0590f2975e
Merge branch 'utf8mb4' into nightly
...
Conflicts because of urlhash fixes:
classes/File.php
classes/File_redirection.php
classes/File_thumbnail.php
2015-02-19 20:50:40 +01:00
5471c65c9a
less newlines for the scripts/upgrade.php output
2015-02-19 19:40:36 +01:00
e299583eee
Bad check on existing urlhash key
2015-02-19 19:36:59 +01:00
8ac8e2e734
Use new ::getByUrl for File and File_redirection
...
and make use of the exceptions instead endless if statements
2015-02-19 19:29:55 +01:00
5b940f255f
Mediafile updated to insert urlhash and lookup properly
2015-02-19 19:19:47 +01:00
c05e9b118c
function is hashurl, variable is urlhash
2015-02-19 19:07:43 +01:00
45dc76de26
File and File_redirection adhoc storage methods updated for urlhash
2015-02-19 19:05:24 +01:00
0dfe39ac87
File_thumbnail url is not an index
2015-02-19 18:59:13 +01:00
27480d8e8e
File_redirection also got urlhash column
2015-02-19 18:34:48 +01:00
176bde269f
Merge branch 'nightly' into file_urlhash
2015-02-19 18:13:09 +01:00
df2cc09362
$this->scoped->getUser() instead of common_current_user();
2015-02-19 17:46:37 +01:00
042cb1604a
ROLLBACK if query failed in email settings savePreferences
2015-02-19 17:43:08 +01:00
0acf3e0e30
Profile table cleaning script.
2015-02-18 14:01:35 +01:00
4ad7e8f459
UserdirectoryAction now ManagedAction and better SQL
2015-02-18 13:37:06 +01:00
d445e0c877
No need for return true
2015-02-18 13:18:32 +01:00
e64ac4c418
GroupdirectoryAction now has no direct SQL queries
...
also various fixes uppers
2015-02-18 12:17:26 +01:00
94e19e1ac6
escapedTableName for SQL query easy access
2015-02-18 12:15:46 +01:00
a254f38a23
Turn GroupdirectoryAction into a ManagedAction
2015-02-18 11:15:30 +01:00
52e0ce8b06
Directory group search code cleanup
2015-02-18 11:13:10 +01:00
b039d960f5
Make group search in Directory use PEAR::DB
...
No more direct SQL queries please.
2015-02-18 11:08:11 +01:00
66df043c19
Add php5-intl dependency to Installer class
2015-02-18 00:47:00 +01:00
8fbdb4b9ac
New dependency: php5-intl
...
Internationalization support is required for transliteration, which is
currently used when creating the slugs for hashtags and such. It is a
much more stable and efficient solution than having an unmaintainable
list of unciode characters in an array...
2015-02-18 00:28:45 +01:00
0deaf6c50c
use common_purify to purify HTML, one function to rule them all
2015-02-18 00:14:28 +01:00
3dce6d9f6a
Implement a common_purify for htmLawed and more
...
We're removing unicode formatting characters as well, such as RTL marks.
For more info on why we're because extra cautious (but may accept the
characters in later versions) you can read:
https://blog.malwarebytes.org/online-security/2014/01/the-rtlo-method/
2015-02-18 00:10:31 +01:00
9aa59c7f62
forgot primary key column to updateWithKeys in SalmonAction
2015-02-17 21:31:35 +01:00
7ba7f43199
Don't linkify bare domains by default
...
It's too farfetched to assume any text.com in a notice is an HTTP URL.
For example stuff like pasting from log entries, with domain.com:1234
where 1234 is a _PID_ or something, not a port number for http://...
2015-02-17 20:54:32 +01:00
c31c2d10b9
PHP>=5.4.0 lets us use Transliterator, tags now asciified!
...
For example: #REVOLUCIÓN becomes #revolucion instead of #revolución
2015-02-17 20:17:22 +01:00
5a8f24eb46
urlhash first steps, including scripts/upgrade.php
2015-02-17 18:55:12 +01:00
59763ceecb
SalmonAction now updates remote URI if it was stale.
...
After doublechecking two identities so that they match (like one that was
previously http:// but now is https://) we update the URI in our database
to match.
This has to be verified so it's not easy to fool our script and thus make
us replace legitimate URIs with fake ones. I believe the callback method
is safe, but I'm not sure how well it handles HTTP MITM attacks etc.
2015-02-17 17:35:45 +01:00
282f4d6a89
Various $this->scoped fixes and protected prepare/handle in API actions
2015-02-17 17:20:00 +01:00
6cdedf6049
Replace $this->user/auth_user with $this->scoped in lib/apiaction.php
...
We prefer handling a Profile class rather than the User class, as some
functions might be useful for remote users as well, which cannot be
handled via the User class.
2015-02-17 17:16:33 +01:00
61aa71ed34
Subscription class gets exception throwing getSubscription function
2015-02-17 17:15:47 +01:00
901a825b61
Non-functional "retweeted to me" API call modified (but not fixed)
...
For some reason the "retweeted to me" part of the Twitter API was removed
when Evan made some inbox changes back in the StatusNet days. We might
recover this functionality, but not yet. The proper function calls are
however fixed in this commit.
2015-02-17 16:48:24 +01:00
75f35bcfe7
apiauth action with ->user changed to ->scoped
2015-02-17 16:39:27 +01:00
406b6148f5
CSS: notice images no wider than 100%
...
We should actually not allow remote images to be given in the src attribute
because they can be used for tracking and other nasty stuff without being
seen by the enduser.
Also, allowing remote images linked like this won't work for users who run
plugins like RequestPolicy etc. anyway. A better method would be to make
them listed as attachments instead. Then we can use that subsystem for
making thumbnails to store locally, hotlinking sources and whatnot.
2015-02-17 01:26:18 +01:00
6862184956
Merge commit 'refs/merge-requests/47' of https://gitorious.org/social/mainline into merge-requests/47
2015-02-15 23:06:22 +01:00
2b181b40f7
Merge commit 'refs/merge-requests/48' of https://gitorious.org/social/mainline into merge-requests/48
2015-02-15 22:54:48 +01:00
4c457c82ef
removed text beside lock icon and fixed alignment
2015-02-15 22:47:34 +01:00
3f8a519980
JS: Fixes jQueryUI autocomplete 'undefined' errors
...
data("autocomplete") was renamed to data("ui-autocomplete") starting
from v1.9:
http://jqueryui.com/upgrade-guide/1.9/#changed-naming-convention-for-data-keys
2015-02-15 16:11:23 -05:00
fb03fc073a
ApiTimelineList: Fixes ServerErrorAction
...
"No matches for action 'ApiTimelineList' with arguments 'format=atom
id=1'"
for 'api/:user/lists/:id/statuses.:format' URLs
2015-02-15 16:00:23 -05:00
2b93643277
Don't default to publishing http: alias!
...
It seems to have caused a problem with at least an older codebase of
remote GNU social sites, but either way we shouldn't present the user
as aliased on an insecure connection if there is no real reason to.
2015-02-15 13:33:36 +01:00
396f1e92ca
Present http:// alias by default in WebFinger output
...
because it might help us (and especially StatusNet sites) to recognize
profiles that have migrated from HTTP to HTTPS!
2015-02-15 13:17:51 +01:00
c60b6bdb38
Wrong order of start/end events. My hobby OCD was disturbed.
2015-02-14 17:37:35 +01:00
9c83ddc122
Fixed some recently added EVENTS documentation
2015-02-14 17:35:34 +01:00
b6b9036821
StartSubMenu and EndSubMenu events
2015-02-14 17:32:35 +01:00
dc0b62f636
Merge commit 'refs/merge-requests/45' of https://gitorious.org/social/mainline into merge-requests/45
2015-02-14 16:45:04 +01:00
9102429a13
neo-quitter unuglification by marcus, merge-request 44
2015-02-14 16:42:44 +01:00
1fcb7afd3a
fixed alignment of textarea
...
fixed event view
2015-02-13 23:09:34 +01:00
fe14c64e5e
just make sure that input box and input box label are the same color
2015-02-13 18:09:43 +01:00
107ca92458
use Genericons and fontawesome instead of images
2015-02-13 18:00:57 +01:00
Mikael Nordfeldth
Marcus Moeller
Chimo