Commit Graph

18092 Commits

Author SHA1 Message Date
Mikael Nordfeldth
4117118e23 More specific exceptions for mimetype/extension issues. 2016-07-06 09:14:59 +02:00
Mikael Nordfeldth
b4a0bff740 Some mimetype madness! 2016-07-06 08:59:16 +02:00
www-data
14ac6e665c Merge remote-tracking branch 'upstream/nightly' into nightly 2016-07-04 23:37:45 +02:00
Martin Lyth
b0204023c0 Fix the case of a call to sameAs() 2016-07-02 17:43:47 -04:00
Martin Lyth
c9afdae01c Check if we're the current user before retrieving 2016-07-02 17:02:37 -04:00
Martin Lyth
a62755182c Test user equality better in Profile->getUser() 2016-07-02 15:45:42 -04:00
Mikael Nordfeldth
3987cad9b7 Use delivered content-type to parse XML_XRD
In issue #205 we saw data coming in with an additional line-break before
the JSON data which fuzzed the auto-detection in XML_XRD (which assumed
a { as the first character). If we use the Content-type header from HTTP
we can avoid that issue.
2016-07-02 13:44:25 +02:00
Mikael Nordfeldth
cfd9aee57b Better logging for issue #205 2016-07-02 13:32:23 +02:00
Martin Lyth
d7a29be3ac Change Profile->getUser() to match the current user
Profile->getUser() gets the User independently from common_current_user.
This means that changes to one does not affect the other, even if they
are the same user.
This changes that, so that getUser() returns common_current_user() if
they are both the same user.

This is done to fix a bug in the user profile settings, where changes in
the language and timezone are applied to the return value of
Profile->getUser() but not propagated to common_cur_user(), which causes
the profile settings to display incorrect information until the page is
refreshed.
2016-06-30 18:24:58 -04:00
Mikael Nordfeldth
a833eaa651 Make all hash algorithms available (but whitelist by default)
sha1 is whitelisted only because StatusNet requires it.
2016-06-28 11:54:39 +02:00
Mikael Nordfeldth
3166a04cef actually respond with the error message in text on Salmon calls 2016-06-25 20:50:00 +02:00
Mikael Nordfeldth
bf4acc21be A bunch of GIFs were >5MiB! 2016-06-25 20:37:00 +02:00
Mikael Nordfeldth
ad7ebd1a8c Even more phpseclib update related stuff. 2016-06-25 20:34:28 +02:00
Mikael Nordfeldth
d10ce6ac7c Give Webfinger response to group queries 2016-06-25 20:13:19 +02:00
Mikael Nordfeldth
3d6e25ee5f We have to create and populate the Notice_location table before constraint checking foreign keys. 2016-06-25 13:01:56 +02:00
Mikael Nordfeldth
d0c26fb1a4 URIFIX in Ostatus_profile, handle missing feedsub 2016-06-25 11:59:31 +02:00
Mikael Nordfeldth
f93f02f424 Managed_DataObject now has getByUri() 2016-06-25 11:59:06 +02:00
Mikael Nordfeldth
42a62da764 getByUri shorthand function for Managed_DataObject (with uri) 2016-06-25 11:52:17 +02:00
Mikael Nordfeldth
7978cd6d59 s/EmptyIdException/EmptyPkeyValueException/ 2016-06-25 11:50:59 +02:00
www-data
8470a55a41 Merge remote-tracking branch 'upstream/nightly' into nightly 2016-06-24 16:47:57 +02:00
Mikael Nordfeldth
d7a4098b56 Use a separate max download limit for remote files than file_quota too 2016-06-24 16:07:57 +02:00
Mikael Nordfeldth
af23c9f7cd StoreRemoteMedia now checks remote filesize before downloading 2016-06-24 15:56:14 +02:00
Mikael Nordfeldth
1dfac3ad63 Allow getting filesize by function 2016-06-24 15:53:23 +02:00
Mikael Nordfeldth
f1e3314bb7 StoreRemoteMedia avoids too large files 2016-06-24 15:47:02 +02:00
Mikael Nordfeldth
0adb7af9a0 Allow a quickHead request, will only return headers 2016-06-24 15:43:20 +02:00
Mikael Nordfeldth
c19f87f867 fixes issue #189 with a script lacking exception handling 2016-06-24 15:19:24 +02:00
Mikael Nordfeldth
da365be5a2 ParagonIE\ConstantTime required PHP7, going to v1.x branch 2016-06-24 14:49:52 +02:00
Mikael Nordfeldth
39e8c13afb Properly parse incoming bookmarks 2016-06-24 13:51:40 +02:00
Mikael Nordfeldth
a4051945fd Handle exception from Magic Envelope toXML function 2016-06-23 23:27:18 +02:00
Mikael Nordfeldth
6dcb293ba0 Unnecessarily verbose code 2016-06-23 23:03:58 +02:00
www-data
b83ff3f924 Merge remote-tracking branch 'upstream/nightly' into nightly 2016-06-23 01:33:15 +02:00
Mikael Nordfeldth
09412ac813 PrimaryNoticeList so we get InfiniteScroll on profile pages 2016-06-21 15:55:49 +02:00
www-data
1d39c9d66a Merge remote-tracking branch 'upstream/nightly' into nightly 2016-06-21 13:36:41 +02:00
Mikael Nordfeldth
16f4583498 throw ClientException instead of clientError 2016-06-19 03:38:00 +02:00
Mikael Nordfeldth
2726478467 Bump Diaspora plugin version because of phpseclib fix 2016-06-19 03:25:03 +02:00
Mikael Nordfeldth
bac95913e8 phpseclib defaults to OAEP but we want PKCS1 in D* 2016-06-19 03:23:26 +02:00
Mikael Nordfeldth
ed97b88b04 Err, don't need that comment. 2016-06-19 02:27:50 +02:00
Mikael Nordfeldth
76114e2748 Missed some phpseclib stuff in DiasporaPlugin 2016-06-19 02:26:44 +02:00
Mikael Nordfeldth
d00f19663b bump to beta5 since phpseclib update (which might cause some issues still) 2016-06-18 00:05:54 +02:00
Mikael Nordfeldth
47aabf4fda Let's just put the namespaced phpseclib in extlib instead of plugins/OStatus/extlib 2016-06-18 00:00:32 +02:00
Mikael Nordfeldth
d4216d09c6 extlib required by phpseclib (ParagonIE/ConstantTime) 2016-06-17 23:58:49 +02:00
Mikael Nordfeldth
5bfd9dbaa7 repost_of -> repeat_of, also trying with isset() 2016-06-17 23:53:05 +02:00
Mikael Nordfeldth
3a8ce99a9d Magicsig call for phpseclib\Math\BigInteger fixed 2016-06-17 23:47:00 +02:00
Mikael Nordfeldth
1839082f95 OStatus Magicsig adaptations to new phpseclib
Some constants have changed and the way to call RSA->sign(...) too.
2016-06-17 23:43:24 +02:00
Mikael Nordfeldth
d8af92bda2 Diaspora phpseclib update 2016-06-17 23:42:50 +02:00
Mikael Nordfeldth
09ef0c1f33 bump Linkback plugin thanks to awesome singpolyma 2016-06-17 23:22:44 +02:00
Mikael Nordfeldth
a1d064129a Handle namespaces for new phpseclib 2016-06-17 23:21:34 +02:00
Mikael Nordfeldth
28ca5d90d9 phpseclib updated, some new features that we won't use 2016-06-17 22:44:12 +02:00
mmn
a6390007b7 Merge branch 'avatar-folder-perms' into 'nightly'
Display error if wrong perms on 'avatar' dir

If the 'avatar' folder isn't writeable, don't let users try to
upload/delete one (and fail). Instead, print an error message about
the misconfigured folder permission.

Ref. #196

See merge request !126
2016-06-17 16:33:20 -04:00
mmn
2e8a5aeb23 Merge branch 'tom/noreferrer' into 'nightly'
Use noreferrer when linkifying attachments and allow this value in purifier

If you click on a link in your main timeline this effectively identifies you to the site that you visited via the Referer header. (Who goes around reading other people's /user/all, honestly?)

Annoyingly our notice content is already HTML. Rather than attempt to parse and modify the tags in flight, this modification takes the simpler approach of adding the noreferrer tag to inline links by default when notices are composed.

See merge request !127
2016-06-17 16:32:39 -04:00