Commit Graph

1009 Commits

Author SHA1 Message Date
hannes
de047f9727 correct mentions if parent mention multiple users with same nickname (don't use first one for all) 2016-01-19 13:41:25 +00:00
mmn
44c10bb2aa Merge branch 'oembed_branch' into 'nightly'
purify oembed html and don't allow cdata

hopefully we never need stuff in cdata

reason for this is that this link serves javascript in its oembed data: https://www.maketecheasier.com/switch-windows-10-to-linux/

see:
https://www.maketecheasier.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.maketecheasier.com%2Fswitch-windows-10-to-linux%2F

i don't feel we want that in our database.  

See merge request !79
2016-01-15 13:11:35 +00:00
Mikael Nordfeldth
29b45bb87a Unnecessary call to User::getKV 2016-01-13 20:08:17 +01:00
Mikael Nordfeldth
818aaa0578 We didn't get profiles from the new-style attention system 2016-01-13 18:35:25 +01:00
hannes
3e7e3de554 don't allow cdata elements in purified html 2016-01-13 16:01:27 +00:00
Mikael Nordfeldth
8c28e54ccc same as previous, but for mime_to_ext 2016-01-12 13:14:17 +01:00
Mikael Nordfeldth
dbe5d72e4c If all file extensions are supported we have no list of comparisons 2016-01-12 13:08:54 +01:00
hannes
a1b509bb0b forgot we need access to $html too 2016-01-11 20:58:34 +00:00
hannes
8d331b0f35 EndCommonPurify event 2016-01-11 20:54:19 +00:00
Mikael Nordfeldth
1a46d86ca6 lib/util.php quick function to do var_export($var,true)
Immensely useful when debugging and we want to put quotes around strings,
potentially stopping any "evil logging attacks" (where input data masks
as logging data).
2016-01-11 19:52:54 +01:00
Mikael Nordfeldth
5ef10a14ef Get group attentions too for outbound notices 2016-01-09 15:06:44 +01:00
Mikael Nordfeldth
33194b3cff Attention goes to the parent notice author too 2016-01-08 02:58:31 +01:00
Mikael Nordfeldth
801ca3531b common_find_attentions to populate activities from content text 2016-01-07 23:23:37 +01:00
Mikael Nordfeldth
be58fd64f5 Use index for File url (urlhash) 2016-01-07 18:13:10 +01:00
hannes
0b4b0de412 longurl in href 2016-01-05 23:14:51 +00:00
hannes
8b78e01d4c $longurl->url is just the same $canon we fed to File_redirection::where() 2016-01-05 23:06:02 +00:00
Mikael Nordfeldth
e02c10a589 common_render_content doesn't require a Profile now 2016-01-01 18:40:58 +01:00
Mikael Nordfeldth
10973dcf69 Don't require a notice object to common_linkify_mentions 2016-01-01 18:20:42 +01:00
Mikael Nordfeldth
ef4e61c91b Merge branch 'master' into nightly 2015-12-14 22:03:04 +01:00
mmn
edd62e58fd Merge branch 'at-mention-url' into 'master'
MentionURL Plugin

This plugin enables users to use the syntax `@twitter.com/singpolyma` to mention users the system does not know about, or to be more specific when a nickname is ambiguous.

See merge request !53
2015-12-14 21:01:42 +00:00
Mikael Nordfeldth
c498db147a ircs URLs work fine in Firefox at least 2015-12-05 13:02:49 +01:00
Stephen Paul Weber
a9b1b60a97 Refactor on File::processNew
The code was so involved there was even a comment asking for a refactor.

Now, File_redirection::where always returns a nice File_redirection
object instead of an array or string or nothing.  The object is
either one which already existed or else a new, unsaved object.

Instead of duplicating "does it exist" checks everywhere, do it in
File_redirection::where.  You either get what exists or something to save.

An unsaved File_redirection may be paired with an unsaved File.
You will want to save the File first (using ->saveFile()) and put the
id in File_redirection#file_id before saving.
2015-11-02 05:15:08 +00:00
Stephen Paul Weber
2207eacc92 New length format for other kinds of mentions 2015-10-28 00:15:08 +00:00
Stephen Paul Weber
fed0895d98 Move the functionality to a plugin
Use an associated model to prevent race conditions on creating the
profile object.
2015-10-28 00:11:54 +00:00
Stephen Paul Weber
21979bb7d7 Allow users to @mention URLs
Because inferring who you mean (especially in the presence of remotes) can suck
2015-10-23 21:15:40 +00:00
Mikael Nordfeldth
2aed59a02a Diaspora plugin is almost there (for remote salmon slaps at least) 2015-10-04 12:06:48 +02:00
Mikael Nordfeldth
80bc7f0e25 File handling changes for better logic
Also prepares for StoreRemoteMediaPlugin, coming up...
2015-10-01 22:14:49 +02:00
Mikael Nordfeldth
3a6c98ff16 NoResultException is common if reply_to was not cleared on parent deletion 2015-09-30 22:55:06 +02:00
Mikael Nordfeldth
ad3b62cf2f ShowprofiletagAction now extends ShowstreamAction 2015-09-27 23:46:30 +02:00
Mikael Nordfeldth
4354ce21d1 introducing html_sprintf for easier sprintf'ing with htmlspecialchars 2015-09-06 01:53:11 +02:00
Mikael Nordfeldth
cfaaf3c13c PasswordsettingsAction aligned with FormAction
Also made some changes in the password "munging" function call
common_munge_password to accept a profile instead of user ID (which
was only there because stoneage StatusNet used the ID to generate a
not-very-random salt, but nowadays we primarily use AuthCrypt plugin).
2015-07-17 01:47:43 +02:00
Mikael Nordfeldth
44dc00a58c Non-replies cannot harvest parent notice nicknames
A feature we use of parent notices is that if you use the same @user
as the parent notice, the same @user will be notified, regardless if
there might be @user@site.com as well as @user@example.com and you're
subscribed to just one of them (or both, or none of them!).

But this threw an exception since we tested this on new notice threads.
2015-07-16 12:53:10 +02:00
Mikael Nordfeldth
cd23c78800 Less redundant code. 2015-07-15 19:21:21 +02:00
Mikael Nordfeldth
0726dcd06c Start using NoParentNoticeException more widely 2015-06-02 13:50:52 +02:00
Mikael Nordfeldth
6b9a8b7b19 Reuse code from our classes, don't write own algorithms 2015-06-02 13:45:22 +02:00
Mikael Nordfeldth
e728e2aa81 typing, added typing to some common_* calls in util.php 2015-06-02 13:19:12 +02:00
Mikael Nordfeldth
d010c5a581 magnet URL linkify support 2015-05-09 15:54:09 +02:00
Mikael Nordfeldth
8439efe77d Filter out img, video and audio tags in notice HTML
Because we don't want to auto-fetch items from a remote server. Such
items should be delivered as attachment metadata and portrayed in the
way the local instance chooses.

Choices for portrayal are either simply nullifying this and embedding
the data, linking the file remotely requiring a manual click or maybe
use remote oEmbed data etc. to download files locally so no remote
requests have to be made.
2015-03-15 14:35:29 +01:00
Mikael Nordfeldth
8fac7a9f6c StatusNet class renamed GNUsocial
also added backward compatible StatusNet class for the two calls I know
third party plugins use, isHTTPS and getActivePlugins
2015-02-27 12:44:15 +01:00
Mikael Nordfeldth
48f8f3f5cf php5-intl is recommended but not required 2015-02-26 22:58:36 +01:00
Mikael Nordfeldth
3dce6d9f6a Implement a common_purify for htmLawed and more
We're removing unicode formatting characters as well, such as RTL marks.
For more info on why we're because extra cautious (but may accept the
characters in later versions) you can read:
https://blog.malwarebytes.org/online-security/2014/01/the-rtlo-method/
2015-02-18 00:10:31 +01:00
Mikael Nordfeldth
7ba7f43199 Don't linkify bare domains by default
It's too farfetched to assume any text.com in a notice is an HTTP URL.
For example stuff like pasting from log entries, with domain.com:1234
where 1234 is a _PID_ or something, not a port number for http://...
2015-02-17 20:54:32 +01:00
Mikael Nordfeldth
c31c2d10b9 PHP>=5.4.0 lets us use Transliterator, tags now asciified!
For example: #REVOLUCIÓN becomes #revolucion instead of #revolución
2015-02-17 20:17:22 +01:00
Mikael Nordfeldth
4c9a74cb12 ROLLBACK which may or may not be useful
There were problems with queries that were executed but didn't seem to
be committed. Trying to patch that up by calling a ROLLBACK on transactions
where the loading of the page isn't stopped after the BEGIN statement's
intended function fails (like with the rememberme cookie in this commit).
2015-02-08 11:09:19 +01:00
Mikael Nordfeldth
eaaef2aec9 'zone' is a valid top domain
We should get another form of URL identifier for interpreting links on notices...
It was hard editing this line in vim even, because of wide, multibyte characters...
2015-01-27 15:07:00 +01:00
Mikael Nordfeldth
8d7230a2b9 EndCheckPassword should run after Start even if pre-exited
StartCheckPassword can exit beforehand either with success or failure,
and we want EndCheckPassword to check for stuff like failed login attempts.
2015-01-21 22:31:05 +01:00
Joshua Judson Rosen
69fec16de2 common_path(): use HTTPS if current URL is HTTPS
Bring common_path() back into harmony with common_local_url(),
which started doing this 2013-03-25.

Shouldn't need to spread "StatusNet::isHTTPS()" logic all over
wherever common_path() is called; just DTRT automatically instead.
2014-12-02 14:47:03 +01:00
Mikael Nordfeldth
17b9614ff8 File->getEnclosure improvements (text/html is not an attachment) 2014-08-05 10:54:00 +02:00
Mikael Nordfeldth
ae62b91940 Unifying HTML stripping functions to common_strip_html 2014-07-14 13:52:23 +02:00
Mikael Nordfeldth
414a95a784 Initial move towards microformats2
No validation has been attempted yet. Lots of changes left. This
is visibly not (very) different from the previous CSS layout. But
some simplifications have been made.

Might cause issues with local changes to themes and CSS. Also maybe
javascript which depends on certain legacy microformats elements.

The move to microformats2 is motivated by the announcement that all
microformats should be migrated to version 2, as of 2014-06-20 at:
http://microformats.org/2014/06/20/microformats-org-turns-9-upgrade-to-microformats2
2014-06-22 17:11:04 +02:00
Mikael Nordfeldth
db443e9374 File::processNew now static and always throws exception on failure 2014-06-02 02:11:23 +02:00
Mikael Nordfeldth
d6f52f5939 File::processNew can return -1 which was not true for empty()
Also, File->getEnclosure() now throws exception if not enough metadata.
2014-06-02 01:46:09 +02:00
Mikael Nordfeldth
c664efcf1f curry.php can always be included (we use PHP>5.2) 2014-05-09 10:46:46 +02:00
Mikael Nordfeldth
b0cae37b0f Datetime representation aligned for microformats2
Read more at http://microformats.org/

Also, tooltip text on time representation for humans has been improved.
Unfortunately no standardised representation (like "RFC850") had 4-digit years.
2014-04-28 18:54:55 +02:00
Mikael Nordfeldth
5fd6053220 Code cleanup and enabling User object's etc. getUri() 2014-04-28 14:08:42 +02:00
Mikael Nordfeldth
cecec3b088 No need for common_notice_uri anymore 2014-04-18 23:36:07 +02:00
Mikael Nordfeldth
3d0994bcca Updating Markdown class + use spl_autoload_register
spl_autoload_register now calls the GNUsocial_class_autoload function
instead of us replacing the magic __autoload($cls). This means we can
queue up other autoload functions, such as the one now used for extlib
functions which exist directly in the 'extlib/' folder or have proper
namespacing (which our new Markdown class does).
2014-03-18 10:52:17 +01:00
Mikael Nordfeldth
639f1a01e0 File class no longer depends on MIME
+ minor tweaks to MediaFile
2014-03-08 03:51:47 +01:00
Mikael Nordfeldth
6faed0e451 MediaFile loses dependency on PEAR::MIME
At the same time we remove the "filecommand" setting, since we will
likely not have use of it thanks to PECL fileinfo.

Also the "supported" list for attachment mime types has changed
format, so we can keep track of at least some known file extensions.
2014-03-08 03:34:50 +01:00
Mikael Nordfeldth
c6bdafb3d0 nl2br so we get proper newlining when publishing \r, \n or \r\n 2014-02-24 18:00:53 +01:00
Mikael Nordfeldth
1349eb349a curly braces to pick a character in string is not recommended 2013-11-11 00:45:30 +01:00
Mikael Nordfeldth
a480ff5605 Group mentions got the wrong class. Now lists get their own too! 2013-11-07 08:20:41 +01:00
Mikael Nordfeldth
ca66860a4f Better typing and minor fixes to OStatus related stuff 2013-11-01 13:20:45 +01:00
Mikael Nordfeldth
58717fa6c5 Forgot to catch no-parent-exception
Unfortunately not a specific Exception right now, but we're getting to that.
2013-10-30 14:56:27 +01:00
Mikael Nordfeldth
8dafce34c3 LoginAction somewhat converted to FormAction 2013-10-30 12:23:10 +01:00
Mikael Nordfeldth
f7c6dd4f6e mentioned was an array, not a single object 2013-10-29 15:06:02 +01:00
Mikael Nordfeldth
c5f6937f5e User_group->permalink() is a function, not a variable. 2013-10-29 13:42:21 +01:00
Mikael Nordfeldth
9b6633698c Group discovery from text functions polished
Also removed the entirely unused saveGroups function.

Now avoiding multiGet and using listFind in Profile->getGroups()
so we don't have to deal with ArrayWrapper.
2013-10-29 13:40:14 +01:00
Mikael Nordfeldth
f99c4b7f07 More OOP-ish tests using instanceof 2013-10-28 22:18:00 +01:00
Mikael Nordfeldth
fa91bc7132 Some getStaticProperty calls to PEAR globalized 2013-10-28 19:03:09 +01:00
Mikael Nordfeldth
fcba540a14 Removed legacy OMB. Use OStatus for remote profiles. 2013-10-28 16:22:09 +01:00
Mikael Nordfeldth
3cab5b36c1 Replace common_good_random with common_random_hexstr 2013-10-21 13:20:30 +02:00
Mikael Nordfeldth
db5df642ba common_good_rand was _not_ a "good rand", only hex
0-F isn't random enough to be called rand, so we rename the function
to avoid confusion with something that is actually good at random.
2013-10-21 13:09:40 +02:00
Mikael Nordfeldth
565e32aca3 Always generate local HTTPS links if ssl is 'always'
The isHTTPS call won't work in cli mode, so install_cli.php should
solve it some other way for initial profile url and User uri.
2013-10-19 14:59:02 +02:00
Mikael Nordfeldth
e2c50d202f AuthCrypt now tidied up and enabled by default. 2013-10-17 16:36:15 +02:00
Mikael Nordfeldth
db7ef52d13 Better use of Nickname validation functions
Nickname verifications on registration and updates for profiles (not yet
groups) have been improved.

Minor bugs in RegisterAction were also fixed, where multiple forms would
be outputed because the function did not return after showForm(). This
will be solved more permanently with throwing exceptions in the future.
2013-10-16 15:38:54 +02:00
Mikael Nordfeldth
8912cdc7a4 Validate::uri replaced with filter_var for HTTP[S] URL checks
Also, a bug in checking the OAuth callback URL for validity was fixed,
where it referenced the wrong variable when going through form data.
2013-10-07 14:46:09 +02:00
Mikael Nordfeldth
87370f0cb1 URL shortening can now be disabled for the 'maxurllength'
Also, URL shortening now consistently uses 'maxurllength'...
2013-10-06 22:35:49 +02:00
Mikael Nordfeldth
e93c4d6268 Missed an exclamation mark. Still doesn't linkify groups? 2013-10-06 17:26:55 +02:00
Mikael Nordfeldth
5974493707 I missed a preg_replace with /e 2013-10-06 12:37:55 +02:00
Mikael Nordfeldth
1c042028dc PCRE modifier /e is deprecated in favour of preg_replace_callback() 2013-10-06 03:27:16 +02:00
Mikael Nordfeldth
b0dfc70a54 Properly unlink all old avatars when deleting/uploading a new
We're also now using $config['image']['jpegquality'] to determine the
quality setting for resized images.

To set Avatar max size, adjust $config['avatar']['maxsize']

The getAvatar call now throws exceptions too. Related changes applied.
Now let's move Profile->avatarUrl to the Avatar class!
2013-10-01 17:00:10 +02:00
Mikael Nordfeldth
858d9cc3c4 maxNoticeLength test for url-shortening failed on maxContent==0
maxContent==0 implies that a notice text can be infinitely long, but
this value was directly transferred to maxNoticeLength, where 0 was
tested if it was longer than the notice length - which of course always
was false.

This commit fixes the problem for infinite length notices that always
got shortened.
2013-09-25 22:48:32 +02:00
Emily O'Leary
81a357ed5e Putting in functionality so that sites with the "Sometimes" SSL setting allow for users with plugins such as HTTPSEVERYWHERE who wish to use HTTPS to do so without having errors pop up. Specifically this references this issue: http://status.net/open-source/issues/3855#comment-48988.
(Port detection test removed by MMN-o. Also switched order on the test for
isHTTPS/SensitiveAction.)
2013-09-10 11:06:53 +02:00
Mikael Nordfeldth
2a4dc77a63 The overloaded DB_DataObject function staticGet is now called getKV
I used this hacky sed-command (run it from your GNU Social root, or change the first grep's path to where it actually lies) to do a rough fix on all ::staticGet calls and rename them to ::getKV

   sed -i -s -e '/DataObject::staticGet/I!s/::staticGet/::getKV/Ig' $(grep -R ::staticGet `pwd`/* | grep -v -e '^extlib' | grep -v DataObject:: |grep -v "function staticGet"|cut -d: -f1 |sort |uniq)

If you're applying this, remember to change the Managed_DataObject and Memcached_DataObject function definitions of staticGet to getKV!

This might of course take some getting used to, or modification fo StatusNet plugins, but the result is that all the static calls (to staticGet) are now properly made without breaking PHP Strict Standards. Standards are there to be followed (and they caused some very bad confusion when used with get_called_class)

Reasonably any plugin or code that tests for the definition of 'GNUSOCIAL' or similar will take this change into consideration.
2013-08-18 13:13:56 +02:00
Evan Prodromou
9b97adc7ad Squashed commit of the following:
commit 2b9bce9ef8f6cf55b7ac62231bcc0173260ba472
Merge: 3ba4f24 12b680e
Author: Evan Prodromou <evan@status.net>
Date:   Mon Aug 13 14:31:46 2012 -0400

    Merge commit 'refs/merge-requests/207' of git://gitorious.org/statusnet/mainline into merge-requests/207

commit 12b680e375db9de01cac77dd9a71adb729292dc7
Author: Mikael Nordfeldth <mmn@hethane.se>
Date:   Fri Aug 10 20:49:52 2012 +0200

    testing whether $user is predefined before otherwise setting it to common_current_user()
2012-08-13 14:34:31 -04:00
Evan Prodromou
fb31ff1af7 better better call 2012-04-24 13:19:09 -04:00
Evan Prodromou
9c286feb5f fix bad function name 2012-04-24 13:17:54 -04:00
Evan Prodromou
64b03439b5 Check for HTTP_HOST before fetching it 2012-04-24 12:55:09 -04:00
Evan Prodromou
540c545399 Don't replace URLs if 'shortened' version is longer, unless forced 2011-09-26 17:05:35 -04:00
Evan Prodromou
12588b1cf7 Merge commit 'refs/merge-requests/166' of git://gitorious.org/statusnet/mainline into merge-requests/166 2011-09-21 15:24:17 -04:00
Evan Prodromou
11f2a3d551 Merge branch '1.0.x' into nummedout 2011-09-14 12:20:37 -04:00
Evan Prodromou
15ae1cddfe two useful functions for profiling 2011-09-14 12:19:29 -04:00
Evan Prodromou
40924842f4 new URLMapper without Net_URL_Mapper 2011-09-14 12:15:56 -04:00
Antonin Kral
ab4f4dbab4 add Connection: close when sending redirect 2011-09-08 11:45:34 +02:00
Evan Prodromou
0022bb8110 fix calls to staticGet() to avoid problems with default args 2011-08-22 18:06:06 -04:00
Evan Prodromou
513c54fa89 Merge branch 'master' into 1.0.x
Conflicts:
	lib/common.php
2011-08-02 15:04:14 -04:00
Evan Prodromou
edb3f704b9 correctly include UTF-8 alphanum chars in tags 2011-08-02 14:03:12 -04:00
Evan Prodromou
10ce44c297 cleanse tags of non-tag characters when canonicalizing 2011-08-02 13:49:00 -04:00
Zach Copley
b925eeecde Fix errors thrown by code trying to broadcast profiles via OMB when the OMB plugin isn't installed 2011-08-02 01:15:30 -07:00