Commit Graph

18333 Commits

Author SHA1 Message Date
Mikael Nordfeldth
b4dc060d75 Don't auto-silence other users by IP by default 2016-02-26 16:10:03 +01:00
Mikael Nordfeldth
ba51a696d2 Slightly more correct log message in index.php 2016-02-26 14:53:12 +01:00
Mikael Nordfeldth
52a3764ae4 Resolve relative URLs (assuming URI.Base==notice URL)
The real way to do this would be to get the xml:base property from
the Atom feed but it's probably not there in any posts we see today.
2016-02-26 14:46:26 +01:00
Mikael Nordfeldth
1e6520fddd Woops, forgot to skip the / in path 2016-02-26 14:13:46 +01:00
Mikael Nordfeldth
6a4470912f Fiddling with merge request #98 to use internal routing functions 2016-02-26 14:10:32 +01:00
Mikael Nordfeldth
8356c2495c Use mb_* and strict === comparison 2016-02-26 13:52:25 +01:00
mmn
722ff4d9c0 Merge branch 'foolproof_file_redirection_branch' into 'nightly'
Foolproof file redirection

This solves an issue when our internal /attachment/{file_id} links are shortened with an remote shorteners (which caused the /attachment/{file_id} links to be saved to the File table and a thumbnail of a thumbnail being generated)

See merge request !98
2016-02-26 12:49:10 +00:00
Mikael Nordfeldth
a3c5ef59d6 Fix merge #101 by replacing a non-working Yahoo! link with Wikipedia
The link was meant to describe robots.txt crawl-delay info
2016-02-26 13:41:14 +01:00
mmn
5227483855 Merge branch 'rm-short-urls-docs' into 'nightly'
CONFIGURE: Replace short urls with their target

Transparency and resilience against shorteners going away.

See merge request !101
2016-02-26 12:38:26 +00:00
Mikael Nordfeldth
21778d057e Merge branch 'nightly' of git.gnu.io:gnu/gnu-social into mmn_fixes 2016-02-26 13:37:32 +01:00
Mikael Nordfeldth
826503766e Jean Lucas mentioned that PEAR::Net_Socket was outdated
Updated Net_Socket to 1.0.14 (stable) was released on 2013-05-24
https://pear.php.net/package/Net_Socket
2016-02-26 13:35:53 +01:00
Mikael Nordfeldth
1414abfe95 Jean Lucas mentioned PEAR::Net_SMTP was outdated
Net_SMTP updated to 1.7.1 (stable) was released on 2015-09-07
https://pear.php.net/package/Net_SMTP
2016-02-26 13:34:07 +01:00
mmn
dc51354316 Merge branch 'readme-plugins' into 'nightly'
Readme plugins

* Adds several plugin READMEs
  They are pretty basic, but it's a start.

* Changes status.net/wiki URLs to git.gnu.io
  The status.net wiki is dead.

See merge request !103
2016-02-26 12:32:42 +00:00
mmn
fae9e27365 Merge branch 'group-autocomplete' into 'nightly'
Fix !group autocomplete

"Call to undefined method User_group::getFullname"

See merge request !108
2016-02-26 12:30:19 +00:00
mmn
d500fb8598 Merge branch 'remove-openid' into 'nightly'
Fix: Cannot remove OpenID

OpenidsettingsAction::removeOpenID() was comparing and int with a string
so always displayed "That OpenID does not belong to you."

See merge request !107
2016-02-26 12:30:01 +00:00
Mikael Nordfeldth
c58228195b Make sure the saved Notice has an ID 2016-02-26 01:11:20 +01:00
Mikael Nordfeldth
519e3308ab Use mb_strlen to see if something is an empty string 2016-02-26 01:04:59 +01:00
Mikael Nordfeldth
29662eef5e Mentioning matches (@this too) now. 2016-02-26 00:08:51 +01:00
Mikael Nordfeldth
2730510393 User friendlieness in scripts/delete_notice.php 2016-02-26 00:06:04 +01:00
Mikael Nordfeldth
2669c51265 Allow sgf files if they're recognized in mime search
They are Go game files used on lamatriz.org. Note that my server
doesn't actually recognize these files and can identify the mime type,
but my browser did for some reason.
2016-02-26 00:05:07 +01:00
Mikael Nordfeldth
aeb2e282db Commented on the mime extension matching regexp 2016-02-25 22:32:54 +01:00
Mikael Nordfeldth
4d17d95335 Try to get mime data before hashing (cpu intensive) 2016-02-25 22:31:45 +01:00
Mikael Nordfeldth
bac37d1714 syntax error 2016-02-25 22:17:44 +01:00
Mikael Nordfeldth
e6e1705852 Make uploads work properly if we accept _all_ attachment types
Also introduced $config['attachments']['extblacklist'] that can disable
certain file extensions (or rewrite them, for example php => phps)
2016-02-25 22:15:54 +01:00
Mikael Nordfeldth
28d9f82ab1 Merge branch 'master' into mmn_fixes 2016-02-25 20:13:39 +01:00
Mikael Nordfeldth
6336248d71 Notice getRendered() can now be called on uninserted notices 2016-02-25 20:13:00 +01:00
Mikael Nordfeldth
67aff528f5 socialfy-your-domain made people think you needed manual interaction
I don't know why, but people started following those instructions for no
apparent reason and it ended up causing a bunch of federation issues or
homegrown cron script messes.

Maybe changing the name to "another" instead of "your" domain will make
people stop doing stuff randomly.
2016-02-25 20:12:56 +01:00
Mikael Nordfeldth
93f5043230 Merge branch 'master' into mmn_fixes 2016-02-25 19:47:51 +01:00
Mikael Nordfeldth
80f7a5f025 $metadata->thumbnail_url is not guaranteed to be set
We should probably have a separate class for this, so we can more
easily combine different technologies similar to oEmbed/OpenGraph.
2016-02-25 19:47:16 +01:00
Mikael Nordfeldth
4239c952d2 $metadata->thumbnail_url is not guaranteed to be set
We should probably have a separate class for this, so we can more
easily combine different technologies similar to oEmbed/OpenGraph.
2016-02-25 19:46:17 +01:00
Mikael Nordfeldth
e69f878241 Notice getRendered() can now be called on uninserted notices 2016-02-25 15:48:37 +01:00
Mikael Nordfeldth
6d3aa3276a socialfy-your-domain made people think you needed manual interaction
I don't know why, but people started following those instructions for no
apparent reason and it ended up causing a bunch of federation issues or
homegrown cron script messes.

Maybe changing the name to "another" instead of "your" domain will make
people stop doing stuff randomly.
2016-02-25 12:33:28 +01:00
Mikael Nordfeldth
e3e3a91734 Correct comment on Notice->conversation in table schema 2016-02-24 19:34:44 +01:00
Chimo
54da2526ed Fix !group autocomplete
"Call to undefined method User_group::getFullname"
2016-02-24 13:00:15 -05:00
Chimo
99f2aba6e1 Fix: Cannot remove OpenID
OpenidsettingsAction::removeOpenID() was comparing and int with a string
so always displayed "That OpenID does not belong to you."
2016-02-24 12:42:41 -05:00
Mikael Nordfeldth
128a00c4ab Include feeds in Link HTTP headers, for easier discovery 2016-02-24 16:48:44 +01:00
Mikael Nordfeldth
1d0a448e07 Publish rel="me" in Link HTTP headers 2016-02-24 16:43:09 +01:00
Mikael Nordfeldth
731fd01139 Allow easy fetching of rel="me" values 2016-02-24 16:42:54 +01:00
Mikael Nordfeldth
3ef573f67c Default to profile size in Avatar::defaultAvatar 2016-02-24 16:42:35 +01:00
Mikael Nordfeldth
e6f07d8554 Use in_array instead. Now we get third party responses to contextually interesting threads
I think this solves much of the "third party conversation" issues, assuming involved parties
are using modern GNU social instances.
2016-02-24 00:19:27 +01:00
Mikael Nordfeldth
31c9b2c1d8 Check the notice context for users in UsersalmonAction 2016-02-23 23:56:43 +01:00
Mikael Nordfeldth
9319033ff0 Properly attach activityobjects
For some reason they were written to ->object, which is incorrect as
we use the objects[] array (which usually just holds one entry though)
2016-02-23 23:50:57 +01:00
Mikael Nordfeldth
0eb5122817 Check that the user is in the context of a salmon slap 2016-02-23 23:42:41 +01:00
abjectio
6bcfc73175 Merge branch 'nightly' of git.gnu.io:gnu/gnu-social into nightly 2016-02-23 21:13:58 +01:00
Mikael Nordfeldth
d672547112 getAliases should be only a list (numeric array) 2016-02-23 14:33:09 +01:00
Mikael Nordfeldth
e16f7d04a8 Let OpenID match against aliases (fix fancyurl stuff etc.) 2016-02-23 14:15:08 +01:00
Mikael Nordfeldth
b59dacb806 getAliases for Profile and Notice
Also move fancyurlfix into site-wide $config['fix']['fancyurls']

TODO: getByUri should make use of this directly I guess?
2016-02-23 14:00:59 +01:00
Mikael Nordfeldth
5f7032dfee Verify that authenticated API calls are made from our domain name.
Evil forms on other websites could otherwise potentially be configured
to have action="https://gnusocial.example/api/statuses/update.json" or
whatever. XHR is already blocked with CORS stuff.

Really, why do browsers allow cross domain POSTs at all? Sigh. The web.
2016-02-22 15:19:10 +01:00
Mikael Nordfeldth
c67b89e56b Make WebFinger fancyurlfix configurable 2016-02-21 20:05:32 +01:00
Mikael Nordfeldth
ce803f6d06 WebFinger aliases with 'index.php/' 2016-02-21 20:00:07 +01:00