From 379df1ce3e7fa38b2e9ed8324d9ed43bbb4a5219 Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Fri, 26 Mar 2010 18:51:01 +0000 Subject: Return an http auth error, when a client sends in an invalid auth user, even when http auth is not required. --- lib/apiauth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/apiauth.php b/lib/apiauth.php index 17f803a1c..e78de618e 100644 --- a/lib/apiauth.php +++ b/lib/apiauth.php @@ -267,7 +267,7 @@ class ApiAuthAction extends ApiAction $this->access = self::READ_WRITE; - if (empty($this->auth_user) && $required) { + if (empty($this->auth_user) && ($required || isset($_SERVER['PHP_AUTH_USER']))) { // basic authentication failed -- cgit v1.2.3-54-g00ecf From d44e5ac935ec50ec48dd3f1599e5fbba39b3278a Mon Sep 17 00:00:00 2001 From: Brion Vibber Date: Mon, 29 Mar 2010 12:57:16 -0700 Subject: Add $config['db']['annotate_queries'] option to include caller ID comments into queries. Comment can then be seen in process list, slow query logs on the server, aiding in tracking down unexpected slow queries. SELECT /* queuedaemon.php Ostatus_profile->processPost */ * FROM notice WHERE ( notice.uri = 'http://stormcloud.local/mublog2/notice/479' ) INSERT /* POST Notice::saveNew */ INTO notice (profile_id , content .... --- classes/Memcached_DataObject.php | 68 ++++++++++++++++++++++++++++++++++++++++ lib/default.php | 1 + 2 files changed, 69 insertions(+) (limited to 'lib') diff --git a/classes/Memcached_DataObject.php b/classes/Memcached_DataObject.php index bc4c3a000..8d54e1f0f 100644 --- a/classes/Memcached_DataObject.php +++ b/classes/Memcached_DataObject.php @@ -330,6 +330,10 @@ class Memcached_DataObject extends Safe_DataObject */ function _query($string) { + if (common_config('db', 'annotate_queries')) { + $string = $this->annotateQuery($string); + } + $start = microtime(true); $result = parent::_query($string); $delta = microtime(true) - $start; @@ -342,6 +346,70 @@ class Memcached_DataObject extends Safe_DataObject return $result; } + /** + * Find the first caller in the stack trace that's not a + * low-level database function and add a comment to the + * query string. This should then be visible in process lists + * and slow query logs, to help identify problem areas. + * + * Also marks whether this was a web GET/POST or which daemon + * was running it. + * + * @param string $string SQL query string + * @return string SQL query string, with a comment in it + */ + function annotateQuery($string) + { + $ignore = array('annotateQuery', + '_query', + 'query', + 'get', + 'insert', + 'delete', + 'update', + 'find'); + $ignoreStatic = array('staticGet', + 'pkeyGet', + 'cachedQuery'); + $here = get_class($this); // if we get confused + $bt = debug_backtrace(); + + // Find the first caller that's not us? + foreach ($bt as $frame) { + $func = $frame['function']; + if (isset($frame['type']) && $frame['type'] == '::') { + if (in_array($func, $ignoreStatic)) { + continue; + } + $here = $frame['class'] . '::' . $func; + break; + } else if (isset($frame['type']) && $frame['type'] == '->') { + if ($frame['object'] === $this && in_array($func, $ignore)) { + continue; + } + if (in_array($func, $ignoreStatic)) { + continue; // @fixme this shouldn't be needed? + } + $here = get_class($frame['object']) . '->' . $func; + break; + } + $here = $func; + break; + } + + if (php_sapi_name() == 'cli') { + $context = basename($_SERVER['PHP_SELF']); + } else { + $context = $_SERVER['REQUEST_METHOD']; + } + + // Slip the comment in after the first command, + // or DB_DataObject gets confused about handling inserts and such. + $parts = explode(' ', $string, 2); + $parts[0] .= " /* $context $here */"; + return implode(' ', $parts); + } + // Sanitize a query for logging // @fixme don't trim spaces in string literals function sanitizeQuery($string) diff --git a/lib/default.php b/lib/default.php index 10f3f1a97..7b0d08e4c 100644 --- a/lib/default.php +++ b/lib/default.php @@ -72,6 +72,7 @@ $default = 'quote_identifiers' => false, 'type' => 'mysql', 'schemacheck' => 'runtime', // 'runtime' or 'script' + 'annotate_queries' => false, // true to add caller comments to queries, eg /* POST Notice::saveNew */ 'log_queries' => false, // true to log all DB queries 'log_slow_queries' => 0), // if set, log queries taking over N seconds 'syslog' => -- cgit v1.2.3-54-g00ecf From a8d92dad5e4b82dd5a4f0ca7ed52f37256b60cd2 Mon Sep 17 00:00:00 2001 From: Brion Vibber Date: Mon, 29 Mar 2010 15:07:15 -0700 Subject: Renamed HTTPResponse class to StatusNet_HTTPResponse to avoid conflict with PECL HTTP extension. The class isn't referenced by name by any other code I can see so this should have no side effects. --- lib/httpclient.php | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) (limited to 'lib') diff --git a/lib/httpclient.php b/lib/httpclient.php index 64a51353c..384626ae0 100644 --- a/lib/httpclient.php +++ b/lib/httpclient.php @@ -43,6 +43,9 @@ require_once 'HTTP/Request2/Response.php'; * * This extends the HTTP_Request2_Response class with methods to get info * about any followed redirects. + * + * Originally used the name 'HTTPResponse' to match earlier code, but + * this conflicts with a class in in the PECL HTTP extension. * * @category HTTP * @package StatusNet @@ -51,7 +54,7 @@ require_once 'HTTP/Request2/Response.php'; * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://status.net/ */ -class HTTPResponse extends HTTP_Request2_Response +class StatusNet_HTTPResponse extends HTTP_Request2_Response { function __construct(HTTP_Request2_Response $response, $url, $redirects=0) { @@ -146,7 +149,7 @@ class HTTPClient extends HTTP_Request2 /** * Convenience function to run a GET request. * - * @return HTTPResponse + * @return StatusNet_HTTPResponse * @throws HTTP_Request2_Exception */ public function get($url, $headers=array()) @@ -157,7 +160,7 @@ class HTTPClient extends HTTP_Request2 /** * Convenience function to run a HEAD request. * - * @return HTTPResponse + * @return StatusNet_HTTPResponse * @throws HTTP_Request2_Exception */ public function head($url, $headers=array()) @@ -171,7 +174,7 @@ class HTTPClient extends HTTP_Request2 * @param string $url * @param array $headers optional associative array of HTTP headers * @param array $data optional associative array or blob of form data to submit - * @return HTTPResponse + * @return StatusNet_HTTPResponse * @throws HTTP_Request2_Exception */ public function post($url, $headers=array(), $data=array()) @@ -183,7 +186,7 @@ class HTTPClient extends HTTP_Request2 } /** - * @return HTTPResponse + * @return StatusNet_HTTPResponse * @throws HTTP_Request2_Exception */ protected function doRequest($url, $method, $headers) @@ -217,12 +220,12 @@ class HTTPClient extends HTTP_Request2 } /** - * Actually performs the HTTP request and returns an HTTPResponse object - * with response body and header info. + * Actually performs the HTTP request and returns a + * StatusNet_HTTPResponse object with response body and header info. * * Wraps around parent send() to add logging and redirection processing. * - * @return HTTPResponse + * @return StatusNet_HTTPResponse * @throw HTTP_Request2_Exception */ public function send() @@ -265,6 +268,6 @@ class HTTPClient extends HTTP_Request2 } break; } while ($maxRedirs); - return new HTTPResponse($response, $this->getUrl(), $redirs); + return new StatusNet_HTTPResponse($response, $this->getUrl(), $redirs); } } -- cgit v1.2.3-54-g00ecf