Commit Graph

250 Commits

Author SHA1 Message Date
Mikael Nordfeldth
f83b81b8c4 Change config webfinger/http_alias to fix/legacy_http
Set $config['fix']['legacy_http'] to perform some actions that are
needed if your site used to be served over http but now has upgraded
to https!
2016-03-23 15:21:02 +01:00
Mikael Nordfeldth
265fa12917 Relatively experimental change to store thumbnails in 'file/thumb/' (by default) 2016-03-07 22:33:34 +01:00
Mikael Nordfeldth
1db02d7f36 filename_base option isn't optimal
For different "download filenames" we should use some other method.
2016-03-05 11:59:46 +01:00
Mikael Nordfeldth
747c91210f HTMLPurifier cache settings, put stuff in subdir of get_sys_temp_dir() 2016-02-28 13:30:47 +01:00
Mikael Nordfeldth
2669c51265 Allow sgf files if they're recognized in mime search
They are Go game files used on lamatriz.org. Note that my server
doesn't actually recognize these files and can identify the mime type,
but my browser did for some reason.
2016-02-26 00:05:07 +01:00
Mikael Nordfeldth
e6e1705852 Make uploads work properly if we accept _all_ attachment types
Also introduced $config['attachments']['extblacklist'] that can disable
certain file extensions (or rewrite them, for example php => phps)
2016-02-25 22:15:54 +01:00
Mikael Nordfeldth
b59dacb806 getAliases for Profile and Notice
Also move fancyurlfix into site-wide $config['fix']['fancyurls']

TODO: getByUri should make use of this directly I guess?
2016-02-23 14:00:59 +01:00
Mikael Nordfeldth
afbdcf8938 Don't publish mbox_sha1sum in FOAF by default.
We say the email is private data, so reasonably we shouldn't reveal it
indirectly through a hash sum: http://xmlns.com/foaf/spec/#term_mbox_sha1sum
2016-02-19 00:10:05 +01:00
Mikael Nordfeldth
d2c11925bf To-selector padlock only shown if site config notice/allowprivate is true 2016-02-17 23:06:11 +01:00
Mikael Nordfeldth
5fbb01130a By default, disallow users to set private_stream 2016-02-17 22:58:31 +01:00
Mikael Nordfeldth
67dfc0a046 application/xml allowed in uploads 2016-02-11 00:04:14 +01:00
Mikael Nordfeldth
733debd9b3 Use thumbnail upscaling config value 2016-02-10 04:40:54 +01:00
Mikael Nordfeldth
a61235086b Use config site/sslproxy to force HTTPS (i.e. using reverse proxy to enable it)
Usage in config.php: $config['site']['sslproxy'] = true;

Add this to documentation...
2016-02-10 01:05:02 +01:00
Mikael Nordfeldth
cd71188d3a SimpleCaptcha plugin to stop basic bots 2016-02-08 17:47:09 +01:00
Mikael Nordfeldth
d6664f5735 Hidespam by default
...why would something described as "Whether to hide silenced users from timelines"
be set to false by default? :)
2016-02-07 02:33:53 +01:00
Mikael Nordfeldth
90045d66ea HTMLPurifierSchemes plugin to allow geo and magnet URIs 2016-02-03 14:36:51 +01:00
Mikael Nordfeldth
b1ed1f48ea Configurable linkify for bare IPv4/IPv6 2016-02-03 12:55:00 +01:00
Mikael Nordfeldth
84930f89f9 Don't allow account backups by default. 2016-02-03 01:08:36 +01:00
Mikael Nordfeldth
7e6783bb8f Replace htmLawed with HTMLPurifier 2016-01-28 19:01:13 +01:00
Mikael Nordfeldth
f768de4b46 default connect_timeout to 5 instead of extlib 10 2016-01-18 22:01:45 +01:00
Mikael Nordfeldth
17a65ff873 background folder has never been used for GNU social 2015-12-28 00:00:51 +01:00
Mikael Nordfeldth
334a0d56e7 Oembed slimmed to only do discovery (soon we get og: discovery too) 2015-11-30 02:06:04 +01:00
Mikael Nordfeldth
3013b84e98 Don't enable StrictTransportSecurity by default
(but you should enable it if you use TLS, but there are many who do this
through their webserver and it's odd to have double headers etc...)
2015-10-09 10:55:12 +02:00
Mikael Nordfeldth
88f7bb1ed5 Some work on ActivityModeration with notice deletion
Let's now create an event called DeleteNotice and also make sure we
handle the onNoticeDeleteRelated properly in ActivityModeration to
avoid possible endless loops etc.
2015-10-03 02:02:37 +02:00
Mikael Nordfeldth
a09cf51b99 Move Ostatus_profile->processPost function into plugin 2015-09-29 15:19:13 +02:00
Mikael Nordfeldth
8d516d7f08 Don't allow imports by default until it works well on large instances. 2015-07-17 14:40:09 +02:00
aroquen
776b82e6e8 Drop QnA from default plugins 2015-06-07 14:05:51 +02:00
Mikael Nordfeldth
82f9b6908c Fake recovery by email address, to hide registrants on the site 2015-05-30 23:29:58 +02:00
Mikael Nordfeldth
2b58d6b774 Merge branch 'quitagram' into nightly
Fixes that make quitagram work better amongst other things.
2015-04-22 22:17:50 +02:00
Mikael Nordfeldth
4526c3f712 If /var/run was unwritable stopdaemons did not find pid file 2015-04-13 21:51:35 +02:00
Mikael Nordfeldth
d7d96806a4 removed unused config setting 2015-04-10 13:15:12 +02:00
Mikael Nordfeldth
8439efe77d Filter out img, video and audio tags in notice HTML
Because we don't want to auto-fetch items from a remote server. Such
items should be delivered as attachment metadata and portrayed in the
way the local instance chooses.

Choices for portrayal are either simply nullifying this and embedding
the data, linking the file remotely requiring a manual click or maybe
use remote oEmbed data etc. to download files locally so no remote
requests have to be made.
2015-03-15 14:35:29 +01:00
Mikael Nordfeldth
dcfcceb6f2 Share plugin now handles showing form in NoticeOptionItems 2015-03-12 16:33:34 +01:00
Mikael Nordfeldth
9ef224fceb ActivityVerb is a core plugin 2015-03-10 17:24:23 +01:00
Mikael Nordfeldth
0da7512597 No separate placeholder input element for replyforms
Also we're moving the rendering of these out into a separate plugin. Not
done yet, some javascript should be moved out as well.
2015-03-06 20:22:01 +01:00
Mikael Nordfeldth
325e784ccd Don't store duplicates of files.
If a new file is uploaded, it will be matched with a previously uploaded
file so we don't have to store duplicates. SHA256 is random enough and
also unlikely enough to cause collisions.
2015-02-24 21:11:25 +01:00
Mikael Nordfeldth
96099807e1 Default install to site profile community 2015-02-20 01:00:28 +01:00
Mikael Nordfeldth
7ba7f43199 Don't linkify bare domains by default
It's too farfetched to assume any text.com in a notice is an HTTP URL.
For example stuff like pasting from log entries, with domain.com:1234
where 1234 is a _PID_ or something, not a port number for http://...
2015-02-17 20:54:32 +01:00
Mikael Nordfeldth
a89e91da79 By default, don't allow nick changes for profiles
This goes for both users and groups, since they share nickname namespace.

If you want to enable nickname changes, just add this to your config:

   $config['profile']['changenick'] = true;

This commit should cover all changes in our usual web forms as well as through
the API.
2015-02-04 21:25:14 +01:00
Mikael Nordfeldth
fdae6f0fb3 neo-gnu is now default-theme. perty. 2015-02-02 18:22:59 +01:00
Mikael Nordfeldth
d140e135c0 Default textlimit for notices is now 1000 chars 2015-01-26 23:32:08 +01:00
Mikael Nordfeldth
67d09532dd Improved animated image thumbnail freedom of choice
Default is now to take still thumbnails of animated GIFs and then
show them as originals in an AttachmentListItem. The still frames
are mostly used with front-ends like qvitter.
2015-01-26 16:33:39 +01:00
Mikael Nordfeldth
a8e613e508 Animated GIF restructuring, ImageMagick only used for resizing animated sequences. 2015-01-25 23:00:00 +01:00
Mikael Nordfeldth
4dd6d7869e Maybe we can detect animated files in core 2015-01-25 22:11:46 +01:00
Mikael Nordfeldth
2dd1f3fe67 Default value for max thumbnail size increased
Because people have high resolution screens nowadays ;)
2015-01-23 15:04:54 +01:00
Mikael Nordfeldth
964d13792b ssl_verify_host option in config (default is true) 2015-01-22 12:21:57 +01:00
Mikael Nordfeldth
fac9f4e545 Merge branch 'nightly' of gitorious.org:social/mainline into nightly 2015-01-21 23:45:49 +01:00
Mikael Nordfeldth
9c5aa67a63 Enable AntiBrute by default. 2015-01-21 23:43:04 +01:00
Mikael Nordfeldth
5981b5c8d9 CC license fixes (no remote image, https for href) 2015-01-08 18:13:33 +01:00
Mikael Nordfeldth
769febf22e DirectMessage added to default plugins
I think the migration from core to plugin is done now for DMs.

This is required since we support the Twitter-based API by default,
which is implemented in many of the mobile clients etc. But you can
disable the DirectMessage for your instance of you wish, of course.
2014-11-07 16:37:00 +01:00