Commit Graph

5039 Commits

Author SHA1 Message Date
Mikael Nordfeldth
aa36fecd0a Geonames now not a default plugin
In the name of privacy, let's not by default call a bunch of third
party services with our (users') geographical position.
2013-10-22 17:32:06 +02:00
Mikael Nordfeldth
b46c1746f2 Daisychaining bug with exceptions in PHP 2013-10-22 15:36:02 +02:00
Mikael Nordfeldth
f4c0cff032 Only use ActivityVerb::SHARE (forwardId is deprecated)
StatusNet >= 1.0 support it.
2013-10-21 22:25:19 +02:00
Mikael Nordfeldth
8004849305 Removing rel='ostatus:attention' in favor of Salmon's rel='mentioned'
This was introduced in StatusNet 0.9.x, which is the oldest branch
on the web today as far as I know.
2013-10-21 18:42:15 +02:00
Mikael Nordfeldth
2e3ef4cc07 Use pre-defined const instead of strings 2013-10-21 18:28:04 +02:00
Mikael Nordfeldth
3cab5b36c1 Replace common_good_random with common_random_hexstr 2013-10-21 13:20:30 +02:00
Mikael Nordfeldth
db5df642ba common_good_rand was _not_ a "good rand", only hex
0-F isn't random enough to be called rand, so we rename the function
to avoid confusion with something that is actually good at random.
2013-10-21 13:09:40 +02:00
Mikael Nordfeldth
d632df320a Apparently only one atom:content is allowed 2013-10-20 13:15:37 +02:00
Mikael Nordfeldth
802734d07e Switch order of html/text for StatusNet backwards compatibility
StatusNet chooses the first content element in an Atom feed, while
it should really choose the 'html' representation for its 'rendered'
and 'text' representation for the (text-only) 'content'.

GNU social will implement a better algorithm for retrieving Atom
feeds, but that is yet to be done. So to avoid having link-less posts
on remote nodes, we'll just do the old switch-a-roo.

Other Atom readers, such as Mozilla Firefox, has the reverse priority
(choosing the last of the content elements).
2013-10-20 12:50:27 +02:00
Mikael Nordfeldth
0398741956 Core plugin list would not merge into $config 2013-10-19 15:25:59 +02:00
Mikael Nordfeldth
565e32aca3 Always generate local HTTPS links if ssl is 'always'
The isHTTPS call won't work in cli mode, so install_cli.php should
solve it some other way for initial profile url and User uri.
2013-10-19 14:59:02 +02:00
Mikael Nordfeldth
2a5ba1f74b Core and Default plugins separated, now loads on install
_flow_ reported on IRC that install.php had stopped working. This was
because default plugins had been put into two separate lists, and the
list with AuthCrypt was never loaded when performing an installation.

Core plugins cannot be disabled.

I also removed the Memcache autodetection thing since it should be
solved in a more elegant manner.
2013-10-19 14:38:15 +02:00
Mikael Nordfeldth
2f70866367 Installer redirects to HTTPS if ssl is set to 'always' 2013-10-18 18:17:37 +02:00
Mikael Nordfeldth
e2c50d202f AuthCrypt now tidied up and enabled by default. 2013-10-17 16:36:15 +02:00
Mikael Nordfeldth
6ed66d9c76 Local_group and User are now assumed to be in same namespace 2013-10-17 01:27:01 +02:00
Mikael Nordfeldth
cd0e3f1fa4 NoProfileException now parent to User* and Group* 2013-10-17 00:32:54 +02:00
Mikael Nordfeldth
db7ef52d13 Better use of Nickname validation functions
Nickname verifications on registration and updates for profiles (not yet
groups) have been improved.

Minor bugs in RegisterAction were also fixed, where multiple forms would
be outputed because the function did not return after showForm(). This
will be solved more permanently with throwing exceptions in the future.
2013-10-16 15:38:54 +02:00
Mikael Nordfeldth
38a69b5597 Better checks during User::register and improved Nickname checks 2013-10-16 14:58:06 +02:00
Mikael Nordfeldth
b764ee8134 Nickname::normalize now checks for path name collision too. 2013-10-16 13:22:43 +02:00
Mikael Nordfeldth
29d0871e5a Making many of the API actions more consistent with coding style
clientError and serverError exit after they're done so no need for
break or return. Also, $this->format is default.

We also got rid of the incredibly verbose version of $this->isPost()
which was spread all over the place.

Not all of this cleaning up is done yet.
2013-10-15 03:07:40 +02:00
Mikael Nordfeldth
f46d675a20 GNU social is with a minor s. 2013-10-15 00:20:36 +02:00
Mikael Nordfeldth
9be368006c Naming stuff GNUsocial rather than StatusNet 2013-10-15 00:19:03 +02:00
Mikael Nordfeldth
a8bcdc905f common_sql_now() is recommended before DB_DataObject_Cast::dateTime() 2013-10-14 13:42:27 +02:00
Mikael Nordfeldth
390556d932 Remote Profile Action from ModPlus now more generic 2013-10-08 21:08:02 +02:00
Mikael Nordfeldth
fcf47f315b Removed deprecated activity:subject 2013-10-08 15:06:19 +02:00
Mikael Nordfeldth
e1c9061735 Atom output of ActivityObject now has html AND text 2013-10-08 15:00:54 +02:00
Mikael Nordfeldth
db363cdad9 Revert "Don't set the title of a notice to its plain-text content."
This reverts commit 74ec87c27c.
2013-10-08 14:06:27 +02:00
Mikael Nordfeldth
9ddc40b6da NoResultException returns the failed object 2013-10-08 00:21:24 +02:00
Mikael Nordfeldth
1d8b19fe54 Let's not limit qvitter stuff to 'json' requests
Also, cleanup and report errors properly when we try unsupported media types.
2013-10-07 20:54:25 +02:00
Mikael Nordfeldth
cf0570fc99 Cleaning up clientError and serverError 2013-10-07 19:56:45 +02:00
Mikael Nordfeldth
8912cdc7a4 Validate::uri replaced with filter_var for HTTP[S] URL checks
Also, a bug in checking the OAuth callback URL for validity was fixed,
where it referenced the wrong variable when going through form data.
2013-10-07 14:46:09 +02:00
Mikael Nordfeldth
87370f0cb1 URL shortening can now be disabled for the 'maxurllength'
Also, URL shortening now consistently uses 'maxurllength'...
2013-10-06 22:35:49 +02:00
Mikael Nordfeldth
34a6624452 Qvitter API changes (thanks hannes2peer)
I implemented changes from quitter.se's new API that their front-end qvitter
uses, https://github.com/hannesmannerheim/qvitter/blob/master/api-changes-1.1.1/CHANGES

However I left out the URL shortening commens, since I believe whatever behaviour
they experienced that caused them to implement this was a bug (or many) and should
be fixed in their proper areas and that shortening should not be entirely left
out in API calls.
2013-10-06 21:51:50 +02:00
Mikael Nordfeldth
753019baf2 60 chars was too little, 100 chars seems better. For me. 2013-10-06 20:28:07 +02:00
Mikael Nordfeldth
e93c4d6268 Missed an exclamation mark. Still doesn't linkify groups? 2013-10-06 17:26:55 +02:00
Mikael Nordfeldth
fb94a16217 Moved Avatar retrieval into Avatar class
Backwards compatible functions are still in Profile class.
2013-10-06 15:55:06 +02:00
Mikael Nordfeldth
78f9629bf3 Moved shareLocation preference check to Profile class 2013-10-06 13:38:09 +02:00
Mikael Nordfeldth
cc34bb48c7 OAuth related syntax fixes, nothing big
Making better use of class autoloading too.
2013-10-06 12:43:18 +02:00
Mikael Nordfeldth
5974493707 I missed a preg_replace with /e 2013-10-06 12:37:55 +02:00
Mikael Nordfeldth
5f867f98c2 Typing and static declaration in PoCo class 2013-10-06 03:48:41 +02:00
Mikael Nordfeldth
64dbd93534 Some PHP strict warning fixes 2013-10-06 03:37:12 +02:00
Mikael Nordfeldth
1c042028dc PCRE modifier /e is deprecated in favour of preg_replace_callback() 2013-10-06 03:27:16 +02:00
Mikael Nordfeldth
ac819e5738 fillAvatars would avoid the *ProfileGetAvatar events 2013-10-06 03:01:43 +02:00
Mikael Nordfeldth
48da97f204 MediaFile code improvements, preparing to implement multi-attachments
Maybe in the future we can use this for anonymous file uploads too?
With some kind of anonymous/pseudonymous profile. That'd be neat.
2013-10-05 18:47:45 +02:00
Mikael Nordfeldth
b43be41643 OAuth extlib updated and Twitter comments removed
Source: http://oauth.googlecode.com/svn/code/php/OAuth.php

Should we use PECL OAuth?
2013-10-05 16:04:23 +02:00
Mikael Nordfeldth
eb5097aecb We don't need _that_ noisy queue managers... 2013-10-05 13:12:16 +02:00
Mikael Nordfeldth
8fdc999be4 IM/XMPP Plugin classes use throwing getParent 2013-10-05 12:30:52 +02:00
pztrn
9824b00f4b Adopted merge request #232 from statusnet to gnusocial 2013-10-05 12:36:48 +04:00
Mikael Nordfeldth
636a8fcaf5 Properly defined globals, $_PEAR caused install to fail. (thanks DRiKE) 2013-10-04 21:29:16 +02:00
Mikael Nordfeldth
fb4e9b234d Twitter Import improvements. Still buggy?
Apparently mrvdb has problems with duplicate inserts and missing files when
unlinking. It could be due to coding, or it could be due to parallelizing.
2013-10-04 13:36:45 +02:00
Mikael Nordfeldth
39f43e415d Do not name anything getOriginal (because DB_DataObject calls that)
Avatar->getOriginal has been renamed getUploaded
Notice->getOriginal has been renamed getParent
2013-10-02 15:01:11 +02:00
Mikael Nordfeldth
7979918ba9 Various minor Avatar fixes, but pretty necessary.
One typing thing. And a missed exception case.

Get src from displayUrl() instead of url for example.
2013-10-02 14:49:01 +02:00
Mikael Nordfeldth
3e15bab965 PHP Notice: Trying to get property of non-object
The notice was reported in /srv/www/vhosts/se/umeahackerspace/social/%/htdocs/lib/inboxtagcloudsection.php on line 63
2013-10-01 17:43:46 +02:00
Mikael Nordfeldth
b0dfc70a54 Properly unlink all old avatars when deleting/uploading a new
We're also now using $config['image']['jpegquality'] to determine the
quality setting for resized images.

To set Avatar max size, adjust $config['avatar']['maxsize']

The getAvatar call now throws exceptions too. Related changes applied.
Now let's move Profile->avatarUrl to the Avatar class!
2013-10-01 17:00:10 +02:00
Mikael Nordfeldth
a23c4aa236 Avatar resizing improvements and better code reuse
* getOriginal added to Avatar class
    This is a static function that retrieves the original avatar in a leaner
    way than Profile->getOriginalAvatar() did (see below).
    This will throw an Exception if there was none to be found.

* getProfileAvatars added to Avatar class
    This gets all Avatars from a profile and returns them in an array.

* newSize added to Avatar class
    This will scale an original avatar or throw an Exception (originally from
    Avatar::getOriginal) if one wasn't found.

* deleteFromProfile added to Avatar class
    Deletes all avatars for a Profile. This makes the code much smarter when
    removing all avatars from a user.
    Previously only specific, hardcoded (through constants) sizes would be
    deleted. If you ever changed lib/framework.php then many oddsized avatars
    would remain with the old method.

* Migrated Profile class to new Avatar::getOriginal support
    Profile class now uses Avatar::getOriginal through its own
    $this->getOriginalAvatar and thus remains backwards compatible.

* Updating stock GNU Social to use Avatar::getOriginal
    All places where core StatusNet code used the
    $profile->getOriginalAvatar, it will now useAvatar::getOriginal with
    proper error handling.

* Updated Profile class to use Avatar::newSize
    When doing setOriginal, the scaling will be done with the new method
    introduced in this merge.
    This also edits the _fillAvatar function to avoid adding NULL values to
    the array (which causes errors when attempting to access array entries as
    objects). See issue #3478 at http://status.net/open-source/issues/3478
2013-09-30 22:23:03 +02:00
Mikael Nordfeldth
a0e107f17f Implemented WebFinger and replaced our XRD with PEAR XML_XRD
New plugins:
* LRDD
    LRDD implements client-side RFC6415 and RFC7033 resource descriptor
    discovery procedures. I.e. LRDD, host-meta and WebFinger stuff.

    OStatus and OpenID now depend on the LRDD plugin (XML_XRD).

* WebFinger
    This plugin implements the server-side of RFC6415 and RFC7033. Note:
    WebFinger technically doesn't handle XRD, but we serve both that and
    JRD (JSON Resource Descriptor), depending on Accept header and one
    ugly hack to check for old StatusNet installations.

    WebFinger depends on LRDD.

We might make this even prettier by using Net_WebFinger, but it is not
currently RFC7033 compliant (no /.well-known/webfinger resource GETs).

Disabling the WebFinger plugin would effectively render your site non-
federated (which might be desired on a private site).

Disabling the LRDD plugin would make your site unable to do modern web
URI lookups (making life just a little bit harder).
2013-09-30 22:04:52 +02:00
Joshua Judson Rosen
562d5bc5fb Remove bad common_path() call in context of cssLink(). 2013-09-29 23:09:55 +02:00
Mikael Nordfeldth
80c6af0ffe Uncaught exception when no subscribers/subscriptions in ProfileList 2013-09-26 00:47:56 +02:00
Mikael Nordfeldth
858d9cc3c4 maxNoticeLength test for url-shortening failed on maxContent==0
maxContent==0 implies that a notice text can be infinitely long, but
this value was directly transferred to maxNoticeLength, where 0 was
tested if it was longer than the notice length - which of course always
was false.

This commit fixes the problem for infinite length notices that always
got shortened.
2013-09-25 22:48:32 +02:00
Mikael Nordfeldth
e9cc87f5b9 Updated some of the INSTALL documentation
Also we now recommend the mysqlnd driver, instead of 'mysql', so no need
to mention deprecation in daemon.php comments.
2013-09-25 13:19:03 +02:00
Mikael Nordfeldth
64df40e409 Filling in missing endHTML calls for Action AJAX
This completes 1c6f9df80e where a lot
of other functions were fixed (by conforming to startHTML and endHTML)
2013-09-24 02:32:17 +02:00
Mikael Nordfeldth
f268c3f877 Completing extra-element-without-text patch from 4015a58d1c 2013-09-24 01:26:51 +02:00
Mikael Nordfeldth
1c6f9df80e PHP5.5 fix: Better use of startXML for Action classes (mostly AJAX)
I had a problem with PHP5.5 that caused ajax responses to be empty. This
fixes it, as the problem was related to pretty inconsistent calling to
headers, XMLWriter::startDocument etc. etc.
2013-09-24 01:18:33 +02:00
Mikael Nordfeldth
1744fec89f Array to string conversion in queuemanager logger 2013-09-24 00:40:23 +02:00
Mikael Nordfeldth
4015a58d1c Sometimes there's no text content, so pad the array (thanks mrvdb)
mrvdb used '' rather than null for the padding argument. MMN-o changed that.
2013-09-24 00:12:30 +02:00
Mikael Nordfeldth
9d3abc3600 $_PEAR now defined globally as new PEAR, so no static calls are made 2013-09-23 22:27:43 +02:00
Mikael Nordfeldth
8205c56e25 Stylesheet event now removed of StatusNet-remnants 2013-09-23 22:13:12 +02:00
Mikael Nordfeldth
5f1fea1488 FavorAction upgraded to extend FormAction
Includes some minor changes to other things as well, such as the session
token input element now having the same 'name' attribute as everyone else.
(it still retains a 'token-'+noticeid 'id' attribute for clientside JS)
2013-09-23 13:06:09 +02:00
Mikael Nordfeldth
50e611a1a9 Shouldn't define static classes as abstract.
New Exception class added (MethodNotImplementedException)
2013-09-21 18:53:18 +02:00
Mikael Nordfeldth
63306081bc Subscription "get by" functions now don't use ArrayWrappers
They were getting in the way of some strict-typing stuff.
2013-09-21 18:38:14 +02:00
Mikael Nordfeldth
39f21d63af New Managed_DataObject retrieval: listFind
This will return a proper DB_DataObject instance (as the desired class)
and not an array, or ArrayWrapper.
2013-09-21 18:18:03 +02:00
Mikael Nordfeldth
93e878d7ca Make better use of Subscription class
removed lib/subs.php as it was essentially only a wrapper for Subscription
2013-09-19 17:29:05 +02:00
Mikael Nordfeldth
792e1aeb47 StatusNet_HTTPResponse now prefixed with GNUSocial_ 2013-09-19 16:11:04 +02:00
Mikael Nordfeldth
c3001ff82b url shortening fixes for api config and not ur1.ca
Will have to change the 'maxnoticelength' code to stop shortening ALL
links if the setting for infinitely long notices is configured.
2013-09-19 01:11:47 +02:00
Mikael Nordfeldth
4c6803a054 GNUSOCIAL is the new defined indicator
STATUSNET is still there for compatibility, so we don't have to change
all scripts at once yet...
2013-09-18 00:35:49 +02:00
Mikael Nordfeldth
d480ed42d1 Gravatar pretty much equals disregarding privacy
Not only that one can often correlate email address md5 hash sums, but
the "functionality" depends on a bunch of external calls.
2013-09-16 21:49:32 +02:00
Mikael Nordfeldth
482296561e Event::handle only takes array $args
This is because it calls call_user_func_array with that exact $args argument.
2013-09-14 18:32:52 +02:00
Mikael Nordfeldth
5e24600304 Minified javascripts are evil! Human readable source, please! 2013-09-14 13:41:49 +02:00
Mikael Nordfeldth
360492472c updated and moved jquery-cookie
Also added to minification Makefile in js/ as it was not delivered from
upstream as .min.js
2013-09-14 13:31:24 +02:00
Mikael Nordfeldth
0731207186 updated jquery-infieldlabel from 0.1.2 to 0.2.1
Source: https://github.com/instanceofme/jquery-infieldlabels/
2013-09-14 13:30:37 +02:00
Mikael Nordfeldth
4f065d6483 Removed jOverlay as it's outdated and not referenced 2013-09-12 15:57:32 +02:00
Mikael Nordfeldth
56ebe91429 jquery form updated and moved to js/extlib 2013-09-12 15:53:14 +02:00
Mikael Nordfeldth
2da928866b jquery-ui updated and moved to js/extlib
It seems we don't need all the development files. Though it feels a bit
evil not to keep them. Then again we didn't have the whole dev-tree there.

Really we should maybe use git submodules for this?

I also made sure that if we don't have minify enabled, a non-minified
version of jquery-ui is loaded, as minification is the most evil of all.
Bad as hell to debug, and anyone visiting the site should be allowed to
view all scripts that are run in an overseeable manner.
2013-09-12 15:48:28 +02:00
Mikael Nordfeldth
a56ad2c43d Updated jquery extlib to v2.0.3
Includes pre-minimized version from code.jquery.com
2013-09-10 13:56:51 +02:00
Mikael Nordfeldth
3efa10769c json2 extlib updated to 2013-05-26 version
Includes minification and Makefile update
2013-09-10 13:43:50 +02:00
Emily O'Leary
81a357ed5e Putting in functionality so that sites with the "Sometimes" SSL setting allow for users with plugins such as HTTPSEVERYWHERE who wish to use HTTPS to do so without having errors pop up. Specifically this references this issue: http://status.net/open-source/issues/3855#comment-48988.
(Port detection test removed by MMN-o. Also switched order on the test for
isHTTPS/SensitiveAction.)
2013-09-10 11:06:53 +02:00
Mikael Nordfeldth
99312c8cc2 Declaring some more static functions properly
As a bonus I added type declaration on Profile_block::exists and
Subscription::exists respectively.
2013-09-09 23:28:20 +02:00
Mikael Nordfeldth
a9c4bcd71f Removing unnecessary require_once lines (autoload!) 2013-09-09 23:06:56 +02:00
Mikael Nordfeldth
747fe9d59b Tidying up getUser calls to profiles and some events
getUser calls are much more strict, and one place where this was found was
in the (un)subscribe start/end event handlers, which resulted in making the
Subscription class a bit stricter, regarding ::start and ::cancel at least.
Several minor fixes in many files were made due to this.

This does NOT touch the Foreign_link function, which should also have a more
strict getUser call. That is a future project.
2013-09-09 23:03:34 +02:00
Mikael Nordfeldth
f0e967fefd needLogin renamed checkLogin and made a property
Action extended classes now can set 'needLogin' as a protected property,
which is defaulted to 'false'. However, FormAction defaults this to 'true'
because most of the form actions will require a current login to be valid.

NewgroupAction, NewmessageAction, NewnoticeAction are all affected by this
commit and in the future we will migrate each potential formaction to the
proper class parent tree. :)
2013-09-02 11:58:47 +02:00
Mikael Nordfeldth
e5e3aeb4e6 newmessage (and Message class) fixed for FormAction
Also added a needLogin function to the Action class, which will do
redirect to login page with proper returnto setting.
2013-09-02 11:05:30 +02:00
Mikael Nordfeldth
c735a8363e Conforming to code layout 2013-09-01 20:52:11 +02:00
Mikael Nordfeldth
cfa699e445 NewgroupAction converted to extend FormAction
Had to change Action function 'prepare' to 'protected', as you can't
(of course) protect something that's been public in a parent class. The
other way around seems fine for PHP... Eventually all actions will have
protected 'prepare' (use execute/run)

A feature of the previously fixed initialization of Action classes, is
that we now have $this->scoped which is the current profile in use. As
of now that is always a local User, except the corresponding Profile
object.

Also, instead of calling 'showForm' everywhere, in case of an error we
just throw an exception of some sort and pass the message along there.

I've also introduced in FormAction the 'showInstructions' function in
order to get a unified instructions/info/error display method.

TODO: Improve info/error message handling, and what/when/where to show.
2013-08-31 18:01:13 +02:00
Mikael Nordfeldth
8d57fb7dc0 Added a FormAction extension
FormAction will act as a parent class to Action classes that use forms
of various sorts, such as newgroup creation, settings actions etc.
2013-08-30 10:28:57 +02:00
Mikael Nordfeldth
13226c5d92 handle no longer uses $argarray or $args 2013-08-30 00:22:22 +02:00
Mikael Nordfeldth
b18e24723f Preparing more object-oriented Action handling
Action classes can now be run by calling the static function 'run'.
Eventually actions will be migrated so most functionality gets put
into parent classes, and the children don't have to have as much
duplicate code as they have now.
2013-08-29 23:33:05 +02:00
Mikael Nordfeldth
fac7371179 pivotGet moved into Managed_DataObject 2013-08-29 10:13:07 +02:00
Mikael Nordfeldth
de55d8f83b plugins onAutoload now only overloads if necessary (extlibs etc.)
lib/plugin.php now has a parent onAutoload function that finds most common
files that are used in plugins (actions, dataobjects, forms, libs etc.) if
they are put in the standardised directories ('actions', 'classes', 'forms',
'lib' and perhaps some others in the future).
2013-08-28 16:10:30 +02:00
Mikael Nordfeldth
3a7261f70a IMPORTANT: Making prev. Memcached_DataObject working again with schemaDef
Lots of the Memcached_DataObject classes stopped working when upgraded to
Managed_DataObject because they lacked schemaDef().

I have _hopefully_ made it so that all the references to the table uses
each class' schemaDef, rather than the more manual ColumnDef stuff. Not
all plugins have been tested thoroughly yet.

NOTE: This is applied with getKV calls instead of staticGet, as it was
important for PHP Strict Standards compliance to avoid calling the non-
static functions statically. (unfortunately DB and DB_DataObject still do
this within themselves...)
2013-08-21 09:48:42 +02:00
Mikael Nordfeldth
e40044e2fa Further static declarations of functions
Validate could probably be replaced with filter_var if desired (PHP>=5.2.0)
2013-08-19 14:26:44 +02:00