Commit Graph

267 Commits

Author SHA1 Message Date
Diogo Cordeiro
e0bc35b975 [CORE] Avatars are in PUBLICDIR in v2
Fixed a bug in the Installer
2019-08-03 17:47:28 +01:00
Miguel Dantas
ccebe536b3 [MEDIA] Removed blacklisted extensions, "trusts" upload extension (doesn't affect anything) and updated sysadmin documentation
Fixes bug which broke the UI. Oops
2019-08-03 17:31:39 +01:00
Miguel Dantas
b9a0733062 [MEDIA][CORE] Add common function for converting a string with a size unit to an int and MediaFile uses file_quota 2019-08-03 17:31:39 +01:00
Miguel Dantas
b224d93098 [MEDIA] ImageFile now extends MediaFile and validates images more aggressively.
Default supported files need to use consistent names. Bumped version to 1.20.0

ImageFile has been changed to extend MediaFile and rely on it to partially
validate files. This validation has been extended to not rely solely on
Fileinfo, as it is disabled on some places. Now it'll try to use the shell
command `file`, if Fileinfo isn't available.

ImageFile now converts every new upload to PNG, except JPEG and GIF, which
are kept, but still resized (to the same size), to remove possible scripts
embedded therein.

MediaFile::fromUpload will return an ImageFile if the uploaded file is an image
or a MediaFile otherwise.

MediaFile can be constructed with an id with value -1 to denote a temporary
object, which is not added to the DB. This is useful to create a temporary
object for representing images, so it can be used to rescale them.

The supported attachment array needs to be populated with the result of calling
`image_type_to_extension` for the appropriate image type, in the case of images.
This is important so all parts of the code see the same extension for each image
type (jpg vs jpeg).

Added documentation to classes/File.php and to lib/MediaFile and lib/ImageFile
2019-06-10 00:35:53 +01:00
Diogo Cordeiro
e6667db0cd Add chimo's Nodeinfo plugin as a default GNU social plugin 2019-04-22 06:50:28 +01:00
Mikael Nordfeldth
6938d26524 List the thread config value in lib/default.php 2017-08-03 09:53:00 +02:00
Mikael Nordfeldth
31866be98b Use intval on ini_get or we use a string for timeout 2017-07-10 14:10:32 +02:00
Mikael Nordfeldth
489099ca91 change default timeout setting for HTTPClient 2017-07-09 22:49:49 +02:00
Mikael Nordfeldth
f0480c34d7 Configure a default timeout for HTTP connections at 60s
No requests we do externally should ever take more than 60 seconds. This
could probably be changed for downloading video or whatever for any cache
plugins that want to store data locally, but in general I think even 60s
is way longer than I expect any outgoing requests should take.

This affects everything using HTTPClient, our helper class, and thus all
hub pings, subscription requests, etc. etc.

The value, afaik, includes connect_timeout and if it takes 10 seconds to
establish a connection only 50 seconds is available to transfer data.
2017-07-09 20:28:22 +02:00
Mikael Nordfeldth
000af6d9ee default to #addtag on !group mention 2017-05-02 21:21:53 +02:00
Mikael Nordfeldth
5f24fc0986 Blacklist plugin enabled by default (bug fixes will come) 2017-04-25 20:43:31 +02:00
Mikael Nordfeldth
b54c7f720c add configuration option that was documented in CONFIGURE 2017-04-02 11:05:22 +02:00
Mikael Nordfeldth
63322989c2 if zip is fine then application/x-bzip2 is too 2017-01-11 23:30:06 +01:00
Mikael Nordfeldth
8614cd77eb A good plugin but not necessary as default. 2016-10-22 19:27:07 +02:00
Mikael Nordfeldth
b4a0bff740 Some mimetype madness! 2016-07-06 08:59:16 +02:00
Mikael Nordfeldth
a833eaa651 Make all hash algorithms available (but whitelist by default)
sha1 is whitelisted only because StatusNet requires it.
2016-06-28 11:54:39 +02:00
Mikael Nordfeldth
f134a423f6 rename config option site/logdebug to log/debugtrace 2016-03-27 16:36:58 +02:00
Mikael Nordfeldth
f83b81b8c4 Change config webfinger/http_alias to fix/legacy_http
Set $config['fix']['legacy_http'] to perform some actions that are
needed if your site used to be served over http but now has upgraded
to https!
2016-03-23 15:21:02 +01:00
Mikael Nordfeldth
265fa12917 Relatively experimental change to store thumbnails in 'file/thumb/' (by default) 2016-03-07 22:33:34 +01:00
Mikael Nordfeldth
1db02d7f36 filename_base option isn't optimal
For different "download filenames" we should use some other method.
2016-03-05 11:59:46 +01:00
Mikael Nordfeldth
747c91210f HTMLPurifier cache settings, put stuff in subdir of get_sys_temp_dir() 2016-02-28 13:30:47 +01:00
Mikael Nordfeldth
2669c51265 Allow sgf files if they're recognized in mime search
They are Go game files used on lamatriz.org. Note that my server
doesn't actually recognize these files and can identify the mime type,
but my browser did for some reason.
2016-02-26 00:05:07 +01:00
Mikael Nordfeldth
e6e1705852 Make uploads work properly if we accept _all_ attachment types
Also introduced $config['attachments']['extblacklist'] that can disable
certain file extensions (or rewrite them, for example php => phps)
2016-02-25 22:15:54 +01:00
Mikael Nordfeldth
b59dacb806 getAliases for Profile and Notice
Also move fancyurlfix into site-wide $config['fix']['fancyurls']

TODO: getByUri should make use of this directly I guess?
2016-02-23 14:00:59 +01:00
Mikael Nordfeldth
afbdcf8938 Don't publish mbox_sha1sum in FOAF by default.
We say the email is private data, so reasonably we shouldn't reveal it
indirectly through a hash sum: http://xmlns.com/foaf/spec/#term_mbox_sha1sum
2016-02-19 00:10:05 +01:00
Mikael Nordfeldth
d2c11925bf To-selector padlock only shown if site config notice/allowprivate is true 2016-02-17 23:06:11 +01:00
Mikael Nordfeldth
5fbb01130a By default, disallow users to set private_stream 2016-02-17 22:58:31 +01:00
Mikael Nordfeldth
67dfc0a046 application/xml allowed in uploads 2016-02-11 00:04:14 +01:00
Mikael Nordfeldth
733debd9b3 Use thumbnail upscaling config value 2016-02-10 04:40:54 +01:00
Mikael Nordfeldth
a61235086b Use config site/sslproxy to force HTTPS (i.e. using reverse proxy to enable it)
Usage in config.php: $config['site']['sslproxy'] = true;

Add this to documentation...
2016-02-10 01:05:02 +01:00
Mikael Nordfeldth
cd71188d3a SimpleCaptcha plugin to stop basic bots 2016-02-08 17:47:09 +01:00
Mikael Nordfeldth
d6664f5735 Hidespam by default
...why would something described as "Whether to hide silenced users from timelines"
be set to false by default? :)
2016-02-07 02:33:53 +01:00
Mikael Nordfeldth
90045d66ea HTMLPurifierSchemes plugin to allow geo and magnet URIs 2016-02-03 14:36:51 +01:00
Mikael Nordfeldth
b1ed1f48ea Configurable linkify for bare IPv4/IPv6 2016-02-03 12:55:00 +01:00
Mikael Nordfeldth
84930f89f9 Don't allow account backups by default. 2016-02-03 01:08:36 +01:00
Mikael Nordfeldth
7e6783bb8f Replace htmLawed with HTMLPurifier 2016-01-28 19:01:13 +01:00
Mikael Nordfeldth
f768de4b46 default connect_timeout to 5 instead of extlib 10 2016-01-18 22:01:45 +01:00
Mikael Nordfeldth
17a65ff873 background folder has never been used for GNU social 2015-12-28 00:00:51 +01:00
Mikael Nordfeldth
334a0d56e7 Oembed slimmed to only do discovery (soon we get og: discovery too) 2015-11-30 02:06:04 +01:00
Mikael Nordfeldth
3013b84e98 Don't enable StrictTransportSecurity by default
(but you should enable it if you use TLS, but there are many who do this
through their webserver and it's odd to have double headers etc...)
2015-10-09 10:55:12 +02:00
Mikael Nordfeldth
88f7bb1ed5 Some work on ActivityModeration with notice deletion
Let's now create an event called DeleteNotice and also make sure we
handle the onNoticeDeleteRelated properly in ActivityModeration to
avoid possible endless loops etc.
2015-10-03 02:02:37 +02:00
Mikael Nordfeldth
a09cf51b99 Move Ostatus_profile->processPost function into plugin 2015-09-29 15:19:13 +02:00
Mikael Nordfeldth
8d516d7f08 Don't allow imports by default until it works well on large instances. 2015-07-17 14:40:09 +02:00
aroquen
776b82e6e8 Drop QnA from default plugins 2015-06-07 14:05:51 +02:00
Mikael Nordfeldth
82f9b6908c Fake recovery by email address, to hide registrants on the site 2015-05-30 23:29:58 +02:00
Mikael Nordfeldth
2b58d6b774 Merge branch 'quitagram' into nightly
Fixes that make quitagram work better amongst other things.
2015-04-22 22:17:50 +02:00
Mikael Nordfeldth
4526c3f712 If /var/run was unwritable stopdaemons did not find pid file 2015-04-13 21:51:35 +02:00
Mikael Nordfeldth
d7d96806a4 removed unused config setting 2015-04-10 13:15:12 +02:00
Mikael Nordfeldth
8439efe77d Filter out img, video and audio tags in notice HTML
Because we don't want to auto-fetch items from a remote server. Such
items should be delivered as attachment metadata and portrayed in the
way the local instance chooses.

Choices for portrayal are either simply nullifying this and embedding
the data, linking the file remotely requiring a manual click or maybe
use remote oEmbed data etc. to download files locally so no remote
requests have to be made.
2015-03-15 14:35:29 +01:00
Mikael Nordfeldth
dcfcceb6f2 Share plugin now handles showing form in NoticeOptionItems 2015-03-12 16:33:34 +01:00