mmn
67a9c0415c
Merge branch 'cache-html-sanitizer' into 'master'
...
set the html sanitizer cache directory to ['cache']['dir'] from the config file;
See merge request gnu/gnu-social!156
2017-12-17 17:25:46 +00:00
mmn
a1ea335140
Merge branch 'cli-install' into 'master'
...
Don't write the config file when --skip-config flag is given to the installer.
See merge request gnu/gnu-social!155
2017-12-17 17:25:21 +00:00
nee
0b9a2fdf3a
allow the cmd installer to load the config file from '/etc/gnusocial/config.d/'.$_server.'.php'
...
using the commandline argument as $_server (passed through lib/common.php to lib/gnusocial.php)
2017-12-17 17:59:46 +01:00
nee
3b5fabbe97
set the html sanitizer cache directory to ['cache']['dir'] from the config file;
2017-12-06 01:55:54 +01:00
nee
fdd3d63098
Don't write the config file when --skip-config flag is given to the installer.
...
* scripts/installer_cli.php: Read the arguments list before checking
if the config file is writeable.
2017-11-26 22:14:30 +01:00
Sebastian
a6e33bdd6a
Fixed code so that GNU social can receive Mastodon boosts (from GNU social nightly commit: c741d1a52a
)
2017-08-25 11:35:02 +00:00
Mikael Nordfeldth
ba4a84602a
Output proper HTML and XML headers for single Atom entry
...
RFC5023 <https://tools.ietf.org/html/rfc5023 > specifies that the
content type parameter 'type=entry' should be used to clarify data.
2017-05-06 14:38:46 +02:00
Mikael Nordfeldth
1ccb934541
Return false immediately if $url is empty for common_valid_http_url
2017-05-06 14:38:43 +02:00
Mikael Nordfeldth
434956fc75
Notices start saving selfLink from activities/objects
2017-05-06 14:38:42 +02:00
Mikael Nordfeldth
7da925ca70
Handle selfLink in ActivityObject
2017-05-06 14:38:41 +02:00
Mikael Nordfeldth
839b3e7392
allowed_schemes was misspelled
2017-04-26 22:12:06 +02:00
Mikael Nordfeldth
5e7a7701b9
Domain name regular expression into lib/framework.php
...
cherry-pick-merge
2017-04-22 11:26:13 +02:00
Mikael Nordfeldth
7d67eefdf5
wrong variable was referenced
2016-09-13 11:24:57 +02:00
Mikael Nordfeldth
18670c69b2
Merge branch 'master' of git.gnu.io:gnu/gnu-social
2016-09-02 01:01:57 +02:00
Mikael Nordfeldth
a7043bf7cc
Split up source and source_link. Never trust HTML!
...
https://community.highlandarrow.com/notice/269667
or alternatively: https://social.umeahackerspace.se/conversation/495655
2016-09-02 01:00:52 +02:00
Mikael Nordfeldth
15ab9ff9e3
common_to_alphanumeric added, filtering Notice->source in classic layout
2016-09-02 01:00:08 +02:00
Sandro Santilli
3138fa0b40
Check DB connection before any possible use
2016-05-24 16:49:50 +02:00
Mikael Nordfeldth
844fe3924e
put local id, href and such in ostatus:conversation element
2016-04-18 16:09:36 +02:00
Mikael Nordfeldth
1e89369ef8
geometa.js doesn't exist anymore
2016-03-21 03:23:39 +01:00
Bob Mottram
11c57e7aee
Remove Google References
...
This removes most references to Google, with some
remaining since they may point to things which are still
relevant. References to Google Code, Google Buzz and
Google Maps have been removed
2016-03-20 13:06:58 +00:00
Mikael Nordfeldth
b59dacb806
getAliases for Profile and Notice
...
Also move fancyurlfix into site-wide $config['fix']['fancyurls']
TODO: getByUri should make use of this directly I guess?
2016-02-23 14:00:59 +01:00
Mikael Nordfeldth
5f7032dfee
Verify that authenticated API calls are made from our domain name.
...
Evil forms on other websites could otherwise potentially be configured
to have action="https://gnusocial.example/api/statuses/update.json " or
whatever. XHR is already blocked with CORS stuff.
Really, why do browsers allow cross domain POSTs at all? Sigh. The web.
2016-02-22 15:19:10 +01:00
Mikael Nordfeldth
ce803f6d06
WebFinger aliases with 'index.php/'
2016-02-21 20:00:07 +01:00
Mikael Nordfeldth
893d117309
throw new, not just throw
2016-02-21 19:01:37 +01:00
Mikael Nordfeldth
23e66bef64
common_fake_local_fancy_url to remove index.php/ from a local URL
2016-02-21 18:48:18 +01:00
Mikael Nordfeldth
afbdcf8938
Don't publish mbox_sha1sum in FOAF by default.
...
We say the email is private data, so reasonably we shouldn't reveal it
indirectly through a hash sum: http://xmlns.com/foaf/spec/#term_mbox_sha1sum
2016-02-19 00:10:05 +01:00
Mikael Nordfeldth
a838c90951
Only show "public:site" in ToSelector if notice/allowprivate is true
2016-02-18 00:33:16 +01:00
Mikael Nordfeldth
f68d1ade3f
Put "Everyone" and "Everyone at [local instance]" at the top of ToSelector
2016-02-18 00:32:09 +01:00
Mikael Nordfeldth
543d968b81
NoAcctUriException->profile not $e directly
2016-02-18 00:13:59 +01:00
Mikael Nordfeldth
a361fdbd77
Sort ToSelector by AcctUri
2016-02-18 00:05:09 +01:00
Mikael Nordfeldth
73dbc5ca1b
Use ToSelector choice again.
2016-02-17 23:44:15 +01:00
Mikael Nordfeldth
d2c11925bf
To-selector padlock only shown if site config notice/allowprivate is true
2016-02-17 23:06:11 +01:00
Mikael Nordfeldth
5fbb01130a
By default, disallow users to set private_stream
2016-02-17 22:58:31 +01:00
Mikael Nordfeldth
d2507a6266
Gotta declare FullNoticeStream as abstract class
2016-02-16 02:24:38 +01:00
Mikael Nordfeldth
46829c6d3c
FullNoticeStream selects all verbs.
2016-02-16 02:21:39 +01:00
Mikael Nordfeldth
2d1b70c94d
created column was ambigououuuouuus
2016-02-15 09:59:34 +01:00
Mikael Nordfeldth
2301862ae6
We only want POST and SHARE in the inbox/home timeline right?
2016-02-15 09:59:18 +01:00
Mikael Nordfeldth
dcb7ce36d8
Show shares in public timeline
...
Also, the unselect rule for DELETE was useless anyway since it would
already have been filtered out by not having true.
(the => false stuff are for when you want ALL _except_ that)
2016-02-14 20:53:26 +01:00
Mikael Nordfeldth
e2a090c9cc
Use NoticeStream::filterVerbs for filtering in noticestreams
2016-02-14 20:46:13 +01:00
Mikael Nordfeldth
be14e15dac
Hide attachments in notices by silenced profiles
2016-02-13 13:17:39 +01:00
Mikael Nordfeldth
e5ad98e601
Silence action can only be used on non-priviliged users
2016-02-12 14:22:25 +01:00
Mikael Nordfeldth
f10625f8bc
file and avatar dirs on instances with no such dirs in filesystem
2016-02-12 02:29:33 +01:00
Mikael Nordfeldth
338df7e35b
Fix Nickname::isSystemPath() work properly for routes
2016-02-12 02:21:11 +01:00
Mikael Nordfeldth
67dfc0a046
application/xml allowed in uploads
2016-02-11 00:04:14 +01:00
Mikael Nordfeldth
733debd9b3
Use thumbnail upscaling config value
2016-02-10 04:40:54 +01:00
Mikael Nordfeldth
8806cce735
Default to avoid upscaling of thumbnails. 45x45=>450x450 is ugly
2016-02-10 04:40:10 +01:00
Mikael Nordfeldth
a61235086b
Use config site/sslproxy to force HTTPS (i.e. using reverse proxy to enable it)
...
Usage in config.php: $config['site']['sslproxy'] = true;
Add this to documentation...
2016-02-10 01:05:02 +01:00
Mikael Nordfeldth
ec257d940a
Either use or don't use HTTPS
...
The risk of injection attacks using HTTP is too great to allow a
site that allows both HTTP and HTTPS...
2016-02-10 00:57:39 +01:00
Mikael Nordfeldth
dcf29c2a07
s/isHTTPS/useHTTPS/ for HTTPS URL generation
2016-02-10 00:38:14 +01:00
Mikael Nordfeldth
cd71188d3a
SimpleCaptcha plugin to stop basic bots
2016-02-08 17:47:09 +01:00