Commit Graph

3671 Commits

Author SHA1 Message Date
Maiyannah Bishop
cd3a9ec6a9 [API] Security hotfix for source, picked from postActive 2021-07-17 20:24:27 +01:00
Diogo Peralta Cordeiro
422b82d3be [MEDIA] Allow thumbnail only entries 2021-07-16 19:44:42 +01:00
Diogo Peralta Cordeiro
5077b65d71 [Media] Fix several issues
[StoreRemoteMedia] Upgrade plugin to use the new Media system

API Changes:
- Added getters to File to better formalize the ideas of the commit "[Media] Fix issues with database file storage"

UI Changes:
- Now presented thumbnails are actual thumbnails (bug fix)
- Attachment actions have a slightly more extended behaviour

Many other minor bug fixes...
2021-07-16 19:44:42 +01:00
Diogo Peralta Cordeiro
8bbbb890e3 [Media] Fix issues with database file storage
Fixed file quota as well.

There can be more than one file for the same filehash IF the url are different.

Possible states:
  - A file with no url and with filename is a local file.
  - A file with an url but no filename is a remote file that wasn't fetched,
    not even the thumbnail.
  - A file with an url and filename is a fetched remote file (maybe just a
    thumbnail of it).
  - A file with no filename nor url is a redirect.

Routes:
  Given these states, updated routes so that an attachment can only be
  retrieved by id and a file by filehash.

Major API changes:
  File::getByHash now returns a yield of files

Major UI changes:
  - Now remote non stored files are presented.
  - /view became preferred
  - Redirects to remote originals are preferred.

Many other minor bug fixes...
2021-07-16 19:44:42 +01:00
Alexei Sorokin
a0f72fe5c6 Avoid ordering just by a timestamp
Try to also employ an id when possible.
Involves reworking some of the indices.
2021-07-16 19:44:41 +01:00
Alexei Sorokin
9efbef720d Avoid use of assignments bare inside statements
Either use them in a subroutine call or put parentheses around the assignment.
2021-07-16 19:44:41 +01:00
Alexei Sorokin
7fa4d56f05 Implement a class for automatic temporary file handling
And adopt it all over the code.
2021-07-16 19:44:41 +01:00
Alexei Sorokin
abacbf3e0a [ACTIONS] Fix selftag 2021-07-16 19:44:38 +01:00
Alexei Sorokin
1667d727b4 Set HTTP status codes with http_​response_​code() 2021-07-16 19:44:38 +01:00
Alexei Sorokin
50dd216f44 [BLOCK] Increase type strictness 2021-07-16 19:44:38 +01:00
Alexei Sorokin
7c727e2969 [SHOWSTREAM] Add "noindex" robots meta-tag for silenced profiles 2021-07-16 19:44:37 +01:00
Alexei Sorokin
e902a9bdfc [DATABASE] Check SQL boolean values with "IS TRUE"
This way UNKNOWN (NULL) explicitly turns to FALSE when three-valued logic is
reduced to binary.
In pgsqlschema, however, use "IS FALSE" as boolean attributes in pg_index are
non-nullable, there is no outer join and there's no clear preference for NULL
reduction.

Over-complicated constructions in TagCloud queries have been simplified, which
should not affect their performance.

Additionally, in TagCloud's lib/subscriptionspeopleselftagcloudsection.php
a typing mistake in an equi-join of "profile_tag" and "profile_list" on
"tagger" was fixed.
That regression was introduced in f446db8e2a
2021-07-16 19:44:37 +01:00
Diogo Cordeiro
f93d8694c3 [AVATAR] Ensure this Action stays secure 2021-07-16 19:44:37 +01:00
Hugo Sales
ff75bb796b [MEDIA] Move AttachmentAction::sendFile to common_send_file
This fixed the wrong content type and status code returned by the Avatar action
2021-07-16 19:44:37 +01:00
Diogo Cordeiro
02055dee49 [AVATAR] Temporary ImageFile wasn't 2021-07-16 19:44:37 +01:00
Diogo Cordeiro
44ad0d3a85 [AVATAR] Try to delete tmp avatar if something goes wrong during the process 2021-07-16 19:44:37 +01:00
Diogo Cordeiro
5439ff3ec5 [MEDIA] ImageFile fromUpload method wasn't ensuring uploaded file was an image 2021-07-16 19:44:37 +01:00
Alexei Sorokin
d01f44ee99 [DATABASE] Some query improvements
Make common_sql_weight employ standard SQL functions for the timestamp
difference in seconds.
Also replace UTC_TIMESTAMP in the MariaDB-specific part with CURRENT_TIMESTAMP
as it is the only occurence and GNU social sets UTC as a default timezone.

In a delete_orphan_files.php script simplify the main query considerably.

In clean_profiles.php stop using COUNT as if it is ANY, that is unnecessary
punishment for the database. Instead implement the anti-join with a
left outer join.

In Autocomplete and Activitypub_profile use joins instead of a WHERE OR
anti-pattern for the semi-joins.

In lib/ui/galleryaction.php replace a CROSS JOIN with an INNER JOIN.

In actions/sup.php remove a redundant subquery: WHERE is applied before
grouping either way.
2021-07-16 19:44:36 +01:00
Alexei Sorokin
434f07430d [DATABASE] Use "<>" as an SQL non-equality sign in more cases
A follow-up to commit 644b417f6c
2021-07-16 19:44:36 +01:00
Alexei Sorokin
9ac632ca2d [DATABASE] Start transactions with START TRANSACTION
"BEGIN" is non-standard and unnecessary.
2021-07-16 19:44:36 +01:00
Alexei Sorokin
aa2f09fa3c [UI] Fix group member pages showing up twice 2021-07-16 19:44:36 +01:00
Hugo Sales
b7ed15c865 [CORE] Make avatars be served with the same mechanism as attachments 2021-07-16 19:44:36 +01:00
Diogo Cordeiro
570fc17e8a [SHOWSTREAM] Add robots meta-tag for remote profiles 2021-07-16 19:44:36 +01:00
Diogo Cordeiro
684a1a4143 [FORMAT] Ran php-cs-fixer on the handlers of notice items and streams
This was to keep the following two commits readable
- actions/showstream.php
- actions/userbyid.php
- lib/modules/ActivityHandlerModule.php
- lib/modules/ActivityHandlerPlugin.php
- lib/notices/conversationnoticestream.php
- lib/notices/noticelistitem.php
- lib/notices/noticestream.php
- lib/notices/threadednoticelistitem.php
2021-07-16 19:44:36 +01:00
Alexei Sorokin
eab5725698 [DATABASE] Disable 'NULL' strings evaluation as SQL NULLs
Use $object->sqlValue('NULL') (identical to DataObject_Cast'ing) instead and
fix related issues like (email|sms)settings considering these NULLs as a
false positive for the E-Mail address still being set when it's been removed.

There could also be security implications to the now-disabled approach of
considering 'NULL' strings as SQL NULLs.
2021-07-16 19:44:35 +01:00
Diogo Cordeiro
3dcedfa8bd [MEDIA] Simplify Attachment actions 2021-07-16 19:44:35 +01:00
Diogo Cordeiro
81711a18d9 [LIB_REFACTOR] Fix minor issues 2021-07-16 19:44:35 +01:00
Diogo Cordeiro
ee405df000 [MODULES] Make disable in admin panel effective 2021-07-16 19:44:35 +01:00
Alexei Sorokin
16b5ddd230 [DATABASE] Re-introduce PostgreSQL support 2021-07-16 19:44:35 +01:00
Alexei Sorokin
3f17a0efea [DATABASE] Introduce a bool type in schema
PostgreSQL has a clear distinction between integers and booleans, so it makes
sense to draw a clear line.
2021-07-16 19:44:35 +01:00
Alexei Sorokin
9d87c37ac1 [DATABASE] Consistently use the "LIMIT $limit OFFSET $offset" syntax
The "LIMIT $offset, $limit" syntax is only supported by MySQL and MariaDB.
2021-07-16 19:44:35 +01:00
Alexei Sorokin
6095a6de64 [DATABASE] Only use single quotation marks for SQL strings
Double quotation marks are only used for identifiers in the SQL standard.
2021-07-16 19:44:35 +01:00
Alexei Sorokin
6fae840ee7 [DATABASE] Set NULL in DB_DataObject in a more reliable manner
Also stop assuming that FeedSub::sub_state (enum) and FeedSub::sub_end
(datetime) can possibly be set to an empty string.
2021-07-16 19:44:35 +01:00
Alexei Sorokin
d26aac77b3 [DATABASE] Always quote identifiers
The code used to operate under the assumption that MariaDB doesn't support
quoting identifiers. Not only is that not exactly true, but MariaDB has
reserved keywords that cannot be used as table or column names unquoted.
2021-07-16 19:44:35 +01:00
Miguel Dantas
ab3e8ce21d [LIB_REFACTOR] Fix requires 2021-07-16 19:44:34 +01:00
Miguel Dantas
2ab2e22a36 [LIB_REFACTOR] Moving files into separate semantic categories 2021-07-16 19:44:34 +01:00
tenma
fe2168c5ae [ActivityPub] Add support fox search-box profile/notice grabbing
NoticeSearchAction:
- Add new event before finding query matches

ActivityPubPlugin:
- Subscribe new searchNotice event
- Bump minor version number

Activitypub_explorer:
- Update lookup to make remote-grabbing optional
2021-07-16 19:44:34 +01:00
Diogo Cordeiro
8d9b88a8bc [OverwriteThemeBackground] This new plugin will let the admin set a custom background theme independent 2021-07-16 19:44:34 +01:00
Diogo Cordeiro
428878b6d8 [MODULES] Allow to delete third party plugins 2021-07-16 19:44:34 +01:00
Diogo Cordeiro
0d7c0069f2 [MODULES] Allow to upload third party plugins
Fixed some bugs
2021-07-16 19:44:34 +01:00
Diogo Cordeiro
ca22279797 [MODULES] List all available plugins and allow enabling them via UI
Yet another revision of the Admin Plugin Management tool
2021-07-16 19:44:34 +01:00
Diogo Cordeiro
fa28646d43 [CORE] Core modules shouldn't show up in version action 2021-07-16 19:44:33 +01:00
Diogo Cordeiro
20a6f1d4f4 [CORE] Plugin API now extends a new Module API 2021-07-16 19:44:33 +01:00
Diogo Cordeiro
3821d2317e [PLUGIN API] Bug fixes and improvements 2021-07-16 19:44:33 +01:00
brunoccast
0b58465fb9 [CORE] Fix notice delete-form
DeletenoticeAction:
- Added tombstone check before deletion

NoticeListItem:
- Added tombstone check before showing delete-form

ActivityVerb:
- The plugin was overwriting the deletenotice route. Added stronger
regexp to the connected routes.
2019-08-03 17:47:23 +01:00
Miguel Dantas
d295d8b43c [CORE] Added documentation and fixed typo in attachments action 2019-08-03 17:31:44 +01:00
Miguel Dantas
7070a14480 [CORE][StoreRemoteMedia] Fixed bug where sometimes images were written outside the site root 2019-08-03 17:31:43 +01:00
Miguel Dantas
a5259073df [CORE] Fix X-Sendfile for nginx, using the X-Accel-Redirect header 2019-08-03 17:31:43 +01:00
Miguel Dantas
3e5ce46e98 [CORE] Fixed bug where the http connection was using the wrong size for thumbnails, and returning the wrong one 2019-08-03 17:31:42 +01:00
Miguel Dantas
8f31a1a820 [MEDIA][OEMBED] Fixed regression in OEmbed, because it relied on accessing the files directly, which previous commits broke. The File table really should have a bool... 2019-08-03 17:31:42 +01:00