Commit Graph

11242 Commits

Author SHA1 Message Date
Brion Vibber
46d9496ee6 Tickets #2112, 2333, 1677, 2362, 2831: fix AJAX form posting on SSL page views with ssl=sometimes
These have been failing for ages due to our outputting full URLs all the time, usually with the default protocol instead of the current one.
Forms would get output with an http: URL in their contents even when destined for an HTTPS page; while a regular form submission would just warn you about the secure->insecure transition, the AJAX code was failing outright and then not bothering to fall back to the regular submission.

I found it was easy to detect the mismatch -- just check the target URL and the current page's protocol before submitting.

Since failing over to non-AJAX submission to the HTTP URL throws up a warning, I figured it'd be easier (and much nicer for users) to just let it rewrite the target URL to use the secure protocol & hostname before doing the final submit.
This check is now automatically done for anything that calls SN.U.FormXHR() -- making most of our buttons on notices and profile/group headers work naturally.
The notice form setup code also runs the rewrite, which gets posting working without an error dialog.

I'd prefer in the long run to simply use relative URLs in most of our output; it avoids this problem completely and lets users simply stay in the current protocol mode instead of being constantly switched back to HTTP when clicking around.
(Note that folks using the SSLAlways extension to Firefox, for instance, will have their browsers constantly sending them back to HTTP pages, mimicking the desired user experience even though we haven't fully implemented it. These folks are likely going to be a lot happier with forms that submit correctly to go along with it!)
2010-12-16 17:02:02 -08:00
Brion Vibber
532178e3ee Fix for ticket #2910: fix inconsistencies in notice posting response display that broke help command, could be generally wonky
Previous code was importing nodes from the XHR result into current document, then pulling text content of what might be the right element, then concat'ing that straight into HTML. Eww! Now pulling the text content straight from the XHR result -- same element that we check for existence of -- and using jQuery's own text() to do the getting and setting of text. Also note that some browsers might have been pulling HTML instead of text, or other funkiness.
2010-12-16 16:18:49 -08:00
Brion Vibber
f901c25012 Add lots of doc comments to util.js. Most stuff makes some kind of stuff, but some is kinda.... funky :D
These comments are all stripped during minification, so util.min.js remains unchanged.
2010-12-16 15:34:51 -08:00
Brion Vibber
364bc6e642 work in progress 2010-12-16 15:04:48 -08:00
Brion Vibber
ed24c95ac2 Fix ticket #2929: router cache now clears itself when switching singleuser mode in and out 2010-12-16 13:42:10 -08:00
Brion Vibber
ba2b670bfb add .mo files to .gitignore 2010-12-16 10:38:38 -08:00
Siebrand Mazeland
ae65f93b2b L10n updates and removal of superfluous whitespace. 2010-12-16 16:33:39 +01:00
Siebrand Mazeland
cf824621b9 Localisation updates from http://translatewiki.net. 2010-12-16 16:30:30 +01:00
Brion Vibber
b7f43c8127 Makefile to re-generate util.min.js (needs yui-compressor in path) 2010-12-15 15:00:44 -08:00
Brion Vibber
2836c4e561 Fix for ticket #2942: character counter now updates on cut and paste operations made with mouse or menu
This uses the 'copy' and 'paste' DOM events to trigger a counter update. I haven't had a chance to 100% confirm that middle-button click on X11 triggers the event, but it ought to.
Cut and paste events from context menu and main edit menu known good in:
* Firefox 4.08b-pre
* IE 9 preview 7
* IE 8 current
* Chrome 8 beta current
* Safari 5.0.3

Opera is listed as not supporting these events, oh well.

Note that using a *delete* command from a menu doesn't trigger an event. Sigh, you can't win everything.
2010-12-15 14:57:09 -08:00
Brion Vibber
0330bad688 Cleaner code to avoid a couple PHP notices from accessing uninitialized variables in ostatus profile discovery (these cases hit checking diaspora accounts) 2010-12-15 12:14:25 -08:00
Brion Vibber
6c67114198 Mark OembedAction, XrdAction, and (plugin) AutocompleteAction as read-only. Tweaked ApiStatusesShow and ApiTimelineUser to still claim read-only when hit with a HEAD request (usually link checkers or a precursor to a GET, and should be semantically equivalent to a GET without actually transferring data) 2010-12-14 16:14:15 -08:00
Brion Vibber
2ed1e9b126 AtomPub discovery fix: gets MarsEdit's auto API detection working.
Router entry for AtomPubService was slightly off, generating an incorrect link in the RSD data.
2010-12-14 14:43:50 -08:00
Brion Vibber
fefd9056da AtomPub test cases: make sure the posted entry appears in the feed, and that it disappears after deletion 2010-12-14 14:07:25 -08:00
Brion Vibber
b7e3b06bb1 AtomPub tetss: confirming edit URL linked properly in individual entry return 2010-12-14 13:52:44 -08:00
Brion Vibber
247a494006 AtomPub tests: fix delete test 2010-12-14 13:25:22 -08:00
Brion Vibber
0bfeaa4559 AtomPub tests: fix for atom post check 2010-12-14 13:23:09 -08:00
Brion Vibber
82a9560a2d AtomPub fix: correct the response URL given from posting a new message (wrong parameter meant we got the main page instead of the message's URL) 2010-12-14 13:19:22 -08:00
Brion Vibber
54a0e801f3 AtomPub fixes: return '201 Created' on POST of new message; better error checking on Atom input 2010-12-14 13:12:24 -08:00
Brion Vibber
0f26d6eb70 more fixins on AtomPub tests 2010-12-14 13:11:34 -08:00
Brion Vibber
56e72ec7a1 auth fix 2010-12-14 12:36:21 -08:00
Brion Vibber
3426f65736 Mostly-implemented basic AtomPub tests 2010-12-14 12:33:28 -08:00
Brion Vibber
654d1749da partial stub file for atompub tests 2010-12-13 17:48:23 -08:00
Brion Vibber
2503c33502 Merge branch 'master' of gitorious.org:statusnet/mainline into 0.9.x 2010-12-13 14:03:59 -08:00
Brion Vibber
39cad55711 TwitterBridge: partial merge of id_str usage from 0.9.x for improved 32-bit and pre-5.2.10 compatibility. (on 64-bit in 5.2.6 we can pull the integer IDs, but silently lose some precision on the end.)
Fixes for Twitter bridge breakage on 32-bit servers. New "Snowflake" 64-bit IDs have become too big to fit in the integer portion of double-precision floats, so to reliably use these IDs we need to pull the new string form now.
Machines with 64-bit PHP installation should have had no problems (except on Windows, where integers are still 32 bits)

Conflicts:

	plugins/TwitterBridge/twitterimport.php <- as this hasn't been broken out, the import code is NOT FULLY UPDATED HERE.
2010-12-13 12:13:24 -08:00
Evan Prodromou
027c73a4a1 Merge branch 'activityatompub' into 0.9.x 2010-12-13 14:35:42 -05:00
Evan Prodromou
1033e1e519 add the other three feeds to AtomPub service document 2010-12-13 14:35:29 -05:00
Evan Prodromou
c6d6f25b52 Atom pub feed for group memberships
Feed for group memberships, in activity streams format.

Shows a feed; has proper pagination; accepts activitystreams "join"
activities to start a new membership.
2010-12-13 13:56:54 -05:00
Evan Prodromou
4be9c0a0e9 fix URL for memberships feed 2010-12-13 13:50:57 -05:00
Evan Prodromou
a93f0fea61 membership stream method and return membership from join() in Group_member class 2010-12-13 13:50:39 -05:00
Evan Prodromou
156bd011af fix navigation links for favorite feed 2010-12-13 13:08:38 -05:00
Evan Prodromou
c5fee7573e fix navigation links for subscriptions feed 2010-12-13 13:07:25 -05:00
Evan Prodromou
5bbd77b761 group_member includes self link, edit link 2010-12-13 12:40:44 -05:00
Evan Prodromou
1a58fdd695 add atompub show membership action 2010-12-13 12:40:22 -05:00
Evan Prodromou
4b7a0d366c add atompub membership actions to router 2010-12-13 12:40:01 -05:00
Zach Copley
bb55784e90 Move getConnectedApps() from Profile to User, where it belongs 2010-12-12 17:37:42 -08:00
Evan Prodromou
30f0defcf1 atompub favorite feed 2010-12-12 13:16:34 -05:00
Evan Prodromou
7c37aa802b a stream function for Fave class 2010-12-12 12:22:04 -05:00
Evan Prodromou
1817aedb5c fix subtitle in subscriptions feed 2010-12-12 12:13:54 -05:00
Evan Prodromou
d9a614c57e use new Subscription stream methods for AtomPub 2010-12-11 11:24:07 -05:00
Evan Prodromou
8dea5144a9 Merge branch '0.9.x' into activityatompub 2010-12-11 11:03:02 -05:00
Evan Prodromou
af4ee1d490 Merge branch '0.9.x' of gitorious.org:statusnet/mainline into 0.9.x 2010-12-11 11:01:05 -05:00
Evan Prodromou
d0ea138888 cache stream of subscriptions 2010-12-11 11:00:04 -05:00
Evan Prodromou
7285bbc93b Subscription stream functions
Made two new functions, Subscription::bySubscriber() and
Subscription::bySubscribed(), to get streams of Subscription objects.

Converted Profile::getSubscribers() and Profile::getSubscriptions() to
use these functions.
2010-12-11 10:24:46 -05:00
Evan Prodromou
37c447be46 Show a single favorite for AtomPub 2010-12-10 18:50:50 -05:00
Brion Vibber
3f9b8b293d Workaround for locally-handled sessions breaking on PHP 5.3 with APC enabled.
Big thanks to the folks at http://pecl.php.net/bugs/bug.php?id=16745 for the secret juju!
Classes were being torn down before session save handlers got called at the end of the request, which exploded with complaints about being unable to find various classes.
Registering a shutdown function lets us explicitly close out the session before everything gets torn down.
2010-12-10 14:12:02 -08:00
Brion Vibber
ab7a06542c Workaround for locally-handled sessions breaking on PHP 5.3 with APC enabled.
Big thanks to the folks at http://pecl.php.net/bugs/bug.php?id=16745 for the secret juju!
Classes were being torn down before session save handlers got called at the end of the request, which exploded with complaints about being unable to find various classes.
Registering a shutdown function lets us explicitly close out the session before everything gets torn down.
2010-12-10 22:08:36 +00:00
Evan Prodromou
167f760ab8 Merge branch '0.9.x' into activityatompub
Conflicts:
	lib/router.php
2010-12-10 17:04:55 -05:00
Brion Vibber
65f2d12bbf extlibs updates: PEAR::Mail to 1.2.0, PEAR::Net_SMTP to 1.4.2 (need to go together as a pair)
PEAR::Mail updated to 1.2.0 from 1.1.4, fixes deprecation warnings on PHP 5.3, as well as:
1.2.0:
• QA release - stable.
• Updated minimum dependencies (Net_SMTP, PEAR, PHP)
• Doc Bug #15620 Licence change to BSD
• Bug #13659 Mail parse error in special condition
• Bug #16200 - Security hole allow to read/write Arbitrary File
_hasUnclosedQuotes() doesn't properly handle a double slash before an end quote (slusarz@curecanti.org, Bug #9137).
• Make sure Net_SMTP is defined when calling getSMTPObject() directly (slusarz@curecanti.org, Bug #13772).
• Add addServiceExtensionParameter() to the SMTP driver (slusarz@curecanti.org, Bug #13764).
• Add a method to obtain the Net_SMTP object from the SMTP driver (slusarz@curecanti.org, Bug #13766).

PEAR::Net_SMTP updated to 1.4.2 from 1.3.1, needed to support updated PEAR::Mail:
1.4.2:
• Fixing header string quoting in data(). (Bug #17199)
1.4.1:
• The auth() method now includes an optional $tls parameter that determines whether or not TLS should be attempted (if supported by the PHP runtime and the remote SMTP server). This parameter defaults to true. (Bug #16349)
• Header data can be specified separately from message body data by passing it as the optional second parameter to ``data()``. This is especially useful when an open file resource is being used to supply message data because it allows header fields (like *Subject:*) to be built dynamically at runtime. (Request #17012)
1.4.0:
• The data() method now accepts either a string or a file resource containing the message data. (Request #16962)
1.3.4:
• All Net_Socket write failures are now recognized. (Bug #16831)
1.3.3:
• Added getGreeting(), for retrieving the server's greeting string. (Request #16066) [needed for PEAR::Mail]
• We no longer attempt a TLS connection if we're already using a secure socket. (Bug #16254)
• You can now specify a debug output handler via setDebug(). (Request #16420)
1.3.2:
• TLS connection only gets started if no AUTH methods are sent. (Bug #14944)
2010-12-10 11:07:51 -08:00
Brion Vibber
baae319aef extlibs updates: PEAR::Mail to 1.2.0, PEAR::Net_SMTP to 1.4.2 (need to go together as a pair)
PEAR::Mail updated to 1.2.0 from 1.1.4, fixes deprecation warnings on PHP 5.3, as well as:
1.2.0:
• QA release - stable.
• Updated minimum dependencies (Net_SMTP, PEAR, PHP)
• Doc Bug #15620 Licence change to BSD
• Bug #13659 Mail parse error in special condition
• Bug #16200 - Security hole allow to read/write Arbitrary File
_hasUnclosedQuotes() doesn't properly handle a double slash before an end quote (slusarz@curecanti.org, Bug #9137).
• Make sure Net_SMTP is defined when calling getSMTPObject() directly (slusarz@curecanti.org, Bug #13772).
• Add addServiceExtensionParameter() to the SMTP driver (slusarz@curecanti.org, Bug #13764).
• Add a method to obtain the Net_SMTP object from the SMTP driver (slusarz@curecanti.org, Bug #13766).

PEAR::Net_SMTP updated to 1.4.2 from 1.3.1, needed to support updated PEAR::Mail:
1.4.2:
• Fixing header string quoting in data(). (Bug #17199)
1.4.1:
• The auth() method now includes an optional $tls parameter that determines whether or not TLS should be attempted (if supported by the PHP runtime and the remote SMTP server). This parameter defaults to true. (Bug #16349)
• Header data can be specified separately from message body data by passing it as the optional second parameter to ``data()``. This is especially useful when an open file resource is being used to supply message data because it allows header fields (like *Subject:*) to be built dynamically at runtime. (Request #17012)
1.4.0:
• The data() method now accepts either a string or a file resource containing the message data. (Request #16962)
1.3.4:
• All Net_Socket write failures are now recognized. (Bug #16831)
1.3.3:
• Added getGreeting(), for retrieving the server's greeting string. (Request #16066) [needed for PEAR::Mail]
• We no longer attempt a TLS connection if we're already using a secure socket. (Bug #16254)
• You can now specify a debug output handler via setDebug(). (Request #16420)
1.3.2:
• TLS connection only gets started if no AUTH methods are sent. (Bug #14944)
2010-12-10 10:47:22 -08:00