/** * Check pre-requisites and instantiate attributes * * @param Array $args array of arguments (URL, GET, POST) * * @return boolean success flag */ function prepare($args) { parent::prepare($args); if ($this->boolean('ajax')) { GNUsocial::setApi(true); } // Only allow POST requests if ($_SERVER['REQUEST_METHOD'] != 'POST') { // TRANS: Client error displayed trying to perform any request method other than POST. // TRANS: Do not translate POST. $this->clientError(_m('This action only accepts POST requests.')); } // CSRF protection $token = $this->trimmed('token'); if (!$token || $token != common_session_token()) { // TRANS: Client error displayed when the session token is not okay. $this->clientError(_m('There was a problem with your session token.' . ' Try again, please.')); } // Only for logged-in users $this->user = common_current_user(); if (empty($this->user)) { // TRANS: Error message displayed when trying to perform an action that requires a logged in user. $this->clientError(_m('Not logged in.')); } // Profile to subscribe to $this->search = $this->arg('search'); if (empty($this->search)) { // TRANS: Client error displayed trying to subscribe to a non-existing profile. $this->clientError(_m('No such profile.')); } return true; }
function handle($args) { // Trigger short error responses; not a human-readable web page. GNUsocial::setApi(true); // We're not a general oEmbed proxy service; limit to valid sessions. $token = $this->trimmed('token'); if (!$token || $token != common_session_token()) { // TRANS: Client error displayed when the session token does not match or is not given. $this->clientError(_m('There was a problem with your session token. ' . 'Try again, please.')); } $format = $this->arg('format'); if ($format && $format != 'json') { // TRANS: Client exception thrown when requesting a different format than JSON. throw new ClientException(_m('Invalid format; only JSON supported.')); } $url = $this->arg('url'); if (!common_valid_http_url($url)) { // TRANS: Client exception thrown when not providing a valid URL. throw new ClientException(_m('Invalid URL.')); } $params = array(); if ($this->arg('maxwidth')) { $params['maxwidth'] = $this->arg('maxwidth'); } if ($this->arg('maxheight')) { $params['maxheight'] = $this->arg('maxheight'); } $data = oEmbedHelper::getObject($url, $params); $this->init_document('json'); print json_encode($data); }
/** * For initializing members of the class. * * @param array $argarray misc. arguments * * @return boolean true */ function prepare($argarray) { parent::prepare($argarray); if ($this->boolean('ajax')) { GNUsocial::setApi(true); } $this->user = common_current_user(); if (empty($this->user)) { // TRANS: Client exception thrown trying to respond to a poll while not logged in. throw new ClientException(_m('You must be logged in to respond to a poll.'), 403); } if ($this->isPost()) { $this->checkSessionToken(); } $id = $this->trimmed('id'); $this->poll = Poll::getKV('id', $id); if (empty($this->poll)) { // TRANS: Client exception thrown trying to respond to a non-existing poll. throw new ClientException(_m('Invalid or missing poll.'), 404); } $selection = intval($this->trimmed('pollselection')); if ($selection < 1 || $selection > count($this->poll->getOptions())) { // TRANS: Client exception thrown responding to a poll with an invalid answer. throw new ClientException(_m('Invalid poll selection.')); } $this->selection = $selection; return true; }
/** * For initializing members of the class. * * @param array $argarray misc. arguments * * @return boolean true */ function prepare($argarray) { parent::prepare($argarray); if ($this->boolean('ajax')) { GNUsocial::setApi(true); // short error results! } $rsvpId = $this->trimmed('rsvp'); if (empty($rsvpId)) { // TRANS: Client exception thrown when referring to a non-existing RSVP ("please respond") item. throw new ClientException(_m('No such RSVP.')); } $this->rsvp = RSVP::getKV('id', $rsvpId); if (empty($this->rsvp)) { // TRANS: Client exception thrown when referring to a non-existing RSVP ("please respond") item. throw new ClientException(_m('No such RSVP.')); } $this->event = Happening::getKV('id', $this->rsvp->event_id); if (empty($this->event)) { // TRANS: Client exception thrown when referring to a non-existing event. throw new ClientException(_m('No such event.')); } $this->user = common_current_user(); if (empty($this->user)) { // TRANS: Client exception thrown when trying tp RSVP ("please respond") while not logged in. throw new ClientException(_m('You must be logged in to RSVP for an event.')); } return true; }
/** * Check for an API key, and throw an exception if it's not set * * @param array $args URL and POST params * * @return boolean continuation flag */ function prepare($args) { GNUsocial::setApi(true); // reduce exception reports to aid in debugging parent::prepare($args); if (!common_config('globalapi', 'enabled')) { throw new ClientException(_('Global API not enabled.'), 403); } $apikey = $this->trimmed('apikey'); if (empty($apikey)) { throw new ClientException(_('No API key.'), 403); } $expected = common_config('globalapi', 'key'); if ($expected != $apikey) { // FIXME: increment a counter by IP address to prevent brute-force // attacks on the key. throw new ClientException(_('Bad API key.'), 403); } $email = common_canonical_email($this->trimmed('email')); if (empty($email)) { throw new ClientException(_('No email address.')); } if (!Validate::email($email, common_config('email', 'check_domain'))) { throw new ClientException(_('Invalid email address.')); } $this->email = $email; return true; }
/** * Load attributes based on database arguments * * Loads all the DB stuff * * @param array $args $_REQUEST array * * @return success flag */ protected function prepare(array $args = array()) { parent::prepare($args); if ($this->boolean('ajax')) { GNUsocial::setApi(true); } $this->notice = $this->getNotice(); if (!$this->notice->inScope($this->scoped)) { // TRANS: Client exception thrown when trying a view a notice the user has no access to. throw new ClientException(_('Access restricted.'), 403); } $this->profile = $this->notice->getProfile(); if (!$this->profile instanceof Profile) { // TRANS: Server error displayed trying to show a notice without a connected profile. $this->serverError(_('Notice has no profile.'), 500); } try { $this->user = $this->profile->getUser(); } catch (NoSuchUserException $e) { // FIXME: deprecate $this->user stuff in extended classes $this->user = null; } try { $this->avatar = $this->profile->getAvatar(AVATAR_PROFILE_SIZE); } catch (Exception $e) { $this->avatar = null; } return true; }
protected function handle() { GNUsocial::setApi(true); // Minimize error messages to aid in debugging parent::handle(); if ($this->isPost()) { return $this->handlePost(); } return $this->handleGet(); }
protected function prepare(array $args = array()) { GNUsocial::setApi(true); // Send smaller error pages parent::prepare($args); if (!isset($_SERVER['CONTENT_TYPE'])) { // TRANS: Client error. Do not translate "Content-type" $this->clientError(_m('Salmon requires a Content-type header.')); } $envxml = null; switch ($_SERVER['CONTENT_TYPE']) { case 'application/magic-envelope+xml': $envxml = file_get_contents('php://input'); break; case 'application/x-www-form-urlencoded': $envxml = Magicsig::base64_url_decode($this->trimmed('xml')); break; default: // TRANS: Client error. Do not translate the quoted "application/[type]" strings. $this->clientError(_m('Salmon requires "application/magic-envelope+xml". For Diaspora we also accept "application/x-www-form-urlencoded" with an "xml" parameter.', 415)); } try { if (empty($envxml)) { throw new ClientException('No magic envelope supplied in POST.'); } $magic_env = new MagicEnvelope($envxml); // parse incoming XML as a MagicEnvelope $entry = $magic_env->getPayload(); // Not cryptographically verified yet! $this->activity = new Activity($entry->documentElement); if (empty($this->activity->actor->id)) { common_log(LOG_ERR, "broken actor: " . var_export($this->activity->actor->id, true)); common_log(LOG_ERR, "activity with no actor: " . var_export($this->activity, true)); // TRANS: Exception. throw new Exception(_m('Received a salmon slap from unidentified actor.')); } // ensureProfiles sets $this->actor and $this->oprofile $this->ensureProfiles(); } catch (Exception $e) { common_debug('Salmon envelope parsing failed with: ' . $e->getMessage()); $this->clientError($e->getMessage()); } // Cryptographic verification test if (!$magic_env->verify($this->actor)) { common_log(LOG_DEBUG, "Salmon signature verification failed."); // TRANS: Client error. $this->clientError(_m('Salmon signature verification failed.')); } return true; }
/** * For initializing members of the class. * * @param array $argarray misc. arguments * * @return boolean true */ function prepare($argarray) { parent::prepare($argarray); if ($this->boolean('ajax')) { GNUsocial::setApi(true); } $this->user = common_current_user(); if (empty($this->user)) { throw new ClientException(_m("You must be logged in to answer to a question."), 403); } $id = substr($this->trimmed('id'), 7); $this->answer = QnA_Answer::getKV('id', $id); $this->question = $this->answer->getQuestion(); if (empty($this->answer) || empty($this->question)) { throw new ClientException(_m('Invalid or missing answer.'), 404); } $this->answerText = $this->trimmed('answer'); return true; }
protected function prepare(array $args = array()) { // If we die, show short error messages. GNUsocial::setApi(true); parent::prepare($args); $this->groups = array(); $this->profiles = array(); $term = $this->arg('term'); $limit = $this->arg('limit'); if ($limit > 200) { $limit = 200; } //prevent DOS attacks if (substr($term, 0, 1) == '@') { //profile search $term = substr($term, 1); $profile = new Profile(); $profile->limit($limit); $profile->whereAdd('nickname like \'' . trim($profile->escape($term), '\'') . '%\''); $profile->whereAdd(sprintf('id in (SELECT id FROM user) OR ' . 'id in (SELECT subscribed from subscription' . ' where subscriber = %d)', $this->scoped->id)); if ($profile->find()) { while ($profile->fetch()) { $this->profiles[] = clone $profile; } } } if (substr($term, 0, 1) == '!') { //group search $term = substr($term, 1); $group = new User_group(); $group->limit($limit); $group->whereAdd('nickname like \'' . trim($group->escape($term), '\'') . '%\''); //Can't post to groups we're not subscribed to...: $group->whereAdd(sprintf('id in (SELECT group_id FROM group_member' . ' WHERE profile_id = %d)', $this->scoped->id)); if ($group->find()) { while ($group->fetch()) { $this->groups[] = clone $group; } } } return true; }
/** * For initializing members of the class. * * @param array $argarray misc. arguments * * @return boolean true */ function prepare($argarray) { parent::prepare($argarray); if ($this->boolean('ajax')) { GNUsocial::setApi(true); } $this->user = common_current_user(); if (empty($this->user)) { // TRANS: Client exception thrown when trying to create a new bookmark while not logged in. throw new ClientException(_m('Must be logged in to post a bookmark.'), 403); } if ($this->isPost()) { $this->checkSessionToken(); } $this->title = $this->trimmed('title'); $this->url = $this->trimmed('url'); $this->tags = $this->trimmed('tags'); $this->description = $this->trimmed('description'); return true; }
/** * For initializing members of the class. * * @param array $argarray misc. arguments * * @return boolean true */ function prepare($argarray) { parent::prepare($argarray); if ($this->boolean('ajax')) { GNUsocial::setApi(true); } $this->user = common_current_user(); if (empty($this->user)) { throw new ClientException(_m("You must be logged in to close a question."), 403); } if ($this->isPost()) { $this->checkSessionToken(); } $id = substr($this->trimmed('id'), 9); $this->question = QnA_Question::getKV('id', $id); if (empty($this->question)) { // TRANS: Client exception thrown trying to respond to a non-existing question. throw new ClientException(_m('Invalid or missing question.'), 404); } return true; }
/** * For initializing members of the class. * * @param array $argarray misc. arguments * * @return boolean true */ function prepare($argarray) { parent::prepare($argarray); if ($this->boolean('ajax')) { GNUsocial::setApi(true); } common_debug("in qnanewanswer"); $this->user = common_current_user(); if (empty($this->user)) { throw new ClientException(_m("You must be logged in to answer to a question."), 403); } if ($this->isPost()) { $this->checkSessionToken(); } $id = substr($this->trimmed('id'), 9); $this->question = QnA_Question::getKV('id', $id); if (empty($this->question)) { throw new ClientException(_m('Invalid or missing question.'), 404); } $this->answerText = $this->trimmed('answer'); return true; }
/** * For initializing members of the class. * * @param array $argarray misc. arguments * * @return boolean true */ function prepare($argarray) { parent::prepare($argarray); if ($this->boolean('ajax')) { GNUsocial::setApi(true); // short error results! } $eventId = $this->trimmed('event'); if (empty($eventId)) { // TRANS: Client exception thrown when referring to a non-existing event. throw new ClientException(_m('No such event.')); } $this->event = Happening::getKV('id', $eventId); if (empty($this->event)) { // TRANS: Client exception thrown when referring to a non-existing event. throw new ClientException(_m('No such event.')); } $this->user = common_current_user(); if (empty($this->user)) { // TRANS: Client exception thrown when trying to RSVP ("please respond") while not logged in. throw new ClientException(_m('You must be logged in to RSVP for an event.')); } common_debug(print_r($this->args, true)); switch (strtolower($this->trimmed('submitvalue'))) { case 'yes': $this->verb = RSVP::POSITIVE; break; case 'no': $this->verb = RSVP::NEGATIVE; break; case 'maybe': $this->verb = RSVP::POSSIBLE; break; default: // TRANS: Client exception thrown when using an invalid value for RSVP ("please respond"). throw new ClientException(_m('Unknown submit value.')); } return true; }
/** * Add a new Poll * * @return void */ function newPoll() { if ($this->boolean('ajax')) { GNUsocial::setApi(true); } try { if (empty($this->question)) { // TRANS: Client exception thrown trying to create a poll without a question. throw new ClientException(_m('Poll must have a question.')); } if (count($this->options) < 2) { // TRANS: Client exception thrown trying to create a poll with fewer than two options. throw new ClientException(_m('Poll must have at least two options.')); } // Notice options; distinct from choices for the poll $options = array(); // Does the heavy-lifting for getting "To:" information ToSelector::fillOptions($this, $options); $saved = Poll::saveNew($this->user->getProfile(), $this->question, $this->options, $options); } catch (ClientException $ce) { $this->error = $ce->getMessage(); $this->showPage(); return; } if ($this->boolean('ajax')) { $this->startHTML('text/xml;charset=utf-8'); $this->elementStart('head'); // TRANS: Page title after sending a notice. $this->element('title', null, _m('Notice posted')); $this->elementEnd('head'); $this->elementStart('body'); $this->showNotice($saved); $this->elementEnd('body'); $this->endHTML(); } else { common_redirect($saved->getUrl(), 303); } }
protected function prepare(array $args = array()) { GNUsocial::setApi(true); // reduce exception reports to aid in debugging return parent::prepare($args); }
/** * Initialization. * * @param array $args Web and URL arguments * * @return boolean false if user doesn't exist */ protected function prepare(array $args = array()) { GNUsocial::setApi(true); // reduce exception reports to aid in debugging parent::prepare($args); $this->format = $this->arg('format'); $this->callback = $this->arg('callback'); $this->page = (int) $this->arg('page', 1); $this->count = (int) $this->arg('count', 20); $this->max_id = (int) $this->arg('max_id', 0); $this->since_id = (int) $this->arg('since_id', 0); // These two are not used everywhere, mainly just AtompubAction extensions $this->offset = ($this->page - 1) * $this->count; $this->limit = $this->count + 1; if ($this->arg('since')) { header('X-GNUsocial-Warning: since parameter is disabled; use since_id'); } $this->source = $this->trimmed('source'); if (empty($this->source) || in_array($this->source, self::$reserved_sources)) { $this->source = 'api'; } return true; }
/** * Add a new Question * * @return void */ function newQuestion() { if ($this->boolean('ajax')) { GNUsocial::setApi(true); } try { if (empty($this->title)) { // TRANS: Client exception thrown trying to create a question without a title. throw new ClientException(_m('Question must have a title.')); } // Notice options $options = array(); // Does the heavy-lifting for getting "To:" information ToSelector::fillOptions($this, $options); $saved = QnA_Question::saveNew($this->user->getProfile(), $this->title, $this->description, $options); } catch (ClientException $ce) { $this->error = $ce->getMessage(); $this->showPage(); return; } if ($this->boolean('ajax')) { $this->startHTML('text/xml;charset=utf-8'); $this->elementStart('head'); // TRANS: Page title after sending a notice. $this->element('title', null, _m('Question posted')); $this->elementEnd('head'); $this->elementStart('body'); $this->showNotice($saved); $this->elementEnd('body'); $this->endHTML(); } else { common_redirect($saved->getUrl(), 303); } }