Commit Graph

10871 Commits

Author SHA1 Message Date
Brion Vibber
4193a826d3 Ticket #2796: don't allow arbitrary overriding of the 'action' class and other parameters pulled from the URL mapper.
This protects against oddities such as manual invocation of the ClientError action, which can spoof error messages.
2010-11-19 15:30:52 -08:00
Brion Vibber
ca55d6c514 Ticket #1987: support since_id on API notice search methods.
max_id is not yet implemented, as it'll need support added to the search backends. (since_id we get 'for free' by just cropping off the list, it'll do for now)
2010-11-19 14:00:22 -08:00
Brion Vibber
4b01dd8b2e Ticket #2441: fix deletion of avatars when a profile is deleted.
Code was doing a batch call to $avatar->delete() which fails to properly engage the file deletion code. Calling the existing profile->delete_avatars() function deletes them individually, which makes it all work nice again.
2010-11-19 12:40:18 -08:00
Brion Vibber
d961925874 Ticket #2899: clean up inbox/outbox DM form a bit:
- "To" drop-down list now defaults to showing "Select recipient:" instead of the first person on your list, reducing liklihood of accidentally sending a message to the wrong person.
- When there are no mutual subscribers to send to, instead of an empty list the list now shows 'No mutual subscribers.'

In both cases, attempting to send when the default is selected displays an error message.
I'm not disabling form elements in part because our themes right now don't show disabled button state correctly; we might want to tighten that up a bit more once fixed.
2010-11-19 11:56:03 -08:00
Brion Vibber
573f98c5bc scripts/deletegroup.php -- basic CLI script to delete a group by id or local nickname. Like deleteuser.php, this can be used in batch runs by providing the -y override. 2010-11-18 14:40:05 -08:00
Brion Vibber
f468180743 Fix regression in PopularNoticeSection: tag parameter was broken, causing sidebar on tag pages to show untagged favorites. 2010-11-18 14:30:00 -08:00
Brion Vibber
0265cdc1c9 Ticket 2895: exclude silenced users from popular notice lists 2010-11-16 11:13:52 -08:00
Brion Vibber
9b9db3b28a Prep for ticket #2895: consolidate common code from PopularNoticeList and FavoritedAction for fetching popular notice lists 2010-11-16 11:10:32 -08:00
Brion Vibber
54de6d3260 Forgot to commit the JS for ModPlus. :) 2010-11-15 17:45:58 -08:00
Brion Vibber
25170f272c visual cleanup on ModPlus remote profile info popup menu 2010-11-15 17:32:33 -08:00
Brion Vibber
fdcaac3653 Tweak remote profile action: hide stats from sidebar, tweak wording on remote notice 2010-11-15 16:38:18 -08:00
Brion Vibber
5fdcba472b RemoteProfileAction cleanup:
- meta robots to prevent spidering
- a little notice if silenced
2010-11-15 16:12:16 -08:00
Brion Vibber
88c35c2cce visual tweaks for RemoteProfileAction 2010-11-15 15:57:57 -08:00
Brion Vibber
16f1c764c0 RemoteProfileAction: redirect to the regular user profile page if given a local user. 2010-11-15 15:40:07 -08:00
Brion Vibber
6849b8f9e5 Workaround for display of Twitter remote users in remoteprofile (ModPlus plugin): use 73px avatar if no 96px present 2010-11-15 15:39:42 -08:00
Brion Vibber
0e763b4902 Stub RemoteprofileAction to show the standard profile header stuff for offsite users -- provides a way to get at the mod & block controls for remote users. 2010-11-15 15:34:12 -08:00
Brion Vibber
0d0e51292d some User -> Profile cleanup to help in adapting the profile page action to show stuff for remote users. Subscriptions, groups, roles, etc are all on profiles now so go ahead and use em. 2010-11-15 15:32:57 -08:00
Brion Vibber
227d4b6889 Stub ModPlus plugin: will hold experimental UI improvements for mod actions 2010-11-15 14:15:41 -08:00
Brion Vibber
defaa3b332 clear_jabber.php script to clear confirmed jabber/xmpp addresses from one or more accounts 2010-11-15 13:26:42 -08:00
Brion Vibber
e4913f9722 fix syntax error introduced in i18n tweaks: newgroup action 2010-11-12 13:35:19 -08:00
Brion Vibber
9621904cac Revert "Missing one close-paren in newgroup.php" - incorrect fix for paren bug
This reverts commit 3afb031d92.
2010-11-12 13:34:04 -08:00
Brion Vibber
6291e8201f Fix for failure edge case in TwitterBridge outgoing repeat/retweets.
When the retweet failed with a 403 error (say due to it being a private tweet, which can't be retweeted) we would end up mishandling the return value from our internal error handling.
Instead of correctly discarding the message and closing out the queue item, we ended up trying to save a bogus twitter<->local ID mapping, which threw another exception and lead the queue system to re-run it.

- Fixed the logic check and return values for the retweet case in broadcast_twitter().
- Added doc comments explaining the return values on some functions in twitter.php
- Added check on Notice_to_status::saveNew() for empty input -- throw an exception before we try to actually insert into db. :)
2010-11-12 13:06:41 -08:00
Evan Prodromou
b6af5a25ba don't try to initialize the mapstraction canvas if it doesn't exist 2010-11-12 11:48:17 -05:00
Zach Copley
09aaf21e8d Fix missing close of comment block 2010-11-11 10:33:26 -08:00
Brion Vibber
fbd8052d05 Add error logging for a couple send-fail cases in XMPP out 2010-11-10 15:26:18 -08:00
Evan Prodromou
3afb031d92 Missing one close-paren in newgroup.php 2010-11-09 17:08:11 -05:00
Evan Prodromou
a4654bfe9f session table was missing from upgrade scripts 2010-11-09 15:09:00 -05:00
Brion Vibber
e90bf6c15b README bump for 0.9.6 final 2010-10-29 14:17:18 -07:00
Brion Vibber
693fecc44a Merge branch 'master' into 0.9.x 2010-10-29 11:22:35 -07:00
Evan Prodromou
36baff3d41 Merge remote branch 'gitorious/master' 2010-10-29 11:14:00 -04:00
Evan Prodromou
c8dab140f4 add a hack to show ads on single-notice pages 2010-10-29 11:13:33 -04:00
Brion Vibber
9e516ed1bb Merge remote branch 'origin/0.9.x' into 0.9.x 2010-10-28 16:25:28 -07:00
Siebrand Mazeland
456f4a6573 Localisation updates from http://translatewiki.net 2010-10-29 01:21:42 +02:00
Brion Vibber
8d0c014ced Merge branch 'master' into 0.9.x 2010-10-28 13:01:10 -07:00
Brion Vibber
fb0c3f4f99 Kill a ping queue item if we get an error on loading up the notice's poster's profile, rather than letting the item be retried over and over as if it were a transitory error.
This shouldn't generally happen as it's an indicator of database inconsistency, but it's a condition we know happens.
2010-10-28 12:58:30 -07:00
Brion Vibber
9ea7cafd27 Fix for regression: fatal error on group page display when not logged in.
Bug was introduced with group deletion feature.
2010-10-28 12:19:19 -07:00
Evan Prodromou
b5206fe6ca fall back to siteowner on bad nickname (Bug#2861) 2010-10-28 10:46:57 -04:00
Brion Vibber
48492600a8 Merge branch '0.9.x' of gitorious.org:statusnet/mainline into 0.9.x 2010-10-28 00:15:59 +00:00
Brion Vibber
e43553a3d9 Tweak for OAuth headers not seen in $_SERVER 2010-10-28 00:14:45 +00:00
Siebrand Mazeland
035b4949fd Merge branch '0.9.x' of git://gitorious.org/statusnet/mainline into 0.9.x 2010-10-28 01:59:45 +02:00
Siebrand Mazeland
7a564276a9 Localisation updates from http://translatewiki.net. 2010-10-28 01:58:43 +02:00
Brion Vibber
9e9b7b972c Merge branch 'instrument' into 0.9.x 2010-10-27 16:47:06 -07:00
Brion Vibber
ace655aecf ApiLogger plugin: dumps some information about API hits to aid in researching future HTTP-level cachability improvements.
Data are sent to the 'info' level of logging, like so:

  [lazarus.local:4812.86b23603 GET /mublog/api/statuses/friends_timeline.atom?since_id=1353]
       STATLOG action:apitimelinefriends method:GET ssl:no query:since_id cookie:no auth:yes
       ifmatch:no ifmod:no agent:Appcelerator Titanium/1.4.1 (iPhone/4.1; iPhone OS; en_US;)

Fields:
* action:  case-normalized name of the action class we're acting on
* method:  GET, POST, HEAD, etc
* ssl:     Are we on HTTPS? 'yes' or 'no'
* query:   Were we sent a query string? 'yes', 'no', or 'since_id' if the only parameter is a since_id
* cookie:  Were we sent any cookies? 'yes' or 'no'
* auth:    Were we sent an HTTP Authorization header? 'yes' or 'no'
* ifmatch: Were we sent an HTTP If-Match header for an ETag? 'yes' or 'no'
* ifmod:   Were we sent an HTTP If-Modified-Since header? 'yes' or 'no'
* agent:   User-agent string, to aid in figuring out what these things are

The most shared-cache-friendly requests will be non-SSL GET requests with no or very predictable
query parameters, no cookies, and no authorization headers. Private caching (eg within a supporting
user-agent) could still be friendly to SSL and auth'd GET requests.

We kind of expect that the most frequent hits from clients will be GETs for a few common timelines,
with auth headers, a since_id-only query, and no cookies. These should at least be amenable to
returning 304 matches for etags or last-modified headers with private caching, but it's very
possible that most clients won't actually think to save and send them. That would leave us expecting
to handle a lot of timeline since_id hits that return a valid API response with no notices.

At this point we don't expect to actually see if-match or if-modified-since a lot since most of our
API responses are marked as uncacheable; so even if we output them they're not getting sent back to
us.

Random subsampling can be enabled by setting the 'frequency' parameter smaller than 1.0:

  addPlugin('ApiLogger', array(
    'frequency' => 0.5 // Record 50% of API hits
  ));
2010-10-27 16:43:38 -07:00
Siebrand Mazeland
796d7b4939 Update translator documentation. 2010-10-28 01:42:09 +02:00
Siebrand Mazeland
d0bbd343f0 i18n/L10n updates and superfluous whitespace removed. 2010-10-28 01:35:40 +02:00
Siebrand Mazeland
04fcfeaf6f * Superfluous whitespace removed.
* i18n review (no changes needed).
2010-10-28 01:23:57 +02:00
Siebrand Mazeland
04ae500749 * i18n/L10n fixes.
* translator documentation updated.
* superfluous whitespace removed.
2010-10-28 01:21:21 +02:00
Siebrand Mazeland
a12474a99d * i18n/L10n fixes.
* translator documentation updated.
* superfluous whitespace removed.
2010-10-28 01:21:09 +02:00
Evan Prodromou
60b66bdd6e Merge branch 'nofollowexternallink' into 0.9.x
Conflicts:
	lib/default.php
2010-10-27 13:53:39 -04:00
Craig Andrews
22a0cf6251 Set cookies with "secure" flag on SSL sites. Improves security. 2010-10-26 17:55:09 -04:00