The file downloader was changed from a simple redirect to the file to one
implemented in PHP, which should make it safer, by making it possible disallow
direct access to the file, to prevent executing of atttachments
The filename has a new format:
bin2hex("{$original_name}")."-{$filehash}"
This format should be respected. Notice the dash, which is important to distinguish it from the previous
format, which was "{$hash}.{$ext}"
This change was made to both make the experience more user friendly, by
providing a readable name for files, as opposed to it's hash. This name is taken
from the upload filename, but, clearly, as this wasn't done before, it's
impossible to have a proper name for older files, so those are displayed as
"untitled.{$ext}".
This new name is displayed in the UI, instead of the previous name.
Default supported files need to use consistent names. Bumped version to 1.20.0
ImageFile has been changed to extend MediaFile and rely on it to partially
validate files. This validation has been extended to not rely solely on
Fileinfo, as it is disabled on some places. Now it'll try to use the shell
command `file`, if Fileinfo isn't available.
ImageFile now converts every new upload to PNG, except JPEG and GIF, which
are kept, but still resized (to the same size), to remove possible scripts
embedded therein.
MediaFile::fromUpload will return an ImageFile if the uploaded file is an image
or a MediaFile otherwise.
MediaFile can be constructed with an id with value -1 to denote a temporary
object, which is not added to the DB. This is useful to create a temporary
object for representing images, so it can be used to rescale them.
The supported attachment array needs to be populated with the result of calling
`image_type_to_extension` for the appropriate image type, in the case of images.
This is important so all parts of the code see the same extension for each image
type (jpg vs jpeg).
Added documentation to classes/File.php and to lib/MediaFile and lib/ImageFile
Documented this file (adapted from maiyannah's postActiv doc)
This commit also fixes PHP Warning: session_write_close(): Session callback expects true/false return value in classes/Session.php on line 289 (spoted by XRevan86)
Observation: In a newer release we will be replacing this kind of castings with actual explicit PHP7 return types
use Notice_prefs instead of adding a new field. The rationale here
is simply that the Notice table was _huge_ and I rant into issues
with /tmp filling up when altering the tables. So let's just create
a new table instead.
use Notice_prefs instead of adding a new field. The rationale here
is simply that the Notice table was _huge_ and I rant into issues
with /tmp filling up when altering the tables. So let's just create
a new table instead.
Conversation will now start storing remote URL
The namespace features don't work the way they were written for here
so I fixed that, making the ostatus: namespace properly looked up and
then the homegrown getLink function looks for what is back-compat with
StatusNet etc. if I remember correctly.
Fixed an error where a profile id was reused after another profile was
deleted, and the new profile still had the deleted role.
Fixed ActivityGenerationTests::testNoticeInfoRepeated() which was passing
User instead of Profile, throwing errors.
tests/ActivityGenerationTests.php now passes.
CommandInterpreterTest now passes.
Moved JidValidateTest to XmppValidateTest, since Jabber functionality has
moved to the XmppPlugin. Tests work but don't pass, but they are at least
skipped if XmppPlugin is not active.
LocationTest passes, but the tests are not very good. Lots of nulls.
MediaFileTest passes.
NicknameTest passes. Nickname::normalize() now throws an error if the
nickname is too long with underscores.
UserFeedParseTest passes.
URLDetectionTest passes if $config['linkify']['(bare_ipv4|bare_ipv6|
bare_domains)'] are false. Untested otherwise.
Fixed Nickname::isBlacklisted() so it does not throw an error if
$config['nickname]['blacklist'] not set.
Profile->getUser() gets the User independently from common_current_user.
This means that changes to one does not affect the other, even if they
are the same user.
This changes that, so that getUser() returns common_current_user() if
they are both the same user.
This is done to fix a bug in the user profile settings, where changes in
the language and timezone are applied to the return value of
Profile->getUser() but not propagated to common_cur_user(), which causes
the profile settings to display incorrect information until the page is
refreshed.