Commit Graph

16207 Commits

Author SHA1 Message Date
Mikael Nordfeldth
3dce6d9f6a Implement a common_purify for htmLawed and more
We're removing unicode formatting characters as well, such as RTL marks.
For more info on why we're because extra cautious (but may accept the
characters in later versions) you can read:
https://blog.malwarebytes.org/online-security/2014/01/the-rtlo-method/
2015-02-18 00:10:31 +01:00
Mikael Nordfeldth
9aa59c7f62 forgot primary key column to updateWithKeys in SalmonAction 2015-02-17 21:31:35 +01:00
Mikael Nordfeldth
7ba7f43199 Don't linkify bare domains by default
It's too farfetched to assume any text.com in a notice is an HTTP URL.
For example stuff like pasting from log entries, with domain.com:1234
where 1234 is a _PID_ or something, not a port number for http://...
2015-02-17 20:54:32 +01:00
Mikael Nordfeldth
c31c2d10b9 PHP>=5.4.0 lets us use Transliterator, tags now asciified!
For example: #REVOLUCIÓN becomes #revolucion instead of #revolución
2015-02-17 20:17:22 +01:00
Mikael Nordfeldth
59763ceecb SalmonAction now updates remote URI if it was stale.
After doublechecking two identities so that they match (like one that was
previously http:// but now is https://) we update the URI in our database
to match.

This has to be verified so it's not easy to fool our script and thus make
us replace legitimate URIs with fake ones. I believe the callback method
is safe, but I'm not sure how well it handles HTTP MITM attacks etc.
2015-02-17 17:35:45 +01:00
Mikael Nordfeldth
282f4d6a89 Various $this->scoped fixes and protected prepare/handle in API actions 2015-02-17 17:20:00 +01:00
Mikael Nordfeldth
6cdedf6049 Replace $this->user/auth_user with $this->scoped in lib/apiaction.php
We prefer handling a Profile class rather than the User class, as some
functions might be useful for remote users as well, which cannot be
handled via the User class.
2015-02-17 17:16:33 +01:00
Mikael Nordfeldth
61aa71ed34 Subscription class gets exception throwing getSubscription function 2015-02-17 17:15:47 +01:00
Mikael Nordfeldth
901a825b61 Non-functional "retweeted to me" API call modified (but not fixed)
For some reason the "retweeted to me" part of the Twitter API was removed
when Evan made some inbox changes back in the StatusNet days. We might
recover this functionality, but not yet. The proper function calls are
however fixed in this commit.
2015-02-17 16:48:24 +01:00
Mikael Nordfeldth
75f35bcfe7 apiauth action with ->user changed to ->scoped 2015-02-17 16:39:27 +01:00
Mikael Nordfeldth
406b6148f5 CSS: notice images no wider than 100%
We should actually not allow remote images to be given in the src attribute
because they can be used for tracking and other nasty stuff without being
seen by the enduser.

Also, allowing remote images linked like this won't work for users who run
plugins like RequestPolicy etc. anyway. A better method would be to make
them listed as attachments instead. Then we can use that subsystem for
making thumbnails to store locally, hotlinking sources and whatnot.
2015-02-17 01:26:18 +01:00
Mikael Nordfeldth
6862184956 Merge commit 'refs/merge-requests/47' of https://gitorious.org/social/mainline into merge-requests/47 2015-02-15 23:06:22 +01:00
Mikael Nordfeldth
2b181b40f7 Merge commit 'refs/merge-requests/48' of https://gitorious.org/social/mainline into merge-requests/48 2015-02-15 22:54:48 +01:00
Marcus Moeller
4c457c82ef removed text beside lock icon and fixed alignment 2015-02-15 22:47:34 +01:00
Chimo
3f8a519980 JS: Fixes jQueryUI autocomplete 'undefined' errors
data("autocomplete") was renamed to data("ui-autocomplete") starting
from v1.9:
http://jqueryui.com/upgrade-guide/1.9/#changed-naming-convention-for-data-keys
2015-02-15 16:11:23 -05:00
Chimo
fb03fc073a ApiTimelineList: Fixes ServerErrorAction
"No matches for action 'ApiTimelineList' with arguments 'format=atom
id=1'"

for 'api/:user/lists/:id/statuses.:format' URLs
2015-02-15 16:00:23 -05:00
Mikael Nordfeldth
2b93643277 Don't default to publishing http: alias!
It seems to have caused a problem with at least an older codebase of
remote GNU social sites, but either way we shouldn't present the user
as aliased on an insecure connection if there is no real reason to.
2015-02-15 13:33:36 +01:00
Mikael Nordfeldth
396f1e92ca Present http:// alias by default in WebFinger output
because it might help us (and especially StatusNet sites) to recognize
profiles that have migrated from HTTP to HTTPS!
2015-02-15 13:17:51 +01:00
Mikael Nordfeldth
c60b6bdb38 Wrong order of start/end events. My hobby OCD was disturbed. 2015-02-14 17:37:35 +01:00
Mikael Nordfeldth
9c83ddc122 Fixed some recently added EVENTS documentation 2015-02-14 17:35:34 +01:00
Mikael Nordfeldth
b6b9036821 StartSubMenu and EndSubMenu events 2015-02-14 17:32:35 +01:00
Mikael Nordfeldth
dc0b62f636 Merge commit 'refs/merge-requests/45' of https://gitorious.org/social/mainline into merge-requests/45 2015-02-14 16:45:04 +01:00
Mikael Nordfeldth
9102429a13 neo-quitter unuglification by marcus, merge-request 44 2015-02-14 16:42:44 +01:00
Marcus Moeller
1fcb7afd3a fixed alignment of textarea
fixed event view
2015-02-13 23:09:34 +01:00
Marcus Moeller
fe14c64e5e just make sure that input box and input box label are the same color 2015-02-13 18:09:43 +01:00
Marcus Moeller
107ca92458 use Genericons and fontawesome instead of images 2015-02-13 18:00:57 +01:00
buttle
9a8ccbaef2 Call HomeStubNav instead of duplicating code
adminpanelnav.php adds a homeStub but does not use the code created for the job.
2015-02-13 16:38:22 +01:00
buttle
d0347bb98f Removing home stub if empty
Added an Event HomeStubNavItems
menu->subMenu() returns false if empty
2015-02-13 16:26:41 +01:00
Mikael Nordfeldth
61992dd9a2 CSS to align the notice footer (thanks fnadde42) 2015-02-13 12:10:25 +01:00
Mikael Nordfeldth
b3e80f5c32 Updated README.md and framework.php 2015-02-13 12:09:12 +01:00
Mikael Nordfeldth
6620ad793a Deja vu of user->getProfile() from 4f9b70d 2015-02-13 11:55:37 +01:00
Mikael Nordfeldth
e9457db8b2 DirectMessages backed up properly for UAS 2015-02-13 11:54:15 +01:00
Mikael Nordfeldth
44191ac81a Faves backed up properly to UAS 2015-02-13 11:52:29 +01:00
Mikael Nordfeldth
4f9b70d51f Profile expected in Notice::asActivity from UAS 2015-02-13 11:41:21 +01:00
Mikael Nordfeldth
cdf2b28854 UAS protected property user solved with getUser() 2015-02-13 11:39:50 +01:00
Mikael Nordfeldth
a063bb43a8 EndSetApiUser will always contain a User 2015-02-13 01:19:59 +01:00
Marcus Moeller
3fcb79bc1e moved profile/group patch from core to profile_list 2015-02-12 23:07:49 +01:00
Marcus Moeller
41da1d6403 updated neo-quitter favicon to match the theme style 2015-02-12 22:55:01 +01:00
Mikael Nordfeldth
69e04e5cbd extlib Michelf\Markdown updated 1.4.0 to 1.4.1 2015-02-12 22:46:25 +01:00
Mikael Nordfeldth
a66973e158 DB_DataObject updated to 1.11.3 2015-02-12 22:42:10 +01:00
Mikael Nordfeldth
10f2cde0b1 DB updated to 1.8.2 2015-02-12 22:42:00 +01:00
Marcus Moeller
41baba9ed3 lock icon style fixed to match quitter style 2015-02-12 22:26:34 +01:00
Mikael Nordfeldth
35a9c65e4a htmLawed extlib updated from 1.1.16 to 1.1.19 2015-02-12 21:50:21 +01:00
Mikael Nordfeldth
f5bb0431da schemaDef coding style fixes 2015-02-12 17:45:02 +01:00
Mikael Nordfeldth
13f1c2cc55 Missing uri property of QnA_Answer class 2015-02-12 17:44:05 +01:00
Mikael Nordfeldth
5478e387db Added note on socialfying for HTTPS sites. 2015-02-12 11:08:08 +01:00
Mikael Nordfeldth
2688b45b57 Merge commit 'refs/merge-requests/43' of https://gitorious.org/social/mainline into merge-requests/43 2015-02-12 11:03:39 +01:00
Mikael Nordfeldth
68df780c59 Clarify in INSTALL that MySQL must be 5.5+
lib/installer.php already said that when installing.
2015-02-12 10:41:55 +01:00
Marcus Moeller
a1061c7145 fixed neo-quitter web view 2015-02-11 09:58:28 +01:00
Adam Moore
7fb02674e5 Deleting redundant file. 2015-02-10 16:49:44 -08:00