Mikael Nordfeldth
15ab9ff9e3
common_to_alphanumeric added, filtering Notice->source in classic layout
2016-09-02 01:00:08 +02:00
Mikael Nordfeldth
59b93b23e2
Split up source and source_link. Never trust HTML!
...
https://community.highlandarrow.com/notice/269667
or alternatively: https://social.umeahackerspace.se/conversation/495655
2016-09-02 00:55:46 +02:00
Mikael Nordfeldth
e6b3924a5d
common_to_alphanumeric added, filtering Notice->source in classic layout
2016-09-02 00:08:17 +02:00
Mikael Nordfeldth
af6a3aa456
Make Group actions ManagedAction so groupbyid works
2016-08-28 09:34:31 +02:00
Mikael Nordfeldth
a32bfe7d87
TagCloud turned into plugin (performance issues on large installs)
2016-08-27 15:24:25 +02:00
Mikael Nordfeldth
4314a286e3
Less convoluted attachmentlistitem function calls
2016-08-21 09:25:16 +02:00
Mikael Nordfeldth
fc06c599bc
dbqueuemanager should ignore on no-result-exceptions
2016-08-16 20:27:41 +02:00
Nym Coy
1f866fcaed
ActivityGenerationTests.php fails but doesn't crash anymore.
...
Fixed an error where a profile id was reused after another profile was
deleted, and the new profile still had the deleted role.
Fixed ActivityGenerationTests::testNoticeInfoRepeated() which was passing
User instead of Profile, throwing errors.
tests/ActivityGenerationTests.php now passes.
CommandInterpreterTest now passes.
Moved JidValidateTest to XmppValidateTest, since Jabber functionality has
moved to the XmppPlugin. Tests work but don't pass, but they are at least
skipped if XmppPlugin is not active.
LocationTest passes, but the tests are not very good. Lots of nulls.
MediaFileTest passes.
NicknameTest passes. Nickname::normalize() now throws an error if the
nickname is too long with underscores.
UserFeedParseTest passes.
URLDetectionTest passes if $config['linkify']['(bare_ipv4|bare_ipv6|
bare_domains)'] are false. Untested otherwise.
Fixed Nickname::isBlacklisted() so it does not throw an error if
$config['nickname]['blacklist'] not set.
2016-08-14 11:55:49 +05:30
Mikael Nordfeldth
557e430c7d
Reference local URLs in addressee list on notices.
2016-08-06 18:32:14 +02:00
Mikael Nordfeldth
e52275e37f
Some comparisons were incorrect (text/html;charset=utf-8 etc.)
2016-07-21 01:38:31 +02:00
Mikael Nordfeldth
d5c733919b
Because the other part of the code works now, this is unnecessary
2016-07-21 00:34:40 +02:00
Mikael Nordfeldth
e8e996182f
Delete file on class destruction or we do it too quickly
...
Source image was removed when trying to use it for resizeTo
2016-07-21 00:23:27 +02:00
Mikael Nordfeldth
46c227bf3a
FileNotFoundException is more proper here
2016-07-15 13:19:16 +02:00
Mikael Nordfeldth
36cfe9f857
Delete successfully generated thumbnail (temporary sources) too.
2016-07-15 12:52:20 +02:00
Mikael Nordfeldth
6332a4d800
Handle FileNotStoredLocallyException in attachmentlistitem
2016-07-07 00:45:31 +02:00
Mikael Nordfeldth
f02d32b718
Reworked File->getUrl to throw exception
...
In case you require a local URL and one can't be generated, throw
FileNotStoredLocallyException(File $file)
2016-07-07 00:44:50 +02:00
Mikael Nordfeldth
71afb5be75
If the file is text/plain, see if we accept the extension
2016-07-06 09:34:09 +02:00
Mikael Nordfeldth
4117118e23
More specific exceptions for mimetype/extension issues.
2016-07-06 09:14:59 +02:00
Mikael Nordfeldth
b4a0bff740
Some mimetype madness!
2016-07-06 08:59:16 +02:00
Mikael Nordfeldth
a833eaa651
Make all hash algorithms available (but whitelist by default)
...
sha1 is whitelisted only because StatusNet requires it.
2016-06-28 11:54:39 +02:00
Mikael Nordfeldth
7978cd6d59
s/EmptyIdException/EmptyPkeyValueException/
2016-06-25 11:50:59 +02:00
Mikael Nordfeldth
0adb7af9a0
Allow a quickHead request, will only return headers
2016-06-24 15:43:20 +02:00
Mikael Nordfeldth
39e8c13afb
Properly parse incoming bookmarks
2016-06-24 13:51:40 +02:00
Mikael Nordfeldth
d00f19663b
bump to beta5 since phpseclib update (which might cause some issues still)
2016-06-18 00:05:54 +02:00
mmn
2e8a5aeb23
Merge branch 'tom/noreferrer' into 'nightly'
...
Use noreferrer when linkifying attachments and allow this value in purifier
If you click on a link in your main timeline this effectively identifies you to the site that you visited via the Referer header. (Who goes around reading other people's /user/all, honestly?)
Annoyingly our notice content is already HTML. Rather than attempt to parse and modify the tags in flight, this modification takes the simpler approach of adding the noreferrer tag to inline links by default when notices are composed.
See merge request !127
2016-06-17 16:32:39 -04:00
mmn
005b4c8dd1
Merge branch 'strict-warnings' into 'nightly'
...
Fix some strict warnings (Action::prepare, Action::handle)
I know MR with changes to a bunch of files aren't great practice, but I figured since all the changes are one-liners it might not be a huge deal.
Related to #190
See merge request !123
2016-06-17 16:29:47 -04:00
mmn
d66b495ba8
Merge branch 'notice-location' into 'nightly'
...
Re-enable notice locations
Removed a stray 'return' statement.
See merge request !125
2016-06-17 16:28:56 -04:00
mmn
d4295cfb25
Merge branch 'webmention-rocks' into 'nightly'
...
webmention.rocks
I have improved the webmention handling so that all but two of the webmention.rocks compliance tests pass now. Also improved parsing of time/authors on incoming webmentions.
See merge request !128
2016-06-17 16:26:21 -04:00
Mikael Nordfeldth
5e131aed80
Apparently medium.com uses @ frequently i URLs
...
and we skipped them because we assumed they were urlencoded when copied.
2016-06-17 11:20:36 +02:00
Stephen Paul Weber
83e7ade714
When there is no useful title, class="p-name e-content"
2016-06-10 21:00:48 +00:00
Thomas Karpiniec
c1537a1e82
Use noreferrer when linkifying attachments and allow this value in purifier
2016-06-09 19:56:36 +10:00
Chimo
d02c75d019
Re-enable notice locations
...
Removed a stray 'return' statement.
2016-06-01 21:56:42 -04:00
Chimo
9de79f0a36
Update prepare() method on Action subclasses.
...
Fixes handle()-related strict warnings such as "Strict Standards:
Declaration of AdminPanelAction::prepare() should be compatible with
Action::prepare(array $args = Array)
Ref. #190
2016-06-01 02:26:44 +00:00
Chimo
ba2975aac8
Update handle() method on Action subclasses.
...
Fixes handle()-related strict warnings such as "Strict Standards:
Declaration of AdminPanelAction::handle() should be compatible with
Action::handle()"
Ref. #190
2016-06-01 02:26:44 +00:00
Sandro Santilli
3138fa0b40
Check DB connection before any possible use
2016-05-24 16:49:50 +02:00
Mikael Nordfeldth
bd306bdb9f
Add /download action for attachments
2016-05-09 22:08:36 +02:00
Mikael Nordfeldth
3a6733dc98
2-frame GIF animations weren't recognised as animated
2016-05-04 11:57:55 +02:00
Mikael Nordfeldth
a5a96dd857
Misplaced break/continue statements.
2016-05-04 11:44:00 +02:00
Mikael Nordfeldth
87dd0fbdb6
UseFileAsThumbnailException uses direct File object now
2016-05-04 11:34:50 +02:00
Mikael Nordfeldth
7aa9a69c2f
Link to attachment page instead of big-ass image
2016-05-01 11:35:51 +02:00
Mikael Nordfeldth
9b613029e6
Merge branch 'master' into mmn_fixes
2016-04-18 16:10:50 +02:00
Mikael Nordfeldth
844fe3924e
put local id, href and such in ostatus:conversation element
2016-04-18 16:09:36 +02:00
Mikael Nordfeldth
107f612384
strict type comparison
2016-04-18 15:04:03 +02:00
Mikael Nordfeldth
4645033b98
"In conversation" text in noticelistitem
2016-04-08 13:44:22 +02:00
Mikael Nordfeldth
547f92de07
Don't fail deleteRelated on NoProfileException
2016-04-01 06:51:19 +02:00
Mikael Nordfeldth
44ea8aa681
Make sure $_SERVER['HTTP_REFERER'] isset when testing value
2016-03-31 20:51:50 +02:00
Mikael Nordfeldth
4ea79bc396
I was too quick to save that file (File::getByUrl takes 1 arg)
2016-03-29 14:33:40 +02:00
Mikael Nordfeldth
2f91cb0df7
We should assume all verbs and such are their full URIs in our db
2016-03-29 12:57:52 +02:00
Mikael Nordfeldth
dcffe5d992
Forgotten File::getByUrl conversations (performance++)
2016-03-29 12:13:53 +02:00
Mikael Nordfeldth
88e2f739a9
DOMElement not DOMDocument
2016-03-28 16:23:15 +02:00
Mikael Nordfeldth
7bef2ad4cc
Update Profile Data script fixes, might work for groups too now
2016-03-28 16:19:47 +02:00
Mikael Nordfeldth
f134a423f6
rename config option site/logdebug to log/debugtrace
2016-03-27 16:36:58 +02:00
Mikael Nordfeldth
9fa18fa366
HTTPClient::quickGet now supports headers as argument
...
They should be in a numeric array, already formatted as headers,
ready to go. (Header-Name: Content of the header)
2016-03-24 02:44:11 +01:00
Mikael Nordfeldth
f83b81b8c4
Change config webfinger/http_alias to fix/legacy_http
...
Set $config['fix']['legacy_http'] to perform some actions that are
needed if your site used to be served over http but now has upgraded
to https!
2016-03-23 15:21:02 +01:00
Mikael Nordfeldth
8933022edc
Forgot a microsummary route in the latest commit
2016-03-22 22:37:59 +01:00
Mikael Nordfeldth
dafe775ffa
Microsummaries had issues and were removed in Firefox 6.0 anyway
...
It is argued there are many better ways to get a "micro summary" of
a profile or site.
2016-03-22 22:31:01 +01:00
Neil E. Hodges
39ebb64b85
Added proper enabling and disabling of sending RTs to Twitter.
2016-03-21 07:12:52 -07:00
Mikael Nordfeldth
38f7deca78
Avoid "property of non-object" PHP notice.
2016-03-21 11:17:25 +01:00
Mikael Nordfeldth
1e89369ef8
geometa.js doesn't exist anymore
2016-03-21 03:23:39 +01:00
Mikael Nordfeldth
ae681b10e7
geometa.js doesn't exist anymore
2016-03-21 03:11:22 +01:00
Mikael Nordfeldth
980085a8a3
Merge branch 'master' of git.gnu.io:gnu/gnu-social into mmn_fixes
...
Conflicts:
plugins/Minify/extlib/minify/README.txt
plugins/Minify/extlib/minify/UPGRADING.txt
plugins/Minify/extlib/minify/min/README.txt
plugins/Minify/extlib/minify/min/builder/index.php
plugins/Minify/extlib/minify/min/lib/JSMin.php
plugins/Minify/extlib/minify/min/lib/Minify.php
plugins/Minify/extlib/minify/min/lib/Minify/CSS.php
plugins/Minify/extlib/minify/min/lib/Minify/CSS/Compressor.php
plugins/Minify/extlib/minify/min/lib/Minify/Controller/Page.php
plugins/Minify/extlib/minify/min/lib/Minify/Packer.php
plugins/Recaptcha/RecaptchaPlugin.php
2016-03-21 03:10:19 +01:00
Mikael Nordfeldth
cd24f7d30a
Issue #166 - we test exif data below, no need for error output
2016-03-21 02:56:47 +01:00
Mikael Nordfeldth
cdcf6cdb25
Hacky method to avoid cutting conversation "more" link out
2016-03-21 02:42:28 +01:00
Mikael Nordfeldth
aa3865c303
Split threaded notice list classes into own files.
2016-03-21 02:33:57 +01:00
Bob Mottram
11c57e7aee
Remove Google References
...
This removes most references to Google, with some
remaining since they may point to things which are still
relevant. References to Google Code, Google Buzz and
Google Maps have been removed
2016-03-20 13:06:58 +00:00
Mikael Nordfeldth
349e842078
UPDATE ActivityVerb
2016-03-14 15:26:03 +01:00
Mikael Nordfeldth
ca8f0f84c4
Woops, forgot to include this file!
2016-03-14 15:25:05 +01:00
Mikael Nordfeldth
5ca2a28246
Make oEmbed handle our http/https setting better.
2016-03-10 14:20:21 +01:00
Mikael Nordfeldth
bd75305560
Define-ify excluded end-characters of URL autolinking
2016-03-09 15:16:47 +01:00
Mikael Nordfeldth
c769924505
Reduce the number of allowed characters in auto-linking URLs.
2016-03-09 15:05:36 +01:00
Mikael Nordfeldth
d179afa303
Save allowed path/qstring/fragment characters in constants
2016-03-09 14:51:52 +01:00
Mikael Nordfeldth
e2c6f2f96f
Let's be consistent with URL verbs
2016-03-08 20:01:06 +01:00
Mikael Nordfeldth
cfc82591da
chmod 0775 directories we create
...
Security for the 'g+rx' should be handle by having the parent directory
inaccessible for global users, which is usually the case.
2016-03-07 23:23:32 +01:00
Mikael Nordfeldth
4e5c0e70a6
fillConfigVoids to set default value of empty config options
2016-03-07 22:55:52 +01:00
Mikael Nordfeldth
265fa12917
Relatively experimental change to store thumbnails in 'file/thumb/' (by default)
2016-03-07 22:33:34 +01:00
Mikael Nordfeldth
158b323767
Declare AdminpanelAction::canAdmin as static, since that's how it's used.
2016-03-06 17:31:40 +01:00
Mikael Nordfeldth
6ec72b2978
Move mail_confirm_address out of mail.php
2016-03-06 17:27:40 +01:00
mmn
0785e2910f
Merge branch 'no_sandboxed_repeats_branch' into 'nightly'
...
Don't include repeated notices from sandboxed users in the public timeline
See merge request !115
2016-03-05 08:08:42 -05:00
Mikael Nordfeldth
97ac722b24
Accessibility navigation improvement
2016-03-05 12:42:53 +01:00
Mikael Nordfeldth
7ca0ff9a19
MediaFile::fromUpload handles missing local file better
2016-03-05 12:05:12 +01:00
Mikael Nordfeldth
1db02d7f36
filename_base option isn't optimal
...
For different "download filenames" we should use some other method.
2016-03-05 11:59:46 +01:00
Mikael Nordfeldth
57d57b8d8f
Handle reuploads via filehandle better if original is missing
2016-03-05 01:26:34 +01:00
Mikael Nordfeldth
952f68fed5
File upload logging for dummies
2016-03-05 00:59:39 +01:00
hannes
7d4658643d
the repeated notice can be from a sandboxed user too
2016-03-04 16:53:57 -05:00
Mikael Nordfeldth
dc1ceca86e
Some more Microformats2 data for notices and rendering
2016-03-02 13:29:54 +01:00
Mikael Nordfeldth
6529fdd28d
Proper Microformats2 h-entry p-name + u-uid markup
2016-03-02 13:10:02 +01:00
Mikael Nordfeldth
d6598e790c
Introduce a ConfigException
2016-03-02 12:33:06 +01:00
Mikael Nordfeldth
9534969c05
Don't set is_local=LOCAL_NONPUBLIC on sandboxed user notices
...
Let's decide whether they are nonpublic by testing them when the notice
is shown instead.
2016-03-02 12:26:23 +01:00
Mikael Nordfeldth
a3b2118906
Make the public streams ModeratedNoticeStream (hide sandboxed users etc.)
...
Which streams should be put under ModeratedNoticeStream is probably open
to debate. But at least the public ones should hide the posts from users
that are sandboxed.
2016-03-02 11:50:50 +01:00
Mikael Nordfeldth
b4271a3533
Stricted typing + protected on FilteringNoticeStream->filter
2016-03-02 11:40:43 +01:00
Mikael Nordfeldth
99fbb181c1
Translation changes, use FancyName in email subject
2016-03-01 23:53:36 +01:00
Mikael Nordfeldth
47f408ca7c
Strict typing for mail_notify_attn
2016-03-01 23:37:11 +01:00
Mikael Nordfeldth
63c087a255
Consistent behaviour for ScopingNoticeStream $scoped
...
We don't guess the current profile anymore if the value of the profile === -1
Also sets $this->scoped for all ScopingNoticeStream inheritors, which just
like in an Action can be null if we're not scoped in any way (logged in).
2016-03-01 14:51:47 +01:00
Mikael Nordfeldth
7862b853bf
Make javascript XHR timeout a variable.
...
SN.V.xhrTimeout = [time in milliseconds];
2016-03-01 13:10:18 +01:00
Mikael Nordfeldth
6c43e9c2e0
Verify loaded config function, must be completed further.
2016-02-28 13:31:21 +01:00
Mikael Nordfeldth
747c91210f
HTMLPurifier cache settings, put stuff in subdir of get_sys_temp_dir()
2016-02-28 13:30:47 +01:00
Mikael Nordfeldth
cd978fa153
Edited the list of allowed rel values
2016-02-28 13:16:52 +01:00
Mikael Nordfeldth
52a3764ae4
Resolve relative URLs (assuming URI.Base==notice URL)
...
The real way to do this would be to get the xml:base property from
the Atom feed but it's probably not there in any posts we see today.
2016-02-26 14:46:26 +01:00
Mikael Nordfeldth
29662eef5e
Mentioning matches (@this too) now.
2016-02-26 00:08:51 +01:00
Mikael Nordfeldth
2669c51265
Allow sgf files if they're recognized in mime search
...
They are Go game files used on lamatriz.org. Note that my server
doesn't actually recognize these files and can identify the mime type,
but my browser did for some reason.
2016-02-26 00:05:07 +01:00
Mikael Nordfeldth
e6e1705852
Make uploads work properly if we accept _all_ attachment types
...
Also introduced $config['attachments']['extblacklist'] that can disable
certain file extensions (or rewrite them, for example php => phps)
2016-02-25 22:15:54 +01:00
Mikael Nordfeldth
128a00c4ab
Include feeds in Link HTTP headers, for easier discovery
2016-02-24 16:48:44 +01:00
Mikael Nordfeldth
b59dacb806
getAliases for Profile and Notice
...
Also move fancyurlfix into site-wide $config['fix']['fancyurls']
TODO: getByUri should make use of this directly I guess?
2016-02-23 14:00:59 +01:00
Mikael Nordfeldth
5f7032dfee
Verify that authenticated API calls are made from our domain name.
...
Evil forms on other websites could otherwise potentially be configured
to have action="https://gnusocial.example/api/statuses/update.json " or
whatever. XHR is already blocked with CORS stuff.
Really, why do browsers allow cross domain POSTs at all? Sigh. The web.
2016-02-22 15:19:10 +01:00
Mikael Nordfeldth
ce803f6d06
WebFinger aliases with 'index.php/'
2016-02-21 20:00:07 +01:00
Mikael Nordfeldth
893d117309
throw new, not just throw
2016-02-21 19:01:37 +01:00
Mikael Nordfeldth
23e66bef64
common_fake_local_fancy_url to remove index.php/ from a local URL
2016-02-21 18:48:18 +01:00
Mikael Nordfeldth
afbdcf8938
Don't publish mbox_sha1sum in FOAF by default.
...
We say the email is private data, so reasonably we shouldn't reveal it
indirectly through a hash sum: http://xmlns.com/foaf/spec/#term_mbox_sha1sum
2016-02-19 00:10:05 +01:00
Mikael Nordfeldth
a838c90951
Only show "public:site" in ToSelector if notice/allowprivate is true
2016-02-18 00:33:16 +01:00
Mikael Nordfeldth
f68d1ade3f
Put "Everyone" and "Everyone at [local instance]" at the top of ToSelector
2016-02-18 00:32:09 +01:00
Mikael Nordfeldth
543d968b81
NoAcctUriException->profile not $e directly
2016-02-18 00:13:59 +01:00
Mikael Nordfeldth
a361fdbd77
Sort ToSelector by AcctUri
2016-02-18 00:05:09 +01:00
Mikael Nordfeldth
73dbc5ca1b
Use ToSelector choice again.
2016-02-17 23:44:15 +01:00
Mikael Nordfeldth
d2c11925bf
To-selector padlock only shown if site config notice/allowprivate is true
2016-02-17 23:06:11 +01:00
Mikael Nordfeldth
5fbb01130a
By default, disallow users to set private_stream
2016-02-17 22:58:31 +01:00
Mikael Nordfeldth
d2507a6266
Gotta declare FullNoticeStream as abstract class
2016-02-16 02:24:38 +01:00
Mikael Nordfeldth
46829c6d3c
FullNoticeStream selects all verbs.
2016-02-16 02:21:39 +01:00
Mikael Nordfeldth
2d1b70c94d
created column was ambigououuuouuus
2016-02-15 09:59:34 +01:00
Mikael Nordfeldth
2301862ae6
We only want POST and SHARE in the inbox/home timeline right?
2016-02-15 09:59:18 +01:00
Mikael Nordfeldth
dcb7ce36d8
Show shares in public timeline
...
Also, the unselect rule for DELETE was useless anyway since it would
already have been filtered out by not having true.
(the => false stuff are for when you want ALL _except_ that)
2016-02-14 20:53:26 +01:00
Mikael Nordfeldth
e2a090c9cc
Use NoticeStream::filterVerbs for filtering in noticestreams
2016-02-14 20:46:13 +01:00
Mikael Nordfeldth
be14e15dac
Hide attachments in notices by silenced profiles
2016-02-13 13:17:39 +01:00
Mikael Nordfeldth
e5ad98e601
Silence action can only be used on non-priviliged users
2016-02-12 14:22:25 +01:00
Mikael Nordfeldth
f10625f8bc
file and avatar dirs on instances with no such dirs in filesystem
2016-02-12 02:29:33 +01:00
Mikael Nordfeldth
338df7e35b
Fix Nickname::isSystemPath() work properly for routes
2016-02-12 02:21:11 +01:00
Mikael Nordfeldth
67dfc0a046
application/xml allowed in uploads
2016-02-11 00:04:14 +01:00
Mikael Nordfeldth
733debd9b3
Use thumbnail upscaling config value
2016-02-10 04:40:54 +01:00
Mikael Nordfeldth
8806cce735
Default to avoid upscaling of thumbnails. 45x45=>450x450 is ugly
2016-02-10 04:40:10 +01:00
Mikael Nordfeldth
a61235086b
Use config site/sslproxy to force HTTPS (i.e. using reverse proxy to enable it)
...
Usage in config.php: $config['site']['sslproxy'] = true;
Add this to documentation...
2016-02-10 01:05:02 +01:00
Mikael Nordfeldth
ec257d940a
Either use or don't use HTTPS
...
The risk of injection attacks using HTTP is too great to allow a
site that allows both HTTP and HTTPS...
2016-02-10 00:57:39 +01:00
Mikael Nordfeldth
dcf29c2a07
s/isHTTPS/useHTTPS/ for HTTPS URL generation
2016-02-10 00:38:14 +01:00
Mikael Nordfeldth
cd71188d3a
SimpleCaptcha plugin to stop basic bots
2016-02-08 17:47:09 +01:00
Mikael Nordfeldth
d98784e059
Use functions instead of accessing properties in twitterUserArray
2016-02-08 12:21:58 +01:00
Mikael Nordfeldth
2938b3e960
Don't return true on requiresAuth if screen_name==='0'
2016-02-08 12:14:35 +01:00
Mikael Nordfeldth
13cf744fb3
Allow screennames that are === '0'
2016-02-08 11:40:46 +01:00
Mikael Nordfeldth
2686635f60
Keep the rel="tag" in HTML when purifying
2016-02-07 12:50:26 +01:00
Mikael Nordfeldth
d6664f5735
Hidespam by default
...
...why would something described as "Whether to hide silenced users from timelines"
be set to false by default? :)
2016-02-07 02:33:53 +01:00
Mikael Nordfeldth
098c8b1df4
NoHttpResponseException extends HTTP_Request2_ConnectionException
2016-02-07 01:52:20 +01:00
Mikael Nordfeldth
60804d1902
ES3 compatibility layer not necessary (noone uses IE8 etc.)
...
All browsers with javascript support also support ES5 nowadays. Anyone
using older software should upgrade for other reasons, such as security.
2016-02-04 11:37:24 +01:00
Mikael Nordfeldth
d5ecbd05a1
Forgot a break in a switch when rendering attachments.
2016-02-03 19:32:51 +01:00
Mikael Nordfeldth
9960714896
Disallow zero-length magnet URIs
...
magnet: would match, but now we have a zero-length lookahead which
requires the following character to be a question mark: magnet:?
2016-02-03 15:26:19 +01:00
Mikael Nordfeldth
90045d66ea
HTMLPurifierSchemes plugin to allow geo and magnet URIs
2016-02-03 14:36:51 +01:00
Mikael Nordfeldth
349dba8be0
Only allow our specified URI schemes
2016-02-03 14:31:16 +01:00
Mikael Nordfeldth
e903bd0bc3
Hacky support for geo URI detection
...
Won't work with common_purify yet because there is no geo uri scheme for it
2016-02-03 14:19:08 +01:00
Mikael Nordfeldth
b1ed1f48ea
Configurable linkify for bare IPv4/IPv6
2016-02-03 12:55:00 +01:00
Mikael Nordfeldth
84930f89f9
Don't allow account backups by default.
2016-02-03 01:08:36 +01:00
Mikael Nordfeldth
19b743a9f5
Set time limit to increase time backupaccount can take
...
Wills till run out of memory probably, we should fix that.
2016-02-03 01:04:14 +01:00
Mikael Nordfeldth
9fcfb7cb1d
Proper error message on too much POST data
2016-02-03 01:03:58 +01:00
Mikael Nordfeldth
a2b914ce60
Get URL schemes by URL type
2016-02-03 00:18:37 +01:00
Mikael Nordfeldth
43abfe659b
Bump beta number to 4
...
We have better webfinger @mention@capability.example at least and
OpportunisticQM is somewhat refined.
2016-01-30 00:04:18 +01:00
Mikael Nordfeldth
367fc054dc
Merge branch 'master' into mmn_fixes
2016-01-30 00:03:25 +01:00
Mikael Nordfeldth
36f099958c
Don't match @nickname on @nickname@server.com
2016-01-29 15:53:58 +01:00
Mikael Nordfeldth
cb40f72c7e
Use the profile URI when linking instead of URL
...
since we'll then get to /user/$id instead of /$nickname which is
good for future archives if someone changes their nickname...
2016-01-29 15:21:01 +01:00
Mikael Nordfeldth
6b31feb70f
Strict Standards: Declaration of MysqlSchema::get()
...
should be compatible with Schema::get($conn = NULL)
2016-01-28 20:18:06 +01:00
Mikael Nordfeldth
7e6783bb8f
Replace htmLawed with HTMLPurifier
2016-01-28 19:01:13 +01:00
Mikael Nordfeldth
34093388a7
Merge branch 'nightly' of git.gnu.io:gnu/gnu-social into mmn_fixes
2016-01-27 22:43:37 +01:00
mmn
52778e1882
Merge branch 'json_encode_fail_branch' into 'nightly'
...
output error if json_encode fails
See merge request !86
2016-01-26 21:16:24 +00:00
mmn
42545c6625
Merge branch 'mention_branch' into 'nightly'
...
correct mentions if parent mentions multiple users with same nickname (don't use first one for all)
See merge request !82
2016-01-26 21:15:25 +00:00
Mikael Nordfeldth
a48055a3cc
Merge branch 'nightly' of git.gnu.io:gnu/gnu-social into mmn_fixes
2016-01-25 20:22:16 +01:00
hannes
e447964639
remove my ugly debug info
2016-01-25 19:10:35 +00:00
hannes
b1b6a0a69c
config['follow_redirects'] is the extlib's config! if max_redirs is set we want to do our own redirection following in this function
2016-01-25 19:03:26 +00:00
Mikael Nordfeldth
b15434375c
Show plain text files on attachment page.
2016-01-25 16:54:40 +01:00
Mikael Nordfeldth
a9d18a077e
Harmonize, clarify, categorize URL schemes
...
Regular expression + avoid-redirection list now match each other.
2016-01-24 12:47:31 +01:00
Mikael Nordfeldth
1cec627d72
Allow bitcoin scheme to URLs
2016-01-24 12:44:28 +01:00
hannes
4e50717e12
output error if json_encode fails
2016-01-23 15:01:27 +00:00
Mikael Nordfeldth
89dd44bf3e
default connect_timeout to 5 instead of extlib 10
2016-01-22 12:20:03 +01:00
Mikael Nordfeldth
3f9c1c142a
Removing unnecessary debug messages etc.
2016-01-21 02:49:34 +01:00
Mikael Nordfeldth
45446f17ad
Only set selectVerbs if it's not set in class var
2016-01-21 02:37:38 +01:00
Mikael Nordfeldth
d3a4a2225f
We want the profile stream to be as raw as possible!
2016-01-21 02:33:43 +01:00
Mikael Nordfeldth
f74d2d555c
Working on some RSVP code stuff
2016-01-21 02:10:34 +01:00
Mikael Nordfeldth
5999171c11
Throw NoObjectTypeException on Notice->getObjectType if no string
2016-01-20 21:37:14 +01:00
Mikael Nordfeldth
21cc737f5c
Cancelling RSVPs now seems to work.
2016-01-20 16:10:10 +01:00
hannes
de047f9727
correct mentions if parent mention multiple users with same nickname (don't use first one for all)
2016-01-19 13:41:25 +00:00
Mikael Nordfeldth
15d12b209d
Don't include delete verbs in profile notice stream.
2016-01-18 22:04:42 +01:00
Mikael Nordfeldth
f768de4b46
default connect_timeout to 5 instead of extlib 10
2016-01-18 22:01:45 +01:00
Mikael Nordfeldth
cae344b67b
Events are now saved but not displayed properly again
2016-01-18 20:57:44 +01:00
Mikael Nordfeldth
bdc38a7204
Initial user doesn't need as strict checking on email
2016-01-17 00:39:49 +01:00
Mikael Nordfeldth
deda83fdef
Distinguish notice saving errors from others for Salmon
2016-01-16 22:39:04 +01:00
Mikael Nordfeldth
4678546d33
We want exceptions to be noticable in activityhandlerplugin
2016-01-16 21:19:34 +01:00
Mikael Nordfeldth
3019f8f23f
dbqueuemanager logic
2016-01-16 21:05:34 +01:00
Mikael Nordfeldth
f53ebdeadb
Start handling salmon entries directly with Notice::saveActivity
...
More to come...
2016-01-16 17:25:29 +01:00
Mikael Nordfeldth
1f76c1e4a9
Initial user doesn't need as strict checking on email
2016-01-16 17:23:50 +01:00
mmn
44c10bb2aa
Merge branch 'oembed_branch' into 'nightly'
...
purify oembed html and don't allow cdata
hopefully we never need stuff in cdata
reason for this is that this link serves javascript in its oembed data: https://www.maketecheasier.com/switch-windows-10-to-linux/
see:
https://www.maketecheasier.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.maketecheasier.com%2Fswitch-windows-10-to-linux%2F
i don't feel we want that in our database.
See merge request !79
2016-01-15 13:11:35 +00:00
Mikael Nordfeldth
16088d9439
ErrorAction and InfoAction fixes, are now ManagedAction
2016-01-14 21:28:47 +01:00
Mikael Nordfeldth
bc0a903bd4
ErrorAction to autodiscoverable file.
2016-01-14 21:21:34 +01:00
Mikael Nordfeldth
b530d385bc
Exception object was not supplied there
2016-01-14 18:51:46 +01:00
Mikael Nordfeldth
0caf0612d0
Make Twitter Media upload API v1.1 reach us
...
Now we just have to accept the 'media' or 'media_data' (base64 encoded)
POST arguments instead of $_FILES uploads.
2016-01-14 18:29:21 +01:00
Mikael Nordfeldth
6e49281adb
Use the Action class itself as error handler
2016-01-14 18:21:11 +01:00
Mikael Nordfeldth
c173c4faa5
Actually throw NoQueueHandlerException too.
2016-01-14 13:48:33 +01:00
Mikael Nordfeldth
df00a88cb4
Forgot to add NoRouteMapException to 6834f355f2
2016-01-14 13:07:00 +01:00
Mikael Nordfeldth
6834f355f2
Making ClientExceptions turn into ClientErrorAction
...
Got some 404s which were presented as 500
2016-01-14 02:47:28 +01:00
Mikael Nordfeldth
99261e0781
Don't LOG_ERR missing paths (misspelling clients aren't errors)
2016-01-14 02:22:47 +01:00
Mikael Nordfeldth
331abf173b
Forgot semicolon
2016-01-14 02:05:33 +01:00
Mikael Nordfeldth
f699ffeb8a
Exception handling in queue handler logic
2016-01-14 02:04:15 +01:00
Mikael Nordfeldth
0ddaa6ff75
Handle exceptions in QueueHandler classes
2016-01-14 01:47:13 +01:00
Mikael Nordfeldth
29b45bb87a
Unnecessary call to User::getKV
2016-01-13 20:08:17 +01:00
Mikael Nordfeldth
818aaa0578
We didn't get profiles from the new-style attention system
2016-01-13 18:35:25 +01:00
hannes
3e7e3de554
don't allow cdata elements in purified html
2016-01-13 16:01:27 +00:00
Mikael Nordfeldth
99da1ebe41
Catch NoHttpResponseException when using HTTPClient
2016-01-13 14:17:49 +01:00
Mikael Nordfeldth
3ed632decf
NoHttpResponseException needed instead of HTTP_Request2_Exception
...
HTTP_Request2_Exception assumed an HTTP response status code/line
2016-01-13 14:08:48 +01:00
Mikael Nordfeldth
e75472f460
Use the upstream function to get effectiveUrl
2016-01-13 14:00:05 +01:00
Akio Nishimura
eceafb84de
lib/language.php: rewrited jp as ja.
2016-01-13 13:23:06 +01:00
Mikael Nordfeldth
e49e113140
Ugly hack to show thumbnails of otherwise unrepresentable attachments
...
such as text/html, where the thumbnail has been retrieved via oEmbed/OpenGraph
2016-01-12 15:38:59 +01:00
Mikael Nordfeldth
8c28e54ccc
same as previous, but for mime_to_ext
2016-01-12 13:14:17 +01:00
Mikael Nordfeldth
dbe5d72e4c
If all file extensions are supported we have no list of comparisons
2016-01-12 13:08:54 +01:00
hannes
a1b509bb0b
forgot we need access to $html too
2016-01-11 20:58:34 +00:00
hannes
8d331b0f35
EndCommonPurify event
2016-01-11 20:54:19 +00:00
Mikael Nordfeldth
1a46d86ca6
lib/util.php quick function to do var_export($var,true)
...
Immensely useful when debugging and we want to put quotes around strings,
potentially stopping any "evil logging attacks" (where input data masks
as logging data).
2016-01-11 19:52:54 +01:00
Mikael Nordfeldth
c1f22f106b
Might as well put a $limit on preg_replace here
...
Since there will (should) never be more than one ^http in that string anyway.
2016-01-11 18:27:26 +01:00
Mikael Nordfeldth
5b2b969a77
Tag notice streams should only show post verbs
2016-01-11 15:15:23 +01:00
Mikael Nordfeldth
b13f8df79b
HTTPClient would return null instead of exception
...
This caused $response->isOK() tests to call a function on a non-existing object, causing all hell to break loose.
2016-01-11 02:36:59 +01:00
Mikael Nordfeldth
5ef10a14ef
Get group attentions too for outbound notices
2016-01-09 15:06:44 +01:00
Mikael Nordfeldth
55aa68b941
CancelGroupForm gets same typing as Join and Leave
2016-01-09 14:13:19 +01:00
Mikael Nordfeldth
fbec7c4e75
Issue #121 - use correct Group ID and strict User_group typing
2016-01-09 14:06:50 +01:00
Mikael Nordfeldth
d13483ca20
Wups, $poster could be undefined
2016-01-09 13:15:09 +01:00
Mikael Nordfeldth
33194b3cff
Attention goes to the parent notice author too
2016-01-08 02:58:31 +01:00
Mikael Nordfeldth
0463d96392
Add more info in logging call
...
There shouldn't be *HandleSalmonTarget, only verification of actor and
then Notice::saveActivity()!
2016-01-08 01:52:10 +01:00
Mikael Nordfeldth
e6f2676c5c
Default to not include delete verbs in notice streams
2016-01-07 23:33:47 +01:00
Mikael Nordfeldth
801ca3531b
common_find_attentions to populate activities from content text
2016-01-07 23:23:37 +01:00
Mikael Nordfeldth
1f02dc639e
shortenLinks _after_ media upload to be consistent with api
2016-01-07 18:14:45 +01:00
Mikael Nordfeldth
be58fd64f5
Use index for File url (urlhash)
2016-01-07 18:13:10 +01:00
Mikael Nordfeldth
d4be5349b3
think I have managed to show oEmbed images better now
2016-01-07 17:35:37 +01:00
Mikael Nordfeldth
5d4b1d0b88
Appropriate exception message in GroupNoProfileException
2016-01-07 12:14:48 +01:00
Mikael Nordfeldth
47c7e1b875
Breaking class definitions out into separate files and fixing typing
2016-01-06 19:46:56 +01:00
Mikael Nordfeldth
f1c4c64cd9
Don't update stored URLs just because we have a filename
...
This would overwrite remote URLs with local verisons which removes source href...
The reason one might have filenames for remote URLs is that StoreRemoteMedia plugin
fetches them and uses the filename field.
2016-01-06 19:24:03 +01:00
Mikael Nordfeldth
b596391fcd
Avoid having to check for notices without rendered copies in upgrade.php
...
Always call the Notice->getRendered() function to get a rendered copy.
We could perhaps put some sanitation there too in the future
2016-01-06 15:32:27 +01:00
Mikael Nordfeldth
4a8e936e19
Somewhat more meaningful error message
2016-01-06 14:10:37 +01:00
Mikael Nordfeldth
4b22b0c42a
More listitems and lists into separate files + stronger typing
2016-01-06 01:36:46 +01:00
Mikael Nordfeldth
6d9f390ba8
Separating classes into files and stronger typing
2016-01-06 01:30:12 +01:00
Mikael Nordfeldth
da2f179ae9
Typing to Profile
2016-01-06 01:25:00 +01:00
Mikael Nordfeldth
e577e883f4
Subscriber lists to separate files and also Profile typing
2016-01-06 00:57:31 +01:00
Mikael Nordfeldth
1946197a1c
Merge request #10 by aroque but in a slightly different version
2016-01-06 00:48:03 +01:00
Mikael Nordfeldth
31c8416a8f
Merge branch 'nightly' of git.gnu.io:gnu/gnu-social into mmn_fixes
2016-01-06 00:24:41 +01:00
Mikael Nordfeldth
792b62874e
Require Profile for Profile->getLists
2016-01-06 00:18:10 +01:00
hannes
0b4b0de412
longurl in href
2016-01-05 23:14:51 +00:00
Mikael Nordfeldth
3d66d960a1
Require Profile for Profile->getOtherTags
2016-01-06 00:07:15 +01:00
hannes
8b78e01d4c
$longurl->url is just the same $canon we fed to File_redirection::where()
2016-01-05 23:06:02 +00:00
hannes
64f2f3d976
effectiveUrl seems to contain the url we want
2016-01-05 22:44:06 +00:00
Mikael Nordfeldth
df8c14d66a
ProfileMiniList->newListItem changed to match ProfileList->newListItem
2016-01-05 00:09:47 +01:00
Mikael Nordfeldth
de7e8c59e8
Version bump since we've fixed a lot of bugs
2016-01-04 02:19:37 +01:00
Mikael Nordfeldth
fb537fb7f4
We would end up with a Managed_DataObject if now match was found
...
meaning we'd return for example a Notice with empty id (translated into 0)
and thus Faves coming in from remote instances where the fave'd notice was
not found would result in faving the first Notice in a table-wide search,
i.e. often the first post on the instance.
Whoopie!
2016-01-04 02:04:18 +01:00
Mikael Nordfeldth
065e23b1c4
Code cleanup in lib/activityutils.php
2016-01-04 01:58:45 +01:00
Mikael Nordfeldth
00ace6c2df
More explicit catch
2016-01-04 01:53:33 +01:00
Mikael Nordfeldth
b4b57bba54
EmptyIdException to make sure we get the right in catch
2016-01-03 22:56:48 +01:00
Mikael Nordfeldth
3bddf01350
Somewhat better layout for approving/rejecting subrequests
2016-01-03 20:42:21 +01:00
Mikael Nordfeldth
c19964094b
Pending subscription requests now work as they should
...
A slight layout issue with the buttons still persists
2016-01-03 20:27:53 +01:00
Mikael Nordfeldth
df0f9547b5
Handle private streams better (failed to show profile before)
2016-01-03 19:16:29 +01:00
Mikael Nordfeldth
0dc7fcce5b
Fixes issue #94 with undefined 'fr'
...
I just copied the English example...
2016-01-03 00:45:47 +01:00
Mikael Nordfeldth
fe328ae5e4
Fix because qvitter supplies a twitter array value which is an array
...
works for json API, not for XML, so we make an exception here...
2016-01-02 02:01:54 +01:00
Mikael Nordfeldth
cf6e06a5dd
Avoid exception for invalid URL aborting rendering for parent notice if it fails
2016-01-02 00:09:10 +01:00