Commit Graph

17409 Commits

Author SHA1 Message Date
Sandro Santilli
85a407e7b0 Normalize OpenID URI before checking it for validity
Fixes #251
2017-03-18 10:56:01 +01:00
Mikael Nordfeldth
9fead39f36 Merge branch 'master' of git.gnu.io:gnu/gnu-social 2017-03-18 01:36:35 +01:00
Mikael Nordfeldth
948744538c StoreRemoteMedia now checks remote filesize before downloading 2017-03-18 01:35:45 +01:00
mmn
7dcb229ab3 Merge branch 'improve-status-length-calculation' into 'master'
improve status length calculation for messages forwarded to Twitter

See merge request !133
2017-01-15 20:23:41 +00:00
Bjoern Schiessle
f198d5d110
improve status length calculation, each link is exactly 23 characters long at Twitter 2016-12-14 15:54:02 +01:00
Mikael Nordfeldth
7d67eefdf5 wrong variable was referenced 2016-09-13 11:24:57 +02:00
Mikael Nordfeldth
18670c69b2 Merge branch 'master' of git.gnu.io:gnu/gnu-social 2016-09-02 01:01:57 +02:00
Mikael Nordfeldth
a7043bf7cc Split up source and source_link. Never trust HTML!
https://community.highlandarrow.com/notice/269667
or alternatively: https://social.umeahackerspace.se/conversation/495655
2016-09-02 01:00:52 +02:00
Mikael Nordfeldth
15ab9ff9e3 common_to_alphanumeric added, filtering Notice->source in classic layout 2016-09-02 01:00:08 +02:00
mmn
48efdc3593 Merge branch 'check-connection-on-install' into 'master'
Check DB connection before any possible use

This is to avoid an exception when enabling 'pgsql' backend

See merge request !121
2016-06-17 16:30:25 -04:00
Sandro Santilli
3138fa0b40 Check DB connection before any possible use 2016-05-24 16:49:50 +02:00
Mikael Nordfeldth
844fe3924e put local id, href and such in ostatus:conversation element 2016-04-18 16:09:36 +02:00
Mikael Nordfeldth
afdd6d39ec Some Google stuff that need to be there (or comments)
Note that these won't be shown to the enduser and will never be accessed automatically.

We should put the salmon-protocol stuff on ostatus.org
2016-03-21 12:25:04 +01:00
Mikael Nordfeldth
b4cbf620ab woops, accidentally deleted updates-from rel on mass Google-deletion 2016-03-21 12:13:01 +01:00
Mikael Nordfeldth
1e89369ef8 geometa.js doesn't exist anymore 2016-03-21 03:23:39 +01:00
mmn
9f84f63471 Merge branch 'new-avatar' into 'master'
Changed default avatar in neo-gnu for the more fun @mosphirit gnu.

For now I am going to propose only that change, the default avatar. In the future maybe we can use only one SVG instead multiple PNG but I want to do for now the less changes possible.

See merge request !116
2016-03-20 22:21:39 -04:00
mmn
43178dfe10 Merge branch 'bashrc/remove_google_references' into 'master'
Remove Google References

This removes most references to:

 - Google Code
 - Google Buzz
 - Google Maps
 - Google Gears
 - General Google services promotion

There are still some remaining Google references, particularly a script within plugins/Minify. You might want to check that to see if it's really necessary and whether the javascript it points to is actually free software.

See merge request !117
2016-03-20 22:07:06 -04:00
Bob Mottram
11c57e7aee Remove Google References
This removes most references to Google, with some
remaining since they may point to things which are still
relevant. References to Google Code, Google Buzz and
Google Maps have been removed
2016-03-20 13:06:58 +00:00
Carlos Sanmartín Bustos
2bb5c5806f Changed default avatar in neo-gnu for the more fun @mosphirit gnu. 2016-03-19 12:53:59 +01:00
Mikael Nordfeldth
b2cfbded2e Upgrading from 1.1.x would make uri fields have length=255 2016-03-15 16:54:10 +01:00
Mikael Nordfeldth
346a73c36f Fix a regression in 1f76c1e4 that stopped sending email confirmation on registration 2016-03-02 14:38:34 +01:00
Mikael Nordfeldth
6336248d71 Notice getRendered() can now be called on uninserted notices 2016-02-25 20:13:00 +01:00
Mikael Nordfeldth
67aff528f5 socialfy-your-domain made people think you needed manual interaction
I don't know why, but people started following those instructions for no
apparent reason and it ended up causing a bunch of federation issues or
homegrown cron script messes.

Maybe changing the name to "another" instead of "your" domain will make
people stop doing stuff randomly.
2016-02-25 20:12:56 +01:00
Mikael Nordfeldth
80f7a5f025 $metadata->thumbnail_url is not guaranteed to be set
We should probably have a separate class for this, so we can more
easily combine different technologies similar to oEmbed/OpenGraph.
2016-02-25 19:47:16 +01:00
Mikael Nordfeldth
e6f07d8554 Use in_array instead. Now we get third party responses to contextually interesting threads
I think this solves much of the "third party conversation" issues, assuming involved parties
are using modern GNU social instances.
2016-02-24 00:19:27 +01:00
Mikael Nordfeldth
31c9b2c1d8 Check the notice context for users in UsersalmonAction 2016-02-23 23:56:43 +01:00
Mikael Nordfeldth
9319033ff0 Properly attach activityobjects
For some reason they were written to ->object, which is incorrect as
we use the objects[] array (which usually just holds one entry though)
2016-02-23 23:50:57 +01:00
Mikael Nordfeldth
0eb5122817 Check that the user is in the context of a salmon slap 2016-02-23 23:42:41 +01:00
Mikael Nordfeldth
d672547112 getAliases should be only a list (numeric array) 2016-02-23 14:33:09 +01:00
Mikael Nordfeldth
e16f7d04a8 Let OpenID match against aliases (fix fancyurl stuff etc.) 2016-02-23 14:15:08 +01:00
Mikael Nordfeldth
b59dacb806 getAliases for Profile and Notice
Also move fancyurlfix into site-wide $config['fix']['fancyurls']

TODO: getByUri should make use of this directly I guess?
2016-02-23 14:00:59 +01:00
Mikael Nordfeldth
5f7032dfee Verify that authenticated API calls are made from our domain name.
Evil forms on other websites could otherwise potentially be configured
to have action="https://gnusocial.example/api/statuses/update.json" or
whatever. XHR is already blocked with CORS stuff.

Really, why do browsers allow cross domain POSTs at all? Sigh. The web.
2016-02-22 15:19:10 +01:00
Mikael Nordfeldth
c67b89e56b Make WebFinger fancyurlfix configurable 2016-02-21 20:05:32 +01:00
Mikael Nordfeldth
ce803f6d06 WebFinger aliases with 'index.php/' 2016-02-21 20:00:07 +01:00
Mikael Nordfeldth
1edb1bbc17 Claim that we are the URL without index.php/ in webfinger response 2016-02-21 19:09:39 +01:00
Mikael Nordfeldth
893d117309 throw new, not just throw 2016-02-21 19:01:37 +01:00
Mikael Nordfeldth
0c17c32267 Let the WebFingerPlugin lookup profile resources with index.php/ too 2016-02-21 18:48:48 +01:00
Mikael Nordfeldth
23e66bef64 common_fake_local_fancy_url to remove index.php/ from a local URL 2016-02-21 18:48:18 +01:00
Mikael Nordfeldth
d16a883e17 Allow lookup of User->getByUri (throws NoResultException) 2016-02-21 18:47:47 +01:00
Mikael Nordfeldth
b23cc7465f Keep a unique set of WebFingerResource aliases 2016-02-21 18:47:32 +01:00
Mikael Nordfeldth
afbdcf8938 Don't publish mbox_sha1sum in FOAF by default.
We say the email is private data, so reasonably we shouldn't reveal it
indirectly through a hash sum: http://xmlns.com/foaf/spec/#term_mbox_sha1sum
2016-02-19 00:10:05 +01:00
Mikael Nordfeldth
a838c90951 Only show "public:site" in ToSelector if notice/allowprivate is true 2016-02-18 00:33:16 +01:00
Mikael Nordfeldth
f68d1ade3f Put "Everyone" and "Everyone at [local instance]" at the top of ToSelector 2016-02-18 00:32:09 +01:00
Mikael Nordfeldth
543d968b81 NoAcctUriException->profile not $e directly 2016-02-18 00:13:59 +01:00
Mikael Nordfeldth
a361fdbd77 Sort ToSelector by AcctUri 2016-02-18 00:05:09 +01:00
Mikael Nordfeldth
73dbc5ca1b Use ToSelector choice again. 2016-02-17 23:44:15 +01:00
Mikael Nordfeldth
d9b649642d Show notice feed URLs (and author) 2016-02-17 23:32:56 +01:00
Mikael Nordfeldth
d2c11925bf To-selector padlock only shown if site config notice/allowprivate is true 2016-02-17 23:06:11 +01:00
Mikael Nordfeldth
5fbb01130a By default, disallow users to set private_stream 2016-02-17 22:58:31 +01:00
Mikael Nordfeldth
47dc15c9f6 Describe that we don't allow empty fullnames. 2016-02-17 22:48:32 +01:00