ec257d940a
Either use or don't use HTTPS
...
The risk of injection attacks using HTTP is too great to allow a
site that allows both HTTP and HTTPS...
2016-02-10 00:57:39 +01:00
dcf29c2a07
s/isHTTPS/useHTTPS/ for HTTPS URL generation
2016-02-10 00:38:14 +01:00
eaa394ed7d
bitcoin schema for HTMLPurifier
2016-02-08 20:20:31 +01:00
7c90d7022b
Require the license with HTML5
2016-02-08 17:56:35 +01:00
ef5ed10eb9
Log failed captcha entries
2016-02-08 17:51:21 +01:00
cd71188d3a
SimpleCaptcha plugin to stop basic bots
2016-02-08 17:47:09 +01:00
a30d34be7f
Returnto the previous page when deleting a notice.
2016-02-08 15:30:28 +01:00
d98784e059
Use functions instead of accessing properties in twitterUserArray
2016-02-08 12:21:58 +01:00
3dea259f52
Return intval from getID()
2016-02-08 12:21:46 +01:00
2938b3e960
Don't return true on requiresAuth if screen_name==='0'
2016-02-08 12:14:35 +01:00
13cf744fb3
Allow screennames that are === '0'
2016-02-08 11:40:46 +01:00
2686635f60
Keep the rel="tag" in HTML when purifying
2016-02-07 12:50:26 +01:00
1126f70786
Merge branch 'master' into mmn_fixes
2016-02-07 02:35:44 +01:00
7c7f2f890f
Hidespam by default
...
...why would something described as "Whether to hide silenced users from timelines"
be set to false by default? :)
2016-02-07 02:35:21 +01:00
d6664f5735
Hidespam by default
...
...why would something described as "Whether to hide silenced users from timelines"
be set to false by default? :)
2016-02-07 02:33:53 +01:00
58e852f7f7
Use the -y parameter for ffmpeg/avconv to be non-interactive
2016-02-07 01:59:21 +01:00
6bec22ea4e
Write to the tmp file in VideoThumbnails
2016-02-07 01:57:56 +01:00
25f623565a
Catch http exception in StoreRemoteMedia
2016-02-07 01:54:37 +01:00
098c8b1df4
NoHttpResponseException extends HTTP_Request2_ConnectionException
2016-02-07 01:52:20 +01:00
55546a5aab
Support ffmpeg and avconv depending on which you have
2016-02-07 01:02:59 +01:00
41e36e1f28
Unknown functionality of a script
...
Something added 6-8 years ago which we don't use anymore...
2016-02-04 12:16:36 +01:00
1f01356076
Fix issue #127 by catching exceptions
...
update-profile-data.php threw exceptions on http connection issues
2016-02-04 12:06:35 +01:00
60804d1902
ES3 compatibility layer not necessary (noone uses IE8 etc.)
...
All browsers with javascript support also support ES5 nowadays. Anyone
using older software should upgrade for other reasons, such as security.
2016-02-04 11:37:24 +01:00
d5ecbd05a1
Forgot a break in a switch when rendering attachments.
2016-02-03 19:32:51 +01:00
9960714896
Disallow zero-length magnet URIs
...
magnet: would match, but now we have a zero-length lookahead which
requires the following character to be a question mark: magnet:?
2016-02-03 15:26:19 +01:00
90045d66ea
HTMLPurifierSchemes plugin to allow geo and magnet URIs
2016-02-03 14:36:51 +01:00
2c83614170
HTMLPurifier caches were included accidentally
2016-02-03 14:35:26 +01:00
349dba8be0
Only allow our specified URI schemes
2016-02-03 14:31:16 +01:00
e903bd0bc3
Hacky support for geo URI detection
...
Won't work with common_purify yet because there is no geo uri scheme for it
2016-02-03 14:19:08 +01:00
b1ed1f48ea
Configurable linkify for bare IPv4/IPv6
2016-02-03 12:55:00 +01:00
25c15119bc
Backupaccount is always readonly
2016-02-03 01:15:35 +01:00
84930f89f9
Don't allow account backups by default.
2016-02-03 01:08:36 +01:00
19b743a9f5
Set time limit to increase time backupaccount can take
...
Wills till run out of memory probably, we should fix that.
2016-02-03 01:04:14 +01:00
9fcfb7cb1d
Proper error message on too much POST data
2016-02-03 01:03:58 +01:00
6a4aa34b0c
Don't process further in redirection if HEAD gives 400 Bad request
2016-02-03 00:34:49 +01:00
40cffb9463
File::isProtected is static
2016-02-03 00:22:18 +01:00
a2b914ce60
Get URL schemes by URL type
2016-02-03 00:18:37 +01:00
43abfe659b
Bump beta number to 4
...
We have better webfinger @mention@capability.example at least and
OpportunisticQM is somewhat refined.
2016-01-30 00:04:18 +01:00
367fc054dc
Merge branch 'master' into mmn_fixes
2016-01-30 00:03:25 +01:00
771f08b3c7
Merge branch 'master' of git.gnu.io:gnu/gnu-social
2016-01-30 00:02:56 +01:00
5167b1fa40
Don't trust local HTML either
...
If we reallyreally want to include <img> or <script> or whatever then we
have to do that after Notice::saveActivity sets ->rendered.
2016-01-30 00:02:03 +01:00
c6ae883ad2
Don't trust local HTML either
...
If we reallyreally want to include <img> or <script> or whatever then we
have to do that after Notice::saveActivity sets ->rendered.
2016-01-30 00:00:37 +01:00
a5c1b063fd
isPerson did not exist for Ostatus_profile
2016-01-29 16:15:06 +01:00
689e277c62
Allow @localuser@mysite.example to be looked up as a mention
2016-01-29 16:06:16 +01:00
36f099958c
Don't match @nickname on @nickname@server.com
2016-01-29 15:53:58 +01:00
cb40f72c7e
Use the profile URI when linking instead of URL
...
since we'll then get to /user/$id instead of /$nickname which is
good for future archives if someone changes their nickname...
2016-01-29 15:21:01 +01:00
5b11238010
Don't use system include path
...
Sometimes systems have _old_ DB_DataObject classes lying around that
get included by default, so we just try to avoid anything that we don't
ship ourselves.
<MMN-o> BeS: I'll commit a patch that will make this issue go away
<BeS> MMN-o: that would be awesome!
<MMN-o> but it might upset bashrc who's working on a Debian package (where you're _supposed_ to include from /usr/php etc. :P)
<MMN-o> but I'll leave a comment along with it
2016-01-28 20:31:46 +01:00
6b31feb70f
Strict Standards: Declaration of MysqlSchema::get()
...
should be compatible with Schema::get($conn = NULL)
2016-01-28 20:18:06 +01:00
a6898b033d
Fullname and location are now text, not varchar, and can be >191|255
2016-01-28 19:12:30 +01:00
c0851d59f5
migrateProfilePrefs added to scripts/upgrade.php
...
Makes it easier for plugin developers to change the topics set in Profile_prefs
2016-01-28 19:03:24 +01:00
Mikael Nordfeldth