Commit Graph

3661 Commits

Author SHA1 Message Date
Alexei Sorokin
7081720ecb [DATABASE] Check SQL boolean values with "IS TRUE"
This way UNKNOWN (NULL) explicitly turns to FALSE when three-valued logic is
reduced to binary.
In pgsqlschema, however, use "IS FALSE" as boolean attributes in pg_index are
non-nullable, there is no outer join and there's no clear preference for NULL
reduction.

Over-complicated constructions in TagCloud queries have been simplified, which
should not affect their performance.

Additionally, in TagCloud's lib/subscriptionspeopleselftagcloudsection.php
a typing mistake in an equi-join of "profile_tag" and "profile_list" on
"tagger" was fixed.
That regression was introduced in f446db8e2a
2020-07-21 18:06:39 +03:00
Diogo Cordeiro
4544f29832 [AVATAR] Ensure this Action stays secure 2020-06-28 00:11:47 +01:00
Hugo Sales
477c357f11 [MEDIA] Move AttachmentAction::sendFile to common_send_file
This fixed the wrong content type and status code returned by the Avatar action
2020-06-27 23:23:10 +01:00
Diogo Cordeiro
37ebcc509b [AVATAR] Temporary ImageFile wasn't 2020-06-21 00:34:27 +01:00
Diogo Cordeiro
f9be6f9a85 [AVATAR] Try to delete tmp avatar if something goes wrong during the process 2020-06-20 14:47:35 +01:00
Diogo Cordeiro
2cc2b5b856 [MEDIA] ImageFile fromUpload method wasn't ensuring uploaded file was an image 2020-06-20 14:47:33 +01:00
Alexei Sorokin
194976135f [DATABASE] Some query improvements
Make common_sql_weight employ standard SQL functions for the timestamp
difference in seconds.
Also replace UTC_TIMESTAMP in the MariaDB-specific part with CURRENT_TIMESTAMP
as it is the only occurence and GNU social sets UTC as a default timezone.

In a delete_orphan_files.php script simplify the main query considerably.

In clean_profiles.php stop using COUNT as if it is ANY, that is unnecessary
punishment for the database. Instead implement the anti-join with a
left outer join.

In Autocomplete and Activitypub_profile use joins instead of a WHERE OR
anti-pattern for the semi-joins.

In lib/ui/galleryaction.php replace a CROSS JOIN with an INNER JOIN.

In actions/sup.php remove a redundant subquery: WHERE is applied before
grouping either way.
2020-06-10 16:52:00 +03:00
Alexei Sorokin
09a772419a [DATABASE] Use "<>" as an SQL non-equality sign in more cases
A follow-up to commit 644b417f6c
2020-06-08 18:31:22 +03:00
Alexei Sorokin
6c035d01d4 [DATABASE] Start transactions with START TRANSACTION
"BEGIN" is non-standard and unnecessary.
2020-06-08 12:25:01 +03:00
Alexei Sorokin
2183875e9e [UI] Fix group member pages showing up twice 2020-05-05 16:49:21 +03:00
Hugo Sales
d1c70cb13b [CORE] Make avatars be served with the same mechanism as attachments 2020-04-06 21:14:11 +00:00
Diogo Cordeiro
6833c9f1c2 [SHOWSTREAM] Add robots meta-tag for remote profiles 2020-01-09 17:02:26 +00:00
Diogo Cordeiro
18ade30185 [FORMAT] Ran php-cs-fixer on the handlers of notice items and streams
This was to keep the following two commits readable
- actions/showstream.php
- actions/userbyid.php
- lib/modules/ActivityHandlerModule.php
- lib/modules/ActivityHandlerPlugin.php
- lib/notices/conversationnoticestream.php
- lib/notices/noticelistitem.php
- lib/notices/noticestream.php
- lib/notices/threadednoticelistitem.php
2020-01-09 21:41:34 +00:00
Alexei Sorokin
5bc1b8695e [DATABASE] Disable 'NULL' strings evaluation as SQL NULLs
Use $object->sqlValue('NULL') (identical to DataObject_Cast'ing) instead and
fix related issues like (email|sms)settings considering these NULLs as a
false positive for the E-Mail address still being set when it's been removed.

There could also be security implications to the now-disabled approach of
considering 'NULL' strings as SQL NULLs.
2019-11-02 12:21:43 +03:00
Diogo Cordeiro
d058a70557 [MEDIA] Simplify Attachment actions 2019-10-19 02:57:32 +01:00
Diogo Cordeiro
63caa5044d [LIB_REFACTOR] Fix minor issues 2019-10-19 00:51:52 +01:00
Alexei Sorokin
8f309bc768 Merge branch 'pgsql_support' into nightly 2019-09-12 12:01:50 +03:00
Diogo Cordeiro
7f2019b4af [MODULES] Make disable in admin panel effective 2019-09-12 04:50:46 +01:00
Alexei Sorokin
ee7f0a2016 [DATABASE] Re-introduce PostgreSQL support 2019-09-11 14:14:40 +03:00
Alexei Sorokin
62b90c29db [DATABASE] Introduce a bool type in schema
PostgreSQL has a clear distinction between integers and booleans, so it makes
sense to draw a clear line.
2019-09-11 11:25:39 +03:00
Alexei Sorokin
6911b499d3 [DATABASE] Consistently use the "LIMIT $limit OFFSET $offset" syntax
The "LIMIT $offset, $limit" syntax is only supported by MySQL and MariaDB.
2019-09-11 10:12:49 +03:00
Alexei Sorokin
11dabbe44d [DATABASE] Only use single quotation marks for SQL strings
Double quotation marks are only used for identifiers in the SQL standard.
2019-09-11 09:46:30 +03:00
Alexei Sorokin
0a5a3845db [DATABASE] Set NULL in DB_DataObject in a more reliable manner
Also stop assuming that FeedSub::sub_state (enum) and FeedSub::sub_end
(datetime) can possibly be set to an empty string.
2019-09-11 08:32:19 +03:00
Alexei Sorokin
5b797328f2 [DATABASE] Always quote identifiers
The code used to operate under the assumption that MariaDB doesn't support
quoting identifiers. Not only is that not exactly true, but MariaDB has
reserved keywords that cannot be used as table or column names unquoted.
2019-09-11 08:15:16 +03:00
Miguel Dantas
b41f9620fa [LIB_REFACTOR] Fix requires 2019-09-03 03:33:13 +01:00
Miguel Dantas
58bde08425 [LIB_REFACTOR] Moving files into separate semantic categories 2019-09-03 03:33:13 +01:00
tenma
19409cb999 [ActivityPub] Add support fox search-box profile/notice grabbing
NoticeSearchAction:
- Add new event before finding query matches

ActivityPubPlugin:
- Subscribe new searchNotice event
- Bump minor version number

Activitypub_explorer:
- Update lookup to make remote-grabbing optional
2019-09-03 03:26:35 +01:00
Diogo Cordeiro
1e378a514d [OverwriteThemeBackground] This new plugin will let the admin set a custom background theme independent 2019-09-03 03:26:35 +01:00
Diogo Cordeiro
b42af10905 [MODULES] Allow to delete third party plugins 2019-08-24 01:59:42 +01:00
Diogo Cordeiro
afe8158cb7 [MODULES] Allow to upload third party plugins
Fixed some bugs
2019-08-24 01:59:42 +01:00
Diogo Cordeiro
a05bea0af5 [MODULES] List all available plugins and allow enabling them via UI
Yet another revision of the Admin Plugin Management tool
2019-08-24 01:59:41 +01:00
Diogo Cordeiro
d3c56897a3 [CORE] Core modules shouldn't show up in version action 2019-08-24 01:59:33 +01:00
Diogo Cordeiro
0c2c3ec862 [CORE] Plugin API now extends a new Module API 2019-08-24 01:59:33 +01:00
Diogo Cordeiro
b6e7b18c7b [PLUGIN API] Bug fixes and improvements 2019-08-24 01:59:32 +01:00
brunoccast
0b58465fb9 [CORE] Fix notice delete-form
DeletenoticeAction:
- Added tombstone check before deletion

NoticeListItem:
- Added tombstone check before showing delete-form

ActivityVerb:
- The plugin was overwriting the deletenotice route. Added stronger
regexp to the connected routes.
2019-08-03 17:47:23 +01:00
Miguel Dantas
d295d8b43c [CORE] Added documentation and fixed typo in attachments action 2019-08-03 17:31:44 +01:00
Miguel Dantas
7070a14480 [CORE][StoreRemoteMedia] Fixed bug where sometimes images were written outside the site root 2019-08-03 17:31:43 +01:00
Miguel Dantas
a5259073df [CORE] Fix X-Sendfile for nginx, using the X-Accel-Redirect header 2019-08-03 17:31:43 +01:00
Miguel Dantas
3e5ce46e98 [CORE] Fixed bug where the http connection was using the wrong size for thumbnails, and returning the wrong one 2019-08-03 17:31:42 +01:00
Miguel Dantas
8f31a1a820 [MEDIA][OEMBED] Fixed regression in OEmbed, because it relied on accessing the files directly, which previous commits broke. The File table really should have a bool... 2019-08-03 17:31:42 +01:00
Miguel Dantas
4187568522 [OEMBED][UI] Skip adding an image thumbnail for oembed results if we
don't have a file locally to generate it, which can happen, for
instance, if StoreRemoteMedia is disabled
2019-08-03 17:31:42 +01:00
Miguel Dantas
da82048d77 [MEDIA] Fix trying to display file wich is not available locally 2019-08-03 17:31:41 +01:00
Miguel Dantas
04d1caff78 [CORE] Fixed bug where all thumbnails were using the original file 2019-08-03 17:31:41 +01:00
Miguel Dantas
7643f3cf7b [CORE][ACTION] Removed getfile action. Superseded by attachment/*/download, which additionally uses a file hash as oposed to a filename.
Additionally, added etag and last modified HTTP headers to attachments, to more effectively take advantage of caching
2019-08-03 17:31:41 +01:00
Miguel Dantas
aa5c6bbf08 [CORE][UI] Made attachment actions and its subactions be able to identify attachments by id and by filehash. Changed the url stored in the DB to be attachment//view 2019-08-03 17:31:41 +01:00
Miguel Dantas
9536f2a909 [CORE] Refactored attachement actions to remove duplicate code 2019-08-03 17:31:40 +01:00
Miguel Dantas
c7475d78b4 [CORE][UI][ROUTER] Added view action, which inlines images and videos but downloads everything else. Fixed File url to get an URL fromthe view action, so when a making a remote notice, the correct URL is used, not accessing directly to the file 2019-08-03 17:31:40 +01:00
Miguel Dantas
3c9a07677e [CORE] Attachments and thumbnails aren't accessed directly by the file under the file storage folder, but indirectly from PHP, so that access to the file folder can be blocked in the server config 2019-08-03 17:31:40 +01:00
Miguel Dantas
5eb4a7d711 [MEDIA] File downloader now in PHP, added proper name in the UI and changed the format for new attachment file names
The file downloader was changed from a simple redirect to the file to one
implemented in PHP, which should make it safer, by making it possible disallow
direct access to the file, to prevent executing of atttachments

The filename has a new format:
  bin2hex("{$original_name}")."-{$filehash}"
This format should be respected. Notice the dash, which is important to distinguish it from the previous
format, which was "{$hash}.{$ext}"

This change was made to both make the experience more user friendly, by
providing a readable name for files, as opposed to it's hash. This name is taken
from the upload filename, but, clearly, as this wasn't done before, it's
impossible to have a proper name for older files, so those are displayed as
"untitled.{$ext}".

This new name is displayed in the UI, instead of the previous name.
2019-08-03 17:31:36 +01:00
Diogo Cordeiro
46be9b76ef [CORE] Fix wrong Profile_list schema and set created in user_im_prefs properly - by XRevan86
This reverts 496ab8c9, which was a bad correction of user_im_prefs values
2019-07-24 22:28:06 +01:00