Commit Graph

693 Commits

Author SHA1 Message Date
Zach Copley
9fb08ec45e CSRF protection in remotesubscribe
darcs-hash:20080829054038-7b5ce-d0503a8eb7f89a9d2de4aadd4550f4342b943b09.gz
2008-08-29 01:40:38 -04:00
Zach Copley
a034e13bf0 CSRF protection in emailsettings
darcs-hash:20080829053337-7b5ce-6d94638c57d185e5d44e02ad458593a3f4de36d9.gz
2008-08-29 01:33:37 -04:00
Evan Prodromou
2dc50d7e37 CSRF protection in user registration
darcs-hash:20080829054017-84dde-c9268e5c815934dcbca2451dd6c9016f2ac4a03a.gz
2008-08-29 01:40:17 -04:00
Zach Copley
47726844a0 CSRF protection in recoverpassword
darcs-hash:20080829052824-7b5ce-39a8fd299b7a85793ad7a19fe00c93813ca882b6.gz
2008-08-29 01:28:24 -04:00
Evan Prodromou
98e941753b session token in userauthorization form
darcs-hash:20080829052847-84dde-a64918a75f8300ec8fb230202881691066147652.gz
2008-08-29 01:28:47 -04:00
Evan Prodromou
63438008e0 csrf protection in userauthorization
darcs-hash:20080829052732-84dde-0ebb7e32236b480cc3aa2eb7a4bb2b41ff6177d6.gz
2008-08-29 01:27:32 -04:00
Evan Prodromou
9b741c4f9a better client error on CSRF problem with subscribe/unsubscribe
darcs-hash:20080829051628-84dde-2a339a35c422afb9ec04f757771764ed43b2c28b.gz
2008-08-29 01:16:28 -04:00
Evan Prodromou
4272da4e9e CSRF protection for subscription/unsubscription
darcs-hash:20080829051104-84dde-9bd23c28c2c8a720046060a33ff3e5f246c47116.gz
2008-08-29 01:11:04 -04:00
Zach Copley
2e239e3fbb CSRF protection in imsettings.php
darcs-hash:20080829035707-7b5ce-69a9ff98390ff8b9671ede948d78fdb37371aac6.gz
2008-08-28 23:57:07 -04:00
Zach Copley
6be7cbc5cd CSRF protection in smssettings.php
darcs-hash:20080829035118-7b5ce-57613e88b29617ea422c7f7003e81ef885e3debb.gz
2008-08-28 23:51:18 -04:00
Evan Prodromou
6afb7f576e add csrf protection to profile settings
darcs-hash:20080829043909-84dde-c70a633c93ab89560bc300817bda66eebf6176cf.gz
2008-08-29 00:39:09 -04:00
Evan Prodromou
9a65f45c45 CSRF protection in openidsettings
darcs-hash:20080829042908-84dde-1d1a22dfd3d89c5521aeb9069dc64c5f6dad3a27.gz
2008-08-29 00:29:08 -04:00
Evan Prodromou
d0a466bdb7 swap around some stuff to show the form correctly on a CSRF error in openidlogin
darcs-hash:20080829040925-84dde-7195734eeb3df6439c099c1139caf77e2c2ea3c1.gz
2008-08-29 00:09:25 -04:00
Evan Prodromou
42a6492152 CSRF protection for OpenID form
darcs-hash:20080829035934-84dde-cf36fd802bed76fdf15ac39b838494a414d5cc1e.gz
2008-08-28 23:59:34 -04:00
Evan Prodromou
d6dd35a66a add a token for CSRF avoidance
darcs-hash:20080829034854-84dde-a636b446dc254aaa77ac65f63be01e49c192bf32.gz
2008-08-28 23:48:54 -04:00
Evan Prodromou
93e67c7133 show error in delete notice
darcs-hash:20080829025559-84dde-bd29b5e6750a1ff72bd39e8e76bde325b0313fb8.gz
2008-08-28 22:55:59 -04:00
Evan Prodromou
dd55916d56 CSRF protection in deletenotice
darcs-hash:20080829025127-84dde-b3e2eb64b7dd8302037f471f6dba6949e2e15ecc.gz
2008-08-28 22:51:27 -04:00
Evan Prodromou
d3c86d0016 add CSRF protection to avatar
darcs-hash:20080829023919-84dde-38e4bf6bddc120a221af5f856d9f88b7a532096b.gz
2008-08-28 22:39:19 -04:00
Evan Prodromou
d146355875 return after failed token
darcs-hash:20080829023731-84dde-8920bbaf1e1f171829d0acff3f89ec987deb6368.gz
2008-08-28 22:37:31 -04:00
Evan Prodromou
ff566a149d add session token check to password change
darcs-hash:20080829014515-84dde-bce51f66ba0b3b4347a55a70b2b266b72c242304.gz
2008-08-28 21:45:15 -04:00
Evan Prodromou
b1ff7d7a2b fix error storing uris of remote notices
darcs-hash:20080826211108-84dde-b277bdb1476b9cec0c0d93fa8d565c4642ba16c8.gz
2008-08-26 17:11:08 -04:00
Evan Prodromou
3fda5a684f notify user of remote subscriptions
darcs-hash:20080824200517-84dde-9662d89dbcd948e3ef7b7f8d4e82d90b4891c684.gz
2008-08-24 16:05:17 -04:00
Evan Prodromou
a20a038542 be a little more liberal for sites that accidentally put whitespace before the xml decl
darcs-hash:20080824013803-84dde-9c5d9ce9c588cfb9baddae64366e3417f0a5fee9.gz
2008-08-23 21:38:03 -04:00
Evan Prodromou
7d6e1bb47f request token is not readonly
darcs-hash:20080824011706-84dde-bf35373c3bfc631f8285f8630155195c3c5cc304.gz
2008-08-23 21:17:06 -04:00
CiaranG
92645bbc57 XMPP sub/unsub and help commands
darcs-hash:20080822191032-f6e2c-a3a7efbbaad1ec7c48ef132a8ba34fc8b8651969.gz
2008-08-22 15:10:32 -04:00
Evan Prodromou
ea40dabb39 better error reporting in user authorization action
darcs-hash:20080822212111-84dde-2770093fcfaa6fe03abb1143d3828f0622382b45.gz
2008-08-22 17:21:11 -04:00
Evan Prodromou
a91cd75c17 local-only is optional on public timeline
darcs-hash:20080822210307-84dde-c90f6e7953d11c5b12c7a084ac23e5578412932c.gz
2008-08-22 17:03:07 -04:00
zach
0b87bf6c54 Twitter-compatible API - RESTfulness checks as per Twitter
darcs-hash:20080819214923-462f3-83ab492cb93c1ba643beb70853578cbd7ac35d61.gz
2008-08-19 17:49:23 -04:00
zach
9c29b9ad62 Twitter-compatible API - /statuses/show - better err msg if notice doesn't exist
darcs-hash:20080819202318-462f3-bc08a105c6b41b6a89a2358962440f68a9a79c7f.gz
2008-08-19 16:23:18 -04:00
zach
e980ebc714 Twitter-compatible API - Added /statuses/followers to methods that
require bareauth only if no nickname/id is supplied.

darcs-hash:20080819195431-462f3-93d27cf980fd09aeb30ea741639c1650baecad60.gz
2008-08-19 15:54:31 -04:00
zach
55f5bea21e Twitter-compatible API - /statuses/destroy method implemented
darcs-hash:20080819194610-462f3-eb736e4cfc817b479e1e8e52db03b5f44cdb3d2a.gz
2008-08-19 15:46:10 -04:00
zach
e440b9cea0 Twitter-compatible API - moved show() to the right file
darcs-hash:20080819003931-462f3-4b5b838a2fc5f872391581a189d33abdd8eeb744.gz
2008-08-18 20:39:31 -04:00
zach
d57bc1b8e9 Twitter-compatible API - running all strings through gettext() now
darcs-hash:20080819002903-462f3-94e62891db9b9de049a918034742e545f663e840.gz
2008-08-18 20:29:03 -04:00
Evan Prodromou
d1277820f8 add remote flag to broadcast of notices
darcs-hash:20080819182824-84dde-84d93fae2c4b0d6acee646999bad8e8bb9752c7b.gz
2008-08-19 14:28:24 -04:00
Evan Prodromou
0dce3d959b broadcast remote notices
darcs-hash:20080819182724-84dde-d2cece72dfb7f4f9f5b5cb4574812fdd32daa601.gz
2008-08-19 14:27:24 -04:00
Evan Prodromou
ee858bc880 accept 140 chars in API, too
darcs-hash:20080817192710-84dde-47e8da809c930c7c4528e3cb920d9a448e56d4c0.gz
2008-08-17 15:27:10 -04:00
Evan Prodromou
1c021edad5 typo in forgotten password string
darcs-hash:20080817163324-84dde-0b7f3449b7f6e96704518340351ada9ec0e56bbb.gz
2008-08-17 12:33:24 -04:00
Evan Prodromou
bee7caaafc debug for content too long
darcs-hash:20080817152419-84dde-5df1554695bd8560e5affa0ff74f7d0ab7c7c3ff.gz
2008-08-17 11:24:19 -04:00
Evan Prodromou
164a15d253 accept 140-character UTF-8 strings to content
darcs-hash:20080817151751-84dde-b3fc3ee57872f53a465fd9b45f4255e5e3be3450.gz
2008-08-17 11:17:51 -04:00
Evan Prodromou
5b01880685 name omb_listener param so we can refer to it in error msg
darcs-hash:20080816151057-84dde-e9df2c91a2711b235aa936a28e250715fc7c6d50.gz
2008-08-16 11:10:57 -04:00
zach
35d1714621 Twitter-compatible API: support for new in_reply_to_status_id in statuses/update
darcs-hash:20080815185317-ca946-11c3f9f7255180d5d6ea7b115b3e33b2abb7fe93.gz
2008-08-15 14:53:17 -04:00
zach
a95242bd1d Twitter-compatible API: removed redundant decoding step; already taken care of by util.php's common_render_content()
darcs-hash:20080813193327-ca946-c0160fbcc04771e39e303470d3418e84973a8189.gz
2008-08-13 15:33:27 -04:00
Evan Prodromou
7554f2561c move user registration to a single static method
darcs-hash:20080814002038-84dde-8505d4e083056b770db128129a95be639d8e7f0a.gz
2008-08-13 20:20:38 -04:00
Evan Prodromou
0bba990e2f fix problem with new notices
darcs-hash:20080811181158-84dde-338f926bd4c161ea55ef8600fac254f216413ad4.gz
2008-08-11 14:11:58 -04:00
zach
3a124c5f53 Twitter-compatible API - /statuses/update.format now decodes HTML chars, such as &
darcs-hash:20080731224911-ca946-1cb52c7592d48174437c1896c41a4dd853a9e5c7.gz
2008-07-31 18:49:11 -04:00
Evan Prodromou
37c5e8ca3c make tag dropoff configurable
darcs-hash:20080811175820-84dde-f3d934495fa90fadde5f7d5d0c37c5f2a575a9d8.gz
2008-08-11 13:58:20 -04:00
Evan Prodromou
12aba8ba32 emergency fixup for bad notices in notice search
darcs-hash:20080811175318-84dde-080db6e81589e794761daab868706704d39e2f1b.gz
2008-08-11 13:53:18 -04:00
Evan Prodromou
4c8dfadf2d make init of lang environment happen earlier, or when user language may have changed
darcs-hash:20080806034515-84dde-e32cbfec2890f50b610d0441659180038b060473.gz
2008-08-05 23:45:15 -04:00
Evan Prodromou
f2203d1df6 better handling of unconfirmed email addresses
darcs-hash:20080804133253-84dde-4b1ceb6feabaaad503f8777d6f21545b2bb87e85.gz
2008-08-04 09:32:53 -04:00
Evan Prodromou
506843e55d use an outstanding unconfirmed email address for password recovery if available
darcs-hash:20080804130914-84dde-77e1683ec76b26e9a3838d82cbe7827246db22dd.gz
2008-08-04 09:09:14 -04:00
Evan Prodromou
222b974b23 change no-such-user error to a 404 instead of a 400
darcs-hash:20080804132001-84dde-e6fae9837f87d80356317e4815516dd9ff03e674.gz
2008-08-04 09:20:01 -04:00
ehs
48fcfb8b0d added conneg for action/userbyid so that foaf can be delivered to clients that want application/rdf+xml
darcs-hash:20080801164623-b1e77-1e8786743cc02e3d6f2320edff0f2f474f4ed76b.gz
2008-08-01 12:46:23 -04:00
Evan Prodromou
4bd68f89c3 ksort() the tags list
darcs-hash:20080731041000-84dde-09a4b1d69cc42b7380582d1a2f5d718b6e57dcd2.gz
2008-07-31 00:10:00 -04:00
zach
93d25bec33 Twitter-compatible API: implemented /users/show.format method
(and some API bug fixes)

darcs-hash:20080730213226-ca946-eb89bad91eee630ac286d537ba42f0042b8d2109.gz
2008-07-30 17:32:26 -04:00
Mike Cochrane
16daa87a39 Resolve conflicts
darcs-hash:20080731004922-533db-96d62078f226ffc18db71d222d1c47524ac1319d.gz
2008-07-30 20:49:22 -04:00
Mike Cochrane
9d89e7b4ac Update some gettext strings and number the arguements so life is easier for translators
darcs-hash:20080729080641-533db-560337e226a02dd6fc671f090883d4bedd50eaaa.gz
2008-07-29 04:06:41 -04:00
Evan Prodromou
ba3ca4f6bb show the right stuff on profile page, too
darcs-hash:20080730033939-84dde-21b90f9c8b5fcede12a71f12fee20a4faaf1c549.gz
2008-07-29 23:39:39 -04:00
Evan Prodromou
2090e0aa78 show where a notice came from
darcs-hash:20080730032651-84dde-0685ec5f899129bc75745ca8d1d083f56f3f1ff5.gz
2008-07-29 23:26:51 -04:00
Evan Prodromou
e998cc3960 remember to broadcast in api, and also use the right ID
darcs-hash:20080730030012-84dde-9ceea12e90a4b4b4bbe35cb6cb50b6bcbb6085b7.gz
2008-07-29 23:00:12 -04:00
Evan Prodromou
d79dc8344b refactor notice-adding code to one static method on Notice
darcs-hash:20080730022856-84dde-f19e4ff5d5ae2603b63b8aebd8f878ec90b3ce22.gz
2008-07-29 22:28:56 -04:00
Evan Prodromou
575f705451 if-else instead of ?:
darcs-hash:20080729194735-84dde-246582a47d4a384375d153bff0e724c778c4b3af.gz
2008-07-29 15:47:35 -04:00
Evan Prodromou
f26ed46266 relative info, too
darcs-hash:20080729194457-84dde-fd0545edb3af519ccc43ee3ac50ad5eb14c35dad.gz
2008-07-29 15:44:57 -04:00
Evan Prodromou
8fd20f58e6 show the weight in output (for my own edification)
darcs-hash:20080729194246-84dde-4a47578d8727720097dab9362cb356bd8f4d2a7d.gz
2008-07-29 15:42:46 -04:00
Evan Prodromou
7d43f211c0 change tag output to a tag cloud
darcs-hash:20080729193533-84dde-1e7deeb0c7d7fb7686653be17d197e871aded8be.gz
2008-07-29 15:35:33 -04:00
Mike Cochrane
213ecbf35d Correct variable name
darcs-hash:20080724234601-533db-c9fe139144a5ec9f58b8ab612331fa31bd55967b.gz
2008-07-24 19:46:01 -04:00
Mike Cochrane
278006e4cc Lazy/Auto load the class files as needed
darcs-hash:20080724234533-533db-ec2e235401e7f670ee8094ba8d70dc95c3e6dd63.gz
2008-07-24 19:45:33 -04:00
mikec
a4fa34cecb Resolve conflicts after pull from evan
darcs-hash:20080721135637-edabd-cca33bc0a0936423b9fd2ffdf9413236123d680e.gz
2008-07-21 09:56:37 -04:00
mikec
334c652e80 Publish MicroIDs for email and mpp on profile and notice pages.
darcs-hash:20080721120036-edabd-838335c0e23c80a657d353955b25b52a9a8624b2.gz
2008-07-21 08:00:36 -04:00
mikec
fbf2a58ac3 Get text wrappers around strings so they can be in the native language of the site and use fancy urls if appropriate
darcs-hash:20080721090110-edabd-aea47e1cbcc2527fdb0274cb29638d2abc108a35.gz
2008-07-21 05:01:10 -04:00
matthew.gregg
ed37d83fa3 Opensearch updates
This adds htaccess and searches for people and notices.

darcs-hash:20080720195505-982e4-3f03e6ab4c466ae131e025b6a3c26c7bb9a99c03.gz
2008-07-20 15:55:05 -04:00
Mike Cochrane
88717d8805 User definable timezones. Work in UTC internally and display per user/site default. http://laconi.ca/PITS/00011
darcs-hash:20080720141325-533db-87cb60501434c9dc0ac13716ba5d8b17754431f5.gz
2008-07-20 10:13:25 -04:00
Mike Cochrane
060fecf5ec Clean up delete code. Add missing htaccess rule. Exit after errors so the code doesn't continue running.
darcs-hash:20080720124552-533db-81be2c04445f146e477b1bb7e6e8e7d0eb27431d.gz
2008-07-20 08:45:52 -04:00
Mike Cochrane
26f6c917a7 Fix errors from delete code when viewing a user's profile while not logged in.
darcs-hash:20080720122715-533db-64247879e336666835880cd3de10bc2ef27e46c7.gz
2008-07-20 08:27:15 -04:00
Mike Cochrane
3c56b10036 Add rel
darcs-hash:20080720101947-533db-a7ddbd4d33b492196cf9a4287dfbfa3e341d6f40.gz
2008-07-20 06:19:47 -04:00
Mike Cochrane
fdfb806801 Sort tags by highest frequency then most recent
darcs-hash:20080720094832-533db-91b0cf2e0589ca4008b3011d5acd41449caa0904.gz
2008-07-20 05:48:32 -04:00
matthew.gregg
e20362a60a Adds Opensearch description
darcs-hash:20080720015823-982e4-b33e1ef01cd071e958c9c51625190513b86594f3.gz
2008-07-19 21:58:23 -04:00
matthew.gregg
6dd211530f Patch for PITS 00032, 00033, 00034
darcs-hash:20080719003417-982e4-7004f8a4dfb447f941457c30b0b2289eee5582e6.gz
2008-07-18 20:34:17 -04:00
matthew.gregg
faa3933fbb Added notice deletion http://laconi.ca/PITS/00045
Removes selected notice and any replies that reference it.
Attempts to de-queue anything pending.

This patch does not archive notices.

darcs-hash:20080716032045-982e4-a0b5d37ecfa84796f1681dda54110094ad1424c6.gz
2008-07-15 23:20:45 -04:00
Mike Cochrane
1467300152 Set constant to propper value, not debug value
darcs-hash:20080720082641-533db-fa5b327a6670fd77f55cc028fc3a3a66664d4bb3.gz
2008-07-20 04:26:41 -04:00
Mike Cochrane
f08fe3d1c2 Add tag action
darcs-hash:20080720081838-533db-bfe217657f0c3327fa8facc66b41b00f6c8f1948.gz
2008-07-20 04:18:38 -04:00
Mike Cochrane
5d84485001 First cut at hastags support.
darcs-hash:20080720055702-533db-193ed842b0d0a952bef71a3c5287213ada0ef15c.gz
2008-07-20 01:57:02 -04:00
Mike Cochrane
4b8ae3e339 Resolve conflict
darcs-hash:20080714025853-533db-e215a2ab0277acafc1c01d2c12c20ec452ed53e2.gz
2008-07-13 22:58:53 -04:00
Mike Cochrane
d9aea8cb9a Fixed location of bracket for gettext.
darcs-hash:20080713053033-533db-c1b4e827abd764dc173173556ec889290b0643bf.gz
2008-07-13 01:30:33 -04:00
Evan Prodromou
2e0b64a9ba add local flag for stuff posted over the API
darcs-hash:20080727023516-84dde-7ebc4ccc8065dd1df9a414d5c39df70dbfebf487.gz
2008-07-26 22:35:16 -04:00
Evan Prodromou
e97c06e8e2 let admins prevent registration
darcs-hash:20080724235508-84dde-8bac4d9dd772adb9f27d083b3d0b6ed5b7526dbf.gz
2008-07-24 19:55:08 -04:00
Evan Prodromou
3a262a3bcd ensure that there's a session before redirecting the user
darcs-hash:20080724231833-84dde-965c41484ecf9b85b1979e8ac76314a6b0d951ee.gz
2008-07-24 19:18:33 -04:00
zach
7e6870db91 base class is_readonly() now returns false by default
darcs-hash:20080722212056-ca946-e4bd9eef8e3d8991414932e9fc7b8c9a31f818c0.gz
2008-07-22 17:20:56 -04:00
zach
877eb138c4 Twitter-compatible API: made is_readonly() method smarter
darcs-hash:20080722182919-ca946-dce04d84290711066154567458da2dd3253dd957.gz
2008-07-22 14:29:19 -04:00
zach
038f762bce Added is_readonly() method to all Actions
darcs-hash:20080722171501-ca946-160bad6c4f80be2b3b105ea9b913f1c0f9edb0ef.gz
2008-07-22 13:15:01 -04:00
zach
80facfa16d Twitter-compatible API - location_update was spitting out the wrong profile. Fixed.
darcs-hash:20080721174438-ca946-1f1ddc79f8117561e98a17b143714f5daae1283e.gz
2008-07-21 13:44:38 -04:00
Evan Prodromou
e304f42b47 lost the nickname changing from profile to user
darcs-hash:20080722173613-84dde-f074a753a46f36e4e174ea85b66c472d436efd62.gz
2008-07-22 13:36:13 -04:00
Evan Prodromou
ccfccfd645 hide magic self subscription
darcs-hash:20080722163511-84dde-3ac60595640e545335cc13d120f3e99ba5d1f513.gz
2008-07-22 12:35:11 -04:00
Evan Prodromou
39de5b81b3 don't get a count anywhere
darcs-hash:20080722163200-84dde-736d11972503a37c062fe51c38c58eaf38a11862.gz
2008-07-22 12:32:00 -04:00
Evan Prodromou
42ac47915b don't get a count from query
darcs-hash:20080722163116-84dde-3b17b13022b3d97483e911a99ebd23cc4b8da784.gz
2008-07-22 12:31:16 -04:00
Evan Prodromou
9515303b14 notices and counts
darcs-hash:20080722162332-84dde-75801a271f50789377aa7a3467223286c372ec6c.gz
2008-07-22 12:23:32 -04:00
Evan Prodromou
81e6d50c53 blow off DB_DataObject joins, write SQL from scratch
darcs-hash:20080722161549-84dde-fedeed101bdef172f4a7aabf2278f1a2277a6d88.gz
2008-07-22 12:15:49 -04:00
Evan Prodromou
64ed01f0af centralize and optimize with-friends query
darcs-hash:20080722160213-84dde-2e466b9cc4601a8cb7237770a7df17a2f9dcadb9.gz
2008-07-22 12:02:13 -04:00
Evan Prodromou
ab1f2ff9d0 every user is subscribed to themselves
darcs-hash:20080722144154-84dde-80beabad9a681f2e12edb34ceb4ac249f4ce6705.gz
2008-07-22 10:41:54 -04:00
Evan Prodromou
5f79bcdf51 public timeline only gets local notices
darcs-hash:20080722142050-84dde-b948048b7f85e24c59dc063ef298bcc4c386d33a.gz
2008-07-22 10:20:50 -04:00
Evan Prodromou
b1282b1b9f mark incoming notices as local or not
darcs-hash:20080722141828-84dde-160fe4582c1949af1f6b049b3336cad493e30510.gz
2008-07-22 10:18:28 -04:00