diff --git a/.gitignore b/.gitignore index e512e0c..7695176 100644 --- a/.gitignore +++ b/.gitignore @@ -3,4 +3,6 @@ dist/ build.properties package.xml semanticscuttle-dump.sql -data/config.unittest.php +data/config.php +data/config.testing.php +data/config.testing-tmp.php diff --git a/data/.gitignore b/data/.gitignore deleted file mode 100644 index 4f4773f..0000000 --- a/data/.gitignore +++ /dev/null @@ -1 +0,0 @@ -config.php diff --git a/doc/ChangeLog b/doc/ChangeLog index a54e71e..3c4e939 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -14,6 +14,7 @@ ChangeLog for SemantiScuttle - Update php-gettext library to 1.0.10 - api/posts/add respects the "replace" parameter now - Fix privacy issue when fetching tags of several users +- Fix Google custom search XML - Only URLs with an allowed protocol may be added to the database - Support HTTPS connections when $root is not configured - SQL schema version table to ease future database upgrades diff --git a/doc/ssl-client-certificates.rst b/doc/ssl-client-certificates.rst index e12b507..7abf17a 100644 --- a/doc/ssl-client-certificates.rst +++ b/doc/ssl-client-certificates.rst @@ -94,7 +94,14 @@ you use. Apache configuration -------------------- To make use of SSL client certificates, you need to deliver SemanticScuttle -via HTTPS. +via HTTPS. + +Note that you can equip several virtual hosts with SSL certificates +and keep them on the same, standard SSL port by using SNI - +`Server Name Indication`__. + +.. _SNI: http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI +__ SNI_ A basic virtual host configuration with SSL looks like this: diff --git a/src/SemanticScuttle/Service/AuthUser.php b/src/SemanticScuttle/Service/AuthUser.php index 479b68a..9447ee4 100644 --- a/src/SemanticScuttle/Service/AuthUser.php +++ b/src/SemanticScuttle/Service/AuthUser.php @@ -130,7 +130,7 @@ class SemanticScuttle_Service_AuthUser extends SemanticScuttle_Service_User //FIXME: caching? $name = $this->auth->getUsername(); if (!$name) { - return false; + return parent::getCurrentUserId(); } return $this->getIdFromUser($name); } diff --git a/src/SemanticScuttle/Service/User.php b/src/SemanticScuttle/Service/User.php index 01945ca..18d5a29 100644 --- a/src/SemanticScuttle/Service/User.php +++ b/src/SemanticScuttle/Service/User.php @@ -455,8 +455,8 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService if ($ssls->hasValidCert()) { $id = $ssls->getUserIdFromCert(); if ($id !== false) { - $this->setCurrentUserId($id); - return (int)$_SESSION[$this->getSessionKey()]; + $this->setCurrentUserId($id, true); + return $this->currentuserId; } } return false; diff --git a/src/SemanticScuttle/header-standalone.php b/src/SemanticScuttle/header-standalone.php index cc1b0bd..3755ea1 100644 --- a/src/SemanticScuttle/header-standalone.php +++ b/src/SemanticScuttle/header-standalone.php @@ -14,7 +14,6 @@ * @link http://sourceforge.net/projects/semanticscuttle */ $_SERVER['HTTP_HOST'] = 'http://localhost/'; -define('UNIT_TEST_MODE', true); require_once dirname(__FILE__) . '/header.php'; ?> \ No newline at end of file diff --git a/src/SemanticScuttle/header.php b/src/SemanticScuttle/header.php index b0705b0..098e5c3 100644 --- a/src/SemanticScuttle/header.php +++ b/src/SemanticScuttle/header.php @@ -46,14 +46,21 @@ if (isset($_GET['unittestMode']) && $_GET['unittestMode'] == 1 die("Unittestmode is not allowed\n"); } - $unittestConfigFile = $datadir . '/config.unittest.php'; - if (file_exists($unittestConfigFile)) { - require_once $unittestConfigFile; - } define('HTTP_UNIT_TEST_MODE', true); define('UNIT_TEST_MODE', true); } if (defined('UNIT_TEST_MODE')) { + //load configuration for unit tests + $testingConfigFile = $datadir . '/config.testing.php'; + if (file_exists($testingConfigFile)) { + require_once $testingConfigFile; + } + //test-specific configuration file + $unittestConfigFile = $datadir . '/config.testing-tmp.php'; + if (file_exists($unittestConfigFile)) { + require_once $unittestConfigFile; + } + //make local config vars global - needed for unit tests //run with phpunit foreach (get_defined_vars() as $var => $value) { @@ -107,7 +114,7 @@ T_bind_textdomain_codeset($domain, 'UTF-8'); T_textdomain($domain); // 4 // Session -if (!defined('UNIT_TEST_MODE') || defined('HTTP_UNIT_TEST_MODE')) { +if (isset($_SERVER['REMOTE_ADDR'])) { session_start(); if ($GLOBALS['enableVoting']) { if (isset($_SESSION['lastUrl'])) { diff --git a/tests/TestBaseApi.php b/tests/TestBaseApi.php index 2caa701..20574f3 100644 --- a/tests/TestBaseApi.php +++ b/tests/TestBaseApi.php @@ -50,8 +50,9 @@ class TestBaseApi extends TestBase $this->url = $GLOBALS['unittestUrl'] . $this->urlPart; //clean up before test - if (file_exists($GLOBALS['datadir'] . '/config.unittest.php')) { - unlink($GLOBALS['datadir'] . '/config.unittest.php'); + $configFile = $GLOBALS['datadir'] . '/config.testing-tmp.php'; + if (file_exists($configFile)) { + unlink($configFile); } $this->us = SemanticScuttle_Service_Factory::get('User'); @@ -71,19 +72,36 @@ class TestBaseApi extends TestBase * @param string $urlSuffix Suffix for the URL * * @return HTTP_Request2 HTTP request object - * - * @uses $url */ protected function getRequest($urlSuffix = null) { - $req = new HTTP_Request2( - $this->url . $urlSuffix, - HTTP_Request2::METHOD_GET - ); + $url = $this->getTestUrl($urlSuffix); + $req = new HTTP_Request2($url, HTTP_Request2::METHOD_GET); return $req; } + /** + * Creates an URL from $this->url plus $urlSuffix and an appended + * unittestMode=1 parameter. + * + * @param string $urlSuffix Suffix for the URL + * + * @return string URL + * + * @uses $url + */ + protected function getTestUrl($urlSuffix = null) + { + $url = $this->url . $urlSuffix; + if (strpos($urlSuffix, '?') !== false) { + $url .= '&unittestMode=1'; + } else { + $url .= '?unittestMode=1'; + } + return $url; + } + /** * Completes an URL that's missing the protocol. @@ -165,7 +183,7 @@ class TestBaseApi extends TestBase $uid = $this->addUser($username, $password); $req = new HTTP_Request2( - $GLOBALS['unittestUrl'] . '/login.php', + $GLOBALS['unittestUrl'] . '/login.php?unittestMode=1', HTTP_Request2::METHOD_POST ); $cookies = $req->setCookieJar()->getCookieJar(); @@ -230,7 +248,7 @@ class TestBaseApi extends TestBase $this->assertInternalType( 'integer', - file_put_contents($GLOBALS['datadir'] . '/config.unittest.php', $str), + file_put_contents($GLOBALS['datadir'] . '/config.testing-tmp.php', $str), 'Writing config.unittest.php failed' ); } diff --git a/tests/prepare.php b/tests/prepare.php index c80306e..ea4d77d 100644 --- a/tests/prepare.php +++ b/tests/prepare.php @@ -22,7 +22,7 @@ $_SERVER['HTTP_HOST'] = 'http://localhost/'; define('UNIT_TEST_MODE', true); if ('@data_dir@' == '@' . 'data_dir@') { - //non pear-install + //non pear-installation (i.e. git checkout) require_once dirname(__FILE__) . '/../src/SemanticScuttle/header.php'; } else { //pear installation; files are in include path @@ -35,7 +35,7 @@ if ($GLOBALS['debugMode'] == true && $GLOBALS['dbtype'] == 'mysql4' ) { echo "\n" - . '!!! The combination of debugMode and dbtype==mysql4' + . '!! The combination of debugMode and dbtype==mysql4' . ' will wreck some tests' . "\n\n"; } ?> \ No newline at end of file diff --git a/tests/www/searchTest.php b/tests/www/searchTest.php index 1220667..5dce69d 100644 --- a/tests/www/searchTest.php +++ b/tests/www/searchTest.php @@ -41,7 +41,7 @@ class www_SearchTest extends TestBaseApi 'No bookmark found', false ); - $res = $this->getRequest('/all/baz bat')->send(); + $res = $this->getRequest('/all/baz%20bat')->send(); $this->assertSelectCount( '.xfolkentry', false, $res->getBody(), 'Bookmarks found', false diff --git a/www/gsearch/context.php b/www/gsearch/context.php index d714ec1..fd10c4e 100644 --- a/www/gsearch/context.php +++ b/www/gsearch/context.php @@ -1,27 +1,43 @@ + * @author Christian Weiske + * @author Eric Dane + * @license GPL http://www.gnu.org/licenses/gpl.html + * @link http://sourceforge.net/projects/semanticscuttle + * @link http://www.google.com/cse/docs/cref.html + */ require_once '../www-header.php'; -if($GLOBALS['enableGoogleCustomSearch'] == false) { - echo "Google Custom Search disabled. You can enable it into the config.php file."; - die; +if ($GLOBALS['enableGoogleCustomSearch'] == false) { + header('HTTP/1.0 403 Forbidden'); + header('Content-Type: text/plain; charset=utf-8'); + echo "Google Custom Search disabled." + . " You can enable it into the config.php file.\n"; + die(); } ?> - - + - - <?php echo $GLOBALS['sitename'] ?> - - - - - - - - - - - - + + <?php echo htmlspecialchars($GLOBALS['sitename']) ?> + + + + + + + + + diff --git a/www/gsearch/index.php b/www/gsearch/index.php index 70be05e..477aacb 100644 --- a/www/gsearch/index.php +++ b/www/gsearch/index.php @@ -1,17 +1,41 @@ - + * @author Christian Weiske + * @author Eric Dane + * @license GPL http://www.gnu.org/licenses/gpl.html + * @link http://sourceforge.net/projects/semanticscuttle + * @link http://www.google.com/cse/docs/cref.html + */ +require_once '../www-header.php'; -if($GLOBALS['enableGoogleCustomSearch']==false) { - echo "Google Custom Search disabled. You can enable it into the config.php file."; - die; +if ($GLOBALS['enableGoogleCustomSearch'] == false) { + header('HTTP/1.0 403 Forbidden'); + header('Content-Type: text/plain; charset=utf-8'); + echo "Google Custom Search disabled." + . " You can enable it into the config.php file.\n"; + die(); } ?> - - -<?php echo $GLOBALS['sitename'] ?> - -
-
+ + + + + <?php echo htmlspecialchars($GLOBALS['sitename']); ?> + + +
@@ -27,21 +51,21 @@ if($GLOBALS['enableGoogleCustomSearch']==false) { ... -isLoggedOn() && $currentUser->isAdmin()){ - echo '

'; - echo T_('Admin tips: '); - echo T_('To refresh manually Google Custom Search Engine, goes to: '); - echo 'http://www.google.com/coop/cse/cref' . '
'; - echo T_('If no result appears, check that all the urls are valid in the admin section.'); - echo '

'; - -} + echo T_('If no result appears, check that all the urls are valid in the admin section.'); + echo '

'; + +} ?> -
- + +