Changes in 2d4e0693c8 changed Ostatus_profile::filterReplies() (which sorts out the local, remote, and group recipients on incoming remote messages) from checking for remote profiles with a safe call to Ostatus_profile::staticGet() to calls through Ostatus_profile::ensureProfileURL() and Ostatus_profile::ensureWebfinger(), which throw exceptions and thus abort processing.
Since this was done before checking for local groups, the filter would fail when the ensure* functions determined it was looking at a local group and rightfully refused to create a remote group profile for it.
Changing the calls to the ensure* functions was done so we can record remote reply recipients for future reply-to-reply processing (the staticGet() call was a cheaper way to do a lookup when we knew we only actually had to process groups that somebody signed up to); most important fix is simply to actually check for the exception! :)
Here I'm changing the order of processing so we do the local group lookup first -- where it's nice and safe -- and then when we do the remote checks, we'll go ahead and gracefully skip that entry if the full remote lookup fails, so we'll still process any following recipients.
Changes in 2d4e0693c8 changed Ostatus_profile::filterReplies() (which sorts out the local, remote, and group recipients on incoming remote messages) from checking for remote profiles with a safe call to Ostatus_profile::staticGet() to calls through Ostatus_profile::ensureProfileURL() and Ostatus_profile::ensureWebfinger(), which throw exceptions and thus abort processing.
Since this was done before checking for local groups, the filter would fail when the ensure* functions determined it was looking at a local group and rightfully refused to create a remote group profile for it.
Changing the calls to the ensure* functions was done so we can record remote reply recipients for future reply-to-reply processing (the staticGet() call was a cheaper way to do a lookup when we knew we only actually had to process groups that somebody signed up to); most important fix is simply to actually check for the exception! :)
Here I'm changing the order of processing so we do the local group lookup first -- where it's nice and safe -- and then when we do the remote checks, we'll go ahead and gracefully skip that entry if the full remote lookup fails, so we'll still process any following recipients.
The original-size file is now forced to 0644 (all-readable), which should help. Not sure this is 100% ideal, but it's better than 0600!
(The other sizes were being created in other code and had sane read perms already.)
Watch out for similar issues in Twitter bridge etc; avatar import code should get cleaned up and consolidated.
The Net::OpenID::Server perl module that LJ uses appears to be very picky about input, and rejects most request types unless the data comes in as GET parameters (apparently following OpenID 1.1 rules, rather than OpenID 2.0 rules which permit any request to be POSTed but requires that if so, the data must all be in the POST body).
Apparently something got updated on LJ at some point that's either added that behavior or (more likely) added the OpenID 2.0 namespace info to discovery, which tells the Janrain-based OpenID libraries that they should go ahead and do POST requests instead of redirects to GET requests... thus breaking everything. ;)
GET should be just fine for both 1.1 and 2.0 though, and also saves having to sit through that lame autosubmit page.
Switched the authentication submission from checking whether it should redirect to GET or do a form POST, to simply always doing the redirect to GET.
Tested against providers:
* LiveJournal
* Google
* LaunchPad
* identi.ca
The Net::OpenID::Server perl module that LJ uses appears to be very picky about input, and rejects most request types unless the data comes in as GET parameters (apparently following OpenID 1.1 rules, rather than OpenID 2.0 rules which permit any request to be POSTed but requires that if so, the data must all be in the POST body).
Apparently something got updated on LJ at some point that's either added that behavior or (more likely) added the OpenID 2.0 namespace info to discovery, which tells the Janrain-based OpenID libraries that they should go ahead and do POST requests instead of redirects to GET requests... thus breaking everything. ;)
GET should be just fine for both 1.1 and 2.0 though, and also saves having to sit through that lame autosubmit page.
Switched the authentication submission from checking whether it should redirect to GET or do a form POST, to simply always doing the redirect to GET.
Tested against providers:
* LiveJournal
* Google
* LaunchPad
* identi.ca
Introduce a table mapping notices to Twitter statuses. Initialize
this table at checkSchema() time. Save the mapping when we push
or pull statuses. Use the table to determine if a notice has a
Twitter equivalent.
Plugin source: http://sourceforge.net/tracker/?func=detail&aid=2770218&group_id=103281&atid=738747
Source JS compressed manually with jsmin.
Note: the link detection doesn't match StatusNet's internal link detection right now. URLs with funky chars, especially like Wikipedia style ones, will often not automatically catch. (But you should still be able to manually link them.)
If set up, this hub will be used to subscribe to feeds that don't specify a hub of their own.
Assumes that the fallback hub will, in fact, handle polling and updates for any feed we throw at it!
Authentication may be specified for the fallback hub.
Example:
$config['feedsub']['fallback_hub'] = 'https://superfeedr.com/hubbub';
$config['feedsub']['hub_user'] = 'abcd';
$config['feedsub']['hub_pass'] = 'ckcmdkmckdmkcdk';
Also:
* Fix for WordPress-RSS-via-Superfeedr-Atom; if we have <author> info but no ID from a native ActivityStreams actor, don't freak out in the low-level processing code that checks for identity matches.
* enhanced messages for low-level FeedSub exceptions if they make it to outside display
SubMirror: redid add-mirror frontend to accept a feed URL, then pass that on to OStatus, instead of pulling from your subscriptions.
Profile: tweaked subscriberCount() so it doesn't subtract 1 for foreign profiles who aren't subscribed to themselves; instead excludes the self-subscription in the count query.
Memcached_DataObject: tweak to avoid extra error spew in the DB error raising
Work in progress: tweaking feedsub garbage collection so we can count other uses
The UI for setup and editing is a bit nasty for now. Can be reached via 'Mirroring' tab in account settings, or from a link at top of subscriptions list.
Currently relies on the OStatus plugin to handle actual setup, parsing, and importing of feeds; to support more general feed formatting we may need some further work there to accept weird feeds.
Also requires an actual live subscription, but this could be changed in future. (Ensuring that PSHB feed subscriptions remain live even if nobody's directly subscribed might be tricky.)
The repeat style is our preferred method since it retains full attribution, but right now we don't handle repeats very well across site boundaries; when pushed out to Twitter or to other StatusNet instances via OStatus, currently we end up losing some of the data and can end up with the 'RT @blah' version.
WARNING: There's no loop detection yet; it's most likely possible to set up a fun loop of profiles repeating each others' stuff forever and ever and ever and ever...
addPlugin('TwitterBridge', array('adminImportControl' => true, ....));
Added a note on the label that it requires manual daemon setup. (Note that by default the admin panel won't be shown, so it's no biggie to be hiding this for now.)
http://status.net/open-source/issues/2286
This bit of CSS was constricting the vertical size of the popup form for repeats:
.notice-options form {
width:16px;
height:16px;
}
I can only assume this was originally meant to constrain the mini inline AJAX forms to the size of the clickable buttons, but it doesn't make a difference to how those are displayed on iPhone, Android, or Opera Mini.
Removing the statement lets the popup form go to its natural size, covering the button.
MobileProfile serves pages out to iPhone and Android as application/xhtml+xml, which doesn't work with the default we we were loading recaptcha (as it used document.write). Switched to filling out a <div> from the AJAX API, which doesn't use document.write in the XHTML context.
Tested that view & submission works ok in following browsers:
Mobile: iPhone 3.1, Android 2.1, iPad 3.2 (this last doesn't trigger mobile theme tweaks)
Ubuntu 10.04: Firefox 3.6.3, Chrome 6
Mac 10.6: Safari 5/OS X 10.6.4
Windows 7: IE 8, Opera 10.56
We need to bundle counts of notices and users by date. This can be
expensive for large sites. So, new tables are added to cache the
results of these queries, which don't change after the date is over.
updates. Facebook has disabled the ability to store user preferences
via their old REST API, causing our application to break. Also, verbs
in status updates seem to be deprecated, and stream posts don't seem
to have a verb.
Revert "Locale switch cleanup: use common_switch_locale() which is safer for updating gettext state. Also moved a few calls to reduce chance of hitting an exception before switching back."
This reverts commit 74a89b1fc3.
- Use FQL to check for publish stream permission instead of old REST API
- Better error handling, especially for error code 100
- More logging / better log messages
Fixed typo in RedirectingAction when no return-to data provided in form submission.
RedirectingAction::returnToArgs() has been renamed to returnToPrevious() to avoid conflict with Action::returnToArgs() which returns arguments to be passed to other actions as return-to arguments. All callers should now be updated.
More profile settings actions will now redirect through a login form if visited as a GET request, as would be expected from a bookmark, link sent in e-mail etc.
To enable the admin panel:
$config['admin']['panels'][] = 'openid';
Or to set them manually:
$config['openid']['trusted_provider'] = 'https://login.ubuntu.net/';
$config['openid']['required_team'] = 'my-project-cabal';
$config['site']['openidonly'] = true;
OpenID-only mode can still be set from addPlugin() parameters as well for backwards compatibility.
Note: if it's set there, that value will override the setting from the database or config.php.
Note that team restrictions are only really meaningful if a trusted provider is set; otherwise,
any OpenID server could report back that users are members of the given team.
Restrictions are checked only at OpenID authentication time and will not kick off people currently
with a session open; existing remembered logins may also survive these changes.
Using code for Launchpad team support provided by Canonical under AGPLv3, pulled from r27 of
WordPress teams integration plugin:
https://code.edge.launchpad.net/~canonical-isd-hackers/wordpress-teams-integration/trunk