Commit Graph

5834 Commits

Author SHA1 Message Date
Chimo
d02c75d019 Re-enable notice locations
Removed a stray 'return' statement.
2016-06-01 21:56:42 -04:00
Chimo
9de79f0a36 Update prepare() method on Action subclasses.
Fixes handle()-related strict warnings such as "Strict Standards:
Declaration of AdminPanelAction::prepare() should be compatible with
Action::prepare(array $args = Array)

Ref. #190
2016-06-01 02:26:44 +00:00
Chimo
ba2975aac8 Update handle() method on Action subclasses.
Fixes handle()-related strict warnings such as "Strict Standards:
Declaration of AdminPanelAction::handle() should be compatible with
Action::handle()"

Ref. #190
2016-06-01 02:26:44 +00:00
Sandro Santilli
3138fa0b40 Check DB connection before any possible use 2016-05-24 16:49:50 +02:00
Mikael Nordfeldth
bd306bdb9f Add /download action for attachments 2016-05-09 22:08:36 +02:00
Mikael Nordfeldth
3a6733dc98 2-frame GIF animations weren't recognised as animated 2016-05-04 11:57:55 +02:00
Mikael Nordfeldth
a5a96dd857 Misplaced break/continue statements. 2016-05-04 11:44:00 +02:00
Mikael Nordfeldth
87dd0fbdb6 UseFileAsThumbnailException uses direct File object now 2016-05-04 11:34:50 +02:00
Mikael Nordfeldth
7aa9a69c2f Link to attachment page instead of big-ass image 2016-05-01 11:35:51 +02:00
Mikael Nordfeldth
9b613029e6 Merge branch 'master' into mmn_fixes 2016-04-18 16:10:50 +02:00
Mikael Nordfeldth
844fe3924e put local id, href and such in ostatus:conversation element 2016-04-18 16:09:36 +02:00
Mikael Nordfeldth
107f612384 strict type comparison 2016-04-18 15:04:03 +02:00
Mikael Nordfeldth
4645033b98 "In conversation" text in noticelistitem 2016-04-08 13:44:22 +02:00
Mikael Nordfeldth
547f92de07 Don't fail deleteRelated on NoProfileException 2016-04-01 06:51:19 +02:00
Mikael Nordfeldth
44ea8aa681 Make sure $_SERVER['HTTP_REFERER'] isset when testing value 2016-03-31 20:51:50 +02:00
Mikael Nordfeldth
4ea79bc396 I was too quick to save that file (File::getByUrl takes 1 arg) 2016-03-29 14:33:40 +02:00
Mikael Nordfeldth
2f91cb0df7 We should assume all verbs and such are their full URIs in our db 2016-03-29 12:57:52 +02:00
Mikael Nordfeldth
dcffe5d992 Forgotten File::getByUrl conversations (performance++) 2016-03-29 12:13:53 +02:00
Mikael Nordfeldth
88e2f739a9 DOMElement not DOMDocument 2016-03-28 16:23:15 +02:00
Mikael Nordfeldth
7bef2ad4cc Update Profile Data script fixes, might work for groups too now 2016-03-28 16:19:47 +02:00
Mikael Nordfeldth
f134a423f6 rename config option site/logdebug to log/debugtrace 2016-03-27 16:36:58 +02:00
Mikael Nordfeldth
9fa18fa366 HTTPClient::quickGet now supports headers as argument
They should be in a numeric array, already formatted as headers,
ready to go. (Header-Name: Content of the header)
2016-03-24 02:44:11 +01:00
Mikael Nordfeldth
f83b81b8c4 Change config webfinger/http_alias to fix/legacy_http
Set $config['fix']['legacy_http'] to perform some actions that are
needed if your site used to be served over http but now has upgraded
to https!
2016-03-23 15:21:02 +01:00
Mikael Nordfeldth
8933022edc Forgot a microsummary route in the latest commit 2016-03-22 22:37:59 +01:00
Mikael Nordfeldth
dafe775ffa Microsummaries had issues and were removed in Firefox 6.0 anyway
It is argued there are many better ways to get a "micro summary" of
a profile or site.
2016-03-22 22:31:01 +01:00
Mikael Nordfeldth
38f7deca78 Avoid "property of non-object" PHP notice. 2016-03-21 11:17:25 +01:00
Mikael Nordfeldth
1e89369ef8 geometa.js doesn't exist anymore 2016-03-21 03:23:39 +01:00
Mikael Nordfeldth
ae681b10e7 geometa.js doesn't exist anymore 2016-03-21 03:11:22 +01:00
Mikael Nordfeldth
980085a8a3 Merge branch 'master' of git.gnu.io:gnu/gnu-social into mmn_fixes
Conflicts:
	plugins/Minify/extlib/minify/README.txt
	plugins/Minify/extlib/minify/UPGRADING.txt
	plugins/Minify/extlib/minify/min/README.txt
	plugins/Minify/extlib/minify/min/builder/index.php
	plugins/Minify/extlib/minify/min/lib/JSMin.php
	plugins/Minify/extlib/minify/min/lib/Minify.php
	plugins/Minify/extlib/minify/min/lib/Minify/CSS.php
	plugins/Minify/extlib/minify/min/lib/Minify/CSS/Compressor.php
	plugins/Minify/extlib/minify/min/lib/Minify/Controller/Page.php
	plugins/Minify/extlib/minify/min/lib/Minify/Packer.php
	plugins/Recaptcha/RecaptchaPlugin.php
2016-03-21 03:10:19 +01:00
Mikael Nordfeldth
cd24f7d30a Issue #166 - we test exif data below, no need for error output 2016-03-21 02:56:47 +01:00
Mikael Nordfeldth
cdcf6cdb25 Hacky method to avoid cutting conversation "more" link out 2016-03-21 02:42:28 +01:00
Mikael Nordfeldth
aa3865c303 Split threaded notice list classes into own files. 2016-03-21 02:33:57 +01:00
Bob Mottram
11c57e7aee Remove Google References
This removes most references to Google, with some
remaining since they may point to things which are still
relevant. References to Google Code, Google Buzz and
Google Maps have been removed
2016-03-20 13:06:58 +00:00
Mikael Nordfeldth
349e842078 UPDATE ActivityVerb 2016-03-14 15:26:03 +01:00
Mikael Nordfeldth
ca8f0f84c4 Woops, forgot to include this file! 2016-03-14 15:25:05 +01:00
Mikael Nordfeldth
5ca2a28246 Make oEmbed handle our http/https setting better. 2016-03-10 14:20:21 +01:00
Mikael Nordfeldth
bd75305560 Define-ify excluded end-characters of URL autolinking 2016-03-09 15:16:47 +01:00
Mikael Nordfeldth
c769924505 Reduce the number of allowed characters in auto-linking URLs. 2016-03-09 15:05:36 +01:00
Mikael Nordfeldth
d179afa303 Save allowed path/qstring/fragment characters in constants 2016-03-09 14:51:52 +01:00
Mikael Nordfeldth
e2c6f2f96f Let's be consistent with URL verbs 2016-03-08 20:01:06 +01:00
Mikael Nordfeldth
cfc82591da chmod 0775 directories we create
Security for the 'g+rx' should be handle by having the parent directory
inaccessible for global users, which is usually the case.
2016-03-07 23:23:32 +01:00
Mikael Nordfeldth
4e5c0e70a6 fillConfigVoids to set default value of empty config options 2016-03-07 22:55:52 +01:00
Mikael Nordfeldth
265fa12917 Relatively experimental change to store thumbnails in 'file/thumb/' (by default) 2016-03-07 22:33:34 +01:00
Mikael Nordfeldth
158b323767 Declare AdminpanelAction::canAdmin as static, since that's how it's used. 2016-03-06 17:31:40 +01:00
Mikael Nordfeldth
6ec72b2978 Move mail_confirm_address out of mail.php 2016-03-06 17:27:40 +01:00
mmn
0785e2910f Merge branch 'no_sandboxed_repeats_branch' into 'nightly'
Don't include repeated notices from sandboxed users in the public timeline



See merge request !115
2016-03-05 08:08:42 -05:00
Mikael Nordfeldth
97ac722b24 Accessibility navigation improvement 2016-03-05 12:42:53 +01:00
Mikael Nordfeldth
7ca0ff9a19 MediaFile::fromUpload handles missing local file better 2016-03-05 12:05:12 +01:00
Mikael Nordfeldth
1db02d7f36 filename_base option isn't optimal
For different "download filenames" we should use some other method.
2016-03-05 11:59:46 +01:00
Mikael Nordfeldth
57d57b8d8f Handle reuploads via filehandle better if original is missing 2016-03-05 01:26:34 +01:00
Mikael Nordfeldth
952f68fed5 File upload logging for dummies 2016-03-05 00:59:39 +01:00
hannes
7d4658643d the repeated notice can be from a sandboxed user too 2016-03-04 16:53:57 -05:00
Mikael Nordfeldth
dc1ceca86e Some more Microformats2 data for notices and rendering 2016-03-02 13:29:54 +01:00
Mikael Nordfeldth
6529fdd28d Proper Microformats2 h-entry p-name + u-uid markup 2016-03-02 13:10:02 +01:00
Mikael Nordfeldth
d6598e790c Introduce a ConfigException 2016-03-02 12:33:06 +01:00
Mikael Nordfeldth
9534969c05 Don't set is_local=LOCAL_NONPUBLIC on sandboxed user notices
Let's decide whether they are nonpublic by testing them when the notice
is shown instead.
2016-03-02 12:26:23 +01:00
Mikael Nordfeldth
a3b2118906 Make the public streams ModeratedNoticeStream (hide sandboxed users etc.)
Which streams should be put under ModeratedNoticeStream is probably open
to debate. But at least the public ones should hide the posts from users
that are sandboxed.
2016-03-02 11:50:50 +01:00
Mikael Nordfeldth
b4271a3533 Stricted typing + protected on FilteringNoticeStream->filter 2016-03-02 11:40:43 +01:00
Mikael Nordfeldth
99fbb181c1 Translation changes, use FancyName in email subject 2016-03-01 23:53:36 +01:00
Mikael Nordfeldth
47f408ca7c Strict typing for mail_notify_attn 2016-03-01 23:37:11 +01:00
Mikael Nordfeldth
63c087a255 Consistent behaviour for ScopingNoticeStream $scoped
We don't guess the current profile anymore if the value of the profile === -1

Also sets $this->scoped for all ScopingNoticeStream inheritors, which just
like in an Action can be null if we're not scoped in any way (logged in).
2016-03-01 14:51:47 +01:00
Mikael Nordfeldth
7862b853bf Make javascript XHR timeout a variable.
SN.V.xhrTimeout = [time in milliseconds];
2016-03-01 13:10:18 +01:00
Mikael Nordfeldth
6c43e9c2e0 Verify loaded config function, must be completed further. 2016-02-28 13:31:21 +01:00
Mikael Nordfeldth
747c91210f HTMLPurifier cache settings, put stuff in subdir of get_sys_temp_dir() 2016-02-28 13:30:47 +01:00
Mikael Nordfeldth
cd978fa153 Edited the list of allowed rel values 2016-02-28 13:16:52 +01:00
Mikael Nordfeldth
52a3764ae4 Resolve relative URLs (assuming URI.Base==notice URL)
The real way to do this would be to get the xml:base property from
the Atom feed but it's probably not there in any posts we see today.
2016-02-26 14:46:26 +01:00
Mikael Nordfeldth
29662eef5e Mentioning matches (@this too) now. 2016-02-26 00:08:51 +01:00
Mikael Nordfeldth
2669c51265 Allow sgf files if they're recognized in mime search
They are Go game files used on lamatriz.org. Note that my server
doesn't actually recognize these files and can identify the mime type,
but my browser did for some reason.
2016-02-26 00:05:07 +01:00
Mikael Nordfeldth
e6e1705852 Make uploads work properly if we accept _all_ attachment types
Also introduced $config['attachments']['extblacklist'] that can disable
certain file extensions (or rewrite them, for example php => phps)
2016-02-25 22:15:54 +01:00
Mikael Nordfeldth
128a00c4ab Include feeds in Link HTTP headers, for easier discovery 2016-02-24 16:48:44 +01:00
Mikael Nordfeldth
b59dacb806 getAliases for Profile and Notice
Also move fancyurlfix into site-wide $config['fix']['fancyurls']

TODO: getByUri should make use of this directly I guess?
2016-02-23 14:00:59 +01:00
Mikael Nordfeldth
5f7032dfee Verify that authenticated API calls are made from our domain name.
Evil forms on other websites could otherwise potentially be configured
to have action="https://gnusocial.example/api/statuses/update.json" or
whatever. XHR is already blocked with CORS stuff.

Really, why do browsers allow cross domain POSTs at all? Sigh. The web.
2016-02-22 15:19:10 +01:00
Mikael Nordfeldth
ce803f6d06 WebFinger aliases with 'index.php/' 2016-02-21 20:00:07 +01:00
Mikael Nordfeldth
893d117309 throw new, not just throw 2016-02-21 19:01:37 +01:00
Mikael Nordfeldth
23e66bef64 common_fake_local_fancy_url to remove index.php/ from a local URL 2016-02-21 18:48:18 +01:00
Mikael Nordfeldth
afbdcf8938 Don't publish mbox_sha1sum in FOAF by default.
We say the email is private data, so reasonably we shouldn't reveal it
indirectly through a hash sum: http://xmlns.com/foaf/spec/#term_mbox_sha1sum
2016-02-19 00:10:05 +01:00
Mikael Nordfeldth
a838c90951 Only show "public:site" in ToSelector if notice/allowprivate is true 2016-02-18 00:33:16 +01:00
Mikael Nordfeldth
f68d1ade3f Put "Everyone" and "Everyone at [local instance]" at the top of ToSelector 2016-02-18 00:32:09 +01:00
Mikael Nordfeldth
543d968b81 NoAcctUriException->profile not $e directly 2016-02-18 00:13:59 +01:00
Mikael Nordfeldth
a361fdbd77 Sort ToSelector by AcctUri 2016-02-18 00:05:09 +01:00
Mikael Nordfeldth
73dbc5ca1b Use ToSelector choice again. 2016-02-17 23:44:15 +01:00
Mikael Nordfeldth
d2c11925bf To-selector padlock only shown if site config notice/allowprivate is true 2016-02-17 23:06:11 +01:00
Mikael Nordfeldth
5fbb01130a By default, disallow users to set private_stream 2016-02-17 22:58:31 +01:00
Mikael Nordfeldth
d2507a6266 Gotta declare FullNoticeStream as abstract class 2016-02-16 02:24:38 +01:00
Mikael Nordfeldth
46829c6d3c FullNoticeStream selects all verbs. 2016-02-16 02:21:39 +01:00
Mikael Nordfeldth
2d1b70c94d created column was ambigououuuouuus 2016-02-15 09:59:34 +01:00
Mikael Nordfeldth
2301862ae6 We only want POST and SHARE in the inbox/home timeline right? 2016-02-15 09:59:18 +01:00
Mikael Nordfeldth
dcb7ce36d8 Show shares in public timeline
Also, the unselect rule for DELETE was useless anyway since it would
already have been filtered out by not having true.

(the => false stuff are for when you want ALL _except_ that)
2016-02-14 20:53:26 +01:00
Mikael Nordfeldth
e2a090c9cc Use NoticeStream::filterVerbs for filtering in noticestreams 2016-02-14 20:46:13 +01:00
Mikael Nordfeldth
be14e15dac Hide attachments in notices by silenced profiles 2016-02-13 13:17:39 +01:00
Mikael Nordfeldth
e5ad98e601 Silence action can only be used on non-priviliged users 2016-02-12 14:22:25 +01:00
Mikael Nordfeldth
f10625f8bc file and avatar dirs on instances with no such dirs in filesystem 2016-02-12 02:29:33 +01:00
Mikael Nordfeldth
338df7e35b Fix Nickname::isSystemPath() work properly for routes 2016-02-12 02:21:11 +01:00
Mikael Nordfeldth
67dfc0a046 application/xml allowed in uploads 2016-02-11 00:04:14 +01:00
Mikael Nordfeldth
733debd9b3 Use thumbnail upscaling config value 2016-02-10 04:40:54 +01:00
Mikael Nordfeldth
8806cce735 Default to avoid upscaling of thumbnails. 45x45=>450x450 is ugly 2016-02-10 04:40:10 +01:00
Mikael Nordfeldth
a61235086b Use config site/sslproxy to force HTTPS (i.e. using reverse proxy to enable it)
Usage in config.php: $config['site']['sslproxy'] = true;

Add this to documentation...
2016-02-10 01:05:02 +01:00
Mikael Nordfeldth
ec257d940a Either use or don't use HTTPS
The risk of injection attacks using HTTP is too great to allow a
site that allows both HTTP and HTTPS...
2016-02-10 00:57:39 +01:00
Mikael Nordfeldth
dcf29c2a07 s/isHTTPS/useHTTPS/ for HTTPS URL generation 2016-02-10 00:38:14 +01:00
Mikael Nordfeldth
cd71188d3a SimpleCaptcha plugin to stop basic bots 2016-02-08 17:47:09 +01:00