Esempio n. 1
0
 /**
  * Check for an API key, and throw an exception if it's not set
  *
  * @param array $args URL and POST params
  *
  * @return boolean continuation flag
  */
 function prepare($args)
 {
     StatusNet::setApi(true);
     // reduce exception reports to aid in debugging
     parent::prepare($args);
     if (!common_config('globalapi', 'enabled')) {
         throw new ClientException(_('Global API not enabled.'), 403);
     }
     $apikey = $this->trimmed('apikey');
     if (empty($apikey)) {
         throw new ClientException(_('No API key.'), 403);
     }
     $expected = common_config('globalapi', 'key');
     if ($expected != $apikey) {
         // FIXME: increment a counter by IP address to prevent brute-force
         // attacks on the key.
         throw new ClientException(_('Bad API key.'), 403);
     }
     $email = common_canonical_email($this->trimmed('email'));
     if (empty($email)) {
         throw new ClientException(_('No email address.'));
     }
     if (!Validate::email($email, common_config('email', 'check_domain'))) {
         throw new ClientException(_('Invalid email address.'));
     }
     $this->email = $email;
     return true;
 }
 function handle($args)
 {
     // Trigger short error responses; not a human-readable web page.
     StatusNet::setApi(true);
     // We're not a general oEmbed proxy service; limit to valid sessions.
     $token = $this->trimmed('token');
     if (!$token || $token != common_session_token()) {
         // TRANS: Client error displayed when the session token does not match or is not given.
         $this->clientError(_m('There was a problem with your session token. ' . 'Try again, please.'));
     }
     $format = $this->arg('format');
     if ($format && $format != 'json') {
         // TRANS: Client exception thrown when requesting a different format than JSON.
         throw new ClientException(_m('Invalid format; only JSON supported.'));
     }
     $url = $this->arg('url');
     if (!common_valid_http_url($url)) {
         // TRANS: Client exception thrown when not providing a valid URL.
         throw new ClientException(_m('Invalid URL.'));
     }
     $params = array();
     if ($this->arg('maxwidth')) {
         $params['maxwidth'] = $this->arg('maxwidth');
     }
     if ($this->arg('maxheight')) {
         $params['maxheight'] = $this->arg('maxheight');
     }
     $data = oEmbedHelper::getObject($url, $params);
     $this->init_document('json');
     print json_encode($data);
 }
Esempio n. 3
0
 /**
  * For initializing members of the class.
  *
  * @param array $argarray misc. arguments
  *
  * @return boolean true
  */
 function prepare($argarray)
 {
     parent::prepare($argarray);
     if ($this->boolean('ajax')) {
         StatusNet::setApi(true);
         // short error results!
     }
     $rsvpId = $this->trimmed('rsvp');
     if (empty($rsvpId)) {
         // TRANS: Client exception thrown when referring to a non-existing RSVP ("please respond") item.
         throw new ClientException(_m('No such RSVP.'));
     }
     $this->rsvp = RSVP::staticGet('id', $rsvpId);
     if (empty($this->rsvp)) {
         // TRANS: Client exception thrown when referring to a non-existing RSVP ("please respond") item.
         throw new ClientException(_m('No such RSVP.'));
     }
     $this->event = Happening::staticGet('id', $this->rsvp->event_id);
     if (empty($this->event)) {
         // TRANS: Client exception thrown when referring to a non-existing event.
         throw new ClientException(_m('No such event.'));
     }
     $this->user = common_current_user();
     if (empty($this->user)) {
         // TRANS: Client exception thrown when trying tp RSVP ("please respond") while not logged in.
         throw new ClientException(_m('You must be logged in to RSVP for an event.'));
     }
     return true;
 }
Esempio n. 4
0
 /**
  * For initializing members of the class.
  *
  * @param array $argarray misc. arguments
  *
  * @return boolean true
  */
 function prepare($argarray)
 {
     parent::prepare($argarray);
     if ($this->boolean('ajax')) {
         StatusNet::setApi(true);
     }
     $this->user = common_current_user();
     if (empty($this->user)) {
         // TRANS: Client exception thrown trying to respond to a poll while not logged in.
         throw new ClientException(_m('You must be logged in to respond to a poll.'), 403);
     }
     if ($this->isPost()) {
         $this->checkSessionToken();
     }
     $id = $this->trimmed('id');
     $this->poll = Poll::staticGet('id', $id);
     if (empty($this->poll)) {
         // TRANS: Client exception thrown trying to respond to a non-existing poll.
         throw new ClientException(_m('Invalid or missing poll.'), 404);
     }
     $selection = intval($this->trimmed('pollselection'));
     if ($selection < 1 || $selection > count($this->poll->getOptions())) {
         // TRANS: Client exception thrown responding to a poll with an invalid answer.
         throw new ClientException(_m('Invalid poll selection.'));
     }
     $this->selection = $selection;
     return true;
 }
Esempio n. 5
0
 /**
  * Load attributes based on database arguments
  *
  * Loads all the DB stuff
  *
  * @param array $args $_REQUEST array
  *
  * @return success flag
  */
 function prepare($args)
 {
     parent::prepare($args);
     if ($this->boolean('ajax')) {
         StatusNet::setApi(true);
     }
     $this->notice = $this->getNotice();
     $cur = common_current_user();
     if (!empty($cur)) {
         $curProfile = $cur->getProfile();
     } else {
         $curProfile = null;
     }
     if (!$this->notice->inScope($curProfile)) {
         // TRANS: Client exception thrown when trying a view a notice the user has no access to.
         throw new ClientException(_('Not available.'), 403);
     }
     $this->profile = $this->notice->getProfile();
     if (empty($this->profile)) {
         // TRANS: Server error displayed trying to show a notice without a connected profile.
         $this->serverError(_('Notice has no profile.'), 500);
         return false;
     }
     $this->user = User::staticGet('id', $this->profile->id);
     $this->avatar = $this->profile->getAvatar(AVATAR_PROFILE_SIZE);
     return true;
 }
Esempio n. 6
0
 function handle($args)
 {
     parent::handle($args);
     if ($this->boolean('ajax')) {
         StatusNet::setApi(true);
     }
     if (!common_logged_in()) {
         // TRANS: Error message displayed when trying to perform an action that requires a logged in user.
         $this->clientError(_('Not logged in.'));
         return;
     }
     $user = common_current_user();
     if ($_SERVER['REQUEST_METHOD'] != 'POST') {
         common_redirect(common_local_url('subscriptions', array('nickname' => $user->nickname)));
         return;
     }
     /* Use a session token for CSRF protection. */
     $token = $this->trimmed('token');
     if (!$token || $token != common_session_token()) {
         // TRANS: Client error displayed when the session token does not match or is not given.
         $this->clientError(_('There was a problem with your session token. ' . 'Try again, please.'));
         return;
     }
     $other_id = $this->arg('unsubscribeto');
     if (!$other_id) {
         // TRANS: Client error displayed when trying to leave a group without specifying an ID.
         $this->clientError(_('No profile ID in request.'));
         return;
     }
     $other = Profile::staticGet('id', $other_id);
     if (!$other) {
         // TRANS: Client error displayed when trying to leave a non-existing group.
         $this->clientError(_('No profile with that ID.'));
         return;
     }
     $this->request = Subscription_queue::pkeyGet(array('subscriber' => $user->id, 'subscribed' => $other->id));
     if (empty($this->request)) {
         // TRANS: Client error displayed when trying to approve a non-existing group join request.
         // TRANS: %s is a user nickname.
         $this->clientError(sprintf(_('%s is not in the moderation queue for this group.'), $this->profile->nickname), 403);
     }
     $this->request->abort();
     if ($this->boolean('ajax')) {
         $this->startHTML('text/xml;charset=utf-8');
         $this->elementStart('head');
         // TRANS: Title after unsubscribing from a group.
         $this->element('title', null, _m('TITLE', 'Unsubscribed'));
         $this->elementEnd('head');
         $this->elementStart('body');
         $subscribe = new SubscribeForm($this, $other);
         $subscribe->show();
         $this->elementEnd('body');
         $this->elementEnd('html');
     } else {
         common_redirect(common_local_url('subscriptions', array('nickname' => $user->nickname)), 303);
     }
 }
Esempio n. 7
0
 function handle()
 {
     StatusNet::setApi(true);
     // Minimize error messages to aid in debugging
     parent::handle();
     if ($_SERVER['REQUEST_METHOD'] == 'POST') {
         $this->handlePost();
     } else {
         $this->handleGet();
     }
 }
Esempio n. 8
0
 /**
  * For initializing members of the class.
  *
  * @param array $argarray misc. arguments
  *
  * @return boolean true
  */
 function prepare($argarray)
 {
     StatusNet::setApi(true);
     // Send smaller error pages
     parent::prepare($argarray);
     $license = $_POST['omb_listenee_license'];
     $site_license = common_config('license', 'url');
     if (!common_compatible_license($license, $site_license)) {
         $this->clientError(sprintf(_('Listenee stream license ‘%1$s’ is not ' . 'compatible with site license ‘%2$s’.'), $license, $site_license));
         return false;
     }
     return true;
 }
Esempio n. 9
0
 /**
  * For initializing members of the class.
  *
  * @param array $argarray misc. arguments
  *
  * @return boolean true
  */
 function prepare($argarray)
 {
     StatusNet::setApi(true);
     // Send smaller error pages
     parent::prepare($argarray);
     try {
         $this->checkNotice();
     } catch (Exception $e) {
         $this->clientError($e->getMessage());
         return false;
     }
     return true;
 }
Esempio n. 10
0
 /**
  * Check the posted activity type and break out to appropriate processing.
  */
 function handle($args)
 {
     StatusNet::setApi(true);
     // Send smaller error pages
     common_log(LOG_DEBUG, "Got a " . $this->activity->verb);
     if (Event::handle('StartHandleSalmonTarget', array($this->activity, $this->target)) && Event::handle('StartHandleSalmon', array($this->activity))) {
         switch ($this->activity->verb) {
             case ActivityVerb::POST:
                 $this->handlePost();
                 break;
             case ActivityVerb::SHARE:
                 $this->handleShare();
                 break;
             case ActivityVerb::FAVORITE:
                 $this->handleFavorite();
                 break;
             case ActivityVerb::UNFAVORITE:
                 $this->handleUnfavorite();
                 break;
             case ActivityVerb::FOLLOW:
             case ActivityVerb::FRIEND:
                 $this->handleFollow();
                 break;
             case ActivityVerb::UNFOLLOW:
                 $this->handleUnfollow();
                 break;
             case ActivityVerb::JOIN:
                 $this->handleJoin();
                 break;
             case ActivityVerb::LEAVE:
                 $this->handleLeave();
                 break;
             case ActivityVerb::TAG:
                 $this->handleTag();
                 break;
             case ActivityVerb::UNTAG:
                 $this->handleUntag();
                 break;
             case ActivityVerb::UPDATE_PROFILE:
                 $this->handleUpdateProfile();
                 break;
             default:
                 // TRANS: Client exception.
                 throw new ClientException(_m('Unrecognized activity type.'));
         }
         Event::handle('EndHandleSalmon', array($this->activity));
         Event::handle('EndHandleSalmonTarget', array($this->activity, $this->target));
     }
 }
Esempio n. 11
0
 /**
  * For initializing members of the class.
  *
  * @param array $argarray misc. arguments
  *
  * @return boolean true
  */
 function prepare($argarray)
 {
     StatusNet::setApi(true);
     // Send smaller error pages
     parent::prepare($argarray);
     $license = $_POST['omb_listenee_license'];
     $site_license = common_config('license', 'url');
     if (!common_compatible_license($license, $site_license)) {
         // TRANS: Client error displayed when trying to update profile with an incompatible license.
         // TRANS: %1$s is the license incompatible with site license %2$s.
         $this->clientError(sprintf(_('Listenee stream license "%1$s" is not ' . 'compatible with site license "%2$s".'), $license, $site_license));
         return false;
     }
     return true;
 }
 /**
  * Initialization.
  *
  * @param array $args Web and URL arguments
  *
  * @return boolean false if user doesn't exist
  */
 function prepare($args)
 {
     StatusNet::setApi(true);
     // reduce exception reports to aid in debugging
     parent::prepare($args);
     $this->format = $this->arg('format');
     $this->page = (int) $this->arg('page', 1);
     $this->count = (int) $this->arg('count', 20);
     $this->max_id = (int) $this->arg('max_id', 0);
     $this->since_id = (int) $this->arg('since_id', 0);
     if ($this->arg('since')) {
         header('X-StatusNet-Warning: since parameter is disabled; use since_id');
     }
     return true;
 }
Esempio n. 13
0
 function prepare($args)
 {
     // If we die, show short error messages.
     StatusNet::setApi(true);
     parent::prepare($args);
     $cur = common_current_user();
     if (!$cur) {
         // TRANS: Client exception in autocomplete plugin.
         throw new ClientException(_m('Access forbidden.'), true);
     }
     $this->groups = array();
     $this->users = array();
     $q = $this->arg('q');
     $limit = $this->arg('limit');
     if ($limit > 200) {
         $limit = 200;
     }
     //prevent DOS attacks
     if (substr($q, 0, 1) == '@') {
         //user search
         $q = substr($q, 1);
         $user = new User();
         $user->limit($limit);
         $user->whereAdd('nickname like \'' . trim($user->escape($q), '\'') . '%\'');
         if ($user->find()) {
             while ($user->fetch()) {
                 $this->users[] = clone $user;
             }
         }
     }
     if (substr($q, 0, 1) == '!') {
         //group search
         $q = substr($q, 1);
         $group = new User_group();
         $group->limit($limit);
         $group->whereAdd('nickname like \'' . trim($group->escape($q), '\'') . '%\'');
         if ($group->find()) {
             while ($group->fetch()) {
                 $this->groups[] = clone $group;
             }
         }
     }
     return true;
 }
Esempio n. 14
0
 /**
  * For initializing members of the class.
  *
  * @param array $argarray misc. arguments
  *
  * @return boolean true
  */
 function prepare($argarray)
 {
     parent::prepare($argarray);
     if ($this->boolean('ajax')) {
         StatusNet::setApi(true);
     }
     $this->user = common_current_user();
     if (empty($this->user)) {
         throw new ClientException(_m("You must be logged in to answer to a question."), 403);
     }
     $id = substr($this->trimmed('id'), 7);
     $this->answer = QnA_Answer::staticGet('id', $id);
     $this->question = $this->answer->getQuestion();
     if (empty($this->answer) || empty($this->question)) {
         throw new ClientException(_m('Invalid or missing answer.'), 404);
     }
     $this->answerText = $this->trimmed('answer');
     return true;
 }
Esempio n. 15
0
 /**
  * For initializing members of the class.
  *
  * @param array $argarray misc. arguments
  *
  * @return boolean true
  */
 function prepare($argarray)
 {
     parent::prepare($argarray);
     if ($this->boolean('ajax')) {
         StatusNet::setApi(true);
     }
     $this->user = common_current_user();
     if (empty($this->user)) {
         // TRANS: Client exception thrown when trying to create a new bookmark while not logged in.
         throw new ClientException(_m('Must be logged in to post a bookmark.'), 403);
     }
     if ($this->isPost()) {
         $this->checkSessionToken();
     }
     $this->title = $this->trimmed('title');
     $this->url = $this->trimmed('url');
     $this->tags = $this->trimmed('tags');
     $this->description = $this->trimmed('description');
     return true;
 }
Esempio n. 16
0
 /**
  * For initializing members of the class.
  *
  * @param array $argarray misc. arguments
  *
  * @return boolean true
  */
 function prepare($argarray)
 {
     parent::prepare($argarray);
     if ($this->boolean('ajax')) {
         StatusNet::setApi(true);
     }
     $this->user = common_current_user();
     if (empty($this->user)) {
         throw new ClientException(_m("You must be logged in to close a question."), 403);
     }
     if ($this->isPost()) {
         $this->checkSessionToken();
     }
     $id = substr($this->trimmed('id'), 9);
     $this->question = QnA_Question::staticGet('id', $id);
     if (empty($this->question)) {
         // TRANS: Client exception thrown trying to respond to a non-existing question.
         throw new ClientException(_m('Invalid or missing question.'), 404);
     }
     return true;
 }
Esempio n. 17
0
 /**
  * For initializing members of the class.
  *
  * @param array $argarray misc. arguments
  *
  * @return boolean true
  */
 function prepare($argarray)
 {
     parent::prepare($argarray);
     if ($this->boolean('ajax')) {
         StatusNet::setApi(true);
         // short error results!
     }
     $eventId = $this->trimmed('event');
     if (empty($eventId)) {
         // TRANS: Client exception thrown when requesting a non-exsting event.
         throw new ClientException(_m('No such event.'));
     }
     $this->event = Happening::staticGet('id', $eventId);
     if (empty($this->event)) {
         // TRANS: Client exception thrown when requesting a non-exsting event.
         throw new ClientException(_m('No such event.'));
     }
     $this->user = common_current_user();
     if (empty($this->user)) {
         // TRANS: Client exception thrown when trying to RSVP ("please respond") while not logged in.
         throw new ClientException(_m('You must be logged in to RSVP for an event.'));
     }
     common_debug(print_r($this->args, true));
     switch (strtolower($this->trimmed('submitvalue'))) {
         case 'yes':
             $this->verb = RSVP::POSITIVE;
             break;
         case 'no':
             $this->verb = RSVP::NEGATIVE;
             break;
         case 'maybe':
             $this->verb = RSVP::POSSIBLE;
             break;
         default:
             // TRANS: Client exception thrown when using an invalid value for RSVP ("please respond").
             throw new ClientException(_m('Unknown submit value.'));
     }
     return true;
 }
Esempio n. 18
0
 /**
  * For initializing members of the class.
  *
  * @param array $argarray misc. arguments
  *
  * @return boolean true
  */
 function prepare($argarray)
 {
     parent::prepare($argarray);
     if ($this->boolean('ajax')) {
         StatusNet::setApi(true);
     }
     common_debug("in qnanewanswer");
     $this->user = common_current_user();
     if (empty($this->user)) {
         throw new ClientException(_m("You must be logged in to answer to a question."), 403);
     }
     if ($this->isPost()) {
         $this->checkSessionToken();
     }
     $id = substr($this->trimmed('id'), 9);
     $this->question = QnA_Question::staticGet('id', $id);
     if (empty($this->question)) {
         throw new ClientException(_m('Invalid or missing question.'), 404);
     }
     $this->answerText = $this->trimmed('answer');
     return true;
 }
Esempio n. 19
0
 /**
  * Check pre-requisites and instantiate attributes
  *
  * @param Array $args array of arguments (URL, GET, POST)
  *
  * @return boolean success flag
  */
 function prepare($args)
 {
     parent::prepare($args);
     if ($this->boolean('ajax')) {
         StatusNet::setApi(true);
     }
     // Only allow POST requests
     if ($_SERVER['REQUEST_METHOD'] != 'POST') {
         // TRANS: Client error displayed trying to perform any request method other than POST.
         // TRANS: Do not translate POST.
         $this->clientError(_m('This action only accepts POST requests.'));
         return false;
     }
     // CSRF protection
     $token = $this->trimmed('token');
     if (!$token || $token != common_session_token()) {
         // TRANS: Client error displayed when the session token is not okay.
         $this->clientError(_m('There was a problem with your session token.' . ' Try again, please.'));
         return false;
     }
     // Only for logged-in users
     $this->user = common_current_user();
     if (empty($this->user)) {
         // TRANS: Error message displayed when trying to perform an action that requires a logged in user.
         $this->clientError(_m('Not logged in.'));
         return false;
     }
     // Profile to subscribe to
     $this->tag = $this->arg('tag');
     if (empty($this->tag)) {
         // TRANS: Client error displayed trying to subscribe to a non-existing profile.
         $this->clientError(_m('No such profile.'));
         return false;
     }
     return true;
 }
Esempio n. 20
0
 function prepare($args)
 {
     StatusNet::setApi(true);
     // reduce exception reports to aid in debugging
     return parent::prepare($args);
 }
Esempio n. 21
0
 /**
  * Initialization.
  *
  * @param array $args Web and URL arguments
  *
  * @return boolean false if user doesn't exist
  */
 function prepare($args)
 {
     StatusNet::setApi(true);
     // reduce exception reports to aid in debugging
     parent::prepare($args);
     $this->format = $this->arg('format');
     $this->callback = $this->arg('callback');
     $this->page = (int) $this->arg('page', 1);
     $this->count = (int) $this->arg('count', 20);
     $this->max_id = (int) $this->arg('max_id', 0);
     $this->since_id = (int) $this->arg('since_id', 0);
     if ($this->arg('since')) {
         header('X-StatusNet-Warning: since parameter is disabled; use since_id');
     }
     $this->source = $this->trimmed('source');
     if (empty($this->source) || in_array($this->source, self::$reserved_sources)) {
         $this->source = 'api';
     }
     return true;
 }
Esempio n. 22
0
 /**
  * Add a new Poll
  *
  * @return void
  */
 function newPoll()
 {
     if ($this->boolean('ajax')) {
         StatusNet::setApi(true);
     }
     try {
         if (empty($this->question)) {
             // TRANS: Client exception thrown trying to create a poll without a question.
             throw new ClientException(_m('Poll must have a question.'));
         }
         if (count($this->options) < 2) {
             // TRANS: Client exception thrown trying to create a poll with fewer than two options.
             throw new ClientException(_m('Poll must have at least two options.'));
         }
         // Notice options; distinct from choices for the poll
         $options = array();
         // Does the heavy-lifting for getting "To:" information
         ToSelector::fillOptions($this, $options);
         $saved = Poll::saveNew($this->user->getProfile(), $this->question, $this->options, $options);
     } catch (ClientException $ce) {
         $this->error = $ce->getMessage();
         $this->showPage();
         return;
     }
     if ($this->boolean('ajax')) {
         header('Content-Type: text/xml;charset=utf-8');
         $this->xw->startDocument('1.0', 'UTF-8');
         $this->elementStart('html');
         $this->elementStart('head');
         // TRANS: Page title after sending a notice.
         $this->element('title', null, _m('Notice posted'));
         $this->elementEnd('head');
         $this->elementStart('body');
         $this->showNotice($saved);
         $this->elementEnd('body');
         $this->elementEnd('html');
     } else {
         common_redirect($saved->bestUrl(), 303);
     }
 }
Esempio n. 23
0
 function handle($args)
 {
     // @fixme move this to saveSettings and friends?
     if ($_SERVER['REQUEST_METHOD'] == 'POST') {
         StatusNet::setApi(true);
         // short error pages :P
         $this->checkSessionToken();
         if ($this->subaction == 'change-apikey') {
             $form = new YammerApiKeyForm($this);
         } else {
             if ($this->subaction == 'apikey') {
                 if ($this->saveKeys()) {
                     $form = new YammerAuthInitForm($this, $this->runner);
                 } else {
                     $form = new YammerApiKeyForm($this);
                 }
             } else {
                 if ($this->subaction == 'authinit') {
                     // hack
                     if ($this->arg('change-apikey')) {
                         $form = new YammerApiKeyForm($this);
                     } else {
                         $url = $this->runner->requestAuth();
                         $form = new YammerAuthVerifyForm($this, $this->runner);
                     }
                 } else {
                     if ($this->subaction == 'authverify') {
                         $this->runner->saveAuthToken($this->trimmed('verify_token'));
                         // Haho! Now we can make THE FUN HAPPEN
                         $this->runner->startBackgroundImport();
                         $form = new YammerProgressForm($this, $this->runner);
                     } else {
                         if ($this->subaction == 'pause-import') {
                             // TRANS: Error message about an import job being paused from the admin panel.
                             $this->runner->recordError(_m('Paused from admin panel.'));
                             $form = $this->statusForm();
                         } else {
                             if ($this->subaction == 'continue-import') {
                                 $this->runner->clearError();
                                 $this->runner->startBackgroundImport();
                                 $form = $this->statusForm();
                             } else {
                                 if ($this->subaction == 'abort-import') {
                                     $this->runner->reset();
                                     $form = $this->statusForm();
                                 } else {
                                     if ($this->subaction == 'progress') {
                                         $form = $this->statusForm();
                                     } else {
                                         // TRANS: Client exception thrown when encountering an unhandled sub action.
                                         throw new ClientException(_m('Invalid POST'));
                                     }
                                 }
                             }
                         }
                     }
                 }
             }
         }
         return $this->showAjaxForm($form);
     }
     return parent::handle($args);
 }