Commit Graph

2290 Commits

Author SHA1 Message Date
Mikael Nordfeldth
9534969c05 Don't set is_local=LOCAL_NONPUBLIC on sandboxed user notices
Let's decide whether they are nonpublic by testing them when the notice
is shown instead.
2016-03-02 12:26:23 +01:00
Mikael Nordfeldth
79d68a52d0 No 'acct:' in FancyName please. 2016-03-02 10:49:33 +01:00
Mikael Nordfeldth
7ec69e4215 User->hasBlocked typing 2016-03-02 00:04:31 +01:00
Mikael Nordfeldth
99fbb181c1 Translation changes, use FancyName in email subject 2016-03-01 23:53:36 +01:00
Mikael Nordfeldth
4abb3f19bf Make Profile->getFancyUrl() somewhat better on fallback
It tries to get a referential identifier apart from the fullname trying
with acct: URI, profile URL and lastly URI.
2016-03-01 23:48:32 +01:00
Mikael Nordfeldth
ddd60e7142 Make Profile->getFancyName() return including the acct URI 2016-03-01 23:37:38 +01:00
Mikael Nordfeldth
47f408ca7c Strict typing for mail_notify_attn 2016-03-01 23:37:11 +01:00
Mikael Nordfeldth
e41809af89 Nothing interesting was made in this commit. 2016-03-01 16:30:00 +01:00
Mikael Nordfeldth
a112e7f9a4 Use another method of detecting unspecified defaultImage size 2016-03-01 15:00:52 +01:00
Mikael Nordfeldth
63c087a255 Consistent behaviour for ScopingNoticeStream $scoped
We don't guess the current profile anymore if the value of the profile === -1

Also sets $this->scoped for all ScopingNoticeStream inheritors, which just
like in an Action can be null if we're not scoped in any way (logged in).
2016-03-01 14:51:47 +01:00
Mikael Nordfeldth
52a3764ae4 Resolve relative URLs (assuming URI.Base==notice URL)
The real way to do this would be to get the xml:base property from
the Atom feed but it's probably not there in any posts we see today.
2016-02-26 14:46:26 +01:00
Mikael Nordfeldth
1e6520fddd Woops, forgot to skip the / in path 2016-02-26 14:13:46 +01:00
Mikael Nordfeldth
6a4470912f Fiddling with merge request #98 to use internal routing functions 2016-02-26 14:10:32 +01:00
Mikael Nordfeldth
8356c2495c Use mb_* and strict === comparison 2016-02-26 13:52:25 +01:00
mmn
722ff4d9c0 Merge branch 'foolproof_file_redirection_branch' into 'nightly'
Foolproof file redirection

This solves an issue when our internal /attachment/{file_id} links are shortened with an remote shorteners (which caused the /attachment/{file_id} links to be saved to the File table and a thumbnail of a thumbnail being generated)

See merge request !98
2016-02-26 12:49:10 +00:00
mmn
fae9e27365 Merge branch 'group-autocomplete' into 'nightly'
Fix !group autocomplete

"Call to undefined method User_group::getFullname"

See merge request !108
2016-02-26 12:30:19 +00:00
Mikael Nordfeldth
c58228195b Make sure the saved Notice has an ID 2016-02-26 01:11:20 +01:00
Mikael Nordfeldth
519e3308ab Use mb_strlen to see if something is an empty string 2016-02-26 01:04:59 +01:00
Mikael Nordfeldth
aeb2e282db Commented on the mime extension matching regexp 2016-02-25 22:32:54 +01:00
Mikael Nordfeldth
bac37d1714 syntax error 2016-02-25 22:17:44 +01:00
Mikael Nordfeldth
e6e1705852 Make uploads work properly if we accept _all_ attachment types
Also introduced $config['attachments']['extblacklist'] that can disable
certain file extensions (or rewrite them, for example php => phps)
2016-02-25 22:15:54 +01:00
Mikael Nordfeldth
e69f878241 Notice getRendered() can now be called on uninserted notices 2016-02-25 15:48:37 +01:00
Mikael Nordfeldth
e3e3a91734 Correct comment on Notice->conversation in table schema 2016-02-24 19:34:44 +01:00
Chimo
54da2526ed Fix !group autocomplete
"Call to undefined method User_group::getFullname"
2016-02-24 13:00:15 -05:00
Mikael Nordfeldth
731fd01139 Allow easy fetching of rel="me" values 2016-02-24 16:42:54 +01:00
Mikael Nordfeldth
3ef573f67c Default to profile size in Avatar::defaultAvatar 2016-02-24 16:42:35 +01:00
Mikael Nordfeldth
d672547112 getAliases should be only a list (numeric array) 2016-02-23 14:33:09 +01:00
Mikael Nordfeldth
b59dacb806 getAliases for Profile and Notice
Also move fancyurlfix into site-wide $config['fix']['fancyurls']

TODO: getByUri should make use of this directly I guess?
2016-02-23 14:00:59 +01:00
Mikael Nordfeldth
d16a883e17 Allow lookup of User->getByUri (throws NoResultException) 2016-02-21 18:47:47 +01:00
hannes
501d081d3b getKV doesn't throw exception 2016-02-16 19:16:05 +00:00
Mikael Nordfeldth
83f679fb57 Profile->isPrivileged() to check if users have more rights than to post etc. 2016-02-12 14:47:49 +01:00
Mikael Nordfeldth
e5ad98e601 Silence action can only be used on non-priviliged users 2016-02-12 14:22:25 +01:00
Mikael Nordfeldth
5dce08d068 Add Profile::ensureCurrent() to verify we _certainly_ got a Profile. 2016-02-12 13:52:48 +01:00
Mikael Nordfeldth
733debd9b3 Use thumbnail upscaling config value 2016-02-10 04:40:54 +01:00
Mikael Nordfeldth
dd229e855a Allow finding the "original remote thumbnail"
This will probably cause older oEmbed images not to show, since they
probably were updated to use empty url entries because they were thought
of as local ones. During a migration period maybe you want to change
the default value of notNullUrl to 'false' in File_thumbnail::byFile(...)
2016-02-10 04:37:43 +01:00
Mikael Nordfeldth
893d888152 Add urlhash field to File_thumbnail for indexing 2016-02-10 04:15:41 +01:00
Mikael Nordfeldth
49b7648fea Managed_DataObject gets onInsert and onUpdate 2016-02-10 03:37:27 +01:00
Mikael Nordfeldth
ec257d940a Either use or don't use HTTPS
The risk of injection attacks using HTTP is too great to allow a
site that allows both HTTP and HTTPS...
2016-02-10 00:57:39 +01:00
Mikael Nordfeldth
3dea259f52 Return intval from getID() 2016-02-08 12:21:46 +01:00
Mikael Nordfeldth
e903bd0bc3 Hacky support for geo URI detection
Won't work with common_purify yet because there is no geo uri scheme for it
2016-02-03 14:19:08 +01:00
Mikael Nordfeldth
6a4aa34b0c Don't process further in redirection if HEAD gives 400 Bad request 2016-02-03 00:34:49 +01:00
Mikael Nordfeldth
40cffb9463 File::isProtected is static 2016-02-03 00:22:18 +01:00
Mikael Nordfeldth
c6ae883ad2 Don't trust local HTML either
If we reallyreally want to include <img> or <script> or whatever then we
have to do that after Notice::saveActivity sets ->rendered.
2016-01-30 00:00:37 +01:00
hannes
f708a5b016 Never save our /attachment/{file_id} links as links in the file table, return the old file 2016-01-29 00:36:30 +00:00
hannes
efd2326a29 the last url in the redirection chain can actually also be a redirection (e.g. if it's one of our /attachment/{file_id} links) 2016-01-29 00:34:32 +00:00
Mikael Nordfeldth
efe23ed404 updateWithKeys now understands multi-column keys
and automatically identifies _which_ columns are the right ones,
so for example 'uri' primary keys don't need to be explicitly set
2016-01-28 16:42:59 +01:00
hannes
a888294135 add our own protected urls 2016-01-25 19:00:46 +00:00
hannes
ca0c792ed3 File and File_redirection records are saved in File_redirection::where() now 2016-01-25 19:00:05 +00:00
hannes
48e1a2431b save File and File_redirection records in File_redirection::where(), because then we will have to run where() over and over again 2016-01-25 18:55:48 +00:00
Mikael Nordfeldth
a9d18a077e Harmonize, clarify, categorize URL schemes
Regular expression + avoid-redirection list now match each other.
2016-01-24 12:47:31 +01:00