Commit Graph

3871 Commits

Author SHA1 Message Date
Brion Vibber
54e98ffe22 Fix ticket #3013: MAX_FILE_SIZE hidden fields were incorrectly placed
In order to apply to PHP's POST processing, the MAX_FILE_SIZE field must appear *before* the file upload field. They were incorrectly placed after, where they had no effect on POST processing.
2011-01-26 15:49:57 -08:00
Brion Vibber
621a7cb36d Merge branch '0.9.x' into testing 2011-01-25 12:57:49 -08:00
Brion Vibber
820dd293c9 Fix for ticket #3007: .bmp avatar uploads weren't being properly converted to PNG in all cases
Part of the reported issue was previuosly fixed by dc497ed0 (smaller size images being blanked).
This commit fixes the remaining bug with original-size avatars being left as BMP (which could include the 96px size for instance, which could cause problems in browsers not supporting BMP natively)

Added ImageFile::copyTo() as a convenient alias for resizeTo() when not resizing; this performs the BMP/XPM/XBM->PNG conversion if needed, or copies the original file.
Copying instead of using move_uploaded_file() is fine here since:
a) the files are cleaned up on script completion anyway (vs moving to remove it)
b) we're already performing getimagesize() and possibly load/resize on the file before this point (vs needing to move the file into a usable area to work with open_basedir restrictions that prevent working directly with uploaded files in the temp dir; since this would fail anyway, we lose nothing)

ImageFile::preferredType() now works on $this->type instead of asking for one, to make it handier to use from outside. (This is still needed in order for calling code to generate a target filename.)

Recommended for future:
* additional consolidation between the various ways of uploading avatars (touched avatarsettings, grouplogo, and apiaccountupdateprofileimage with similar minor changes)
* consolidate type checks and file naming into Avatar class
2011-01-24 12:22:47 -08:00
Siebrand Mazeland
6c0e43be9e L10n consistency updates in wording and punctuation.
Translator documentation added/updated.
Superfluous whitespace removed.
2011-01-21 22:45:37 +01:00
Siebrand Mazeland
08cb576b52 Add translator documentation
Fix L10n issues
Remove superfluous whitespace
2011-01-21 16:35:00 +01:00
Brion Vibber
6fa0bea76d Merge branch '0.9.x' into testing 2011-01-20 15:12:57 -08:00
Brion Vibber
6455461c19 Merge branch 'master' into 0.9.x 2011-01-20 15:08:31 -08:00
Zach Copley
05361bb686 OAuth: Fix rare problem in which request tokens were sometimes being
returned as access tokens.
2011-01-20 10:44:31 -08:00
Zach Copley
3a24b95edb Fix a couple spelling mistakes in comments and remove redundant statement terminator 2011-01-20 10:44:05 -08:00
Zach Copley
882b6862a3 OAuth: Fix rare problem in which request tokens were sometimes being
returned as access tokens.
2011-01-19 23:00:24 -08:00
Zach Copley
114d9ebf28 Fix a couple spelling mistakes in comments and remove redundant statement terminator 2011-01-19 22:59:51 -08:00
Zach Copley
1543af748c Merge branch 'testing' of gitorious.org:statusnet/mainline into testing
* 'testing' of gitorious.org:statusnet/mainline: (63 commits)
  Add a scary 'experimental feture' warning & are-you-sure prompt on moveuser.php
  fix wrong datatypes (saving string instead of array) in AtomPub notice processing
  Account moving is a background activity
  return a 409 Conflict when subscription already exists
  OStatusPlugin does discovery in Profile::fromURI()
  considerably more logging and error checking in AccountMover
  add a log method to AccountMover
  normalize accounts and check for return in HTTP for moving
  move account-moving classes to their own libraries
  execution protection on discovery.php
  PHPCS discovery.php
  Move discovery library from OStatus plugin to core
  Revert "Revert "0.9.7alpha1""
  first example of moving a user
  Parse properties of links in XRD files
  Add the Atom username to the XRD output
  preserve activities in object
  let callers pass in an XMLOutputter to output to
  execution protection on discovery.php
  PHPCS linkheader.php
  ...
2011-01-19 22:58:07 -08:00
Zach Copley
e475bdfe77 OAuth: Fix rare problem in which request tokens were sometimes being
returned as access tokens.
2011-01-19 22:55:00 -08:00
Zach Copley
6eca8188b6 Fix a couple spelling mistakes in comments and remove redundant statement terminator 2011-01-19 15:52:18 -08:00
Brion Vibber
963e7576f2 Merge branch 'testing' into moveaccount 2011-01-19 10:41:14 -08:00
Brion Vibber
397f7cd0d8 Refactor profile sidebar statistics output so plugins can hook it and add entries. 2011-01-18 13:32:00 -08:00
Brion Vibber
ff6df8061b Refactor profile sidebar stats generation: factor out giant chunk of repeated method calls 2011-01-18 13:12:08 -08:00
Brion Vibber
9be770e609 Start cleaning up profile sidebar: link the header text on subscription/subscriber/groups sections to the tabs so users don't have to dance around looking for the link if they don't have enough to trigger a 'more' link.
Consolidated some of that link generation; sooooo much more dupe code to kill in this section!
2011-01-18 12:52:38 -08:00
Brion Vibber
56e2bc10d9 Cleanup stray PHP 4-style references in hook calls for navigation bars. We can't replace the live action from here, and don't need a reference to keep the object mutable. Dumping the references helps ensure we don't end up getting errors when things calling the hooks might forget to use the reference and the PHP error reporting settings expose this fact at us. 2011-01-18 12:34:27 -08:00
Evan Prodromou
2a59453d4c Merge branch 'testing' into moveaccount 2011-01-17 17:34:03 -05:00
Evan Prodromou
fb681990d9 Account moving is a background activity 2011-01-17 17:31:56 -05:00
Evan Prodromou
dce2824747 considerably more logging and error checking in AccountMover 2011-01-17 15:25:58 -05:00
Evan Prodromou
feb3ae4c09 add a log method to AccountMover 2011-01-17 15:06:15 -05:00
Evan Prodromou
b11426dbf4 normalize accounts and check for return in HTTP for moving 2011-01-16 17:17:55 -05:00
Evan Prodromou
905aded81a move account-moving classes to their own libraries 2011-01-16 17:17:55 -05:00
Evan Prodromou
81079fe522 execution protection on discovery.php 2011-01-16 17:17:55 -05:00
Evan Prodromou
fafb6733db PHPCS discovery.php 2011-01-16 17:17:55 -05:00
Evan Prodromou
1152b0c3e8 Move discovery library from OStatus plugin to core 2011-01-16 17:16:01 -05:00
Evan Prodromou
a953b93194 Revert "Revert "0.9.7alpha1""
This reverts commit fd20554651.

Conflicts:

	lib/common.php
2011-01-16 17:15:26 -05:00
Evan Prodromou
fd7dd9b10f Parse properties of links in XRD files 2011-01-16 17:15:26 -05:00
Evan Prodromou
8653d8a252 Add the Atom username to the XRD output 2011-01-16 17:15:26 -05:00
Evan Prodromou
aa9137ca71 preserve activities in object 2011-01-16 17:15:26 -05:00
Evan Prodromou
e433e559f8 let callers pass in an XMLOutputter to output to 2011-01-16 17:15:26 -05:00
Evan Prodromou
2a54919d1f execution protection on discovery.php 2011-01-16 17:15:26 -05:00
Evan Prodromou
0649b96e9b PHPCS linkheader.php 2011-01-16 17:15:26 -05:00
Evan Prodromou
02cf7d47f8 PHPCS discovery.php 2011-01-16 17:15:26 -05:00
Evan Prodromou
abf694ae5b move linkheader.php to core 2011-01-16 17:15:26 -05:00
Evan Prodromou
7d1f609bf0 Move discovery library from OStatus plugin to core 2011-01-16 17:15:26 -05:00
Siebrand Mazeland
02f005fe5f * L10n updates
* translator documentation added
2011-01-14 21:53:39 +01:00
Siebrand Mazeland
bf40b3e694 * remove i18n for debug message.
* add i18n for some exceptions.
* add translator documentation.
* L10n updates.
* remove superfluous whitespace.
2011-01-14 21:41:36 +01:00
Brion Vibber
cb56f445b8 Ticket #2166: accept aliases for local group names in API
Also simplifies the code by using User_group::getForNickname instead of duplicating half of it :D
2011-01-07 16:23:54 -08:00
Brion Vibber
5616bfb5ff Fix warning in subscribers/subscriptions list pages where we attempted to call free() an ArrayWrapper after it was used up, thus trying to forward the call to a nonexistent object.
Removed the free calls (unneeded since destructors now work), and added an error check w/ logging & an exception for future attempts to forward calls to nonexistent object.
2011-01-07 15:29:30 -08:00
Brion Vibber
0ec07e9c65 Use ReflectionFunction to check for a present-but-disabled dl() function instead of manually parsing the disable_functions php.ini setting.
We were checking the list as comma-delimited (per the description of it as comma-delimited), but in fact spaces are also accepted, and who knows what else.
2011-01-07 14:48:40 -08:00
Brion Vibber
35507cd039 Fix ticket #2392: sending invitation email fails when site name contains double quotes
Gotta escape quotes!
2011-01-06 17:43:00 -08:00
Brion Vibber
f2a43769e7 Fix for atom/activity streams parsing: feed's <activity:subject> was being taken at a higher priority than entry's <atom:author>, which broke OStatus group posting since we retired <activity:actor>.
Added test case to ActivityParseTests.
2011-01-06 15:13:38 -08:00
Brion Vibber
4b29d0ebb6 Merge branch 'testing-sig' of gitorious.org:~brion/statusnet/brion-fixes into testing 2011-01-05 16:04:32 -08:00
Brion Vibber
f5650806cc Switch autoloader from '__autoload' magic function name to registering our function with spl_autoload_register(); fixes compat problem with PHPUnit 3.5+ which seems to break the old __autoload 2011-01-05 23:27:17 +00:00
Evan Prodromou
60d8fcd0e7 Revert "Revert "0.9.7alpha1""
This reverts commit fd20554651.

Conflicts:

	lib/common.php
2011-01-05 10:52:44 -08:00
Evan Prodromou
a7e5c58a82 Merge branch 'revertversion' into 0.9.x 2011-01-03 10:51:42 -08:00
Evan Prodromou
fd20554651 Revert "0.9.7alpha1"
This reverts commit 3d62c1cf51.
2011-01-03 10:51:29 -08:00
Evan Prodromou
98a0d7f538 Configuration options for using an HTTP proxy
We can make a lot of HTTP requests from the server side. This change
adds some configuration options for using an HTTP proxy, which can
cache hits from multiple sites (good for status.net-like services, for example).
2011-01-03 10:38:32 -08:00
Brion Vibber
80e2f4f529 Fix up edge case in nickname processing: overlong display forms should be rejected before normalization (storage of display forms will also have fields with limited length) 2010-12-30 17:11:16 -08:00
Evan Prodromou
66f6b2a342 Events to hook for NoticeListElement <li> generation 2010-12-30 16:57:05 -08:00
Evan Prodromou
3b5c3d2c84 UUID-generation tools 2010-12-30 12:15:34 -08:00
Evan Prodromou
c91b080a8e version 0.9.8dev 2010-12-29 16:18:43 -08:00
Evan Prodromou
3d62c1cf51 0.9.7alpha1 2010-12-29 16:15:57 -08:00
Evan Prodromou
d8219c07be update version to 0.9.7 2010-12-29 16:14:00 -08:00
Evan Prodromou
80191b56df Show <activity:subject> in Atom group notice feed
Version 0.9.6 and below of StatusNet assume anything in <author> is a
Person. So, we include an <activity:subject> element, which will be
checked first by those versions of the code, only for group feeds.

At some point we'll take this out, but it's useful for now.
2010-12-29 15:33:57 -08:00
Evan Prodromou
d3b10959f4 Merge branch '0.9.x' into noactor 2010-12-29 15:29:29 -08:00
Evan Prodromou
26afe79ed9 Merge branch '0.9.x' of gitorious.org:statusnet/mainline into 0.9.x 2010-12-29 14:53:38 -08:00
Brion Vibber
90c7ff1983 Merge branch 'master' into 0.9.x 2010-12-28 11:37:38 -08:00
Brion Vibber
d3d9797496 Prevent group creation by silenced users.
* adds Right::CREATEGROUP
* logic in Profile::hasRight() checks for silencing
* NewgroupAction checks for the permission before letting you see or process the form in the UI
* User_group::register() logic does a low-level check on the specified initial group admin, and rejects creation if that user doesn't have the right; guaranteeing that API methods etc will also have this restriction applied sensibly.
2010-12-28 11:34:02 -08:00
Evan Prodromou
8814fb3822 Merge branch '0.9.x' into socialbookmark 2010-12-27 22:38:36 -08:00
Evan Prodromou
1996545947 add events for restoring activities 2010-12-27 22:28:20 -08:00
Evan Prodromou
6393326557 Merge branch '0.9.x' into socialbookmark 2010-12-27 20:49:31 -08:00
Evan Prodromou
c78170a275 Better job making an ActivityObject from an <atom:author> 2010-12-27 10:19:51 -08:00
Evan Prodromou
ab92496ddc Stop using <activity:subject> for atom feeds 2010-12-27 10:03:34 -08:00
Evan Prodromou
f5128015be Use outputTo() instead of asString() for including sub-elements 2010-12-27 09:46:25 -08:00
Evan Prodromou
1188d5bab2 Don't output deprecated <activity:actor> element 2010-12-27 09:25:26 -08:00
Brion Vibber
464e0f8115 Don't trust text/xml mime types; generic content detection gives useless stuff like that on SVG images! Todo: replace the extension check in this case with better content-based checks. 2010-12-22 13:56:19 -08:00
Evan Prodromou
402cac2f93 Merge branch '0.9.x' into socialbookmark
Conflicts:
	lib/activityobject.php
2010-12-22 12:09:42 -08:00
Evan Prodromou
35d9a065fb Revert "initialize ActivityObject::$extra"
This reverts commit 3e82000d57.
2010-12-22 12:07:13 -08:00
Evan Prodromou
e11ca1e052 Merge branch '0.9.x' of gitorious.org:statusnet/mainline into 0.9.x 2010-12-22 12:05:40 -08:00
Brion Vibber
448dfb69d4 Initialize $extra member to empty array on ActivityObject 2010-12-22 12:03:05 -08:00
Evan Prodromou
3e82000d57 initialize ActivityObject::$extra 2010-12-22 12:02:50 -08:00
Evan Prodromou
5fe8301129 disable account deletion by default 2010-12-22 11:25:47 -08:00
Evan Prodromou
9a6ceb3303 Merge branch 'righttoleave' into 0.9.x 2010-12-22 11:22:51 -08:00
Evan Prodromou
17515aacac drop previous in oembedhelperexception code 2010-12-20 18:32:43 -05:00
Evan Prodromou
f63355451d fixup exception constructor for php 5.2 2010-12-20 18:28:42 -05:00
Evan Prodromou
24f9a991b6 Let activity objects write directly to activity's own outputter 2010-12-20 13:30:33 -05:00
Evan Prodromou
6a6dd81d1f Let activity objects write directly to activity's own outputter 2010-12-20 13:26:57 -05:00
Evan Prodromou
688841fb41 ActivityObject has attribute for other elements 2010-12-19 10:16:44 -05:00
Evan Prodromou
25d03c42e6 Add events for representing objects as activity:object
Add 6 new events to make it easier to override the type of an activity object.
2010-12-18 17:24:41 -05:00
Brion Vibber
fb8312ebf4 Ticket #2959: implement api/users/profile_image endpoint in Twitter-compat API 2010-12-17 17:10:52 -08:00
Evan Prodromou
573bbeced1 action to restore a user's backup from the Web interface 2010-12-17 18:56:48 -05:00
Evan Prodromou
1d6091cad2 Two bug fixes in activityimporter 2010-12-17 18:56:17 -05:00
Evan Prodromou
120802b807 change code order to make shorter lines 2010-12-17 18:55:00 -05:00
Evan Prodromou
1a81356622 I'm still not sure when it's useful to reset a notice's author 2010-12-17 17:37:43 -05:00
Evan Prodromou
4b41d05a13 Make restoreuser use new FeedImporter queue handler 2010-12-17 16:27:20 -05:00
Evan Prodromou
044763cf06 move activity importing code to two different queuehandler classes 2010-12-17 13:12:17 -05:00
Evan Prodromou
6469d75fb0 Move accountrestorer class to feed importer 2010-12-17 13:10:23 -05:00
Evan Prodromou
16fc5314fb move code to get an author object for a feed to a library from Ostatus_profile 2010-12-17 13:09:37 -05:00
Brion Vibber
ed24c95ac2 Fix ticket #2929: router cache now clears itself when switching singleuser mode in and out 2010-12-16 13:42:10 -08:00
Evan Prodromou
39804809dd distribute flag for Notice::saveNew() 2010-12-16 16:17:38 -05:00
Evan Prodromou
2e2519afee Move account restoration code to a shared library
Moved most of the heavy-lifting for account restoration out of
restoreuser.php and into its own class, with the hope that we'll do
the work from the Web eventually.
2010-12-15 17:53:38 -05:00
Evan Prodromou
e16cb8c03a Merge branch '0.9.x' into righttoleave 2010-12-15 16:48:28 -05:00
Brion Vibber
6c67114198 Mark OembedAction, XrdAction, and (plugin) AutocompleteAction as read-only. Tweaked ApiStatusesShow and ApiTimelineUser to still claim read-only when hit with a HEAD request (usually link checkers or a precursor to a GET, and should be semantically equivalent to a GET without actually transferring data) 2010-12-14 16:14:15 -08:00
Brion Vibber
2ed1e9b126 AtomPub discovery fix: gets MarsEdit's auto API detection working.
Router entry for AtomPubService was slightly off, generating an incorrect link in the RSD data.
2010-12-14 14:43:50 -08:00
Evan Prodromou
d840578aa0 An action to delete your own account
The new DeleteaccountAction lets a user delete their own account
(subject to global rights set by the admin). It presents a form to
delete the account, with an "I am sure." text entry box.

It then schedules the account for deletion and logs the user out.
2010-12-14 12:38:43 -05:00
Evan Prodromou
5089d3065c add an action to backup the current account in ActivityStreams format 2010-12-13 16:32:39 -05:00