', 'sharedefault'); + } else { + $share = $prefs->share_location; + $prefs->free(); + } + + return $share; + } } } diff --git a/lib/default.php b/lib/default.php index b5eda7b2c..8a70ed3fa 100644 --- a/lib/default.php +++ b/lib/default.php @@ -226,7 +226,8 @@ $default = 'message' => array('contentlimit' => null), 'location' => - array(), + array('share' => 'user', // whether to share location; 'always', 'user', 'never' + 'sharedefault' => true), 'omb' => array('timeout' => 5), // HTTP request timeout in seconds when contacting remote hosts for OMB updates 'logincommand' => -- cgit v1.2.3-54-g00ecf From cc5534d180625b3d34f7039c0b95b034f3674a20 Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Sat, 2 Jan 2010 21:16:59 -1000 Subject: First version of Memcache plugin --- lib/cache.php | 2 +- lib/common.php | 12 ++++ lib/default.php | 7 +- plugins/MemcachePlugin.php | 162 +++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 177 insertions(+), 6 deletions(-) create mode 100644 plugins/MemcachePlugin.php (limited to 'lib/default.php') diff --git a/lib/cache.php b/lib/cache.php index 63f582861..23657bbf3 100644 --- a/lib/cache.php +++ b/lib/cache.php @@ -78,7 +78,7 @@ class Cache static function key($extra) { - $base_key = common_config('memcached', 'base'); + $base_key = common_config('cache', 'base'); if (empty($base_key)) { $base_key = common_keyize(common_config('site', 'name')); diff --git a/lib/common.php b/lib/common.php index 7fa1910af..b0e5c4390 100644 --- a/lib/common.php +++ b/lib/common.php @@ -210,6 +210,18 @@ if ($_db_name != 'statusnet' && !array_key_exists('ini_'.$_db_name, $config['db' $config['db']['ini_'.$_db_name] = INSTALLDIR.'/classes/statusnet.ini'; } +// Backwards compatibility + +if (array_key_exists('memcached', $config)) { + if ($config['memcached']['enabled']) { + addPlugin('Memcache', array('servers' => $config['memcached']['server'])); + } + + if (!empty($config['memcached']['base'])) { + $config['cache']['base'] = $config['memcached']['base']; + } +} + function __autoload($cls) { if (file_exists(INSTALLDIR.'/classes/' . $cls . '.php')) { diff --git a/lib/default.php b/lib/default.php index 8a70ed3fa..eea11eb2b 100644 --- a/lib/default.php +++ b/lib/default.php @@ -147,11 +147,8 @@ $default = array('enabled' => true, 'consumer_key' => null, 'consumer_secret' => null), - 'memcached' => - array('enabled' => false, - 'server' => 'localhost', - 'base' => null, - 'port' => 11211), + 'cache' => + array('base' => null), 'ping' => array('notify' => array()), 'inboxes' => diff --git a/plugins/MemcachePlugin.php b/plugins/MemcachePlugin.php new file mode 100644 index 000000000..acbec135e --- /dev/null +++ b/plugins/MemcachePlugin.php @@ -0,0 +1,162 @@ +. + * + * @category Cache + * @package StatusNet + * @author Evan Prodromou + * @copyright 2009 StatusNet, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +if (!defined('STATUSNET')) { + // This check helps protect against security problems; + // your code file can't be executed directly from the web. + exit(1); +} + +/** + * A plugin to use memcache for the cache interface + * + * This used to be encoded as config-variable options in the core code; + * it's now broken out to a separate plugin. The same interface can be + * implemented by other plugins. + * + * @category Cache + * @package StatusNet + * @author Evan Prodromou + * @copyright 2009 StatusNet, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +class MemcachePlugin extends Plugin +{ + private $_conn = null; + public $servers = array('127.0.0.1;11211'); + + /** + * Initialize the plugin + * + * Note that onStartCacheGet() may have been called before this! + * + * @return boolean flag value + */ + + function onInitializePlugin() + { + $this->_ensureConn(); + return true; + } + + /** + * Get a value associated with a key + * + * The value should have been set previously. + * + * @param string &$key in; Lookup key + * @param mixed &$value out; value associated with key + * + * @return boolean hook success + */ + + function onStartCacheGet(&$key, &$value) + { + $this->_ensureConn(); + $value = $this->_conn->get($key); + Event::handle('EndCacheGet', array($key, &$value)); + return false; + } + + /** + * Associate a value with a key + * + * @param string &$key in; Key to use for lookups + * @param mixed &$value in; Value to associate + * @param integer &$flag in; Flag (passed through to Memcache) + * @param integer &$expiry in; Expiry (passed through to Memcache) + * @param boolean &$success out; Whether the set was successful + * + * @return boolean hook success + */ + + function onStartCacheSet(&$key, &$value, &$flag, &$expiry, &$success) + { + $this->_ensureConn(); + $success = $this->_conn->set($key, $value, $flag, $expiry); + Event::handle('EndCacheSet', array($key, $value, $flag, + $expiry)); + return false; + } + + /** + * Delete a value associated with a key + * + * @param string &$key in; Key to lookup + * @param boolean &$success out; whether it worked + * + * @return boolean hook success + */ + + function onStartCacheDelete(&$key, &$success) + { + $this->_ensureConn(); + $success = $this->_conn->delete($key); + Event::handle('EndCacheDelete', array($key)); + return false; + } + + /** + * Ensure that a connection exists + * + * Checks the instance $_conn variable and connects + * if it is empty. + * + * @return void + */ + + private function _ensureConn() + { + if (empty($this->_conn)) { + $this->_conn = new Memcache(); + + if (is_array($this->servers)) { + foreach ($this->servers as $server) { + list($host, $port) = explode(';', $server); + if (empty($port)) { + $port = 11211; + } + + $this->_conn->addServer($host, $port); + } + } else { + $this->_conn->addServer($this->servers); + list($host, $port) = explode(';', $this->servers); + if (empty($port)) { + $port = 11211; + } + $this->_conn->addServer($host, $port); + } + } + } +} + -- cgit v1.2.3-54-g00ecf From 250bcfa8dc3ebf3c2c8458f363a62c529eb3a7f6 Mon Sep 17 00:00:00 2001 From: Craig Andrews Date: Tue, 5 Jan 2010 17:47:37 -0500 Subject: Require users to login to view attachments on private sites Thank you jeff-themovie for this implementation! --- README | 20 ++++++++++++---- actions/getfile.php | 66 ++++++++++++++++++++++++++++++++++++++--------------- classes/File.php | 33 ++++++++++++++++----------- config.php.sample | 17 +++++++++++++- htaccess.sample | 8 ------- lib/default.php | 1 + 6 files changed, 100 insertions(+), 45 deletions(-) (limited to 'lib/default.php') diff --git a/README b/README index 6e39890cb..c26fe786e 100644 --- a/README +++ b/README @@ -710,11 +710,21 @@ private site, but users of the private site may be able to subscribe to users on a remote site. (Or not... it's not well tested.) The "proper behaviour" hasn't been defined here, so handle with care. -If fancy URLs is enabled, access to file attachments can also be -restricted to logged-in users only. Uncomment the appropriate rewrite -rule in .htaccess or your server's httpd.conf. (This most likely will -not work if you are using a virtual server for attachments, so consider -the performance/security tradeoff.) +Access to file attachments can also be restricted to logged-in users only. +1. Add a directory outside the web root where your file uploads will be + stored. Usually a command like this will work: + + mkdir /var/www/mublog-files + +2. Make the file uploads directory writeable by the web server. An + insecure way to do this is: + + chmod a+x /var/www/mublog-files + +3. Tell StatusNet to use this directory for file uploads. Add a line + like this to your config.php: + + $config['attachments']['dir'] = '/var/www/mublog-files'; Upgrading ========= diff --git a/actions/getfile.php b/actions/getfile.php index ecda34c0f..cd327e410 100644 --- a/actions/getfile.php +++ b/actions/getfile.php @@ -1,13 +1,13 @@ . * - * @category Personal + * @category PrivateAttachments * @package StatusNet * @author Jeffery To - * @copyright 2008-2009 StatusNet, Inc. - * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @copyright 2009 StatusNet, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html AGPL 3.0 * @link http://status.net/ */ -if (!defined('STATUSNET') && !defined('LACONICA')) { +if (!defined('STATUSNET')) { exit(1); } require_once 'MIME/Type.php'; /** - * Action for getting a file attachment + * An action for returning a requested file * - * @category Personal - * @package StatusNet - * @author Jeffery To - * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 - * @link http://status.net/ + * The StatusNet system will do an implicit user check if the site is + * private before allowing this to continue + * + * @category PrivateAttachments + * @package StatusNet + * @author Jeffery To + * @copyright 2009 StatusNet, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html AGPL 3.0 + * @link http://status.net/ */ class GetfileAction extends Action @@ -68,7 +72,7 @@ class GetfileAction extends Action $path = null; if ($filename) { - $path = common_config('attachments', 'dir') . $filename; + $path = File::path($filename); } if (empty($path) or !file_exists($path)) { @@ -103,6 +107,10 @@ class GetfileAction extends Action function lastModified() { + if (common_config('site', 'use_x_sendfile')) { + return null; + } + return filemtime($this->path); } @@ -114,8 +122,24 @@ class GetfileAction extends Action * * @return string etag http header */ + function etag() { + if (common_config('site', 'use_x_sendfile')) { + return null; + } + + $cache = common_memcache(); + if($cache) { + $key = common_cache_key('attachments:etag:' . $this->path); + $etag = $cache->get($key); + if($etag === false) { + $etag = crc32(file_get_contents($this->path)); + $cache->set($key,$etag); + } + return $etag; + } + $stat = stat($this->path); return '"' . $stat['ino'] . '-' . $stat['size'] . '-' . $stat['mtime'] . '"'; } @@ -133,13 +157,19 @@ class GetfileAction extends Action // undo headers set by PHP sessions $sec = session_cache_expire() * 60; header('Expires: ' . date(DATE_RFC1123, time() + $sec)); - header('Cache-Control: public, max-age=' . $sec); - header('Pragma: public'); + header('Cache-Control: max-age=' . $sec); parent::handle($args); $path = $this->path; + header('Content-Type: ' . MIME_Type::autoDetect($path)); - readfile($path); + + if (common_config('site', 'use_x_sendfile')) { + header('X-Sendfile: ' . $path); + } else { + header('Content-Length: ' . filesize($path)); + readfile($path); + } } } diff --git a/classes/File.php b/classes/File.php index e04a9d525..6173f31d6 100644 --- a/classes/File.php +++ b/classes/File.php @@ -182,25 +182,32 @@ class File extends Memcached_DataObject static function url($filename) { - $path = common_config('attachments', 'path'); + if(common_config('site','private')) { - if ($path[strlen($path)-1] != '/') { - $path .= '/'; - } + return common_local_url('getfile', + array('filename' => $filename)); - if ($path[0] != '/') { - $path = '/'.$path; - } + } else { + $path = common_config('attachments', 'path'); - $server = common_config('attachments', 'server'); + if ($path[strlen($path)-1] != '/') { + $path .= '/'; + } - if (empty($server)) { - $server = common_config('site', 'server'); - } + if ($path[0] != '/') { + $path = '/'.$path; + } + + $server = common_config('attachments', 'server'); - // XXX: protocol + if (empty($server)) { + $server = common_config('site', 'server'); + } - return 'http://'.$server.$path.$filename; + // XXX: protocol + + return 'http://'.$server.$path.$filename; + } } function getEnclosure(){ diff --git a/config.php.sample b/config.php.sample index 91e6614c0..b8852dc67 100644 --- a/config.php.sample +++ b/config.php.sample @@ -41,6 +41,20 @@ $config['site']['path'] = 'statusnet'; // Make the site invisible to non-logged-in users // $config['site']['private'] = true; +// If your web server supports X-Sendfile (Apache with mod_xsendfile, +// lighttpd, nginx), you can enable X-Sendfile support for better +// performance. Presently, only attachment serving when the site is +// in private mode will use X-Sendfile. +// $config['site']['X-Sendfile'] = false; +// You may also need to enable X-Sendfile support for your web server and +// allow it to access files outside of the web root. For Apache with +// mod_xsendfile, you can add these to your .htaccess or server config: +// +// XSendFile on +// XSendFileAllowAbove on +// +// See http://tn123.ath.cx/mod_xsendfile/ for mod_xsendfile. + // If you want logging sent to a file instead of syslog // $config['site']['logfile'] = '/tmp/statusnet.log'; @@ -265,6 +279,7 @@ $config['sphinx']['port'] = 3312; // $config['attachments']['user_quota'] = 50000000; // $config['attachments']['monthly_quota'] = 15000000; // $config['attachments']['uploads'] = true; -// $config['attachments']['path'] = "/file/"; +// $config['attachments']['path'] = "/file/"; //ignored if site is private +// $config['attachments']['dir'] = INSTALLDIR . '/file/'; // $config['oohembed']['endpoint'] = 'http://oohembed.com/oohembed/'; diff --git a/htaccess.sample b/htaccess.sample index 91ae9da9b..37eb8e01e 100644 --- a/htaccess.sample +++ b/htaccess.sample @@ -5,14 +5,6 @@ RewriteBase /mublog/ - # If your site is private and want to only allow logged-in users to - # be able to download file attachments, uncomment this rule. - # - # If you have a custom attachment path - # ($config['attachments']['path']), change "file/" to match. - # - #RewriteRule ^file/(.*) getfile/$1 - RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule (.*) index.php?p=$1 [L,QSA] diff --git a/lib/default.php b/lib/default.php index eea11eb2b..f2e577149 100644 --- a/lib/default.php +++ b/lib/default.php @@ -54,6 +54,7 @@ $default = 'dupelimit' => 60, # default for same person saying the same thing 'textlimit' => 140, 'indent' => true, + 'use_x_sendfile' => false, ), 'db' => array('database' => 'YOU HAVE TO SET THIS IN config.php', -- cgit v1.2.3-54-g00ecf From 2c33e61b94fca8654c0d543fb0baa164ee86d2c3 Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Thu, 7 Jan 2010 16:13:36 -0800 Subject: add default plugins and load them --- lib/common.php | 21 +++++++++++++++++++++ lib/default.php | 17 +++++++++++++++++ 2 files changed, 38 insertions(+) (limited to 'lib/default.php') diff --git a/lib/common.php b/lib/common.php index b0e5c4390..fb5e5919e 100644 --- a/lib/common.php +++ b/lib/common.php @@ -238,6 +238,27 @@ function __autoload($cls) } } +// Load default plugins + +foreach ($config['plugins']['default'] as $name => $params) { + if (is_null($params)) { + addPlugin($name); + } else if (is_array($params)) { + if (count($params) == 0) { + addPlugin($name); + } else { + $keys = array_keys($params); + if (is_string($keys[0])) { + addPlugin($name, $params); + } else { + foreach ($params as $paramset) { + addPlugin($name, $paramset); + } + } + } + } +} + // XXX: how many of these could be auto-loaded on use? // XXX: note that these files should not use config options // at compile time since DB config options are not yet loaded. diff --git a/lib/default.php b/lib/default.php index f2e577149..5acd2fb87 100644 --- a/lib/default.php +++ b/lib/default.php @@ -230,4 +230,21 @@ $default = array('timeout' => 5), // HTTP request timeout in seconds when contacting remote hosts for OMB updates 'logincommand' => array('disabled' => true), + 'plugins' => + array('default' => array('LilUrl' => array('shortenerName'=>'ur1.ca', + 'freeService' => true, + 'serviceUrl'=>'http://ur1.ca/'), + 'PtitUrl' => array('shortenerName' => 'ptiturl1.com', + 'serviceUrl' => 'http://ptiturl.com/?creer=oui&action=Reduire&url=%1$s'), + 'SimpleUrl' => array(array('shortenerName' => 'is.gd', 'serviceUrl' => 'http://is.gd/api.php?longurl=%1$s'), + array('shortenerName' => 'snipr.com', 'serviceUrl' => 'http://snipr.com/site/snip?r=simple&link=%1$s'), + array('shortenerName' => 'metamark.net', 'serviceUrl' => 'http://metamark.net/api/rest/simple?long_url=%1$s'), + array('shortenerName' => 'tinyurl.com', 'serviceUrl' => 'http://tinyurl.com/api-create.php?url=%1$s')), + 'TightUrl' => array('shortenerName' => '2tu.us', 'freeService' => true,'serviceUrl'=>'http://2tu.us/?save=y&url=%1$s'), + 'Geonames' => null, + 'Mapstraction' => null, + 'Linkback' => null, + 'WikiHashtags' => null, + 'OpenID' => null), + ) ); -- cgit v1.2.3-54-g00ecf From 505cd382f3d0d37f3d9581a907877e644b5118fd Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Thu, 7 Jan 2010 23:38:19 -0800 Subject: ptiturl.com correct name --- lib/default.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/default.php') diff --git a/lib/default.php b/lib/default.php index 5acd2fb87..a52c05b53 100644 --- a/lib/default.php +++ b/lib/default.php @@ -234,7 +234,7 @@ $default = array('default' => array('LilUrl' => array('shortenerName'=>'ur1.ca', 'freeService' => true, 'serviceUrl'=>'http://ur1.ca/'), - 'PtitUrl' => array('shortenerName' => 'ptiturl1.com', + 'PtitUrl' => array('shortenerName' => 'ptiturl.com', 'serviceUrl' => 'http://ptiturl.com/?creer=oui&action=Reduire&url=%1$s'), 'SimpleUrl' => array(array('shortenerName' => 'is.gd', 'serviceUrl' => 'http://is.gd/api.php?longurl=%1$s'), array('shortenerName' => 'snipr.com', 'serviceUrl' => 'http://snipr.com/site/snip?r=simple&link=%1$s'), -- cgit v1.2.3-54-g00ecf From 2aa0ab9777a1b2a0eec5946dede56e23daa0defe Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Fri, 8 Jan 2010 01:00:29 -0800 Subject: let system administrators disallow certain admin panels --- lib/adminpanelaction.php | 46 +++++++++++++++++++++++++++++++++++----------- lib/default.php | 4 +++- 2 files changed, 38 insertions(+), 12 deletions(-) (limited to 'lib/default.php') diff --git a/lib/adminpanelaction.php b/lib/adminpanelaction.php index 7997eb2b1..a6981ac61 100644 --- a/lib/adminpanelaction.php +++ b/lib/adminpanelaction.php @@ -70,7 +70,7 @@ class AdminPanelAction extends Action if (!common_logged_in()) { $this->clientError(_('Not logged in.')); - return; + return false; } $user = common_current_user(); @@ -94,7 +94,18 @@ class AdminPanelAction extends Action if (!$user->hasRight(Right::CONFIGURESITE)) { $this->clientError(_('You cannot make changes to this site.')); - return; + return false; + } + + // This panel must be enabled + + $name = $this->trimmed('action'); + + $name = mb_substr($name, 0, -10); + + if (!in_array($name, common_config('admin', 'panels'))) { + $this->clientError(_('Changes to that panel are not allowed.'), 403); + return false; } return true; @@ -224,7 +235,7 @@ class AdminPanelAction extends Action $this->clientError(_('saveSettings() not implemented.')); return; } - + /** * Delete a design setting * @@ -296,20 +307,33 @@ class AdminPanelNav extends Widget if (Event::handle('StartAdminPanelNav', array($this))) { - $this->out->menuItem(common_local_url('siteadminpanel'), _('Site'), - _('Basic site configuration'), $action_name == 'siteadminpanel', 'nav_site_admin_panel'); + if ($this->canAdmin('site')) { + $this->out->menuItem(common_local_url('siteadminpanel'), _('Site'), + _('Basic site configuration'), $action_name == 'siteadminpanel', 'nav_site_admin_panel'); + } - $this->out->menuItem(common_local_url('designadminpanel'), _('Design'), - _('Design configuration'), $action_name == 'designadminpanel', 'nav_design_admin_panel'); + if ($this->canAdmin('design')) { + $this->out->menuItem(common_local_url('designadminpanel'), _('Design'), + _('Design configuration'), $action_name == 'designadminpanel', 'nav_design_admin_panel'); + } - $this->out->menuItem(common_local_url('useradminpanel'), _('User'), - _('Paths configuration'), $action_name == 'useradminpanel', 'nav_design_admin_panel'); + if ($this->canAdmin('user')) { + $this->out->menuItem(common_local_url('useradminpanel'), _('User'), + _('Paths configuration'), $action_name == 'useradminpanel', 'nav_design_admin_panel'); + } - $this->out->menuItem(common_local_url('pathsadminpanel'), _('Paths'), - _('Paths configuration'), $action_name == 'pathsadminpanel', 'nav_design_admin_panel'); + if ($this->canAdmin('paths')) { + $this->out->menuItem(common_local_url('pathsadminpanel'), _('Paths'), + _('Paths configuration'), $action_name == 'pathsadminpanel', 'nav_design_admin_panel'); + } Event::handle('EndAdminPanelNav', array($this)); } $this->action->elementEnd('ul'); } + + function canAdmin($name) + { + return in_array($name, common_config('admin', 'panels')); + } } diff --git a/lib/default.php b/lib/default.php index a52c05b53..fa862f3ff 100644 --- a/lib/default.php +++ b/lib/default.php @@ -246,5 +246,7 @@ $default = 'Linkback' => null, 'WikiHashtags' => null, 'OpenID' => null), - ) + ), + 'admin' => + array('panels' => array('design', 'site', 'user', 'paths')), ); -- cgit v1.2.3-54-g00ecf