Joshua Wise
c5a710e081
Escape $tag passed to Profile::getTaggedSubscribers()
...
This patch escapes the $tag parameter in
Profile::getTaggedSubscribers(). The parameter is not escaped either
in actions/subscriptions.php or in actions/apiuserfollowers.php. So
there is a potential for SQL injection here.
2013-07-16 10:14:38 -07:00
Joshua Wise
3fb2c06cba
Potential SQL injection in Local_group::setNickname()
...
This change escapes a parameter in Local_group::setNickname(). Review
of the code paths that call this function sanitize the parameter
higher up the stack, but it's escaped here to prevent mistakes later.
Note that nickname parameters are normally alphanum strings, so
there's not much danger in double-escaping them.
2013-07-16 10:11:26 -07:00
Joshua Wise
783e400d94
Potential SQL injection in Local_group::setNickname()
...
This change escapes a parameter in Local_group::setNickname(). Review
of the code paths that call this function sanitize the parameter
higher up the stack, but it's escaped here to prevent mistakes later.
Note that nickname parameters are normally alphanum strings, so
there's not much danger in double-escaping them.
2013-07-16 10:09:16 -07:00
Evan Prodromou
e502bba259
Slightly more robust group-membership conversion
2013-06-30 12:07:55 -04:00
Evan Prodromou
8cc4660bd9
Better ID for notice activity
2013-06-15 12:07:52 -04:00
Evan Prodromou
7a5bd495c5
Better ID for notice activity
2013-06-15 12:07:34 -04:00
Evan Prodromou
bb0cf686df
Pass null to Profile::profileInfo()
2013-06-08 21:12:29 -04:00
Evan Prodromou
806f7d439a
Bad variable in Message::asActivity()
2013-06-08 21:07:51 -04:00
Evan Prodromou
f189d0b438
Bad variable in Message::asActivity()
2013-06-08 21:04:51 -04:00
Evan Prodromou
96d7b68c50
Store direct messages as an activity
2013-06-08 17:54:27 -04:00
Evan Prodromou
9fd2c3e1c9
Store direct messages as an activity
2013-06-08 17:45:49 -04:00
Evan Prodromou
14a111189d
Merge remote-tracking branch 'origin/master'
2013-06-08 14:57:20 -04:00
Evan Prodromou
2252a9ffaf
Throw exception if subscription is invalid
2013-06-08 14:56:57 -04:00
Evan Prodromou
08eca420ca
Add generator to JSON output
2013-06-07 11:35:06 -04:00
Evan Prodromou
fe2c0a9687
Add generator to JSON output
2013-06-07 11:34:54 -04:00
Evan Prodromou
25823f6e5b
Some better context for notices as arrays
2013-06-07 03:11:33 -04:00
Evan Prodromou
6164940e8c
Some better context for notices as arrays
2013-06-07 03:11:23 -04:00
Evan Prodromou
7229533b0f
Use real attachments for JSON output
2013-06-05 09:39:43 -04:00
Evan Prodromou
772383e84b
Use real attachments for JSON output
2013-06-05 09:39:13 -04:00
Evan Prodromou
15d466ebe6
Don't add content as title for notes
2013-06-04 19:53:07 -04:00
Evan Prodromou
736bc9cc96
Don't add content as title for notes
2013-06-04 19:52:38 -04:00
Evan Prodromou
b493f3839c
Use better type, title for service
2013-06-04 16:31:17 -04:00
Evan Prodromou
08c72a00e8
Use better type, title for service
2013-06-04 16:30:40 -04:00
Evan Prodromou
04f6e4ce7b
Better registrationActivity
2013-06-04 15:21:33 -04:00
Evan Prodromou
d81b257290
Better registrationActivity
2013-06-04 15:20:00 -04:00
Evan Prodromou
fa1a1851db
Add an ID to registered service
2013-06-03 09:11:29 -04:00
Evan Prodromou
9f94ed81ee
Add an ID to registered service
2013-06-03 08:55:00 -04:00
Evan Prodromou
7ad5ed1db9
Merge branch 'master' of gitorious.org:statusnet/mainline
2013-06-02 15:24:57 -04:00
Evan Prodromou
49d265faa0
Add a registration activity to the end of every backup
2013-06-02 14:41:41 -04:00
Evan Prodromou
cbb5586ab7
Add a registration activity to the end of every backup
2013-06-02 14:38:00 -04:00
Evan Prodromou
ea8151688e
Throw an exception converting fave to activity for non-existent notice or profile
2013-05-24 09:27:21 -04:00
Evan Prodromou
b359854150
Throw an exception converting fave to activity for non-existent notice or profile
2013-05-24 09:26:58 -04:00
Evan Prodromou
c5ef1e661e
By default Notice::asActivity has a null argument
2013-04-14 12:02:52 -04:00
Evan Prodromou
6f424eb80f
If there's an exception in notice distribution, continue
2012-11-25 10:39:49 -05:00
Evan Prodromou
1c3c269ab4
cache key for member_ids
2012-07-04 14:39:26 -04:00
Evan Prodromou
69fb79caae
Cache IDs rather than profile objects
2012-07-04 14:38:06 -04:00
Evan Prodromou
642b1044cc
Better user group member queries
2012-07-04 14:12:11 -04:00
Evan Prodromou
acf52a3041
Hide stuff if there's an exception getting the profile
2012-05-04 23:37:12 -04:00
Evan Prodromou
5f2b62927c
let author see own spam
2012-04-23 21:25:53 -04:00
Evan Prodromou
4746016dd5
Don't convert deleted notices into repeats in Notice::asActivity()
2012-04-23 19:15:12 -04:00
Evan Prodromou
04ad0838be
Add spam-training, spam-reviewing rights
...
Replaced the check for a moderator role in certain spam-training and
-reviewing points. Make sure modhelpers can check, too.
2012-03-25 13:18:16 -04:00
Evan Prodromou
3e46a9b164
Make blocks work for non-subscription deliveries
2012-03-23 12:55:51 -04:00
Evan Prodromou
3b09465fc4
flush anonymous scope when a profile is silenced
2012-03-22 11:37:59 -04:00
Evan Prodromou
d98a4be24e
Merge branch '1.0.x'
2012-03-21 16:40:51 -04:00
Evan Prodromou
1c625bd040
show correct conversation notice count
2012-03-21 16:40:42 -04:00
Evan Prodromou
8706d8d351
double-check profile
2012-03-21 13:05:15 -04:00
Evan Prodromou
ad1649e4ba
Pass profile down to spam-hiding function
2012-03-21 13:02:45 -04:00
Evan Prodromou
d942072a6c
Optionally hide spam from timelines
...
For sites with a lot of spam, this will hide that spam from timelines for everyone but moderators.
2012-03-21 10:26:00 -04:00
Evan Prodromou
d2d75823a4
Use this for scope check
2012-03-20 21:13:35 -04:00
Evan Prodromou
b65db93d29
New events for overriding scope checks
2012-03-20 16:39:43 -04:00
Evan Prodromou
b4da5f3785
Merge branch 'master' into 1.0.x
...
Conflicts:
plugins/Blacklist/BlacklistPlugin.php
2012-03-08 06:08:11 -06:00
Evan Prodromou
3117c38044
Revert "when silencing, blow scope for not-logged-in users"
...
This reverts commit 04f71a42d3
.
2011-12-31 09:35:22 -08:00
Evan Prodromou
70f9d41c4c
Revert "Hide posts by silenced users"
...
This reverts commit d22fc7423c
.
2011-12-31 09:34:42 -08:00
Evan Prodromou
04f71a42d3
when silencing, blow scope for not-logged-in users
2011-12-31 09:15:32 -08:00
Evan Prodromou
d22fc7423c
Hide posts by silenced users
2011-12-31 08:56:54 -08:00
Siebrand Mazeland
2624afbcd4
Crazy gettext way to support two plurals in one string.
2011-12-28 12:44:42 +01:00
Siebrand Mazeland
eb124c5a67
Add missing space between two sentences.
2011-12-28 12:35:03 +01:00
Michele macno Azzolari
ad2fd9abd4
Fix whitescreen on recoverpassword with unknown user
2011-12-02 15:48:29 -05:00
Evan Prodromou
499e7d7c41
Squashed commit of the following:
...
commit 74c5e4cce42ae601c07b447e100f097c15ebf9d2
Author: Evan Prodromou <evan@status.net>
Date: Thu Oct 20 12:48:52 2011 -0400
Add back in some optimization indices lost in schema conversion
commit ef5c2acfcd123b25910a1c8bb4ae01a3f9608e5e
Author: Evan Prodromou <evan@status.net>
Date: Thu Oct 20 12:29:57 2011 -0400
restore some of the lost optimized indices on notice table
2011-10-20 12:50:39 -04:00
Evan Prodromou
22fead1b46
Squashed commit of the following:
...
commit fb1dfa9e98ded23fb5bdebae6465424a8cb8acd6
Author: Evan Prodromou <evan@status.net>
Date: Thu Oct 20 10:40:07 2011 -0400
Use popular notice stream for favorited page
commit e1d409ff738e39061ad35589d546ce9bed456975
Author: Evan Prodromou <evan@status.net>
Date: Thu Oct 20 10:32:23 2011 -0400
Use a caching stream for popular notice section
Instead of a big cached query, we now use a caching notice stream for
the popular notice section. It uses a single-table query at the
bottom, then scopes the notices and filters for silenced users. This
should be much nicer to our database servers.
Also clears the popular cache when someone favors or disfavors
something. A nice optimization would be to save the last weights and
re-calculate them at invalidation time, adding the new notice (or not)
depending on its own score. That will have to wait for another day,
though.
commit e9b7ab4c26c95e755adaff53c3957dcfca31c16b
Author: Evan Prodromou <evan@status.net>
Date: Thu Oct 20 10:31:14 2011 -0400
Let CachingNoticeStream users skip the ';last' optimization
2011-10-20 10:40:39 -04:00
Brion Vibber
69e95bb9c8
Merge branch 'compound-keys-fix' into 1.0.x
2011-09-30 11:55:36 -07:00
Evan Prodromou
e3c010a870
try to check whether file exists over and over and over
2011-09-30 13:03:42 -04:00
Evan Prodromou
cd3bc8f4ef
correct groups from Profile::getGroups()
2011-09-30 11:38:06 -04:00
Zach Copley
ba4bda9beb
Fix display of group admin avatars
2011-09-30 00:57:54 +00:00
Brion Vibber
1d15037d6a
Further fixes to Managed_DataObject::_allCacheKeys(): now uses self::multicacheKey() to generate the (possibly compound) keys, which makes it match the order of the keys used when calling pkeyGet().
...
This should resolve the issues darkip was reporting with user_im_prefs entries returning null immediately after insertion (seen with memcached off, so it was happening even with the built-in in-process cache in the Cache base class).
What was happening was that the initial pkeyGet() would end up saving a negative cache entry under the form with the fields sorted in the key, as via multicacheKey():
'statusnet:blaguette:user_im_prefs:screenname,transport:brionv,sms' => 'N;'
then we'd do an insert() on the new entry, saving cache entries for the non-sorted key names returned by _allCacheKeys():
'statusnet:blaguette:user_im_prefs:transport,screenname:sms,brionv' => 'O...'
'statusnet:blaguette:user_im_prefs:user_id,transport:1234,sms' => 'O...'
but the next query via pkeyGet() still saw the negative lookup cache from before, and came back with null.
Now, _allCacheKeys() sorts the fields in the keys by using the same key-builder function, and queries pick up the same thing you just inserted. :)
2011-09-29 15:21:52 -07:00
Evan Prodromou
699a90f11c
Show Event attendees in mini-list
2011-09-29 15:12:30 -04:00
Brion Vibber
69765a0550
Fix for caching with compound keys: add Managed_DataObject::_allCacheKeys() to override the one in Memcached_DataObject.
...
Memcached_DataObject doesn't quite fully understand unique indexes, and can't properly build cache keys for compound unique or primary keys.
Managed_DataObject has more information in its schema data, so we can build a proper list.
2011-09-28 18:32:43 -07:00
Evan Prodromou
c70c7db1c5
Remove unique key on file_thumbnail.url
...
We're getting "DB error: already exists" on thumbnails coming from
embed.ly. We don't need this to be unique, so let's avoid that.
2011-09-28 15:48:20 -04:00
Evan Prodromou
9143d4f384
Merge branch '1.0.x' into testing
2011-09-27 11:33:13 -04:00
Evan Prodromou
5ccae1313c
Query errors in Profile_tag
2011-09-27 11:32:05 -04:00
Evan Prodromou
88c00facc8
fix getOtherTags() to not use joinAdd()
2011-09-27 10:51:02 -04:00
Evan Prodromou
707f90d012
missed an AND
2011-09-27 10:47:13 -04:00
Evan Prodromou
ce044c40fb
rewrite Profile_tag::getTagsArray() so it doesn't use joinAdd()
2011-09-27 09:42:34 -04:00
Zach Copley
ec53e68cf2
Merge branch 'testing' of gitorious.org:statusnet/mainline into testing
2011-09-27 04:33:00 +00:00
Zach Copley
3b28f226c7
Facebook bridge back in business with new JS-SDK and OAuth 2.0 flow.
...
Might be better to rewrite the login mechanism to use server side flow
now that Facebook provides it.
2011-09-27 04:09:47 +00:00
Evan Prodromou
8c710ad2c1
Merge commit 'refs/merge-requests/158' of git://gitorious.org/statusnet/mainline into merge-requests/158
...
Conflicts:
classes/Profile_list.php
lib/peopletagnoticestream.php
2011-09-26 17:11:49 -04:00
Evan Prodromou
ea1a11a087
site-wide option to enable old-school settings
2011-09-24 09:46:13 -04:00
Evan Prodromou
ddc121c085
New table for all old-school UI prefs
2011-09-24 07:12:34 -04:00
Evan Prodromou
02a30cf47c
start using stream mode prefs instead of separate parameter
2011-09-23 17:50:38 -04:00
Evan Prodromou
8fa816c324
don't use potentially bad Profile values
2011-09-22 16:29:31 -04:00
Evan Prodromou
a28a6d2f72
fixup bad class constant in Notice
2011-09-19 16:11:43 -04:00
Evan Prodromou
2c1911bfae
Short-circuit bugs by defining Profile::getProfile()
2011-09-18 19:29:23 -04:00
Evan Prodromou
48625da04b
Automatically add or drop fulltext indexes
2011-09-18 18:28:44 -04:00
Zach Copley
3bf3b6686c
Remove fulltext indexes from notice and profile tables. The default
...
for fulltext search is 'like' (MySQLLikeSearch) which doesn't require
them.
2011-09-18 14:17:41 -07:00
Evan Prodromou
8f78743198
correct the URI-generation for group memberships
2011-09-12 13:36:12 -04:00
Evan Prodromou
a740556e3f
is_int() -> \!is_null()
2011-09-08 13:05:17 -04:00
Evan Prodromou
5680eb74d0
default scope value is null, determined by site/private
2011-09-08 12:38:11 -04:00
Evan Prodromou
3056b109a2
Quietly skip trying to load config if there's an error in DB
2011-09-08 12:01:06 -04:00
Evan Prodromou
9948523c33
Merge branch 'master' into testing
2011-09-08 09:03:33 -04:00
Zach Copley
e59b30c14b
Fix E_NOTICE from attempt to access undefined array key
2011-09-07 21:45:49 -07:00
Siebrand Mazeland
23eb49a017
Update translator documentation and i18n.
2011-08-30 11:43:27 +02:00
Siebrand Mazeland
5a37d0bdc6
Add translator documentation.
2011-08-30 11:04:54 +02:00
Siebrand Mazeland
c4fd560b32
Fix i18n issues
...
Remove trailing whitespace and convert leading tabs to spaces
2011-08-30 11:03:26 +02:00
Evan Prodromou
a2ea31bc80
Merge branch '1.0.x' of gitorious.org:statusnet/mainline into 1.0.x
2011-08-27 18:22:03 -04:00
Evan Prodromou
51764be5a1
For fave count, don't use distinct
2011-08-27 18:21:44 -04:00
Zach Copley
e26d3b0ede
Merge branch '1.0.x' of gitorious.org:statusnet/mainline into 1.0.x
...
* '1.0.x' of gitorious.org:statusnet/mainline:
Issue #546 : enable case-insensitive searching in MySQL
remove more groupnav
remove group nav
shorter title for tag cloud section on groups
remove group nav
move pending queue to sidebar
Move group logo edit from object nav to block actions
Show blocked users from group in section
2011-08-27 14:27:15 -07:00
Dan Scott
db9ac1a531
Issue #546 : enable case-insensitive searching in MySQL
...
MySQL needs the collation utf8_general_ci to support case-insensitive
searching. lib/mysqlschema.php already supports a 'collate' attribute on
a per-column basis, so we just need to take advantage of that attribute
on the columns we want to search and Bob (and BOB, and bOB) is your
uncle.
Signed-off-by: Dan Scott <dan@coffeecode.net>
2011-08-27 16:36:58 -04:00
Evan Prodromou
804c343a9f
move pending queue to sidebar
2011-08-27 16:05:58 -04:00
Evan Prodromou
330af9991f
Show blocked users from group in section
2011-08-27 15:46:05 -04:00
Zach Copley
32fa6dd7a2
Fix logging level in log msg
2011-08-27 12:42:09 -07:00
Evan Prodromou
f81c1f7554
use an array of profiles rather than a looping cursor for profile lists
2011-08-27 12:53:15 -04:00
Evan Prodromou
4f86e05d03
wrap use of repeated element in existence check
2011-08-27 10:02:11 -04:00
Evan Prodromou
34a0525b67
Profile uses joinAdd() with explicit arguments
2011-08-26 11:48:40 -04:00
Evan Prodromou
a47c372ac4
explicit join for subscribers to a profile list
2011-08-26 11:39:06 -04:00
Evan Prodromou
b83af83b82
return links for foreign keys
2011-08-26 11:37:45 -04:00
Evan Prodromou
968cef0fc6
strtolower() the class name in cache keys for listGet()
2011-08-24 17:30:17 -04:00
Zach Copley
307a75e3a7
Fix deprecated call-time pass by references
2011-08-23 09:52:48 -07:00
Zach Copley
1507c32454
Fix warnings - function arguments should expect values instead of references
2011-08-23 09:49:32 -07:00
Evan Prodromou
b73eaa44de
emit fewer notices for group joins
2011-08-23 11:49:45 -04:00
Evan Prodromou
5c3bc19968
Re-add lost verb column for Notice
2011-08-23 11:42:18 -04:00
Evan Prodromou
be4d9082f9
Merge branch '1.0.x' into activity
2011-08-23 00:41:03 -04:00
Evan Prodromou
2ea17b0749
use references for Notice::_setFaves() and Notice::_setRepeats()
2011-08-23 00:40:54 -04:00
Evan Prodromou
c712eefe14
Merge branch '1.0.x' into activity
2011-08-23 00:17:39 -04:00
Evan Prodromou
ce5b44158e
Get primary key for default value in Memcached_DataObject::staticGet()
2011-08-23 00:14:20 -04:00
Evan Prodromou
01c2c31c1e
Merge branch '1.0.x' into activity
...
Conflicts:
db/core.php
2011-08-22 18:13:02 -04:00
Evan Prodromou
feb9030fb9
Remove sequenceKey() since we now use Managed_DataObject
2011-08-22 18:05:37 -04:00
Evan Prodromou
7c6399a51a
Remove now-unused statusnet.ini
2011-08-22 18:03:05 -04:00
Evan Prodromou
6ed88dee94
forgot Group_member::schemaDef()
2011-08-22 18:02:29 -04:00
Evan Prodromou
9ca3c3d1c3
move core schema to class files
2011-08-22 17:52:02 -04:00
Evan Prodromou
34d0e1088d
add URI members to social activity classes
2011-08-22 16:36:23 -04:00
Evan Prodromou
48bb784400
add a verb column to the notice table
2011-08-22 16:02:14 -04:00
Evan Prodromou
2f1751568a
pre-fill repeats of notices
2011-08-22 12:39:37 -04:00
Evan Prodromou
d3399e93e8
use listGet() for ConversationNoticeStream
2011-08-22 12:25:04 -04:00
Evan Prodromou
0a17e7cf9f
Merge remote-tracking branch 'gitorious/1.0.x' into 1.0.x
...
Conflicts:
classes/Memcached_DataObject.php
2011-08-22 11:25:13 -04:00
Siebrand Mazeland
73806460ce
Add translator documentation.
...
Fix incorrect i18n.
Whitespace updates.
2011-08-19 17:38:43 +02:00
Evan Prodromou
ac268773bf
Pass correct notice id to Memcached_DataObject::listGet() in getFaves()
2011-08-08 12:01:39 -04:00
Evan Prodromou
f405ffa507
Corrected pkeys for listGet()
2011-08-08 12:01:15 -04:00
Evan Prodromou
ed31052d26
Store pkeys in cache for listGet()
...
I was storing the full objects in the cache for the listGet()
function. I've changed it to store only pkeys, and use pivotGet() to
get all the corresponding values.
This also required changing pivotGet() so it can get objects with
multi-column pkeys, which complicated the whole thing quite a bit. But
it seems to work OK.
2011-08-08 10:22:20 -04:00
Evan Prodromou
16042387a0
pre-fill the addressees of notices in a list
2011-08-03 00:59:09 -04:00
Evan Prodromou
ba6235a446
Get faves in Notice and pre-fill
2011-08-03 00:04:18 -04:00
Evan Prodromou
dfbdd481fa
Pre-fill Notice attachments
2011-08-02 23:12:21 -04:00
Evan Prodromou
9a84907d17
Remove unused File::getAttachments()
2011-08-02 23:11:41 -04:00
Evan Prodromou
d918ee95f4
pre-fetch groups for notices
2011-08-02 18:13:56 -04:00
Evan Prodromou
447ae92eca
only do a db call if need to fetch some in listGet()
2011-08-02 18:12:46 -04:00
Evan Prodromou
435c08a753
add listGet() method
2011-08-02 17:20:51 -04:00
Evan Prodromou
5081c56ea4
remove some debugging stuff in Profile::fillAvatars()
2011-08-02 13:14:11 -04:00
Evan Prodromou
af49545e95
reduce the number of calls to get profile groups
2011-08-02 12:14:55 -04:00
Evan Prodromou
06e2422517
pre-fill avatars for Profiles in a notice list
2011-08-02 11:54:27 -04:00
Evan Prodromou
e05f423bea
properly cache nulls for pivotGet()
2011-08-02 11:54:10 -04:00
Evan Prodromou
14fe22e430
define Reply::pkeyGet()
2011-08-02 11:15:20 -04:00
Evan Prodromou
02880f5a8c
use pkeyGet() instead of getReplies() checking addressee scope
2011-08-02 11:09:30 -04:00
Evan Prodromou
9a78d70441
remove debugging statement in Memcached_DataObject::multiGet()
2011-08-02 10:58:25 -04:00
Evan Prodromou
72ed297214
New method Memcached_DataObject::pivotGet()
...
This method lets you get all the objects with a given variable key and
another set of "fixed" keys. A good example is getting all the avatars
for a notice list; the avatar size stays the same, but the IDs change.
Since it's very similar to multiGet(), I refactored that function to
use pivotGet().
And, yes, I realize these are kind of hard to follow.
2011-08-02 10:46:29 -04:00
Evan Prodromou
200e18cd71
reduce the number of queries required to get a notice's groups
2011-08-01 16:59:43 -04:00
Evan Prodromou
a3ef80941e
use multiGet() for a profile's groups
2011-08-01 15:18:29 -04:00
Evan Prodromou
874f1db389
Pre-fill profiles in notice streams
2011-08-01 14:51:59 -04:00
Evan Prodromou
d17a30ada4
reverse order of defaults and options in Notice::saveNew()
2011-07-20 11:53:47 -04:00
Evan Prodromou
e07620a0aa
change array add to array merge
2011-07-20 11:42:17 -04:00
Evan Prodromou
d277f343ca
Encode repeats as share activities
2011-07-18 17:06:03 -04:00
Evan Prodromou
98064e6336
Merge branch '1.0.x' of gitorious.org:statusnet/mainline into 1.0.x
2011-07-15 17:46:19 -04:00