Commit Graph

291 Commits

Author SHA1 Message Date
Joshua Wise
4a30da924a Escape argument to User::getTaggedSubscribers() to preven SQL injection
This change escapes the argument to User::getTaggedSubscribers() to
prevent SQL injection attacks.

Both code paths up the stack fail to escape this parameter, so this is
a potential SQL injection attack.
2013-07-16 10:43:56 -07:00
Evan Prodromou
08c72a00e8 Use better type, title for service 2013-06-04 16:30:40 -04:00
Evan Prodromou
d81b257290 Better registrationActivity 2013-06-04 15:20:00 -04:00
Evan Prodromou
9f94ed81ee Add an ID to registered service 2013-06-03 08:55:00 -04:00
Evan Prodromou
cbb5586ab7 Add a registration activity to the end of every backup 2013-06-02 14:38:00 -04:00
Michele macno Azzolari
ad2fd9abd4 Fix whitescreen on recoverpassword with unknown user 2011-12-02 15:48:29 -05:00
Evan Prodromou
ea1a11a087 site-wide option to enable old-school settings 2011-09-24 09:46:13 -04:00
Evan Prodromou
ddc121c085 New table for all old-school UI prefs 2011-09-24 07:12:34 -04:00
Evan Prodromou
02a30cf47c start using stream mode prefs instead of separate parameter 2011-09-23 17:50:38 -04:00
Zach Copley
32fa6dd7a2 Fix logging level in log msg 2011-08-27 12:42:09 -07:00
Evan Prodromou
9ca3c3d1c3 move core schema to class files 2011-08-22 17:52:02 -04:00
Evan Prodromou
c227045975 Merge branch '1.0.x' of gitorious.org:statusnet/mainline into 1.0.x 2011-06-10 16:50:33 -04:00
Zach Copley
36d619480a Rip out user, group and site design customization code
Squashed commit of the following:

commit 0bcfb6535115ec0a11669420f8689aeedc417bc8
Author: Zach Copley <zach@status.net>
Date:   Thu Jun 9 15:51:47 2011 -0400

    Remove design-related stuff from the API

commit 88da010256fbcaee1ff01d9507ea47d3225f2825
Author: Zach Copley <zach@status.net>
Date:   Thu Jun 9 15:40:16 2011 -0400

    Mop up misc design related code

commit 11958b064745b797b4c9f9f4b7e8f65e4c82ce83
Author: Zach Copley <zach@status.net>
Date:   Thu Jun 9 15:21:00 2011 -0400

    Remove Design DB_DataObject class and references to it in schema

commit f8540594728ce6ba4697eb21657ccb897a9fc127
Author: Zach Copley <zach@status.net>
Date:   Thu Jun 9 13:15:54 2011 -0400

    Remove design-related actions and widgets

commit ddf7b4d425b88b58956b8be06047d2a3e0560bd2
Author: Zach Copley <zach@status.net>
Date:   Thu Jun 9 13:10:57 2011 -0400

    Remove navigation / routing to design settings actions

commit e3f280f8780d99168edf37ef766956f281e9c5da
Author: Zach Copley <zach@status.net>
Date:   Thu Jun 9 13:03:09 2011 -0400

    CurrentUserDesignAction -> Action

commit 6780b1a07e1375a7fa0fd48c8bf3109d9a12e33e
Author: Zach Copley <zach@status.net>
Date:   Thu Jun 9 12:54:22 2011 -0400

    * GroupDesignAction -> GroupAction (new base class for group actions)

commit 2136377e895db274709a1d486f377f13946ccfd6
Author: Zach Copley <zach@status.net>
Date:   Thu Jun 9 12:36:40 2011 -0400

    OwnerDesignAction -> Action
2011-06-09 16:20:19 -04:00
Evan Prodromou
1b0bafc6cc Move recoverpassword functionality to User 2011-06-07 11:22:19 -04:00
Evan Prodromou
c85eeb868e note converted user id on registration 2011-05-23 17:25:00 -04:00
Evan Prodromou
73f4762a55 Don't serialize protected attrs 2011-04-18 18:23:06 -04:00
Siebrand Mazeland
f0d762f196 Update/add translator documentation.
L10n/i18n updates.
Superfluous whitespace removed.
Add FIXME for a few i18n issues I couldn't solve this quickly.

Takes care of documentation for all core code added in merge of "people tags" feature (Commit:e75c9988ebe33822e493ac225859bc593ff9b855).
2011-04-10 19:59:55 +02:00
Shashi Gowda
fc21e5c76b Fix type conversion warnings caused when calling getUser / getProfile for the second time 2011-04-09 22:16:52 +05:30
Shashi Gowda
f47027abbe Merge remote-tracking branch 'mainline/1.0.x' into people_tags_rebase
Conflicts:
	lib/profileblock.php
	theme/default/css/display.css
2011-04-09 21:57:45 +05:30
Shashi Gowda
4d61760154 Merge remote-tracking branch 'mainline/1.0.x' into people_tags_rebase 2011-04-08 17:16:20 +05:30
Evan Prodromou
adf4d96013 store oft-requested stuff in the data object 2011-04-07 16:55:32 -04:00
Evan Prodromou
84d848f78c correctly return values 2011-04-07 15:27:40 -04:00
Evan Prodromou
5dfb8e2bc4 Use InboxNoticeStream class for inbox
Move the code for inbox fetching to the InboxNoticeStream class.
2011-04-07 14:54:42 -04:00
Shashi Gowda
57198a7464 Merge remote-tracking branch 'mainline/1.0.x' into people_tags_rebase
Conflicts:
	actions/tagother.php
	lib/subscriberspeopleselftagcloudsection.php
	lib/subscriptionspeopleselftagcloudsection.php
2011-04-04 13:26:27 +05:30
Evan Prodromou
4f5355a9f2 add the private_stream attribute to User 2011-03-30 08:16:30 -04:00
Shashi Gowda
5a2bab07b2 Merge remote-tracking branch 'mainline/1.0.x' into people_tags_rebase
Conflicts:
	actions/tagother.php
	classes/Profile.php
	classes/Profile_tag.php
	js/util.min.js
2011-03-30 15:47:42 +05:30
Siebrand Mazeland
700018fd09 L10n/i18n updated.
Translator documentation updated.
FIXME added for missing class documentation.
Various documentation tweaks.
2011-03-29 23:00:29 +02:00
Brion Vibber
a70e68e09c Work in progress: can create & cancel sub requests 2011-03-28 16:12:51 -07:00
Brion Vibber
df5def8ce4 Work in progress: subscription approval policy field in place on user, hooked up to settings. Queue not 100% tidied up, no UI for queue or management yet. 2011-03-28 15:13:59 -07:00
Evan Prodromou
44bcc942b8 Break up stream code to use separate notice stream classes
Rearchitect (again!) notice stream code to delegate different functionality up and down the stack.

Now, different classes implement NoticeStream.
2011-03-24 18:04:19 -04:00
Evan Prodromou
0b35ce7c37 New NoticeStream class to reify streams of notices
We've been muddling through with 6- or 8-argument functions for managing streams. I'd
like to start thinking of streams as their own thing, and give them some more value.

So, the new NoticeStream class takes over the Notice::stream() function and Notice::getStreamByIds().

There's probably some fine-tuning to do on the object interface.
2011-03-23 11:29:55 -04:00
Shashi Gowda
bf121a695a Merge remote-tracking branch 'mainline/1.0.x' into people_tags_rebase
Conflicts:
	classes/Profile.php
2011-03-22 07:59:06 +05:30
Brion Vibber
541dfa04fe Switch things from calling Group_member::join & leave & calling events manually to running through Profile::joinGroup() && Profile::leaveGroup(), with the events encapsulated. 2011-03-21 14:35:29 -07:00
Shashi Gowda
1b1a427237 DB_DataObjects for people tags 2011-03-06 23:28:03 +05:30
Brion Vibber
a7005f3975 Alternate Inbox streaming function optimized for threaded paging (for /all stream, while things using the existing API inbox methods won't be affected) 2011-03-01 15:16:39 -08:00
Zach Copley
b7d0746694 Merge branch '0.9.x' into 1.0.x
Conflicts:
	actions/confirmaddress.php
	actions/emailsettings.php
	actions/hostmeta.php
	actions/imsettings.php
	actions/login.php
	actions/profilesettings.php
	actions/showgroup.php
	actions/smssettings.php
	actions/urlsettings.php
	actions/userauthorization.php
	actions/userdesignsettings.php
	classes/Memcached_DataObject.php
	index.php
	lib/accountsettingsaction.php
	lib/action.php
	lib/common.php
	lib/connectsettingsaction.php
	lib/designsettings.php
	lib/personalgroupnav.php
	lib/profileaction.php
	lib/userprofile.php
	plugins/ClientSideShorten/ClientSideShortenPlugin.php
	plugins/Facebook/FBConnectSettings.php
	plugins/Facebook/FacebookPlugin.php
	plugins/NewMenu/NewMenuPlugin.php
	plugins/NewMenu/newmenu.css
2011-02-28 15:39:43 -08:00
Zach Copley
6eca8188b6 Fix a couple spelling mistakes in comments and remove redundant statement terminator 2011-01-19 15:52:18 -08:00
Brion Vibber
d8a3a88ec8 Merge branch '0.9.x' into 1.0.x
Conflicts:
	classes/Memcached_DataObject.php
2010-12-17 17:13:21 -08:00
Brion Vibber
71151b3bc0 Update sorting for User::repeatedByMe() -- currently unused. Likely not ideally indexed yet. 2010-12-17 15:28:55 -08:00
Brion Vibber
b80151275a Update sorting on api/statuses/retweets_of_me; was and remains poorly indexed, but will use updated sorting method. 2010-12-17 15:25:19 -08:00
Brion Vibber
bf20258f4b Merge branch '0.9.x' into 1.0.x 2010-12-15 11:59:31 -08:00
Zach Copley
bb55784e90 Move getConnectedApps() from Profile to User, where it belongs 2010-12-12 17:37:42 -08:00
Brion Vibber
9df856e667 Merge branch '0.9.x' into merge
Conflicts:
	README
	actions/hostmeta.php
	classes/File_redirection.php
	lib/common.php
	lib/designsettings.php
	lib/router.php
	lib/util.php
	lib/xmppmanager.php
	plugins/OStatus/OStatusPlugin.php
2010-12-07 10:50:05 -08:00
Brion Vibber
2617c40e04 Merge branch 'master' of gitorious.org:statusnet/mainline into 0.9.x
Conflicts:
	classes/User.php
2010-12-06 12:44:19 -08:00
Brion Vibber
76f3dc32e0 Added User::singleUserNickname() as (temporary?) fallback for single-user lookup as a workaround for site setup of 1user sites. We found that an external tool attempting to spin up StatusNet and then register the user would fail because StatusNet's router setup dies on being unable to find its single-user account, since the nickname is needed in setting up routing entries. This tweak will let it survive, using the configured setting as a fallback if it can't actually find the user account. 2010-12-06 12:39:09 -08:00
Brion Vibber
aa96c3c1d9 Fix for tickets #2917, #2262: user URL shortening options not being applied in non-web channels
common_shorten_links() can only access the web session's logged-in user, so never properly took user options into effect for posting via XMPP, API, mail, etc.

Adds an optional $user parameter on common_shorten_links(), and a $user->shortenLinks() as a clearer interface for that.
Tweaked some lower-level functions so $user gets passed down -- making the $notice_id param previously there for saving URLs at notice save time generalized a little.

Note also ticket #2919: there's a lot of duplicate code calling the shortening, checking the length, and reporting near-identical error messages. These should be consolidated to aid in code and translation maintenance.
2010-12-02 13:41:56 -08:00
Brion Vibber
6e249b4ab5 doc comments on User::allowed_nickname 2010-11-29 11:57:27 -08:00
Brion Vibber
0d0e51292d some User -> Profile cleanup to help in adapting the profile page action to show stuff for remote users. Subscriptions, groups, roles, etc are all on profiles now so go ahead and use em. 2010-11-15 15:32:57 -08:00
Brion Vibber
b26eccf33c Merge branch '0.9.x' into 1.0.x 2010-10-28 16:26:34 -07:00
Evan Prodromou
b5206fe6ca fall back to siteowner on bad nickname (Bug#2861) 2010-10-28 10:46:57 -04:00