Commit Graph

11103 Commits

Author SHA1 Message Date
Brion Vibber
3be352551a Normalize username strings in command parsing 2010-11-29 16:44:40 -08:00
Brion Vibber
3f0557aa8e General code safety: validate input and escape SQL strings in common_relative_profile() 2010-11-29 16:44:01 -08:00
Brion Vibber
e03d2584aa Use Nickname::DISPLAY_FMT instead of manual regex fragments in router setup for nickname parameters. 2010-11-29 16:02:35 -08:00
Brion Vibber
8d3577da34 Replace a couple plugin usages of NICKNAME_FMT with Nickname::normalize() 2010-11-29 15:11:07 -08:00
Brion Vibber
82799f675f Add Nickname test cases for @-reply regexes in common_find_mentions 2010-11-29 15:07:55 -08:00
Brion Vibber
fffc10a230 Nickname class to encapsulate validation & common regexes for nickname formats.
This provides initial infrastructure for decoupling display names from internal canonical names, but continues to have us storing and using the canonical forms.

It should be/become possible to provide mixed-case and underscore-containing names in links, @-mention, !-group, etc, but we don't store those alternate forms generally.
2010-11-29 14:46:10 -08:00
Brion Vibber
dc350b5463 Work in progress on nickname validation changes. lib/nickname.php appears to have been destroyed by NetBeans and will be rewritten shortly. Sigh. 2010-11-29 14:15:25 -08:00
Brion Vibber
6e249b4ab5 doc comments on User::allowed_nickname 2010-11-29 11:57:27 -08:00
Brion Vibber
b7e0078d10 Start on some nickname-validation test cases: several of these fail right now because we had regressions in 0.8 or 0.9 where we lost normalization of uppercase and some other chars. 2010-11-29 11:31:33 -08:00
Brion Vibber
6c4e5a89c1 Add some doc comments on nickname-related stuff in util.php 2010-11-29 11:31:10 -08:00
Evan Prodromou
6a0fd59df2 Net URL Mapper Path plex file 2010-11-27 16:52:32 -05:00
Evan Prodromou
0a753206cb Net_URL_Mapper 0.9.1 2010-11-27 16:48:52 -05:00
Evan Prodromou
8212df3e1a Merge remote branch 'gitorious/0.9.x' into 0.9.x 2010-11-26 22:11:12 -05:00
Evan Prodromou
005a14272d Make OStatusPlugin define push feed rel 2010-11-26 22:10:18 -05:00
Evan Prodromou
edf660c6ff Make userxrd work without OStatus enabled 2010-11-26 22:09:51 -05:00
Evan Prodromou
fcc0825b14 Make userxrd part of the default hostmeta 2010-11-26 21:46:51 -05:00
Evan Prodromou
0a4911552e Move user xrd action to core and use hooks to extend
Moved the Webfinger user XRD action from the OStatus plugin to core.
Added hooks to add OStatus-specific stuff, but kept general stuff in
the core.
2010-11-26 21:38:38 -05:00
Craig Andrews
3f3b38766f move xrd and hostmeta out of the OStatus plugin and into core
add event for setting up hostmeta, and use them in the OStatus plugin
2010-11-26 21:12:14 -05:00
Brion Vibber
92880b41e4 Update util.min.js for attachment preview on Firefox, Chrome 2010-11-24 17:36:40 -08:00
Brion Vibber
d075fac7b8 Preview thumbnails of uploaded image attachments before posting on supporting browsers.
Tested working so far:
* Firefox 3.6 and 4.0 (FileReader -> data URL)
* Chrome 8 (createObjectURL; FileReader also works)

Tested with limited support:
* Safari 5.0.3 (no preview, but we can show type and size)

Tested and known not to support FileAPI, keeps current behavior:
* Opera 11 beta
2010-11-24 12:20:25 -08:00
Brion Vibber
b6e5b1d294 Add LogFilter plugin: quickie way to filter out/in log output based on priority or keyword matches. Should be helpful for folks who can't easily adjust their syslog filtering. 2010-11-24 10:13:03 -08:00
Brion Vibber
c65f199486 logging tweak for Twitter status ID issue 2010-11-23 09:49:32 -08:00
Brion Vibber
c169dcb522 Fixes for Twitter bridge breakage on 32-bit servers. New "Snowflake" 64-bit IDs have become too big to fit in the integer portion of double-precision floats, so to reliably use these IDs we need to pull the new string form now.
Machines with 64-bit PHP installation should have had no problems (except on Windows, where integers are still 32 bits)
2010-11-23 09:28:47 -08:00
Zach Copley
7e6c0e542f FacebookBridge - fail gracefully if the user has already deleted a
linked notice on Facebook.
2010-11-22 21:40:47 +00:00
Brion Vibber
2b0d1d9fc4 Merge branch 'master' into 0.9.x 2010-11-22 11:13:22 -08:00
Brion Vibber
9c6e63b0bc Fixes for delete_status_network.sh:
* add some sanity checking: abort on failures instead of plodding through
* add some progress / error output
* fetch the target database server name from the status_network entry and use that to target the DROP DATABASE

Note that database names and other overrides in status_network entry may still not be seen.
2010-11-22 11:10:10 -08:00
Brion Vibber
cff14c7e10 Merge branch 'master' into 0.9.x 2010-11-19 16:18:53 -08:00
Brion Vibber
b615998309 Fix ticket #2700: some numeric IDs were misinterpreted as hex numbers instead of strings when '0x123' passed in.
Switched from is_numeric() to a custom self::is_decimal() which is more strict.
This makes our behavior match Twitter's API a bit better, so eg this:

  http://identi.ca/api/statuses/home_timeline/0x6d686b.xml

should now be equivalent to:

  http://identi.ca/api/statuses/home_timeline.xml?screen_name=0x6d686b

instead of:

  http://identi.ca/api/statuses/home_timeline.xml?user_id=7170155
2010-11-19 16:12:28 -08:00
Brion Vibber
37994e3ff1 Merge branch 'master' into 0.9.x 2010-11-19 15:53:29 -08:00
Brion Vibber
94f2f96f2e Ticket #2724: gracefully handle attempts to delete or fave/unfave a remote Twitter notice if a failure occurs.
Most annoying error case being where the notice was already faved or deleted on Twitter! :)
Such errors will now just fail out and log a note to the syslog -- the rest of what we were doing will continue on unhindered, so you can still delete, favorite, etc and it just won't sync the info over in that case.
2010-11-19 15:51:08 -08:00
Brion Vibber
0dcfcbd517 Merge branch 'master' into 0.9.x 2010-11-19 15:38:20 -08:00
Brion Vibber
4193a826d3 Ticket #2796: don't allow arbitrary overriding of the 'action' class and other parameters pulled from the URL mapper.
This protects against oddities such as manual invocation of the ClientError action, which can spoof error messages.
2010-11-19 15:30:52 -08:00
Brion Vibber
826a695077 Ticket #2797: replace addslashes() with explicit escape calls on the DB objects 2010-11-19 15:06:26 -08:00
Brion Vibber
e0e7cb7c53 Merge branch 'master' into 0.9.x 2010-11-19 14:03:59 -08:00
Brion Vibber
ca55d6c514 Ticket #1987: support since_id on API notice search methods.
max_id is not yet implemented, as it'll need support added to the search backends. (since_id we get 'for free' by just cropping off the list, it'll do for now)
2010-11-19 14:00:22 -08:00
Brion Vibber
407663fb40 Merge branch 'master' of gitorious.org:statusnet/mainline into 0.9.x 2010-11-19 12:44:43 -08:00
Brion Vibber
4b01dd8b2e Ticket #2441: fix deletion of avatars when a profile is deleted.
Code was doing a batch call to $avatar->delete() which fails to properly engage the file deletion code. Calling the existing profile->delete_avatars() function deletes them individually, which makes it all work nice again.
2010-11-19 12:40:18 -08:00
Brion Vibber
ed2bc323a1 Drop PEAR HTTP_Request library -- no longer used since Services_oEmbed was dropped.
(HTTP_Request2 is separate and is widely used. Net_URL is also used separately by Net_URL_Mapper.)
2010-11-19 12:15:28 -08:00
Brion Vibber
834acaaa79 Merge branch 'master' of gitorious.org:statusnet/mainline into 0.9.x 2010-11-19 12:00:42 -08:00
Brion Vibber
d961925874 Ticket #2899: clean up inbox/outbox DM form a bit:
- "To" drop-down list now defaults to showing "Select recipient:" instead of the first person on your list, reducing liklihood of accidentally sending a message to the wrong person.
- When there are no mutual subscribers to send to, instead of an empty list the list now shows 'No mutual subscribers.'

In both cases, attempting to send when the default is selected displays an error message.
I'm not disabling form elements in part because our themes right now don't show disabled button state correctly; we might want to tighten that up a bit more once fixed.
2010-11-19 11:56:03 -08:00
Brion Vibber
9a590e0843 Merge branch 'master' of gitorious.org:statusnet/mainline into 0.9.x 2010-11-19 10:43:20 -08:00
Zach Copley
d927969209 Automatically make Facebook admin panel available if the FacebookBridge
plugin is installed.
2010-11-18 21:55:43 -08:00
Brion Vibber
573f98c5bc scripts/deletegroup.php -- basic CLI script to delete a group by id or local nickname. Like deleteuser.php, this can be used in batch runs by providing the -y override. 2010-11-18 14:40:05 -08:00
Brion Vibber
f468180743 Fix regression in PopularNoticeSection: tag parameter was broken, causing sidebar on tag pages to show untagged favorites. 2010-11-18 14:30:00 -08:00
Zach Copley
cb530566de Facebook: Add needed perms to plain login URL 2010-11-18 13:34:41 -08:00
Zach Copley
229c2693f4 Fix name of Facebook Bridge plugin 2010-11-18 13:28:49 -08:00
Brion Vibber
3ed5673058 Merge branch '0.9.x' of gitorious.org:statusnet/mainline into 0.9.x 2010-11-17 16:13:40 -08:00
Brion Vibber
b73c162256 Partial fix for tickets #2194, #2393: Workaround for Meteor breaking AJAX error responses returned on posting new notices. Fixes things in Firefox 4, but Safari 5 and Chrome 8 still don't return data... either on success or failure! Sigh.
The Meteor realtime plugin sets document.domain to the common prefix between the main server and the Meteor server's hostnames, which overrides the same-origin controls on JavaScript DOM access so the two parts of the app can speak to each other.
This unfortunately causes "fun" side effects for XMLHTTPRequest access to the main domain... if the new domain doesn't match the actual host (eg 'status.net' instead of 'brion.status.net') then we can't access the XHR's responseXML attribute, which holds a DOM tree of the parsed XML return data.
As a workaround, if we can't get at the contents there, we'll parse a fresh DOM tree in the local context from the responseText property, which remains available.

In the longer term, recommend retooling the realtime stuff so it's not fiddling with document.domain. It could also be an issue as it could allow local JavaScript XSS attacks to migrate to subdomains in other open windows.
2010-11-17 16:08:41 -08:00
Zach Copley
645a4d1754 Merge branch '0.9.x' of git@gitorious.org:statusnet/mainline into 0.9.x 2010-11-17 22:16:08 +00:00
Zach Copley
163f18b8ac Remove dumb debugging statement 2010-11-17 22:15:30 +00:00