c5a4921176
log with var_export (our shorthand _ve())
2016-10-23 12:14:02 +02:00
8614cd77eb
A good plugin but not necessary as default.
2016-10-22 19:27:07 +02:00
1c5e364880
Merge branch 'master' into mmn_fixes
2016-09-13 11:26:03 +02:00
7d67eefdf5
wrong variable was referenced
2016-09-13 11:24:57 +02:00
500ff6be1a
Merge branch 'master' into mmn_fixes
2016-09-02 01:04:54 +02:00
18670c69b2
Merge branch 'master' of git.gnu.io:gnu/gnu-social
2016-09-02 01:01:57 +02:00
a7043bf7cc
Split up source and source_link. Never trust HTML!
...
https://community.highlandarrow.com/notice/269667
or alternatively: https://social.umeahackerspace.se/conversation/495655
2016-09-02 01:00:52 +02:00
15ab9ff9e3
common_to_alphanumeric added, filtering Notice->source in classic layout
2016-09-02 01:00:08 +02:00
59b93b23e2
Split up source and source_link. Never trust HTML!
...
https://community.highlandarrow.com/notice/269667
or alternatively: https://social.umeahackerspace.se/conversation/495655
2016-09-02 00:55:46 +02:00
e6b3924a5d
common_to_alphanumeric added, filtering Notice->source in classic layout
2016-09-02 00:08:17 +02:00
af6a3aa456
Make Group actions ManagedAction so groupbyid works
2016-08-28 09:34:31 +02:00
a32bfe7d87
TagCloud turned into plugin (performance issues on large installs)
2016-08-27 15:24:25 +02:00
4314a286e3
Less convoluted attachmentlistitem function calls
2016-08-21 09:25:16 +02:00
fc06c599bc
dbqueuemanager should ignore on no-result-exceptions
2016-08-16 20:27:41 +02:00
1f866fcaed
ActivityGenerationTests.php fails but doesn't crash anymore.
...
Fixed an error where a profile id was reused after another profile was
deleted, and the new profile still had the deleted role.
Fixed ActivityGenerationTests::testNoticeInfoRepeated() which was passing
User instead of Profile, throwing errors.
tests/ActivityGenerationTests.php now passes.
CommandInterpreterTest now passes.
Moved JidValidateTest to XmppValidateTest, since Jabber functionality has
moved to the XmppPlugin. Tests work but don't pass, but they are at least
skipped if XmppPlugin is not active.
LocationTest passes, but the tests are not very good. Lots of nulls.
MediaFileTest passes.
NicknameTest passes. Nickname::normalize() now throws an error if the
nickname is too long with underscores.
UserFeedParseTest passes.
URLDetectionTest passes if $config['linkify']['(bare_ipv4|bare_ipv6|
bare_domains)'] are false. Untested otherwise.
Fixed Nickname::isBlacklisted() so it does not throw an error if
$config['nickname]['blacklist'] not set.
2016-08-14 11:55:49 +05:30
557e430c7d
Reference local URLs in addressee list on notices.
2016-08-06 18:32:14 +02:00
e52275e37f
Some comparisons were incorrect (text/html;charset=utf-8 etc.)
2016-07-21 01:38:31 +02:00
d5c733919b
Because the other part of the code works now, this is unnecessary
2016-07-21 00:34:40 +02:00
e8e996182f
Delete file on class destruction or we do it too quickly
...
Source image was removed when trying to use it for resizeTo
2016-07-21 00:23:27 +02:00
46c227bf3a
FileNotFoundException is more proper here
2016-07-15 13:19:16 +02:00
36cfe9f857
Delete successfully generated thumbnail (temporary sources) too.
2016-07-15 12:52:20 +02:00
6332a4d800
Handle FileNotStoredLocallyException in attachmentlistitem
2016-07-07 00:45:31 +02:00
f02d32b718
Reworked File->getUrl to throw exception
...
In case you require a local URL and one can't be generated, throw
FileNotStoredLocallyException(File $file)
2016-07-07 00:44:50 +02:00
71afb5be75
If the file is text/plain, see if we accept the extension
2016-07-06 09:34:09 +02:00
4117118e23
More specific exceptions for mimetype/extension issues.
2016-07-06 09:14:59 +02:00
b4a0bff740
Some mimetype madness!
2016-07-06 08:59:16 +02:00
a833eaa651
Make all hash algorithms available (but whitelist by default)
...
sha1 is whitelisted only because StatusNet requires it.
2016-06-28 11:54:39 +02:00
7978cd6d59
s/EmptyIdException/EmptyPkeyValueException/
2016-06-25 11:50:59 +02:00
0adb7af9a0
Allow a quickHead request, will only return headers
2016-06-24 15:43:20 +02:00
39e8c13afb
Properly parse incoming bookmarks
2016-06-24 13:51:40 +02:00
d00f19663b
bump to beta5 since phpseclib update (which might cause some issues still)
2016-06-18 00:05:54 +02:00
2e8a5aeb23
Merge branch 'tom/noreferrer' into 'nightly'
...
Use noreferrer when linkifying attachments and allow this value in purifier
If you click on a link in your main timeline this effectively identifies you to the site that you visited via the Referer header. (Who goes around reading other people's /user/all, honestly?)
Annoyingly our notice content is already HTML. Rather than attempt to parse and modify the tags in flight, this modification takes the simpler approach of adding the noreferrer tag to inline links by default when notices are composed.
See merge request !127
2016-06-17 16:32:39 -04:00
005b4c8dd1
Merge branch 'strict-warnings' into 'nightly'
...
Fix some strict warnings (Action::prepare, Action::handle)
I know MR with changes to a bunch of files aren't great practice, but I figured since all the changes are one-liners it might not be a huge deal.
Related to #190
See merge request !123
2016-06-17 16:29:47 -04:00
d66b495ba8
Merge branch 'notice-location' into 'nightly'
...
Re-enable notice locations
Removed a stray 'return' statement.
See merge request !125
2016-06-17 16:28:56 -04:00
d4295cfb25
Merge branch 'webmention-rocks' into 'nightly'
...
webmention.rocks
I have improved the webmention handling so that all but two of the webmention.rocks compliance tests pass now. Also improved parsing of time/authors on incoming webmentions.
See merge request !128
2016-06-17 16:26:21 -04:00
5e131aed80
Apparently medium.com uses @ frequently i URLs
...
and we skipped them because we assumed they were urlencoded when copied.
2016-06-17 11:20:36 +02:00
83e7ade714
When there is no useful title, class="p-name e-content"
2016-06-10 21:00:48 +00:00
c1537a1e82
Use noreferrer when linkifying attachments and allow this value in purifier
2016-06-09 19:56:36 +10:00
d02c75d019
Re-enable notice locations
...
Removed a stray 'return' statement.
2016-06-01 21:56:42 -04:00
9de79f0a36
Update prepare() method on Action subclasses.
...
Fixes handle()-related strict warnings such as "Strict Standards:
Declaration of AdminPanelAction::prepare() should be compatible with
Action::prepare(array $args = Array)
Ref. #190
2016-06-01 02:26:44 +00:00
ba2975aac8
Update handle() method on Action subclasses.
...
Fixes handle()-related strict warnings such as "Strict Standards:
Declaration of AdminPanelAction::handle() should be compatible with
Action::handle()"
Ref. #190
2016-06-01 02:26:44 +00:00
3138fa0b40
Check DB connection before any possible use
2016-05-24 16:49:50 +02:00
bd306bdb9f
Add /download action for attachments
2016-05-09 22:08:36 +02:00
3a6733dc98
2-frame GIF animations weren't recognised as animated
2016-05-04 11:57:55 +02:00
a5a96dd857
Misplaced break/continue statements.
2016-05-04 11:44:00 +02:00
87dd0fbdb6
UseFileAsThumbnailException uses direct File object now
2016-05-04 11:34:50 +02:00
7aa9a69c2f
Link to attachment page instead of big-ass image
2016-05-01 11:35:51 +02:00
9b613029e6
Merge branch 'master' into mmn_fixes
2016-04-18 16:10:50 +02:00
844fe3924e
put local id, href and such in ostatus:conversation element
2016-04-18 16:09:36 +02:00
107f612384
strict type comparison
2016-04-18 15:04:03 +02:00
4645033b98
"In conversation" text in noticelistitem
2016-04-08 13:44:22 +02:00
547f92de07
Don't fail deleteRelated on NoProfileException
2016-04-01 06:51:19 +02:00
44ea8aa681
Make sure $_SERVER['HTTP_REFERER'] isset when testing value
2016-03-31 20:51:50 +02:00
4ea79bc396
I was too quick to save that file (File::getByUrl takes 1 arg)
2016-03-29 14:33:40 +02:00
2f91cb0df7
We should assume all verbs and such are their full URIs in our db
2016-03-29 12:57:52 +02:00
dcffe5d992
Forgotten File::getByUrl conversations (performance++)
2016-03-29 12:13:53 +02:00
88e2f739a9
DOMElement not DOMDocument
2016-03-28 16:23:15 +02:00
7bef2ad4cc
Update Profile Data script fixes, might work for groups too now
2016-03-28 16:19:47 +02:00
f134a423f6
rename config option site/logdebug to log/debugtrace
2016-03-27 16:36:58 +02:00
9fa18fa366
HTTPClient::quickGet now supports headers as argument
...
They should be in a numeric array, already formatted as headers,
ready to go. (Header-Name: Content of the header)
2016-03-24 02:44:11 +01:00
f83b81b8c4
Change config webfinger/http_alias to fix/legacy_http
...
Set $config['fix']['legacy_http'] to perform some actions that are
needed if your site used to be served over http but now has upgraded
to https!
2016-03-23 15:21:02 +01:00
8933022edc
Forgot a microsummary route in the latest commit
2016-03-22 22:37:59 +01:00
dafe775ffa
Microsummaries had issues and were removed in Firefox 6.0 anyway
...
It is argued there are many better ways to get a "micro summary" of
a profile or site.
2016-03-22 22:31:01 +01:00
39ebb64b85
Added proper enabling and disabling of sending RTs to Twitter.
2016-03-21 07:12:52 -07:00
38f7deca78
Avoid "property of non-object" PHP notice.
2016-03-21 11:17:25 +01:00
1e89369ef8
geometa.js doesn't exist anymore
2016-03-21 03:23:39 +01:00
ae681b10e7
geometa.js doesn't exist anymore
2016-03-21 03:11:22 +01:00
980085a8a3
Merge branch 'master' of git.gnu.io:gnu/gnu-social into mmn_fixes
...
Conflicts:
plugins/Minify/extlib/minify/README.txt
plugins/Minify/extlib/minify/UPGRADING.txt
plugins/Minify/extlib/minify/min/README.txt
plugins/Minify/extlib/minify/min/builder/index.php
plugins/Minify/extlib/minify/min/lib/JSMin.php
plugins/Minify/extlib/minify/min/lib/Minify.php
plugins/Minify/extlib/minify/min/lib/Minify/CSS.php
plugins/Minify/extlib/minify/min/lib/Minify/CSS/Compressor.php
plugins/Minify/extlib/minify/min/lib/Minify/Controller/Page.php
plugins/Minify/extlib/minify/min/lib/Minify/Packer.php
plugins/Recaptcha/RecaptchaPlugin.php
2016-03-21 03:10:19 +01:00
cd24f7d30a
Issue #166 - we test exif data below, no need for error output
2016-03-21 02:56:47 +01:00
cdcf6cdb25
Hacky method to avoid cutting conversation "more" link out
2016-03-21 02:42:28 +01:00
aa3865c303
Split threaded notice list classes into own files.
2016-03-21 02:33:57 +01:00
11c57e7aee
Remove Google References
...
This removes most references to Google, with some
remaining since they may point to things which are still
relevant. References to Google Code, Google Buzz and
Google Maps have been removed
2016-03-20 13:06:58 +00:00
349e842078
UPDATE ActivityVerb
2016-03-14 15:26:03 +01:00
ca8f0f84c4
Woops, forgot to include this file!
2016-03-14 15:25:05 +01:00
5ca2a28246
Make oEmbed handle our http/https setting better.
2016-03-10 14:20:21 +01:00
bd75305560
Define-ify excluded end-characters of URL autolinking
2016-03-09 15:16:47 +01:00
c769924505
Reduce the number of allowed characters in auto-linking URLs.
2016-03-09 15:05:36 +01:00
d179afa303
Save allowed path/qstring/fragment characters in constants
2016-03-09 14:51:52 +01:00
e2c6f2f96f
Let's be consistent with URL verbs
2016-03-08 20:01:06 +01:00
cfc82591da
chmod 0775 directories we create
...
Security for the 'g+rx' should be handle by having the parent directory
inaccessible for global users, which is usually the case.
2016-03-07 23:23:32 +01:00
4e5c0e70a6
fillConfigVoids to set default value of empty config options
2016-03-07 22:55:52 +01:00
265fa12917
Relatively experimental change to store thumbnails in 'file/thumb/' (by default)
2016-03-07 22:33:34 +01:00
158b323767
Declare AdminpanelAction::canAdmin as static, since that's how it's used.
2016-03-06 17:31:40 +01:00
6ec72b2978
Move mail_confirm_address out of mail.php
2016-03-06 17:27:40 +01:00
0785e2910f
Merge branch 'no_sandboxed_repeats_branch' into 'nightly'
...
Don't include repeated notices from sandboxed users in the public timeline
See merge request !115
2016-03-05 08:08:42 -05:00
97ac722b24
Accessibility navigation improvement
2016-03-05 12:42:53 +01:00
7ca0ff9a19
MediaFile::fromUpload handles missing local file better
2016-03-05 12:05:12 +01:00
1db02d7f36
filename_base option isn't optimal
...
For different "download filenames" we should use some other method.
2016-03-05 11:59:46 +01:00
57d57b8d8f
Handle reuploads via filehandle better if original is missing
2016-03-05 01:26:34 +01:00
952f68fed5
File upload logging for dummies
2016-03-05 00:59:39 +01:00
7d4658643d
the repeated notice can be from a sandboxed user too
2016-03-04 16:53:57 -05:00
dc1ceca86e
Some more Microformats2 data for notices and rendering
2016-03-02 13:29:54 +01:00
6529fdd28d
Proper Microformats2 h-entry p-name + u-uid markup
2016-03-02 13:10:02 +01:00
d6598e790c
Introduce a ConfigException
2016-03-02 12:33:06 +01:00
9534969c05
Don't set is_local=LOCAL_NONPUBLIC on sandboxed user notices
...
Let's decide whether they are nonpublic by testing them when the notice
is shown instead.
2016-03-02 12:26:23 +01:00
a3b2118906
Make the public streams ModeratedNoticeStream (hide sandboxed users etc.)
...
Which streams should be put under ModeratedNoticeStream is probably open
to debate. But at least the public ones should hide the posts from users
that are sandboxed.
2016-03-02 11:50:50 +01:00
b4271a3533
Stricted typing + protected on FilteringNoticeStream->filter
2016-03-02 11:40:43 +01:00
99fbb181c1
Translation changes, use FancyName in email subject
2016-03-01 23:53:36 +01:00
47f408ca7c
Strict typing for mail_notify_attn
2016-03-01 23:37:11 +01:00
63c087a255
Consistent behaviour for ScopingNoticeStream $scoped
...
We don't guess the current profile anymore if the value of the profile === -1
Also sets $this->scoped for all ScopingNoticeStream inheritors, which just
like in an Action can be null if we're not scoped in any way (logged in).
2016-03-01 14:51:47 +01:00
7862b853bf
Make javascript XHR timeout a variable.
...
SN.V.xhrTimeout = [time in milliseconds];
2016-03-01 13:10:18 +01:00
6c43e9c2e0
Verify loaded config function, must be completed further.
2016-02-28 13:31:21 +01:00
747c91210f
HTMLPurifier cache settings, put stuff in subdir of get_sys_temp_dir()
2016-02-28 13:30:47 +01:00
cd978fa153
Edited the list of allowed rel values
2016-02-28 13:16:52 +01:00
52a3764ae4
Resolve relative URLs (assuming URI.Base==notice URL)
...
The real way to do this would be to get the xml:base property from
the Atom feed but it's probably not there in any posts we see today.
2016-02-26 14:46:26 +01:00
29662eef5e
Mentioning matches (@this too) now.
2016-02-26 00:08:51 +01:00
2669c51265
Allow sgf files if they're recognized in mime search
...
They are Go game files used on lamatriz.org. Note that my server
doesn't actually recognize these files and can identify the mime type,
but my browser did for some reason.
2016-02-26 00:05:07 +01:00
e6e1705852
Make uploads work properly if we accept _all_ attachment types
...
Also introduced $config['attachments']['extblacklist'] that can disable
certain file extensions (or rewrite them, for example php => phps)
2016-02-25 22:15:54 +01:00
128a00c4ab
Include feeds in Link HTTP headers, for easier discovery
2016-02-24 16:48:44 +01:00
b59dacb806
getAliases for Profile and Notice
...
Also move fancyurlfix into site-wide $config['fix']['fancyurls']
TODO: getByUri should make use of this directly I guess?
2016-02-23 14:00:59 +01:00
5f7032dfee
Verify that authenticated API calls are made from our domain name.
...
Evil forms on other websites could otherwise potentially be configured
to have action="https://gnusocial.example/api/statuses/update.json " or
whatever. XHR is already blocked with CORS stuff.
Really, why do browsers allow cross domain POSTs at all? Sigh. The web.
2016-02-22 15:19:10 +01:00
ce803f6d06
WebFinger aliases with 'index.php/'
2016-02-21 20:00:07 +01:00
893d117309
throw new, not just throw
2016-02-21 19:01:37 +01:00
23e66bef64
common_fake_local_fancy_url to remove index.php/ from a local URL
2016-02-21 18:48:18 +01:00
afbdcf8938
Don't publish mbox_sha1sum in FOAF by default.
...
We say the email is private data, so reasonably we shouldn't reveal it
indirectly through a hash sum: http://xmlns.com/foaf/spec/#term_mbox_sha1sum
2016-02-19 00:10:05 +01:00
a838c90951
Only show "public:site" in ToSelector if notice/allowprivate is true
2016-02-18 00:33:16 +01:00
f68d1ade3f
Put "Everyone" and "Everyone at [local instance]" at the top of ToSelector
2016-02-18 00:32:09 +01:00
543d968b81
NoAcctUriException->profile not $e directly
2016-02-18 00:13:59 +01:00
a361fdbd77
Sort ToSelector by AcctUri
2016-02-18 00:05:09 +01:00
73dbc5ca1b
Use ToSelector choice again.
2016-02-17 23:44:15 +01:00
d2c11925bf
To-selector padlock only shown if site config notice/allowprivate is true
2016-02-17 23:06:11 +01:00
5fbb01130a
By default, disallow users to set private_stream
2016-02-17 22:58:31 +01:00
d2507a6266
Gotta declare FullNoticeStream as abstract class
2016-02-16 02:24:38 +01:00
46829c6d3c
FullNoticeStream selects all verbs.
2016-02-16 02:21:39 +01:00
2d1b70c94d
created column was ambigououuuouuus
2016-02-15 09:59:34 +01:00
2301862ae6
We only want POST and SHARE in the inbox/home timeline right?
2016-02-15 09:59:18 +01:00
dcb7ce36d8
Show shares in public timeline
...
Also, the unselect rule for DELETE was useless anyway since it would
already have been filtered out by not having true.
(the => false stuff are for when you want ALL _except_ that)
2016-02-14 20:53:26 +01:00
e2a090c9cc
Use NoticeStream::filterVerbs for filtering in noticestreams
2016-02-14 20:46:13 +01:00
be14e15dac
Hide attachments in notices by silenced profiles
2016-02-13 13:17:39 +01:00
e5ad98e601
Silence action can only be used on non-priviliged users
2016-02-12 14:22:25 +01:00
f10625f8bc
file and avatar dirs on instances with no such dirs in filesystem
2016-02-12 02:29:33 +01:00
338df7e35b
Fix Nickname::isSystemPath() work properly for routes
2016-02-12 02:21:11 +01:00
67dfc0a046
application/xml allowed in uploads
2016-02-11 00:04:14 +01:00
733debd9b3
Use thumbnail upscaling config value
2016-02-10 04:40:54 +01:00
8806cce735
Default to avoid upscaling of thumbnails. 45x45=>450x450 is ugly
2016-02-10 04:40:10 +01:00
a61235086b
Use config site/sslproxy to force HTTPS (i.e. using reverse proxy to enable it)
...
Usage in config.php: $config['site']['sslproxy'] = true;
Add this to documentation...
2016-02-10 01:05:02 +01:00
ec257d940a
Either use or don't use HTTPS
...
The risk of injection attacks using HTTP is too great to allow a
site that allows both HTTP and HTTPS...
2016-02-10 00:57:39 +01:00
dcf29c2a07
s/isHTTPS/useHTTPS/ for HTTPS URL generation
2016-02-10 00:38:14 +01:00
cd71188d3a
SimpleCaptcha plugin to stop basic bots
2016-02-08 17:47:09 +01:00
d98784e059
Use functions instead of accessing properties in twitterUserArray
2016-02-08 12:21:58 +01:00
2938b3e960
Don't return true on requiresAuth if screen_name==='0'
2016-02-08 12:14:35 +01:00
13cf744fb3
Allow screennames that are === '0'
2016-02-08 11:40:46 +01:00
2686635f60
Keep the rel="tag" in HTML when purifying
2016-02-07 12:50:26 +01:00
d6664f5735
Hidespam by default
...
...why would something described as "Whether to hide silenced users from timelines"
be set to false by default? :)
2016-02-07 02:33:53 +01:00
098c8b1df4
NoHttpResponseException extends HTTP_Request2_ConnectionException
2016-02-07 01:52:20 +01:00
60804d1902
ES3 compatibility layer not necessary (noone uses IE8 etc.)
...
All browsers with javascript support also support ES5 nowadays. Anyone
using older software should upgrade for other reasons, such as security.
2016-02-04 11:37:24 +01:00
d5ecbd05a1
Forgot a break in a switch when rendering attachments.
2016-02-03 19:32:51 +01:00
9960714896
Disallow zero-length magnet URIs
...
magnet: would match, but now we have a zero-length lookahead which
requires the following character to be a question mark: magnet:?
2016-02-03 15:26:19 +01:00
90045d66ea
HTMLPurifierSchemes plugin to allow geo and magnet URIs
2016-02-03 14:36:51 +01:00
349dba8be0
Only allow our specified URI schemes
2016-02-03 14:31:16 +01:00
Mikael Nordfeldth
Nym Coy
Stephen Paul Weber
Thomas Karpiniec
Chimo
Sandro Santilli
Neil E. Hodges
Bob Mottram
hannes