Evan Prodromou
f48ade3a81
Fix broken Italian translation in facebook bridge
2013-07-16 11:28:29 -07:00
Evan Prodromou
6bf2c182b3
Upgrade version number
...
Conflicts:
lib/framework.php
2013-07-16 11:25:25 -07:00
Joshua Wise
89ba820246
Escape argument to prevent SQL injection attack in
...
User::getTaggedSubscriptions()
This change escapes the $tag argument to prevent a SQL injection
attack in User::getTaggedSubscriptions(). The parameter was not
escaped higher up the stack, so this vulnerability could be exploited.
2013-07-16 10:47:29 -07:00
Joshua Wise
4a30da924a
Escape argument to User::getTaggedSubscribers() to preven SQL injection
...
This change escapes the argument to User::getTaggedSubscribers() to
prevent SQL injection attacks.
Both code paths up the stack fail to escape this parameter, so this is
a potential SQL injection attack.
2013-07-16 10:43:56 -07:00
Joshua Wise
e54cb6958a
Escape query parameters in Profile_tag::getTagged()
...
This patch escapes query parameters in Profile_tag::getTagged(). This
is an extra security step; since these parameters come out of the
database, it's unlikely that they would have dangerous data in them.
2013-07-16 10:35:44 -07:00
Joshua Wise
5b118b3781
Escape SQL parameter in Profile_tag::moveTag()
...
This change adds additional escapes for arguments to
Profile_tag::moveTag(). The arguments are canonicalized in the API and
Web UI paths higher up the stack, but this change makes sure that no
other paths can introduce SQL injection errors.
2013-07-16 10:27:30 -07:00
Joshua Wise
c5a710e081
Escape $tag passed to Profile::getTaggedSubscribers()
...
This patch escapes the $tag parameter in
Profile::getTaggedSubscribers(). The parameter is not escaped either
in actions/subscriptions.php or in actions/apiuserfollowers.php. So
there is a potential for SQL injection here.
2013-07-16 10:14:38 -07:00
Joshua Wise
3fb2c06cba
Potential SQL injection in Local_group::setNickname()
...
This change escapes a parameter in Local_group::setNickname(). Review
of the code paths that call this function sanitize the parameter
higher up the stack, but it's escaped here to prevent mistakes later.
Note that nickname parameters are normally alphanum strings, so
there's not much danger in double-escaping them.
2013-07-16 10:11:26 -07:00
Evan Prodromou
4092ee1bd1
Squashed commit of the following:
...
commit bd23a7da105d635414643dfcedd9c8f710d565b8
Author: Evan Prodromou <evan@e14n.com>
Date: Sat Jun 29 07:49:03 2013 -0400
Make the after flag work correctly
commit 5c5845a2f866f0bbffedd8e2e5d1f512f87d5329
Author: Evan Prodromou <evan@e14n.com>
Date: Sat Jun 29 06:14:43 2013 -0400
Add an 'after' flag for backup script
2013-06-29 07:49:43 -04:00
Evan Prodromou
660b8f0c9c
Merge branch '1.1.x' of gitorious.org:statusnet/mainline into 1.1.x
2013-06-25 22:27:23 -04:00
Evan Prodromou
37bbb96e1b
Better output for shares
2013-06-25 22:27:02 -04:00
Jean Baptiste Favre
707dd44f6b
Merge commit 'merge-requests/192' into statusnet_1.1.x
2013-06-15 20:11:24 +02:00
Jean Baptiste Favre
fcdd4d2cf0
Fix introduced bug, trying to shorten an empty status.
2013-06-15 19:07:43 +02:00
Jean Baptiste Favre
58a2630933
Code cleaning. Do call shortenLinks only once, right before saving new notice.
2013-06-15 19:07:43 +02:00
Jean Baptiste Favre
344a10be8b
Code cleaning, remove 'TEST' tags.
2013-06-15 19:07:43 +02:00
Jean Baptiste Favre
ec072e0af7
Notice update with media attachment may fail through API when status text + attachment length get higher than max notice length. Calling URL shortener can make global length less than maxlength, though allowing notice update.
2013-06-15 19:07:43 +02:00
Jean Baptiste Favre
1b39f89b96
Add configuration check. Need 'server', 'port', 'user' and 'password' to be defined (not valid, just defined).
2013-06-15 18:59:17 +02:00
Jean Baptiste Favre
f175512748
Remove static definition of imdaemon.php as valid daemon.
2013-06-15 18:59:17 +02:00
Jean Baptiste Favre
b8a69d023b
Add basic support for GetValidDaemon event. Shall be extended with configuration check.
2013-06-15 18:59:16 +02:00
Jean Baptiste Favre
93c8969a27
Remove alone 'groups' link on the left side. Useless I guess.
2013-06-15 18:41:04 +02:00
Jean Baptiste Favre
d1e46e61ac
Add same CSS rules for #remoteprofile than for #showstream. Allows to hide avatars, like for local profiles.
2013-06-15 18:41:04 +02:00
Jean Baptiste Favre
5a0f17933b
Display notices for remote profile. Would like to hide avatar like in local profile but did not found how to do it.
2013-06-15 18:41:04 +02:00
Jean Baptiste Favre
d48076253b
Fix error 'No matches for action subscriptions with arguments nickname...' when displaying remote profile.
2013-06-15 18:41:04 +02:00
Jean Baptiste Favre
368906258a
You need an API key when using embed.ly. Unfortunatly oembedhelper.php does not support it. This commit aims to fix it.
2013-06-15 18:35:41 +02:00
Jean Baptiste Favre
d36f443666
Bookmark plugin enhancement: display Bookmark's list. Integration of @chimo's work ( http://http://sn.chromic.org/ ) from https://github.com/chimo/BookmarkList into official plugin.
2013-06-15 18:31:05 +02:00
Evan Prodromou
7a5bd495c5
Better ID for notice activity
2013-06-15 12:07:34 -04:00
Jean Baptiste Favre
b23a744fba
Fix for #3649 issue.
2013-06-15 16:58:50 +02:00
Jean Baptiste Favre
359f3ca113
Fix for #3651 : oAuth apps list does only show the latest registered application
2013-06-15 14:19:15 +02:00
Jean Baptiste Favre
80da81ba14
Get rid of t.co links for notice's text version. Usefull for client using API. Complements merge-request #205 by @mmn
2013-06-15 11:30:17 +02:00
Jean Baptiste Favre
108aa5c467
Replace t.co links with expanded one provided by Twitter. Can still be a shortened one & will be done only for HTML view, but still a start. Backport of merge_requests/205.
2013-06-15 11:29:09 +02:00
Evan Prodromou
f8393d10b7
Bad variable in ActivityObject::fromMessage()
2013-06-08 21:05:09 -04:00
Evan Prodromou
f189d0b438
Bad variable in Message::asActivity()
2013-06-08 21:04:51 -04:00
Evan Prodromou
0a0aeed413
Use the link property for the URL, not the ID
2013-06-08 19:19:16 -04:00
Evan Prodromou
393130d80f
Add direct messages to backup
2013-06-08 17:53:47 -04:00
Evan Prodromou
9fd2c3e1c9
Store direct messages as an activity
2013-06-08 17:45:49 -04:00
Evan Prodromou
ec04acb9b4
Some more well-known sources from plugins
2013-06-07 11:49:34 -04:00
Evan Prodromou
fe2c0a9687
Add generator to JSON output
2013-06-07 11:34:54 -04:00
Evan Prodromou
25823f6e5b
Some better context for notices as arrays
2013-06-07 03:11:33 -04:00
Evan Prodromou
9a3c3c5cf8
Coerce width, height of media link to integer
2013-06-07 00:30:04 -04:00
Evan Prodromou
77f23354ad
Fix the switch on type
2013-06-05 16:58:31 -04:00
Evan Prodromou
a6bb41a742
Better type check, better URL
2013-06-05 16:51:35 -04:00
Evan Prodromou
dbceb7ba1a
Better URL creation for attachments
2013-06-05 16:14:07 -04:00
Evan Prodromou
7366ee73f5
Better handling of null values in ActivityObject::mimeTypeToObjectType
2013-06-05 16:14:02 -04:00
Evan Prodromou
772383e84b
Use real attachments for JSON output
2013-06-05 09:39:13 -04:00
Evan Prodromou
460d80d09e
Don't set the title of a notice to its plain-text content.
2013-06-04 22:28:45 -04:00
Evan Prodromou
736bc9cc96
Don't add content as title for notes
2013-06-04 19:52:38 -04:00
Evan Prodromou
fa6138195b
Change geopoint to location
2013-06-04 17:23:09 -04:00
Evan Prodromou
b2849c4bb3
Remove duplicate of extensions
2013-06-04 17:15:43 -04:00
Evan Prodromou
46f43052f9
Use status_net, portablecontacts_net namespaces
2013-06-04 17:12:54 -04:00
Evan Prodromou
cba2b1ad9c
Slightly better ActivityStreams JSON output
2013-06-04 17:01:05 -04:00