Use noreferrer when linkifying attachments and allow this value in purifier
If you click on a link in your main timeline this effectively identifies you to the site that you visited via the Referer header. (Who goes around reading other people's /user/all, honestly?)
Annoyingly our notice content is already HTML. Rather than attempt to parse and modify the tags in flight, this modification takes the simpler approach of adding the noreferrer tag to inline links by default when notices are composed.
See merge request !127
Fix some strict warnings (Action::prepare, Action::handle)
I know MR with changes to a bunch of files aren't great practice, but I figured since all the changes are one-liners it might not be a huge deal.
Related to #190
See merge request !123
Site Notice: common_purify instead of HTMLPurifier
So that we can use our custom settings (e.g: extra URI schemes) in the
site notice textbox.
Ref. #170
See merge request !124
webmention.rocks
I have improved the webmention handling so that all but two of the webmention.rocks compliance tests pass now. Also improved parsing of time/authors on incoming webmentions.
See merge request !128
If the 'avatar' folder isn't writeable, don't let users try to
upload/delete one (and fail). Instead, print an error message about
the misconfigured folder permission.
Ref. #196
Fixes handle()-related strict warnings such as "Strict Standards:
Declaration of AdminPanelAction::prepare() should be compatible with
Action::prepare(array $args = Array)
Ref. #190
Fixes handle()-related strict warnings such as "Strict Standards:
Declaration of AdminPanelAction::handle() should be compatible with
Action::handle()"
Ref. #190
Now won't match possibly maliciously named remote profile URLs
(where the profile URL could be a notice URL for example, which
would mean the response would be incorrect)
When looking up remote entities, we should _only_ use the stored URI,
but that's for the future to do...