Commit Graph

17318 Commits

Author SHA1 Message Date
Mikael Nordfeldth
a61235086b Use config site/sslproxy to force HTTPS (i.e. using reverse proxy to enable it)
Usage in config.php: $config['site']['sslproxy'] = true;

Add this to documentation...
2016-02-10 01:05:02 +01:00
Mikael Nordfeldth
ec257d940a Either use or don't use HTTPS
The risk of injection attacks using HTTP is too great to allow a
site that allows both HTTP and HTTPS...
2016-02-10 00:57:39 +01:00
Mikael Nordfeldth
dcf29c2a07 s/isHTTPS/useHTTPS/ for HTTPS URL generation 2016-02-10 00:38:14 +01:00
Mikael Nordfeldth
eaa394ed7d bitcoin schema for HTMLPurifier 2016-02-08 20:20:31 +01:00
Mikael Nordfeldth
7c90d7022b Require the license with HTML5 2016-02-08 17:56:35 +01:00
Mikael Nordfeldth
ef5ed10eb9 Log failed captcha entries 2016-02-08 17:51:21 +01:00
Mikael Nordfeldth
cd71188d3a SimpleCaptcha plugin to stop basic bots 2016-02-08 17:47:09 +01:00
Mikael Nordfeldth
a30d34be7f Returnto the previous page when deleting a notice. 2016-02-08 15:30:28 +01:00
Mikael Nordfeldth
d98784e059 Use functions instead of accessing properties in twitterUserArray 2016-02-08 12:21:58 +01:00
Mikael Nordfeldth
3dea259f52 Return intval from getID() 2016-02-08 12:21:46 +01:00
Mikael Nordfeldth
2938b3e960 Don't return true on requiresAuth if screen_name==='0' 2016-02-08 12:14:35 +01:00
Mikael Nordfeldth
13cf744fb3 Allow screennames that are === '0' 2016-02-08 11:40:46 +01:00
Mikael Nordfeldth
2686635f60 Keep the rel="tag" in HTML when purifying 2016-02-07 12:50:26 +01:00
Mikael Nordfeldth
1126f70786 Merge branch 'master' into mmn_fixes 2016-02-07 02:35:44 +01:00
Mikael Nordfeldth
7c7f2f890f Hidespam by default
...why would something described as "Whether to hide silenced users from timelines"
be set to false by default? :)
2016-02-07 02:35:21 +01:00
Mikael Nordfeldth
d6664f5735 Hidespam by default
...why would something described as "Whether to hide silenced users from timelines"
be set to false by default? :)
2016-02-07 02:33:53 +01:00
Mikael Nordfeldth
58e852f7f7 Use the -y parameter for ffmpeg/avconv to be non-interactive 2016-02-07 01:59:21 +01:00
Mikael Nordfeldth
6bec22ea4e Write to the tmp file in VideoThumbnails 2016-02-07 01:57:56 +01:00
Mikael Nordfeldth
25f623565a Catch http exception in StoreRemoteMedia 2016-02-07 01:54:37 +01:00
Mikael Nordfeldth
098c8b1df4 NoHttpResponseException extends HTTP_Request2_ConnectionException 2016-02-07 01:52:20 +01:00
Mikael Nordfeldth
55546a5aab Support ffmpeg and avconv depending on which you have 2016-02-07 01:02:59 +01:00
Mikael Nordfeldth
41e36e1f28 Unknown functionality of a script
Something added 6-8 years ago which we don't use anymore...
2016-02-04 12:16:36 +01:00
Mikael Nordfeldth
1f01356076 Fix issue #127 by catching exceptions
update-profile-data.php threw exceptions on http connection issues
2016-02-04 12:06:35 +01:00
Mikael Nordfeldth
60804d1902 ES3 compatibility layer not necessary (noone uses IE8 etc.)
All browsers with javascript support also support ES5 nowadays. Anyone
using older software should upgrade for other reasons, such as security.
2016-02-04 11:37:24 +01:00
Mikael Nordfeldth
d5ecbd05a1 Forgot a break in a switch when rendering attachments. 2016-02-03 19:32:51 +01:00
Mikael Nordfeldth
9960714896 Disallow zero-length magnet URIs
magnet: would match, but now we have a zero-length lookahead which
requires the following character to be a question mark: magnet:?
2016-02-03 15:26:19 +01:00
Mikael Nordfeldth
90045d66ea HTMLPurifierSchemes plugin to allow geo and magnet URIs 2016-02-03 14:36:51 +01:00
Mikael Nordfeldth
2c83614170 HTMLPurifier caches were included accidentally 2016-02-03 14:35:26 +01:00
Mikael Nordfeldth
349dba8be0 Only allow our specified URI schemes 2016-02-03 14:31:16 +01:00
Mikael Nordfeldth
e903bd0bc3 Hacky support for geo URI detection
Won't work with common_purify yet because there is no geo uri scheme for it
2016-02-03 14:19:08 +01:00
Mikael Nordfeldth
b1ed1f48ea Configurable linkify for bare IPv4/IPv6 2016-02-03 12:55:00 +01:00
Mikael Nordfeldth
25c15119bc Backupaccount is always readonly 2016-02-03 01:15:35 +01:00
Mikael Nordfeldth
84930f89f9 Don't allow account backups by default. 2016-02-03 01:08:36 +01:00
Mikael Nordfeldth
19b743a9f5 Set time limit to increase time backupaccount can take
Wills till run out of memory probably, we should fix that.
2016-02-03 01:04:14 +01:00
Mikael Nordfeldth
9fcfb7cb1d Proper error message on too much POST data 2016-02-03 01:03:58 +01:00
Mikael Nordfeldth
6a4aa34b0c Don't process further in redirection if HEAD gives 400 Bad request 2016-02-03 00:34:49 +01:00
Mikael Nordfeldth
40cffb9463 File::isProtected is static 2016-02-03 00:22:18 +01:00
Mikael Nordfeldth
a2b914ce60 Get URL schemes by URL type 2016-02-03 00:18:37 +01:00
Mikael Nordfeldth
43abfe659b Bump beta number to 4
We have better webfinger @mention@capability.example at least and
OpportunisticQM is somewhat refined.
2016-01-30 00:04:18 +01:00
Mikael Nordfeldth
367fc054dc Merge branch 'master' into mmn_fixes 2016-01-30 00:03:25 +01:00
Mikael Nordfeldth
771f08b3c7 Merge branch 'master' of git.gnu.io:gnu/gnu-social 2016-01-30 00:02:56 +01:00
Mikael Nordfeldth
5167b1fa40 Don't trust local HTML either
If we reallyreally want to include <img> or <script> or whatever then we
have to do that after Notice::saveActivity sets ->rendered.
2016-01-30 00:02:03 +01:00
Mikael Nordfeldth
c6ae883ad2 Don't trust local HTML either
If we reallyreally want to include <img> or <script> or whatever then we
have to do that after Notice::saveActivity sets ->rendered.
2016-01-30 00:00:37 +01:00
Mikael Nordfeldth
a5c1b063fd isPerson did not exist for Ostatus_profile 2016-01-29 16:15:06 +01:00
Mikael Nordfeldth
689e277c62 Allow @localuser@mysite.example to be looked up as a mention 2016-01-29 16:06:16 +01:00
Mikael Nordfeldth
36f099958c Don't match @nickname on @nickname@server.com 2016-01-29 15:53:58 +01:00
Mikael Nordfeldth
cb40f72c7e Use the profile URI when linking instead of URL
since we'll then get to /user/$id instead of /$nickname which is
good for future archives if someone changes their nickname...
2016-01-29 15:21:01 +01:00
Mikael Nordfeldth
5b11238010 Don't use system include path
Sometimes systems have _old_ DB_DataObject classes lying around that
get included by default, so we just try to avoid anything that we don't
ship ourselves.

<MMN-o> BeS: I'll commit a patch that will make this issue go away
<BeS> MMN-o: that would be awesome!
<MMN-o> but it might upset bashrc who's working on a Debian package (where you're _supposed_ to include from /usr/php etc. :P)
<MMN-o> but I'll leave a comment along with it
2016-01-28 20:31:46 +01:00
Mikael Nordfeldth
6b31feb70f Strict Standards: Declaration of MysqlSchema::get()
should be compatible with Schema::get($conn = NULL)
2016-01-28 20:18:06 +01:00
Mikael Nordfeldth
a6898b033d Fullname and location are now text, not varchar, and can be >191|255 2016-01-28 19:12:30 +01:00