Commit Graph

154 Commits

Author SHA1 Message Date
Mikael Nordfeldth
a61235086b Use config site/sslproxy to force HTTPS (i.e. using reverse proxy to enable it)
Usage in config.php: $config['site']['sslproxy'] = true;

Add this to documentation...
2016-02-10 01:05:02 +01:00
Mikael Nordfeldth
5b11238010 Don't use system include path
Sometimes systems have _old_ DB_DataObject classes lying around that
get included by default, so we just try to avoid anything that we don't
ship ourselves.

<MMN-o> BeS: I'll commit a patch that will make this issue go away
<BeS> MMN-o: that would be awesome!
<MMN-o> but it might upset bashrc who's working on a Debian package (where you're _supposed_ to include from /usr/php etc. :P)
<MMN-o> but I'll leave a comment along with it
2016-01-28 20:31:46 +01:00
Mikael Nordfeldth
6834f355f2 Making ClientExceptions turn into ClientErrorAction
Got some 404s which were presented as 500
2016-01-14 02:47:28 +01:00
Mikael Nordfeldth
8fac7a9f6c StatusNet class renamed GNUsocial
also added backward compatible StatusNet class for the two calls I know
third party plugins use, isHTTPS and getActivePlugins
2015-02-27 12:44:15 +01:00
Mikael Nordfeldth
a2360f7538 check-fancy test gave confusing output (not the real message) 2014-07-10 13:10:48 +02:00
Mikael Nordfeldth
f42f7a1c85 Removed some lighttpd-specific code that messed up Unicode parameters 2014-07-04 19:16:23 +02:00
Mikael Nordfeldth
c00491cd7a Cosmetic changes to common_redirect, clientError, serverError
Since these functions exit (or throw exception) after running, there
is no need to have a 'return' statement or similar afterwards.
2014-03-10 00:25:57 +01:00
Mikael Nordfeldth
ed4fa71986 Snapshot call was left behind 2014-02-23 15:01:23 +01:00
Mikael Nordfeldth
a0e107f17f Implemented WebFinger and replaced our XRD with PEAR XML_XRD
New plugins:
* LRDD
    LRDD implements client-side RFC6415 and RFC7033 resource descriptor
    discovery procedures. I.e. LRDD, host-meta and WebFinger stuff.

    OStatus and OpenID now depend on the LRDD plugin (XML_XRD).

* WebFinger
    This plugin implements the server-side of RFC6415 and RFC7033. Note:
    WebFinger technically doesn't handle XRD, but we serve both that and
    JRD (JSON Resource Descriptor), depending on Accept header and one
    ugly hack to check for old StatusNet installations.

    WebFinger depends on LRDD.

We might make this even prettier by using Net_WebFinger, but it is not
currently RFC7033 compliant (no /.well-known/webfinger resource GETs).

Disabling the WebFinger plugin would effectively render your site non-
federated (which might be desired on a private site).

Disabling the LRDD plugin would make your site unable to do modern web
URI lookups (making life just a little bit harder).
2013-09-30 22:04:52 +02:00
Mikael Nordfeldth
4c6803a054 GNUSOCIAL is the new defined indicator
STATUSNET is still there for compatibility, so we don't have to change
all scripts at once yet...
2013-09-18 00:35:49 +02:00
Mikael Nordfeldth
b18e24723f Preparing more object-oriented Action handling
Action classes can now be run by calling the static function 'run'.
Eventually actions will be migrated so most functionality gets put
into parent classes, and the children don't have to have as much
duplicate code as they have now.
2013-08-29 23:33:05 +02:00
Evan Prodromou
c9d635b675 Fix hand-made trim in getPath() with ltrim (duh) 2011-10-03 09:26:42 -04:00
Evan Prodromou
6145df6670 trim initial '/' from paths 2011-10-03 09:15:53 -04:00
Brion Vibber
2967c5c0fa issue #3261 -- fix generic exception handler to pass through generic exception info, as already done for exceptions happening within an action. This fixes things like addPlugin() failures being hidden with a generic message.
If any email issues remain, they should be treated specifically if special treatment is needed.
2011-07-26 15:56:04 -07:00
Evan Prodromou
55068030d2 hook for defining new read-write tables 2011-05-06 17:18:38 -07:00
Siebrand Mazeland
34ed86981b Fixes for an xgettext peculiarity. 2011-04-04 01:01:42 +02:00
Siebrand Mazeland
2dbdb0f185 Translator documentation updated/added.
i18n tweaks.
Superfluous whitespace removed.

YAY! All StatusNet core messages in the 1.0.x branch have been documented at this point in time!!!
2011-04-04 00:41:48 +02:00
Zach Copley
b7d0746694 Merge branch '0.9.x' into 1.0.x
Conflicts:
	actions/confirmaddress.php
	actions/emailsettings.php
	actions/hostmeta.php
	actions/imsettings.php
	actions/login.php
	actions/profilesettings.php
	actions/showgroup.php
	actions/smssettings.php
	actions/urlsettings.php
	actions/userauthorization.php
	actions/userdesignsettings.php
	classes/Memcached_DataObject.php
	index.php
	lib/accountsettingsaction.php
	lib/action.php
	lib/common.php
	lib/connectsettingsaction.php
	lib/designsettings.php
	lib/personalgroupnav.php
	lib/profileaction.php
	lib/userprofile.php
	plugins/ClientSideShorten/ClientSideShortenPlugin.php
	plugins/Facebook/FBConnectSettings.php
	plugins/Facebook/FacebookPlugin.php
	plugins/NewMenu/NewMenuPlugin.php
	plugins/NewMenu/newmenu.css
2011-02-28 15:39:43 -08:00
Brion Vibber
de7726dd00 Performance counters: records number of total and unique cache get/set/incr/deletes and queries, and logs to syslog.
$config['site']['logperf'] = true; // to record & dump total hits of each type and the runtime to syslog
$config['site']['logperf_detail'] = true; // very verbose -- dump the individual cache keys and queries as they get used (may contain private info in some queries)

Seeing 180 cache gets on a timeline page seems not unusual currently; since these run in serial, even relatively small roundtrip times can add up heavily.
We should consider ways to reduce the number of round trips, such as more frequently storing compound objects or the output of processing in memcached.
Doing parallel multi-key lookups could also help by collapsing round-trip times, but might not be easy to fit into SN's object model. (For things like streams this should actually work pretty well -- grab the list, then when it's returned go grab all the individual items in parallel and return the list)
2011-01-31 13:12:56 -08:00
Evan Prodromou
ca4bf54131 add a comment to show runtime at the end of a page 2011-01-31 13:59:38 -05:00
Evan Prodromou
f9b2feb7f5 Merge branch '0.9.x' into 1.0.x
Conflicts:
	README
2011-01-12 18:05:56 -05:00
Brion Vibber
6e894c010f Merge branch 'master' of gitorious.org:statusnet/mainline into 0.9.x 2011-01-04 12:14:08 -08:00
Brion Vibber
fb9ecddbf1 Ticket #2649: fix for undefined $base_url in lighttpd code path
The $base_url var is never defined, and the code has actually always been wrong since it was added.
Just removing it seems to work fine :)
2011-01-04 12:07:52 -08:00
Evan Prodromou
7aa201fa52 Merge branch 'master' into 0.9.x
Conflicts:
	lib/router.php
2010-11-30 14:46:26 -05:00
Craig Andrews
3f3b38766f move xrd and hostmeta out of the OStatus plugin and into core
add event for setting up hostmeta, and use them in the OStatus plugin
2010-11-26 21:12:14 -05:00
Evan Prodromou
806832e339 Revert "Ticket #2796: don't allow arbitrary overriding of the 'action' class and other parameters pulled from the URL mapper."
This reverts commit 4193a826d3.
2010-11-26 11:18:41 -05:00
Brion Vibber
4193a826d3 Ticket #2796: don't allow arbitrary overriding of the 'action' class and other parameters pulled from the URL mapper.
This protects against oddities such as manual invocation of the ClientError action, which can spoof error messages.
2010-11-19 15:30:52 -08:00
Craig Andrews
90c87553ee Redirect to https when making an http request for a sensitive action 2010-10-20 20:26:35 -04:00
Craig Andrews
8d54809c35 move xrd and hostmeta out of the OStatus plugin and into core
add event for setting up hostmeta, and use them in the OStatus plugin
2010-09-07 13:45:52 -04:00
Evan Prodromou
86a702953a Merge branch '0.9.x' into 1.0.x 2010-09-06 10:12:17 -04:00
Brion Vibber
ab0ced4dfd Suppress notices in index.php running under lighttpd 2010-09-03 17:57:23 -07:00
Brion Vibber
b1a68e15b7 Merge branch '0.9.x' of gitorious.org:statusnet/mainline into 1.0.x
Conflicts:
	lib/default.php
	lib/util.php
	plugins/UrlShortener/UrlShortenerPlugin.php (has been removed?)
2010-06-10 15:37:06 -07:00
Brenda Wallace
1cd029753f added 2 missing authors, foudn automatically in git logs 2010-06-08 16:27:10 +12:00
Craig Andrews
6317f7d92b Assigning my copyrights to the Free Software Foundation 2010-05-27 18:27:33 -04:00
Brion Vibber
cae1329f3b Merge branch '0.9.x' into 1.0.x
Conflicts:
	lib/util.php
2010-04-30 13:16:13 -07:00
Craig Andrews
42348bc167 add rsd to the list of login actions
Allows rsd.xml to be reached on private sites. Fixes http://status.net/trac/ticket/2309
2010-04-27 22:00:26 -04:00
Craig Andrews
d7d3a50d87 Don't attempt to retrieve the current user from the DB while processing a DB error 2010-04-18 19:28:49 -04:00
Craig Andrews
9398c61ed3 Use PHP exceptions for PEAR error handling.
Allows for the common try/catch construct, which makes error handling cleaner and easier.
2010-04-18 19:28:41 -04:00
Brion Vibber
26f49de0dd Merge branch 'testing' of git@gitorious.org:statusnet/mainline into 0.9.x
Conflicts:
	lib/attachmentlist.php
2010-03-22 12:37:45 -07:00
Brion Vibber
4168b9cec1 Log backtraces for non-ClientException exceptions caught at the top-level handler. 2010-03-22 11:33:56 -07:00
Brion Vibber
f62b8a80cf Pull back for now on switch of PEAR error mode to exceptions; seems to trigger out exceptions at various times we don't want them.
For instance this was throwing an exception for DB_DataObject::staticGet when there's no match... definitely not what we want when all our code expects to get a nice null.
Example of this causing trouble: http://gitorious.org/statusnet/mainline/merge_requests/131

Revert "Don't attempt to retrieve the current user from the DB while processing a DB error"

This reverts commit 68347691b0.

Revert "Use PHP exceptions for PEAR error handling."

This reverts commit d8212977ce.
2010-03-16 16:32:25 -07:00
Brion Vibber
88f66131a1 Pull back for now on switch of PEAR error mode to exceptions; seems to trigger out exceptions at various times we don't want them.
For instance this was throwing an exception for DB_DataObject::staticGet when there's no match... definitely not what we want when all our code expects to get a nice null.
Example of this causing trouble: http://gitorious.org/statusnet/mainline/merge_requests/131

Revert "Don't attempt to retrieve the current user from the DB while processing a DB error"

This reverts commit 68347691b0.

Revert "Use PHP exceptions for PEAR error handling."

This reverts commit d8212977ce.
2010-03-16 16:24:31 -07:00
Jeffery To
fa1262f51e Fixed IE7 prompting the user to download OpenSearch description xml after login (for a private site)
Flow:
1. Browser (IE7) is redirected to the login page.
2. Browser reads the page, sees OpenSearch descriptions, tries to
   download them. Each request gets recorded by SN as the page the user
   should be redirected to after logging in (returnto).
3. User logs in, then gets redirected to the returnto action, which is
   an OpenSearch description.

The OpenSearch descriptions aren't sensitive so making them public in a
private site should be okay.

(I recall fixing this in 0.8.x... :-( )
2010-03-16 11:38:51 -04:00
Brion Vibber
b218aee94e Merge commit 'origin/testing' into 0.9.x
Conflicts:
	lib/action.php
	lib/adminpanelaction.php
2010-03-04 06:07:28 -08:00
James Walker
4103e8584c Making one time passwords work on private sites 2010-03-03 18:17:40 -05:00
Brion Vibber
06db00d303 remove debug line 2010-03-03 15:15:46 -08:00
Brion Vibber
0881eba80e Language setting fixes:
- switch 'en_US' to 'en', fixes the "admin panel switches to Arabic" bug
- tweak setting descriptions to clarify that most of the time we'll be using browser language
- add a backend switch to disable language detection (should this be exposed to ui?)
2010-03-03 12:10:43 -08:00
Craig Andrews
68347691b0 Don't attempt to retrieve the current user from the DB while processing a DB error 2010-03-01 21:53:54 -05:00
Craig Andrews
d8212977ce Use PHP exceptions for PEAR error handling.
Allows for the common try/catch construct, which makes error handling cleaner and easier.
2010-03-01 21:44:41 -05:00
Evan Prodromou
dc62246443 Add a robots.txt URL to the site root
Adds a robots.txt file to the site root. Defaults defined by
'robotstxt' section of config. New events StartRobotsTxt and
EndRobotsTxt to let plugins add information. Probably not
useful if path is not /, but won't hurt anything, either.
2010-01-31 10:12:26 -05:00