]>
git.mxchange.org Git - quix0rs-gnu-social.git/log
Mikael Nordfeldth [Tue, 17 Feb 2015 23:14:28 +0000 (00:14 +0100)]
use common_purify to purify HTML, one function to rule them all
Mikael Nordfeldth [Tue, 17 Feb 2015 23:10:31 +0000 (00:10 +0100)]
Implement a common_purify for htmLawed and more
We're removing unicode formatting characters as well, such as RTL marks.
For more info on why we're because extra cautious (but may accept the
characters in later versions) you can read:
https://blog.malwarebytes.org/online-security/2014/01/the-rtlo-method/
Mikael Nordfeldth [Tue, 17 Feb 2015 20:31:35 +0000 (21:31 +0100)]
forgot primary key column to updateWithKeys in SalmonAction
Mikael Nordfeldth [Tue, 17 Feb 2015 19:54:32 +0000 (20:54 +0100)]
Don't linkify bare domains by default
It's too farfetched to assume any text.com in a notice is an HTTP URL.
For example stuff like pasting from log entries, with domain.com:1234
where 1234 is a _PID_ or something, not a port number for http://...
Mikael Nordfeldth [Tue, 17 Feb 2015 19:11:35 +0000 (20:11 +0100)]
PHP>=5.4.0 lets us use Transliterator, tags now asciified!
For example: #REVOLUCIÓN becomes #revolucion instead of #revolución
Mikael Nordfeldth [Tue, 17 Feb 2015 16:35:45 +0000 (17:35 +0100)]
SalmonAction now updates remote URI if it was stale.
After doublechecking two identities so that they match (like one that was
previously http:// but now is https://) we update the URI in our database
to match.
This has to be verified so it's not easy to fool our script and thus make
us replace legitimate URIs with fake ones. I believe the callback method
is safe, but I'm not sure how well it handles HTTP MITM attacks etc.
Mikael Nordfeldth [Tue, 17 Feb 2015 16:17:32 +0000 (17:17 +0100)]
Various $this->scoped fixes and protected prepare/handle in API actions
Mikael Nordfeldth [Tue, 17 Feb 2015 16:16:33 +0000 (17:16 +0100)]
Replace $this->user/auth_user with $this->scoped in lib/apiaction.php
We prefer handling a Profile class rather than the User class, as some
functions might be useful for remote users as well, which cannot be
handled via the User class.
Mikael Nordfeldth [Tue, 17 Feb 2015 16:15:47 +0000 (17:15 +0100)]
Subscription class gets exception throwing getSubscription function
Mikael Nordfeldth [Tue, 17 Feb 2015 15:45:26 +0000 (16:45 +0100)]
Non-functional "retweeted to me" API call modified (but not fixed)
For some reason the "retweeted to me" part of the Twitter API was removed
when Evan made some inbox changes back in the StatusNet days. We might
recover this functionality, but not yet. The proper function calls are
however fixed in this commit.
Mikael Nordfeldth [Tue, 17 Feb 2015 15:39:27 +0000 (16:39 +0100)]
apiauth action with ->user changed to ->scoped
Mikael Nordfeldth [Tue, 17 Feb 2015 00:26:18 +0000 (01:26 +0100)]
CSS: notice images no wider than 100%
We should actually not allow remote images to be given in the src attribute
because they can be used for tracking and other nasty stuff without being
seen by the enduser.
Also, allowing remote images linked like this won't work for users who run
plugins like RequestPolicy etc. anyway. A better method would be to make
them listed as attachments instead. Then we can use that subsystem for
making thumbnails to store locally, hotlinking sources and whatnot.
Mikael Nordfeldth [Sun, 15 Feb 2015 22:06:22 +0000 (23:06 +0100)]
Merge commit 'refs/merge-requests/47' of https://gitorious.org/social/mainline into merge-requests/47
Mikael Nordfeldth [Sun, 15 Feb 2015 21:54:48 +0000 (22:54 +0100)]
Merge commit 'refs/merge-requests/48' of https://gitorious.org/social/mainline into merge-requests/48
Marcus Moeller [Sun, 15 Feb 2015 13:17:00 +0000 (14:17 +0100)]
removed text beside lock icon and fixed alignment
Chimo [Sun, 15 Feb 2015 21:11:23 +0000 (16:11 -0500)]
JS: Fixes jQueryUI autocomplete 'undefined' errors
data("autocomplete") was renamed to data("ui-autocomplete") starting
from v1.9:
http://jqueryui.com/upgrade-guide/1.9/#changed-naming-convention-for-data-keys
Chimo [Sun, 15 Feb 2015 21:00:23 +0000 (16:00 -0500)]
ApiTimelineList: Fixes ServerErrorAction
"No matches for action 'ApiTimelineList' with arguments 'format=atom
id=1'"
for 'api/:user/lists/:id/statuses.:format' URLs
Mikael Nordfeldth [Sun, 15 Feb 2015 12:33:36 +0000 (13:33 +0100)]
Don't default to publishing http: alias!
It seems to have caused a problem with at least an older codebase of
remote GNU social sites, but either way we shouldn't present the user
as aliased on an insecure connection if there is no real reason to.
Mikael Nordfeldth [Sun, 15 Feb 2015 12:17:04 +0000 (13:17 +0100)]
Present http:// alias by default in WebFinger output
because it might help us (and especially StatusNet sites) to recognize
profiles that have migrated from HTTP to HTTPS!
Mikael Nordfeldth [Sat, 14 Feb 2015 16:37:35 +0000 (17:37 +0100)]
Wrong order of start/end events. My hobby OCD was disturbed.
Mikael Nordfeldth [Sat, 14 Feb 2015 16:35:34 +0000 (17:35 +0100)]
Fixed some recently added EVENTS documentation
Mikael Nordfeldth [Sat, 14 Feb 2015 16:32:35 +0000 (17:32 +0100)]
StartSubMenu and EndSubMenu events
Mikael Nordfeldth [Sat, 14 Feb 2015 15:45:04 +0000 (16:45 +0100)]
Merge commit 'refs/merge-requests/45' of https://gitorious.org/social/mainline into merge-requests/45
Mikael Nordfeldth [Sat, 14 Feb 2015 15:42:25 +0000 (16:42 +0100)]
neo-quitter unuglification by marcus, merge-request 44
Marcus Moeller [Fri, 13 Feb 2015 22:09:34 +0000 (23:09 +0100)]
fixed alignment of textarea
fixed event view
Marcus Moeller [Fri, 13 Feb 2015 17:09:43 +0000 (18:09 +0100)]
just make sure that input box and input box label are the same color
Marcus Moeller [Fri, 13 Feb 2015 17:00:57 +0000 (18:00 +0100)]
use Genericons and fontawesome instead of images
buttle [Fri, 13 Feb 2015 15:38:22 +0000 (16:38 +0100)]
Call HomeStubNav instead of duplicating code
adminpanelnav.php adds a homeStub but does not use the code created for the job.
buttle [Fri, 13 Feb 2015 15:26:41 +0000 (16:26 +0100)]
Removing home stub if empty
Added an Event HomeStubNavItems
menu->subMenu() returns false if empty
Mikael Nordfeldth [Fri, 13 Feb 2015 11:10:25 +0000 (12:10 +0100)]
CSS to align the notice footer (thanks fnadde42)
Mikael Nordfeldth [Fri, 13 Feb 2015 11:08:54 +0000 (12:08 +0100)]
Updated README.md and framework.php
Mikael Nordfeldth [Fri, 13 Feb 2015 10:55:37 +0000 (11:55 +0100)]
Deja vu of user->getProfile() from
4f9b70d
Mikael Nordfeldth [Fri, 13 Feb 2015 10:54:15 +0000 (11:54 +0100)]
DirectMessages backed up properly for UAS
Mikael Nordfeldth [Fri, 13 Feb 2015 10:52:29 +0000 (11:52 +0100)]
Faves backed up properly to UAS
Mikael Nordfeldth [Fri, 13 Feb 2015 10:41:21 +0000 (11:41 +0100)]
Profile expected in Notice::asActivity from UAS
Mikael Nordfeldth [Fri, 13 Feb 2015 10:39:50 +0000 (11:39 +0100)]
UAS protected property user solved with getUser()
Mikael Nordfeldth [Fri, 13 Feb 2015 00:19:59 +0000 (01:19 +0100)]
EndSetApiUser will always contain a User
Marcus Moeller [Thu, 12 Feb 2015 22:07:49 +0000 (23:07 +0100)]
moved profile/group patch from core to profile_list
Marcus Moeller [Thu, 12 Feb 2015 21:55:01 +0000 (22:55 +0100)]
updated neo-quitter favicon to match the theme style
Mikael Nordfeldth [Thu, 12 Feb 2015 21:45:08 +0000 (22:45 +0100)]
extlib Michelf\Markdown updated 1.4.0 to 1.4.1
Mikael Nordfeldth [Thu, 12 Feb 2015 21:17:02 +0000 (22:17 +0100)]
DB_DataObject updated to 1.11.3
Mikael Nordfeldth [Thu, 12 Feb 2015 21:00:50 +0000 (22:00 +0100)]
DB updated to 1.8.2
Marcus Moeller [Thu, 12 Feb 2015 21:26:34 +0000 (22:26 +0100)]
lock icon style fixed to match quitter style
Mikael Nordfeldth [Thu, 12 Feb 2015 20:50:21 +0000 (21:50 +0100)]
htmLawed extlib updated from 1.1.16 to 1.1.19
Mikael Nordfeldth [Thu, 12 Feb 2015 16:45:02 +0000 (17:45 +0100)]
schemaDef coding style fixes
Mikael Nordfeldth [Thu, 12 Feb 2015 16:44:05 +0000 (17:44 +0100)]
Missing uri property of QnA_Answer class
Mikael Nordfeldth [Thu, 12 Feb 2015 10:08:08 +0000 (11:08 +0100)]
Added note on socialfying for HTTPS sites.
Mikael Nordfeldth [Thu, 12 Feb 2015 10:03:39 +0000 (11:03 +0100)]
Merge commit 'refs/merge-requests/43' of https://gitorious.org/social/mainline into merge-requests/43
Mikael Nordfeldth [Thu, 12 Feb 2015 09:41:43 +0000 (10:41 +0100)]
Clarify in INSTALL that MySQL must be 5.5+
lib/installer.php already said that when installing.
Marcus Moeller [Wed, 11 Feb 2015 08:58:28 +0000 (09:58 +0100)]
fixed neo-quitter web view
Adam Moore [Wed, 11 Feb 2015 00:49:44 +0000 (16:49 -0800)]
Deleting redundant file.
Adam Moore [Wed, 11 Feb 2015 00:36:32 +0000 (16:36 -0800)]
Webfinger instructions were incomplete/erroneous -- now they are not.
buttle [Tue, 10 Feb 2015 18:20:01 +0000 (19:20 +0100)]
Added EVENT to homestubnav
Changed menu->submenu(). if (! $menu->getItems()) then do nothing
Mikael Nordfeldth [Tue, 10 Feb 2015 17:41:18 +0000 (18:41 +0100)]
Merge commit 'refs/merge-requests/41' of https://gitorious.org/social/mainline into merge-requests/41
Chimo [Tue, 10 Feb 2015 15:53:24 +0000 (10:53 -0500)]
Add 'statusnet_textarea' backward-compatibility
Mikael Nordfeldth [Mon, 9 Feb 2015 23:30:20 +0000 (00:30 +0100)]
Merge commit 'refs/merge-requests/40' of https://gitorious.org/social/mainline into merge-requests/40
Chimo [Mon, 9 Feb 2015 23:08:46 +0000 (18:08 -0500)]
Replace one instance of LOG_ERR with LOG_DEBUG
Chimo [Mon, 9 Feb 2015 23:06:26 +0000 (18:06 -0500)]
Prepopulate newnotice from URL arg
Mikael Nordfeldth [Mon, 9 Feb 2015 20:44:01 +0000 (21:44 +0100)]
GNU social SVG logo added to neo-gnu
Mikael Nordfeldth [Mon, 9 Feb 2015 19:25:24 +0000 (20:25 +0100)]
neo-quitter unuglifying (thanks @marcus@gnusocial.ch )
also formatting changes to the CSS like removing trailing whitespace.
Mikael Nordfeldth [Mon, 9 Feb 2015 10:35:19 +0000 (11:35 +0100)]
Merge commit 'refs/merge-requests/39' of https://gitorious.org/social/mainline into merge-requests/39
Chimo [Mon, 9 Feb 2015 01:11:50 +0000 (20:11 -0500)]
TwitterBridge: don't array_merge() non-arrays
Fixes: ErrorException: [2] array_merge(): Argument #2 is not an array
Chimo [Mon, 9 Feb 2015 01:07:23 +0000 (20:07 -0500)]
Make TwitterBridge less noisy
Empty timelines are no longer warnings, but debug information
Mikael Nordfeldth [Sun, 8 Feb 2015 22:48:35 +0000 (23:48 +0100)]
Can now delete lists/peopletags (thanks MrB)
Reported on https://bugz.foocorp.net/T79
Fix by MrB: https://gist.github.com/mrvdb/
0f5d84c9b56c0a390c4a
Mikael Nordfeldth [Sun, 8 Feb 2015 22:21:28 +0000 (23:21 +0100)]
Merge commit 'refs/merge-requests/37' of https://gitorious.org/social/mainline into merge-requests/37
Mikael Nordfeldth [Sun, 8 Feb 2015 22:19:53 +0000 (23:19 +0100)]
Merge commit 'refs/merge-requests/30' of https://gitorious.org/social/mainline into merge-requests/30
Mikael Nordfeldth [Sun, 8 Feb 2015 22:18:36 +0000 (23:18 +0100)]
Merge commit 'refs/merge-requests/31' of https://gitorious.org/social/mainline into merge-requests/31
Mikael Nordfeldth [Sun, 8 Feb 2015 22:11:47 +0000 (23:11 +0100)]
Merge commit 'refs/merge-requests/36' of https://gitorious.org/social/mainline into merge-requests/36
Chimo [Sun, 8 Feb 2015 19:47:03 +0000 (14:47 -0500)]
Populate 'created' property on attention
The 'created' column in attention SQL table has NOT NULL
restriction.
Chimo [Sun, 8 Feb 2015 18:41:29 +0000 (13:41 -0500)]
Populate 'created' property on ostatus_source
The 'created' column in ostatus_source SQL table has NOT NULL restriction.
INSERTs fail when running MySQL/MariaDB in strict mode if this is not
populated.
Mikael Nordfeldth [Sun, 8 Feb 2015 14:33:00 +0000 (15:33 +0100)]
added non-critical FIXMEs
Mikael Nordfeldth [Sun, 8 Feb 2015 14:17:50 +0000 (15:17 +0100)]
updateWithKeys did not always COMMIT transactions
Mikael Nordfeldth [Sun, 8 Feb 2015 10:53:47 +0000 (11:53 +0100)]
Older versions of PHP couldn't do array indexes on function returns.
Mikael Nordfeldth [Sun, 8 Feb 2015 10:47:15 +0000 (11:47 +0100)]
General code quality improvement for easier understanding
Also made sure we only match local group IDs in recognizedFeed for PushhubAction
Mikael Nordfeldth [Sun, 8 Feb 2015 10:23:04 +0000 (11:23 +0100)]
Merge commit 'refs/merge-requests/33' of https://gitorious.org/social/mainline into merge-requests/33
Mikael Nordfeldth [Sun, 8 Feb 2015 10:21:36 +0000 (11:21 +0100)]
Merge commit 'refs/merge-requests/34' of https://gitorious.org/social/mainline into merge-requests/34
Mikael Nordfeldth [Sun, 8 Feb 2015 10:20:53 +0000 (11:20 +0100)]
Merge commit 'refs/merge-requests/35' of https://gitorious.org/social/mainline into merge-requests/35
Mikael Nordfeldth [Sun, 8 Feb 2015 10:09:19 +0000 (11:09 +0100)]
ROLLBACK which may or may not be useful
There were problems with queries that were executed but didn't seem to
be committed. Trying to patch that up by calling a ROLLBACK on transactions
where the loading of the page isn't stopped after the BEGIN statement's
intended function fails (like with the rememberme cookie in this commit).
Chimo [Sat, 7 Feb 2015 16:16:14 +0000 (11:16 -0500)]
Document "process_links" option for attachments
Chimo [Sat, 7 Feb 2015 16:08:03 +0000 (11:08 -0500)]
Remove NOT NULL restriction on FeedSub last_update
Fixes an issue where INSERTs fail if MySQL/MariaDB runs in "strict
mode".
Chimo [Sat, 7 Feb 2015 15:46:13 +0000 (10:46 -0500)]
Remove NOT NULL restriction on HubSub 'lease'
This fixes an issue where INSERTs in HubSub fail if MySQL/MariaDB is
running in "strict mode" since the default lease time in
PushHubAction::subunsub is null.
Permanent subscriptions have been removed in PuSH v0.4, but they are
being kept here for backward-compatibility with previous GS/SN versions.
Mikael Nordfeldth [Fri, 6 Feb 2015 11:51:04 +0000 (12:51 +0100)]
Network public feed name fixed (prev. not "Network")
Mikael Nordfeldth [Thu, 5 Feb 2015 11:13:01 +0000 (12:13 +0100)]
True isn't true in Javascript.
Apparently True isn't true in javascript. They fiddle around like crazy with
loose typing (causing all kinds of problems) but vars are case sensitive?!
Mikael Nordfeldth [Thu, 5 Feb 2015 11:05:39 +0000 (12:05 +0100)]
cacheKey change for Status_network class
From statusnet to gnusocial.
Mikael Nordfeldth [Thu, 5 Feb 2015 11:05:10 +0000 (12:05 +0100)]
Only Firefox has predefined js function args (thanks MrB)
Mikael Nordfeldth [Thu, 5 Feb 2015 10:49:06 +0000 (11:49 +0100)]
Memcache is a plugin, also now not explicitly mentioned in CONFIGURE
Mikael Nordfeldth [Thu, 5 Feb 2015 10:44:36 +0000 (11:44 +0100)]
Replace memcache with opcache in INSTALL instructions.
Mikael Nordfeldth [Wed, 4 Feb 2015 21:44:38 +0000 (22:44 +0100)]
But let's hide external permalink if already linked through 'source'
Mikael Nordfeldth [Wed, 4 Feb 2015 21:32:57 +0000 (22:32 +0100)]
No reason to hide external notice permalinks
Mikael Nordfeldth [Wed, 4 Feb 2015 20:25:14 +0000 (21:25 +0100)]
By default, don't allow nick changes for profiles
This goes for both users and groups, since they share nickname namespace.
If you want to enable nickname changes, just add this to your config:
$config['profile']['changenick'] = true;
This commit should cover all changes in our usual web forms as well as through
the API.
Mikael Nordfeldth [Wed, 4 Feb 2015 19:52:10 +0000 (20:52 +0100)]
HTMLOutputter input element can take arbitrary attributes now
Mikael Nordfeldth [Wed, 4 Feb 2015 16:30:50 +0000 (17:30 +0100)]
Variable name updates in apigroupleave.php
Mikael Nordfeldth [Wed, 4 Feb 2015 15:48:12 +0000 (16:48 +0100)]
Allow delete-inactive for gcfeeds
Garbage collecting should also allow to clean up leftover database entries.
Mikael Nordfeldth [Wed, 4 Feb 2015 15:47:43 +0000 (16:47 +0100)]
A single user instance also has the same URLs as multiuser instances
Mikael Nordfeldth [Tue, 3 Feb 2015 21:33:01 +0000 (22:33 +0100)]
showstream for singleuser instance too
singleuser instances shouldn't be too special and have too many
alternative methods of doing stuff.
Mikael Nordfeldth [Tue, 3 Feb 2015 21:04:29 +0000 (22:04 +0100)]
User class also needs getConfigPref
Mikael Nordfeldth [Tue, 3 Feb 2015 20:58:58 +0000 (21:58 +0100)]
FavoritePlugin uses getConfigPref for profile setting
Mikael Nordfeldth [Tue, 3 Feb 2015 20:58:17 +0000 (21:58 +0100)]
getConfigPref for globally configurable fallbacks
Mikael Nordfeldth [Tue, 3 Feb 2015 20:27:25 +0000 (21:27 +0100)]
Avoid CLI printing some PEAR::DB deprecated stuff
We should get rid of PEAR::DB and reenable these logs. Upstream
doesn't seem to update.
Mikael Nordfeldth [Tue, 3 Feb 2015 20:21:12 +0000 (21:21 +0100)]
Inform API users if notice was deleted.