textdomain("statusnet");
}
-
function common_timezone()
{
if (common_logged_in()) {
$value,
$expiration,
$cookiepath,
- $server);
+ $server,
+ common_config('site', 'ssl')=='always');
}
define('REMEMBERME', 'rememberme');
return common_logged_in() && $_SESSION['real_login'];
}
+/**
+ * Get a hash portion for HTTP caching Etags and such including
+ * info on the current user's session. If login/logout state changes,
+ * or we've changed accounts, or we've renamed the current user,
+ * we'll get a new hash value.
+ *
+ * This should not be considered secure information.
+ *
+ * @param User $user (optional; uses common_current_user() if left out)
+ * @return string
+ */
+function common_user_cache_hash($user=false)
+{
+ if ($user === false) {
+ $user = common_current_user();
+ }
+ if ($user) {
+ return crc32($user->id . ':' . $user->nickname);
+ } else {
+ return '0';
+ }
+}
+
// get canonical version of nickname for comparison
function common_canonical_nickname($nickname)
{
$longurl = $url;
}
}
- $attrs = array('href' => $canon, 'title' => $longurl, 'rel' => 'external');
+
+ $attrs = array('href' => $canon, 'title' => $longurl);
$is_attachment = false;
$attachment_id = null;
}
if (!empty($f)) {
- if ($f->getEnclosure() || File_oembed::staticGet('file_id',$f->id)) {
+ if ($f->getEnclosure()) {
$is_attachment = true;
$attachment_id = $f->id;
$attrs['id'] = "attachment-{$attachment_id}";
}
+ // Whether to nofollow
+
+ $nf = common_config('nofollow', 'external');
+
+ if ($nf == 'never') {
+ $attrs['rel'] = 'external';
+ } else {
+ $attrs['rel'] = 'nofollow external';
+ }
+
return XMLStringer::estring('a', $attrs, $url);
}
return common_replace_urls_callback($text, array('File_redirection', 'makeShort'));
}
+/**
+ * Very basic stripping of invalid UTF-8 input text.
+ *
+ * @param string $str
+ * @return mixed string or null if invalid input
+ *
+ * @todo ideally we should drop bad chars, and maybe do some of the checks
+ * from common_xml_safe_str. But we can't strip newlines, etc.
+ * @todo Unicode normalization might also be useful, but not needed now.
+ */
+function common_validate_utf8($str)
+{
+ // preg_replace will return NULL on invalid UTF-8 input.
+ //
+ // Note: empty regex //u also caused NULL return on some
+ // production machines, but none of our test machines.
+ //
+ // This should be replaced with a more reliable check.
+ return preg_replace('/\x00/u', '', $str);
+}
+
+/**
+ * Make sure an arbitrary string is safe for output in XML as a single line.
+ *
+ * @param string $str
+ * @return string
+ */
function common_xml_safe_str($str)
{
// Replace common eol and extra whitespace input chars
$canonical = common_canonical_tag($tag);
if (common_config('singleuser', 'enabled')) {
// regular TagAction isn't set up in 1user mode
+ $user = User::singleUser();
$url = common_local_url('showstream',
- array('nickname' => common_config('singleuser', 'nickname'),
+ array('nickname' => $user->nickname,
'tag' => $canonical));
} else {
$url = common_local_url('tag', array('tag' => $canonical));
$attrs = array('href' => $group->permalink(),
'class' => 'url');
if (!empty($group->fullname)) {
- $attrs['title'] = $group->fullname . ' (' . $group->nickname . ')';
+ $attrs['title'] = $group->getFancyName();
}
$xs = new XMLStringer();
$xs->elementStart('span', 'vcard');
function common_is_sensitive($action)
{
- static $sensitive = array('login', 'register', 'passwordsettings', 'api');
+ static $sensitive = array(
+ 'login',
+ 'register',
+ 'passwordsettings',
+ 'api',
+ 'ApiOauthRequestToken',
+ 'ApiOauthAccessToken',
+ 'ApiOauthAuthorize',
+ 'ApiOauthPin',
+ 'showapplication'
+ );
$ssl = null;
if (Event::handle('SensitiveAction', array($action, &$ssl))) {
// TRANS: Used in notices to indicate when the notice was made compared to now.
return _('about a minute ago');
} else if ($diff < 3300) {
+ $minutes = round($diff/60);
// TRANS: Used in notices to indicate when the notice was made compared to now.
- return sprintf( ngettext('about one minute ago', 'about %d minutes ago'), round($diff/60));
+ return sprintf( ngettext('about one minute ago', 'about %d minutes ago', $minutes), $minutes);
} else if ($diff < 5400) {
// TRANS: Used in notices to indicate when the notice was made compared to now.
return _('about an hour ago');
} else if ($diff < 22 * 3600) {
+ $hours = round($diff/3600);
// TRANS: Used in notices to indicate when the notice was made compared to now.
- return sprintf( ngettext('about one hour ago', 'about %d hours ago'), round($diff/3600));
+ return sprintf( ngettext('about one hour ago', 'about %d hours ago', $hours), $hours);
} else if ($diff < 37 * 3600) {
// TRANS: Used in notices to indicate when the notice was made compared to now.
return _('about a day ago');
} else if ($diff < 24 * 24 * 3600) {
+ $days = round($diff/(24*3600));
// TRANS: Used in notices to indicate when the notice was made compared to now.
- return sprintf( ngettext('about one day ago', 'about %d days ago'), round($diff/(24*3600)));
+ return sprintf( ngettext('about one day ago', 'about %d days ago', $days), $days);
} else if ($diff < 46 * 24 * 3600) {
// TRANS: Used in notices to indicate when the notice was made compared to now.
return _('about a month ago');
} else if ($diff < 330 * 24 * 3600) {
+ $months = round($diff/(30*24*3600));
// TRANS: Used in notices to indicate when the notice was made compared to now.
- return sprintf( ngettext('about one month ago', 'about %d months ago'), round($diff/(30*24*3600)));
+ return sprintf( ngettext('about one month ago', 'about %d months ago',$months), $months);
} else if ($diff < 480 * 24 * 3600) {
// TRANS: Used in notices to indicate when the notice was made compared to now.
return _('about a year ago');
function common_log($priority, $msg, $filename=null)
{
if(Event::handle('StartLog', array(&$priority, &$msg, &$filename))){
+ $msg = (empty($filename)) ? $msg : basename($filename) . ' - ' . $msg;
$msg = '[' . common_request_id() . '] ' . $msg;
$logfile = common_config('site', 'logfile');
if ($logfile) {
{
$objstr = common_log_objstring($object);
$last_error = &PEAR::getStaticProperty('DB_DataObject','lastError');
- common_log(LOG_ERR, $last_error->message . '(' . $verb . ' on ' . $objstr . ')', $filename);
+ if (is_object($last_error)) {
+ $msg = $last_error->message;
+ } else {
+ $msg = 'Unknown error (' . var_export($last_error, true) . ')';
+ }
+ common_log(LOG_ERR, $msg . '(' . $verb . ' on ' . $objstr . ')', $filename);
}
function common_log_objstring(&$object)
array_key_exists($sub, $config[$main])) ? $config[$main][$sub] : false;
}
+/**
+ * Pull arguments from a GET/POST/REQUEST array with first-level input checks:
+ * strips "magic quotes" slashes if necessary, and kills invalid UTF-8 strings.
+ *
+ * @param array $from
+ * @return array
+ */
function common_copy_args($from)
{
$to = array();
$strip = get_magic_quotes_gpc();
foreach ($from as $k => $v) {
- if($strip) {
- if(is_array($v)) {
- $to[$k] = common_copy_args($v);
- } else {
- $to[$k] = stripslashes($v);
- }
+ if(is_array($v)) {
+ $to[$k] = common_copy_args($v);
} else {
- $to[$k] = $v;
+ if ($strip) {
+ $v = stripslashes($v);
+ }
+ $to[$k] = strval(common_validate_utf8($v));
}
}
return $to;