X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=README;h=bfb94cb9e3ece6fa60fd8f75b6b5616e26c3d1c5;hb=0503bcb0e2dd75de10a74ee5fc12d1523a44b028;hp=c27182395c2d11adedccf76e86ac4e05fbf9db57;hpb=ffe2da4c80ccf8def9d6ff7f13c1e7ada15edf95;p=quix0rs-gnu-social.git
diff --git a/README b/README
index c27182395c..bfb94cb9e3 100644
--- a/README
+++ b/README
@@ -2,19 +2,19 @@
README
------
-StatusNet 0.9.6 "Man on the Moon"
-29 October 2010
+StatusNet 1.0.0beta4
+16 September 2011
-This is the README file for StatusNet, the Open Source microblogging
-platform. It includes installation instructions, descriptions of
-options you can set, warnings, tips, and general info for
-administrators. Information on using StatusNet can be found in the
+This is the README file for StatusNet, the Open Source social
+networking platform. It includes installation instructions,
+descriptions of options you can set, warnings, tips, and general info
+for administrators. Information on using StatusNet can be found in the
"doc" subdirectory or in the "help" section on-line.
About
=====
-StatusNet is a Free and Open Source microblogging platform. It helps
+StatusNet is a Free and Open Source social networking platform. It helps
people in a community, company or group to exchange short (140
characters, by default) messages over the Web. Users can choose which
people to "follow" and receive only their friends' or colleagues'
@@ -96,1544 +96,27 @@ for additional terms.
New this version
================
-This is a security, bug and feature release since version 0.9.5 released on
-10 September 2010.
-
-For best compatibility with client software and site federation, and a lot of
-bug fixes, it is highly recommended that all public sites upgrade to the new
-version.
+This is a security release since version 0.9.7 released on 11 March
+2011. It fixes security bug #3260. All sites running version 0.9.7 or
+below are recommended to upgrade to 0.9.9 immediately.
Notable changes this version:
-- Site moderators can now delete groups.
-- New themes: clean, shiny, mnml, victorian
-- New YammerImport plugin allows site admins to import non-private profiles and
- message from an authenticated Yammer site.
-- New experimental plugins: AnonFavorites, SlicedFavorites, GroupFavorited,
- ForceGroup, ShareNotice
-- OAuth upgraded to 1.0a
-- Localization updates now include plugins, thanks to translatewiki.net!
-- SSL link generation should be more consistent; alternate SSL URLs can be
- set in the admin UI for more parts of the system.
-- Experimental backupuser.php, restoreuser.php command-line scripts to
- dump/restore a user's complete activity stream. Can be used to transfer
- accounts manually between sites, or to save a backup before deleting.
-- Unicode fixes for OStatus notices
-- Header metadata on notice pages to aid in manual reposting on Facebook
-- Lots of little fixes...
-
-Changes from 0.9.6 release candidate 1:
-- fix for broken group pages when logged out
-- fix for stuck ping queue entries when bad profile
-- fix for bogus single-user nickname config entry error
-- i18n updates
-- nofollow updates
-- SSL-only mode secure cookie fix
-- experimental ApiLogger plugin for usage data gathering
-- experimental follow-everyone plugin
-
-A full changelog is available at http://status.net/wiki/StatusNet_0.9.6.
-
-Prerequisites
-=============
-
-The following software packages are *required* for this software to
-run correctly.
-
-- PHP 5.2.3+. It may be possible to run this software on earlier
- versions of PHP, but many of the functions used are only available
- in PHP 5.2 or above. 5.2.6 or later is needed for XMPP background
- daemons on 64-bit platforms. PHP 5.3.x should work correctly in this
- release, but problems with some plugins are possible.
-- MySQL 5.x. The StatusNet database is stored, by default, in a MySQL
- server. It has been primarily tested on 5.x servers, although it may
- be possible to install on earlier (or later!) versions. The server
- *must* support the MyISAM storage engine -- the default for most
- MySQL servers -- *and* the InnoDB storage engine.
-- A Web server. Preferably, you should have Apache 2.2.x with the
- mod_rewrite extension installed and enabled.
-
-Your PHP installation must include the following PHP extensions:
-
-- Curl. This is for fetching files by HTTP.
-- XMLWriter. This is for formatting XML and HTML output.
-- MySQL. For accessing the database.
-- GD. For scaling down avatar images.
-- mbstring. For handling Unicode (UTF-8) encoded strings.
-
-For some functionality, you will also need the following extensions:
-
-- Memcache. A client for the memcached server, which caches database
- information in volatile memory. This is important for adequate
- performance on high-traffic sites. You will also need a memcached
- server to store the data in.
-- Mailparse. Efficient parsing of email requires this extension.
- Submission by email or SMS-over-email uses this extension.
-- Sphinx Search. A client for the sphinx server, an alternative
- to MySQL or Postgresql fulltext search. You will also need a
- Sphinx server to serve the search queries.
-- bcmath or gmp. For Salmon signatures (part of OStatus). Needed
- if you have OStatus configured.
-- gettext. For multiple languages. Default on many PHP installs;
- will be emulated if not present.
-
-You will almost definitely get 2-3 times better performance from your
-site if you install a PHP bytecode cache/accelerator. Some well-known
-examples are: eaccelerator, Turck mmcache, xcache, apc. Zend Optimizer
-is a proprietary accelerator installed on some hosting sites.
-
-External libraries
-------------------
-
-A number of external PHP libraries are used to provide basic
-functionality and optional functionality for your system. For your
-convenience, they are available in the "extlib" directory of this
-package, and you do not have to download and install them. However,
-you may want to keep them up-to-date with the latest upstream version,
-and the URLs are listed here for your convenience.
-
-- DB_DataObject http://pear.php.net/package/DB_DataObject
-- Validate http://pear.php.net/package/Validate
-- OpenID from OpenIDEnabled (not the PEAR version!). We decided
- to use the openidenabled.com version since it's more widely
- implemented, and seems to be better supported.
- http://openidenabled.com/php-openid/
-- PEAR DB. Although this is an older data access system (new
- packages should probably use PHP DBO), the OpenID libraries
- depend on PEAR DB so we use it here, too. DB_DataObject can
- also use PEAR MDB2, which may give you better performance
- but won't work with OpenID.
- http://pear.php.net/package/DB
-- OAuth.php from http://oauth.googlecode.com/svn/code/php/
-- markdown.php from http://michelf.com/projects/php-markdown/
-- PEAR Mail, for sending out mail notifications
- http://pear.php.net/package/Mail
-- PEAR Net_SMTP, if you use the SMTP factory for notifications
- http://pear.php.net/package/Net_SMTP
-- PEAR Net_Socket, if you use the SMTP factory for notifications
- http://pear.php.net/package/Net_Socket
-- XMPPHP, the follow-up to Class.Jabber.php. Probably the best XMPP
- library available for PHP. http://xmpphp.googlecode.com/. Note that
- as of this writing the version of this library that is available in
- the extlib directory is *significantly different* from the upstream
- version (patches have been submitted). Upgrading to the upstream
- version may render your StatusNet site unable to send or receive XMPP
- messages.
-- Facebook library. Used for the Facebook application.
-- PEAR Validate is used for URL and email validation.
-- Console_GetOpt for parsing command-line options.
-- libomb. a library for implementing OpenMicroBlogging 0.1, the
- predecessor to OStatus.
-- HTTP_Request2, a library for making HTTP requests.
-- PEAR Net_URL2 is an HTTP_Request2 dependency.
-
-A design goal of StatusNet is that the basic Web functionality should
-work on even the most restrictive commercial hosting services.
-However, additional functionality, such as receiving messages by
-Jabber/GTalk, require that you be able to run long-running processes
-on your account. In addition, posting by email or from SMS require
-that you be able to install a mail filter in your mail server.
-
-Installation
-============
-
-Installing the basic StatusNet Web component is relatively easy,
-especially if you've previously installed PHP/MySQL packages.
-
-1. Unpack the tarball you downloaded on your Web server. Usually a
- command like this will work:
-
- tar zxf statusnet-0.9.6.tar.gz
-
- ...which will make a statusnet-0.9.6 subdirectory in your current
- directory. (If you don't have shell access on your Web server, you
- may have to unpack the tarball on your local computer and FTP the
- files to the server.)
-
-2. Move the tarball to a directory of your choosing in your Web root
- directory. Usually something like this will work:
-
- mv statusnet-0.9.6 /var/www/statusnet
-
- This will make your StatusNet instance available in the statusnet path of
- your server, like "http://example.net/statusnet". "microblog" or
- "statusnet" might also be good path names. If you know how to
- configure virtual hosts on your web server, you can try setting up
- "http://micro.example.net/" or the like.
-
-3. Make your target directory writeable by the Web server.
-
- chmod a+w /var/www/statusnet/
-
- On some systems, this will probably work:
-
- chgrp www-data /var/www/statusnet/
- chmod g+w /var/www/statusnet/
-
- If your Web server runs as another user besides "www-data", try
- that user's default group instead. As a last resort, you can create
- a new group like "statusnet" and add the Web server's user to the group.
-
-4. You should also take this moment to make your avatar, background, and
- file subdirectories writeable by the Web server. An insecure way to do
- this is:
-
- chmod a+w /var/www/statusnet/avatar
- chmod a+w /var/www/statusnet/background
- chmod a+w /var/www/statusnet/file
-
- You can also make the avatar, background, and file directories
- writeable by the Web server group, as noted above.
-
-5. Create a database to hold your microblog data. Something like this
- should work:
-
- mysqladmin -u "username" --password="password" create statusnet
-
- Note that StatusNet must have its own database; you can't share the
- database with another program. You can name it whatever you want,
- though.
-
- (If you don't have shell access to your server, you may need to use
- a tool like PHPAdmin to create a database. Check your hosting
- service's documentation for how to create a new MySQL database.)
-
-6. Create a new database account that StatusNet will use to access the
- database. If you have shell access, this will probably work from the
- MySQL shell:
-
- GRANT ALL on statusnet.*
- TO 'statusnetuser'@'localhost'
- IDENTIFIED BY 'statusnetpassword';
-
- You should change 'statusnetuser' and 'statusnetpassword' to your preferred new
- username and password. You may want to test logging in to MySQL as
- this new user.
-
-7. In a browser, navigate to the StatusNet install script; something like:
-
- http://yourserver.example.com/statusnet/install.php
-
- Enter the database connection information and your site name. The
- install program will configure your site and install the initial,
- almost-empty database.
-
-8. You should now be able to navigate to your microblog's main directory
- and see the "Public Timeline", which will be empty. If not, magic
- has happened! You can now register a new user, post some notices,
- edit your profile, etc. However, you may want to wait to do that stuff
- if you think you can set up "fancy URLs" (see below), since some
- URLs are stored in the database.
-
-Fancy URLs
-----------
-
-By default, StatusNet will use URLs that include the main PHP program's
-name in them. For example, a user's home profile might be
-found at:
-
- http://example.org/statusnet/index.php/statusnet/fred
-
-On certain systems that don't support this kind of syntax, they'll
-look like this:
-
- http://example.org/statusnet/index.php?p=statusnet/fred
-
-It's possible to configure the software so it looks like this instead:
-
- http://example.org/statusnet/fred
-
-These "fancy URLs" are more readable and memorable for users. To use
-fancy URLs, you must either have Apache 2.x with .htaccess enabled and
-mod_rewrite enabled, -OR- know how to configure "url redirection" in
-your server.
-
-1. Copy the htaccess.sample file to .htaccess in your StatusNet
- directory. Note: if you have control of your server's httpd.conf or
- similar configuration files, it can greatly improve performance to
- import the .htaccess file into your conf file instead. If you're
- not sure how to do it, you may save yourself a lot of headache by
- just leaving the .htaccess file.
-
-2. Change the "RewriteBase" in the new .htaccess file to be the URL path
- to your StatusNet installation on your server. Typically this will
- be the path to your StatusNet directory relative to your Web root.
-
-3. Add or uncomment or change a line in your config.php file so it says:
-
- $config['site']['fancy'] = true;
-
-You should now be able to navigate to a "fancy" URL on your server,
-like:
-
- http://example.net/statusnet/main/register
-
-If you changed your HTTP server configuration, you may need to restart
-the server first.
-
-If it doesn't work, double-check that AllowOverride for the StatusNet
-directory is 'All' in your Apache configuration file. This is usually
-/etc/httpd.conf, /etc/apache/httpd.conf, or (on Debian and Ubuntu)
-/etc/apache2/sites-available/default. See the Apache documentation for
-.htaccess files for more details:
-
- http://httpd.apache.org/docs/2.2/howto/htaccess.html
-
-Also, check that mod_rewrite is installed and enabled:
-
- http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html
-
-Sphinx
-------
-
-To use a Sphinx server to search users and notices, you'll need to
-enable the SphinxSearch plugin. Add to your config.php:
-
- addPlugin('SphinxSearch');
- $config['sphinx']['server'] = 'searchhost.local';
-
-You also need to install, compile and enable the sphinx pecl extension for
-php on the client side, which itself depends on the sphinx development files.
-
-See plugins/SphinxSearch/README for more details and server setup.
-
-SMS
----
-
-StatusNet supports a cheap-and-dirty system for sending update messages
-to mobile phones and for receiving updates from the mobile. Instead of
-sending through the SMS network itself, which is costly and requires
-buy-in from the wireless carriers, it simply piggybacks on the email
-gateways that many carriers provide to their customers. So, SMS
-configuration is essentially email configuration.
-
-Each user sends to a made-up email address, which they keep a secret.
-Incoming email that is "From" the user's SMS email address, and "To"
-the users' secret email address on the site's domain, will be
-converted to a notice and stored in the DB.
-
-For this to work, there *must* be a domain or sub-domain for which all
-(or most) incoming email can pass through the incoming mail filter.
-
-1. Run the SQL script carrier.sql in your StatusNet database. This will
- usually work:
-
- mysql -u "statusnetuser" --password="statusnetpassword" statusnet < db/carrier.sql
-
- This will populate your database with a list of wireless carriers
- that support email SMS gateways.
-
-2. Make sure the maildaemon.php file is executable:
-
- chmod +x scripts/maildaemon.php
-
- Note that "daemon" is kind of a misnomer here; the script is more
- of a filter than a daemon.
-
-2. Edit /etc/aliases on your mail server and add the following line:
-
- *: /path/to/statusnet/scripts/maildaemon.php
-
-3. Run whatever code you need to to update your aliases database. For
- many mail servers (Postfix, Exim, Sendmail), this should work:
-
- newaliases
-
- You may need to restart your mail server for the new database to
- take effect.
-
-4. Set the following in your config.php file:
-
- $config['mail']['domain'] = 'yourdomain.example.net';
-
-At this point, post-by-email and post-by-SMS-gateway should work. Note
-that if your mail server is on a different computer from your email
-server, you'll need to have a full installation of StatusNet, a working
-config.php, and access to the StatusNet database from the mail server.
-
-XMPP
-----
-
-XMPP (eXtended Message and Presence Protocol, ) is the
-instant-messenger protocol that drives Jabber and GTalk IM. You can
-distribute messages via XMPP using the system below; however, you
-need to run the XMPP incoming daemon to allow incoming messages as
-well.
-
-1. You may want to strongly consider setting up your own XMPP server.
- Ejabberd, OpenFire, and JabberD are all Open Source servers.
- Jabber, Inc. provides a high-performance commercial server.
-
-2. You must register a Jabber ID (JID) with your new server. It helps
- to choose a name like "update@example.com" or "notice" or something
- similar. Alternately, your "update JID" can be registered on a
- publicly-available XMPP service, like jabber.org or GTalk.
-
- StatusNet will not register the JID with your chosen XMPP server;
- you need to do this manually, with an XMPP client like Gajim,
- Telepathy, or Pidgin.im.
-
-3. Configure your site's XMPP variables, as described below in the
- configuration section.
-
-On a default installation, your site can broadcast messages using
-XMPP. Users won't be able to post messages using XMPP unless you've
-got the XMPP daemon running. See 'Queues and daemons' below for how
-to set that up. Also, once you have a sizable number of users, sending
-a lot of SMS, OMB, and XMPP messages whenever someone posts a message
-can really slow down your site; it may cause posting to timeout.
-
-NOTE: stream_select(), a crucial function for network programming, is
-broken on PHP 5.2.x less than 5.2.6 on amd64-based servers. We don't
-work around this bug in StatusNet; current recommendation is to move
-off of amd64 to another server.
-
-Public feed
------------
-
-You can send *all* messages from your microblogging site to a
-third-party service using XMPP. This can be useful for providing
-search, indexing, bridging, or other cool services.
-
-To configure a downstream site to receive your public stream, add
-their "JID" (Jabber ID) to your config.php as follows:
-
- $config['xmpp']['public'][] = 'downstream@example.net';
-
-(Don't miss those square brackets at the end.) Note that your XMPP
-broadcasting must be configured as mentioned above. Although you can
-send out messages at "Web time", high-volume sites should strongly
-consider setting up queues and daemons.
-
-Queues and daemons
-------------------
-
-Some activities that StatusNet needs to do, like broadcast OStatus, SMS,
-and XMPP messages, can be 'queued' and done by off-line bots instead.
-For this to work, you must be able to run long-running offline
-processes, either on your main Web server or on another server you
-control. (Your other server will still need all the above
-prerequisites, with the exception of Apache.) Installing on a separate
-server is probably a good idea for high-volume sites.
-
-1. You'll need the "CLI" (command-line interface) version of PHP
- installed on whatever server you use.
-
-2. If you're using a separate server for queues, install StatusNet
- somewhere on the server. You don't need to worry about the
- .htaccess file, but make sure that your config.php file is close
- to, or identical to, your Web server's version.
-
-3. In your config.php files (both the Web server and the queues
- server!), set the following variable:
-
- $config['queue']['enabled'] = true;
-
- You may also want to look at the 'daemon' section of this file for
- more daemon options. Note that if you set the 'user' and/or 'group'
- options, you'll need to create that user and/or group by hand.
- They're not created automatically.
-
-4. On the queues server, run the command scripts/startdaemons.sh.
-
-This will run the queue handlers:
-
-* queuedaemon.php - polls for queued items for inbox processing and
- pushing out to OStatus, SMS, XMPP, etc.
-* xmppdaemon.php - listens for new XMPP messages from users and stores
- them as notices in the database; also pulls queued XMPP output from
- queuedaemon.php to push out to clients.
-
-These two daemons will automatically restart in most cases of failure
-including memory leaks (if a memory_limit is set), but may still die
-or behave oddly if they lose connections to the XMPP or queue servers.
-
-Additional daemons may be also started by this script for certain
-plugins, such as the Twitter bridge.
-
-It may be a good idea to use a daemon-monitoring service, like 'monit',
-to check their status and keep them running.
-
-All the daemons write their process IDs (pids) to /var/run/ by
-default. This can be useful for starting, stopping, and monitoring the
-daemons.
-
-Since version 0.8.0, it's now possible to use a STOMP server instead of
-our kind of hacky home-grown DB-based queue solution. This is strongly
-recommended for best response time, especially when using XMPP.
-
-See the "queues" config section below for how to configure to use STOMP.
-As of this writing, the software has been tested with ActiveMQ 5.3.
-
-Themes
-------
-
-There are two themes shipped with this version of StatusNet: "identica",
-which is what the Identi.ca site uses, and "default", which is a good
-basis for other sites.
-
-As of right now, your ability to change the theme is site-wide; users
-can't choose their own theme. Additionally, the only thing you can
-change in the theme is CSS stylesheets and some image files; you can't
-change the HTML output, like adding or removing menu items.
-
-You can choose a theme using the $config['site']['theme'] element in
-the config.php file. See below for details.
-
-You can add your own theme by making a sub-directory of the 'theme'
-subdirectory with the name of your theme. Each theme can have the
-following files:
-
-display.css: a CSS2 file for "default" styling for all browsers.
-ie6.css: a CSS2 file for override styling for fixing up Internet
- Explorer 6.
-ie7.css: a CSS2 file for override styling for fixing up Internet
- Explorer 7.
-logo.png: a logo image for the site.
-default-avatar-profile.png: a 96x96 pixel image to use as the avatar for
- users who don't upload their own.
-default-avatar-stream.png: Ditto, but 48x48. For streams of notices.
-default-avatar-mini.png: Ditto ditto, but 24x24. For subscriptions
- listing on profile pages.
-
-You may want to start by copying the files from the default theme to
-your own directory.
-
-NOTE: the HTML generated by StatusNet changed *radically* between
-version 0.6.x and 0.7.x. Older themes will need signification
-modification to use the new output format.
-
-Translation
------------
-
-Translations in StatusNet use the gettext system .
-Theoretically, you can add your own sub-directory to the locale/
-subdirectory to add a new language to your system. You'll need to
-compile the ".po" files into ".mo" files, however.
-
-Contributions of translation information to StatusNet are very easy:
-you can use the Web interface at translatewiki.net to add one
-or a few or lots of new translations -- or even new languages. You can
-also download more up-to-date .po files there, if you so desire.
-
-For info on helping with translations, see http://status.net/wiki/Translations
-
-Backups
--------
-
-There is no built-in system for doing backups in StatusNet. You can make
-backups of a working StatusNet system by backing up the database and
-the Web directory. To backup the database use mysqldump
-and to backup the Web directory, try tar.
-
-Private
--------
-
-The administrator can set the "private" flag for a site so that it's
-not visible to non-logged-in users. This might be useful for
-workgroups who want to share a microblogging site for project
-management, but host it on a public server.
-
-Total privacy is not guaranteed or ensured. Also, privacy is
-all-or-nothing for a site; you can't have some accounts or notices
-private, and others public. The interaction of private sites
-with OStatus is undefined.
-
-Access to file attachments can also be restricted to logged-in users only.
-1. Add a directory outside the web root where your file uploads will be
- stored. Usually a command like this will work:
-
- mkdir /var/www/statusnet-files
-
-2. Make the file uploads directory writeable by the web server. An
- insecure way to do this is:
-
- chmod a+x /var/www/statusnet-files
-
-3. Tell StatusNet to use this directory for file uploads. Add a line
- like this to your config.php:
-
- $config['attachments']['dir'] = '/var/www/statusnet-files';
-
-Upgrading
-=========
-
-IMPORTANT NOTE: StatusNet 0.7.4 introduced a fix for some
-incorrectly-stored international characters ("UTF-8"). For new
-installations, it will now store non-ASCII characters correctly.
-However, older installations will have the incorrect storage, and will
-consequently show up "wrong" in browsers. See below for how to deal
-with this situation.
-
-If you've been using StatusNet 0.7, 0.6, 0.5 or lower, or if you've
-been tracking the "git" version of the software, you will probably
-want to upgrade and keep your existing data. There is no automated
-upgrade procedure in StatusNet 0.9.6. Try these step-by-step
-instructions; read to the end first before trying them.
-
-0. Download StatusNet and set up all the prerequisites as if you were
- doing a new install.
-1. Make backups of both your database and your Web directory. UNDER NO
- CIRCUMSTANCES should you try to do an upgrade without a known-good
- backup. You have been warned.
-2. Shut down Web access to your site, either by turning off your Web
- server or by redirecting all pages to a "sorry, under maintenance"
- page.
-3. Shut down XMPP access to your site, typically by shutting down the
- xmppdaemon.php process and all other daemons that you're running.
- If you've got "monit" or "cron" automatically restarting your
- daemons, make sure to turn that off, too.
-4. Shut down SMS and email access to your site. The easy way to do
- this is to comment out the line piping incoming email to your
- maildaemon.php file, and running something like "newaliases".
-5. Once all writing processes to your site are turned off, make a
- final backup of the Web directory and database.
-6. Move your StatusNet directory to a backup spot, like "statusnet.bak".
-7. Unpack your StatusNet 0.9.6 tarball and move it to "statusnet" or
- wherever your code used to be.
-8. Copy the config.php file and the contents of the avatar/, background/,
- file/, and local/ subdirectories from your old directory to your new
- directory.
-9. Copy htaccess.sample to .htaccess in the new directory. Change the
- RewriteBase to use the correct path.
-10. Rebuild the database. (You can safely skip this step and go to #12
- if you're upgrading from another 0.9.x version).
-
- NOTE: this step is destructive and cannot be
- reversed. YOU CAN EASILY DESTROY YOUR SITE WITH THIS STEP. Don't
- do it without a known-good backup!
-
- If your database is at version 0.8.0 or above, you can run a
- special upgrade script:
-
- mysql -u -p db/08to09.sql
-
- Otherwise, go to your StatusNet directory and AFTER YOU MAKE A
- BACKUP run the rebuilddb.sh script like this:
-
- ./scripts/rebuilddb.sh rootuser rootpassword database db/statusnet.sql
-
- Here, rootuser and rootpassword are the username and password for a
- user who can drop and create databases as well as tables; typically
- that's _not_ the user StatusNet runs as. Note that rebuilddb.sh drops
- your database and rebuilds it; if there is an error you have no
- database. Make sure you have a backup.
- For PostgreSQL databases there is an equivalent, rebuilddb_psql.sh,
- which operates slightly differently. Read the documentation in that
- script before running it.
-11. Use mysql or psql client to log into your database and make sure that
- the notice, user, profile, subscription etc. tables are non-empty.
-12. Turn back on the Web server, and check that things still work.
-13. Turn back on XMPP bots and email maildaemon. Note that the XMPP
- bots have changed since version 0.5; see above for details.
-
-If you're upgrading from very old versions, you may want to look at
-the fixup_* scripts in the scripts directories. These will store some
-precooked data in the DB. All upgraders should check out the inboxes
-options below.
-
-NOTE: the database definition file, laconica.ini, has been renamed to
-statusnet.ini (since this is the recommended database name). If you
-have a line in your config.php pointing to the old name, you'll need
-to update it.
-
-Notice inboxes
---------------
-
-Notice inboxes are now required. If you don't have inboxes enabled,
-StatusNet will no longer run.
-
-UTF-8 Database
---------------
-
-StatusNet 0.7.4 introduced a fix for some incorrectly-stored
-international characters ("UTF-8"). This fix is not
-backwards-compatible; installations from before 0.7.4 will show
-non-ASCII characters of old notices incorrectly. This section explains
-what to do.
-
-0. You can disable the new behaviour by setting the 'db''utf8' config
- option to "false". You should only do this until you're ready to
- convert your DB to the new format.
-1. When you're ready to convert, you can run the fixup_utf8.php script
- in the scripts/ subdirectory. If you've had the "new behaviour"
- enabled (probably a good idea), you can give the ID of the first
- "new" notice as a parameter, and only notices before that one will
- be converted. Notices are converted in reverse chronological order,
- so the most recent (and visible) ones will be converted first. The
- script should work whether or not you have the 'db''utf8' config
- option enabled.
-2. When you're ready, set $config['db']['utf8'] to true, so that
- new notices will be stored correctly.
-
-Configuration options
-=====================
-
-The main configuration file for StatusNet (excepting configurations for
-dependency software) is config.php in your StatusNet directory. If you
-edit any other file in the directory, like lib/default.php (where most
-of the defaults are defined), you will lose your configuration options
-in any upgrade, and you will wish that you had been more careful.
-
-Starting with version 0.9.0, a Web based configuration panel has been
-added to StatusNet. The preferred method for changing config options is
-to use this panel.
-
-A command-line script, setconfig.php, can be used to set individual
-configuration options. It's in the scripts/ directory.
-
-Starting with version 0.7.1, you can put config files in the
-/etc/statusnet/ directory on your server, if it exists. Config files
-will be included in this order:
-
-* /etc/statusnet/statusnet.php - server-wide config
-* /etc/statusnet/.php - for a virtual host
-* /etc/statusnet/_.php - for a path
-* INSTALLDIR/config.php - for a particular implementation
-
-Almost all configuration options are made through a two-dimensional
-associative array, cleverly named $config. A typical configuration
-line will be:
-
- $config['section']['option'] = value;
-
-For brevity, the following documentation describes each section and
-option.
-
-site
-----
-
-This section is a catch-all for site-wide variables.
-
-name: the name of your site, like 'YourCompany Microblog'.
-server: the server part of your site's URLs, like 'example.net'.
-path: The path part of your site's URLs, like 'statusnet' or ''
- (installed in root).
-fancy: whether or not your site uses fancy URLs (see Fancy URLs
- section above). Default is false.
-logfile: full path to a file for StatusNet to save logging
- information to. You may want to use this if you don't have
- access to syslog.
-logdebug: whether to log additional debug info like backtraces on
- hard errors. Default false.
-locale_path: full path to the directory for locale data. Unless you
- store all your locale data in one place, you probably
- don't need to use this.
-language: default language for your site. Defaults to US English.
- Note that this is overridden if a user is logged in and has
- selected a different language. It is also overridden if the
- user is NOT logged in, but their browser requests a different
- langauge. Since pretty much everybody's browser requests a
- language, that means that changing this setting has little or
- no effect in practice.
-languages: A list of languages supported on your site. Typically you'd
- only change this if you wanted to disable support for one
- or another language:
- "unset($config['site']['languages']['de'])" will disable
- support for German.
-theme: Theme for your site (see Theme section). Two themes are
- provided by default: 'default' and 'stoica' (the one used by
- Identi.ca). It's appreciated if you don't use the 'stoica' theme
- except as the basis for your own.
-email: contact email address for your site. By default, it's extracted
- from your Web server environment; you may want to customize it.
-broughtbyurl: name of an organization or individual who provides the
- service. Each page will include a link to this name in the
- footer. A good way to link to the blog, forum, wiki,
- corporate portal, or whoever is making the service available.
-broughtby: text used for the "brought by" link.
-timezone: default timezone for message display. Users can set their
- own time zone. Defaults to 'UTC', which is a pretty good default.
-closed: If set to 'true', will disallow registration on your site.
- This is a cheap way to restrict accounts to only one
- individual or group; just register the accounts you want on
- the service, *then* set this variable to 'true'.
-inviteonly: If set to 'true', will only allow registration if the user
- was invited by an existing user.
-private: If set to 'true', anonymous users will be redirected to the
- 'login' page. Also, API methods that normally require no
- authentication will require it. Note that this does not turn
- off registration; use 'closed' or 'inviteonly' for the
- behaviour you want.
-notice: A plain string that will appear on every page. A good place
- to put introductory information about your service, or info about
- upgrades and outages, or other community info. Any HTML will
- be escaped.
-logo: URL of an image file to use as the logo for the site. Overrides
- the logo in the theme, if any.
-ssllogo: URL of an image file to use as the logo on SSL pages. If unset,
- theme logo is used instead.
-ssl: Whether to use SSL and https:// URLs for some or all pages.
- Possible values are 'always' (use it for all pages), 'never'
- (don't use it for any pages), or 'sometimes' (use it for
- sensitive pages that include passwords like login and registration,
- but not for regular pages). Default to 'never'.
-sslserver: use an alternate server name for SSL URLs, like
- 'secure.example.org'. You should be careful to set cookie
- parameters correctly so that both the SSL server and the
- "normal" server can access the session cookie and
- preferably other cookies as well.
-shorturllength: Length of URL at which URLs in a message exceeding 140
- characters will be sent to the user's chosen
- shortening service.
-dupelimit: minimum time allowed for one person to say the same thing
- twice. Default 60s. Anything lower is considered a user
- or UI error.
-textlimit: default max size for texts in the site. Defaults to 140.
- 0 means no limit. Can be fine-tuned for notices, messages,
- profile bios and group descriptions.
-
-db
---
-
-This section is a reference to the configuration options for
-DB_DataObject (see ). The ones that you may want to
-set are listed below for clarity.
-
-database: a DSN (Data Source Name) for your StatusNet database. This is
- in the format 'protocol://username:password@hostname/databasename',
- where 'protocol' is 'mysql' or 'mysqli' (or possibly 'postgresql', if you
- really know what you're doing), 'username' is the username,
- 'password' is the password, and etc.
-ini_yourdbname: if your database is not named 'statusnet', you'll need
- to set this to point to the location of the
- statusnet.ini file. Note that the real name of your database
- should go in there, not literally 'yourdbname'.
-db_driver: You can try changing this to 'MDB2' to use the other driver
- type for DB_DataObject, but note that it breaks the OpenID
- libraries, which only support PEAR::DB.
-debug: On a database error, you may get a message saying to set this
- value to 5 to see debug messages in the browser. This breaks
- just about all pages, and will also expose the username and
- password
-quote_identifiers: Set this to true if you're using postgresql.
-type: either 'mysql' or 'postgresql' (used for some bits of
- database-type-specific SQL in the code). Defaults to mysql.
-mirror: you can set this to an array of DSNs, like the above
- 'database' value. If it's set, certain read-only actions will
- use a random value out of this array for the database, rather
- than the one in 'database' (actually, 'database' is overwritten).
- You can offload a busy DB server by setting up MySQL replication
- and adding the slaves to this array. Note that if you want some
- requests to go to the 'database' (master) server, you'll need
- to include it in this array, too.
-utf8: whether to talk to the database in UTF-8 mode. This is the default
- with new installations, but older sites may want to turn it off
- until they get their databases fixed up. See "UTF-8 database"
- above for details.
-schemacheck: when to let plugins check the database schema to add
- tables or update them. Values can be 'runtime' (default)
- or 'script'. 'runtime' can be costly (plugins check the
- schema on every hit, adding potentially several db
- queries, some quite long), but not everyone knows how to
- run a script. If you can, set this to 'script' and run
- scripts/checkschema.php whenever you install or upgrade a
- plugin.
-
-syslog
-------
-
-By default, StatusNet sites log error messages to the syslog facility.
-(You can override this using the 'logfile' parameter described above).
-
-appname: The name that StatusNet uses to log messages. By default it's
- "statusnet", but if you have more than one installation on the
- server, you may want to change the name for each instance so
- you can track log messages more easily.
-priority: level to log at. Currently ignored.
-facility: what syslog facility to used. Defaults to LOG_USER, only
- reset if you know what syslog is and have a good reason
- to change it.
-
-queue
------
-
-You can configure the software to queue time-consuming tasks, like
-sending out SMS email or XMPP messages, for off-line processing. See
-'Queues and daemons' above for how to set this up.
-
-enabled: Whether to uses queues. Defaults to false.
-subsystem: Which kind of queueserver to use. Values include "db" for
- our hacked-together database queuing (no other server
- required) and "stomp" for a stomp server.
-stomp_server: "broker URI" for stomp server. Something like
- "tcp://hostname:61613". More complicated ones are
- possible; see your stomp server's documentation for
- details.
-queue_basename: a root name to use for queues (stomp only). Typically
- something like '/queue/sitename/' makes sense. If running
- multiple instances on the same server, make sure that
- either this setting or $config['site']['nickname'] are
- unique for each site to keep them separate.
-
-stomp_username: username for connecting to the stomp server; defaults
- to null.
-stomp_password: password for connecting to the stomp server; defaults
- to null.
-
-stomp_persistent: keep items across queue server restart, if enabled.
- Under ActiveMQ, the server configuration determines if and how
- persistent storage is actually saved.
-
- If using a message queue server other than ActiveMQ, you may
- need to disable this if it does not support persistence.
-
-stomp_transactions: use transactions to aid in error detection.
- A broken transaction will be seen quickly, allowing a message
- to be redelivered immediately if a daemon crashes.
-
- If using a message queue server other than ActiveMQ, you may
- need to disable this if it does not support transactions.
-
-stomp_acks: send acknowledgements to aid in flow control.
- An acknowledgement of successful processing tells the server
- we're ready for more and can help keep things moving smoothly.
-
- This should *not* be turned off when running with ActiveMQ, but
- if using another message queue server that does not support
- acknowledgements you might need to disable this.
-
-softlimit: an absolute or relative "soft memory limit"; daemons will
- restart themselves gracefully when they find they've hit
- this amount of memory usage. Defaults to 90% of PHP's global
- memory_limit setting.
-
-inboxes: delivery of messages to receiver's inboxes can be delayed to
- queue time for best interactive performance on the sender.
- This may however be annoyingly slow when using the DB queues,
- so you can set this to false if it's causing trouble.
-
-breakout: for stomp, individual queues are by default grouped up for
- best scalability. If some need to be run by separate daemons,
- etc they can be manually adjusted here.
-
- Default will share all queues for all sites within each group.
- Specify as / or //,
- using nickname identifier as site.
-
- 'main/distrib' separate "distrib" queue covering all sites
- 'xmpp/xmppout/mysite' separate "xmppout" queue covering just 'mysite'
-
-max_retries: for stomp, drop messages after N failed attempts to process.
- Defaults to 10.
-
-dead_letter_dir: for stomp, optional directory to dump data on failed
- queue processing events after discarding them.
-
-stomp_no_transactions: for stomp, the server does not support transactions,
- so do not try to user them. This is needed for http://www.morbidq.com/.
-
-stomp_no_acks: for stomp, the server does not support acknowledgements.
- so do not try to user them. This is needed for http://www.morbidq.com/.
-
-license
--------
-
-The default license to use for your users notices. The default is the
-Creative Commons Attribution 3.0 license, which is probably the right
-choice for any public site. Note that some other servers will not
-accept notices if you apply a stricter license than this.
-
-type: one of 'cc' (for Creative Commons licenses), 'allrightsreserved'
- (default copyright), or 'private' (for private and confidential
- information).
-owner: for 'allrightsreserved' or 'private', an assigned copyright
- holder (for example, an employer for a private site). If
- not specified, will be attributed to 'contributors'.
-url: URL of the license, used for links.
-title: Title for the license, like 'Creative Commons Attribution 3.0'.
-image: A button shown on each page for the license.
-
-mail
-----
-
-This is for configuring out-going email. We use PEAR's Mail module,
-see: http://pear.php.net/manual/en/package.mail.mail.factory.php
-
-backend: the backend to use for mail, one of 'mail', 'sendmail', and
- 'smtp'. Defaults to PEAR's default, 'mail'.
-params: if the mail backend requires any parameters, you can provide
- them in an associative array.
-
-nickname
---------
-
-This is for configuring nicknames in the service.
-
-blacklist: an array of strings for usernames that may not be
- registered. A default array exists for strings that are
- used by StatusNet (e.g. 'doc', 'main', 'avatar', 'theme')
- but you may want to add others if you have other software
- installed in a subdirectory of StatusNet or if you just
- don't want certain words used as usernames.
-featured: an array of nicknames of 'featured' users of the site.
- Can be useful to draw attention to well-known users, or
- interesting people, or whatever.
-
-avatar
-------
-
-For configuring avatar access.
-
-dir: Directory to look for avatar files and to put them into.
- Defaults to avatar subdirectory of install directory; if
- you change it, make sure to change path, too.
-path: Path to avatars. Defaults to path for avatar subdirectory,
- but you can change it if you wish. Note that this will
- be included with the avatar server, too.
-server: If set, defines another server where avatars are stored in the
- root directory. Note that the 'avatar' subdir still has to be
- writeable. You'd typically use this to split HTTP requests on
- the client to speed up page loading, either with another
- virtual server or with an NFS or SAMBA share. Clients
- typically only make 2 connections to a single server at a
- time , so this can parallelize the job.
- Defaults to null.
-ssl: Whether to access avatars using HTTPS. Defaults to null, meaning
- to guess based on site-wide SSL settings.
-
-public
-------
-
-For configuring the public stream.
-
-localonly: If set to true, only messages posted by users of this
- service (rather than other services, filtered through OMB)
- are shown in the public stream. Default true.
-blacklist: An array of IDs of users to hide from the public stream.
- Useful if you have someone making excessive Twitterfeed posts
- to the site, other kinds of automated posts, testing bots, etc.
-autosource: Sources of notices that are from automatic posters, and thus
- should be kept off the public timeline. Default empty.
-
-theme
------
-
-server: Like avatars, you can speed up page loading by pointing the
- theme file lookup to another server (virtual or real).
- Defaults to NULL, meaning to use the site server.
-dir: Directory where theme files are stored. Used to determine
- whether to show parts of a theme file. Defaults to the theme
- subdirectory of the install directory.
-path: Path part of theme URLs, before the theme name. Relative to the
- theme server. It may make sense to change this path when upgrading,
- (using version numbers as the path) to make sure that all files are
- reloaded by caching clients or proxies. Defaults to null,
- which means to use the site path + '/theme'.
-ssl: Whether to use SSL for theme elements. Default is null, which means
- guess based on site SSL settings.
-sslserver: SSL server to use when page is HTTPS-encrypted. If
- unspecified, site ssl server and so on will be used.
-sslpath: If sslserver if defined, path to use when page is HTTPS-encrypted.
-
-javascript
-----------
-
-server: You can speed up page loading by pointing the
- theme file lookup to another server (virtual or real).
- Defaults to NULL, meaning to use the site server.
-path: Path part of Javascript URLs. Defaults to null,
- which means to use the site path + '/js/'.
-ssl: Whether to use SSL for JavaScript files. Default is null, which means
- guess based on site SSL settings.
-sslserver: SSL server to use when page is HTTPS-encrypted. If
- unspecified, site ssl server and so on will be used.
-sslpath: If sslserver if defined, path to use when page is HTTPS-encrypted.
-
-xmpp
-----
-
-For configuring the XMPP sub-system.
-
-enabled: Whether to accept and send messages by XMPP. Default false.
-server: server part of XMPP ID for update user.
-port: connection port for clients. Default 5222, which you probably
- shouldn't need to change.
-user: username for the client connection. Users will receive messages
- from 'user'@'server'.
-resource: a unique identifier for the connection to the server. This
- is actually used as a prefix for each XMPP component in the system.
-password: password for the user account.
-host: some XMPP domains are served by machines with a different
- hostname. (For example, @gmail.com GTalk users connect to
- talk.google.com). Set this to the correct hostname if that's the
- case with your server.
-encryption: Whether to encrypt the connection between StatusNet and the
- XMPP server. Defaults to true, but you can get
- considerably better performance turning it off if you're
- connecting to a server on the same machine or on a
- protected network.
-debug: if turned on, this will make the XMPP library blurt out all of
- the incoming and outgoing messages as XML stanzas. Use as a
- last resort, and never turn it on if you don't have queues
- enabled, since it will spit out sensitive data to the browser.
-public: an array of JIDs to send _all_ notices to. This is useful for
- participating in third-party search and archiving services.
-
-invite
-------
-
-For configuring invites.
-
-enabled: Whether to allow users to send invites. Default true.
-
-tag
----
-
-Miscellaneous tagging stuff.
-
-dropoff: Decay factor for tag listing, in seconds.
- Defaults to exponential decay over ten days; you can twiddle
- with it to try and get better results for your site.
-
-popular
--------
-
-Settings for the "popular" section of the site.
-
-dropoff: Decay factor for popularity listing, in seconds.
- Defaults to exponential decay over ten days; you can twiddle
- with it to try and get better results for your site.
-
-daemon
-------
-
-For daemon processes.
-
-piddir: directory that daemon processes should write their PID file
- (process ID) to. Defaults to /var/run/, which is where this
- stuff should usually go on Unix-ish systems.
-user: If set, the daemons will try to change their effective user ID
- to this user before running. Probably a good idea, especially if
- you start the daemons as root. Note: user name, like 'daemon',
- not 1001.
-group: If set, the daemons will try to change their effective group ID
- to this named group. Again, a name, not a numerical ID.
-
-memcached
----------
-
-You can get a significant boost in performance by caching some
-database data in memcached .
-
-enabled: Set to true to enable. Default false.
-server: a string with the hostname of the memcached server. Can also
- be an array of hostnames, if you've got more than one server.
-base: memcached uses key-value pairs to store data. We build long,
- funny-looking keys to make sure we don't have any conflicts. The
- base of the key is usually a simplified version of the site name
- (like "Identi.ca" => "identica"), but you can overwrite this if
- you need to. You can safely ignore it if you only have one
- StatusNet site using your memcached server.
-port: Port to connect to; defaults to 11211.
-
-emailpost
----------
-
-For post-by-email.
-
-enabled: Whether to enable post-by-email. Defaults to true. You will
- also need to set up maildaemon.php.
-
-sms
----
-
-For SMS integration.
-
-enabled: Whether to enable SMS integration. Defaults to true. Queues
- should also be enabled.
-
-integration
------------
-
-A catch-all for integration with other systems.
-
-taguri: base for tag:// URIs. Defaults to site-server + ',2009'.
-
-inboxes
--------
-
-For notice inboxes.
-
-enabled: No longer used. If you set this to something other than true,
- StatusNet will no longer run.
-
-throttle
---------
-
-For notice-posting throttles.
-
-enabled: Whether to throttle posting. Defaults to false.
-count: Each user can make this many posts in 'timespan' seconds. So, if count
- is 100 and timespan is 3600, then there can be only 100 posts
- from a user every hour.
-timespan: see 'count'.
-
-profile
--------
-
-Profile management.
-
-biolimit: max character length of bio; 0 means no limit; null means to use
- the site text limit default.
-backup: whether users can backup their own profiles. Defaults to true.
-restore: whether users can restore their profiles from backup files. Defaults
- to true.
-delete: whether users can delete their own accounts. Defaults to false.
-move: whether users can move their accounts to another server. Defaults
- to true.
-
-newuser
--------
-
-Options with new users.
-
-default: nickname of a user account to automatically subscribe new
- users to. Typically this would be system account for e.g.
- service updates or announcements. Users are able to unsub
- if they want. Default is null; no auto subscribe.
-welcome: nickname of a user account that sends welcome messages to new
- users. Can be the same as 'default' account, although on
- busy servers it may be a good idea to keep that one just for
- 'urgent' messages. Default is null; no message.
-
-If either of these special user accounts are specified, the users should
-be created before the configuration is updated.
-
-snapshot
---------
-
-The software will, by default, send statistical snapshots about the
-local installation to a stats server on the status.net Web site. This
-data is used by the developers to prioritize development decisions. No
-identifying data about users or organizations is collected. The data
-is available to the public for review. Participating in this survey
-helps StatusNet developers take your needs into account when updating
-the software.
-
-run: string indicating when to run the statistics. Values can be 'web'
- (run occasionally at Web time), 'cron' (run from a cron script),
- or 'never' (don't ever run). If you set it to 'cron', remember to
- schedule the script to run on a regular basis.
-frequency: if run value is 'web', how often to report statistics.
- Measured in Web hits; depends on how active your site is.
- Default is 10000 -- that is, one report every 10000 Web hits,
- on average.
-reporturl: URL to post statistics to. Defaults to StatusNet developers'
- report system, but if they go evil or disappear you may
- need to update this to another value. Note: if you
- don't want to report stats, it's much better to
- set 'run' to 'never' than to set this value to something
- nonsensical.
-
-attachments
------------
-
-The software lets users upload files with their notices. You can configure
-the types of accepted files by mime types and a trio of quota options:
-per file, per user (total), per user per month.
-
-We suggest the use of the pecl file_info extension to handle mime type
-detection.
-
-supported: an array of mime types you accept to store and distribute,
- like 'image/gif', 'video/mpeg', 'audio/mpeg', etc. Make sure you
- setup your server to properly recognize the types you want to
- support.
-uploads: false to disable uploading files with notices (true by default).
-filecommand: The required MIME_Type library may need to use the 'file'
- command. It tries the one in the Web server's path, but if
- you're having problems with uploads, try setting this to the
- correct value. Note: 'file' must accept '-b' and '-i' options.
-
-For quotas, be sure you've set the upload_max_filesize and post_max_size
-in php.ini to be large enough to handle your upload. In httpd.conf
-(if you're using apache), check that the LimitRequestBody directive isn't
-set too low (it's optional, so it may not be there at all).
-
-file_quota: maximum size for a single file upload in bytes. A user can send
- any amount of notices with attachments as long as each attachment
- is smaller than file_quota.
-user_quota: total size in bytes a user can store on this server. Each user
- can store any number of files as long as their total size does
- not exceed the user_quota.
-monthly_quota: total size permitted in the current month. This is the total
- size in bytes that a user can upload each month.
-dir: directory accessible to the Web process where uploads should go.
- Defaults to the 'file' subdirectory of the install directory, which
- should be writeable by the Web user.
-server: server name to use when creating URLs for uploaded files.
- Defaults to null, meaning to use the default Web server. Using
- a virtual server here can speed up Web performance.
-path: URL path, relative to the server, to find files. Defaults to
- main path + '/file/'.
-ssl: whether to use HTTPS for file URLs. Defaults to null, meaning to
- guess based on other SSL settings.
-filecommand: command to use for determining the type of a file. May be
- skipped if fileinfo extension is installed. Defaults to
- '/usr/bin/file'.
-sslserver: if specified, this server will be used when creating HTTPS
- URLs. Otherwise, the site SSL server will be used, with /file/ path.
-sslpath: if this and the sslserver are specified, this path will be used
- when creating HTTPS URLs. Otherwise, the attachments|path value
- will be used.
-
-group
------
-
-Options for group functionality.
-
-maxaliases: maximum number of aliases a group can have. Default 3. Set
- to 0 or less to prevent aliases in a group.
-desclimit: maximum number of characters to allow in group descriptions.
- null (default) means to use the site-wide text limits. 0
- means no limit.
-
-oohembed
---------
-
-oEmbed endpoint for multimedia attachments (links in posts).
-
-endpoint: oohembed endpoint using http://oohembed.com/ software.
-
-search
-------
-
-Some stuff for search.
-
-type: type of search. Ignored if PostgreSQL or Sphinx are enabled. Can either
- be 'fulltext' (default) or 'like'. The former is faster and more efficient
- but requires the lame old MyISAM engine for MySQL. The latter
- will work with InnoDB but could be miserably slow on large
- systems. We'll probably add another type sometime in the future,
- with our own indexing system (maybe like MediaWiki's).
-
-sessions
---------
-
-Session handling.
-
-handle: boolean. Whether we should register our own PHP session-handling
- code (using the database and memcache if enabled). Defaults to false.
- Setting this to true makes some sense on large or multi-server
- sites, but it probably won't hurt for smaller ones, either.
-debug: whether to output debugging info for session storage. Can help
- with weird session bugs, sometimes. Default false.
-
-background
-----------
-
-Users can upload backgrounds for their pages; this section defines
-their use.
-
-server: the server to use for background. Using a separate (even
- virtual) server for this can speed up load times. Default is
- null; same as site server.
-dir: directory to write backgrounds too. Default is '/background/'
- subdir of install dir.
-path: path to backgrounds. Default is sub-path of install path; note
- that you may need to change this if you change site-path too.
-sslserver: SSL server to use when page is HTTPS-encrypted. If
- unspecified, site ssl server and so on will be used.
-sslpath: If sslserver if defined, path to use when page is HTTPS-encrypted.
-
-ping
-----
-
-Using the "XML-RPC Ping" method initiated by weblogs.com, the site can
-notify third-party servers of updates.
-
-notify: an array of URLs for ping endpoints. Default is the empty
- array (no notification).
-
-design
-------
-
-Default design (colors and background) for the site. Actual appearance
-depends on the theme. Null values mean to use the theme defaults.
-
-backgroundcolor: Hex color of the site background.
-contentcolor: Hex color of the content area background.
-sidebarcolor: Hex color of the sidebar background.
-textcolor: Hex color of all non-link text.
-linkcolor: Hex color of all links.
-backgroundimage: Image to use for the background.
-disposition: Flags for whether or not to tile the background image.
-
-notice
-------
-
-Configuration options specific to notices.
-
-contentlimit: max length of the plain-text content of a notice.
- Default is null, meaning to use the site-wide text limit.
- 0 means no limit.
-
-message
--------
-
-Configuration options specific to messages.
-
-contentlimit: max length of the plain-text content of a message.
- Default is null, meaning to use the site-wide text limit.
- 0 means no limit.
-
-logincommand
-------------
-
-Configuration options for the login command.
-
-disabled: whether to enable this command. If enabled, users who send
- the text 'login' to the site through any channel will
- receive a link to login to the site automatically in return.
- Possibly useful for users who primarily use an XMPP or SMS
- interface and can't be bothered to remember their site
- password. Note that the security implications of this are
- pretty serious and have not been thoroughly tested. You
- should enable it only after you've convinced yourself that
- it is safe. Default is 'false'.
-
-singleuser
-----------
-
-If an installation has only one user, this can simplify a lot of the
-interface. It also makes the user's profile the root URL.
-
-enabled: Whether to run in "single user mode". Default false.
-nickname: nickname of the single user. If no nickname is specified,
- the site owner account will be used (if present).
-
-robotstxt
----------
-
-We put out a default robots.txt file to guide the processing of
-Web crawlers. See http://www.robotstxt.org/ for more information
-on the format of this file.
-
-crawldelay: if non-empty, this value is provided as the Crawl-Delay:
- for the robots.txt file. see http://ur1.ca/l5a0
- for more information. Default is zero, no explicit delay.
-disallow: Array of (virtual) directories to disallow. Default is 'main',
- 'search', 'message', 'settings', 'admin'. Ignored when site
- is private, in which case the entire site ('/') is disallowed.
-
-api
----
-
-Options for the Twitter-like API.
-
-realm: HTTP Basic Auth realm (see http://tools.ietf.org/html/rfc2617
- for details). Some third-party tools like ping.fm want this to be
- 'Identi.ca API', so set it to that if you want to. default = null,
- meaning 'something based on the site name'.
-
-nofollow
---------
-
-We optionally put 'rel="nofollow"' on some links in some pages. The
-following configuration settings let you fine-tune how or when things
-are nofollowed. See http://en.wikipedia.org/wiki/Nofollow for more
-information on what 'nofollow' means.
-
-subscribers: whether to nofollow links to subscribers on the profile
- and personal pages. Default is true.
-members: links to members on the group page. Default true.
-peopletag: links to people listed in the peopletag page. Default true.
-external: external links in notices. One of three values: 'sometimes',
- 'always', 'never'. If 'sometimes', then external links are not
- nofollowed on profile, notice, and favorites page. Default is
- 'sometimes'.
-
-router
-------
-
-We use a router class for mapping URLs to code. This section controls
-how that router works.
-
-cache: whether to cache the router in memcache (or another caching
- mechanism). Defaults to true, but may be set to false for
- developers (who might be actively adding pages, so won't want the
- router cached) or others who see strange behavior. You're unlikely
- to need this unless you're a developer.
-
-http
-----
-
-Settings for the HTTP client.
-
-ssl_cafile: location of the CA file for SSL. If not set, won't verify
- SSL peers. Default unset.
-curl: Use cURL for doing HTTP calls. You must
- have the PHP curl extension installed for this to work.
-proxy_host: Host to use for proxying HTTP requests. If unset, doesn't
- do any HTTP proxy stuff. Default unset.
-proxy_port: Port to use to connect to HTTP proxy host. Default null.
-proxy_user: Username to use for authenticating to the HTTP proxy. Default null.
-proxy_password: Password to use for authenticating to the HTTP proxy. Default null.
-proxy_auth_scheme: Scheme to use for authenticating to the HTTP proxy. Default null.
-
-plugins
--------
-
-default: associative array mapping plugin name to array of arguments. To disable
- a default plugin, unset its value in this array.
-locale_path: path for finding plugin locale files. In the plugin's directory
- by default.
-server: Server to find static files for a plugin when the page is plain old HTTP.
- Defaults to site/server (same as pages). Use this to move plugin CSS and
- JS files to a CDN.
-sslserver: Server to find static files for a plugin when the page is HTTPS. Defaults
- to site/server (same as pages). Use this to move plugin CSS and JS files
- to a CDN.
-path: Path to the plugin files. defaults to site/path + '/plugins/'. Expects that
- each plugin will have a subdirectory at plugins/NameOfPlugin. Change this
- if you're using a CDN.
-sslpath: Path to use on the SSL server. Same as plugins/path.
-
-Plugins
-=======
-
-Beginning with the 0.7.x branch, StatusNet has supported a simple but
-powerful plugin architecture. Important events in the code are named,
-like 'StartNoticeSave', and other software can register interest
-in those events. When the events happen, the other software is called
-and has a choice of accepting or rejecting the events.
-
-In the simplest case, you can add a function to config.php and use the
-Event::addHandler() function to hook an event:
-
- function AddGoogleLink($action)
- {
- $action->menuItem('http://www.google.com/', _('Google'), _('Search engine'));
- return true;
- }
-
- Event::addHandler('EndPrimaryNav', 'AddGoogleLink');
-
-This adds a menu item to the end of the main navigation menu. You can
-see the list of existing events, and parameters that handlers must
-implement, in EVENTS.txt.
-
-The Plugin class in lib/plugin.php makes it easier to write more
-complex plugins. Sub-classes can just create methods named
-'onEventName', where 'EventName' is the name of the event (case
-matters!). These methods will be automatically registered as event
-handlers by the Plugin constructor (which you must call from your own
-class's constructor).
-
-Several example plugins are included in the plugins/ directory. You
-can enable a plugin with the following line in config.php:
-
- addPlugin('Example', array('param1' => 'value1',
- 'param2' => 'value2'));
+- Fix bug #3260, a cross-site scripting (XSS) bug that allows an
+ attacker to inject JavaScript into a page with a carefully structured URL.
+- Updated code for Google Analytics to reflect new API.
+- Various fixes for Bookmark plugin.
+- Updates to reCAPTCHA plugin based on changes to API.
+- New plugin to move the site notice to the sidebar.
+- Add rss.me to notice source list.
+- Updates to data backup/restore.
+- Correct use of "likes" in Facebook plugin.
+- Ignore failures in Twitter plugin.
-This will look for and load files named 'ExamplePlugin.php' or
-'Example/ExamplePlugin.php' either in the plugins/ directory (for
-plugins that ship with StatusNet) or in the local/ directory (for
-plugins you write yourself or that you get from somewhere else) or
-local/plugins/.
+A full changelog is available at http://status.net/wiki/StatusNet_0.9.9.
-Plugins are documented in their own directories.
+NOTE: The short-lived StatusNet 0.9.8 ("Letter Never Sent") did not
+adequately fix bug #3260 as originally thought; thus this new release.
Troubleshooting
===============
@@ -1707,8 +190,8 @@ There are several ways to get more information about StatusNet.
Feedback
========
-* Microblogging messages to http://support.status.net/ are very welcome.
-* The microblogging group http://identi.ca/group/statusnet is a good
+* Messages to http://support.status.net/ are very welcome.
+* The group http://identi.ca/group/statusnet is a good
place to discuss the software.
* StatusNet has a bug tracker for any defects you may find, or ideas for
making things better. http://status.net/bugs