]> git.mxchange.org Git - quix0rs-gnu-social.git/blob - actions/updateprofile.php
projects / quix0rs-gnu-social.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
only validate if values are sent
[quix0rs-gnu-social.git] / actions / updateprofile.php
1 <?php
2 /*
3  * Laconica - a distributed open-source microblogging tool
4  * Copyright (C) 2008, Controlez-Vous, Inc.
5  *
6  * This program is free software: you can redistribute it and/or modify
7  * it under the terms of the GNU Affero General Public License as published by
8  * the Free Software Foundation, either version 3 of the License, or
9  * (at your option) any later version.
10  *
11  * This program is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14  * GNU Affero General Public License for more details.
15  *
16  * You should have received a copy of the GNU Affero General Public License
17  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
18  */
19
20 if (!defined('LACONICA')) { exit(1); }
21
22 require_once(INSTALLDIR.'/lib/omb.php');
23
24 class UpdateprofileAction extends Action {
25         function handle($args) {
26                 parent::handle($args);
27                 try {
28                         $req = OAuthRequest::from_request();
29                         # Note: server-to-server function!
30                         $server = omb_oauth_server();
31                         list($consumer, $token) = $server->verify_request($req);
32                         if ($this->update_profile($req, $consumer, $token)) {
33                                 print "omb_version=".OMB_VERSION_01;
34                         }
35                 } catch (OAuthException $e) {
36                         $this->server_error($e->getMessage());
37                         return;
38                 }
39         }
40         
41         function update_profile($req, $consumer, $token) {
42                 $version = $req->get_parameter('omb_version');
43                 if ($version != OMB_VERSION_01) {
44                         $this->client_error(_t('Unsupported OMB version'), 400);
45                         return false;
46                 }
47                 # First, check to see if listenee exists
48                 $listenee =  $req->get_parameter('omb_listenee');
49                 $remote = Remote_profile::staticGet('uri', $listenee);
50                 if (!$remote) {
51                         $this->client_error(_t('Profile unknown'), 404);
52                         return false;
53                 }
54                 # Second, check to see if they should be able to post updates!
55                 # We see if there are any subscriptions to that remote user with
56                 # the given token.
57                 
58                 $sub = new Subscription();
59                 $sub->subscribed = $remote->id;
60                 $sub->token = $token->key;
61                 if (!$sub->find(true)) {
62                         $this->client_error(_t('You did not send us that profile'), 403);
63                         return false;
64                 }
65                 
66                 $profile = Profile::staticGet('id', $remote->id);
67                 if (!$profile) {
68                         # This one is our fault
69                         $this->server_error(_t('Remote profile with no matching profile'), 500);
70                         return false;
71                 }
72                 $nickname = $req->get_parameter('omb_listenee_nickname');
73                 if ($nickname && !Validate::string($nickname, array('min_length' => 1,
74                                                                                                                         'max_length' => 64,
75                                                                                                                         'format' => VALIDATE_NUM . VALIDATE_ALPHA_LOWER))) {
76                         $this->client_error(_t('Nickname must have only letters and numbers and no spaces.'));
77                         return false;
78                 }
79                 $license = $req->get_parameter('omb_listenee_license');
80                 if ($license && !common_valid_http_url($license)) {
81                         $this->client_error(_t("Invalid license URL '$license'"));
82                         return false;
83                 }
84                 $profile_url = $req->get_parameter('omb_listenee_profile');
85                 if ($profile_url && !common_valid_http_url($profile_url)) {
86                         $this->client_error(_t("Invalid profile URL '$profile_url'."));
87                         return false;
88                 }
89                 # optional stuff
90                 $fullname = $req->get_parameter('omb_listenee_fullname');
91                 if ($fullname && strlen($fullname) > 255) {
92                         $this->client_error(_t("Full name '$fullname' too long."));
93                         return false;
94                 }
95                 $homepage = $req->get_parameter('omb_listenee_homepage');
96                 if ($homepage && (!common_valid_http_url($homepage) || strlen($homepage) > 255)) {
97                         $this->client_error(_t("Invalid homepage '$homepage'"));
98                         return false;
99                 }
100                 $bio = $req->get_parameter('omb_listenee_bio');
101                 if ($bio && strlen($bio) > 140) {
102                         $this->client_error(_t("Bio too long '$bio'"));
103                         return false;
104                 }
105                 $location = $req->get_parameter('omb_listenee_location');
106                 if ($location && strlen($location) > 255) {
107                         $this->client_error(_t("Location too long '$location'"));
108                         return false;
109                 }
110                 $avatar = $req->get_parameter('omb_listenee_avatar');
111                 if ($avatar) {
112                         if (!common_valid_http_url($avatar) || strlen($avatar) > 255) {
113                                 $this->client_error(_t("Invalid avatar URL '$avatar'"));
114                                 return false;
115                         }
116                         $size = @getimagesize($avatar);
117                         if (!$size) {
118                                 $this->client_error(_t("Can't read avatar URL '$avatar'"));
119                                 return false;
120                         }
121                         if ($size[0] != AVATAR_PROFILE_SIZE || $size[1] != AVATAR_PROFILE_SIZE) {
122                                 $this->client_error(_t("Wrong size image at '$avatar'"));
123                                 return false;
124                         }
125                         if (!in_array($size[2], array(IMAGETYPE_GIF, IMAGETYPE_JPEG,
126                                                                                   IMAGETYPE_PNG))) {
127                                 $this->client_error(_t("Wrong image type for '$avatar'"));
128                                 return false;
129                         }
130                 }
131                 
132                 $orig_profile = clone($profile);
133                 
134                 if ($nickname) {
135                         $profile->nickname = $nickname;
136                 }
137                 if ($profile_url) {
138                         $profile->profileurl = $profile_url;
139                 }
140                 if ($fullname) {
141                         $profile->fullname = $fullname;
142                 }
143                 if ($homepage) {
144                         $profile->homepage = $homepage;
145                 }
146                 if ($bio) {
147                         $profile->bio = $bio;
148                 }
149                 if ($location) {
150                         $profile->location = $location;
151                 }
152                 
153                 if (!$profile->update($orig_profile)) {
154                         $this->server_error(_t('Could not save new profile info'), 500);
155                         return false;
156                 } else {
157                         if ($avatar) {
158                                 $temp_filename = tempnam(sys_get_temp_dir(), 'listenee_avatar');
159                                 copy($avatar, $temp_filename);
160                                 if (!$profile->setOriginal($temp_filename)) {
161                                         $this->server_error(_t('Could not save avatar info'), 500);
162                                         return false;
163                                 }
164                         }
165                         header('HTTP/1.1 200 OK');
166                         header('Content-type: text/plain');
167                         print 'Updated profile';
168                         print "\n";
169                         return true;
170                 }
171         }
172 }
This is my personal clone from the wonderful software GNUSocial. I may fix or break things here, so use it on your own risk. :-)