Commit Graph

6070 Commits

Author SHA1 Message Date
Diogo Cordeiro
3b01aa31d3 [REALTIME] Reviewed both the superclass and its dist plugins 2021-07-16 19:44:36 +01:00
Alexei Sorokin
eab5725698 [DATABASE] Disable 'NULL' strings evaluation as SQL NULLs
Use $object->sqlValue('NULL') (identical to DataObject_Cast'ing) instead and
fix related issues like (email|sms)settings considering these NULLs as a
false positive for the E-Mail address still being set when it's been removed.

There could also be security implications to the now-disabled approach of
considering 'NULL' strings as SQL NULLs.
2021-07-16 19:44:35 +01:00
tenma
b19da881c7 [TheFreeNetwork] First code: Module class and census event 2021-07-16 19:44:35 +01:00
tenma
c861eb7232 [CORE] Update common_user_uri
To be consistent between federated-protocols and maintain non-fancy URIs
2021-07-16 19:44:35 +01:00
Alexei Sorokin
01696246eb [Embed][CORE] hex2bin should always get an even amount of symbols 2021-07-16 19:44:35 +01:00
Diogo Cordeiro
d69f479cba [CORE] Allow to force non-fancy URLs
Essential to allow toggling fancy urls later. In some cases it is
critical to keep the URL an unique URI.
2021-07-16 19:44:35 +01:00
Diogo Cordeiro
3dcedfa8bd [MEDIA] Simplify Attachment actions 2021-07-16 19:44:35 +01:00
Diogo Cordeiro
81711a18d9 [LIB_REFACTOR] Fix minor issues 2021-07-16 19:44:35 +01:00
Miguel Dantas
e25803b537 [Embed][CORE] Fixes 'Invalid Filename' on Embed. Regex didn't get updated 2021-07-16 19:44:35 +01:00
Alexei Sorokin
3460c13535 [DAEMONS] Move resetDb to the Daemon class
As it is used inside the Daemon class now, it should always be available.
2021-07-16 19:44:35 +01:00
Alexei Sorokin
ffef85414e [CORE] Fix logging of very early failures 2021-07-16 19:44:35 +01:00
Alexei Sorokin
cfc93bacbb [DATABASE][MariaDB] Properly account for foreign keys 2021-07-16 19:44:35 +01:00
Diogo Cordeiro
acd64ba54a [BugFix] Plugins ExtendedProfile and OverwriteThemeBackground - admin is identical to system path names. 2021-07-16 19:44:35 +01:00
Diogo Cordeiro
ee405df000 [MODULES] Make disable in admin panel effective 2021-07-16 19:44:35 +01:00
Alexei Sorokin
16b5ddd230 [DATABASE] Re-introduce PostgreSQL support 2021-07-16 19:44:35 +01:00
Alexei Sorokin
e807e3bf08 [DATABASE] Use "<>" as an SQL non-equality sign
"!=" is not SQL compliant.
2021-07-16 19:44:35 +01:00
Alexei Sorokin
0e0c375e65 [DATABASE] Re-introduce the enum type abstraction 2021-07-16 19:44:35 +01:00
Alexei Sorokin
3f17a0efea [DATABASE] Introduce a bool type in schema
PostgreSQL has a clear distinction between integers and booleans, so it makes
sense to draw a clear line.
2021-07-16 19:44:35 +01:00
Alexei Sorokin
9d87c37ac1 [DATABASE] Consistently use the "LIMIT $limit OFFSET $offset" syntax
The "LIMIT $offset, $limit" syntax is only supported by MySQL and MariaDB.
2021-07-16 19:44:35 +01:00
Alexei Sorokin
6095a6de64 [DATABASE] Only use single quotation marks for SQL strings
Double quotation marks are only used for identifiers in the SQL standard.
2021-07-16 19:44:35 +01:00
Alexei Sorokin
d26aac77b3 [DATABASE] Always quote identifiers
The code used to operate under the assumption that MariaDB doesn't support
quoting identifiers. Not only is that not exactly true, but MariaDB has
reserved keywords that cannot be used as table or column names unquoted.
2021-07-16 19:44:35 +01:00
Alexei Sorokin
1b41a38719 [CORE] Another inboxnoticestream improvement 2021-07-16 19:44:35 +01:00
Alexei Sorokin
1b66209e53 [DAEMONS] Switch daemons to double-forking for daemonisation 2021-07-16 19:44:35 +01:00
Alexei Sorokin
72f5576795 [DAEMONS] Properly disconnect daemons from the database 2021-07-16 19:44:35 +01:00
Miguel Dantas
7cdd64f594 [PLUGINS] Added UnQueue, a new default plugin which does all actions immediately 2021-07-16 19:44:34 +01:00
Miguel Dantas
333b915740 [PLUGINS] Added DBQueue plugin 2021-07-16 19:44:34 +01:00
Miguel Dantas
e3c34c4693 [PLUGINS] Added StompQueue plugin, based on the implementation in lib/queue/stompqueuemanager. Updated to new STOMP library version. Dropped liberalstomp.php and stompqueuemanager.php 2021-07-16 19:44:34 +01:00
Miguel Dantas
3fbf974dad [PLUGINS] Added RedisQueue 2021-07-16 19:44:34 +01:00
Miguel Dantas
44e96deecd [CORE][AUTOLOAD] Fix class OAuthRequest not found
Issue description as reported by aab:

2019-08-28 17:34:48 LOG_ERR: [khp.ignorelist.com:61055.f5f7f51c GET /api/statuses/show/178372.atom] ServerErrorAction: 500 Class 'OAuthRequest' not found
2019-08-28 17:39:50 LOG_ERR: [khp.ignorelist.com:65390.4483ff85 GET /api/statusnet/conversation/104672.rss] Handled serverError (500) but cannot output into desired format ('rss'): 'Class \'OAuthRequest\' not found'
2019-08-28 17:39:50 LOG_ERR: [khp.ignorelist.com:65390.4483ff85 GET /api/statusnet/conversation/104672.rss] ServerErrorAction: 500 Class 'OAuthRequest' not found
2019-08-28 17:40:49 LOG_ERR: [khp.ignorelist.com:65390.4c745f68 GET /api/statuses/show/18132.atom] Handled serverError (500) but cannot output into desired format ('atom'): 'Class \'OAuthRequest\' not found'
2019-08-28 17:40:49 LOG_ERR: [khp.ignorelist.com:65390.4c745f68 GET /api/statuses/show/18132.atom] ServerErrorAction: 500 Class 'OAuthRequest' not found
2019-08-28 17:47:41 LOG_ERR: [khp.ignorelist.com:65390.42ee9fd4 GET /api/statusnet/conversation/133023.as] Handled serverError (500) but cannot output into desired format ('as'): 'Class \'OAuthRequest\' not found'
2021-07-16 19:44:34 +01:00
Miguel Dantas
55f4ed036d [FRAMEWORK][AUTOLOAD] Fix autoloads 2021-07-16 19:44:34 +01:00
Miguel Dantas
ab3e8ce21d [LIB_REFACTOR] Fix requires 2021-07-16 19:44:34 +01:00
Miguel Dantas
2ab2e22a36 [LIB_REFACTOR] Moving files into separate semantic categories 2021-07-16 19:44:34 +01:00
tenma
8f070f53ec [CORE] Fix undefined offset warnings in different files
This problem was presentend in the following issue:
https://notabug.org/diogo/gnu-social/issues/60

AcceptHeader/util:
- Perform isset before using the required array values
2021-07-16 19:44:34 +01:00
tenma
32ae48358d [RemoteFollow] Initial work in the RemoteFollow plugin
lib/default.php
- Add RemoteFollow to the list of default plugins

RemoteFollowPlugin:
- Subscribe events to add the remote-follow button

RemoteFollowInitAction:
- Handles the remote-follow form and getting the redirection url for follow completion

RemoteFollowSubAction:
- Handles the remote profile pulling and actual following
2021-07-16 19:44:34 +01:00
Miguel Dantas
d9668a6d07 [URLMAPPER] Fix small bug in URLMapper: a dynamic route might not exist even if a static one does 2021-07-16 19:44:34 +01:00
Diogo Cordeiro
428878b6d8 [MODULES] Allow to delete third party plugins 2021-07-16 19:44:34 +01:00
Diogo Cordeiro
0d7c0069f2 [MODULES] Allow to upload third party plugins
Fixed some bugs
2021-07-16 19:44:34 +01:00
Diogo Cordeiro
ca22279797 [MODULES] List all available plugins and allow enabling them via UI
Yet another revision of the Admin Plugin Management tool
2021-07-16 19:44:34 +01:00
Diogo Cordeiro
0c6d94fca8 [SamplePlugin] Review and update with the latest GNU social best practices 2021-07-16 19:44:34 +01:00
Diogo Cordeiro
2d7ca37036 [GroupFavorited] Fix plugin 2021-07-16 19:44:34 +01:00
Diogo Cordeiro
fd1a7a5e68 [Plugins] Incorporated GNUsocialExtendedProfile as part of ExtendedProfile
Also improved a lot of the plugin and made things in a way it would make sense
2021-07-16 19:44:34 +01:00
Diogo Cordeiro
c71fa9099f [GNUsocialProfileExtensions] Fixed plugin 2021-07-16 19:44:34 +01:00
Diogo Cordeiro
5a679ac561 [DEFAULT] Add 'DirectionDetector' as a default plugin 2021-07-16 19:44:33 +01:00
Diogo Cordeiro
5ca939fdd2 [DEFAULT] Add 'AccountManager' as a default plugin 2021-07-16 19:44:33 +01:00
Diogo Cordeiro
20a6f1d4f4 [CORE] Plugin API now extends a new Module API 2021-07-16 19:44:33 +01:00
Diogo Cordeiro
3821d2317e [PLUGIN API] Bug fixes and improvements 2021-07-16 19:44:33 +01:00
Diogo Cordeiro
99fe3e5a52 [CORE] Move plugin superclasses from /lib/ to /lib/modules/ 2021-07-16 19:44:33 +01:00
Diogo Cordeiro
c18f26145c [CORE] Move core plugins to a new modules directory
For reference (raised by rozzin in IRC):

* http://foldoc.org/module
* http://foldoc.org/library
* http://foldoc.org/plugin

As noted by XRevan86, modules are not necessarily non-essential.
As we will keep the modules directory in GS root [therefore, near to
plugins/], it is evidenced the difference between both.

This is a simple yet fundamental structural change. It doesn't change
functionality but makes clearer the way we understand GNU social's
internals.
2021-07-16 19:44:33 +01:00
tenma
0b30d932fc [DirectMessage] Major plugin rework
This commit does the necessary rework to store private messages
as Notices and to support Federation. The plugin's README presents
some more detail about the changes and future work that is still
required to do.
2021-07-16 19:44:33 +01:00
tenma
23512bea14 [CORE][ROUTES] Update urlmapper to search dynamic routes before static ones when generating URLs.
This solves the problem of routes that differ only in having
or not $_GET params. The ones not having params (static) were
being matched first during URL generation.

The way this problem was solved was by separating the $reverse
array in both $reverse_statics and $reverse_dynamics and explicitly
traversing this last one first in the generation function. Note that
maintaining the $reverse array and unshifting dynamic routes to its
head ( and therefore to the front of the static ones ) doesn't work
since even among dynamic routes the order of arrival should be kept.
2021-07-16 19:44:33 +01:00
tenma
06fb856d24 [CORE] Add new Notice scope for private messaging
Notice:
- Add MESSAGE_SCOPE scope

lib/*.stream:
- Filter out notices with MESSAGE_SCOPE scope
2021-07-16 19:44:33 +01:00
Diogo Cordeiro
2f1ddd8280 [CORE] Add ActivityPub plugin
This is not the same as the one in https://notabug.org/diogo/gnu-social-activitypub-plugin
Differences to the first "release"
-> Doesn't use guzzle nor has any composer dependencies
-> Supports HTTP Signatures
-> Has basic l10n/i18n
-> Some minor bug fixes
2021-07-16 19:44:33 +01:00
Miguel Dantas
4f8ede8239 [CORE] Fixed small anti-pattern on cache code. Plugins had to throw EndCache events, when this should be done by the library 2021-07-16 19:44:33 +01:00
50c98d53c9 Revert "[CORE] Another fix for the inboxnoticestream query"
This reverts commit bdd55f611f.
2021-07-16 19:44:14 +01:00
Alexei Sorokin
bdd55f611f [CORE] Another fix for the inboxnoticestream query 2020-06-11 21:52:44 +01:00
Diogo Cordeiro
e4bdb21a54 [NodeInfo] New endpoint and formula for computing active users
Seriously improved documentation
Now NodeInfo 2.0 is available at /api/nodeinfo/2.0.json
For active users we now also consider favourites and recently created accounts
Some further minor bug fixes and full review of the implementation
2019-08-12 05:35:27 +01:00
Miguel Dantas
0030fe3aeb [REFACTOR] Added explicit return type to all instances of QueueHandler::handle 2019-08-11 01:11:41 +01:00
Miguel Dantas
aaabf82eff [CORE][QUEUE] Error checking and type declaration on handling notice queue events
Patch submitted by XRevan86
2019-08-08 02:44:14 +01:00
Miguel Dantas
8b106dbc6c [MEDIA] Fixed wrong image cropping 2019-08-03 21:02:21 +01:00
Miguel Dantas
955d5a136f [MEDIA] Replaced internal image handling with intervention/image, which is capable of using both GD and ImageMagik 2019-08-03 17:49:37 +01:00
Diogo Cordeiro
db3253e5d2 [CORE] Bump PHP requirement to PHP7.3+ 2019-08-03 17:49:36 +01:00
Miguel Dantas
6d552f15b6 [Embed] Resize thumbnails fetched by Embed to avoid keeping original images when we need only 128x128. Size configurable in config.php 2019-08-03 17:49:36 +01:00
Miguel Dantas
07b4cfaeae [Embed] Hide error from the UI and just don't display an image if the remote image is not valid 2019-08-03 17:49:10 +01:00
Miguel Dantas
0c20d35206 [Embed] Refactoring and bug fixing 2019-08-03 17:49:09 +01:00
Miguel Dantas
2a2b3f72fb [Embed][DB] Renaming the 'file_oembed' table to 'file_embed' on upgrade 2019-08-03 17:48:28 +01:00
Miguel Dantas
52819d39d9 [OEmbed][Embed] Renamed OEmbed plugin to Embed 2019-08-03 17:48:26 +01:00
Diogo Cordeiro
e0bc35b975 [CORE] Avatars are in PUBLICDIR in v2
Fixed a bug in the Installer
2019-08-03 17:47:28 +01:00
Diogo Cordeiro
893bafa14b [INSTALL] Minor reformatting and modernization. Shouldn't change functionality significatively. 2019-08-03 17:47:28 +01:00
Diogo Cordeiro
9f30c299ee [CORE] Make tests great gain 2019-08-03 17:47:27 +01:00
Diogo Cordeiro
ec32db2dd6 [CORE][COMPOSER] Add hoa/consistency
Renamed curry to callable_left_curry
2019-08-03 17:47:27 +01:00
Daniel Supernault
2850e56f30 [CORE] Add custom favicon configuration support
Adds support for custom favicons defined in config.php that override theme favicons.
2019-08-03 17:47:26 +01:00
Diogo Cordeiro
2a06261f75 [CORE][COMPOSER] Move extlib packages with immediate composer correspondent to composer dependencies
This adds a composer.json for all dependencies that are available
2019-08-03 17:47:24 +01:00
brunoccast
0b58465fb9 [CORE] Fix notice delete-form
DeletenoticeAction:
- Added tombstone check before deletion

NoticeListItem:
- Added tombstone check before showing delete-form

ActivityVerb:
- The plugin was overwriting the deletenotice route. Added stronger
regexp to the connected routes.
2019-08-03 17:47:23 +01:00
Diogo Cordeiro
f67a93eddc [CORE] Bump Database requirement to MariaDB 10.3+ 2019-08-03 17:47:23 +01:00
Diogo Cordeiro
7044f0e2cf [Media] Fix undefined variable box in imagefile.php 2019-08-03 17:47:23 +01:00
Miguel Dantas
e392160435 [ROUTES] Fixed attachment routes, broken by channges in fa378462f4 2019-08-03 17:47:17 +01:00
brunoccast
5c0a3102ff [ROUTES] Allow accept-header specification during router creation
Router:
- Fix calls to connect, most of them were misusing the function's params

URLMapper:
- Minor fixes
- Documentation
- Add support for accept-header specification

Plugins/*:
- Fix calls to connect
2019-08-03 17:47:16 +01:00
brunoccast
2032c7c1f7 [ROUTES] PSR2-format 2019-08-03 17:31:44 +01:00
Miguel Dantas
ee8bac9ad7 [CORE] Fix bug where we we're losing track of a file, in case the image needed to be reencoded 2019-08-03 17:31:44 +01:00
Miguel Dantas
4863bd30d7 [CORE] Fixed Media tests 2019-08-03 17:31:43 +01:00
Miguel Dantas
7070a14480 [CORE][StoreRemoteMedia] Fixed bug where sometimes images were written outside the site root 2019-08-03 17:31:43 +01:00
Diogo Cordeiro
a38f25f7cd [PEAR] Modernize Validate code
Upgraded IDNA to IDNA2
Added PEAR Date
> fixed: The each function is deprecated
2019-08-03 17:31:43 +01:00
Miguel Dantas
a5259073df [CORE] Fix X-Sendfile for nginx, using the X-Accel-Redirect header 2019-08-03 17:31:43 +01:00
Miguel Dantas
f746866b65 [StoreRemoteMedia] StoreRemoteMedia now uses the new filename format, which allows it to display correctly in the UI. Formatting fixes 2019-08-03 17:31:42 +01:00
Miguel Dantas
8f31a1a820 [MEDIA][OEMBED] Fixed regression in OEmbed, because it relied on accessing the files directly, which previous commits broke. The File table really should have a bool... 2019-08-03 17:31:42 +01:00
Miguel Dantas
4187568522 [OEMBED][UI] Skip adding an image thumbnail for oembed results if we
don't have a file locally to generate it, which can happen, for
instance, if StoreRemoteMedia is disabled
2019-08-03 17:31:42 +01:00
Miguel Dantas
da82048d77 [MEDIA] Fix trying to display file wich is not available locally 2019-08-03 17:31:41 +01:00
Miguel Dantas
bea06da531 [INSTALL] Fixed issue in installing where default.php needs util.php but it's not loaded 2019-08-03 17:31:41 +01:00
Miguel Dantas
7643f3cf7b [CORE][ACTION] Removed getfile action. Superseded by attachment/*/download, which additionally uses a file hash as oposed to a filename.
Additionally, added etag and last modified HTTP headers to attachments, to more effectively take advantage of caching
2019-08-03 17:31:41 +01:00
Miguel Dantas
aa5c6bbf08 [CORE][UI] Made attachment actions and its subactions be able to identify attachments by id and by filehash. Changed the url stored in the DB to be attachment//view 2019-08-03 17:31:41 +01:00
Miguel Dantas
9536f2a909 [CORE] Refactored attachement actions to remove duplicate code 2019-08-03 17:31:40 +01:00
Miguel Dantas
c7475d78b4 [CORE][UI][ROUTER] Added view action, which inlines images and videos but downloads everything else. Fixed File url to get an URL fromthe view action, so when a making a remote notice, the correct URL is used, not accessing directly to the file 2019-08-03 17:31:40 +01:00
Miguel Dantas
3c9a07677e [CORE] Attachments and thumbnails aren't accessed directly by the file under the file storage folder, but indirectly from PHP, so that access to the file folder can be blocked in the server config 2019-08-03 17:31:40 +01:00
Miguel Dantas
b669f57068 [CORE] Fixed common_get_preferred_php_upload_limit, because some values in php.ini can be -1 or 0 for unlimited 2019-08-03 17:31:40 +01:00
Miguel Dantas
ccebe536b3 [MEDIA] Removed blacklisted extensions, "trusts" upload extension (doesn't affect anything) and updated sysadmin documentation
Fixes bug which broke the UI. Oops
2019-08-03 17:31:39 +01:00
Miguel Dantas
b9a0733062 [MEDIA][CORE] Add common function for converting a string with a size unit to an int and MediaFile uses file_quota 2019-08-03 17:31:39 +01:00
Miguel Dantas
5961b45140 [MEDIA][UI] In case an attachment preview isn't possible, the name is displayed anyway 2019-08-03 17:31:39 +01:00
Miguel Dantas
5f53738376 [MEDIA][UI] Added preview support for BMP, WEBP and ICO, displaying the name underneath, centered 2019-08-03 17:31:38 +01:00
Miguel Dantas
5eb4a7d711 [MEDIA] File downloader now in PHP, added proper name in the UI and changed the format for new attachment file names
The file downloader was changed from a simple redirect to the file to one
implemented in PHP, which should make it safer, by making it possible disallow
direct access to the file, to prevent executing of atttachments

The filename has a new format:
  bin2hex("{$original_name}")."-{$filehash}"
This format should be respected. Notice the dash, which is important to distinguish it from the previous
format, which was "{$hash}.{$ext}"

This change was made to both make the experience more user friendly, by
providing a readable name for files, as opposed to it's hash. This name is taken
from the upload filename, but, clearly, as this wasn't done before, it's
impossible to have a proper name for older files, so those are displayed as
"untitled.{$ext}".

This new name is displayed in the UI, instead of the previous name.
2019-08-03 17:31:36 +01:00
Diogo Cordeiro
d705bcbd98 [CORE] Use random_bytes() if available and improve common_confirmation_code() randomness.
With PHP 7 comes the [random_bytes()](https://php.net/manual/en/function.random-bytes.php) and the [random_int()](https://www.php.net/manual/en/function.random-int.php) function which generates cryptographically secure pseudo-random bytes and integers, respectively.
2019-08-03 17:29:14 +01:00