Commit Graph

11272 Commits

Author SHA1 Message Date
Brion Vibber
4193a826d3 Ticket #2796: don't allow arbitrary overriding of the 'action' class and other parameters pulled from the URL mapper.
This protects against oddities such as manual invocation of the ClientError action, which can spoof error messages.
2010-11-19 15:30:52 -08:00
Brion Vibber
826a695077 Ticket #2797: replace addslashes() with explicit escape calls on the DB objects 2010-11-19 15:06:26 -08:00
Brion Vibber
e0e7cb7c53 Merge branch 'master' into 0.9.x 2010-11-19 14:03:59 -08:00
Brion Vibber
ca55d6c514 Ticket #1987: support since_id on API notice search methods.
max_id is not yet implemented, as it'll need support added to the search backends. (since_id we get 'for free' by just cropping off the list, it'll do for now)
2010-11-19 14:00:22 -08:00
Brion Vibber
407663fb40 Merge branch 'master' of gitorious.org:statusnet/mainline into 0.9.x 2010-11-19 12:44:43 -08:00
Brion Vibber
4b01dd8b2e Ticket #2441: fix deletion of avatars when a profile is deleted.
Code was doing a batch call to $avatar->delete() which fails to properly engage the file deletion code. Calling the existing profile->delete_avatars() function deletes them individually, which makes it all work nice again.
2010-11-19 12:40:18 -08:00
Brion Vibber
ed2bc323a1 Drop PEAR HTTP_Request library -- no longer used since Services_oEmbed was dropped.
(HTTP_Request2 is separate and is widely used. Net_URL is also used separately by Net_URL_Mapper.)
2010-11-19 12:15:28 -08:00
Brion Vibber
834acaaa79 Merge branch 'master' of gitorious.org:statusnet/mainline into 0.9.x 2010-11-19 12:00:42 -08:00
Brion Vibber
d961925874 Ticket #2899: clean up inbox/outbox DM form a bit:
- "To" drop-down list now defaults to showing "Select recipient:" instead of the first person on your list, reducing liklihood of accidentally sending a message to the wrong person.
- When there are no mutual subscribers to send to, instead of an empty list the list now shows 'No mutual subscribers.'

In both cases, attempting to send when the default is selected displays an error message.
I'm not disabling form elements in part because our themes right now don't show disabled button state correctly; we might want to tighten that up a bit more once fixed.
2010-11-19 11:56:03 -08:00
Brion Vibber
9a590e0843 Merge branch 'master' of gitorious.org:statusnet/mainline into 0.9.x 2010-11-19 10:43:20 -08:00
Zach Copley
d927969209 Automatically make Facebook admin panel available if the FacebookBridge
plugin is installed.
2010-11-18 21:55:43 -08:00
Brion Vibber
573f98c5bc scripts/deletegroup.php -- basic CLI script to delete a group by id or local nickname. Like deleteuser.php, this can be used in batch runs by providing the -y override. 2010-11-18 14:40:05 -08:00
Brion Vibber
f468180743 Fix regression in PopularNoticeSection: tag parameter was broken, causing sidebar on tag pages to show untagged favorites. 2010-11-18 14:30:00 -08:00
Zach Copley
cb530566de Facebook: Add needed perms to plain login URL 2010-11-18 13:34:41 -08:00
Zach Copley
229c2693f4 Fix name of Facebook Bridge plugin 2010-11-18 13:28:49 -08:00
Brion Vibber
3ed5673058 Merge branch '0.9.x' of gitorious.org:statusnet/mainline into 0.9.x 2010-11-17 16:13:40 -08:00
Brion Vibber
b73c162256 Partial fix for tickets #2194, #2393: Workaround for Meteor breaking AJAX error responses returned on posting new notices. Fixes things in Firefox 4, but Safari 5 and Chrome 8 still don't return data... either on success or failure! Sigh.
The Meteor realtime plugin sets document.domain to the common prefix between the main server and the Meteor server's hostnames, which overrides the same-origin controls on JavaScript DOM access so the two parts of the app can speak to each other.
This unfortunately causes "fun" side effects for XMLHTTPRequest access to the main domain... if the new domain doesn't match the actual host (eg 'status.net' instead of 'brion.status.net') then we can't access the XHR's responseXML attribute, which holds a DOM tree of the parsed XML return data.
As a workaround, if we can't get at the contents there, we'll parse a fresh DOM tree in the local context from the responseText property, which remains available.

In the longer term, recommend retooling the realtime stuff so it's not fiddling with document.domain. It could also be an issue as it could allow local JavaScript XSS attacks to migrate to subdomains in other open windows.
2010-11-17 16:08:41 -08:00
Zach Copley
645a4d1754 Merge branch '0.9.x' of git@gitorious.org:statusnet/mainline into 0.9.x 2010-11-17 22:16:08 +00:00
Zach Copley
163f18b8ac Remove dumb debugging statement 2010-11-17 22:15:30 +00:00
Zach Copley
2c68703923 Facebook: Gracefully handle disconnection 2010-11-17 21:53:56 +00:00
Brion Vibber
197b56778a Add $config['attachments']['process_links'] to allow disabling processing of mentioned URL links for attachment info (oEmbed lookups) and dereferencing of redirects that we didn't have shortened ourselves.
This option may be useful for intranet sites that don't have direct access to the internet, as they may be unable to successfully fetch those resources.
2010-11-17 13:03:59 -08:00
Evan Prodromou
589aee587f include full updated source of JSON2 and use updated minified version 2010-11-17 12:34:04 -05:00
Evan Prodromou
d2ddda16e9 use minified version of jquery.cookie.js 2010-11-17 12:32:11 -05:00
Evan Prodromou
d3d91f0f6e use minified version of jquery.form.js 2010-11-17 12:31:35 -05:00
Evan Prodromou
8ee0471e9a upgrade jquery.form.js 2010-11-17 12:30:55 -05:00
Evan Prodromou
fae63a5161 use minified version of meteorupdater.js 2010-11-17 12:22:02 -05:00
Evan Prodromou
83f6bb9da1 use minified version of realtime.js 2010-11-17 12:21:01 -05:00
Evan Prodromou
11805c97d6 Merge branch '0.9.x' into minifyjs 2010-11-17 12:19:19 -05:00
Evan Prodromou
bacc3d2a74 move EndScriptMessages event into if block 2010-11-17 12:19:01 -05:00
Evan Prodromou
da4f8d465f Use minified version of util.js 2010-11-17 12:16:50 -05:00
Evan Prodromou
a81bc5c0fd upgrade to JQuery 1.4.4 2010-11-17 12:14:50 -05:00
Brion Vibber
d1fb52264b Use session token protection on oEmbed proxy action for LinkPreview... and commit the file *sigh* 2010-11-16 15:36:53 -08:00
Brion Vibber
9cdb9cc18d LinkPreview: clear preview thumbnails & data on form submission/reset 2010-11-16 15:31:03 -08:00
Brion Vibber
f7fe3fa386 Less redrawing of bits in the link thumbnail preview 2010-11-16 15:20:37 -08:00
Brion Vibber
acdb9ac1e5 LinkPreview: restructure to make it easier to keep old link data 2010-11-16 14:57:35 -08:00
Brion Vibber
73f28ffabe LinkPreview: use a local proxy for oEmbed lookups so we use a consistent common code path, and don't open up to oohembed.com being evil 2010-11-16 14:41:30 -08:00
Brion Vibber
b5fc71253c LinkPreview: restructure a bit so we can pass config over 2010-11-16 14:27:01 -08:00
Brion Vibber
eeb7f02b98 LinkPreview: piggyback on the counter update logic, cache lookups. 2010-11-16 14:16:23 -08:00
Brion Vibber
f103a55052 LinkPreview: link the thumbnails 2010-11-16 13:58:22 -08:00
Brion Vibber
5166e71d24 LinkPreview plugin more or less functioning (though not pretty), using oohembed remote lookup and fixed sizes. 2010-11-16 13:49:23 -08:00
Brion Vibber
e851882f96 LinkPreview: flesh out stub JS code a bit. URL splitting doesn't quite match core, note. 2010-11-16 13:16:25 -08:00
Brion Vibber
450707fec6 Stub LinkPreview plugin 2010-11-16 12:41:35 -08:00
Brion Vibber
fa6c6077d6 Merge branch 'master' into 0.9.x 2010-11-16 11:17:29 -08:00
Brion Vibber
0265cdc1c9 Ticket 2895: exclude silenced users from popular notice lists 2010-11-16 11:13:52 -08:00
Brion Vibber
9b9db3b28a Prep for ticket #2895: consolidate common code from PopularNoticeList and FavoritedAction for fetching popular notice lists 2010-11-16 11:10:32 -08:00
Zach Copley
64a29bd401 Fix syntax error 2010-11-16 06:10:49 +00:00
Zach Copley
0b573e0d2b Store the current user in the CurrentUserDesignAction 2010-11-15 22:01:28 -08:00
Zach Copley
4f63b5cff6 FacebookSSO -> FacebookBridge 2010-11-16 02:33:17 +00:00
Zach Copley
bd566b6f85 Merge branch '0.9.x' into facebook-upgrade 2010-11-16 02:32:46 +00:00
Zach Copley
ca4c0a1601 - Map notices to Facebook stream items
- rename plugin FacebookBridgePlugin
- delete/like/unlike notices across the bridge
2010-11-16 02:30:08 +00:00