Commit Graph

57 Commits

Author SHA1 Message Date
Mikael Nordfeldth
b9d35659c8 Stricter exception check 2016-02-10 04:43:30 +01:00
Mikael Nordfeldth
fb7f572eed Purify oembed html (again)
For a commit or two we didn't do this, because htmLawed failed to filter
out CDATA javascript properly, but now we use HTML Purifier which works.
2016-01-28 19:02:16 +01:00
Mikael Nordfeldth
7e6783bb8f Replace htmLawed with HTMLPurifier 2016-01-28 19:01:13 +01:00
Mikael Nordfeldth
daea5647b6 Merge branch 'nightly' of git.gnu.io:gnu/gnu-social into mmn_fixes 2016-01-28 17:27:08 +01:00
mmn
9b3cbb373e Merge branch 'oembed_fb_wp_branch' into 'nightly'
Oembed: Fix UTF-8 bug and better wp&fb data (updated!)



See merge request !97
2016-01-28 16:26:33 +00:00
Mikael Nordfeldth
efe23ed404 updateWithKeys now understands multi-column keys
and automatically identifies _which_ columns are the right ones,
so for example 'uri' primary keys don't need to be explicitly set
2016-01-28 16:42:59 +01:00
hannes
05439831e7 add comment that DOMDocument('1.0', 'UTF-8') does not work 2016-01-28 15:32:11 +00:00
hannes
06e325d61b fixes two issues when the oembed thumbnail is blank 2016-01-28 15:19:29 +00:00
hannes
aa76e5863f don't mess upp charsets in oembed/og! check for utf-8 in http header and meta tags, and add prolog when loading html with DOMDocument() 2016-01-26 13:37:52 +00:00
hannes
b8d1e1f4a6 silence errors on these xpath queries 2016-01-26 11:28:24 +00:00
hannes
884aeb4d2e common_purify() doesn't remove wordpress' and facebook's javascript properly, maybe better to keep the data intact, and do strip_tags or something similar when using the data 2016-01-26 01:10:15 +00:00
hannes
473f893d04 detab 2016-01-26 01:07:44 +00:00
hannes
76c8139054 not pretty, but gives us better oembed data for wordpress and facebook 2016-01-26 01:05:53 +00:00
hannes
d0e2f8745d add a thumbnail to oembed response 2016-01-21 18:48:30 +00:00
mmn
44c10bb2aa Merge branch 'oembed_branch' into 'nightly'
purify oembed html and don't allow cdata

hopefully we never need stuff in cdata

reason for this is that this link serves javascript in its oembed data: https://www.maketecheasier.com/switch-windows-10-to-linux/

see:
https://www.maketecheasier.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.maketecheasier.com%2Fswitch-windows-10-to-linux%2F

i don't feel we want that in our database.  

See merge request !79
2016-01-15 13:11:35 +00:00
Mikael Nordfeldth
0caf0612d0 Make Twitter Media upload API v1.1 reach us
Now we just have to accept the 'media' or 'media_data' (base64 encoded)
POST arguments instead of $_FILES uploads.
2016-01-14 18:29:21 +01:00
Mikael Nordfeldth
53339ff463 Fake oEmbed version in OpenGraph return object 2016-01-14 02:09:12 +01:00
Mikael Nordfeldth
24d9d76644 OpenGraph image/thumbnail width and height 2016-01-13 22:07:39 +01:00
hannes
ee305891c4 purify oembed html 2016-01-13 16:03:38 +00:00
Mikael Nordfeldth
3720e37f06 property attribute could be null in meta tags of course 2016-01-13 14:24:00 +01:00
Mikael Nordfeldth
3658774429 Super-basic OpenGraph image preview support, "works for me" 2016-01-12 15:29:03 +01:00
Mikael Nordfeldth
d4be5349b3 think I have managed to show oEmbed images better now 2016-01-07 17:35:37 +01:00
Mikael Nordfeldth
b596391fcd Avoid having to check for notices without rendered copies in upgrade.php
Always call the Notice->getRendered() function to get a rendered copy.
We could perhaps put some sanitation there too in the future
2016-01-06 15:32:27 +01:00
Mikael Nordfeldth
6772d991ae Only provide Notice oEmbed data for local notices 2015-12-31 01:55:18 +01:00
Mikael Nordfeldth
feb6b636f4 File_oembed varchar to text changes
No need to have text length limitations in the database for fields which
very well may be longer than what was previously set.
2015-12-27 12:11:29 +01:00
Mikael Nordfeldth
334a0d56e7 Oembed slimmed to only do discovery (soon we get og: discovery too) 2015-11-30 02:06:04 +01:00
Mikael Nordfeldth
b7edac2610 HTTPClient get $params array and oEmbedHelper uses it 2015-11-30 01:28:18 +01:00
Stephen Paul Weber
a9b1b60a97 Refactor on File::processNew
The code was so involved there was even a comment asking for a refactor.

Now, File_redirection::where always returns a nice File_redirection
object instead of an array or string or nothing.  The object is
either one which already existed or else a new, unsaved object.

Instead of duplicating "does it exist" checks everywhere, do it in
File_redirection::where.  You either get what exists or something to save.

An unsaved File_redirection may be paired with an unsaved File.
You will want to save the File first (using ->saveFile()) and put the
id in File_redirection#file_id before saving.
2015-11-02 05:15:08 +00:00
digital dreamer
d7fd6bac72 Snapshot of the Transifex translation project - October 2015 2015-10-04 18:23:01 +02:00
Mikael Nordfeldth
d52b7e3124 Oembed fiddling, nothing major 2015-10-01 22:18:33 +02:00
Mikael Nordfeldth
118a4f56ab Script to test remote oEmbed endpoints 2015-09-28 12:25:40 +02:00
Mikael Nordfeldth
8a002e98bc File-related functions not declared static 2015-06-07 10:01:28 +02:00
Mikael Nordfeldth
f094918cf6 Revert "Inverse logic error in OembedPlugin"
This reverts commit 9ab996d9e6.
2015-04-05 15:44:04 +02:00
Mikael Nordfeldth
4fc4f91b9e Allow oEmbed data from all sites by default 2015-04-03 21:00:19 +02:00
Mikael Nordfeldth
9ab996d9e6 Inverse logic error in OembedPlugin 2015-04-03 20:59:56 +02:00
Mikael Nordfeldth
3cf5fe8795 bad URL is a clientError 2015-04-03 20:58:12 +02:00
Mikael Nordfeldth
94d3f50aee oEmbed Action logic simplified (early return) 2015-04-03 20:47:08 +02:00
Mikael Nordfeldth
3dc30b6b8f oEmbed helper never finished because of "break 2;" 2015-04-03 20:11:55 +02:00
Mikael Nordfeldth
1e89540c3f Merge branch 'nightly', beginning of 1.2.x
Conflicts:
	plugins/APC/locale/APC.pot
	plugins/APC/locale/ast/LC_MESSAGES/APC.po
	plugins/APC/locale/be-tarask/LC_MESSAGES/APC.po
	plugins/APC/locale/br/LC_MESSAGES/APC.po
	plugins/APC/locale/de/LC_MESSAGES/APC.po
	plugins/APC/locale/es/LC_MESSAGES/APC.po
	plugins/APC/locale/eu/LC_MESSAGES/APC.po
	plugins/APC/locale/fr/LC_MESSAGES/APC.po
	plugins/APC/locale/gl/LC_MESSAGES/APC.po
	plugins/APC/locale/he/LC_MESSAGES/APC.po
	plugins/APC/locale/ia/LC_MESSAGES/APC.po
	plugins/APC/locale/id/LC_MESSAGES/APC.po
	plugins/APC/locale/it/LC_MESSAGES/APC.po
	plugins/APC/locale/mk/LC_MESSAGES/APC.po
	plugins/APC/locale/ms/LC_MESSAGES/APC.po
	plugins/APC/locale/nb/LC_MESSAGES/APC.po
	plugins/APC/locale/nl/LC_MESSAGES/APC.po
	plugins/APC/locale/pl/LC_MESSAGES/APC.po
	plugins/APC/locale/pt/LC_MESSAGES/APC.po
	plugins/APC/locale/pt_BR/LC_MESSAGES/APC.po
	plugins/APC/locale/ru/LC_MESSAGES/APC.po
	plugins/APC/locale/tl/LC_MESSAGES/APC.po
	plugins/APC/locale/uk/LC_MESSAGES/APC.po
	plugins/APC/locale/zh_CN/LC_MESSAGES/APC.po
	plugins/Adsense/locale/Adsense.pot
	plugins/Adsense/locale/be-tarask/LC_MESSAGES/Adsense.po
	plugins/Adsense/locale/br/LC_MESSAGES/Adsense.po
	plugins/Adsense/locale/ca/LC_MESSAGES/Adsense.po
	plugins/Adsense/locale/de/LC_MESSAGES/Adsense.po
	plugins/Adsense/locale/es/LC_MESSAGES/Adsense.po
	plugins/Adsense/locale/eu/LC_MESSAGES/Adsense.po
	plugins/Adsense/locale/fr/LC_MESSAGES/Adsense.po
	plugins/Adsense/locale/gl/LC_MESSAGES/Adsense.po
	plugins/Adsense/locale/he/LC_MESSAGES/Adsense.po
	plugins/Adsense/locale/ia/LC_MESSAGES/Adsense.po
	plugins/Adsense/locale/it/LC_MESSAGES/Adsense.po
	plugins/Adsense/locale/ja/LC_MESSAGES/Adsense.po
	plugins/Adsense/locale/ka/LC_MESSAGES/Adsense.po
	plugins/Adsense/locale/lb/LC_MESSAGES/Adsense.po
	plugins/Adsense/locale/lt/LC_MESSAGES/Adsense.po
	plugins/Adsense/locale/mk/LC_MESSAGES/Adsense.po
	plugins/Adsense/locale/ms/LC_MESSAGES/Adsense.po
	plugins/Adsense/locale/nb/LC_MESSAGES/Adsense.po
	plugins/Adsense/locale/nl/LC_MESSAGES/Adsense.po
	plugins/Adsense/locale/pl/LC_MESSAGES/Adsense.po
	plugins/Adsense/locale/pt/LC_MESSAGES/Adsense.po
	plugins/Adsense/locale/pt_BR/LC_MESSAGES/Adsense.po
	plugins/Adsense/locale/ru/LC_MESSAGES/Adsense.po
	plugins/Adsense/locale/sv/LC_MESSAGES/Adsense.po
	plugins/Adsense/locale/tl/LC_MESSAGES/Adsense.po
	plugins/Adsense/locale/tr/LC_MESSAGES/Adsense.po
	plugins/Adsense/locale/uk/LC_MESSAGES/Adsense.po
	plugins/Adsense/locale/zh_CN/LC_MESSAGES/Adsense.po
	plugins/Aim/locale/Aim.pot
	plugins/Aim/locale/af/LC_MESSAGES/Aim.po
	plugins/Aim/locale/ca/LC_MESSAGES/Aim.po
	plugins/Aim/locale/de/LC_MESSAGES/Aim.po
	plugins/Aim/locale/es/LC_MESSAGES/Aim.po
	plugins/Aim/locale/eu/LC_MESSAGES/Aim.po
	plugins/Aim/locale/fi/LC_MESSAGES/Aim.po
	plugins/Aim/locale/fr/LC_MESSAGES/Aim.po
	plugins/Aim/locale/gl/LC_MESSAGES/Aim.po
	plugins/Aim/locale/ia/LC_MESSAGES/Aim.po
	plugins/Aim/locale/it/LC_MESSAGES/Aim.po
	plugins/Aim/locale/mk/LC_MESSAGES/Aim.po
	plugins/Aim/locale/ms/LC_MESSAGES/Aim.po
	plugins/Aim/locale/nl/LC_MESSAGES/Aim.po
	plugins/Aim/locale/pl/LC_MESSAGES/Aim.po
	plugins/Aim/locale/pt/LC_MESSAGES/Aim.po
	plugins/Aim/locale/sv/LC_MESSAGES/Aim.po
	plugins/Aim/locale/tl/LC_MESSAGES/Aim.po
	plugins/Aim/locale/uk/LC_MESSAGES/Aim.po
	plugins/Blog/locale/Blog.pot
	plugins/Blog/locale/ar/LC_MESSAGES/Blog.po
	plugins/Blog/locale/br/LC_MESSAGES/Blog.po
	plugins/Blog/locale/ca/LC_MESSAGES/Blog.po
	plugins/Blog/locale/de/LC_MESSAGES/Blog.po
	plugins/Blog/locale/es/LC_MESSAGES/Blog.po
	plugins/Blog/locale/eu/LC_MESSAGES/Blog.po
	plugins/Blog/locale/fr/LC_MESSAGES/Blog.po
	plugins/Blog/locale/gl/LC_MESSAGES/Blog.po
	plugins/Blog/locale/ia/LC_MESSAGES/Blog.po
	plugins/Blog/locale/it/LC_MESSAGES/Blog.po
	plugins/Blog/locale/lt/LC_MESSAGES/Blog.po
	plugins/Blog/locale/mk/LC_MESSAGES/Blog.po
	plugins/Blog/locale/nl/LC_MESSAGES/Blog.po
	plugins/Blog/locale/tl/LC_MESSAGES/Blog.po
	plugins/Blog/locale/tr/LC_MESSAGES/Blog.po
	plugins/Irc/locale/Irc.pot
	plugins/Irc/locale/ca/LC_MESSAGES/Irc.po
	plugins/Irc/locale/de/LC_MESSAGES/Irc.po
	plugins/Irc/locale/es/LC_MESSAGES/Irc.po
	plugins/Irc/locale/eu/LC_MESSAGES/Irc.po
	plugins/Irc/locale/fi/LC_MESSAGES/Irc.po
	plugins/Irc/locale/fr/LC_MESSAGES/Irc.po
	plugins/Irc/locale/gl/LC_MESSAGES/Irc.po
	plugins/Irc/locale/ia/LC_MESSAGES/Irc.po
	plugins/Irc/locale/it/LC_MESSAGES/Irc.po
	plugins/Irc/locale/ja/LC_MESSAGES/Irc.po
	plugins/Irc/locale/mk/LC_MESSAGES/Irc.po
	plugins/Irc/locale/nl/LC_MESSAGES/Irc.po
	plugins/Irc/locale/sv/LC_MESSAGES/Irc.po
	plugins/Irc/locale/tl/LC_MESSAGES/Irc.po
	plugins/Irc/locale/tr/LC_MESSAGES/Irc.po
	plugins/Irc/locale/uk/LC_MESSAGES/Irc.po
	plugins/Spotify/locale/Spotify.pot
	plugins/Spotify/locale/de/LC_MESSAGES/Spotify.po
	plugins/Spotify/locale/es/LC_MESSAGES/Spotify.po
	plugins/Spotify/locale/fr/LC_MESSAGES/Spotify.po
	plugins/Spotify/locale/gl/LC_MESSAGES/Spotify.po
	plugins/Spotify/locale/he/LC_MESSAGES/Spotify.po
	plugins/Spotify/locale/ia/LC_MESSAGES/Spotify.po
	plugins/Spotify/locale/mk/LC_MESSAGES/Spotify.po
	plugins/Spotify/locale/nl/LC_MESSAGES/Spotify.po
	plugins/Spotify/locale/sv/LC_MESSAGES/Spotify.po
	plugins/Spotify/locale/tl/LC_MESSAGES/Spotify.po
	plugins/TinyMCE/locale/TinyMCE.pot
	plugins/TinyMCE/locale/ca/LC_MESSAGES/TinyMCE.po
	plugins/TinyMCE/locale/de/LC_MESSAGES/TinyMCE.po
	plugins/TinyMCE/locale/eo/LC_MESSAGES/TinyMCE.po
	plugins/TinyMCE/locale/es/LC_MESSAGES/TinyMCE.po
	plugins/TinyMCE/locale/fr/LC_MESSAGES/TinyMCE.po
	plugins/TinyMCE/locale/gl/LC_MESSAGES/TinyMCE.po
	plugins/TinyMCE/locale/he/LC_MESSAGES/TinyMCE.po
	plugins/TinyMCE/locale/ia/LC_MESSAGES/TinyMCE.po
	plugins/TinyMCE/locale/id/LC_MESSAGES/TinyMCE.po
	plugins/TinyMCE/locale/ja/LC_MESSAGES/TinyMCE.po
	plugins/TinyMCE/locale/mk/LC_MESSAGES/TinyMCE.po
	plugins/TinyMCE/locale/ms/LC_MESSAGES/TinyMCE.po
	plugins/TinyMCE/locale/nb/LC_MESSAGES/TinyMCE.po
	plugins/TinyMCE/locale/nl/LC_MESSAGES/TinyMCE.po
	plugins/TinyMCE/locale/pt/LC_MESSAGES/TinyMCE.po
	plugins/TinyMCE/locale/pt_BR/LC_MESSAGES/TinyMCE.po
	plugins/TinyMCE/locale/ru/LC_MESSAGES/TinyMCE.po
	plugins/TinyMCE/locale/tl/LC_MESSAGES/TinyMCE.po
	plugins/TinyMCE/locale/uk/LC_MESSAGES/TinyMCE.po
	plugins/XCache/locale/XCache.pot
	plugins/XCache/locale/ast/LC_MESSAGES/XCache.po
	plugins/XCache/locale/br/LC_MESSAGES/XCache.po
	plugins/XCache/locale/de/LC_MESSAGES/XCache.po
	plugins/XCache/locale/es/LC_MESSAGES/XCache.po
	plugins/XCache/locale/eu/LC_MESSAGES/XCache.po
	plugins/XCache/locale/fi/LC_MESSAGES/XCache.po
	plugins/XCache/locale/fr/LC_MESSAGES/XCache.po
	plugins/XCache/locale/gl/LC_MESSAGES/XCache.po
	plugins/XCache/locale/he/LC_MESSAGES/XCache.po
	plugins/XCache/locale/ia/LC_MESSAGES/XCache.po
	plugins/XCache/locale/id/LC_MESSAGES/XCache.po
	plugins/XCache/locale/mk/LC_MESSAGES/XCache.po
	plugins/XCache/locale/ms/LC_MESSAGES/XCache.po
	plugins/XCache/locale/nb/LC_MESSAGES/XCache.po
	plugins/XCache/locale/nl/LC_MESSAGES/XCache.po
	plugins/XCache/locale/pl/LC_MESSAGES/XCache.po
	plugins/XCache/locale/pt/LC_MESSAGES/XCache.po
	plugins/XCache/locale/pt_BR/LC_MESSAGES/XCache.po
	plugins/XCache/locale/ru/LC_MESSAGES/XCache.po
	plugins/XCache/locale/tl/LC_MESSAGES/XCache.po
	plugins/XCache/locale/tr/LC_MESSAGES/XCache.po
	plugins/XCache/locale/uk/LC_MESSAGES/XCache.po
	plugins/YammerImport/locale/YammerImport.pot
	plugins/YammerImport/locale/br/LC_MESSAGES/YammerImport.po
	plugins/YammerImport/locale/de/LC_MESSAGES/YammerImport.po
	plugins/YammerImport/locale/es/LC_MESSAGES/YammerImport.po
	plugins/YammerImport/locale/eu/LC_MESSAGES/YammerImport.po
	plugins/YammerImport/locale/fr/LC_MESSAGES/YammerImport.po
	plugins/YammerImport/locale/gl/LC_MESSAGES/YammerImport.po
	plugins/YammerImport/locale/ia/LC_MESSAGES/YammerImport.po
	plugins/YammerImport/locale/mk/LC_MESSAGES/YammerImport.po
	plugins/YammerImport/locale/ms/LC_MESSAGES/YammerImport.po
	plugins/YammerImport/locale/nl/LC_MESSAGES/YammerImport.po
	plugins/YammerImport/locale/pl/LC_MESSAGES/YammerImport.po
	plugins/YammerImport/locale/ru/LC_MESSAGES/YammerImport.po
	plugins/YammerImport/locale/tl/LC_MESSAGES/YammerImport.po
	plugins/YammerImport/locale/tr/LC_MESSAGES/YammerImport.po
	plugins/YammerImport/locale/uk/LC_MESSAGES/YammerImport.po
2015-03-09 11:01:17 +01:00
digital dreamer
a452a3b1a0 Snapshot of the Transifex translation project - February 2015 2015-03-08 09:34:38 +01:00
Mikael Nordfeldth
8fac7a9f6c StatusNet class renamed GNUsocial
also added backward compatible StatusNet class for the two calls I know
third party plugins use, isHTTPS and getActivePlugins
2015-02-27 12:44:15 +01:00
Mikael Nordfeldth
2f86cd8602 utf8mb4 conversion on database with index adjusts 2015-02-12 18:18:55 +01:00
Mikael Nordfeldth
000b7675d8 Vimeo oEmbed thumbnail host added to whitelist 2015-02-02 11:14:13 +01:00
Mikael Nordfeldth
acd36698b4 A bunch of clientError that were called as serverError
Calling serverError with a clientError status code (4xx) means it will
automatically default to Internal Server Error (500) which is in the
server error status code range (5xx). That is undesirable.
2015-01-29 23:35:49 +01:00
Mikael Nordfeldth
470971cf47 File_thumbnail uses file_id as PRI 2015-01-25 13:13:01 +01:00
Mikael Nordfeldth
12058c30b4 Managed_DataObject->updateWithKeys throws its own exception 2015-01-25 12:54:08 +01:00
Mikael Nordfeldth
0e0783ee8c Regexp for Oembed domain matching 2015-01-25 11:18:57 +01:00
Mikael Nordfeldth
85e644d647 Remote thumbnail fetching from trusted sources
So far we only trust i.ytimg.com for YouTube thumbnails, but you can
configure the Oembed plugin in config.php by setting the plugin's class vars:

   addPlugin('Oembed', array('param'=>'value', ...));

Some might think this is a security risk or privacy invasive, but as the Oembed
script is already calling remote sites to get information _about_ linked media,
the way to stop it is to disable the Oembed plugin. However it is not certain
it has been migrated out into a plugin properly yet. But try it if you want to.
2015-01-25 02:34:40 +01:00
Mikael Nordfeldth
999175d741 File_oembed::byFile to avoid littering with getKV 2015-01-25 02:32:04 +01:00
Mikael Nordfeldth
f5efbd8037 twitPic no longer exists/is active 2015-01-17 12:07:57 +01:00