Miguel Dantas
a5259073df
[CORE] Fix X-Sendfile for nginx, using the X-Accel-Redirect header
2019-08-03 17:31:43 +01:00
Miguel Dantas
f746866b65
[StoreRemoteMedia] StoreRemoteMedia now uses the new filename format, which allows it to display correctly in the UI. Formatting fixes
2019-08-03 17:31:42 +01:00
Miguel Dantas
8f31a1a820
[MEDIA][OEMBED] Fixed regression in OEmbed, because it relied on accessing the files directly, which previous commits broke. The File table really should have a bool...
2019-08-03 17:31:42 +01:00
Miguel Dantas
4187568522
[OEMBED][UI] Skip adding an image thumbnail for oembed results if we
...
don't have a file locally to generate it, which can happen, for
instance, if StoreRemoteMedia is disabled
2019-08-03 17:31:42 +01:00
Miguel Dantas
da82048d77
[MEDIA] Fix trying to display file wich is not available locally
2019-08-03 17:31:41 +01:00
Miguel Dantas
bea06da531
[INSTALL] Fixed issue in installing where default.php needs util.php but it's not loaded
2019-08-03 17:31:41 +01:00
Miguel Dantas
7643f3cf7b
[CORE][ACTION] Removed getfile action. Superseded by attachment/*/download, which additionally uses a file hash as oposed to a filename.
...
Additionally, added etag and last modified HTTP headers to attachments, to more effectively take advantage of caching
2019-08-03 17:31:41 +01:00
Miguel Dantas
aa5c6bbf08
[CORE][UI] Made attachment actions and its subactions be able to identify attachments by id and by filehash. Changed the url stored in the DB to be attachment//view
2019-08-03 17:31:41 +01:00
Miguel Dantas
9536f2a909
[CORE] Refactored attachement actions to remove duplicate code
2019-08-03 17:31:40 +01:00
Miguel Dantas
c7475d78b4
[CORE][UI][ROUTER] Added view action, which inlines images and videos but downloads everything else. Fixed File url to get an URL fromthe view action, so when a making a remote notice, the correct URL is used, not accessing directly to the file
2019-08-03 17:31:40 +01:00
Miguel Dantas
3c9a07677e
[CORE] Attachments and thumbnails aren't accessed directly by the file under the file storage folder, but indirectly from PHP, so that access to the file folder can be blocked in the server config
2019-08-03 17:31:40 +01:00
Miguel Dantas
b669f57068
[CORE] Fixed common_get_preferred_php_upload_limit, because some values in php.ini can be -1 or 0 for unlimited
2019-08-03 17:31:40 +01:00
Miguel Dantas
ccebe536b3
[MEDIA] Removed blacklisted extensions, "trusts" upload extension (doesn't affect anything) and updated sysadmin documentation
...
Fixes bug which broke the UI. Oops
2019-08-03 17:31:39 +01:00
Miguel Dantas
b9a0733062
[MEDIA][CORE] Add common function for converting a string with a size unit to an int and MediaFile uses file_quota
2019-08-03 17:31:39 +01:00
Miguel Dantas
5961b45140
[MEDIA][UI] In case an attachment preview isn't possible, the name is displayed anyway
2019-08-03 17:31:39 +01:00
Miguel Dantas
5f53738376
[MEDIA][UI] Added preview support for BMP, WEBP and ICO, displaying the name underneath, centered
2019-08-03 17:31:38 +01:00
Miguel Dantas
5eb4a7d711
[MEDIA] File downloader now in PHP, added proper name in the UI and changed the format for new attachment file names
...
The file downloader was changed from a simple redirect to the file to one
implemented in PHP, which should make it safer, by making it possible disallow
direct access to the file, to prevent executing of atttachments
The filename has a new format:
bin2hex("{$original_name}")."-{$filehash}"
This format should be respected. Notice the dash, which is important to distinguish it from the previous
format, which was "{$hash}.{$ext}"
This change was made to both make the experience more user friendly, by
providing a readable name for files, as opposed to it's hash. This name is taken
from the upload filename, but, clearly, as this wasn't done before, it's
impossible to have a proper name for older files, so those are displayed as
"untitled.{$ext}".
This new name is displayed in the UI, instead of the previous name.
2019-08-03 17:31:36 +01:00
Diogo Cordeiro
d705bcbd98
[CORE] Use random_bytes() if available and improve common_confirmation_code() randomness.
...
With PHP 7 comes the [random_bytes()](https://php.net/manual/en/function.random-bytes.php ) and the [random_int()](https://www.php.net/manual/en/function.random-int.php ) function which generates cryptographically secure pseudo-random bytes and integers, respectively.
2019-08-03 17:29:14 +01:00
Diogo Cordeiro
f0f5ecb756
[SCRIPTS] Fix sessiongc by XRevan86
2019-08-01 14:38:04 +01:00
Diogo Cordeiro
d1fc7c0774
[CORE] MySQL 5.5 support fully restored
2019-07-25 15:35:24 +01:00
Diogo Cordeiro
5ea0d74a57
[UI] Long strings/words in dents weren't being wrapped
2019-07-10 00:33:19 +01:00
Diogo Cordeiro
0a4eeb89da
[CORE][ROUTER] Fix wrong parameter in all/:tag by XRevan86
2019-07-01 22:40:21 +01:00
Diogo Cordeiro
11dc170ead
[CORE][FRAMEWORK] URL_REGEX_VALID_PATH_CHARS didn't recognize the parenthesis sign.
2019-06-26 15:54:51 +01:00
Diogo Cordeiro
98c0c1ed53
Implement $config['site']['logdebug']
2019-06-25 22:59:10 +01:00
Diogo Cordeiro
83a05724b8
[CORE] Fix subscriptions and subscribers list (related to 44653d339d
)
2019-06-24 14:06:43 +01:00
Diogo Cordeiro
44653d339d
[Poll] Refactoring and minor bug fixes
2019-06-23 23:06:04 +01:00
Diogo Cordeiro
f2705180e0
[TagSub] Fix User's tags list issue
...
Issue introduced with 6d9f390b
and 9a92b58057
2019-06-18 14:56:55 +01:00
Diogo Cordeiro
306d80de94
[DATABASE] Revert accidental regression introduced with 9a39ebe66f
2019-06-14 12:00:10 +01:00
Diogo Cordeiro
2740ff8c4c
[DOCUMENTATION] Minor corrections
...
Add two missing contributors
Bumped patch due to changed introduced with 0583a6a904
2019-06-12 12:55:42 +01:00
Daniel Supernault
74ad4038ac
Allow username or email in login form
2019-06-12 03:25:06 +01:00
Diogo Cordeiro
81d65afb28
[RELEASE] The Invicta Crusade
2019-06-11 18:37:25 +01:00
Miguel Dantas
20c73f0596
[FORMATING] Ran php-cs-fixer on lib/mediafile.php, lib/imagefile.php and classes/File.php
2019-06-10 00:38:16 +01:00
Miguel Dantas
b224d93098
[MEDIA] ImageFile now extends MediaFile and validates images more aggressively.
...
Default supported files need to use consistent names. Bumped version to 1.20.0
ImageFile has been changed to extend MediaFile and rely on it to partially
validate files. This validation has been extended to not rely solely on
Fileinfo, as it is disabled on some places. Now it'll try to use the shell
command `file`, if Fileinfo isn't available.
ImageFile now converts every new upload to PNG, except JPEG and GIF, which
are kept, but still resized (to the same size), to remove possible scripts
embedded therein.
MediaFile::fromUpload will return an ImageFile if the uploaded file is an image
or a MediaFile otherwise.
MediaFile can be constructed with an id with value -1 to denote a temporary
object, which is not added to the DB. This is useful to create a temporary
object for representing images, so it can be used to rescale them.
The supported attachment array needs to be populated with the result of calling
`image_type_to_extension` for the appropriate image type, in the case of images.
This is important so all parts of the code see the same extension for each image
type (jpg vs jpeg).
Added documentation to classes/File.php and to lib/MediaFile and lib/ImageFile
2019-06-10 00:35:53 +01:00
brunoccast
a1041a53f7
[THEME] Fix OpenID settings styles
...
- Action buttons are now side-by-side
- Dropped unused style rule concerning the solo-positioning of the Remove button
- Bump GS patch version
2019-06-09 18:13:04 +01:00
brunoccast
1e4063254b
[OpenID] Added synchronization button and corresponding action
...
UI:
- "Delete" area is now "Actions" area
- Updated themes to better reflect the changes
Routes:
- index.php?action=finishsyncopenid => finishsyncopenid
Translations:
- Updated OpenID translation files
- Updated OpenID POT file
Versioning:
- Bump OpenID minor version
- Bump GS patch version
Why would have labeling the Synchronize button of Sync been of bad taste? - answered by XRevan86:
In "synchronise" "ch" is a digraph meaning /k/ (actually /x/ turned into /k/ in English but whatever).
So… not separate letters.
It's like "ph" in "alphabet", or "sh" in "sheep", or "ch" in "chop" -- "ch" can mean a whole variety of sounds.
2019-06-09 17:04:26 +01:00
Diogo Cordeiro
08b6cfde66
[SESSION] Add backwards compatibility for third party plugins depending on old Session::cleanup()
...
Namely Qvitter
2019-06-08 00:31:32 +01:00
Diogo Cordeiro
b6be1a3659
[DATABASE][User_openid_prefs] Fix wrong type for modified column
...
Patch submited by Sorokin Alexei (XRevan86)
2019-06-07 15:02:09 +01:00
brunoccast
00b4a084ad
PSR2-format
2019-06-07 15:02:09 +01:00
brunoccast
061e7891e9
Cleanup and documentation of common_ensure_session
...
- Remove redundant branch
- Remove error suppression of session_start()
2019-06-07 15:02:09 +01:00
Diogo Cordeiro
a1af5562de
EmailRegistration plugin flow requires a confirmation address before user creation
2019-06-07 15:02:09 +01:00
Diogo Cordeiro
46f98b3142
[VersionBump] 1.19.0, fairly late
...
The core plugins whose version was attached to GS's were reseted to 2.0.0.
2.0.0 was chosen as reset version for plugins because it is higher than
the one that was set by inheriting GS version. Furthermore, it's a
major change from prior plugin versioning system thus it also makes
semantic sense.
Justification for version bump:
== GS ==
9a4ab31f26 1.19.0
c13b935201
1.18.3
c13b935201
1.18.2
18fc39d2cf
1.18.1
c083a8bcc2
1.18.0
e8783d46d0
1.17.1
d9a42550ff
1.17.0
1536d3ef29
1.16.0
c03ed457a6
1.15.0
d2e6519bad
1.14.2
fe411e8138
1.14.1
b17e0b4169
1.14.0
daa5f87fd4
1.13.0
d75b5d2f4a
1.11.7
f6dbf66983
1.11.6
6cf674f8f8
1.11.5
7845a09b34
1.11.4
e4d432295d
1.11.3
339204f1ee
1.11.2
a4e679a118
1.11.1
7967db6ff5
1.11.0
bc030da320
1.10.1
9cc7df51d6
1.10.0
bf7f17474d
1.9.2
8a07edec5f
1.9.1
0042971d74
1.9.0
6b5450b7e6
1.8.0
5dcc98d1c6
1.7.0
e6667db0cd
1.6.0
3290227b50
1.5.0
a59c439b46
1.4.0
496ab8c920
1.3.10
986030060b
1.3.9
1d529c021a
1.3.8
f89c052cf8
1.3.7
38f2ecefac
1.3.6
e473937cb9
1.3.5
9a39ebe66f
1.3.4
ddc3cecfc0
1.3.3
2b43d484eb
1.3.2
e8e487187e
1.3.1
== Plugins ==
XMPP plugin
e0887220b0
bump patch
e186ad57d0
bump patch
OStatus
e186ad57d0
bump patch
Nodeinfo
ceae66a30f
bump minor
586fb5a517
bump major
195296846e
bump minor
2019-06-07 15:02:08 +01:00
brunoccast
43df2d201c
Extend Action with redirect after login logic, update some actions to use it
2019-06-07 15:02:07 +01:00
Diogo Cordeiro
4ca32628f7
[SESSION] Log messages were a bit confusing
...
Reported by XRevan86
2019-05-26 20:14:05 +01:00
Diogo Cordeiro
c083a8bcc2
[SESSION] Implement SessionHandlerInterface instead of setting custom handlers by XRevan86
2019-05-22 22:29:33 +01:00
Diogo Cordeiro
d9a42550ff
is_rtl should handle lang instead of code
2019-05-16 22:51:11 +01:00
Diogo Cordeiro
1536d3ef29
[XML/HTML Outputter] General improvements and refactoring as well as some bug fixes
2019-05-07 15:57:19 +01:00
Diogo Cordeiro
c03ed457a6
Fix broken user activitystreams feed due to deleted notices
2019-05-06 23:27:38 +01:00
Diogo Cordeiro
d2e6519bad
lib/ping.php - Fix PHP 7.3 Warning switch continue -> break
2019-05-06 23:27:38 +01:00
Diogo Cordeiro
fe411e8138
Fix some typos/small obvious bugs on twitterRssGroupArray
2019-05-03 17:09:23 +01:00
Diogo Cordeiro
6cf674f8f8
Some minor refactoring on session handler
2019-04-27 00:28:05 +01:00
Diogo Cordeiro
9cc7df51d6
Some obvious bug fixes for i18n
2019-04-25 23:12:46 +01:00
Diogo Cordeiro
bf7f17474d
When an attachment fails to load, it shouldn't destroy the whole layout by XRevan86
2019-04-25 20:46:47 +01:00
Diogo Cordeiro
8a07edec5f
Fix fulltext search by XRevan86
2019-04-25 19:32:20 +01:00
Diogo Cordeiro
0042971d74
Fix bug in 36a55d84
.
...
We still have to further review and improve the caching of streams.
Important related changes: 2272cc24#diff-8633314d55a2834ab2ea425d7157bec14aca672L60
Important related discussion: https://github.com/chimo/gs-rediscache/issues/{1,2}
2019-04-25 18:51:44 +01:00
Diogo Cordeiro
6b5450b7e6
Faster inboxnoticestream.php by XRevan86.
...
This commit consequently reverts 5dcc98d1c6
and a59c439b46
. This translated the php based version into a faster SQL query.
2019-04-25 18:48:53 +01:00
Diogo Cordeiro
5dcc98d1c6
inboxnoticestream.php gotta go fast
2019-04-23 23:10:43 +01:00
Diogo Cordeiro
e6667db0cd
Add chimo's Nodeinfo plugin as a default GNU social plugin
2019-04-22 06:50:28 +01:00
Diogo Cordeiro
3290227b50
Modern version of XMPPHP extlib
...
Original XMPPHP is no longer maintained
Therefore I've done some optimizations and imported some commits from birkner and zorn-v forks.
None of the forks really looked ready to be adopted...
2019-04-21 17:13:07 +01:00
Diogo Cordeiro
a59c439b46
Faster inboxnoticestream.php by XRevan86
2019-04-21 00:56:56 +01:00
Diogo Cordeiro
f89c052cf8
Set default value of datetime columns to CURRENT_TIMESTAMP
...
This resolves an issue with MySQL 5.7 where the default SQL_MODE is set to disallow zero dates (i.e. '0000-00-00 00:00:00')
Fixed thanks to Francis and Normandy from postActiv.
2019-04-16 00:43:17 +01:00
Diogo Cordeiro
8305641b20
Update master GS version
2019-04-04 10:12:56 +01:00
Diogo Cordeiro
d1ba0dddec
Merge branch 'issue-338' into 'master'
...
Database fields with timestamp type now allow CURRENT_TIMESTAMP to be set as default value
See merge request diogo/gnu-social!3
2018-09-14 21:30:16 +00:00
Diogo Cordeiro
9a39ebe66f
Database fields with timestamp type now allow CURRENT_TIMESTAMP to be set as default value
...
Add default values to created and modified columns of Profile_list table to fix issue #338
2018-08-25 14:07:52 +01:00
Diogo Cordeiro
ddc3cecfc0
Add default values for avatar and attachment directories in web installer
2018-08-25 14:05:56 +01:00
Mikael Nordfeldth
ec98fd0c43
Merge remote-tracking branch 'gnuio/master' into nightly
2017-12-17 18:32:23 +01:00
mmn
67a9c0415c
Merge branch 'cache-html-sanitizer' into 'master'
...
set the html sanitizer cache directory to ['cache']['dir'] from the config file;
See merge request gnu/gnu-social!156
2017-12-17 17:25:46 +00:00
mmn
a1ea335140
Merge branch 'cli-install' into 'master'
...
Don't write the config file when --skip-config flag is given to the installer.
See merge request gnu/gnu-social!155
2017-12-17 17:25:21 +00:00
nee
0b9a2fdf3a
allow the cmd installer to load the config file from '/etc/gnusocial/config.d/'.$_server.'.php'
...
using the commandline argument as $_server (passed through lib/common.php to lib/gnusocial.php)
2017-12-17 17:59:46 +01:00
nee
3b5fabbe97
set the html sanitizer cache directory to ['cache']['dir'] from the config file;
2017-12-06 01:55:54 +01:00
nee
fdd3d63098
Don't write the config file when --skip-config flag is given to the installer.
...
* scripts/installer_cli.php: Read the arguments list before checking
if the config file is writeable.
2017-11-26 22:14:30 +01:00
Mikael Nordfeldth
ec504ec4df
Merge branch 'nightly' of git.gnu.io:gnu/gnu-social into nightly
2017-09-10 14:06:03 +02:00
Sebastian
a6e33bdd6a
Fixed code so that GNU social can receive Mastodon boosts (from GNU social nightly commit: c741d1a52a
)
2017-08-25 11:35:02 +00:00
mmn
d9fbc17f77
Merge branch 'nightly' into 'nightly'
...
Added base64 encoding to get RMQ to work
See merge request !151
2017-08-23 15:28:08 +00:00
Mikael Nordfeldth
0b75eaed92
missing argument for sprintf
2017-08-22 19:19:17 +02:00
Mikael Nordfeldth
00cbc852b0
Make use of variable preMention signal method
2017-08-10 11:33:18 +02:00
Mikael Nordfeldth
8dd06cd8d8
Harmonize webfinger formatting and enable variable pre-mention character
2017-08-10 11:25:04 +02:00
Mikael Nordfeldth
945920f24d
Mimetype was not recognized if longer than bare mime
2017-08-05 09:50:42 +02:00
Mikael Nordfeldth
6938d26524
List the thread config value in lib/default.php
2017-08-03 09:53:00 +02:00
abjectio
90e93b9656
Added base64 encoding to get RMQ to work
2017-07-28 12:42:21 +02:00
Mikael Nordfeldth
457d32e273
Merge branch 'takeshitakenji/gnu-social-twitter-repeat-config' into mmn_fixes
2017-07-11 22:09:12 +02:00
Mikael Nordfeldth
56e2b0007c
Issue #279 raises the point of missing newlines
2017-07-11 21:58:24 +02:00
Mikael Nordfeldth
a7df79ac07
Force arrays in constructors of ActivityStreamJSONDocument and JSONActivityCollection
...
Started using PHP7+ and it started complaining about count() being fed objects
that weren't "Countable". .)
2017-07-10 14:26:01 +02:00
Mikael Nordfeldth
31866be98b
Use intval on ini_get or we use a string for timeout
2017-07-10 14:10:32 +02:00
Mikael Nordfeldth
489099ca91
change default timeout setting for HTTPClient
2017-07-09 22:49:49 +02:00
Mikael Nordfeldth
fb492d4bb2
Remove debug call and change how connect_timeout is set
2017-07-09 20:34:44 +02:00
Mikael Nordfeldth
f0480c34d7
Configure a default timeout for HTTP connections at 60s
...
No requests we do externally should ever take more than 60 seconds. This
could probably be changed for downloading video or whatever for any cache
plugins that want to store data locally, but in general I think even 60s
is way longer than I expect any outgoing requests should take.
This affects everything using HTTPClient, our helper class, and thus all
hub pings, subscription requests, etc. etc.
The value, afaik, includes connect_timeout and if it takes 10 seconds to
establish a connection only 50 seconds is available to transfer data.
2017-07-09 20:28:22 +02:00
Mikael Nordfeldth
c9a9a8bc58
Fulltext indexes are supported in InnoDB since MariaDB 10.0.15
2017-06-22 01:37:43 +02:00
Mikael Nordfeldth
1517deeeb6
Since ActivityContext::CONVERSATION changed to 'conversation' instead of 'ostatus:conversation' we need to add it ourselves
...
the xmlstringerthinger doesn't really use namespaces afaik
2017-05-06 15:27:25 +02:00
Mikael Nordfeldth
ba4a84602a
Output proper HTML and XML headers for single Atom entry
...
RFC5023 <https://tools.ietf.org/html/rfc5023 > specifies that the
content type parameter 'type=entry' should be used to clarify data.
2017-05-06 14:38:46 +02:00
Mikael Nordfeldth
1ccb934541
Return false immediately if $url is empty for common_valid_http_url
2017-05-06 14:38:43 +02:00
Mikael Nordfeldth
434956fc75
Notices start saving selfLink from activities/objects
2017-05-06 14:38:42 +02:00
Mikael Nordfeldth
7da925ca70
Handle selfLink in ActivityObject
2017-05-06 14:38:41 +02:00
Mikael Nordfeldth
d88e9ffd33
Output proper HTML and XML headers for single Atom entry
...
RFC5023 <https://tools.ietf.org/html/rfc5023 > specifies that the
content type parameter 'type=entry' should be used to clarify data.
2017-05-06 12:38:34 +02:00
Mikael Nordfeldth
709f1bbd75
Return false immediately if $url is empty for common_valid_http_url
2017-05-06 12:25:27 +02:00
Mikael Nordfeldth
8a4bec811b
Notices start saving selfLink from activities/objects
2017-05-06 12:15:54 +02:00
Mikael Nordfeldth
7889b21e7b
Handle selfLink in ActivityObject
2017-05-06 11:57:16 +02:00
Mikael Nordfeldth
000af6d9ee
default to #addtag on !group mention
2017-05-02 21:21:53 +02:00
Mikael Nordfeldth
07458e5375
Fixed the parsing of ostatus:conversation etc.
...
Conversation will now start storing remote URL
The namespace features don't work the way they were written for here
so I fixed that, making the ostatus: namespace properly looked up and
then the homegrown getLink function looks for what is back-compat with
StatusNet etc. if I remember correctly.
2017-05-02 18:58:22 +02:00
Mikael Nordfeldth
f4d6710a0f
Change mentions of PuSH to WebSub
...
WebSub is probably finalised before we make a release anyway. Here is
the official spec: https://www.w3.org/TR/websub/
Mostly just comments that have been changed. Some references to PuSH <0.4
are left because they actually refer to PuSH 0.3 and that's not WebSub...
The only actual code change that might affect anything is FeedSub->isPuSH()
but the only official plugin using that call was FeedPoller anyway...
2017-05-01 11:04:27 +02:00
Mikael Nordfeldth
839b3e7392
allowed_schemes was misspelled
2017-04-26 22:12:06 +02:00