Commit Graph

2177 Commits

Author SHA1 Message Date
Mikael Nordfeldth
6b48db2539 Merge commit 'refs/merge-requests/27' of https://gitorious.org/social/mainline into merge-requests/27 2014-12-09 13:30:47 +01:00
Joshua Judson Rosen
06235a3aa3 Consistently root autostitched conversations at the oldest notice. 2014-12-08 22:39:36 -05:00
Mikael Nordfeldth
d671b7b289 debug output was referencing wrong variable 2014-12-01 19:19:16 +01:00
Mikael Nordfeldth
9f09b136b8 Adding crc32 to uniqueify conversation URIs
This really should be a UUID or something else totally unexpected
but I figure that crc32 is good enough for now. The reason we keep
the main structure is because some third party scripts have begun
relying upon the tag URI format to parse out domain name, type etc.
2014-11-27 17:05:01 +01:00
Mikael Nordfeldth
411ce0629c If a Notice insert fails, don't continue processing it 2014-11-27 14:29:50 +01:00
Mikael Nordfeldth
e0d0a59706 Move Conversation creation out of insert() to allow URI setting
This means we import the URI string from remote instances to track their
conversations and are able to stitch together replies in a single thread.

We might have to try to avoid collisions so noone remotely can predict
conversation URIs which we generate on our server, causing a DoS kind of
problem.
2014-11-27 14:27:41 +01:00
Mikael Nordfeldth
8a4575ea76 Conversation URI cannot be null 2014-11-27 14:15:42 +01:00
Mikael Nordfeldth
bdb4a41696 Use remote conversation URI info to stitch convos together
If we know the URI sent from the remote party, and we don't know the
notice it is replying to, we might still be able to put it in the same
conversation thread!
2014-11-27 14:06:10 +01:00
Mikael Nordfeldth
68143ff916 DirectMessage moved into a plugin, not done yet
We still have to move some API calls into the new plugin.
2014-11-07 15:53:35 +01:00
Mikael Nordfeldth
7ea067a0dc Notice_source checks in better code style 2014-11-05 19:44:22 +01:00
Mikael Nordfeldth
7589e78817 multiGet instead of listFind, subs now in order!
It was desired that subscriptions were listed in an order
with the latest first.
2014-10-25 17:57:20 +02:00
Hannes Mannerheim
a3574bac6c we _do_ want to show text/html as attachments, since that's how mustard and crow expands oversized notices 2014-10-20 16:21:42 +02:00
Hannes Mannerheim
a3b66da261 repeat-bug, could not repeat oversized notices
this code is copy-paste from statusnet, apparently we need it still
2014-10-20 16:20:12 +02:00
Roland Haeder
c1a0132cab Added missing index declarations.
Signed-off-by: Roland Haeder <roland@mxchange.org>
2014-08-24 13:21:59 +02:00
Roland Haeder
ea53233f17 Fixed CHMOD + set error_reporting(0) in getvaliddaemons.php to avoid strict warnings in PHP +5.5
Signed-off-by: Roland Haeder <roland@mxchange.org>
2014-08-24 13:12:44 +02:00
Mikael Nordfeldth
8aa783241d Profile activityobject array outputs "summary" field 2014-08-07 21:54:31 +02:00
Mikael Nordfeldth
1c04601a9c Removing excessive "inline" attachment listings 2014-08-05 11:30:45 +02:00
Mikael Nordfeldth
17b9614ff8 File->getEnclosure improvements (text/html is not an attachment) 2014-08-05 10:54:00 +02:00
Mikael Nordfeldth
e61e11a973 Shares would lack a title in any Activity representation 2014-07-30 00:17:22 +02:00
Mikael Nordfeldth
6e481d35ed Start/End NoticeAsActivity modifications
More 'scoped' profiles and typing to the functions.
Also, there's no need to send an object as a reference.
2014-07-28 09:40:07 +02:00
Mikael Nordfeldth
eb2f93ad2b More use of Profile, less User 2014-07-28 09:34:46 +02:00
Mikael Nordfeldth
9afdc40763 Show correct number of POSTs in conversation "more" link 2014-07-15 14:26:42 +02:00
Mikael Nordfeldth
c96f0aa30f More Activity-based reasoning for saveActivity in Notice
If we can, get the activity ID from the activity itself, instead of the
supplied $options array.
2014-07-14 23:54:58 +02:00
Mikael Nordfeldth
ae62b91940 Unifying HTML stripping functions to common_strip_html 2014-07-14 13:52:23 +02:00
Mikael Nordfeldth
e0a10f775f Store activity content into Notice table in saveActivity 2014-07-14 13:29:03 +02:00
Mikael Nordfeldth
0a20abf1d8 Email notify-on-fave moved to Profile_prefs (run upgrade.php) 2014-07-13 19:46:40 +02:00
Mikael Nordfeldth
b46b588522 New Profile_prefs get a 'created' value now. 2014-07-13 17:09:18 +02:00
Mikael Nordfeldth
b5fd2a048f Shortcut to Profile_prefs get/set Data in Profile and User 2014-07-13 16:49:35 +02:00
Mikael Nordfeldth
b67a611ca7 Allow default data from Profile_prefs::getData call 2014-07-13 16:26:08 +02:00
Mikael Nordfeldth
6f593a79d4 making more sense in mail_notify_fav
We should probably get rid of this function, at least storing everything in
lib/mail.php - but until then, at least let's make it more understandable.
2014-07-13 12:56:43 +02:00
Mikael Nordfeldth
42e2232371 Use canonical object type in Notice title as ActivityObject 2014-07-09 13:36:57 +02:00
Mikael Nordfeldth
2eea7a2d4b Do proper Activity-plugin based mention notification 2014-07-07 01:15:43 +02:00
Mikael Nordfeldth
fffacaa27c FavorAction now uses Notice::saveActivity 2014-07-06 01:37:03 +02:00
Mikael Nordfeldth
ffb9d7ad3f Rewriting code for notice representation
Getting rid of NoticeListItemAdapter, putting more into ActivityHandlerPlugin
and relying on plugins to handle rendering code of the content. This gives us
a lot more structure and consistency in notice structure and allows activity
plugins to stop rendering certain kinds of notices more easily.

There should also be a property for an ActivityHandlerPlugin class to avoid
rendering notices in the ordinary stream, so we don't have to overload stuff.
2014-07-04 14:14:49 +02:00
Mikael Nordfeldth
53b794342c Saved incoming activites for Favorite as wrong profile
also removed some debugging lines

Now we have to get rid of OStatus dependency in lib/activityhandlerplugin.php
2014-07-03 14:08:26 +02:00
Mikael Nordfeldth
1f97376813 Occasionally we'd get a false from Profile::getKV
Due to cache miss? Probably, but now we simply say that it's null in that case
so we get a proper exception from Notice::_setProfiles
2014-07-03 11:55:24 +02:00
Mikael Nordfeldth
b63f6e949c Converted all ActivityObject::fromProfile to $profile->asActivityObject 2014-07-03 10:51:36 +02:00
Mikael Nordfeldth
1d981b826a ActivityObject::fromProfile implemented in Profile 2014-07-02 18:39:53 +02:00
Mikael Nordfeldth
c44146d6f8 Favorites are now being stored from activities 2014-07-02 18:38:19 +02:00
Mikael Nordfeldth
acb07ef52f Added saveActivity method to Notice class
saveActivity will accept an Activity which gets parsed and saved through
plugins. So when an ActivityHandlerPlugin (such as Favorite will be soon)
gets a feed to save, this will be the function called instead of saveNew.
2014-07-02 11:38:37 +02:00
Mikael Nordfeldth
96babc59f5 getIdentifiers, resolveUri, findLocalObject Activity algorithms
Also modified related classes to support this feature.
2014-07-02 11:38:20 +02:00
Mikael Nordfeldth
7e597ea7cc More Favorite pluginification (favecount, cache, menus(favecount, cache, menus)) 2014-06-28 14:03:30 +02:00
Mikael Nordfeldth
fcdd061b4f pluginified most of hasFave, getFaves and related calls
The code is now more event-driven when it comes to rendering notices
and their related HTML elements, since we can't have direct calls from
core to a plugin.

lib/activitymover.php has a function to move a Favorite activity which
will not happen now. The move must be pluginified and performed as an
event which plugins can catch on to.
2014-06-27 14:09:02 +02:00
Mikael Nordfeldth
db7cc7fa75 Favorite functionality put into plugin (not done yet)
Now we have to fix any code in the core which directly uses the Fave class
or any other favorite stuff, since it is pluginised and thus might not be
available on some installations.
2014-06-24 15:58:53 +02:00
Mikael Nordfeldth
86fa4f5fe5 There was no getNickname() for User_group 2014-06-23 19:12:10 +02:00
Mikael Nordfeldth
414a95a784 Initial move towards microformats2
No validation has been attempted yet. Lots of changes left. This
is visibly not (very) different from the previous CSS layout. But
some simplifications have been made.

Might cause issues with local changes to themes and CSS. Also maybe
javascript which depends on certain legacy microformats elements.

The move to microformats2 is motivated by the announcement that all
microformats should be migrated to version 2, as of 2014-06-20 at:
http://microformats.org/2014/06/20/microformats-org-turns-9-upgrade-to-microformats2
2014-06-22 17:11:04 +02:00
Mikael Nordfeldth
d16af504f6 File basename call lacked a dot 2014-06-22 17:05:11 +02:00
Mikael Nordfeldth
79824a3625 Could not update avatar due to Bad Thumbnail parameters 2014-06-17 12:48:10 +02:00
Mikael Nordfeldth
c8c6bf9a1c Simplify functions regarding locally cached profiles etc. 2014-06-06 00:32:07 +02:00
Mikael Nordfeldth
c786892103 Non-dynamic profile fetching in User and User_group 2014-06-06 00:19:54 +02:00
Mikael Nordfeldth
1217cd59bf Non-dynamic user and group fetching in Profile 2014-06-06 00:07:32 +02:00
Mikael Nordfeldth
adf896bc12 Add support for plugins to resize images
This also adds an event hook to get more metadata of the ImageFile.
Such as if it's animated or so.
2014-06-05 13:29:36 +02:00
Mikael Nordfeldth
a900d04052 Non-dynamic fetching for multiple Notice properties 2014-06-05 00:29:43 +02:00
Mikael Nordfeldth
3d807c812d $notice->getProfile will ALWAYS return a Profile
otherwise it throws an exception
2014-06-05 00:07:04 +02:00
Mikael Nordfeldth
04d4b62dff Replies to repeats should go to the original 2014-06-04 23:51:32 +02:00
Mikael Nordfeldth
a490d634db Repeats were not delivered a conversation ID
Vinilox noticed that replies to repeats ended up outside of the original
notice's conversations.
2014-06-04 23:21:37 +02:00
Mikael Nordfeldth
90cc6b4d3b Notice::getReplyTo more specific now (getInlineReplyTo) 2014-06-04 23:20:20 +02:00
Mikael Nordfeldth
629cbedee2 Dangerous non-dynamic profile fetching in Notice
For a Notice object with multiple results, ->getProfile() would ALWAYS
return the first profile in the list. For example our "popular notices"
stream ended up believing all notices were made by the same profile.
2014-06-03 12:22:07 +02:00
Mikael Nordfeldth
1431bbd884 No need to pre-resize avatars 2014-06-03 01:52:42 +02:00
Mikael Nordfeldth
db443e9374 File::processNew now static and always throws exception on failure 2014-06-02 02:11:23 +02:00
Mikael Nordfeldth
d6f52f5939 File::processNew can return -1 which was not true for empty()
Also, File->getEnclosure() now throws exception if not enough metadata.
2014-06-02 01:46:09 +02:00
Mikael Nordfeldth
49188e826c ArrayWrapper no longer returned from multiGetClass
multiGetClass uses FIND_IN_SET for ordering, which is pretty MariaDB specific.
2014-06-02 00:15:17 +02:00
Mikael Nordfeldth
61116ea991 Subscription class listing retrieval fixed
The incorrect variable was tried to be 0 causing offset limits that
are more than 1 to be treated identically (like the raw $ids value).
2014-05-30 23:37:00 +02:00
Mikael Nordfeldth
49fa34e234 Make Profile::fromUri use UnknownUriException 2014-05-26 15:05:14 +02:00
Mikael Nordfeldth
e83b2e147a NoProfileException collision avoidance fix 2014-05-26 14:39:03 +02:00
Mikael Nordfeldth
1207f4f06f isLocal() for User_group 2014-05-19 14:46:54 +02:00
Mikael Nordfeldth
b0cc9292b1 Notice->repeat() function takes Profile as argument now 2014-05-18 21:03:10 +02:00
Mikael Nordfeldth
c4c4835899 Notice->repeat should include the full message
Any clients showing the repeat itself should have its own shortening or
otherwise formatting rules which it can apply itself.
2014-05-18 20:53:44 +02:00
Mikael Nordfeldth
2755e23707 Clear out stored files and reltaed thumbnails when a File is deleted. 2014-05-12 15:16:41 +02:00
Mikael Nordfeldth
214a10ddec File_thumbnail fixes (run scripts/upgrade.php)
We're now capable of doing image rotation for thumbnails based on
EXIF orientation data. Also, thumbnails are tracked by filenames and
thus we can delete them from storage when we feel like it.
2014-05-12 14:33:41 +02:00
Mikael Nordfeldth
cd3cff451f ConversationTree is now a plugin (not oldschool setting)
Conversation trees works pretty bad with the current layout, javascript
etc. So it's best if we separate it and work on it as a side-project. The
oldschool settings are currently being deprecated (or broken out like this).

I'll wait with removing User preferences for oldschool conversation tree,
since that might be reusable data. But I guess it will go in the near future.
2014-05-12 11:51:11 +02:00
Mikael Nordfeldth
1a81188355 Use an Event to present notices conversations 2014-05-12 11:03:21 +02:00
Mikael Nordfeldth
04b7194511 Notice->getUrl() for shares would throw exception in some feeds 2014-05-10 13:06:18 +02:00
Mikael Nordfeldth
a7a4eeef09 width and height are now properties in the File class 2014-05-07 09:51:37 +02:00
Mikael Nordfeldth
621533a7c2 Bad variable reference in event hook. 2014-05-06 23:40:45 +02:00
Mikael Nordfeldth
1776c90cb9 Moved oEmbed stuff out to a plugin (Oembed). 2014-05-06 23:32:13 +02:00
Mikael Nordfeldth
8b12e41351 User object didn't have getNickname() function
We're just jumping on to the Profile->getNickname() function.
2014-05-06 16:08:36 +02:00
Mikael Nordfeldth
848d513706 Only run EndSubscribe when it is really a sub 2014-05-06 00:22:02 +02:00
Mikael Nordfeldth
fc3125cf28 More modern coding, stuff related to subscriptions
Also trying to use the newly implemented AlreadyFulfilledException
2014-05-05 23:58:05 +02:00
Mikael Nordfeldth
9a5e1423f1 Conversations now have URIs that are not URLs 2014-05-01 20:17:40 +02:00
Mikael Nordfeldth
27ed6b7db0 getConversationUrl introduced for linking to conversations 2014-05-01 15:25:19 +02:00
Mikael Nordfeldth
4774a25040 Link notice posted time to local representation
Notice class got a 'getLocalUrl' function.
2014-05-01 14:28:53 +02:00
Mikael Nordfeldth
b77a09fdee Notice URIs are not necessarily URLs.
Let's use getUrl() for URL retrieval. May throw exceptions, but
only if it's a Notice that cannot be linked like that anyway.
2014-04-30 20:44:23 +02:00
Mikael Nordfeldth
34b570352f Fix Direct Message functionality. 2014-04-29 20:37:58 +02:00
Mikael Nordfeldth
7d191f8062 s/bestUrl/getUrl/ for notices and microapp objects 2014-04-29 19:46:58 +02:00
Mikael Nordfeldth
cd6bd07c9d Handle File thumbnail errors better 2014-04-28 20:26:32 +02:00
Mikael Nordfeldth
5fd6053220 Code cleanup and enabling User object's etc. getUri() 2014-04-28 14:08:42 +02:00
Mikael Nordfeldth
0883f54f62 getUrl replaces deprecated bestUrl (more to come) 2014-04-28 14:04:54 +02:00
Mikael Nordfeldth
37ce1f4766 Better fallback on UnsupportedMediaException 2014-04-28 12:12:06 +02:00
Mikael Nordfeldth
e526909bd8 File width and height is now properly set for File 2014-04-22 12:09:24 +02:00
Mikael Nordfeldth
d59eb5e184 Dynamically generate thumbnails (see full text)
The File object now stores width and height of files that can
supply this kind of information. Formats which we can not read
natively in PHP do not currently benefit from this. However an
event hook will be introduced later.

The CreateFileImageThumbnail event is renamed to:
CreateFileImageThumbnailSource to clarify that the hooks should not
generate their own thumbnails but only the source image. Also it now
accepts File objects, not MediaFile objects.

The thumbnail generation is documented in the source code. For
developers, call 'getThumbnail' on a File object and hope for the best.

Default thumbnail sizes have increased to be more appealing.
2014-04-21 20:46:11 +02:00
Mikael Nordfeldth
7f3611c51c use intval() instead of floor() for int return type 2014-04-21 19:32:08 +02:00
Mikael Nordfeldth
b3bf036975 Preparing File for dynamic thumbnail generation. 2014-04-21 12:33:26 +02:00
Mikael Nordfeldth
43a3f5ea90 File_oembed::saveNew are File::saveNew are static
Also did some non-backwards-compatible (to StatusNet) code cleanup.
2014-04-20 16:10:05 +02:00
Mikael Nordfeldth
72707ddc26 deprecate Notice::bestUrl() in favor of getUrl() 2014-04-20 15:28:31 +02:00
Mikael Nordfeldth
132be99506 Improve ShownoticeAction remote redirect code 2014-04-19 22:13:48 +02:00
Mikael Nordfeldth
454a9bc1c4 Use getUrl() instead of ->url in OembedAction 2014-04-19 22:05:44 +02:00
Mikael Nordfeldth
2c1dcc7f14 Fixes to URI/URL handling for notices 2014-04-19 22:04:52 +02:00
Mikael Nordfeldth
85b022246f Handle missing URIs and URLs better 2014-04-18 23:36:01 +02:00
Mikael Nordfeldth
3e2136f222 Avoid double colon on Notice URI generation 2014-04-18 23:17:34 +02:00
Mikael Nordfeldth
e0e69ddd7c Throw exception when we can't get the url for a notice 2014-04-18 23:17:15 +02:00
Mikael Nordfeldth
7025817cc1 File_thumbnail lacked getUrl function
The only reason it worked was because DB fetches calls to get$varname if
the dataobject has a variable with the specific name. However, it started
blurting out errors that the case must be correct (which would require
'geturl' to be the function name).

Since we probably want to replace DB sometime, we'll just override this
auto-fetching mechanism and use more explicitly defined functions.
2014-04-18 23:06:28 +02:00
Mikael Nordfeldth
28dc361a15 Set new notice uri to something that's not a URL 2014-04-18 22:42:01 +02:00
Mikael Nordfeldth
d3b4a8616d Original name preserved in uploaded file.
Avoiding collisions with date (shorter than before) and 4 character
random alphanumeric string. I bet someone could mass-upload files
and generate all combinations of aaaa-zzzz during the course of a
day, but then maybe that user should be disabled anyway :)
(filling the collision space will cause a never-ending loop).
2014-04-16 23:17:27 +02:00
Mikael Nordfeldth
06d4cecf7f MediaFile thumbnail event hooks + VideoThumbnails plugin
The exception thrown from MediaFile will be caught and simply result in
no thumbnail at all right now. In the future we might use a catch-all
and have a "cannot generate preview"-icon or something.

VideoThumbnails requires php5-ffmpeg and php5-gd.
2014-04-16 21:48:58 +02:00
Mikael Nordfeldth
639f1a01e0 File class no longer depends on MIME
+ minor tweaks to MediaFile
2014-03-08 03:51:47 +01:00
Mikael Nordfeldth
79cacdc62f Removing unused "inboxed" flag for User class 2014-03-07 21:37:48 +01:00
Mikael Nordfeldth
5842c59ba7 Get group attentions back into the "all" feed 2014-03-07 02:49:42 +01:00
Mikael Nordfeldth
5e4a275220 Clear Attentions when notice or profile is removed 2014-03-06 14:43:36 +01:00
Mikael Nordfeldth
bed8cc48bc Add an index for Attention notice_ids too
Not sure if this is really needed, since notice_id and profile_id together
build up the primary key. That might cause MySQL to index them anyway.
2014-03-06 14:42:29 +01:00
Mikael Nordfeldth
018fd84032 Add Attention class for non-sub and non-mention notice attentions 2014-03-06 14:22:26 +01:00
Mikael Nordfeldth
5127a83935 Add Managed_DataObject getID() to avoid $obj->id 2014-03-06 14:21:44 +01:00
Mikael Nordfeldth
2272cc244d Removed Inbox from core (unused since 4b2a66ed29)
Added the following FIXME:
How should a Twitter user get their Inbox filled with foreign tweets?

Every imported Twitter user has a profile in the Profile table, so we
could setup a Subscription entry for each of those, meaning they get
collected in the InboxNoticeStream... But this would mean a lot of
unnecessary entries and listings that generally just point to the
locked down Twitter service.

Let's figure out a good relation so we can connect any profile to any
imported foreign notice, so it shows up in the "all" feed.
2014-03-06 04:46:29 +01:00
Mikael Nordfeldth
c812e7c0d6 Removed deprecated Inbox functions not in use from User 2014-03-06 03:41:50 +01:00
Mikael Nordfeldth
da87e742f8 Treat author just as anyone else (Notice distrib) 2014-03-06 01:55:23 +01:00
Mikael Nordfeldth
00db57949f Always queue inbox distribution 2014-03-06 01:50:54 +01:00
Mikael Nordfeldth
1056348029 Merge commit 'refs/merge-requests/11' of git://gitorious.org/statusnet/gnu-social into merge-requests/11 2014-03-05 13:58:32 +01:00
Mikael Nordfeldth
f323f234d7 Better typing for isSubscribed 2014-03-05 13:44:34 +01:00
Mikael Nordfeldth
f83b2cf324 Handle removed profile more gracefully in noticelist
Just hide it from the visitor, but log a warning (and error, since
the exception itself logs that).
2014-03-05 01:27:27 +01:00
Jean Baptiste Favre
29f0922705 Add check after oembed API call. In case of error, returned value is false which generate error messages 'Trying to get property of non-object'. 2014-03-02 15:06:06 +01:00
Mikael Nordfeldth
5144c0cb78 Throw exception, don't return null in Conversation::create 2014-03-01 17:19:10 +01:00
Mikael Nordfeldth
5c505d8539 Conversation ID now gets set from initial notice.
This will work without much extra effort because there will always be
more notices (higher value) than conversations (so no collisions).

But please run upgrade.php to avoid having an autoincrement id on
conversation table.

Installations using code after 2014-03-01 will have identical
conversation IDs to the initial (conversation root) notice IDs. This
will not affect older installations, which will have very different
values.
2014-03-01 17:12:40 +01:00
Mikael Nordfeldth
fc047bd6e6 Minor code cleanup with group related actions (thanks brw12)
Originated from brw12 who noticed an incorrect variable name used in
an error message in actions/apigroupjoin.php:109
2014-03-01 12:01:17 +01:00
Mikael Nordfeldth
edee39790e Use exceptions for Notice::getByUri
..jeez, a long time since I commited. Three in a row to get this right. Sorry :)
2014-01-12 22:46:50 +01:00
Mikael Nordfeldth
08dba7e21d Notice::getByUri is of course static 2014-01-12 22:41:30 +01:00
Mikael Nordfeldth
15c95dc415 getByUri added to Notice for future use 2014-01-12 22:37:41 +01:00
Mikael Nordfeldth
73fe8a81b7 Slight cleanup in typing and syntax of File and File_* classes 2013-11-10 14:33:45 +01:00
Mikael Nordfeldth
729c6eef36 Inbox class a bit more consistent in argument order and type 2013-11-09 01:18:44 +01:00
Mikael Nordfeldth
3eac5e6026 Notice_inbox no longer used (and should've already been migrated for anyone using StatusNet 1.1.x) 2013-11-09 01:10:47 +01:00
Mikael Nordfeldth
1535ae5e3b Call self:: instead of Memcached_DataObject 2013-11-04 17:38:40 +01:00
Mikael Nordfeldth
5e054bfdb3 Minor typing stuff and syntax fixes 2013-11-02 17:28:11 +01:00
Mikael Nordfeldth
a6f99e7296 Implement a User_group fetching function for Local_group 2013-11-02 17:27:50 +01:00
Mikael Nordfeldth
05b603b1da Less raw SQL in User_group 2013-11-02 14:30:29 +01:00
Mikael Nordfeldth
d289ccb7f2 Minor PHP stylistic features and typing stuff 2013-11-02 13:05:08 +01:00
Mikael Nordfeldth
bd86519d50 Minor labeling things for StatusNet to GNU social migration 2013-11-01 14:04:40 +01:00
Mikael Nordfeldth
20bd0c1136 getStreamName will now return nick/fullname based on current user's preferred representation 2013-10-30 13:05:04 +01:00
Mikael Nordfeldth
09ef1fff69 NoticeListItem attentions showed double for User_group
...because they each have their own Profile now! Whiie!
2013-10-30 12:56:17 +01:00
Mikael Nordfeldth
71978a84fd File oEmbed lookup failure is not as severe as LOG_ERR 2013-10-29 14:09:00 +01:00
Mikael Nordfeldth
9b6633698c Group discovery from text functions polished
Also removed the entirely unused saveGroups function.

Now avoiding multiGet and using listFind in Profile->getGroups()
so we don't have to deal with ArrayWrapper.
2013-10-29 13:40:14 +01:00
Mikael Nordfeldth
2dfa0bfcee function delete in dataobjects now don't break strict syntax 2013-10-29 10:20:57 +01:00
Mikael Nordfeldth
23a6b4595f Reworked the ActivityContext->attention structure
Removing Evan's obscure attentionType solution and directly using the attention array
2013-10-28 22:21:14 +01:00
Mikael Nordfeldth
f99c4b7f07 More OOP-ish tests using instanceof 2013-10-28 22:18:00 +01:00
Mikael Nordfeldth
3ba6374b9d Memcached_DataObject extensions got their update functions more consistent 2013-10-28 19:36:05 +01:00
Mikael Nordfeldth
9ea57e5cb2 getAcctUri function added with related exception
Used in ActivityObject for Atom Title generation.

New events:
    * StartGetProfileAcctUri
    * EndGetProfileAcctUri
2013-10-28 18:21:10 +01:00
Mikael Nordfeldth
a5d8707658 Use getParent instead of manual reply_to lookup 2013-10-28 17:28:10 +01:00
Mikael Nordfeldth
fcba540a14 Removed legacy OMB. Use OStatus for remote profiles. 2013-10-28 16:22:09 +01:00
Mikael Nordfeldth
340740266c Notice class local cache fixes 2013-10-23 12:33:37 +02:00
Mikael Nordfeldth
a980f4ed33 Call memcache() as a static object (it's a static class) 2013-10-23 12:02:15 +02:00
Mikael Nordfeldth
f54584c126 Don't disconnect a DB_Error, instead log for better understanding. 2013-10-22 18:56:56 +02:00
Mikael Nordfeldth
e274f69634 Notice->getParent function fixes
NoResultException was the wrong choice in this case, because it was
not a DB_DataObject instance that performed the search, but a static
call to the Notice class.
2013-10-22 15:37:19 +02:00
Mikael Nordfeldth
355c37bc3f Revert "Better ID for notice activity"
This reverts commit 8cc4660bd9.

This seems like something Evan only did to make pump.io import notices easier,
or maybe he just wanted to get rid of the identi.ca URLs?
2013-10-21 23:25:35 +02:00
Mikael Nordfeldth
f4c0cff032 Only use ActivityVerb::SHARE (forwardId is deprecated)
StatusNet >= 1.0 support it.
2013-10-21 22:25:19 +02:00
Mikael Nordfeldth
3cab5b36c1 Replace common_good_random with common_random_hexstr 2013-10-21 13:20:30 +02:00
Mikael Nordfeldth
df5aa6f93a Exception wasn't thrown. How does PHP handle daisychained calls, really? 2013-10-21 09:09:32 +02:00
Mikael Nordfeldth
9811783f19 Strict type check against false in User_group 2013-10-20 17:15:46 +02:00
Mikael Nordfeldth
e868ebfe77 WebFingerResource introduced, instead of strict Profile object
This is the beginning of getting notice URI info via WebFinger

*XrdActionLinks is renamed *WebFingerProfileLinks, check EVENTS.txt
in WebFinger plugin for new events.
2013-10-20 15:48:14 +02:00
Mikael Nordfeldth
2a5ba1f74b Core and Default plugins separated, now loads on install
_flow_ reported on IRC that install.php had stopped working. This was
because default plugins had been put into two separate lists, and the
list with AuthCrypt was never loaded when performing an installation.

Core plugins cannot be disabled.

I also removed the Memcache autodetection thing since it should be
solved in a more elegant manner.
2013-10-19 14:38:15 +02:00
Mikael Nordfeldth
145fbf1130 Move nick updating of User entry to Profile->update()
Also, timezone and language in User table weren't indexes. So no need
to do them separately.
2013-10-17 16:38:42 +02:00
Mikael Nordfeldth
274b70784f When updating a User_group nickname, correlate Local_group and Profile
...no need to make a separate call to Local_group's setNickname all the time,
or a bunch of redundant code for the Profile table.

Next up is User->update()...
2013-10-17 13:49:20 +02:00
Mikael Nordfeldth
6ed66d9c76 Local_group and User are now assumed to be in same namespace 2013-10-17 01:27:01 +02:00
Mikael Nordfeldth
38a69b5597 Better checks during User::register and improved Nickname checks 2013-10-16 14:58:06 +02:00
Mikael Nordfeldth
352bef2374 Add support (and upgrade path) for group profiles 2013-10-15 11:12:50 +02:00
Mikael Nordfeldth
202f6ad7a9 Removing legacy code and fixup_* for Status_network tags 2013-10-15 10:54:03 +02:00
Mikael Nordfeldth
8202e922aa Do calls straight to the result of getProfile 2013-10-15 02:34:10 +02:00
Mikael Nordfeldth
4e8d7795d0 Moved favoriteNotices from User to Profile class 2013-10-15 02:15:58 +02:00
Mikael Nordfeldth
fdbb528e7a getTaggedSub-stuff moved to Profile class 2013-10-15 02:00:27 +02:00
Mikael Nordfeldth
1dc051a9eb We never accept a user without a Profile 2013-10-15 01:00:27 +02:00
Mikael Nordfeldth
f46d675a20 GNU social is with a minor s. 2013-10-15 00:20:36 +02:00
Mikael Nordfeldth
b903db059c static:: call are less cluttery 2013-10-14 18:34:26 +02:00
Mikael Nordfeldth
a8bcdc905f common_sql_now() is recommended before DB_DataObject_Cast::dateTime() 2013-10-14 13:42:27 +02:00
Mikael Nordfeldth
53face3340 MDB2 now works with UTF-8 2013-10-14 13:18:26 +02:00
Mikael Nordfeldth
390556d932 Remote Profile Action from ModPlus now more generic 2013-10-08 21:08:02 +02:00
Mikael Nordfeldth
fcf47f315b Removed deprecated activity:subject 2013-10-08 15:06:19 +02:00
Mikael Nordfeldth
1d1951d4b0 common_sql_now() is recommended 2013-10-08 11:40:23 +02:00
Mikael Nordfeldth
9ddc40b6da NoResultException returns the failed object 2013-10-08 00:21:24 +02:00
Mikael Nordfeldth
87370f0cb1 URL shortening can now be disabled for the 'maxurllength'
Also, URL shortening now consistently uses 'maxurllength'...
2013-10-06 22:35:49 +02:00
Mikael Nordfeldth
34a6624452 Qvitter API changes (thanks hannes2peer)
I implemented changes from quitter.se's new API that their front-end qvitter
uses, https://github.com/hannesmannerheim/qvitter/blob/master/api-changes-1.1.1/CHANGES

However I left out the URL shortening commens, since I believe whatever behaviour
they experienced that caused them to implement this was a bug (or many) and should
be fixed in their proper areas and that shortening should not be entirely left
out in API calls.
2013-10-06 21:51:50 +02:00
Mikael Nordfeldth
3000adb33d pkeyGet unfortunately returns null (should throw NoResultException) on empty result 2013-10-06 20:04:09 +02:00
Mikael Nordfeldth
2770ef9718 listFind throws NoResultException on no results 2013-10-06 16:37:51 +02:00
Mikael Nordfeldth
fb94a16217 Moved Avatar retrieval into Avatar class
Backwards compatible functions are still in Profile class.
2013-10-06 15:55:06 +02:00
Mikael Nordfeldth
c3d46b81a8 Added Profile_prefs class for profile preferences
Profile_prefs aims to consolidate all the profile preferences into a
single table. Otherwise we end up with a bajillion *_prefs classes, like
User_urlshortener_prefs, or new fields in existing User/Profile classes,
like 'urlshorteningservice', 'homepage', 'phone_number', 'pet_name' etc.

Eventually we should migrate as many user-settable preferences as we can
into this system.

The data in Profile_prefs is organized by:
    * profile_id    Identify the current Profile.
    * namespace     Which plugin/section the preference is for.
    * topic         Preference name (like 'homepage')
    * data          Preference data (like 'https://gnu.org/')

The names 'topic' and 'data' are because 'key' and 'value' may be rather
ambigous when dealing with our DB_DataObject classes etc.
2013-10-06 14:07:00 +02:00
Mikael Nordfeldth
78f9629bf3 Moved shareLocation preference check to Profile class 2013-10-06 13:38:09 +02:00
Mikael Nordfeldth
64dbd93534 Some PHP strict warning fixes 2013-10-06 03:37:12 +02:00
Mikael Nordfeldth
ac819e5738 fillAvatars would avoid the *ProfileGetAvatar events 2013-10-06 03:01:43 +02:00
Mikael Nordfeldth
ba481d1e31 LOG_WARNING, not LOG_WARN 2013-10-06 01:33:10 +02:00
Mikael Nordfeldth
48da97f204 MediaFile code improvements, preparing to implement multi-attachments
Maybe in the future we can use this for anonymous file uploads too?
With some kind of anonymous/pseudonymous profile. That'd be neat.
2013-10-05 18:47:45 +02:00
Mikael Nordfeldth
e376905d93 Forgot to clean some debug logging 2013-10-05 14:33:02 +02:00
Mikael Nordfeldth
29de09a63d getParent throws exception
Should we get another Exception for if there's no parent? I think so,
because it's not really the same context as 'no result'.
2013-10-05 12:30:14 +02:00
Mikael Nordfeldth
d1558a1d8b Fix Avatar-unlink plus better logging in TwitterImport 2013-10-05 11:32:43 +02:00
Mikael Nordfeldth
597eb97bec is_a() with 3 params only supported in 5.3.9 anyway
So I removed those safety-checks, because now we can assume it works.
2013-10-04 23:10:59 +02:00
Mikael Nordfeldth
fb4e9b234d Twitter Import improvements. Still buggy?
Apparently mrvdb has problems with duplicate inserts and missing files when
unlinking. It could be due to coding, or it could be due to parallelizing.
2013-10-04 13:36:45 +02:00
Mikael Nordfeldth
cd6fa512ac Twitter Import + avatar fixes (cleaning up + fixing)
...there was also a typo in OstatussubAction ($avatarUrl not defined)
2013-10-03 15:28:51 +02:00
Mikael Nordfeldth
39f43e415d Do not name anything getOriginal (because DB_DataObject calls that)
Avatar->getOriginal has been renamed getUploaded
Notice->getOriginal has been renamed getParent
2013-10-02 15:01:11 +02:00
Mikael Nordfeldth
7979918ba9 Various minor Avatar fixes, but pretty necessary.
One typing thing. And a missed exception case.

Get src from displayUrl() instead of url for example.
2013-10-02 14:49:01 +02:00
Mikael Nordfeldth
b0dfc70a54 Properly unlink all old avatars when deleting/uploading a new
We're also now using $config['image']['jpegquality'] to determine the
quality setting for resized images.

To set Avatar max size, adjust $config['avatar']['maxsize']

The getAvatar call now throws exceptions too. Related changes applied.
Now let's move Profile->avatarUrl to the Avatar class!
2013-10-01 17:00:10 +02:00
Mikael Nordfeldth
cced063e47 Fixed regression in latest Avatar fixes
I thought typing would fix it, but there's a problem earlier in the
execution chain which will be fixed in the future.
2013-09-30 22:49:47 +02:00
Mikael Nordfeldth
24e0535001 Fix regression from WebFinger update for singleuser sites 2013-09-30 22:42:20 +02:00
Mikael Nordfeldth
a23c4aa236 Avatar resizing improvements and better code reuse
* getOriginal added to Avatar class
    This is a static function that retrieves the original avatar in a leaner
    way than Profile->getOriginalAvatar() did (see below).
    This will throw an Exception if there was none to be found.

* getProfileAvatars added to Avatar class
    This gets all Avatars from a profile and returns them in an array.

* newSize added to Avatar class
    This will scale an original avatar or throw an Exception (originally from
    Avatar::getOriginal) if one wasn't found.

* deleteFromProfile added to Avatar class
    Deletes all avatars for a Profile. This makes the code much smarter when
    removing all avatars from a user.
    Previously only specific, hardcoded (through constants) sizes would be
    deleted. If you ever changed lib/framework.php then many oddsized avatars
    would remain with the old method.

* Migrated Profile class to new Avatar::getOriginal support
    Profile class now uses Avatar::getOriginal through its own
    $this->getOriginalAvatar and thus remains backwards compatible.

* Updating stock GNU Social to use Avatar::getOriginal
    All places where core StatusNet code used the
    $profile->getOriginalAvatar, it will now useAvatar::getOriginal with
    proper error handling.

* Updated Profile class to use Avatar::newSize
    When doing setOriginal, the scaling will be done with the new method
    introduced in this merge.
    This also edits the _fillAvatar function to avoid adding NULL values to
    the array (which causes errors when attempting to access array entries as
    objects). See issue #3478 at http://status.net/open-source/issues/3478
2013-09-30 22:23:03 +02:00
Mikael Nordfeldth
a0e107f17f Implemented WebFinger and replaced our XRD with PEAR XML_XRD
New plugins:
* LRDD
    LRDD implements client-side RFC6415 and RFC7033 resource descriptor
    discovery procedures. I.e. LRDD, host-meta and WebFinger stuff.

    OStatus and OpenID now depend on the LRDD plugin (XML_XRD).

* WebFinger
    This plugin implements the server-side of RFC6415 and RFC7033. Note:
    WebFinger technically doesn't handle XRD, but we serve both that and
    JRD (JSON Resource Descriptor), depending on Accept header and one
    ugly hack to check for old StatusNet installations.

    WebFinger depends on LRDD.

We might make this even prettier by using Net_WebFinger, but it is not
currently RFC7033 compliant (no /.well-known/webfinger resource GETs).

Disabling the WebFinger plugin would effectively render your site non-
federated (which might be desired on a private site).

Disabling the LRDD plugin would make your site unable to do modern web
URI lookups (making life just a little bit harder).
2013-09-30 22:04:52 +02:00
Joshua Judson Rosen
8e53eb2b4c Correct a logic-inverting typo in handling of replies to group-posts.
The typo causes a tautology, which makes replies to group-posts always (or almost-always) go to the group(s).
cf. http://status.net/open-source/issues/3638
2013-09-29 23:14:00 +02:00
Mikael Nordfeldth
80c6af0ffe Uncaught exception when no subscribers/subscriptions in ProfileList 2013-09-26 00:47:56 +02:00
Mikael Nordfeldth
858d9cc3c4 maxNoticeLength test for url-shortening failed on maxContent==0
maxContent==0 implies that a notice text can be infinitely long, but
this value was directly transferred to maxNoticeLength, where 0 was
tested if it was longer than the notice length - which of course always
was false.

This commit fixes the problem for infinite length notices that always
got shortened.
2013-09-25 22:48:32 +02:00
Mikael Nordfeldth
9d3abc3600 $_PEAR now defined globally as new PEAR, so no static calls are made 2013-09-23 22:27:43 +02:00
Mikael Nordfeldth
50e611a1a9 Shouldn't define static classes as abstract.
New Exception class added (MethodNotImplementedException)
2013-09-21 18:53:18 +02:00
Mikael Nordfeldth
63306081bc Subscription "get by" functions now don't use ArrayWrappers
They were getting in the way of some strict-typing stuff.
2013-09-21 18:38:14 +02:00
Mikael Nordfeldth
39f21d63af New Managed_DataObject retrieval: listFind
This will return a proper DB_DataObject instance (as the desired class)
and not an array, or ArrayWrapper.
2013-09-21 18:18:03 +02:00
Mikael Nordfeldth
93e878d7ca Make better use of Subscription class
removed lib/subs.php as it was essentially only a wrapper for Subscription
2013-09-19 17:29:05 +02:00
Mikael Nordfeldth
a35344eb00 instanceof instead of is_a is faster (thanks quix0r) 2013-09-19 16:40:16 +02:00
Mikael Nordfeldth
c906ab11b0 8 chars was too little, 32 should be enough. 2013-09-18 01:21:53 +02:00
Mikael Nordfeldth
8140c4ff90 Bad call to joinAdd in Profile.php 2013-09-16 22:36:44 +02:00
Mikael Nordfeldth
83b852312a Events on user registrations now strictly typed 2013-09-14 18:37:05 +02:00
Mikael Nordfeldth
99312c8cc2 Declaring some more static functions properly
As a bonus I added type declaration on Profile_block::exists and
Subscription::exists respectively.
2013-09-09 23:28:20 +02:00
Mikael Nordfeldth
747fe9d59b Tidying up getUser calls to profiles and some events
getUser calls are much more strict, and one place where this was found was
in the (un)subscribe start/end event handlers, which resulted in making the
Subscription class a bit stricter, regarding ::start and ::cancel at least.
Several minor fixes in many files were made due to this.

This does NOT touch the Foreign_link function, which should also have a more
strict getUser call. That is a future project.
2013-09-09 23:03:34 +02:00
Mikael Nordfeldth
e5e3aeb4e6 newmessage (and Message class) fixed for FormAction
Also added a needLogin function to the Action class, which will do
redirect to login page with proper returnto setting.
2013-09-02 11:05:30 +02:00
Mikael Nordfeldth
79e3acf0f0 Moved multiGet into Managed_DataObject 2013-08-29 10:38:11 +02:00
Mikael Nordfeldth
b3e61ce7d0 Stronger typing, require array where param array 2013-08-29 10:27:39 +02:00
Mikael Nordfeldth
fac7371179 pivotGet moved into Managed_DataObject 2013-08-29 10:13:07 +02:00
Mikael Nordfeldth
40fe10e002 Woops, forgot auto_increment (comes with 'serial')
There are still some classes not ported (like Yammer import)
2013-08-21 15:02:44 +02:00
Mikael Nordfeldth
3a7261f70a IMPORTANT: Making prev. Memcached_DataObject working again with schemaDef
Lots of the Memcached_DataObject classes stopped working when upgraded to
Managed_DataObject because they lacked schemaDef().

I have _hopefully_ made it so that all the references to the table uses
each class' schemaDef, rather than the more manual ColumnDef stuff. Not
all plugins have been tested thoroughly yet.

NOTE: This is applied with getKV calls instead of staticGet, as it was
important for PHP Strict Standards compliance to avoid calling the non-
static functions statically. (unfortunately DB and DB_DataObject still do
this within themselves...)
2013-08-21 09:48:42 +02:00
Mikael Nordfeldth
b1465a7559 We can now do late static binding (PHP >= 5.3) 2013-08-20 09:43:51 +02:00
Mikael Nordfeldth
0785cc2469 Don't use DB_DataObject::factory (statically at least)
Not all instances of this has been fixed, but at least the ones
in the base class of Memcached_DataObject.

Avatar fix (in classes/Profile.php) requires a pkeyGet function
in the Avatar class (or as in this tree, the parent class of
Managed_DataObject)
2013-08-19 11:40:35 +02:00
Mikael Nordfeldth
97ce71e55d Managed_DataObject now has listGet for all classes 2013-08-18 21:02:33 +02:00
Mikael Nordfeldth
3ce5631b3c Memcached_DataObject::multicache is now properly defined static 2013-08-18 16:21:30 +02:00
Mikael Nordfeldth
861e838add pkeyGet is now static and more similar to getKV
Memcached_DataObject now defines
   * pkeyGetClass to avoid collision with Managed_DataObject pkeyGet
   * getClassKV to avoid collision with Managed_DataObject getKV
2013-08-18 15:42:51 +02:00
Mikael Nordfeldth
2a4dc77a63 The overloaded DB_DataObject function staticGet is now called getKV
I used this hacky sed-command (run it from your GNU Social root, or change the first grep's path to where it actually lies) to do a rough fix on all ::staticGet calls and rename them to ::getKV

   sed -i -s -e '/DataObject::staticGet/I!s/::staticGet/::getKV/Ig' $(grep -R ::staticGet `pwd`/* | grep -v -e '^extlib' | grep -v DataObject:: |grep -v "function staticGet"|cut -d: -f1 |sort |uniq)

If you're applying this, remember to change the Managed_DataObject and Memcached_DataObject function definitions of staticGet to getKV!

This might of course take some getting used to, or modification fo StatusNet plugins, but the result is that all the static calls (to staticGet) are now properly made without breaking PHP Strict Standards. Standards are there to be followed (and they caused some very bad confusion when used with get_called_class)

Reasonably any plugin or code that tests for the definition of 'GNUSOCIAL' or similar will take this change into consideration.
2013-08-18 13:13:56 +02:00
Mikael Nordfeldth
e95f77d34c Updating all Memcached_DataObject extended classes to Managed_DataObject
In some brief tests, this causes no problems.

In this state however, you would need to modify DB_DataObject to have a static declaration of staticget (and probably pkeyGet). The next commit will change the staticGet overload to a unique function name (like getKV for getKeyValue), which means we can properly call the function by PHP Strict Standards.
2013-08-18 12:32:32 +02:00
Mikael Nordfeldth
1a9a8ea730 staticGet for sub-Managed_DataObject classes now calls parent
The parent class for our database objects, Managed_DataObject, has a
dynamically assigned class in staticGet which objects get put into,
leaving us with less code to do the same thing.

We will probably have to move away from the DB_DataObject 'staticGet'
call as it is nowadays deprecated.
2013-08-12 19:46:44 +02:00
Mikael Nordfeldth
d115cddfb7 Managed_DataObject gets dynamic class detection for staticGet
Compatibility: get_called_class is implemented in PHP >= 5.3.0
2013-08-12 19:12:13 +02:00
Mikael Nordfeldth
3394efca60 staticGet is a static function
We always call staticGet statically, so we define it statically. Next
step is to remove a bunch of definitions of 'staticGet' from classes
that can instead fall back to a parent class in Managed_DataObject.

The ampersand is removed as we're returning a class anyway, which does
not need a reference (and when we return false, it means nothing).
2013-08-12 19:08:11 +02:00
Mikael Nordfeldth
794163c31f Default to NOT ask for current location for new users
It may be a bad experience for new users to immediately when trying
out the service be asked for their geographical position. Instead,
let them opt-in for this behaviour.
2013-08-12 14:40:55 +02:00
Mikael Nordfeldth
bd60ab2e05 fix typo on provider_url 2013-08-12 13:01:47 +02:00
Mikael Nordfeldth
56cfd2bf22 comparing a url scheme should be done case insensitively 2013-08-12 12:52:50 +02:00
Mikael Nordfeldth
f433f7ce77 if parameters are not 0, null then limit will be PROFILES_PER_PAGE
If you look at classes/User_group.php on line 412 in the current code, you can see that a call to $profile->getGroups() is made. This implies getGroups($offset=0, $limit=PROFILES_PER_PAGE) only giving a limited amount of groups.

This means only the first 20 groups in an ascending numerical order by locally stored User_group->id will be addressable with the bangtag syntax.

I solved this by making the getGroups() call to the same one made in Profile->isMember(), i.e. $profile->getGroups(0, null);
2013-08-12 12:50:23 +02:00
Evan Prodromou
3fc1d245a1 Merge 1.1.x into master 2013-07-16 10:57:06 -07:00
Joshua Wise
89ba820246 Escape argument to prevent SQL injection attack in
User::getTaggedSubscriptions()

This change escapes the $tag argument to prevent a SQL injection
attack in User::getTaggedSubscriptions(). The parameter was not
escaped higher up the stack, so this vulnerability could be exploited.
2013-07-16 10:47:29 -07:00
Joshua Wise
4a30da924a Escape argument to User::getTaggedSubscribers() to preven SQL injection
This change escapes the argument to User::getTaggedSubscribers() to
prevent SQL injection attacks.

Both code paths up the stack fail to escape this parameter, so this is
a potential SQL injection attack.
2013-07-16 10:43:56 -07:00
Joshua Wise
e54cb6958a Escape query parameters in Profile_tag::getTagged()
This patch escapes query parameters in Profile_tag::getTagged(). This
is an extra security step; since these parameters come out of the
database, it's unlikely that they would have dangerous data in them.
2013-07-16 10:35:44 -07:00
Joshua Wise
5b118b3781 Escape SQL parameter in Profile_tag::moveTag()
This change adds additional escapes for arguments to
Profile_tag::moveTag(). The arguments are canonicalized in the API and
Web UI paths higher up the stack, but this change makes sure that no
other paths can introduce SQL injection errors.
2013-07-16 10:27:30 -07:00
Joshua Wise
c5a710e081 Escape $tag passed to Profile::getTaggedSubscribers()
This patch escapes the $tag parameter in
Profile::getTaggedSubscribers(). The parameter is not escaped either
in actions/subscriptions.php or in actions/apiuserfollowers.php. So
there is a potential for SQL injection here.
2013-07-16 10:14:38 -07:00
Joshua Wise
3fb2c06cba Potential SQL injection in Local_group::setNickname()
This change escapes a parameter in Local_group::setNickname(). Review
of the code paths that call this function sanitize the parameter
higher up the stack, but it's escaped here to prevent mistakes later.

Note that nickname parameters are normally alphanum strings, so
there's not much danger in double-escaping them.
2013-07-16 10:11:26 -07:00
Joshua Wise
783e400d94 Potential SQL injection in Local_group::setNickname()
This change escapes a parameter in Local_group::setNickname(). Review
of the code paths that call this function sanitize the parameter
higher up the stack, but it's escaped here to prevent mistakes later.

Note that nickname parameters are normally alphanum strings, so
there's not much danger in double-escaping them.
2013-07-16 10:09:16 -07:00
Evan Prodromou
e502bba259 Slightly more robust group-membership conversion 2013-06-30 12:07:55 -04:00
Evan Prodromou
8cc4660bd9 Better ID for notice activity 2013-06-15 12:07:52 -04:00
Evan Prodromou
7a5bd495c5 Better ID for notice activity 2013-06-15 12:07:34 -04:00
Evan Prodromou
bb0cf686df Pass null to Profile::profileInfo() 2013-06-08 21:12:29 -04:00
Evan Prodromou
806f7d439a Bad variable in Message::asActivity() 2013-06-08 21:07:51 -04:00
Evan Prodromou
f189d0b438 Bad variable in Message::asActivity() 2013-06-08 21:04:51 -04:00
Evan Prodromou
96d7b68c50 Store direct messages as an activity 2013-06-08 17:54:27 -04:00
Evan Prodromou
9fd2c3e1c9 Store direct messages as an activity 2013-06-08 17:45:49 -04:00
Evan Prodromou
14a111189d Merge remote-tracking branch 'origin/master' 2013-06-08 14:57:20 -04:00