Commit Graph

882 Commits

Author SHA1 Message Date
Brion Vibber
2617c40e04 Merge branch 'master' of gitorious.org:statusnet/mainline into 0.9.x
Conflicts:
	classes/User.php
2010-12-06 12:44:19 -08:00
Brion Vibber
76f3dc32e0 Added User::singleUserNickname() as (temporary?) fallback for single-user lookup as a workaround for site setup of 1user sites. We found that an external tool attempting to spin up StatusNet and then register the user would fail because StatusNet's router setup dies on being unable to find its single-user account, since the nickname is needed in setting up routing entries. This tweak will let it survive, using the configured setting as a fallback if it can't actually find the user account. 2010-12-06 12:39:09 -08:00
Brion Vibber
aa96c3c1d9 Fix for tickets #2917, #2262: user URL shortening options not being applied in non-web channels
common_shorten_links() can only access the web session's logged-in user, so never properly took user options into effect for posting via XMPP, API, mail, etc.

Adds an optional $user parameter on common_shorten_links(), and a $user->shortenLinks() as a clearer interface for that.
Tweaked some lower-level functions so $user gets passed down -- making the $notice_id param previously there for saving URLs at notice save time generalized a little.

Note also ticket #2919: there's a lot of duplicate code calling the shortening, checking the length, and reporting near-identical error messages. These should be consolidated to aid in code and translation maintenance.
2010-12-02 13:41:56 -08:00
Brion Vibber
3f0557aa8e General code safety: validate input and escape SQL strings in common_relative_profile() 2010-11-29 16:44:01 -08:00
Brion Vibber
82799f675f Add Nickname test cases for @-reply regexes in common_find_mentions 2010-11-29 15:07:55 -08:00
Brion Vibber
dc350b5463 Work in progress on nickname validation changes. lib/nickname.php appears to have been destroyed by NetBeans and will be rewritten shortly. Sigh. 2010-11-29 14:15:25 -08:00
Brion Vibber
6c4e5a89c1 Add some doc comments on nickname-related stuff in util.php 2010-11-29 11:31:10 -08:00
Zach Copley
645a4d1754 Merge branch '0.9.x' of git@gitorious.org:statusnet/mainline into 0.9.x 2010-11-17 22:16:08 +00:00
Brion Vibber
197b56778a Add $config['attachments']['process_links'] to allow disabling processing of mentioned URL links for attachment info (oEmbed lookups) and dereferencing of redirects that we didn't have shortened ourselves.
This option may be useful for intranet sites that don't have direct access to the internet, as they may be unable to successfully fetch those resources.
2010-11-17 13:03:59 -08:00
Zach Copley
bd566b6f85 Merge branch '0.9.x' into facebook-upgrade 2010-11-16 02:32:46 +00:00
Zach Copley
5b94d9e86b Merge branch '0.9.x' into facebook-upgrade 2010-11-09 23:16:17 +00:00
Brion Vibber
883f7a6c0b Avoid marking files as attachments that are not locally uploaded, unless they're really oembedable. HTML-y things now excluded properly. 2010-11-08 13:27:54 -08:00
Brion Vibber
b716d01a41 Merge branch '0.9.x' into 1.0.x 2010-11-03 16:09:49 -07:00
Brion Vibber
dc4fafbbd1 General cleanup & part of ticket #2864: use User_group->getFancyName() instead of replicating the logic in various places. Encapsulates and allows for localization of parens. 2010-11-03 12:59:19 -07:00
Zach Copley
764a297383 Output filename in log msg if one is supplied 2010-11-02 23:13:20 +00:00
Brion Vibber
b26eccf33c Merge branch '0.9.x' into 1.0.x 2010-10-28 16:26:34 -07:00
Craig Andrews
22a0cf6251 Set cookies with "secure" flag on SSL sites. Improves security. 2010-10-26 17:55:09 -04:00
Brion Vibber
ca489631db Merge branch '0.9.x' into 1.0.x
Conflicts:
	actions/subscriptions.php
	lib/router.php
	lib/xmppmanager.php
	lib/xmppoutqueuehandler.php
2010-10-25 13:08:57 -07:00
Zach Copley
78396db28a Forgot to add the OAuth verifier pin page to sensitive array 2010-10-25 12:36:03 -07:00
Zach Copley
0dcc3f8d71 We don't need to have editapplication (only showapplication) in the
sensitive array because it doesn't expose the consumer keypair
2010-10-25 12:10:52 -07:00
Zach Copley
3954ab39ae Add OAuth token exchange endpoint to 'sensitive' array; i.e.: use SSL if
available
2010-10-25 11:52:17 -07:00
Brion Vibber
8004e2809d Fix for ticket #2845: singleuser nickname configuration was being overridden by site owner in router setup.
I've consolidated the checks for which user to use for single-user mode into User::singleUser(), which now uses the configured nickname by preference, falling back to the site owner if it's unset.
This is now called consistently from the places that needed to use the primary user's nickname in routing setup.

Setting $config['singleuser']['nickname'] should now work again as expected.
2010-10-20 14:34:25 -07:00
Brion Vibber
7765ddae81 Merge branch '0.9.x' into 1.0.x
Conflicts:
	README
	lib/default.php
2010-10-18 12:17:11 -07:00
Evan Prodromou
7c05b0dafc options to nofollow external links in notices 2010-10-18 11:29:52 -04:00
Brion Vibber
6c959c83ce Merge branch '0.9.x' into 1.0.x 2010-10-07 13:32:26 -07:00
Brion Vibber
5e0f3e7bd4 Workaround for regression in input validation due to more PCRE oddities. Recommend redoing common_validate_utf8() using something more reliable, perhaps. :P 2010-10-07 12:32:10 -07:00
Brion Vibber
71176b9a98 Merge branch '0.9.x' into 1.0.x 2010-10-06 13:07:29 -07:00
Brion Vibber
ebfa8bce27 Basic validation of UTF-8 input via GET/POST vars: invalid UTF-8 sequences will cause the string to drop. Not necessarily super-thorough; should be improved in future to drop individual bad sequences, do normalization of combining forms, etc. General input validation (for ints, types of strings, etc) still would be good to have! 2010-10-06 13:00:30 -07:00
Brion Vibber
59119482ca Merge branch '0.9.x' of gitorious.org:statusnet/mainline into 1.0.x
Conflicts:
	actions/hostmeta.php
	actions/imsettings.php
	classes/User.php
	lib/adminpanelaction.php
	lib/channel.php
	lib/default.php
	lib/router.php
	lib/util.php
2010-10-04 12:54:36 -07:00
Brion Vibber
aef42e2f65 Don't spew a notice warning to output while processing logging for PEAR DB errors 2010-09-20 16:52:22 -07:00
Brion Vibber
64cdbe6c55 Ticket #2750: fixes to HTTP caching behavior across login/logout boundaries
* now ignoring if-modified-since if we failed an etag if-none-match comparison, per spec
* now including a hash of user id/nickname in most etags, so we'll update the view properly after login/logout

For API methods, checking the API-auth'ed user. (Many change results to include things like 'you're subscribed to this user' or 'this is one of your favorites', so user info is again needed)

There'll still be some last-modified stamps that aren't including user info properly, probably.
2010-09-20 13:42:58 -07:00
Siebrand Mazeland
85154a49d0 Add plural support for minutes/hours/days/months ago.
Reapply of revised b27882c916 that was reverted by Brion Vibber in 2d4c0f9a47.
2010-09-16 00:07:47 +02:00
Brion Vibber
2d4c0f9a47 Revert "Add plural support for minutes/hours/days/months ago." -- currently doesn't work and spews error messages
This reverts commit b27882c916.
2010-09-15 14:10:18 -07:00
Siebrand Mazeland
6817420e6c Remove trailing whitespace and update comment consistency on methods. 2010-09-13 21:10:52 +02:00
Siebrand Mazeland
b27882c916 Add plural support for minutes/hours/days/months ago. 2010-09-13 21:10:51 +02:00
Evan Prodromou
a319b40c97 common_cache_key() -> Cache::key() 2010-09-06 10:07:43 -04:00
Evan Prodromou
e42d2124a3 common_keyize() -> Cache::keyize() 2010-09-06 10:03:51 -04:00
Evan Prodromou
c2de44a530 remove NOOP function common_broadcast_notice() 2010-09-06 09:59:08 -04:00
Evan Prodromou
8f81762d68 common_memcache() => Cache::instance() 2010-09-06 09:56:45 -04:00
Brion Vibber
2196d00b1b Merge branch '0.9.x' into 1.0.x
Conflicts:
	lib/command.php
2010-09-02 15:04:25 -07:00
Brion Vibber
4cbbfdab84 Fix for #2635: use ssl-sometimes settings for Twitter settings & auth pages 2010-09-02 10:55:26 -07:00
Evan Prodromou
7183175429 Merge branch 'master' into 1.0.x 2010-08-13 14:33:41 -07:00
Brion Vibber
f7d599f8ea Fix for ticket 2513: "Can't linkify" error when some links are shortened
When bogus SSL sites etc were hit through a shortening redirect, sometimes link resolution kinda blew up and the user would get a "Can't linkify" error, aborting their post.
Now catching this case and just passing through the URL without attempting to resolve it. Could benefit from an overall scrubbing of the freaky link/attachment code though...! :)

http://status.net/open-source/issues/2513
2010-08-12 15:25:32 -07:00
Evan Prodromou
9f0715a993 Merge branch '0.9.x' into 1.0.x 2010-08-03 16:05:03 -07:00
Brion Vibber
974c4df029 Ticket 2433: Skip locale fallback list check on Windows ('locale -a' shell-out doesn't work there) 2010-07-12 09:56:32 -07:00
Brion Vibber
b1a68e15b7 Merge branch '0.9.x' of gitorious.org:statusnet/mainline into 1.0.x
Conflicts:
	lib/default.php
	lib/util.php
	plugins/UrlShortener/UrlShortenerPlugin.php (has been removed?)
2010-06-10 15:37:06 -07:00
Brion Vibber
d88b208edc Merge branch 'testing' of gitorious.org:statusnet/mainline into 0.9.x
Conflicts:
	plugins/OpenID/openid.php
2010-06-07 10:19:40 -07:00
Brion Vibber
5f4c6ec626 Skip enqueueing to outgoing bridges on incoming remote messages. Twitter, Facebook, RSSCloud, and OStatus checks were enqueued on these when they'd never do anything but churn the queue servers.
Notice::isLocal() can replace a number of manual checks for $notice->is_local being LOCAL_PUBLIC or LOCAL_NONPUBLIC.
2010-06-03 16:58:45 -07:00
Brion Vibber
6eae5d6a7e Merge branch 'testing' into 0.9.x 2010-05-21 13:15:08 -07:00
Brion Vibber
708d22848e Quick fix for creating OpenID accounts authenticating against a MediaWiki site; trim the 'User:' etc from the final path segment before generating a nickname from it. Avoids ending up with nicks like 'userbrion' on your first OpenID login! 2010-05-19 16:19:06 -07:00
Brion Vibber
c4203be9a4 Merge branch '0.9.x' into 1.0.x 2010-05-19 12:52:23 -07:00
Brion Vibber
7005ef6661 Merge branch 'testing' into 0.9.x
Conflicts:
	plugins/OpenID/openidlogin.php
2010-05-19 12:51:25 -07:00
Brion Vibber
74a89b1fc3 Locale switch cleanup: use common_switch_locale() which is safer for updating gettext state. Also moved a few calls to reduce chance of hitting an exception before switching back.
Should help with problems where xmppdaemon would get stuck in wrong locale.
2010-05-19 10:10:55 -07:00
Brion Vibber
91367dbc21 Merge branch '0.9.x' into 1.0.x 2010-05-14 12:15:13 -07:00
Brion Vibber
065ecc5573 Merge branch 'testing' into 0.9.x 2010-05-14 12:14:02 -07:00
Brion Vibber
3d00cfd47f Windows server fix: Use platform EOL in debug log file 2010-05-11 12:22:14 -07:00
Brion Vibber
3e8af172d6 Add ?uselang=xx language override option (only valid, locally-enabled languages supported, just as with headers and user settings).
Great aid for debugging & translation testing
2010-05-05 17:30:42 -07:00
Brion Vibber
cae1329f3b Merge branch '0.9.x' into 1.0.x
Conflicts:
	lib/util.php
2010-04-30 13:16:13 -07:00
Evan Prodromou
5c05cd2b1a Merge branch '1.0.x' of gitorious.org:statusnet/mainline into 1.0.x 2010-04-26 02:43:33 -04:00
Evan Prodromou
14adb7cc41 Give users more control over URL shortening
Users and administrators can set how long an URL can be before it's
shortened, and how long a notice can be before all its URLs are
shortened. They can also turn off shortening altogether.

Squashed commit of the following:

commit d136b39011
Author: Evan Prodromou <evan@status.net>
Date:   Mon Apr 26 02:39:00 2010 -0400

    use site and user settings to determine when to shorten URLs

commit 1e1c851ff3
Author: Evan Prodromou <evan@status.net>
Date:   Mon Apr 26 02:38:40 2010 -0400

    add a method to force shortening URLs

commit 4d29ca0b91
Author: Evan Prodromou <evan@status.net>
Date:   Mon Apr 26 02:37:41 2010 -0400

    static method for getting best URL shortening service

commit a9c6a3bace
Author: Evan Prodromou <evan@status.net>
Date:   Mon Apr 26 02:37:11 2010 -0400

    allow 0 in numeric entries in othersettings

commit 767ff2f7ec
Author: Evan Prodromou <evan@status.net>
Date:   Mon Apr 26 02:36:46 2010 -0400

    allow 0 or blank string in inputs

commit 1e21af42a6
Author: Evan Prodromou <evan@status.net>
Date:   Mon Apr 26 02:01:11 2010 -0400

    add more URL-shortening options to othersettings

commit 869a6be0f5
Author: Evan Prodromou <evan@status.net>
Date:   Sat Apr 24 14:22:51 2010 -0400

    move url shortener superclass to lib from plugin

commit 9c0c9863d5
Author: Evan Prodromou <evan@status.net>
Date:   Sat Apr 24 14:20:28 2010 -0400

    documentation and whitespace on UrlShortenerPlugin

commit 7a1dd5798f
Author: Evan Prodromou <evan@status.net>
Date:   Sat Apr 24 14:05:46 2010 -0400

    add defaults for URL shortening

commit d259c37ad2
Author: Evan Prodromou <evan@status.net>
Date:   Sat Apr 24 13:40:10 2010 -0400

    Add User_urlshortener_prefs

    Add a table for URL shortener prefs, a corresponding class, and the
    correct mumbo-jumbo in statusnet.ini to make everything work.
2010-04-26 02:40:36 -04:00
Craig Andrews
c78a10b476 add 'always' parameter to common_shorten_links 2010-04-21 17:14:25 -04:00
Brion Vibber
df41287226 Merge branch 'testing' of gitorious.org:statusnet/mainline into 0.9.x 2010-04-20 13:52:58 +02:00
Brion Vibber
61098faf5d Merge branch 'master' of gitorious.org:statusnet/mainline into testing 2010-04-20 13:52:18 +02:00
Brion Vibber
c48caa85e1 Fix email notifications for @-replies that come via OStatus.
* Moved notification sending from Notice::saveReplies to distrib queue handler, so it'll pull from the reply set we've saved regardless of how we got it.
* Set up gettext infrastructure for command-line scripts; gets localization mail notifications etc working from background queues.
* Adjusted locale switching: common_switch_locale() works at runtime for bg scripts, forces a message catalog update
2010-04-20 13:49:29 +02:00
Craig Andrews
39392e03a7 Merge branch '0.9.x' into 1.0.x
Conflicts:
	actions/confirmaddress.php
	actions/imsettings.php
2010-04-18 19:21:15 -04:00
Siebrand Mazeland
ec0fee0f2a Add translator documentation and FIXMEs that plural support should be added for some messages. 2010-04-11 22:15:41 +02:00
Brion Vibber
1f8451f4aa Merge branch 'testing' into 0.9.x 2010-04-09 08:40:15 -07:00
Brion Vibber
5dbaaed4e6 Maintain 'page' parameter for block from subscribers list, block & make-admin from group members list.
Refactored some of the returnto handling code. It looks like we have several different ways of handling this in the software, icky!
Marked the session-based functions with fixmes (they'll stomp on other forms when multiple tabs/windows are used) and combined some commonish bits of code between ProfileFormAction and the group block & makeadmin actions where they're using hidden form parameters. Extended that to allow passing dynamic parameters (eg 'page') as well as static ones (action, target user/group).
2010-04-08 19:06:55 -07:00
Brion Vibber
6274c3977d In single-user mode, link #hashtags to the user's tagged stream rather than the global tag action, which isn't registered.
Previously they would end up pointing to the home URL.
2010-04-08 17:06:25 -07:00
Brion Vibber
0e0927985c Revert "scripts/strip_geo.php to remove geodata from notices by a given user/profile."
This reverts commit ab20e75ff8.

Accidentally removed another commit; clearing up...
2010-04-08 17:04:10 -07:00
Brion Vibber
ab20e75ff8 scripts/strip_geo.php to remove geodata from notices by a given user/profile.
May be slow or run out of memory if run on particularly prolific posters -- not yet optimized for that case.

Note that geodata that has already been sent out to other services (via ostatus, omb, twitter, etc) will not be removed from them.
2010-04-08 16:58:54 -07:00
Brion Vibber
88678eadfa In single-user mode, link #hashtags to the user's tagged stream rather than the global tag action, which isn't registered.
Previously they would end up pointing to the home URL.
2010-04-08 13:12:14 -07:00
Brion Vibber
2f4438fe24 Merge branch '0.9.x' into 1.0.x
Conflicts:
	actions/imsettings.php
	lib/jabber.php

Made a quick attempt to merge the new JID validation into the XmppPlugin, have not had a chance to test that version live yet.
Should also move over the test cases.
2010-04-02 15:56:25 -07:00
Brion Vibber
df9eb4164a Merge branch 'testing' of git@gitorious.org:statusnet/mainline into 0.9.x 2010-03-31 12:48:24 -07:00
Brion Vibber
0841fa712e Ticket #1281: JID validation now more or less follows spec instead of calling e-mail validator
Basic splitting/validation code submitted via http://status.net/wiki/XMPP/JID_validation -- Copyright 2009 Patrick Georgi <patrick@georgi-clan.de> Licensed under ISC-L, which is compatible with everything else that keeps the copyright notice intact.

Added PEAR Net_IDNA package to extlib to handle IDN normalization (also used by Validate's email verifier if present).

* added test suite, supplemented my own test cases with JID validation and normalization test cases from libpurple
* follows XMPP rules for validation of name part
* fixes for normalization with non-ASCII names
* will do domain checks if $config['email']['check_domain'] is on, checking for an XMPP-server SRV record or any lookup. (We don't actually need to ping those direct though.)
* some more obscure stringprep validation rules aren't quite followed yet, but we err on the side of permissiveness.
* we still don't actually let you save your address with a resource on it, as we strip resources when looking up users who've sent us presence or message updates. I would recommend saving the outgoing resource as a separate field if/when we add that..?
2010-03-30 17:35:27 -07:00
Brion Vibber
01a03e34c8 Merge branch '0.9.x' into 1.0.x 2010-03-29 15:15:51 -07:00
Craig Andrews
1bf27de9b9 if there is oembed data for a file/link, consider that link to have an attachment 2010-03-26 18:13:45 -04:00
Brion Vibber
c3ceaa893f Merge branch '0.9.x' of git@gitorious.org:statusnet/mainline into 1.0.x 2010-03-24 14:11:01 -07:00
Brion Vibber
7277b59734 Merge branch 'master' of git@gitorious.org:statusnet/mainline into testing 2010-03-23 12:13:32 -07:00
Brion Vibber
80b16c8499 Don't add PHPSESSID parameter onto notice and conversation URIs if we save a notice during a session override.
This was being triggered by welcomebot messages created at account creation time, then propagated through replies.
2010-03-23 09:56:05 -07:00
Brion Vibber
2d79455a1f Don't add PHPSESSID parameter onto notice and conversation URIs if we save a notice during a session override.
This was being triggered by welcomebot messages created at account creation time, then propagated through replies.
2010-03-23 09:54:24 -07:00
Brion Vibber
e89908f261 Merge branch '0.9.x' of git@gitorious.org:statusnet/mainline into 1.0.x
Conflicts:
	lib/channel.php
	scripts/imdaemon.php
2010-03-22 13:56:16 -07:00
Brion Vibber
ddb656fcd2 Merge branch 'testing' into 0.9.x
Conflicts:
	actions/apistatusnetconfig.php
2010-03-10 09:55:14 -08:00
Zach Copley
7f2253759c A blank username should never be allowed. 2010-03-10 03:39:05 +00:00
Brion Vibber
60e0f04261 Ticket #2210: adjust locale setup fallback to try more locales on the system if en_US isn't available. We just need *something* other than C or POSIX to let gettext initialize itself, apparently...
Gets Spanish, French, Russian etc UI localization working on Debian Lenny fresh installation set up in Spanish (so es_ES.UTF-8 is available but en_US.UTF-8 isn't).
2010-03-09 17:38:16 +01:00
Craig Andrews
689e2e112b make common_copy_args() work when the post/get request includes arrays (form elements with names ending in [] having multiple values) 2010-03-08 21:43:34 -05:00
Craig Andrews
714d920fae Merge branch '0.9.x' into 1.0.x
Conflicts:
	classes/statusnet.ini
	db/statusnet.sql
	lib/jabber.php
	lib/xmppmanager.php
2010-03-08 17:22:23 -05:00
Brion Vibber
0881eba80e Language setting fixes:
- switch 'en_US' to 'en', fixes the "admin panel switches to Arabic" bug
- tweak setting descriptions to clarify that most of the time we'll be using browser language
- add a backend switch to disable language detection (should this be exposed to ui?)
2010-03-03 12:10:43 -08:00
Brion Vibber
3bb42d1170 Use poster's subscribed groups to disambiguate group linking when a remote group and a local group exist with the same name. (If you're a member of two groups with the same name though, there's not a defined winner.) 2010-03-03 19:00:02 +00:00
Craig Andrews
c30f95c55c Updated some references to the long gnone "isEnclosure" function to the new "getEnclosure" 2010-03-02 14:25:06 -08:00
Brion Vibber
72460091dd Merge branch 'master' of git@gitorious.org:statusnet/mainline into testing 2010-03-02 12:21:48 -08:00
Brion Vibber
f596e072e7 Fix for regression in updated mention checks, sometimes lost links to folks mentioned in the replied message. 2010-03-02 09:53:00 -08:00
Zach Copley
a5dc5f9c62 Upgrade XML output scrubbing to better deal with newline and a few other chars 2010-03-01 14:58:06 -08:00
Evan Prodromou
4d9daf2149 Use notice for context when deciding who @nickname refers to
In a federated system, "@nickname" is insufficient to uniquely
identify a user. However, it's a very convenient idiom. We need to
guess from context who 'nickname' refers to.

Previously, we were using the sender's profile (or what we knew about
them) as the only context. So, we assumed that they'd be mentioning to
someone they followed, or someone who followed them, or someone on
their own server.

Now, we include the notice information for context. We check to see if
the notice is a reply to another notice, and if the author of the
original notice has the nickname 'nickname', then the mention is
probably for them. Alternately, if the original notice mentions someone
with nickname 'nickname', then this notice is probably referring to
_them_.

Doing this kind of context sleuthing means we have to render the
content very late in the notice-saving process.
2010-02-27 16:06:46 -05:00
Evan Prodromou
4b696cf51f add a flag to impede adding sessions to URLs (for permanent stuff) 2010-02-26 17:28:44 -05:00
Brion Vibber
593885f98c Tweak common_url_to_nickname to take the last path component; fixes pulling nicks from Google profile pages (path is "/profile/<nickname>") 2010-02-25 23:52:34 +00:00
Brion Vibber
b7037a49af Merge branch 'master' of gitorious.org:statusnet/mainline into testing 2010-02-25 11:57:21 -08:00
Brion Vibber
a8d0c8d8ef Normalize nickname case on login; fixes failed logins where people were typing MixedCase nicknames (if browser saved this form, it would never work again until clearing the saved form data; very icky.) 2010-02-25 11:56:48 -08:00
Brion Vibber
39a8e9d8e6 Ensure that shortened URLs haven't accumulated whitespace when fetched by a plugin. Some shorteners have ended up inserting extra newlines when the string gets extracted from tidied HTML. 2010-02-25 10:30:37 -08:00
Craig Andrews
c187bf5597 Merge branch '0.9.x' into 1.0.x
Conflicts:
	EVENTS.txt
	db/statusnet.sql
	lib/queuemanager.php
2010-02-24 20:52:45 -05:00