Joshua Wise
e54cb6958a
Escape query parameters in Profile_tag::getTagged()
...
This patch escapes query parameters in Profile_tag::getTagged(). This
is an extra security step; since these parameters come out of the
database, it's unlikely that they would have dangerous data in them.
2013-07-16 10:35:44 -07:00
Joshua Wise
5b118b3781
Escape SQL parameter in Profile_tag::moveTag()
...
This change adds additional escapes for arguments to
Profile_tag::moveTag(). The arguments are canonicalized in the API and
Web UI paths higher up the stack, but this change makes sure that no
other paths can introduce SQL injection errors.
2013-07-16 10:27:30 -07:00
Joshua Wise
c5a710e081
Escape $tag passed to Profile::getTaggedSubscribers()
...
This patch escapes the $tag parameter in
Profile::getTaggedSubscribers(). The parameter is not escaped either
in actions/subscriptions.php or in actions/apiuserfollowers.php. So
there is a potential for SQL injection here.
2013-07-16 10:14:38 -07:00
Joshua Wise
3fb2c06cba
Potential SQL injection in Local_group::setNickname()
...
This change escapes a parameter in Local_group::setNickname(). Review
of the code paths that call this function sanitize the parameter
higher up the stack, but it's escaped here to prevent mistakes later.
Note that nickname parameters are normally alphanum strings, so
there's not much danger in double-escaping them.
2013-07-16 10:11:26 -07:00
Joshua Wise
783e400d94
Potential SQL injection in Local_group::setNickname()
...
This change escapes a parameter in Local_group::setNickname(). Review
of the code paths that call this function sanitize the parameter
higher up the stack, but it's escaped here to prevent mistakes later.
Note that nickname parameters are normally alphanum strings, so
there's not much danger in double-escaping them.
2013-07-16 10:09:16 -07:00
Evan Prodromou
540b90dbd9
Better verb comparison
2013-06-30 12:08:11 -04:00
Evan Prodromou
e502bba259
Slightly more robust group-membership conversion
2013-06-30 12:07:55 -04:00
Evan Prodromou
66f4a39105
Squashed commit of the following:
...
commit bd23a7da105d635414643dfcedd9c8f710d565b8
Author: Evan Prodromou <evan@e14n.com>
Date: Sat Jun 29 07:49:03 2013 -0400
Make the after flag work correctly
commit 5c5845a2f866f0bbffedd8e2e5d1f512f87d5329
Author: Evan Prodromou <evan@e14n.com>
Date: Sat Jun 29 06:14:43 2013 -0400
Add an 'after' flag for backup script
2013-06-29 07:52:09 -04:00
Evan Prodromou
4092ee1bd1
Squashed commit of the following:
...
commit bd23a7da105d635414643dfcedd9c8f710d565b8
Author: Evan Prodromou <evan@e14n.com>
Date: Sat Jun 29 07:49:03 2013 -0400
Make the after flag work correctly
commit 5c5845a2f866f0bbffedd8e2e5d1f512f87d5329
Author: Evan Prodromou <evan@e14n.com>
Date: Sat Jun 29 06:14:43 2013 -0400
Add an 'after' flag for backup script
2013-06-29 07:49:43 -04:00
Evan Prodromou
660b8f0c9c
Merge branch '1.1.x' of gitorious.org:statusnet/mainline into 1.1.x
2013-06-25 22:27:23 -04:00
Evan Prodromou
37bbb96e1b
Better output for shares
2013-06-25 22:27:02 -04:00
Evan Prodromou
557105b86d
Better output for shares
2013-06-25 22:26:27 -04:00
Jean Baptiste Favre
723f0f1929
PHP 5.4: Fix 'mysql has gone away' error when using mysqli driver with forked daemons (at least TwitterBridge)
2013-06-20 11:07:51 +02:00
Jean Baptiste Favre
f1a3d5a386
PHP 5.4 Fix GetValidDaemons function definition for Xmpp & TwitterBridge plugins
2013-06-19 13:25:28 +02:00
Jean Baptiste Favre
c23efdbdb0
PHP 5.4 compatibility: remove call-time pass by reference
2013-06-19 11:16:05 +02:00
Evan Prodromou
0a23946e6b
Add messages, directed notices to sim
2013-06-17 20:16:49 -07:00
Evan Prodromou
fb3981bb04
Set the site profile on install
2013-06-17 20:16:31 -07:00
Evan Prodromou
faf4e7e535
Make favorites in createsim
2013-06-16 02:18:19 +00:00
Evan Prodromou
35ff643230
Turn off Activity by default
2013-06-16 02:16:40 +00:00
Jean Baptiste Favre
707dd44f6b
Merge commit 'merge-requests/192' into statusnet_1.1.x
2013-06-15 20:11:24 +02:00
Jean Baptiste Favre
fcdd4d2cf0
Fix introduced bug, trying to shorten an empty status.
2013-06-15 19:07:43 +02:00
Jean Baptiste Favre
58a2630933
Code cleaning. Do call shortenLinks only once, right before saving new notice.
2013-06-15 19:07:43 +02:00
Jean Baptiste Favre
344a10be8b
Code cleaning, remove 'TEST' tags.
2013-06-15 19:07:43 +02:00
Jean Baptiste Favre
ec072e0af7
Notice update with media attachment may fail through API when status text + attachment length get higher than max notice length. Calling URL shortener can make global length less than maxlength, though allowing notice update.
2013-06-15 19:07:43 +02:00
Jean Baptiste Favre
6d47fadf42
Fix introduced bug, trying to shorten an empty status.
2013-06-15 19:04:32 +02:00
Jean Baptiste Favre
54374365e9
Code cleaning. Do call shortenLinks only once, right before saving new notice.
2013-06-15 19:04:31 +02:00
Jean Baptiste Favre
f803b22752
Code cleaning, remove 'TEST' tags.
2013-06-15 19:04:31 +02:00
Jean Baptiste Favre
6387e0a90d
Notice update with media attachment may fail through API when status text + attachment length get higher than max notice length. Calling URL shortener can make global length less than maxlength, though allowing notice update.
2013-06-15 19:04:31 +02:00
Jean Baptiste Favre
1b39f89b96
Add configuration check. Need 'server', 'port', 'user' and 'password' to be defined (not valid, just defined).
2013-06-15 18:59:17 +02:00
Jean Baptiste Favre
f175512748
Remove static definition of imdaemon.php as valid daemon.
2013-06-15 18:59:17 +02:00
Jean Baptiste Favre
b8a69d023b
Add basic support for GetValidDaemon event. Shall be extended with configuration check.
2013-06-15 18:59:16 +02:00
Jean Baptiste Favre
93c8969a27
Remove alone 'groups' link on the left side. Useless I guess.
2013-06-15 18:41:04 +02:00
Jean Baptiste Favre
d1e46e61ac
Add same CSS rules for #remoteprofile than for #showstream. Allows to hide avatars, like for local profiles.
2013-06-15 18:41:04 +02:00
Jean Baptiste Favre
5a0f17933b
Display notices for remote profile. Would like to hide avatar like in local profile but did not found how to do it.
2013-06-15 18:41:04 +02:00
Jean Baptiste Favre
d48076253b
Fix error 'No matches for action subscriptions with arguments nickname...' when displaying remote profile.
2013-06-15 18:41:04 +02:00
Jean Baptiste Favre
368906258a
You need an API key when using embed.ly. Unfortunatly oembedhelper.php does not support it. This commit aims to fix it.
2013-06-15 18:35:41 +02:00
Jean Baptiste Favre
d36f443666
Bookmark plugin enhancement: display Bookmark's list. Integration of @chimo's work ( http://http://sn.chromic.org/ ) from https://github.com/chimo/BookmarkList into official plugin.
2013-06-15 18:31:05 +02:00
Evan Prodromou
8cc4660bd9
Better ID for notice activity
2013-06-15 12:07:52 -04:00
Evan Prodromou
7a5bd495c5
Better ID for notice activity
2013-06-15 12:07:34 -04:00
Evan Prodromou
67f80e8503
Merge remote-tracking branch 'origin/master'
2013-06-15 11:13:57 -04:00
Jean Baptiste Favre
180cc39c4a
Fix for #3649 issue.
2013-06-15 17:01:10 +02:00
Jean Baptiste Favre
b23a744fba
Fix for #3649 issue.
2013-06-15 16:58:50 +02:00
Jean Baptiste Favre
246e840dd3
Fix INSTALLDIR constant definition.
2013-06-15 15:20:19 +02:00
Jean Baptiste Favre
359f3ca113
Fix for #3651 : oAuth apps list does only show the latest registered application
2013-06-15 14:19:15 +02:00
Jean Baptiste Favre
4284f28dec
Fix for #3651 : oAuth apps list does only show the latest registered application
2013-06-15 14:09:46 +02:00
Jean Baptiste Favre
dfafab6c4f
Fix for #3463 . Make InfiniteScroll plugin use config['plugins']['server'] if defined to build ajax-loader.gif URL
2013-06-15 13:13:15 +02:00
Jean Baptiste Favre
b05130bfb8
Fix missing variable in InfiniteScrollPlugin class. Fix issue #3525
2013-06-15 13:12:19 +02:00
Jean Baptiste Favre
d211348dae
Makes ClientSideShorten loading shorten.js from config['plugins']['server'] if setted. Fix #3528
2013-06-15 12:34:25 +02:00
Jean Baptiste Favre
80da81ba14
Get rid of t.co links for notice's text version. Usefull for client using API. Complements merge-request #205 by @mmn
2013-06-15 11:30:17 +02:00
Jean Baptiste Favre
108aa5c467
Replace t.co links with expanded one provided by Twitter. Can still be a shortened one & will be done only for HTML view, but still a start. Backport of merge_requests/205.
2013-06-15 11:29:09 +02:00