Commit Graph

5324 Commits

Author SHA1 Message Date
Mikael Nordfeldth
0deaf6c50c use common_purify to purify HTML, one function to rule them all 2015-02-18 00:14:28 +01:00
Mikael Nordfeldth
3dce6d9f6a Implement a common_purify for htmLawed and more
We're removing unicode formatting characters as well, such as RTL marks.
For more info on why we're because extra cautious (but may accept the
characters in later versions) you can read:
https://blog.malwarebytes.org/online-security/2014/01/the-rtlo-method/
2015-02-18 00:10:31 +01:00
Mikael Nordfeldth
7ba7f43199 Don't linkify bare domains by default
It's too farfetched to assume any text.com in a notice is an HTTP URL.
For example stuff like pasting from log entries, with domain.com:1234
where 1234 is a _PID_ or something, not a port number for http://...
2015-02-17 20:54:32 +01:00
Mikael Nordfeldth
c31c2d10b9 PHP>=5.4.0 lets us use Transliterator, tags now asciified!
For example: #REVOLUCIÓN becomes #revolucion instead of #revolución
2015-02-17 20:17:22 +01:00
Mikael Nordfeldth
6cdedf6049 Replace $this->user/auth_user with $this->scoped in lib/apiaction.php
We prefer handling a Profile class rather than the User class, as some
functions might be useful for remote users as well, which cannot be
handled via the User class.
2015-02-17 17:16:33 +01:00
Chimo
fb03fc073a ApiTimelineList: Fixes ServerErrorAction
"No matches for action 'ApiTimelineList' with arguments 'format=atom
id=1'"

for 'api/:user/lists/:id/statuses.:format' URLs
2015-02-15 16:00:23 -05:00
Mikael Nordfeldth
b6b9036821 StartSubMenu and EndSubMenu events 2015-02-14 17:32:35 +01:00
Mikael Nordfeldth
dc0b62f636 Merge commit 'refs/merge-requests/45' of https://gitorious.org/social/mainline into merge-requests/45 2015-02-14 16:45:04 +01:00
buttle
9a8ccbaef2 Call HomeStubNav instead of duplicating code
adminpanelnav.php adds a homeStub but does not use the code created for the job.
2015-02-13 16:38:22 +01:00
buttle
d0347bb98f Removing home stub if empty
Added an Event HomeStubNavItems
menu->subMenu() returns false if empty
2015-02-13 16:26:41 +01:00
Mikael Nordfeldth
b3e80f5c32 Updated README.md and framework.php 2015-02-13 12:09:12 +01:00
Mikael Nordfeldth
6620ad793a Deja vu of user->getProfile() from 4f9b70d 2015-02-13 11:55:37 +01:00
Mikael Nordfeldth
4f9b70d51f Profile expected in Notice::asActivity from UAS 2015-02-13 11:41:21 +01:00
Mikael Nordfeldth
a063bb43a8 EndSetApiUser will always contain a User 2015-02-13 01:19:59 +01:00
buttle
2a0a0287d4 Added EVENT to homestubnav
Changed menu->submenu(). if (! $menu->getItems()) then do nothing
2015-02-10 19:20:01 +01:00
Mikael Nordfeldth
c6b1b3e5e3 Merge commit 'refs/merge-requests/30' of https://gitorious.org/social/mainline into merge-requests/30 2015-02-08 23:19:53 +01:00
Mikael Nordfeldth
4c9a74cb12 ROLLBACK which may or may not be useful
There were problems with queries that were executed but didn't seem to
be committed. Trying to patch that up by calling a ROLLBACK on transactions
where the loading of the page isn't stopped after the BEGIN statement's
intended function fails (like with the rememberme cookie in this commit).
2015-02-08 11:09:19 +01:00
Mikael Nordfeldth
a89e91da79 By default, don't allow nick changes for profiles
This goes for both users and groups, since they share nickname namespace.

If you want to enable nickname changes, just add this to your config:

   $config['profile']['changenick'] = true;

This commit should cover all changes in our usual web forms as well as through
the API.
2015-02-04 21:25:14 +01:00
Mikael Nordfeldth
5155854339 HTMLOutputter input element can take arbitrary attributes now 2015-02-04 20:52:10 +01:00
Mikael Nordfeldth
f0a707cfc6 A single user instance also has the same URLs as multiuser instances 2015-02-04 16:47:43 +01:00
Mikael Nordfeldth
6a4cb43f67 showstream for singleuser instance too
singleuser instances shouldn't be too special and have too many
alternative methods of doing stuff.
2015-02-03 22:33:01 +01:00
Mikael Nordfeldth
660e8c6efc Fave::addNew now calls Notice::saveActivity
as a bonus we've fixed several FIXME issues for favorite email notification
and updated parts of the codebase for these activities to a more modern style.
2015-02-03 16:34:11 +01:00
Mikael Nordfeldth
e41d324a53 NoticeStream already handles "getNotices" 2015-02-03 12:12:11 +01:00
Mikael Nordfeldth
40416c2c69 Don't email users who are sandboxed
If sandboxed or silenced, don't email the user any notifications.
2015-02-03 11:41:20 +01:00
Mikael Nordfeldth
fdae6f0fb3 neo-gnu is now default-theme. perty. 2015-02-02 18:22:59 +01:00
Mikael Nordfeldth
f05f701764 HTML5 placeholder for notice input form. 2015-02-01 21:35:25 +01:00
Mikael Nordfeldth
c7dd595984 Run onEndSetApiUser also when already logged in! 2015-01-31 16:02:01 +01:00
Mikael Nordfeldth
4c14794cae ApiTimelineNetworkPublicAction available now
Feeds added in NetworkpublicAction too.
2015-01-29 23:01:53 +01:00
Mikael Nordfeldth
dfdfe4143a Set siteprofile default values for config public/localonly 2015-01-29 20:49:19 +01:00
Mikael Nordfeldth
4daa2e4644 Use 'StartpageAction' to determine what to show on / 2015-01-29 20:48:49 +01:00
Mikael Nordfeldth
a5d27d9ce7 /main/all will give a network-wide public stream
Qvitter had implemented this as a "PublicAndExternal" stream, but
I figured we might as well put it into the GNU social core.
2015-01-28 20:25:39 +01:00
Mikael Nordfeldth
eaaef2aec9 'zone' is a valid top domain
We should get another form of URL identifier for interpreting links on notices...
It was hard editing this line in vim even, because of wide, multibyte characters...
2015-01-27 15:07:00 +01:00
Mikael Nordfeldth
cc996f58db Test in Ostatus_profile if avatar is an image before writing to filesystem
This clears one FIXME...

We also fix HTTPClient::quickGet() (and a related call in OStatus testfeed.php).
2015-01-27 14:00:39 +01:00
Mikael Nordfeldth
bcb6dadc9f Corrected message in NoSuchGroupException 2015-01-27 13:37:35 +01:00
Mikael Nordfeldth
d140e135c0 Default textlimit for notices is now 1000 chars 2015-01-26 23:32:08 +01:00
Mikael Nordfeldth
67d09532dd Improved animated image thumbnail freedom of choice
Default is now to take still thumbnails of animated GIFs and then
show them as originals in an AttachmentListItem. The still frames
are mostly used with front-ends like qvitter.
2015-01-26 16:33:39 +01:00
Mikael Nordfeldth
97812549b9 Unnecessarily spammy logs for getThumbnail()
When trying to create thumbnails for remote media that don't have the
filename field set, we got a lot of output in the debug log.
2015-01-26 01:16:28 +01:00
Mikael Nordfeldth
a8e613e508 Animated GIF restructuring, ImageMagick only used for resizing animated sequences. 2015-01-25 23:00:00 +01:00
Mikael Nordfeldth
2a7d45c986 No need for ImageMagick to detected animated GIF 2015-01-25 22:45:25 +01:00
Mikael Nordfeldth
4dd6d7869e Maybe we can detect animated files in core 2015-01-25 22:11:46 +01:00
Mikael Nordfeldth
2b62077fc1 1.1.3-beta2 2015-01-25 02:43:29 +01:00
Mikael Nordfeldth
a9135080c3 barename wasn't used, let's rename it filename and use it 2015-01-25 02:27:02 +01:00
Mikael Nordfeldth
2dd1f3fe67 Default value for max thumbnail size increased
Because people have high resolution screens nowadays ;)
2015-01-23 15:04:54 +01:00
Mikael Nordfeldth
015e95829b MediaFile->getFile() instead of accessing fileRecord 2015-01-23 14:46:47 +01:00
Mikael Nordfeldth
9f87359d04 Non-ajax file submissions should throw NoUploadedMediaException 2015-01-22 12:38:57 +01:00
Mikael Nordfeldth
964d13792b ssl_verify_host option in config (default is true) 2015-01-22 12:21:57 +01:00
Mikael Nordfeldth
5c7ad2e031 Added a quickGet in HTTPClient 2015-01-22 12:16:01 +01:00
Mikael Nordfeldth
fac9f4e545 Merge branch 'nightly' of gitorious.org:social/mainline into nightly 2015-01-21 23:45:49 +01:00
Mikael Nordfeldth
9c5aa67a63 Enable AntiBrute by default. 2015-01-21 23:43:04 +01:00
Mikael Nordfeldth
8d7230a2b9 EndCheckPassword should run after Start even if pre-exited
StartCheckPassword can exit beforehand either with success or failure,
and we want EndCheckPassword to check for stuff like failed login attempts.
2015-01-21 22:31:05 +01:00