From 971f1f64f1f42a51bced51665ae693a9d37750a0 Mon Sep 17 00:00:00 2001
From: Brion Vibber <brion@pobox.com>
Date: Tue, 9 Mar 2010 13:41:05 -0800
Subject: [PATCH 1/3] Added scripts/command.php, can be used to run commands
 such as subscription on behalf of users. This includes whatever support for
 extended command parsing plugins may have added.

Example:
  ./scripts/command.php -nbrionv sub update@status.net
---
 lib/channel.php     | 19 +++++++++++
 scripts/command.php | 80 +++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 99 insertions(+)
 create mode 100755 scripts/command.php

diff --git a/lib/channel.php b/lib/channel.php
index 3cd168786c..689bca0be9 100644
--- a/lib/channel.php
+++ b/lib/channel.php
@@ -47,6 +47,25 @@ class Channel
     }
 }
 
+class CLIChannel extends Channel
+{
+    function source()
+    {
+        return 'cli';
+    }
+
+    function output($user, $text)
+    {
+        $site = common_config('site', 'name');
+        print "[{$user->nickname}@{$site}] $text\n";
+    }
+
+    function error($user, $text)
+    {
+        $this->output($user, $text);
+    }
+}
+
 class XMPPChannel extends Channel
 {
 
diff --git a/scripts/command.php b/scripts/command.php
new file mode 100755
index 0000000000..6041b02eb1
--- /dev/null
+++ b/scripts/command.php
@@ -0,0 +1,80 @@
+#!/usr/bin/env php
+<?php
+/*
+ * StatusNet - a distributed open-source microblogging tool
+ * Copyright (C) 2008, 2009, 2010 StatusNet, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+define('INSTALLDIR', realpath(dirname(__FILE__) . '/..'));
+
+$shortoptions = 'i:n:';
+$longoptions = array('id=', 'nickname=');
+
+$helptext = <<<END_OF_USERROLE_HELP
+command.php [options] [command line]
+Perform commands on behalf of a user, such as sub, unsub, join, drop
+
+  -i --id       ID of the user
+  -n --nickname nickname of the user
+
+END_OF_USERROLE_HELP;
+
+require_once INSTALLDIR.'/scripts/commandline.inc';
+
+
+
+function interpretCommand($user, $body)
+{
+    $inter = new CommandInterpreter();
+    $chan = new CLIChannel();
+    $cmd = $inter->handle_command($user, $body);
+    if ($cmd) {
+        $cmd->execute($chan);
+        return true;
+    } else {
+        $chan->error($user, "Not a valid command. Try 'help'?");
+        return false;
+    }
+}
+
+
+
+if (have_option('i', 'id')) {
+    $id = get_option_value('i', 'id');
+    $user = User::staticGet('id', $id);
+    if (empty($user)) {
+        print "Can't find user with ID $id\n";
+        exit(1);
+    }
+} else if (have_option('n', 'nickname')) {
+    $nickname = get_option_value('n', 'nickname');
+    $user = User::staticGet('nickname', $nickname);
+    if (empty($user)) {
+        print "Can't find user with nickname '$nickname'\n";
+        exit(1);
+    }
+} else {
+    print "You must provide either an ID or a nickname.\n\n";
+    print $helptext;
+    exit(1);
+}
+
+// @todo refactor the interactive console in console.php and use
+// that to optionally make an interactive test console here too.
+// Would be good to help people test commands when XMPP or email
+// isn't available locally.
+interpretCommand($user, implode(' ', $args));
+

From 2c6eb770457b5e763a2ca960dcde11201c08952f Mon Sep 17 00:00:00 2001
From: Sarven Capadisli <csarven@status.net>
Date: Tue, 9 Mar 2010 11:08:21 -0500
Subject: [PATCH 2/3] Added a checkbox for subscribing the admin of a StatusNet
 instance to update@status.net. Checked by default. Subscription optional.

---
 install.php | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/install.php b/install.php
index 929277e5e8..fbedbaf017 100644
--- a/install.php
+++ b/install.php
@@ -483,6 +483,7 @@ function showForm()
             $dbRadios .= "<input type=\"radio\" name=\"dbtype\" id=\"dbtype-$type\" value=\"$type\" $checked/> $info[name]<br />\n";
         }
     }
+
     echo<<<E_O_T
         </ul>
     </dd>
@@ -559,6 +560,11 @@ function showForm()
                     <input id="admin_email" name="admin_email" value="{$post->value('admin_email')}" />
                     <p class="form_guide">Optional email address for the initial StatusNet user (administrator)</p>
                 </li>
+                <li>
+                    <label for="admin_updates">Subscribe to announcements</label>
+                    <input type="checkbox" id="admin_updates" name="admin_updates" value="true" checked="checked" />
+                    <p class="form_guide">Release and security feed from <a href="http://update.status.net/">update@status.net</a> (recommended)</p>
+                </li>
             </ul>
         </fieldset>
         <input type="submit" name="submit" class="submit" value="Submit" />
@@ -587,6 +593,7 @@ function handlePost()
     $adminPass = $_POST['admin_password'];
     $adminPass2 = $_POST['admin_password2'];
     $adminEmail = $_POST['admin_email'];
+    $adminUpdates = $_POST['admin_updates'];
 
     $server = $_SERVER['HTTP_HOST'];
     $path = substr(dirname($_SERVER['PHP_SELF']), 1);
@@ -657,7 +664,7 @@ STR;
     }
 
     // Okay, cross fingers and try to register an initial user
-    if (registerInitialUser($adminNick, $adminPass, $adminEmail)) {
+    if (registerInitialUser($adminNick, $adminPass, $adminEmail, $adminUpdates)) {
         updateStatus(
             "An initial user with the administrator role has been created."
         );
@@ -854,7 +861,7 @@ function runDbScript($filename, $conn, $type = 'mysqli')
     return true;
 }
 
-function registerInitialUser($nickname, $password, $email)
+function registerInitialUser($nickname, $password, $email, $adminUpdates)
 {
     define('STATUSNET', true);
     define('LACONICA', true); // compatibility
@@ -882,7 +889,7 @@ function registerInitialUser($nickname, $password, $email)
     // Attempt to do a remote subscribe to update@status.net
     // Will fail if instance is on a private network.
 
-    if (class_exists('Ostatus_profile')) {
+    if (class_exists('Ostatus_profile') && $adminUpdates) {
         try {
             $oprofile = Ostatus_profile::ensureProfile('http://update.status.net/');
             Subscription::start($user->getProfile(), $oprofile->localProfile());

From 60e6172bc9e52f1e6b4941811e2d6fd6050c1c6b Mon Sep 17 00:00:00 2001
From: Brion Vibber <brion@pobox.com>
Date: Tue, 9 Mar 2010 14:15:55 -0800
Subject: [PATCH 3/3] Check for invalid and reserved usernames for the admin
 user at install time.

---
 install.php | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/install.php b/install.php
index fbedbaf017..9a7e27fa2c 100644
--- a/install.php
+++ b/install.php
@@ -589,7 +589,7 @@ function handlePost()
     $sitename = $_POST['sitename'];
     $fancy    = !empty($_POST['fancy']);
 
-    $adminNick = $_POST['admin_nickname'];
+    $adminNick = strtolower($_POST['admin_nickname']);
     $adminPass = $_POST['admin_password'];
     $adminPass2 = $_POST['admin_password2'];
     $adminEmail = $_POST['admin_email'];
@@ -630,6 +630,19 @@ STR;
         updateStatus("No initial StatusNet user nickname specified.", true);
         $fail = true;
     }
+    if ($adminNick && !preg_match('/^[0-9a-z]{1,64}$/', $adminNick)) {
+        updateStatus('The user nickname "' . htmlspecialchars($adminNick) .
+                     '" is invalid; should be plain letters and numbers no longer than 64 characters.', true);
+        $fail = true;
+    }
+    // @fixme hardcoded list; should use User::allowed_nickname()
+    // if/when it's safe to have loaded the infrastructure here
+    $blacklist = array('main', 'admin', 'twitter', 'settings', 'rsd.xml', 'favorited', 'featured', 'favoritedrss', 'featuredrss', 'rss', 'getfile', 'api', 'groups', 'group', 'peopletag', 'tag', 'user', 'message', 'conversation', 'bookmarklet', 'notice', 'attachment', 'search', 'index.php', 'doc', 'opensearch', 'robots.txt', 'xd_receiver.html', 'facebook');
+    if (in_array($adminNick, $blacklist)) {
+        updateStatus('The user nickname "' . htmlspecialchars($adminNick) .
+                     '" is reserved.', true);
+        $fail = true;
+    }
 
     if (empty($adminPass)) {
         updateStatus("No initial StatusNet user password specified.", true);