From edee1fc09e304616fbce4ad1d1dae6097655c4e7 Mon Sep 17 00:00:00 2001
From: Evan Prodromou <evan@status.net>
Date: Mon, 22 Mar 2010 08:17:14 -0400
Subject: ignore unrecognized object types

---
 plugins/OStatus/classes/Ostatus_profile.php | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'plugins/OStatus')

diff --git a/plugins/OStatus/classes/Ostatus_profile.php b/plugins/OStatus/classes/Ostatus_profile.php
index e33509c47..0eb5b8b82 100644
--- a/plugins/OStatus/classes/Ostatus_profile.php
+++ b/plugins/OStatus/classes/Ostatus_profile.php
@@ -442,6 +442,17 @@ class Ostatus_profile extends Memcached_DataObject
     {
         $activity = new Activity($entry, $feed);
 
+        switch ($activity->object->type) {
+        case ActivityObject::ARTICLE:
+        case ActivityObject::BLOGENTRY:
+        case ActivityObject::NOTE:
+        case ActivityObject::STATUS:
+        case ActivityObject::COMMENT:
+            break;
+        default:
+            throw new ClientException("Can't handle that kind of post.");
+        }
+
         if ($activity->verb == ActivityVerb::POST) {
             $this->processPost($activity, $source);
         } else {
-- 
cgit v1.2.3-54-g00ecf


From a20880ee1e526efafd89ad9b823089f71245c481 Mon Sep 17 00:00:00 2001
From: James Walker <walkah@walkah.net>
Date: Mon, 22 Mar 2010 13:44:05 -0400
Subject: Fixing HTTP Header LRDD parsing (sites in subdirectories need this)

---
 plugins/OStatus/lib/discovery.php  | 2 +-
 plugins/OStatus/lib/linkheader.php | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

(limited to 'plugins/OStatus')

diff --git a/plugins/OStatus/lib/discovery.php b/plugins/OStatus/lib/discovery.php
index 44fad62fb..7187c1f3e 100644
--- a/plugins/OStatus/lib/discovery.php
+++ b/plugins/OStatus/lib/discovery.php
@@ -195,7 +195,7 @@ class Discovery_LRDD_Link_Header implements Discovery_LRDD
             //            return false;
         }
 
-        return Discovery_LRDD_Link_Header::parseHeader($link_header);
+        return array(Discovery_LRDD_Link_Header::parseHeader($link_header));
     }
 
     protected static function parseHeader($header)
diff --git a/plugins/OStatus/lib/linkheader.php b/plugins/OStatus/lib/linkheader.php
index afcd66d26..cd78d31ce 100644
--- a/plugins/OStatus/lib/linkheader.php
+++ b/plugins/OStatus/lib/linkheader.php
@@ -11,7 +11,7 @@ class LinkHeader
         preg_match('/^<[^>]+>/', $str, $uri_reference);
         //if (empty($uri_reference)) return;
 
-        $this->uri = trim($uri_reference[0], '<>');
+        $this->href = trim($uri_reference[0], '<>');
         $this->rel = array();
         $this->type = null;
 
-- 
cgit v1.2.3-54-g00ecf


From 3bb639699c7a5e7e96c0d048adbe48a3ed486fc9 Mon Sep 17 00:00:00 2001
From: Brion Vibber <brion@pobox.com>
Date: Mon, 22 Mar 2010 11:27:39 -0700
Subject: Confirm there's actually user and domain portions of acct string
 before assigning things from output of explode(); avoids notice message when
 invalid input passed to main/xrd

---
 plugins/OStatus/actions/userxrd.php | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

(limited to 'plugins/OStatus')

diff --git a/plugins/OStatus/actions/userxrd.php b/plugins/OStatus/actions/userxrd.php
index eb80a5ad4..6a6886eb8 100644
--- a/plugins/OStatus/actions/userxrd.php
+++ b/plugins/OStatus/actions/userxrd.php
@@ -35,9 +35,13 @@ class UserxrdAction extends XrdAction
         $this->uri = Discovery::normalize($this->uri);
         
         if (Discovery::isWebfinger($this->uri)) {
-            list($nick, $domain) = explode('@', substr(urldecode($this->uri), 5));
-            $nick = common_canonical_nickname($nick);
-            $this->user = User::staticGet('nickname', $nick);
+            $parts = explode('@', substr(urldecode($this->uri), 5));
+            if (count($parts) == 2) {
+                list($nick, $domain) = $parts;
+                // @fixme confirm the domain too
+                $nick = common_canonical_nickname($nick);
+                $this->user = User::staticGet('nickname', $nick);
+            }
         } else {
             $this->user = User::staticGet('uri', $this->uri);
         }
-- 
cgit v1.2.3-54-g00ecf


From 27bfd1211d64298ee3c3b2d82d7b38ca1e1167ad Mon Sep 17 00:00:00 2001
From: Brion Vibber <brion@pobox.com>
Date: Mon, 22 Mar 2010 12:17:45 -0700
Subject: Math_BigInteger doesn't correctly handle
 serialization/deserialization for a value of 0, which can end up spewing
 notices to output and otherwise intefering with Salmon signature setup and
 verification when using memcached. Worked around this with a subclass that
 fixes the wakeup, used for the stored 0 value in the subclassed Crypt_RSA.

---
 plugins/OStatus/classes/Magicsig.php        | 10 ++++------
 plugins/OStatus/lib/safecrypt_rsa.php       | 18 ++++++++++++++++++
 plugins/OStatus/lib/safemath_biginteger.php | 20 ++++++++++++++++++++
 3 files changed, 42 insertions(+), 6 deletions(-)
 create mode 100644 plugins/OStatus/lib/safecrypt_rsa.php
 create mode 100644 plugins/OStatus/lib/safemath_biginteger.php

(limited to 'plugins/OStatus')

diff --git a/plugins/OStatus/classes/Magicsig.php b/plugins/OStatus/classes/Magicsig.php
index 5705ecc11..87c684c93 100644
--- a/plugins/OStatus/classes/Magicsig.php
+++ b/plugins/OStatus/classes/Magicsig.php
@@ -27,8 +27,6 @@
  * @link      http://status.net/
  */
 
-require_once 'Crypt/RSA.php';
-
 class Magicsig extends Memcached_DataObject
 {
 
@@ -102,16 +100,16 @@ class Magicsig extends Memcached_DataObject
 
     public function generate($user_id)
     {
-        $rsa = new Crypt_RSA();
+        $rsa = new SafeCrypt_RSA();
         
         $keypair = $rsa->createKey();
 
         $rsa->loadKey($keypair['privatekey']);
 
-        $this->privateKey = new Crypt_RSA();
+        $this->privateKey = new SafeCrypt_RSA();
         $this->privateKey->loadKey($keypair['privatekey']);
 
-        $this->publicKey = new Crypt_RSA();
+        $this->publicKey = new SafeCrypt_RSA();
         $this->publicKey->loadKey($keypair['publickey']);
         
         $this->user_id = $user_id;
@@ -163,7 +161,7 @@ class Magicsig extends Memcached_DataObject
     {
         common_log(LOG_DEBUG, "Adding ".$type." key: (".$mod .', '. $exp .")");
 
-        $rsa = new Crypt_RSA();
+        $rsa = new SafeCrypt_RSA();
         $rsa->signatureMode = CRYPT_RSA_SIGNATURE_PKCS1;
         $rsa->setHash('sha256');
         $rsa->modulus = new Math_BigInteger(base64_url_decode($mod), 256);
diff --git a/plugins/OStatus/lib/safecrypt_rsa.php b/plugins/OStatus/lib/safecrypt_rsa.php
new file mode 100644
index 000000000..f3aa2c928
--- /dev/null
+++ b/plugins/OStatus/lib/safecrypt_rsa.php
@@ -0,0 +1,18 @@
+<?php
+
+require_once 'Crypt/RSA.php';
+
+/**
+ * Crypt_RSA stores a Math_BigInteger with value 0, which triggers a bug
+ * in Math_BigInteger's wakeup function which spews notices to log or output.
+ * This wrapper replaces it with a version that survives serialization.
+ */
+class SafeCrypt_RSA extends Crypt_RSA
+{
+    function __construct()
+    {
+        parent::__construct();
+        $this->zero = new SafeMath_BigInteger();
+    }
+}
+
diff --git a/plugins/OStatus/lib/safemath_biginteger.php b/plugins/OStatus/lib/safemath_biginteger.php
new file mode 100644
index 000000000..c05e24d1e
--- /dev/null
+++ b/plugins/OStatus/lib/safemath_biginteger.php
@@ -0,0 +1,20 @@
+<?php
+
+require_once 'Math/BigInteger.php';
+
+/**
+ * Crypt_RSA stores a Math_BigInteger with value 0, which triggers a bug
+ * in Math_BigInteger's wakeup function which spews notices to log or output.
+ * This wrapper replaces it with a version that survives serialization.
+ */
+class SafeMath_BigInteger extends Math_BigInteger
+{
+    function __wakeup()
+    {
+        if ($this->hex == '') {
+            $this->hex = '0';
+        }
+        parent::__wakeup();
+    }
+}
+
-- 
cgit v1.2.3-54-g00ecf