Mikael Nordfeldth
d179afa303
Save allowed path/qstring/fragment characters in constants
2016-03-09 14:51:52 +01:00
Mikael Nordfeldth
e2c6f2f96f
Let's be consistent with URL verbs
2016-03-08 20:01:06 +01:00
Mikael Nordfeldth
cfc82591da
chmod 0775 directories we create
...
Security for the 'g+rx' should be handle by having the parent directory
inaccessible for global users, which is usually the case.
2016-03-07 23:23:32 +01:00
Mikael Nordfeldth
4e5c0e70a6
fillConfigVoids to set default value of empty config options
2016-03-07 22:55:52 +01:00
Mikael Nordfeldth
265fa12917
Relatively experimental change to store thumbnails in 'file/thumb/' (by default)
2016-03-07 22:33:34 +01:00
Mikael Nordfeldth
158b323767
Declare AdminpanelAction::canAdmin as static, since that's how it's used.
2016-03-06 17:31:40 +01:00
Mikael Nordfeldth
6ec72b2978
Move mail_confirm_address out of mail.php
2016-03-06 17:27:40 +01:00
mmn
0785e2910f
Merge branch 'no_sandboxed_repeats_branch' into 'nightly'
...
Don't include repeated notices from sandboxed users in the public timeline
See merge request !115
2016-03-05 08:08:42 -05:00
Mikael Nordfeldth
97ac722b24
Accessibility navigation improvement
2016-03-05 12:42:53 +01:00
Mikael Nordfeldth
7ca0ff9a19
MediaFile::fromUpload handles missing local file better
2016-03-05 12:05:12 +01:00
Mikael Nordfeldth
1db02d7f36
filename_base option isn't optimal
...
For different "download filenames" we should use some other method.
2016-03-05 11:59:46 +01:00
Mikael Nordfeldth
57d57b8d8f
Handle reuploads via filehandle better if original is missing
2016-03-05 01:26:34 +01:00
Mikael Nordfeldth
952f68fed5
File upload logging for dummies
2016-03-05 00:59:39 +01:00
hannes
7d4658643d
the repeated notice can be from a sandboxed user too
2016-03-04 16:53:57 -05:00
Mikael Nordfeldth
dc1ceca86e
Some more Microformats2 data for notices and rendering
2016-03-02 13:29:54 +01:00
Mikael Nordfeldth
6529fdd28d
Proper Microformats2 h-entry p-name + u-uid markup
2016-03-02 13:10:02 +01:00
Mikael Nordfeldth
d6598e790c
Introduce a ConfigException
2016-03-02 12:33:06 +01:00
Mikael Nordfeldth
9534969c05
Don't set is_local=LOCAL_NONPUBLIC on sandboxed user notices
...
Let's decide whether they are nonpublic by testing them when the notice
is shown instead.
2016-03-02 12:26:23 +01:00
Mikael Nordfeldth
a3b2118906
Make the public streams ModeratedNoticeStream (hide sandboxed users etc.)
...
Which streams should be put under ModeratedNoticeStream is probably open
to debate. But at least the public ones should hide the posts from users
that are sandboxed.
2016-03-02 11:50:50 +01:00
Mikael Nordfeldth
b4271a3533
Stricted typing + protected on FilteringNoticeStream->filter
2016-03-02 11:40:43 +01:00
Mikael Nordfeldth
99fbb181c1
Translation changes, use FancyName in email subject
2016-03-01 23:53:36 +01:00
Mikael Nordfeldth
47f408ca7c
Strict typing for mail_notify_attn
2016-03-01 23:37:11 +01:00
Mikael Nordfeldth
63c087a255
Consistent behaviour for ScopingNoticeStream $scoped
...
We don't guess the current profile anymore if the value of the profile === -1
Also sets $this->scoped for all ScopingNoticeStream inheritors, which just
like in an Action can be null if we're not scoped in any way (logged in).
2016-03-01 14:51:47 +01:00
Mikael Nordfeldth
7862b853bf
Make javascript XHR timeout a variable.
...
SN.V.xhrTimeout = [time in milliseconds];
2016-03-01 13:10:18 +01:00
Mikael Nordfeldth
6c43e9c2e0
Verify loaded config function, must be completed further.
2016-02-28 13:31:21 +01:00
Mikael Nordfeldth
747c91210f
HTMLPurifier cache settings, put stuff in subdir of get_sys_temp_dir()
2016-02-28 13:30:47 +01:00
Mikael Nordfeldth
cd978fa153
Edited the list of allowed rel values
2016-02-28 13:16:52 +01:00
Mikael Nordfeldth
52a3764ae4
Resolve relative URLs (assuming URI.Base==notice URL)
...
The real way to do this would be to get the xml:base property from
the Atom feed but it's probably not there in any posts we see today.
2016-02-26 14:46:26 +01:00
Mikael Nordfeldth
29662eef5e
Mentioning matches (@this too) now.
2016-02-26 00:08:51 +01:00
Mikael Nordfeldth
2669c51265
Allow sgf files if they're recognized in mime search
...
They are Go game files used on lamatriz.org. Note that my server
doesn't actually recognize these files and can identify the mime type,
but my browser did for some reason.
2016-02-26 00:05:07 +01:00
Mikael Nordfeldth
e6e1705852
Make uploads work properly if we accept _all_ attachment types
...
Also introduced $config['attachments']['extblacklist'] that can disable
certain file extensions (or rewrite them, for example php => phps)
2016-02-25 22:15:54 +01:00
Mikael Nordfeldth
128a00c4ab
Include feeds in Link HTTP headers, for easier discovery
2016-02-24 16:48:44 +01:00
Mikael Nordfeldth
b59dacb806
getAliases for Profile and Notice
...
Also move fancyurlfix into site-wide $config['fix']['fancyurls']
TODO: getByUri should make use of this directly I guess?
2016-02-23 14:00:59 +01:00
Mikael Nordfeldth
5f7032dfee
Verify that authenticated API calls are made from our domain name.
...
Evil forms on other websites could otherwise potentially be configured
to have action="https://gnusocial.example/api/statuses/update.json " or
whatever. XHR is already blocked with CORS stuff.
Really, why do browsers allow cross domain POSTs at all? Sigh. The web.
2016-02-22 15:19:10 +01:00
Mikael Nordfeldth
ce803f6d06
WebFinger aliases with 'index.php/'
2016-02-21 20:00:07 +01:00
Mikael Nordfeldth
893d117309
throw new, not just throw
2016-02-21 19:01:37 +01:00
Mikael Nordfeldth
23e66bef64
common_fake_local_fancy_url to remove index.php/ from a local URL
2016-02-21 18:48:18 +01:00
Mikael Nordfeldth
afbdcf8938
Don't publish mbox_sha1sum in FOAF by default.
...
We say the email is private data, so reasonably we shouldn't reveal it
indirectly through a hash sum: http://xmlns.com/foaf/spec/#term_mbox_sha1sum
2016-02-19 00:10:05 +01:00
Mikael Nordfeldth
a838c90951
Only show "public:site" in ToSelector if notice/allowprivate is true
2016-02-18 00:33:16 +01:00
Mikael Nordfeldth
f68d1ade3f
Put "Everyone" and "Everyone at [local instance]" at the top of ToSelector
2016-02-18 00:32:09 +01:00
Mikael Nordfeldth
543d968b81
NoAcctUriException->profile not $e directly
2016-02-18 00:13:59 +01:00
Mikael Nordfeldth
a361fdbd77
Sort ToSelector by AcctUri
2016-02-18 00:05:09 +01:00
Mikael Nordfeldth
73dbc5ca1b
Use ToSelector choice again.
2016-02-17 23:44:15 +01:00
Mikael Nordfeldth
d2c11925bf
To-selector padlock only shown if site config notice/allowprivate is true
2016-02-17 23:06:11 +01:00
Mikael Nordfeldth
5fbb01130a
By default, disallow users to set private_stream
2016-02-17 22:58:31 +01:00
Mikael Nordfeldth
d2507a6266
Gotta declare FullNoticeStream as abstract class
2016-02-16 02:24:38 +01:00
Mikael Nordfeldth
46829c6d3c
FullNoticeStream selects all verbs.
2016-02-16 02:21:39 +01:00
Mikael Nordfeldth
2d1b70c94d
created column was ambigououuuouuus
2016-02-15 09:59:34 +01:00
Mikael Nordfeldth
2301862ae6
We only want POST and SHARE in the inbox/home timeline right?
2016-02-15 09:59:18 +01:00
Mikael Nordfeldth
dcb7ce36d8
Show shares in public timeline
...
Also, the unselect rule for DELETE was useless anyway since it would
already have been filtered out by not having true.
(the => false stuff are for when you want ALL _except_ that)
2016-02-14 20:53:26 +01:00