Commit Graph

2432 Commits

Author SHA1 Message Date
Alexei Sorokin
341f3d0ea5 [DATABASE] Fix more incorrect uses of quotation in SQL 2020-07-26 15:28:05 +03:00
Alexei Sorokin
579120df70 [Notice] Fix clearReplies() and clearRepeats() 2020-07-26 15:12:00 +03:00
Alexei Sorokin
2861ae2823 [AuthCrypt] Password storage and comparison improvements
Password hashes are now stored in a TEXT attribute, not limited to 199 symbols.
That limitation makes no sense as password hashes are not the kind of
information to be indexed.

Actually replace crypt() with password_verify() for password checking, current
code left password_verify() unused.

Only update passwords when they use a different algorithm from the current
default. Previously "overwrite" meant rehashing every login.

Replace the "argon" boolean option with "algorithm" and "algorithm_options" for
better configurability.
The default remains whichever is default for PHP's password_hash.
2020-07-25 20:16:21 +03:00
Alexei Sorokin
33e9b57b78 [Profile][User_group] Fix profile deletion violating foreign keys 2020-07-24 13:09:02 +03:00
Alexei Sorokin
eefaf7a2b4 [DATABASE][Schema_version] Change the hashing algorithm to SHA3-512 2020-07-23 18:16:56 +03:00
Alexei Sorokin
7081720ecb [DATABASE] Check SQL boolean values with "IS TRUE"
This way UNKNOWN (NULL) explicitly turns to FALSE when three-valued logic is
reduced to binary.
In pgsqlschema, however, use "IS FALSE" as boolean attributes in pg_index are
non-nullable, there is no outer join and there's no clear preference for NULL
reduction.

Over-complicated constructions in TagCloud queries have been simplified, which
should not affect their performance.

Additionally, in TagCloud's lib/subscriptionspeopleselftagcloudsection.php
a typing mistake in an equi-join of "profile_tag" and "profile_list" on
"tagger" was fixed.
That regression was introduced in f446db8e2a
2020-07-21 18:06:39 +03:00
Alexei Sorokin
488bddb02a [NOTICE] Update index for verbs in ProfileNoticeStream
After adding a verb condition there, MariaDB now prefers the
("created", "id", "is_local") and ("profile_id", "verb", "created", "id")
indices for that query, even though they are slow for the job.
So replace them with ("is_local", "created", "id") and
("profile_id", "verb", "created", "id") respectively.
Also fix the naming of the ("profile_id", "created", "id") index.
2020-07-07 20:43:08 +03:00
Alexei Sorokin
f7d3f58318 [CORE] Do not set "confirm_address"."user_id" to 0 by default
That breaks the foreign key constraint, it is better to just have it nullable.
2020-07-06 20:01:16 +03:00
Diogo Cordeiro
fe4a9a6189 [ActivityPub][Ostatus] Fetch avatars in accordance to the new media system 2020-07-05 15:37:52 +01:00
Alexei Sorokin
9a515b9234 [SCHEMA] Improve timestamp storage
Avoid the use of deprecated MariaDB "zero dates" globally. If they're present
as attribute defaults somewhere, they will be replaced with NULL implicitly.
The existing "zero dates" in MariaDB storage will be left intact and this
should not present any issues.

The "timestamp" type in table definitions now corresponds to DATETIME in
MariaDB with "DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP", which
should be close enough to the original behaviour for compatibility purposes.
It is now the recommended type for "modified" attributes, because of the
update trigger on MariaDB. But there is no such trigger implemented on
PostgreSQL as of this moment.
2020-06-29 01:41:46 +03:00
Alexei Sorokin
b924c180ae [DATABASE] Fix MariaDB schema verification 2020-06-28 20:05:11 +03:00
Diogo Cordeiro
4544f29832 [AVATAR] Ensure this Action stays secure 2020-06-28 00:11:47 +01:00
Alexei Sorokin
edc7159ef6 [Memcached_DataObject] Check if it is possible to sort efficiently 2020-06-27 11:22:19 +03:00
Alexei Sorokin
0eec6fcfb6 [DATABASE] Replace NOW() with CURRENT_TIMESTAMP 2020-06-09 20:26:06 +03:00
Alexei Sorokin
6c035d01d4 [DATABASE] Start transactions with START TRANSACTION
"BEGIN" is non-standard and unnecessary.
2020-06-08 12:25:01 +03:00
Alexei Sorokin
e5ee069f4a [UI] Order groups in join descending order in profiles 2020-05-05 16:25:02 +03:00
Hugo Sales
d1c70cb13b [CORE] Make avatars be served with the same mechanism as attachments 2020-04-06 21:14:11 +00:00
Alexei Sorokin
e7ab305335 [CORE] Use monotonic time via hrtime() where applicable
The realtime clock is not reliable when calculating elapsed time.
2020-01-07 19:48:13 +03:00
Diogo Cordeiro
ca2dde9a41 [ExtendedProfile] Fix updates and allow to delete values 2019-11-03 19:49:10 +03:00
Alexei Sorokin
6674d1ed0f [NodeInfo][DATABASE] Adjust indices of the "notice" and "user" tables
On big databases these queries from the Nodeinfo plugin choked up:

SELECT profile_id FROM notice
  WHERE notice.created >= (CURRENT_DATE - INTERVAL '180' DAY)
  AND notice.is_local = 1;
SELECT id FROM "user"
  WHERE "user".created >= (CURRENT_DATE - INTERVAL '180' DAY);
2019-11-03 18:57:03 +03:00
Alexei Sorokin
52800c3a65 [DATABASE] Remove profile_tag_tag_fkey
profile_list.tag is not supposed to be unique,
this also reverts the addition of profile_list_tag_key.
2019-11-02 14:32:48 +03:00
Alexei Sorokin
5bc1b8695e [DATABASE] Disable 'NULL' strings evaluation as SQL NULLs
Use $object->sqlValue('NULL') (identical to DataObject_Cast'ing) instead and
fix related issues like (email|sms)settings considering these NULLs as a
false positive for the E-Mail address still being set when it's been removed.

There could also be security implications to the now-disabled approach of
considering 'NULL' strings as SQL NULLs.
2019-11-02 12:21:43 +03:00
Diogo Cordeiro
c154712012 [PEAR DB_DataObject] Removed DB_DATAOBJECT_NO_OVERLOAD as we don't have support for either PHP 4 or 5 2019-11-03 00:43:21 +00:00
Diogo Cordeiro
d058a70557 [MEDIA] Simplify Attachment actions 2019-10-19 02:57:32 +01:00
Diogo Cordeiro
7298468df7 [FILE] Fix Return value of File::getFileOrThumbnailSize() must be of the type int, null returned 2019-10-19 01:16:37 +01:00
Alexei Sorokin
ee7f0a2016 [DATABASE] Re-introduce PostgreSQL support 2019-09-11 14:14:40 +03:00
Alexei Sorokin
644b417f6c [DATABASE] Use "<>" as an SQL non-equality sign
"!=" is not SQL compliant.
2019-09-11 13:27:36 +03:00
Alexei Sorokin
af63e9a7ad [DATABASE] Set all primary keys as "not null" explicitly 2019-09-11 12:27:40 +03:00
Alexei Sorokin
95c7344557 [DATABASE] Various table schema related fixes 2019-09-11 12:07:54 +03:00
Alexei Sorokin
62b90c29db [DATABASE] Introduce a bool type in schema
PostgreSQL has a clear distinction between integers and booleans, so it makes
sense to draw a clear line.
2019-09-11 11:25:39 +03:00
Alexei Sorokin
6911b499d3 [DATABASE] Consistently use the "LIMIT $limit OFFSET $offset" syntax
The "LIMIT $offset, $limit" syntax is only supported by MySQL and MariaDB.
2019-09-11 10:12:49 +03:00
Alexei Sorokin
11dabbe44d [DATABASE] Only use single quotation marks for SQL strings
Double quotation marks are only used for identifiers in the SQL standard.
2019-09-11 09:46:30 +03:00
Alexei Sorokin
0a5a3845db [DATABASE] Set NULL in DB_DataObject in a more reliable manner
Also stop assuming that FeedSub::sub_state (enum) and FeedSub::sub_end
(datetime) can possibly be set to an empty string.
2019-09-11 08:32:19 +03:00
Alexei Sorokin
5b797328f2 [DATABASE] Always quote identifiers
The code used to operate under the assumption that MariaDB doesn't support
quoting identifiers. Not only is that not exactly true, but MariaDB has
reserved keywords that cannot be used as table or column names unquoted.
2019-09-11 08:15:16 +03:00
Miguel Dantas
b41f9620fa [LIB_REFACTOR] Fix requires 2019-09-03 03:33:13 +01:00
Miguel Dantas
58bde08425 [LIB_REFACTOR] Moving files into separate semantic categories 2019-09-03 03:33:13 +01:00
Miguel Dantas
f79cd8cee3 [CORE] Fix small bug where Notice was sending a JSON representation to the queue, instead of sending itself 2019-09-03 03:26:35 +01:00
Diogo Cordeiro
afe8158cb7 [MODULES] Allow to upload third party plugins
Fixed some bugs
2019-08-24 01:59:42 +01:00
tenma
c802480d75 [CORE] Add new Notice scope for private messaging
Notice:
- Add MESSAGE_SCOPE scope

lib/*.stream:
- Filter out notices with MESSAGE_SCOPE scope
2019-08-21 16:54:47 +01:00
tenma
357296baeb [CORE] Fix subscription-related functions from the Profile class
The undifined variable $private_stream, from the User class, was causing
undifined behavior from calling requiresSubscriptionApproval. The is_null
test was added to fix this problem.
2019-08-13 03:01:24 +01:00
Miguel Dantas
6d552f15b6 [Embed] Resize thumbnails fetched by Embed to avoid keeping original images when we need only 128x128. Size configurable in config.php 2019-08-03 17:49:36 +01:00
Diogo Cordeiro
f67a93eddc [CORE] Bump Database requirement to MariaDB 10.3+ 2019-08-03 17:47:23 +01:00
Miguel Dantas
7070a14480 [CORE][StoreRemoteMedia] Fixed bug where sometimes images were written outside the site root 2019-08-03 17:31:43 +01:00
Miguel Dantas
3e5ce46e98 [CORE] Fixed bug where the http connection was using the wrong size for thumbnails, and returning the wrong one 2019-08-03 17:31:42 +01:00
Miguel Dantas
f746866b65 [StoreRemoteMedia] StoreRemoteMedia now uses the new filename format, which allows it to display correctly in the UI. Formatting fixes 2019-08-03 17:31:42 +01:00
Miguel Dantas
8f31a1a820 [MEDIA][OEMBED] Fixed regression in OEmbed, because it relied on accessing the files directly, which previous commits broke. The File table really should have a bool... 2019-08-03 17:31:42 +01:00
Miguel Dantas
da82048d77 [MEDIA] Fix trying to display file wich is not available locally 2019-08-03 17:31:41 +01:00
Miguel Dantas
aa5c6bbf08 [CORE][UI] Made attachment actions and its subactions be able to identify attachments by id and by filehash. Changed the url stored in the DB to be attachment//view 2019-08-03 17:31:41 +01:00
Miguel Dantas
c7475d78b4 [CORE][UI][ROUTER] Added view action, which inlines images and videos but downloads everything else. Fixed File url to get an URL fromthe view action, so when a making a remote notice, the correct URL is used, not accessing directly to the file 2019-08-03 17:31:40 +01:00
Miguel Dantas
3c9a07677e [CORE] Attachments and thumbnails aren't accessed directly by the file under the file storage folder, but indirectly from PHP, so that access to the file folder can be blocked in the server config 2019-08-03 17:31:40 +01:00