Commit Graph

6054 Commits

Author SHA1 Message Date
Mikael Nordfeldth
fb492d4bb2 Remove debug call and change how connect_timeout is set 2017-07-09 20:34:44 +02:00
Mikael Nordfeldth
f0480c34d7 Configure a default timeout for HTTP connections at 60s
No requests we do externally should ever take more than 60 seconds. This
could probably be changed for downloading video or whatever for any cache
plugins that want to store data locally, but in general I think even 60s
is way longer than I expect any outgoing requests should take.

This affects everything using HTTPClient, our helper class, and thus all
hub pings, subscription requests, etc. etc.

The value, afaik, includes connect_timeout and if it takes 10 seconds to
establish a connection only 50 seconds is available to transfer data.
2017-07-09 20:28:22 +02:00
Mikael Nordfeldth
c9a9a8bc58 Fulltext indexes are supported in InnoDB since MariaDB 10.0.15 2017-06-22 01:37:43 +02:00
Mikael Nordfeldth
1517deeeb6 Since ActivityContext::CONVERSATION changed to 'conversation' instead of 'ostatus:conversation' we need to add it ourselves
the xmlstringerthinger doesn't really use namespaces afaik
2017-05-06 15:27:25 +02:00
Mikael Nordfeldth
ba4a84602a Output proper HTML and XML headers for single Atom entry
RFC5023 <https://tools.ietf.org/html/rfc5023> specifies that the
content type parameter 'type=entry' should be used to clarify data.
2017-05-06 14:38:46 +02:00
Mikael Nordfeldth
1ccb934541 Return false immediately if $url is empty for common_valid_http_url 2017-05-06 14:38:43 +02:00
Mikael Nordfeldth
434956fc75 Notices start saving selfLink from activities/objects 2017-05-06 14:38:42 +02:00
Mikael Nordfeldth
7da925ca70 Handle selfLink in ActivityObject 2017-05-06 14:38:41 +02:00
Mikael Nordfeldth
d88e9ffd33 Output proper HTML and XML headers for single Atom entry
RFC5023 <https://tools.ietf.org/html/rfc5023> specifies that the
content type parameter 'type=entry' should be used to clarify data.
2017-05-06 12:38:34 +02:00
Mikael Nordfeldth
709f1bbd75 Return false immediately if $url is empty for common_valid_http_url 2017-05-06 12:25:27 +02:00
Mikael Nordfeldth
8a4bec811b Notices start saving selfLink from activities/objects 2017-05-06 12:15:54 +02:00
Mikael Nordfeldth
7889b21e7b Handle selfLink in ActivityObject 2017-05-06 11:57:16 +02:00
Mikael Nordfeldth
000af6d9ee default to #addtag on !group mention 2017-05-02 21:21:53 +02:00
Mikael Nordfeldth
07458e5375 Fixed the parsing of ostatus:conversation etc.
Conversation will now start storing remote URL

The namespace features don't work the way they were written for here
so I fixed that, making the ostatus: namespace properly looked up and
then the homegrown getLink function looks for what is back-compat with
StatusNet etc. if I remember correctly.
2017-05-02 18:58:22 +02:00
Mikael Nordfeldth
f4d6710a0f Change mentions of PuSH to WebSub
WebSub is probably finalised before we make a release anyway. Here is
the official spec: https://www.w3.org/TR/websub/

Mostly just comments that have been changed. Some references to PuSH <0.4
are left because they actually refer to PuSH 0.3 and that's not WebSub...

The only actual code change that might affect anything is FeedSub->isPuSH()
but the only official plugin using that call was FeedPoller anyway...
2017-05-01 11:04:27 +02:00
Mikael Nordfeldth
839b3e7392 allowed_schemes was misspelled 2017-04-26 22:12:06 +02:00
Mikael Nordfeldth
adfd76f44b allowed_schemes was misspelled 2017-04-26 22:11:28 +02:00
Mikael Nordfeldth
5f24fc0986 Blacklist plugin enabled by default (bug fixes will come) 2017-04-25 20:43:31 +02:00
Mikael Nordfeldth
5e7a7701b9 Domain name regular expression into lib/framework.php
cherry-pick-merge
2017-04-22 11:26:13 +02:00
Mikael Nordfeldth
2fc4b174c1 Domain name regular expression into lib/framework.php 2017-04-22 11:07:38 +02:00
Mikael Nordfeldth
d2c7c83615 Merge branch 'nightly' of git.gnu.io:gnu/gnu-social into nightly 2017-04-06 13:34:57 +02:00
Mikael Nordfeldth
1b3021d61c E-mail should contain full acct uri too (FancyName) 2017-04-06 13:23:33 +02:00
mmn
550606177b Merge branch 'fixtests' into 'nightly'
Got Old Unittests Passing

See merge request !131
2017-04-06 10:23:12 +00:00
Mikael Nordfeldth
2ce2201496 Show full acct uri as html title on link mouseover 2017-04-06 11:45:58 +02:00
mmn
bd24724560 Merge branch 'atom-post' into 'nightly'
Add support for Atom entry when posting status

See merge request !135
2017-04-06 09:20:38 +00:00
mmn
f2d2f7ebe2 Merge branch 'newListItem-signatures' into 'nightly'
Add var type to newListItem() parameter

See merge request !137
2017-04-06 09:11:52 +00:00
Mikael Nordfeldth
b54c7f720c add configuration option that was documented in CONFIGURE 2017-04-02 11:05:22 +02:00
Chimo
dc7c64592b Add var type to newListItem() parameter
Fixes some "Declaration of $child::method should be compatible with
$parent::method" warnings.
2017-03-16 22:57:16 -04:00
Thomas Karpiniec
132b932ff3 Add support for Atom entry when posting status 2017-02-04 20:04:02 +11:00
Mikael Nordfeldth
63322989c2 if zip is fine then application/x-bzip2 is too 2017-01-11 23:30:06 +01:00
Roger Braun
c741d1a52a Make Mastodon retweets parse correctly. 2016-12-05 18:24:55 +01:00
Mikael Nordfeldth
c5a4921176 log with var_export (our shorthand _ve()) 2016-10-23 12:14:02 +02:00
Mikael Nordfeldth
8614cd77eb A good plugin but not necessary as default. 2016-10-22 19:27:07 +02:00
Mikael Nordfeldth
1c5e364880 Merge branch 'master' into mmn_fixes 2016-09-13 11:26:03 +02:00
Mikael Nordfeldth
7d67eefdf5 wrong variable was referenced 2016-09-13 11:24:57 +02:00
Mikael Nordfeldth
500ff6be1a Merge branch 'master' into mmn_fixes 2016-09-02 01:04:54 +02:00
Mikael Nordfeldth
18670c69b2 Merge branch 'master' of git.gnu.io:gnu/gnu-social 2016-09-02 01:01:57 +02:00
Mikael Nordfeldth
a7043bf7cc Split up source and source_link. Never trust HTML!
https://community.highlandarrow.com/notice/269667
or alternatively: https://social.umeahackerspace.se/conversation/495655
2016-09-02 01:00:52 +02:00
Mikael Nordfeldth
15ab9ff9e3 common_to_alphanumeric added, filtering Notice->source in classic layout 2016-09-02 01:00:08 +02:00
Mikael Nordfeldth
59b93b23e2 Split up source and source_link. Never trust HTML!
https://community.highlandarrow.com/notice/269667
or alternatively: https://social.umeahackerspace.se/conversation/495655
2016-09-02 00:55:46 +02:00
Mikael Nordfeldth
e6b3924a5d common_to_alphanumeric added, filtering Notice->source in classic layout 2016-09-02 00:08:17 +02:00
Mikael Nordfeldth
af6a3aa456 Make Group actions ManagedAction so groupbyid works 2016-08-28 09:34:31 +02:00
Mikael Nordfeldth
a32bfe7d87 TagCloud turned into plugin (performance issues on large installs) 2016-08-27 15:24:25 +02:00
Mikael Nordfeldth
4314a286e3 Less convoluted attachmentlistitem function calls 2016-08-21 09:25:16 +02:00
Mikael Nordfeldth
fc06c599bc dbqueuemanager should ignore on no-result-exceptions 2016-08-16 20:27:41 +02:00
Nym Coy
1f866fcaed ActivityGenerationTests.php fails but doesn't crash anymore.
Fixed an error where a profile id was reused after another profile was
deleted, and the new profile still had the deleted role.

Fixed ActivityGenerationTests::testNoticeInfoRepeated() which was passing
User instead of Profile, throwing errors.

tests/ActivityGenerationTests.php now passes.

CommandInterpreterTest now passes.

Moved JidValidateTest to XmppValidateTest, since Jabber functionality has
moved to the XmppPlugin. Tests work but don't pass, but they are at least
skipped if XmppPlugin is not active.

LocationTest passes, but the tests are not very good. Lots of nulls.

MediaFileTest passes.

NicknameTest passes. Nickname::normalize() now throws an error if the
nickname is too long with underscores.

UserFeedParseTest passes.

URLDetectionTest passes if $config['linkify']['(bare_ipv4|bare_ipv6|
bare_domains)'] are false. Untested otherwise.

Fixed Nickname::isBlacklisted() so it does not throw an error if
$config['nickname]['blacklist'] not set.
2016-08-14 11:55:49 +05:30
Mikael Nordfeldth
557e430c7d Reference local URLs in addressee list on notices. 2016-08-06 18:32:14 +02:00
Mikael Nordfeldth
e52275e37f Some comparisons were incorrect (text/html;charset=utf-8 etc.) 2016-07-21 01:38:31 +02:00
Mikael Nordfeldth
d5c733919b Because the other part of the code works now, this is unnecessary 2016-07-21 00:34:40 +02:00
Mikael Nordfeldth
e8e996182f Delete file on class destruction or we do it too quickly
Source image was removed when trying to use it for resizeTo
2016-07-21 00:23:27 +02:00
Mikael Nordfeldth
46c227bf3a FileNotFoundException is more proper here 2016-07-15 13:19:16 +02:00
Mikael Nordfeldth
36cfe9f857 Delete successfully generated thumbnail (temporary sources) too. 2016-07-15 12:52:20 +02:00
Mikael Nordfeldth
6332a4d800 Handle FileNotStoredLocallyException in attachmentlistitem 2016-07-07 00:45:31 +02:00
Mikael Nordfeldth
f02d32b718 Reworked File->getUrl to throw exception
In case you require a local URL and one can't be generated, throw
FileNotStoredLocallyException(File $file)
2016-07-07 00:44:50 +02:00
Mikael Nordfeldth
71afb5be75 If the file is text/plain, see if we accept the extension 2016-07-06 09:34:09 +02:00
Mikael Nordfeldth
4117118e23 More specific exceptions for mimetype/extension issues. 2016-07-06 09:14:59 +02:00
Mikael Nordfeldth
b4a0bff740 Some mimetype madness! 2016-07-06 08:59:16 +02:00
Mikael Nordfeldth
a833eaa651 Make all hash algorithms available (but whitelist by default)
sha1 is whitelisted only because StatusNet requires it.
2016-06-28 11:54:39 +02:00
Mikael Nordfeldth
7978cd6d59 s/EmptyIdException/EmptyPkeyValueException/ 2016-06-25 11:50:59 +02:00
Mikael Nordfeldth
0adb7af9a0 Allow a quickHead request, will only return headers 2016-06-24 15:43:20 +02:00
Mikael Nordfeldth
39e8c13afb Properly parse incoming bookmarks 2016-06-24 13:51:40 +02:00
Mikael Nordfeldth
d00f19663b bump to beta5 since phpseclib update (which might cause some issues still) 2016-06-18 00:05:54 +02:00
mmn
2e8a5aeb23 Merge branch 'tom/noreferrer' into 'nightly'
Use noreferrer when linkifying attachments and allow this value in purifier

If you click on a link in your main timeline this effectively identifies you to the site that you visited via the Referer header. (Who goes around reading other people's /user/all, honestly?)

Annoyingly our notice content is already HTML. Rather than attempt to parse and modify the tags in flight, this modification takes the simpler approach of adding the noreferrer tag to inline links by default when notices are composed.

See merge request !127
2016-06-17 16:32:39 -04:00
mmn
005b4c8dd1 Merge branch 'strict-warnings' into 'nightly'
Fix some strict warnings (Action::prepare, Action::handle)

I know MR with changes to a bunch of files aren't great practice, but I figured since all the changes are one-liners it might not be a huge deal.

Related to #190 

See merge request !123
2016-06-17 16:29:47 -04:00
mmn
d66b495ba8 Merge branch 'notice-location' into 'nightly'
Re-enable notice locations

Removed a stray 'return' statement.

See merge request !125
2016-06-17 16:28:56 -04:00
mmn
d4295cfb25 Merge branch 'webmention-rocks' into 'nightly'
webmention.rocks

I have improved the webmention handling so that all but two of the webmention.rocks compliance tests pass now.  Also improved parsing of time/authors on incoming webmentions.

See merge request !128
2016-06-17 16:26:21 -04:00
Mikael Nordfeldth
5e131aed80 Apparently medium.com uses @ frequently i URLs
and we skipped them because we assumed they were urlencoded when copied.
2016-06-17 11:20:36 +02:00
Stephen Paul Weber
83e7ade714 When there is no useful title, class="p-name e-content" 2016-06-10 21:00:48 +00:00
Thomas Karpiniec
c1537a1e82 Use noreferrer when linkifying attachments and allow this value in purifier 2016-06-09 19:56:36 +10:00
Chimo
d02c75d019 Re-enable notice locations
Removed a stray 'return' statement.
2016-06-01 21:56:42 -04:00
Chimo
9de79f0a36 Update prepare() method on Action subclasses.
Fixes handle()-related strict warnings such as "Strict Standards:
Declaration of AdminPanelAction::prepare() should be compatible with
Action::prepare(array $args = Array)

Ref. #190
2016-06-01 02:26:44 +00:00
Chimo
ba2975aac8 Update handle() method on Action subclasses.
Fixes handle()-related strict warnings such as "Strict Standards:
Declaration of AdminPanelAction::handle() should be compatible with
Action::handle()"

Ref. #190
2016-06-01 02:26:44 +00:00
Sandro Santilli
3138fa0b40 Check DB connection before any possible use 2016-05-24 16:49:50 +02:00
Mikael Nordfeldth
bd306bdb9f Add /download action for attachments 2016-05-09 22:08:36 +02:00
Mikael Nordfeldth
3a6733dc98 2-frame GIF animations weren't recognised as animated 2016-05-04 11:57:55 +02:00
Mikael Nordfeldth
a5a96dd857 Misplaced break/continue statements. 2016-05-04 11:44:00 +02:00
Mikael Nordfeldth
87dd0fbdb6 UseFileAsThumbnailException uses direct File object now 2016-05-04 11:34:50 +02:00
Mikael Nordfeldth
7aa9a69c2f Link to attachment page instead of big-ass image 2016-05-01 11:35:51 +02:00
Mikael Nordfeldth
9b613029e6 Merge branch 'master' into mmn_fixes 2016-04-18 16:10:50 +02:00
Mikael Nordfeldth
844fe3924e put local id, href and such in ostatus:conversation element 2016-04-18 16:09:36 +02:00
Mikael Nordfeldth
107f612384 strict type comparison 2016-04-18 15:04:03 +02:00
Mikael Nordfeldth
4645033b98 "In conversation" text in noticelistitem 2016-04-08 13:44:22 +02:00
Mikael Nordfeldth
547f92de07 Don't fail deleteRelated on NoProfileException 2016-04-01 06:51:19 +02:00
Mikael Nordfeldth
44ea8aa681 Make sure $_SERVER['HTTP_REFERER'] isset when testing value 2016-03-31 20:51:50 +02:00
Mikael Nordfeldth
4ea79bc396 I was too quick to save that file (File::getByUrl takes 1 arg) 2016-03-29 14:33:40 +02:00
Mikael Nordfeldth
2f91cb0df7 We should assume all verbs and such are their full URIs in our db 2016-03-29 12:57:52 +02:00
Mikael Nordfeldth
dcffe5d992 Forgotten File::getByUrl conversations (performance++) 2016-03-29 12:13:53 +02:00
Mikael Nordfeldth
88e2f739a9 DOMElement not DOMDocument 2016-03-28 16:23:15 +02:00
Mikael Nordfeldth
7bef2ad4cc Update Profile Data script fixes, might work for groups too now 2016-03-28 16:19:47 +02:00
Mikael Nordfeldth
f134a423f6 rename config option site/logdebug to log/debugtrace 2016-03-27 16:36:58 +02:00
Mikael Nordfeldth
9fa18fa366 HTTPClient::quickGet now supports headers as argument
They should be in a numeric array, already formatted as headers,
ready to go. (Header-Name: Content of the header)
2016-03-24 02:44:11 +01:00
Mikael Nordfeldth
f83b81b8c4 Change config webfinger/http_alias to fix/legacy_http
Set $config['fix']['legacy_http'] to perform some actions that are
needed if your site used to be served over http but now has upgraded
to https!
2016-03-23 15:21:02 +01:00
Mikael Nordfeldth
8933022edc Forgot a microsummary route in the latest commit 2016-03-22 22:37:59 +01:00
Mikael Nordfeldth
dafe775ffa Microsummaries had issues and were removed in Firefox 6.0 anyway
It is argued there are many better ways to get a "micro summary" of
a profile or site.
2016-03-22 22:31:01 +01:00
Neil E. Hodges
39ebb64b85 Added proper enabling and disabling of sending RTs to Twitter. 2016-03-21 07:12:52 -07:00
Mikael Nordfeldth
38f7deca78 Avoid "property of non-object" PHP notice. 2016-03-21 11:17:25 +01:00
Mikael Nordfeldth
1e89369ef8 geometa.js doesn't exist anymore 2016-03-21 03:23:39 +01:00
Mikael Nordfeldth
ae681b10e7 geometa.js doesn't exist anymore 2016-03-21 03:11:22 +01:00
Mikael Nordfeldth
980085a8a3 Merge branch 'master' of git.gnu.io:gnu/gnu-social into mmn_fixes
Conflicts:
	plugins/Minify/extlib/minify/README.txt
	plugins/Minify/extlib/minify/UPGRADING.txt
	plugins/Minify/extlib/minify/min/README.txt
	plugins/Minify/extlib/minify/min/builder/index.php
	plugins/Minify/extlib/minify/min/lib/JSMin.php
	plugins/Minify/extlib/minify/min/lib/Minify.php
	plugins/Minify/extlib/minify/min/lib/Minify/CSS.php
	plugins/Minify/extlib/minify/min/lib/Minify/CSS/Compressor.php
	plugins/Minify/extlib/minify/min/lib/Minify/Controller/Page.php
	plugins/Minify/extlib/minify/min/lib/Minify/Packer.php
	plugins/Recaptcha/RecaptchaPlugin.php
2016-03-21 03:10:19 +01:00
Mikael Nordfeldth
cd24f7d30a Issue #166 - we test exif data below, no need for error output 2016-03-21 02:56:47 +01:00
Mikael Nordfeldth
cdcf6cdb25 Hacky method to avoid cutting conversation "more" link out 2016-03-21 02:42:28 +01:00
Mikael Nordfeldth
aa3865c303 Split threaded notice list classes into own files. 2016-03-21 02:33:57 +01:00
Bob Mottram
11c57e7aee Remove Google References
This removes most references to Google, with some
remaining since they may point to things which are still
relevant. References to Google Code, Google Buzz and
Google Maps have been removed
2016-03-20 13:06:58 +00:00
Mikael Nordfeldth
349e842078 UPDATE ActivityVerb 2016-03-14 15:26:03 +01:00
Mikael Nordfeldth
ca8f0f84c4 Woops, forgot to include this file! 2016-03-14 15:25:05 +01:00
Mikael Nordfeldth
5ca2a28246 Make oEmbed handle our http/https setting better. 2016-03-10 14:20:21 +01:00
Mikael Nordfeldth
bd75305560 Define-ify excluded end-characters of URL autolinking 2016-03-09 15:16:47 +01:00
Mikael Nordfeldth
c769924505 Reduce the number of allowed characters in auto-linking URLs. 2016-03-09 15:05:36 +01:00
Mikael Nordfeldth
d179afa303 Save allowed path/qstring/fragment characters in constants 2016-03-09 14:51:52 +01:00
Mikael Nordfeldth
e2c6f2f96f Let's be consistent with URL verbs 2016-03-08 20:01:06 +01:00
Mikael Nordfeldth
cfc82591da chmod 0775 directories we create
Security for the 'g+rx' should be handle by having the parent directory
inaccessible for global users, which is usually the case.
2016-03-07 23:23:32 +01:00
Mikael Nordfeldth
4e5c0e70a6 fillConfigVoids to set default value of empty config options 2016-03-07 22:55:52 +01:00
Mikael Nordfeldth
265fa12917 Relatively experimental change to store thumbnails in 'file/thumb/' (by default) 2016-03-07 22:33:34 +01:00
Mikael Nordfeldth
158b323767 Declare AdminpanelAction::canAdmin as static, since that's how it's used. 2016-03-06 17:31:40 +01:00
Mikael Nordfeldth
6ec72b2978 Move mail_confirm_address out of mail.php 2016-03-06 17:27:40 +01:00
mmn
0785e2910f Merge branch 'no_sandboxed_repeats_branch' into 'nightly'
Don't include repeated notices from sandboxed users in the public timeline



See merge request !115
2016-03-05 08:08:42 -05:00
Mikael Nordfeldth
97ac722b24 Accessibility navigation improvement 2016-03-05 12:42:53 +01:00
Mikael Nordfeldth
7ca0ff9a19 MediaFile::fromUpload handles missing local file better 2016-03-05 12:05:12 +01:00
Mikael Nordfeldth
1db02d7f36 filename_base option isn't optimal
For different "download filenames" we should use some other method.
2016-03-05 11:59:46 +01:00
Mikael Nordfeldth
57d57b8d8f Handle reuploads via filehandle better if original is missing 2016-03-05 01:26:34 +01:00
Mikael Nordfeldth
952f68fed5 File upload logging for dummies 2016-03-05 00:59:39 +01:00
hannes
7d4658643d the repeated notice can be from a sandboxed user too 2016-03-04 16:53:57 -05:00
Mikael Nordfeldth
dc1ceca86e Some more Microformats2 data for notices and rendering 2016-03-02 13:29:54 +01:00
Mikael Nordfeldth
6529fdd28d Proper Microformats2 h-entry p-name + u-uid markup 2016-03-02 13:10:02 +01:00
Mikael Nordfeldth
d6598e790c Introduce a ConfigException 2016-03-02 12:33:06 +01:00
Mikael Nordfeldth
9534969c05 Don't set is_local=LOCAL_NONPUBLIC on sandboxed user notices
Let's decide whether they are nonpublic by testing them when the notice
is shown instead.
2016-03-02 12:26:23 +01:00
Mikael Nordfeldth
a3b2118906 Make the public streams ModeratedNoticeStream (hide sandboxed users etc.)
Which streams should be put under ModeratedNoticeStream is probably open
to debate. But at least the public ones should hide the posts from users
that are sandboxed.
2016-03-02 11:50:50 +01:00
Mikael Nordfeldth
b4271a3533 Stricted typing + protected on FilteringNoticeStream->filter 2016-03-02 11:40:43 +01:00
Mikael Nordfeldth
99fbb181c1 Translation changes, use FancyName in email subject 2016-03-01 23:53:36 +01:00
Mikael Nordfeldth
47f408ca7c Strict typing for mail_notify_attn 2016-03-01 23:37:11 +01:00
Mikael Nordfeldth
63c087a255 Consistent behaviour for ScopingNoticeStream $scoped
We don't guess the current profile anymore if the value of the profile === -1

Also sets $this->scoped for all ScopingNoticeStream inheritors, which just
like in an Action can be null if we're not scoped in any way (logged in).
2016-03-01 14:51:47 +01:00
Mikael Nordfeldth
7862b853bf Make javascript XHR timeout a variable.
SN.V.xhrTimeout = [time in milliseconds];
2016-03-01 13:10:18 +01:00
Mikael Nordfeldth
6c43e9c2e0 Verify loaded config function, must be completed further. 2016-02-28 13:31:21 +01:00
Mikael Nordfeldth
747c91210f HTMLPurifier cache settings, put stuff in subdir of get_sys_temp_dir() 2016-02-28 13:30:47 +01:00
Mikael Nordfeldth
cd978fa153 Edited the list of allowed rel values 2016-02-28 13:16:52 +01:00
Mikael Nordfeldth
52a3764ae4 Resolve relative URLs (assuming URI.Base==notice URL)
The real way to do this would be to get the xml:base property from
the Atom feed but it's probably not there in any posts we see today.
2016-02-26 14:46:26 +01:00
Mikael Nordfeldth
29662eef5e Mentioning matches (@this too) now. 2016-02-26 00:08:51 +01:00
Mikael Nordfeldth
2669c51265 Allow sgf files if they're recognized in mime search
They are Go game files used on lamatriz.org. Note that my server
doesn't actually recognize these files and can identify the mime type,
but my browser did for some reason.
2016-02-26 00:05:07 +01:00
Mikael Nordfeldth
e6e1705852 Make uploads work properly if we accept _all_ attachment types
Also introduced $config['attachments']['extblacklist'] that can disable
certain file extensions (or rewrite them, for example php => phps)
2016-02-25 22:15:54 +01:00
Mikael Nordfeldth
128a00c4ab Include feeds in Link HTTP headers, for easier discovery 2016-02-24 16:48:44 +01:00
Mikael Nordfeldth
b59dacb806 getAliases for Profile and Notice
Also move fancyurlfix into site-wide $config['fix']['fancyurls']

TODO: getByUri should make use of this directly I guess?
2016-02-23 14:00:59 +01:00
Mikael Nordfeldth
5f7032dfee Verify that authenticated API calls are made from our domain name.
Evil forms on other websites could otherwise potentially be configured
to have action="https://gnusocial.example/api/statuses/update.json" or
whatever. XHR is already blocked with CORS stuff.

Really, why do browsers allow cross domain POSTs at all? Sigh. The web.
2016-02-22 15:19:10 +01:00
Mikael Nordfeldth
ce803f6d06 WebFinger aliases with 'index.php/' 2016-02-21 20:00:07 +01:00
Mikael Nordfeldth
893d117309 throw new, not just throw 2016-02-21 19:01:37 +01:00
Mikael Nordfeldth
23e66bef64 common_fake_local_fancy_url to remove index.php/ from a local URL 2016-02-21 18:48:18 +01:00
Mikael Nordfeldth
afbdcf8938 Don't publish mbox_sha1sum in FOAF by default.
We say the email is private data, so reasonably we shouldn't reveal it
indirectly through a hash sum: http://xmlns.com/foaf/spec/#term_mbox_sha1sum
2016-02-19 00:10:05 +01:00
Mikael Nordfeldth
a838c90951 Only show "public:site" in ToSelector if notice/allowprivate is true 2016-02-18 00:33:16 +01:00
Mikael Nordfeldth
f68d1ade3f Put "Everyone" and "Everyone at [local instance]" at the top of ToSelector 2016-02-18 00:32:09 +01:00
Mikael Nordfeldth
543d968b81 NoAcctUriException->profile not $e directly 2016-02-18 00:13:59 +01:00
Mikael Nordfeldth
a361fdbd77 Sort ToSelector by AcctUri 2016-02-18 00:05:09 +01:00
Mikael Nordfeldth
73dbc5ca1b Use ToSelector choice again. 2016-02-17 23:44:15 +01:00
Mikael Nordfeldth
d2c11925bf To-selector padlock only shown if site config notice/allowprivate is true 2016-02-17 23:06:11 +01:00
Mikael Nordfeldth
5fbb01130a By default, disallow users to set private_stream 2016-02-17 22:58:31 +01:00
Mikael Nordfeldth
d2507a6266 Gotta declare FullNoticeStream as abstract class 2016-02-16 02:24:38 +01:00
Mikael Nordfeldth
46829c6d3c FullNoticeStream selects all verbs. 2016-02-16 02:21:39 +01:00
Mikael Nordfeldth
2d1b70c94d created column was ambigououuuouuus 2016-02-15 09:59:34 +01:00
Mikael Nordfeldth
2301862ae6 We only want POST and SHARE in the inbox/home timeline right? 2016-02-15 09:59:18 +01:00
Mikael Nordfeldth
dcb7ce36d8 Show shares in public timeline
Also, the unselect rule for DELETE was useless anyway since it would
already have been filtered out by not having true.

(the => false stuff are for when you want ALL _except_ that)
2016-02-14 20:53:26 +01:00
Mikael Nordfeldth
e2a090c9cc Use NoticeStream::filterVerbs for filtering in noticestreams 2016-02-14 20:46:13 +01:00
Mikael Nordfeldth
be14e15dac Hide attachments in notices by silenced profiles 2016-02-13 13:17:39 +01:00
Mikael Nordfeldth
e5ad98e601 Silence action can only be used on non-priviliged users 2016-02-12 14:22:25 +01:00
Mikael Nordfeldth
f10625f8bc file and avatar dirs on instances with no such dirs in filesystem 2016-02-12 02:29:33 +01:00
Mikael Nordfeldth
338df7e35b Fix Nickname::isSystemPath() work properly for routes 2016-02-12 02:21:11 +01:00
Mikael Nordfeldth
67dfc0a046 application/xml allowed in uploads 2016-02-11 00:04:14 +01:00
Mikael Nordfeldth
733debd9b3 Use thumbnail upscaling config value 2016-02-10 04:40:54 +01:00
Mikael Nordfeldth
8806cce735 Default to avoid upscaling of thumbnails. 45x45=>450x450 is ugly 2016-02-10 04:40:10 +01:00
Mikael Nordfeldth
a61235086b Use config site/sslproxy to force HTTPS (i.e. using reverse proxy to enable it)
Usage in config.php: $config['site']['sslproxy'] = true;

Add this to documentation...
2016-02-10 01:05:02 +01:00
Mikael Nordfeldth
ec257d940a Either use or don't use HTTPS
The risk of injection attacks using HTTP is too great to allow a
site that allows both HTTP and HTTPS...
2016-02-10 00:57:39 +01:00
Mikael Nordfeldth
dcf29c2a07 s/isHTTPS/useHTTPS/ for HTTPS URL generation 2016-02-10 00:38:14 +01:00
Mikael Nordfeldth
cd71188d3a SimpleCaptcha plugin to stop basic bots 2016-02-08 17:47:09 +01:00
Mikael Nordfeldth
d98784e059 Use functions instead of accessing properties in twitterUserArray 2016-02-08 12:21:58 +01:00
Mikael Nordfeldth
2938b3e960 Don't return true on requiresAuth if screen_name==='0' 2016-02-08 12:14:35 +01:00
Mikael Nordfeldth
13cf744fb3 Allow screennames that are === '0' 2016-02-08 11:40:46 +01:00
Mikael Nordfeldth
2686635f60 Keep the rel="tag" in HTML when purifying 2016-02-07 12:50:26 +01:00
Mikael Nordfeldth
d6664f5735 Hidespam by default
...why would something described as "Whether to hide silenced users from timelines"
be set to false by default? :)
2016-02-07 02:33:53 +01:00
Mikael Nordfeldth
098c8b1df4 NoHttpResponseException extends HTTP_Request2_ConnectionException 2016-02-07 01:52:20 +01:00
Mikael Nordfeldth
60804d1902 ES3 compatibility layer not necessary (noone uses IE8 etc.)
All browsers with javascript support also support ES5 nowadays. Anyone
using older software should upgrade for other reasons, such as security.
2016-02-04 11:37:24 +01:00
Mikael Nordfeldth
d5ecbd05a1 Forgot a break in a switch when rendering attachments. 2016-02-03 19:32:51 +01:00
Mikael Nordfeldth
9960714896 Disallow zero-length magnet URIs
magnet: would match, but now we have a zero-length lookahead which
requires the following character to be a question mark: magnet:?
2016-02-03 15:26:19 +01:00
Mikael Nordfeldth
90045d66ea HTMLPurifierSchemes plugin to allow geo and magnet URIs 2016-02-03 14:36:51 +01:00
Mikael Nordfeldth
349dba8be0 Only allow our specified URI schemes 2016-02-03 14:31:16 +01:00
Mikael Nordfeldth
e903bd0bc3 Hacky support for geo URI detection
Won't work with common_purify yet because there is no geo uri scheme for it
2016-02-03 14:19:08 +01:00
Mikael Nordfeldth
b1ed1f48ea Configurable linkify for bare IPv4/IPv6 2016-02-03 12:55:00 +01:00
Mikael Nordfeldth
84930f89f9 Don't allow account backups by default. 2016-02-03 01:08:36 +01:00
Mikael Nordfeldth
19b743a9f5 Set time limit to increase time backupaccount can take
Wills till run out of memory probably, we should fix that.
2016-02-03 01:04:14 +01:00
Mikael Nordfeldth
9fcfb7cb1d Proper error message on too much POST data 2016-02-03 01:03:58 +01:00
Mikael Nordfeldth
a2b914ce60 Get URL schemes by URL type 2016-02-03 00:18:37 +01:00
Mikael Nordfeldth
43abfe659b Bump beta number to 4
We have better webfinger @mention@capability.example at least and
OpportunisticQM is somewhat refined.
2016-01-30 00:04:18 +01:00
Mikael Nordfeldth
367fc054dc Merge branch 'master' into mmn_fixes 2016-01-30 00:03:25 +01:00
Mikael Nordfeldth
36f099958c Don't match @nickname on @nickname@server.com 2016-01-29 15:53:58 +01:00
Mikael Nordfeldth
cb40f72c7e Use the profile URI when linking instead of URL
since we'll then get to /user/$id instead of /$nickname which is
good for future archives if someone changes their nickname...
2016-01-29 15:21:01 +01:00
Mikael Nordfeldth
6b31feb70f Strict Standards: Declaration of MysqlSchema::get()
should be compatible with Schema::get($conn = NULL)
2016-01-28 20:18:06 +01:00
Mikael Nordfeldth
7e6783bb8f Replace htmLawed with HTMLPurifier 2016-01-28 19:01:13 +01:00
Mikael Nordfeldth
34093388a7 Merge branch 'nightly' of git.gnu.io:gnu/gnu-social into mmn_fixes 2016-01-27 22:43:37 +01:00
mmn
52778e1882 Merge branch 'json_encode_fail_branch' into 'nightly'
output error if json_encode fails



See merge request !86
2016-01-26 21:16:24 +00:00
mmn
42545c6625 Merge branch 'mention_branch' into 'nightly'
correct mentions if parent mentions multiple users with same nickname (don't use first one for all)



See merge request !82
2016-01-26 21:15:25 +00:00
Mikael Nordfeldth
a48055a3cc Merge branch 'nightly' of git.gnu.io:gnu/gnu-social into mmn_fixes 2016-01-25 20:22:16 +01:00
hannes
e447964639 remove my ugly debug info 2016-01-25 19:10:35 +00:00
hannes
b1b6a0a69c config['follow_redirects'] is the extlib's config! if max_redirs is set we want to do our own redirection following in this function 2016-01-25 19:03:26 +00:00
Mikael Nordfeldth
b15434375c Show plain text files on attachment page. 2016-01-25 16:54:40 +01:00
Mikael Nordfeldth
a9d18a077e Harmonize, clarify, categorize URL schemes
Regular expression + avoid-redirection list now match each other.
2016-01-24 12:47:31 +01:00
Mikael Nordfeldth
1cec627d72 Allow bitcoin scheme to URLs 2016-01-24 12:44:28 +01:00
hannes
4e50717e12 output error if json_encode fails 2016-01-23 15:01:27 +00:00
Mikael Nordfeldth
89dd44bf3e default connect_timeout to 5 instead of extlib 10 2016-01-22 12:20:03 +01:00
Mikael Nordfeldth
3f9c1c142a Removing unnecessary debug messages etc. 2016-01-21 02:49:34 +01:00
Mikael Nordfeldth
45446f17ad Only set selectVerbs if it's not set in class var 2016-01-21 02:37:38 +01:00
Mikael Nordfeldth
d3a4a2225f We want the profile stream to be as raw as possible! 2016-01-21 02:33:43 +01:00
Mikael Nordfeldth
f74d2d555c Working on some RSVP code stuff 2016-01-21 02:10:34 +01:00
Mikael Nordfeldth
5999171c11 Throw NoObjectTypeException on Notice->getObjectType if no string 2016-01-20 21:37:14 +01:00
Mikael Nordfeldth
21cc737f5c Cancelling RSVPs now seems to work. 2016-01-20 16:10:10 +01:00
hannes
de047f9727 correct mentions if parent mention multiple users with same nickname (don't use first one for all) 2016-01-19 13:41:25 +00:00
Mikael Nordfeldth
15d12b209d Don't include delete verbs in profile notice stream. 2016-01-18 22:04:42 +01:00
Mikael Nordfeldth
f768de4b46 default connect_timeout to 5 instead of extlib 10 2016-01-18 22:01:45 +01:00
Mikael Nordfeldth
cae344b67b Events are now saved but not displayed properly again 2016-01-18 20:57:44 +01:00
Mikael Nordfeldth
bdc38a7204 Initial user doesn't need as strict checking on email 2016-01-17 00:39:49 +01:00
Mikael Nordfeldth
deda83fdef Distinguish notice saving errors from others for Salmon 2016-01-16 22:39:04 +01:00
Mikael Nordfeldth
4678546d33 We want exceptions to be noticable in activityhandlerplugin 2016-01-16 21:19:34 +01:00
Mikael Nordfeldth
3019f8f23f dbqueuemanager logic 2016-01-16 21:05:34 +01:00
Mikael Nordfeldth
f53ebdeadb Start handling salmon entries directly with Notice::saveActivity
More to come...
2016-01-16 17:25:29 +01:00
Mikael Nordfeldth
1f76c1e4a9 Initial user doesn't need as strict checking on email 2016-01-16 17:23:50 +01:00
mmn
44c10bb2aa Merge branch 'oembed_branch' into 'nightly'
purify oembed html and don't allow cdata

hopefully we never need stuff in cdata

reason for this is that this link serves javascript in its oembed data: https://www.maketecheasier.com/switch-windows-10-to-linux/

see:
https://www.maketecheasier.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.maketecheasier.com%2Fswitch-windows-10-to-linux%2F

i don't feel we want that in our database.  

See merge request !79
2016-01-15 13:11:35 +00:00
Mikael Nordfeldth
16088d9439 ErrorAction and InfoAction fixes, are now ManagedAction 2016-01-14 21:28:47 +01:00
Mikael Nordfeldth
bc0a903bd4 ErrorAction to autodiscoverable file. 2016-01-14 21:21:34 +01:00
Mikael Nordfeldth
b530d385bc Exception object was not supplied there 2016-01-14 18:51:46 +01:00
Mikael Nordfeldth
0caf0612d0 Make Twitter Media upload API v1.1 reach us
Now we just have to accept the 'media' or 'media_data' (base64 encoded)
POST arguments instead of $_FILES uploads.
2016-01-14 18:29:21 +01:00
Mikael Nordfeldth
6e49281adb Use the Action class itself as error handler 2016-01-14 18:21:11 +01:00
Mikael Nordfeldth
c173c4faa5 Actually throw NoQueueHandlerException too. 2016-01-14 13:48:33 +01:00
Mikael Nordfeldth
df00a88cb4 Forgot to add NoRouteMapException to 6834f355f2 2016-01-14 13:07:00 +01:00
Mikael Nordfeldth
6834f355f2 Making ClientExceptions turn into ClientErrorAction
Got some 404s which were presented as 500
2016-01-14 02:47:28 +01:00
Mikael Nordfeldth
99261e0781 Don't LOG_ERR missing paths (misspelling clients aren't errors) 2016-01-14 02:22:47 +01:00
Mikael Nordfeldth
331abf173b Forgot semicolon 2016-01-14 02:05:33 +01:00
Mikael Nordfeldth
f699ffeb8a Exception handling in queue handler logic 2016-01-14 02:04:15 +01:00
Mikael Nordfeldth
0ddaa6ff75 Handle exceptions in QueueHandler classes 2016-01-14 01:47:13 +01:00
Mikael Nordfeldth
29b45bb87a Unnecessary call to User::getKV 2016-01-13 20:08:17 +01:00
Mikael Nordfeldth
818aaa0578 We didn't get profiles from the new-style attention system 2016-01-13 18:35:25 +01:00
hannes
3e7e3de554 don't allow cdata elements in purified html 2016-01-13 16:01:27 +00:00
Mikael Nordfeldth
99da1ebe41 Catch NoHttpResponseException when using HTTPClient 2016-01-13 14:17:49 +01:00
Mikael Nordfeldth
3ed632decf NoHttpResponseException needed instead of HTTP_Request2_Exception
HTTP_Request2_Exception assumed an HTTP response status code/line
2016-01-13 14:08:48 +01:00
Mikael Nordfeldth
e75472f460 Use the upstream function to get effectiveUrl 2016-01-13 14:00:05 +01:00
Akio Nishimura
eceafb84de lib/language.php: rewrited jp as ja. 2016-01-13 13:23:06 +01:00
Mikael Nordfeldth
e49e113140 Ugly hack to show thumbnails of otherwise unrepresentable attachments
such as text/html, where the thumbnail has been retrieved via oEmbed/OpenGraph
2016-01-12 15:38:59 +01:00
Mikael Nordfeldth
8c28e54ccc same as previous, but for mime_to_ext 2016-01-12 13:14:17 +01:00
Mikael Nordfeldth
dbe5d72e4c If all file extensions are supported we have no list of comparisons 2016-01-12 13:08:54 +01:00
hannes
a1b509bb0b forgot we need access to $html too 2016-01-11 20:58:34 +00:00
hannes
8d331b0f35 EndCommonPurify event 2016-01-11 20:54:19 +00:00
Mikael Nordfeldth
1a46d86ca6 lib/util.php quick function to do var_export($var,true)
Immensely useful when debugging and we want to put quotes around strings,
potentially stopping any "evil logging attacks" (where input data masks
as logging data).
2016-01-11 19:52:54 +01:00
Mikael Nordfeldth
c1f22f106b Might as well put a $limit on preg_replace here
Since there will (should) never be more than one ^http in that string anyway.
2016-01-11 18:27:26 +01:00
Mikael Nordfeldth
5b2b969a77 Tag notice streams should only show post verbs 2016-01-11 15:15:23 +01:00
Mikael Nordfeldth
b13f8df79b HTTPClient would return null instead of exception
This caused $response->isOK() tests to call a function on a non-existing object, causing all hell to break loose.
2016-01-11 02:36:59 +01:00
Mikael Nordfeldth
5ef10a14ef Get group attentions too for outbound notices 2016-01-09 15:06:44 +01:00