Brion Vibber
345b7d33b8
some sorta vaguely working bits
2010-10-29 15:28:48 -07:00
Brion Vibber
9ced8af8dc
fix notices in dumpschema
2010-10-29 15:11:41 -07:00
Brion Vibber
ac2447c395
tweak
2010-10-29 14:58:52 -07:00
Brion Vibber
1daa1bfa39
fix notice
2010-10-29 14:49:05 -07:00
Brion Vibber
e7c7fd39fc
Merge branch '1.0.x' into schema-x
...
Conflicts:
plugins/CacheLog/locale/nb/LC_MESSAGES/CacheLog.po
2010-10-28 16:27:53 -07:00
Brion Vibber
b26eccf33c
Merge branch '0.9.x' into 1.0.x
2010-10-28 16:26:34 -07:00
Brion Vibber
9e516ed1bb
Merge remote branch 'origin/0.9.x' into 0.9.x
2010-10-28 16:25:28 -07:00
Siebrand Mazeland
456f4a6573
Localisation updates from http://translatewiki.net
2010-10-29 01:21:42 +02:00
Brion Vibber
8d0c014ced
Merge branch 'master' into 0.9.x
2010-10-28 13:01:10 -07:00
Brion Vibber
fb0c3f4f99
Kill a ping queue item if we get an error on loading up the notice's poster's profile, rather than letting the item be retried over and over as if it were a transitory error.
...
This shouldn't generally happen as it's an indicator of database inconsistency, but it's a condition we know happens.
2010-10-28 12:58:30 -07:00
Brion Vibber
9ea7cafd27
Fix for regression: fatal error on group page display when not logged in.
...
Bug was introduced with group deletion feature.
2010-10-28 12:19:19 -07:00
Evan Prodromou
b5206fe6ca
fall back to siteowner on bad nickname (Bug#2861)
2010-10-28 10:46:57 -04:00
Brion Vibber
48492600a8
Merge branch '0.9.x' of gitorious.org:statusnet/mainline into 0.9.x
2010-10-28 00:15:59 +00:00
Brion Vibber
e43553a3d9
Tweak for OAuth headers not seen in $_SERVER
2010-10-28 00:14:45 +00:00
Siebrand Mazeland
035b4949fd
Merge branch '0.9.x' of git://gitorious.org/statusnet/mainline into 0.9.x
2010-10-28 01:59:45 +02:00
Siebrand Mazeland
7a564276a9
Localisation updates from http://translatewiki.net .
2010-10-28 01:58:43 +02:00
Brion Vibber
9e9b7b972c
Merge branch 'instrument' into 0.9.x
2010-10-27 16:47:06 -07:00
Brion Vibber
ace655aecf
ApiLogger plugin: dumps some information about API hits to aid in researching future HTTP-level cachability improvements.
...
Data are sent to the 'info' level of logging, like so:
[lazarus.local:4812.86b23603 GET /mublog/api/statuses/friends_timeline.atom?since_id=1353]
STATLOG action:apitimelinefriends method:GET ssl:no query:since_id cookie:no auth:yes
ifmatch:no ifmod:no agent:Appcelerator Titanium/1.4.1 (iPhone/4.1; iPhone OS; en_US;)
Fields:
* action: case-normalized name of the action class we're acting on
* method: GET, POST, HEAD, etc
* ssl: Are we on HTTPS? 'yes' or 'no'
* query: Were we sent a query string? 'yes', 'no', or 'since_id' if the only parameter is a since_id
* cookie: Were we sent any cookies? 'yes' or 'no'
* auth: Were we sent an HTTP Authorization header? 'yes' or 'no'
* ifmatch: Were we sent an HTTP If-Match header for an ETag? 'yes' or 'no'
* ifmod: Were we sent an HTTP If-Modified-Since header? 'yes' or 'no'
* agent: User-agent string, to aid in figuring out what these things are
The most shared-cache-friendly requests will be non-SSL GET requests with no or very predictable
query parameters, no cookies, and no authorization headers. Private caching (eg within a supporting
user-agent) could still be friendly to SSL and auth'd GET requests.
We kind of expect that the most frequent hits from clients will be GETs for a few common timelines,
with auth headers, a since_id-only query, and no cookies. These should at least be amenable to
returning 304 matches for etags or last-modified headers with private caching, but it's very
possible that most clients won't actually think to save and send them. That would leave us expecting
to handle a lot of timeline since_id hits that return a valid API response with no notices.
At this point we don't expect to actually see if-match or if-modified-since a lot since most of our
API responses are marked as uncacheable; so even if we output them they're not getting sent back to
us.
Random subsampling can be enabled by setting the 'frequency' parameter smaller than 1.0:
addPlugin('ApiLogger', array(
'frequency' => 0.5 // Record 50% of API hits
));
2010-10-27 16:43:38 -07:00
Siebrand Mazeland
796d7b4939
Update translator documentation.
2010-10-28 01:42:09 +02:00
Siebrand Mazeland
d0bbd343f0
i18n/L10n updates and superfluous whitespace removed.
2010-10-28 01:35:40 +02:00
Siebrand Mazeland
04fcfeaf6f
* Superfluous whitespace removed.
...
* i18n review (no changes needed).
2010-10-28 01:23:57 +02:00
Siebrand Mazeland
04ae500749
* i18n/L10n fixes.
...
* translator documentation updated.
* superfluous whitespace removed.
2010-10-28 01:21:21 +02:00
Siebrand Mazeland
a12474a99d
* i18n/L10n fixes.
...
* translator documentation updated.
* superfluous whitespace removed.
2010-10-28 01:21:09 +02:00
Evan Prodromou
60b66bdd6e
Merge branch 'nofollowexternallink' into 0.9.x
...
Conflicts:
lib/default.php
2010-10-27 13:53:39 -04:00
Craig Andrews
1851933c34
Enable Strict Transport Security plugin by default
2010-10-27 10:12:35 -04:00
Craig Andrews
255ba42ef1
use library function to determine if https should be used for recaptcha
2010-10-27 00:11:55 -04:00
Craig Andrews
9f9126e524
Load MS Virtual Earth javascript over https when browsing in https
2010-10-27 00:09:43 -04:00
Craig Andrews
bc6a61dc89
Use https for gravatars
...
No reason not to use https, and doing so prevents mixed content warnings when the avatars are used on https pages.
2010-10-26 23:56:59 -04:00
Craig Andrews
5476ffa944
add StrictTransportSecurity plugin
2010-10-26 23:46:18 -04:00
Craig Andrews
22a0cf6251
Set cookies with "secure" flag on SSL sites. Improves security.
2010-10-26 17:55:09 -04:00
Zach Copley
b3cd558fe7
Fix OAuth verifier display page title and msgs for i18n
2010-10-26 13:19:23 -07:00
Evan Prodromou
5d56d9bb69
UI on profile settings page to opt out of following everyone
2010-10-26 15:33:35 -04:00
Evan Prodromou
7a80ebeb13
flag to let users opt out of following everyone
2010-10-26 15:21:30 -04:00
Evan Prodromou
e5a3b973b8
Plugin to follow all new users by default
2010-10-26 15:10:18 -04:00
Evan Prodromou
22633a5af6
can't subscribe to blacklisted domains/users
2010-10-26 11:48:27 -04:00
Evan Prodromou
bec00094a7
Blacklist plugin checks PuSH and Salmon notices
2010-10-26 11:20:43 -04:00
Evan Prodromou
511566a132
userrole.php will take a profile id for remote profiles
2010-10-26 11:19:47 -04:00
Brion Vibber
c09487f272
readme: release candidate 0.9.6
2010-10-25 14:49:29 -07:00
Zach Copley
307c819089
Merge commit 'refs/merge-requests/2223' of git://gitorious.org/statusnet/mainline into integration
2010-10-25 14:35:56 -07:00
Michele macno Azzolari
0243cea82b
Updated mustard description and link
2010-10-25 23:08:29 +02:00
Zach Copley
1a1ca22aca
Supress header, footer, sidebar on OAuth verifier pin page when in "desktop" mode
2010-10-25 13:30:38 -07:00
Brion Vibber
b483a0549f
Merge branch '1.0.x' into schema-x
...
Conflicts:
plugins/CacheLog/locale/nb/LC_MESSAGES/CacheLog.po
2010-10-25 13:14:33 -07:00
Brion Vibber
ca489631db
Merge branch '0.9.x' into 1.0.x
...
Conflicts:
actions/subscriptions.php
lib/router.php
lib/xmppmanager.php
lib/xmppoutqueuehandler.php
2010-10-25 13:08:57 -07:00
Samantha Doherty
01637bcd32
Base theme styling for oauth pin and desktop mode.
2010-10-25 16:00:34 -04:00
Zach Copley
78396db28a
Forgot to add the OAuth verifier pin page to sensitive array
2010-10-25 12:36:03 -07:00
Zach Copley
0dcc3f8d71
We don't need to have editapplication (only showapplication) in the
...
sensitive array because it doesn't expose the consumer keypair
2010-10-25 12:10:52 -07:00
Zach Copley
3954ab39ae
Add OAuth token exchange endpoint to 'sensitive' array; i.e.: use SSL if
...
available
2010-10-25 11:52:17 -07:00
Zach Copley
82c280979d
Add special CSS classes to OAuth authorization and pin pages when
...
in desktop mode
2010-10-25 11:25:35 -07:00
Zach Copley
479096c8d7
Less scary OAuth authorization messages when using anonymous consumer
2010-10-25 10:38:40 -07:00
Evan Prodromou
aef88c7cee
max_id is inclusive
2010-10-25 11:18:49 -04:00