Commit Graph

341 Commits

Author SHA1 Message Date
Joshua Wise
4a30da924a Escape argument to User::getTaggedSubscribers() to preven SQL injection
This change escapes the argument to User::getTaggedSubscribers() to
prevent SQL injection attacks.

Both code paths up the stack fail to escape this parameter, so this is
a potential SQL injection attack.
2013-07-16 10:43:56 -07:00
Evan Prodromou
08c72a00e8 Use better type, title for service 2013-06-04 16:30:40 -04:00
Evan Prodromou
d81b257290 Better registrationActivity 2013-06-04 15:20:00 -04:00
Evan Prodromou
9f94ed81ee Add an ID to registered service 2013-06-03 08:55:00 -04:00
Evan Prodromou
cbb5586ab7 Add a registration activity to the end of every backup 2013-06-02 14:38:00 -04:00
Michele macno Azzolari
ad2fd9abd4 Fix whitescreen on recoverpassword with unknown user 2011-12-02 15:48:29 -05:00
Evan Prodromou
ea1a11a087 site-wide option to enable old-school settings 2011-09-24 09:46:13 -04:00
Evan Prodromou
ddc121c085 New table for all old-school UI prefs 2011-09-24 07:12:34 -04:00
Evan Prodromou
02a30cf47c start using stream mode prefs instead of separate parameter 2011-09-23 17:50:38 -04:00
Zach Copley
32fa6dd7a2 Fix logging level in log msg 2011-08-27 12:42:09 -07:00
Evan Prodromou
9ca3c3d1c3 move core schema to class files 2011-08-22 17:52:02 -04:00
Evan Prodromou
c227045975 Merge branch '1.0.x' of gitorious.org:statusnet/mainline into 1.0.x 2011-06-10 16:50:33 -04:00
Zach Copley
36d619480a Rip out user, group and site design customization code
Squashed commit of the following:

commit 0bcfb6535115ec0a11669420f8689aeedc417bc8
Author: Zach Copley <zach@status.net>
Date:   Thu Jun 9 15:51:47 2011 -0400

    Remove design-related stuff from the API

commit 88da010256fbcaee1ff01d9507ea47d3225f2825
Author: Zach Copley <zach@status.net>
Date:   Thu Jun 9 15:40:16 2011 -0400

    Mop up misc design related code

commit 11958b064745b797b4c9f9f4b7e8f65e4c82ce83
Author: Zach Copley <zach@status.net>
Date:   Thu Jun 9 15:21:00 2011 -0400

    Remove Design DB_DataObject class and references to it in schema

commit f8540594728ce6ba4697eb21657ccb897a9fc127
Author: Zach Copley <zach@status.net>
Date:   Thu Jun 9 13:15:54 2011 -0400

    Remove design-related actions and widgets

commit ddf7b4d425b88b58956b8be06047d2a3e0560bd2
Author: Zach Copley <zach@status.net>
Date:   Thu Jun 9 13:10:57 2011 -0400

    Remove navigation / routing to design settings actions

commit e3f280f8780d99168edf37ef766956f281e9c5da
Author: Zach Copley <zach@status.net>
Date:   Thu Jun 9 13:03:09 2011 -0400

    CurrentUserDesignAction -> Action

commit 6780b1a07e1375a7fa0fd48c8bf3109d9a12e33e
Author: Zach Copley <zach@status.net>
Date:   Thu Jun 9 12:54:22 2011 -0400

    * GroupDesignAction -> GroupAction (new base class for group actions)

commit 2136377e895db274709a1d486f377f13946ccfd6
Author: Zach Copley <zach@status.net>
Date:   Thu Jun 9 12:36:40 2011 -0400

    OwnerDesignAction -> Action
2011-06-09 16:20:19 -04:00
Evan Prodromou
1b0bafc6cc Move recoverpassword functionality to User 2011-06-07 11:22:19 -04:00
Evan Prodromou
c85eeb868e note converted user id on registration 2011-05-23 17:25:00 -04:00
Evan Prodromou
73f4762a55 Don't serialize protected attrs 2011-04-18 18:23:06 -04:00
Siebrand Mazeland
f0d762f196 Update/add translator documentation.
L10n/i18n updates.
Superfluous whitespace removed.
Add FIXME for a few i18n issues I couldn't solve this quickly.

Takes care of documentation for all core code added in merge of "people tags" feature (Commit:e75c9988ebe33822e493ac225859bc593ff9b855).
2011-04-10 19:59:55 +02:00
Shashi Gowda
fc21e5c76b Fix type conversion warnings caused when calling getUser / getProfile for the second time 2011-04-09 22:16:52 +05:30
Shashi Gowda
f47027abbe Merge remote-tracking branch 'mainline/1.0.x' into people_tags_rebase
Conflicts:
	lib/profileblock.php
	theme/default/css/display.css
2011-04-09 21:57:45 +05:30
Shashi Gowda
4d61760154 Merge remote-tracking branch 'mainline/1.0.x' into people_tags_rebase 2011-04-08 17:16:20 +05:30
Evan Prodromou
adf4d96013 store oft-requested stuff in the data object 2011-04-07 16:55:32 -04:00
Evan Prodromou
84d848f78c correctly return values 2011-04-07 15:27:40 -04:00
Evan Prodromou
5dfb8e2bc4 Use InboxNoticeStream class for inbox
Move the code for inbox fetching to the InboxNoticeStream class.
2011-04-07 14:54:42 -04:00
Shashi Gowda
57198a7464 Merge remote-tracking branch 'mainline/1.0.x' into people_tags_rebase
Conflicts:
	actions/tagother.php
	lib/subscriberspeopleselftagcloudsection.php
	lib/subscriptionspeopleselftagcloudsection.php
2011-04-04 13:26:27 +05:30
Evan Prodromou
4f5355a9f2 add the private_stream attribute to User 2011-03-30 08:16:30 -04:00
Shashi Gowda
5a2bab07b2 Merge remote-tracking branch 'mainline/1.0.x' into people_tags_rebase
Conflicts:
	actions/tagother.php
	classes/Profile.php
	classes/Profile_tag.php
	js/util.min.js
2011-03-30 15:47:42 +05:30
Siebrand Mazeland
700018fd09 L10n/i18n updated.
Translator documentation updated.
FIXME added for missing class documentation.
Various documentation tweaks.
2011-03-29 23:00:29 +02:00
Brion Vibber
a70e68e09c Work in progress: can create & cancel sub requests 2011-03-28 16:12:51 -07:00
Brion Vibber
df5def8ce4 Work in progress: subscription approval policy field in place on user, hooked up to settings. Queue not 100% tidied up, no UI for queue or management yet. 2011-03-28 15:13:59 -07:00
Evan Prodromou
44bcc942b8 Break up stream code to use separate notice stream classes
Rearchitect (again!) notice stream code to delegate different functionality up and down the stack.

Now, different classes implement NoticeStream.
2011-03-24 18:04:19 -04:00
Evan Prodromou
0b35ce7c37 New NoticeStream class to reify streams of notices
We've been muddling through with 6- or 8-argument functions for managing streams. I'd
like to start thinking of streams as their own thing, and give them some more value.

So, the new NoticeStream class takes over the Notice::stream() function and Notice::getStreamByIds().

There's probably some fine-tuning to do on the object interface.
2011-03-23 11:29:55 -04:00
Shashi Gowda
bf121a695a Merge remote-tracking branch 'mainline/1.0.x' into people_tags_rebase
Conflicts:
	classes/Profile.php
2011-03-22 07:59:06 +05:30
Brion Vibber
541dfa04fe Switch things from calling Group_member::join & leave & calling events manually to running through Profile::joinGroup() && Profile::leaveGroup(), with the events encapsulated. 2011-03-21 14:35:29 -07:00
Shashi Gowda
1b1a427237 DB_DataObjects for people tags 2011-03-06 23:28:03 +05:30
Brion Vibber
a7005f3975 Alternate Inbox streaming function optimized for threaded paging (for /all stream, while things using the existing API inbox methods won't be affected) 2011-03-01 15:16:39 -08:00
Zach Copley
b7d0746694 Merge branch '0.9.x' into 1.0.x
Conflicts:
	actions/confirmaddress.php
	actions/emailsettings.php
	actions/hostmeta.php
	actions/imsettings.php
	actions/login.php
	actions/profilesettings.php
	actions/showgroup.php
	actions/smssettings.php
	actions/urlsettings.php
	actions/userauthorization.php
	actions/userdesignsettings.php
	classes/Memcached_DataObject.php
	index.php
	lib/accountsettingsaction.php
	lib/action.php
	lib/common.php
	lib/connectsettingsaction.php
	lib/designsettings.php
	lib/personalgroupnav.php
	lib/profileaction.php
	lib/userprofile.php
	plugins/ClientSideShorten/ClientSideShortenPlugin.php
	plugins/Facebook/FBConnectSettings.php
	plugins/Facebook/FacebookPlugin.php
	plugins/NewMenu/NewMenuPlugin.php
	plugins/NewMenu/newmenu.css
2011-02-28 15:39:43 -08:00
Zach Copley
6eca8188b6 Fix a couple spelling mistakes in comments and remove redundant statement terminator 2011-01-19 15:52:18 -08:00
Brion Vibber
d8a3a88ec8 Merge branch '0.9.x' into 1.0.x
Conflicts:
	classes/Memcached_DataObject.php
2010-12-17 17:13:21 -08:00
Brion Vibber
71151b3bc0 Update sorting for User::repeatedByMe() -- currently unused. Likely not ideally indexed yet. 2010-12-17 15:28:55 -08:00
Brion Vibber
b80151275a Update sorting on api/statuses/retweets_of_me; was and remains poorly indexed, but will use updated sorting method. 2010-12-17 15:25:19 -08:00
Brion Vibber
bf20258f4b Merge branch '0.9.x' into 1.0.x 2010-12-15 11:59:31 -08:00
Zach Copley
bb55784e90 Move getConnectedApps() from Profile to User, where it belongs 2010-12-12 17:37:42 -08:00
Brion Vibber
9df856e667 Merge branch '0.9.x' into merge
Conflicts:
	README
	actions/hostmeta.php
	classes/File_redirection.php
	lib/common.php
	lib/designsettings.php
	lib/router.php
	lib/util.php
	lib/xmppmanager.php
	plugins/OStatus/OStatusPlugin.php
2010-12-07 10:50:05 -08:00
Brion Vibber
2617c40e04 Merge branch 'master' of gitorious.org:statusnet/mainline into 0.9.x
Conflicts:
	classes/User.php
2010-12-06 12:44:19 -08:00
Brion Vibber
76f3dc32e0 Added User::singleUserNickname() as (temporary?) fallback for single-user lookup as a workaround for site setup of 1user sites. We found that an external tool attempting to spin up StatusNet and then register the user would fail because StatusNet's router setup dies on being unable to find its single-user account, since the nickname is needed in setting up routing entries. This tweak will let it survive, using the configured setting as a fallback if it can't actually find the user account. 2010-12-06 12:39:09 -08:00
Brion Vibber
aa96c3c1d9 Fix for tickets #2917, #2262: user URL shortening options not being applied in non-web channels
common_shorten_links() can only access the web session's logged-in user, so never properly took user options into effect for posting via XMPP, API, mail, etc.

Adds an optional $user parameter on common_shorten_links(), and a $user->shortenLinks() as a clearer interface for that.
Tweaked some lower-level functions so $user gets passed down -- making the $notice_id param previously there for saving URLs at notice save time generalized a little.

Note also ticket #2919: there's a lot of duplicate code calling the shortening, checking the length, and reporting near-identical error messages. These should be consolidated to aid in code and translation maintenance.
2010-12-02 13:41:56 -08:00
Brion Vibber
6e249b4ab5 doc comments on User::allowed_nickname 2010-11-29 11:57:27 -08:00
Brion Vibber
0d0e51292d some User -> Profile cleanup to help in adapting the profile page action to show stuff for remote users. Subscriptions, groups, roles, etc are all on profiles now so go ahead and use em. 2010-11-15 15:32:57 -08:00
Brion Vibber
b26eccf33c Merge branch '0.9.x' into 1.0.x 2010-10-28 16:26:34 -07:00
Evan Prodromou
b5206fe6ca fall back to siteowner on bad nickname (Bug#2861) 2010-10-28 10:46:57 -04:00
Brion Vibber
ca489631db Merge branch '0.9.x' into 1.0.x
Conflicts:
	actions/subscriptions.php
	lib/router.php
	lib/xmppmanager.php
	lib/xmppoutqueuehandler.php
2010-10-25 13:08:57 -07:00
Siebrand Mazeland
28ec9d6463 * translator documentation added.
* moved some translator comments that were not directly above the line with the message to the correct location.
* i18n for UI text.
* superfluous whitespace removed.
2010-10-21 01:12:56 +02:00
Brion Vibber
8004e2809d Fix for ticket #2845: singleuser nickname configuration was being overridden by site owner in router setup.
I've consolidated the checks for which user to use for single-user mode into User::singleUser(), which now uses the configured nickname by preference, falling back to the site owner if it's unset.
This is now called consistently from the places that needed to use the primary user's nickname in routing setup.

Setting $config['singleuser']['nickname'] should now work again as expected.
2010-10-20 14:34:25 -07:00
Brion Vibber
59119482ca Merge branch '0.9.x' of gitorious.org:statusnet/mainline into 1.0.x
Conflicts:
	actions/hostmeta.php
	actions/imsettings.php
	classes/User.php
	lib/adminpanelaction.php
	lib/channel.php
	lib/default.php
	lib/router.php
	lib/util.php
2010-10-04 12:54:36 -07:00
Zach Copley
3960c9ad39 Move blowFavesCache() to Profile 2010-09-29 16:35:12 -07:00
Zach Copley
c19e592fa8 Move hasFave() to Profile 2010-09-29 16:35:12 -07:00
Evan Prodromou
4d01f8fbb6 save a URI with the user 2010-09-22 12:08:17 -04:00
Brion Vibber
28b06864fb Fix for #2227: 'view profile designs' and other default-on options are initially mis-set to off due to caching at account creation 2010-09-20 17:37:21 -07:00
Brion Vibber
521daf5562 Ticket #2327: fixing block to remove the blocking user's subscription to the blockee if present; also cleaning up inbox delivery to apply the block checks more consistently, instead of just to group posts. 2010-09-20 16:00:25 -07:00
Evan Prodromou
a319b40c97 common_cache_key() -> Cache::key() 2010-09-06 10:07:43 -04:00
Evan Prodromou
8f81762d68 common_memcache() => Cache::instance() 2010-09-06 09:56:45 -04:00
Evan Prodromou
9f0715a993 Merge branch '0.9.x' into 1.0.x 2010-08-03 16:05:03 -07:00
Siebrand Mazeland
125ff142e8 * mark a few message for translation
* add translator documentation
2010-07-29 13:36:08 +02:00
Eric Helgeson
9b899eea75 Make some messages gender neutral. 2010-07-19 21:09:09 -05:00
Brion Vibber
173778eab1 Merge branch '0.9.x' of gitorious.org:statusnet/mainline into 1.0.x
Conflicts:
	lib/xmppmanager.php (resolved: code has moved to XmppPlugin.php)
2010-05-05 17:11:23 -07:00
Zach Copley
b50f300566 Implement since_id and max_id param handling for /api/favorites 2010-05-05 14:46:36 -07:00
Craig Andrews
39392e03a7 Merge branch '0.9.x' into 1.0.x
Conflicts:
	actions/confirmaddress.php
	actions/imsettings.php
2010-04-18 19:21:15 -04:00
Brion Vibber
71c828de89 Allow blocking someone who's not currently subscribed to you (prevents seeing @-replies from them, or them subbing to you in future) 2010-04-10 17:52:40 -07:00
Brion Vibber
2f4438fe24 Merge branch '0.9.x' into 1.0.x
Conflicts:
	actions/imsettings.php
	lib/jabber.php

Made a quick attempt to merge the new JID validation into the XmppPlugin, have not had a chance to test that version live yet.
Should also move over the test cases.
2010-04-02 15:56:25 -07:00
Evan Prodromou
d3f995846b use Subscription::cancel() to cancel all subscriptions on block 2010-03-31 15:20:16 -04:00
Brion Vibber
01a03e34c8 Merge branch '0.9.x' into 1.0.x 2010-03-29 15:15:51 -07:00
Evan Prodromou
65766a0ebe continue deleting even if user profile record is missing 2010-03-28 11:58:16 -04:00
Brion Vibber
e89908f261 Merge branch '0.9.x' of git@gitorious.org:statusnet/mainline into 1.0.x
Conflicts:
	lib/channel.php
	scripts/imdaemon.php
2010-03-22 13:56:16 -07:00
Brion Vibber
cac9d23498 Fix for xmpp/sms notification options appearing to be disabled on new subscriptions.
Base problem is that our caching-on-insert interferes with relying on column default values; the cached object is missing those fields, so they appear to be empty (null) when the object is retrieved from cache.
Now explicitly setting them when inserting subscriptions, and cleaned up some code that had alternate code paths.

May also have made auto-subscription work for remote OStatus subscribers, but can't test until magic sigs are working again.
2010-03-18 14:26:32 -07:00
Brion Vibber
1de7badd78 Merge branch 'master' of git@gitorious.org:statusnet/mainline into testing 2010-03-18 10:55:20 -07:00
Brion Vibber
515cdf28a8 Ensure that DB connection is active at start of User::updateKeys() and Foreign_user::updateKeys(); calls to $this->_quote() require a live connection object and don't lazy-initialize themselves.
May fix WSOD when changing incoming email address.
2010-03-18 09:24:55 -07:00
Evan Prodromou
425ddcaa26 add exception on inconsistent db to User::getProfile() 2010-03-18 08:35:10 -05:00
Sarven Capadisli
4c320872d9 Merge branch 'testing' of git@gitorious.org:statusnet/mainline into 0.9.x 2010-03-11 16:39:07 -05:00
Brion Vibber
ce92bc7143 Drop timestamp cutoff parameter from User::getCurrentNotice() and Profile::getCurrentNotice().
It's not currently used, and won't be efficient when we update the notice.profile_id_idx index to optimize for our id-based sorting when pulling user post lists for profile pages, feeds etc.
2010-03-11 11:01:01 -08:00
Craig Andrews
714d920fae Merge branch '0.9.x' into 1.0.x
Conflicts:
	classes/statusnet.ini
	db/statusnet.sql
	lib/jabber.php
	lib/xmppmanager.php
2010-03-08 17:22:23 -05:00
Brion Vibber
b218aee94e Merge commit 'origin/testing' into 0.9.x
Conflicts:
	lib/action.php
	lib/adminpanelaction.php
2010-03-04 06:07:28 -08:00
Brion Vibber
3bb42d1170 Use poster's subscribed groups to disambiguate group linking when a remote group and a local group exist with the same name. (If you're a member of two groups with the same name though, there's not a defined winner.) 2010-03-03 19:00:02 +00:00
Brion Vibber
ddf3614c84 Merge branch 'testing' of git@gitorious.org:statusnet/mainline into 0.9.x 2010-03-02 13:38:10 -08:00
Brion Vibber
6b134ae4c7 Dropped deprecated timestamp-based 'since' parameter for all API methods. When it sneaks in it can cause some very slow queries due to mismatches with the indexing.
Twitter removed 'since' support some time ago, and we've already removed it from the public timeline, so it shouldn't be missed.
2010-03-02 11:54:02 -08:00
Craig Andrews
410cd52434 bail out if the requested nickname is illegal 2010-02-26 15:51:25 -05:00
Craig Andrews
c187bf5597 Merge branch '0.9.x' into 1.0.x
Conflicts:
	EVENTS.txt
	db/statusnet.sql
	lib/queuemanager.php
2010-02-24 20:52:45 -05:00
Evan Prodromou
52e8aa798a Refactor subs_* functions for remote use
The subs_* functions in subs.php have made a lot of assumptions
about users versus profiles. I've refactored the functions to
be methods of the Subscription class instead, and to use Profile
objects throughout.

Some of the checks for blocks or existing subscriptions depended
on users or profiles, so I've moved those methods around a bit.

I've left stubs for the subs_* functions until we get time to replace
them.
2010-02-19 08:16:45 -05:00
Craig Andrews
32084e33a2 Merge branch '0.9.x' into 1.0.x
Conflicts:
	lib/queuemanager.php
2010-02-16 10:25:57 -05:00
Brion Vibber
9554b4ccbf Inbox::streamNotices() with deletion compensation: inbox paging should more or less work with deleted items now.
No change in efficiency for the common case where nothing's deleted: does the same bulk fetch of just the notices we think we'll need as before, then if we turned up short keeps checking one by one until we've filled up to our $limit.

This can leave us with overlap between pages, but we already have that when new messages come in between clicks; seems to be the lesser of evils versus not getting a 'before' button.
More permanent fix for that will be to switch timeline paging in the UI to use notice IDs.
2010-02-04 15:09:04 -08:00
Craig Andrews
057ec1fcea Merge branch '0.9.x' into 1.0.x
Conflicts:
	EVENTS.txt
	lib/imqueuehandler.php
	lib/jabber.php
	lib/util.php
	plugins/Xmpp/Sharing_XMPP.php
2010-02-02 17:00:10 -05:00
Evan Prodromou
f9cb1c3265 restructuring of User::registerNew() lost password munging 2010-02-01 00:47:50 -05:00
Evan Prodromou
fb36094eb1 buggy fetch for site owner 2010-01-31 22:55:07 -05:00
Evan Prodromou
8cb8b357a4 add hooks for user registration 2010-01-29 17:54:54 -05:00
Evan Prodromou
70a4f8c0e2 method to get the site owner 2010-01-29 15:15:23 -05:00
Craig Andrews
e9995b0f6a Create IM plugin, Pluginize XMPP, Create AIM plugin 2010-01-27 13:48:35 -05:00
Evan Prodromou
e26a843caf Offload inbox updates to a queue handler to speed up posting online
Moved much of the writing that happens when posting a notice to a new
queuehandler, distribqueuehandler. This updates tags, groups, replies
and inboxes at queue time (or at Web time, if queues are disabled).

To make this work well, I had to break up the monolithic
Notice::blowCaches() and make cache blowing happen closer to where
data is updated.

Squashed commit of the following:

commit 5257626c62750ac4ac1db0ce2b71410c5711cfa3
Author: Evan Prodromou <evan@status.net>
Date:   Mon Jan 25 14:56:41 2010 -0500

    slightly better handling of blowing tag memory cache

commit 8a22a3cdf6ec28685da129a0313e7b2a0837c9ef
Author: Evan Prodromou <evan@status.net>
Date:   Mon Jan 25 01:42:56 2010 -0500

    change 'distribute' to 'distrib' so not too long for dbqueue

commit 7a063315b0f7fad27cb6fbd2bdd74e253af83e4f
Author: Evan Prodromou <evan@status.net>
Date:   Mon Jan 25 01:39:15 2010 -0500

    change handle_notice() to handle() in distributqueuehandler

commit 1a39ccd28b9994137d7bfd21bb4f230546938e77
Author: Evan Prodromou <evan@status.net>
Date:   Mon Jan 25 16:05:25 2010 -0500

    error with queuemanager

commit e6b3bb93f305cfd2de71a6340b8aa6fb890049b7
Author: Evan Prodromou <evan@status.net>
Date:   Mon Jan 25 01:11:34 2010 -0500

    Blow memcache at different point rather than one big function for Notice class

commit 94d557cdc016187d1d0647ae1794cd94d6fb8ac8
Author: Evan Prodromou <evan@status.net>
Date:   Mon Jan 25 00:48:44 2010 -0500

    Blow memcache at different point rather than one big function for Notice class

commit 1c781dd08c88a35dafc5c01230b4872fd6b95182
Author: Evan Prodromou <evan@status.net>
Date:   Wed Jan 20 08:54:18 2010 -0500

    move broadcasting and distributing to new queuehandler

commit da3e46d26b84e4f028f34a13fd2ee373e4c1b954
Author: Evan Prodromou <evan@status.net>
Date:   Wed Jan 20 08:53:12 2010 -0500

    Move distribution of notices to new distribute queue handler
2010-01-25 18:08:21 -05:00
Evan Prodromou
1bbd19169f unimplement repeatedToMe() until we figure out how 2010-01-13 00:44:29 -08:00
Evan Prodromou
1e7ec69190 some formatting changes to make inblobs work 2010-01-09 10:02:07 -08:00
Evan Prodromou
f2a403589c Use inbox instead of notice_inbox 2010-01-09 10:02:07 -08:00
Evan Prodromou
39bdda9c7e More configuration options for location sharing 2009-12-28 14:43:34 -08:00