Commit Graph

5377 Commits

Author SHA1 Message Date
Mikael Nordfeldth
45dc76de26 File and File_redirection adhoc storage methods updated for urlhash 2015-02-19 19:05:24 +01:00
Mikael Nordfeldth
66df043c19 Add php5-intl dependency to Installer class 2015-02-18 00:47:00 +01:00
Mikael Nordfeldth
0deaf6c50c use common_purify to purify HTML, one function to rule them all 2015-02-18 00:14:28 +01:00
Mikael Nordfeldth
3dce6d9f6a Implement a common_purify for htmLawed and more
We're removing unicode formatting characters as well, such as RTL marks.
For more info on why we're because extra cautious (but may accept the
characters in later versions) you can read:
https://blog.malwarebytes.org/online-security/2014/01/the-rtlo-method/
2015-02-18 00:10:31 +01:00
Mikael Nordfeldth
7ba7f43199 Don't linkify bare domains by default
It's too farfetched to assume any text.com in a notice is an HTTP URL.
For example stuff like pasting from log entries, with domain.com:1234
where 1234 is a _PID_ or something, not a port number for http://...
2015-02-17 20:54:32 +01:00
Mikael Nordfeldth
c31c2d10b9 PHP>=5.4.0 lets us use Transliterator, tags now asciified!
For example: #REVOLUCIÓN becomes #revolucion instead of #revolución
2015-02-17 20:17:22 +01:00
Mikael Nordfeldth
6cdedf6049 Replace $this->user/auth_user with $this->scoped in lib/apiaction.php
We prefer handling a Profile class rather than the User class, as some
functions might be useful for remote users as well, which cannot be
handled via the User class.
2015-02-17 17:16:33 +01:00
Chimo
fb03fc073a ApiTimelineList: Fixes ServerErrorAction
"No matches for action 'ApiTimelineList' with arguments 'format=atom
id=1'"

for 'api/:user/lists/:id/statuses.:format' URLs
2015-02-15 16:00:23 -05:00
Mikael Nordfeldth
b6b9036821 StartSubMenu and EndSubMenu events 2015-02-14 17:32:35 +01:00
Mikael Nordfeldth
dc0b62f636 Merge commit 'refs/merge-requests/45' of https://gitorious.org/social/mainline into merge-requests/45 2015-02-14 16:45:04 +01:00
buttle
9a8ccbaef2 Call HomeStubNav instead of duplicating code
adminpanelnav.php adds a homeStub but does not use the code created for the job.
2015-02-13 16:38:22 +01:00
buttle
d0347bb98f Removing home stub if empty
Added an Event HomeStubNavItems
menu->subMenu() returns false if empty
2015-02-13 16:26:41 +01:00
Mikael Nordfeldth
b3e80f5c32 Updated README.md and framework.php 2015-02-13 12:09:12 +01:00
Mikael Nordfeldth
6620ad793a Deja vu of user->getProfile() from 4f9b70d 2015-02-13 11:55:37 +01:00
Mikael Nordfeldth
4f9b70d51f Profile expected in Notice::asActivity from UAS 2015-02-13 11:41:21 +01:00
Mikael Nordfeldth
a063bb43a8 EndSetApiUser will always contain a User 2015-02-13 01:19:59 +01:00
Mikael Nordfeldth
2f86cd8602 utf8mb4 conversion on database with index adjusts 2015-02-12 18:18:55 +01:00
buttle
2a0a0287d4 Added EVENT to homestubnav
Changed menu->submenu(). if (! $menu->getItems()) then do nothing
2015-02-10 19:20:01 +01:00
Mikael Nordfeldth
c6b1b3e5e3 Merge commit 'refs/merge-requests/30' of https://gitorious.org/social/mainline into merge-requests/30 2015-02-08 23:19:53 +01:00
Mikael Nordfeldth
4c9a74cb12 ROLLBACK which may or may not be useful
There were problems with queries that were executed but didn't seem to
be committed. Trying to patch that up by calling a ROLLBACK on transactions
where the loading of the page isn't stopped after the BEGIN statement's
intended function fails (like with the rememberme cookie in this commit).
2015-02-08 11:09:19 +01:00
Mikael Nordfeldth
a89e91da79 By default, don't allow nick changes for profiles
This goes for both users and groups, since they share nickname namespace.

If you want to enable nickname changes, just add this to your config:

   $config['profile']['changenick'] = true;

This commit should cover all changes in our usual web forms as well as through
the API.
2015-02-04 21:25:14 +01:00
Mikael Nordfeldth
5155854339 HTMLOutputter input element can take arbitrary attributes now 2015-02-04 20:52:10 +01:00
Mikael Nordfeldth
f0a707cfc6 A single user instance also has the same URLs as multiuser instances 2015-02-04 16:47:43 +01:00
Mikael Nordfeldth
6a4cb43f67 showstream for singleuser instance too
singleuser instances shouldn't be too special and have too many
alternative methods of doing stuff.
2015-02-03 22:33:01 +01:00
Mikael Nordfeldth
660e8c6efc Fave::addNew now calls Notice::saveActivity
as a bonus we've fixed several FIXME issues for favorite email notification
and updated parts of the codebase for these activities to a more modern style.
2015-02-03 16:34:11 +01:00
Mikael Nordfeldth
e41d324a53 NoticeStream already handles "getNotices" 2015-02-03 12:12:11 +01:00
Mikael Nordfeldth
40416c2c69 Don't email users who are sandboxed
If sandboxed or silenced, don't email the user any notifications.
2015-02-03 11:41:20 +01:00
Mikael Nordfeldth
fdae6f0fb3 neo-gnu is now default-theme. perty. 2015-02-02 18:22:59 +01:00
Mikael Nordfeldth
f05f701764 HTML5 placeholder for notice input form. 2015-02-01 21:35:25 +01:00
Mikael Nordfeldth
c7dd595984 Run onEndSetApiUser also when already logged in! 2015-01-31 16:02:01 +01:00
Mikael Nordfeldth
4c14794cae ApiTimelineNetworkPublicAction available now
Feeds added in NetworkpublicAction too.
2015-01-29 23:01:53 +01:00
Mikael Nordfeldth
dfdfe4143a Set siteprofile default values for config public/localonly 2015-01-29 20:49:19 +01:00
Mikael Nordfeldth
4daa2e4644 Use 'StartpageAction' to determine what to show on / 2015-01-29 20:48:49 +01:00
Mikael Nordfeldth
a5d27d9ce7 /main/all will give a network-wide public stream
Qvitter had implemented this as a "PublicAndExternal" stream, but
I figured we might as well put it into the GNU social core.
2015-01-28 20:25:39 +01:00
Mikael Nordfeldth
eaaef2aec9 'zone' is a valid top domain
We should get another form of URL identifier for interpreting links on notices...
It was hard editing this line in vim even, because of wide, multibyte characters...
2015-01-27 15:07:00 +01:00
Mikael Nordfeldth
cc996f58db Test in Ostatus_profile if avatar is an image before writing to filesystem
This clears one FIXME...

We also fix HTTPClient::quickGet() (and a related call in OStatus testfeed.php).
2015-01-27 14:00:39 +01:00
Mikael Nordfeldth
bcb6dadc9f Corrected message in NoSuchGroupException 2015-01-27 13:37:35 +01:00
Mikael Nordfeldth
d140e135c0 Default textlimit for notices is now 1000 chars 2015-01-26 23:32:08 +01:00
Mikael Nordfeldth
67d09532dd Improved animated image thumbnail freedom of choice
Default is now to take still thumbnails of animated GIFs and then
show them as originals in an AttachmentListItem. The still frames
are mostly used with front-ends like qvitter.
2015-01-26 16:33:39 +01:00
Mikael Nordfeldth
97812549b9 Unnecessarily spammy logs for getThumbnail()
When trying to create thumbnails for remote media that don't have the
filename field set, we got a lot of output in the debug log.
2015-01-26 01:16:28 +01:00
Mikael Nordfeldth
a8e613e508 Animated GIF restructuring, ImageMagick only used for resizing animated sequences. 2015-01-25 23:00:00 +01:00
Mikael Nordfeldth
2a7d45c986 No need for ImageMagick to detected animated GIF 2015-01-25 22:45:25 +01:00
Mikael Nordfeldth
4dd6d7869e Maybe we can detect animated files in core 2015-01-25 22:11:46 +01:00
Mikael Nordfeldth
2b62077fc1 1.1.3-beta2 2015-01-25 02:43:29 +01:00
Mikael Nordfeldth
a9135080c3 barename wasn't used, let's rename it filename and use it 2015-01-25 02:27:02 +01:00
Mikael Nordfeldth
2dd1f3fe67 Default value for max thumbnail size increased
Because people have high resolution screens nowadays ;)
2015-01-23 15:04:54 +01:00
Mikael Nordfeldth
015e95829b MediaFile->getFile() instead of accessing fileRecord 2015-01-23 14:46:47 +01:00
Mikael Nordfeldth
9f87359d04 Non-ajax file submissions should throw NoUploadedMediaException 2015-01-22 12:38:57 +01:00
Mikael Nordfeldth
964d13792b ssl_verify_host option in config (default is true) 2015-01-22 12:21:57 +01:00
Mikael Nordfeldth
5c7ad2e031 Added a quickGet in HTTPClient 2015-01-22 12:16:01 +01:00
Mikael Nordfeldth
fac9f4e545 Merge branch 'nightly' of gitorious.org:social/mainline into nightly 2015-01-21 23:45:49 +01:00
Mikael Nordfeldth
9c5aa67a63 Enable AntiBrute by default. 2015-01-21 23:43:04 +01:00
Mikael Nordfeldth
8d7230a2b9 EndCheckPassword should run after Start even if pre-exited
StartCheckPassword can exit beforehand either with success or failure,
and we want EndCheckPassword to check for stuff like failed login attempts.
2015-01-21 22:31:05 +01:00
Mikael Nordfeldth
8b585ff647 MediaFile upload simplifying 2015-01-21 17:39:48 +01:00
Mikael Nordfeldth
b2d332c914 These were meant for lower classes 2015-01-18 21:13:52 +01:00
Mikael Nordfeldth
06c93faa2d PHP BUG??? Cannot figure out why this throws warning
I kept getting this on "Quitter España" (which seems to be the name
causing the commotion, as it's part of this sprintf algorithm):

   PHP Warning:  sprintf(): Argument number must be greater than zero
    in /srv/www/vhosts/quitter.es/%/htdocs/lib/action.php on line 1175

I'll just make it quiet for now so it doesn't spam other sites with
UTF-8 characters in their name (if that's what's causing this).
2015-01-18 12:52:33 +01:00
Mikael Nordfeldth
371f4b4874 A bit more readable code. 2015-01-18 01:43:30 +01:00
aroquen
e45c784451 Fix footer in plugins' notices.
Make it look like like normal notices. Footer element was missing.
2015-01-17 00:39:07 +01:00
Mikael Nordfeldth
8892702f0c Initially hide input forms on the top
The status input element would attract focus after page load, meaning
if you'd scrolled down a bit then you would be rocketed back up again!
2015-01-16 11:19:22 +01:00
Mikael Nordfeldth
96f30dd924 version push, we've got some HTML/CSS changes 2015-01-16 01:12:19 +01:00
Mikael Nordfeldth
0193c7548f RSS feed items did not get a type assigned 2015-01-15 21:13:21 +01:00
Mikael Nordfeldth
cbb7ec07a5 When called in offline queue, File::url was HTTP
Despite having the site configured "always" for HTTPS, File generated
thumbnails and such with HTTP urls.
2015-01-12 19:19:41 +01:00
Mikael Nordfeldth
c7df5594d0 Simplified by adding an abstract AtompubAction 2015-01-12 03:15:41 +01:00
Mikael Nordfeldth
aca5ff1b23 Found some unreachable code in Favorite
The portion after StartAtomPubNewActivity would never be reached since
Favorite handles that activity through ActivityHandlerPlugin nowadays.
So I cleaned it up and followed a couple of paths, making stuff prettier.
2015-01-12 02:23:23 +01:00
Mikael Nordfeldth
773441c2c5 abstract declaration of GroupSection 2015-01-10 01:46:54 +01:00
Mikael Nordfeldth
51f97c7e84 section control over their notice lists + HTML id stuff 2015-01-09 15:46:35 +01:00
Mikael Nordfeldth
a3b9367c9a new noticelist classes for primary and section lists 2015-01-08 20:19:43 +01:00
Mikael Nordfeldth
5a76390d46 Reuse NoticeList for NoticeSection listing
Something smarter than the 'addressees' and 'attachments' booleans etc.
is desired.
2015-01-08 20:07:27 +01:00
Mikael Nordfeldth
5981b5c8d9 CC license fixes (no remote image, https for href) 2015-01-08 18:13:33 +01:00
Mikael Nordfeldth
40412b6b79 status update placeholder removed, javascript not required to post 2015-01-08 18:04:46 +01:00
Mikael Nordfeldth
b2f0595d04 HTML5 + CSS adaptions, may cause visual breaks 2015-01-08 16:42:26 +01:00
Mikael Nordfeldth
d3a8896b2a Merge commit 'refs/merge-requests/26' of https://gitorious.org/social/mainline into merge-requests/26 2014-12-09 13:45:15 +01:00
Joshua Judson Rosen
238095a719 Parse remote users' fullnames from PoCo::displayName elements
Try this first; use activity:subject->atom:title only as a fallback.

The code that output activity:subject was removed 2013-10-08,
and it it was deprecated for years before that....
2014-12-08 21:55:51 -05:00
Mikael Nordfeldth
e7c6c6fc76 Merge commit 'refs/merge-requests/19' of https://gitorious.org/social/mainline into merge-requests/19 2014-12-06 20:18:52 +01:00
Mikael Nordfeldth
bb31394cce Merge commit 'refs/merge-requests/23' of https://gitorious.org/social/mainline into merge-requests/23 2014-12-06 20:12:17 +01:00
Joshua Judson Rosen
9a9f6f0502 Use HTTPS links for Google and Yahoo!
They both support it--so why not?
2014-12-03 22:55:34 -05:00
Joshua Judson Rosen
c52c090298 Add Ixquick as a fallback search link
People like that one, too.
2014-12-03 22:54:27 -05:00
Joshua Judson Rosen
67539fd1cc Add DuckDuckGo as a fallback search link
People like it.
2014-12-03 22:48:28 -05:00
Joshua Judson Rosen
f9d815db64 Correctly spell "Yahoo!"
With the trailing bang(!).
2014-12-03 22:46:50 -05:00
Joshua Judson Rosen
b45b7c153e SearchAction: don't list dead web search-engines
tweetscan.com is a parked domain.

http://www.twingly.com/search?content=microblog says:
"Microblog search has been removed. Use https://twitter.com/search-home".

http://collecta.com/ says "We have removed our consumer facing site".
2014-12-03 22:44:54 -05:00
Joshua Judson Rosen
69fec16de2 common_path(): use HTTPS if current URL is HTTPS
Bring common_path() back into harmony with common_local_url(),
which started doing this 2013-03-25.

Shouldn't need to spread "StatusNet::isHTTPS()" logic all over
wherever common_path() is called; just DTRT automatically instead.
2014-12-02 14:47:03 +01:00
Mikael Nordfeldth
8ad4d1baf8 Version bump to 1.1.3 since conversation tracking 2014-11-27 17:12:36 +01:00
Mikael Nordfeldth
343291262e ostatus:conversation element instead of link rel=""
Mainly because the atom:link element requires a "web resource" but we
wish to supply a URI which might not be HTTP. We'll leave the old
atom:link element however since it's in the OStatus 1.0 Draft2 docs
and nothing newer has been released yet.
2014-11-27 13:47:31 +01:00
Mikael Nordfeldth
a3ded586b6 Namespaced elements now available in xmloutputter 2014-11-27 13:36:29 +01:00
Joshua Judson Rosen
9fd2541b52 QueueManager: don't assume all non-XML strings are JSON
Some of the standard plugins queue simple, unstructured numbers--
e.g.: EmailSummary and OfflineBackup both queue user-IDs.
2014-11-23 23:24:16 -05:00
Mikael Nordfeldth
34f6ea1d04 Present WWW-Authenticate on failure to authenticate 2014-11-10 12:17:39 +01:00
Mikael Nordfeldth
b6a168c82e Unnecessary to check PHP_AUTH_USER here
it was implied from $this->auth_user_nickname above
2014-11-10 12:10:21 +01:00
Mikael Nordfeldth
17647dc3ff $header was always true due to previous if statement 2014-11-10 11:59:01 +01:00
Mikael Nordfeldth
e91deb683f Checking user properties for instanceof User 2014-11-10 11:57:53 +01:00
Mikael Nordfeldth
403cb858be Less verbose logic for checking api authentication 2014-11-10 11:43:08 +01:00
Mikael Nordfeldth
6f5086fc52 Integrate qvitter ApiAuthAction (thanks hannes2peer) 2014-11-10 11:39:19 +01:00
Mikael Nordfeldth
769febf22e DirectMessage added to default plugins
I think the migration from core to plugin is done now for DMs.

This is required since we support the Twitter-based API by default,
which is implemented in many of the mobile clients etc. But you can
disable the DirectMessage for your instance of you wish, of course.
2014-11-07 16:37:00 +01:00
Mikael Nordfeldth
48ba963ddd Inline documentation updated to reflect on plugin move of DMs 2014-11-07 16:26:29 +01:00
Mikael Nordfeldth
046d070ad4 MessageCommand moved to DirectMessage plugin 2014-11-07 16:23:34 +01:00
Mikael Nordfeldth
38d9b4d3a4 UserActivityStream export of DMs moved to plugin 2014-11-07 16:08:16 +01:00
Mikael Nordfeldth
d493fd0772 DirectMessage API functions moved to plugin 2014-11-07 16:00:27 +01:00
Mikael Nordfeldth
68143ff916 DirectMessage moved into a plugin, not done yet
We still have to move some API calls into the new plugin.
2014-11-07 15:53:35 +01:00
Mikael Nordfeldth
e90a1f44c4 Show permalinks only for local notices
the "from [site]" already links to the permalink
2014-11-05 19:53:59 +01:00
Mikael Nordfeldth
7ea067a0dc Notice_source checks in better code style 2014-11-05 19:44:22 +01:00
Mikael Nordfeldth
5e4f93cc7d Conversation link as default, permalink for /notice 2014-11-05 19:34:39 +01:00