6bcfc73175
Merge branch 'nightly' of git.gnu.io:gnu/gnu-social into nightly
2016-02-23 21:13:58 +01:00
d672547112
getAliases should be only a list (numeric array)
2016-02-23 14:33:09 +01:00
e16f7d04a8
Let OpenID match against aliases (fix fancyurl stuff etc.)
2016-02-23 14:15:08 +01:00
b59dacb806
getAliases for Profile and Notice
...
Also move fancyurlfix into site-wide $config['fix']['fancyurls']
TODO: getByUri should make use of this directly I guess?
2016-02-23 14:00:59 +01:00
5f7032dfee
Verify that authenticated API calls are made from our domain name.
...
Evil forms on other websites could otherwise potentially be configured
to have action="https://gnusocial.example/api/statuses/update.json " or
whatever. XHR is already blocked with CORS stuff.
Really, why do browsers allow cross domain POSTs at all? Sigh. The web.
2016-02-22 15:19:10 +01:00
c67b89e56b
Make WebFinger fancyurlfix configurable
2016-02-21 20:05:32 +01:00
ce803f6d06
WebFinger aliases with 'index.php/'
2016-02-21 20:00:07 +01:00
1edb1bbc17
Claim that we are the URL without index.php/ in webfinger response
2016-02-21 19:09:39 +01:00
893d117309
throw new, not just throw
2016-02-21 19:01:37 +01:00
0c17c32267
Let the WebFingerPlugin lookup profile resources with index.php/ too
2016-02-21 18:48:48 +01:00
23e66bef64
common_fake_local_fancy_url to remove index.php/ from a local URL
2016-02-21 18:48:18 +01:00
d16a883e17
Allow lookup of User->getByUri (throws NoResultException)
2016-02-21 18:47:47 +01:00
b23cc7465f
Keep a unique set of WebFingerResource aliases
2016-02-21 18:47:32 +01:00
afbdcf8938
Don't publish mbox_sha1sum in FOAF by default.
...
We say the email is private data, so reasonably we shouldn't reveal it
indirectly through a hash sum: http://xmlns.com/foaf/spec/#term_mbox_sha1sum
2016-02-19 00:10:05 +01:00
a838c90951
Only show "public:site" in ToSelector if notice/allowprivate is true
2016-02-18 00:33:16 +01:00
f68d1ade3f
Put "Everyone" and "Everyone at [local instance]" at the top of ToSelector
2016-02-18 00:32:09 +01:00
543d968b81
NoAcctUriException->profile not $e directly
2016-02-18 00:13:59 +01:00
a361fdbd77
Sort ToSelector by AcctUri
2016-02-18 00:05:09 +01:00
73dbc5ca1b
Use ToSelector choice again.
2016-02-17 23:44:15 +01:00
d9b649642d
Show notice feed URLs (and author)
2016-02-17 23:32:56 +01:00
d2c11925bf
To-selector padlock only shown if site config notice/allowprivate is true
2016-02-17 23:06:11 +01:00
5fbb01130a
By default, disallow users to set private_stream
2016-02-17 22:58:31 +01:00
47dc15c9f6
Describe that we don't allow empty fullnames.
2016-02-17 22:48:32 +01:00
d6bf90cfb7
If profile fullname is 0 chars use nickname
2016-02-17 22:43:45 +01:00
ade4518ae4
Make the Link header give URI for WebFinger lookup
2016-02-17 22:36:33 +01:00
422d475e44
Differentiate two similar log warning messages
2016-02-17 21:57:52 +01:00
d2507a6266
Gotta declare FullNoticeStream as abstract class
2016-02-16 02:24:38 +01:00
46829c6d3c
FullNoticeStream selects all verbs.
2016-02-16 02:21:39 +01:00
2d1b70c94d
created column was ambigououuuouuus
2016-02-15 09:59:34 +01:00
2301862ae6
We only want POST and SHARE in the inbox/home timeline right?
2016-02-15 09:59:18 +01:00
dcb7ce36d8
Show shares in public timeline
...
Also, the unselect rule for DELETE was useless anyway since it would
already have been filtered out by not having true.
(the => false stuff are for when you want ALL _except_ that)
2016-02-14 20:53:26 +01:00
e2a090c9cc
Use NoticeStream::filterVerbs for filtering in noticestreams
2016-02-14 20:46:13 +01:00
c23c3a4f53
Might as well put a FILTER_SANITIZE_EMAIL there
...
Not that I think we could break out of the directory since
we use basename, but you never know... maybe there's a unicode
bug in PHP or something.
2016-02-13 14:06:05 +01:00
4bf26eff4c
socialfy-your-domain updated for webfinger (not tested)
2016-02-13 13:57:15 +01:00
be14e15dac
Hide attachments in notices by silenced profiles
2016-02-13 13:17:39 +01:00
fbcca62ae1
listGet was not meant for that really
2016-02-13 01:19:47 +01:00
8ef2abf30b
Render RegiserThrottle extra profile data properly
2016-02-13 01:16:34 +01:00
799c2e47fe
Don't depend on ModLog
2016-02-13 01:10:01 +01:00
be35975b12
RegisterThrottle list-profiles-by-ip
2016-02-13 01:02:18 +01:00
557ad2d1fd
Show user registration IP to users who can see ModLog
2016-02-13 00:51:43 +01:00
c7c34ec05a
Only administrators can delete other privileged users.
2016-02-12 15:00:18 +01:00
83f679fb57
Profile->isPrivileged() to check if users have more rights than to post etc.
2016-02-12 14:47:49 +01:00
3cef75bcac
Update the comment on silencing privileged users in ModHelper
2016-02-12 14:47:44 +01:00
e5ad98e601
Silence action can only be used on non-priviliged users
2016-02-12 14:22:25 +01:00
5dce08d068
Add Profile::ensureCurrent() to verify we _certainly_ got a Profile.
2016-02-12 13:52:48 +01:00
f10625f8bc
file and avatar dirs on instances with no such dirs in filesystem
2016-02-12 02:29:33 +01:00
338df7e35b
Fix Nickname::isSystemPath() work properly for routes
2016-02-12 02:21:11 +01:00
c8753353ed
Do not delete_orphan_files on an instance with Qvitter
2016-02-12 01:45:47 +01:00
913595780f
And LEFT JOIN to actually get all results
2016-02-12 00:05:36 +01:00
1471defff3
...and avoid duplicate results...
2016-02-11 23:38:12 +01:00
abjectio
Mikael Nordfeldth