Brion Vibber
3f0557aa8e
General code safety: validate input and escape SQL strings in common_relative_profile()
2010-11-29 16:44:01 -08:00
Brion Vibber
e03d2584aa
Use Nickname::DISPLAY_FMT instead of manual regex fragments in router setup for nickname parameters.
2010-11-29 16:02:35 -08:00
Brion Vibber
82799f675f
Add Nickname test cases for @-reply regexes in common_find_mentions
2010-11-29 15:07:55 -08:00
Brion Vibber
fffc10a230
Nickname class to encapsulate validation & common regexes for nickname formats.
...
This provides initial infrastructure for decoupling display names from internal canonical names, but continues to have us storing and using the canonical forms.
It should be/become possible to provide mixed-case and underscore-containing names in links, @-mention, !-group, etc, but we don't store those alternate forms generally.
2010-11-29 14:46:10 -08:00
Brion Vibber
dc350b5463
Work in progress on nickname validation changes. lib/nickname.php appears to have been destroyed by NetBeans and will be rewritten shortly. Sigh.
2010-11-29 14:15:25 -08:00
Brion Vibber
6c4e5a89c1
Add some doc comments on nickname-related stuff in util.php
2010-11-29 11:31:10 -08:00
Evan Prodromou
edf660c6ff
Make userxrd work without OStatus enabled
2010-11-26 22:09:51 -05:00
Evan Prodromou
fcc0825b14
Make userxrd part of the default hostmeta
2010-11-26 21:46:51 -05:00
Evan Prodromou
0a4911552e
Move user xrd action to core and use hooks to extend
...
Moved the Webfinger user XRD action from the OStatus plugin to core.
Added hooks to add OStatus-specific stuff, but kept general stuff in
the core.
2010-11-26 21:38:38 -05:00
Craig Andrews
3f3b38766f
move xrd and hostmeta out of the OStatus plugin and into core
...
add event for setting up hostmeta, and use them in the OStatus plugin
2010-11-26 21:12:14 -05:00
Brion Vibber
cff14c7e10
Merge branch 'master' into 0.9.x
2010-11-19 16:18:53 -08:00
Brion Vibber
b615998309
Fix ticket #2700 : some numeric IDs were misinterpreted as hex numbers instead of strings when '0x123' passed in.
...
Switched from is_numeric() to a custom self::is_decimal() which is more strict.
This makes our behavior match Twitter's API a bit better, so eg this:
http://identi.ca/api/statuses/home_timeline/0x6d686b.xml
should now be equivalent to:
http://identi.ca/api/statuses/home_timeline.xml?screen_name=0x6d686b
instead of:
http://identi.ca/api/statuses/home_timeline.xml?user_id=7170155
2010-11-19 16:12:28 -08:00
Brion Vibber
826a695077
Ticket #2797 : replace addslashes() with explicit escape calls on the DB objects
2010-11-19 15:06:26 -08:00
Brion Vibber
e0e7cb7c53
Merge branch 'master' into 0.9.x
2010-11-19 14:03:59 -08:00
Brion Vibber
ca55d6c514
Ticket #1987 : support since_id on API notice search methods.
...
max_id is not yet implemented, as it'll need support added to the search backends. (since_id we get 'for free' by just cropping off the list, it'll do for now)
2010-11-19 14:00:22 -08:00
Brion Vibber
834acaaa79
Merge branch 'master' of gitorious.org:statusnet/mainline into 0.9.x
2010-11-19 12:00:42 -08:00
Brion Vibber
d961925874
Ticket #2899 : clean up inbox/outbox DM form a bit:
...
- "To" drop-down list now defaults to showing "Select recipient:" instead of the first person on your list, reducing liklihood of accidentally sending a message to the wrong person.
- When there are no mutual subscribers to send to, instead of an empty list the list now shows 'No mutual subscribers.'
In both cases, attempting to send when the default is selected displays an error message.
I'm not disabling form elements in part because our themes right now don't show disabled button state correctly; we might want to tighten that up a bit more once fixed.
2010-11-19 11:56:03 -08:00
Brion Vibber
9a590e0843
Merge branch 'master' of gitorious.org:statusnet/mainline into 0.9.x
2010-11-19 10:43:20 -08:00
Brion Vibber
f468180743
Fix regression in PopularNoticeSection: tag parameter was broken, causing sidebar on tag pages to show untagged favorites.
2010-11-18 14:30:00 -08:00
Zach Copley
645a4d1754
Merge branch '0.9.x' of git@gitorious.org:statusnet/mainline into 0.9.x
2010-11-17 22:16:08 +00:00
Zach Copley
2c68703923
Facebook: Gracefully handle disconnection
2010-11-17 21:53:56 +00:00
Brion Vibber
197b56778a
Add $config['attachments']['process_links'] to allow disabling processing of mentioned URL links for attachment info (oEmbed lookups) and dereferencing of redirects that we didn't have shortened ourselves.
...
This option may be useful for intranet sites that don't have direct access to the internet, as they may be unable to successfully fetch those resources.
2010-11-17 13:03:59 -08:00
Evan Prodromou
589aee587f
include full updated source of JSON2 and use updated minified version
2010-11-17 12:34:04 -05:00
Evan Prodromou
d2ddda16e9
use minified version of jquery.cookie.js
2010-11-17 12:32:11 -05:00
Evan Prodromou
d3d91f0f6e
use minified version of jquery.form.js
2010-11-17 12:31:35 -05:00
Evan Prodromou
11805c97d6
Merge branch '0.9.x' into minifyjs
2010-11-17 12:19:19 -05:00
Evan Prodromou
bacc3d2a74
move EndScriptMessages event into if block
2010-11-17 12:19:01 -05:00
Evan Prodromou
da4f8d465f
Use minified version of util.js
2010-11-17 12:16:50 -05:00
Brion Vibber
fa6c6077d6
Merge branch 'master' into 0.9.x
2010-11-16 11:17:29 -08:00
Brion Vibber
0265cdc1c9
Ticket 2895: exclude silenced users from popular notice lists
2010-11-16 11:13:52 -08:00
Brion Vibber
9b9db3b28a
Prep for ticket #2895 : consolidate common code from PopularNoticeList and FavoritedAction for fetching popular notice lists
2010-11-16 11:10:32 -08:00
Zach Copley
64a29bd401
Fix syntax error
2010-11-16 06:10:49 +00:00
Zach Copley
0b573e0d2b
Store the current user in the CurrentUserDesignAction
2010-11-15 22:01:28 -08:00
Zach Copley
bd566b6f85
Merge branch '0.9.x' into facebook-upgrade
2010-11-16 02:32:46 +00:00
Brion Vibber
e4eb3b3dfd
Merge branch 'master' of gitorious.org:statusnet/mainline into 0.9.x
2010-11-15 17:36:48 -08:00
Brion Vibber
5fdcba472b
RemoteProfileAction cleanup:
...
- meta robots to prevent spidering
- a little notice if silenced
2010-11-15 16:12:16 -08:00
Brion Vibber
6849b8f9e5
Workaround for display of Twitter remote users in remoteprofile (ModPlus plugin): use 73px avatar if no 96px present
2010-11-15 15:39:42 -08:00
Brion Vibber
0d0e51292d
some User -> Profile cleanup to help in adapting the profile page action to show stuff for remote users. Subscriptions, groups, roles, etc are all on profiles now so go ahead and use em.
2010-11-15 15:32:57 -08:00
Brion Vibber
fe7cb35551
restore empty showFallback() for attachment display; still needed for one-offs
2010-11-15 12:56:56 -08:00
Brion Vibber
5c00848b74
Merge branch '0.9.x' of gitorious.org:statusnet/mainline into 0.9.x
2010-11-15 12:38:53 -08:00
Brion Vibber
87114a5c30
Add some basic oEmbed lookup test cases; fixed a bug in discovery fallback.
2010-11-15 11:55:28 -08:00
Brion Vibber
57ec01d0b8
Drop some debug lines
2010-11-15 11:30:35 -08:00
Brion Vibber
c8445299c7
Swap the Services_oEmbed wrapper in oEmbedHelper out for doing it ourselves...
...
- workaround for providers that are skimpy on their data, such as missing width/height or thumbnail_width/thumbnail_height
- workaround for YFrog listing "image" instead of "photo" type
- generally more lax about formatting: if it comes back and looks kinda ok, we'll take it.
- discovery uses system HTML parser, should be more robust if the links include things like ampersands with proper HTML-level escaping
2010-11-15 11:25:38 -08:00
Evan Prodromou
8a21b13ee9
Merge remote branch 'gitorious/0.9.x' into 0.9.x
2010-11-15 11:57:31 -05:00
Evan Prodromou
c1cee3b27f
Merge branch 'atompub' into 0.9.x
...
Conflicts:
actions/apistatusesshow.php
actions/apitimelineuser.php
2010-11-15 11:57:19 -05:00
Brion Vibber
4f323efdf7
Encapsulate the oEmbed -> oohembed fallback into oEmbedHelper class. Also added a chance to whitelist sites that don't show discovery info but do have oEmbed API endpoints, and to provide alternate APIs for some common services.
...
Newly supported:
- TwitPic: added a local function using TwitPic's API, since the oohembed implementation for TwitPic produced invalid output which Services_oEmbed rejects. (bug filed upstream)
Tweaked...
- Flickr: works, now using whitelist to use their endpoint directly instead of going through oohembed
- Youtube: worked around a bug in Services_oEmbed which broke the direct use of API discovery info, so we don't have to use oohembed.
Not currently working...
- YFrog: whitelisting their endpoint directly as the oohembed output is broken, but this doesn't appear to work currently as I think things are confused by YFrog's servers giving a '204 No Content' response on our HEAD checks on the original link.
2010-11-12 17:41:35 -08:00
Brion Vibber
2c33fdd2fb
Only use saved thumbnails for notice list attachment thumbs -- don't attempt to search enclosures for photo types. We now save thumbs directly for oEmbed photos that don't list a separate thumb entry (like Flickr), so it's not needed. Keeps things cleaner :D
2010-11-12 14:03:57 -08:00
Brion Vibber
65eeb7cba5
Merge branch 'master' of gitorious.org:statusnet/mainline into 0.9.x
...
Conflicts:
actions/newgroup.php
2010-11-12 13:32:48 -08:00
Brion Vibber
5d12ec0532
Merge branch 'oembed-thumbnails' into 0.9.x
2010-11-12 12:28:44 -08:00
Brion Vibber
cb124fe831
Add a quick config setting to disable/enable display of thumbnails in regular notice lists (attachments/show_thumbs) - disabling gives the same display as before this feature was added (but changes to oembed handling are still there, and the lightbox popup is gone)
2010-11-12 12:24:55 -08:00
Brion Vibber
fbd8052d05
Add error logging for a couple send-fail cases in XMPP out
2010-11-10 15:26:18 -08:00
Brion Vibber
46223da594
CSS class tweak for inline attachment thumbnails to avoid things thinking they're content links
2010-11-10 14:31:55 -08:00
Craig Andrews
cc0038d47c
Fix isHTTPS to work correctly for Cherokee and IIS
2010-11-10 15:53:20 -05:00
Brion Vibber
592e0bc505
add title attribute on attachment list items
2010-11-09 16:43:37 -08:00
Zach Copley
5b94d9e86b
Merge branch '0.9.x' into facebook-upgrade
2010-11-09 23:16:17 +00:00
Brion Vibber
f25accc43e
split out InlineAttachmentList from AttachmentList
2010-11-09 10:45:19 -08:00
Brion Vibber
504529e8cd
Keep aspect ratio when generating local thumbnails
2010-11-08 17:51:53 -08:00
Brion Vibber
694448e0aa
Add attachments 'thumb_width' and 'thumb_height' settings for inline thumbs, defaulting to 100x75.
...
This is used as the max thumb width/height for oEmbed requests (replacing the old default of 500x400 which was more suitable for the lightbox).
2010-11-08 17:36:02 -08:00
Brion Vibber
c36fecb794
Save a thumbnail image when uploading an image file into the file attachments system. Currently hardcoded to 100x75, needs aspect-sensitivity etc.
2010-11-08 17:20:04 -08:00
Brion Vibber
dc497ed090
Break out ImageFile->resizeTo() from ImageFile->resize(); allows resizing images to non-square sizes and to arbitrary destinations. Will be used for creating thumbnails as well as the originala use of cropping/sizing avatars.
2010-11-08 16:56:08 -08:00
Brion Vibber
a2994e3aa2
Testing... using photo info for temp thumbnails
2010-11-08 15:50:06 -08:00
Brion Vibber
551b196a35
doomy doom doom
2010-11-08 15:32:41 -08:00
Brion Vibber
883f7a6c0b
Avoid marking files as attachments that are not locally uploaded, unless they're really oembedable. HTML-y things now excluded properly.
2010-11-08 13:27:54 -08:00
Evan Prodromou
719b480eaa
use subclassing to change notice list output for single notice
2010-11-08 13:08:59 -05:00
Siebrand Mazeland
bb31c25c2d
* i18n/L10n updates.
...
* translator documentation added.
* superfluous whitespace removed.
2010-11-04 19:16:19 +01:00
Brion Vibber
2692b5fc84
Fix for ticket #2853 : fix for some unknown MIME type error cases by adjusting the PEAR error handling temporarily around MIME_Type_Extension usage.
2010-11-03 17:05:26 -07:00
Brion Vibber
28e009898f
Fix for ticket #2852 : skip sending favorite notification emails if the favoriter is someone you've blocked.
2010-11-03 15:17:46 -07:00
Brion Vibber
8e04e88800
Use Profile->getBestName() in PersonalGroupNav instead of manually picking nickname vs fullname. Logic should still work the same when no nickname is provided, but it doesn't make any sense -- probably needs cleanup. :)
2010-11-03 13:11:34 -07:00
Brion Vibber
6e03456753
Migrate some more code from manually constructing "fullname (nickname)" to using Profile->getFancyName(). Encapsulates common logic and allows for localization of the parens.
2010-11-03 13:10:42 -07:00
Brion Vibber
dc4fafbbd1
General cleanup & part of ticket #2864 : use User_group->getFancyName() instead of replicating the logic in various places. Encapsulates and allows for localization of parens.
2010-11-03 12:59:19 -07:00
Zach Copley
e716c3ebaf
Merge branch '0.9.x' into facebook-upgrade
2010-11-02 23:17:07 +00:00
Zach Copley
764a297383
Output filename in log msg if one is supplied
2010-11-02 23:13:20 +00:00
Siebrand Mazeland
973a48bded
i18n/L10n fixes and translator documentation addded/updated.
2010-11-02 23:48:36 +01:00
Siebrand Mazeland
a65362f7fa
Add context for different uses of "%1$s (%2$s)"
2010-11-02 23:08:59 +01:00
Brion Vibber
86201761ea
Use SN.msg() and onEndScriptMessages() to export localized UI messages from Realtime plugin and its descendents.
2010-11-02 13:12:58 -07:00
Brion Vibber
5a9bb0adc4
Tossing in a basic i18n message export to script code. Plugins can hook StartScriptMessage/EndScriptMessage, or directly add needed mappings in Action::getScriptMessages(). Exported entries are accessible as SN.msg(key) at runtime.
...
StatusNet core code now sets the tooltip text on .attachment.more links when they receive their attachment-expansion magic; this will override the hardcoded tooltip text saved from OStatus plugin when displaying timelines in the web UI.
2010-11-02 13:05:16 -07:00
Zach Copley
2306f7a7f4
Merge branch '0.9.x' into facebook-upgrade
2010-11-01 19:13:31 +00:00
Siebrand Mazeland
6ab34fd8e8
* i18n/L10n updates.
...
* translator documentation added.
* superfluous whitespace removed.
2010-11-01 16:49:35 +01:00
Siebrand Mazeland
9b7ac27c69
* add translator documentation.
...
* i18n FIXME tagging.
2010-11-01 16:49:34 +01:00
Siebrand Mazeland
b89dfa3a5b
Fix i18n issues that are solved by using plural.
2010-11-01 16:49:33 +01:00
Siebrand Mazeland
08edd1fedf
* i18n/L10n updates.
...
* translator documentation added/updated.
* superfluous whitespace removed.
2010-10-31 00:58:35 +02:00
Siebrand Mazeland
83233a8a43
Fix i18n for B/kB/MB and add translator documentation.
2010-10-31 00:34:28 +02:00
Siebrand Mazeland
234b03d945
* translator documentation updates.
...
* added FIXMEs in actions/showgroup.php.
* superfluous whitespace removed.
2010-10-30 14:36:54 +02:00
Siebrand Mazeland
8391058ea4
Tabs to spaces, superfluous whitespace removed.
2010-10-30 13:47:19 +02:00
Zach Copley
2c420cc5eb
New Start/EndHtmlElement events. Allows adding namespaces.
2010-10-29 23:38:00 +00:00
Evan Prodromou
36baff3d41
Merge remote branch 'gitorious/master'
2010-10-29 11:14:00 -04:00
Evan Prodromou
c8dab140f4
add a hack to show ads on single-notice pages
2010-10-29 11:13:33 -04:00
Brion Vibber
fb0c3f4f99
Kill a ping queue item if we get an error on loading up the notice's poster's profile, rather than letting the item be retried over and over as if it were a transitory error.
...
This shouldn't generally happen as it's an indicator of database inconsistency, but it's a condition we know happens.
2010-10-28 12:58:30 -07:00
Craig Andrews
22a0cf6251
Set cookies with "secure" flag on SSL sites. Improves security.
2010-10-26 17:55:09 -04:00
Zach Copley
78396db28a
Forgot to add the OAuth verifier pin page to sensitive array
2010-10-25 12:36:03 -07:00
Zach Copley
0dcc3f8d71
We don't need to have editapplication (only showapplication) in the
...
sensitive array because it doesn't expose the consumer keypair
2010-10-25 12:10:52 -07:00
Zach Copley
3954ab39ae
Add OAuth token exchange endpoint to 'sensitive' array; i.e.: use SSL if
...
available
2010-10-25 11:52:17 -07:00
Evan Prodromou
59a7d78acb
Atom Service Document
2010-10-24 23:43:26 -04:00
Evan Prodromou
43a67b150a
show a single notice in atom entry format
2010-10-24 15:58:53 -04:00
Evan Prodromou
69a1ecec9b
check for a post
2010-10-24 15:04:12 -04:00
Brion Vibber
eb30c6651a
Additional fixes found while looking at ticket #2532 : when given a screen name as API parameter for a profile, do the nickname lookup on local users only. The profile table can't guarantee unique lookups, so using names isn't currently safe there. This won't affect anything using local nicknames correctly, and may avoid some weird bugs if there were conflicts between local and remote nicknames.
2010-10-22 13:53:10 -07:00
Brion Vibber
2d124e4aab
Fix for ticket #2532 : fixed API block create/destroy when specifying the target user/profile as a separate query parameter, such as api/blocks/create.xml?param=xxx
...
The router settings weren't quite right so we ended up with bogus regex values passed in as the 'id' parameter, which broke the regular fallback ordering of parameter checks.
2010-10-22 13:51:28 -07:00
Zach Copley
3969870cf3
Normalize HTML body ids to lowercase when the user is logged out as well.
2010-10-22 18:32:08 +00:00
Brion Vibber
d6f4588b9e
Workaround for http_build_query() oddities in low-level router parent code when PHP config is set with non-default separator.
2010-10-21 19:10:43 -07:00
Zach Copley
0b134d3e69
Re-camelcase ApiOauthAuthorizeAction so it will be accessible when
...
a site is in pivate mode
2010-10-21 18:15:11 -07:00