Commit Graph

2277 Commits

Author SHA1 Message Date
Mikael Nordfeldth
8356c2495c Use mb_* and strict === comparison 2016-02-26 13:52:25 +01:00
mmn
722ff4d9c0 Merge branch 'foolproof_file_redirection_branch' into 'nightly'
Foolproof file redirection

This solves an issue when our internal /attachment/{file_id} links are shortened with an remote shorteners (which caused the /attachment/{file_id} links to be saved to the File table and a thumbnail of a thumbnail being generated)

See merge request !98
2016-02-26 12:49:10 +00:00
mmn
fae9e27365 Merge branch 'group-autocomplete' into 'nightly'
Fix !group autocomplete

"Call to undefined method User_group::getFullname"

See merge request !108
2016-02-26 12:30:19 +00:00
Mikael Nordfeldth
c58228195b Make sure the saved Notice has an ID 2016-02-26 01:11:20 +01:00
Mikael Nordfeldth
519e3308ab Use mb_strlen to see if something is an empty string 2016-02-26 01:04:59 +01:00
Mikael Nordfeldth
aeb2e282db Commented on the mime extension matching regexp 2016-02-25 22:32:54 +01:00
Mikael Nordfeldth
bac37d1714 syntax error 2016-02-25 22:17:44 +01:00
Mikael Nordfeldth
e6e1705852 Make uploads work properly if we accept _all_ attachment types
Also introduced $config['attachments']['extblacklist'] that can disable
certain file extensions (or rewrite them, for example php => phps)
2016-02-25 22:15:54 +01:00
Mikael Nordfeldth
e69f878241 Notice getRendered() can now be called on uninserted notices 2016-02-25 15:48:37 +01:00
Mikael Nordfeldth
e3e3a91734 Correct comment on Notice->conversation in table schema 2016-02-24 19:34:44 +01:00
Chimo
54da2526ed Fix !group autocomplete
"Call to undefined method User_group::getFullname"
2016-02-24 13:00:15 -05:00
Mikael Nordfeldth
731fd01139 Allow easy fetching of rel="me" values 2016-02-24 16:42:54 +01:00
Mikael Nordfeldth
3ef573f67c Default to profile size in Avatar::defaultAvatar 2016-02-24 16:42:35 +01:00
Mikael Nordfeldth
d672547112 getAliases should be only a list (numeric array) 2016-02-23 14:33:09 +01:00
Mikael Nordfeldth
b59dacb806 getAliases for Profile and Notice
Also move fancyurlfix into site-wide $config['fix']['fancyurls']

TODO: getByUri should make use of this directly I guess?
2016-02-23 14:00:59 +01:00
Mikael Nordfeldth
d16a883e17 Allow lookup of User->getByUri (throws NoResultException) 2016-02-21 18:47:47 +01:00
hannes
501d081d3b getKV doesn't throw exception 2016-02-16 19:16:05 +00:00
Mikael Nordfeldth
83f679fb57 Profile->isPrivileged() to check if users have more rights than to post etc. 2016-02-12 14:47:49 +01:00
Mikael Nordfeldth
e5ad98e601 Silence action can only be used on non-priviliged users 2016-02-12 14:22:25 +01:00
Mikael Nordfeldth
5dce08d068 Add Profile::ensureCurrent() to verify we _certainly_ got a Profile. 2016-02-12 13:52:48 +01:00
Mikael Nordfeldth
733debd9b3 Use thumbnail upscaling config value 2016-02-10 04:40:54 +01:00
Mikael Nordfeldth
dd229e855a Allow finding the "original remote thumbnail"
This will probably cause older oEmbed images not to show, since they
probably were updated to use empty url entries because they were thought
of as local ones. During a migration period maybe you want to change
the default value of notNullUrl to 'false' in File_thumbnail::byFile(...)
2016-02-10 04:37:43 +01:00
Mikael Nordfeldth
893d888152 Add urlhash field to File_thumbnail for indexing 2016-02-10 04:15:41 +01:00
Mikael Nordfeldth
49b7648fea Managed_DataObject gets onInsert and onUpdate 2016-02-10 03:37:27 +01:00
Mikael Nordfeldth
ec257d940a Either use or don't use HTTPS
The risk of injection attacks using HTTP is too great to allow a
site that allows both HTTP and HTTPS...
2016-02-10 00:57:39 +01:00
Mikael Nordfeldth
3dea259f52 Return intval from getID() 2016-02-08 12:21:46 +01:00
Mikael Nordfeldth
e903bd0bc3 Hacky support for geo URI detection
Won't work with common_purify yet because there is no geo uri scheme for it
2016-02-03 14:19:08 +01:00
Mikael Nordfeldth
6a4aa34b0c Don't process further in redirection if HEAD gives 400 Bad request 2016-02-03 00:34:49 +01:00
Mikael Nordfeldth
40cffb9463 File::isProtected is static 2016-02-03 00:22:18 +01:00
Mikael Nordfeldth
c6ae883ad2 Don't trust local HTML either
If we reallyreally want to include <img> or <script> or whatever then we
have to do that after Notice::saveActivity sets ->rendered.
2016-01-30 00:00:37 +01:00
hannes
f708a5b016 Never save our /attachment/{file_id} links as links in the file table, return the old file 2016-01-29 00:36:30 +00:00
hannes
efd2326a29 the last url in the redirection chain can actually also be a redirection (e.g. if it's one of our /attachment/{file_id} links) 2016-01-29 00:34:32 +00:00
Mikael Nordfeldth
efe23ed404 updateWithKeys now understands multi-column keys
and automatically identifies _which_ columns are the right ones,
so for example 'uri' primary keys don't need to be explicitly set
2016-01-28 16:42:59 +01:00
hannes
a888294135 add our own protected urls 2016-01-25 19:00:46 +00:00
hannes
ca0c792ed3 File and File_redirection records are saved in File_redirection::where() now 2016-01-25 19:00:05 +00:00
hannes
48e1a2431b save File and File_redirection records in File_redirection::where(), because then we will have to run where() over and over again 2016-01-25 18:55:48 +00:00
Mikael Nordfeldth
a9d18a077e Harmonize, clarify, categorize URL schemes
Regular expression + avoid-redirection list now match each other.
2016-01-24 12:47:31 +01:00
Mikael Nordfeldth
1cec627d72 Allow bitcoin scheme to URLs 2016-01-24 12:44:28 +01:00
Mikael Nordfeldth
f74d2d555c Working on some RSVP code stuff 2016-01-21 02:10:34 +01:00
Mikael Nordfeldth
5999171c11 Throw NoObjectTypeException on Notice->getObjectType if no string 2016-01-20 21:37:14 +01:00
Mikael Nordfeldth
7715ea993b getVerb function in Notice class 2016-01-18 22:02:05 +01:00
Mikael Nordfeldth
6c46a93a81 Minor improvements on Notice::saveActivity 2016-01-18 19:29:45 +01:00
Mikael Nordfeldth
11b925c4ca Use a function to getCreated() 2016-01-18 17:03:37 +01:00
Mikael Nordfeldth
deda83fdef Distinguish notice saving errors from others for Salmon 2016-01-16 22:39:04 +01:00
Mikael Nordfeldth
a85a08ff35 Add a check in Notice->asActivityObject that we're actually returning such a thing! 2016-01-16 21:13:26 +01:00
Mikael Nordfeldth
fdfa71a033 Extremely verbose debugging is annoying 2016-01-16 18:04:04 +01:00
Mikael Nordfeldth
1f76c1e4a9 Initial user doesn't need as strict checking on email 2016-01-16 17:23:50 +01:00
Mikael Nordfeldth
0caf0612d0 Make Twitter Media upload API v1.1 reach us
Now we just have to accept the 'media' or 'media_data' (base64 encoded)
POST arguments instead of $_FILES uploads.
2016-01-14 18:29:21 +01:00
Mikael Nordfeldth
45dd343126 Eventify Notice getAsTimestamp (for Deleted_notice) 2016-01-13 21:01:47 +01:00
Mikael Nordfeldth
961725205d Try if Profile is a Person (in effect ActivityObject::PERSON) 2016-01-13 18:34:48 +01:00