We were double-unescaping for <content type="html">, turning <b> escaped chars into literal tags (which then may get removed entirely by the HTML scrubber).
For instance this was throwing an exception for DB_DataObject::staticGet when there's no match... definitely not what we want when all our code expects to get a nice null.
Example of this causing trouble: http://gitorious.org/statusnet/mainline/merge_requests/131
Revert "Don't attempt to retrieve the current user from the DB while processing a DB error"
This reverts commit 68347691b0.
Revert "Use PHP exceptions for PEAR error handling."
This reverts commit d8212977ce.
For instance this was throwing an exception for DB_DataObject::staticGet when there's no match... definitely not what we want when all our code expects to get a nice null.
Example of this causing trouble: http://gitorious.org/statusnet/mainline/merge_requests/131
Revert "Don't attempt to retrieve the current user from the DB while processing a DB error"
This reverts commit 68347691b0.
Revert "Use PHP exceptions for PEAR error handling."
This reverts commit d8212977ce.
With the FirePHP plugin enabled, I get these warnings in the output
page. This is because the StartLog handler inadvertly modifies the
original (number) priority with the corresponding (string) FirePHP
priority.
Flow:
1. Browser (IE7) is redirected to the login page.
2. Browser reads the page, sees OpenSearch descriptions, tries to
download them. Each request gets recorded by SN as the page the user
should be redirected to after logging in (returnto).
3. User logs in, then gets redirected to the returnto action, which is
an OpenSearch description.
The OpenSearch descriptions aren't sensitive so making them public in a
private site should be okay.
(I recall fixing this in 0.8.x... :-( )
While deletion is in progress, the account is locked with the 'deleted' role, which disables all actions with rights control.
Todo:
* Pretty up the notice on the profile page about the pending delete. Show status?
* Possibly more thorough account disabling, such as disallowing all use for login and access.
* Improve error recovery; worst case is that an account gets left locked in 'deleted' state but the queue jobs have gotten dropped out. This would leave the username in use and any undeleted notices in place.
This bug was hitting a number of places where we had the pattern:
$db->find();
while($dbo->fetch()) {
$x = clone($dbo);
// do anything with $x other than storing it in an array
}
The cloned object's destructor would trigger on the second run through the loop, freeing the database result set -- not really what we wanted.
(Loops that stored the clones into an array were fine, since the clones stay in scope in the array longer than the original does.)
Detaching the database result from the clone lets us work with its data without interfering with the rest of the query.
In the unlikely even that somebody is making clones in the middle of a query, then trying to continue the query with the clone instead of the original object, well they're gonna be broken now.
Now using the correct order consistently (URL, then URI if http/s), and as a niceness measure skipping the redirect if the only URL we have stored is the local one. (Could happen if remote OStatus feed has tag URIs and no alt link.)
