Craig Andrews
255ba42ef1
use library function to determine if https should be used for recaptcha
2010-10-27 00:11:55 -04:00
Craig Andrews
9f9126e524
Load MS Virtual Earth javascript over https when browsing in https
2010-10-27 00:09:43 -04:00
Craig Andrews
bc6a61dc89
Use https for gravatars
...
No reason not to use https, and doing so prevents mixed content warnings when the avatars are used on https pages.
2010-10-26 23:56:59 -04:00
Craig Andrews
5476ffa944
add StrictTransportSecurity plugin
2010-10-26 23:46:18 -04:00
Brion Vibber
ca489631db
Merge branch '0.9.x' into 1.0.x
...
Conflicts:
actions/subscriptions.php
lib/router.php
lib/xmppmanager.php
lib/xmppoutqueuehandler.php
2010-10-25 13:08:57 -07:00
Samantha Doherty
01637bcd32
Base theme styling for oauth pin and desktop mode.
2010-10-25 16:00:34 -04:00
Zach Copley
78396db28a
Forgot to add the OAuth verifier pin page to sensitive array
2010-10-25 12:36:03 -07:00
Zach Copley
0dcc3f8d71
We don't need to have editapplication (only showapplication) in the
...
sensitive array because it doesn't expose the consumer keypair
2010-10-25 12:10:52 -07:00
Zach Copley
3954ab39ae
Add OAuth token exchange endpoint to 'sensitive' array; i.e.: use SSL if
...
available
2010-10-25 11:52:17 -07:00
Zach Copley
82c280979d
Add special CSS classes to OAuth authorization and pin pages when
...
in desktop mode
2010-10-25 11:25:35 -07:00
Zach Copley
479096c8d7
Less scary OAuth authorization messages when using anonymous consumer
2010-10-25 10:38:40 -07:00
Evan Prodromou
aef88c7cee
max_id is inclusive
2010-10-25 11:18:49 -04:00
Evan Prodromou
968f9b0513
change max_id from < to <=
2010-10-25 11:08:53 -04:00
Siebrand Mazeland
1545c1228b
Localisation updates from http://translatewiki.net .
2010-10-23 20:50:55 +02:00
Siebrand Mazeland
3329685beb
* onPluginVersion added.
...
* i18n fix: use _m() in plugins, don't use _()
* some translator documentation added.
* superfluous whitespace removed.
2010-10-23 19:23:25 +02:00
Siebrand Mazeland
0b6cc7c33d
* translator documentation added.
...
* superfluous whitespace removed.
2010-10-23 19:20:51 +02:00
Brion Vibber
eb30c6651a
Additional fixes found while looking at ticket #2532 : when given a screen name as API parameter for a profile, do the nickname lookup on local users only. The profile table can't guarantee unique lookups, so using names isn't currently safe there. This won't affect anything using local nicknames correctly, and may avoid some weird bugs if there were conflicts between local and remote nicknames.
2010-10-22 13:53:10 -07:00
Brion Vibber
2d124e4aab
Fix for ticket #2532 : fixed API block create/destroy when specifying the target user/profile as a separate query parameter, such as api/blocks/create.xml?param=xxx
...
The router settings weren't quite right so we ended up with bogus regex values passed in as the 'id' parameter, which broke the regular fallback ordering of parameter checks.
2010-10-22 13:51:28 -07:00
Brion Vibber
783f28c8b1
Merge branch '0.9.x' of gitorious.org:statusnet/mainline into 0.9.x
2010-10-22 12:14:45 -07:00
Brion Vibber
e292d8fb65
Fix for 140-char replies being unexpectedly cropped when bridged to Twitter.
...
This drops the '@' -> ' @' hack for CURL meta-chars in outgoing Twitter bridge, added in commit 04b95c25
back in the day.
The Twitter bridge has since been switched from using direct CURL calls to using HTTPClient, which even with the CURL backend enabled doesn't trigger this issue, as POST parameters are formatted directly.
Prepending the space before we did the message cropping was leading to 140-char messages getting cropped unnecessarily, which was confusing:
Examples of broken messages:
http://identi.ca/notice/57172587 vs http://twitter.com/marjoleink/status/28398050691
http://identi.ca/notice/57172878 vs http://twitter.com/marjoleink/status/28398492563
2010-10-22 12:10:11 -07:00
Zach Copley
3969870cf3
Normalize HTML body ids to lowercase when the user is logged out as well.
2010-10-22 18:32:08 +00:00
Zach Copley
ae557ed436
Merge branch '0.9.x' of gitorious.org:statusnet/mainline into 0.9.x
2010-10-22 11:23:37 -07:00
Zach Copley
3913b6a5d8
Updated styling for OAuth authorization page's desktop mode.
...
TODO: move these styles into the main CSS file.
2010-10-22 11:21:44 -07:00
Brion Vibber
6841a8d093
RegisterThrottlePlugin tweak for silencing checks: make sure we don't crash during registration if another profile registered from this address has been since deleted.
...
Followup to commit 1caa08429f
2010-10-22 11:07:19 -07:00
Evan Prodromou
1caa08429f
Collective guilt for registrants from the same IP address
...
If someone tries to register from an IP address that a silenced user
has registered from, prevent it.
When silencing someone, silence everyone else who registered from the
same IP address.
2010-10-22 13:29:51 -04:00
Evan Prodromou
1d85bfece1
New events when granting and revoking roles
...
Four new events for when roles are granted or revoked.
2010-10-22 10:31:50 -04:00
Evan Prodromou
07bc50eaed
Merge branch 'bettercachelog' into 0.9.x
2010-10-22 09:25:13 -04:00
Evan Prodromou
e1e79e6236
Merge remote branch 'gitorious/0.9.x' into 0.9.x
2010-10-22 09:24:49 -04:00
Evan Prodromou
2484d8edc2
more detailed information in cachelogplugin
2010-10-22 09:24:19 -04:00
Brion Vibber
d6f4588b9e
Workaround for http_build_query() oddities in low-level router parent code when PHP config is set with non-default separator.
2010-10-21 19:10:43 -07:00
Zach Copley
131c339c5a
Pass OAuth authorize page's mode paramater to OpenID plugin so it can create a correct
...
returnto URL
2010-10-22 02:08:38 +00:00
Zach Copley
ac45f661f6
Fix regression (whoops!)
2010-10-21 18:38:54 -07:00
Zach Copley
c5a84ef76f
Merge branch '0.9.x' of gitorious.org:statusnet/mainline into 0.9.x
2010-10-21 18:16:35 -07:00
Zach Copley
0b134d3e69
Re-camelcase ApiOauthAuthorizeAction so it will be accessible when
...
a site is in pivate mode
2010-10-21 18:15:11 -07:00
Zach Copley
aa6ec40c51
Fix syntax errors
2010-10-22 00:48:26 +00:00
Zach Copley
ce0d81c190
OAuth - inform consumer when user refused to authorize a request token
...
http://status.net/open-source/issues/2848
2010-10-21 17:11:59 -07:00
Zach Copley
94f7bfa50a
Don't show 'anonymous' app in OAuth application list.
2010-10-21 16:42:59 -07:00
Zach Copley
4ab110e071
Fix bad reference.
2010-10-21 14:52:41 -07:00
Zach Copley
a548861dbf
OAuth - proper callback handling and better styling for authorization
...
page when in desktop mode
2010-10-21 14:45:42 -07:00
Zach Copley
fb86e7c285
Normalize all action HTML body ids to lowercase
2010-10-21 13:03:56 -07:00
Zach Copley
648f79be10
Change OAuth authorization page's action name to be inline with
...
other web page action names so the body id outputs correctly. Fix
some other bugs.
2010-10-21 13:00:59 -07:00
Zach Copley
bab012bd67
New "desktop" mode for the OAuth authorization page. If mode=deskstop
...
is specified in the request the page is probably meant to be displayed
in a small webview of another application, so suppress header, aside
and footer.
2010-10-21 12:23:04 -07:00
James Walker
8ac8f3d2dc
Memcache::set() 3rd param should be flags (4th is expire). This throws a "2 lowest bytes reserved" error in Memcache > 3.0.3
2010-10-21 12:20:14 -04:00
Siebrand Mazeland
cb74822e7a
i18n/L10n consistency updates.
2010-10-21 13:20:21 +02:00
Zach Copley
500157998a
Merge branch '0.9.x' of git@gitorious.org:statusnet/mainline into 0.9.x
2010-10-21 01:18:53 +00:00
Zach Copley
f283a283b7
Fix syntax error
2010-10-21 01:17:59 +00:00
Siebrand Mazeland
fb12094f61
i18n/L10n updates, translator docs updated, superfluous whitespace removed.
2010-10-21 03:10:46 +02:00
Zach Copley
bfdb8385ec
Merge branch '0.9.x' of gitorious.org:statusnet/mainline into 0.9.x
...
Conflicts:
actions/apioauthauthorize.php
lib/apioauthstore.php
2010-10-20 17:28:28 -07:00
Craig Andrews
90c87553ee
Redirect to https when making an http request for a sensitive action
2010-10-20 20:26:35 -04:00
Zach Copley
e56385a7bb
Use a new table (oauth_token_association) to associate authorized
...
request tokins with OAuth client applications and profiles.
2010-10-20 17:21:04 -07:00