MySQL stores TIMESTAMP columns as UTC, but with a local time interface. (SRSLY?!) DATETIME columns are always bare and assumed to be local time, but we keep only UTC in them.
Forcing the session time_zone to UTC means we won't have to worry as much about what we're sending/receiving in there.
Also will let us remove the hack in master commit a7abb2323e for session tweaks
Had to tweak statusnet.ini to remove the DB_DATAOBJECT_MYSQLTIMESTAMP bitfield constant on session.modified; while it sounds like a useful and legit setting, it actually just means that DB_DataObject silently fails to pass through any attempts to explicitly set the value. As a result, MySQL does its default behavior which is to insert the current *LOCAL* time, which is useless.
This was leading to early GC west of GMT, or late GC east of it. Early GC could at worst destroy all live sessions (whoever's session *triggered* GC is fine, as the session then gets saved right back.)
In order to apply to PHP's POST processing, the MAX_FILE_SIZE field must appear *before* the file upload field. They were incorrectly placed after, where they had no effect on POST processing.
* '0.9.x' of gitorious.org:statusnet/mainline: (102 commits)
Fix for ticket #3010: blocks are now applied against the original poster of repeats.
Fix XML API output for several profile update methods that returned a <user> entry but didn't set namespaces, causing XML parse failures.
Fix for ticket #3007: .bmp avatar uploads weren't being properly converted to PNG in all cases
Bookmark saving robustness fixes
remove boilerplate from NewMenuPlugin
Localisation updates from http://translatewiki.net.
L10n consistency updates in wording and punctuation. Translator documentation added/updated. Superfluous whitespace removed.
Add translator documentation Fix L10n issues Remove superfluous whitespace
Add correct punctuation for client exceptions.
Add correct punctuation for client exception.
Add correct punctuation for client exception.
Add email field to Twitter registration form; needed when RequireValidatedEmail plugin is present.
Add email field on openid registration; needed to register if RequireValidatedEmail plugin is also present.
Event hook points needed for recaptcha on facebook login form (untested, but should be legit -- same adds as openid & twitter reg forms)
Event hook points needed to run Recaptcha on Twitter registration
Fix inconsistent use of 'name' vs 'fullname' in tw_fields member variable
Add Start/EndRegistrationData event hooks in finishopenidlogin: allows recaptcha to add its captcha display to the form (checked since addition of StartRegistrationTry)
Ticket #2999: RequireValidatedEmail plugin now also prevents group creation by unvalidated users.
Localisation updates from http://translatewiki.net.
Translator comments added L10n updates Remove superfluous whitespace Number parameters in message when two or more are used ClientException and ServerException should end with a period
...
Previously, if someone you subscribe to repeats a notice by someone you've blocked, you got the message and had to just roll your eyes.
Now blocks are checked against both the current notice's posting profile, and the poster of the original if it's a repeat.
Part of the reported issue was previuosly fixed by dc497ed0 (smaller size images being blanked).
This commit fixes the remaining bug with original-size avatars being left as BMP (which could include the 96px size for instance, which could cause problems in browsers not supporting BMP natively)
Added ImageFile::copyTo() as a convenient alias for resizeTo() when not resizing; this performs the BMP/XPM/XBM->PNG conversion if needed, or copies the original file.
Copying instead of using move_uploaded_file() is fine here since:
a) the files are cleaned up on script completion anyway (vs moving to remove it)
b) we're already performing getimagesize() and possibly load/resize on the file before this point (vs needing to move the file into a usable area to work with open_basedir restrictions that prevent working directly with uploaded files in the temp dir; since this would fail anyway, we lose nothing)
ImageFile::preferredType() now works on $this->type instead of asking for one, to make it handier to use from outside. (This is still needed in order for calling code to generate a target filename.)
Recommended for future:
* additional consolidation between the various ways of uploading avatars (touched avatarsettings, grouplogo, and apiaccountupdateprofileimage with similar minor changes)
* consolidate type checks and file naming into Avatar class
There's a new menu layout in this version of the software. It was
implemented as a plugin in 0.9.x to avoid clashes with existing themes,
but we're going to break that compatibility in this version, so we're just going for it.
This change involved moving all the changes in NewMenuPlugin into the
default code that was calling it. In addition, since
accountsettingsaction and connectsettingsaction differed only by menu,
I removed them, changed all references to them to the settingsmenu, and moved
the combined nav to its own class.
Let's put that episode behind us.
The CSS shim that was loaded by NewMenuPlugin for certain themes and certain actions
was removed.
'admin' is a pretty common username that people try when installing;
it was blacklisted because all of our admin panels were at /admin/*,
which would conflict with the admin user's namespace.
Changed the location of all admin panels to /panel/*, blacklisted the
nickname 'panel', and allowed 'admin'. Tested with a fresh install;
seems to work great.