Merge branch 'master' into privatekey2

13 files changed, 139 insertions, 66 deletions

diff --git a/.gitignore b/.gitignore
index e512e0c..7695176 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,4 +3,6 @@ dist/
 build.properties
 package.xml
 semanticscuttle-dump.sql
-data/config.unittest.php
+data/config.php
+data/config.testing.php
+data/config.testing-tmp.php
diff --git a/data/.gitignore b/data/.gitignore
deleted file mode 100644
index 4f4773f..0000000
--- a/data/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-config.php
diff --git a/doc/ChangeLog b/doc/ChangeLog
index a54e71e..3c4e939 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -14,6 +14,7 @@ ChangeLog for SemantiScuttle
 - Update php-gettext library to 1.0.10
 - api/posts/add respects the "replace" parameter now
 - Fix privacy issue when fetching tags of several users
+- Fix Google custom search XML
 - Only URLs with an allowed protocol may be added to the database
 - Support HTTPS connections when $root is not configured
 - SQL schema version table to ease future database upgrades
diff --git a/doc/ssl-client-certificates.rst b/doc/ssl-client-certificates.rst
index e12b507..7abf17a 100644
--- a/doc/ssl-client-certificates.rst
+++ b/doc/ssl-client-certificates.rst
@@ -94,7 +94,14 @@ you use.
 Apache configuration
 --------------------
 To make use of SSL client certificates, you need to deliver SemanticScuttle
-via HTTPS. 
+via HTTPS.
+
+Note that you can equip several virtual hosts with SSL certificates
+and keep them on the same, standard SSL port by using SNI -
+`Server Name Indication`__.
+
+.. _SNI: http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI
+__ SNI_
 
 A basic virtual host configuration with SSL looks like this:
 
diff --git a/src/SemanticScuttle/Service/AuthUser.php b/src/SemanticScuttle/Service/AuthUser.php
index 479b68a..9447ee4 100644
--- a/src/SemanticScuttle/Service/AuthUser.php
+++ b/src/SemanticScuttle/Service/AuthUser.php
@@ -130,7 +130,7 @@ class SemanticScuttle_Service_AuthUser extends SemanticScuttle_Service_User
         //FIXME: caching?
         $name = $this->auth->getUsername();
         if (!$name) {
-            return false;
+            return parent::getCurrentUserId();
         }
         return $this->getIdFromUser($name);
     }
diff --git a/src/SemanticScuttle/Service/User.php b/src/SemanticScuttle/Service/User.php
index 01945ca..18d5a29 100644
--- a/src/SemanticScuttle/Service/User.php
+++ b/src/SemanticScuttle/Service/User.php
@@ -455,8 +455,8 @@ class SemanticScuttle_Service_User extends SemanticScuttle_DbService
         if ($ssls->hasValidCert()) {
             $id = $ssls->getUserIdFromCert();
             if ($id !== false) {
-                $this->setCurrentUserId($id);
-                return (int)$_SESSION[$this->getSessionKey()];
+                $this->setCurrentUserId($id, true);
+                return $this->currentuserId;
             }
         }
         return false;
diff --git a/src/SemanticScuttle/header-standalone.php b/src/SemanticScuttle/header-standalone.php
index cc1b0bd..3755ea1 100644
--- a/src/SemanticScuttle/header-standalone.php
+++ b/src/SemanticScuttle/header-standalone.php
@@ -14,7 +14,6 @@
  * @link     http://sourceforge.net/projects/semanticscuttle
  */
 $_SERVER['HTTP_HOST'] = 'http://localhost/';
-define('UNIT_TEST_MODE', true);
 
 require_once dirname(__FILE__) . '/header.php';
 ?>
\ No newline at end of file
diff --git a/src/SemanticScuttle/header.php b/src/SemanticScuttle/header.php
index b0705b0..098e5c3 100644
--- a/src/SemanticScuttle/header.php
+++ b/src/SemanticScuttle/header.php
@@ -46,14 +46,21 @@ if (isset($_GET['unittestMode']) && $_GET['unittestMode'] == 1
         die("Unittestmode is not allowed\n");
     }
 
-    $unittestConfigFile = $datadir . '/config.unittest.php';
-    if (file_exists($unittestConfigFile)) {
-        require_once $unittestConfigFile;
-    }
     define('HTTP_UNIT_TEST_MODE', true);
     define('UNIT_TEST_MODE', true);
 }
 if (defined('UNIT_TEST_MODE')) {
+    //load configuration for unit tests
+    $testingConfigFile = $datadir . '/config.testing.php';
+    if (file_exists($testingConfigFile)) {
+        require_once $testingConfigFile;
+    }
+    //test-specific configuration file
+    $unittestConfigFile = $datadir . '/config.testing-tmp.php';
+    if (file_exists($unittestConfigFile)) {
+        require_once $unittestConfigFile;
+    }
+
     //make local config vars global - needed for unit tests
     //run with phpunit
     foreach (get_defined_vars() as $var => $value) {
@@ -107,7 +114,7 @@ T_bind_textdomain_codeset($domain, 'UTF-8');
 T_textdomain($domain);
 
 // 4 // Session
-if (!defined('UNIT_TEST_MODE') || defined('HTTP_UNIT_TEST_MODE')) {
+if (isset($_SERVER['REMOTE_ADDR'])) {
     session_start();
     if ($GLOBALS['enableVoting']) {
         if (isset($_SESSION['lastUrl'])) {
diff --git a/tests/TestBaseApi.php b/tests/TestBaseApi.php
index 2caa701..20574f3 100644
--- a/tests/TestBaseApi.php
+++ b/tests/TestBaseApi.php
@@ -50,8 +50,9 @@ class TestBaseApi extends TestBase
         $this->url = $GLOBALS['unittestUrl'] . $this->urlPart;
 
         //clean up before test
-        if (file_exists($GLOBALS['datadir'] . '/config.unittest.php')) {
-            unlink($GLOBALS['datadir'] . '/config.unittest.php');
+        $configFile = $GLOBALS['datadir'] . '/config.testing-tmp.php';
+        if (file_exists($configFile)) {
+            unlink($configFile);
         }
 
         $this->us = SemanticScuttle_Service_Factory::get('User');
@@ -71,19 +72,36 @@ class TestBaseApi extends TestBase
      * @param string $urlSuffix Suffix for the URL
      *
      * @return HTTP_Request2 HTTP request object
-     *
-     * @uses $url
      */
     protected function getRequest($urlSuffix = null)
     {
-        $req = new HTTP_Request2(
-            $this->url . $urlSuffix,
-            HTTP_Request2::METHOD_GET
-        );
+        $url = $this->getTestUrl($urlSuffix);
+        $req = new HTTP_Request2($url, HTTP_Request2::METHOD_GET);
 
         return $req;
     }
 
+    /**
+     * Creates an URL from $this->url plus $urlSuffix and an appended
+     * unittestMode=1 parameter.
+     *
+     * @param string $urlSuffix Suffix for the URL
+     *
+     * @return string URL
+     *
+     * @uses $url
+     */
+    protected function getTestUrl($urlSuffix = null)
+    {
+        $url = $this->url . $urlSuffix;
+        if (strpos($urlSuffix, '?') !== false) {
+            $url .= '&unittestMode=1';
+        } else {
+            $url .= '?unittestMode=1';
+        }
+        return $url;
+    }
+
 
     /**
      * Completes an URL that's missing the protocol.
@@ -165,7 +183,7 @@ class TestBaseApi extends TestBase
         $uid = $this->addUser($username, $password);
 
         $req = new HTTP_Request2(
-            $GLOBALS['unittestUrl'] . '/login.php',
+            $GLOBALS['unittestUrl'] . '/login.php?unittestMode=1',
             HTTP_Request2::METHOD_POST
         );
         $cookies = $req->setCookieJar()->getCookieJar();
@@ -230,7 +248,7 @@ class TestBaseApi extends TestBase
 
         $this->assertInternalType(
             'integer',
-            file_put_contents($GLOBALS['datadir'] . '/config.unittest.php', $str),
+            file_put_contents($GLOBALS['datadir'] . '/config.testing-tmp.php', $str),
             'Writing config.unittest.php failed'
         );
     }
diff --git a/tests/prepare.php b/tests/prepare.php
index c80306e..ea4d77d 100644
--- a/tests/prepare.php
+++ b/tests/prepare.php
@@ -22,7 +22,7 @@ $_SERVER['HTTP_HOST'] = 'http://localhost/';
 define('UNIT_TEST_MODE', true);
 
 if ('@data_dir@' == '@' . 'data_dir@') {
-    //non pear-install
+    //non pear-installation (i.e. git checkout)
     require_once dirname(__FILE__) . '/../src/SemanticScuttle/header.php';
 } else {
     //pear installation; files are in include path
@@ -35,7 +35,7 @@ if ($GLOBALS['debugMode'] == true
     && $GLOBALS['dbtype'] == 'mysql4'
 ) {
     echo "\n"
-        . '!!! The combination of debugMode and dbtype==mysql4'
+        . '!! The combination of debugMode and dbtype==mysql4'
         . ' will wreck some tests' . "\n\n";
 }
 ?>
\ No newline at end of file
diff --git a/tests/www/searchTest.php b/tests/www/searchTest.php
index 1220667..5dce69d 100644
--- a/tests/www/searchTest.php
+++ b/tests/www/searchTest.php
@@ -41,7 +41,7 @@ class www_SearchTest extends TestBaseApi
             'No bookmark found', false
         );
 
-        $res = $this->getRequest('/all/baz bat')->send();
+        $res = $this->getRequest('/all/baz%20bat')->send();
         $this->assertSelectCount(
             '.xfolkentry', false, $res->getBody(),
             'Bookmarks found', false
diff --git a/www/gsearch/context.php b/www/gsearch/context.php
index d714ec1..fd10c4e 100644
--- a/www/gsearch/context.php
+++ b/www/gsearch/context.php
@@ -1,27 +1,43 @@
 <?php
+/**
+ * Google custom search context information for SemanticScuttle.
+ * Tells Google meta data about the search.
+ *
+ * SemanticScuttle - your social bookmark manager.
+ *
+ * PHP version 5.
+ *
+ * @category Bookmarking
+ * @package  SemanticScuttle
+ * @author   Benjamin Huynh-Kim-Bang <mensonge@users.sourceforge.net>
+ * @author   Christian Weiske <cweiske@cweiske.de>
+ * @author   Eric Dane <ericdane@users.sourceforge.net>
+ * @license  GPL http://www.gnu.org/licenses/gpl.html
+ * @link     http://sourceforge.net/projects/semanticscuttle
+ * @link     http://www.google.com/cse/docs/cref.html
+ */
 require_once '../www-header.php';
 
-if($GLOBALS['enableGoogleCustomSearch'] == false) {
-    echo "Google Custom Search disabled. You can enable it into the config.php file.";
-    die;
+if ($GLOBALS['enableGoogleCustomSearch'] == false) {
+    header('HTTP/1.0 403 Forbidden');
+    header('Content-Type: text/plain; charset=utf-8');
+    echo "Google Custom Search disabled."
+        . " You can enable it into the config.php file.\n";
+    die();
 }
 ?>
-
-<!--?xml version="1.0" encoding="UTF-8" ?-->
+<?xml version="1.0" encoding="UTF-8" ?>
 <GoogleCustomizations>
-    <CustomSearchEngine>
-        <Title><?php echo $GLOBALS['sitename'] ?></Title>
-        <Description><?php echo filter($GLOBALS['welcomeMessage']) ?></Description>
-        <Context>
-           <BackgroundLabels>
-             <Label name="include" mode="FILTER" />
-          </BackgroundLabels>
-        </Context>
-        <LookAndFeel nonprofit="false">
-        </LookAndFeel>
-    </CustomSearchEngine>
-
-    <Include type="Annotations" href="<?php echo ROOT;?>api/export_gcs.php?xml=1" />
-
-
+ <CustomSearchEngine>
+  <Title><?php echo htmlspecialchars($GLOBALS['sitename']) ?></Title>
+  <Description><?php echo filter($GLOBALS['welcomeMessage']) ?></Description>
+  <Context>
+   <BackgroundLabels>
+    <Label name="include" mode="FILTER" />
+   </BackgroundLabels>
+  </Context>
+  <LookAndFeel nonprofit="false">
+  </LookAndFeel>
+ </CustomSearchEngine>
+ <Include type="Annotations" href="<?php echo ROOT;?>api/export_gcs.php?xml=1" />
 </GoogleCustomizations>
diff --git a/www/gsearch/index.php b/www/gsearch/index.php
index 70be05e..477aacb 100644
--- a/www/gsearch/index.php
+++ b/www/gsearch/index.php
@@ -1,17 +1,41 @@
-<?php require_once '../www-header.php';
+<?php
+/**
+ * Google custom search for SemanticScuttle.
+ * This is a "linked CSE", a linked custom search engine.
+ * See the linked docs for more info.
+ *
+ * SemanticScuttle - your social bookmark manager.
+ *
+ * PHP version 5.
+ *
+ * @category Bookmarking
+ * @package  SemanticScuttle
+ * @author   Benjamin Huynh-Kim-Bang <mensonge@users.sourceforge.net>
+ * @author   Christian Weiske <cweiske@cweiske.de>
+ * @author   Eric Dane <ericdane@users.sourceforge.net>
+ * @license  GPL http://www.gnu.org/licenses/gpl.html
+ * @link     http://sourceforge.net/projects/semanticscuttle
+ * @link     http://www.google.com/cse/docs/cref.html
+ */
+require_once '../www-header.php';
 
-if($GLOBALS['enableGoogleCustomSearch']==false) {
-    echo "Google Custom Search disabled. You can enable it into the config.php file.";
-    die;
+if ($GLOBALS['enableGoogleCustomSearch'] == false) {
+    header('HTTP/1.0 403 Forbidden');
+    header('Content-Type: text/plain; charset=utf-8');
+    echo "Google Custom Search disabled."
+        . " You can enable it into the config.php file.\n";
+    die();
 }
 
 ?>
-
-<html>
-<title><?php echo $GLOBALS['sitename'] ?></title>
-<body>
-<center>
-<br />
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
+ <head>
+  <title><?php echo htmlspecialchars($GLOBALS['sitename']); ?></title>
+ </head>
+ <body>
+  <div style="text-align: center; padding-top: 2em">
 
 <!-- Google CSE Search Box Begins  -->
 <form id="cref" action="http://www.google.com/cse">
@@ -27,21 +51,21 @@ if($GLOBALS['enableGoogleCustomSearch']==false) {
 <small><a href="<?php echo ROOT?>"><?php echo T_('Come back to ').$GLOBALS['sitename'] ?>...</a></small>
 
 
-<?php if($userservice->isLoggedOn() && $currentUser->isAdmin()){
-	echo '<p><small>';
-	echo T_('Admin tips: ');
-	echo T_('To refresh manually Google Custom Search Engine, goes to: ');
-	echo '<a href="http://www.google.com/coop/cse/cref?cref='
+<?php if ($userservice->isLoggedOn() && $currentUser->isAdmin()) {
+    echo '<p><small>';
+    echo T_('Admin tips: ');
+    echo T_('To refresh manually Google Custom Search Engine, goes to: ');
+    echo '<a href="http://www.google.com/coop/cse/cref?cref='
         . ROOT . 'gsearch/context.php">http://www.google.com/coop/cse/cref</a>'
         . '<br/>';
-	echo T_('If no result appears, check that all the urls are valid in the admin section.');
-	echo '</small></p>';
-	
-}	
+    echo T_('If no result appears, check that all the urls are valid in the admin section.');
+    echo '</small></p>';
+    
+}
 ?>
 
-</center>
-</body>
+  </div>
+ </body>
 </html>