GNUsocial
/
gnu-social
4
0
Fork 1
Code Issues Releases Wiki Activity
10,898 Commits 8 Branches 4 Tags 309 MiB
Commit Graph

10898 Commits

Author SHA1 Message Date
Brion Vibber fb0c3f4f99 Kill a ping queue item if we get an error on loading up the notice's poster's profile, rather than letting the item be retried over and over as if it were a transitory error. 
This shouldn't generally happen as it's an indicator of database inconsistency, but it's a condition we know happens.
 2010-10-28 12:58:30 -07:00
Brion Vibber 9ea7cafd27 Fix for regression: fatal error on group page display when not logged in. 
Bug was introduced with group deletion feature.
 2010-10-28 12:19:19 -07:00
Evan Prodromou b5206fe6ca fall back to siteowner on bad nickname (Bug#2861) 2010-10-28 10:46:57 -04:00
Brion Vibber 48492600a8 Merge branch '0.9.x' of gitorious.org:statusnet/mainline into 0.9.x 2010-10-28 00:15:59 +00:00
Brion Vibber e43553a3d9 Tweak for OAuth headers not seen in $_SERVER 2010-10-28 00:14:45 +00:00
Siebrand Mazeland 035b4949fd Merge branch '0.9.x' of git://gitorious.org/statusnet/mainline into 0.9.x 2010-10-28 01:59:45 +02:00
Siebrand Mazeland 7a564276a9 Localisation updates from http://translatewiki.net. 2010-10-28 01:58:43 +02:00
Brion Vibber 9e9b7b972c Merge branch 'instrument' into 0.9.x 2010-10-27 16:47:06 -07:00
Brion Vibber ace655aecf ApiLogger plugin: dumps some information about API hits to aid in researching future HTTP-level cachability improvements. 
Data are sent to the 'info' level of logging, like so:

  [lazarus.local:4812.86b23603 GET /mublog/api/statuses/friends_timeline.atom?since_id=1353]
       STATLOG action:apitimelinefriends method:GET ssl:no query:since_id cookie:no auth:yes
       ifmatch:no ifmod:no agent:Appcelerator Titanium/1.4.1 (iPhone/4.1; iPhone OS; en_US;)

Fields:
* action:  case-normalized name of the action class we're acting on
* method:  GET, POST, HEAD, etc
* ssl:     Are we on HTTPS? 'yes' or 'no'
* query:   Were we sent a query string? 'yes', 'no', or 'since_id' if the only parameter is a since_id
* cookie:  Were we sent any cookies? 'yes' or 'no'
* auth:    Were we sent an HTTP Authorization header? 'yes' or 'no'
* ifmatch: Were we sent an HTTP If-Match header for an ETag? 'yes' or 'no'
* ifmod:   Were we sent an HTTP If-Modified-Since header? 'yes' or 'no'
* agent:   User-agent string, to aid in figuring out what these things are

The most shared-cache-friendly requests will be non-SSL GET requests with no or very predictable
query parameters, no cookies, and no authorization headers. Private caching (eg within a supporting
user-agent) could still be friendly to SSL and auth'd GET requests.

We kind of expect that the most frequent hits from clients will be GETs for a few common timelines,
with auth headers, a since_id-only query, and no cookies. These should at least be amenable to
returning 304 matches for etags or last-modified headers with private caching, but it's very
possible that most clients won't actually think to save and send them. That would leave us expecting
to handle a lot of timeline since_id hits that return a valid API response with no notices.

At this point we don't expect to actually see if-match or if-modified-since a lot since most of our
API responses are marked as uncacheable; so even if we output them they're not getting sent back to
us.

Random subsampling can be enabled by setting the 'frequency' parameter smaller than 1.0:

  addPlugin('ApiLogger', array(
    'frequency' => 0.5 // Record 50% of API hits
  ));
 2010-10-27 16:43:38 -07:00
Siebrand Mazeland 796d7b4939 Update translator documentation. 2010-10-28 01:42:09 +02:00
Siebrand Mazeland d0bbd343f0 i18n/L10n updates and superfluous whitespace removed. 2010-10-28 01:35:40 +02:00
Siebrand Mazeland 04fcfeaf6f * Superfluous whitespace removed. 
* i18n review (no changes needed).
 2010-10-28 01:23:57 +02:00
Siebrand Mazeland 04ae500749 * i18n/L10n fixes. 
* translator documentation updated.
* superfluous whitespace removed.
 2010-10-28 01:21:21 +02:00
Siebrand Mazeland a12474a99d * i18n/L10n fixes. 
* translator documentation updated.
* superfluous whitespace removed.
 2010-10-28 01:21:09 +02:00
Evan Prodromou 60b66bdd6e Merge branch 'nofollowexternallink' into 0.9.x 
Conflicts:
	lib/default.php
 2010-10-27 13:53:39 -04:00
Brion Vibber 8ff44a1fb9 Merge branch '0.9.x' into twitstream 2010-10-26 15:39:31 -07:00
Craig Andrews 22a0cf6251 Set cookies with "secure" flag on SSL sites. Improves security. 2010-10-26 17:55:09 -04:00
Zach Copley b3cd558fe7 Fix OAuth verifier display page title and msgs for i18n 2010-10-26 13:19:23 -07:00
Evan Prodromou 5d56d9bb69 UI on profile settings page to opt out of following everyone 2010-10-26 15:33:35 -04:00
Evan Prodromou 7a80ebeb13 flag to let users opt out of following everyone 2010-10-26 15:21:30 -04:00
Evan Prodromou e5a3b973b8 Plugin to follow all new users by default 2010-10-26 15:10:18 -04:00
Evan Prodromou 22633a5af6 can't subscribe to blacklisted domains/users 2010-10-26 11:48:27 -04:00
Evan Prodromou bec00094a7 Blacklist plugin checks PuSH and Salmon notices 2010-10-26 11:20:43 -04:00
Evan Prodromou 511566a132 userrole.php will take a profile id for remote profiles 2010-10-26 11:19:47 -04:00
Brion Vibber c09487f272 readme: release candidate 0.9.6 2010-10-25 14:49:29 -07:00
Zach Copley 307c819089 Merge commit 'refs/merge-requests/2223' of git://gitorious.org/statusnet/mainline into integration 2010-10-25 14:35:56 -07:00
Michele macno Azzolari 0243cea82b Updated mustard description and link 2010-10-25 23:08:29 +02:00
Zach Copley 1a1ca22aca Supress header, footer, sidebar on OAuth verifier pin page when in "desktop" mode 2010-10-25 13:30:38 -07:00
Samantha Doherty 01637bcd32 Base theme styling for oauth pin and desktop mode. 2010-10-25 16:00:34 -04:00
Zach Copley 78396db28a Forgot to add the OAuth verifier pin page to sensitive array 2010-10-25 12:36:03 -07:00
Zach Copley 0dcc3f8d71 We don't need to have editapplication (only showapplication) in the 
sensitive array because it doesn't expose the consumer keypair
 2010-10-25 12:10:52 -07:00
Zach Copley 3954ab39ae Add OAuth token exchange endpoint to 'sensitive' array; i.e.: use SSL if 
available
 2010-10-25 11:52:17 -07:00
Zach Copley 82c280979d Add special CSS classes to OAuth authorization and pin pages when 
in desktop mode
 2010-10-25 11:25:35 -07:00
Zach Copley 479096c8d7 Less scary OAuth authorization messages when using anonymous consumer 2010-10-25 10:38:40 -07:00
Evan Prodromou aef88c7cee max_id is inclusive 2010-10-25 11:18:49 -04:00
Evan Prodromou 968f9b0513 change max_id from < to <= 2010-10-25 11:08:53 -04:00
Siebrand Mazeland 1545c1228b Localisation updates from http://translatewiki.net. 2010-10-23 20:50:55 +02:00
Siebrand Mazeland 3329685beb * onPluginVersion added. 
* i18n fix: use _m() in plugins, don't use _()
* some translator documentation added.
* superfluous whitespace removed.
 2010-10-23 19:23:25 +02:00
Siebrand Mazeland 0b6cc7c33d * translator documentation added. 
* superfluous whitespace removed.
 2010-10-23 19:20:51 +02:00
Brion Vibber eb30c6651a Additional fixes found while looking at ticket #2532: when given a screen name as API parameter for a profile, do the nickname lookup on local users only. The profile table can't guarantee unique lookups, so using names isn't currently safe there. This won't affect anything using local nicknames correctly, and may avoid some weird bugs if there were conflicts between local and remote nicknames. 2010-10-22 13:53:10 -07:00
Brion Vibber 2d124e4aab Fix for ticket #2532: fixed API block create/destroy when specifying the target user/profile as a separate query parameter, such as api/blocks/create.xml?param=xxx 
The router settings weren't quite right so we ended up with bogus regex values passed in as the 'id' parameter, which broke the regular fallback ordering of parameter checks.
 2010-10-22 13:51:28 -07:00
Brion Vibber 783f28c8b1 Merge branch '0.9.x' of gitorious.org:statusnet/mainline into 0.9.x 2010-10-22 12:14:45 -07:00
Brion Vibber e292d8fb65 Fix for 140-char replies being unexpectedly cropped when bridged to Twitter. 
This drops the '@' -> ' @' hack for CURL meta-chars in outgoing Twitter bridge, added in commit 04b95c25 back in the day.
The Twitter bridge has since been switched from using direct CURL calls to using HTTPClient, which even with the CURL backend enabled doesn't trigger this issue, as POST parameters are formatted directly.
Prepending the space before we did the message cropping was leading to 140-char messages getting cropped unnecessarily, which was confusing:

Examples of broken messages:
http://identi.ca/notice/57172587 vs http://twitter.com/marjoleink/status/28398050691
http://identi.ca/notice/57172878 vs http://twitter.com/marjoleink/status/28398492563
 2010-10-22 12:10:11 -07:00
Zach Copley 3969870cf3 Normalize HTML body ids to lowercase when the user is logged out as well. 2010-10-22 18:32:08 +00:00
Zach Copley ae557ed436 Merge branch '0.9.x' of gitorious.org:statusnet/mainline into 0.9.x 2010-10-22 11:23:37 -07:00
Zach Copley 3913b6a5d8 Updated styling for OAuth authorization page's desktop mode. 
TODO: move these styles into the main CSS file.
 2010-10-22 11:21:44 -07:00
Brion Vibber 6841a8d093 RegisterThrottlePlugin tweak for silencing checks: make sure we don't crash during registration if another profile registered from this address has been since deleted. 
Followup to commit 1caa08429f
 2010-10-22 11:07:19 -07:00
Evan Prodromou 1caa08429f Collective guilt for registrants from the same IP address 
If someone tries to register from an IP address that a silenced user
has registered from, prevent it.

When silencing someone, silence everyone else who registered from the
same IP address.
 2010-10-22 13:29:51 -04:00
Evan Prodromou 1d85bfece1 New events when granting and revoking roles 
Four new events for when roles are granted or revoked.
 2010-10-22 10:31:50 -04:00
Evan Prodromou 07bc50eaed Merge branch 'bettercachelog' into 0.9.x 2010-10-22 09:25:13 -04:00