Commit Graph

3646 Commits

Author SHA1 Message Date
Evan Prodromou
c8dab140f4 add a hack to show ads on single-notice pages 2010-10-29 11:13:33 -04:00
Brion Vibber
fb0c3f4f99 Kill a ping queue item if we get an error on loading up the notice's poster's profile, rather than letting the item be retried over and over as if it were a transitory error.
This shouldn't generally happen as it's an indicator of database inconsistency, but it's a condition we know happens.
2010-10-28 12:58:30 -07:00
Craig Andrews
22a0cf6251 Set cookies with "secure" flag on SSL sites. Improves security. 2010-10-26 17:55:09 -04:00
Zach Copley
78396db28a Forgot to add the OAuth verifier pin page to sensitive array 2010-10-25 12:36:03 -07:00
Zach Copley
0dcc3f8d71 We don't need to have editapplication (only showapplication) in the
sensitive array because it doesn't expose the consumer keypair
2010-10-25 12:10:52 -07:00
Zach Copley
3954ab39ae Add OAuth token exchange endpoint to 'sensitive' array; i.e.: use SSL if
available
2010-10-25 11:52:17 -07:00
Evan Prodromou
59a7d78acb Atom Service Document 2010-10-24 23:43:26 -04:00
Evan Prodromou
43a67b150a show a single notice in atom entry format 2010-10-24 15:58:53 -04:00
Evan Prodromou
69a1ecec9b check for a post 2010-10-24 15:04:12 -04:00
Brion Vibber
eb30c6651a Additional fixes found while looking at ticket #2532: when given a screen name as API parameter for a profile, do the nickname lookup on local users only. The profile table can't guarantee unique lookups, so using names isn't currently safe there. This won't affect anything using local nicknames correctly, and may avoid some weird bugs if there were conflicts between local and remote nicknames. 2010-10-22 13:53:10 -07:00
Brion Vibber
2d124e4aab Fix for ticket #2532: fixed API block create/destroy when specifying the target user/profile as a separate query parameter, such as api/blocks/create.xml?param=xxx
The router settings weren't quite right so we ended up with bogus regex values passed in as the 'id' parameter, which broke the regular fallback ordering of parameter checks.
2010-10-22 13:51:28 -07:00
Zach Copley
3969870cf3 Normalize HTML body ids to lowercase when the user is logged out as well. 2010-10-22 18:32:08 +00:00
Brion Vibber
d6f4588b9e Workaround for http_build_query() oddities in low-level router parent code when PHP config is set with non-default separator. 2010-10-21 19:10:43 -07:00
Zach Copley
0b134d3e69 Re-camelcase ApiOauthAuthorizeAction so it will be accessible when
a site is in pivate mode
2010-10-21 18:15:11 -07:00
Zach Copley
fb86e7c285 Normalize all action HTML body ids to lowercase 2010-10-21 13:03:56 -07:00
Zach Copley
648f79be10 Change OAuth authorization page's action name to be inline with
other web page action names so the body id outputs correctly. Fix
some other bugs.
2010-10-21 13:00:59 -07:00
Zach Copley
500157998a Merge branch '0.9.x' of git@gitorious.org:statusnet/mainline into 0.9.x 2010-10-21 01:18:53 +00:00
Zach Copley
f283a283b7 Fix syntax error 2010-10-21 01:17:59 +00:00
Siebrand Mazeland
fb12094f61 i18n/L10n updates, translator docs updated, superfluous whitespace removed. 2010-10-21 03:10:46 +02:00
Zach Copley
bfdb8385ec Merge branch '0.9.x' of gitorious.org:statusnet/mainline into 0.9.x
Conflicts:
	actions/apioauthauthorize.php
	lib/apioauthstore.php
2010-10-20 17:28:28 -07:00
Zach Copley
e56385a7bb Use a new table (oauth_token_association) to associate authorized
request tokins with OAuth client applications and profiles.
2010-10-20 17:21:04 -07:00
Siebrand Mazeland
28ec9d6463 * translator documentation added.
* moved some translator comments that were not directly above the line with the message to the correct location.
* i18n for UI text.
* superfluous whitespace removed.
2010-10-21 01:12:56 +02:00
Brion Vibber
8004e2809d Fix for ticket #2845: singleuser nickname configuration was being overridden by site owner in router setup.
I've consolidated the checks for which user to use for single-user mode into User::singleUser(), which now uses the configured nickname by preference, falling back to the site owner if it's unset.
This is now called consistently from the places that needed to use the primary user's nickname in routing setup.

Setting $config['singleuser']['nickname'] should now work again as expected.
2010-10-20 14:34:25 -07:00
Siebrand Mazeland
e980da3d20 Add FIXME 2010-10-20 20:01:12 +02:00
Siebrand Mazeland
dc62cf1c0b * i18n/L10n fixes.
* translator documentation updated/added.
* superfluous whitespace removed.
2010-10-20 19:34:27 +02:00
Siebrand Mazeland
17f5cc4f29 Merge branch '0.9.x' of git://gitorious.org/statusnet/mainline into 0.9.x 2010-10-20 18:26:51 +02:00
Siebrand Mazeland
1459110124 Fix nasty bug in parameter for e-mail notification for favourite. 2010-10-20 11:16:21 +02:00
Zach Copley
5ca29ab0de Merge branch 'anon-consumer' into 0.9.x 2010-10-19 21:01:53 -07:00
Zach Copley
e8b6d7c946 Add support for an anonymous OAuth consumer. Note: this requires a
small DB tweak.  Oauth_application_user needs to have the primary
compound key: (profile_id, application_id, token).

http://status.net/open-source/issues/2761

This should also make it possible to have multiple access tokens
per application.

http://status.net/open-source/issues/2788
2010-10-19 20:54:53 -07:00
Siebrand Mazeland
25b9552ec3 More complete sentence and translator documentation added. 2010-10-20 00:53:42 +02:00
Siebrand Mazeland
4b4894b121 Many i18n/L10n updates and lots of descriptions for translators added. 2010-10-20 00:35:39 +02:00
Zach Copley
5ac694c74f Merge branch '0.9.x' of gitorious.org:statusnet/mainline into 0.9.x 2010-10-19 12:08:48 -07:00
Zach Copley
5866493cae OAuth - better log messages 2010-10-19 12:07:59 -07:00
Brion Vibber
e8da3618c2 Bump version/string: 0.9.6 "Man on the Moon" 2010-10-18 14:49:02 -07:00
Brion Vibber
edf8990aa9 fix notice on non-https views 2010-10-18 11:12:26 -07:00
Evan Prodromou
47ac8458ca default for nofollow external is sometimes 2010-10-18 11:41:18 -04:00
Evan Prodromou
7c05b0dafc options to nofollow external links in notices 2010-10-18 11:29:52 -04:00
Brion Vibber
a2090ecc97 Merge branch '2828' into 0.9.x 2010-10-14 16:52:01 -07:00
Brion Vibber
3f74f44603 Fix for ticket #2828: apostrophe in site name set in installer created a broken config.php.
Now running values through var_export() before putting them into the config.php, ensuring strings will be properly quoted.
2010-10-14 16:25:43 -07:00
Evan Prodromou
1a4dc03bfe document and default for site|ssllogo 2010-10-14 14:56:38 -04:00
Evan Prodromou
8f3b18f27f fix copy-and-paste error in javascript url creation 2010-10-14 14:53:20 -04:00
Evan Prodromou
72454db118 make the logo be compatible with HTTPS pages, if possible 2010-10-14 14:22:49 -04:00
Evan Prodromou
b31c49c5d4 Make HTTPS urls in File::url() if necessary 2010-10-14 14:22:17 -04:00
Evan Prodromou
97a7fb246c correctly use sslserver if it is set 2010-10-14 01:35:11 -04:00
Evan Prodromou
7436e5d13e use HTTPS for scripts and stylesheets if the current page is HTTPS 2010-10-14 01:09:02 -04:00
Evan Prodromou
ac63f8baae show HTTPS urls for JavaScript if HTTPS used for page 2010-10-14 01:00:13 -04:00
Evan Prodromou
74c5aa8f9a consolidate some theme path code between ssl and non-ssl 2010-10-14 00:59:53 -04:00
Evan Prodromou
ca0323d01b use HTTPS for favicon.ico if page is HTTPS 2010-10-14 00:50:26 -04:00
Evan Prodromou
d91f894ccb try to show HTTPS-encrypted theme files for HTTPS-encrypted pages 2010-10-14 00:46:32 -04:00
Evan Prodromou
40c64388e6 try and show an SSL image for the creative commons image 2010-10-14 00:31:13 -04:00
Evan Prodromou
cef10c7167 add static method StatusNet::isHTTPS() 2010-10-14 00:16:23 -04:00
Evan Prodromou
ddb60a8191 Merge remote branch 'gitorious/0.9.x' into 0.9.x 2010-10-13 15:18:32 -04:00
Brion Vibber
bca215563f Clean up remote avatar temporary files if we fail before saving them into avatars directory (OMB core, OStatus, WikiHowProfile, YammerImport) 2010-10-13 11:10:04 -07:00
Zach Copley
04f3f57e2e Merge branch 'oauth-1.0a' into 0.9.x 2010-10-12 17:52:04 -07:00
Zach Copley
5270e93131 Spelling - OAuth not Oath 2010-10-12 16:20:09 -07:00
Brion Vibber
f4f16af8ac Add a basic group deletion for moderator users. 2010-10-12 15:49:20 -07:00
Brion Vibber
9d9e80ea21 Followup to IIS installer tweaks in [9bb48c36]:
* skip 0-byte config files when initializing, go ahead and redirect to installer if no non-0-byte files
* tweak warning on installer.php to let you know if you have a 0-byte config.php that's not writable, as opposed to generally already having a config.php with data in it
2010-10-12 13:00:03 -07:00
Evan Prodromou
f11c1c77ca Merge remote branch 'gitorious/0.9.x' into 0.9.x 2010-10-12 11:16:14 -04:00
Zach Copley
459727bd61 Update ApiOauthAccessTokenAction to OAuth 1.0a 2010-10-07 18:32:27 -07:00
Brion Vibber
5e0f3e7bd4 Workaround for regression in input validation due to more PCRE oddities. Recommend redoing common_validate_utf8() using something more reliable, perhaps. :P 2010-10-07 12:32:10 -07:00
Zach Copley
8658e4f8c4 Use 7 digits for oob OAuth pin instead of 6 2010-10-07 11:01:17 -07:00
Evan Prodromou
fa45805d6d Events for showing the notice form 2010-10-07 10:22:57 -04:00
Zach Copley
69e621a3e8 - Update ApiOauthAuthorizeAction to 1.0a
- Fix enumerable bugs
- New page for displaying 1.0a verifier (still needs work)
2010-10-06 19:20:47 -07:00
Zach Copley
f71912440a - New base InfoAction for dialog box like msgs
- Fix titles on error pages
2010-10-06 19:06:57 -07:00
Zach Copley
f97b863fd7 Update ApiOauthRequestTokenAction to support OAuth 1.0a 2010-10-06 13:40:03 -07:00
Zach Copley
f4f56eea3a Override new_request_token() to store OAuth 1.0a verified callback URL 2010-10-06 13:40:03 -07:00
Zach Copley
63663dbd0e Stab that 'p' parameter! 2010-10-06 13:40:02 -07:00
Zach Copley
4247be5116 Add plain text error format to clientError() 2010-10-06 13:40:01 -07:00
Zach Copley
83566f014c Fix bad reference 2010-10-06 13:40:01 -07:00
Zach Copley
06d918d575 Strip out the special 'p' paramter added by index.php from
$_SERVER['QUERY_STRING'] before doing OAuth requests. Required by the
latest version of the OAuth lib.
2010-10-06 13:39:58 -07:00
Brion Vibber
ebfa8bce27 Basic validation of UTF-8 input via GET/POST vars: invalid UTF-8 sequences will cause the string to drop. Not necessarily super-thorough; should be improved in future to drop individual bad sequences, do normalization of combining forms, etc. General input validation (for ints, types of strings, etc) still would be good to have! 2010-10-06 13:00:30 -07:00
Brion Vibber
d946c82740 Urgh... fix for fix for horrific $ escaping problems (some awful mix of single and double-quoted strings in the terror that is mail.php) 2010-10-04 15:29:30 -07:00
Brion Vibber
d6b3d7fb1a Fix unescaped dollar signs in double-quoted strings due to localization updates (%1$s etc) 2010-10-04 14:24:04 -07:00
Brion Vibber
ad7623a87f Add a $config['plugins']['locale_path'] which can be set to override the individual plugins' locale subdirectories.
This will apply to *ALL* plugins in *ALL* languages, so should probably only be used when doing site customization...

You'd probably do:

  $config['site']['locale_path'] = '/srv/awesome/data/locale';
  $config['plugins']['locale_path'] = '/srv/awesome/data/locale';

with a structure like:
srv/
  awesome/
    data/
      locale/
        en/
          LC_MESSAGES/
            statusnet.po
            OpenID.po
            AnonymousFave.po

etc, all alongside each other. You could separate plugins from the core if you like.

Where locale files have not already been generated, you can build one for a plugin like so:

  php scripts/update_po_templates.php --plugin=MyPlugin

and pull out the template file:

  plugins/MyPlugin/locale/MyPlugin.pot

Edit that (make sure you at least set the CHARSET, probably to UTF-8) and save your customized .po
files into the structure as above, and use msgfmt to generate .mo files for final output.
2010-09-30 19:23:42 -07:00
Brion Vibber
6e58a926e3 ForceGroup plugin: optionally force new users to join a particular group or set of groups on registration; and/or to force posts by members of particular groups to be posted into those groups even if not explicitly mentioned. The posting feature requires a couple quick hook additions in core. 2010-09-30 18:05:44 -07:00
Zach Copley
8a28d9cc4d Merge branch 'anon-fave-plugin' 2010-09-30 13:57:39 -07:00
Brion Vibber
20f2167425 Merge branch 'master' of gitorious.org:statusnet/mainline into feedfix 2010-09-30 11:31:29 -07:00
Brion Vibber
1acc7d66c6 Always specify UTF-8 targt charset for html_entity_decode(); default is 8-bit ISO-8859-1 which causes things to break when we later pass them through things that expect to work with UTF-8. For instance, running through preg_replace() with the /u option results in NULL, leading to problems with OStatus and SubMirror generating their plaintext versions and doing length-cropping. 2010-09-30 11:29:31 -07:00
Zach Copley
0ac333ec80 Add Start/EndFavorNoticeForm and Start/EndDisFavorNoticeForm hooks 2010-09-29 16:35:14 -07:00
Zach Copley
331502a979 Add Start/EndShowNoticeInfo events 2010-09-29 16:35:13 -07:00
Zach Copley
21759c3132 New eventsi: Start/EndShowNoticeOptions and Start/EndShowFaveForm 2010-09-29 16:35:12 -07:00
Evan Prodromou
d2ef0cf233 add hooks to the feedlist widget to give fine-grained control over feed links 2010-09-29 19:23:46 +02:00
Siebrand Mazeland
b9177f5e2e * i18n/L10n and translator documentation updates.
* whitespace and indentation updates
2010-09-29 00:39:45 +02:00
Siebrand Mazeland
2d08750c47 Localisation updates from http://translatewiki.net
* add support for Hungarian (hu)
2010-09-28 01:02:08 +02:00
Zach Copley
84331ca7bd Fix for ticket 2756 - Calls to OAuth endpoints are redirected to the
login page when a site is in private mode
2010-09-22 23:33:06 +00:00
Evan Prodromou
b5cfcba471 Merge branch '0.9.x' into activityexport
Conflicts:
	plugins/OStatus/OStatusPlugin.php
2010-09-22 10:45:34 -04:00
Brion Vibber
42dd460d3b Merge branch 'master' into 0.9.x 2010-09-21 12:48:16 -07:00
Brion Vibber
1bc45e191d Merge branch 'twitter-avatar' 2010-09-21 12:46:16 -07:00
Brion Vibber
94de78fa0f Workaround for #2485: in profile output on feeds, fall back to the Twitter 73x73 avatar instead of going straight to the 96x96 default image on twitter-import profiles. 2010-09-21 12:38:04 -07:00
Evan Prodromou
28fdc733a7 change the location and title of the feeds section 2010-09-21 14:09:46 -04:00
Brion Vibber
aef42e2f65 Don't spew a notice warning to output while processing logging for PEAR DB errors 2010-09-20 16:52:22 -07:00
Brion Vibber
24bb6feba7 Clean up notice spew from accessing member variables of null when opening the add/edit oauth application form 2010-09-20 16:39:51 -07:00
Brion Vibber
64cdbe6c55 Ticket #2750: fixes to HTTP caching behavior across login/logout boundaries
* now ignoring if-modified-since if we failed an etag if-none-match comparison, per spec
* now including a hash of user id/nickname in most etags, so we'll update the view properly after login/logout

For API methods, checking the API-auth'ed user. (Many change results to include things like 'you're subscribed to this user' or 'this is one of your favorites', so user info is again needed)

There'll still be some last-modified stamps that aren't including user info properly, probably.
2010-09-20 13:42:58 -07:00
Brion Vibber
2f38c9c99c Fix bug in db queue manager: when receiving an invalid or deleted notice, we were running it through the 'temporary fail, release it to try again' path instead of the 'done, discard item' path. Should fix some infinite-loop-of-doom-in-queue cases. 2010-09-20 13:19:58 -07:00
Zach Copley
55ad954b15 Basic license admin panel (maybe we can make it fancier later) 2010-09-17 16:38:12 -07:00
Brion Vibber
20a0a4acff Explicitly mark a translator note on the command list help message that the command names must not be translated 2010-09-16 11:05:31 -07:00
Evan Prodromou
670ad53215 Merge branch '0.9.x' into activityexport 2010-09-15 23:31:20 -04:00
Siebrand Mazeland
85154a49d0 Add plural support for minutes/hours/days/months ago.
Reapply of revised b27882c916 that was reverted by Brion Vibber in 2d4c0f9a47.
2010-09-16 00:07:47 +02:00
Brion Vibber
2d4c0f9a47 Revert "Add plural support for minutes/hours/days/months ago." -- currently doesn't work and spews error messages
This reverts commit b27882c916.
2010-09-15 14:10:18 -07:00
Evan Prodromou
1ceb93cce4 move useractivitystream class to its own module 2010-09-15 15:18:01 -04:00