Commit Graph

4086 Commits

Author SHA1 Message Date
Mikael Nordfeldth
0e0783ee8c Regexp for Oembed domain matching 2015-01-25 11:18:57 +01:00
Mikael Nordfeldth
85e644d647 Remote thumbnail fetching from trusted sources
So far we only trust i.ytimg.com for YouTube thumbnails, but you can
configure the Oembed plugin in config.php by setting the plugin's class vars:

   addPlugin('Oembed', array('param'=>'value', ...));

Some might think this is a security risk or privacy invasive, but as the Oembed
script is already calling remote sites to get information _about_ linked media,
the way to stop it is to disable the Oembed plugin. However it is not certain
it has been migrated out into a plugin properly yet. But try it if you want to.
2015-01-25 02:34:40 +01:00
Mikael Nordfeldth
999175d741 File_oembed::byFile to avoid littering with getKV 2015-01-25 02:32:04 +01:00
Mikael Nordfeldth
aeaee388bf Store remote magicsig public keys locally 2015-01-24 13:06:09 +01:00
Mikael Nordfeldth
2d0155a50f Added Magicsig onProfileDeleteRelated 2015-01-24 12:47:39 +01:00
Mikael Nordfeldth
975ce6d83e Documentation update (clarifying need for php5-gmp in comment) 2015-01-24 12:22:29 +01:00
Mikael Nordfeldth
cce808b27c const'ifying bits and sigalg
Also we should move away from 1024 bit keys as soon as we can.
2015-01-24 12:18:55 +01:00
Mikael Nordfeldth
bf2f1c23b7 Documentation update for ImageMagick 2015-01-24 11:52:40 +01:00
Mikael Nordfeldth
d1a1eefa38 resize_animated declared public in ImageMagickPlugin 2015-01-24 11:36:16 +01:00
Mikael Nordfeldth
82b335dc2c MapstractionPlugin didn't handle notices without URLs 2015-01-23 12:41:51 +01:00
Mikael Nordfeldth
f814415386 RealtimePlugin didn't handle notices without URLs 2015-01-23 12:40:37 +01:00
Mikael Nordfeldth
99b1a6f576 user is a protected property in UAS/AtomUserNoticeFeed
The bug made it impossible to backup with Favorite ;)
Thanks postblue for reporting.
2015-01-23 11:58:42 +01:00
Mikael Nordfeldth
3a0136fe1f Replace file_get_contents with HTTPClient in testfeed 2015-01-22 11:30:36 +01:00
Mikael Nordfeldth
c1ad416f12 AntiBrute plugin, delay + log multiple fail logins 2015-01-21 23:35:48 +01:00
Mikael Nordfeldth
25911368c8 GIF support (I know you love it)
make sure you have php5-imagick and then enable with addPlugin('ImageMagick')
2015-01-21 16:43:46 +01:00
Mikael Nordfeldth
e6fe996661 NewmessageAction lacked the $form property 2015-01-21 13:02:46 +01:00
Mikael Nordfeldth
d492b74e42 holy crap, file_put_contents got args in wrong order 2015-01-18 02:57:08 +01:00
Mikael Nordfeldth
5d9e9aaaf5 Keep the old error message on updateAvatar 2015-01-18 02:48:39 +01:00
Mikael Nordfeldth
010824c4b5 Use HTTPClient to download avatar
also make updateAvatar public so we can call it from update_ostatus_profile.php
2015-01-18 02:44:55 +01:00
Mikael Nordfeldth
0499736bb4 Loose_Ostatusprofile::updateAvatar was identical to Ostatus_profile 2015-01-18 02:39:08 +01:00
Mikael Nordfeldth
420eea3f24 No need to say we're finished working 2015-01-17 13:38:59 +01:00
Mikael Nordfeldth
f5efbd8037 twitPic no longer exists/is active 2015-01-17 12:07:57 +01:00
Mikael Nordfeldth
092dfee1c6 spring cleaning in Oembed helper list
Fixed http -> https and removed some dead services
2015-01-17 12:06:08 +01:00
Mikael Nordfeldth
ba9abb3c57 Add nohub config setting to allowed non-PuSH feeds 2015-01-16 01:10:55 +01:00
Mikael Nordfeldth
19f3cc112f removed debugging lines for FeedPoller 2015-01-15 21:14:07 +01:00
Mikael Nordfeldth
8594a2ba16 FeedPoller plugin, for hubless feeds 2015-01-15 21:13:13 +01:00
Mikael Nordfeldth
57d8eb8a53 Ensuring unknown profiles in salmon slaps work again 2015-01-13 13:43:35 +01:00
Mikael Nordfeldth
db7154c63b Abort on failure instead of return early success 2015-01-13 13:18:57 +01:00
Mikael Nordfeldth
8749c470ca ArrayWrapper spookiness, must make sure it's a Notice there... 2015-01-12 12:06:19 +01:00
Mikael Nordfeldth
66044b7782 ensureActivityObjectProfile is more thorough than createAct... 2015-01-12 11:47:21 +01:00
Mikael Nordfeldth
aca5ff1b23 Found some unreachable code in Favorite
The portion after StartAtomPubNewActivity would never be reached since
Favorite handles that activity through ActivityHandlerPlugin nowadays.
So I cleaned it up and followed a couple of paths, making stuff prettier.
2015-01-12 02:23:23 +01:00
Mikael Nordfeldth
73669ed308 ensureProfile already done and stored in $this->oprofile 2015-01-12 02:01:26 +01:00
Mikael Nordfeldth
d8f4de450c Support for updated aliases
will verify unknown aliases against old ones if the new identifies as a
previously recognized URI.

Steps:
1. Check the newly received URI. Who does it say it is?
2. Compare these alleged identities to our local database.
3. If we found any locally stored identities, ask it about its aliases.
4. Do any of the aliases from our known identity match the recently introduced one?

Currently we do _not_ update the ostatus_profile table with the new URI.
2015-01-10 02:07:39 +01:00
Mikael Nordfeldth
51f97c7e84 section control over their notice lists + HTML id stuff 2015-01-09 15:46:35 +01:00
Mikael Nordfeldth
d32fef6039 Merge commit 'refs/merge-requests/28' of https://gitorious.org/social/mainline into merge-requests/28 2015-01-08 16:48:42 +01:00
Joshua Judson Rosen
f246dd4645 OStatusPlugin: fix ensureProfile catch-22 in onCheckActivityAuthorship()
Use profile URL (not URI), like elsewhere.

Profile::getUri() doesn't actually do anything useful, here--
it does nothing unless a plugin (like OStatus) is already
able to resolve the Profile into a backend object (e.g.: an Ostatus_profile).

If we might not already have an Ostatus_profile for a given Profile,
then we need to use $profile->getUrl() and fetch the data from that URL.
2014-12-30 23:56:33 -05:00
Mikael Nordfeldth
c93b21d9f6 Columns too narrow in mobileprofile 2014-12-10 12:28:38 +01:00
Mikael Nordfeldth
d3a8896b2a Merge commit 'refs/merge-requests/26' of https://gitorious.org/social/mainline into merge-requests/26 2014-12-09 13:45:15 +01:00
Joshua Judson Rosen
f71eeaee5a OStatus/scripts/update-profile-data.php: print updated fullnames
Now that we can actually update them again.
2014-12-08 22:06:29 -05:00
Mikael Nordfeldth
812d1eead9 Stronger typing in Ostatus_profile 2014-12-08 19:52:00 +01:00
Mikael Nordfeldth
e7c6c6fc76 Merge commit 'refs/merge-requests/19' of https://gitorious.org/social/mainline into merge-requests/19 2014-12-06 20:18:52 +01:00
Hannes Mannerheim
b81857656f delete groups from groups directory, for admins 2014-12-02 15:31:27 +01:00
Mikael Nordfeldth
72d1c3c73e fetch conversation URI in processPost, not processShare 2014-11-27 16:51:21 +01:00
Mikael Nordfeldth
1b449ea705 scripts/upgrade.php would fail if Profile_prefs did not exist
A checkschema.php run would've done it, but that would require an
additional step to our upgrade procedure.
2014-11-27 14:46:10 +01:00
Mikael Nordfeldth
bdb4a41696 Use remote conversation URI info to stitch convos together
If we know the URI sent from the remote party, and we don't know the
notice it is replying to, we might still be able to put it in the same
conversation thread!
2014-11-27 14:06:10 +01:00
Joshua Judson Rosen
cff8c462da sendemailsummary.php: correct path to INSTALLDIR
So that we can actually find commandline.inc.

This should have been updated when the files in the EmailSummary tree
where moved down a level into subdirectories.
2014-11-24 20:28:31 -05:00
Mikael Nordfeldth
8056097478 Try to lookup the profile if we don't know it yet 2014-11-24 23:50:42 +01:00
Mikael Nordfeldth
720c2c9ff2 Ostatus_profile->checkAuthorship returns Profile
not Ostatus_profile
2014-11-24 23:40:06 +01:00
Mikael Nordfeldth
3bf1478f97 Bad parameter count for checkAuthorship
At the same time we change this to call ActivityUtils::checkAuthorship
instead to let the retrieval/verification go through event handling.

rozzin (Joshua Judson Rosen) found this error. Thanks.
2014-11-24 12:49:20 +01:00
Joshua Judson Rosen
4b875e0fd0 Fix OStatus groups by making Ostatus_profile::localProfile() work for groups
We need to look up a feed profile for HandleFeedEntryWithProfile events,
regardless of whether they're an OStatus user, group, or something else;
this is the least hairy way of doing that--the alternative being
to keep spreading the same logic all over the calling code.

Theoretically, this change might allow OStatusGroups to be recorded
as the authors of activities if they pass through any authorless
activities; but that's why we have checkAuthorship().
2014-11-24 12:30:37 +01:00