Commit Graph

362 Commits

Author SHA1 Message Date
Mikael Nordfeldth
2a5ba1f74b Core and Default plugins separated, now loads on install
_flow_ reported on IRC that install.php had stopped working. This was
because default plugins had been put into two separate lists, and the
list with AuthCrypt was never loaded when performing an installation.

Core plugins cannot be disabled.

I also removed the Memcache autodetection thing since it should be
solved in a more elegant manner.
2013-10-19 14:38:15 +02:00
Mikael Nordfeldth
145fbf1130 Move nick updating of User entry to Profile->update()
Also, timezone and language in User table weren't indexes. So no need
to do them separately.
2013-10-17 16:38:42 +02:00
Mikael Nordfeldth
6ed66d9c76 Local_group and User are now assumed to be in same namespace 2013-10-17 01:27:01 +02:00
Mikael Nordfeldth
38a69b5597 Better checks during User::register and improved Nickname checks 2013-10-16 14:58:06 +02:00
Mikael Nordfeldth
8202e922aa Do calls straight to the result of getProfile 2013-10-15 02:34:10 +02:00
Mikael Nordfeldth
4e8d7795d0 Moved favoriteNotices from User to Profile class 2013-10-15 02:15:58 +02:00
Mikael Nordfeldth
fdbb528e7a getTaggedSub-stuff moved to Profile class 2013-10-15 02:00:27 +02:00
Mikael Nordfeldth
1dc051a9eb We never accept a user without a Profile 2013-10-15 01:00:27 +02:00
Mikael Nordfeldth
78f9629bf3 Moved shareLocation preference check to Profile class 2013-10-06 13:38:09 +02:00
Mikael Nordfeldth
24e0535001 Fix regression from WebFinger update for singleuser sites 2013-09-30 22:42:20 +02:00
Mikael Nordfeldth
a0e107f17f Implemented WebFinger and replaced our XRD with PEAR XML_XRD
New plugins:
* LRDD
    LRDD implements client-side RFC6415 and RFC7033 resource descriptor
    discovery procedures. I.e. LRDD, host-meta and WebFinger stuff.

    OStatus and OpenID now depend on the LRDD plugin (XML_XRD).

* WebFinger
    This plugin implements the server-side of RFC6415 and RFC7033. Note:
    WebFinger technically doesn't handle XRD, but we serve both that and
    JRD (JSON Resource Descriptor), depending on Accept header and one
    ugly hack to check for old StatusNet installations.

    WebFinger depends on LRDD.

We might make this even prettier by using Net_WebFinger, but it is not
currently RFC7033 compliant (no /.well-known/webfinger resource GETs).

Disabling the WebFinger plugin would effectively render your site non-
federated (which might be desired on a private site).

Disabling the LRDD plugin would make your site unable to do modern web
URI lookups (making life just a little bit harder).
2013-09-30 22:04:52 +02:00
Mikael Nordfeldth
63306081bc Subscription "get by" functions now don't use ArrayWrappers
They were getting in the way of some strict-typing stuff.
2013-09-21 18:38:14 +02:00
Mikael Nordfeldth
93e878d7ca Make better use of Subscription class
removed lib/subs.php as it was essentially only a wrapper for Subscription
2013-09-19 17:29:05 +02:00
Mikael Nordfeldth
83b852312a Events on user registrations now strictly typed 2013-09-14 18:37:05 +02:00
Mikael Nordfeldth
99312c8cc2 Declaring some more static functions properly
As a bonus I added type declaration on Profile_block::exists and
Subscription::exists respectively.
2013-09-09 23:28:20 +02:00
Mikael Nordfeldth
747fe9d59b Tidying up getUser calls to profiles and some events
getUser calls are much more strict, and one place where this was found was
in the (un)subscribe start/end event handlers, which resulted in making the
Subscription class a bit stricter, regarding ::start and ::cancel at least.
Several minor fixes in many files were made due to this.

This does NOT touch the Foreign_link function, which should also have a more
strict getUser call. That is a future project.
2013-09-09 23:03:34 +02:00
Mikael Nordfeldth
b3e61ce7d0 Stronger typing, require array where param array 2013-08-29 10:27:39 +02:00
Mikael Nordfeldth
2a4dc77a63 The overloaded DB_DataObject function staticGet is now called getKV
I used this hacky sed-command (run it from your GNU Social root, or change the first grep's path to where it actually lies) to do a rough fix on all ::staticGet calls and rename them to ::getKV

   sed -i -s -e '/DataObject::staticGet/I!s/::staticGet/::getKV/Ig' $(grep -R ::staticGet `pwd`/* | grep -v -e '^extlib' | grep -v DataObject:: |grep -v "function staticGet"|cut -d: -f1 |sort |uniq)

If you're applying this, remember to change the Managed_DataObject and Memcached_DataObject function definitions of staticGet to getKV!

This might of course take some getting used to, or modification fo StatusNet plugins, but the result is that all the static calls (to staticGet) are now properly made without breaking PHP Strict Standards. Standards are there to be followed (and they caused some very bad confusion when used with get_called_class)

Reasonably any plugin or code that tests for the definition of 'GNUSOCIAL' or similar will take this change into consideration.
2013-08-18 13:13:56 +02:00
Mikael Nordfeldth
1a9a8ea730 staticGet for sub-Managed_DataObject classes now calls parent
The parent class for our database objects, Managed_DataObject, has a
dynamically assigned class in staticGet which objects get put into,
leaving us with less code to do the same thing.

We will probably have to move away from the DB_DataObject 'staticGet'
call as it is nowadays deprecated.
2013-08-12 19:46:44 +02:00
Mikael Nordfeldth
794163c31f Default to NOT ask for current location for new users
It may be a bad experience for new users to immediately when trying
out the service be asked for their geographical position. Instead,
let them opt-in for this behaviour.
2013-08-12 14:40:55 +02:00
Joshua Wise
89ba820246 Escape argument to prevent SQL injection attack in
User::getTaggedSubscriptions()

This change escapes the $tag argument to prevent a SQL injection
attack in User::getTaggedSubscriptions(). The parameter was not
escaped higher up the stack, so this vulnerability could be exploited.
2013-07-16 10:47:29 -07:00
Joshua Wise
4a30da924a Escape argument to User::getTaggedSubscribers() to preven SQL injection
This change escapes the argument to User::getTaggedSubscribers() to
prevent SQL injection attacks.

Both code paths up the stack fail to escape this parameter, so this is
a potential SQL injection attack.
2013-07-16 10:43:56 -07:00
Evan Prodromou
08c72a00e8 Use better type, title for service 2013-06-04 16:30:40 -04:00
Evan Prodromou
d81b257290 Better registrationActivity 2013-06-04 15:20:00 -04:00
Evan Prodromou
9f94ed81ee Add an ID to registered service 2013-06-03 08:55:00 -04:00
Evan Prodromou
cbb5586ab7 Add a registration activity to the end of every backup 2013-06-02 14:38:00 -04:00
Michele macno Azzolari
ad2fd9abd4 Fix whitescreen on recoverpassword with unknown user 2011-12-02 15:48:29 -05:00
Evan Prodromou
ea1a11a087 site-wide option to enable old-school settings 2011-09-24 09:46:13 -04:00
Evan Prodromou
ddc121c085 New table for all old-school UI prefs 2011-09-24 07:12:34 -04:00
Evan Prodromou
02a30cf47c start using stream mode prefs instead of separate parameter 2011-09-23 17:50:38 -04:00
Zach Copley
32fa6dd7a2 Fix logging level in log msg 2011-08-27 12:42:09 -07:00
Evan Prodromou
9ca3c3d1c3 move core schema to class files 2011-08-22 17:52:02 -04:00
Evan Prodromou
c227045975 Merge branch '1.0.x' of gitorious.org:statusnet/mainline into 1.0.x 2011-06-10 16:50:33 -04:00
Zach Copley
36d619480a Rip out user, group and site design customization code
Squashed commit of the following:

commit 0bcfb6535115ec0a11669420f8689aeedc417bc8
Author: Zach Copley <zach@status.net>
Date:   Thu Jun 9 15:51:47 2011 -0400

    Remove design-related stuff from the API

commit 88da010256fbcaee1ff01d9507ea47d3225f2825
Author: Zach Copley <zach@status.net>
Date:   Thu Jun 9 15:40:16 2011 -0400

    Mop up misc design related code

commit 11958b064745b797b4c9f9f4b7e8f65e4c82ce83
Author: Zach Copley <zach@status.net>
Date:   Thu Jun 9 15:21:00 2011 -0400

    Remove Design DB_DataObject class and references to it in schema

commit f8540594728ce6ba4697eb21657ccb897a9fc127
Author: Zach Copley <zach@status.net>
Date:   Thu Jun 9 13:15:54 2011 -0400

    Remove design-related actions and widgets

commit ddf7b4d425b88b58956b8be06047d2a3e0560bd2
Author: Zach Copley <zach@status.net>
Date:   Thu Jun 9 13:10:57 2011 -0400

    Remove navigation / routing to design settings actions

commit e3f280f8780d99168edf37ef766956f281e9c5da
Author: Zach Copley <zach@status.net>
Date:   Thu Jun 9 13:03:09 2011 -0400

    CurrentUserDesignAction -> Action

commit 6780b1a07e1375a7fa0fd48c8bf3109d9a12e33e
Author: Zach Copley <zach@status.net>
Date:   Thu Jun 9 12:54:22 2011 -0400

    * GroupDesignAction -> GroupAction (new base class for group actions)

commit 2136377e895db274709a1d486f377f13946ccfd6
Author: Zach Copley <zach@status.net>
Date:   Thu Jun 9 12:36:40 2011 -0400

    OwnerDesignAction -> Action
2011-06-09 16:20:19 -04:00
Evan Prodromou
1b0bafc6cc Move recoverpassword functionality to User 2011-06-07 11:22:19 -04:00
Evan Prodromou
c85eeb868e note converted user id on registration 2011-05-23 17:25:00 -04:00
Evan Prodromou
73f4762a55 Don't serialize protected attrs 2011-04-18 18:23:06 -04:00
Siebrand Mazeland
f0d762f196 Update/add translator documentation.
L10n/i18n updates.
Superfluous whitespace removed.
Add FIXME for a few i18n issues I couldn't solve this quickly.

Takes care of documentation for all core code added in merge of "people tags" feature (Commit:e75c9988ebe33822e493ac225859bc593ff9b855).
2011-04-10 19:59:55 +02:00
Shashi Gowda
fc21e5c76b Fix type conversion warnings caused when calling getUser / getProfile for the second time 2011-04-09 22:16:52 +05:30
Shashi Gowda
f47027abbe Merge remote-tracking branch 'mainline/1.0.x' into people_tags_rebase
Conflicts:
	lib/profileblock.php
	theme/default/css/display.css
2011-04-09 21:57:45 +05:30
Shashi Gowda
4d61760154 Merge remote-tracking branch 'mainline/1.0.x' into people_tags_rebase 2011-04-08 17:16:20 +05:30
Evan Prodromou
adf4d96013 store oft-requested stuff in the data object 2011-04-07 16:55:32 -04:00
Evan Prodromou
84d848f78c correctly return values 2011-04-07 15:27:40 -04:00
Evan Prodromou
5dfb8e2bc4 Use InboxNoticeStream class for inbox
Move the code for inbox fetching to the InboxNoticeStream class.
2011-04-07 14:54:42 -04:00
Shashi Gowda
57198a7464 Merge remote-tracking branch 'mainline/1.0.x' into people_tags_rebase
Conflicts:
	actions/tagother.php
	lib/subscriberspeopleselftagcloudsection.php
	lib/subscriptionspeopleselftagcloudsection.php
2011-04-04 13:26:27 +05:30
Evan Prodromou
4f5355a9f2 add the private_stream attribute to User 2011-03-30 08:16:30 -04:00
Shashi Gowda
5a2bab07b2 Merge remote-tracking branch 'mainline/1.0.x' into people_tags_rebase
Conflicts:
	actions/tagother.php
	classes/Profile.php
	classes/Profile_tag.php
	js/util.min.js
2011-03-30 15:47:42 +05:30
Siebrand Mazeland
700018fd09 L10n/i18n updated.
Translator documentation updated.
FIXME added for missing class documentation.
Various documentation tweaks.
2011-03-29 23:00:29 +02:00
Brion Vibber
a70e68e09c Work in progress: can create & cancel sub requests 2011-03-28 16:12:51 -07:00
Brion Vibber
df5def8ce4 Work in progress: subscription approval policy field in place on user, hooked up to settings. Queue not 100% tidied up, no UI for queue or management yet. 2011-03-28 15:13:59 -07:00
Evan Prodromou
44bcc942b8 Break up stream code to use separate notice stream classes
Rearchitect (again!) notice stream code to delegate different functionality up and down the stack.

Now, different classes implement NoticeStream.
2011-03-24 18:04:19 -04:00
Evan Prodromou
0b35ce7c37 New NoticeStream class to reify streams of notices
We've been muddling through with 6- or 8-argument functions for managing streams. I'd
like to start thinking of streams as their own thing, and give them some more value.

So, the new NoticeStream class takes over the Notice::stream() function and Notice::getStreamByIds().

There's probably some fine-tuning to do on the object interface.
2011-03-23 11:29:55 -04:00
Shashi Gowda
bf121a695a Merge remote-tracking branch 'mainline/1.0.x' into people_tags_rebase
Conflicts:
	classes/Profile.php
2011-03-22 07:59:06 +05:30
Brion Vibber
541dfa04fe Switch things from calling Group_member::join & leave & calling events manually to running through Profile::joinGroup() && Profile::leaveGroup(), with the events encapsulated. 2011-03-21 14:35:29 -07:00
Shashi Gowda
1b1a427237 DB_DataObjects for people tags 2011-03-06 23:28:03 +05:30
Brion Vibber
a7005f3975 Alternate Inbox streaming function optimized for threaded paging (for /all stream, while things using the existing API inbox methods won't be affected) 2011-03-01 15:16:39 -08:00
Zach Copley
b7d0746694 Merge branch '0.9.x' into 1.0.x
Conflicts:
	actions/confirmaddress.php
	actions/emailsettings.php
	actions/hostmeta.php
	actions/imsettings.php
	actions/login.php
	actions/profilesettings.php
	actions/showgroup.php
	actions/smssettings.php
	actions/urlsettings.php
	actions/userauthorization.php
	actions/userdesignsettings.php
	classes/Memcached_DataObject.php
	index.php
	lib/accountsettingsaction.php
	lib/action.php
	lib/common.php
	lib/connectsettingsaction.php
	lib/designsettings.php
	lib/personalgroupnav.php
	lib/profileaction.php
	lib/userprofile.php
	plugins/ClientSideShorten/ClientSideShortenPlugin.php
	plugins/Facebook/FBConnectSettings.php
	plugins/Facebook/FacebookPlugin.php
	plugins/NewMenu/NewMenuPlugin.php
	plugins/NewMenu/newmenu.css
2011-02-28 15:39:43 -08:00
Zach Copley
6eca8188b6 Fix a couple spelling mistakes in comments and remove redundant statement terminator 2011-01-19 15:52:18 -08:00
Brion Vibber
d8a3a88ec8 Merge branch '0.9.x' into 1.0.x
Conflicts:
	classes/Memcached_DataObject.php
2010-12-17 17:13:21 -08:00
Brion Vibber
71151b3bc0 Update sorting for User::repeatedByMe() -- currently unused. Likely not ideally indexed yet. 2010-12-17 15:28:55 -08:00
Brion Vibber
b80151275a Update sorting on api/statuses/retweets_of_me; was and remains poorly indexed, but will use updated sorting method. 2010-12-17 15:25:19 -08:00
Brion Vibber
bf20258f4b Merge branch '0.9.x' into 1.0.x 2010-12-15 11:59:31 -08:00
Zach Copley
bb55784e90 Move getConnectedApps() from Profile to User, where it belongs 2010-12-12 17:37:42 -08:00
Brion Vibber
9df856e667 Merge branch '0.9.x' into merge
Conflicts:
	README
	actions/hostmeta.php
	classes/File_redirection.php
	lib/common.php
	lib/designsettings.php
	lib/router.php
	lib/util.php
	lib/xmppmanager.php
	plugins/OStatus/OStatusPlugin.php
2010-12-07 10:50:05 -08:00
Brion Vibber
2617c40e04 Merge branch 'master' of gitorious.org:statusnet/mainline into 0.9.x
Conflicts:
	classes/User.php
2010-12-06 12:44:19 -08:00
Brion Vibber
76f3dc32e0 Added User::singleUserNickname() as (temporary?) fallback for single-user lookup as a workaround for site setup of 1user sites. We found that an external tool attempting to spin up StatusNet and then register the user would fail because StatusNet's router setup dies on being unable to find its single-user account, since the nickname is needed in setting up routing entries. This tweak will let it survive, using the configured setting as a fallback if it can't actually find the user account. 2010-12-06 12:39:09 -08:00
Brion Vibber
aa96c3c1d9 Fix for tickets #2917, #2262: user URL shortening options not being applied in non-web channels
common_shorten_links() can only access the web session's logged-in user, so never properly took user options into effect for posting via XMPP, API, mail, etc.

Adds an optional $user parameter on common_shorten_links(), and a $user->shortenLinks() as a clearer interface for that.
Tweaked some lower-level functions so $user gets passed down -- making the $notice_id param previously there for saving URLs at notice save time generalized a little.

Note also ticket #2919: there's a lot of duplicate code calling the shortening, checking the length, and reporting near-identical error messages. These should be consolidated to aid in code and translation maintenance.
2010-12-02 13:41:56 -08:00
Brion Vibber
6e249b4ab5 doc comments on User::allowed_nickname 2010-11-29 11:57:27 -08:00
Brion Vibber
0d0e51292d some User -> Profile cleanup to help in adapting the profile page action to show stuff for remote users. Subscriptions, groups, roles, etc are all on profiles now so go ahead and use em. 2010-11-15 15:32:57 -08:00
Brion Vibber
b26eccf33c Merge branch '0.9.x' into 1.0.x 2010-10-28 16:26:34 -07:00
Evan Prodromou
b5206fe6ca fall back to siteowner on bad nickname (Bug#2861) 2010-10-28 10:46:57 -04:00
Brion Vibber
ca489631db Merge branch '0.9.x' into 1.0.x
Conflicts:
	actions/subscriptions.php
	lib/router.php
	lib/xmppmanager.php
	lib/xmppoutqueuehandler.php
2010-10-25 13:08:57 -07:00
Siebrand Mazeland
28ec9d6463 * translator documentation added.
* moved some translator comments that were not directly above the line with the message to the correct location.
* i18n for UI text.
* superfluous whitespace removed.
2010-10-21 01:12:56 +02:00
Brion Vibber
8004e2809d Fix for ticket #2845: singleuser nickname configuration was being overridden by site owner in router setup.
I've consolidated the checks for which user to use for single-user mode into User::singleUser(), which now uses the configured nickname by preference, falling back to the site owner if it's unset.
This is now called consistently from the places that needed to use the primary user's nickname in routing setup.

Setting $config['singleuser']['nickname'] should now work again as expected.
2010-10-20 14:34:25 -07:00
Brion Vibber
59119482ca Merge branch '0.9.x' of gitorious.org:statusnet/mainline into 1.0.x
Conflicts:
	actions/hostmeta.php
	actions/imsettings.php
	classes/User.php
	lib/adminpanelaction.php
	lib/channel.php
	lib/default.php
	lib/router.php
	lib/util.php
2010-10-04 12:54:36 -07:00
Zach Copley
3960c9ad39 Move blowFavesCache() to Profile 2010-09-29 16:35:12 -07:00
Zach Copley
c19e592fa8 Move hasFave() to Profile 2010-09-29 16:35:12 -07:00
Evan Prodromou
4d01f8fbb6 save a URI with the user 2010-09-22 12:08:17 -04:00
Brion Vibber
28b06864fb Fix for #2227: 'view profile designs' and other default-on options are initially mis-set to off due to caching at account creation 2010-09-20 17:37:21 -07:00
Brion Vibber
521daf5562 Ticket #2327: fixing block to remove the blocking user's subscription to the blockee if present; also cleaning up inbox delivery to apply the block checks more consistently, instead of just to group posts. 2010-09-20 16:00:25 -07:00
Evan Prodromou
a319b40c97 common_cache_key() -> Cache::key() 2010-09-06 10:07:43 -04:00
Evan Prodromou
8f81762d68 common_memcache() => Cache::instance() 2010-09-06 09:56:45 -04:00
Evan Prodromou
9f0715a993 Merge branch '0.9.x' into 1.0.x 2010-08-03 16:05:03 -07:00
Siebrand Mazeland
125ff142e8 * mark a few message for translation
* add translator documentation
2010-07-29 13:36:08 +02:00
Eric Helgeson
9b899eea75 Make some messages gender neutral. 2010-07-19 21:09:09 -05:00
Brion Vibber
173778eab1 Merge branch '0.9.x' of gitorious.org:statusnet/mainline into 1.0.x
Conflicts:
	lib/xmppmanager.php (resolved: code has moved to XmppPlugin.php)
2010-05-05 17:11:23 -07:00
Zach Copley
b50f300566 Implement since_id and max_id param handling for /api/favorites 2010-05-05 14:46:36 -07:00
Craig Andrews
39392e03a7 Merge branch '0.9.x' into 1.0.x
Conflicts:
	actions/confirmaddress.php
	actions/imsettings.php
2010-04-18 19:21:15 -04:00
Brion Vibber
71c828de89 Allow blocking someone who's not currently subscribed to you (prevents seeing @-replies from them, or them subbing to you in future) 2010-04-10 17:52:40 -07:00
Brion Vibber
2f4438fe24 Merge branch '0.9.x' into 1.0.x
Conflicts:
	actions/imsettings.php
	lib/jabber.php

Made a quick attempt to merge the new JID validation into the XmppPlugin, have not had a chance to test that version live yet.
Should also move over the test cases.
2010-04-02 15:56:25 -07:00
Evan Prodromou
d3f995846b use Subscription::cancel() to cancel all subscriptions on block 2010-03-31 15:20:16 -04:00
Brion Vibber
01a03e34c8 Merge branch '0.9.x' into 1.0.x 2010-03-29 15:15:51 -07:00
Evan Prodromou
65766a0ebe continue deleting even if user profile record is missing 2010-03-28 11:58:16 -04:00
Brion Vibber
e89908f261 Merge branch '0.9.x' of git@gitorious.org:statusnet/mainline into 1.0.x
Conflicts:
	lib/channel.php
	scripts/imdaemon.php
2010-03-22 13:56:16 -07:00
Brion Vibber
cac9d23498 Fix for xmpp/sms notification options appearing to be disabled on new subscriptions.
Base problem is that our caching-on-insert interferes with relying on column default values; the cached object is missing those fields, so they appear to be empty (null) when the object is retrieved from cache.
Now explicitly setting them when inserting subscriptions, and cleaned up some code that had alternate code paths.

May also have made auto-subscription work for remote OStatus subscribers, but can't test until magic sigs are working again.
2010-03-18 14:26:32 -07:00
Brion Vibber
1de7badd78 Merge branch 'master' of git@gitorious.org:statusnet/mainline into testing 2010-03-18 10:55:20 -07:00
Brion Vibber
515cdf28a8 Ensure that DB connection is active at start of User::updateKeys() and Foreign_user::updateKeys(); calls to $this->_quote() require a live connection object and don't lazy-initialize themselves.
May fix WSOD when changing incoming email address.
2010-03-18 09:24:55 -07:00
Evan Prodromou
425ddcaa26 add exception on inconsistent db to User::getProfile() 2010-03-18 08:35:10 -05:00
Sarven Capadisli
4c320872d9 Merge branch 'testing' of git@gitorious.org:statusnet/mainline into 0.9.x 2010-03-11 16:39:07 -05:00
Brion Vibber
ce92bc7143 Drop timestamp cutoff parameter from User::getCurrentNotice() and Profile::getCurrentNotice().
It's not currently used, and won't be efficient when we update the notice.profile_id_idx index to optimize for our id-based sorting when pulling user post lists for profile pages, feeds etc.
2010-03-11 11:01:01 -08:00