From a092aac32d061c8f6265c9975040e9f8c0b96f55 Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Sat, 6 Feb 2010 12:59:41 +0100 Subject: [PATCH 1/8] add events to fine-tune user deletion --- EVENTS.txt | 16 ++++++++++++++++ actions/deleteuser.php | 31 ++++++++++++++++++------------- 2 files changed, 34 insertions(+), 13 deletions(-) diff --git a/EVENTS.txt b/EVENTS.txt index 6bf12bf13f..b4fc4cbebe 100644 --- a/EVENTS.txt +++ b/EVENTS.txt @@ -714,3 +714,19 @@ StartRobotsTxt: Before outputting the robots.txt page EndRobotsTxt: After the default robots.txt page (good place for customization) - &$action: RobotstxtAction being shown +StartDeleteUserForm: starting the data in the form for deleting a user +- $action: action being shown +- $user: user being deleted + +EndDeleteUserForm: Ending the data in the form for deleting a user +- $action: action being shown +- $user: user being deleted + +StartDeleteUser: handling the post for deleting a user +- $action: action being shown +- $user: user being deleted + +EndDeleteUser: handling the post for deleting a user +- $action: action being shown +- $user: user being deleted + diff --git a/actions/deleteuser.php b/actions/deleteuser.php index 32b703aa7f..c4f84fad2d 100644 --- a/actions/deleteuser.php +++ b/actions/deleteuser.php @@ -131,18 +131,21 @@ class DeleteuserAction extends ProfileFormAction $this->elementStart('fieldset'); $this->hidden('token', common_session_token()); $this->element('legend', _('Delete user')); - $this->element('p', null, - _('Are you sure you want to delete this user? '. - 'This will clear all data about the user from the '. - 'database, without a backup.')); - $this->element('input', array('id' => 'deleteuserto-' . $id, - 'name' => 'profileid', - 'type' => 'hidden', - 'value' => $id)); - foreach ($this->args as $k => $v) { - if (substr($k, 0, 9) == 'returnto-') { - $this->hidden($k, $v); + if (Event::handle('StartDeleteUserForm', array($this, $this->user))) { + $this->element('p', null, + _('Are you sure you want to delete this user? '. + 'This will clear all data about the user from the '. + 'database, without a backup.')); + $this->element('input', array('id' => 'deleteuserto-' . $id, + 'name' => 'profileid', + 'type' => 'hidden', + 'value' => $id)); + foreach ($this->args as $k => $v) { + if (substr($k, 0, 9) == 'returnto-') { + $this->hidden($k, $v); + } } + Event::handle('EndDeleteUserForm', array($this, $this->user)); } $this->submit('form_action-no', _('No'), 'submit form_action-primary', 'no', _("Do not block this user")); $this->submit('form_action-yes', _('Yes'), 'submit form_action-secondary', 'yes', _('Delete this user')); @@ -158,7 +161,9 @@ class DeleteuserAction extends ProfileFormAction function handlePost() { - $this->user->delete(); + if (Event::handle('StartDeleteUser', array($this, $this->user))) { + $this->user->delete(); + Event::handle('EndDeleteUser', array($this, $this->user)); + } } } - From ceb0236dfb4274927a9c5cbbdda19a3e14830cca Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Sat, 6 Feb 2010 15:35:05 +0100 Subject: [PATCH 2/8] update copyright date for Blacklist --- plugins/Blacklist/BlacklistPlugin.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/Blacklist/BlacklistPlugin.php b/plugins/Blacklist/BlacklistPlugin.php index 84a2cb6168..0d10c16152 100644 --- a/plugins/Blacklist/BlacklistPlugin.php +++ b/plugins/Blacklist/BlacklistPlugin.php @@ -22,7 +22,7 @@ * @category Action * @package StatusNet * @author Evan Prodromou - * @copyright 2009 StatusNet Inc. + * @copyright 2010 StatusNet Inc. * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://status.net/ */ From 8f3c0efe0c703cae68e29d65a76fdf2b1410c33d Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Sat, 6 Feb 2010 15:54:24 +0100 Subject: [PATCH 3/8] BlacklistPlugin accepts config values for patterns --- plugins/Blacklist/BlacklistPlugin.php | 31 +++++++++++++++++++++++++-- 1 file changed, 29 insertions(+), 2 deletions(-) diff --git a/plugins/Blacklist/BlacklistPlugin.php b/plugins/Blacklist/BlacklistPlugin.php index 0d10c16152..2d53093b26 100644 --- a/plugins/Blacklist/BlacklistPlugin.php +++ b/plugins/Blacklist/BlacklistPlugin.php @@ -48,6 +48,33 @@ class BlacklistPlugin extends Plugin public $nicknames = array(); public $urls = array(); + private $_nicknamePatterns = array(); + private $_urlPatterns = array(); + + function initialize() + { + $this->_nicknamePatterns = array_merge($this->nicknames, + $this->_configArray('blacklist', 'nicknames')); + + $this->_urlPatterns = array_merge($this->urls, + $this->_configArray('blacklist', 'urls')); + } + + function _configArray($section, $setting) + { + $config = common_config($section, $setting); + + if (empty($config)) { + return array(); + } else if (is_array($config)) { + return $config; + } else if (is_string($config)) { + return explode("\t", $config); + } else { + throw new Exception("Unknown data type for config $section + $setting"); + } + } + /** * Hook registration to prevent blacklisted homepages or nicknames * @@ -173,7 +200,7 @@ class BlacklistPlugin extends Plugin private function _checkUrl($url) { - foreach ($this->urls as $pattern) { + foreach ($this->_urlPatterns as $pattern) { if (preg_match("/$pattern/", $url)) { return false; } @@ -194,7 +221,7 @@ class BlacklistPlugin extends Plugin private function _checkNickname($nickname) { - foreach ($this->nicknames as $pattern) { + foreach ($this->_nicknamePatterns as $pattern) { if (preg_match("/$pattern/", $nickname)) { return false; } From 6e5809586fa22a78b9c66130a62a411a594be715 Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Sat, 6 Feb 2010 16:32:50 +0100 Subject: [PATCH 4/8] Move authorization for admin panels to AdminPanelAction class --- lib/adminpanelaction.php | 29 ++++++++++++++++++----------- 1 file changed, 18 insertions(+), 11 deletions(-) diff --git a/lib/adminpanelaction.php b/lib/adminpanelaction.php index f05627b317..536d97cdf5 100644 --- a/lib/adminpanelaction.php +++ b/lib/adminpanelaction.php @@ -103,7 +103,7 @@ class AdminPanelAction extends Action $name = mb_substr($name, 0, -10); - if (!in_array($name, common_config('admin', 'panels'))) { + if (!self::canAdmin($name)) { $this->clientError(_('Changes to that panel are not allowed.'), 403); return false; } @@ -262,6 +262,17 @@ class AdminPanelAction extends Action return $result; } + + function canAdmin($name) + { + $isOK = false; + + if (Event::handle('AdminPanelCheck', array($name, &$isOK))) { + $isOK = in_array($name, common_config('admin', 'panels')); + } + + return $isOK; + } } /** @@ -307,32 +318,32 @@ class AdminPanelNav extends Widget if (Event::handle('StartAdminPanelNav', array($this))) { - if ($this->canAdmin('site')) { + if (AdminPanelAction::canAdmin('site')) { $this->out->menuItem(common_local_url('siteadminpanel'), _('Site'), _('Basic site configuration'), $action_name == 'siteadminpanel', 'nav_site_admin_panel'); } - if ($this->canAdmin('design')) { + if (AdminPanelAction::canAdmin('design')) { $this->out->menuItem(common_local_url('designadminpanel'), _('Design'), _('Design configuration'), $action_name == 'designadminpanel', 'nav_design_admin_panel'); } - if ($this->canAdmin('user')) { + if (AdminPanelAction::canAdmin('user')) { $this->out->menuItem(common_local_url('useradminpanel'), _('User'), _('User configuration'), $action_name == 'useradminpanel', 'nav_design_admin_panel'); } - if ($this->canAdmin('access')) { + if (AdminPanelAction::canAdmin('access')) { $this->out->menuItem(common_local_url('accessadminpanel'), _('Access'), _('Access configuration'), $action_name == 'accessadminpanel', 'nav_design_admin_panel'); } - if ($this->canAdmin('paths')) { + if (AdminPanelAction::canAdmin('paths')) { $this->out->menuItem(common_local_url('pathsadminpanel'), _('Paths'), _('Paths configuration'), $action_name == 'pathsadminpanel', 'nav_design_admin_panel'); } - if ($this->canAdmin('sessions')) { + if (AdminPanelAction::canAdmin('sessions')) { $this->out->menuItem(common_local_url('sessionsadminpanel'), _('Sessions'), _('Sessions configuration'), $action_name == 'sessionsadminpanel', 'nav_design_admin_panel'); } @@ -342,8 +353,4 @@ class AdminPanelNav extends Widget $this->action->elementEnd('ul'); } - function canAdmin($name) - { - return in_array($name, common_config('admin', 'panels')); - } } From b0a310563892a322b6857f51671b1087b1155fa2 Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Sat, 6 Feb 2010 17:08:58 +0100 Subject: [PATCH 5/8] Blacklist admin panel --- plugins/Blacklist/BlacklistPlugin.php | 124 +++++++++++- plugins/Blacklist/blacklistadminpanel.php | 222 ++++++++++++++++++++++ 2 files changed, 340 insertions(+), 6 deletions(-) create mode 100644 plugins/Blacklist/blacklistadminpanel.php diff --git a/plugins/Blacklist/BlacklistPlugin.php b/plugins/Blacklist/BlacklistPlugin.php index 2d53093b26..fd8d187436 100644 --- a/plugins/Blacklist/BlacklistPlugin.php +++ b/plugins/Blacklist/BlacklistPlugin.php @@ -47,19 +47,41 @@ class BlacklistPlugin extends Plugin public $nicknames = array(); public $urls = array(); + public $canAdmin = true; private $_nicknamePatterns = array(); - private $_urlPatterns = array(); + private $_urlPatterns = array(); + + /** + * Initialize the plugin + * + * @return void + */ function initialize() { + $confNicknames = $this->_configArray('blacklist', 'nicknames') + $this->_nicknamePatterns = array_merge($this->nicknames, - $this->_configArray('blacklist', 'nicknames')); + $confNicknames); + + $confURLs = $this->_configArray('blacklist', 'urls') $this->_urlPatterns = array_merge($this->urls, - $this->_configArray('blacklist', 'urls')); + $confURLs); } + /** + * Retrieve an array from configuration + * + * Carefully checks a section. + * + * @param string $section Configuration section + * @param string $setting Configuration setting + * + * @return array configuration values + */ + function _configArray($section, $setting) { $config = common_config($section, $setting); @@ -69,7 +91,7 @@ class BlacklistPlugin extends Plugin } else if (is_array($config)) { return $config; } else if (is_string($config)) { - return explode("\t", $config); + return explode("\r\n", $config); } else { throw new Exception("Unknown data type for config $section + $setting"); } @@ -201,6 +223,7 @@ class BlacklistPlugin extends Plugin private function _checkUrl($url) { foreach ($this->_urlPatterns as $pattern) { + common_debug("Checking $url against $pattern"); if (preg_match("/$pattern/", $url)) { return false; } @@ -222,6 +245,7 @@ class BlacklistPlugin extends Plugin private function _checkNickname($nickname) { foreach ($this->_nicknamePatterns as $pattern) { + common_debug("Checking $nickname against $pattern"); if (preg_match("/$pattern/", $nickname)) { return false; } @@ -230,14 +254,102 @@ class BlacklistPlugin extends Plugin return true; } + /** + * Add our actions to the URL router + * + * @param Net_URL_Mapper $m URL mapper for this hit + * + * @return boolean hook return + */ + + function onRouterInitialized($m) + { + $m->connect('admin/blacklist', array('action' => 'blacklistadminpanel')); + return true; + } + + /** + * Auto-load our classes if called + * + * @param string $cls Class to load + * + * @return boolean hook return + */ + + function onAutoload($cls) + { + switch (strtolower($cls)) + { + case 'blacklistadminpanelaction': + $base = strtolower(mb_substr($cls, 0, -6)); + include_once INSTALLDIR.'/plugins/Blacklist/'.$base.'.php'; + return false; + default: + return true; + } + } + + /** + * Plugin version data + * + * @param array &$versions array of version blocks + * + * @return boolean hook value + */ + function onPluginVersion(&$versions) { $versions[] = array('name' => 'Blacklist', 'version' => self::VERSION, 'author' => 'Evan Prodromou', - 'homepage' => 'http://status.net/wiki/Plugin:Blacklist', + 'homepage' => + 'http://status.net/wiki/Plugin:Blacklist', 'description' => - _m('Keep a blacklist of forbidden nickname and URL patterns.')); + _m('Keep a blacklist of forbidden nickname '. + 'and URL patterns.')); + return true; + } + + /** + * Determines if our admin panel can be shown + * + * @param string $name name of the admin panel + * @param boolean &$isOK result + * + * @return boolean hook value + */ + + function onAdminPanelCheck($name, &$isOK) + { + if ($name == 'blacklist') { + $isOK = $this->canAdmin; + return false; + } + + return true; + } + + /** + * Add our tab to the admin panel + * + * @param Widget $nav Admin panel nav + * + * @return boolean hook value + */ + + function onEndAdminPanelNav($nav) + { + if (AdminPanelAction::canAdmin('blacklist')) { + + $action_name = $nav->action->trimmed('action'); + + $nav->out->menuItem(common_local_url('blacklistadminpanel'), + _('Blacklist'), + _('Blacklist configuration'), + $action_name == 'blacklistadminpanel', + 'nav_blacklist_admin_panel'); + } + return true; } } diff --git a/plugins/Blacklist/blacklistadminpanel.php b/plugins/Blacklist/blacklistadminpanel.php new file mode 100644 index 0000000000..98d07080db --- /dev/null +++ b/plugins/Blacklist/blacklistadminpanel.php @@ -0,0 +1,222 @@ +. + * + * @category Settings + * @package StatusNet + * @author Evan Prodromou + * @copyright 2010 StatusNet, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html AGPLv3 + * @link http://status.net/ + */ + +if (!defined('STATUSNET')) { + exit(1); +} + +/** + * Administer blacklist + * + * @category Admin + * @package StatusNet + * @author Evan Prodromou + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html AGPLv3 + * @link http://status.net/ + */ + +class BlacklistadminpanelAction extends AdminPanelAction +{ + /** + * title of the admin panel + * + * @return string title + */ + + function title() + { + return _('Blacklist'); + } + + /** + * Panel instructions + * + * @return string instructions + */ + + function getInstructions() + { + return _('Blacklisted URLs and nicknames'); + } + + /** + * Show the actual form + * + * @return void + * + * @see BlacklistAdminPanelForm + */ + + function showForm() + { + $form = new BlacklistAdminPanelForm($this); + $form->show(); + return; + } + + /** + * Save the form settings + * + * @return void + */ + + function saveSettings() + { + static $settings = array( + 'blacklist' => array('nicknames', 'urls'), + ); + + $values = array(); + + foreach ($settings as $section => $parts) { + foreach ($parts as $setting) { + $values[$section][$setting] = $this->trimmed("$section-$setting"); + } + } + + // This throws an exception on validation errors + + $this->validate($values); + + // assert(all values are valid); + + $config = new Config(); + + $config->query('BEGIN'); + + foreach ($settings as $section => $parts) { + foreach ($parts as $setting) { + Config::save($section, $setting, $values[$section][$setting]); + } + } + + $config->query('COMMIT'); + + return; + } + + /** + * Validate the values + * + * @param array &$values 2d array of values to check + * + * @return boolean success flag + */ + + function validate(&$values) + { + return true; + } +} + +/** + * Admin panel form for blacklist panel + * + * @category Admin + * @package StatusNet + * @author Evan Prodromou + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html AGPLv3 + * @link http://status.net/ + */ + +class BlacklistAdminPanelForm extends Form +{ + /** + * ID of the form + * + * @return string ID + */ + + function id() + { + return 'blacklistadminpanel'; + } + + /** + * Class of the form + * + * @return string class + */ + + function formClass() + { + return 'form_settings'; + } + + /** + * Action we post to + * + * @return string action URL + */ + + function action() + { + return common_local_url('blacklistadminpanel'); + } + + /** + * Show the form controls + * + * @return void + */ + + function formData() + { + $this->out->elementStart('ul', 'form_data'); + + $this->out->elementStart('li'); + $this->out->textarea('blacklist-nicknames', _m('Nicknames'), + common_config('blacklist', 'nicknames'), + _('Patterns of nicknames to block, one per line')); + $this->out->elementEnd('li'); + + $this->out->elementStart('li'); + $this->out->textarea('blacklist-urls', _m('URLs'), + common_config('blacklist', 'urls'), + _('Patterns of URLs to block, one per line')); + $this->out->elementEnd('li'); + + $this->out->elementEnd('ul'); + } + + /** + * Buttons for submitting + * + * @return void + */ + + function formActions() + { + $this->out->submit('submit', + _('Save'), + 'submit', + null, + _('Save site settings')); + } +} From 200a32b922134f986aa9833e57a6aaa636243e44 Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Fri, 26 Feb 2010 12:19:33 -0500 Subject: [PATCH 6/8] don't choke on dupelimit in createsim.php --- scripts/createsim.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/scripts/createsim.php b/scripts/createsim.php index 882d744564..e0b5fc906b 100644 --- a/scripts/createsim.php +++ b/scripts/createsim.php @@ -119,6 +119,9 @@ function newSub($i) function main($usercount, $noticeavg, $subsavg, $tagmax) { + global $config; + $config['site']['dupelimit'] = -1; + $n = 1; newUser(0); From ea044722e015195c5422556ae279cac71b954ee8 Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Fri, 26 Feb 2010 12:28:58 -0500 Subject: [PATCH 7/8] 'on' is what checkboxes use for boolean true --- lib/action.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/action.php b/lib/action.php index cc4f4aad07..0a607b42d5 100644 --- a/lib/action.php +++ b/lib/action.php @@ -974,7 +974,7 @@ class Action extends HTMLOutputter // lawsuit if (is_null($arg)) { return $def; - } else if (in_array($arg, array('true', 'yes', '1'))) { + } else if (in_array($arg, array('true', 'yes', '1', 'on'))) { return true; } else if (in_array($arg, array('false', 'no', '0'))) { return false; From c188ae15d926948f1851472f412071329002f403 Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Fri, 26 Feb 2010 12:29:28 -0500 Subject: [PATCH 8/8] Blacklist user nickname and password on delete --- plugins/Blacklist/BlacklistPlugin.php | 93 ++++++++++++++++++++++++++- 1 file changed, 91 insertions(+), 2 deletions(-) diff --git a/plugins/Blacklist/BlacklistPlugin.php b/plugins/Blacklist/BlacklistPlugin.php index fd8d187436..fb8f7306f5 100644 --- a/plugins/Blacklist/BlacklistPlugin.php +++ b/plugins/Blacklist/BlacklistPlugin.php @@ -60,12 +60,12 @@ class BlacklistPlugin extends Plugin function initialize() { - $confNicknames = $this->_configArray('blacklist', 'nicknames') + $confNicknames = $this->_configArray('blacklist', 'nicknames'); $this->_nicknamePatterns = array_merge($this->nicknames, $confNicknames); - $confURLs = $this->_configArray('blacklist', 'urls') + $confURLs = $this->_configArray('blacklist', 'urls'); $this->_urlPatterns = array_merge($this->urls, $confURLs); @@ -352,4 +352,93 @@ class BlacklistPlugin extends Plugin return true; } + + function onEndDeleteUserForm($action, $user) + { + $cur = common_current_user(); + + if (empty($cur) || !$cur->hasRight(Right::CONFIGURESITE)) { + return; + } + + $profile = $user->getProfile(); + + if (empty($profile)) { + return; + } + + $action->elementStart('ul', 'form_data'); + $action->elementStart('li'); + $this->checkboxAndText($action, + 'blacklistnickname', + _('Add this nickname pattern to blacklist'), + 'blacklistnicknamepattern', + $this->patternizeNickname($user->nickname)); + $action->elementEnd('li'); + + if (!empty($profile->homepage)) { + $action->elementStart('li'); + $this->checkboxAndText($action, + 'blacklisthomepage', + _('Add this homepage pattern to blacklist'), + 'blacklisthomepagepattern', + $this->patternizeHomepage($profile->homepage)); + $action->elementEnd('li'); + } + + $action->elementEnd('ul'); + } + + function onEndDeleteUser($action, $user) + { + common_debug("Action args: " . print_r($action->args, true)); + + if ($action->boolean('blacklisthomepage')) { + $pattern = $action->trimmed('blacklisthomepagepattern'); + $confURLs = $this->_configArray('blacklist', 'urls'); + $confURLs[] = $pattern; + Config::save('blacklist', 'urls', implode("\r\n", $confURLs)); + } + + if ($action->boolean('blacklistnickname')) { + $pattern = $action->trimmed('blacklistnicknamepattern'); + $confNicknames = $this->_configArray('blacklist', 'nicknames'); + $confNicknames[] = $pattern; + Config::save('blacklist', 'nicknames', implode("\r\n", $confNicknames)); + } + + return true; + } + + function checkboxAndText($action, $checkID, $label, $textID, $value) + { + $action->element('input', array('name' => $checkID, + 'type' => 'checkbox', + 'class' => 'checkbox', + 'id' => $checkID)); + + $action->text(' '); + + $action->element('label', array('class' => 'checkbox', + 'for' => $checkID), + $label); + + $action->text(' '); + + $action->element('input', array('name' => $textID, + 'type' => 'text', + 'id' => $textID, + 'value' => $value)); + } + + function patternizeNickname($nickname) + { + return $nickname; + } + + function patternizeHomepage($homepage) + { + $hostname = parse_url($homepage, PHP_URL_HOST); + return $hostname; + } }