Commit Graph

18793 Commits

Author SHA1 Message Date
Adrian Lang
a547c5f642 Fix array access on possibly undefined index. 2009-03-11 10:38:48 +01:00
Adrian Lang
6367def2d8 Remove OAuthRequest as storage from userauthorization.
Since we are not really handling a fullblown OAuth request (No signature, nonce, consumer) we should not use this class, rather store the plain param array in the session.
2009-03-11 10:33:26 +01:00
Adrian Lang
df7565ddcc Remove second OAuth request validation. 2009-03-11 10:32:12 +01:00
Adrian Lang
24713499a9 Fixes #827: Laconica expects full OAuth message for user auth request.
When a user subscribes to a remote profile, he is redirected to his own service to confirm the request. This authorization request is specified in http://oauth.net/core/1.0#auth_step2. According to the standard, it does not have to pass consumer_key, nonce, timestamp or signature. The only specified parameters are oauth_token and oauth_callback, both optional.
2009-03-11 10:30:30 +01:00
Adrian Lang
1ba3ac9ee3 Make OMB work if the configured domain name does not exclusively contain lower case letters.
If the configured domain is mixed-case OAuth throws invalidsignature errors. The current URL is part of the signated parts; since the consumer does not pass the current URL, the service has to get it itself and add it to the other OAuth params for signature rebuilding. OAuth.php uses $_SERVER for this, however, the domain is lcased in $_SERVER. Hence we pass the complete current URL as generated by common_local_url to OAuthRequest.
2009-03-11 10:27:54 +01:00
Adrian Lang
04a05ca236 Merge branch '0.7.x' of git@gitorious.org:laconica/dev into 0.7.x 2009-03-11 10:14:32 +01:00
CiaranG
b9194e7923 Correction to recently added dupe-checking feature - was using wrong config value 2009-03-11 09:12:39 +00:00
Adrian Lang
72338b8c26 Merge branch '0.7.x' of http://git.gitorious.org/laconica/erichelgeson-clone into review/0.7.x 2009-03-11 10:07:41 +01:00
Zach Copley
622cc150d8 Fix xml:lang attr 2009-03-10 18:30:58 -07:00
Zach Copley
1e29cbd691 Make search API Atom feeds more valid 2009-03-10 18:17:20 -07:00
Zach Copley
a989c58c11 Fix tag URIs in Atom feeds for search thru the API 2009-03-10 17:20:43 -07:00
Zach Copley
df07786f28 Allow unauthenticated users to view /api/statuses/replies/id.format
(they can already see @replies via friends_timeline anyway).
2009-03-10 16:48:14 -07:00
Zach Copley
5caeeabfc2 Updated config.php.sample with example Tag URI configs 2009-03-10 16:24:46 -07:00
Zach Copley
91980c73a7 Updates to the API to improve Atom feeds 2009-03-10 16:15:57 -07:00
Eric Helgeson
c6cd87c106 Changed all $config[][] calls to common_config() 2009-03-09 20:01:35 -05:00
CiaranG
945bbf00dc PostgreSQL - a couple more GROUP BY queries that needed to be explicit 2009-03-09 20:24:56 +00:00
Sarven Capadisli
8d3d16f2f8 Updated URL patterns for identica Profiles for YahooSearchMonkey app.
Added app to show custom identica notices.

Note that these files can be used as templates for other laconica
instances.
2009-03-09 19:43:46 +00:00
Adrian Lang
f87ef9b72b Fixes #1277: Typo in variable name in actions/twitapidirect_messages.php. 2009-03-09 09:45:40 +01:00
Adrian Lang
fbe794e44d Improve handling of null values in profile parameters.
This commit fixes two issues:
- Allowing remote users to clear profile parameters via OMB.
- Improved handling of profile parameters which evaluate to
  false ('0' for example)
2009-03-09 08:06:31 +01:00
Adrian Lang
6ab9d6b140 Remove additional output as response to updateprofile.
This output breaks our own response validation and is not part of the OMB spec.
2009-03-08 17:09:09 +01:00
Adrian Lang
4c8c9bb9df Define undefined variable. 2009-03-08 17:06:18 +01:00
Adrian Lang
e8e4043996 Typo in lib/omb.php updateprofile request handling. 2009-03-08 17:04:48 +01:00
Adrian Lang
c8b10381a9 Add subedit to the main/ routes. 2009-03-08 16:56:20 +01:00
Evan Prodromou
6101280cd9 Merge branch '0.7.x' of git@gitorious.org:laconica/dev into 0.7.x 2009-03-08 11:52:45 -07:00
Evan Prodromou
c97142ad3e first version of plugin for pingback and trackback (no trackback yet) 2009-03-08 11:50:55 -07:00
Evan Prodromou
e55808698b use call_user_func for callbacks 2009-03-08 11:49:34 -07:00
CiaranG
1df3eeba86 Added the new pinghandler to the stopdaemons script and improved the behaviour and output of the script 2009-03-08 17:40:45 +00:00
CiaranG
2133d5a4e7 PostgreSQL - some more fixes to make queries compatible with both databases. (submitted by oxygene) 2009-03-08 16:16:10 +00:00
CiaranG
a5f1124830 PostgreSQL - use the specific sequence names required by DB_DataObject, otherwise rebuilding can't work 2009-03-08 15:51:31 +00:00
CiaranG
a89d7ceab0 PostgreSQL - added equivalent of the MySQL-specific rebuilddb.sh script, for upgrading 2009-03-08 11:58:27 +00:00
CiaranG
a5b9f59cb2 Merge branch '0.7.x' of git@gitorious.org:laconica/dev into 0.7.x 2009-03-08 09:25:23 +00:00
Evan Prodromou
f66775658c trying to kill the can't-leave-a-group bug 2009-03-07 17:47:43 -08:00
Adrian Lang
bea3fca189 Fix bug in dupe checking on notice post when there is no notice in cache. 2009-03-07 17:45:29 -08:00
Evan Prodromou
7d7d78b7f7 you can _so_ leave a group if you're its admin 2009-03-07 17:43:59 -08:00
Evan Prodromou
ad83998f10 Revert "Remove leave button from grouplist if current user is admin of that group."
People shouldn't be forced to be part of a group, even if they are the
admin. If a group has no admin, we need to figure out what to do with
it, but it's wrong to force anyone to be part of a group.

This reverts commit f9a7ae27b8.
2009-03-07 17:16:52 -08:00
Evan Prodromou
d014d43c68 Merge branch '0.7.x' of git@gitorious.org:laconica/dev into 0.7.x 2009-03-07 17:14:55 -08:00
CiaranG
61940e37ff Merge branch '0.7.x' of git@gitorious.org:laconica/dev into 0.7.x 2009-03-08 01:11:22 +00:00
Adrian Lang
f9a7ae27b8 Remove leave button from grouplist if current user is admin of that group. 2009-03-08 01:45:57 +01:00
Adrian Lang
f8d1381717 Corrected redirect targets for some group actions. These redirects can occur when the canonical name differs from the passed name. 2009-03-08 01:37:27 +01:00
CiaranG
a4091c878a PostgreSQL - propogated nonce table fix from MySQL version - see bug #1251 or 1179ecd13d 2009-03-07 23:28:59 +00:00
Evan Prodromou
c21d61840d Let people view friends_timeline of others
Add some code to view others' friends timelines through API.
2009-03-07 14:13:33 -08:00
Evan Prodromou
1a63d7d829 fix case of OAuthUtil method 2009-03-07 13:35:19 -08:00
Evan Prodromou
ba9c589bb2 fix for change in OAuthUtil upstream 2009-03-07 13:32:44 -08:00
Evan Prodromou
2400589c2f helpful documentation for oauthstore nonce stuff 2009-03-07 13:00:13 -08:00
Evan Prodromou
1179ecd13d Fix nonce usage in OAuth store
The OAuth store was failing on getting a request token, because the
token value was forced to be non-null in the DB. Let this value be
null, and use the correct primary key (consumer, timestamp, nonce).
Drop the reference to token table, and don't ever use it.
2009-03-07 12:55:09 -08:00
Evan Prodromou
22742c3b72 Make OpenID login and registration URLs work
The OpenID login and registration URLs were not generating correctly.
I added them to the list of "bare" actions in the router class, and
they work great now.
2009-03-07 12:38:22 -08:00
Evan Prodromou
0570c16e6c Add local directory for plugins, themes, etc.
Added a local directory for locally-installed software. This is where
you should put any code you write, themes, plugins, etc. so they don't
get stomped by upgrades.
2009-03-07 11:56:01 -08:00
Evan Prodromou
1980f166a7 change trust root calculation 2009-03-07 11:36:10 -08:00
Evan Prodromou
bffd931c37 Merge branch '0.7.x' of git@gitorious.org:laconica/dev into 0.7.x 2009-03-07 09:46:35 -08:00
Evan Prodromou
986a322231 Limit duplicate notices in a particular time period (default 60s)
We disallow posting a notice with duplicate content more than once a
minute.

Conflicts:

	config.php.sample
2009-03-07 09:43:50 -08:00