Commit Graph

10914 Commits

Author SHA1 Message Date
Brion Vibber
a7abb2323e Session GC fix: save session.modified field as UTC so our comparisons work.
Had to tweak statusnet.ini to remove the DB_DATAOBJECT_MYSQLTIMESTAMP bitfield constant on session.modified; while it sounds like a useful and legit setting, it actually just means that DB_DataObject silently fails to pass through any attempts to explicitly set the value. As a result, MySQL does its default behavior which is to insert the current *LOCAL* time, which is useless.
This was leading to early GC west of GMT, or late GC east of it. Early GC could at worst destroy all live sessions (whoever's session *triggered* GC is fine, as the session then gets saved right back.)
2011-01-27 12:27:31 -08:00
Brion Vibber
433ec21119 Add $config['sessions']['gc_limit'] to limit how much work we do in each session GC; defaulting to killing 1000 sessions at a time. 2011-01-27 12:08:24 -08:00
Zach Copley
73011e6344 Add IdentiCurse to notice sources 2011-01-26 10:50:53 -08:00
Zach Copley
05361bb686 OAuth: Fix rare problem in which request tokens were sometimes being
returned as access tokens.
2011-01-20 10:44:31 -08:00
Zach Copley
28d40e5eed Fix syntax error in error msg 2011-01-20 10:44:18 -08:00
Zach Copley
3a24b95edb Fix a couple spelling mistakes in comments and remove redundant statement terminator 2011-01-20 10:44:05 -08:00
Zach Copley
6dc94a5389 Move getConnectedApps() from Profile to User, where it belongs
Conflicts:

	classes/User.php
2011-01-20 10:43:27 -08:00
Brion Vibber
ea31051401 TwitterBridge fix: merge down remaining 64-bit Snowflake ID fixes for twitterstatusfetcher.php from 0.9.x
Original fixes in c169dcb5221cf3dd452c291bf97374bb459cc5b9; didn't get merged in 39cad55711 because the code had been broken out to another file, but manual merge went smooth.

These affect twitterstatusfetcher.php on all 32-bit installs and some 64-bit installs (depending on whether the version of the JSON library reads the large numbers as long or double internally). 64-bit bug is harder to see as it tends to manifest as off-by-one due to losing a bit of precision off the end.
2011-01-18 11:08:32 -08:00
Brion Vibber
0ec07e9c65 Use ReflectionFunction to check for a present-but-disabled dl() function instead of manually parsing the disable_functions php.ini setting.
We were checking the list as comma-delimited (per the description of it as comma-delimited), but in fact spaces are also accepted, and who knows what else.
2011-01-07 14:48:40 -08:00
Brion Vibber
d0d39b51b8 Fixes for RegisterThrottle plugin: alt registration methods (OpenID, FBConnect, Twitter) weren't triggering the throttle check or recording of IPs.
Added StartRegistrationTry/EndRegistrationTry calls into those three, and moved the actual recording hook to EndUserRegister which is guaranteed to be called from User::register (so we don't need to worry about other auth methods forgetting to call the other UI-code hooks).
2011-01-05 12:28:02 -08:00
Brion Vibber
fb9ecddbf1 Ticket #2649: fix for undefined $base_url in lighttpd code path
The $base_url var is never defined, and the code has actually always been wrong since it was added.
Just removing it seems to work fine :)
2011-01-04 12:07:52 -08:00
Brion Vibber
d3d9797496 Prevent group creation by silenced users.
* adds Right::CREATEGROUP
* logic in Profile::hasRight() checks for silencing
* NewgroupAction checks for the permission before letting you see or process the form in the UI
* User_group::register() logic does a low-level check on the specified initial group admin, and rejects creation if that user doesn't have the right; guaranteeing that API methods etc will also have this restriction applied sensibly.
2010-12-28 11:34:02 -08:00
Brion Vibber
46123e3754 *cough* don't commit the code that breaks your code that you used to test the debug code :D 2010-12-20 13:06:58 -08:00
Brion Vibber
a4e2f38356 Slightly fancier debug code for PuSH hmac mismatches -- save the post to a temp file if feedsub/debug is on in config. 2010-12-20 13:05:17 -08:00
Brion Vibber
dd48bdb1c4 Logging helper for bogus hmacs on PuSH in -- record the url & hub with the err msg to help tell what broke 2010-12-20 10:48:02 -08:00
Brion Vibber
39cad55711 TwitterBridge: partial merge of id_str usage from 0.9.x for improved 32-bit and pre-5.2.10 compatibility. (on 64-bit in 5.2.6 we can pull the integer IDs, but silently lose some precision on the end.)
Fixes for Twitter bridge breakage on 32-bit servers. New "Snowflake" 64-bit IDs have become too big to fit in the integer portion of double-precision floats, so to reliably use these IDs we need to pull the new string form now.
Machines with 64-bit PHP installation should have had no problems (except on Windows, where integers are still 32 bits)

Conflicts:

	plugins/TwitterBridge/twitterimport.php <- as this hasn't been broken out, the import code is NOT FULLY UPDATED HERE.
2010-12-13 12:13:24 -08:00
Brion Vibber
3f9b8b293d Workaround for locally-handled sessions breaking on PHP 5.3 with APC enabled.
Big thanks to the folks at http://pecl.php.net/bugs/bug.php?id=16745 for the secret juju!
Classes were being torn down before session save handlers got called at the end of the request, which exploded with complaints about being unable to find various classes.
Registering a shutdown function lets us explicitly close out the session before everything gets torn down.
2010-12-10 14:12:02 -08:00
Brion Vibber
65f2d12bbf extlibs updates: PEAR::Mail to 1.2.0, PEAR::Net_SMTP to 1.4.2 (need to go together as a pair)
PEAR::Mail updated to 1.2.0 from 1.1.4, fixes deprecation warnings on PHP 5.3, as well as:
1.2.0:
• QA release - stable.
• Updated minimum dependencies (Net_SMTP, PEAR, PHP)
• Doc Bug #15620 Licence change to BSD
• Bug #13659 Mail parse error in special condition
• Bug #16200 - Security hole allow to read/write Arbitrary File
_hasUnclosedQuotes() doesn't properly handle a double slash before an end quote (slusarz@curecanti.org, Bug #9137).
• Make sure Net_SMTP is defined when calling getSMTPObject() directly (slusarz@curecanti.org, Bug #13772).
• Add addServiceExtensionParameter() to the SMTP driver (slusarz@curecanti.org, Bug #13764).
• Add a method to obtain the Net_SMTP object from the SMTP driver (slusarz@curecanti.org, Bug #13766).

PEAR::Net_SMTP updated to 1.4.2 from 1.3.1, needed to support updated PEAR::Mail:
1.4.2:
• Fixing header string quoting in data(). (Bug #17199)
1.4.1:
• The auth() method now includes an optional $tls parameter that determines whether or not TLS should be attempted (if supported by the PHP runtime and the remote SMTP server). This parameter defaults to true. (Bug #16349)
• Header data can be specified separately from message body data by passing it as the optional second parameter to ``data()``. This is especially useful when an open file resource is being used to supply message data because it allows header fields (like *Subject:*) to be built dynamically at runtime. (Request #17012)
1.4.0:
• The data() method now accepts either a string or a file resource containing the message data. (Request #16962)
1.3.4:
• All Net_Socket write failures are now recognized. (Bug #16831)
1.3.3:
• Added getGreeting(), for retrieving the server's greeting string. (Request #16066) [needed for PEAR::Mail]
• We no longer attempt a TLS connection if we're already using a secure socket. (Bug #16254)
• You can now specify a debug output handler via setDebug(). (Request #16420)
1.3.2:
• TLS connection only gets started if no AUTH methods are sent. (Bug #14944)
2010-12-10 11:07:51 -08:00
Brion Vibber
516161213f Tweak to PiwikAnalytics plugin to help browsers to pre-load piwik.js, may shave a little off load time.
Piwik's current default recommended JS for loading creates a <script> tag via document.write(). In addition to being generally evil, this means the browser doesn't know it's going to need piwik.js until that chunk of script gets executed... which can't happen until all scripts referenced *before* it have been loaded and executed.

The only reason for that bit of script though seems to be to pick 'http' or 'https' depending on the current page's scheme. This can be done more simply by using a protocol-relative link (eg "//piwik.status.net/piwik.js"), which the browser will resolve as appropriate. Since it's now sitting in the <script> tag, the browser's lookahead code will now see it and be able to start loading it while earlier things are parsing/executing.
May be better still to move to an asynchronous load after DOM-ready, but I'm not sure if that'll screw with the analytics code (eg, not being able to start things on the DOM-ready events since they're past).
2010-12-08 17:39:04 -08:00
Brion Vibber
26bd15ec0a Mapstraction plugin: use minified sources for OpenLayers
The default full build of OpenLayers.js is 943kb as of 2.10; this gzips down to a couple hundred kb
but is still rather nasty, plus loading it off a remote host could slow things down.

Using a local copy let us cut down the size significantly by discarding unused features, and further
minification with yui-compressor shaves a bit more off. Cuts down to about 1/5 the size of the
original.

Also threw in a bundled & minified copy of the Mapstraction classes plus our usermap.js,
which covers the common case of using the default OpenLayers provider. This cuts out three
additional script loads, two of which weren't getting launched until after the mxn.js main
file got loaded.
2010-12-08 14:54:02 -08:00
Brion Vibber
fb315c6f61 Create a bundled & minified JS file for Mapstraction's common case (using OpenLayers); this'll avoid waiting on additional script loads for mxn.core.js and mxn.openlayers.core.js, and removes the need to load usermap.js separately as well. 2010-12-08 14:52:26 -08:00
Brion Vibber
34569017ce Add stripped and minified local copy of OpenLayers 2.10, about 1/5 the size of the full version.
Included Makefile will recreate the OpenLayers.js using the statusnet.cfg strip configuration file
and yui-compressor to do some extra minification at the end. Requires fetching the OpenLayers
source download and dropping it in:

http://openlayers.org/download/OpenLayers-2.10.tar.gz
2010-12-08 14:28:55 -08:00
Brion Vibber
001512df96 Merge branch 'master' of gitorious.org:statusnet/mainline 2010-12-07 12:13:50 -08:00
Brion Vibber
db4d69f099 Quick hack to discard twitter broadcast queue items on failure *IF* config option 'twitter' 'ignore_errors' is on:
$config['twitter']['ignore_errors'] = true;

A longer-term solution is to patch up the indirect retry handling to count retries better, or delay for later retry sensibly.
2010-12-07 12:11:37 -08:00
Evan Prodromou
b35352790f Merge branch 'master' of gitorious.org:statusnet/mainline 2010-12-06 17:21:38 -05:00
Evan Prodromou
49757c79ee Config flag to disable router caching if needed 2010-12-06 17:21:01 -05:00
Evan Prodromou
a33d1d6090 use Cache::codeKey() in Router class 2010-12-06 17:20:44 -05:00
Evan Prodromou
004d58fdb8 Make code-dependent cache entries more volatile
If a cache entry is dependent on the code that's running, upgrading
(or enabling/disabling plugins) can generate hard-to-track
inconsistencies.

This change adds a close-to-unique fingerprint of the running code to
some cache keys, so that if the fingerprint changes, the old values
are ignored and new values are used.

If the automated uniqueness fails, an administrator can add an extra
config value, $config['site']['build'], that's thrown into the key also.
2010-12-06 17:20:26 -05:00
Brion Vibber
76f3dc32e0 Added User::singleUserNickname() as (temporary?) fallback for single-user lookup as a workaround for site setup of 1user sites. We found that an external tool attempting to spin up StatusNet and then register the user would fail because StatusNet's router setup dies on being unable to find its single-user account, since the nickname is needed in setting up routing entries. This tweak will let it survive, using the configured setting as a fallback if it can't actually find the user account. 2010-12-06 12:39:09 -08:00
Brion Vibber
b4fc54c308 Flush router cache when saving Twitter admin settings: adding/removing keys can enable/disable some actions. This avoids having users' Twitter settings unreachable after adding your keys to an installation with TwitterBridge on but not pre-configured. 2010-11-30 12:46:33 -08:00
Brion Vibber
bcccbd6d8a BitlyPlugin: fix for shortening URLs containing ampersand (&) 2010-11-30 12:40:23 -08:00
Evan Prodromou
af31767b63 was using Cache::get() and ::set() wrong 2010-11-30 14:44:16 -05:00
Evan Prodromou
0d99a01d74 a quick script to flush the router from cache if needed 2010-11-30 10:27:52 -05:00
Evan Prodromou
c86dff9901 use a CRC32 of the plugin names rather than actual names 2010-11-30 10:11:53 -05:00
Evan Prodromou
f5c8549068 Squashed commit of the following:
commit 39fdd181d95d2c39a3ea1ca330b10a99a92b961f
Author: Evan Prodromou <evan@status.net>
Date:   Mon Nov 29 10:37:49 2010 -0500

    use cache key prefix for router cache key

commit 4cb9e56941922489b83d6425c059cf770991e68f
Author: Evan Prodromou <evan@status.net>
Date:   Mon Nov 29 10:31:21 2010 -0500

    use a unique hashkey based on the software version and loaded plugins

commit 44458b48aef719543e11f83b41fded65cbcb8be9
Author: Evan Prodromou <evan@status.net>
Date:   Sat Nov 27 17:04:15 2010 -0500

    cache the NUM object

commit 809c188307a9b4ada15f3d7fa573a6034341efef
Author: Evan Prodromou <evan@status.net>
Date:   Sat Nov 27 15:44:12 2010 -0500

    accelerate routing by pivoting paths on actions
2010-11-30 09:58:00 -05:00
Evan Prodromou
806832e339 Revert "Ticket #2796: don't allow arbitrary overriding of the 'action' class and other parameters pulled from the URL mapper."
This reverts commit 4193a826d3.
2010-11-26 11:18:41 -05:00
Brion Vibber
c0ce953288 Update doc comment for Awesomeness plugin 2010-11-22 12:39:38 -08:00
Brion Vibber
5ad06e80b6 Tweak regex in Awesomeness plugin 2010-11-22 12:38:47 -08:00
Brion Vibber
263bd5b387 Merge commit 'refs/merge-requests/2224' of git://gitorious.org/statusnet/mainline into int 2010-11-22 12:31:24 -08:00
Brion Vibber
9c6e63b0bc Fixes for delete_status_network.sh:
* add some sanity checking: abort on failures instead of plodding through
* add some progress / error output
* fetch the target database server name from the status_network entry and use that to target the DROP DATABASE

Note that database names and other overrides in status_network entry may still not be seen.
2010-11-22 11:10:10 -08:00
Jeroen De Dauw
7e173f5db8 Added Awesomeness extension 2010-11-20 15:14:12 +01:00
Brion Vibber
b615998309 Fix ticket #2700: some numeric IDs were misinterpreted as hex numbers instead of strings when '0x123' passed in.
Switched from is_numeric() to a custom self::is_decimal() which is more strict.
This makes our behavior match Twitter's API a bit better, so eg this:

  http://identi.ca/api/statuses/home_timeline/0x6d686b.xml

should now be equivalent to:

  http://identi.ca/api/statuses/home_timeline.xml?screen_name=0x6d686b

instead of:

  http://identi.ca/api/statuses/home_timeline.xml?user_id=7170155
2010-11-19 16:12:28 -08:00
Brion Vibber
94f2f96f2e Ticket #2724: gracefully handle attempts to delete or fave/unfave a remote Twitter notice if a failure occurs.
Most annoying error case being where the notice was already faved or deleted on Twitter! :)
Such errors will now just fail out and log a note to the syslog -- the rest of what we were doing will continue on unhindered, so you can still delete, favorite, etc and it just won't sync the info over in that case.
2010-11-19 15:51:08 -08:00
Brion Vibber
4193a826d3 Ticket #2796: don't allow arbitrary overriding of the 'action' class and other parameters pulled from the URL mapper.
This protects against oddities such as manual invocation of the ClientError action, which can spoof error messages.
2010-11-19 15:30:52 -08:00
Brion Vibber
ca55d6c514 Ticket #1987: support since_id on API notice search methods.
max_id is not yet implemented, as it'll need support added to the search backends. (since_id we get 'for free' by just cropping off the list, it'll do for now)
2010-11-19 14:00:22 -08:00
Brion Vibber
4b01dd8b2e Ticket #2441: fix deletion of avatars when a profile is deleted.
Code was doing a batch call to $avatar->delete() which fails to properly engage the file deletion code. Calling the existing profile->delete_avatars() function deletes them individually, which makes it all work nice again.
2010-11-19 12:40:18 -08:00
Brion Vibber
d961925874 Ticket #2899: clean up inbox/outbox DM form a bit:
- "To" drop-down list now defaults to showing "Select recipient:" instead of the first person on your list, reducing liklihood of accidentally sending a message to the wrong person.
- When there are no mutual subscribers to send to, instead of an empty list the list now shows 'No mutual subscribers.'

In both cases, attempting to send when the default is selected displays an error message.
I'm not disabling form elements in part because our themes right now don't show disabled button state correctly; we might want to tighten that up a bit more once fixed.
2010-11-19 11:56:03 -08:00
Brion Vibber
573f98c5bc scripts/deletegroup.php -- basic CLI script to delete a group by id or local nickname. Like deleteuser.php, this can be used in batch runs by providing the -y override. 2010-11-18 14:40:05 -08:00
Brion Vibber
f468180743 Fix regression in PopularNoticeSection: tag parameter was broken, causing sidebar on tag pages to show untagged favorites. 2010-11-18 14:30:00 -08:00
Brion Vibber
0265cdc1c9 Ticket 2895: exclude silenced users from popular notice lists 2010-11-16 11:13:52 -08:00