'admin' is a pretty common username that people try when installing;
it was blacklisted because all of our admin panels were at /admin/*,
which would conflict with the admin user's namespace.
Changed the location of all admin panels to /panel/*, blacklisted the
nickname 'panel', and allowed 'admin'. Tested with a fresh install;
seems to work great.
* 'testing' of gitorious.org:statusnet/mainline: (63 commits)
Add a scary 'experimental feture' warning & are-you-sure prompt on moveuser.php
fix wrong datatypes (saving string instead of array) in AtomPub notice processing
Account moving is a background activity
return a 409 Conflict when subscription already exists
OStatusPlugin does discovery in Profile::fromURI()
considerably more logging and error checking in AccountMover
add a log method to AccountMover
normalize accounts and check for return in HTTP for moving
move account-moving classes to their own libraries
execution protection on discovery.php
PHPCS discovery.php
Move discovery library from OStatus plugin to core
Revert "Revert "0.9.7alpha1""
first example of moving a user
Parse properties of links in XRD files
Add the Atom username to the XRD output
preserve activities in object
let callers pass in an XMLOutputter to output to
execution protection on discovery.php
PHPCS linkheader.php
...
Removed the free calls (unneeded since destructors now work), and added an error check w/ logging & an exception for future attempts to forward calls to nonexistent object.
We were checking the list as comma-delimited (per the description of it as comma-delimited), but in fact spaces are also accepted, and who knows what else.
We can make a lot of HTTP requests from the server side. This change
adds some configuration options for using an HTTP proxy, which can
cache hits from multiple sites (good for status.net-like services, for example).
Version 0.9.6 and below of StatusNet assume anything in <author> is a
Person. So, we include an <activity:subject> element, which will be
checked first by those versions of the code, only for group feeds.
At some point we'll take this out, but it's useful for now.
* adds Right::CREATEGROUP
* logic in Profile::hasRight() checks for silencing
* NewgroupAction checks for the permission before letting you see or process the form in the UI
* User_group::register() logic does a low-level check on the specified initial group admin, and rejects creation if that user doesn't have the right; guaranteeing that API methods etc will also have this restriction applied sensibly.
Moved most of the heavy-lifting for account restoration out of
restoreuser.php and into its own class, with the hope that we'll do
the work from the Web eventually.
The new DeleteaccountAction lets a user delete their own account
(subject to global rights set by the admin). It presents a form to
delete the account, with an "I am sure." text entry box.
It then schedules the account for deletion and logs the user out.
If a cache entry is dependent on the code that's running, upgrading
(or enabling/disabling plugins) can generate hard-to-track
inconsistencies.
This change adds a close-to-unique fingerprint of the running code to
some cache keys, so that if the fingerprint changes, the old values
are ignored and new values are used.
If the automated uniqueness fails, an administrator can add an extra
config value, $config['site']['build'], that's thrown into the key also.
If a cache entry is dependent on the code that's running, upgrading
(or enabling/disabling plugins) can generate hard-to-track
inconsistencies.
This change adds a close-to-unique fingerprint of the running code to
some cache keys, so that if the fingerprint changes, the old values
are ignored and new values are used.
If the automated uniqueness fails, an administrator can add an extra
config value, $config['site']['build'], that's thrown into the key also.
We had two ways to generate an activity entry from a notice; one through
Notice::asAtomEntry() and one through Notice::asActivity() and
Activity::asString(). The code paths had already diverged somewhat. I
took the conditions that were in Notice::asAtomEntry() and made sure
they were replicated in the other two functions. Then, I rewrote
Notice::asAtomEntry() to use the other two functions instead.
This change passes the ActivityGenerationTests unit tests, but there
may be some other stuff that's not getting covered.
common_shorten_links() can only access the web session's logged-in user, so never properly took user options into effect for posting via XMPP, API, mail, etc.
Adds an optional $user parameter on common_shorten_links(), and a $user->shortenLinks() as a clearer interface for that.
Tweaked some lower-level functions so $user gets passed down -- making the $notice_id param previously there for saving URLs at notice save time generalized a little.
Note also ticket #2919: there's a lot of duplicate code calling the shortening, checking the length, and reporting near-identical error messages. These should be consolidated to aid in code and translation maintenance.
commit 39fdd181d95d2c39a3ea1ca330b10a99a92b961f
Author: Evan Prodromou <evan@status.net>
Date: Mon Nov 29 10:37:49 2010 -0500
use cache key prefix for router cache key
commit 4cb9e56941922489b83d6425c059cf770991e68f
Author: Evan Prodromou <evan@status.net>
Date: Mon Nov 29 10:31:21 2010 -0500
use a unique hashkey based on the software version and loaded plugins
commit 44458b48aef719543e11f83b41fded65cbcb8be9
Author: Evan Prodromou <evan@status.net>
Date: Sat Nov 27 17:04:15 2010 -0500
cache the NUM object
commit 809c188307a9b4ada15f3d7fa573a6034341efef
Author: Evan Prodromou <evan@status.net>
Date: Sat Nov 27 15:44:12 2010 -0500
accelerate routing by pivoting paths on actions
commit 39fdd181d95d2c39a3ea1ca330b10a99a92b961f
Author: Evan Prodromou <evan@status.net>
Date: Mon Nov 29 10:37:49 2010 -0500
use cache key prefix for router cache key
commit 4cb9e56941922489b83d6425c059cf770991e68f
Author: Evan Prodromou <evan@status.net>
Date: Mon Nov 29 10:31:21 2010 -0500
use a unique hashkey based on the software version and loaded plugins
commit 44458b48aef719543e11f83b41fded65cbcb8be9
Author: Evan Prodromou <evan@status.net>
Date: Sat Nov 27 17:04:15 2010 -0500
cache the NUM object
commit 809c188307a9b4ada15f3d7fa573a6034341efef
Author: Evan Prodromou <evan@status.net>
Date: Sat Nov 27 15:44:12 2010 -0500
accelerate routing by pivoting paths on actions
This provides initial infrastructure for decoupling display names from internal canonical names, but continues to have us storing and using the canonical forms.
It should be/become possible to provide mixed-case and underscore-containing names in links, @-mention, !-group, etc, but we don't store those alternate forms generally.
max_id is not yet implemented, as it'll need support added to the search backends. (since_id we get 'for free' by just cropping off the list, it'll do for now)
- "To" drop-down list now defaults to showing "Select recipient:" instead of the first person on your list, reducing liklihood of accidentally sending a message to the wrong person.
- When there are no mutual subscribers to send to, instead of an empty list the list now shows 'No mutual subscribers.'
In both cases, attempting to send when the default is selected displays an error message.
I'm not disabling form elements in part because our themes right now don't show disabled button state correctly; we might want to tighten that up a bit more once fixed.
This option may be useful for intranet sites that don't have direct access to the internet, as they may be unable to successfully fetch those resources.
- workaround for providers that are skimpy on their data, such as missing width/height or thumbnail_width/thumbnail_height
- workaround for YFrog listing "image" instead of "photo" type
- generally more lax about formatting: if it comes back and looks kinda ok, we'll take it.
- discovery uses system HTML parser, should be more robust if the links include things like ampersands with proper HTML-level escaping
Newly supported:
- TwitPic: added a local function using TwitPic's API, since the oohembed implementation for TwitPic produced invalid output which Services_oEmbed rejects. (bug filed upstream)
Tweaked...
- Flickr: works, now using whitelist to use their endpoint directly instead of going through oohembed
- Youtube: worked around a bug in Services_oEmbed which broke the direct use of API discovery info, so we don't have to use oohembed.
Not currently working...
- YFrog: whitelisting their endpoint directly as the oohembed output is broken, but this doesn't appear to work currently as I think things are confused by YFrog's servers giving a '204 No Content' response on our HEAD checks on the original link.