Commit Graph

4683 Commits

Author SHA1 Message Date
Mikael Nordfeldth
3cef75bcac Update the comment on silencing privileged users in ModHelper 2016-02-12 14:47:44 +01:00
Mikael Nordfeldth
7fdcbd56d5 XMPP URI scheme for HTMLPurifier 2016-02-11 21:31:50 +01:00
Mikael Nordfeldth
b9d35659c8 Stricter exception check 2016-02-10 04:43:30 +01:00
Mikael Nordfeldth
ec257d940a Either use or don't use HTTPS
The risk of injection attacks using HTTP is too great to allow a
site that allows both HTTP and HTTPS...
2016-02-10 00:57:39 +01:00
Mikael Nordfeldth
eaa394ed7d bitcoin schema for HTMLPurifier 2016-02-08 20:20:31 +01:00
Chimo
a614205663 Add plugin READMEs 2016-02-08 17:48:37 +00:00
Chimo
2c5cba28b6 Change status.net/wiki URLs to git.gnu.io 2016-02-08 17:48:10 +00:00
Mikael Nordfeldth
ef5ed10eb9 Log failed captcha entries 2016-02-08 17:51:21 +01:00
Mikael Nordfeldth
cd71188d3a SimpleCaptcha plugin to stop basic bots 2016-02-08 17:47:09 +01:00
Mikael Nordfeldth
58e852f7f7 Use the -y parameter for ffmpeg/avconv to be non-interactive 2016-02-07 01:59:21 +01:00
Mikael Nordfeldth
6bec22ea4e Write to the tmp file in VideoThumbnails 2016-02-07 01:57:56 +01:00
Mikael Nordfeldth
25f623565a Catch http exception in StoreRemoteMedia 2016-02-07 01:54:37 +01:00
Mikael Nordfeldth
098c8b1df4 NoHttpResponseException extends HTTP_Request2_ConnectionException 2016-02-07 01:52:20 +01:00
Mikael Nordfeldth
55546a5aab Support ffmpeg and avconv depending on which you have 2016-02-07 01:02:59 +01:00
Mikael Nordfeldth
1f01356076 Fix issue #127 by catching exceptions
update-profile-data.php threw exceptions on http connection issues
2016-02-04 12:06:35 +01:00
Mikael Nordfeldth
90045d66ea HTMLPurifierSchemes plugin to allow geo and magnet URIs 2016-02-03 14:36:51 +01:00
Mikael Nordfeldth
367fc054dc Merge branch 'master' into mmn_fixes 2016-01-30 00:03:25 +01:00
Mikael Nordfeldth
a5c1b063fd isPerson did not exist for Ostatus_profile 2016-01-29 16:15:06 +01:00
Mikael Nordfeldth
689e277c62 Allow @localuser@mysite.example to be looked up as a mention 2016-01-29 16:06:16 +01:00
Mikael Nordfeldth
36f099958c Don't match @nickname on @nickname@server.com 2016-01-29 15:53:58 +01:00
Mikael Nordfeldth
fb7f572eed Purify oembed html (again)
For a commit or two we didn't do this, because htmLawed failed to filter
out CDATA javascript properly, but now we use HTML Purifier which works.
2016-01-28 19:02:16 +01:00
Mikael Nordfeldth
7e6783bb8f Replace htmLawed with HTMLPurifier 2016-01-28 19:01:13 +01:00
Mikael Nordfeldth
daea5647b6 Merge branch 'nightly' of git.gnu.io:gnu/gnu-social into mmn_fixes 2016-01-28 17:27:08 +01:00
mmn
9b3cbb373e Merge branch 'oembed_fb_wp_branch' into 'nightly'
Oembed: Fix UTF-8 bug and better wp&fb data (updated!)



See merge request !97
2016-01-28 16:26:33 +00:00
Mikael Nordfeldth
efe23ed404 updateWithKeys now understands multi-column keys
and automatically identifies _which_ columns are the right ones,
so for example 'uri' primary keys don't need to be explicitly set
2016-01-28 16:42:59 +01:00
hannes
05439831e7 add comment that DOMDocument('1.0', 'UTF-8') does not work 2016-01-28 15:32:11 +00:00
hannes
06e325d61b fixes two issues when the oembed thumbnail is blank 2016-01-28 15:19:29 +00:00
Mikael Nordfeldth
7c80c9a1f9 Meh, let's just remove FirePHP, I don't think anyone uses it 2016-01-28 13:48:44 +01:00
mmn
dfc11f99ad Merge branch 'update-extlib-firephp' into 'nightly'
Update FirefPHP Core to v0.4.0 released on 23 Apr 2013



See merge request !92
2016-01-28 12:41:34 +00:00
Mikael Nordfeldth
bb0cb9b3f6 Manual merge of !87 Update LDAP2 extlib to 2.2.0 (stable) released on 2015-10-30
Thanks postblue
2016-01-28 13:35:23 +01:00
mmn
c01982c917 Merge branch 'oembed_thumbnail_branch' into 'nightly'
add a thumbnail to oembed response

just something i added to quitim

See merge request !85
2016-01-26 21:09:07 +00:00
hannes
aa76e5863f don't mess upp charsets in oembed/og! check for utf-8 in http header and meta tags, and add prolog when loading html with DOMDocument() 2016-01-26 13:37:52 +00:00
hannes
b8d1e1f4a6 silence errors on these xpath queries 2016-01-26 11:28:24 +00:00
hannes
884aeb4d2e common_purify() doesn't remove wordpress' and facebook's javascript properly, maybe better to keep the data intact, and do strip_tags or something similar when using the data 2016-01-26 01:10:15 +00:00
hannes
473f893d04 detab 2016-01-26 01:07:44 +00:00
hannes
76c8139054 not pretty, but gives us better oembed data for wordpress and facebook 2016-01-26 01:05:53 +00:00
Roland Haeder
9614aba0e1
Removed plugin Google-Analytics as this is free/libre and decentralized
software and should not promote centralized proprietary software. Please see
the included Piwik plugin for a more decentralized alternative!

Signed-off-by: Roland Haeder <roland@mxchange.org>
2016-01-25 13:19:43 +01:00
postblue
fef52d7b51 Update FirefPHP Core to v0.4.0 released on 23 Apr 2013 2016-01-24 21:11:38 +01:00
Mikael Nordfeldth
ef005987a1 Did the OpportunisticQM fixes in the wrong order 2016-01-22 12:26:53 +01:00
Mikael Nordfeldth
1121b38eb1 use connect_timeout value for execution margin 2016-01-22 12:21:06 +01:00
Mikael Nordfeldth
81f9a59f25 use connect_timeout value for execution margin 2016-01-22 12:19:17 +01:00
hannes
d0e2f8745d add a thumbnail to oembed response 2016-01-21 18:48:30 +00:00
Mikael Nordfeldth
3f9c1c142a Removing unnecessary debug messages etc. 2016-01-21 02:49:34 +01:00
Mikael Nordfeldth
be1759f112 i18n 2016-01-21 02:37:07 +01:00
Mikael Nordfeldth
81bf0fd261 Various last fixes to RSVP I think 2016-01-21 02:20:57 +01:00
Mikael Nordfeldth
f74d2d555c Working on some RSVP code stuff 2016-01-21 02:10:34 +01:00
Mikael Nordfeldth
45b523bada Add xcal namespaces to location and url in event
Also, for fun, add stuff for RSS event module, see:
   http://web.resource.org/rss/1.0/modules/event/
2016-01-20 21:07:55 +01:00
Mikael Nordfeldth
21cc737f5c Cancelling RSVPs now seems to work. 2016-01-20 16:10:10 +01:00
Mikael Nordfeldth
64e74d527f Handle exceptions when salmon slapping
Make it so notifyDeferred actually _always_ throws exceptions and handle
them in the places it is called.
2016-01-20 15:32:39 +01:00
Mikael Nordfeldth
c393bc9563 In very specific circumstances we can bulkDistribute 0 notices
Seems to be what caused an infinite loop on quitter.es, or I guess so anyway.
2016-01-20 15:32:29 +01:00
Mikael Nordfeldth
912d65c767 bulkDistribute won't add empty lists to database 2016-01-20 15:32:24 +01:00
Mikael Nordfeldth
fa8e02b832 Handle exceptions when salmon slapping
Make it so notifyDeferred actually _always_ throws exceptions and handle
them in the places it is called.
2016-01-20 14:56:24 +01:00
Mikael Nordfeldth
80dc2788dd Started fiddling with CancelRSVP but more must be done
Remember to make event_uri be the selector for CancelRSVPForm and
preferrably even merge it into RSVPForm!
2016-01-19 01:41:06 +01:00
Mikael Nordfeldth
477d71c0bf RSVP stuff, mostly forms.
Now fix CancelRSVP stuff so it gets by event_uri and can cancel existing RSVP.
2016-01-19 01:33:09 +01:00
Mikael Nordfeldth
84dda697d6 RSVPs seem to be created now, just gotta fix CancelrsvpAction 2016-01-19 01:10:06 +01:00
Mikael Nordfeldth
73992a1ed8 Use "newer" terminology and throw exceptions 2016-01-19 00:21:16 +01:00
Mikael Nordfeldth
9eea255c79 Save with options so we get source=web 2016-01-19 00:08:31 +01:00
Mikael Nordfeldth
358684a5ed end_str, not start_str 2016-01-19 00:01:30 +01:00
Mikael Nordfeldth
385705c65b Events get rendered. 2016-01-18 23:58:32 +01:00
Mikael Nordfeldth
cae344b67b Events are now saved but not displayed properly again 2016-01-18 20:57:44 +01:00
Mikael Nordfeldth
486a02d60d First steps on making NeweventAction a FormAction
Also saving new Happening objects via Notice::saveActivity
2016-01-18 18:42:42 +01:00
Mikael Nordfeldth
6dc0477c00 Let the remote side know the Salmon was accepted (sorta) 2016-01-16 22:39:59 +01:00
Mikael Nordfeldth
deda83fdef Distinguish notice saving errors from others for Salmon 2016-01-16 22:39:04 +01:00
Mikael Nordfeldth
0797ee0871 EmptyIdException doesn't carry ->obj 2016-01-16 21:12:53 +01:00
Mikael Nordfeldth
c559b8ce2a bulkDistribute won't add empty lists to database 2016-01-16 17:34:27 +01:00
Mikael Nordfeldth
f53ebdeadb Start handling salmon entries directly with Notice::saveActivity
More to come...
2016-01-16 17:25:29 +01:00
Mikael Nordfeldth
2b67b53112 In very specific circumstances we can bulkDistribute 0 notices
Seems to be what caused an infinite loop on quitter.es, or I guess so anyway.
2016-01-16 17:18:14 +01:00
mmn
44c10bb2aa Merge branch 'oembed_branch' into 'nightly'
purify oembed html and don't allow cdata

hopefully we never need stuff in cdata

reason for this is that this link serves javascript in its oembed data: https://www.maketecheasier.com/switch-windows-10-to-linux/

see:
https://www.maketecheasier.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fwww.maketecheasier.com%2Fswitch-windows-10-to-linux%2F

i don't feel we want that in our database.  

See merge request !79
2016-01-15 13:11:35 +00:00
Mikael Nordfeldth
2af9de4f23 Minor fixes in Linkback plugin 2016-01-14 19:14:24 +01:00
Mikael Nordfeldth
0caf0612d0 Make Twitter Media upload API v1.1 reach us
Now we just have to accept the 'media' or 'media_data' (base64 encoded)
POST arguments instead of $_FILES uploads.
2016-01-14 18:29:21 +01:00
Mikael Nordfeldth
2f1bfe126b Debug message formatting gone wrong 2016-01-14 13:52:11 +01:00
Mikael Nordfeldth
59e75ef966 Incorrect use of getByHashKey in HubSub 2016-01-14 13:15:31 +01:00
Mikael Nordfeldth
f092026541 Documentation fix from master 2016-01-14 13:11:27 +01:00
Mikael Nordfeldth
bacd49a6a8 Don't try to replace http with https if https already exists 2016-01-14 13:06:37 +01:00
Björn Schießle
b7c849b5b0 array need to contain key/value pairs 2016-01-14 12:39:39 +01:00
Mikael Nordfeldth
83cb1dfa68 Salmon debugging 2016-01-14 03:48:41 +01:00
Mikael Nordfeldth
53339ff463 Fake oEmbed version in OpenGraph return object 2016-01-14 02:09:12 +01:00
Mikael Nordfeldth
cf7d2f4d0f Salmon queue handler getByID for exception throwing 2016-01-14 01:51:00 +01:00
Mikael Nordfeldth
0482b7de8e Debugging by indexing callback column in HubSub 2016-01-13 22:57:42 +01:00
Mikael Nordfeldth
24d9d76644 OpenGraph image/thumbnail width and height 2016-01-13 22:07:39 +01:00
Mikael Nordfeldth
adba38ce20 Deleted_notice is pluginified, don't call directly from core 2016-01-13 21:29:23 +01:00
Mikael Nordfeldth
45dd343126 Eventify Notice getAsTimestamp (for Deleted_notice) 2016-01-13 21:01:47 +01:00
Mikael Nordfeldth
8ab98b72ac getLeaseRemaining for FeedSub too 2016-01-13 20:01:00 +01:00
Mikael Nordfeldth
377947c57f s/getLease/getLeaseTime/ just to be a bit more clear 2016-01-13 19:55:17 +01:00
Mikael Nordfeldth
1d26fedf12 Don't store lease seconds, just sub start and end
The seconds can always be calculated from the dates!
2016-01-13 19:45:20 +01:00
Mikael Nordfeldth
494746e665 Minor PuSH comment and debug stuff 2016-01-13 19:25:39 +01:00
Mikael Nordfeldth
a5fd4fde25 Request a month long sub lease by default 2016-01-13 19:24:07 +01:00
Mikael Nordfeldth
b38a789005 HubSub didn't save sub start and end datetimes 2016-01-13 19:23:34 +01:00
hannes
ee305891c4 purify oembed html 2016-01-13 16:03:38 +00:00
Mikael Nordfeldth
5c262a788d Unused, unnecessary and intrusive cookie/storage removed! 2016-01-13 15:22:28 +01:00
Mikael Nordfeldth
3720e37f06 property attribute could be null in meta tags of course 2016-01-13 14:24:00 +01:00
Mikael Nordfeldth
99da1ebe41 Catch NoHttpResponseException when using HTTPClient 2016-01-13 14:17:49 +01:00
Mikael Nordfeldth
3ed632decf NoHttpResponseException needed instead of HTTP_Request2_Exception
HTTP_Request2_Exception assumed an HTTP response status code/line
2016-01-13 14:08:48 +01:00
Mikael Nordfeldth
e75472f460 Use the upstream function to get effectiveUrl 2016-01-13 14:00:05 +01:00
Mikael Nordfeldth
3658774429 Super-basic OpenGraph image preview support, "works for me" 2016-01-12 15:29:03 +01:00
Mikael Nordfeldth
f4feef477b Don't follow redirects on PuSH POST. 2016-01-12 14:32:28 +01:00
Mikael Nordfeldth
c826fe0af4 $target was klantigtly copied from another debug message 2016-01-11 20:10:38 +01:00
Mikael Nordfeldth
bd6efa0e45 Update PuSH callback URL if remote side switched to HTTPS
See the comment in the source on why we're not following Location headers...
2016-01-11 19:55:02 +01:00
Mikael Nordfeldth
f24cdf4a80 Much more logging in PushHubAction (OStatus) 2016-01-11 19:54:05 +01:00
Mikael Nordfeldth
8acf930c45 OpportunisticQM matches against _system_ max_execution_time
Probably never runs if max_execution_time is 0. I'll handle that later.
2016-01-11 13:35:29 +01:00
Mikael Nordfeldth
b13f8df79b HTTPClient would return null instead of exception
This caused $response->isOK() tests to call a function on a non-existing object, causing all hell to break loose.
2016-01-11 02:36:59 +01:00
Mikael Nordfeldth
e498bc6b7b Control OpportunisticQM verbosity 2016-01-10 00:51:25 +01:00
Mikael Nordfeldth
7fbf72f9c1 Minor changes to OpportunisticQM for debugging 2016-01-10 00:48:04 +01:00
Mikael Nordfeldth
42dff2742a Put salmon slaps in queues before pushing user Atom feed 2016-01-10 00:29:32 +01:00
Mikael Nordfeldth
c3c5a9974d Do proper fromUri lookup on groups too 2016-01-09 14:36:47 +01:00
Mikael Nordfeldth
fbec7c4e75 Issue #121 - use correct Group ID and strict User_group typing 2016-01-09 14:06:50 +01:00
Mikael Nordfeldth
4e0ed61f7c OStatus queue handler uses Notice->getAttentionProfiles()
and lots more debugging for LOG_DEBUG
2016-01-08 01:31:47 +01:00
Mikael Nordfeldth
c48871cf1b Notice from web now saves context->attention too! ;) 2016-01-07 23:24:15 +01:00
Mikael Nordfeldth
d4be5349b3 think I have managed to show oEmbed images better now 2016-01-07 17:35:37 +01:00
Mikael Nordfeldth
9e5c71e701 Fixed group representation in Directory plugin, also some ->raw calls 2016-01-07 12:58:14 +01:00
Mikael Nordfeldth
c02f23e63f Return Profile objects from getGroups in GroupdirectoryAction 2016-01-07 12:35:52 +01:00
Mikael Nordfeldth
e7308b0ecb Max execution time margin for OpportunisticQM
I guess it could continue a bit too long in case it got a really long
(failing, timeouting) HTTP request just before max_execution_time hit.
2016-01-07 11:58:09 +01:00
Mikael Nordfeldth
1a1e44cdfd Issue #118 wanted better TOR support, now Avatar URLs are not stored
There was no reason to store the generated Avatar URLs because it's so
cheap to generate them on the fly.
2016-01-06 16:14:26 +01:00
Mikael Nordfeldth
b596391fcd Avoid having to check for notices without rendered copies in upgrade.php
Always call the Notice->getRendered() function to get a rendered copy.
We could perhaps put some sanitation there too in the future
2016-01-06 15:32:27 +01:00
Mikael Nordfeldth
0fd2ad649e Conversation IDs (again) no longer based on Notice ID 2016-01-06 13:58:46 +01:00
mmn
2c5460eb0e Merge branch 'openid-plugin' into 'nightly'
OpenID plugin: 'openid_only' should be 'openidonly'

To match everywhere else.

See merge request !72
2016-01-05 23:28:28 +00:00
Mikael Nordfeldth
9a75778b29 If there's no Happening, we can't use the RSVP. 2016-01-05 15:00:34 +01:00
Mikael Nordfeldth
3471213d1c processFeed would abort on certain errors where findLocalObject failed 2016-01-05 15:00:07 +01:00
Mikael Nordfeldth
ab93bb009c XSS vulnerability when remote-subscribing
->raw was used on non-filtered strings for some reasons, changed
to ->text.
2016-01-05 12:15:50 +01:00
Chimo
bf0df016e5 OpenID plugin: 'openid_only' should be 'openidonly'
To match everywhere else.
2016-01-04 10:36:05 -05:00
Mikael Nordfeldth
f7a1c8a94c The $options array isn't used here 2016-01-04 01:48:54 +01:00
Mikael Nordfeldth
34b25e6afc Use EmptyIdException in Fave deletion try-catch 2016-01-03 22:57:28 +01:00
Mikael Nordfeldth
bda30a92bc Fave deletion would fail in some cases with missing profiles or notices 2016-01-03 22:35:49 +01:00
Mikael Nordfeldth
7df8a6b731 This version of the EventPlugin won't work with StatusNet any longer 2016-01-03 16:23:44 +01:00
Mikael Nordfeldth
95d415257a Merge branch 'nightly' into singpolyma/gnu-social-events-saveObjectFromActivity
Conflicts:
	plugins/Event/EventPlugin.php
	plugins/Event/classes/RSVP.php

I just fixed 'em with magic!
2016-01-03 13:08:34 +01:00
Mikael Nordfeldth
336f099241 Don't store object type for verbs (as they don't have it) 2016-01-02 16:05:20 +01:00
Mikael Nordfeldth
e02c10a589 common_render_content doesn't require a Profile now 2016-01-01 18:40:58 +01:00
Mikael Nordfeldth
4fc2b2584b RSVPs refer to Happening (event) by URI instead of ID now 2015-12-31 19:23:05 +01:00
Mikael Nordfeldth
34ce2f6cfa minor happening changes 2015-12-31 18:08:12 +01:00
Mikael Nordfeldth
f6df44ea85 Handle feed imports with exceptions better 2015-12-31 15:05:35 +01:00
Mikael Nordfeldth
7f1ce07e9f Logging destinations and unnecessary debug 2015-12-31 13:00:20 +01:00
Mikael Nordfeldth
fab745c6d6 Exception throwing and proper db retrieval
ActivityModeration plugin and its Deleted_notice class.
2015-12-31 12:42:33 +01:00
Mikael Nordfeldth
5ba6be1a87 Deleted_notice had a superfluous field 2015-12-31 12:33:59 +01:00
Mikael Nordfeldth
6772d991ae Only provide Notice oEmbed data for local notices 2015-12-31 01:55:18 +01:00
Mikael Nordfeldth
bceece3bb9 issue #93 2015-12-30 18:03:45 +01:00
Mikael Nordfeldth
bd00ef839d split() is deprecated and should be explode()
We don't need the regexpness anyway.
2015-12-27 15:22:38 +01:00
Mikael Nordfeldth
feb6b636f4 File_oembed varchar to text changes
No need to have text length limitations in the database for fields which
very well may be longer than what was previously set.
2015-12-27 12:11:29 +01:00
Mikael Nordfeldth
b76461fc78 syntax error 2015-12-27 01:42:03 +01:00
Mikael Nordfeldth
0ac71c2b7b Duplicate URI means we have it already, I assume 2015-12-27 01:40:00 +01:00
Mikael Nordfeldth
306df3dc3b Logging fixes 2015-12-26 16:27:06 +01:00
Chimo
d8092207c0 Autocomplete: Fix $profile being null for groups 2015-12-15 21:48:18 -05:00
Mikael Nordfeldth
f5ed66280b $url should've been $file->getUrl() 2015-12-15 12:31:10 +01:00
Mikael Nordfeldth
2b4a6c7dd7 Don't check Link header if not set 2015-12-15 11:51:16 +01:00
Mikael Nordfeldth
0d39337683 Merge branch 'master' into nightly 2015-12-14 22:11:26 +01:00
mmn
67c0c1b6c5 Merge branch 'send-twitter-replies-to-twitter' into 'master'
Always send Twitter replies to Twitter

If is_twitter_notice($notice->reply_to) then send it to Twitter, even
if twitter import is off.  It's a reply to a Twitter notice, it should
go there!

(Also retweets.)

See merge request !42
2015-12-14 21:10:57 +00:00
mmn
0baa9debbc Merge branch 'direct-feed-sub' into 'master'
If we are given a direct URL to a feed, use that



See merge request !54
2015-12-14 21:09:56 +00:00
mmn
1644608376 Merge branch 'twitter-show-rel-syndication' into 'master'
Include rel-syndication link for tweets

As per: <http://microformats.org/wiki/rel-syndication>
This allows some services to find a post in Twitter.

See merge request !44
2015-12-14 21:09:08 +00:00
mmn
0e91a38c9c Merge branch 'firefox-sub-link' into 'master'
Link to add to Firefox as feedreader

This allows easily subscribing to any feed firefox detects in your GNU Social instance.

See merge request !55
2015-12-14 21:08:22 +00:00
mmn
0f938ff234 Merge branch 'fix-twitter-uri' into 'master'
Twitter URIs have changed

The #! was deprecated ages ago, and Twitter forces HTTPS these days.

See merge request !43
2015-12-14 21:07:48 +00:00
Mikael Nordfeldth
c2ea85a5e2 Merge branch 'master' into nightly 2015-12-14 22:07:06 +01:00