Diogo Cordeiro
ec32db2dd6
[CORE][COMPOSER] Add hoa/consistency
...
Renamed curry to callable_left_curry
2019-08-03 17:47:27 +01:00
Diogo Cordeiro
411e8ed79d
[CORE] Downgrade phpseclib to a working state
2019-08-03 17:47:26 +01:00
Daniel Supernault
c1c2a9f1a1
[DEVTOOL] Add a robust and modern REPL
2019-08-03 17:47:26 +01:00
Daniel Supernault
2850e56f30
[CORE] Add custom favicon configuration support
...
Adds support for custom favicons defined in config.php that override theme favicons.
2019-08-03 17:47:26 +01:00
Daniel Supernault
9c0354bbf1
[CORE] Remove function_exists() calls and add up default bcrypt cost to 12.
2019-08-03 17:47:26 +01:00
Daniel Supernault
c09f1c2443
[CORE] Add Argon2I support
...
Add Argon2I support, disabled by default.
2019-08-03 17:47:25 +01:00
Daniel Supernault
912f2c3567
[CORE] Update AuthCryptPlugin
...
Added password_hash() (bcrypt) support with fallback to crypt() for older PHP versions.
2019-08-03 17:47:25 +01:00
Daniel Supernault
ad51998d67
[CORE] Add timing safe backwards compatible password_verify
2019-08-03 17:47:25 +01:00
Diogo Cordeiro
1049080df5
[CORE] Move public resources to a /public directory
...
Advantages:
* Increases security by preventing direct access to file/
* We are careful and have a defined('GNUSOCIAL') || die() to prevent
direct access to GS files, but we may miss one or a vendor/extlib may
not be as careful
* Improves directory structure - It's more natural to physically
separate what is public from what are GNU social resources
2019-08-03 17:47:25 +01:00
Diogo Cordeiro
966b00617e
[CORE] Remove PEAR Command as it is not used
2019-08-03 17:47:25 +01:00
Diogo Cordeiro
b408208e4c
[FORMAT] Run php-cs-fixer in php-gettext
2019-08-03 17:47:24 +01:00
Diogo Cordeiro
a1edc2c6a9
[CORE][COMPOSER] Move plugins extlibs to composer (where appropriate)
2019-08-03 17:47:24 +01:00
Diogo Cordeiro
2a06261f75
[CORE][COMPOSER] Move extlib packages with immediate composer correspondent to composer dependencies
...
This adds a composer.json for all dependencies that are available
2019-08-03 17:47:24 +01:00
brunoccast
0b58465fb9
[CORE] Fix notice delete-form
...
DeletenoticeAction:
- Added tombstone check before deletion
NoticeListItem:
- Added tombstone check before showing delete-form
ActivityVerb:
- The plugin was overwriting the deletenotice route. Added stronger
regexp to the connected routes.
2019-08-03 17:47:23 +01:00
Diogo Cordeiro
f67a93eddc
[CORE] Bump Database requirement to MariaDB 10.3+
2019-08-03 17:47:23 +01:00
Diogo Cordeiro
7044f0e2cf
[Media] Fix undefined variable box in imagefile.php
2019-08-03 17:47:23 +01:00
Miguel Dantas
ed7a88ce66
[StoreRemoteMedia] Added documentation for feature which limits the maximum filesize which is kept locally
2019-08-03 17:47:22 +01:00
Miguel Dantas
e392160435
[ROUTES] Fixed attachment routes, broken by channges in fa378462f4
2019-08-03 17:47:17 +01:00
brunoccast
5c0a3102ff
[ROUTES] Allow accept-header specification during router creation
...
Router:
- Fix calls to connect, most of them were misusing the function's params
URLMapper:
- Minor fixes
- Documentation
- Add support for accept-header specification
Plugins/*:
- Fix calls to connect
2019-08-03 17:47:16 +01:00
brunoccast
2032c7c1f7
[ROUTES] PSR2-format
2019-08-03 17:31:44 +01:00
Miguel Dantas
d295d8b43c
[CORE] Added documentation and fixed typo in attachments action
2019-08-03 17:31:44 +01:00
Miguel Dantas
ee8bac9ad7
[CORE] Fix bug where we we're losing track of a file, in case the image needed to be reencoded
2019-08-03 17:31:44 +01:00
Miguel Dantas
4863bd30d7
[CORE] Fixed Media tests
2019-08-03 17:31:43 +01:00
Miguel Dantas
7070a14480
[CORE][StoreRemoteMedia] Fixed bug where sometimes images were written outside the site root
2019-08-03 17:31:43 +01:00
Diogo Cordeiro
a38f25f7cd
[PEAR] Modernize Validate code
...
Upgraded IDNA to IDNA2
Added PEAR Date
> fixed: The each function is deprecated
2019-08-03 17:31:43 +01:00
Miguel Dantas
a5259073df
[CORE] Fix X-Sendfile for nginx, using the X-Accel-Redirect header
2019-08-03 17:31:43 +01:00
Miguel Dantas
3e5ce46e98
[CORE] Fixed bug where the http connection was using the wrong size for thumbnails, and returning the wrong one
2019-08-03 17:31:42 +01:00
Miguel Dantas
f746866b65
[StoreRemoteMedia] StoreRemoteMedia now uses the new filename format, which allows it to display correctly in the UI. Formatting fixes
2019-08-03 17:31:42 +01:00
Miguel Dantas
8f31a1a820
[MEDIA][OEMBED] Fixed regression in OEmbed, because it relied on accessing the files directly, which previous commits broke. The File table really should have a bool...
2019-08-03 17:31:42 +01:00
Miguel Dantas
4187568522
[OEMBED][UI] Skip adding an image thumbnail for oembed results if we
...
don't have a file locally to generate it, which can happen, for
instance, if StoreRemoteMedia is disabled
2019-08-03 17:31:42 +01:00
Miguel Dantas
da82048d77
[MEDIA] Fix trying to display file wich is not available locally
2019-08-03 17:31:41 +01:00
Miguel Dantas
04d1caff78
[CORE] Fixed bug where all thumbnails were using the original file
2019-08-03 17:31:41 +01:00
Miguel Dantas
bea06da531
[INSTALL] Fixed issue in installing where default.php needs util.php but it's not loaded
2019-08-03 17:31:41 +01:00
Miguel Dantas
7643f3cf7b
[CORE][ACTION] Removed getfile action. Superseded by attachment/*/download, which additionally uses a file hash as oposed to a filename.
...
Additionally, added etag and last modified HTTP headers to attachments, to more effectively take advantage of caching
2019-08-03 17:31:41 +01:00
Miguel Dantas
aa5c6bbf08
[CORE][UI] Made attachment actions and its subactions be able to identify attachments by id and by filehash. Changed the url stored in the DB to be attachment//view
2019-08-03 17:31:41 +01:00
Miguel Dantas
9536f2a909
[CORE] Refactored attachement actions to remove duplicate code
2019-08-03 17:31:40 +01:00
Miguel Dantas
c7475d78b4
[CORE][UI][ROUTER] Added view action, which inlines images and videos but downloads everything else. Fixed File url to get an URL fromthe view action, so when a making a remote notice, the correct URL is used, not accessing directly to the file
2019-08-03 17:31:40 +01:00
Miguel Dantas
3c9a07677e
[CORE] Attachments and thumbnails aren't accessed directly by the file under the file storage folder, but indirectly from PHP, so that access to the file folder can be blocked in the server config
2019-08-03 17:31:40 +01:00
Miguel Dantas
b669f57068
[CORE] Fixed common_get_preferred_php_upload_limit, because some values in php.ini can be -1 or 0 for unlimited
2019-08-03 17:31:40 +01:00
Miguel Dantas
ccebe536b3
[MEDIA] Removed blacklisted extensions, "trusts" upload extension (doesn't affect anything) and updated sysadmin documentation
...
Fixes bug which broke the UI. Oops
2019-08-03 17:31:39 +01:00
Miguel Dantas
b9a0733062
[MEDIA][CORE] Add common function for converting a string with a size unit to an int and MediaFile uses file_quota
2019-08-03 17:31:39 +01:00
Miguel Dantas
5961b45140
[MEDIA][UI] In case an attachment preview isn't possible, the name is displayed anyway
2019-08-03 17:31:39 +01:00
Miguel Dantas
5f53738376
[MEDIA][UI] Added preview support for BMP, WEBP and ICO, displaying the name underneath, centered
2019-08-03 17:31:38 +01:00
Miguel Dantas
5eb4a7d711
[MEDIA] File downloader now in PHP, added proper name in the UI and changed the format for new attachment file names
...
The file downloader was changed from a simple redirect to the file to one
implemented in PHP, which should make it safer, by making it possible disallow
direct access to the file, to prevent executing of atttachments
The filename has a new format:
bin2hex("{$original_name}")."-{$filehash}"
This format should be respected. Notice the dash, which is important to distinguish it from the previous
format, which was "{$hash}.{$ext}"
This change was made to both make the experience more user friendly, by
providing a readable name for files, as opposed to it's hash. This name is taken
from the upload filename, but, clearly, as this wasn't done before, it's
impossible to have a proper name for older files, so those are displayed as
"untitled.{$ext}".
This new name is displayed in the UI, instead of the previous name.
2019-08-03 17:31:36 +01:00
Diogo Cordeiro
f717081893
[OEmbed] Revert filename change introduced with 96ce758c
2019-08-03 17:30:52 +01:00
Diogo Cordeiro
01b5118c6f
[Oembed] Refactoring and some improvements (namely documentation)
...
Imported some changes from postActiv
2019-08-03 17:30:52 +01:00
Diogo Cordeiro
d705bcbd98
[CORE] Use random_bytes() if available and improve common_confirmation_code() randomness.
...
With PHP 7 comes the [random_bytes()](https://php.net/manual/en/function.random-bytes.php ) and the [random_int()](https://www.php.net/manual/en/function.random-int.php ) function which generates cryptographically secure pseudo-random bytes and integers, respectively.
2019-08-03 17:29:14 +01:00
Diogo Cordeiro
f0f5ecb756
[SCRIPTS] Fix sessiongc by XRevan86
2019-08-01 14:38:04 +01:00
Diogo Cordeiro
c0342b1482
[DOCUMENTATION] Allow install.php to be ran with sample nginx conf
2019-08-01 14:37:59 +01:00
Diogo Cordeiro
d1fc7c0774
[CORE] MySQL 5.5 support fully restored
2019-07-25 15:35:24 +01:00