## New this version
-This is a security fix and bug fix release since 1.1.0,
-released 2 July 2012. All 1.1.0 sites should upgrade to this version.
+This is a security fix and bug fix release since 1.1.1-alpha2.
+The current release base version, 1.1.2, began work on 2014-10-25.
+All 1.1.1 sites should upgrade to this version.
-It includes the following changes:
+So far it includes the following changes:
+
+- XSS security fix (thanks Simon Waters, https://www.surevine.com/ )
+
+Upgrades from _StatusNet_ 1.1.1 will also experience these improvements:
- Fixes for SQL injection errors in profile lists.
- Improved ActivityStreams JSON representation of activities and objects.
- Fix error in OStatus subscription for remote groups.
- Fix error in XMPP distribution.
+
### Troubleshooting
The primary output for GNU social is syslog,
### Unstable version
If you're adventurous or impatient, you may want
-to install the development version of
-StatusNet. To get it, use the git version control
-tool <http://git-scm.com/> like so:
+to install the development version of GNU social.
+To get it, use the git version control tool
+<http://git-scm.com/> like so:
git clone git@gitorious.org:social/mainline.git
-Using it is a mixed bag. On the positive side, it
-usually includes the latest security and bug fix
-patches. On the downside, it may also include
-changes that require admin intervention (like
-running a script or even raw SQL!) that may not be
-documented yet. It may be a good idea to test this
-version before installing it on your production
-machines.
+In the current phase of development it is probably
+recommended to use git as a means to stay up to date
+with the source code. You can choose between these
+branches:
+- 1.1.x "stable", few updates, well tested code
+- master "testing", more updates, usually working well
+- nightly "unstable", most updates, not always working
-To keep it up-to-date, use 'git pull'. Watch for
-conflicts!
+To keep it up-to-date, use 'git pull'. Watch for conflicts!
## Further information
-There are several ways to get more information
-about GNU social.
+There are several ways to get more information about GNU social.
* The #social IRC channel on freenode.net <http://www.freenode.net/>.
* The GNU social website
* Following us on GNU social -- http://quitter.se/gnusocial
-* Following us on Twitter -- https://twitter.com/gnusocial
* GNU social has a bug tracker for any defects you may find, or ideas for
making things better. http://bugz.foocorp.net/
+* Patches are welcome, either on the bug tracker or our repository at
+ Gitorious. https://gitorious.org/social/mainline
Credits
=======
* Brion Vibber, StatusNet, Inc.
* James Walker, StatusNet, Inc.
* Samantha Doherty, designer, StatusNet, Inc.
+* Simon Waters, Surevine
### Extra special thanks to the GNU socialites
*/
class NewgroupAction extends FormAction
{
+ protected $group;
+
+ function getGroup() {
+ return $this->group;
+ }
+
function title()
{
// TRANS: Title for form to create a group.
define('GNUSOCIAL_ENGINE', 'GNU social');
define('GNUSOCIAL_ENGINE_URL', 'https://www.gnu.org/software/social/');
-define('GNUSOCIAL_BASE_VERSION', '1.1.1');
-define('GNUSOCIAL_LIFECYCLE', 'alpha2'); // 'dev', 'alpha[0-9]+', 'beta[0-9]+', 'rc[0-9]+', 'release'
+define('GNUSOCIAL_BASE_VERSION', '1.1.2');
+define('GNUSOCIAL_LIFECYCLE', 'alpha1'); // 'dev', 'alpha[0-9]+', 'beta[0-9]+', 'rc[0-9]+', 'release'
define('GNUSOCIAL_VERSION', GNUSOCIAL_BASE_VERSION . '-' . GNUSOCIAL_LIFECYCLE);
return $options;
}
+
+ function getGroup()
+ {
+ return $this->group;
+ }
}
class GroupAdminSection extends ProfileSection
*
* @param Action $action current action, used for output
*/
- function __construct($action=null)
+ function __construct(Action $action=null)
{
parent::__construct($action);
}
}
- function item($actionName, $args, $label, $description, $id=null, $cls=null)
+ function item($actionName, array $args, $label, $description, $id=null, $cls=null)
{
if (empty($id)) {
$id = $this->menuItemID($actionName, $args);
$cls);
}
- function isCurrent($actionName, $args)
+ function isCurrent($actionName, array $args)
{
if ($actionName != $this->actionName) {
return false;
*
* @param Action $action current action, used for output
*/
- function __construct($action=null)
+ function __construct(Action $action=null)
{
parent::__construct($action);
$this->action = $action;
*
* @param Action $action current action, used for output
*/
- function __construct($action=null, $q = null)
+ function __construct(Action $action=null, $q = null)
{
parent::__construct($action);
$this->q = $q;
* Construction
*
* @param Action $action current action, used for output
+ * @param User $user Current user or NULL if "guest"
*/
- function __construct($action=null, $user=null)
+ function __construct(Action $action=null, User $user=null)
{
parent::__construct($action);
$this->user = $user;
static function saveNew($profile, $title, $url, $rawtags, $description,
$options=null)
{
+ if (!common_valid_http_url($url)) {
+ throw new ClientException(_m('Only web bookmarks can be posted (HTTP or HTTPS).'));
+ }
+
$nb = self::getByURL($profile, $url);
if (!empty($nb)) {
* @param Net_URL_Mapper $m path-to-action mapper
* @return boolean hook return
*/
- function onRouterInitialized($m)
+ function onRouterInitialized(Net_URL_Mapper $m)
{
$m->connect('group/:nickname/favorited',
array('action' => 'groupfavorited'),
return true;
}
- function onEndGroupGroupNav(GroupNav $nav)
+ function onEndGroupGroupNav(Menu $nav)
{
$action_name = $nav->action->trimmed('action');
$nickname = $nav->group->nickname;
*
* @return boolean hook value
*/
- function onPluginVersion(&$versions)
+ function onPluginVersion(array &$versions)
{
$url = 'http://status.net/wiki/Plugin:GroupFavorited';
*
* @see Action
*/
- function onEndGroupGroupNav($groupnav)
+ function onEndGroupGroupNav(Menu $groupnav)
{
$action = $groupnav->action;
$group = $groupnav->group;
*
* @param GroupEditForm $form form being shown
*/
- function onEndGroupEditFormData($form)
+ function onEndGroupEditFormData(GroupEditForm $form)
{
$gps = null;
return true;
}
- function onEndGroupSaveForm($action)
+ function onEndGroupSaveForm(Action $action)
{
+ // The Action class must contain this method
+ assert(is_callable(array($action, 'getGroup')));
+
$gps = null;
- if (!empty($action->group)) {
- $gps = Group_privacy_settings::getKV('group_id', $action->group->id);
+ if ($action->getGroup() instanceof User_group) {
+ $gps = Group_privacy_settings::getKV('group_id', $action->getGroup()->id);
}
$orig = null;
if (empty($gps)) {
$gps = new Group_privacy_settings();
- $gps->group_id = $action->group->id;
+ $gps->group_id = $action->getGroup()->id;
} else {
$orig = clone($gps);
}
*
* @return boolean hook value
*/
- function onStartInterpretCommand($cmd, $arg, $user, &$result)
+ function onStartInterpretCommand($cmd, $arg, User $user, &$result)
{
if ($cmd == 'd' || $cmd == 'dm') {
*
* @return boolean hook value
*/
- function onEndGroupActionsList($widget, $group)
+ function onEndGroupActionsList(Widget $widget, User_group $group)
{
$cur = common_current_user();
$action = $widget->out;
*
* @param
*/
- function onStartNoticeSave(&$notice) {
+ function onStartNoticeSave(Notice &$notice) {
// Look for group tags
// FIXME: won't work for remote groups
// @fixme if Notice::saveNew is refactored so we can just pull its list
*
* @return boolean hook value
*/
- function onEndGroupProfileElements($action, $group)
+ function onEndGroupProfileElements(Action $action, User_group $group)
{
$gps = Group_privacy_settings::forGroup($group);
return true;
}
- function onStartShowExportData($action)
+ function onStartShowExportData(Action $action)
{
if ($action instanceof ShowgroupAction) {
- $gps = Group_privacy_settings::forGroup($action->group);
+ $gps = Group_privacy_settings::forGroup($action->getGroup());
if ($gps->allow_privacy == Group_privacy_settings::ALWAYS) {
return false;
$oprofile = $oprofile->checkAuthorship($activity);
$profile = $oprofile->localProfile();
} catch (Exception $e) {
- common_log(LOG_ERR, 'Could not get a profile or check authorship ('.get_class($e).': "'.$e->getMessage().'")');
+ common_log(LOG_ERR, 'Could not get a profile or check authorship ('.get_class($e).': "'.$e->getMessage().'") for activity ID: '.$activity->id);
$profile = null;
return false;
}