Mikael Nordfeldth
e903bd0bc3
Hacky support for geo URI detection
...
Won't work with common_purify yet because there is no geo uri scheme for it
2016-02-03 14:19:08 +01:00
Mikael Nordfeldth
b1ed1f48ea
Configurable linkify for bare IPv4/IPv6
2016-02-03 12:55:00 +01:00
Mikael Nordfeldth
a2b914ce60
Get URL schemes by URL type
2016-02-03 00:18:37 +01:00
Mikael Nordfeldth
36f099958c
Don't match @nickname on @nickname@server.com
2016-01-29 15:53:58 +01:00
Mikael Nordfeldth
cb40f72c7e
Use the profile URI when linking instead of URL
...
since we'll then get to /user/$id instead of /$nickname which is
good for future archives if someone changes their nickname...
2016-01-29 15:21:01 +01:00
Mikael Nordfeldth
7e6783bb8f
Replace htmLawed with HTMLPurifier
2016-01-28 19:01:13 +01:00
mmn
42545c6625
Merge branch 'mention_branch' into 'nightly'
...
correct mentions if parent mentions multiple users with same nickname (don't use first one for all)
See merge request !82
2016-01-26 21:15:25 +00:00
Mikael Nordfeldth
a9d18a077e
Harmonize, clarify, categorize URL schemes
...
Regular expression + avoid-redirection list now match each other.
2016-01-24 12:47:31 +01:00
Mikael Nordfeldth
1cec627d72
Allow bitcoin scheme to URLs
2016-01-24 12:44:28 +01:00
hannes
de047f9727
correct mentions if parent mention multiple users with same nickname (don't use first one for all)
2016-01-19 13:41:25 +00:00
mmn
44c10bb2aa
Merge branch 'oembed_branch' into 'nightly'
...
purify oembed html and don't allow cdata
hopefully we never need stuff in cdata
reason for this is that this link serves javascript in its oembed data: https://www.maketecheasier.com/switch-windows-10-to-linux/
see:
https://www.maketecheasier.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.maketecheasier.com%2Fswitch-windows-10-to-linux%2F
i don't feel we want that in our database.
See merge request !79
2016-01-15 13:11:35 +00:00
Mikael Nordfeldth
29b45bb87a
Unnecessary call to User::getKV
2016-01-13 20:08:17 +01:00
Mikael Nordfeldth
818aaa0578
We didn't get profiles from the new-style attention system
2016-01-13 18:35:25 +01:00
hannes
3e7e3de554
don't allow cdata elements in purified html
2016-01-13 16:01:27 +00:00
Mikael Nordfeldth
8c28e54ccc
same as previous, but for mime_to_ext
2016-01-12 13:14:17 +01:00
Mikael Nordfeldth
dbe5d72e4c
If all file extensions are supported we have no list of comparisons
2016-01-12 13:08:54 +01:00
hannes
a1b509bb0b
forgot we need access to $html too
2016-01-11 20:58:34 +00:00
hannes
8d331b0f35
EndCommonPurify event
2016-01-11 20:54:19 +00:00
Mikael Nordfeldth
1a46d86ca6
lib/util.php quick function to do var_export($var,true)
...
Immensely useful when debugging and we want to put quotes around strings,
potentially stopping any "evil logging attacks" (where input data masks
as logging data).
2016-01-11 19:52:54 +01:00
Mikael Nordfeldth
5ef10a14ef
Get group attentions too for outbound notices
2016-01-09 15:06:44 +01:00
Mikael Nordfeldth
33194b3cff
Attention goes to the parent notice author too
2016-01-08 02:58:31 +01:00
Mikael Nordfeldth
801ca3531b
common_find_attentions to populate activities from content text
2016-01-07 23:23:37 +01:00
Mikael Nordfeldth
be58fd64f5
Use index for File url (urlhash)
2016-01-07 18:13:10 +01:00
hannes
0b4b0de412
longurl in href
2016-01-05 23:14:51 +00:00
hannes
8b78e01d4c
$longurl->url is just the same $canon we fed to File_redirection::where()
2016-01-05 23:06:02 +00:00
Mikael Nordfeldth
e02c10a589
common_render_content doesn't require a Profile now
2016-01-01 18:40:58 +01:00
Mikael Nordfeldth
10973dcf69
Don't require a notice object to common_linkify_mentions
2016-01-01 18:20:42 +01:00
Mikael Nordfeldth
ef4e61c91b
Merge branch 'master' into nightly
2015-12-14 22:03:04 +01:00
mmn
edd62e58fd
Merge branch 'at-mention-url' into 'master'
...
MentionURL Plugin
This plugin enables users to use the syntax `@twitter.com/singpolyma` to mention users the system does not know about, or to be more specific when a nickname is ambiguous.
See merge request !53
2015-12-14 21:01:42 +00:00
Mikael Nordfeldth
c498db147a
ircs URLs work fine in Firefox at least
2015-12-05 13:02:49 +01:00
Stephen Paul Weber
a9b1b60a97
Refactor on File::processNew
...
The code was so involved there was even a comment asking for a refactor.
Now, File_redirection::where always returns a nice File_redirection
object instead of an array or string or nothing. The object is
either one which already existed or else a new, unsaved object.
Instead of duplicating "does it exist" checks everywhere, do it in
File_redirection::where. You either get what exists or something to save.
An unsaved File_redirection may be paired with an unsaved File.
You will want to save the File first (using ->saveFile()) and put the
id in File_redirection#file_id before saving.
2015-11-02 05:15:08 +00:00
Stephen Paul Weber
2207eacc92
New length format for other kinds of mentions
2015-10-28 00:15:08 +00:00
Stephen Paul Weber
fed0895d98
Move the functionality to a plugin
...
Use an associated model to prevent race conditions on creating the
profile object.
2015-10-28 00:11:54 +00:00
Stephen Paul Weber
21979bb7d7
Allow users to @mention URLs
...
Because inferring who you mean (especially in the presence of remotes) can suck
2015-10-23 21:15:40 +00:00
Mikael Nordfeldth
2aed59a02a
Diaspora plugin is almost there (for remote salmon slaps at least)
2015-10-04 12:06:48 +02:00
Mikael Nordfeldth
80bc7f0e25
File handling changes for better logic
...
Also prepares for StoreRemoteMediaPlugin, coming up...
2015-10-01 22:14:49 +02:00
Mikael Nordfeldth
3a6c98ff16
NoResultException is common if reply_to was not cleared on parent deletion
2015-09-30 22:55:06 +02:00
Mikael Nordfeldth
ad3b62cf2f
ShowprofiletagAction now extends ShowstreamAction
2015-09-27 23:46:30 +02:00
Mikael Nordfeldth
4354ce21d1
introducing html_sprintf for easier sprintf'ing with htmlspecialchars
2015-09-06 01:53:11 +02:00
Mikael Nordfeldth
cfaaf3c13c
PasswordsettingsAction aligned with FormAction
...
Also made some changes in the password "munging" function call
common_munge_password to accept a profile instead of user ID (which
was only there because stoneage StatusNet used the ID to generate a
not-very-random salt, but nowadays we primarily use AuthCrypt plugin).
2015-07-17 01:47:43 +02:00
Mikael Nordfeldth
44dc00a58c
Non-replies cannot harvest parent notice nicknames
...
A feature we use of parent notices is that if you use the same @user
as the parent notice, the same @user will be notified, regardless if
there might be @user@site.com as well as @user@example.com and you're
subscribed to just one of them (or both, or none of them!).
But this threw an exception since we tested this on new notice threads.
2015-07-16 12:53:10 +02:00
Mikael Nordfeldth
cd23c78800
Less redundant code.
2015-07-15 19:21:21 +02:00
Mikael Nordfeldth
0726dcd06c
Start using NoParentNoticeException more widely
2015-06-02 13:50:52 +02:00
Mikael Nordfeldth
6b9a8b7b19
Reuse code from our classes, don't write own algorithms
2015-06-02 13:45:22 +02:00
Mikael Nordfeldth
e728e2aa81
typing, added typing to some common_* calls in util.php
2015-06-02 13:19:12 +02:00
Mikael Nordfeldth
d010c5a581
magnet URL linkify support
2015-05-09 15:54:09 +02:00
Mikael Nordfeldth
8439efe77d
Filter out img, video and audio tags in notice HTML
...
Because we don't want to auto-fetch items from a remote server. Such
items should be delivered as attachment metadata and portrayed in the
way the local instance chooses.
Choices for portrayal are either simply nullifying this and embedding
the data, linking the file remotely requiring a manual click or maybe
use remote oEmbed data etc. to download files locally so no remote
requests have to be made.
2015-03-15 14:35:29 +01:00
Mikael Nordfeldth
8fac7a9f6c
StatusNet class renamed GNUsocial
...
also added backward compatible StatusNet class for the two calls I know
third party plugins use, isHTTPS and getActivePlugins
2015-02-27 12:44:15 +01:00
Mikael Nordfeldth
48f8f3f5cf
php5-intl is recommended but not required
2015-02-26 22:58:36 +01:00
Mikael Nordfeldth
3dce6d9f6a
Implement a common_purify for htmLawed and more
...
We're removing unicode formatting characters as well, such as RTL marks.
For more info on why we're because extra cautious (but may accept the
characters in later versions) you can read:
https://blog.malwarebytes.org/online-security/2014/01/the-rtlo-method/
2015-02-18 00:10:31 +01:00