2730510393
User friendlieness in scripts/delete_notice.php
2016-02-26 00:06:04 +01:00
2669c51265
Allow sgf files if they're recognized in mime search
...
They are Go game files used on lamatriz.org. Note that my server
doesn't actually recognize these files and can identify the mime type,
but my browser did for some reason.
2016-02-26 00:05:07 +01:00
aeb2e282db
Commented on the mime extension matching regexp
2016-02-25 22:32:54 +01:00
4d17d95335
Try to get mime data before hashing (cpu intensive)
2016-02-25 22:31:45 +01:00
bac37d1714
syntax error
2016-02-25 22:17:44 +01:00
e6e1705852
Make uploads work properly if we accept _all_ attachment types
...
Also introduced $config['attachments']['extblacklist'] that can disable
certain file extensions (or rewrite them, for example php => phps)
2016-02-25 22:15:54 +01:00
28d9f82ab1
Merge branch 'master' into mmn_fixes
2016-02-25 20:13:39 +01:00
6336248d71
Notice getRendered() can now be called on uninserted notices
2016-02-25 20:13:00 +01:00
67aff528f5
socialfy-your-domain made people think you needed manual interaction
...
I don't know why, but people started following those instructions for no
apparent reason and it ended up causing a bunch of federation issues or
homegrown cron script messes.
Maybe changing the name to "another" instead of "your" domain will make
people stop doing stuff randomly.
2016-02-25 20:12:56 +01:00
93f5043230
Merge branch 'master' into mmn_fixes
2016-02-25 19:47:51 +01:00
80f7a5f025
$metadata->thumbnail_url is not guaranteed to be set
...
We should probably have a separate class for this, so we can more
easily combine different technologies similar to oEmbed/OpenGraph.
2016-02-25 19:47:16 +01:00
4239c952d2
$metadata->thumbnail_url is not guaranteed to be set
...
We should probably have a separate class for this, so we can more
easily combine different technologies similar to oEmbed/OpenGraph.
2016-02-25 19:46:17 +01:00
e69f878241
Notice getRendered() can now be called on uninserted notices
2016-02-25 15:48:37 +01:00
6d3aa3276a
socialfy-your-domain made people think you needed manual interaction
...
I don't know why, but people started following those instructions for no
apparent reason and it ended up causing a bunch of federation issues or
homegrown cron script messes.
Maybe changing the name to "another" instead of "your" domain will make
people stop doing stuff randomly.
2016-02-25 12:33:28 +01:00
e3e3a91734
Correct comment on Notice->conversation in table schema
2016-02-24 19:34:44 +01:00
128a00c4ab
Include feeds in Link HTTP headers, for easier discovery
2016-02-24 16:48:44 +01:00
1d0a448e07
Publish rel="me" in Link HTTP headers
2016-02-24 16:43:09 +01:00
731fd01139
Allow easy fetching of rel="me" values
2016-02-24 16:42:54 +01:00
3ef573f67c
Default to profile size in Avatar::defaultAvatar
2016-02-24 16:42:35 +01:00
e6f07d8554
Use in_array instead. Now we get third party responses to contextually interesting threads
...
I think this solves much of the "third party conversation" issues, assuming involved parties
are using modern GNU social instances.
2016-02-24 00:19:27 +01:00
31c9b2c1d8
Check the notice context for users in UsersalmonAction
2016-02-23 23:56:43 +01:00
9319033ff0
Properly attach activityobjects
...
For some reason they were written to ->object, which is incorrect as
we use the objects[] array (which usually just holds one entry though)
2016-02-23 23:50:57 +01:00
0eb5122817
Check that the user is in the context of a salmon slap
2016-02-23 23:42:41 +01:00
d672547112
getAliases should be only a list (numeric array)
2016-02-23 14:33:09 +01:00
e16f7d04a8
Let OpenID match against aliases (fix fancyurl stuff etc.)
2016-02-23 14:15:08 +01:00
b59dacb806
getAliases for Profile and Notice
...
Also move fancyurlfix into site-wide $config['fix']['fancyurls']
TODO: getByUri should make use of this directly I guess?
2016-02-23 14:00:59 +01:00
5f7032dfee
Verify that authenticated API calls are made from our domain name.
...
Evil forms on other websites could otherwise potentially be configured
to have action="https://gnusocial.example/api/statuses/update.json " or
whatever. XHR is already blocked with CORS stuff.
Really, why do browsers allow cross domain POSTs at all? Sigh. The web.
2016-02-22 15:19:10 +01:00
c67b89e56b
Make WebFinger fancyurlfix configurable
2016-02-21 20:05:32 +01:00
ce803f6d06
WebFinger aliases with 'index.php/'
2016-02-21 20:00:07 +01:00
1edb1bbc17
Claim that we are the URL without index.php/ in webfinger response
2016-02-21 19:09:39 +01:00
893d117309
throw new, not just throw
2016-02-21 19:01:37 +01:00
0c17c32267
Let the WebFingerPlugin lookup profile resources with index.php/ too
2016-02-21 18:48:48 +01:00
23e66bef64
common_fake_local_fancy_url to remove index.php/ from a local URL
2016-02-21 18:48:18 +01:00
d16a883e17
Allow lookup of User->getByUri (throws NoResultException)
2016-02-21 18:47:47 +01:00
b23cc7465f
Keep a unique set of WebFingerResource aliases
2016-02-21 18:47:32 +01:00
afbdcf8938
Don't publish mbox_sha1sum in FOAF by default.
...
We say the email is private data, so reasonably we shouldn't reveal it
indirectly through a hash sum: http://xmlns.com/foaf/spec/#term_mbox_sha1sum
2016-02-19 00:10:05 +01:00
a838c90951
Only show "public:site" in ToSelector if notice/allowprivate is true
2016-02-18 00:33:16 +01:00
f68d1ade3f
Put "Everyone" and "Everyone at [local instance]" at the top of ToSelector
2016-02-18 00:32:09 +01:00
543d968b81
NoAcctUriException->profile not $e directly
2016-02-18 00:13:59 +01:00
a361fdbd77
Sort ToSelector by AcctUri
2016-02-18 00:05:09 +01:00
73dbc5ca1b
Use ToSelector choice again.
2016-02-17 23:44:15 +01:00
d9b649642d
Show notice feed URLs (and author)
2016-02-17 23:32:56 +01:00
d2c11925bf
To-selector padlock only shown if site config notice/allowprivate is true
2016-02-17 23:06:11 +01:00
5fbb01130a
By default, disallow users to set private_stream
2016-02-17 22:58:31 +01:00
47dc15c9f6
Describe that we don't allow empty fullnames.
2016-02-17 22:48:32 +01:00
d6bf90cfb7
If profile fullname is 0 chars use nickname
2016-02-17 22:43:45 +01:00
ade4518ae4
Make the Link header give URI for WebFinger lookup
2016-02-17 22:36:33 +01:00
422d475e44
Differentiate two similar log warning messages
2016-02-17 21:57:52 +01:00
d2507a6266
Gotta declare FullNoticeStream as abstract class
2016-02-16 02:24:38 +01:00
46829c6d3c
FullNoticeStream selects all verbs.
2016-02-16 02:21:39 +01:00
Mikael Nordfeldth