Ensure that router is cleared when we do site setup; we can still fetch the data from cache, so it should stay fast, but should ensure that we don't end up with someone else's routes still set up, which may be an issue breaking some of the bookmark handling that needs routing with a rare plugin.
Notice::saveNew() now does these checks directly when making a repeat:
* make sure the original is valid and existing
* stop you from repeating your own message
* stop you from repeating something you've previously repeated
* prevent repeats of any non-public messages
* explicit inScope() check to make sure you can read the original too (just in case there's a funky extension at play that changes scoping rules)
These error conditions throw exceptions, which the caller either uses as an error message or passes on up the stack, without having to duplicate the checks in each i/o channel.
Numbered parameters when more than one used in a message.
L10n updates for consistency.
i18n for non-translatable exception.
Updated translator documentation.
Removed superfluous whitespace.
We disallow repeating a notice (or whatever) if the scope of the
notice is too private. So, only notices that are public scope
(available to everyone in the world) or site scope (available to
everyone on the site) can be repeated.
Enforce this rule at a low level in Notice.php, and in the API,
commands, and Web UI. Repeat button doesn't appear on tightly-scoped
notices in the Web UI.
There were some differences between defaults for the
NoticeStream::getNoticeIds() function and some of its subclasses'
implementations. So, I got them rationalized.
Added filtering code so that notice streams check notice scope.
Added new class to implement filtering a stream, FilteringNoticeStream.
Added a subclass that does the logic for checking Notice scope.
And made all the streams use ScopingNoticeStream.
We've been muddling through with 6- or 8-argument functions for managing streams. I'd
like to start thinking of streams as their own thing, and give them some more value.
So, the new NoticeStream class takes over the Notice::stream() function and Notice::getStreamByIds().
There's probably some fine-tuning to do on the object interface.
like leprous boils in our code. So, I've replaced all of them with //
comments instead. It's a massive, meaningless, and potentially buggy
change -- great one for the middle of a release cycle, eh?
These mini notice lists were previously not actually showing links to the notices, making them hard to use. There was code to output a link, but it had been unused due to the config options triggering it not being set. The links also looked bad ("( see )" with bad spacing).
Replaced that code with a call into NoticeListItem's existing code to format a relative timestamp with the notice permalink, which looks nice. Used a div rather than p to avoid clearing the float, so it flows nicely.
These mini notice lists were previously not actually showing links to the notices, making them hard to use. There was code to output a link, but it had been unused due to the config options triggering it not being set. The links also looked bad ("( see )" with bad spacing).
Replaced that code with a call into NoticeListItem's existing code to format a relative timestamp with the notice permalink, which looks nice. Used a div rather than p to avoid clearing the float, so it flows nicely.
Had to fix some calls to MicroAppPlugin->saveNoticeFromActivity() which passed an OStatus_profile instead of a Profile...
Imported polls don't get data from upstream or send it back currently.
FormNoticeXHR now is triggered on any form labeled with class 'ajax-notice', so those other than the traditional notice form should work as long as they handle the AJAX submission and return a properly formatted notice.
Things to watch out for:
* to determine whether the resulting notice should show on the current timeline, the JS code needs to be able to check the author and such. Keeping the existing vcard bits helps for this!
* the notice form submission stuff clears out inputs from your form -- test to make sure this behaves correctly
* error messages returned from the thingy _should_ come through, but this needs more testing for consistency
* while form components that aren't in a custom form should just be ignored, this should be tested more. (eg there's no location or attachment box for poll or bookmark plugins)
* NoticeListItem isn't currently reachable via autoloader -- touch NoticeList explicitly before calling into it for now.
Note that changes to the attachment from <label for/><input id/> to <label><input></label> affect some of the existing styles which attempt to place them both in the same place based on having a common parent. Only 'neo' has been fully tested and fixed for this case, as the others all fail due to the new layout anyway. :)
* '1.0.x' of gitorious.org:statusnet/mainline:
Initial checkin of Poll plugin: micro-app to post mini polls/surveys from the notice form.
Localisation updates from http://translatewiki.net.
More doc comments on MicroApp stuff; some of the show-notice code & the ActivityStreams stuff is a bit wonky and may need smoothing out
Doc comments for MicroAppPlugin
mailboxes were wrongly overriding global menu
* 1.0.x: (68 commits)
Avoid AJAX fetch delay for inline replies when possible; we clone a copy of the notice form skeleton at initialization, then insert it in place instead of fetching a new one.
Fix bad reference
lost a </div> in input_forms
neo is the default
First version of 3cl theme neo.
cleaner is the new default theme (for now)
store reply_to notices as comment activity objects
fix object errors with bookmark notices
save the object type when saving a new bookmark notice
ActivityObject uses Notice's object_type by default
Notice saves its object type
show correct notice in output
UR FACE
wrapper div for primary nav
Revert "abstraction for starting and ending a menu"
Revert "primarynav uses menustart and menuend"
primarynav uses menustart and menuend
abstraction for starting and ending a menu
remove adminpanelnav from adminpanelaction module
Input form switcher works
...
This change adds the input form switcher, which adds a navigation menu
across the top of the input form, letting you switch between different kinds of input.
The input menu doesn't yet look like a nice set of tabs; it could use some love.
* 1.0.x:
* translator documentation updated. * superfluous whitespace removed. * small refactoring in noticeform.php to allow proper translator hints.
* translator documntation updated * superfluous whitespace remove * minor L10n and i18n updates
Cleanup & minification for migration to reusable notice form in inline replies. Yay!
Work in progress: inline reply form reusing the main reply form now inserts the successful result more or less right
style fixes for new notice form being reused in reply area
Reusable notice form fixes for geolocation
Loading the original form instead of faking up our own. Sorta works but not pretty :D
Kill some more hardcoded ids...
More hardcoded id cleanup in notice form...
'link' to 'links' in feed document
UserActivityStream -- used to create a full activity stream including subscriptions, favorites, notices, etc -- normally buffers everything into memory at once. This is infeasible for accounts with long histories of serious usage; it can take tens of seconds just to pull all records from the database, and working with them all in memory is very likely to hit resource limits.
This commit adds an alternate mode for this class which avoids pulling notices until during the actual output. Instead of pre-sorting and buffering all the notices, empty spaces between the other activities are filled in with notices as we're making output. This means more smaller queries spread out during operations, and less stuff kept in memory.
Callers (backupaccount action, and backupuser.php) which can stream their output pass an $outputMode param of UserActivityStream::OUTPUT_RAW, and during getString() it'll send straight to output as well as slurping the notices in this extra funky fashion.
Other callers will let it default to the OUTPUT_STRING mode, which keeps the previous behavior.
There should be a better way to do this, swapping out the stringer output for raw output more consitently.
http://status.net/open-source/issues/2442
Notes:
* Mapstraction causes JavaScript errors in XHTML mode, breaking our code if we're run later so the link doesn't work to get back to Desktop.
* not 100% sure how safe feature detection is here?
* Currently will be useless but visible links if no JS available; need to fall back to server-side for limited browsers
Regressions caused by bad refactoring in commit 21feac3bea.
Test cases in tests/CommandInterpreterTest.php were made against the pre-refactoring code, and now check out with the fixed code.
Failures were caused by not changing logic structure when moving from multiple exit points (each if point would return directly with a null or an object) to setting a result variable and then falling through to a common exit point. Without the if statements being restructured, the result variable would just get overridden by the next case.
I've extended the rights framework (centering on the Right class and Profile::hasRight()) to cover
Web login and API use. This will make it possible to prevent login and API use by users.
I added two new Right constants to the Right class: WEBLOGIN and API. I check these rights using
Profile::hasRight() when initializing users. If the rights check fails, I throw an exception.
I created a new AuthorizationException class for this particular
exception, in order to allow a different UI for these kinds of exceptions (or whatever).
* 0.9.x:
* update translator documentation. * remove superfluous whitespace. * tab to spaces. * add FIXME for undocumented class.
* update translator documentation. * remove superfluous whitespace. * L10n updates. * small refactoring in publicrss.php. * remove PHP4-isms
Localisation updates from http://translatewiki.net.
Double quotes to single quotes.
* improve L10n consistency for English. For example proper punctuation for all button and label titles. * fix some i18n bugs (in-message variables). * update/add translator documentation. * remove superfluous whitespace.
add path separators for Plugin::path()
argument to send email summary to all users on all sites
fix indentation in siteemailsummaryhandler
fix indentation in sendemailsummary.php
fix indentation in Email_summary_status.php
fix indentation in EmailSummaryPlugin.php
fix indentation in usermailsummaryhandler.php
Our mailbox actions (inbox and outbox) were doing their own display of
messages. This was causing issues with especially showmessage, which
since the more rigourous nickname checks were added, no longer works as
a mailbox subclass.
I've taken the time to rip out the message listing code from MailboxAction
and moved it to a MessageList widget. The different mailboxes now have their
own subclasses that show the correct profile in the list.
This entry was using the strings 'true' and 'false' instead of literal booleans, which could confuse clients expecting literal booleans as in other places and on Twitter in this place.
Format's already available as a member variable, so use it!
Fixes some error reponses in api/statusnet/groups/leave.json which were coming through as XML.
May fix some others as well.
$config['site']['logperf'] = true; // to record & dump total hits of each type and the runtime to syslog
$config['site']['logperf_detail'] = true; // very verbose -- dump the individual cache keys and queries as they get used (may contain private info in some queries)
Seeing 180 cache gets on a timeline page seems not unusual currently; since these run in serial, even relatively small roundtrip times can add up heavily.
We should consider ways to reduce the number of round trips, such as more frequently storing compound objects or the output of processing in memcached.
Doing parallel multi-key lookups could also help by collapsing round-trip times, but might not be easy to fit into SN's object model. (For things like streams this should actually work pretty well -- grab the list, then when it's returned go grab all the individual items in parallel and return the list)
* dropped unnecessary join on notice table
* made the function actually static, since it makes no sense as an instance variable. The only caller (in AttachmentList) is updated.
In order to apply to PHP's POST processing, the MAX_FILE_SIZE field must appear *before* the file upload field. They were incorrectly placed after, where they had no effect on POST processing.
Part of the reported issue was previuosly fixed by dc497ed0 (smaller size images being blanked).
This commit fixes the remaining bug with original-size avatars being left as BMP (which could include the 96px size for instance, which could cause problems in browsers not supporting BMP natively)
Added ImageFile::copyTo() as a convenient alias for resizeTo() when not resizing; this performs the BMP/XPM/XBM->PNG conversion if needed, or copies the original file.
Copying instead of using move_uploaded_file() is fine here since:
a) the files are cleaned up on script completion anyway (vs moving to remove it)
b) we're already performing getimagesize() and possibly load/resize on the file before this point (vs needing to move the file into a usable area to work with open_basedir restrictions that prevent working directly with uploaded files in the temp dir; since this would fail anyway, we lose nothing)
ImageFile::preferredType() now works on $this->type instead of asking for one, to make it handier to use from outside. (This is still needed in order for calling code to generate a target filename.)
Recommended for future:
* additional consolidation between the various ways of uploading avatars (touched avatarsettings, grouplogo, and apiaccountupdateprofileimage with similar minor changes)
* consolidate type checks and file naming into Avatar class
There's a new menu layout in this version of the software. It was
implemented as a plugin in 0.9.x to avoid clashes with existing themes,
but we're going to break that compatibility in this version, so we're just going for it.
This change involved moving all the changes in NewMenuPlugin into the
default code that was calling it. In addition, since
accountsettingsaction and connectsettingsaction differed only by menu,
I removed them, changed all references to them to the settingsmenu, and moved
the combined nav to its own class.
Let's put that episode behind us.
The CSS shim that was loaded by NewMenuPlugin for certain themes and certain actions
was removed.
'admin' is a pretty common username that people try when installing;
it was blacklisted because all of our admin panels were at /admin/*,
which would conflict with the admin user's namespace.
Changed the location of all admin panels to /panel/*, blacklisted the
nickname 'panel', and allowed 'admin'. Tested with a fresh install;
seems to work great.
* 'testing' of gitorious.org:statusnet/mainline: (63 commits)
Add a scary 'experimental feture' warning & are-you-sure prompt on moveuser.php
fix wrong datatypes (saving string instead of array) in AtomPub notice processing
Account moving is a background activity
return a 409 Conflict when subscription already exists
OStatusPlugin does discovery in Profile::fromURI()
considerably more logging and error checking in AccountMover
add a log method to AccountMover
normalize accounts and check for return in HTTP for moving
move account-moving classes to their own libraries
execution protection on discovery.php
PHPCS discovery.php
Move discovery library from OStatus plugin to core
Revert "Revert "0.9.7alpha1""
first example of moving a user
Parse properties of links in XRD files
Add the Atom username to the XRD output
preserve activities in object
let callers pass in an XMLOutputter to output to
execution protection on discovery.php
PHPCS linkheader.php
...
Removed the free calls (unneeded since destructors now work), and added an error check w/ logging & an exception for future attempts to forward calls to nonexistent object.
We were checking the list as comma-delimited (per the description of it as comma-delimited), but in fact spaces are also accepted, and who knows what else.
We can make a lot of HTTP requests from the server side. This change
adds some configuration options for using an HTTP proxy, which can
cache hits from multiple sites (good for status.net-like services, for example).
Version 0.9.6 and below of StatusNet assume anything in <author> is a
Person. So, we include an <activity:subject> element, which will be
checked first by those versions of the code, only for group feeds.
At some point we'll take this out, but it's useful for now.
* adds Right::CREATEGROUP
* logic in Profile::hasRight() checks for silencing
* NewgroupAction checks for the permission before letting you see or process the form in the UI
* User_group::register() logic does a low-level check on the specified initial group admin, and rejects creation if that user doesn't have the right; guaranteeing that API methods etc will also have this restriction applied sensibly.
Moved most of the heavy-lifting for account restoration out of
restoreuser.php and into its own class, with the hope that we'll do
the work from the Web eventually.
The new DeleteaccountAction lets a user delete their own account
(subject to global rights set by the admin). It presents a form to
delete the account, with an "I am sure." text entry box.
It then schedules the account for deletion and logs the user out.