Commit Graph

1009 Commits

Author SHA1 Message Date
Diogo Cordeiro
a38f25f7cd [PEAR] Modernize Validate code
Upgraded IDNA to IDNA2
Added PEAR Date
> fixed: The each function is deprecated
2019-08-03 17:31:43 +01:00
Miguel Dantas
b669f57068 [CORE] Fixed common_get_preferred_php_upload_limit, because some values in php.ini can be -1 or 0 for unlimited 2019-08-03 17:31:40 +01:00
Miguel Dantas
b9a0733062 [MEDIA][CORE] Add common function for converting a string with a size unit to an int and MediaFile uses file_quota 2019-08-03 17:31:39 +01:00
Diogo Cordeiro
d705bcbd98 [CORE] Use random_bytes() if available and improve common_confirmation_code() randomness.
With PHP 7 comes the [random_bytes()](https://php.net/manual/en/function.random-bytes.php) and the [random_int()](https://www.php.net/manual/en/function.random-int.php) function which generates cryptographically secure pseudo-random bytes and integers, respectively.
2019-08-03 17:29:14 +01:00
Diogo Cordeiro
98c0c1ed53 Implement $config['site']['logdebug'] 2019-06-25 22:59:10 +01:00
brunoccast
00b4a084ad PSR2-format 2019-06-07 15:02:09 +01:00
brunoccast
061e7891e9 Cleanup and documentation of common_ensure_session
- Remove redundant branch
- Remove error suppression of session_start()
2019-06-07 15:02:09 +01:00
Diogo Cordeiro
c083a8bcc2 [SESSION] Implement SessionHandlerInterface instead of setting custom handlers by XRevan86 2019-05-22 22:29:33 +01:00
Diogo Cordeiro
6cf674f8f8 Some minor refactoring on session handler 2019-04-27 00:28:05 +01:00
Diogo Cordeiro
9cc7df51d6 Some obvious bug fixes for i18n 2019-04-25 23:12:46 +01:00
Mikael Nordfeldth
ec98fd0c43 Merge remote-tracking branch 'gnuio/master' into nightly 2017-12-17 18:32:23 +01:00
nee
3b5fabbe97 set the html sanitizer cache directory to ['cache']['dir'] from the config file; 2017-12-06 01:55:54 +01:00
Mikael Nordfeldth
00cbc852b0 Make use of variable preMention signal method 2017-08-10 11:33:18 +02:00
Mikael Nordfeldth
8dd06cd8d8 Harmonize webfinger formatting and enable variable pre-mention character 2017-08-10 11:25:04 +02:00
Mikael Nordfeldth
945920f24d Mimetype was not recognized if longer than bare mime 2017-08-05 09:50:42 +02:00
Mikael Nordfeldth
56e2b0007c Issue #279 raises the point of missing newlines 2017-07-11 21:58:24 +02:00
Mikael Nordfeldth
1ccb934541 Return false immediately if $url is empty for common_valid_http_url 2017-05-06 14:38:43 +02:00
Mikael Nordfeldth
709f1bbd75 Return false immediately if $url is empty for common_valid_http_url 2017-05-06 12:25:27 +02:00
Mikael Nordfeldth
15ab9ff9e3 common_to_alphanumeric added, filtering Notice->source in classic layout 2016-09-02 01:00:08 +02:00
Mikael Nordfeldth
e6b3924a5d common_to_alphanumeric added, filtering Notice->source in classic layout 2016-09-02 00:08:17 +02:00
Mikael Nordfeldth
71afb5be75 If the file is text/plain, see if we accept the extension 2016-07-06 09:34:09 +02:00
Mikael Nordfeldth
4117118e23 More specific exceptions for mimetype/extension issues. 2016-07-06 09:14:59 +02:00
Mikael Nordfeldth
b4a0bff740 Some mimetype madness! 2016-07-06 08:59:16 +02:00
Thomas Karpiniec
c1537a1e82 Use noreferrer when linkifying attachments and allow this value in purifier 2016-06-09 19:56:36 +10:00
Mikael Nordfeldth
44ea8aa681 Make sure $_SERVER['HTTP_REFERER'] isset when testing value 2016-03-31 20:51:50 +02:00
Mikael Nordfeldth
5ca2a28246 Make oEmbed handle our http/https setting better. 2016-03-10 14:20:21 +01:00
Mikael Nordfeldth
bd75305560 Define-ify excluded end-characters of URL autolinking 2016-03-09 15:16:47 +01:00
Mikael Nordfeldth
d179afa303 Save allowed path/qstring/fragment characters in constants 2016-03-09 14:51:52 +01:00
Mikael Nordfeldth
dc1ceca86e Some more Microformats2 data for notices and rendering 2016-03-02 13:29:54 +01:00
Mikael Nordfeldth
747c91210f HTMLPurifier cache settings, put stuff in subdir of get_sys_temp_dir() 2016-02-28 13:30:47 +01:00
Mikael Nordfeldth
cd978fa153 Edited the list of allowed rel values 2016-02-28 13:16:52 +01:00
Mikael Nordfeldth
52a3764ae4 Resolve relative URLs (assuming URI.Base==notice URL)
The real way to do this would be to get the xml:base property from
the Atom feed but it's probably not there in any posts we see today.
2016-02-26 14:46:26 +01:00
Mikael Nordfeldth
29662eef5e Mentioning matches (@this too) now. 2016-02-26 00:08:51 +01:00
Mikael Nordfeldth
5f7032dfee Verify that authenticated API calls are made from our domain name.
Evil forms on other websites could otherwise potentially be configured
to have action="https://gnusocial.example/api/statuses/update.json" or
whatever. XHR is already blocked with CORS stuff.

Really, why do browsers allow cross domain POSTs at all? Sigh. The web.
2016-02-22 15:19:10 +01:00
Mikael Nordfeldth
ce803f6d06 WebFinger aliases with 'index.php/' 2016-02-21 20:00:07 +01:00
Mikael Nordfeldth
893d117309 throw new, not just throw 2016-02-21 19:01:37 +01:00
Mikael Nordfeldth
23e66bef64 common_fake_local_fancy_url to remove index.php/ from a local URL 2016-02-21 18:48:18 +01:00
Mikael Nordfeldth
ec257d940a Either use or don't use HTTPS
The risk of injection attacks using HTTP is too great to allow a
site that allows both HTTP and HTTPS...
2016-02-10 00:57:39 +01:00
Mikael Nordfeldth
2686635f60 Keep the rel="tag" in HTML when purifying 2016-02-07 12:50:26 +01:00
Mikael Nordfeldth
9960714896 Disallow zero-length magnet URIs
magnet: would match, but now we have a zero-length lookahead which
requires the following character to be a question mark: magnet:?
2016-02-03 15:26:19 +01:00
Mikael Nordfeldth
349dba8be0 Only allow our specified URI schemes 2016-02-03 14:31:16 +01:00
Mikael Nordfeldth
e903bd0bc3 Hacky support for geo URI detection
Won't work with common_purify yet because there is no geo uri scheme for it
2016-02-03 14:19:08 +01:00
Mikael Nordfeldth
b1ed1f48ea Configurable linkify for bare IPv4/IPv6 2016-02-03 12:55:00 +01:00
Mikael Nordfeldth
a2b914ce60 Get URL schemes by URL type 2016-02-03 00:18:37 +01:00
Mikael Nordfeldth
36f099958c Don't match @nickname on @nickname@server.com 2016-01-29 15:53:58 +01:00
Mikael Nordfeldth
cb40f72c7e Use the profile URI when linking instead of URL
since we'll then get to /user/$id instead of /$nickname which is
good for future archives if someone changes their nickname...
2016-01-29 15:21:01 +01:00
Mikael Nordfeldth
7e6783bb8f Replace htmLawed with HTMLPurifier 2016-01-28 19:01:13 +01:00
mmn
42545c6625 Merge branch 'mention_branch' into 'nightly'
correct mentions if parent mentions multiple users with same nickname (don't use first one for all)



See merge request !82
2016-01-26 21:15:25 +00:00
Mikael Nordfeldth
a9d18a077e Harmonize, clarify, categorize URL schemes
Regular expression + avoid-redirection list now match each other.
2016-01-24 12:47:31 +01:00
Mikael Nordfeldth
1cec627d72 Allow bitcoin scheme to URLs 2016-01-24 12:44:28 +01:00