return intval($this->id);
}
+ /**
+ * WARNING: Only use this on Profile and Notice. We should probably do
+ * this with traits/"implements" or whatever, but that's over the top
+ * right now, I'm just throwing this in here to avoid code duplication
+ * in Profile and Notice classes.
+ */
+ public function getAliases()
+ {
+ $aliases = array();
+ $aliases[$this->getUri()] = $this->getID();
+
+ try {
+ $aliases[$this->getUrl()] = $this->getID();
+ } catch (InvalidUrlException $e) {
+ // getUrl failed because no valid URL could be returned, just ignore it
+ }
+
+ if (common_config('fix', 'fancyurls')) {
+ /**
+ * Here we add some hacky hotfixes for remote lookups that have been taught the
+ * (at least now) wrong URI but it's still obviously the same user. Such as:
+ * - https://site.example/user/1 even if the client requests https://site.example/index.php/user/1
+ * - https://site.example/user/1 even if the client requests https://site.example//index.php/user/1
+ * - https://site.example/index.php/user/1 even if the client requests https://site.example/user/1
+ * - https://site.example/index.php/user/1 even if the client requests https://site.example///index.php/user/1
+ */
+ foreach ($aliases as $alias=>$id) {
+ try {
+ // get a "fancy url" version of the alias, even without index.php/
+ $alt_url = common_fake_local_fancy_url($alias);
+ // store this as well so remote sites can be sure we really are the same profile
+ $aliases[$alt_url] = $id;
+ } catch (Exception $e) {
+ // Apparently we couldn't rewrite that, the $alias was as the function wanted it to be
+ }
+
+ try {
+ // get a non-"fancy url" version of the alias, i.e. add index.php/
+ $alt_url = common_fake_local_nonfancy_url($alias);
+ // store this as well so remote sites can be sure we really are the same profile
+ $aliases[$alt_url] = $id;
+ } catch (Exception $e) {
+ // Apparently we couldn't rewrite that, the $alias was as the function wanted it to be
+ }
+ }
+ }
+ return $aliases;
+ }
+
// 'update' won't write key columns, so we have to do it ourselves.
// This also automatically calls "update" _before_ it sets the keys.
// FIXME: This only works with single-column primary keys so far! Beware!
'log_queries' => false, // true to log all DB queries
'log_slow_queries' => 0, // if set, log queries taking over N seconds
'mysql_foreign_keys' => false), // if set, enables experimental foreign key support on MySQL
+ 'fix' =>
+ array('fancyurls' => true, // makes sure aliases in WebFinger etc. are not f'd by index.php/ URLs
+ ),
'syslog' =>
array('appname' => 'statusnet', # for syslog
'priority' => 'debug', # XXX: currently ignored
const OAUTH_AUTHORIZE_REL = 'http://apinamespace.org/oauth/authorize';
public $http_alias = false;
- public $fancyurlfix = true; // adds + interprets some extra aliases related to 'index.php/' URLs
public function initialize()
{
common_config_set('webfinger', 'http_alias', $this->http_alias);
- common_config_set('webfinger', 'fancyurlfix', $this->fancyurlfix);
}
public function onRouterInitialized($m)
$user = User::getByUri($resource);
$profile = $user->getProfile();
} catch (NoResultException $e) {
- if (common_config('webfinger', 'fancyurlfix')) {
+ if (common_config('fix', 'fancyurls')) {
try {
try { // if it's a /index.php/ url
// common_fake_local_fancy_url can throw an exception
public function getAliases()
{
- $aliases = array();
-
- // Add the URI as an identity, this is _not_ necessarily an HTTP url
- $uri = $this->object->getUri();
- $aliases[$uri] = true;
- if (common_config('webfinger', 'http_alias')
- && strtolower(parse_url($uri, PHP_URL_SCHEME)) === 'https') {
- $aliases[preg_replace('/^https:/', 'http:', $uri, 1)] = true;
- }
-
- try {
- $aliases[$this->object->getUrl()] = true;
- } catch (InvalidUrlException $e) {
- // getUrl failed because no valid URL could be returned, just ignore it
- }
-
- if (common_config('webfinger', 'fancyurlfix')) {
- /**
- * Here we add some hacky hotfixes for remote lookups that have been taught the
- * (at least now) wrong URI but it's still obviously the same user. Such as:
- * - https://site.example/user/1 even if the client requests https://site.example/index.php/user/1
- * - https://site.example/user/1 even if the client requests https://site.example//index.php/user/1
- * - https://site.example/index.php/user/1 even if the client requests https://site.example/user/1
- * - https://site.example/index.php/user/1 even if the client requests https://site.example///index.php/user/1
- */
- foreach(array_keys($aliases) as $alias) {
- try {
- // get a "fancy url" version of the alias, even without index.php/
- $alt_url = common_fake_local_fancy_url($alias);
- // store this as well so remote sites can be sure we really are the same profile
- $aliases[$alt_url] = true;
- } catch (Exception $e) {
- // Apparently we couldn't rewrite that, the $alias was as the function wanted it to be
- }
-
- try {
- // get a non-"fancy url" version of the alias, i.e. add index.php/
- $alt_url = common_fake_local_nonfancy_url($alias);
- // store this as well so remote sites can be sure we really are the same profile
- $aliases[$alt_url] = true;
- } catch (Exception $e) {
- // Apparently we couldn't rewrite that, the $alias was as the function wanted it to be
+ $aliases = $this->object->getAliases();
+
+ // Some sites have changed from http to https and still want
+ // (because remote sites look for it) verify that they are still
+ // the same identity as they were on HTTP. Should NOT be used if
+ // you've run HTTPS all the time!
+ if (common_config('webfinger', 'http_alias')) {
+ foreach ($aliases as $alias=>$id) {
+ if (!strtolower(parse_url($alias, PHP_URL_SCHEME)) === 'https') {
+ continue;
}
+ $aliases[preg_replace('/^https:/', 'http:', $alias, 1)] = $id;
}
}
projects / quix0rs-gnu-social.git / commitdiff