Brion Vibber [Tue, 1 Jun 2010 18:41:17 +0000 (18:41 +0000)]
Mapstraction plugin fix: set icon dimensions (24x24 px); Google Maps provider otherwise defaults to stretching them to a funny shape instead of showing square avatars.
Brion Vibber [Fri, 28 May 2010 23:52:17 +0000 (16:52 -0700)]
OpenID: add option to enable asking for a username to append to the trusted provider's base URL. Good for hooking up with sites like WikiHow, where usernames are appended to a base URL to get a profile URL which is used as the provider.
$config['openid']['append_username'] = true;
or check 'Append a username to base URL' in OpenID admin panel.
Brion Vibber [Fri, 28 May 2010 23:03:09 +0000 (16:03 -0700)]
Ticket 2329 followup: my clever 'let it use the default' was foiled by PHP gettext module not quite exposing a compatible interface as the backend gettext library. (Most funcs squash null domain parameter into '' empty string, which isn't interpreted as 'use the current default'.)
Zach Copley [Wed, 26 May 2010 20:31:36 +0000 (20:31 +0000)]
Remove settting/getting a 'verb' for Facebook stream entries / status
updates. Facebook has disabled the ability to store user preferences
via their old REST API, causing our application to break. Also, verbs
in status updates seem to be deprecated, and stream posts don't seem
to have a verb.
Brion Vibber [Thu, 20 May 2010 19:21:29 +0000 (12:21 -0700)]
WikiHowProfile plugin; pulls avatar from WikiHow profile pages when registering or adding account with OpenID. (Full name, location, homepage, and bio are also on the profile page but not marked up in a way they can be easily retrieved yet.)
OpenID plugin: Added events at OpenID account creation and update time to allow additional customizations for particular sites.
Brion Vibber [Tue, 25 May 2010 20:09:21 +0000 (13:09 -0700)]
Hotpatch for infinite redirection-following loop seen processing URLs to http://clojure.org/ -- if we end up with an unstable redirect target (final item in a redirect chain ends up redirecting us somewhere else when we visit it again), just save the last version we saw instead of trying to start over.
Pretty much everything in File and File_redirection initial processing needs to be rewritten to be non-awful; this code is very hard to follow and very easy to make huge bugs. A fair amount of the complication is probably obsoleted by the redirection following being built into HTTPClient now.
Brion Vibber [Tue, 25 May 2010 18:36:42 +0000 (11:36 -0700)]
Backing out locale switch change to see if this affects our mystery memory leak.
Revert "Locale switch cleanup: use common_switch_locale() which is safer for updating gettext state. Also moved a few calls to reduce chance of hitting an exception before switching back."
Zach Copley [Mon, 24 May 2010 21:25:21 +0000 (21:25 +0000)]
Upgrade Facebook posting:
- Use FQL to check for publish stream permission instead of old REST API
- Better error handling, especially for error code 100
- More logging / better log messages
Brion Vibber [Mon, 24 May 2010 14:47:15 +0000 (07:47 -0700)]
Handle funky notice deletion cases more gracefully: if we already have a deleted_notice entry, don't freak out when we try to save it again on the second try.
Brion Vibber [Sun, 23 May 2010 00:43:56 +0000 (17:43 -0700)]
Hotpatch for Facebook mirror problems: drop messages when hitting rate limit (err 341) instead of retrying forever. On unknown errors, now throwing an exception so it'll hit the message retry limits.
Brion Vibber [Fri, 21 May 2010 21:07:59 +0000 (14:07 -0700)]
Add $config['queue']['stomp_enqueue_to'] override for which queue server to send to.
Must be set to a value that matches one of the entries in $config['queue']['stomp_server'] array, otherwise ignored.
Brion Vibber [Fri, 21 May 2010 17:12:39 +0000 (10:12 -0700)]
Disable SSL peer/hostname verification for HTTPClient unless we've configured a trusted CA bundle like this: $config['http']['ssl_cafile'] = '/usr/lib/ssl/certs/ca-certificates.crt';
The previous state was failing on all HTTPS hits due to HTTP_Request2 library turning on the validation check but not specifying a CA file.
Brion Vibber [Thu, 20 May 2010 19:46:36 +0000 (12:46 -0700)]
Added block link to subscription notification emails; block action can now take a profile ID on the URL; added profile details to block page so there's an indication of who you're blocking before you pull the trigger.
Fixed typo in RedirectingAction when no return-to data provided in form submission.
RedirectingAction::returnToArgs() has been renamed to returnToPrevious() to avoid conflict with Action::returnToArgs() which returns arguments to be passed to other actions as return-to arguments. All callers should now be updated.
More profile settings actions will now redirect through a login form if visited as a GET request, as would be expected from a bookmark, link sent in e-mail etc.
Brion Vibber [Wed, 19 May 2010 23:19:06 +0000 (16:19 -0700)]
Quick fix for creating OpenID accounts authenticating against a MediaWiki site; trim the 'User:' etc from the final path segment before generating a nickname from it. Avoids ending up with nicks like 'userbrion' on your first OpenID login!
Brion Vibber [Wed, 19 May 2010 22:12:39 +0000 (15:12 -0700)]
Add config option for RequireValidatedEmail plugin to skip the check for folks with a trusted OpenID association.
Also added an event that other plugins or local config can use to override the checks.
Brion Vibber [Wed, 19 May 2010 17:10:55 +0000 (10:10 -0700)]
Locale switch cleanup: use common_switch_locale() which is safer for updating gettext state. Also moved a few calls to reduce chance of hitting an exception before switching back.
Should help with problems where xmppdaemon would get stuck in wrong locale.
Brion Vibber [Tue, 18 May 2010 21:52:17 +0000 (21:52 +0000)]
Redirect non-SSL hits to login & register actions to SSL if 'always' or 'sometimes' SSL modes are kicked in.
The forms would already submit to SSL, but people are happier if they start on a secure page!
Note: this really should be done for sensitive/all URLs in index.php, but it seems a bit awkward to reconstruct the SSL version of the link atm. Cleanup todo!
Brion Vibber [Tue, 18 May 2010 17:39:56 +0000 (10:39 -0700)]
OpenID access control options: trusted provider URL, Launchpad team restrictions. Added an admin panel for setting these and OpenID-only mode, off by default.
To enable the admin panel:
$config['admin']['panels'][] = 'openid';
Or to set them manually:
$config['openid']['trusted_provider'] = 'https://login.ubuntu.net/';
$config['openid']['required_team'] = 'my-project-cabal';
$config['site']['openidonly'] = true;
OpenID-only mode can still be set from addPlugin() parameters as well for backwards compatibility.
Note: if it's set there, that value will override the setting from the database or config.php.
Note that team restrictions are only really meaningful if a trusted provider is set; otherwise,
any OpenID server could report back that users are members of the given team.
Restrictions are checked only at OpenID authentication time and will not kick off people currently
with a session open; existing remembered logins may also survive these changes.
Using code for Launchpad team support provided by Canonical under AGPLv3, pulled from r27 of
WordPress teams integration plugin:
https://code.edge.launchpad.net/~canonical-isd-hackers/wordpress-teams-integration/trunk
Brion Vibber [Wed, 5 May 2010 18:28:05 +0000 (11:28 -0700)]
Quick fix for DirectionDetector: only apply <span class="rtl"> once; if it's already there in an incoming message (eg via OStatus), don't reapply it.
Modified from patch from Everplays
Brion Vibber [Wed, 5 May 2010 01:43:32 +0000 (18:43 -0700)]
Handle timeout more gracefully in background pings
Added a 2-second default timeout for XMLRPC/extended pings, configurable as [ping,timeout].
No longer repeating the entire ping section if we had an HTTP error during a submission.
For now, dropping the bad item and continuing on with others. (Todo: individual retry and cleaner discards of blacklisted broken-for-now sites.)
Brion Vibber [Wed, 5 May 2010 00:11:43 +0000 (17:11 -0700)]
Avoid spewing giant debug backtrace into exception in certain OStatus subscription failure cases.
The code pattern 'new XXXException($e)' to chain exceptions doesn't actually work as intended, as exceptions are actually expecting a string message here.
This caused an implicit string conversion from HTTP_Request2_Exception, which is a PEAR_Exception, which defines an absurdly detailed __toString() method including a giant HTML table with a backtrace if you happen to be on a web request.
Simply passing $e->getMessage() instead clears this up, as we'll get the nice short message like 'Couldn't connect to tcp://blahblah:80'
Fix charset setting for plugin localizations; default setting was blanking out non-ASCII chars. Needed for eg Bulgarian translation of Facebook plugin, was previously showing all as ???s. Now works yay!
Test cases and fixes for Atom and RSS content decoding.
Fix extraction of Atom <content type="text"> and <content type="html">; we were failing to escape plaintext source data to HTML, and doing an extraneous double-deescape on HTML source resulting in breakage of notices containing text that looks like HTML. Only <content type="xhtml"> was working correctly previously.
Fixes for RSS2 content processing: we were failing to load <content:encoded> at all due to using wrong element name, and were applying an extraneous de-escape for <description> rather than the escaping that is required to turn plaintext into HTML. (Per spec, <description> must be plaintext.)