b2cfbded2e
Upgrading from 1.1.x would make uri fields have length=255
2016-03-15 16:54:10 +01:00
346a73c36f
Fix a regression in 1f76c1e4 that stopped sending email confirmation on registration
2016-03-02 14:38:34 +01:00
6336248d71
Notice getRendered() can now be called on uninserted notices
2016-02-25 20:13:00 +01:00
67aff528f5
socialfy-your-domain made people think you needed manual interaction
...
I don't know why, but people started following those instructions for no
apparent reason and it ended up causing a bunch of federation issues or
homegrown cron script messes.
Maybe changing the name to "another" instead of "your" domain will make
people stop doing stuff randomly.
2016-02-25 20:12:56 +01:00
80f7a5f025
$metadata->thumbnail_url is not guaranteed to be set
...
We should probably have a separate class for this, so we can more
easily combine different technologies similar to oEmbed/OpenGraph.
2016-02-25 19:47:16 +01:00
e6f07d8554
Use in_array instead. Now we get third party responses to contextually interesting threads
...
I think this solves much of the "third party conversation" issues, assuming involved parties
are using modern GNU social instances.
2016-02-24 00:19:27 +01:00
31c9b2c1d8
Check the notice context for users in UsersalmonAction
2016-02-23 23:56:43 +01:00
9319033ff0
Properly attach activityobjects
...
For some reason they were written to ->object, which is incorrect as
we use the objects[] array (which usually just holds one entry though)
2016-02-23 23:50:57 +01:00
0eb5122817
Check that the user is in the context of a salmon slap
2016-02-23 23:42:41 +01:00
d672547112
getAliases should be only a list (numeric array)
2016-02-23 14:33:09 +01:00
e16f7d04a8
Let OpenID match against aliases (fix fancyurl stuff etc.)
2016-02-23 14:15:08 +01:00
b59dacb806
getAliases for Profile and Notice
...
Also move fancyurlfix into site-wide $config['fix']['fancyurls']
TODO: getByUri should make use of this directly I guess?
2016-02-23 14:00:59 +01:00
5f7032dfee
Verify that authenticated API calls are made from our domain name.
...
Evil forms on other websites could otherwise potentially be configured
to have action="https://gnusocial.example/api/statuses/update.json " or
whatever. XHR is already blocked with CORS stuff.
Really, why do browsers allow cross domain POSTs at all? Sigh. The web.
2016-02-22 15:19:10 +01:00
c67b89e56b
Make WebFinger fancyurlfix configurable
2016-02-21 20:05:32 +01:00
ce803f6d06
WebFinger aliases with 'index.php/'
2016-02-21 20:00:07 +01:00
1edb1bbc17
Claim that we are the URL without index.php/ in webfinger response
2016-02-21 19:09:39 +01:00
893d117309
throw new, not just throw
2016-02-21 19:01:37 +01:00
0c17c32267
Let the WebFingerPlugin lookup profile resources with index.php/ too
2016-02-21 18:48:48 +01:00
23e66bef64
common_fake_local_fancy_url to remove index.php/ from a local URL
2016-02-21 18:48:18 +01:00
d16a883e17
Allow lookup of User->getByUri (throws NoResultException)
2016-02-21 18:47:47 +01:00
b23cc7465f
Keep a unique set of WebFingerResource aliases
2016-02-21 18:47:32 +01:00
afbdcf8938
Don't publish mbox_sha1sum in FOAF by default.
...
We say the email is private data, so reasonably we shouldn't reveal it
indirectly through a hash sum: http://xmlns.com/foaf/spec/#term_mbox_sha1sum
2016-02-19 00:10:05 +01:00
a838c90951
Only show "public:site" in ToSelector if notice/allowprivate is true
2016-02-18 00:33:16 +01:00
f68d1ade3f
Put "Everyone" and "Everyone at [local instance]" at the top of ToSelector
2016-02-18 00:32:09 +01:00
543d968b81
NoAcctUriException->profile not $e directly
2016-02-18 00:13:59 +01:00
a361fdbd77
Sort ToSelector by AcctUri
2016-02-18 00:05:09 +01:00
73dbc5ca1b
Use ToSelector choice again.
2016-02-17 23:44:15 +01:00
d9b649642d
Show notice feed URLs (and author)
2016-02-17 23:32:56 +01:00
d2c11925bf
To-selector padlock only shown if site config notice/allowprivate is true
2016-02-17 23:06:11 +01:00
5fbb01130a
By default, disallow users to set private_stream
2016-02-17 22:58:31 +01:00
47dc15c9f6
Describe that we don't allow empty fullnames.
2016-02-17 22:48:32 +01:00
d6bf90cfb7
If profile fullname is 0 chars use nickname
2016-02-17 22:43:45 +01:00
ade4518ae4
Make the Link header give URI for WebFinger lookup
2016-02-17 22:36:33 +01:00
422d475e44
Differentiate two similar log warning messages
2016-02-17 21:57:52 +01:00
d2507a6266
Gotta declare FullNoticeStream as abstract class
2016-02-16 02:24:38 +01:00
46829c6d3c
FullNoticeStream selects all verbs.
2016-02-16 02:21:39 +01:00
2d1b70c94d
created column was ambigououuuouuus
2016-02-15 09:59:34 +01:00
2301862ae6
We only want POST and SHARE in the inbox/home timeline right?
2016-02-15 09:59:18 +01:00
dcb7ce36d8
Show shares in public timeline
...
Also, the unselect rule for DELETE was useless anyway since it would
already have been filtered out by not having true.
(the => false stuff are for when you want ALL _except_ that)
2016-02-14 20:53:26 +01:00
e2a090c9cc
Use NoticeStream::filterVerbs for filtering in noticestreams
2016-02-14 20:46:13 +01:00
c23c3a4f53
Might as well put a FILTER_SANITIZE_EMAIL there
...
Not that I think we could break out of the directory since
we use basename, but you never know... maybe there's a unicode
bug in PHP or something.
2016-02-13 14:06:05 +01:00
4bf26eff4c
socialfy-your-domain updated for webfinger (not tested)
2016-02-13 13:57:15 +01:00
be14e15dac
Hide attachments in notices by silenced profiles
2016-02-13 13:17:39 +01:00
fbcca62ae1
listGet was not meant for that really
2016-02-13 01:19:47 +01:00
8ef2abf30b
Render RegiserThrottle extra profile data properly
2016-02-13 01:16:34 +01:00
799c2e47fe
Don't depend on ModLog
2016-02-13 01:10:01 +01:00
be35975b12
RegisterThrottle list-profiles-by-ip
2016-02-13 01:02:18 +01:00
557ad2d1fd
Show user registration IP to users who can see ModLog
2016-02-13 00:51:43 +01:00
c7c34ec05a
Only administrators can delete other privileged users.
2016-02-12 15:00:18 +01:00
83f679fb57
Profile->isPrivileged() to check if users have more rights than to post etc.
2016-02-12 14:47:49 +01:00
Mikael Nordfeldth