Commit Graph

9524 Commits

Author SHA1 Message Date
Zach Copley
0dfef88cac HTML entity encode source link URLs in plain XML output and add rel="nofollow" to them 2010-05-18 15:15:52 -07:00
Zach Copley
68634f0496 Add source link attr to statusnet:notice_info element in Atom output for notices 2010-05-18 15:15:41 -07:00
Zach Copley
c78f67aa73 Refactor and centralize notice source link calculation 2010-05-18 15:15:27 -07:00
Zach Copley
d9fddff539 Add xmlns:statusnet and statusnet:notice_info element to Atom entries for notices 2010-05-18 15:15:14 -07:00
Brion Vibber
14a76926a2 Redirect non-SSL hits to login & register actions to SSL if 'always' or 'sometimes' SSL modes are kicked in.
The forms would already submit to SSL, but people are happier if they start on a secure page!

Note: this really should be done for sensitive/all URLs in index.php, but it seems a bit awkward to reconstruct the SSL version of the link atm. Cleanup todo!
2010-05-18 21:52:17 +00:00
Brion Vibber
813bbc912d typo fix in en_GB localization (also updated @ translatewiki) 2010-05-18 13:44:23 -07:00
Brion Vibber
d0ba34e0f3 Merge branch 'openid-teams' into testing 2010-05-18 13:37:46 -07:00
Brion Vibber
7c828ae5f8 OpenID access control options: trusted provider URL, Launchpad team restrictions. Added an admin panel for setting these and OpenID-only mode, off by default.
To enable the admin panel:
    $config['admin']['panels'][] = 'openid';

Or to set them manually:
    $config['openid']['trusted_provider'] = 'https://login.ubuntu.net/';
    $config['openid']['required_team'] = 'my-project-cabal';
    $config['site']['openidonly'] = true;

OpenID-only mode can still be set from addPlugin() parameters as well for backwards compatibility.
Note: if it's set there, that value will override the setting from the database or config.php.

Note that team restrictions are only really meaningful if a trusted provider is set; otherwise,
any OpenID server could report back that users are members of the given team.

Restrictions are checked only at OpenID authentication time and will not kick off people currently
with a session open; existing remembered logins may also survive these changes.

Using code for Launchpad team support provided by Canonical under AGPLv3, pulled from r27 of
WordPress teams integration plugin:
    https://code.edge.launchpad.net/~canonical-isd-hackers/wordpress-teams-integration/trunk
2010-05-18 13:28:41 -07:00
Brion Vibber
d5b4df4097 Merge branch 'master' of gitorious.org:statusnet/mainline into testing 2010-05-18 13:21:23 -07:00
James Walker
6da59fab58 invalid mbox_sha1sum in the case where users don't have an email address
(reported by pedantic-web.org)
2010-05-18 10:09:16 -04:00
Brion Vibber
b77878f467 Include notice fragment on 'in context' links in Realtime plugin family. 2010-05-17 19:47:44 +00:00
Brion Vibber
e36df29212 Patch from g0: fix for conversation links in Realtime updates
Previously was using the reply-to URL, which didn't match with other displays.
Now sends to the right conversation page.
2010-05-17 19:37:47 +00:00
James Walker
1999b836c0 accept either salmon endpoint (until they're unified in the spec) 2010-05-14 16:43:41 -04:00
James Walker
275002d88a allow hyphens in subdomains for webfinger addresses 2010-05-14 16:43:41 -04:00
Brion Vibber
2e808fdc82 More direct text for registration licensing/tos checkbox for private and all-rights-reserved sites. 2010-05-13 16:47:58 -07:00
Brion Vibber
5d0593ec34 Fix keys() / keyTypes() mixup in SamplePlugin 2010-05-12 11:09:37 -07:00
Brion Vibber
3d00cfd47f Windows server fix: Use platform EOL in debug log file 2010-05-11 12:22:14 -07:00
Brion Vibber
45392bef33 Installer tweak for Windows: normalize line endings to platform standard in generated config.php
Added a comment that the writable directory checks are insufficient to catch ACL problems on Windows; need a better check for that.
2010-05-11 12:16:13 -07:00
Zach Copley
fba140f4e0 Fix for repeats from the API having null source attribution 2010-05-08 00:07:42 +00:00
Brion Vibber
7915386950 Allow plugins to load their styles for mobile view; fixes bad realtime button layout 2010-05-07 01:28:37 +00:00
Brion Vibber
5996d80c09 Ticket #2184: recognize Palm Pre / WebOS browsers for MobileProfile
One-line addition of 'webos' to the keywords list.
2010-05-06 21:29:04 +00:00
Zach Copley
b50f300566 Implement since_id and max_id param handling for /api/favorites 2010-05-05 14:46:36 -07:00
Brion Vibber
c2bda7726c XMPP debugging: log the message source when discarding empty or unrecognized messages. 2010-05-05 13:11:36 -07:00
Brion Vibber
8260a88f41 Quick fix for DirectionDetector: only apply <span class="rtl"> once; if it's already there in an incoming message (eg via OStatus), don't reapply it.
Modified from patch from Everplays
2010-05-05 11:28:05 -07:00
Brion Vibber
60825ba535 Clean up reference usage warnings in DirectionDetector plugin 2010-05-05 10:51:05 -07:00
Brion Vibber
bb94b78e89 Handle timeout more gracefully in background pings
Added a 2-second default timeout for XMLRPC/extended pings, configurable as [ping,timeout].
No longer repeating the entire ping section if we had an HTTP error during a submission.
For now, dropping the bad item and continuing on with others. (Todo: individual retry and cleaner discards of blacklisted broken-for-now sites.)
2010-05-04 18:43:32 -07:00
Brion Vibber
5f5d9518bd Avoid spewing giant debug backtrace into exception in certain OStatus subscription failure cases.
The code pattern 'new XXXException($e)' to chain exceptions doesn't actually work as intended, as exceptions are actually expecting a string message here.
This caused an implicit string conversion from HTTP_Request2_Exception, which is a PEAR_Exception, which defines an absurdly detailed __toString() method including a giant HTML table with a backtrace if you happen to be on a web request.
Simply passing $e->getMessage() instead clears this up, as we'll get the nice short message like 'Couldn't connect to tcp://blahblah:80'
2010-05-04 17:11:43 -07:00
Zach Copley
9d2c3d45bc Add Emacs Identica-mode to notice sources 2010-05-04 12:31:55 -07:00
Brion Vibber
67eeaa9cf4 Pull localization updates from 0.9.x branch 2010-05-03 12:27:44 -07:00
Zach Copley
940a8c2c1e Updated README to include one-liner about fixed installer in the noteable changes section 2010-05-03 12:02:50 -07:00
Evan Prodromou
8a2144aeed Merge branch 'master' of gitorious.org:statusnet/mainline 2010-05-03 14:54:54 -04:00
Brion Vibber
c2f620ed67 Update release date 2010-05-03 11:46:01 -07:00
Evan Prodromou
ac424d943e Merge branch 'master' of gitorious.org:statusnet/mainline 2010-05-02 17:20:06 -04:00
Brion Vibber
df4462611c Revert "Update PEAR::Mail to 1.2.0 release; fixes deprecation warnings running under PHP 5.3."
This reverts commit 9fd02a4f11.

Looks like there's some changes I missed in there and getting this in'll involve updating some other packages. Will poke it after 0.9.2.
2010-05-01 09:51:25 -07:00
Evan Prodromou
28fe1c2f3c Merge branch 'master' of gitorious.org:statusnet/mainline 2010-05-01 10:47:30 -04:00
Brion Vibber
9fd02a4f11 Update PEAR::Mail to 1.2.0 release; fixes deprecation warnings running under PHP 5.3. 2010-04-30 13:47:46 -07:00
Brion Vibber
a39efbd8d8 Update XMPPHP to last upstream release (r77), includes an XML quoting fix. 2010-04-30 13:37:40 -07:00
Evan Prodromou
3f2c805652 Merge branch 'master' of gitorious.org:statusnet/mainline 2010-04-30 15:00:55 -04:00
Brion Vibber
ecfe6b8944 Update codename in common.php 2010-04-29 16:08:20 -07:00
Zachary Copley
a5761dd814 Update release notes and version number for 0.9.2 2010-04-29 16:06:04 -07:00
Brion Vibber
ae2986527c Pull localization updates from 0.9.x 2010-04-29 15:52:10 -07:00
Brion Vibber
50d5f5e04c Merge branch 'master' into testing 2010-04-29 15:12:02 -07:00
Brion Vibber
cb5d6d5c30 Fix charset setting for plugin localizations; default setting was blanking out non-ASCII chars. Needed for eg Bulgarian translation of Facebook plugin, was previously showing all as ???s. Now works yay! 2010-04-28 23:06:08 +00:00
Brion Vibber
f5c82d9d60 add rsd to the list of login actions
Allows rsd.xml to be reached on private sites. Fixes http://status.net/trac/ticket/2309

Conflicts:

	index.php
2010-04-28 11:05:31 -07:00
Evan Prodromou
50bfa21814 Merge branch 'master' of gitorious.org:statusnet/mainline 2010-04-26 02:53:24 -04:00
Brion Vibber
8fd0059bf6 Test cases and fixes for Atom and RSS content decoding.
Fix extraction of Atom <content type="text"> and <content type="html">; we were failing to escape plaintext source data to HTML, and doing an extraneous double-deescape on HTML source resulting in breakage of notices containing text that looks like HTML. Only <content type="xhtml"> was working correctly previously.
Fixes for RSS2 content processing: we were failing to load <content:encoded> at all due to using wrong element name, and were applying an extraneous de-escape for <description> rather than the escaping that is required to turn plaintext into HTML. (Per spec, <description> must be plaintext.)
2010-04-23 15:40:48 -07:00
Brion Vibber
dd7b95c2cf Merge branch 'master' into testing 2010-04-23 14:26:57 -07:00
Brion Vibber
9c8052e755 Rerun feed discovery and update the feed, salmon, and hub for the given OStatus remote profile. Restarts subscription fresh as well.
update-profile.php -sexample.com http://example.com/path/to/profile/url
2010-04-23 12:54:31 -07:00
Brion Vibber
4beaba9fb0 Ticket #93: pretty up the auto-submit for OpenID logins a bit.
* throwing in our spinner
* cleanup of texts
* "If this doesn't go through click the button" instead of just a mystery button
* slightly faster submission: immediate at end of page rather than waiting for jQuery to confirm document setup completion
2010-04-23 11:28:50 -07:00
Brion Vibber
0f975f4215 Fix to regression in last commit; wrong field name for homepage blacklist 2010-04-23 08:24:53 -07:00