Brion Vibber
4193a826d3
Ticket #2796 : don't allow arbitrary overriding of the 'action' class and other parameters pulled from the URL mapper.
...
This protects against oddities such as manual invocation of the ClientError action, which can spoof error messages.
2010-11-19 15:30:52 -08:00
Brion Vibber
826a695077
Ticket #2797 : replace addslashes() with explicit escape calls on the DB objects
2010-11-19 15:06:26 -08:00
Brion Vibber
e0e7cb7c53
Merge branch 'master' into 0.9.x
2010-11-19 14:03:59 -08:00
Brion Vibber
ca55d6c514
Ticket #1987 : support since_id on API notice search methods.
...
max_id is not yet implemented, as it'll need support added to the search backends. (since_id we get 'for free' by just cropping off the list, it'll do for now)
2010-11-19 14:00:22 -08:00
Brion Vibber
407663fb40
Merge branch 'master' of gitorious.org:statusnet/mainline into 0.9.x
2010-11-19 12:44:43 -08:00
Brion Vibber
4b01dd8b2e
Ticket #2441 : fix deletion of avatars when a profile is deleted.
...
Code was doing a batch call to $avatar->delete() which fails to properly engage the file deletion code. Calling the existing profile->delete_avatars() function deletes them individually, which makes it all work nice again.
2010-11-19 12:40:18 -08:00
Brion Vibber
ed2bc323a1
Drop PEAR HTTP_Request library -- no longer used since Services_oEmbed was dropped.
...
(HTTP_Request2 is separate and is widely used. Net_URL is also used separately by Net_URL_Mapper.)
2010-11-19 12:15:28 -08:00
Brion Vibber
834acaaa79
Merge branch 'master' of gitorious.org:statusnet/mainline into 0.9.x
2010-11-19 12:00:42 -08:00
Brion Vibber
d961925874
Ticket #2899 : clean up inbox/outbox DM form a bit:
...
- "To" drop-down list now defaults to showing "Select recipient:" instead of the first person on your list, reducing liklihood of accidentally sending a message to the wrong person.
- When there are no mutual subscribers to send to, instead of an empty list the list now shows 'No mutual subscribers.'
In both cases, attempting to send when the default is selected displays an error message.
I'm not disabling form elements in part because our themes right now don't show disabled button state correctly; we might want to tighten that up a bit more once fixed.
2010-11-19 11:56:03 -08:00
Brion Vibber
9a590e0843
Merge branch 'master' of gitorious.org:statusnet/mainline into 0.9.x
2010-11-19 10:43:20 -08:00
Zach Copley
d927969209
Automatically make Facebook admin panel available if the FacebookBridge
...
plugin is installed.
2010-11-18 21:55:43 -08:00
Brion Vibber
573f98c5bc
scripts/deletegroup.php -- basic CLI script to delete a group by id or local nickname. Like deleteuser.php, this can be used in batch runs by providing the -y override.
2010-11-18 14:40:05 -08:00
Brion Vibber
f468180743
Fix regression in PopularNoticeSection: tag parameter was broken, causing sidebar on tag pages to show untagged favorites.
2010-11-18 14:30:00 -08:00
Zach Copley
cb530566de
Facebook: Add needed perms to plain login URL
2010-11-18 13:34:41 -08:00
Zach Copley
229c2693f4
Fix name of Facebook Bridge plugin
2010-11-18 13:28:49 -08:00
Brion Vibber
3ed5673058
Merge branch '0.9.x' of gitorious.org:statusnet/mainline into 0.9.x
2010-11-17 16:13:40 -08:00
Brion Vibber
b73c162256
Partial fix for tickets #2194 , #2393 : Workaround for Meteor breaking AJAX error responses returned on posting new notices. Fixes things in Firefox 4, but Safari 5 and Chrome 8 still don't return data... either on success or failure! Sigh.
...
The Meteor realtime plugin sets document.domain to the common prefix between the main server and the Meteor server's hostnames, which overrides the same-origin controls on JavaScript DOM access so the two parts of the app can speak to each other.
This unfortunately causes "fun" side effects for XMLHTTPRequest access to the main domain... if the new domain doesn't match the actual host (eg 'status.net' instead of 'brion.status.net') then we can't access the XHR's responseXML attribute, which holds a DOM tree of the parsed XML return data.
As a workaround, if we can't get at the contents there, we'll parse a fresh DOM tree in the local context from the responseText property, which remains available.
In the longer term, recommend retooling the realtime stuff so it's not fiddling with document.domain. It could also be an issue as it could allow local JavaScript XSS attacks to migrate to subdomains in other open windows.
2010-11-17 16:08:41 -08:00
Zach Copley
645a4d1754
Merge branch '0.9.x' of git@gitorious.org:statusnet/mainline into 0.9.x
2010-11-17 22:16:08 +00:00
Zach Copley
163f18b8ac
Remove dumb debugging statement
2010-11-17 22:15:30 +00:00
Zach Copley
2c68703923
Facebook: Gracefully handle disconnection
2010-11-17 21:53:56 +00:00
Brion Vibber
197b56778a
Add $config['attachments']['process_links'] to allow disabling processing of mentioned URL links for attachment info (oEmbed lookups) and dereferencing of redirects that we didn't have shortened ourselves.
...
This option may be useful for intranet sites that don't have direct access to the internet, as they may be unable to successfully fetch those resources.
2010-11-17 13:03:59 -08:00
Evan Prodromou
589aee587f
include full updated source of JSON2 and use updated minified version
2010-11-17 12:34:04 -05:00
Evan Prodromou
d2ddda16e9
use minified version of jquery.cookie.js
2010-11-17 12:32:11 -05:00
Evan Prodromou
d3d91f0f6e
use minified version of jquery.form.js
2010-11-17 12:31:35 -05:00
Evan Prodromou
8ee0471e9a
upgrade jquery.form.js
2010-11-17 12:30:55 -05:00
Evan Prodromou
fae63a5161
use minified version of meteorupdater.js
2010-11-17 12:22:02 -05:00
Evan Prodromou
83f6bb9da1
use minified version of realtime.js
2010-11-17 12:21:01 -05:00
Evan Prodromou
11805c97d6
Merge branch '0.9.x' into minifyjs
2010-11-17 12:19:19 -05:00
Evan Prodromou
bacc3d2a74
move EndScriptMessages event into if block
2010-11-17 12:19:01 -05:00
Evan Prodromou
da4f8d465f
Use minified version of util.js
2010-11-17 12:16:50 -05:00
Evan Prodromou
a81bc5c0fd
upgrade to JQuery 1.4.4
2010-11-17 12:14:50 -05:00
Brion Vibber
d1fb52264b
Use session token protection on oEmbed proxy action for LinkPreview... and commit the file *sigh*
2010-11-16 15:36:53 -08:00
Brion Vibber
9cdb9cc18d
LinkPreview: clear preview thumbnails & data on form submission/reset
2010-11-16 15:31:03 -08:00
Brion Vibber
f7fe3fa386
Less redrawing of bits in the link thumbnail preview
2010-11-16 15:20:37 -08:00
Brion Vibber
acdb9ac1e5
LinkPreview: restructure to make it easier to keep old link data
2010-11-16 14:57:35 -08:00
Brion Vibber
73f28ffabe
LinkPreview: use a local proxy for oEmbed lookups so we use a consistent common code path, and don't open up to oohembed.com being evil
2010-11-16 14:41:30 -08:00
Brion Vibber
b5fc71253c
LinkPreview: restructure a bit so we can pass config over
2010-11-16 14:27:01 -08:00
Brion Vibber
eeb7f02b98
LinkPreview: piggyback on the counter update logic, cache lookups.
2010-11-16 14:16:23 -08:00
Brion Vibber
f103a55052
LinkPreview: link the thumbnails
2010-11-16 13:58:22 -08:00
Brion Vibber
5166e71d24
LinkPreview plugin more or less functioning (though not pretty), using oohembed remote lookup and fixed sizes.
2010-11-16 13:49:23 -08:00
Brion Vibber
e851882f96
LinkPreview: flesh out stub JS code a bit. URL splitting doesn't quite match core, note.
2010-11-16 13:16:25 -08:00
Brion Vibber
450707fec6
Stub LinkPreview plugin
2010-11-16 12:41:35 -08:00
Brion Vibber
fa6c6077d6
Merge branch 'master' into 0.9.x
2010-11-16 11:17:29 -08:00
Brion Vibber
0265cdc1c9
Ticket 2895: exclude silenced users from popular notice lists
2010-11-16 11:13:52 -08:00
Brion Vibber
9b9db3b28a
Prep for ticket #2895 : consolidate common code from PopularNoticeList and FavoritedAction for fetching popular notice lists
2010-11-16 11:10:32 -08:00
Zach Copley
64a29bd401
Fix syntax error
2010-11-16 06:10:49 +00:00
Zach Copley
0b573e0d2b
Store the current user in the CurrentUserDesignAction
2010-11-15 22:01:28 -08:00
Zach Copley
4f63b5cff6
FacebookSSO -> FacebookBridge
2010-11-16 02:33:17 +00:00
Zach Copley
bd566b6f85
Merge branch '0.9.x' into facebook-upgrade
2010-11-16 02:32:46 +00:00
Zach Copley
ca4c0a1601
- Map notices to Facebook stream items
...
- rename plugin FacebookBridgePlugin
- delete/like/unlike notices across the bridge
2010-11-16 02:30:08 +00:00