function save_notice(&$req, &$consumer, &$token) { $version = $req->get_parameter('omb_version'); if ($version != OMB_VERSION_01) { $this->clientError(_('Unsupported OMB version'), 400); return false; } # First, check to see $listenee = $req->get_parameter('omb_listenee'); $remote_profile = Remote_profile::staticGet('uri', $listenee); if (!$remote_profile) { $this->clientError(_('Profile unknown'), 403); return false; } $sub = Subscription::staticGet('token', $token->key); if (!$sub) { $this->clientError(_('No such subscription'), 403); return false; } $content = $req->get_parameter('omb_notice_content'); $content_shortened = common_shorten_links($content); if (mb_strlen($content_shortened) > 140) { $this->clientError(_('Invalid notice content'), 400); return false; } $notice_uri = $req->get_parameter('omb_notice'); if (!Validate::uri($notice_uri) && !common_valid_tag($notice_uri)) { $this->clientError(_('Invalid notice uri'), 400); return false; } $notice_url = $req->get_parameter('omb_notice_url'); if ($notice_url && !common_valid_http_url($notice_url)) { $this->clientError(_('Invalid notice url'), 400); return false; } $notice = Notice::staticGet('uri', $notice_uri); if (!$notice) { $notice = Notice::saveNew($remote_profile->id, $content, 'omb', false, null, $notice_uri); if (is_string($notice)) { common_server_serror($notice, 500); return false; } common_broadcast_notice($notice, true); } return true; }
function trySave() { $tag = common_canonical_tag($this->trimmed('tag')); $description = $this->trimmed('description'); $private = $this->boolean('private'); $delete = $this->arg('delete'); $confirm = $this->arg('confirm'); $cancel = $this->arg('cancel'); if ($delete && $cancel) { // TRANS: Form validation error displayed if the form data for deleting a tag was incorrect. $this->showForm(_('Delete aborted.')); return; } $set_private = $private && $this->peopletag->private != $private; if ($delete && !$confirm) { // TRANS: Text in confirmation dialog for deleting a tag. $this->showConfirm(_('Deleting this tag will permanantly remove ' . 'all its subscription and membership records. ' . 'Do you still want to continue?'), array('delete' => 1)); return; } else { if (common_valid_tag($tag)) { // TRANS: Form validation error displayed if a given tag is invalid. $this->showForm(_('Invalid tag.')); return; } else { if ($tag != $this->peopletag->tag && $this->tagExists($tag)) { // TRANS: Form validation error displayed if a given tag is already present. // TRANS: %s is the already present tag. $this->showForm(sprintf(_('You already have a tag named %s.'), $tag)); return; } else { if (Profile_list::descriptionTooLong($description)) { $this->showForm(sprintf(_m('Description is too long (maximum %d character).', 'Description is too long (maximum %d characters).', Profile_list::maxDescription()), Profile_list::maxDescription())); return; } else { if ($set_private && !$confirm && !$cancel) { $fwd = array('tag' => $tag, 'description' => $description, 'private' => (int) $private); // TRANS: Text in confirmation dialog for setting a tag from public to private. $this->showConfirm(_('Setting a public tag as private will ' . 'permanently remove all the existing ' . 'subscriptions to it. Do you still want to continue?'), $fwd); return; } } } } } $this->peopletag->query('BEGIN'); $orig = clone $this->peopletag; $this->peopletag->tag = $tag; $this->peopletag->description = $description; if (!$set_private || $confirm) { $this->peopletag->private = $private; } $result = $this->peopletag->update($orig); if (!$result) { common_log_db_error($this->group, 'UPDATE', __FILE__); // TRANS: Server error displayed when updating a list fails. $this->serverError(_('Could not update list.')); } $this->peopletag->query('COMMIT'); if ($set_private && $confirm) { Profile_tag_subscription::cleanup($this->peopletag); } if ($delete) { // This might take quite a bit of time. $this->peopletag->delete(); // send home. common_redirect(common_local_url('all', array('nickname' => $this->tagger->nickname)), 303); } if ($tag != $orig->tag) { common_redirect(common_local_url('editpeopletag', array('tagger' => $this->tagger->nickname, 'tag' => $tag)), 303); } else { // TRANS: Edit list form success message. $this->showForm(_('Options saved.')); } }
function validateOmb(&$req) { foreach (array('omb_version', 'omb_listener', 'omb_listenee', 'omb_listenee_profile', 'omb_listenee_nickname', 'omb_listenee_license') as $param) { if (is_null($req->get_parameter($param))) { throw new OAuthException("Required parameter '{$param}' not found"); } } # Now, OMB stuff $version = $req->get_parameter('omb_version'); if ($version != OMB_VERSION_01) { throw new OAuthException("OpenMicroBlogging version '{$version}' not supported"); } $listener = $req->get_parameter('omb_listener'); $user = User::staticGet('uri', $listener); if (!$user) { throw new OAuthException("Listener URI '{$listener}' not found here"); } $cur = common_current_user(); if ($cur->id != $user->id) { throw new OAuthException("Can't add for another user!"); } $listenee = $req->get_parameter('omb_listenee'); if (!Validate::uri($listenee) && !common_valid_tag($listenee)) { throw new OAuthException("Listenee URI '{$listenee}' not a recognizable URI"); } if (strlen($listenee) > 255) { throw new OAuthException("Listenee URI '{$listenee}' too long"); } $other = User::staticGet('uri', $listenee); if ($other) { throw new OAuthException("Listenee URI '{$listenee}' is local user"); } $remote = Remote_profile::staticGet('uri', $listenee); if ($remote) { $sub = new Subscription(); $sub->subscriber = $user->id; $sub->subscribed = $remote->id; if ($sub->find(true)) { throw new OAuthException("Already subscribed to user!"); } } $nickname = $req->get_parameter('omb_listenee_nickname'); if (!Validate::string($nickname, array('min_length' => 1, 'max_length' => 64, 'format' => VALIDATE_NUM . VALIDATE_ALPHA_LOWER))) { throw new OAuthException('Nickname must have only letters and numbers and no spaces.'); } $profile = $req->get_parameter('omb_listenee_profile'); if (!common_valid_http_url($profile)) { throw new OAuthException("Invalid profile URL '{$profile}'."); } if ($profile == common_local_url('showstream', array('nickname' => $nickname))) { throw new OAuthException("Profile URL '{$profile}' is for a local user."); } $license = $req->get_parameter('omb_listenee_license'); if (!common_valid_http_url($license)) { throw new OAuthException("Invalid license URL '{$license}'."); } $site_license = common_config('license', 'url'); if (!common_compatible_license($license, $site_license)) { throw new OAuthException("Listenee stream license '{$license}' not compatible with site license '{$site_license}'."); } # optional stuff $fullname = $req->get_parameter('omb_listenee_fullname'); if ($fullname && mb_strlen($fullname) > 255) { throw new OAuthException("Full name '{$fullname}' too long."); } $homepage = $req->get_parameter('omb_listenee_homepage'); if ($homepage && (!common_valid_http_url($homepage) || mb_strlen($homepage) > 255)) { throw new OAuthException("Invalid homepage '{$homepage}'"); } $bio = $req->get_parameter('omb_listenee_bio'); if ($bio && mb_strlen($bio) > 140) { throw new OAuthException("Bio too long '{$bio}'"); } $location = $req->get_parameter('omb_listenee_location'); if ($location && mb_strlen($location) > 255) { throw new OAuthException("Location too long '{$location}'"); } $avatar = $req->get_parameter('omb_listenee_avatar'); if ($avatar) { if (!common_valid_http_url($avatar) || strlen($avatar) > 255) { throw new OAuthException("Invalid avatar URL '{$avatar}'"); } $size = @getimagesize($avatar); if (!$size) { throw new OAuthException("Can't read avatar URL '{$avatar}'"); } if ($size[0] != AVATAR_PROFILE_SIZE || $size[1] != AVATAR_PROFILE_SIZE) { throw new OAuthException("Wrong size image at '{$avatar}'"); } if (!in_array($size[2], array(IMAGETYPE_GIF, IMAGETYPE_JPEG, IMAGETYPE_PNG))) { throw new OAuthException("Wrong image type for '{$avatar}'"); } } $callback = $req->get_parameter('oauth_callback'); if ($callback && !common_valid_http_url($callback)) { throw new OAuthException("Invalid callback URL '{$callback}'"); } if ($callback && $callback == common_local_url('finishremotesubscribe')) { throw new OAuthException("Callback URL '{$callback}' is for local site."); } }